Overview

In Chapter 2, “A Brief History of Risk Management,” we ask Felix Kloman—retired risk management consultant, conceptual thinker, and lover of sailing—to provide the background and history of risk management and the evolution of enterprise risk management. Felix was ideally suited to do this as someone who has dedicated more than 30 years to sharing stories, raising interesting risk concepts, and generally enjoying the challenges of this entire field. There is no one we know who is better suited or knows more about this topic. He takes us right back literally to some of the earliest recorded thinking on risk management and brings us through the ages to current thinking. Felix goes back to the basic questions of “What is risk management? When and where did we begin applying its precepts? Who were the first to use it?” He provides a highly personal study of this discipline’s past and present. It spans the millennia of human history and concludes with a detailed list of contributions in the past century. This is an ideal starting point for anyone new to the topic of risk management or the older scholars who wish to revisit this easy-to-read summary of risk. Felix is adamant in his view that risk must consider opportunities as well as threats.

“ERM and Its Role in Strategic Planning and Strategy Execution” is presented in Chapter 3 by Mark L. Frigo (Director, the Center for Strategy, Execution, and Valuation and Ledger & Quill Alumni Foundation, Distinguished Professor of Strategy and Leadership at the DePaul University Kellstadt Graduate School of Business and School of Accountancy, Chicago) and Mark S. Beasley (Deloitte Professor of Enterprise Risk Management and Professor of Accounting in the College of Management at North Carolina State University, and Director of North Carolina State’s Enterprise Risk Management Initiative). The authors have captured the essence of leading ERM and strategic risk management initiatives at their universities as well as their work with hundreds of practice leaders in enterprise risk management. They recognize that one of the major challenges in ensuring that risk management is adding value is to incorporate ERM in business and strategic planning of organizations. They explain how focusing on strategic risks serves as a filter for management and boards of directors to reduce the breadth of the risk playing field and ensure that they are focused on the right risks. These insights should help respond to the numerous calls following the recent credit crisis for improvements in overall risk oversight, with a particular emphasis on strategic risk management.

In Chapter 4, “The Role of the Board of Directors and Senior Management in Enterprise Risk Management,” Bruce Branson (Professor and Associate Director, Enterprise Risk Management Initiative, North Carolina State College of Management) explains that the oversight of the enterprise risk management process employed by an organization is one of the most important and challenging functions of a corporation’s board of directors. He notes that a failure to adequately acknowledge and effectively manage risks associated with decisions being made throughout the organization can and often do lead to potentially catastrophic results. Bruce explains the shared responsibility between the members of the board and the senior management team to nurture a risk aware culture in the organization that embraces prudent risk taking within an appetite for risk that aligns with the organization’s strategic plan. He identifies the legal and regulatory framework that drives the risk oversight responsibilities of the board. He also clarifies the separate roles of the board and its committees vis-à-vis senior management in the development, approval, and implementation of an enterprise-wide approach to risk management. Finally, the chapter explores optimal board structures to best discharge their risk oversight responsibilities.

ERM Management, Culture, and Control

Anette Mikes (Assistant Professor of Business Administration at Harvard Business School) provides insights into the types of roles that CROs play, based on her personal research in Chapter 5, “Becoming the Lamp Bearer: The Emerging Roles of the Chief Risk Officer.” Anette gained her PhD in enterprise risk management from the London School of Economics, and is setting up a program at Harvard Business School with Robert Kaplan to teach ERM. Anette describes the role of chief risk officers (CRO) and different types of ERM methodologies that she sees in practice. She draws on the existing practitioner and academic literature on the role of chief risk officers, and a number of case studies from her ongoing research program on the evolution of the role of the CRO. Anette describes the origins and rise of the CRO, and outlines four major roles that senior risk officers may fulfill: (1) the compliance champion; (2) the modeling expert; (3) the strategic advisor; and (4) the strategic controller. She demonstrates how chief risk officers could improve business decision making and incorporate both good risk analytics and expert judgment, as well as influence risk-taking behavior in the business lines. As she explains: “The art of successful risk management is in getting the executive team to see the light and value the lamp-bearer.” This chapter will be of great interest to all CROs and those organizations thinking about how to implement ERM.

“Creating a Risk-Aware Culture” is discussed in Chapter 6 by Doug Brooks (President and CEO, Aegon Canada Inc.). The author draws on his actuarial training and business insights to provide the methods to create a positive culture for risk management in any organization. The actuarial profession has for several years recognized and been a leading advocate for the research and expansion of ERM into their organizations. Actuaries are by training and experience well versed in managing risks and have expanded into additional areas such as investments and know how best to apply ERM concepts. We wanted to ensure the actuarial profession was included in this book and were delighted when we approached Doug Brooks that he suggested writing about the role of culture in risk management. Doug has been one of the early pioneers in ERM and this has likely added to his continued professional success, as he was recently appointed President and CEO of Aegon Canada Inc. Doug observes that an organization could possess world-class technical capabilities and strong processes for collecting and reporting information, but still have a bankrupt culture so that no value was added through ERM efforts. He considers that there is nothing more crucial to the success of ERM efforts in an organization than an informed and supportive culture. He points out that culture is not merely an intangible concept, but that its elements can be defined and progress in moving toward a desired culture can be measured. He notes that to be successful in risk management, organizations must recognize the importance of encouraging and rewarding disciplined behaviors, as well as openness in communication. Culture is key to ERM and this chapter is helpful to all practitioners who are implementing ERM.

Chapter 7, “ERM Frameworks,” is authored by one of the leading authorities on risk frameworks, Professor Emeritus John Shortreed of the University of Waterloo, Canada. Professor Shortreed provides a forward-looking view at the forthcoming international framework for risk management. He is the Canadian representative on the committee that has developed the new ISO 31000 Risk Management Standard (due to be published around the same time as this book). This chapter is a great “companion” for those using the new ISO 31000 standard. Historically, ERM has been molded by the Australian/New Zealand Risk Standard 4360, by COSO’s 2004 publication, and recent pronouncements of rating agencies such as Standard & Poor’s; however, this new ISO standard is expected to have greater international acceptance in years to come. This chapter describes the new ISO risk management framework, which incorporates best practice from COSO, PMI (Project Management Institute), the Australian and New Zealand Standard (AS/NZS 4360:2004) and other leading international risk management standards. John notes that an ERM framework can often be implemented in a step-by-step way and this approach will assist in building acceptance of ERM and in encouraging a risk culture, particularly if potentially successful areas are selected for the first steps. As the risk management culture matures in the organization there should be noticeable improvements in the ability to discuss risks easily, decision making under uncertainty, comfort levels with risk situations, and achievement of objectives.

Susan Hwang (Associate Partner, Deloitte, Toronto, Canada) provides some original views on the role of Key Risk Indicators (KRIs) in Chapter 8 “Identifying and Communicating Key Risk Indicators.” Since 2000 when Hydro One first began practicing ERM, there have not been a lot of new concepts introduced, despite the numerous publications on the topic. A year or two ago, John Fraser was at a presentation made by Susan Hwang on the topic of KRIs and realized that she was describing a concept that we had not seen before. She demonstrated how to use metrics, or what were often packaged among Key Performance Indicators, as a means of identifying evolving risks that might arise or increase in the future. This is a seemingly simple concept but one that we thought to be important to identifying future key risks. We found that virtually nothing had been written on the topic before, so we asked Susan to write this chapter and share her findings and views. Susan notes that the formal use of KRIs as an ERM tool is an emerging practice. Although many organizations have developed key performance indicators as a measure of progress against the achievement of business goals and strategies, this differs from using KRIs to support risk management and strategic and operational performance. In this chapter, Susan clarifies what KRIs are and demonstrates their practical applications and value to an organization. She outlines the guiding principles for designing KRIs, and discusses implementation and sustainability. The key message she shares is that there are lots of metrics and performance measures in any organization, but the art of ERM is identifying the key ones that will help identify future risks.

ERM Tools and Techniques

“How to Create and Use Corporate Risk Tolerance” is presented in Chapter 9 by Ken Mylrea (Director, Corporate Risk, Canada Deposit Insurance Corporation) and Joshua Lattimore (Policy and Research Advisor, Canada Deposit Insurance Corporation). The authors explore and provide practical examples of the role of risk tolerances. John first learned of Canada Deposit Insurance Corporation (CDIC) in the early 1990s when CDIC issued expectations about the business and financial practices of its member institutions. These principle-based standards were developed by Ken Mylrea and focus on enterprise-wide governance and management. Their underlying premise was that well-managed institutions are less likely to encounter difficulties that could result in CDIC having to pay the claims of depositors. A key feature of the standards was the requirement that institutions’ management and board of directors perform a self-assessment against the CDIC control criteria and report the results to the CDIC. In setting the context for this chapter, Ken and Joshua pose the following questions: What is risk tolerance? Why is setting risk tolerance important? What are the factors to consider in setting risk tolerance? And how can you make risk tolerance useful in managing risk? They describe risk tolerance as the risk exposure an organization determines appropriate to take or avoid taking, that is, risk tolerance is about taking calculated risks—namely, taking risks within clearly defined and communicated parameters set by the organization.

In Chapter 10, “How to Plan and Run a Risk Management Workshop,” Rob Quail (Outsourcing Program Manager at Hydro One Networks Inc.) provides hard-hitting practical advice on how to actually design and run a risk workshop. Rob was a major reason for the success of ERM at Hydro One and its sustainability to date. He has run more than 200 risk workshops at all levels, including facilitating meetings of up to 800 staff! When we were designing this book we realized that there was nothing we could find documented elsewhere on how to design and run a risk workshop. Rob describes in an easy step-by-step fashion how to design workshops based on the objectives to be achieved, for example, how important is team building versus specific action planning? Rob explains that risk workshops play a vital role in ERM by helping engage executive managers and staff in understanding the corporate objectives and the risks to achieving these within given tolerances. He goes on to show how workshops not only help identify and address critical risks, but also provide opportunities for participants to learn about organizational objectives, risks, and mitigants. He makes it clear that one size does not fit all and each workshop has to be designed carefully depending on the circumstances and desired outcomes.

In Chapter 11, “How to Prepare a Risk Profile,” John Fraser (Vice President, Internal Audit & Chief Risk Officer at Hydro One) provides practical advice on how to prepare a risk profile for executive management and the board of directors. We wanted to have a chapter on risk profiles, and while there is a lot written about risk maps, heat maps, and risk identification, we could not find anything specific about how to actually conduct structured interviews and prepare a risk profile. As a result, we decided to document the Hydro One model, which we have been using since 1999, and which has been proven to be simple and effective. This methodology is based primarily on interviews with executives and risk specialists and complements the results captured by risk workshops. Ideally the results of workshops and interviews (or surveys) should be consolidated and reconciled. It is our hope that these step-by-step instructions will give confidence to risk managers implementing ERM on how best to conduct these interviews effectively. As Sir Graham Day, who was an early champion of ERM at Hydro One, told John “ERM obviously works in practice but can you make it work in theory?”

Chapter 12, “How to Allocate Resources Based on Risk,” by Joe Toneguzzo (Director—Implementation & Approvals, Power System Planning, Ontario Power Authority) outlines a business framework for prioritizing resources based on risks, as part of the business planning process. Soon after we began implementing ERM at Hydro One, Joe Toneguzzo—who was responsible for obtaining funding and allocating resources for asset management—worked with the Hydro One Corporate Risk Management Group to determine how best to do so utilizing a risk-based approach. (Joe is now with another organization.) A methodology and supporting business process was developed that has served Hydro One well and is regarded as a leading asset management resource allocation model, as validated in international forums on this subject area. The concept involves identifying the critical business risks and the expenditures proposals available to mitigate them. This is followed by rating all the expenditure proposals in a consistent manner based on the risks that will be mitigated per unit of cost. The expenditures proposals are then dispatched on a priority basis, based on cost/benefit scores (where the benefit is measured in terms of reduced risk) until the resources are exhausted. The advantages of the methodology developed are that it is transparent, consistent, and easy to justify to stakeholders such as regulators, boards of directors, and others. Joe takes us through the theory and practice in an easy-to-follow manner.

John Hargreaves (Managing Director, Hargreaves Risk & Strategy, London, England) explores and provides guidance on the popular topic of quantifying risks in Chapter 13, “Quantitative Risk Assessment in ERM.” John Hargreaves has seen his ideas and expertise implemented in various major organizations in England and brings an easy-to-understand introduction to what can become complex theories. John enjoyed a successful career in the real world of finance with major organizations, including being responsible for introducing risk management systems in a major bank following the last U.K. depression. Over the last 10 years, he has helped implement risk management systems in about 60 organizations. This chapter explains the complex world of quantification of risks in progressive steps to help those who are new to ERM. John provides descriptions of four differing approaches to the quantification of individual risks. Statistical methods for calculating and reporting a company’s total corporate risk are described and illustrated by a simple example and he also shows how quantified risks may be incorporated in the business planning process. Note that specialized methods to quantify risks in financial institutions are not covered here. His chapter is a must-read for anyone interested in the theory of practical and workable methods for quantifying risks.

Types of Risks

In Chapter 14, “Market Risk Management and Common Elements with Credit Risk Management,” Rick Nason (Partner, RSD Solutions, and Associate Professor of Finance, Dalhousie University, Nova Scotia) explains very sophisticated trading and market risk concepts and risk management methods in an easy-to-understand format. Rick left the exciting world of derivatives trading at a major Canadian bank to join the even more exciting world of academia where he is sharing his experiences through his teaching and consulting activities. Although comfortable with the complex models and math for market risk and derivatives, Rick decided to write this chapter for the general practitioner who wants to learn about market risk management and how it relates to credit risk management. In this chapter, Rick describes how to consider these risks and a framework that provides a focus on market risk. Rick points out that market risk management requires not only an understanding of the tools and techniques, but also of the underlying business in order to successfully implement the market risk function within the enterprise risk management framework of the organization.

Continuing his discussion from the previous chapter, Rick Nason provides the basic elements of credit risk management as well as the more sophisticated concepts every credit risk manager should understand in Chapter 15, “Credit Risk Management.” Each year, Rick runs a credit competition at the university, as well as consulting with major banks on ERM and credit risk management. Rick explains that when conducting credit analysis, it is important to remember that, unlike market risk, credit risk is almost always a downside risk; that is, unexpected credit events are almost always negative events and only rarely positive surprises. He also reminds the reader that no one extends credit to a customer, or executes a loan to a counterparty, expecting that it will not be repaid. Rick has crafted this chapter for the general practitioner who wants to learn about credit risk management and for the more experienced credit managers seeking to validate their approach.

Diana Del Bel Belluz (President, Risk Wise Inc.) explains operational risk concepts and methods in an easy-to-read format that will be essential to any student of ERM and helpful to more experienced readers in Chapter 16, “Operational Risk Management.” Diana has taught risk management since 1992 and has a background in decision science. With her broad experience from her consulting practice, she understands the challenges of a wide variety of organizations in getting a handle on this multifaceted topic. In this chapter, Diana explains the fundamentals of risk management in an operational setting and how operational risk management can be used to capture the full performance potential of an organization. She explores what is meant by operational risk and why it is important. She frames her explanations around questions such as: How do you align operational risk management with enterprise risk management? How do you assess operational risks? Why do you need to define risk tolerance for aligned decision making? What can you do to manage operational risk? How do you encourage a culture of risk management at the operational level? This chapter provides a well-rounded introduction to a topic that is becoming of increasing interest.

In Chapter 17, “Risk Management: Techniques in Search of a Strategy,” Joseph V. Rizzi (Senior Investment Strategist, CapGen Financial Group, New York) explores the reasons for the losses that triggered massive shareholder value destruction resulting in dilutive recapitalizations, replacement of whole management teams, the failure of numerous institutions, and the adoption of the $700 billion TARP rescue program, and what can be done to avoid this in future. He suggests that risk management needs to move away from a technical, specialist control function with limited linkage to shareholder value creation. This can be achieved by firms and risk decisions moving from an internal egocentric focus to an external systems approach incorporating the firm within a market context. Further, he states that we need to move beyond risk measurement to risk management that integrates risk into strategic planning, capital management, and governance. Joseph draws on Warren Buffett’s principles and numerous practical examples (including Long Term Capital Management) to explain, using charts and models, how governance and ERM can address many of the pitfalls we have seen.

Daniel A. Rogers (Associate Professor of Finance, School of Business Administration, Portland State University) provides in Chapter 18, “Managing Financial Risk and Its Interaction with Enterprise Risk Management,” a useful background on financial risk management, namely corporate strategies of employing financial transactions to eliminate or reduce measurable risks. He includes possible definitions and examples of industry applications of financial hedging. He then moves on to a basic review of the theoretical rationales for managing (financial) risk and explores the potential for the interaction of financial hedging with other areas of risk management (such as operational, strategic). He also discusses the lessons that can be applied to ERM from the knowledge base about financial hedging. He points out that active board involvement and buy-in are critical to the implementation of a successful ERM program, and that boards that better understand financial risks are likely to be more receptive to conversations about other significant risks that could negatively affect company performance.

Benton E. Gup (Robert Hunt Cochrane/Alabama Bankers Association Chair of Banking at the University of Alabama) traces the evolution of bank capital requirements in Chapter 19, “Bank Capital Regulation and Enterprise Risk Management,” from the 1800s to the complex models used in Basel I and II. He points out that the recent subprime crisis makes it clear that our largest banks and financial institutions do not have adequate risk management as evidenced by problems with major banks and that the models employing economic capital can be subject to large errors. He goes on to introduce enterprise risk management and economic capital, which he believes represent the future of bank capital. He notes that enterprise risk management uses a “building block” approach to aggregate the risks from all lines of business, and that economic capital must be “forward looking,” and based on expected scenarios instead of recent history.

In “Legal Risk Post-SOX and the Subprime Fiasco: Back to the Drawing Board” (Chapter 20), Steven Ramirez (Director, Business & Corporate Governance Law Center, Loyola University, Chicago) notes that legal risk should be managed in accordance with basic notions of risk management generally. He points out that it should not exist within a risk silo, but should be managed with a view toward the firm’s overall risk tolerance and through coordinated efforts of senior management, as well as the board. Professor Ramirez explains in a “no holds barred” way how the rules of professional responsibility governing lawyers were flawed, corporate law was stunted, whistle-blowing was not encouraged, codes of conduct were wholly optional, and there was insufficient regulation of the audit function. This chapter reviews the most developed framework governing legal and reputational risk (SOX) and suggests innovative and proactive ways that controls could be improved and risk can be reduced in the future.

“Financial Reporting and Disclosure Risk Management” is discussed extensively by Susan Hume, Assistant Professor of Finance and International Business, School of Business, the College of New Jersey) in Chapter 21. The author boils down the key requirements of the extensive regulations for financial reporting and disclosure into an easy-to-understand chapter. Key topics such as reporting on internal controls under Sarbanes-Oxley, accounting for derivatives, and fair value accounting are discussed and explained. Susan explains how ERM reporting and disclosure provides the forum to discuss the key vulnerabilities and risks of the firm and strengthens management accountability. It is for the board and senior management to set the risk policy, establish the key levels of acceptable risk exposure, and communicate these policies to managers and other employees. Implementation and reporting then flows up from the bottom to senior management and to the risk management committee, which may be a subcommittee of the board in the ideal structure. This chapter will be an ideal place to gain an introduction to these complex requirements as well as add helpful insights for the more experienced reader.

Survey Evidence and Academic Research

John Fraser and Betty Simkins (co-editors of this book) teamed with Karen Schoening-Thiessen (Senior Manager of Executive Networks in the Governance and Corporate Responsibility Group at the Conference Board of Canada) to develop and analyze the first survey evidence of risk executives working in the area of ERM about the literature they find most effective in assisting and facilitating the successful implementation of ERM. The study in Chapter 22, “Who Reads What Most Often?” highlights crucial areas of need on ERM, and it is hoped that these will be a starting point to encourage and stimulate more advances in the research and practice of ERM. It highlights excellent opportunities for academics to closely collaborate with practitioners to conduct research in these key areas of need. The chapter also discusses problems and challenges risk executives have encountered that were not addressed in the literature. Detailed listings are provided of the top readings of articles (i.e., surveys, academic studies, and practitioner articles), books, and research reports. This chapter was originally published in the Spring/Summer 2008 issue of the Journal of Applied Finance.

Chapter 23, “Academic Research on Enterprise Risk Management,” by Subbu Iyer (PhD student, Oklahoma State University), Daniel A. Rogers (Associate Professor, Portland State University), and Betty Simkins (Williams Companies Professor of Finance, Oklahoma State University), provides a summary to date of research on enterprise risk management. To conduct the review, they searched academic journals and other databases of academic research and limited their focus to papers that can be classified as either academic research or case studies that would be appropriate for a classroom setting. After a thorough search of ERM literature, the authors located 10 research studies and 5 case studies to synthesize. Overall, the authors find little in the way of consistent results about ERM. In addition, they find that more case studies on enterprise risk management are needed so that risk executives can learn from the experiences of others who have successfully implemented it.

In Chapter 24 “Enterprise Risk Management: Lessons from the Field,” we have the benefit of the knowledge from a trio of experienced ERM experts, namely: William G. Shenkir (William Stamps Farish Professor Emeritus, University of Virginia’s McIntire School of Commerce), Thomas L. Barton (Kathryn and Richard Kip Professor of Accounting, University of North Florida) and Paul L. Walker (Associate Professor of Accounting, University of Virginia). The authors of this chapter have been involved in the area of ERM since 1996. They have taught ERM at the undergraduate and graduate levels and for businesses and executives worldwide as well as consulting on ERM implementation. They point out that one of the early lessons that companies glean from ERM is that many layers of the company, including senior management, operating managers, and regular employees do not know or understand the strategies and objectives of the organization and how these, in turn, relate to their daily job and tasks. ERM compels companies to identify and focus on the organization’s strategies and objectives. This chapter is illustrated with numerous real-life examples and provides a wonderful lesson in what enterprise risk management is like in real life.

Special Topics and Case Studies

In Chapter 25, “Rating Agencies Impact on Enterprise Risk Management,” Mike Moody (Managing Director, Strategic Risk Financing Inc.) provides the history and current published thinking of the major rating agencies. This is an area that we expect will expand and become more established as time goes on. Mike has an MBA in finance, is the Managing Director of a risk consulting firm, and was a risk manager of a Fortune 500 company. He has a broad view of the risk universe and what is happening due to the activities of the rating agencies. The interest taken by the agencies, especially Standard & Poor’s (S&P) in recent years, has focused boards and senior management on the need for and the advantages of ERM. Mike notes that one of the primary reasons for the movement of rating agencies into ERM is that they believe companies with an enterprise-wide view of risks, such as that offered by ERM, are better managed. Several have also noted that ERM provides an objective view of hard-to-measure aspects such as management capabilities, strategic rigor, and ability to manage in changing circumstances. He explains that the view of S&P is that positive or negative changes in ERM programs are considered as leading indicators that show up long before they could be seen in a company’s published financial data. This chapter provides a sound base for understanding the background and role of rating agencies in ERM, a story that is likely still evolving.

“Enterprise Risk Management: Current Initiatives and Issues” (Chapter 26), contains a roundtable discussion sponsored and published by the Journal of Applied Finance, which includes an expert group of academics and practitioners in the area of risk management. The discussants consisted of Bruce Branson (Associate Director of the Enterprise Risk Management Initiative and Professor in the Department of Accounting at North Carolina State University), Pat Concessi (Partner in Global Energy Markets with Deloitte and Touche, Toronto, Canada), John R.S. Fraser (Chief Risk Officer and Vice President of Internal Audit at Hydro One Inc. in Toronto), Michael Hofmann (Vice President and Chief Risk Officer at Koch Industries, Inc. in Wichita, Kansas), Robert (Bob) Kolb (Frank W. Considine Chair in Applied Ethics at Loyola University Chicago), Todd Perkins (Director of Enterprise Risk at Southern Company, Inc. in Atlanta, Georgia), Joe Rizzi (Senior Investment Strategist at CapGen Financial in New York, but at the time of the roundtable discussion, he was the Managing Director of Enterprise Risk Management at Bank of America and La Salle Bank in Chicago, Illinois), and the moderator Betty J. Simkins (Williams Companies Professor of Business and Associate Professor of Finance in the Spears School of Business at Oklahoma State University). This roundtable explored many avenues, concerns, and possible solutions in this evolving arena of risk management.

Demir Yener, Senior Advisor at Deloitte Consulting, Emerging Markets (Washington D.C.), discusses enterprise risk management applications suitable for, and as they exist in, a number of emerging market corporations in Chapter 27, “Establishing ERM Systems in Emerging Countries.” He notes that there is a growing interest in improving corporate governance practices in emerging markets. Following the financial crises in the Far East and Russia, which impacted many other emerging markets in 1997–1998, there was a realization that corporate governance practices had to be improved along with the financial sector infrastructure. The Financial Stability Forum was convened, as a result of which the OECD (Organisation for Economic Co-operation and Development) Principles of Corporate Governance were developed in 1999. Since then the principles have been revised in 2004, and other standards of business conduct had been introduced to provide guidance in a number of critical areas of global cooperation for business and finance among nations. The emerging countries in Demir’s sample include Egypt, Jordan, Mongolia, Serbia, Turkey, and Ukraine. The ERM concept is still a new concept in these countries and it is likely to take a while to get the emerging country firms, given the legal and regulatory requirements, to reach the desirable level of risk management practices.

In Chapter 28, “The Rise and Evolution of the Chief Risk Officer: Enterprise Risk Management at Hydro One,” Tom Aabo (Associate Professor, Aarhus School of Business, Denmark), John R.S. Fraser (Chief Risk Officer, Hydro One Inc.), and Betty J. Simkins (Williams Companies Professor of Business, Oklahoma State University) describe the successful implementation of enterprise risk management (ERM) at Hydro One Inc. over a five-year period. This chapter was first published in the Journal of Applied Corporate Finance. Hydro One is a Canadian electric utility company that has experienced significant changes in its industry and business. Hydro One has been at the forefront of ERM for many years, especially in utilizing a holistic approach to managing risks, and provides a best practices case study for other firms to follow. This chapter describes the process of implementation beginning with the creation of the chief risk officer position, the deployment of a pilot workshop, and the various tools and techniques critical to ERM (e.g., the Delphi Method, risk trends, risk maps, risk tolerances, risk profiles, and risk rankings).

As this brief overview indicates, the chapters in this book present an impressive coverage of crucial issues on enterprise risk management and are written by leading ERM experts globally. We believe that no other book on the market provides such a wide coverage of timely topics—such as ERM management, culture and control, ERM tools and techniques, types of risk from a holistic viewpoint, leading case studies, practitioner survey evidence, and academic research on ERM. The authors of these chapters and we, the editors, invite reader comments and suggestions.