Enterprise Risk Management: From Incentives to Controls (Wiley Finance)

When the first edition of “Enterprise Risk Management; from Incentives to Controls” appeared in 2003, it seemed as if the business world – at least in the U.S. - was in disarray. The bankruptcy of Enron in 2001, the collapse of WorldCom in 2002, the shutdown of Arthur Anderson – the auditor of both companies - and the arrests of the senior management of Tyco were resonating in the marketplace. Risk management, previously something that might have been considered an accounting specialty, now demanded the attention of senior managers and their corporate boards. It had gotten to the point that even if board members and management might have been inclined to continue to hand off their risk-oversight responsibilities, the Sarbanes Oxley Act of 2002 wasn’t going to let them; and their outside auditors, the ones surviving after the vaporization of Arthur Andersen, were insisting that management take accountability so that no more scandals would crop up on their watches. Management was facing a risk-management learning curve and they needed guidance if they were to begin to make informed risk decisions across their organizations. It was into this environment that James Lam published his book, “Enterprise Risk Management; from Incentives to Controls” and it was a business best seller. It introduced the background and concepts that were wanting for most managers and the boards they answered to. In his book, Lam gave risk a business context, advanced a risk-management framework applied to business and then drilled down into the three principal forms of business risk: credit risk, market risk, and operational risk - all the while supporting his approach with references to real-life examples and case studies. Among the many valuable insights the author delivered in that first edition was the concept of the risk portfolio in which risks are treated like investments or assets. He showed how a portfolio of risks can recast the perspective and thus the approaches available to management. Grouped into a portfolio, some risks will likely offset each other and minimize aggregate risk, while others will correlate and amplify aggregate risk, and still others will offer opportunities for increased return on investment. The message was simple. Risks can be managed. And further, not all risks are bad because, in business, without risk there is no reward. In the second edition of his book, James Lam has built on the first edition starting with an expanded index, a bibliography, and an entirely new section, “ERM Implementation”. In the new section he addresses the practical implications of establishing an ERM program, from implementation to management to decision making to reporting, and includes a Risk Assessment Self-Evaluation List to help direct the effort. The new section rounds out the ERM story. Now all the most compelling questions, what should we do and how should we do it, are addressed in a single volume. But there are numerous other updates in this second edition to consider as well. They include the expansion of chapters, notably those on Line Management, Stakeholder Management, and Operational Risk Management, and the addition of new case studies including Ford and Airbus and Boeing. Furthermore, I can’t think of anywhere else you will find a better explanation of risk appetite, a term frequently employed by ERM practitioners but rarely if ever adequately explained. And that is not to overlook the inclusion of one of the best explanatory definitions of risk and enterprise risk management that you will find (see page 53). To my mind, “Enterprise Risk Management; from Incentives to Controls” remains the single best source of information for managers on every level and for board members contemplating risk management on an enterprise-wide scale. Up until the 21st century, risk might have been left to the finance department or managed heuristically, but the collapse in 2001 and 2002 of high-profile businesses that stood at the time for a new age of innovation led to demands for new accountability. The first edition of James Lam’s book arrived with impeccable timing and helped to lay the groundwork for risk management as a business practice, and the second edition has improved on the first. It is not a theoretical book. With its timely updates and additions and a new section on implementation, this book has made risk and risk management something that can be assimilated and practiced in any business in any industry worldwide.

This is a must read for anyone who is either in the risk management profession or intends to learn the state of the art of enterprise risk management. Personally, I own both the 1st Edition (released in 2003) and this updated 2nd Edition. As a risk management executive in the finance industry with 10+ years of experience, I truly appreciate the accessibleness, depth, and comprehensiveness of this book. James Lam is the renowned first ever Chief Risk Officer and a visionary leader in the industry. After reading the book several times, I really appreciate the insightfulness and the wisdom distilled from life-long experiences of one of the best practitioners in the field. I started my career on “science” side of enterprise risk management, such as pricing financial derivatives, modeling consumer behavior, etc. As I rose from silo-based quantitative risk management to general enterprise-wide risk management, this book (1st Edition) offered a priceless introduction to the area of risk integration and aggregation, the impact of corporate risk management culture, etc. Over the last few years, I’ve become more appreciative of the “art” side of risk management discussed in the book. Even extremely experienced executives in the risk management field can still receive great benefit and insights by reading it. In summary, this is a must read for anyone who is interested in enterprise risk management, from MBA students to quantitative analysts to experienced corporate executives.

The book waved real life examples into the core concept of risk management and demonstrated why integrated enterprise risk management is key and how it can work. It is very insightful for anyone who wants to understand what is enterprise risk management, and equally very valuable for veteran risk professional who wants to advance thinking and compare practices. The implementation guide added to this edition provides a practical step by step advise on how to set up and roll out ERM programs, a great reference point. In today’s ever changing environment, risks are multi faceted, fast changing and interconnected. As the author outlined in this book, integrate risk management in the business process of the company will enable businesses to not only reducing downside potential but also increasing upside opportunities. Great read to further extend your risk management think and promote risk practices as strategic business enablers as well as safe guard.

This book gave me more insight as a risk professional by breaking down the process and allowing quick action to be taken. Use it to educate or implement 😁

Enterprise Risk Management or ERM is simple in concept but complex in mastery. James Lam's book provides an excellent explanation on the principles as well as how ERM can be used in any organization. I used this book extensively in my role as the Chief Risk Officer of a large insurance company and often recommended this book to my colleagues. I also have the companion book, "Implementing Enterprise Risk Management." In this age of volatility and uncertainty, ERM practice is a must for corporations.

This is required reading for anyone that is in enterprise risk management, including CIO's and CISO's. There is a coming convergence between ERM, Governance, CyberSecurity and Digital Transformations which is occurring throughout enterprises today. Innovation is disrupting many verticals. Business are responding by trying to keep up with the ongoing digital transformations. Lots of insecure code is being written for this digital transformation. Thus you continue to see the increasing big brand data breaches increasing in frequency. Highly recommended book that touches all areas of enterprise risk management.

The book is written in an excellent style not too jargony but explains things sufficiently to ensure you appreciate and understand the facts and concepts of the Risk Management Framework. As a Business Architect working in Risk for Banks I find the book an excellent source of reference to ensure my own logic is sound and to complete any gaps I may have mistakenly omitted in the designs.

Highly recommended for people entering the profession of ERM. This book will provide comprehensive coverage on the subject and improves the thought process.

If the discipline of Enterprise Risk Management is an area of interest for you. James Lam’s book ‘Enterprise Risk Management 2nd Edition’ is a must read! It clearly set the stage by positioning, conveying and educating me on the critical importance Enterprise Risk Management plays within all business organizations and industries. Further driving this important point home, James continued to illustrate this with in-depth case studies representing lessons learned throughout the length of the book which simply helped me connect-the-dots. I found James’ book to be a sound road map of best practice embedded with complimentary step by step guidance on how to successfully integrate Enterprise Risk Management into the core business processes of any organization. I highly recommend this book and look forward to reading his next. - Lita Cuen

A must read for those associated with ERM as profession. Clear lucid language and assists in clearing your way through an unknown terrain.

One of the standards of the field of ERM, but I expected it to have more fresh material from the first edition. A lot has changed in the field of ERM since the first edition came out and Lam instead simply did a few more or less cosmetic changes. A bit disappointing. However, if you do not have the first edition, and are interested in getting started on ERM, then this is one of the books you need to get.

An excellent book combining both depth and breadth, in a very readable style. My only complaint is with the publisher - as with a number of Wiley books, it is printed on rather poor quality paper and the diagrams that are in colour in the Kindle version are monochrome. Given the cost of this book, and the high quality colour printing from other publishers' books costing far less, I expected more.

Excellent condition. Odd cover material.