eBook - ePub
Enterprise Risk Management
David L Olson, Desheng Dash Wu
This is a test
Share book
- 244 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Enterprise Risk Management
David L Olson, Desheng Dash Wu
Book details
Book preview
Table of contents
Citations
About This Book
Risk is inherent in business. Without risk, there would be no motivation to conduct business. But a key principle is that organizations should accept risks that they are competent enough to deal with, and “outsource” other risks to those who are more competent to deal with them (such as insurance companies). Enterprise Risk Management (2nd Edition) approaches enterprise risk management from the perspectives of accounting, supply chains, and disaster management, in addition to the core perspective of finance. While the first edition included the perspective of information systems, the second edition views this as part of supply chain management or else focused on technological specifics. It discusses analytical tools available to assess risk, such as balanced scorecards, risk matrices, multiple criteria analysis, simulation, data envelopment analysis, and financial risk measures.
Request Inspection Copy
Contents: -->
Readership: Researchers interested in enterprise risk management; advanced undergraduates and graduates in business.
Key Features:
- Addresses the perspectives of accounting, supply chains, and disaster management
- Discusses analytical tools available to assess risk, allowing better informed managerial decision making
- Contains cases on Irish banking, various supply chain risk management events, and earthquake disaster response in China
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoās features. The only differences are the price and subscription period: With the annual plan youāll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Enterprise Risk Management an online PDF/ePUB?
Yes, you can access Enterprise Risk Management by David L Olson, Desheng Dash Wu in PDF and/or ePUB format, as well as other popular books in Betriebswirtschaft & Operations. We have over one million books available in our catalogue for you to explore.
Information
Chapter 1
Enterprise Risk Management
A description of ERM is provided in a globalization context, with subsequent chapters providing:
Financial perspectives
Accounting perspectives
Supply chain perspectives
Disaster management perspectives
Types of risk are reviewed
In terms of opportunity
Types of business risks
Strategic risks
A risk management framework and review process is presented
Risk management process is discussed
1.1Introduction
All human endeavors involve uncertainty and risk. Organizations face emergencies and crises, which have been categorized into three categories: natural disasters, malicious activities, and systemic failures of human systems.1 Events such as earthquakes, floods, fires and hurricanes are manifestations of the majesty of nature. Recent events to include the tsunami in the Indian Ocean and Hurricane Katrina in New Orleans in 2005 demonstrate how powerless humans can be in the face of nature. There have been mine accidents in Chile,2 and earthquakes in China3 and Japan.4
Malicious acts are intentional on the part of fellow humans who are either excessively competitive or who suffer from character flaws. Examples include Tylenol poisonings of 1982, placing syringes in Pepsi cans in 1993, bombing the World Trade Center in 1993, Sarin gas attacks in Tokyo in 1995, terrorist destruction of the World Trade Center in New York in 2001, and corporate scandals within Enron, Andersen, and WorldCom in 2001. More recent malicious acts include terrorist activities in Spain in 2004, London in 2005, and Mumbai in 2008.5 In the financial realm, the Ponzi scheme of Bernard Madoff uncovered in 2009.6 Wars fall within this category, although our perceptions of what is sanctioned or malicious are colored by our biases. Criminal activities such as product tampering or kidnapping and murder blend are clearly not condoned. Acts of terrorism are less easily classified, as what is terrorism to some of us is expression of political behavior to others. Similar gray categories exist in the business world. Marketing is highly competitive, and positive spinning of your product often tips over to malicious slander of competitor products. Malicious activity has even arisen within the area of information technology, in the form of identity theft or tampering with company records.
The third category is probably the most common source of crises: unexpected consequences arising from overly complex systems.7 Recently the Fukushima earthquake demonstrated the risk involved with complex systems releasing radioactive material after the Sendai earthquake of 2011.8 Power systems9 are complex inter-connected system, with interactions involving pollution generation along with power generation, all subject to risk from natural disaster. Water systems also involve interconnected systems of critical import, threatened by natural disaster and global warming.10
1.1.1Globalization and risk
Globalization has played a major role in expanding the opportunities for many manufacturers, retailers, and other business organizations to be more efficient. The tradeoff has always been the cost of transportation, as well as the added risk of globalizing.
In 2010 the Eyjafjallajokull volcano in Iceland shut down transportation across most of Europe. Many Europeans got to spend a full week waiting for some means to travel across Europe. Supply chains were also disrupted, as transportation (logistics) is key to linking production facilities in supply chains. Many in Europe found their supermarkets short of fresh fruit and flowers, and supply chains relying upon Asian source material were disrupted. Supply chains often depend on optimized lean manufacturing, requiring just-in-time delivery of components. These systems are optimized, which means elimination of slack to cover contingencies such as volcanic disruption of air flight.11
On March 11, 2011, an earthquake north of Tokyo led to a catastrophic tsunami that destroyed most of a rich area of advanced technology manufacturing. It also severely damaged a nuclear power plant, which at the time of writing still saw damage control efforts. While the worst impact was in terms of Japanese lives, there also was major impact on many of the worldās supply chains. Organizations such as Samsung, Ford Motor Company, and Boeing found production disrupted due to lack of key components from Japan. Japanese plants produced about 20 percent of the semiconductors used worldwide, and double that for electronic components. Toshiba produced one-quarter of the nano flash chips used. On March 14, 2011, Toshiba had to halt operations due to power outages.
1.2ERM History
The concept of enterprise risk management (ERM) developed in the mid-1990s in industry. Risk management begins with finance, focusing on how to avoid bankruptcy in dynamic environments. Concepts such as Value at Risk (VaR) are used to manage investments, providing triggers to seek sufficient liquidity to cover investments that might decline in value during some periods. The field of risk management grew with deregulation of financial institutions, as well as problems with some publicly traded organizations. There are many risk management frameworks, to include that of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2004. COSO is a leading accounting standards organization in the U.S. ERM is a systematic, integrated approach to managing all risks facing an organization.12 It focuses on board supervision, aiming to identify, evaluate, and manage all major corporate risks in an integrated framework. It was undoubtedly encouraged by traumatic events such as 9/11/2001 and business scandals to include Enron and WorldCom.13But consideration of risk has always been with business, manifesting itself in medieval coffee houses such as Lloydās of London, spreading risk related to cargos on the high seas.
The field of insurance developed to cover a wide variety of risks, related to external and internal risks covering natural catastrophes, accidents, human error, and even fraud. Financial risk has been controlled through hedge funds and other tools over the years, often by investment banks. With time, it was realized that many risks could be prevented, or their impact reduced, through loss-prevention and control systems, leading to a broader view of risk management.
Contingency management has been widely systematized in the military, although individual leaders have practiced various forms for millennia. Systematic organizational planning recently has been observed to include scenario analysis, giving executives a means of understanding what might go wrong, giving them some opportunity to prepare reaction plans. A complicating factor is that organization leadership is rarely a unified whole, but rather consists of a variety of stakeholders with potentially differing objectives.
Enterprise risks are inherently part of corporate strategy. Thus consideration of risks in strategy selection can be one way to control them. ERM can be viewed as top-down by necessity for this reason. For example, currency risk arises because a company chose to involve itself in international activity. Divestment (and incorporation) often arises from desires to obtain legal protection as a means to reduce risk. An example was the formation of Alyeska Pipeline Service Company in 1970 to build and service the Alaska pipeline.
The book will look at risk management from four perspectives, each of which will be treated in a chapter in Part I. These perspectives are financial, accounting, supply chain, and disaster management.
1.3What is ERM?
The Treadway Commission gives the following definition:
āEnterprise risk management is a process, effected by an entityās board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. (COSO, 2004, p. 2)ā14
Management has the role of establishing strategic objectives, selecting strategy, and setting objectives for implementation. COSO sees four objectives:
ā¢Strategic ā high-level goals to support organizational mission
ā¢Operations ā seeking efficient and effective use of resources
ā¢Reporting ā seeking reliability in communications
ā¢Compliance ā assuring laws and regulations are complied with.
COSO sees eight interrelated components of ERM:
1.Internal environment ā organizational tone as the basis for how risk is viewed, to include risk management philosophy and risk appetite, ethics and integrity.
2.Objective settingāprocess for setting objectives to support the organizationās mission consistent with their risk appetite.
3.Event identification ā monitoring and distinguishing between risks and opportunities, feeding back opportunities to modify strategy.
4.Risk assessment ā analysis considering likelihood and impact.
5.Risk response ā avoid, accept, reduce, or share risk in light of organization risk tolerance and risk appetite.
6.Control activities ā policies and procedures to ensure risk responses are effectively implemented.
7.Information and communication ā identification, capture, and communication of relevant information in a form...