Expert answer:DMM623 Types of Controls for Hazard Risks and Cont

  

Solved by verified expert:Hopkin presents a diagram of types of controls for hazard risks (Figure 27.1 , page 246). He then offers a description of types of hazard controls in Tables 28.1 (p. 255 ) and 28.2 (p. 255). Select one of the control categories from Table 28.1 and discuss how it contributes to risk control. Provide an example from your experience that reflects the effectiveness of the control you have selected. If you don’t have such an example, discuss its potential impact in general terms.APA style 650 words
fundamentalsofriskmanagement.pdf

Unformatted Attachment Preview

Don't use plagiarized sources. Get Your Custom Essay on
Expert answer:DMM623 Types of Controls for Hazard Risks and Cont
Just from $10/Page
Order Essay

i
Fundamentals
of Risk
Management
ii
THIS PAGE IS INTENTIONALLY LEFT BLANK
iii
Fundamentals
of Risk
Management
Understanding, evaluating
and implementing effective
risk management
Paul Hopkin
iv
Publisher’s note
Every possible effort has been made to ensure that the information contained in this book is accurate at
the time of going to press, and the publishers and authors cannot accept responsibility for any errors or
omissions, however caused. No responsibility for loss or damage occasioned to any person acting, or
refraining from action, as a result of the material in this publication can be accepted by the editor, the
publisher or any of the authors.
First published in Great Britain and the United States in 2010 by Kogan Page Limited.
Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced,
stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licences issued by the
CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the
undermentioned addresses:
120 Pentonville Road
London N1 9JN
United Kingdom
www.koganpage.com
525 South 4th Street, #241
Philadelphia PA 19147
USA
4737/23 Ansari Road
Daryaganj
New Delhi 110002
India
© The Institute of Risk Management, 2010
The right of The Institute of Risk Management to be identified as the author of this work has been
asserted by them in accordance with the Copyright, Designs and Patents Act 1988.
ISBN 978 0 7494 5942 0
E-ISBN 978 0 7494 5943 7
British Library Cataloguing-in-Publication Data
A CIP record for this book is available from the British Library.
Library of Congress Cataloging-in-Publication Data
Hopkin, Paul.
Fundamentals of risk management : understanding, evaluating, and implementing effective risk management / Paul Hopkin.
p. cm.
Includes index.
ISBN 978-0-7494-5942-0 — ISBN 978-0-7494-5943-7 (ebook) 1. Risk management. I. Title.
HD61.H567 2010
658.15’5–dc22
2009046006
Typeset by Saxon Graphics Ltd, Derby
Printed and bound in India by Replika Press Pvt Ltd
v
Dedication
Michael, David and Kathy
vi
THIS PAGE IS INTENTIONALLY LEFT BLANK
vii
Contents
Dedication
List of Figures
List of Tables
Preface
Acknowledgements
Introduction
Part 1
v
xvii
xix
xxiii
xxv
1
Introduction to risk management
Learning outcomes for Part 1
Part 1 Further reading
9
9
10
1
Approaches to defining risk
Definitions of risk
Types of risks
Risk description
Inherent level of risk
Risk classification systems
Risk likelihood and magnitude
11
11
13
14
16
16
17
2
Impact of risk on organizations
Risk importance
Impact of hazard risks
Attachment of risks
Risk and reward
Risk and uncertainty
Attitudes to risk
20
20
21
22
23
25
26
viii
Contents
3
Types of risks
Timescale of risk impact
Hazard, control and opportunity risks
Hazard tolerance
Management of hazard risks
Uncertainty acceptance
Opportunity investment
28
28
29
31
32
33
34
4
Development of risk management
Origins of risk management
Insurance origins of risk management
Specialist areas of risk management
Enterprise risk management
Levels of risk management sophistication
Risk maturity models
36
36
40
41
42
43
45
5
Principles and aims of risk management
Principles of risk management
Importance of risk management
Risk management activities
Efficient, effective and efficacious
Perspectives of risk management
Implementing risk management
46
46
47
48
49
50
52
6
Risk management standards
Scope of risk management standards
Risk management process
Risk management framework
COSO ERM cube
Features of RM standards
Control environment approach
53
53
56
56
58
59
62
Case study: Barclays Bank – risk management objectives
63
Risk strategy
Learning outcomes for Part 2
Part 2 Further reading
65
65
66
Part 2
Contents
ix
7
Risk management policy
Risk architecture, strategy and protocols
Risk management policy
Risk management architecture
Risk management strategy
Risk management protocols
Risk management guidelines
67
67
69
72
72
73
74
8
Risk management documentation
Record of risk management activities
Risk response and improvement plans
Event reports and recommendations
Risk performance and certification reports
Designing a risk register
Using a risk register
76
76
77
78
79
79
83
9
Risk management responsibilities
Allocation of responsibilities
Risk management and internal audit
Range of responsibilities
Statutory responsibilities of management
Role of the risk manager
Chief risk officer (CRO)
87
87
88
88
90
92
93
10
Risk architecture and structure
Risk architecture
Corporate structure
Risk committees
Risk communications
Risk maturity
Alignment of activities
95
95
97
98
100
101
103
11
Risk-aware culture
Styles of risk management
Defining risk culture
Components of a risk-aware culture
Measuring risk culture
104
104
105
106
107
x
Contents
Risk culture and risk strategy
Establishing the context
108
108
Risk training and communication
Risk training and risk culture
Risk information and communication
Shared risk vocabulary
Risk information on an intranet
Risk management information systems (RMIS)
Consistent response to risk
110
110
111
112
113
113
115
Case study: Tesco – risk management responsibilities
117
Risk assessment
Learning outcomes for Part 3
Part 3 Further reading
119
119
120
13
Risk assessment considerations
Importance of risk assessment
Approaches to risk assessment
Risk assessment techniques
Risk matrix
Risk perception
Risk appetite
121
121
122
123
125
126
127
14
Risk classification systems
Short, medium and long-term risks
Purpose of risk classification systems
Examples of risk classification systems
FIRM risk scorecard
PESTLE risk classification system
Hazard, control and opportunity risks
131
131
132
132
134
135
137
15
Risk likelihood and impact
Application of a risk matrix
Inherent and current level of risk
Control confidence
140
140
141
143
12
Part 3
Contents
xi
4Ts of risk response
Risk significance
Risk capacity
143
144
146
16
Loss control
Risk likelihood
Risk magnitude
Hazard risks
Loss prevention
Damage limitation
Cost containment
148
148
149
150
151
152
152
17
Defining the upside of risk
Upside of risk
Opportunity assessment
Riskiness index
Upside in strategy
Upside in projects
Upside in operations
154
154
156
157
160
161
162
18
Business continuity planning
Importance of BCP and DRP
Business continuity standards
Successful BCP and DRP
Business impact analysis (BIA)
BCP and ERM
Civil emergencies
163
163
164
166
168
168
169
Case study: Invensys – risks and uncertainties
171
Risk and organizations
Learning outcomes for Part 4
Part 4 Further reading
173
173
174
Corporate governance model
Corporate governance
OECD principles of corporate governance
175
175
176
Part 4
19
xii
Contents
LSE corporate governance framework
Corporate governance for a bank
Corporate governance for a government agency
Evaluation of board performance
177
179
180
182
20
Stakeholder expectations
Range of stakeholders
Stakeholder dialogue
Stakeholders and core processes
Stakeholders and strategy
Stakeholders and tactics
Stakeholders and operations
185
185
186
188
189
189
190
21
Analysis of the business model
Simplified business model
Core business processes
Efficacious strategy
Effective processes
Efficient operations
Reporting performance
192
192
193
194
195
196
196
22
Project risk management
Introduction to project risk management
Development of project risk management
Uncertainty in projects
Project life cycle
Opportunity in projects
Project risk analysis and management
198
198
199
200
200
202
202
23
Operational risk management
Operational risk
Definition of operational risk
Basel II
Measurement of operational risk
Difficulties of measurement
Developments in operational risk
205
205
206
207
208
210
212
Contents
24
xiii
Supply chain management
Importance of the supply chain
Scope of the supply chain
Strategic partnerships
Joint ventures
Outsourcing of operations
Risk and contracts
214
214
215
216
217
217
219
Case study: Hercules Incorporated – outsourcing logistics
221
Part 5
Risk response
Learning outcomes for Part 5
Part 5 Further reading
223
223
224
25
Enterprise risk management
Enterprise-wide approach
Definitions of ERM
ERM in practice
ERM and business continuity
ERM in energy and finance
Future development of ERM
225
225
226
227
229
229
231
26
Importance of risk appetite
Risk capacity
Risk exposure
Nature of risk appetite
Cost of risk controls
Risk management and uncertainty
Risk appetite and lifestyle decisions
233
233
235
236
239
240
242
27
Tolerate, treat, transfer and terminate
The 4Ts of hazard response
Risk tolerance
Risk treatment
Risk transfer
Risk termination
Project and strategic risk response
244
244
248
248
249
250
250
xiv
Contents
28
Risk control techniques
Hazard risk zones
Types of controls
Preventive controls
Corrective controls
Directive controls
Detective controls
253
253
254
257
258
258
259
29
Control of selected hazard risks
Risk control
Control of financial risks
Control of infrastructure risks
Control of reputational risks
Control of marketplace risks
Learning from controls
261
261
262
265
270
272
273
30
Insurance and risk transfer
Importance of insurance
History of insurance
Types of insurance cover
Evaluation of insurance needs
Purchase of insurance
Captive insurance companies
277
277
278
279
281
282
284
Case study: Intercontinental Hotels Group – loss-control strategy
287
Risk assurance and reporting
Learning outcomes for Part 6
Part 6 Further reading
289
289
290
Evaluation of the control environment
Nature of internal control
Purpose of internal control
Control environment
Features of the control environment
CoCo framework of internal control
Risk-aware culture
291
291
292
293
295
296
298
Part 6
31
Contents
xv
32
Activities of the internal audit function
Scope of internal audit
Financial assertions
Risk management and internal audit
Risk management outputs
Role of internal audit
Management responsibilities
299
299
299
300
302
302
304
33
Risk assurance techniques
Audit committees
Role of risk management
Risk assurance
Hazard, control and opportunity risks
Control risk self-assessment
Benefits of risk assurance
306
306
308
309
310
311
312
34
Reporting on risk management
Risk documentation
Sarbanes–Oxley Act of 2002
Risk reports by US companies
Charities risk reporting
Public sector risk reporting
Government Report on National Security
313
313
314
315
317
318
320
35
Corporate social responsibility
CSR and corporate governance
CSR and risk management
CSR and reputational risk
CSR and stakeholder expectations
Supply chain and ethical trading
CSR reporting
321
321
322
323
323
324
326
36
Future of risk management
Review of benefits of risk management
Steps to successful risk management
Changing face of risk management
Concept of risk appetite
327
327
328
331
332
xvi
Contents
Concept of upside of risk
Future developments
333
334
Case study: BP – risk reporting
336
Appendix A: Glossary of terms
Appendix B: Implementation guide
Index
338
348
351
xvii
Figures
1.1
2.1
2.2
4.1
4.2
6.1
6.2
6.3
6.4
6.5
10.1
10.2
13.1
13.2
15.1
15.2
15.3
18.1
19.1
19.2
20.1
21.1
22.1
26.1
26.2
26.3
Risk likelihood and magnitude
Attachment of risks
Risk and reward
7Rs and 4Ts of (hazard) risk management
Risk management sophistication
IRM risk management process
Components of an RM framework
COSO ERM framework
Risk management framework from BS 31100
Risk management process from ISO 31000
RM architecture for a large corporation
RM architecture for a charity
Risk appetite matrix (risk averse)
Risk appetite matrix (risk aggressive)
Personal risk matrix
Risk matrix and the 4Ts of hazard management
Inherent, current and target levels of risk
Model for business continuity planning
Corporate governance framework
Corporate governance in a government agency
Importance of core processes
Simplified business model
Project life cycle
Risk and uncertainty
Risk appetite, exposure and capacity (optimal)
Risk appetite, exposure and capacity (vulnerable)
18
22
24
40
44
55
57
58
60
61
96
97
128
128
140
141
142
165
178
180
188
193
201
234
237
238
xviii
26.4
26.5
27.1
27.2
27.3
28.1
29.1
29.2
29.3
29.4
30.1
31.1
32.1
Figures
Illustration of control effect
Risk management and uncertainty
Types of controls for hazard risks
Risk versus uncertainty in projects
Risk versus reward in strategy
Hazard risk zones
Cost-effective controls
Cost–benefit analysis
Learning from controls
Risk and reward decisions
Role of captive insurance companies
Criteria of Control (CoCo) framework
Role of internal audit in ERM
239
241
246
251
252
254
262
274
275
276
285
293
303
xix
Tables
1.1
1.2
3.1
4.1
4.2
4.3
5.1
6.1
6.2
7.1
7.2
7.3
7.4
8.1
8.2
8.3
8.4
8.5
9.1
9.2
10.1
10.2
11.1
12.1
12.2
13.1
Definitions of risk
Risk description
Categories of disruption
Definitions of risk management
Importance of risk management
7Rs and 4Ts of (hazard) risk management
Principles of risk management
Risk management standards
COSO ERM framework
Risk management framework
Risk management policy
Risk management protocols
Types of RM documentation
Format for a basic risk register
Risk register for a sports club
Risk register for a hospital
Project risk register
Risk register attached to a business plan
Risk management responsibilities
Historical role of the insurance risk manager
Responsibilities of the RM committee
Four levels of risk maturity
Risk-aware culture
Risk communications guidelines
Risk management information system (RMIS)
Techniques for risk assessment
12
15
31
37
38
39
47
54
59
68
70
71
74
80
81
82
84
85
89
92
99
102
106
111
114
123
xx
13.2
14.1
14.2
14.3
14.4
15.1
16.1
17.1
17.2
18.1
19.1
19.2
19.3
20.1
22.1
23.1
23.2
23.3
24.1
25.1
25.2
27.1
27.2
28.1
28.2
30.1
30.2
31.1
31.2
32.1
33.1
33.2
34.1
34.2
35.1
Tables
Advantages and disadvantages of RA techniques
Risk classification systems
Attributes of the FIRM risk scorecard
PESTLE classification system
Personal issues grid
Benchmark tests for risk significance
Generic key dependencies
Upside of risk
Riskiness index
Key activities in business continuity planning
OECD principles of corporate governance
Nolan principles of public life
Evaluating the effectiveness of the board
Data for shareholders
PRAM model for project RM
ORM principles (Basel II)
Operational risk for a bank
Operational risk in financial and industrial companies
Risks associated with outsourcing
Definitions of enterprise risk management
Benefits of enterprise risk management
Description of the 4Ts of hazard response
Key dependencies and significant risks
Description of types of hazard controls
Examples of the hierarchy of hazard controls
Different types of insurance
Identifying the necessary insurance
Definitions of internal control
Components of the CoCo framework
Allocation of responsibilities
Responsibilities of the audit committee
Sources of risk assurance
Risk report in a Form 20-F
Government risk reporting principles
Scope of issues covered by CSR
124
133
135
136
138
145
150
155
158
165
177
181
183
187
203
208
209
211
218
226
228
245
247
255
255
280
282
291
294
304
307
309
316
319
322
Tables xxi
36.1
36.2
Achieving successful risk management
Implementation barriers and actions
329
330
xxii
THIS PAGE IS INTENTIONALLY LEFT BLANK
xxiii
Preface
Benefits of enterprise risk management
A string of large and highly public organizational and Governmental failures over the past 10
years (Woolworths, Golden Wonder, Northern Rock, Citigroup, Enron and even the entire
banking system of Iceland) has focused the attention of investors, customers and regulators on
the way in which directors, managers and boards are managing risk. This has led to a greater
appreciation of the wider scope of risks facing organizations, which in turn has led to risk
management becoming a core management discipline.
Risk is everywhere and derives directly from unpredictability. The process of identifying,
assessing and managing risks brings any business full circle back to its strategic objectives: for
it will be clear that not everything can be controlled. The local consequences of events on a
global scale, such as terrorism, pandemics and credit crunches, are likely to be unpredictable.
However, they can also include the creation of new and valuable opportunities. Many of
today’s household names were born out of times of adversity.
Risk management provides a framework for organizations to deal with and to react to uncertainty. Whilst it acknowledges that nothing in life is certain, the modern practice of risk management is a systematic and comprehensive approach, drawing on transferable tools and
techniques. These basic principles are sector-independent and should improve business resilience, increase predictability and contribute to improved returns. This is particularly important given the pace of change of life today.
Risk management involves a healthy dose of both common sense and strategic awareness,
coupled with an intimate knowledge of the business, an enquiring mind and most critically
superb communication and influencing skills.
The Institute of Risk Management’s International Certificate in risk management is an introductory qualification which reflects the changing and global nature of risk management. Recognizing both the enterprise-wide (or ‘ERM’) importance of comprehensive risk management
xxiv
Preface
and the growing use of international standards (such as ISO 31000), this qualification equips
future professional risk managers with the fundamental knowledge and tools to make invaluable contributions to long-term organizational growth and prosperity.
This textbook, as well as being the core reading for the IRM International Certificate, is a valuable resource for all organizations and indeed anyone with an interest in risk management.
Sophie Williams is Deputy Chief Executive of the Institute of Risk Management, risk management’s leading worldwide professional education, training and knowledge body. Further information about the International Certificate or the Institute is available from the IRM website
www.theirm.org.
Sophie Williams
xxv
Acknowledgements
The author is grateful to a large number of people who have helped with the development of
the ideas that are included in this book. In particular, the following individuals provided considerable input into the final version:

Richard Archer;

Bill Aujla;

Steve Fowler;

Alex Hindson;

Edward Sankey;

Paul Taylor;

Carolyn Williams;

Sophie Williams.
Paul Hopkin
xxvi
THIS PAGE IS INTENTIONALLY LEFT BLANK
1
Introduction
Risk management in context
This book is intended for all who want a comprehensive introduction to the theory and application of risk management. It sets out an integrated introduction to the management of risk
in public and private organizations. Studying this book will provide insight into the world of
risk management and may also help readers decide whether risk management is a suitable
career option for them.
Many readers will wish to use this book in order to gain a better understanding of risk and risk
management and thereby fulfil the primary responsibilities of their jobs with an enhanced
understanding of risk. This book is designed to deliver the syllabus of the International Certificate in Risk Management qualification of the Institute of Risk Management. However, it
also acts as an introduction to the discipline of risk management for those interested in the
subject but not (yet) undertaking a course of study.
An introduction to risk and risk management is provided in the first Part of this book and the
key features of risk ma …
Purchase answer to see full
attachment

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 30% with the discount code ESSAYSHELP