Contents -- List of Figures -- List of Tables -- Preface -- Acknowledgements -- Introduction -- Part One Introduction to risk management -- Learning outcomes for part one -- Part one further reading -- 01 Approaches to defining risk -- Definitions of risk -- Types of risks -- Risk description -- Inherent level of risk -- Risk classification systems -- Risk likelihood and magnitude -- 02 Impact of risk on organizations -- Level of risk -- Impact of hazard risks -- Attachment of risks -- Risk and reward -- Risk and uncertainty -- Attitudes to risk -- 03 Types of risks -- Timescale of risk impact -- Hazard, control and opportunity risks -- Hazard tolerance -- Mitigation of hazard risks -- Management of uncertainties -- Embracing opportunities -- 04 Development of risk management -- Origins of risk management -- Insurance and risk management -- Specialist areas of risk management -- Enterprise risk management -- Levels of risk management sophistication -- Bow-tie representation of risk management -- 05 Principles and aims of risk management -- Principles of risk management -- Importance of risk management -- Risk management activities -- Effective and efficient core processes -- Implementing risk management -- Achieving benefits -- 06 Risk management standards -- Scope of risk management standards -- Risk management process -- Risk management framework -- COSO ERM cube -- Features of RM standards -- Alternative approaches -- Case studies -- ABIL: Risk management overview -- Rolls-Royce: Risk process -- Part Two Risk strategy -- Learning outcomes for part two -- Part two further reading -- 07 Risk management framework -- Architecture, strategy and protocols -- Risk management manual -- Risk architecture -- Risk management strategy -- Risk management protocols -- Establishing the context -- 08 Risk management documentation -- Risk management records.

Risk response and improvement plans -- Event reports and recommendations -- Risk performance and certification reports -- Designing a risk register -- Using a risk register -- 09 Risk management responsibilities -- Allocation of responsibilities -- Range of responsibilities -- Statutory responsibilities of management -- Role of the risk manager -- Risk architecture -- Risk committees -- 10 Risk-aware culture -- Styles of risk management -- Defining risk culture -- Measuring risk culture -- Risk culture and risk strategy -- Alignment of activities -- Risk maturity models -- 11 Risk training and communication -- Consistent response to risk -- Risk training and risk culture -- Risk information and communication -- Shared risk vocabulary -- Risk information on an intranet -- Risk management information systems (RMIS) -- 12 Risk practitioner competencies -- Competency frameworks -- Range of skills -- Communication skills -- Relationship skills -- Analytical skills -- Management skills -- Case studies -- Rank Group: Accountability for risk management -- Australian Mines Limited: Risk Assessment and Management -- Part Three Risk assessment -- Learning outcomes for part three -- Part three further reading -- 13 Risk assessment considerations -- Importance of risk assessment -- Approaches to risk assessment -- Risk assessment techniques -- Nature of the risk matrix -- Risk perception -- Attitude to risk -- 14 Risk classification systems -- Short, medium and long-term risks -- Nature of risk classification systems -- Examples of risk classification systems -- FIRM risk scorecard -- PESTLE risk classification system -- Hazard, control and opportunity risks -- 15 Risk likelihood and impact -- Application of a risk matrix -- Control confidence -- 4Ts of hazard risk response -- Risk significance -- Risk capacity -- 16 Loss control -- Risk likelihood.

Risk magnitude -- Hazard risks -- Loss prevention -- Damage limitation -- Cost containment -- 17 Defining the upside of risk -- Upside of risk -- Opportunity assessment -- Riskiness index -- Upside in strategy -- Upside in projects -- Upside in operations -- 18 Business continuity -- Business continuity management -- Business continuity standards -- Successful business continuity -- Business impact analysis (BIA) -- Business continuity and enterprise risk management -- Civil emergencies -- Case studies -- TSOGO SUN: Risk management process -- BG Group: Principal risks and uncertainties -- Part Four Risk response -- Learning outcomes for part four -- Part four further reading -- 19 Enterprise risk management -- Enterprise-wide approach -- Definitions of ERM -- ERM in practice -- ERM and business continuity -- ERM in energy and finance -- Future development of ERM -- 20 Importance of risk appetite -- Nature of risk appetite -- Risk appetite and the risk matrix -- Risk and uncertainty -- Risk exposure and risk capacity -- Risk appetite statements -- Risk appetite and lifestyle decisions -- 21 Tolerate, treat, transfer and terminate -- The 4Ts of hazard response -- Tolerate risk -- Treat risk -- Transfer risk -- Terminate risk -- Project and strategic risk response -- 22 Risk control techniques -- Hazard risk zones -- Types of controls -- Preventive controls -- Corrective controls -- Directive controls -- Detective controls -- 23 Control of selected hazard risks -- Cost of risk controls -- Control of financial risks -- Control of infrastructure risks -- Control of reputational risks -- Control of marketplace risks -- Learning from controls -- 24 Insurance and risk transfer -- Importance of insurance -- History of insurance -- Types of insurance cover -- Evaluation of insurance needs -- Purchase of insurance -- Captive insurance companies -- Case studies.

Nationwide: Risk strategy -- The Walt Disney Company: Disclosures about market risks -- Part Five Risk governance -- Learning outcomes for part five -- Part five further reading -- 25 Corporate governance model -- Corporate governance -- OECD principles of corporate governance -- LSE corporate governance framework -- Corporate governance for a bank -- Corporate governance for a government agency -- Evaluation of board performance -- 26 Stakeholder expectations -- Range of stakeholders -- Stakeholder dialogue -- Stakeholders and core processes -- Stakeholders and strategy -- Stakeholders and tactics -- Stakeholders and operations -- 27 Operational risk management -- Operational risk -- Definition of operational risk -- Basel II -- Measurement of operational risk -- Difficulties of measurement -- Developments in operational risk -- 28 Project risk management -- Introduction to project risk management -- Development of project risk management -- Uncertainty in projects -- Project lifecycle -- Opportunity in projects -- Project risk analysis and management -- 29 Supply chain management -- Importance of the supply chain -- Scope of the supply chain -- Strategic partnerships -- Joint ventures -- Outsourcing of operations -- Risk and contracts -- 30 Strategy, tactics and operations -- Dynamic business models -- Core business processes -- Strategy and tactics -- Effective and efficient operations -- Ensuring compliance -- Reporting performance -- Case studies -- BBC: System of internal control -- Tim Hortons: Sustainability and responsibility -- Part Six Risk assurance -- Learning outcomes for part six -- Part six further reading -- 31 Evaluation of the control environment -- Nature of internal control -- Purpose of internal control -- Control environment -- Features of the control environment -- CoCo framework of internal control -- Risk-aware culture.

32 Risk assurance techniques -- Audit committees -- Role of risk management -- Risk assurance -- Risk management outputs -- Control risk self-assessment -- Benefits of risk assurance -- 33 Activities of the internal audit function -- Scope of internal audit -- Financial assertions -- Role of internal audit -- Undertaking an internal audit -- Risk management and internal audit -- Management responsibilities -- 34 Reporting on risk management -- Risk documentation -- Sarbanes-Oxley Act of 2002 -- Risk reports by US companies -- Charities' risk reporting -- Public sector risk reporting -- Government report on national security -- 35 Reputation and the business model -- Components of the business model -- Risk management and the business model -- Reputation and corporate governance -- CSR and risk management -- Supply chain and ethical trading -- Importance of reputation -- 36 Developments in risk management -- Review of benefits of risk management -- Steps to successful risk management -- Changing face of risk management -- Managing emerging risks -- Increasing importance of resilience -- Future of risk management -- Case studies -- John Lewis: Governance report -- Colgate Palmolive: Damage to reputation -- Appendix A: Abbreviations and acronyms -- Appendix B: Glossary of terms -- Appendix C: Implementation guide -- Index.