Fundamentals of Enterprise Risk Management

How Top Companies Assess Risk, Manage Exposure, and Seize Opportunity

 Fundamentals of Enterprise Risk Management

Author: John J. Hampton
Pub Date: August 2009
Print Edition: $49.95
Print ISBN: 9780814434642
Page Count: 320
Format: Paper or Softback
e-Book ISBN: 9780814414934

Buy the book:

Buy the book thru Barnes and Noble. Buy the book thru AMAZON. Buy the book thru indiebound. Buy the eBook.
See other vendors.



Risk Quote: Keep your friends close, and your enemies closer.

—Sun-Tzu, Chinese general

and military strategist,

around 400 b.c.

Risk Quote: This was my father’s study. He taught me a lot of

things in this room. He taught me to keep my friends close and

my enemies closer.

—Michael Corleone in The Godfather (1976)

Welcome to the world of enterprise risk management (ERM), one of

the most popular and misunderstood of today’s important business

topics. It is not very complex. It is not very expensive. It does

add value. We just have to get it right. Until recently, we have been

getting it wrong.

This is really a book about risk from a new perspective. The

journey carries us into the heart of risk management and risk opportunity.

It is mostly about how to do a better job of risk identification.

If we define the problem correctly and share our findings,

we can reduce surprises—not eliminate them, mind you, but get

many of them under control.

ERM tells us it is a new world of risk. No longer is risk management

largely the purview of the chief financial officer. The risk

picture is incomplete when limited to the financial component,

which actually is the scorecard, not the driver, for risk mitigation.

This realization has encouraged new approaches to manage risk

and seize opportunity.

Organizations have two ways to address risk. The wrong way

is to assume that people can understand hundreds or even thousands

of exposures. It is not possible. Risks and opportunities must

be organized and accepted at various levels by risk owners. Our

new paradigm will show you how to structure enterprise risks.

A brief overview of the new ERM includes the following specific


s Upside of Risk. Most people discuss risk as the possibility of

loss. This is totally insufficient, as risk also has an upside. A

lost opportunity is just as much a financial loss as is damage

to people and property. This is a key insight. Ask Sun-Tzu or

Michael Corleone.

s Alignment with the Business Model. A business model is a

framework for achieving goals. Within it, a single manager can

supervise only a limited span of subordinates or subsidiaries.

Similarly, one person can oversee a limited number of risks

and key initiatives. ERM encourages us to align the hierarchy

of risk categories with the business model.

s Risk Owners. As someone is accountable for revenues, profits,

and efficiency, a single person should be responsible for every

category of risk. When questions arise, then, we will not have

to deal with a committee or multiple individuals. We will go

directly to the risk owner. We will see an exception to this

guideline in Part Three, where we address risks with no single

risk owner.

s Central Risk Function. Although risks cannot be managed centrally,

organizations need a central risk function. The role is to

scan for changing conditions from a central vantage point and

to share the findings with risk owners. In addition, some risks

cross units and responsibilities, so that risk can be overlooked.

In a change to traditional thinking, this book argues that such

a central risk function should not, itself, have any responsibility

for risk management. Risk goes with the risk owners. Risks

that cross units or responsibilities are identified centrally and

dealt with using customized solutions.

s High-Tech ERM Knowledge Warehouse. ERM encourages the

use of new technologies to clarify risks and opportunities. This

book describes in detail a cutting-edge technology platform to

help understand risk mitigation efforts and the status of risk


The book is organized into five parts, starting with the basics of a

new approach to ERM:

s Part One—Essentials of Enterprise Risk Management. We

first ask several important questions: What is ERM? What is

not ERM? What are the key components needed to manage

enterprise risk? Why do we need a central risk function and

risk identification and sharing using a high-tech platform?

Then, we address black swans, unexpected and unforeseen

major crises or disaster that are virtually unpredictable. Where

do black swans fit into the ERM picture? How could we have

highly developed ERM in place in financial institutions and still

have the 2008 financial crisis?

s Part Two—ERM Technology. This is big. We finally are getting

the technology to visualize risk relationships and to back up

the view with supporting detail. Here we cover the elements of

an ultramodern technology platform that brings together risks,

the factors that affect them, and the status of activities to mitigate

them. We employ a tool, seamless and easy to use, which

has been developed by a company called Riskonnect. Large

companies have or will soon have their own systems. Other

vendors are likely to enter the market.

s Part Three—Risks Without Risk Owners. Some risks depend

upon collaboration, crossing, as they do, the silos of the modern

bureaucracy. With a central risk function and modern technology,

we deal with such risks. We start with strategic risk.

How do we monitor conflicting plans and goals? We address

subculture risk, in which beliefs, assumptions, biases, and weak

management practices endanger success. We recognize leadership

risk, where the absence of a clear and achievable vision

can be destructive. We acknowledge life cycle risk; a failure to

understand this can be devastating. Finally, we deal with horizon

risk to keep everyone informed on changing external conditions.

s Part Four—ERM Stories. Risk management is a broad-brush

category, with the details often filled in by a focus on narrower

topics. Our stories range from avoiding business disruption to

a discussion of the future of ERM. What are different applications?

How does ERM relate to Sarbanes-Oxley? Where do we

find new risk management concepts? In this part, we present

stories of ERM.

s Part Five—The People of Risk Management. Risk management

is a people business. It takes knowledge, street smarts,

and experience to do it right. Now we get up close and personal,

introducing by name risk influencers and managers. In addition,

we describe the positions and skills needed for ERM as we

listen to ideas directly from individuals who advocate ERM.

Our journey covers a mixture of concepts, tools, and stories that

add richness and depth to managing enterprise risk. ERM is both

popular and misunderstood, but, as we have said, it is not very

complex. It is not very expensive. It does add value. We just have

to get it right. Is ERM a science? An art? A mystery? Or is it plain

old common sense? In the following pages we answer these questions.


Before we begin the journey, we wish to acknowledge the many

people who contributed to this book. Ellen Thrower, former president

of the College of Insurance in New York City, showed me the

importance of risk management as a tool for dealing with hazard

risk. Chris Mandel and Susan Meltzer, former presidents of the

Risk and Insurance Management Society (RIMS), encouraged me

to understand risk from a holistic viewpoint. Felix Kloman and

Beaumont Vance were role models for creativity in risk discussions.

Nathan Sambul, formerly with Marsh, and Valery Vyatkin,

my Russian partner, contributed ideas that shaped the book. Bob

Morrell, CEO of Riskonnect,was inspirational in his work to build

technology to support a new approach to ERM. MBA candidates at

Saint Peter’s College in New Jersey served as test subjects for readings.

Their projects and ideas contributed heavily to the evolution

of my thinking as the book went through six revisions.

Thanks also to an assortment of critical thinkers and risk practitioners,

including Lance Ewing, John Bayeux, George Niwa, Paul

Buckley, Roger Egan, Pat Gallagher, Laurie Brooks, Ralph Russo,

Anthony Terracciano, and Tom Ruggieri. Thanks also to Business

Insurance magazine. Regis Coccia seeks the highest quality understanding

of risk. Marty Ross and Paul Winston have been totally

supportive of all our efforts. Finally, thanks to Bob Shuman, Mike

Sivilli, Jerilyn Famighetti, and Jeremiah Binnbaum of AMACOM

books. Bob understood immediately the message of the book and

was a wise and steady motivator to tell it as best I can. Mike was a

pleasant surprise as he guided me through the editorial/production

process to completion of the book. Jerilyn did a marvelous job

of smoothing out rough spots and bringing clarity to the writing

during the copyediting stage.

Last but not least, my administrative assistant, Mary Sullivan,

and my graduate assistants, Juan Peng (Adele) and Yu Miao

(Grace), were invaluable in creating the final product. My bride,

Doreen, a book author in her own right, read the final three manuscripts

and contributed many suggestions to help people understand

the key points.

John J. Hampton

Litchfield, Connecticut

January 2009

Search the full text of this book


Order Now!

For single copy purchases of any AMACOM title, you can connect directly to the online retailer of your choice, from the list below, to buy the title you have selected. Most of our links will take you directly to that title on the site, making your shopping experience easier. You can also visit your local retailer, and if the book is not on their shelves they can special order it for you.

Retailers: Please contact us to change or add a listing.

Buying in Bulk?

We have very competitive discounts starting at 5 copies, as well as personal service, for bulk orders. Simply contact our Special Sales Department. Call 800-250-5308 or 212-903-8420 and ask for Special Sales. You can also email: