Hopkin - Fundamentals of risk management understanding, evaluating and implementing effective risk management

Fundamentals of Risk Management

To a safe, secure and sustainable future

Fifth Edition

Understanding, evaluating and implementing effective risk management

Paul Hopkin

Publishers note

Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publishers and authors cannot accept responsibility for any errors or omissions, however caused. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the editor, the publisher or any of the authors.

First published in Great Britain and the United States in 2010 by Kogan Page Limited

Fifth edition 2018

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licences issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned addresses:

2nd Floor, 45 Gee Street

London

EC1V 3RS

United Kingdom

c/o Martin P Hill Consulting

122 W 27th St, 10th Floor

New York, NY 10001

USA

4737/23 Ansari Road

Daryaganj

New Delhi 110002

India

www.koganpage.com

The Institute of Risk Management, 2010, 2012, 2014, 2017, 2018

The right of The Institute of Risk Management to be identified as the author of this work has been asserted by them in accordance with the Copyright, Designs and Patents Act 1988.

ISBN 978 0 7494 8307 4

E-ISBN 978 0 7494 8308 1

Typeset by Integra Software Services, Pondicherry

Print production managed by Jellyfish

Printed and bound by CPI Group (UK) Ltd, Croydon, CR0 4YY

1. 1. Risk likelihood and magnitude
2. 1. Tsogo Sun: Risk management process
3. 1. Guide Dogs NSW/ACT: List of major residual risks
4. 1. 23 Control of selected hazard risks
5. 1. 27 Risk practitioner competencies
6. 1. 31 Project risk management
7. 1. 35 Internal audit activities

1. Figure 16.3 Hazard risk zones
2. Figure 35.2 Governance, risk and compliance

1. Table 10.4 Advantages and disadvantages of RA techniques
2. Table 22.2 Historical role of the insurance risk manager
3. Table 32.1 Risks associated with outsourcing

Importance of enterprise risk management

Organizations face an increasingly challenging and complex environment in which to undertake their activities. Since the fourth edition of this textbook, the consequences of the global financial crisis have continued to challenge public-, private- and third-sector organizations. To add further complexity, the second decade of the 21st century has been marked by political instability in many parts of the world and the recent decision of the United Kingdom to exit the European Union has added further global uncertainty.

It is within this increasingly uncertain environment that organizations are required to deliver higher stakeholder expectations, whilst fulfilling greater corporate governance requirements in relation to ethical and social responsibility. For example, legislation has been introduced in many countries to broaden the scope of requirements regarding management of bribery risk and the avoidance of modern slavery.

Given all these developments, the updating of this textbook to place greater emphasis on the importance of enterprise risk management (ERM) to organizational success is very timely. Successful ERM, including the protection of corporate reputation, continues to be a business imperative for all organizations. A successful ERM initiative enhances the ability of an organization to achieve objectives and ensure sustainability, based on transparent and ethical behaviours.

The Institute of Risk Management (IRM) has long supported the development of ERM, as a contribution to development and delivery of successful business models and strategy for all types of organizations. The training courses and qualifications offered by the IRM enable risk professionals and others to support their employer and/or clients in achieving maximum benefit from an ERM initiative.

Although this textbook has been designed specifically for the IRM International Certificate in Enterprise Risk Management, the contents outline approaches to achieving successful ERM that will support any type of organization in their efforts to deliver corporate objectives and satisfy stakeholder expectations. This textbook is a valuable resource for all organizations and anyone with an interest in risk management.

Ian Livsey is Chief Executive at the Institute of Risk Management, risk managements leading worldwide professional education, training and knowledge body. Further information about the Institute and the International Certificate is available from the IRM website, www.theirm.org.

The risk management profession and the expertise of risk professionals continues to develop in line with the ever-increasing expectations placed on risk managers and risk consultants. Many more organizations have appointed individuals with the job title chief risk officer (CRO) and this development has increased the need for robust professional qualifications and designations for risk management practitioners.

Given the ever-increasing complexity of the business environment, it is not surprising that production of the fifth edition of Fundamentals of Risk Management became necessary, just 18 months after production of the fourth edition. The importance and contribution of risk management continues to increase and centres of risk management expertise and excellence continue to thrive in all business sectors, whether private, public or third sector.

Lectures, seminars, special interest groups and other group meetings, as well as one-to-one conversations with risk specialists assisted with the updating of this book. It is clear that ideas and experiences related to enterprise risk management are continuing to expand. New guidance from COSO, together with an updated version of ISO 31000 have recently been published and the level of knowledge and expertise involved in the production of these risk management standards proved to be a very valuable source of information for the revision of the book.

The main challenge in producing the fifth edition of this textbook has been to align the material in the book more closely with the syllabus of the IRM qualifications in Enterprise Risk Management (ERM). When undertaking this task, I have received considerable help and support from colleagues at the Institute of Risk Management (IRM), as well as many insightful comments from risk professionals working as presenters and lecturers on IRM training and teaching courses.

I continue to be grateful to the large number of people who have helped with the development of the ideas presented and discussed in this book. I am sure that developments in risk management will continue apace and keeping abreast of developments and enhancements to risk management theory and practice will remain a challenge for risk management practitioners, all of whom are seeking to bring the benefits of enhanced risk management to their employer and/or client organizations.