Our in-house produced Business Analytics trade publication series is focused on broad issues of enterprise risk management (ERM), with a particular emphasis on executive risk, which in spite of its practical significance continues to receive comparatively little theoretical attention. Our goal is to contribute to the utility of the conceptually-rich, though largely normatively-described ERM frameworks (e.g., COSO in North America; AS/NZ ISO 31000: 2009 in Australia & New Zealand) by detailing the requisite data analytical "how-to", a necessary prerequisite to operationalizing those and other risk assessment frameworks. More recently, the scope of our research was expanded to look beyond the 'traditional' view of enterprise risk resulting in a new, broad framework that ties together the historically stand-alone disciplines of 'risk management', 'organizational resilience' and 'change management'.
Threat Exposure Management: Risk | Resilience | Change (book)
Enterprise risk management (ERM), as conceptualized by the COSO and ISO 31000 frameworks, is the 'gold standard' for organizations wishing to aggressively management internal as well as external threats. However, even advanced ERM practices tend to focus, primarily, on risks that exhibit mathematically-estimable properties, which tend to effectively narrow their assessment scope to known, recurring risks. Furthermore, business organizations tend to rely on multiple planning, control and response mechanisms, which operate as stand alone, self-focused business functions. To that end, most larger firms have formal ‘risk management’ function, many have formal ‘business continuity’ and ‘emergency management’ capabilities, and some even have somewhat formalized ‘change management’ capabilities – however, in almost no cases are those functions tied together by a single total threat abatement control and coEnterprise Risk Management (ERM) is one of the most talked about topics in risk management, yet surprisingly little of that buzz has turned into reality. Why? Simply because for the vast majority of organizations this conceptually appealing idea is not operationally feasible.ordination system. All considered, ERM, in spite of its name is not truly enterprise-wide in scope, which means that a new, broader framework is needed.
Threat Exposure Management: Risk, Resilience, Change presents a broad framework which amalgamates the 'traditional' risk management practices, organizational resilience (itself is a newly-crystalized discipline combining emergency management, inclusive of disaster risk reduction), business continuity planning, and change management. Based on three foundations of knowledge, agility and communication, the Threat Exposure Management (TEM) framework conceptualizes the currently stand-alone disciplines of risk management, organizational resilience, business continuity planning, and change management as integrated parts of a singular threat abatement organizational management infrastructure. The framework casts risk management as a 'shield' the goal of which is to deflect risks, while it depicts organizational resilience as a 'buffer', the goal of which is to absorb those threats that the 'risk management shield' cannot deflect. Lastly, the TEM framework conceptualizes change management quite differently - although in principle, self-imposed organizational change can certainly be a source of risk, the TEM framework views it as a source of growth. An updated revision of the earlier released Total Exposure Management, Threat Exposure Management combines a summary of established thinking, primarily in the areas of risk management and organizational resilience, with some new theoretical constructs and computational approaches, primarily in the area of change management.
Copyright 2017, Erudite Analytics, Paperback, 288 pages. $49.95.
Risk Profiling of Organizations (book)
Enterprise Risk Management (ERM) is one of the most talked about topics in risk management, yet surprisingly little of that buzz has turned into reality. Why? Simply because for the vast majority of organizations this conceptually appealing idea is not operationally feasible.
The inspiration behind writing of the Risk Profiling of Organizations was the desire to enhance the utility of the conceptually-compelling, but operationally-incomplete ERM frameworks (most notably, the widely-cited COSO framework in the U.S and the AS/NZ ISO 31000: 2009, originally developed in Australia and New Zealand, but also widely used in the EU). With that in mind, we set out to sketch out a maximally all-inclusive, statistical methodology-focused means of objectively deriving ERM frameworks-demanded informational inputs. Furthermore, it was also our desire to bring forth non-traditional data sources that could nonetheless be used to quantify the often overlooked exposures. To make the potentially staggering analytical task manageable, our approach narrows the all-inclusive definition of "risk" to only those events that can exert a material impact on earnings of organizations, which is in keeping with our industry experience. All considered, Risk Profiing of Organizations details a step-by-step analytical process for systematically transforming available data into decision aiding, risk quantification knowledge, with the ultimate goal of operationalizing the aforementioned ERM frameworks.
Copyright 2009, 2014 Erudite Analytics. Paperback, 331 pages. $49.95.
Cracking the Code of Executive Threat (book)
Executive risk is one of the least understood aspects of organizational risk exposure, in large part because it is among the least "tangible" threats facing business organizations. The relative intangibility of executive risks stems from the lack of clear and objective loss bases that characterizes executive exposures, which means that those threats cannot be easily tied to objective indicators. In addition, the very scope of executive risk, in terms of what it is vs. what it is not, is ill-defined, which further compounds the difficulty of managing it.
Cracking of the Code of Executive Risk offers a comprehensive overview of executive risk faced by (primarily) public companies. The author delineates seven distinct sets of constituents (shareholders, employees, regulators, customers, suppliers, creditors and competitors) and four shaping forces (political, judicial, regulatory and competitive) which jointly determine the scope and the nature of executive risk - i.e., what it is vs. what it is not. Each distinct executive threat is causally examined with the goal of delineating "leading indicators" and other factors that can be used to assess the organization-specific exposure to executive risk and to take proactive risk mitigation steps. The root causes of individual manifestations of executive risk are explained both in conceptual terms (e.g., specific constituent groups and their underlying legal standing) as well as the more analytically meaningful observable precipitating factors (e.g., filings of a securities litigation or an EEOC claim), all with the goal of deepening the readers' understanding of that somewhat esoteric area of organizational risk.
Copyright 2015, Erudite Analytics. Paperback, 281 pages. $48.00.