Index

access controls, 148

Achilles, 38

Agamemnon, 38

Airbus, 109

Aldy, Joseph E., 153–168

Amazon, 17

anchoring, 7, 17, 84

Angola, 117

Apple, 17

Arab Spring, 102–103

Atchison, Jim, 89

audit department, 5

automobile industry, 29, 40, 48–49

Balanced Scorecard, 12

Ballmer, Steve, 76

Bayesian revision, 79

best-case scenarios, 36

biases, 7, 79–81

“Big I” innovation, 51–53, 57, 60, 65

Blackfish (film), 89, 102

Black Lung Disability Trust Fund, 156

BlackRock, 167

Black Swan events, 31–38, 43–44, 86

blind spots, 96

Blockbuster, 25

boat spotting, 98

Bombardier, 27–28

Bonsignore, Michael, 97

bonuses, 37–38

boundary protection, 148

BP, 1, 6

brand equity, 68, 69, 70, 72

breaches of contract, 92

Brexit, 103, 105

bribery, 111–112, 114, 117, 118, 119, 122

Brier score, 85–86

Brunetti, Aymo, 119

budgeting decisions, 9, 10

Burch, Druin, 34

Bush, George W., 100

business model

building risk into, 21–29

innovation, 21–23

cap-and-trade programs, 154–155, 157, 160

capital allocation, 135–137

capitalism, myths about, 37

carbon footprints, 158–160, 164

carbon pricing, 153–168

Carbon Pricing Corridors initiative, 160

carbon risk, 153–168

carbon taxes, 156, 165–166

car rentals, 28

Caterpillar, 28

CDP (Carbon Disclosure Project), 160

Centre for the Protection of National Infrastructure (CPNI), 142

Challenger space shuttle, 86–87, 100

Chávez, Hugo, 89

Chevron, 99

China, 93–94, 100–101, 103, 141

Citibank, 144

clawback provisions, 37

climate change, 92, 153–168

climate strategy, 153–168

Clinton, Hillary, 103

codes of conduct, 5, 124

cognitive biases, 7, 79–81

Cold War, 91, 93

collective action, 94–95, 119

Combs, Keith W., 46

commission, acts of, 34–35

commitment, escalation of, 7

commodity goods, 45

company management, 70, 73

company resources, 69–70

company values, 4, 5. See also corporate culture

comparative advantage, 37

compartmentalization, 11–12

competition, 67–71

competitive advantage, 53, 68, 135

competitive risks, 17

compliance issues, 1, 3, 108

compliance systems, 110

computer emergency readiness teams (CERTs), 146

computer simulations, 163

confidence quizzes, 80

confirmation bias, 7, 79–80

ConocoPhillips, 162

Consumer Financial Protection Bureau, 107

continuous learning, 101

contracts

breaches of, 92

with stakeholders, rewriting, 24–25

corporate culture, 5, 19, 107–109, 113–114, 116–117, 120, 124

corporate misconduct, 121–127. See also white-collar crimes

corporate scandals, 107–121

corruption, 92, 111–112, 116–120

Cowperthwaite, Gabriela, 89

Creese, Sadie, 141–152

crisis management, 100–101

cumulative risk, 90

customer data, 25–26

customer needs, 64, 65

cyberawareness programs, 148, 149–150

cybercrime-as-a-service industry, 144

cyberthreats, 92, 93, 141–152

Dao, David, 95

Dark Web, 144

data collection

on corporate misconduct, 123–126

customer, 25–26

Day, George S., 51–73

deal-killer risks, 130–131, 134, 135, 138, 139–140

decision making

budgets, 9, 10

group, 117–118

groupthink in, 7, 96

Deepwater Horizon, 1

Dell, 24, 29

demand risk, 23–24

Deutsche Bank, 109

devil’s advocates, 9

Dimon, Jamie, 20

discovery-driven learning, 139

disincentives, 37

Disney, 96

disruptive technologies, 17, 18

Dubai Ports World, 93

Duronio, Roger, 147

Duterte, Rodrigo, 105

easyJet, 69

eBay, 138

economic crisis. See financial crisis

economic disasters, 16

economic variables, 33

Edmondson, Amy, 117–118

efficiency, 36–37

E Ink, 131–132

electric cars, 26–27, 29

embedded experts, 10–11

employees

group decision making by, 117–118

hiring processes for, 150

insider attacks by, 141–152

integrity gaps and, 121–127

monitoring, 151–152

use of personal devices by, 144–145

white-collar crimes and, 108–121

entrepreneurs, risk management and, 130–140

Environmental Protection Agency (EPA), 158

environmental regulations, 92, 158

environmental risks, 16. See also climate change

estimations, 6–7, 17

ethical standards, 110

EU Emissions Trading System, 155, 160, 166

European Energy Exchange platform, 160

evolution, 36–37

Evonik, 48–49

executives

See also leadership

bonuses for, 37–38

cyberthreat awareness and, 145

risk management mistakes by, 31–38

white-collar crimes and, 110, 112, 115–116

exogenous shocks, 102–103

experimental ROI, 133–134

experimentation, 137, 138–140

experts

advice from, 34–35

embedded, 10–11

independent, 8–9

external risks, 2, 3, 6

management of, 15–19

sources of, 16–17

Extractive Industries Transparency Initiative (EITI), 118–119

extraterritorial reach, 92

extreme events, 33, 43–44

ExxonMobil, 162

Eyring, Matthew J., 129–140

facilitators, 9–10

Faraci, Steve J., 46

FCPA Blog, 119

FedEx, 98

feedback, 85

Feynman, Richard, 36, 97

financial crisis, 1, 11, 16, 19–20, 31, 102

financial projections, 71–72

financial services industry, 10–11, 17, 33

firewalls, 151

flash drives, 144

flexibility, 46

Ford Motor Company, 29, 40, 46–49

forecasting

See also predictions

carbon prices, 160–161

improving, 75–88

teams for, 81–85

foresight, 32–33

Fraser, John, 10

freedom of the press. See press freedom

free trade, 103

FrontPage, 136

Fukushima disaster, 39

function trap, 11–12

Gambill, Brad, 135

gender inequality, 115–116

General Electric (GE), 97

geopolitical risks, 16, 92, 93

Gianfrate, Gianfranco, 153–168

Gilbert, Clark G., 129–140

Girotra, Karan, 21–29

global financial crisis, 1, 11, 16, 19–20, 31, 102

globalization, 31, 103

global shocks, 102–103

global warming, 153–168

Goldman Sachs, 20, 109, 166

Goldstein, Adam, 105

Goldstein, Daniel G., 31–38

Good Judgment Project, 75–76, 79, 81, 82, 83, 85

Google Trends, 98

Greenhouse Gas Protocol, 160

group decision making, 117–118

group dynamics, 86–87

groupthink, 7, 96

growth strategy, 72

Gusikhin, Oleg Y., 46

Haitian earthquake, 101–105

Harbaugh, Jim, 101

Hastings, Reed, 133–134

Hayward, Tony, 1

Healy, Paul, 107–121

hidden risk, 43, 45–46

hindsight, 32–33, 130

hiring processes, 150

Honeywell International, 97

hospitality industry, 98–99

hubris, 38

Hurricane Katrina, 39

Hydro One, 10, 13

incentives, 37

incremental innovation, 51, 53, 57, 60

Independence of the Seas, 102

independent experts, 8–9

information asymmetry, 81

information technology (IT), 144

Infosys, 12, 13, 16

Innosight Ventures, 138

innovation

“Big I,” 51–53, 57, 60, 65

business model, 21–23

incremental, 51, 53, 57, 60

little “i,” 51, 53, 57, 60

profits from, 51, 71–72

risks, 51–52

risk taking and, 26–29

innovation portfolios, 51–73

risk matrix for, 52–60, 63

R-W-W screen for, 52–55, 60–73

insider attacks, 141–152

insider policy, 147–149

integrated experiments, 137

integrity, 116–117, 120–121

integrity gaps, 121–127

Intelligence Advanced Research Projects Activity (IARPA), 76, 83

internal carbon pricing, 153–168

internal conflict, 92

internal control systems, 5

intrinsic risks, 8

intuition, 80

Iran, 117

Iridium satellite phone, 63–64

isolationism, 103

Jet Propulsion Laboratory (JPL), 7, 8–9, 13

Johnson, Mark W., 29

Johnson & Johnson, 4

Joint Juice, 136

journalists, 119–120

JPMorgan Chase, 20

JP Morgan Private Bank, 11, 13

judgment, training for good, 78–81

Kahneman, Daniel, 80

Kaplan, Robert S., 1–20

Karpoff, Jonathan, 108

Kimberly-Clark, 125

Kleinfeld, Klaus, 116

Kux, Barbara, 117

Læssøe, Hans, 96

laws, 92

leadership

See also executives

challenges for, 19–20

white-collar crimes and, 109, 110, 112–117, 120

Lee, Gentry, 7

Lego Group, 96, 98

Lewicki, Chris, 9

Li & Fung, 93–94

linear optimization, 42

“little i” innovation, 51, 53, 57, 60

LiveOps, 24–25, 26

Löscher, Peter, 116, 119

low-probability events, 31–33, 43–44, 86, 90

Lund, Helge, 118

malware, 149, 152

management, 70, 73, 110

market potential, 63–66

market research, 70–71

market share, 67

Marriott International, 98, 99

mathematical equivalence, 36

McDonald’s, 53, 54, 56, 70

media, 119–120

medical tourism, 134

megadisasters, 39

Mellers, Barbara, 76

memory cards, 144

Merton, Robert, 26

#MeToo movement, 114

Michelin, 164–165

Microsoft, 76, 136, 163–164

Middle East, 102–103

Mikes, Anette, 1–20

mission statement, 4, 5

mobile devices, 144–145

Monte Carlo simulations, 97

moral hazard, 18

Morton Thiokol, 86–87

Motorola, 63–64

MyFab, 21–22, 24–25

NASA, 86–87, 100

National Intelligence Council, 75

nativism, 103

natural disasters, 16, 39, 101–105, 153

natural resources, 92, 118

Navalny, Alexey, 119

negative advice, 34–35

Netessine, Serguei, 21–29

Netflix, 63, 133–134

New Coke, 63

new ventures

funding of, 135–137

risk management for, 129–140

Nokia, 46

normalization of deviance, 7

Norsk Gjenvinning (NG), 116, 117

Odebrecht, 108

Oil Spill Liability Trust Fund, 156

old-boy networks, 110

omission, acts of, 34–35

operational-level risk management, 9–10

organizational integrity, 120–127

organized crime, 146

Orlob, Alan, 99

Osmundsen, Erik, 116, 117

Ottoman Empire, 102

oversight structure, 13

Parenting magazine, 140

Paris Agreement, 154, 160

Partnering Against Corruption Initiative (PACI), 119

password policy, 148

patents, 68, 69

path-dependent risks, 131–132, 134, 135

Pepsi Bottling Group, 46

performance impact (PI), 41–42

personal devices, 144–145

pharmaceutical industry, 33, 34

Philippines, 105

phishing, 149

Pohlmann, Andreas, 116

policies

carbon, 155, 156, 157, 160

climate, 155

energy, 157

political risk and, 92

political action, 90

political risk, 89–106

analysis of, 97–98

appetite for, 95–96

case example, 101–105

exogenous shocks and, 102–103

framework, 95–101

guiding questions for, 94

limiting damage from, 99

mitigation of, 98–99

responding to, 100–101

sources of, 89–95

supply chains and, 91, 93–94

technology and, 94–95

types of, 92

warning systems, 99

politics, 91, 93

populism, 103

portfolio review teams, 53

positive advice, 34–35

precedents, 33

predictions

See also forecasting

accuracy of, 79

errors in, 84

of extreme events, 32

improving ability to make, 75–88

performance tracking, 85–87

of rare events, 43–44

risk management and, 32–34

press freedom, 119–120

preventable risks, 2, 4–5

process flexibility, 46

Procter & Gamble, 63, 71

product concept, 66–67

product-design flexibility, 46

product development, 51, 60–73

product failures, 63, 67

product improvements, 65–66

production process, 23–24

profitability, 51, 71–72, 111–112

project screening teams, 61

protectionism, 16, 103

Prueher, Joseph, 101

psychological biases, 36, 80

psychological safety, 118, 120

PwC, 109, 114

Ramanathan, Ramesh, 119

Ramanathan, Swati, 119

randomness, 33–34

Ranganath, M. D., 12

rare events, 31–33, 43–44, 86

reasoning errors, 79

red teams, 97

redundancy, 36–37

Regional Greenhouse Gas Initiative, 155

regression to mean, 79

regulations, 92, 109, 157

Reiss, Bob, 129, 130, 140

Reporters Without Borders, 120

resource allocation, 9, 10, 19

revenue, 57

Ricardo, David, 37

Rice, Condoleezza, 89–106

risk analysis, 97–98

risk appetite, 95–96

risk-driven innovation, 26–29

Risk Event Card, 13, 14, 16

risk exposure index (REI), 42, 46–47

risk function, 19

risk management

Black Swan events and, 31–32, 33

for climate change, 153–168

as compliance issue, 1, 3

corporate scandals and, 107–121

difficulties with, 6–8

of external risks, 15–19

of innovation portfolio, 51–73

for insider cyberthreats, 141–152

leadership challenges, 19–20

mistakes in, 31–38

new framework for, 1–20

for new ventures, 129–140

operational-level, 9–10

oversight structure, 13

of political risk, 89–106

rules-based, 3, 6, 7–8

of strategy risks, 8–13

supply chains, 39–50

risk managers, 11

risk matrix, 52–60, 63

risk mitigation, 44–46, 48, 98–99

Risk Report Card, 15

risk review boards, 8–9

risk(s)

building into business model, 21–29

categories of, 2–6

climate, 153–168

compartmentalizing, 11–12

cumulative, 90

deal-killer, 130–131, 134, 135, 138, 139–140

demand, 23–24

external, 2, 3, 6, 15–19

framing, 36

geopolitical, 16, 92, 93

hidden exposures to, 43, 45–46

innovation, 51–52

intrinsic, 8

measurement of, 35

path-dependent, 131–132, 134, 135

political, 89–106

preventable, 2, 4–5

reducing, 22–26

resolving, 133–135

revenue and, 57

strategy, 2, 3, 5–6, 8–13

taking, 26–28

value and, 132–133

Rogers, Will, 80

Rolls-Royce, 27, 29

Roman Catholic Church, 114

romance scam, 145

RosPil, 119

routers, 151

Royal Caribbean International, 99, 101–105

rules-based risk management, 3, 6, 7–8

Russia, 103

R-W-W screen, 52–55, 60–73

Sanders, Bernie, 103

SARS outbreak, 39

scenario analysis, 3

scenario planning, 17–18, 96, 163, 167

Schmidt, William, 39–50

Schoemaker, Paul J. H., 75–88

Schrello, Dominick M., 52

SeaWorld, 89, 97, 102

Segway, 63–64

senior executives, 110, 112, 115–116, 145

September 11, 2001, 102

Serafeim, George, 107–121

shadow pricing, 162–164

shareholder value, 36–37, 112

Shell Oil, 17

Shultz, George, 99

Siemens, 108, 111, 113, 114, 116–117, 119

Simchi-Levi, David, 39–50

smartphones, 144

SNC-Lavalin, 111, 113

Snowden, Edward, 142

social activism, 91, 92, 94–95

social media, 145

Solmssen, Peter, 116–117, 119

Soltes, Eugene, 113, 121–127

South China Sea, 103

Soviet Union, 93

specialization, 37

Spitznagel, Mark W., 31–38

stakeholders, 24–25, 99, 166–167

standard deviation, 35

standard valuation approach, 163

startups, 129–140

Statoil, 117, 118–119

Stevenson, Howard, 129

strategic components, 45

strategic planning, 3, 12–13

strategy, 72–73, 166

strategy risks, 2, 3, 5–6, 8–13

stress-testing, 17

Stumpf, John, 107, 108, 113

Stuxnet virus, 141, 145

subcontractors, 150–151

superforecasting, 75–88

superstorms, 39

suppliers

cyberthreats and, 150–151

dependencies on, 44

segmenting by risk level, 44–46

supply chains

dependencies and bottlenecks in, 44

disruptions to, 39–50

fast, 23–24

political risk and, 91, 93–94

Suskewicz, Josh, 29

Susquehanna International Group, 80–81, 87

Swiss Re, 159, 162

Syrian civil war, 102–103

system flexibility, 46

tablets, 144

tail-risk stress tests, 17

Taleb, Nassim N., 31–38

Target, 141, 150

targeted experiments, 137

teams

forecasting, 81–85

group dynamics, 86–87

trust on, 84–85

technological innovation, 8

technology, 94–95

technology push, 63–64

Teck Resources, 165–166

terrorism, 92, 93, 98–99, 102

Tetlock, Philip E., 75–88

Tetra Pak, 166

threats

assessment of, 99

from climate change, 153–168

from insiders, 141–152

overlooking of, 7

3M, 52, 68–69, 70, 72

Timbuk2, 24

time to recovery (TTR), 40–44, 47

Tolstedt, Carrie, 107, 113

Toyota Production System, 29

training

cyberawareness, 149–150

to make good judgments, 78–81

transparency, 118–119

Transparency International, 109, 111, 117, 119

Treville, Suzanne de, 28–29

Trigeorgis, Lenos, 28–29

Trump, Donald, 103, 105, 153–154

trust, 84–85, 117–118

tunnel vision, 84

UBS Wealth Management, 147

Ukraine, 103

uncertain events, 76–77

United Airlines, 95

United Arab Emirates (UAE), 93

United States, 93, 100–101, 156

Upton, David M., 141–152

USB devices, 144–145

value chain, 22, 24–25

value creation, 26–28, 132–133

value statement, 4, 5

venture capitalists, 135

Vermeer Technologies, 135–136

Vietnam, 93–94

Volkswagen, 108

Volkswagen do Brasil, 12–13, 14–15

Vormetric, 143

vulnerability management, 148

war-gaming, 3, 18–19, 96

Weder, Beatrice, 119

Wei, Yehua, 39–50

Welch, Jack, 97

Wells Fargo, 107–108, 109, 113

We Mean Business coalition, 160

whistle-blowers, 113

white-collar crimes, 108–121

Whitman, Meg, 138

Whitty, Monica, 146–147

Wolaner, Robin, 140

World Bank, 109, 119, 160

World Press Freedom Index, 120

Xerxes, 38

Zara, 23–24, 29

Zegart, Amy, 89–106

Zhang, Don X., 46

Zhikarev, Gregoriy, 11

Zipcar, 27, 28, 29

Zubrow, Barry, 20