Second Edition Robert J. Chapman PhD - Willkommen ... Horwath 2002 Corporate Governance Report 88 5.1.4 The ASX Corporate Governance Council 89 5.1.5 Financial Statements 90 5.2 Canada

Simple Tools and Techniques for_ Enterprise Risk Management _

Second Edition

Robert J. Chapman PhD

irm/ - • •

Leading the risk profession

Recommended by the Institute of Risk Management0

)WILEYA John Wiley &. Sons, Ltd., Publication

Contents

List of Figures xxvii

Preface to the Second Edition xxxi

Acknowledgements xxxv

About the Author xxxvii

PARTI ENTERPRISE RISK MANAGEMENT IN CONTEXT 1

1 Introduction 31.1 Risk Diversity 41.2 Approach to Risk Management 51.3 Business Growth Through Risk Taking 51.4 Risk and Opportunity 61.5 The Role of the Board ' 71.6 Primary Business Objective (or Goal) 81.7 What is Enterprise Risk Management? 91.8 Benefits of Enterprise Risk Management 101.9 Structure 12

1.9.1 Corporate Governance 121.9.2 Internal Control 131.9.3 Implementation ,141.9.4 Risk Management Framework 141.9.5 Risk Management Policy 151.9.6 Risk Management Process 151.9.7 Sources of Risk 16

1.10 Summary 161.11 References 16

2 Developments in Corporate Governance in the UK 192.1 Investor Unrest 192.2 The Problem of Agency 20

Contents

2.3 The Cadbury Committee 212.4 The Greenbury Report 232.5 The Hampel Committee and the Combined Code of 1998 232.6 Smith Guidance on Audit Committees 232.7 Higgs 242.8 Tyson 242.9 Combined Code on Corporate Governance 2003 25

2.10 Companies Act 2006 262.11 Combined Code on Corporate Governance 2008 262.12 Sir David Walker's Review of Corporate Governance, July 2009

(Consultation Paper) 272.13 Sir David Walker's Review of Corporate Governance, November 2009 (Final

Recommendation) 292.14 House of Commons Treasury Committee 2009 302.15 UK Corporate Governance Code, June 2010 322.16 The "Comply or Explain" Regime 342.17 Definition of Corporate Governance 342.18 Formation of Companies 352.19 The Financial Services Authority and Markets Act 2000 362.20 The London Stock Exchange 362.21 Summary 372.22 References ' ' 38

Developments in Corporate Governance in the US 413.1 Corporate Governance 413.2 The Securities and Exchange Commission 42

3.2.1 Creation of the SEC 423.2.2 Organisation of the SEC 43

3.3 The Laws That Govern the Securities Industry 443.3.1 Securities Act 1933 443.3.2 Securities Exchange Act 1934 443.3.3 Trust Indenture Act 19̂ 39 453.3.4 Investment Company Act 1940 453.3.5 Investment Advisers Act 1940 45

3.4 Catalysts for the Sarbanes-Oxley Act 2002 453.4.1 Enron 463.4.2 WorldCom ' 473.4.3 Tyco International 473.4.4 Provisions of the Act 503.4.5 Implementation 523.4.6 Sarbanes-Oxley Section 404 523.4.7 The Positive Effects of Post-Enron Reforms 523.4.8 Criticism of Section 404 Before the Global Financial Crisis 543.4.9 Criticism of Section 404 After the Global Financial Crisis 54

3.5 National Association of Corporate Directors 2008 553.6 Summary 563.7 References 57

Contents ix

The Global Financial Crisis of 2007-2009: A US Perspective 594.1 The Financial Crisis in Summary 594.2 How the Financial Crisis Unfolded 604.3 The United States Mortgage Finance Industry 614.4 Subprime Model of Mortgage Lending 61

4.4.1 Contributing Events to the Credit Crisis 614.4.2 Foreclosures 634.4.3 Negative Equity 654.4.4 Housing Surplus 674.4.5 Vicious Circles ' 68

4.5 Why this Crisis Warrants Close Scrutiny 684.6 Behaviours 70

4.6.1 Investor Behaviour in the Search for Yield 704.6.2 Mortgage Lending Behaviour 714.6.3 Bank Behaviour and Risk Transfer through

Securitised Credit 714.6.4 "Group Think" and Herd Behaviour 724.6.5 Banks' Behaviour and Risk Appetite 744.6.6 Behaviour of Regulators and the Division of "Narrow Banking"

from Investment Banking 754.6.7 Banks', Behaviour and Misplaced Reliance of Sophisticated

Mathematics and Statistics 754.7 Worldwide Deficiencies in Risk Management 764.8 Federal Reform 764.9 Systemic Risk 79

4.10 The Future of Risk Management 814.11 Summary /" 824.12 References 82

Developments in Corporate Governance in Australia and Canada 855.1 Australian Corporate Governance , 85

5.1.1 Regulation Arising from Corporate Failures 855.1.2 Corporate Governance Reforms Following the Accounting Scandals

of the Early 2000s 865.1.3 Horwath 2002 Corporate Governance Report 885.1.4 The ASX Corporate Governance Council 895.1.5 Financial Statements 90

5.2 Canada 905.2.1 Dey Report 905.2.2 Dey Revisited 915.2.3 Kirby Report 915.2.4 Saucier Committee 925.2.5 National Policy and Instrument (April 2005) 925.2.6 TSE Corporate Governance: Guide to Good

Disclosure 2006 935.3 Summary 945.4 References 94

Contents

6 Internal Control and Risk Management6.1 The Composition of Internal Control6.2 Risk as a Subset of Internal Control

6.2.1 The Application of Risk Management6.3 Allocation of Responsibility

6.3.1 Cadbury Committee6.3.2 Hampel Committee6.3.3 Turnbull6.3.4 Higgs Review6.3.5 Smith Review6.3.6 OECD \

6.4 The Context of Internal Control andRisk Management

6.5 Internal Control and Risk Management6.6 Embedding Internal Control and

Risk Management6.7 Summary6.8 References

7 Developments in Risk Management in the UK Public Sector7.1 Responsibility for Risk Management

in Government7.1.1 Cabinet Office7.1.2 Treasury7.1.3 Office of Government Commerce7.1.4 National Audit Office

7.2 Risk Management Publications7.3 Successful IT7.4 Supporting Innovation

7.4.1 Part 1: Why Risk Management is Important7.4.2 Part 2: Comprehension of Risk Management7.4.3 Part 3: What More Needs to be Done to Improve Risk Management

7.5 The Orange Book7.5.1 Identify the Risks and Define a Framework7.5.2 Assign Ownership7.5.3 Evaluate7.5.4 Assess Risk Appetite7.5.5 Response to Risk7.5.6 Gain Assurance7.5.7 Embed and Review

7.6 Audit Commission7.7 CIPFA/SOLACE Corporate Governance7.8 M_o_R20027.9 DEFRA

7.9.1 Risk Management Strategy7.10 Strategy Unit Report7.11 Risk and Value Management

97979898

102102102103104104105

106107

107107108

109

109110111111112112113115115115115116116116117117117118118118120121123123124125

Contents xi

7.12 The Green Book 1267.12.1 Optimism Bias 1267.12.2 Annex 4 127

7.13 CIPFA Guidance on Internal Control 1277.14 Managing Risks to Improve Public Services 1297.15 The Orange Book (Revised) 1317.16 M_o_R2007 1327.17 Managing Risks in Government 1327.18 Summary 1347.19 References 136

PART II THE RISK MANAGEMENT PROCESS 137References 139

141141142143143145145146146147148148149149150151151153155155155156156156

Risk Identification: Stage 2 1599.1 Process 1599.2 Process Goal and Subgoals 1599.3 Process Definition 1609.4 Process Inputs 1619.5 Process Outputs 1629.6 Process Controls (Constraints) 1629.7 Process Mechanisms (Enablers) 163

Establishing the Context: Stage 18.18.28.38.48.58.68.7

8.8

8.98.10

ProcessProcessProcessProcessProcessProcessProcess8.7.18.7.28.7.38.7.4

Goal and SubgoalsDefinitionInputsOutputsControls (Constraints)Mechanisms (Enablers)RatiosRisk Management Process DiagnosticSWOT AnalysisPEST Analysis

Process Activities /•//

8.8.18.8.28.8.38:8.48.8.58.8.68.8.78.8.88.8.9

Business ObjectivesBusiness PlanExamining the IndustryEstablishing the ProcessesProjected Financial StateirfejntsResourcesChange ManagementMarketing PlanCompliance Systems

SummaryReferences

Contents

9.7.1 Risk Checklist 1639.7.2 Risk Prompt List 1639.7.3 Gap Analysis 1639.7.4 Risk Taxonomy 1649.7.5 PEST Prompt 1659.7.6 SWOT Prompt 1689.7.7 Database 1689.7.8 Business Risk Breakdown Structure 1699.7.9 Risk Questionnaire 1699.7.10 Risk Register Content/Structure 170

9.8 Process Activities 1719.8.1 Clarifying the Business Objectives 1719.8.2 Reviewing the Business Analysis 1719.8.3 Need for Risk and Opportunity Identification 1719.8.4 Risk and Opportunity Identification 1729.8.5 Facilitation 1729.8.6 Gaining a Consensus on the Risks, the Opportunities and

their Interdependencies 1829.8.7 Risk Register 182


10 Risk Analysis: Stage 3 18510.1 Process " 18510.2 Process Goal and Subgoals 18610.3 Process Definition 18610.4 Process Inputs 18610.5 Process Outputs 18810.6 Process Controls (Constraints) 18810.7 Process Mechanisms (Enablers) 188

10.7.1 Probability 18810.8 Process Activities ;"" 189

10.8.1 Causal Analysis 19010.8.2 Decision Analysis and Influence Diagrams 19010.8.3 Pareto Analysis 19310.8.4 CAPM Analysis 19410.8.5 Define Risk Evaluation Categories and Values 195


11 Risk Evaluation: Stage 4 19711.1 Process 19711.2 Process Goal and Subgoals 19711.3 Process Definition 19811.4 Process Inputs 19811.5 Process Outputs 19811.6 Process Controls (Constraints) 199

Contents xiii

11.7 Process Mechanisms (Enablers) 20011.7.1 Probability Trees 20011.7.2 Expected Monetary Value 20111.7.3 Utility Theory and Functions 20311.7.4 Decision Trees 20411.7.5 Markov Chain 20811.7.6 Investment Appraisal 210

11.8 Process Activities 21511.8.1 Basic Concepts of Probability 21511.8.2 Sensitivity Analysis 21611.8.3 Scenario Analysis 21711.8.4 Simulation 21711.8.5 Monte Carlo Simulation 21811.8.6 Latin Hypercube 22011.8.7 Probability Distributions Defined from

Expert Opinion 22011.9 Summary 221

11.10 References 222

12 Risk Treatment: Stage 5 22312.1 Process. 22312.2 Process Goal and Subgoals 22312.3 Process Definition 22412.4 Process Inputs 22412.5 Process Outputs 22412.6 Process Controls (Constraints) 22512.7 Process Mechanism's 22512.8 Process Activities • 22612.9 Risk Appetite 226

12.10 Risk Response Strategies 22812.10.1 Risk Reduction 22812.10.2 Risk Removal §?? 22812.10.3 Risk Reassignment or Transfer 22912.10.4 Risk Retention 230


13 Monitoring and Review: Stage 6 23313.1 Process 23313.2 Process Goal and Subgoals 23413.3 Process Definition 23413.4 Process Inputs 23513.5 Process Outputs 23513.6 Process Controls (Constraints) 23513.7 Process Mechanisms 23613.8 Process Activities 236

13.8.1 Executing 236

xiv Contents

13.8.2 Monitoring 23613.8.3 Controlling 237

13.9 Summary 23913.10 Reference , 240

14 Communication and Consultation: Stage 7 24114.1 Process 24114.2 Process Goal and Subgoals 24214.3 Process Definition 24214.4 Process Inputs 24314.5 Process Outputs 24314.6 Process Controls (Constraints) 24414.7 Process Mechanisms > 24414.8 Process Activities 24414.9 Internal Communication 245

14.10 External Communication 24514.11 Summary 24514.12 Reference 246

PART III INTERNAL INFLUENCES - MICRO FACTORS 247

15 Financial Risk Management 24915.1 Definition of Financial Risk 24915.2 Scope of Financial Risk 25015.3 Benefits of Financial Risk Management 25015.4 Implementation of Financial Risk Management 25115.5 Liquidity Risk 251

15.5.1 Current and Quick Ratios 25115.5.2 Mitigation of Liquidity Risk 253

15.6 Credit Risk 25315.6.1 Default Risk 25315.6.2 Exposure Risk [r 25415.6.3 Recovery Risk 25415.6.4 Credit Insurance 25515.6.5 Counterparty Risk 25615.6.6 Due Diligence 256

15.7 Borrowing 25915.8 Currency Risk 25915.9 Funding Risk 260

15.10 Foreign Investment Risk 26215.10.1 Country Risk 26215.10.2 Environment Risk 263

15.11 Derivatives 26315.11.1 Exchange Traded Derivatives 26315.11.2 Over-the-Counter Derivatives 264


Contents

16 Operational Risk Management 26716.1 Definition of Operational Risk 268

269270270270270271272272273273274274275275276276277277280287287292292293293294294295295297301302303303

, 304305307307307308

17 Technological Risk Management 30917.1 Definition of Technology Risk 31017.2 Scope of Technology Risk 31017.3 Benefits of Technology Risk Management 311

16.216.316.416.5

16.6

16.7

16.8

16.916.1016.1116.1216.13

Scope of Operational RiskBenefits of Operational RiskImplementation of Operational RiskStrategy16.5.116.5.216.5.316.5.416.5.516.5.616.5.716.5.8People16.6.116.6.216.6.316.6.416.6.516.6.616.6.716.6.816.6.9

Definition of Strategy RiskObjectivesBusiness PlanNew Business DevelopmentResourcesStakeholder InterestsCorporate ExperienceReputation

Definition of People RiskTypes of People RiskHuman Resource Management PracticesAbility to Pay SalariesRegulatory and Statutory Requirements

, Staff ConstraintsStaff DishonestyRisk ManagementHealth and Safety

Processes and Systems16.7.116.7.216.7.316.7.416.7.516.7.616.7.716.7.816.7.9Externa16.8.116.8.2

Definition of Processes and Systems RiskControls^'Regulatory and Statutory RequirementsContinuityIndicators of LossTransactionsComputer/IT Systems?Knowledge ManagementProject Management

1 EventsChange ManagementBusiness Continuity

OutsourcingMeasurementMitigationSummaryReferences

Contents

17.4 Implementation of TechnologyRisk Management 311

17.5 Primary Technology Types 31217.5.1 Information Technology 31217.5.2 Communications Technology 31517.5.3 Control Technology 319

17.6 Responding to Technology Risk 32417.6.1 IT Governance 32417.6.2 Investment 32617.6.3 Projects 329


18 Project Risk Management 33318.1 Definition of Project Risk 33418.2 Definition of Project Risk Management 33418.3 Sources of Project Risk 33518.4 Benefits of Project Risk Management 33518.5 Embedding Project Risk Management 336

18.5.1 Common Challenges in Implementing ProjectRisk Management 336

18.5.2 Lack of Clearly Defined and Disseminated RiskManagement Objectives 337

18.5.3 Lack of Senior Executive and Project DirectorCommitment and Support 337

18.5.4 Lack of a Risk Maturity Model 33718.5.5 Lack of a Change Process to Implement the Discipline 33818.5.6 No Common Risk Language (Terms and Definitions) 33818.5.7 Lack of Articulation of the Project Sponsor's

Risk Appetite 33818.5.8 No Definition of Roles and Responsibilities 33918.5.9 Lack of Risk Management Awareness Training to Build

Core Competencies 33918.5.10 Lack of Integration of Risk Management with Other

Project Disciplines 34018.5.11 Reticence of Project Personnel to Spend Time on

Risk Management 34018.5.12 Risk Owners not Automatically Taking Responsibility for

Assigned Risks 34118.5.13 No Clear Demonstration of How Risk Management Adds Value

and Contributes to Project Performance 34118.5.14 Overcomplicated Implementation from an Unclear Risk Policy,

Strategy, Framework, Plan and Procedure 34118.5.15 Lack of Alignment between the Business Strategy, Business

Model and the Risk Management Objectives 34118.5.16 Lack of the Integration of Risk Management Activities into the

Day-to-Day Activities of Project Managers 342

Contents

18.6 Project Risk Management Process18.6.1 Establish the Context18.6.2 Risk Identification18.6.3 Risk Analysis18.6.4 Risk Evaluation18.6.5 Risk Treatment18.6.6 Risk Monitoring and Review18.6.7 Communication and Consultation

18.7 Responsibility for Project Risk Management18.8 Project Director's Role18.9 Project Team

18.9.1 Lack of Team Structure18.9.2 Lack of Definition of Roles18.9.3 Lack of Responsibility Assignment Matrix18.9.4 Poor Leadership18.9.5 Poor Team Communication

18.10 Optimism Bias18.10.1 The Investment Decision18.10.2 Optimism Bias18.10.3 Monitoring18.10.4 Using Numerical Indicators in Project Decision Making18.10.5 Causes of Optimism Bias18.10.6 The Distinction between Risk Events and Optimism Bias

18.11 Software Tools Used to Support ProjectRisk Management

18.12 Techniques Used to Support ProjectRisk Management • / /

18.13 Summary18.14 References

XVII

342342344344345345345346346347347347348348348348349349350350350351351

351

352352354

19 Business Ethics Management 35519.1 Definition of Business Ethics Risk'1 35519.2 Scope of Business Ethics Risk 35619.3 Benefits of Ethics Risk Management 35719.4 How Unethical Behaviour can Arise 35719.5 Recognition of the Need for Business Ethics 358

19.5.1 US Department of Commerce 35819.5.2 The G8 Summit in Italy Pushes for a Return to "Ethics" 35919.5.3 OECD and Its Approach to Business Ethics 35919.5.4 UK Financial Services Authority 36019.5.5 US Department of Justice 360

19.6 Factors that Affect Business Ethics 36119.7 Risk Events 36119.8 Implementation of Ethical Risk Management 365

19.8.1 Areas of Focus 36519.8.2 Levels of Application 36619.8.3 The System 368

Contents


20 Health and Safety Management 37520.1 Definition of Health and Safety Risk 37520.2 Scope of Health and Safety Risk 37620.3 Benefits of Health and Safety Risk Management 376

20.3.1 Business Benefits 37720.3.2 The Enterprise Context: AstraZeneca 378

20.4 The UK Health and Safety Executive 37820.4.1 The UK Perspective: Health and Safety Record 379

20.5 The European Agency for Safety andHealth at Work 37920.5.1 Main Challenges Concerning Health and Safety at Work 380

20.6 Implementation of Health and SafetyRisk Management 38020.6.1 Management Arrangements 38120.6.2 Risk Controls 38120.6.3 Workplace Precautions 38120.6.4 System Implementation 382

20.7 Workplace Precautions 38220.8 Contribution of Human Error to

Major Disasters 38220.8.1 Tenerife, 27 March 1977 38220.8.2 Chernobyl, 26 April 1986 38420.8.3 Kegworth, 8 January 1989 38520.8.4 Heral'd of Free Enterprise, 6 March 1987 38620.8.5 Piper Alpha, 6 My 1988 38720.8.6 Ladbroke Grove, 5 October 1999 387

20.9 Improving Human Reliability in the Workplace 38820.10 Risk Management Best Practice 389

20.10.1 Crisis ManagemeirfPlan 38920.11 Summary 39020.12 References 390

PART IV EXTERNAL INFLUENCES - MACRO FACTORS 391

21 Economic Risk 39321.1 Definition of Economic Risk 39321.2 Scope of Economic Risk 39321.3 Benefits of Economic Risk Management 39421.4 Implementation of Economic Risk Management 39421.5 Microeconomics and Macroeconomics 39421.6 Macroeconomics 395

21.6.1 Gross Domestic Product 39521.7 Government Policy 397

21.7.1 Fiscal Policy 397

Contents

21.7.2 Monetary Policy 39721.7.3 Competing Theories 398

21.8 Aggregate Demand 39821.8.1 Using Aggregate Demand Curves 39921.8.2 Determinants of Consumer Spending 39921.8.3 Determinants of Investment Expenditure 40021.8.4 Determinants of Government Spending 40021.8.5 Determinants of Net Expenditure on Exports and Imports 401

21.9 Aggregate Supply 40121.10 Employment Levels 40321.11 Inflation 40321.12 Interest Rate Risk 40421.13 House Prices 40521.14 International Trade and Protection 405

21.14.1 Trade 40521.14.2 Methods of Protectionism 40621.14.3 Trade Policy 40621.14.4 Balance of Trade 406

21.15 Currency Risk 40721.15.1 Risk Mitigation by Hedging 407


22 Environmental Risk 41322.1 Definition of Environmental Risk 41322.2 Scope of Environmental Risk 41522.3 Benefits of Environmental Risk Management 41522.4 Implementation of Environmental

Risk Management / 41522.5 Energy Sources 416

22.5.1 Renewable Energy ^ 417419420420422, 422422422423423424425425426427428428

22.622.722.822.9

Use of Resources *;

PollutionGlobal WarmingResponse22.9.122.9.222.9.322.9.422.9.522.9.622.9.722.9.822.9.922.9.1022.9.1122.9.12

: to Global WanningEarth SummitThe Kyoto ProtocolPollution Control TargetsSufficiency of Emission CutsUS Climate PactThe Copenhagen AccordEuropean UnionCanciin AgreementsDomestic Government Response to Climate ChangeLevyEmissions TradingImpact on Business

Contents

22.10 Stimulation to Environmental Considerations22.10.1 FTSE4Good Index22.10.2 Carbon Trust22.10.3 Public Pressure

22.11 Environmental Sustainability22.12 Summary22.13 References

23 Legal Risk23.1 Definition of Legal Risk23.2 Scope of Legal Risk23.3 Benefits of Legal Risk Management23.4 Implementation of Legal Risk Management23.5 Business Law23.6 Companies

23.6.1 The Company Name23.6.2 The Memorandum of Association23.6.3 Articles of Association23.6.4 Financing the Company23.6.5 The Issue of Shares and Debentures23".6.6 The Official Listing of Securities23.6.7 The Remedy of Rescission23.6.8 Protection of Minority Interests23.6.9 Duties of Directors

23.7 Intellectual Property23.7.1 Patents23.7.2 Copyright23.7.3 Designs

23.8 Employment Law23.9 Contracts

23.9.1 Essentials of a Valid Contract23.9.2 Types of Contract

23.10 Criminal Liability in Business23.10.1 Misdescriptions of Goods and Services23.10.2 Misleading Price Indications23.10.3 Product Safety

23.11 Computer Misuse23.11.1 Unauthorised Access to Computer Material23.11.2 Unauthorised Access with Intent to Commit or Facilitate

Further Offences23.11.3 Unauthorised Modification of Computer Material

23.12 Summary

429429429430431432433

435435435436436437438438438439439440440440440441441441445446447447447447448448449450451451

451451452

24 Political Risk24.1 Definition of Political Risk24.2 Scope of Political Risk

24.2.1 Macropolitical Risks24.2.2 Micropolitical Risks

Contents

24.3 Benefits of Political Risk Management24.4 Implementation of Political Risk Management24.5 Zonis and Wilkin Political Risk Framework24.6 Contracts24.7 Transition Economies of Europe24.8 UK Government Fiscal Policy24.9 Pressure Groups

24.10 Terrorism and Blackmail24.11 Responding to Political Risk

24.11.1 Assessing Political Risk Factors24.11.2 Prioritising Political Risk Factors24.11.3 Improving Relative Bargaining Power

24.12 Summary24.13 References

25 Market Risk25.1 Definition of Market Risk25.2 Scope of Market Risk

25.2.1 Levels of Uncertainty in the Marketing Environment25.3 Benefits of Market Risk Management25.4 Implementation of Market Risk Management25.5 Market Structure

25.5.1 The Number of Firms in an Industry25.5.2 Barriers to Entry25.5.3 Product Homogeneity, Product Diversity and Branding25.5.4 Knowledge,}25.5.5 Interrelationships within Markets

25.6 Product Life Cycle Stage25.6.1 Sales Growth

25.7 Alternative Strategic Directions25.7.1 Market Penetration25.7.2 Product Development*^25.7.3 Market Development25.7.4 Diversification

25.8 Acquisition25.9 Competition

25.9.1 Price Stability25.9.2 Non-Price Competition25.9.3 Branding25.9.4 Market Strategies

25.10 Price Elasticity/Sensitivity25.10.1 Elasticity25.10.2 Price Elasticity

25.11 Distribution Strength25.12 Market Risk Measurement: Value at Risk

25.12.1 Definition of Value at Risk25.12.2 Value at Risk25.12.3 VaR Model Assumptions

XXI

455455457459459460461461462463464464464465

467467468469470470470471471473473474475476476477477479481482483483484485486489489489490490490490491

Contents

25.12.4 Use of VaR to Limit Risk 49325.12.5 Calculating Value at Risk 494

25.13 Risk Response Planning 49625.14 Summary 49625.15 References 497

26 Social Risk 49926.1 Definition of Social Risk 49926.2 Scope of Social Risk 50026.3 Benefits of Social Risk Management 50026.4 Implementation of Social Risk Management 50126.5 Education 50126.6 Population Movements: Demographic Changes 502

26.6.1 The Changing Market 50326.7 Socio-Cultural Patterns and Trends 50426.8 Crime 504

26.8.1 Key Facts 50426.9 Lifestyles and Social Attitudes 505

26.9.1 More Home Improvements 50526.9.2 Motherhood, Marriage and Family Formation 50526.9.3 Health 50626.9.4 Less Healthy Diets 50726.9.5 Smoking and Drinking 50826.9.6 Long Working Hours 50926.9.7 Stress Levels 50926.9.8 Recreation and Tourism 510

26.10 Summary '' 51026.11 References 511

PARTV THE APPOINTMENT 513I- ,

27 Introduction 51527.1 Change Process From the Client Perspective 515

27.1.1 Planning 51527.1.2 Timely Information 51627.1.3 Risk Management Resources 516

27.2 Selection of Consultants 51727.2.1 Objectives 51727.2.2 The Brief 51727.2.3 Describing Activity Interfaces 51727.2.4 Appointment Process Management 51827.2.5 The Long-Listing Process 51827.2.6 Short-List Selection Criteria 51927.2.7 Request for a Short-Listing Interview 51927.2.8 Compilation of Short List 51927.2.9 Prepare an Exclusion Notification 520

Contents xxiii

27.2.10 Prepare Tender Documents 52027.2.11 Agreement to be Issued with the Tender Invitation 52127.2.12 Tender Process 52127.2.13 Award 52127.2.14 Notification to Unsuccessful Tenderers 522

27.3 Summary 52227.4 Reference 522

28 Interview with the Client 52328.1 First Impressions/Contact 52328.2 Client Focus 52428.3 Unique Selling Point 52428.4 Past Experiences 52628.5 Client Interview 527

28.5.1 Scene/Overview 52728.5.2 Situation/Context 52728.5.3 Scheme/Plan of Action 52728.5.4 Solution Implementation 52828.5.5 Success, Measurement of 52828.5.6 Secure/Continue 52828.5.7 Stop/Close 528

28.6 Assignment Methodology 52828.7 Change Management 52928.8 Sustainable Change 52928.9 Summary 530

28.10 References -}) 531

29 Proposal 53329.1 Introduction , 53329.2 Proposal Preparation 533

29.2.1 Planning Mn 53329.2.2 Preliminary Review **' 534

29.3 Proposal Writing 53429.3.1 Task Management 53429.3.2 Copying Text 53429.3.3 Master Copy 53429.3.4 Peer Review 534

29.4 Approach 53529.5 Proposal 535

29.5.1 Identify the Parties - the Who 53529.5.2 Identify the Location - the Where 53729.5.3 Understand the Project Background - the What 53729.5.4 Define the Scope - the Which 53729.5.5 Clarify the Objectives - the Why 53729.5.6 Determine the Approach - the How 53829.5.7 Determine the Timing - the When 538

29.6 Client Responsibilities 538

xxiv Contents

29.7 Remuneration 53929.8 Summary 53929.9 References 539

30 Implementation 54130.1 Written Statement of Project Implementation 54130.2 Management 541

30.2.1 Objectives 54130.2.2 Planning the Project 54230.2.3 Consultant Team Composition 54330.2.4 Interface with Stakeholders 54330.2.5 Data Gathering 54330.2.6 Budget 54430.2.7 Assessment of Risk 54430.2.8 Deliverables 54430.2.9 Presentation of the Findings 54530.2.10 Key Factors for Successful Implementation 545

30.3 Customer Delight 54830.4 Summary 54830.5 References 548

Appendix 1: Successful IT: Modernising Government in Action 549

Appendix 2: Sources of Risk 553

Appendix 3: DEFRA Risk Management Strategy 557

Appendix 4: Risk: Improving Government's Capability to Handle

Risk and Uncertainty 561

Appendix 5: Financial Ratios /,->- 567

Appendix 6: Risk Maturity Models 573

Appendix 7: SWOT Analysis 579

Appendix 8: PEST Analysis 583

Appendix 9: VRIO Analysis 587

Appendix 10: Value Chain Analysis 589

Appendix 11: Resource Audit 591

Appendix 12: Change Management 595

Contents xxv

Appendix 13: Industry Breakpoints 599

Appendix 14: Probability 601

Appendix 15: Value at Risk 611

Appendix 16: Optimism Bias 613

Index 621