Enterprise Risk Management: From Incentives to Controls 2nd Edition

When the first edition of “Enterprise Risk Management; from Incentives to Controls” appeared in 2003, it seemed as if the business world – at least in the U.S. - was in disarray. The bankruptcy of Enron in 2001, the collapse of WorldCom in 2002, the shutdown of Arthur Anderson – the auditor of both companies - and the arrests of the senior management of Tyco were resonating in the marketplace. Risk management, previously something that might have been considered an accounting specialty, now demanded the attention of senior managers and their corporate boards.It had gotten to the point that even if board members and management might have been inclined to continue to hand off their risk-oversight responsibilities, the Sarbanes Oxley Act of 2002 wasn’t going to let them; and their outside auditors, the ones surviving after the vaporization of Arthur Andersen, were insisting that management take accountability so that no more scandals would crop up on their watches. Management was facing a risk-management learning curve and they needed guidance if they were to begin to make informed risk decisions across their organizations.It was into this environment that James Lam published his book, “Enterprise Risk Management; from Incentives to Controls” and it was a business best seller. It introduced the background and concepts that were wanting for most managers and the boards they answered to. In his book, Lam gave risk a business context, advanced a risk-management framework applied to business and then drilled down into the three principal forms of business risk: credit risk, market risk, and operational risk - all the while supporting his approach with references to real-life examples and case studies.Among the many valuable insights the author delivered in that first edition was the concept of the risk portfolio in which risks are treated like investments or assets. He showed how a portfolio of risks can recast the perspective and thus the approaches available to management. Grouped into a portfolio, some risks will likely offset each other and minimize aggregate risk, while others will correlate and amplify aggregate risk, and still others will offer opportunities for increased return on investment. The message was simple. Risks can be managed. And further, not all risks are bad because, in business, without risk there is no reward.In the second edition of his book, James Lam has built on the first edition starting with an expanded index, a bibliography, and an entirely new section, “ERM Implementation”. In the new section he addresses the practical implications of establishing an ERM program, from implementation to management to decision making to reporting, and includes a Risk Assessment Self-Evaluation List to help direct the effort. The new section rounds out the ERM story. Now all the most compelling questions, what should we do and how should we do it, are addressed in a single volume.But there are numerous other updates in this second edition to consider as well. They include the expansion of chapters, notably those on Line Management, Stakeholder Management, and Operational Risk Management, and the addition of new case studies including Ford and Airbus and Boeing. Furthermore, I can’t think of anywhere else you will find a better explanation of risk appetite, a term frequently employed by ERM practitioners but rarely if ever adequately explained. And that is not to overlook the inclusion of one of the best explanatory definitions of risk and enterprise risk management that you will find (see page 53).To my mind, “Enterprise Risk Management; from Incentives to Controls” remains the single best source of information for managers on every level and for board members contemplating risk management on an enterprise-wide scale. Up until the 21st century, risk might have been left to the finance department or managed heuristically, but the collapse in 2001 and 2002 of high-profile businesses that stood at the time for a new age of innovation led to demands for new accountability.The first edition of James Lam’s book arrived with impeccable timing and helped to lay the groundwork for risk management as a business practice, and the second edition has improved on the first. It is not a theoretical book. With its timely updates and additions and a new section on implementation, this book has made risk and risk management something that can be assimilated and practiced in any business in any industry worldwide.

The book waved real life examples into the core concept of risk management and demonstrated why integrated enterprise risk management is key and how it can work. It is very insightful for anyone who wants to understand what is enterprise risk management, and equally very valuable for veteran risk professional who wants to advance thinking and compare practices. The implementation guide added to this edition provides a practical step by step advise on how to set up and roll out ERM programs, a great reference point.In today’s ever changing environment, risks are multi faceted, fast changing and interconnected. As the author outlined in this book, integrate risk management in the business process of the company will enable businesses to not only reducing downside potential but also increasing upside opportunities. Great read to further extend your risk management think and promote risk practices as strategic business enablers as well as safe guard.

Enterprise Risk Management or ERM is simple in concept but complex in mastery. James Lam's book provides an excellent explanation on the principles as well as how ERM can be used in any organization. I used this book extensively in my role as the Chief Risk Officer of a large insurance company and often recommended this book to my colleagues. I also have the companion book, "Implementing Enterprise Risk Management." In this age of volatility and uncertainty, ERM practice is a must for corporations.

This is a must read for anyone who is either in the risk management profession or intends to learn the state of the art of enterprise risk management. Personally, I own both the 1st Edition (released in 2003) and this updated 2nd Edition.As a risk management executive in the finance industry with 10+ years of experience, I truly appreciate the accessibleness, depth, and comprehensiveness of this book. James Lam is the renowned first ever Chief Risk Officer and a visionary leader in the industry. After reading the book several times, I really appreciate the insightfulness and the wisdom distilled from life-long experiences of one of the best practitioners in the field.I started my career on “science” side of enterprise risk management, such as pricing financial derivatives, modeling consumer behavior, etc. As I rose from silo-based quantitative risk management to general enterprise-wide risk management, this book (1st Edition) offered a priceless introduction to the area of risk integration and aggregation, the impact of corporate risk management culture, etc. Over the last few years, I’ve become more appreciative of the “art” side of risk management discussed in the book. Even extremely experienced executives in the risk management field can still receive great benefit and insights by reading it.In summary, this is a must read for anyone who is interested in enterprise risk management, from MBA students to quantitative analysts to experienced corporate executives.

This book gave me more insight as a risk professional by breaking down the process and allowing quick action to be taken. Use it to educate or implement 😁

Great book! After reading and studying this book I feel confident to hold a conversation on ERM. I recommend this book to Professionals and Business Students, it's a must read for those in the corporate world.