Practical Enterprise Risk Management

Author: Gregory H. Duckert

The book builds logically from corporate governance, and indicates a number of shortcomings herein, mainly system implementation. Then the actual story of risk and ERM begins. In this the author curses against everything that is for a subjective assessment of chance and impact and the related conclusions. He swears by cold facts and data. In this way he comes to the idea that risk assessment is about management. Risk management is an unmissable tool in this. After an overview of types of risks, he shows us how we should perceive risks objectively. He speaks about a data-centered model where it is possible to keep track based on all data in the company, and to do bench-marks on your own company. By introducing the concept of KRI (key risk indicators) instead of KPI (key performance indicators) linked to outcome of the processes instead of the output and with a number of analysis techniques such as trends, ratios, thresholds etc it is possible to build historical data and to find triggers of things that go wrong, with root-cause analysis. Then measures can be defined and implemented.

In addition, it is possible to pour this data into useful tools, so that the data neatly presents at meetings throughout the organization, the right KRIs at the right level. In doing so, he provides a handle on how to bring risk management to the board of directors, or to the board of directors.

As a penultimate chapter, the author discusses the phenomenon of outsourcing and a select number of risks at the various stages. It is therefore not surprising that he, for example, thinks of the outsourcing of IT as a bad thing; IT is according to him a core business of the company because everything depends on it.

The author concludes the book with the ownership of ERM. It is essential to know that everyone contributes. Everyone has a role to play in one way or another.

Manu Steens

Manu works at the Flemish Government in risk management and Business Continuity Management. On this website, he shares his own opinions regarding these and related fields. Since 2012, he has been working at the Crisis Centre of the Flemish Government (CCVO), where he has progressed in BCM, risk management, and crisis management. Since August 2021, he has been a knowledge worker for the CCVO. As of January 2024, he works at the Department of Chancellery and Foreign Affairs of the Flemish Government. Here, he combines BCM, risk management, and crisis management to create a tailored form of resilience management to meet the needs of the Flemish Government.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts