Simple Tools and Techniques for Enterprise Risk Management

About the author ROBERT J. CHAPMAN is the Director of Risk Management in the Middle East for AECOM, a publicly traded company on the New York Stock Exchange, and listed on the Fortune 500 as one of America's largest companies. Prior to this he held the position of Director of Risk Management at a number of European companies and has provided risk management consultancy services in Holland, Ireland, South Africa, Qatar, England and the UAE to companies within the pharmaceutical, aviation, marine, rail, broadcast, heritage, health, education, manufacturing, water, sport, oil and gas, property development, construction and media sectors. He was made a Fellow of both the Institute of Risk Management (UK) and the Association for Project Management (UK) for his contribution to the development of the discipline of risk management. He has provided guidance to the Chartered Institute of Accountants in England and Wales in the form of a risk management handbook and was a co-author of Management of Risk: Guidance for Practitioners published by the Office of Government Commerce and Managing Business Risk published by Kogan Page. He has had articles on the subject of risk management published in three languages and has a PhD in risk management.

• List of Figures xxviiPreface to the Second Edition xxxiAcknowledgements xxxvAbout the Author xxxviiPart I Enterprise Risk Management In Context 11 Introduction 31.1 Risk Diversity 41.2 Approach to Risk Management 51.3 Business Growth Through Risk Taking 51.4 Risk and Opportunity 61.5 The Role of the Board 71.6 Primary Business Objective (or Goal) 81.7 What is Enterprise Risk Management? 91.8 Benefits of Enterprise Risk Management 101.9 Structure 121.9.1 Corporate Governance 121.9.2 Internal Control 131.9.3 Implementation 141.9.4 Risk Management Framework 141.9.5 Risk Management Policy 151.9.6 Risk Management Process 151.9.7 Sources of Risk 161.10 Summary 161.11 References 162 Developments in Corporate Governance in the UK 192.1 Investor Unrest 192.2 The Problem of Agency 202.3 The Cadbury Committee 212.4 The Greenbury Report 232.5 The Hampel Committee and the Combined Code of 1998 232.6 Smith Guidance on Audit Committees 232.7 Higgs 242.8 Tyson 242.9 Combined Code on Corporate Governance 2003 252.10 Companies Act 2006 262.11 Combined Code on Corporate Governance 2008 262.12 Sir David Walker’s Review of Corporate Governance, July 2009 (Consultation Paper) 272.13 Sir David Walker’s Review of Corporate Governance, November 2009 (Final Recommendation) 292.14 House of Commons Treasury Committee 2009 302.15 UK Corporate Governance Code, June 2010 322.16 The “Comply or Explain” Regime 342.17 Definition of Corporate Governance 342.18 Formation of Companies 352.19 The Financial Services Authority and Markets Act 2000 362.20 The London Stock Exchange 362.21 Summary 372.22 References 383 Developments in Corporate Governance in the US 413.1 Corporate Governance 413.2 The Securities and Exchange Commission 423.2.1 Creation of the SEC 423.2.2 Organisation of the SEC 433.3 The Laws That Govern the Securities Industry 443.3.1 Securities Act 1933 443.3.2 Securities Exchange Act 1934 443.3.3 Trust Indenture Act 1939 453.3.4 Investment Company Act 1940 453.3.5 Investment Advisers Act 1940 453.4 Catalysts for the Sarbanes-Oxley Act 2002 453.4.1 Enron 463.4.2 WorldCom 473.4.3 Tyco International 473.4.4 Provisions of the Act 503.4.5 Implementation 523.4.6 Sarbanes-Oxley Section 404 523.4.7 The Positive Effects of Post-Enron Reforms 523.4.8 Criticism of Section 404 Before the Global Financial Crisis 543.4.9 Criticism of Section 404 After the Global Financial Crisis 543.5 National Association of Corporate Directors 2008 553.6 Summary 563.7 References 574 The Global Financial Crisis of 2007–2009: A US Perspective 594.1 The Financial Crisis in Summary 594.2 How the Financial Crisis Unfolded 604.3 The United States Mortgage Finance Industry 614.4 Subprime Model of Mortgage Lending 614.4.1 Contributing Events to the Credit Crisis 614.4.2 Foreclosures 634.4.3 Negative Equity 654.4.4 Housing Surplus 674.4.5 Vicious Circles 684.5 Why this Crisis Warrants Close Scrutiny 684.6 Behaviours 704.6.1 Investor Behaviour in the Search for Yield 704.6.2 Mortgage Lending Behaviour 714.6.3 Bank Behaviour and Risk Transfer through Securitised Credit 714.6.4 “Group Think” and Herd Behaviour 724.6.5 Banks’ Behaviour and Risk Appetite 744.6.6 Behaviour of Regulators and the Division of “Narrow Banking” from Investment Banking 754.6.7 Banks’ Behaviour and Misplaced Reliance of Sophisticated Mathematics and Statistics 754.7 Worldwide Deficiencies in Risk Management 764.8 Federal Reform 764.9 Systemic Risk 794.10 The Future of Risk Management 814.11 Summary 824.12 References 825 Developments in Corporate Governance in Australia and Canada 855.1 Australian Corporate Governance 855.1.1 Regulation Arising from Corporate Failures 855.1.2 Corporate Governance Reforms Following the Accounting Scandals of the Early 2000s 865.1.3 Horwath 2002 Corporate Governance Report 885.1.4 The ASX Corporate Governance Council 895.1.5 Financial Statements 905.2 Canada 905.2.1 Dey Report 905.2.2 Dey Revisited 915.2.3 Kirby Report 915.2.4 Saucier Committee 925.2.5 National Policy and Instrument (April 2005) 925.2.6 TSE Corporate Governance: Guide to Good Disclosure 2006 935.3 Summary 945.4 References 946 Internal Control and Risk Management 976.1 The Composition of Internal Control 976.2 Risk as a Subset of Internal Control 986.2.1 The Application of Risk Management 986.3 Allocation of Responsibility 1026.3.1 Cadbury Committee 1026.3.2 Hampel Committee 1026.3.3 Turnbull 1036.3.4 Higgs Review 1046.3.5 Smith Review 1046.3.6 OECD 1056.4 The Context of Internal Control and Risk Management 1066.5 Internal Control and Risk Management 1076.6 Embedding Internal Control and Risk Management 1076.7 Summary 1076.8 References 1087 Developments in Risk Management in the UK Public Sector 1097.1 Responsibility for Risk Management in Government 1097.1.1 Cabinet Office 1107.1.2 Treasury 1117.1.3 Office of Government Commerce 1117.1.4 National Audit Office 1127.2 Risk Management Publications 1127.3 Successful IT 1137.4 Supporting Innovation 1157.4.1 Part 1: Why Risk Management is Important 1157.4.2 Part 2: Comprehension of Risk Management 1157.4.3 Part 3: What More Needs to be Done to Improve Risk Management 1157.5 The Orange Book 1167.5.1 Identify the Risks and Define a Framework 1167.5.2 Assign Ownership 1167.5.3 Evaluate 1177.5.4 Assess Risk Appetite 1177.5.5 Response to Risk 1177.5.6 Gain Assurance 1187.5.7 Embed and Review 1187.6 Audit Commission 1187.7 CIPFA/SOLACE Corporate Governance 1207.8 M_o_R 2002 1217.9 DEFRA 1237.9.1 Risk Management Strategy 1237.10 Strategy Unit Report 1247.11 Risk and Value Management 1257.12 The Green Book 1267.12.1 Optimism Bias 1267.12.2 Annex 4 1277.13 CIPFA Guidance on Internal Control 1277.14 Managing Risks to Improve Public Services 1297.15 The Orange Book (Revised) 1317.16 M_o_R 2007 1327.17 Managing Risks in Government 1327.18 Summary 1347.19 References 136Part II The Risk Management Process 137References 1398 Establishing the Context: Stage 1 1418.1 Process 1418.2 Process Goal and Subgoals 1428.3 Process Definition 1438.4 Process Inputs 1438.5 Process Outputs 1458.6 Process Controls (Constraints) 1458.7 Process Mechanisms (Enablers) 1468.7.1 Ratios 1468.7.2 Risk Management Process Diagnostic 1478.7.3 SWOT Analysis 1488.7.4 PEST Analysis 1488.8 Process Activities 1498.8.1 Business Objectives 1498.8.2 Business Plan 1508.8.3 Examining the Industry 1518.8.4 Establishing the Processes 1518.8.5 Projected Financial Statements 1538.8.6 Resources 1558.8.7 Change Management 1558.8.8 Marketing Plan 1558.8.9 Compliance Systems 1568.9 Summary 1568.10 References 1569 Risk Identification: Stage 2 1599.1 Process 1599.2 Process Goal and Subgoals 1599.3 Process Definition 1609.4 Process Inputs 1619.5 Process Outputs 1629.6 Process Controls (Constraints) 1629.7 Process Mechanisms (Enablers) 1639.7.1 Risk Checklist 1639.7.2 Risk Prompt List 1639.7.3 Gap Analysis 1639.7.4 Risk Taxonomy 1649.7.5 PEST Prompt 1659.7.6 SWOT Prompt 1689.7.7 Database 1689.7.8 Business Risk Breakdown Structure 1699.7.9 Risk Questionnaire 1699.7.10 Risk Register Content/Structure 1709.8 Process Activities 1719.8.1 Clarifying the Business Objectives 1719.8.2 Reviewing the Business Analysis 1719.8.3 Need for Risk and Opportunity Identification 1719.8.4 Risk and Opportunity Identification 1729.8.5 Facilitation 1729.8.6 Gaining a Consensus on the Risks, the Opportunities andtheir Interdependencies 1829.8.7 Risk Register 1829.9 Summary 1829.10 References 18210 Risk Analysis: Stage 3 18510.1 Process 18510.2 Process Goal and Subgoals 18610.3 Process Definition 18610.4 Process Inputs 18610.5 Process Outputs 18810.6 Process Controls (Constraints) 18810.7 Process Mechanisms (Enablers) 18810.7.1 Probability 18810.8 Process Activities 18910.8.1 Causal Analysis 19010.8.2 Decision Analysis and Influence Diagrams 19010.8.3 Pareto Analysis 19310.8.4 CAPM Analysis 19410.8.5 Define Risk Evaluation Categories and Values 19510.9 Summary 19510.10 References 19611 Risk Evaluation: Stage 4 19711.1 Process 19711.2 Process Goal and Subgoals 19711.3 Process Definition 19811.4 Process Inputs 19811.5 Process Outputs 19811.6 Process Controls (Constraints) 19911.7 Process Mechanisms (Enablers) 20011.7.1 Probability Trees 20011.7.2 Expected Monetary Value 20111.7.3 Utility Theory and Functions 20311.7.4 Decision Trees 20411.7.5 Markov Chain 20811.7.6 Investment Appraisal 21011.8 Process Activities 21511.8.1 Basic Concepts of Probability 21511.8.2 Sensitivity Analysis 21611.8.3 Scenario Analysis 21711.8.4 Simulation 21711.8.5 Monte Carlo Simulation 21811.8.6 Latin Hypercube 22011.8.7 Probability Distributions Defined from Expert Opinion 22011.9 Summary 22111.10 References 22212 Risk Treatment: Stage 5 22312.1 Process 22312.2 Process Goal and Subgoals 22312.3 Process Definition 22412.4 Process Inputs 22412.5 Process Outputs 22412.6 Process Controls (Constraints) 22512.7 Process Mechanisms 22512.8 Process Activities 22612.9 Risk Appetite 22612.10 Risk Response Strategies 22812.10.1 Risk Reduction 22812.10.2 Risk Removal 22812.10.3 Risk Reassignment or Transfer 22912.10.4 Risk Retention 23012.11 Summary 23012.12 References 23113 Monitoring and Review: Stage 6 23313.1 Process 23313.2 Process Goal and Subgoals 23413.3 Process Definition 23413.4 Process Inputs 23513.5 Process Outputs 23513.6 Process Controls (Constraints) 23513.7 Process Mechanisms 23613.8 Process Activities 23613.8.1 Executing 23613.8.2 Monitoring 23613.8.3 Controlling 23713.9 Summary 23913.10 Reference 24014 Communication and Consultation: Stage 7 24114.1 Process 24114.2 Process Goal and Subgoals 24214.3 Process Definition 24214.4 Process Inputs 24314.5 Process Outputs 24314.6 Process Controls (Constraints) 24414.7 Process Mechanisms 24414.8 Process Activities 24414.9 Internal Communication 24514.10 External Communication 24514.11 Summary 24514.12 Reference 246Part III Internal Influences – Micro Factors 24715 Financial Risk Management 24915.1 Definition of Financial Risk 24915.2 Scope of Financial Risk 25015.3 Benefits of Financial Risk Management 25015.4 Implementation of Financial Risk Management 25115.5 Liquidity Risk 25115.5.1 Current and Quick Ratios 25115.5.2 Mitigation of Liquidity Risk 25315.6 Credit Risk 25315.6.1 Default Risk 25315.6.2 Exposure Risk 25415.6.3 Recovery Risk 25415.6.4 Credit Insurance 25515.6.5 Counterparty Risk 25615.6.6 Due Diligence 25615.7 Borrowing 25915.8 Currency Risk 25915.9 Funding Risk 26015.10 Foreign Investment Risk 26215.10.1 Country Risk 26215.10.2 Environment Risk 26315.11 Derivatives 26315.11.1 Exchange Traded Derivatives 26315.11.2 Over-the-Counter Derivatives 26415.12 Summary 26415.13 References 26516 Operational Risk Management 26716.1 Definition of Operational Risk 26816.2 Scope of Operational Risk 26916.3 Benefits of Operational Risk 27016.4 Implementation of Operational Risk 27016.5 Strategy 27016.5.1 Definition of Strategy Risk 27016.5.2 Objectives 27116.5.3 Business Plan 27216.5.4 New Business Development 27216.5.5 Resources 27316.5.6 Stakeholder Interests 27316.5.7 Corporate Experience 27416.5.8 Reputation 27416.6 People 27516.6.1 Definition of People Risk 27516.6.2 Types of People Risk 27616.6.3 Human Resource Management Practices 27616.6.4 Ability to Pay Salaries 27716.6.5 Regulatory and Statutory Requirements 27716.6.6 Staff Constraints 28016.6.7 Staff Dishonesty 28716.6.8 Risk Management 28716.6.9 Health and Safety 29216.7 Processes and Systems 29216.7.1 Definition of Processes and Systems Risk 29316.7.2 Controls 29316.7.3 Regulatory and Statutory Requirements 29416.7.4 Continuity 29416.7.5 Indicators of Loss 29516.7.6 Transactions 29516.7.7 Computer/IT Systems 29716.7.8 Knowledge Management 30116.7.9 Project Management 30216.8 External Events 30316.8.1 Change Management 30316.8.2 Business Continuity 30416.9 Outsourcing 30516.10 Measurement 30716.11 Mitigation 30716.12 Summary 30716.13 References 30817 Technological Risk Management 30917.1 Definition of Technology Risk 31017.2 Scope of Technology Risk 31017.3 Benefits of Technology Risk Management 31117.4 Implementation of Technology Risk Management 31117.5 Primary Technology Types 31217.5.1 Information Technology 31217.5.2 Communications Technology 31517.5.3 Control Technology 31917.6 Responding to Technology Risk 32417.6.1 IT Governance 32417.6.2 Investment 32617.6.3 Projects 32917.7 Summary 33017.8 References 33118 Project Risk Management 33318.1 Definition of Project Risk 33418.2 Definition of Project Risk Management 33418.3 Sources of Project Risk 33518.4 Benefits of Project Risk Management 33518.5 Embedding Project Risk Management 33618.5.1 Common Challenges in Implementing Project Risk Management 33618.5.2 Lack of Clearly Defined and Disseminated Risk Management Objectives 33718.5.3 Lack of Senior Executive and Project Director Commitment and Support 33718.5.4 Lack of a Risk Maturity Model 33718.5.5 Lack of a Change Process to Implement the Discipline 33818.5.6 No Common Risk Language (Terms and Definitions) 33818.5.7 Lack of Articulation of the Project Sponsor’s Risk Appetite 33818.5.8 No Definition of Roles and Responsibilities 33918.5.9 Lack of Risk Management Awareness Training to Build Core Competencies 33918.5.10 Lack of Integration of Risk Management with Other Project Disciplines 34018.5.11 Reticence of Project Personnel to Spend Time on Risk Management 34018.5.12 Risk Owners not Automatically Taking Responsibility for Assigned Risks 34118.5.13 No Clear Demonstration of How Risk Management Adds Value and Contributes to Project Performance 34118.5.14 Overcomplicated Implementation from an Unclear Risk Policy, Strategy, Framework, Plan and Procedure 34118.5.15 Lack of Alignment between the Business Strategy, Business Model and the Risk Management Objectives 34118.5.16 Lack of the Integration of Risk Management Activities into the Day-to-Day Activities of Project Managers 34218.6 Project Risk Management Process 34218.6.1 Establish the Context 34218.6.2 Risk Identification 34418.6.3 Risk Analysis 34418.6.4 Risk Evaluation 34518.6.5 Risk Treatment 34518.6.6 Risk Monitoring and Review 34518.6.7 Communication and Consultation 34618.7 Responsibility for Project Risk Management 34618.8 Project Director’s Role 34718.9 Project Team 34718.9.1 Lack of Team Structure 34718.9.2 Lack of Definition of Roles 34818.9.3 Lack of Responsibility Assignment Matrix 34818.9.4 Poor Leadership 34818.9.5 Poor Team Communication 34818.10 Optimism Bias 34918.10.1 The Investment Decision 34918.10.2 Optimism Bias 35018.10.3 Monitoring 35018.10.4 Using Numerical Indicators in Project Decision Making 35018.10.5 Causes of Optimism Bias 35118.10.6 The Distinction between Risk Events and Optimism Bias 35118.11 Software Tools Used to Support Project Risk Management 35118.12 Techniques Used to Support Project Risk Management 35218.13 Summary 35218.14 References 35419 Business Ethics Management 35519.1 Definition of Business Ethics Risk 35519.2 Scope of Business Ethics Risk 35619.3 Benefits of Ethics Risk Management 35719.4 How Unethical Behaviour can Arise 35719.5 Recognition of the Need for Business Ethics 35819.5.1 US Department of Commerce 35819.5.2 The G8 Summit in Italy Pushes for a Return to “Ethics” 35919.5.3 OECD and Its Approach to Business Ethics 35919.5.4 UK Financial Services Authority 36019.5.5 US Department of Justice 36019.6 Factors that Affect Business Ethics 36119.7 Risk Events 36119.8 Implementation of Ethical Risk Management 36519.8.1 Areas of Focus 36519.8.2 Levels of Application 36619.8.3 The System 36819.9 Summary 37419.10 References 37420 Health and Safety Management 37520.1 Definition of Health and Safety Risk 37520.2 Scope of Health and Safety Risk 37620.3 Benefits of Health and Safety Risk Management 37620.3.1 Business Benefits 37720.3.2 The Enterprise Context: AstraZeneca 37820.4 The UK Health and Safety Executive 37820.4.1 The UK Perspective: Health and Safety Record 37920.5 The European Agency for Safety and Health at Work 37920.5.1 Main Challenges Concerning Health and Safety at Work 38020.6 Implementation of Health and Safety Risk Management 38020.6.1 Management Arrangements 38120.6.2 Risk Controls 38120.6.3 Workplace Precautions 38120.6.4 System Implementation 38220.7 Workplace Precautions 38220.8 Contribution of Human Error to Major Disasters 38220.8.1 Tenerife, 27 March 1977 38220.8.2 Chernobyl, 26 April 1986 38420.8.3 Kegworth, 8 January 1989 38520.8.4 Herald of Free Enterprise, 6 March 1987 38620.8.5 Piper Alpha, 6 July 1988 38720.8.6 Ladbroke Grove, 5 October 1999 38720.9 Improving Human Reliability in the Workplace 38820.10 Risk Management Best Practice 38920.10.1 Crisis Management Plan 38920.11 Summary 39020.12 References 390Part Iv External Influences – Macro Factors 39121 Economic Risk 39321.1 Definition of Economic Risk 39321.2 Scope of Economic Risk 39321.3 Benefits of Economic Risk Management 39421.4 Implementation of Economic Risk Management 39421.5 Microeconomics and Macroeconomics 39421.6 Macroeconomics 39521.6.1 Gross Domestic Product 39521.7 Government Policy 39721.7.1 Fiscal Policy 39721.7.2 Monetary Policy 39721.7.3 Competing Theories 39821.8 Aggregate Demand 39821.8.1 Using Aggregate Demand Curves 39921.8.2 Determinants of Consumer Spending 39921.8.3 Determinants of Investment Expenditure 40021.8.4 Determinants of Government Spending 40021.8.5 Determinants of Net Expenditure on Exports and Imports 40121.9 Aggregate Supply 40121.10 Employment Levels 40321.11 Inflation 40321.12 Interest Rate Risk 40421.13 House Prices 40521.14 International Trade and Protection 40521.14.1 Trade 40521.14.2 Methods of Protectionism 40621.14.3 Trade Policy 40621.14.4 Balance of Trade 40621.15 Currency Risk 40721.15.1 Risk Mitigation by Hedging 40721.16 Summary 41221.17 References 41222 Environmental Risk 41322.1 Definition of Environmental Risk 41322.2 Scope of Environmental Risk 41522.3 Benefits of Environmental Risk Management 41522.4 Implementation of EnvironmentalRisk Management 41522.5 Energy Sources 41622.5.1 Renewable Energy 41722.6 Use of Resources 41922.7 Pollution 42022.8 Global Warming 42022.9 Response to Global Warming 42222.9.1 Earth Summit 42222.9.2 The Kyoto Protocol 42222.9.3 Pollution Control Targets 42222.9.4 Sufficiency of Emission Cuts 42322.9.5 US Climate Pact 42322.9.6 The Copenhagen Accord 42422.9.7 European Union 42522.9.8 Cancún Agreements 42522.9.9 Domestic Government Response to Climate Change 42622.9.10 Levy 42722.9.11 Emissions Trading 42822.9.12 Impact on Business 42822.10 Stimulation to Environmental Considerations 42922.10.1 FTSE4Good Index 42922.10.2 Carbon Trust 42922.10.3 Public Pressure 43022.11 Environmental Sustainability 43122.12 Summary 43222.13 References 43323 Legal Risk 43523.1 Definition of Legal Risk 43523.2 Scope of Legal Risk 43523.3 Benefits of Legal Risk Management 43623.4 Implementation of Legal Risk Management 43623.5 Business Law 43723.6 Companies 43823.6.1 The Company Name 43823.6.2 The Memorandum of Association 43823.6.3 Articles of Association 43923.6.4 Financing the Company 43923.6.5 The Issue of Shares and Debentures 44023.6.6 The Official Listing of Securities 44023.6.7 The Remedy of Rescission 44023.6.8 Protection of Minority Interests 44023.6.9 Duties of Directors 44123.7 Intellectual Property 44123.7.1 Patents 44123.7.2 Copyright 44523.7.3 Designs 44623.8 Employment Law 44723.9 Contracts 44723.9.1 Essentials of a Valid Contract 44723.9.2 Types of Contract 44723.10 Criminal Liability in Business 44823.10.1 Misdescriptions of Goods and Services 44823.10.2 Misleading Price Indications 44923.10.3 Product Safety 45023.11 Computer Misuse 45123.11.1 Unauthorised Access to Computer Material 45123.11.2 Unauthorised Access with Intent to Commit or FacilitateFurther Offences 45123.11.3 Unauthorised Modification of Computer Material 45123.12 Summary 45224 Political Risk 45324.1 Definition of Political Risk 45424.2 Scope of Political Risk 45424.2.1 Macropolitical Risks 45424.2.2 Micropolitical Risks 45524.3 Benefits of Political Risk Management 45524.4 Implementation of Political Risk Management 45524.5 Zonis and Wilkin Political Risk Framework 45724.6 Contracts 45924.7 Transition Economies of Europe 45924.8 UK Government Fiscal Policy 46024.9 Pressure Groups 46124.10 Terrorism and Blackmail 46124.11 Responding to Political Risk 46224.11.1 Assessing Political Risk Factors 46324.11.2 Prioritising Political Risk Factors 46424.11.3 Improving Relative Bargaining Power 46424.12 Summary 46424.13 References 46525 Market Risk 46725.1 Definition of Market Risk 46725.2 Scope of Market Risk 46825.2.1 Levels of Uncertainty in the Marketing Environment 46925.3 Benefits of Market Risk Management 47025.4 Implementation of Market Risk Management 47025.5 Market Structure 47025.5.1 The Number of Firms in an Industry 47125.5.2 Barriers to Entry 47125.5.3 Product Homogeneity, Product Diversity and Branding 47325.5.4 Knowledge 47325.5.5 Interrelationships within Markets 47425.6 Product Life Cycle Stage 47525.6.1 Sales Growth 47625.7 Alternative Strategic Directions 47625.7.1 Market Penetration 47725.7.2 Product Development 47725.7.3 Market Development 47925.7.4 Diversification 48125.8 Acquisition 48225.9 Competition 48325.9.1 Price Stability 48325.9.2 Non-Price Competition 48425.9.3 Branding 48525.9.4 Market Strategies 48625.10 Price Elasticity/Sensitivity 48925.10.1 Elasticity 48925.10.2 Price Elasticity 48925.11 Distribution Strength 49025.12 Market Risk Measurement: Value at Risk 49025.12.1 Definition of Value at Risk 49025.12.2 Value at Risk 49025.12.3 VaR Model Assumptions 49125.12.4 Use of VaR to Limit Risk 49325.12.5 Calculating Value at Risk 49425.13 Risk Response Planning 49625.14 Summary 49625.15 References 49726 Social Risk 49926.1 Definition of Social Risk 49926.2 Scope of Social Risk 50026.3 Benefits of Social Risk Management 50026.4 Implementation of Social Risk Management 50126.5 Education 50126.6 Population Movements: Demographic Changes 50226.6.1 The Changing Market 50326.7 Socio-Cultural Patterns and Trends 50426.8 Crime 50426.8.1 Key Facts 50426.9 Lifestyles and Social Attitudes 50526.9.1 More Home Improvements 50526.9.2 Motherhood, Marriage and Family Formation 50526.9.3 Health 50626.9.4 Less Healthy Diets 50726.9.5 Smoking and Drinking 50826.9.6 Long Working Hours 50926.9.7 Stress Levels 50926.9.8 Recreation and Tourism 51026.10 Summary 51026.11 References 511Part V The Appointment 51327 Introduction 51527.1 Change Process From the Client Perspective 51527.1.1 Planning 51527.1.2 Timely Information 51627.1.3 Risk Management Resources 51627.2 Selection of Consultants 51727.2.1 Objectives 51727.2.2 The Brief 51727.2.3 Describing Activity Interfaces 51727.2.4 Appointment Process Management 51827.2.5 The Long-Listing Process 51827.2.6 Short-List Selection Criteria 51927.2.7 Request for a Short-Listing Interview 51927.2.8 Compilation of Short List 51927.2.9 Prepare an Exclusion Notification 52027.2.10 Prepare Tender Documents 52027.2.11 Agreement to be Issued with the Tender Invitation 52127.2.12 Tender Process 52127.2.13 Award 52127.2.14 Notification to Unsuccessful Tenderers 52227.3 Summary 52227.4 Reference 52228 Interview with the Client 52328.1 First Impressions/Contact 52328.2 Client Focus 52428.3 Unique Selling Point 52428.4 Past Experiences 52628.5 Client Interview 52728.5.1 Scene/Overview 52728.5.2 Situation/Context 52728.5.3 Scheme/Plan of Action 52728.5.4 Solution Implementation 52828.5.5 Success, Measurement of 52828.5.6 Secure/Continue 52828.5.7 Stop/Close 52828.6 Assignment Methodology 52828.7 Change Management 52928.8 Sustainable Change 52928.9 Summary 53028.10 References 53129 Proposal 53329.1 Introduction 53329.2 Proposal Preparation 53329.2.1 Planning 53329.2.2 Preliminary Review 53429.3 Proposal Writing 53429.3.1 Task Management 53429.3.2 Copying Text 53429.3.3 Master Copy 53429.3.4 Peer Review 53429.4 Approach 53529.5 Proposal 53529.5.1 Identify the Parties – the Who 53529.5.2 Identify the Location – the Where 53729.5.3 Understand the Project Background – the What 53729.5.4 Define the Scope – the Which 53729.5.5 Clarify the Objectives – the Why 53729.5.6 Determine the Approach – the How 53829.5.7 Determine the Timing – the When 53829.6 Client Responsibilities 53829.7 Remuneration 53929.8 Summary 53929.9 References 53930 Implementation 54130.1 Written Statement of Project Implementation 54130.2 Management 54130.2.1 Objectives 54130.2.2 Planning the Project 54230.2.3 Consultant Team Composition 54330.2.4 Interface with Stakeholders 54330.2.5 Data Gathering 54330.2.6 Budget 54430.2.7 Assessment of Risk 54430.2.8 Deliverables 54430.2.9 Presentation of the Findings 54530.2.10 Key Factors for Successful Implementation 54530.3 Customer Delight 54830.4 Summary 54830.5 References 548Appendix 1: Successful IT: Modernising Government in Action 549Appendix 2: Sources of Risk 553Appendix 3: DEFRA Risk Management Strategy 557Appendix 4: Risk: Improving Government’s Capability to Handle Risk and Uncertainty 561Appendix 5: Financial Ratios 567Appendix 6: Risk Maturity Models 573Appendix 7: SWOT Analysis 579Appendix 8: PEST Analysis 583Appendix 9: VRIO Analysis 587Appendix 10: Value Chain Analysis 589Appendix 11: Resource Audit 591Appendix 12: Change Management 595Appendix 13: Industry Breakpoints 599Appendix 14: Probability 601Appendix 15: Value at Risk 611Appendix 16: Optimism Bias 613Index 621