Enterprise Risk Management 2015 PDF

Abiliti: Future Systems
Throughout eternity, all that is of like form comes around again –
everything that is the same must return in its own everlasting
cycle.....
• Marcus Aurelius – Emperor of Rome •
Many Economists and Economic Planners have arrived at the same
conclusion - that most organisations have not yet widely adopted
sophisticated Business Intelligence and Analytics systems – let alone
integrated BI / Analytics and “Big Data” outputs into their core Strategic
Planning and Financial Management processes.....

• Abiliti: Origin Automation is part of a global consortium of Digital Technologies Service
Providers and Future Management Strategy Consulting firms for Digital Marketing and
Multi-channel Retail / Cloud Services / Mobile Devices / Big Data / Social Media
• Graham Harris Founder and MD @ Abiliti: Future Systems
– Email: (Office)
– Telephone: (Mobile)
• Nigel Tebbutt 奈杰尔泰巴德
– Future Business Models & Emerging Technologies @ Abiliti: Future Systems
– Telephone: +44 (0) 7832 182595 (Mobile)
– +44 (0) 121 445 5689 (Office)
– Email: Nigel-Tebbutt@hotmail.com (Private)
• Ifor Ffowcs-Williams CEO, Cluster Navigators Ltd & Author, “Cluster Development”
– Address : Nelson 7010, New Zealand (Office)
– Email : e4@clusternavigators.com
Abiliti: Origin Automation Strategic Enterprise Management (SEM) Framework ©
Cluster Theory - Expert Commentary: -

Slow is smooth, smooth is fast.....
.....advances in “Big Data” have lead to a revolution in
Economic Modelling and Enterprise Risk Management –
but it takes both human ingenuity, and time, for Strategic
Economic and Risk Models to develop and mature.....

Financial Technology – Business Categories
Fin Tech – Business Disciplines
Economic Analysis & Econometrics Regime: –
• Economic Planning, Analytics & Optimisation •
• Business Cycles, Patterns and Trends •
• Quantitative and Qualitative Techniques •
• Economic Modelling & Long-range Forecasting •
• Ghost in the Machine - Future Management •
Business Planning and Strategy Regime: –
• Corporate Planning and Financial Analysis •
• Horizon Scanning, Monitoring and Tracking •
• Eltville Model • Three Horizons Framework •
• The “Thinking about the Future” Framework •
Business Programme Management Regime: –
• Organisational Change Framework •
• Business Transformation Framework •
• Project / Programme Management Framework •
Enterprise & Solution Architecture Regime: –
• Business Architecture / Modelling Framework •
• Technology Architecture / Modelling Framework •
Fin Tech – Operational Regimes
Corporate Responsibility Regimes: –
• Business Principles Regime •
• Enterprise Governance Regime •
• Reporting and Controls Regime •
• Enterprise Risk Management Regime •
• Enterprise Performance Management Regime •
Enterprise Risk Frameworks: –
• Systemic Risk • Outsights •
• Operational Risk • COSO •
• Trade Risk (micro-economic) •
• Market Risk (macro-economic) •
Liquidity Risk Frameworks – Capital Adequacy Rules
• Basle II – Banking • Solvency II – Insurance •
Insurance Risk Frameworks: –
• Actuarial Science • Underwriting / Reinsurance Risk •
• Security Risk • Reputational Risk • Data Science •
Reporting and Controls Frameworks: –
• Accounting Standards • GAAP • IFRS •
Enterprise and Business Architecture is a part of Abiliti: Financial Technology (Fin Tech) Training: -

Financial Technology – System Categories
Fin Tech – Core Processing
Retail Banking
• Deposits
• Accounts
• Payments
• Securities • Wealth Management •
Financial Markets
• Trade Desk • Automatic Trading •
• Enterprise Risk Management
• Quantitative (Technical) Analysis
• Financial Market Data Management
• Regulatory and Statutory Compliance
Corporate Banking
• Corporate Finance
• Investment Services
• Asset Portfolio Management
• Merger and Acquisition Services
• Shareholder Registration and Administration
Fin Tech – Shared Services
Enterprise Support Systems (ESS): -
• Planning, Forecasting and Strategic Management
• Enterprise Performance Management
• Human Resources and Talent Management
• Finance & Accounting • Treasury & Settlements
• Enterprise Governance, Reporting and Controls
Business Support Systems (BSS)
• Customer Relationship Management •
• Social Media • BI / Analytics • “Big Data” •
• Mobile Devices and Smart Apps Platforms •
• Multi-channel Digital Self-service Platforms •
Operational Support Systems (OSS)
• Cloud Services
• Desktop Services
• Network Management
• Software Versioning and Control
• Software Distribution Management
Systems and Solution Architecture forms part of Abiliti: Financial Technology (Fin Tech) Training: -

At the very Periphery of Corporate
Vision and Awareness…..
• The Cosmology Revolution – new and exciting advances in Astrophysics and
Cosmology (String Theory and Wave Mechanics) is leading Physicists towards new
questions and answers concerning the make-up of stellar clusters and galaxies, stellar
populations in different types of galaxy, and the relationships between high-stellar
populations and local clusters. What are the implications for galactic star-formation
histories and relative stellar formation times – overall, resolved and unresolved – and
their consequent impact on the evolution of life itself ?.
• The Quantum Revolution – The quantum revolution could turn many ideas of science
fiction into science fact - from meta-materials with mind-boggling properties such as
invisibility, limitless quantum energy via room temperature superconductors an
onwards and upwards to Arthur C Clarke's space elevator. Some scientists even
forecast that in the latter half of the century everybody will have a personal fabricator
that re-arranges molecules to produce everything from almost anything. How
ultimately will we use this gift? Will we have the wisdom to match our mastery of
matter like Solomon? Or will we abuse our technology strength and finally bring down
the temple around our ears like Samson?
• The Nano-Revolution – To meet the challenges in an ever more resource-limited
world, innovation and technology must play an increasing role. Nanotechnology, the
engineering of matter at the atomic scale to create materials with unique properties
and capabilities, will play a significant part in ensuring that risks to critical water
resources for future cities are addressed. Nanotechnology “has the potential to be a
key element in providing effective, environmentally sustainable solutions for supplying
potable water for human use and clean water for agricultural and industrial uses.”

• The Energy Revolution • Oil Shale • Kerogen • Tar Sands • Methane Hydrate • The
Hydrogen Economy • Nuclear Fusion • Every year we consume the quantity of Fossil
Fuel energy which took nature 3 million tears to create. Unsustainable fossil fuel energy
dependency based on Carbon will eventually be replaced by the Hydrogen Economy
and Nuclear Fusion. The conquest of hydrogen technology, the science required to
support a Hydrogen Economy (to free up humanity from energy dependency) and
Nuclear Fusion (to free up explorers from gravity dependency) is the final frontier which,
when crossed, will enable inter-stellar voyages of exploitation across our Galaxy.
• Nuclear Fusion requires the creation and sustained maintenance of the enormous
pressures and temperatures to be found at the Sun’s core This is a most challenging
technology that scientists here on Earth are only now just beginning to explore and
evaluate its extraordinary opportunities. To initiate Nuclear Fusion requires creating the
same conditions right here on Earth that are found the very centre of the Sun. This
means replicating the environment needed to support quantum nuclear processes which
take place at huger temperatures and immense pressures in the Solar core – conditions
extreme enough to overcome the immense nuclear forces which resist the collision and
fusion of two deuterium atoms (heavy hydrogen – one proton and one neutron) to form a
single Helium atom – accompanied by the release of a vast amount of Nuclear energy.

• Renewable Resources • Solar Power • Tidal Power • Hydro-electricity • Wind
Power • The Hydrogen Economy • Nuclear Fusion • Any natural resource is a
renewable resource if it is replenished by natural processes at a rate compatible
with or faster than its rate of consumption by human activity or other natural uses
or attrition. Some renewable resources - solar radiation, tides, hydroelectricity,
wind – can also classified as perpetual resources, in that they can never be
consumed at a rate which is in excess of their long-term availability due to natural
processes of perpetual renewal. The term renewable resource also carries the
implication of prolonged or perpetual sustainability for the absorption, processing or
re-cycling of waste products via natural ecological and environmental processes.
• For the purposes of Nuclear Fission, Thorium may in future replaced enriched
Uranium-235. Thorium is much more abundant, far easier to mine, extract and
process and far less dangerous than Uranium. Thorium is used extensively in
Biomedical procedures, and its radioactive decay products are much more benign.
• Sustainability is a characteristic of a process or mechanism that can be
maintained indefinitely at a certain constant level or state – without showing any
long-term degradation, decline or collapse.. This concept, in its environmental
usage, refers to the potential longevity of vital human ecological support systems -
such as the biosphere, ecology, the environment the and man-made systems of
industry, agronomy, agriculture, forestry, fisheries - and the planet's climate and
natural processes and cycles upon which they all depend.

• Trans-humanism – advocates the ethical use of technology to extend current
human form and function - supporting the use of future science and technology to
enhance the human genome capabilities and capacities in order to overcome
undesirable and unnecessary aspects of the present human condition.
• The Intelligence Revolution – Artificial Intelligence will revolutionise homes,
workplaces and lifestyles. Augmented Reality will create new virtual worlds –
such as the interior of Volcanoes or Nuclear Reactors, the bottom of the Ocean or
the surface of the Moon, Venus or Mars - so realistic they will rival the physical
world. Robots with human-level intelligence may finally become a reality, and at
the ultimate stage of mastery, we'll even be able to merge human capacities with
machine intelligence and attributes – via the man-machine interface.
• The Biotech Revolution – Genome mapping and Genetic Engineering is now
bringing doctors and scientists towards first discovery, and then understanding,
control, and finally mastery of human health and wellbeing. Digital Healthcare
and Genetic Medicine will allow doctors and scientists to positively manage
successful patient outcomes – even over diseases previously considered fatal.
Genetics and biotechnology promise a future of unprecedented health, wellbeing
and longevity. DNA screening could diagnose and gene therapy prevent or cure
many diseases. Thanks to laboratory-grown tissues and organs, the human body
could be repaired as easily as a car, with spare parts readily available to order.
Ultimately, the ageing process itself could ultimately be slowed or even halted.

• Global Massive Change is an evaluation of global capacities and limitations. It
includes both utopian and dystopian views of the emerging world future state, in
which climate, the environment, ecology and even geology are dominated by the
indirect impact of human activity and the direct impact of human manipulation: –
1. Human Impact is now the major factor in climate change, environmental and
ecological degradation.
2. Environmental Degradation - man now moves more rock and earth than do all
of the natural geological processes
3. Ecological Degradation – biological extinction rate - is currently greater than
that of the Permian-Triassic boundary (PTB) extinction event
4. Food, Energy, Water (FEW) Crisis – increasing scarcity of Natural Resources
• Society’s growth-associated impacts on its own ecological and environmental
support systems, for example intensive agriculture causing exhaustion of natural
resources by the Mayan and Khmer cultures, de-forestation and over-grazing
causing catastrophic ecological damage and resulting in climatic change – further
examples are the Easter Island culture, the de-population of upland moors and
highlands in Britain from the Iron Age onwards – including the Iron Age retreat
from northern and southern English uplands, the Scottish Highland Clearances
and replacement of subsistence crofting by deer and grouse for hunting and
sheep for wool on major Scottish Highland Estates and the current sub-Saharan
de-forestation and subsequent desertification by semi-nomadic pastoralists

Ghost in the Machine:
Haunted by Randomness
“Time present and time past
Are both perhaps present in time future,
And time future contained in time past
. . . all time is eternally present”
• Time, Eternity, and Immortality in T. S. Eliot's Four Quartets •

• The purpose of a Futures Study Training Module is based on the overarching need to
enable and prepare clients to anticipate, prepare for and manage the future - by guiding them
towards an understanding of how the future might unfold. This involves planning, organising
and running Futures Studies Projects and presenting the results via Workshops, Seminars
and CxO Forums. This means working with key client executives responsible for Stakeholder
Relationships, Communications and Benefits Realisation Strategies - helping to influence and
shape organisational change and driving technology innovation to enable rapid business
transformation, ultimately to facilitate the achievement of stakeholder’s desired Business
Outcomes – plus the scoping, envisioning and designing the Future Systems to support
client objectives – by integrating BI / Analytics and “Big Data” Futures Study and Strategy
Analysis outputs into their core Corporate Planning and Financial Management processes.....
– CxO Forums – executive briefings on new and emerging technologies and trends
– Workshops – discovery workshops to explore future Scenario Planning & Analysis
– Seminars – presents in detail the key Futures Study findings and extrapolations.
– Special Interest Groups (SIGs) – for stakeholder Subject Matter Experts (SMEs)

• This Futures Study Training Module – is designed to provide cross-functional support to
those client stakeholders who are charged by their organisations with thinking about the
future – corporate planners, disaster and contingency management and enterprise risk
research, planning, strategy, analysis and management along with those IT Professionals
responsible for Strategic Enterprise Management (SEM) Frameworks and Systems. The
Futures Study course consists of the following components : -
– Classroom Training – Slide Pack, Handouts, Background Documents, Tests and Exercises.
– Workshop Facilitation – driving and mentoring Futures Studies Workshops.
– Advisory Consulting – advise and inform your Futures Study Programme.
– CxO Forums – executive briefings on new and emerging technologies and trends
– Future Discovery – discovery workshops to explore future Scenario Planning & Analysis
– Seminars – presents in detail the key Futures Study findings and extrapolations.
– Special Interest Groups (SIGs) – for stakeholder Subject Matter Experts (SMEs)
– Resources – access to Think Tanks, NGOs, Government Departments and Academia.
– Gateway to Higher Education – Graduate Courses in Futures Studies @ University of Oxford –
Said Business School and Smith School of Economics and the Environment (SSEE)

• This Slide Pack forms part of a Futures Study Training Module - the purpose of which is to provide
cross-functional support to those client stakeholders who are charged by their organisations with
thinking about the future – corporate planners, disaster and contingency management and enterprise
risk research, planning, strategy, analysis and management along with IT Professionals responsible for
architecting, designing and supporting Strategic Enterprise Management Frameworks and Systems: -
– Finance, Corporate Planners and Strategists – authorise and direct the Futures Study.
– Enterprise Risk Managers, Disaster & Contingency Planners – plan & lead Futures Studies.
– Product Innovation, Research & Development – advise and inform the Futures Study.
– Marketing and Product Engineering – review and mentor the Futures Research Study.
– Economists, Data Scientists and Researchers – undertakes the detailed Research Tasks.
– Research Aggregator – examines hundreds of related Academic Papers, “Big Data” & other
relevant global internet content - looking for hidden or missed findings and extrapolations.
– Author – compiles, documents, edits and publishes the Futures Study Research Findings.
– Business Analysts / Enterprise Architects – provide the link into Business Transformation.
– Technical Designers / Solution Architects – provide the link into Technology Refreshment.

Executive Summary: -
The Management of Uncertainty
Mechanical Processes –
Thermodynamics (Complexity and Chaos Theory) – governs the behaviour of Systems
Classical Mechanics (Newtonian Physics) – governs the behaviour of all everyday objects
Quantum Mechanics – governs the behaviour of unimaginably small sub-atomic particles
Relativity Theory – governs the behaviour of impossibly super-massive cosmic structures
Wave Mechanics (String Theory) – integrates the behaviour of every size and type of object

• It has long been recognized that one of the most important competitive factors for any
organization to master is the management of uncertainty. Uncertainty is the major
intangible factor contributing towards the risk of failure in every process, at every level,
in every type of business. The way that we think about the future must mirror how the
future actually unfolds. As we have learned from recent experience, the future is not a
straightforward extrapolation of simple, single-domain trends. We now have to consider
ways in which the possibility of random, chaotic and radically disruptive events may be
factored into enterprise threat assessment and risk management frameworks and
incorporated into decision-making structures and processes.
• Managers and organisations often aim to “stay focused” and maintain a narrow
perspective in dealing with key business issues, challenges and targets. A
concentration of focus may risk overlooking Weak Signals indicating potential issues
and events, agents and catalysts of change. Such Weak Signals – along with their
resultant Wild Card and Black Swan Events - represent early warning of radically
disruptive future global transformations – which are even now taking shape at the very
periphery of corporate awareness, perception and vision – or just beyond.

• There are many kinds of Stochastic or Random processes that impact on every area
of Nature and Human Activity. Randomness can be found in Science and Technology
and in Humanities and the Arts. Random events are taking place almost everywhere
we look – for example from Complex Systems and Chaos Theory to Cosmology and
the distribution and flow of energy and matter in the Universe, from Brownian motion
and quantum theory to fractal branching and linear transformations. There are further
examples – atmospheric turbulence in Weather Systems and Climatology, and system
dependence influencing complex orbital and solar cycles. Other examples include
sequences of Random Events, Weak Signals, Wild Cards and Black Swan Events
occurring in every aspect of Nature and Human Activity – from the Environment and
Ecology - to Politics, Economics and Human Behaviour and in the outcomes of current
and historic wars, campaigns, battles and skirmishes - and much, much more.
• These Stochastic or Random processes are agents of change that may precipitate
global impact-level events which either threaten the very survival of the organisation -
or present novel and unexpected opportunities for expansion and growth. The ability to
include Weak Signals and peripheral vision into the strategy and planning process may
therefore be critical in contributing towards the continued growth, success, wellbeing
and survival of both individuals and organisations at the micro-level – as well as cities,
states and federations at the macro-level - as witnessed in the rise and fall of empires.

Random Processes
• Random Processes may influence any natural and human phenomena, such as: -
– the history of an object
– the outcome of an event
– the execution of a process
• Randomness may be somewhat difficult to demonstrate, as true Randomness in chaotic
system behaviour is not always readily or easily distinguishable from any of the “noise”
that we may find in Complex Systems – such as foreground and background wave
harmonics, resonance and interference. Complex Systems may be influenced by both
internal and external factors which remain hidden – either unrecognised or unknown.
These hidden and unknown factors may exist far beyond our ability to detect them – but
nevertheless, still exert influence. The existence of weak internal or external forces acting
on systems may not be visible to the observer – these subliminal temporal forces can
influence Complex System behaviour in such a way that the presence of imperceptibly tiny
inputs, acting on a system, amplified in effect over many system cycles - are ultimately
able to create massive observable changes to outcomes in complex system behaviour.

• Uncertainty is the outcome of the disruptive effect that chaos and randomness
introduces into our daily lives. Research into stochastic (random) processes looks
towards how we might anticipate, prepare for and manage the chaos and uncertainty
which acts on complex systems – including natural systems such as Cosmology and
Climate, as well as human systems such as Politics and the Economy – so that we may
anticipate future change and prepare for it…..
1. Classical Mechanics - Any apparent randomness is as a result of Unknown Forces
2. Thermodynamics - Randomness, chaos and uncertainty is directly a result of Entropy
3. Biology - Any apparent randomness is as a result of Unknown Forces
4. Chemistry - Any apparent randomness is as a result of Unknown Forces
5. Atomic Theory - All events are utterly and unerringly predictable (Dirac Equation)
6. Quantum Mechanics - Every event is both symmetrical and random (Hawking Paradox)
7. Geology - Any randomness or asymmetry is a result of Unknown Forces
8. Astronomy - Any randomness or asymmetry is a result of Unknown Forces
9. Cosmology - Any randomness or asymmetry is as a result of Dark Matter, Energy, Flow
10. Relativity Theory - Randomness or asymmetry may be a result of Quantum effects
11. Wave Mechanics - Any randomness and asymmetry is as a result of Unknown Forces

Domain Scope / Scale Randomness Pioneers
Classical Mechanics
(Newtonian Physics)
Everyday objects Any apparent randomness is as
a result of Unknown Forces
Sir Isaac Newton
Thermodynamics Energy Systems -
Entropy, Enthalpy
Newcomen, Trevithick,
Watt, Stephenson
Biology Evolution Darwin, Banks, Huxley,
Krebs, Crick, Watson
Chemistry Molecules Lavoisier, Priestley
Atomic Theory Atoms Events are truly and intrinsically,
utterly and unerringly totally
predictable (Dirac Equation).
Max Plank, Niels Bohr,
Bragg, Paul Dirac,
Richard Feynman
Quantum Mechanics Sub-atomic particles Each and every Quantum event
is truly and intrinsically fully
random and symmetrical
(Hawking Paradox)
Erwin Schrodinger ,
Werner Heisenberg,
Albert Einstein,
Hermann Minkowsky

Domain Scope / Scale Randomness Pioneers
Geology The Earth, Planets,
Planetoids, Asteroids,
Meteors / Meteorites
Any apparent randomness is as
a result of Unknown Forces
Hutton, Lyell, Wagner
Astronomy Common, Observable
Celestial Objects
Any apparent randomness or
asymmetry may be as a result
of Quantum effects or other
Unknown Forces acting early in
the history of Space-Time
Galileo, Copernicus,
Kepler, Lovell, Hubble
Cosmology Super-massive
Celestial Objects
Hoyle, Ryall, Rees,
Penrose, Bell-Burnell
Relativity Theory The Universe Any apparent randomness or
asymmetry is as a result of
Unknown Forces / Dimensions
Albert Einstein,
Hermann Minkowski,
Stephen Hawking
Wave Mechanics
(String Theory or
Quantum Dynamics)
The Universe,
Membranes and
Hyperspace
Michael Green,
Michio Kaku

• Classical Mechanics (Newtonian Physics)
– Classical Mechanics (Newtonian Physics) governs the behaviour of everyday objects
– any apparent randomness is as a result of unimaginably small, unobservable and
unmeasurable Unknown Forces - either internal or external - acting upon a System.
• Thermodynamics
– governs the flow of energy and the transformation (change in state) of systems
– randomness, chaos and uncertainty is the result of the effects of Enthalpy and Entropy
• Chemistry
– Chemistry (Transformation) governs the change in state of atoms and molecules
• Biology
– Biology (Ecology ) governs Evolution - the life and death of all living Organisms

• Atomic Theory
– governs the behaviour of unimaginably small objects (atoms and sub-atomic particles)
– all events are truly and intrinsically, utterly and unerringly predictable (Dirac Equation).
• Quantum Mechanics
– governs the behaviour of unimaginably tiny objects (fundamental sub-atomic particles)
– all events are truly and intrinsically both symmetrical and random (Hawking Paradox).
• Geology
– Geology governs the behaviour of local Solar System Objects (such as The Earth, Planets,
Planetoids, Asteroids, Meteors / Meteorites) which populate the Solar System
unmeasurable Unknown Forces - either internal or external - acting upon a System
• Astronomy
– Astronomy governs the behaviour of Common, Observable Celestial Objects (such as
Asteroids, Planets, Stars and Stellar Clusters) which populate and structure Galaxies
– any apparent randomness or asymmetry is as a result of Quantum Effects, Unknown
Forces or Unknown Dimensions acting very early in the history of Universal Space-Time

• Cosmology
– Cosmology governs the behaviour of impossibly super-massive cosmic building blocks
(such as Galaxies and Galactic Clusters) which populate and structure the Universe
– any apparent randomness or asymmetry is due to the influence of Quantum Effects,
Unknown Forces (Dark Matter, Dark Flow and Dark Energy) or Unknown Dimensions
• Relativity Theory
– Relativity Theory governs the behaviour of impossibly super-massive cosmic structures
(such as Galaxies and Galactic Clusters) which populate and structure the Universe
Forces or Unknown Dimensions acting very early in the history of Universal Space-Time
• Wave Mechanics (String Theory or Quantum Dynamics)
– Wave Mechanics integrates the behaviour of every size and type of physical object
Forces or Unknown Dimensions acting on the Universe, Membranes or in Hyperspace

• 4D Geospatial Analytics is the
profiling and analysis of large
aggregated datasets in order to
determine a ‘natural’ structure of
groupings provides an important
technique for many statistical and
analytic applications.
• Environmental and Demographic
Geospatial Cluster Analysis - on the
basis of profile similarities or
geographic distribution - is a statistical
method whereby no prior assumptions
are made concerning the number of
groups or group hierarchies and
internal structure. Geo-spatial and
geodemographic techniques are
frequently used in order to profile and
segment populations by ‘natural’
groupings - such as common
behavioural traits, Clinical Trial,
Morbidity or Actuarial outcomes - along
with many other shared characteristics
and common factors.....

• The Temporal Wave is a novel and innovative method for Visual Modelling and Exploration of
Geospatial “Big Data” – Geospatial Analytics simultaneously within a Time (history) and Space
(geographic) context. The problems encountered in exploring and analysing vast volumes of
spatial–temporal information in today's data-rich landscape – are becoming increasingly
difficult to manage effectively. In order to overcome the problem of data volume and scale in a
Time (history) and Space (location) context requires not only traditional location–space and
attribute–space analysis common in GIS Mapping and Spatial Analysis - but now with the
additional dimension of time–space analysis. The Temporal Wave supports a new method of
Visual Exploration for Geospatial (location) data within a Temporal (timeline) context.
• This time-visualisation approach integrates Geospatial (location) data within a Temporal
(timeline) framework which is communicated via data visualisation and animation techniques
used to support geo-visual “Big Data” analytics - thus improving the accessibility, exploration
and analysis of the huge amounts of time-variant geo-spatial data, such as the history of an
object or location, or the outcome of a process (evolution of the universe). Temporal Wave
combines the strengths of both linear timeline and cyclical wave-form analysis . Both linear
and cyclic trends in space-time data may be represented in combination with other graphic
representations typical for location–space and attribute–space data-types. The Temporal
Wave can be used in various roles as a time–space data reference system, as a time–space
continuum representation tool, and as time–space interaction tool– and so is able to represent
data within both a Time (history) and Space (geographic) context simultaneously – therefore
pan across Space-time layers or even zoom between different levels of detail or granularity.

• Time Present is always in some way inextricably woven into both Time Past and Time Future –
with the potential, therefore, to give us notice of future random events – subliminal indications
of future events before they actually occur. Chaos Theory suggests that even the most tiny of
inputs, so minute as to be undetectable, may ultimately be amplified over many system cycles
– to grow in influence and effect to trigger dramatic changes in future outcomes. So any given
item of Information or Data (Global Content) may contain faint traces which hold hints or clues
about the outcomes of linked Clusters of Past, Present and Future Events.
• Every item of Global Content that we find in the Present is somehow connected with both the
Past and the Future. Space-Time is a Dimension – which flows in a single direction, as does a
River. Space-Time, like water diverted along an alternative river channel, does not flow
uniformly – outside of the main channel there could well be “submerged objects” (random
events) that disturb the passage of time, and may possess the potential capability of creating
unforeseen eddies, whirlpools and currents in the flow of Time (disorder and uncertainty) –
which in turn posses the capacity to generate ripples, and waves (chaos and disruption) – thus
changing the course of the Space-Time continuum. “Weak Signals” are “Ghosts in the
Machine” of these subliminal temporal interactions – with the capability to contain information
about future “Wild card” or “Black Swan” random events.

• Weak Signals, Strong Signals, Wild Cards and Black Swan Events – are a sequence
of waves linked and integrated in ascending order of magnitude, which have a common
source or origin - either a single Random Event instance or arising from a linked series
of chaotic and disruptive Random Events - an Event Storm. These Random Events
propagate through the space-time continuum as a related and integrated series of waves
with an ascending order of magnitude and impact – the first wave to arrive is the fastest
travelling,- Weak Signals - something like a faint echo of a Random Event which may in
turn be followed in turn by a ripple (Strong Signals) then possibly by a wave (Wild Card)
- which may indicate the unfolding a further increase in magnitude and intensity which
finally arrives catastrophically - something like a tsunami (Black Swan Event).
Sequence of Events - Emerging Waves Stage View of Wave Series Development
1. Random Event 1. Discovery
2. Weak Signals 1.1 Establishment
3. Strong Signals 1.2 Development
4. Wild Cards 2. Growth
5. Black Swan Event 3. Plateau
4. Decline
5. Collapse
5.1 Renewal
5.2 Replacement

• Randomness. Neither data-driven nor model-driven macro-economic or micro-economic
models currently available to us today - seem able to deal with the concept or impact of
Random Events (uncertainty). We therefore need to consider and factor in further novel
and disruptive (systemic) approaches which offer us the possibility to manage uncertainty.
We can do this by searching for, detecting and identifying Weak Signals – which are tiny,
unexpected variations or disturbances in system outputs – surprises – predicating the
possible existence of hidden data relationships which are masked or concealed within the
general background system “noise”. Weak Signals are caused by the presence of small
unrecognised or unknown forces acting on the system. Weak Signals in turn may indicate
the possible future appearance of emerging chaotic, and radically disruptive Wild Card or
Black Swan events beginning to form on the detectable Horizon – or even just beyond.
• Random Events must then be factored into Complex Systems Modelling. Complex
Systems interact with unseen forces – which in turn act to inject disorder, randomness,
uncertainty, chaos and disruption. The Global Economy, and other Complex Adaptive
Systems, may in future be considered and modelled successfully as a very large set of
multiple interacting Ordered (Constrained) Complex Systems - each individual System
loosely coupled with all of the others, and every System with its own clear set of rules and
an ordered (restricted) number of elements and classes, relationships and types.

Enterprise Risk Management
Mechanical Processes –
Classical Mechanics (Newtonian Physics) – governs the behaviour of all everyday objects
Quantum Mechanics – governs the behaviour of unimaginably small sub-atomic particles
Relativity Theory – governs the behaviour of impossibly super-massive cosmic structures
Wave Mechanics (String Theory) – integrates the behaviour of every size and type of object

Introduction
• Enterprise Risk Management (ERM) has a wide spectrum of scope
and definitions. The generally agreed concept is that ERM is now
much wider than traditional risk management and covers all of the
risks within an enterprise (public and private sector). Traditional risk
management focuses on identifying risks, measuring and monitoring
risks and designing strategies to limit losses to agreed limits.
• ERM recognises that businesses take risks in order to make a profit
for their owners and therefore considers the upside of taking risks, and
attempts to strike a balance between too much risk and not enough
risk compared to the enterprise’s strategic direction. Risk is managed
holistically in a fully integrated framework, across all different risk
types and the different functions/companies within the organisation.

Risk
“The bear that
you can see in
front of you –
is never the
same bear as
the one which
takes your life
away.....”
Inuit Proverb

Risk
Advances in Data
Science and “Big
Data” have lead to
a revolution in
macro and micro
Econometrics
Modelling, Threat
Analysis and
Enterprise Risk
Management .....
– but it takes both
human ingenuity,
time and effort for
Austrian (Real)
Economic and
Enterprise Risk
Models to develop
and mature.....

Section 1 – Introduction to
• This Section describes the fundamentals of Enterprise Risk Management Threat Analysis. The
underlying premise of Enterprise Risk Management is that every enterprise exists to provide value for
its stakeholders. All entities face uncertainty, which leads to risk. The challenge for management is to
determine how much uncertainty or risk to accept, as it strives to protect and grow stakeholder value : -
• AUDIENCE
– Finance, Corporate Planners and Strategists – authorise and direct the Risk Study.
– Enterprise Risk Managers, Disaster & Contingency Planners – plan and lead the Risk Study.
– Product Innovation, Research & Development – advise and inform the Risk Research Study.
– Marketing and Product Engineering – review and mentor the Risk Research Study.
– Economists, Data Scientists and Researchers – undertakes detailed Risk Research Tasks.
– Research Aggregator – “Big Data”: - examines hundreds of related Academic Papers and other
global internet content - looking for hidden or missed findings and extrapolations – Data Science.
– Author – compiles, documents, edits and publishes the Risk Research Study Findings.

Enterprise Risk Management – Key Issues
• The underlying premise of Enterprise Risk Management is that every
enterprise exists to provide sustainable value for its stakeholders.
• All entities face random events and uncertainty, and the challenge for
management is to determine how much uncertainty they are willing to
accept as the Enterprise strives to grow stakeholder value.
• Randomness and uncertainty presents both risk and opportunity, with
the potential to either erode or enhance short-term stakeholder value.
• Enterprise Risk Management enables leadership to deal effectively
with random events and uncertainty along with its associated risk and
opportunity – enhancing the capacity of the Enterprise to achieve
sustainable growth and conserve long-term stakeholder value

• The underlying premise of Enterprise Risk Management is that every enterprise exists
to generate value for its stakeholders. All entities face uncertainty, which leads to risk.
The challenge for management is to determine its risk appetite - how much uncertainty
to accept as it strives to protect and grow stakeholder value. Uncertainty presents both
threats and opportunities – with the potential to either erode or enhance stakeholder
value. Enterprise Risk Management enables leadership to deal effectively with
randomness and uncertainty along with its associated risk and opportunity – thus
enhancing capacity to build sustainable growth and long-term stakeholder value.
• Enterprise Risk Management value is maximised when leadership and management
teams sets policy, strategy and objectives to strike an optimal balance between growth
and return on investment - with their related goals and risks - deploying resources
efficiently and effectively in pursuit of the enterprise’s desired future outcomes.
• These capabilities inherent in enterprise risk management help the leadership team to
achieve the enterprise’s performance and profitability targets whilst preventing the loss,
attrition or devaluation of enterprise resources – and in so doing, protecting and
preserving corporate assets. Enterprise Risk Management helps to ensure effective
reporting and compliance with laws and regulations, and helps avoid damage to the
enterprise’s reputation - and any consequential losses. In sum, enterprise risk
management helps an enterprise to realise its corporate plans and business strategies -
avoiding pitfalls and surprises along the way.

• Risk Events – Threats and Opportunities. Risk Events can have negative impact,
positive impact, or both. Events with a negative impact represent risks, which can
prevent value creation or erode existing value. Events with positive impact may offset
negative impacts or represent opportunities. Opportunities are the possibility that an
event will occur and positively affect the achievement of objectives, supporting value
creation or preservation. Management channels opportunities back to its strategy or
objective-setting processes, formulating plans to seize those opportunities.
• Enterprise Risk Management deals with risks and opportunities affecting the
process of value creation or preservation – and is described as follows: -
– Enterprise Risk Management is a process, implemented by an enterprise’s
board of directors, leadership, management and other personnel, and is applied
both in a strategy setting and in every operational activity across the entire
enterprise. Enterprise Risk Management is designed to identify potential threat
events that may affect the enterprise, to manage those threats within its risk
appetite and tolerances – and to provide reasonable comfort and assurance
towards the achievement of operational and strategic enterprise objectives.
• This Enterprise Risk Management definition is purposefully broad. It captures key
concepts fundamental to how companies and other organizations manage risk,
providing a basis for application across organizations, industries, and sectors. It
focuses directly on achievement of objectives established by a particular enterprise
and provides a basis for defining enterprise risk management effectiveness.

• This definition reflects fundamental Enterprise Risk Management concepts: -
– A process set or group, ongoing and flowing through an entire enterprise
– Implemented by people at every level within an organisation
– Supported by technology - Enterprise Risk Management Systems
– Developed in a strategy setting, planning, forecasting and implemented by
operational management
– Applied across the whole enterprise, at every segment and unit, and includes
taking an enterprise level portfolio view of risk
– Designed to identify potential events that, if they occur, will affect the enterprise
and to manage risk within its risk appetite
– Able to provide reasonable and acceptable Risk Management assurance to an
enterprise’s senior management and board of directors
– Geared to the achievement of performance objectives in many separate but
related categories
• This definition is purposefully broad. It captures key concepts fundamental to how
companies and other organizations manage risk, providing a basis for application
across organizations, industries, and sectors. It focuses directly on achievement of
objectives established by a particular enterprise and provides a basis for defining
your own organisations specific Enterprise Risk Management Framework.

Primary Risk Functions
• The Primary Risk Functions in large corporations that may participate in an
Enterprise Risk Management programme typically include the following: -
– Strategic planning and forecasting - identifies competitive opportunities and
external threats, along with strategic initiatives to exploit or address them
– Disaster and contingency planning - identifies business continuity issues
– Research and Development - understands core value propositions to ensure
that future product / service development falls within corporate requirements
– Marketing and Product Engineering - understands the target customer to
ensure product / service alignment within customer expectations and needs
– Finance and Accounting - identifies business performance management issues
– Actuarial Services - ensures the proper insurance cover for the organisation
– Treasury - ensures cash-flow is sufficient to meet business needs, whilst
managing risk related to commodity pricing, interest and foreign exchange

– Financial Compliance – follows GAAP / IFRS recommendations and directs
Sarbanes-Oxley Section 302 and 404 assessments, in addition to Basle II /
Solvency II compliance - which identifies financial reporting and disclosure risks.
– Legal Services - manages litigation and analyses emerging government policy,
legislation and regulation that may have future impact upon the organisation
– Regulatory and Statutory Compliance – provides governance and controls,
monitors compliance with standards and initiates money laundering and fraud
investigations - as well as dealing with Reputational Risk issues
– Quality Assurance - verifies operational quality assurance targets are achieved
– Operations Management – ensures that day-to-day operational performance is
on target and that any operational issues are surfaced for resolution
Primary Risk Functions (continued)

– Credit Management - ensures that any credit facilities provided to customers is
appropriate in respect of their Credit History and ability to repay the advance
– Customer Services – manages the customer experience / journey and ensures
that problems are handled promptly and reported to operations for resolution
– Information Technology – follows Clinger-Cohen guidelines for due diligence in
IT Procurement, implements Business Intelligence, “Big Data” Intelligent Agents /
Alerts, Digital Dashboards and Reporting for Risk Controls and maintains Risk
Event Identification / Incident Capture Systems for Risk Monitoring / Reporting
– Internal audit - evaluates Risk Event Identification / Incident Capture and Risk
Controls; directs non-compliance / fraud investigation, monitoring and reporting
– Risk Management – maintains the Enterprise Risk Management Framework ,
audits and evaluates the effectiveness of each of the above risk functions and
recommends any required improvements
Primary Risk Functions (continued)

• What is Risk Management ?
• Enterprise Risk Management is a structured approach to managing uncertainty
through foresight and planning. Any risk is related to a specific threat (or group of
related threats) managed through a sequence of activities using various resources: -
– Risk Research – evaluating / understanding the problem / opportunity domain
– Risk Identification – identifying applicable threats, risk groups, types & events
– Risk Prioritisation – ordering and prioritising relevant threats by risk probability
and magnitude
– Risk Assessment – comparing and balancing the individual threat posed by
each risk item in the ordered and prioritised risk register
– Risk Management Strategies – methods for transferring, avoiding, reducing or
accepting the risk
– Risk Planning – assessing the overall level of threat contained within the
consolidated risk register
– Risk Mitigation – reducing uncertainty through the application of strategic
foresight and future management planning processes

• Risk Management Strategies may include the following: -
– Transferring the risk to another party
– Avoiding the risk
– Reducing the negative effect of the risk
– Accepting part or all of the consequences of a particular risk .
• In an ideal Risk Management Scenario, a prioritisation process ranks those
risks with the greatest potential loss and the greatest probability of occurring to
be handled first - and risks with lower probability of occurrence and lower
consequential losses are then handled in descending order
• In practice this prioritisation process can be very challenging. Comparing and
balancing the overall threat of risks with a high probability of occurrence but
lower loss - versus risks with higher potential loss but lower probability of
occurrence - may lead to misleading results.....

Intangible Risk Management
• Intangible Risk Management hypothesises a different type of threat - a risk that has
a 100% probability of occurring but is ignored by the organization due to an inability
to recognise an unavoidable threat, or the failure to identify an intangible risk: -
– Process-engagement Risk may pose a threat when processes are ineffective,
incomplete or broken and operational procedures are misapplied (or not
applied).
– Knowledge Risk may materialise when insufficient knowledge is available in a
threat domain, or a deficient level of knowledge is applied to a threat situation,.
– Relationship Risk may occur when group dynamics are disrupted, morale
breaks down, or communication, collaboration and team-working become
ineffective.
• Intangible Risk Management allows risk managers to create immediate value from
the identification and reduction of hidden risks that reduce productivity.
• Such Intangible Risks may reduce the productivity of knowledge workers, decrease
cost effectiveness, erode profitability and service and quality whilst compromising
reputation, brand value, market share and earnings.

Opportunity Cost Management
• Risk Management Strategies also face operational difficulties in providing sufficient
enterprise resources or allocating those resources appropriately. This is the concept
of Opportunity Cost and may constitute: -
– Resources denied to risk management that could have been deployed more
profitably on managing and avoiding risk.
– Resources over-expended on risk management that could have been spent
elsewhere in the business on more profitable applications.
• Ideal Risk Management Scenarios minimizes spending whilst maximizing the
reduction of the organisational impact and negative effects of such risks.
– Prioritisation ranks those risks with the greatest potential loss and / or the
greatest probability of occurrence -to be treated first
– Those Risks with lower probability of occurrence and lower consequential losses
are then handled in descending order
– Risk Management seeks to balance and optimise the overall threat impact of
risks with a high probability of occurrence but lower loss -versus risks with
greater potential loss but lower probability of occurrence

Town Flood Risk Example
ATrigger A
Risk
Event
B
Trigger B
Risk
Event
FLOOD
Upstream
Dam Bursts
Flood
Defences Fail
B
Risk
Event
Infrastructure Destroyed
Property Damaged
B
Risk
Event
Loss of Life
B
Risk
Event
Personal Injury
Mitigation
Factor
Mitigation
Factor
Mitigation
Factor
Mitigation
Factor
Engineering
Services
Emergency
Services
Rescue
Response
Paramedic
Response

• Aligning risk appetite and risk management strategy – Management considers the
enterprise’s capability to absorb risk (risk appetite) in evaluating strategic alternatives,
setting related objectives, and developing mechanisms to manage related risk groups.
• Enhancing risk response decisions – Enterprise Risk Management provides the rigor
to identify and select among alternative risk scenarios and responses –identification and
assessment of threats, risk avoidance, risk reduction, risk sharing and risk acceptance.
• Reducing operational surprises and losses – Entities gain enhanced capability to
identify potential threat events and establish threat responses - reducing their exposure
to surprises and “black swan” events and their associated unplanned costs or losses.
• Identifying and managing multiple and cross-enterprise risks – Every enterprise
faces a myriad of risks affecting different parts of the organization, and Enterprise Risk
Management facilitates effective response to the interrelated impacts, and integrated
management of multiple threat scenarios and exposure to groups of related risks.
• Seizing opportunities – By considering and mitigating a full range of potential threat
events, management is well positioned to identify and proactively realise opportunities.
• Improving deployment of capital – Obtaining robust risk exposure information allows
management to effectively assess overall capital needs and enhance capital allocation.

Risk Clusters and Connectivity
1
2
3
4
5
7
8
6
The above is an illustration of risk relationships - how risk events might be connected. A detailed and
intimate understanding of risk clusters and the connection between risks may help us to understand: -
• What is the relationship between Risks 1 and 8, and what impact do they have on Risks 2 - 7 ?
• Risks 2 - 5 and Risks 6 and 7 occur in clusters – what are the factors influencing these clusters ?
Answering questions such as these allows us to plan our risk management approach and mitigation
strategy – and to decide how to better focus our resources and effort on risk and fraud management.
Claimant 1
Risk Event
Claimant 2
Residence
Vehicle
Risk
Cluster

Risk Clusters and Connectivity
• Aggregated risk includes coincident, related, connected and interconnected risk: -
• Coincident - two or more risks appear simultaneously in the same domain – but
they arise from different triggers (unrelated causal events)
• Related - two more risks materialise in the same domain sharing common risk
features or characteristics (may share a possible hidden common trigger or cause
– and so are candidates for further analysis and investigation)
• Connected - two more risks materialise in the same domain due to the same
trigger (common cause)
• Interconnected - two more risks materialise together in a risk cluster or event
series - the previous (prior) risk event triggering the subsequent (next) risk event
• Aggregated risks may result in a significant cumulative impact - and are therefore
frequently identified incorrectly as Wild-card or Black Swan Events - rather than just
simply as risk clusters or event “storms”.....

Aggregated Risk
ATrigger A
Coincident Risk
BTrigger B
Risk Event
Risk Event
CTrigger
Related Risk
DTrigger
Risk Event
Risk Event
E
Trigger
Connected Risk
Risk Event
Risk EventF
GTrigger
Inter-connected Risk
Risk
Event
Risk
Event
H

Trigger
D
USA Sub-Prime
Mortgage Crisis
Trigger
F
CDO Toxic
Asset Crisis
K
E
Trigger
K
Sovereign
Debt Crisis
B
Trigger
I
Money
Supply
Shock
C
Trigger
H
Financial
Services
Sector
Collapse
D
Trigger
G
L
A
Trigger
J
Credit
Crisis
Global
Recession
Black Swan Events
Definition of a “Black Swan” Event
• A “Black Swan” Event is an event or
occurrence that deviates beyond what is
normally expected of any given situation
and that would be extremely difficult to
predict. The term “Black Swan” was
popularised by Nassim Nicholas Taleb, a
finance professor and former Investment
Fund Manager and Wall Street trader.
• Black Swan Events – are unforeseen,
sudden and extreme change events or
Global-level transformations in either the
military, political, social, economic or
environmental landscape. Black Swan
Events are a complete surprise when
they occur and all feature an inordinately
low probability of occurrence - coupled
with an extraordinarily high impact when
they do happen (Nassim Taleb). “Black Swan” Event Cluster or “Storm”

Risk Management Frameworks
Throughout eternity, all that is of like form comes around again –
everything that is the same must return again in its own
everlasting cycle.....
• Marcus Aurelius – Emperor of Rome •

Section 3 – Risk Management Framework
Design
• This Section describes how to design an Enterprise Risk Management Framework – a set of
processes, data, systems and technology designed to manage, control and be resilient to the impact of
every type of risk event and which facilitate rapid and agile business transformation in order to deliver
the client stakeholders desired future organisational structure and target business operating model : -
• AUDIENCE

Risk Management Framework Design – Key Issues
• Enterprise Risk Management Frameworks are a set of processes, data, systems
and technology which help to manage and control every type of risk event.
• Enterprise Risk Management Frameworks facilitate rapid and agile business
transformation in order to deliver the clients desired future organisational structure
and target business operating model which are resilient to the impact of risk
• Enterprise Risk Management Frameworks therefore ensure Critical Success
factors such as enterprise governance, reporting and controls, disaster planning and
recovery management, business continuity, statutory and regulatory compliance
• The Enterprise Risk Management Framework can easily be implemented using
Amphora Symphony supported by SAP modules - SAP HANA, Business Objects,
EPM, GRC, SEM, TRM. There are also Oracle and Microsoft options.....

Threat Analysis, Hazard
Research and Risk Management
The Nature of Uncertainty – Randomness
randomness is as a result of Unknown Forces.....
Classical Mechanics (Newtonian Physics) – governs the behaviour of everyday objects – any
apparent randomness is as a result of Unknown Forces.....
Quantum Mechanics – governs the behaviour of unimaginably small sub-atomic objects – all
events are truly and intrinsically both symmetrical and random.....
Relativity Theory – governs the behaviour of impossibly super-massive cosmic objects – any
apparent randomness or asymmetry is as a result of Quantum Dynamics.....
Wave Mechanics (String Theory) – integrates the behaviour of every type of object –randomness
and asymmetry is a result of Unknown Forces and Quantum Dynamics.....

Standard (Integrated) Risk Framework
• Systemic (external) Risk – Future Management Frameworks – Outsights / Eltville Model
• Operational (internal) Risk – CLAS, SOX / COBIT
• Market (macro-economic) Risk – COSO, Basle II / Solvency II, BoE / FSA
• Trade (micro-economic) Risk – COSO, SOX / COBIT, GAAP / IFRS
Event Risk
• Event Risk is the threat of loss from unexpected events. Event Risk measurement systems seek to quantify the
actual or potential (realised or unrealised) exposure of the total asset portfolio to unexpected Wild Card or Black
Swan Events. Event Risk may arise from Systemic (external) sources – such as Natural Disaster, Geo-political
Crisis, or the collapse of Local, Regional or Global Markets or the failure of Sovereign Nation States - or Operational
(internal) sources – such as Rogue Trading or the failure of Compliance or Disclosure systems and processes.
Market Risk
• Market Risk is the threat of loss from movements in the level or volatility of Market Prices – such as interest rates,
foreign currencies, equities and commodities. Market Risk measurement systems seek to recognise the actual or
potential (realised or unrealised) exposure of the total asset portfolio as a result of money supply or commodity price
shocks (sudden changes in the balance between supply and demand) and changes in market sentiment affecting
the attractiveness, desirability or value of the asset portfolio – as well as changes in the level of market intervention
(government legislation or market regulation).
Trade Risk
• Trade Risk is the threat of loss from erosion in the attractiveness, desirability or value of specific traded instruments
between individual counterparties – including contracts for foreign currencies, equities and commodities. Trade Risk
measurement systems seek to quantify the actual or potential (realised or unrealised) value of specific contracts or
traded instruments, Trade Risk does not cover Incremental Risk Capital Charge (IRC) due to Toxic Asset lock-in.

Risk Types
Operational Risk Types
Internal
Risk Group
Employee
Third Party
B
A
Human
Risk
Process
Risk
3rd Party Risk
G
Systemic Risk Types
External
Risk Group
B
Security
Risk
F
Legal
Risk
D
C
Technology
Risk
- Liquidity Risk
Economic
Risk
E
Compliance Risk
F D
H
E
A
G C
Disaster /
Catastrophe Risk
Sponsorship
Risk
Stakeholders
Political
Risk
Social
Risk
Environment
Risk
Security
Risk
Terrorism /
Piracy Risk
- Credit Risk
D
Competitor
Risk
J
F
Wild-card
Event Risk
Black Swan
Event Risk

Credit Risk
• Credit Risk is the threat of loss from changes in the status or liquidity of individual external debtors – changes in their
ability to service debts due to movement in their credit status, capitalisation, liquidity or solvency – or their exposure
to consequential losses due to statutory, regulatory or legal action. Credit Risk measurement systems seek to
quantify the actual or potential (realised / unrealised) ability of a Creditor to fulfil their contractual obligations.
Liquidity Risk – Solvency II and Basle II
• Liquidity Risk is the threat of loss from changes in the status or liquidity of an organisation –changes in their ability to
service debts due to internal movement in their credit status, capitalisation, liquidity or solvency – or their exposure to
consequential losses due to external statutory, regulatory or legal action. Liquidity Risk measurement systems seek to
quantify actual or potential (realised / unrealised) ability of a Bank or Insurer to meet provided / exposed liabilities.
• Basle II and Solvency II are Rules-based, Quantitative Risk Frameworks. The overhaul of the capital adequacy and
solvency rules is now well under way for European Financial Services - Banking and insurance - Life and Pensions,
General Insurers, Underwriters and Re-insurers -. Key drivers for Basle II and Solvency II include the following: -
• Key drivers for Basle II and Solvency II: -
• – EC directive around capital adequacy of Financial Services Companies
• – Critical requirement to bolster capital and strengthen balance sheets
• – Need to have reporting systems in place to demonstrate compliance
• – Deadline is Q4 2010 – so aggressive timeline for implementation
• – Fines and imprisonment for non-compliance or non-disclosure
• – Major insurance companies will invest £100m + in Compliance Programmes
• – Strategy, Business Process, Architecture and Technology changes
• – Specialisations include compliance, risk, finance, actuarial science

Risk Types
Trade Risk Types
Traded
Instrument
Trader
Counterparty
B
A
Fraud
Risk
Insurance
Risk
Counterparty
Risk
D
Market Risk Types
Commodity
B
Market
Sentiment
Quantity
Risk
E
Price
Risk
G
C
Exchange
Rate Risk
- Credit Risk
- Liquidity Risk
Market
Participants
F
Contract Risk
G D
I
F
H C
Currency
Risk
Commodity
Risk
Financial
Risk
Regulatory
Risk
Wild-card
Event Risk
Black Swan
Event Risk
E
Interest
Rate Risk
A
Money
Markets
Compliance
Risk
Supervisors
H
Statutory
Risk
Legislative Regulators
Price-shock
Risk

• Systemic Risk (external threats) - Eltville Model, Future Management Framework, Outsights
– Political Risk – Political Science, Futures Studies and Strategic Foresight
– Economic Risk – Fiscal Policy, Economic Analysis, Modelling and Forecasting
– Social Risk – Population Growth and Migration, Futures Studies and Strategic Foresight
– Environmental Risk – Climate Change, Environmental Analysis, Modelling and Forecasting
– Event Risk – exposure to unexpected local, regional or global events
• Wild Card Events – Horizon Scanning, Tracking and Monitoring – Weak Signals
• Black Swan Events – Scenario Planning and Impact Analysis – Future Management
• Market Risk (macro-economic threats) - COSO, Basle II / Solvency II, BoE / FSA
– Financial Risk – Traded Instrument Product Analysis, Valuation and Financial Management
– Currency Risk – FX Curves and Exchange-rate Forecasting
– Commodity Risk – Price Curves and Supply-Demand Forecasting
– Money Supply Risk – Interest Rate Curves and Money-market Forecasting
• Trade Risk (micro-economic threats) - COSO, Basle II / Solvency II, BoE / FSA
– Credit Risk – Credit Rating, Balanced Scorecard, Debtor Forecasting and Analysis
– Contract Risk – Asset Valuation, Credit Default Propensity Modelling
– Liquidity Risk – Solvency and Capital Adequacy Rules (Solvency II / Basle II)
– Insurance Risk – Underwriting Due Diligence and Compliance
– Actuarial Risk – Geo-demographic profiling and Morbidity Analysis
– Counter-Party Risk – Counter-Party Threat Analysis and Risk Management
– Fraud Risk (Rogue Trading) – Real-time Analytics at Point-of-Contract-Execution

Risk Types
Clinical Risk Types
Clinical
Risk Group
Employee
Patient
B
A
Human
Risk Process
Risk
D
Morbidity Risk Types
Morbidity
Risk Group
C
Legal
Risk
F
3rd Party
Risk
G
C
Technology
Risk
Trauma
Risk
E
Morbidity Risk
H E
J
G
A
I D
Immunological
System Risk
Sponsorship
Stakeholders
Disease
Risk
Shock
Risk
Cardiovascular
System Risk
Pulmonary
System Risk
Toxicity
Risk
Organ Failure
Risk
- Airways
- Conscious
- Bleeding
Triage Risk
- Performance
- Finance
- Standards
Compliance Risk
H
Patient
Risk
Neurological
System Risk
F
B
Predation
Risk

• Operational Risk (internal / external operational threats) - CLAS, SOX / COBIT
– Legal Risk – Contractual Law Due Diligence and Compliance
– Statutory Risk – Legislative Due Diligence and Compliance
– Regulatory Risk – Regulatory Due Diligence and Compliance
– Competitor Risk – Competitor Analysis, Defection Detection and Churn Management
– Reputational Risk – Internet Content Scanning, Intervention and Threat Management
• Business Operations Risk (internal business threats)
– Process Risk – Business Strategy / Architecture, Enterprise Target Operating Model (eTOM) / Business
Process Management (BPM) Verification /Validation
– Stakeholder Risk – Benefits Realisation Strategy and Communications Management
– Information Risk – Information Strategy and Architecture, Data Quality Management
– Disclosure Risk – Enterprise Governance, Reporting and Controls (SOX / COBIT)
• Digital Communications and Technology Risk (internal technology threats)
– Technology Risk – Technology Strategy and Architecture
– Security Risk – Security Principles, Policies, Architecture and Models (CLAS)
– Vendor / 3rd Party Risk – Strategic Vendor Analysis and Supply Chain Management

Framework Development
Qui ne risque rien n'a rien…..

Enterprise Risk Management Framework Design
Changement est vieux comme le monde….. changement est aussi vieux que le temps.

Design
• This Section describes how to design an Enterprise Risk Management Framework – a set of
every type of risk event and which facilitate rapid and agile business transformation in order to deliver
• AUDIENCE

COSO Enterprise Risk Management Framework
• The COSO Enterprise Risk Management Framework has eight components
and four objectives categories. The eight components are: -
1. Internal Environment
2. Objective Setting
3. Event Identification
4. Risk Assessment
5. Risk Response
6. Control Activities
7. Information and Communication
8. Monitoring
• The four objectives categories - additional components highlighted are: -
1. Strategy - high-level goals, aligned with and supporting the organization's
mission
2. Operations - effective and efficient use of resources
3. Financial Reporting - reliability of operational and financial reporting
4. Compliance - compliance with applicable laws and regulations

Achievement of Objectives
• Within the context of an enterprise’s established mission or vision,
management establishes strategic objectives, selects strategy, and sets
aligned objectives cascading through the enterprise. This enterprise risk
management framework is geared to achieving an enterprise’s objectives,
set forth in four categories: -
– Strategic – high-level goals, aligned with and supporting its mission
– Operations – effective and efficient use of its resources
– Reporting – reliability of reporting
– Governance – compliance with applicable laws and regulations.
• This categorization of enterprise objectives allows a focus on separate
aspects of enterprise risk management. These distinct but overlapping
categories – a particular objective can fall into more than one category –
address different enterprise needs and may be the direct responsibility of
different executives. This categorization also allows distinctions between
what can be expected from each category of objectives. Another category,
safeguarding of resources, used by some entities, also is described
Enterprise Risk Management Framework Development

Enterprise Risk Management Components
• Enterprise Risk Management consists of eight interrelated components. These are
derived from the way that management runs an enterprise and are integrated with
the management process. These components are: -
1. Internal Environment – The internal environment encompasses the tone of
an organization, and sets the basis for how risk is viewed and addressed by
an entity’s people, including risk management philosophy and risk appetite,
integrity and ethical values, and the environment in which they operate: -
2. Objective Setting – Objectives must exist before management can identify
potential events affecting their achievement. Enterprise risk management
ensures that management has in place a process to set objectives and that
the chosen objectives support and align with the entity’s mission and are
consistent with its risk appetite.
3. Event Identification – Internal and external events affecting achievement of
an entity’s objectives must be identified, distinguishing between risks and
opportunities. Opportunities are channelled back to management’s strategy or
objective-setting processes.

Enterprise Risk Management Components (continued): -
4. Risk Assessment – Risks are analyzed, considering likelihood and impact, as
a basis for determining how they should be managed. Risks are assessed on
an inherent and a residual basis.
5. Risk Response – Management selects risk responses – avoiding, accepting,
reducing, or sharing risk – developing a set of actions to align risks with the
entity’s risk tolerances and risk appetite.
6. Control Activities – Policies and procedures are established and
implemented to help ensure the risk responses are effectively carried out.
7. Information and Communication – Relevant information is identified,
captured, and communicated in a form and timeframe that enable people to
carry out their responsibilities. Effective communication also occurs in a
broader sense, flowing down, across, and up the entity.
8. Monitoring – The entirety of enterprise risk management is monitored and
modifications made as necessary. Monitoring is accomplished through
ongoing management activities, separate evaluations, or both.

Relationship between Risk Objectives and Risk Components
• Enterprise risk management is not a strictly a serial process - where one
component affects only the next. It is a multidirectional, iterative process in which
almost any component can and does influence every other component.
• There is a direct relationship between objectives, which are what an entity strives to
achieve, and enterprise risk management components, which represent what is
needed to achieve them.
• The four objectives categories – strategic, operations, reporting and
compliance – are represented by the vertical columns, the eight components by
horizontal rows, and an entity’s organisational units by the third dimension.
• This depiction portrays the ability to focus on the entirety of a business entity’s
Enterprise Risk Management, or by objectives category, component, entity
organisation unit, or any subset, dimension, viewpoint or view thereof.
• The relationship of risk objectives and components is depicted as a three-
dimensional matrix - drawn in the form of a cube.

COSO - Relationship between Risk Objectives and Risk Components
• The relationship of the enterprise structure, risk objectives and risk components may be
depicted as a three-dimensional matrix – which is often drawn in the form of a cube: -
COSO - Risk Objectives and Risk Components

COSO - Organisation Dimensions
• Organisation Components
– Internal Environment
– Objective Setting
– Event Identification
– Talent Acquisition
– Talent Management
– Control Activities
– Information and Communication
– Monitoring
• Organisation – Business Structure
– Enterprise
– Division
– Segment
– Strategic Business Unit
• Organisation – Legal Structure
– Enterprise
– Group
– Company
– Subsidiary
• Organisation Dimensions
– Organisational Structure and Development
– Jobs and Descriptions
– Roles and Responsibilities
– Human Resources Management
– Enterprise Performance Management
• Organisation Categories
– Strategic Management
– Operational Management
– Financial Management
– Governance, Reporting and Controls
– Statutory and Regulatory Compliance

• Risk Components
Threat Environments
Objective Setting
Event Identification
Threat Assessment
Threat Response
Control Activities
Information and Communication
Monitoring
• Risk Dimensions
• Risk Categories
• Risk Components
• Organisation Units
• Risk Management Process
• Risk Categories
• Strategic
• Finance, Planning, Foresight
• Operational
• People, Process, Technology
• Reporting
• Enterprise Governance, Reporting and Controls
• Compliance
• Statutory / Regulatory / Standards Compliance
• Risk Management Processes
Threat Analysis
Risk Identification
Risk Prioritization
Risk Assessment
Risk Management Strategies
Risk Planning
Risk Mitigation
Risk Communication and Event Reporting
Risk Monitoring and Control
COSO – Enterprise Risk Dimensions

COSO – Categories Of Risk
Categories Of Risk. The risks faced by an enterprise should be classified in
relation to its unique business activities. There are a number of commonly used
risk categories which help to group risks according to the various structural
aspects of enterprise and their business unit activities: -
The following are examples of some frequently used Risk Categories: -
– Trade Risk (micro-economic)
• Fraud Risk
• Price Risk
• Quantity Risk
• Contract Risk
• Insurance Risk
• Counterparty Risk
• Exchange Rate Risk
– Market Risk (macro-economic)
• Commodity Risk
• Price Shock (Market Sentiment) Risk
• Currency Risk
• Interest Rate (Money Supply) Risk
• Regulatory / Statutory Risk
– Operational Risk (internal)
• Credit Risk
• Liquidity Risk
• Stakeholder Risk
• Reputational Risk
• Governance, Reporting and Controls
• Statutory and Regulatory Compliance
– Systemic Risk (external)
• Political Risk
• Economic Risk
• Sociological Risk
• Environmental Risk
• Security Risk (War, Piracy, Terrorism)

Establishing the Risk Context
Establishing the Risk Context involves implementing the following steps: -
1. Plan the Risk Framework approach to enterprise risk management : -
– Determine the scope of the risk management study
– Confirm the identity and objectives of stakeholders
– Select the basis upon which risks will be evaluated
– Map out risk management strategies, process and procedures
– Manage risk management constraints – time, scope, knowledge, resources.
2. Research the internal and external threats posed by any given risk domain
3. Identify all of the risk categories / groups in the risk domain subject to interest
4. Evaluating and Prioritising of all the types of risk apparent in the risk domain
5. Define a Risk Framework for describing and documenting E2E enterprise risk
management approach, policies, strategies, procedures, methods & techniques
6. Design an Analysis Matrix - internal / external threats, risk categories / groups.
7. Mitigation of Risks - risk management mitigation strategies – avoid / minimise.
8. Deliver the Risk Framework – deploying risk management techniques and
methods along with human, organisational, process and technology resources.

Risk Identification
After establishing the context, the next step in the process of managing risk is to
identify individual potential Threat Scenarios. Risks are threat events that, when
triggered, cause problems. Hence, risk identification can start with the source of
problems, or with the problem itself.
1. Source analysis Risk sources may be internal or external to the system that
is the target of risk management. Examples of risk sources are: stakeholders
of a project, employees of a company or the weather over an airport.
2. Problem analysis Risks events are related to identifiable threat scenarios.
For example: the threat of losing money, the threat of abuse of privacy
information or the threat of accidents and casualties. The threats may exist
with various entities, most important with shareholders, customers and
legislative bodies such as the government.
When either source or problem is known, then the events that a source may
trigger or the events that can lead to a problem can be investigated. For example:
stakeholders withdrawing during a project may endanger funding of the project;
privacy information may be stolen by employees even within a closed network;
large birds striking a Boeing 747 during takeoff may cause the engine to fail, a
lightning strike might cause onboard instrumentation to fail…..

Risk Analysis
Risk Domain
A
Threat A
Threat B
C
Risk Group
Risk Group
A
Risk
Group
Risk Group
Risk Type
Risk Type
1
Risk Type
Risk Event
Risk Event3
Risk
Risk
Event22 Risk
Event
Risk Type
Risk
Group
C
B Risk Group
Event
Trigger
B Risk Type
D Risk Group Risk TypeD
1 Risk Event
Risk Event3

Risk Identification (continued)
The chosen method of identifying risks may depend on culture, industry
practice and compliance. The identification methods are formed by
templates or the development of templates for identifying source, problem
or event. Common risk identification methods include: -
3. Objectives-based risk identification Organizations and project teams
have objectives. Any event that may endanger achieving an objective partly
or completely is identified as risk. Objective-based risk identification is at
the basis of COSO's Enterprise Risk Management -Integrated Framework
4. Scenario-based risk identification In scenario analysis different scenarios
are created. The scenarios may be the alternative ways to achieve an
objective, or an analysis of the interaction of forces in, for example, a
market or battle. Any event that triggers an undesired scenario alternative is
identified as risk -see Futures Studiesfor methodology used by Futurists.
5. Taxonomy-based risk identification The taxonomy in taxonomy-based
risk identification is a breakdown of possible risk sources. Based on the
taxonomy and knowledge of best practices, a questionnaire is compiled.
The answers to the questions reveal risks. Taxonomy-based risk
identification in software industry can be found in CMU/SEI-93-TR-6.

Risk Relationships – Groups and Types
A
B
C
D
E
G
H
F
Above is an illustration of risk relationships - how risk types might be connected. A detailed and
intimate understanding of the connection between risks may help us to answer questions such as: -
• Is risk type A related to risk types B and H – and if so, what is the nature of their relationships ?
• If risk type B occurs what is the impact on risk types C - G – are they more / less likely to occur ?
Answering questions such as these allows us to plan our risk management approach and mitigation
strategy – and to decide how to better focus our resources and effort on enterprise risk management.
Risk Group
Risk Type
Risk Group
Domain 1
Risk
Cluster
Risk
Cluster

The chosen method of identifying risks may depend on culture, industry
practice and compliance. The identification methods are formed by
templates or the development of templates for identifying source, problem
or event. Common risk identification methods include: -
6. Common-risk Checking There are several industry risk check-lists
available where common and well-known risks are documented. Every risk
in the check-list can be reviewed for suitability in application to a particular
set of common situations. An example of known risks in the software
industry is the Common Vulnerability and Exposures list may be found at
http://cve.mitre.org
7. Risk Charting This method extends the risk check-list approach by
documenting Enterprise Resources at risk, Threats to those resources
and any Modifying Factors which may increase or reduce that risk are
identified – along with any Risk Consequences that it is deemed desirable
to avoid. Creating a multi-dimensional risk matrix under these headings
supports a variety of different approaches. We can begin with resources
and consider the threats they are exposed to - along with the
consequences of each threat. Alternatively we can start with the threats
and examine which resources they would affect, or we can begin with the
consequences of risk and determine what combination of threats and
resources would bring about any manifestation of those risk consequences

Risk Management Strategies
• The objective of Risk Management is to reduce the diverse risks related to a particular
domain to the level acceptable by stakeholders - the public, the company, regulators, the
shareholders, the board of directors, the risk committee, the management team etc.
– Event Risk Management strategies are focused on risks stemming from physical
causes – such as natural disasters, fires or accidents causing damage, injury or death
– Legal Risk Management strategies are focused on risks stemming from legal causes
such as lawsuits and prosecution that are mainly operational and due diligence risks.
– Financial Risk Management focuses on those risks associated with financial or
traded instruments – such as trade risk, market risk, credit risk, liquidity risk or
insurance risk – which can be managed via transactions in financial markets.
• Risk may refer to the numerous types of threats caused by the environment, technology,
politics, economics, human actions, 3rd Parties, regulations, compliances, best practices,
standards, processes and events. Risk management involves deploying all the means
available for risk mitigation – resources such as assets, people, processes and technology

COSO – Risk Domains
The list below summarises some of the most common risk domains – along with
some indication of the potential risk impact and effects: -
• External Risk Domains
– Infrastructure: - transport for staff, power and water supply business
relationships with partners, communications – voice / data / internet / email
– Economic: - interest rates, exchange rates, inflation
– Legal and Regulatory: - e.g. health and safety legislation
– Environmental : - energy consumption, pollution, climate change
– Political: - possible political constraints such as a change of government
– Trade: - Traded Instruments, counterparty performance, vendor performance,
– Market: - Competition, supply / demand and price curves for commodities
– "Act of God“ Natural Disaster: - fire, flood, drought, pandemic, landslide,
earthquake, volcanic eruption, tsunami, impact of deep space objects.....
• Reputational Risk
– Public Reputation: - Public Relations, performance, reputation, brand loyalty,
goodwill towards the organisation – along with consequential (intended and
unintended) internal and external impact and ramifications
– Personal Reputation: - Reputation, conduct and behaviour of the officers of the
organisation and consequential (intended and unintended) internal and external
effects on the organisation

COSO – Threats
• There may be a certain degree of overlap between some threat categories, they are,
however, suggested in order to help ensure that you do not overlook important
threat categories. Try to put each threat in the category that it belongs to – the one
which is most relevant to that threat. Some enterprises may even find they can
amalgamate some of these categories and some may find they need extra ones; -
– Strategic Threats - This allows you to look at external threats, which may affect
your enterprise such as changes in the environment in which you operate. It also
lets you look at setting organisational objectives and ensuring you set the right
objectives - and then meet them.
– Operational Threats - This looks at the risks, which arise from the services you
deliver or the activities you carry out.
– Financial Threats - This covers financial risks facing the organisation in terms of
internal systems, planning, funding etc.
– Human Threats - Review risks associated with both the employment of staff and
the involvement of volunteers.
– Statutory and Regulatory Governance Threats - This threat category looks at
the legislative framework within which your enterprise operates.
– Principles, Policies and Standards Governance Threats - This category of
threats allows you to review and examine those threats which are part of the
management of the enterprise.

COSO – Risk Categories
• Category of Risk Relating to... External Threats
– Infrastructure such as transport systems, utilities and power supply
systems, suppliers, business relationships with partners, dependency on
internet and email service providers
– Economic factors such as commodity prices, interest rates, availability of
funds and credit, exchange rates, inflation and liquidity risk
– Legal and regulatory – statutory regulation which if complied with will
reduce risk of litigation (e.g. Clinger-Cohen Act, Sarbanes-Oxley Act)
– Environmental Issues – such as fuel consumption, pollution
– Political – possible political constraints such as change of government
– Market Issues – such as competition and supply of goods
– ‘Act of God’ – natural disasters such as fire, flood, earthquake
• Category of Risk Relating to... Human Resources
– Recruitment – availability, recruitment and retention of suitable staff,
– Personnel – training, motivation and morale of staff
– Health and safety – laws and regulations which if complied with should
reduce hazards and increase security and well-being of employees

COSO – Risk Groups
• Internal Risk Groups – Operational / Organisational Risk
– Policy Risk: - appropriateness and quality of policy decisions
– Operational Risk: - procedures employed to achieve particular objectives
– Information Risk: - adequacy of information used for decision making
– Transferable Risks: - opportunity cost of outsourcing risks at appropriate cost –
risks that may be transferred outside of the organisation to be dealt with by third
parties (managed, insured, underwritten)
– Technology Risk: - risk in use of technology to achieve corporate objectives
– Project / Programme Risk: - project planning and management procedures
– Innovation Risk: - exploitation of opportunities to make gains
– Personnel Risk: - availability and retention of suitable staff
– Health and Safety Risk: - health, safety and well-being of people

COSO – Risk Groups
• Financial Risk Domain
– Budgetary Risk - availability and allocation of resources
– Fraud or theft: - unproductive loss of assets and resources
– Insurable - potential areas of loss that can be insured against
– Capital investment - making appropriate investment decisions
– Liability - the right to sue or be sued in contract agreements
– External Finance (Trade) Risk – Market Risk (Commodities) / Money Supply
Risk – Credit Options, Interest Rate
– Internal Finance (Operational) Risk - Credit Risk / Liquidity Risk
• Internal Reputation Risk
– Fraud Risk – rogue trading, trading beyond authorisation / limits, breach of
contractual / statutory / regulatory / ethical obligations
– Employee Performance Risk – achievement of quality / financial / performance
targets by employees
– Employee Relations Risk - staff morale and goodwill, internal reputation of the
organisation and consequent internal effects

Enterprise Risk Management Framework Delivery
Changement est vieux comme le monde….. changement est aussi vieux que le temps.

Delivery
• This Section describes how to implement an Enterprise Risk Management Framework – a set of
every type of risk event - and which facilitate rapid and agile business transformation in order to deliver
• AUDIENCE

Risk Management Framework Delivery – Key Issues
• Enterprise Risk Management Frameworks are a set of processes, data, systems
and technology which help to manage and control every type of risk event.
• Enterprise Risk Management Frameworks facilitate rapid and agile business
transformation in order to deliver the clients desired future organisational structure
and target business operating model which are resilient to the impact of risk
• Enterprise Risk Management Frameworks therefore ensure Critical Success
factors such as enterprise governance, reporting and controls, disaster planning and
recovery management, business continuity, statutory and regulatory compliance
• The Enterprise Risk Management Framework can easily be implemented using
Amphora Symphony supported by SAP modules - SAP HANA, Business Objects,
EPM, GRC, SEM, TRM. There are also Oracle and Microsoft options.....

1. Framing and Scoping the Risk Management Study
– Risk Research – understanding and evaluating the problem domain
2. Decide Risk Appetite and Risk Mitigation Strategies
– Risk Identification – identifying applicable Threats, Risk Categories, Risk Groups and Risk Types
3. Determine Risk Organization Structure and Governance Methods
– Risk Prioritization – ordering and prioritising threats by probability / magnitude
4. Develop Risk Management Framework Structure, Methods and Metrics
– Risk Assessment – comparing and balancing the individual threat posed by each risk item in the
ordered and prioritized consolidated enterprise risk register
5. Design Risk Management Framework Structure – Risk Model and Processes
– Risk Planning – assessing the overall threat contained within the risk register
6. Develop Risk Management Framework Content – Risk Reporting and Controls
– Risk Management Strategies – transferring, avoiding, reducing or accepting risk
7. Deploy Risk Management Framework – Training, Infrastructure and Systems
– Risk Mitigation – introduce Risk Management processes, systems and controls
8. Implement Risk Management Framework – Go-live
– Risk Implementation – start managing risk by reducing uncertainty through the targeted application of
strategic foresight, planning and forecasting and rolling out Risk Management processes, systems and
controls

Professors Peter Bishop and Andy Hines at the University of Texas Futures
Studies School at the Houston Clear Lake site, have developed a definitive
Strategic Foresight Framework for Enterprise Risk Management: –
Thinking About the Future Framework
1. FRAMING AND SCOPING •
• This important first step enables organizations to define the purpose. focus, scope and
boundaries of the Political, Legal, Economic, Cultural, Business and Technology problem
/ opportunity domains requiring resolution. Taking time at the outset of an Enterprise
Risk Management programme, the Strategic Foresight Team defines the Threat / Risk
Study domain, outlines the required outcomes, goals and objectives and determines how
best to achieve them. •
• Risk Strategy Study Definition – Problem / Opportunity Domains: -
– Definition - Focus, Scope, Purpose and Boundaries
– Approach - What – How – Why – Who – When – Where?
– Justification - Cost, Duration and Resources v. Future Benefits and Cash Flows

Enterprise Risk Management 2015 PDF

Enterprise Risk Management 2015 PDF

Recomendados

Recomendados

Más contenido relacionado

Similar a Enterprise Risk Management 2015 PDF

Similar a Enterprise Risk Management 2015 PDF (20)

Más de Nigel Tebbutt 奈杰尔泰巴德

Más de Nigel Tebbutt 奈杰尔泰巴德 (12)