The most practical and sensible way to implement ERM-while
avoiding all of the classic mistakes
Emphasizing an enterprise risk management approach that utilizes
actual business data to estimate the probability and impact of key
risks in an organization, Practical Enterprise Risk Management: A
Business Process Approach boils this topic down to make it
accessible to both line managers and high level executives alike.
The key lessons involve basing risk estimates and prevention
techniques on known quantities rather than subjective estimates,
which many popular ERM methodologies consist of.
Shows readers how to look at real results and actual business
processes to get to the root cause of key risks
Explains how to manage risks based on an understanding of the
problem rather than best guess estimates
Emphasizes a focus on potential outcomes from existing processes,
as well as a look at actual outcomes over time
Throughout, practical examples are included from various
healthcare, manufacturing, and retail industries that
demonstrate
關於作者:
Gregory H. Duckert, CPA, CISA, CIA, CRISC, is?the CEO and
Founder of Virtual Governance Institute, an organization
specializing in consultation for major corporations regarding
progressive auditconsulting methodologies, data centric enterprise
risk assessment models, including financial, operational,
regulatory and IT, and continuous auditconsulting platforms. He
has developed extensive risk assessment metric inventories for
evaluating risks in all organizational areas including operations,
IT application systems, IT operations, regulatory and financial
areas,?and is currently in the process of creating a Data Centric
Risk Assessment and Management Model for a major corporation. He is
also a Senior Consultant for MIS Training Institute and a lead
instructor in their audit practice area on an independent
contractor basis. He is conducting seminars or speaking at MIS
events approximately 130 days a year.
目錄:
Preface.
Acknowledgments.
Chapter 1: Corporate Governance: A Gut Check.
The Great SOX Fallacy.
The Visionary Challenged Leading the More Visionary
Challenged.
Going Back to the Future? How Not to Run IT.
Systemic Failure: Critical Shortcomings of Application Systems
Implementation.
What Is GRC Anyway?
Are You Cubin''?
Chapter 2: What ERM Is and What It Is Not.
Don’t Be Mislead: What ERM Is Not.
Key Qualities of an Effective ERM.
Primary Components of Risk Assessment.
Need for a BRAIN Business Risk Assessment Information
Network.
Process of Creating a BRAIN.
Chapter 3: Understanding What the Business Is.
Defining the Business.
A Banking Example.
Answering the Key Question: What Is the Business?
Determining the Core Business Processes.
Setting the Structure: Creating a Physical Map.
A Medical Example: A Healthcare System.
Impact Analysis.
Chapter 4: Defining What True Business Risk Is.
It’s About the Outcome Stupid!
Risk Never Lives Alone.
Defining Baseline Categories of Business Risk.
Evaluating All of the Possibilities: The Risk Universe.
Using the Business Structure to Drive the Risks.
Distributed Risk Assessment and Management DRAM.
Chapter 5: Objectively Defining Risk.
Defining Risk in the Context of the Business
Using the Business Defined Data Structure.
Why Use Data to Define Risk: The Three Attributes.
Data Centric ERM DCERM.
Multi-Dimensional Risk Assessment.
Chapter 6: Building a FluidDynamic Risk Model.
The Model and Why It Is Necessary.
Moving from Reactive to Proactive Risk Management.
OR Data and Why It Is Critical.
KRIs Not KPIs.
Options on How to Drive the Model.
Dashboard Indicators.
Key Early Warning Indicators.
Determining the Key Risk Indicators.
Universal Risk Indicators.
Financial, Operational, Regulatory, and Technological KRIs.
Chapter 7: Top-Down Risk Assessment: Evolving the Fluid ERM
Environment-A Step By Step Approach.
Building ERM One Step at a Time.
Mapping the Physical Structure of the Enterprise.
Defining the Business Risks of the Enterprise: Utilizing Key
Outcomes.
Developing KRIs for Assessing Risk for the Entire Enterprise.
Detailed Inventories of KRIs: When Greater
AutomationSophistication Is Achieved.
Building a Baseline Risk Register.
Embedding Risk Registers and Key Information in the Physical
Mapping.
The Modular Approach.
Determining a Focused Outcome Group FOG.
Net Risk versus Residual Risk.
Business Risk Analysis Techniques BRATs.
Utilizing Logical Data Pathways to Focus on Root Cause and Resolve
It.
Chapter 8 The Future Evolution of the Model.
ERM for the Twenty-First Century.
Systems Strategies.
Design Criteria and Specifications.
Designing Risk Centric Systems for EfficiencyGovernance: Step by
Step.
Dynamically Integrated Risk Evaluation DIRE.
Triggers and MOMS.
Real Time Profiling.
Setting Standards for Future Evolution.
Chapter 9 Related Topics and Special Risk Situations.
Managing RiskAuditing Real Time.
Monitoring Controls with Metrics.
Utilizing ERM to Reduce Audit Fees and Lower the Costs of
Operation.
Mergers and Acquisitions: Let’s Buy Some More Risk.
Outsourcing: What You Don’t Know Could Kill Your
Organization.
Debunking the Outsourcing Myths: The Ventoro Study.
Chapter 10 Maximizing Impact – Minimizing Exposure.
Who Owns the Risk Management Process?
Involving the Stakeholders: Creating a Critical Business
Tool.
Extending the Impact: Making It a Company Essential.
Strategically Linking Key Risks and Key Controls: Creating a
HOME.
Building the DREAM HOME: Automating Even Your SOX.
About the Author.
Index.
購物車/收銀台(0) | 在線留言板
| 付款方式
| 聯絡我們
| 運費計算
| 幫助中心 |
加入書簽
HOME
新書上架
