Author: Gregory H. Duckert
“Practical Enterprise Risk Management“, builds logically from corporate governance and indicates several shortcomings, mainly system implementation. Then, the actual story of risk and ERM begins.
In this, the author curses against everything for a subjective assessment of chance, impact, and related conclusions. He swears by cold facts and data. In this way, he comes to the idea that risk assessment is about management. Risk management is an unmissable tool in this. After an overview of the types of risks, he shows us how we should perceive risks objectively. He speaks about a data-centered model where it is possible to keep track based on all company data and make benchmarks for your own company.
By introducing the concept of KRI (key risk indicators) instead of KPI (key performance indicators) linked to the outcome of the processes rater than the output. Combining this with several analysis techniques such as trends, ratios, thresholds, etc., makes it possible to build historical data. As a result, this will help us to find triggers of things that go wrong, with root-cause analysis. Then, measures can be defined and implemented.
In addition, it is possible to pour this data into useful tools so that the data neatly presents the right KRIs at the right level at meetings throughout the organization. By doing so, he provides a handle on how to bring risk management to the board of directors.
In the penultimate chapter, the author discusses the outsourcing phenomenon and several risks at various stages. Thus unsurprising that he, for example, thinks of outsourcing IT as a bad thing; IT is a core business of the company because everything depends on it.
The author of the book Practical Enterprise Risk Management concludes that by describing the ownership of ERM. It is essential to know that everyone contributes and has a role to play.