John J. Hampton - Fundamentals of Enterprise Risk Management: How Top Companies Assess Risk, Manage Exposure, and Seize Opportunity

FUNDAMENTALS OF

Second Edition

American Management Association www.amanet.org

FUNDAMENTALS OF

How Top Companies Assess Risk, Manage
Exposure, and Seize Opportunity

Second Edition

John J. Hampton

American Management Association

New York Atlanta Brussels Chicago Mexico City San Francisco
Shanghai Tokyo Toronto Washington, D.C.

Bulk discounts available.
For details visit: www.amacombooks.org/go/specialsales
Or contact special sales:
Phone: 800-250-5308
Email: specialsls@amanet.org
View all the AMACOM titles at: www.amacombooks.org
American Management Association: www.amanet.org

This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought.

Library of Congress Cataloging-in-Publication Data
Hampton, John J.

Fundamentals of enterprise risk management : how top companies assess risk, manage exposure, and seize opportunity / John J. Hampton.Second edition.

pages cm

Includes bibliographical references and index.

ISBN-13: 978-0-8144-4903-5 (alk. paper)

ISBN-10: 0-8144-4903-4 (alk. paper)

ISBN-13: 978-0-8144-4904-2 (ebook)

ISBN-10: 0-8144-4904-2 (ebook)

1. CorporationsFinance. 2. Risk assessment. 3. Risk management. I. Title. HG4026.H274 2015

658.155dc23

2014009521

2015 John J. Hampton.

All rights reserved.

Printed in the United States of America.

This publication may not be reproduced, stored in a retrieval system, or transmitted in whole or in part, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of AMACOM, a division of American Management Association, 1601 Broadway, New York, NY 10019.

The scanning, uploading, or distribution of this book via the Internet or any other means without the express permission of the publisher is illegal and punishable by law. Please purchase only authorized electronic editions of this work and do not participate in or encourage piracy of copyrighted materials, electronically or otherwise. Your support of the authors rights is appreciated.

About AMA

American Management Association (www.amanet.org) is a world leader in talent development, advancing the skills of individuals to drive business success. Our mission is to support the goals of individuals and organizations through a complete range of products and services, including classroom and virtual seminars, webcasts, webinars, podcasts, conferences, corporate and government solutions, business books and research. AMAs approach to improving performance combines experiential learninglearning through doingwith opportunities for ongoing professional growth at every step of ones career journey.

Printing number

10 9 8 7 6 5 4 3 2 1

To Doreen, a steady source of support through seven versions of this book and an editor of the final three versions.

To Alex Tango, of Freehold, New Jersey, a rising young risk manager.

To Mary Sullivan, of Saint Peters University, an amazing person who understands risk firsthand and who deals with it every time.

To Professor Elaine Ognibene, who changed my writing style just in time for this book.

RISK QUOTE: Keep your friends close, and your enemies closer.

SUN-TZU, CHINESE GENERAL AND MILITARY STRATEGIST, AROUND 400 B.C.E.

RISK QUOTE: This was my fathers study. He taught me a lot of things in this room. He taught me to keep my friends close and my enemies closer.

MICHAEL CORLEONE IN THE GODFATHER (1976)

Welcome to the world of enterprise risk management (ERM), one of the most popular and misunderstood of todays important business topics. It is not very complex. It is not very expensive. It does add value. We just have to get it right. Until recently, businesses have been getting it wrong.

The first edition of this book carried us into the heart of risk management. It was mostly about how to do a better job of risk identification. If we define the problem correctly, we reduce surprisesnot eliminate them, mind you, but get many of them under control.

This book continues our journey with massive updates. Risk management has changed dramatically since the 2008 financial crisis. Recent developments in technology and communications demand new approaches to manage risk and seize opportunity. They still build on the basic structure of ERM.

Upside of Risk. Most people discuss risk as the possibility of loss. This is totally insufficient because risk has an upside. A lost opportunity is just as much a financial loss as is damage to people and property. This is a key insight. Ask Sun-Tzu or Michael Corleone.

Alignment with the Business Model. Within a framework for achieving goals, a single manager can supervise directly only a limited span of subordinates. Similarly, one person can oversee a limited number of risks. ERM encourages us to create a hierarchy of risk categories aligned with the business model.

Risk Owners. A single person should be responsible for every category of risk. When questions arise, we go directly to the risk owner. We will see an exception to this guideline in Part Three, where we address risks with no single risk owner.

Central Risk Function. Although risks cannot be managed centrally, a central risk function acknowledges that some risks cross units and responsibilities. The function influences risk decisions by scanning for changing conditions from a central vantage point and sharing findings. This book argues that a central risk function should not, itself, have responsibility for management decisions. Risk goes with the risk owners.

High-Tech Electronic Platform (HTEP). ERM encourages the use of new technologies. This book describes a cutting-edge technology and a revolutionary way to use it. The results are amazing.

The book is organized in four parts:

1. Part One. Essentials of Enterprise Risk Management. What is ERM? What is not ERM? What are its key components? Why do we need a central risk function, risk identification, a high-tech platform? We address risk management successes and failures and cover lessons learned since the original publication of this book.