Enterprise Risk Management: From Incentives to Controls

Praise for Enterprise Risk Management, Second Edition The concept that it takes a lifetime to build a company but that it takes moments to destroy it is a very valuable mantra for business leaders. The impact of the recent financial crisis brought that perspective into sharp and, for some, painful relief. Companies, however, need to innovate and grow and to take appropriate risks to do so. The joy of James Lams new book is that it recognizes the need forinnovation and growth but also acknowledges in a very practical waythe role of the ever–evolving risk framework around that growth. Thebook offers a credible and implementable nexus between growth andrisk control, and as such, will be a highly valued tool for boardsand management everywhere. Rodger A. Lawson, Chairman of the Board of Directors, E∗TRADE Financial, Member of the Board of Directors, UnitedHealth Group, Retired President, Fidelity Investments All too often, organizations focus on the process of riskmanagement at the expense of incorporating risk management principlesinto the governance, leadership, and management of their enterprises.James Lam is a long–time leader in risk management and hissubstantial experience has enabled him to produce a comprehensive andpractical guide for anyone committed to creating an organizationcapable of effectively evaluating risks versusreturns. Matthew R. Feldman, President and Chief Executive Officer, FederalHome Loan Bank of Chicago A key success factor in any ERM program is practical andeffective implementation. In order to provide sustainable, long–termenterprise value, risk management must be integrated into anorganizations governance model, business analytics, strategic andtactical decisions, and dashboard reporting. Based on his hands–onexperience, James Lam has very clearly outlined and articulated thebest practices and implementation requirements for ERM. I highlyrecommend this book to anyone who is engaged in ERM oversight andimplementation. Paymon Aliabadi, Executive Vice President and Chief Risk Officer, Exelon Corporation

Chapter 1: Introduction The Benefits of Risk Management Integration Adds Value Cautionary Tales Chapter 2: Lessons Learned Lesson #1: Know Your Business Lesson #2: Establish Checks and Balances Lesson #3: Set Limits and Boundaries Lesson #4: Keep Your Eye on the Cash Lesson #5: Use the Right Yardstick Lesson #6: Pay for the Performance You Want Lesson #7: Balance the Yin and the Yang Chapter 3: Concepts and Processes Risk Concepts Risk Processes Risk Awareness Risk Measurement Risk Assessments Risk Control Risk is a Bell Curve Chapter 4: What is ERM? ERM Definitions The Benefits of ERM Organizational Effectiveness Risk Reporting Business Performance The Chief Risk Officer Components of ERM Chapter 5: Corporate Governance Codes of Conduct Best Practices Linking Corporate Governance and ERM Chapter 6: Line Management The Relationship Between Line and Risk Functions Key Challenges Best Practices Chapter 7: Portfolio Management The Theory of Active Portfolio Management Benefits of Active Portfolio Management Practical Applications of Portfolio Management Chapter 8: Risk Transfer A Brief History of ART Advantages of ART Pitfalls of ART A Look to the Future Case Study: Honeywell Case Study: Barclays Chapter 9: Risk Analytics Risk Control Analytics Risk Optimization Analytics Market Risk Analytics Credit Risk Analytics Operational Risk Analytics GRC Systems Chapter 10: Data and Technology Early Systems Data Management Interface Building Middleware Distributed Architectures Key Factors for a Successful Implementation Chapter 11: Stakeholder Management Employees Customers Regulators Rating Agencies Shareholder Service Providers Business Partners Chapter 12: Credit Risk Management Key Credit Risk Concepts The Credit Risk Management Process Basel Requirements Best Practices in Credit Risk Management Case Study: Export Development Corporation (EDC) Chapter 13: Market Risk Management Types of Market Risk Market Risk Measurement Market Risk Management Best Practices in Market Risk Management Case Study: Market Risk Management at Chase Chapter 14: Operational Risk Management Operational Risk – Definition and Scope The Operational Risk Management Process Best Practice in Operational Risk Management Emerging IT Risks Case Study: Heller Financial Chapter 15: Business Applications Stage 1: Minimizing the Downside Stage II: Managing Uncertainty Stage III: Performance Optimization The Further Evolution of Risk Management Chapter 16: Financial Institutions Industry Trends Risk Management Requirements Systemic Risk A Look to the Future Case Study: CIBC Chapter 17: Energy Firms Industry Trends Risk Management Requirements A Look to the Future Lessons Learned from Enron Lessons Learned from the BP Oil Spill Chapter 18: Non–Financial Corporations Risk Management Requirements Best Practices in Corporate Risk Management Case Study: Microsoft Case Study: Ford Case Study: Airbus and Boeing Chapter 19: Predictions The Profession of Risk Management Technology and the Convergence of Risk Management Ten Predictions 2013 Looking Back Chapter 20: Everlast Financial Chapter 21: ERM Implementation Benefits of Corporate Governance and ERM Practices McKinsey & Company (2002) Brown and Caylor (2004), Cheng and Wu (2005) Hoyt and Liebenberg (2009) Standard & Poor’s (2010) ERM Implementation Requirements ERM Maturity Model Stage 1: Definition and Planning (White Belt) Stage 2: Early Development (Yellow Belt) Stage 3: Standard Practice (Green Belt) Stage 4: Business Integration (Brown Belt) Stage 5: Business Optimization (Black Belt) Other ERM Maturity Models Risk Culture Chapter 22: Role of the Board Board Oversight Requirements Current Board Practices The Last Line of Defense Chapter 23: Risk Assessment Risk Assessment Methodology Best Practice Case Studies in Risk Assessment Best–Practice Example: The Global Risk Report Appendix: Risk Assessment Self–Evaluation Checklist Chapter 24: Risk–Based Decision Making ERM Decisions and Actions Creating Value through ERM Case Study: Duke Energy Chapter 25: Dashboard Reporting Traditional Vs. Dashboard Reporting General Dashboard Applications ERM Dashboard Implementation Evolving Best Practices

JAMES LAM is widely recognized as the first ever Chief RiskOfficer and a pioneer in the field of enterprise risk management. Ina Euromoney survey, Mr. Lam was nominated by clients and peers as oneof the worlds leading risk consultants. He currently serves asPresident of James Lam Associates and Director and Chairman, RiskOversight Committee of E∗TRADE Financial. Previously, he heldpositions including Partner of Oliver Wyman, Founder and President ofERisk, Chief Risk Officer of Fidelity Investments, and Chief RiskOfficer of GE Capital Markets Services, Inc. In 1997, Mr. Lam received the inaugural Risk Manager of the Year Award from the Global Association of Risk Professionals. Treasury Risk magazine named him one of the 100 Most Influential People in Finance in 2005, 2006, and 2008.