Cover -- Title Page -- Copyright -- Contents -- Foreword by Steve Fowler -- Foreword by Mrutyunjay Mahapatra -- Acknowledgements -- 01 Introduction -- Outline -- Business is about taking risk -- The difference between taking managed and unmanaged risks -- Benefits of well-managed enterprise risk management -- The myths about risk -- Capacity to take risk -- Questions for senior management and the board to ask -- Notes -- 02 About enterprise risk management -- Outline -- Risk management -- Implementing the programme for ERM -- ERM - the process -- Essential attributes of ERM for delivering value and capacity -- Top level leadership in ERM -- Identifying risk: types of risk, risk lists and taxonomies -- Evaluating and prioritizing risk -- Governance, risk and compliance -- Questions for senior management and the board to ask -- Notes -- 03 Risk as an opportunity/threat to objectives and value drivers -- Outline -- Risk - opportunities and threats -- Risk as uncertainty -- Threat and opportunity management -- Dealing with threat -- Dealing with opportunity -- Differentiating between objectives, strategic goals and value drivers -- Questions for senior management and the board to ask -- Notes -- 04 Implementing an ERM programme -- Outline -- Establish the foundation - the operating model for ERM -- Documentation for ERM -- Language, oversight and governance -- Building capabilities: assess and develop responses and capabilities -- Improving capabilities: monitoring and communication -- Questions for senior management and the board to ask -- 05 Risk attitude, risk propensity and risk appetite -- Outline -- Risk aversion versus risk hungry -- Applications of a risk appetite tool -- Risk capacity versus tolerance -- Developing risk appetite frameworks -- The risk of not taking a risk -- Risk appetite and value drivers.

Organization behind the setting of risk appetite -- Examples of risk appetite statements -- Questions for senior management and the board to ask -- Notes -- 06 ERM culture, blame, boundaries and elephants in the room -- Outline -- ERM cultures and the blame culture -- Using risk appetite as a tool to destroy the blame culture -- Managing risk -- The link between managed risk taking, mice, Maslow and Herzberg -- The elephant in the room and conduct risk -- In the public interest -- Questions for senior management and the board to ask -- Notes -- 07 Embedding and integrating ERM -- Outline -- What does embedding mean? -- Main aspects of embedding ERM -- A 16-step plan for embedding ERM -- The three lines of play -- Questions for senior management and the board to ask -- Notes -- 08 Maturity in enterprise risk management -- Outline -- How risk maturity enables managed risk taking -- Action plan for measuring and tracking performance -- Questions for senior management and the board to ask -- Notes -- 09 Resilience and sustainable habits -- Outline -- Business continuity management -- The role of senior management -- Corporate social responsibility -- Questions for senior management and the board to ask -- Notes -- 10 Learning and communication -- Outline -- The learning habit -- ERM information systems -- External communication -- Questions for senior management and the board to ask -- Notes -- 11 Conformance, performance, roles, responsibilities and regulations -- Outline -- Managing conformance versus performance -- The role of boards in ERM -- Governance for ERM -- The role of internal and external audit in ERM -- Compliance requirements for risk management: various countries and industries -- Questions for senior management and the board to ask -- Notes -- 12 Deliverables from quantitative ERM approaches -- Outline -- Measuring and valuing.

Models for valuing risk and capital -- Own risk and solvency assessments - a useful model -- Stress testing and reverse stress testing -- Risks that cannot be valued -- Questions for senior management and the board to ask -- Notes -- 13 Simple, elegant ERM tools for senior management -- Outline -- The triangle of risk - trigger, environment, strength or weakness -- Using cause and consequence analysis to transform risk approach -- Macro and micro risk management -- Questions for senior management and the board to ask -- Note -- 14 ERM and performance management synergies -- Outline -- Risk management alignment within the organization -- Performance management -- Performance management methods -- Questions for senior management and the board to ask -- Notes -- 15 The key strategic questions for senior management and boards to ask themselves -- Outline -- Recognizing the risks of versus the risks to the strategic plan -- The key strategic questions -- Summary -- Note -- Section A: Leadership -- Section B: Effectiveness -- Section C: Accountability -- Section D: Remuneration -- Section E: Relations with shareholders -- Control environment -- Risk assessment -- Control activities -- Information and communication -- Monitoring activities -- 1. Duties -- 2. Membership -- 3. Quorum -- 4. Frequency of meetings -- 5. Notice of meetings -- 6. Minutes of meetings -- 7. Annual General Meeting -- 8. Reporting responsibilities -- 9. Other matters -- 10. Authority -- Enterprise risk management roles and accountabilities -- Appendix 1. Examples of corporate governance and ERM regulations -- Appendix 2. The main principles of the UK Code of Governance, October 2012 -- Appendix 3. Summary COSO guidance -- Appendix 4. Case study: Applying a more granular mathematical model to a risk for a non-financial organization.

Appendix 5. Capital and risk considerations for US insurers, from NAIC ORSA Guidance -- Appendix 6. Sample terms of reference for a board risk committee -- Appendix 7. Example of roles of CRO and ERM team -- Further Reading -- Index.