Home Page Icon
Home Page
Table of Contents for
Contents
Close
Contents
by Dr. Allan S. Benjamin
Enterprise Risk and Opportunity Management
Cover
Title Page
Copyright
Figures
Tables
Preface
Introduction
Chapter 1: An EROM Primer for Organizations Concerned with Technical Research, Integration, and Operations (TRIO Enterprises)
1.1 EROM Scope and Objectives for TRIO Enterprises
1.2 EROM Definitions and Technical Attributes for TRIO Enterprises
Notes
References
Chapter 2: Coordination of EROM with Organizational Management Activities
2.1 The Executive, Programmatic, and Institutional/Technical Management Functions and Their Interfaces
2.2 EROM-Relevant Management Activities
2.3 Coordination of EROM with Management Activities
2.4 Communication across Extended Partnerships
2.5 Contribution of EROM to Compliance with Federal Regulations and Directives
Notes
References
Chapter 3: Overview of EROM Process and Analysis Approach
3.1 Organizational Objectives Hierarchies
3.2 Populating the Organizational Objectives Hierarchies with Risk and Opportunity Information
3.3 Establishing Risk Tolerances and Opportunity Appetites
3.4 Identifying Risk and Opportunity Scenarios and Leading Indicators
3.5 Specifying Leading Indicator Trigger Values and Evaluating Cumulative Risks and Opportunities
3.6 Identifying and Evaluating Risk Mitigation, Opportunity Exploitation, and Internal Control Options
Notes
References
Chapter 4: The Development and Utilization of EROM Templates for Performance Evaluation and Strategic Planning
4.1 Overview
4.2 Demonstration Example: The NASA Next-Generation Space Telescope as of 2014
4.3 Example Objectives Hierarchies
4.4 Risks, Opportunities, and Leading Indicators
4.5 Example Templates for Risk and Opportunity Identification and Evaluation
4.6 Example Templates for Risk and Opportunity Roll-Up
4.7 Example Templates for the Identification of Risk and Opportunity Drivers, Responses, and Internal Controls
4.8 Upward Propagation of Templates for Full-Scope EROM Applications
4.9 Application of the Templates to Organizational Planning and the Selection from among Alternative Candidate Portfolios
Notes
References
Chapter 5: Management and Implementation of EROM at the Institutional/Technical Level (Technical Centers or Directorates)
5.1 EROM from a Technical Center's Perspective
5.2 Extended Enterprises and the Technical Center's Extended Organization
5.3 EROM-Informed Budgeting of Resources across a Technical Center's Extended Organization
References
Chapter 6: Special Considerations for EROM Practice and Analysis at Commercial TRIO Enterprises
6.1 Overview
6.2 Risk and Opportunity Scenarios and Leading Indicators
6.3 Controllable Drivers, Mitigations, Actions, and Internal Controls
Chapter 7: Examples of the Use of EROM Results for Informing Risk Acceptance Decisions
7.1 Overview
7.2 Example 1: DoD Ground-Based Midcourse Missile Defense in the 2002 Time Frame
7.3 Example 2: NASA Commercial Crew Transportation System as of 2015
7.4 Implication for TRIO Enterprises and Government Authorities
References
Chapter 8: Independent Appraisal of EROM Processes and Results to Assure the Adequacy of Internal Controls and Inform Risk Acceptance Decisions
8.1 Background
8.2 Queries for an Independent Appraisal of EROM in the Contexts of Internal Control and Risk Acceptance
References
Chapter 9: Brief Overview of the Potential Integration of EROM with Other Strategic Assessment Activities
9.1 Technical Capability Assessment (TCA)
9.2 Strategic Annual Review (SAR)
9.3 Portfolio Performance Review (PPR)
References
Chapter 10: An Integrated Framework for Hierarchical Internal Controls
10.1 Internal Control Principles and the Integration of Internal Control, Risk Management, and Governance
10.2 Methodological Basis
10.3 Examples
10.4 Incorporation of Internal Control Principles into the Control Loop Approach
10.5 Summary of Observations
Note
References
Appendix A: Acronyms
Appendix B: Definitions
About the Companion Website
About the Author
Index
End User License Agreement
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Series
Next
Next Chapter
Title Page
Table of Contents
Cover
Title Page
Copyright
Figures
Tables
Preface
Introduction
Chapter 1: An EROM Primer for Organizations Concerned with Technical Research, Integration, and Operations (TRIO Enterprises)
1.1 EROM Scope and Objectives for TRIO Enterprises
1.2 EROM Definitions and Technical Attributes for TRIO Enterprises
Notes
References
Chapter 2: Coordination of EROM with Organizational Management Activities
2.1 The Executive, Programmatic, and Institutional/Technical Management Functions and Their Interfaces
2.2 EROM-Relevant Management Activities
2.3 Coordination of EROM with Management Activities
2.4 Communication across Extended Partnerships
2.5 Contribution of EROM to Compliance with Federal Regulations and Directives
Notes
References
Chapter 3: Overview of EROM Process and Analysis Approach
3.1 Organizational Objectives Hierarchies
3.2 Populating the Organizational Objectives Hierarchies with Risk and Opportunity Information
3.3 Establishing Risk Tolerances and Opportunity Appetites
3.4 Identifying Risk and Opportunity Scenarios and Leading Indicators
3.5 Specifying Leading Indicator Trigger Values and Evaluating Cumulative Risks and Opportunities
3.6 Identifying and Evaluating Risk Mitigation, Opportunity Exploitation, and Internal Control Options
Notes
References
Chapter 4: The Development and Utilization of EROM Templates for Performance Evaluation and Strategic Planning
4.1 Overview
4.2 Demonstration Example: The NASA Next-Generation Space Telescope as of 2014
4.3 Example Objectives Hierarchies
4.4 Risks, Opportunities, and Leading Indicators
4.5 Example Templates for Risk and Opportunity Identification and Evaluation
4.6 Example Templates for Risk and Opportunity Roll-Up
4.7 Example Templates for the Identification of Risk and Opportunity Drivers, Responses, and Internal Controls
4.8 Upward Propagation of Templates for Full-Scope EROM Applications
4.9 Application of the Templates to Organizational Planning and the Selection from among Alternative Candidate Portfolios
Notes
References
Chapter 5: Management and Implementation of EROM at the Institutional/Technical Level (Technical Centers or Directorates)
5.1 EROM from a Technical Center's Perspective
5.2 Extended Enterprises and the Technical Center's Extended Organization
5.3 EROM-Informed Budgeting of Resources across a Technical Center's Extended Organization
References
Chapter 6: Special Considerations for EROM Practice and Analysis at Commercial TRIO Enterprises
6.1 Overview
6.2 Risk and Opportunity Scenarios and Leading Indicators
6.3 Controllable Drivers, Mitigations, Actions, and Internal Controls
Chapter 7: Examples of the Use of EROM Results for Informing Risk Acceptance Decisions
7.1 Overview
7.2 Example 1: DoD Ground-Based Midcourse Missile Defense in the 2002 Time Frame
7.3 Example 2: NASA Commercial Crew Transportation System as of 2015
7.4 Implication for TRIO Enterprises and Government Authorities
References
Chapter 8: Independent Appraisal of EROM Processes and Results to Assure the Adequacy of Internal Controls and Inform Risk Acceptance Decisions
8.1 Background
8.2 Queries for an Independent Appraisal of EROM in the Contexts of Internal Control and Risk Acceptance
References
Chapter 9: Brief Overview of the Potential Integration of EROM with Other Strategic Assessment Activities
9.1 Technical Capability Assessment (TCA)
9.2 Strategic Annual Review (SAR)
9.3 Portfolio Performance Review (PPR)
References
Chapter 10: An Integrated Framework for Hierarchical Internal Controls
10.1 Internal Control Principles and the Integration of Internal Control, Risk Management, and Governance
10.2 Methodological Basis
10.3 Examples
10.4 Incorporation of Internal Control Principles into the Control Loop Approach
10.5 Summary of Observations
Note
References
Appendix A: Acronyms
Appendix B: Definitions
About the Companion Website
About the Author
Index
End User License Agreement
Pages
ii
iii
iv
xiii
xiv
xv
xvi
xvii
xix
xx
xxi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
317
318
319
320
321
322
323
324
Guide
Table of Contents
Begin Reading
List of Illustrations
Chapter 1: An EROM Primer for Organizations Concerned with Technical Research, Integration, and Operations (TRIO Enterprises)
Figure 1.1 Decision making is a balance between risk and opportunity
Figure 1.2 Risk tolerance relative to diverse goals and objectives
Figure 1.3 The elements of RIDM and CRM applied to the TRIO enterprise's management activities at various levels
Chapter 2: Coordination of EROM with Organizational Management Activities
Figure 2.1 The three levels of management within a typical enterprise
Figure 2.2 The principal activities and transfer of information within and between levels of management
Figure 2.3 Activities within the executive level and transfer of information from/to external and internal sources
Figure 2.4 Activities within a program directorate (programmatic level) and transfer of information from/to external and internal sources
Figure 2.5 Activities within a technical center (institutional/technical level) and transfer of information from/to external and internal sources
Figure 2.6 Interfaces between EROM activities and management activities in the development of an organizational plan
Figure 2.7 Interfaces between EROM activities and management activities in the evaluation of performance relative to the organizational plan
Figure 2.8 The relationship between governance, enterprise risk management, and internal controls according to the new OMB Circular A-123
Chapter 3: Overview of EROM Process and Analysis Approach
Figure 3.1 Types of objectives developed at the executive level
Figure 3.2 Types of objectives developed at the programmatic level
Figure 3.3 Types of objectives developed at the institutional/technical level
Figure 3.4 Conceptualization of an enterprise-wide objectives hierarchy
Figure 3.5 Associating risk and opportunity information with objectives in the organizational objectives hierarchy
Figure 3.6 Risk and opportunity response and watch boundaries
Figure 3.7 Example taxonomy for enterprise risks and opportunities
Figure 3.8 Risk and opportunity leading indicator triggers
Figure 3.9 Hypothetical results showing how the elimination of a risk driver affects cumulative risk and the elimination of an opportunity driver affects cumulative opportunity
Figure 3.10 Iterative process for identifying and evaluating a risk response, opportunity action, and internal control plan that balances cumulative risk, cumulative opportunity, and cost
Chapter 4: The Development and Utilization of EROM Templates for Performance Evaluation and Strategic Planning
Figure 4.1 Executive-level objectives for the example demonstration
Figure 4.2 Programmatic-level objectives for the example demonstration
Figure 4.3 Center-level objectives for the example demonstration
Figure 4.4 Integrated objectives hierarchy showing primary interfaces between objectives
Figure 4.5 Individual risks and associated leading indicators for executive-level objectives
Figure 4.6 Individual risks and associated leading indicators for program-level objectives
Figure 4.7 Individual risks and associated leading indicators for center-level objectives
Figure 4.8 Individual opportunities, introduced risks, and associated leading indicators for executive-level objectives
Figure 4.9 Secondary objective interfaces for the example demonstration
Figure 4.10 Schematic of roll-up method alternative 1 for Objective E (>10) #1
Figure 4.11 Schematic of roll-up method alternative 2 for Objective E (>10) #1
Figure 4.12 Schematic of risk roll-up for Objective P (1) #11 in the example demonstration
Figure 4.13 Illustration of risk and opportunity scenario drivers and their time-frame criticalities
Figure 4.14 Illustration of risk and opportunity constituent drivers and their time-frame criticalities
Figure 4.15 Schematic showing the upward propagation of templates for full-scope EROM applications
Chapter 5: Management and Implementation of EROM at the Institutional/Technical Level (Technical Centers or Directorates)
Figure 5.1 The extended organization for a NASA center
Figure 5.2 NASA example of how each center takes risk and opportunity inputs from a variety of entities and supports multiple strategic objectives of the agency
Figure 5.3 A representative EROM organizational chart for a technical center that manages extended enterprises
Figure 5.4 The success of a technical center's inherited strategic objectives is dependent on the “right-sizing” of the resources available to the center (NASA example)
Figure 5.5 Outline of the steps in the iterative process for optimizing asset distributions based on costs and current and projected values of leading indicators
Figure 5.6 Illustration of iterative process for optimizing asset distributions based on costs and current and projected values of leading indicators
Chapter 6: Special Considerations for EROM Practice and Analysis at Commercial TRIO Enterprises
Figure 6.1 Integration of qualitative and quantitative modeling to evaluate the likelihood of success of a commercial TRIO enterprise
Figure 6.2 Example enterprise risk taxonomy for a commercial TRIO enterprise
Figure 6.3 Example opportunity taxonomy for a commercial TRIO enterprise
Figure 6.4 Example risk scenario statement and scenario event diagram for a risk in the taxonomic category “Competition from other companies”
Figure 6.5 Example risk scenario statement and scenario event diagram for a risk in the taxonomic category “Customer satisfaction”
Figure 6.6 Example risk scenario statement and scenario event diagram for a risk in the taxonomic category “Leadership mortality and succession issues”
Figure 6.7 Example risk scenario statement and scenario event diagram for a risk in the taxonomic category “Accident causing human deaths”
Figure 6.8 Example risk scenario statement and scenario event diagram for a risk in the taxonomic category “Changes in foreign exchange rates and interest rates”
Figure 6.9 Example risk scenario statement and scenario event diagram for a risk in the taxonomic category “Labor strikes”
Figure 6.10 Example risk scenario statement and scenario event diagram for a risk in the taxonomic category “Exploitation of new technology”
Figure 6.11 Example risk scenario statement and scenario event diagram for a risk in the taxonomic category “Act of terror”
Figure 6.12 Example risk and opportunity matrix for quantitative financial objectives
Figure 6.13 Example risk scenario statement, scenario event diagram, and scenario matrix for a risk in the taxonomic category “Competition from other companies”
Figure 6.14 Example risk scenario statement, scenario event diagram, and scenario matrix for a risk in the taxonomic category “Exploitation of new technology”
Chapter 7: Examples of the Use of EROM Results for Informing Risk Acceptance Decisions
Figure 7.1 Objectives and hypothetical cumulative risk parity table for GMD example
Figure 7.2 Risks and leading indicators for GMD example (2002 time frame)
Figure 7.3 Hypothetical composite leading indicator parity table for GMD example
Figure 7.4 Objectives and hypothetical cumulative risk parity table for CCTS example
Chapter 9: Brief Overview of the Potential Integration of EROM with Other Strategic Assessment Activities
Figure 9.1 Relationship between the TCA process and the EROM objectives interface and influence template
Figure 9.2 Relationship between the EROM risk-and-opportunity-based asset optimization process and the TCA asset right-sizing objective
Figure 9.3 Relationship between the EROM risk and opportunity identification and leading indicator evaluation templates and the SAR process
Figure 9.4 Relationship between the EROM risk and opportunity roll-up templates and the SAR process
Chapter 10: An Integrated Framework for Hierarchical Internal Controls
Figure 10.1 Conceptualization of the relationship between governance, risk management, and internal controls: strategic planning
Figure 10.2 Conceptualization of the relationship between governance, risk management, and internal controls: organizational performance evaluation
Figure 10.3 Simplified schematic of the interfaces between organizational management functions and organizational management levels
Figure 10.4 Standard control loop form
Figure 10.5 Example simple control loop for a mechanical system
Figure 10.6 Example form of a hierarchical system of internal control loops
Figure 10.7 Example primary control loop for the objective of improving risk management and system safety methodology and practice within the enterprise
Figure 10.8 Process diagram for the selected control activity: “Develop and update risk management and system safety policies, procedures, standards, and guides”
Figure 10.9 Secondary control loop for the selected control activity: “Develop and update risk management and system safety policies, procedures, standards, and guides”
Figure 10.10 Process diagram and tertiary control loop for the selected control activity: “Develop and update RM and SS policies, procedures, standards, and guides”
Figure 10.11 Example primary control loop for CCP's objective of achieving acceptable safety within schedule and budget using the RBA process and shared assurance model
Figure 10.12 Example generic primary control loop for achievement of internal control principles
Figure 10.13 Example primary control loop for demonstration of a commitment to integrity and ethical values
List of Tables
Chapter 2: Coordination of EROM with Organizational Management Activities
Table 2.1 Typical Executive, Program Directorate, and Technical Directorate Managerial Roles and Responsibilities (Adapted from NASA 2014a, Table D-1)
Table 2.2 Executive, Program Directorate, and Technical Directorate Standards of Support to Be Provided by EROM Consistent with Roles and Responsibilities Outlined Previously
Table 2.3 Example Risk Profile from the New OMB-Circular A-123
Chapter 3: Overview of EROM Process and Analysis Approach
Table 3.1 Typical Risk and Opportunity Scenario Types and Associated Leading Indicators
Table 3.2 Published Guidelines for Roughly Estimating the Ratio of the System Failure Probability from UU Risks to the System Failure Probability from Known Risks at Time of Initial Operation (Benjamin et al. 2015)
Table 3.3 Example Likelihood Scale for a Risk or Opportunity Relative to a Critical Organizational Objective
Table 3.4 Example Impact Scale for a Risk or Opportunity Relative to a Critical Organizational Objective
Chapter 4: The Development and Utilization of EROM Templates for Performance Evaluation and Strategic Planning
Table 4.1 A View of the Form of the Outcome for Cumulative Risks and Opportunities
Table 4.2 Risk and Opportunity Identification Template
Table 4.3 Leading Indicator Evaluation Template
Table 4.4 Example Entries for Leading Indicator Evaluation Template for Objective P(1) #11: Deliver the Cryocooler Subsystem
Table 4.5 Objectives Interface and Influence Template
Table 4.6 Known Risk Roll-Up Template
Table 4.7 Example Entries for Known Risk Roll-Up Template for Objective P(1) #11: Deliver the Cryocooler Subsystem
Table 4.8 Example Entries for Risk Roll-Up Template for Objective P(1) #11 Including an Intermediate Roll-Up to Risk Scenario Level
Table 4.9 Opportunity Roll-Up Template
Table 4.10 Example Entries for Opportunity Roll-Up for Objective E(>10) #1: Discover How the Universe Works, Explore How It Began/Evolved, Search for Life on Planets Around Other Stars
Table 4.11 Composite Indicator Identification and Evaluation Template
Table 4.12 Example Entries for Risk Roll-Up Template for Objective P(1) #11 Using a Composite Indicator
Table 4.13 UU Risk Roll-Up Template
Table 4.14 Example Risk and Opportunity Driver Identification Template
Table 4.15 Example Entries for Risk and Opportunity Scenario Likelihood and Impact Evaluation Template
Table 4.16 Example Entries for Risk Mitigation and Internal Control Template for Objective E (>10) #1: Discover How the Universe Works
Table 4.17 Example Entries for Opportunity Action and Internal Control Template for Objective E (>10) #1: Discover How the Universe Works
Table 4.18 High-Level Display Template
Table 4.19 Example Risk Roll-Up Template for the Next-Generation Space Telescope as Applied to Alternative Selection during Organizational Planning
Chapter 5: Management and Implementation of EROM at the Institutional/Technical Level (Technical Centers or Directorates)
Table 5.1 Distribution of Responsibilities among the Principal Entities within the JWST Project (Source: NASA 2016c)
Table 5.2 Templates for Distribution of Human (Workforce), Physical, and Instructional Assets
Chapter 6: Special Considerations for EROM Practice and Analysis at Commercial TRIO Enterprises
Table 6.1 Form of the Risk and Opportunity Identification and Evaluation Templates (Combined) for the Commercial TRIO Enterprise Example
Table 6.2 Form of the Risk and Opportunity Roll-Up Templates (Combined) for the Commercial TRIO Enterprise Example
Table 6.3 Qualitative/Quantitative Risk and Opportunity Roll-Up Comparison Template for the Commercial TRIO Enterprise Example (Excerpt)
Table 6.4 Example Controllable Drivers and Corresponding Existing Safeguards, Risk Mitigations, Opportunity Actions, and Internal Controls for XYZ Company
Table 6.5 Excerpt of the Risk Mitigation and Internal Control Template and the Opportunity Action and Internal Control Template for the Commercial TRIO Enterprise
Chapter 7: Examples of the Use of EROM Results for Informing Risk Acceptance Decisions
Table 7.1 Leading Indicator Evaluation Template for GMD Example (2002 Time Frame)
Table 7.2 High-Level Display Template for GMD Example (2002 Time Frame)
Table 7.3 High-Level Display Template for GMD Example after Adopting Corrective Actions That Balance the Risks to the Top-Level Objectives
Chapter 8: Independent Appraisal of EROM Processes and Results to Assure the Adequacy of Internal Controls and Inform Risk Acceptance Decisions
Table 8.1 Template for Evaluating EROM Process and Results
Chapter 10: An Integrated Framework for Hierarchical Internal Controls
Table 10.1 Example form of a RACI matrix
Table 10.2 Example summary chart of cascading activities, weaknesses, and controls for the SMA organization example
Table 10.3 Example RACI chart for the SMA example
Table 10.4 Candidates for secondary and tertiary control loops for CCP risk-based assurance process and shared assurance model
Table 10.5 GAO green book principles for internal control (GAO 2014)
Table 10.6 GAO green book means of accomplishment for principle 1 (GAO 2014)
Table 10.7 MIT-conducted NASA independent technical authority study: system safety principles for internal control and means of accomplishment (Leveson et al. 2005)
Table 10.8 Example template for aggregating means of accomplishment to principles
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset