We are currently moving our web services and information to Canada.ca.

The Treasury Board of Canada Secretariat website will remain available until this move is complete.

Annotated Bibliography for the Study on: Best Practices in Risk Management: Private and Public Sectors Internationally


Introduction

In FY 1998-99, KPMG was engaged in a contract with the Treasury Board Secretariat to produce a report identifying best practices in risk management in the private and public sectors internationally. The study objective was to identify risk management best practices including strategies, approaches, methods, tools and techniques and how they can be used in the Canadian federal government.

The final report, entitled "Best Practices in Risk Management: Private and Public Sectors Internationally" focuses on "best" practices, i.e., practices that were particularly effective in helping an organization achieve its objectives for managing risk and are deemed to be of value to other organizations. The study highlights risk management practices that have been integrated into other management practices such as those for planning and decision-making. It also looks at the strategies for planning, developing, implementing and monitoring risk management.

A significant component of the research behind the study consisted of a broad literature review. The study sample of 228 relevant publications contained much valuable information and was consolidated into an annotated bibliography. The annotations provide reference information and brief descriptions of the articles. To help readers target their areas of interest, the articles have been grouped into a number of categories: general (the what and why of risk management), strategic, governmental and operational.

The bibliography reflects the international focus of the study. Readers wanting Canadian articles can refer to the companion best practices study, "Review of Canadian Best Practices in Risk Management", prepared by Performance Management Network Inc.

The Canadian and international study reports on risk management best practices are available at: http://www.tbs-sct.gc.ca under Policies and Publications, Risk Management.

General:

What is Risk Management, Why Risk Management

The Changing Face of Risk Management. Vol. 55, No.5, Internal Audit, p.11-12.

This article focuses on the trend where organizations are instituting corporate risk cultures that focus on risk management and shifting away from relying on insurance policies to offset risk. This articles discusses how organizations are placing responsibility for risk management on all employees, and that organizations are defining risk as encompassing any source of uncertainty (including risk, political, health and safety, fraud, etc.).

A CFO'S View. Vol. 44, Risk Management, New York, September 1997, pp. 21-27.

In this interview, Mike Brown, CFO of Microsoft Inc., shares his views on risk management. Brown is more interested in whether the service adds value and how much it costs the firm to provide it than to costs related to risk. He relies on a strong risk management team to interact with people outside the company. In the beginning, the function was offering traditional buying of property/casualty insurance. Now, the group is working with issues such as risk handoffs between a foreign subsidiary and the parent. His risk management vision includes involving all the employees in the process by communicating awareness through the Intraweb. It is an inexpensive, effective and efficient way to communicate with employees. After that, a risk manager should be close in his personal workings with people at a fairly strategic level. Brown believes risk management should be in the organization where there's natural alignment, synergy and dialogue with strategic planning.

A World of Risk. Risk Management, January 1998, pp. 11.

Globalization - The most successful global companies define themselves as "domestic companies operating world-wide." With this perspective, a firm can see itself as "a global company with the entire world as a domestic market". A global firm must consider the regulatory environment (i.e. its insurance company's global licenses); the customer's buying habits and the extent of authority given to foreign managers; the liability issues involved in paying premiums in one country for the benefit of a foreign subsidiary; the selection and quality of insurers.

Abbott, Howard. Taking the Rap. Vol. 5, No. 4, International Risk Management, April 1998, p. 24.

This article discusses how strict liability in tort has forced companies to place greater focus on packaging risks. Packaging can cause injury to the user, i.e. exploding bottles, glass splinters in food, etc. The author discusses relevant cases worldwide, and emphasizes that the onus lies with the manufacturer to assess the risks and pre-empt them.

Adopting an Enterprise-Wide Approach to Risk. Risk Management, January 1998, pp. 16-17.

An integrated approach to managing risk represents a dynamic process for optimizing the level of risk that a firm assumes in pursuit of business goals. The opportunity is to apply traditional risk management principles, processes and tools to the larger framework of risks faced by an organization, enhancing the firm's ability to achieve its business objectives. Coordinating and financing all facets of organizational risk effectively is critical to maximizing success. The risk management profession is challenged by a larger environment, an evolving role, and a new approach. The article examines the enterprise risk management approach.

Aftermath of Bank Crisis - Better Supervision is Needed. Financial Times, Reuter Textline, March 14, 1997.

This brief article provides an overview of Mexico's financial crisis in 1994-1995, highlighting the lack of regulation of the region's newly liberalized financial systems. The US credit rating agency, Standard & Poor's, estimates the crisis could cost the government $30 billion. Greater effort must now be taken to improve bank supervision and regulation within Mexico.

Allen, Anne B. Ghostly tales of opportunities for change: A legislative carol. Vol. 44, Risk Management, New York, December 1997, p. 66.

The importance of political action by people in the field of risk management is told in the vein of Charles Dickens' classic story, A Christmas Carol.

Allen, Anne B. Toward a better standard. Vol. 44, Risk Management, New York, January 1997, p. 54.

The growth of risk management in the international community has prompted bodies in several countries, most notably the Canadian Standards Association (CSA) and Standards Australia/New Zealand, to examine standards for the profession. Risk managers' reactions to the CSA and Australia/New Zealand standards were considerably different and their comments have helped to form the basis for RIMS' response to this emerging issue.

Australia: Corporate Treasurers Lack Adequate Systems. Australian Banking and Finance, December 1997.

This article discusses a recent survey conducted by Ernst & Young and the Australian Society of Corporate Treasurers, which found that less than half of survey respondents had invested in a treasury system. The main problems identified with current systems were: the lack of integration of systems and databases (27%); insufficient reporting capability (25%); and lack of front office analytical capability (23%).

Balcer, Georges. A forum for quality. Vol. 44, Risk Management, New York, January 1997, p. 62.

A commentary is presented discussing the Quality Insurance Congress (QIC), a joint partnership between the insurance industry, its service providers, and the industry's customers. The QIC allows risk managers to voice their opinions directly to insurance representatives and to receive immediate feedback.

Barlow, Douglas. The Essence of Risk Management. Risk Management, September 1998, p. 88.

Risk Management is the outward expression of a drive to perceive and appraise risks to which they or their interests are exposed, and to respond to the risks by measures designed to minimize their cost and maintain services commonly rendered by employees. There is an unease about the adequacy of coverage available under insurance and other loss-financing arrangements, a possibility of risks hitherto unperceived, about possible climatic change and its effects, and risk involved in litigation, with its high costs.

Beer, Stan. Australia: News - Bug-battle Bill Blows Out By Billions. Australian Financial Review, December 2, 1998, p. 1.

Mr. Pritchard, director of the Commonwealth Bank of Australia's Year 2000 program, expressed his concern regarding the lack of preparedness on the part of small and medium-sized companies to deal with the Y2K problem. Domino effect in the supply chain was emphasized.

Bernens, Robert. Establishing Expected Practices. Risk Management, January 1997, pp. 14-16.

Risk management professionals do not have standards because there is not professional organization that provides guidance, oversight or development of the discipline. There are no educational or experience requirements. UK, Australia and New Zealand have developed standards that require an organization's management to regulate the risk management process. The society including shareholders have a right to expect that management has addressed the risk issues. Where do the US, Canada and RIMS stand?

CFOs on financial hiring. Vol. 45, Risk Management, New York, September 1998, p. 8.

According to the Robert Half International Financial Index, chief financial officers in both the US and Canada foresee an increase in hiring of accounting and financial professionals during the 3rd quarter of 1998. A net boost of 11% in the US and 6% in Canada is expected.

City of Santa Clara Moving Ahead; Silicon Valley Power, Engage Energy From Alliance. BUSINESS WIRE PR Newswire Reuter Textline.

The article discusses the strategic alliance that has occurred between Silicon Valley Power and Engage Energy US. The companies are currently in the process of implementing an infrastructure for measuring and managing risks and opportunities.

Clack, Peter. Australia: Business Declares war on Fraud. Reuters Business Briefing, Jan. 25, 1999.

This short article discusses the increasing trend by Australian organizations to implement prevention policies to counter fraud that is carried out for money, property, time or information. In 1997, 75% of Australian organizations had implemented anti-fraud policies that ranged from policy statements to specific agency behaviour. In the 1990's a complex database system had been set up across Australia to prevent taxation and social security fraud by allowing government agency employees to conduct data-matching on clients.

Company Directors Want Risk Protection. Sydney Morning Herald, Reuter Textline, July 30, 1996.

A new study has revealed that two-thirds of Australian company directors mentioned that their company had no formal risk management policy in place. The survey also identified the most common areas of company risk: customer satisfaction, human resource management and information technology.

Country Briefing. BAe rethinks risk management. EIU Country Alerts Economist Intelligence Unit, Sept. 4, 1998.

A costly fire in 1981 motivated British Aerospace (BAe) to conduct business continuity planning (BCP) to ensure that recovery schemes were in place in the event of another catastrophe. The key to BCP is ensuring that all business units are aware of each other's strengths and weaknesses, thus enabling different departments to collaborate when developing disaster recovery plans. BCP conducted in-house ensures buy-in from all parts of the company and enables the sharing of 'best practices' amongst departments. This article is appropriate for managers developing mitigation strategies.

Covello, Dr. Vince. CRIMS '98 New Frontiers: Explore, Chart and Conquer. Risk Communication (Plenary Session), October 4-7, 1998.

Slides from a presentation by Dr. Covello, director of the Center for Risk Communication in New York City, provide an overview of risk communication. The presentation describes barriers, i.e., non-verbal communication, trust and credibility factors, that need to be overcome to communicate risk. Dr. Covello also provides risk communication guidelines for female presenters.

Davies, Anthony. New Zealand: Compliance - Keeping up with the Regulators. Independent Business Weekly (NZ), September 30, 1998.

Brian Sharpe, Australian compliance expert, discusses how many companies have compliance problems. Two main reasons why compliance systems fail are: an inadequate understanding of one's statutory or regulatory obligations; and an inadequate understanding of business by compliance personnel. One lesson learned is that compliance should be imbedded in management systems and not be an add-on.

Edlin, Bob. New Zealand: Luxton Lunges at Red Tape While Business Champs at Bit. Independent Business Weekly (NZ), October 10, 1997.

This article discusses a recent speech from John Luxton, Commerce Minister, declaring war on red tape. An initiative he is considering is a Regulatory Responsibility Act which would require governments to certify that proposed regulatory actions are based on 'robust regulatory management principles'. The article also mentions arguments from critics who contend that the government is slow in implementing new initiatives.

Ernst & Young. The Hidden Risks of Risk Management. Ernst & Young 1998.

This paper discusses the hidden risks of risk management. The authors warn that a series of exercises, i.e., random risk assessment workshops, annual self-evaluation checklists, etc., can become another administrative burden taken on by employees. The existence of such exercises can also lead a Board to assume that everyone is practicing safe risk. Integrated management of risks can provide a genuine competitive advantage when driven from a coherent vision set by top management and implemented through an aligned risk management framework.

Ewing, Lance. How to make a difference. Risk Management, New York, November 1998, Vol. 45, p. 12.

It is important for risk managers to be active and interested in the political process. Elected officials, whether at the local, state, or federal level, deserve to know what issues are important to risk managers and the companies they serve. The author describes the four ways to contact elected officials: 1) The in-person visit; 2) The written letter; 3) Correspondence online; and 4) The telephone call.

Fatal distractions. Vol. 45, Risk Management, New York, October 1998, p. 9.

Some highway or airline accidents may be the result of spontaneous negligence on the part of the vehicle operator. On an automated test, ½ of the participants were distracted from their primary task. - Dr. Luis de Boer of TNO Human Factors concludes, "It is perhaps a fundamental limitation on human vigilance."

Feldman, Paul. Risk Managers' Global Concerns. Risk Management, June 1998, p. 64.

This short article presents globalization, consolidation and technology as three major areas of concern for risk managers today and the future, according to a new survey by Liberty Mutual. The number of companies expanding through acquisition increased from 1996 by over 20%, to 53%. Yet, the lack of standardized written operating guidelines will make their policies and procedures difficult to comprehend. Globalization requires understanding the way foreign businesses are run and the local culture; having a centralized system for claims; international shipping exposures; the consolidation of financial and performance measure and having loss control plans for each country. The merger trend is prompting a parallel consolidation of job functions. The internet technology is radically changing risk management information gathering and exchange.

Fenelle, Cheryl. "Partnerships-mirage or reality?". Risk Management, New York, May 1996.

At the Association of Insurance and Risk Managers Conference 1996 in March, risk managers, underwriters and management professionals shared solutions and ideas in interactive workshops and sessions. Among today's most powerful business trends is the partnership between supplier and customer in which the supplier gets more involved in the workings of the customer's companies.

First aid for disaster-struck businesses. Vol. 44, Risk Management, New York, May 1997, p. 8.

IBM customers can now turn to recently opened business recovery center to ensure that their computer systems and businesses can continue to run when a disaster disrupts their operations. The short article states that "the growth of networking computing, the importance of information and the global nature of business make total business protection more critical than ever before."

From the ground up. Vol. 45, Risk Management, New York, December 1998, pp. 48-52.

Regi Shindler, director of risk management for Oregon Health Sciences University, implemented a risk management program in 1997. The article shares his implementation experiences and his successes from having initiated a program of self-insurance and a Computer Information & Data Security Insurance. The product not only includes protection from loss of electronic information, but also provides expert consultation on key issues to prevent loss, recover data and manage incidents when they occur.

Gentile, Mary C. Setting the right course: Business ethics. Vol. 45, Risk Management, New York, September 1998, pp. 26-34.

Risk managers are not only challenged to develop sources and systems for capturing accurate, complete timely intelligence, but also to cultivate receptive and non-retaliatory listeners among corporate leadership. All the openness in the world counts for nothing if employees remain unconvinced that such receptivity exists. Employees who are convinced there is no audience for their concerns internally may take accounts of unethical or unsafe practices to the media. An effective ethics program is concerned with the identification, development and sharing of information regarding the thorny questions of human behaviour and shifting values. At a time when risk management is evolving, an ethics program can be a catalyst.

Gerber, Joseph A. and Glazer, Richard C. Seeking responsibility: Recovery for risk managers. Vol. 45, Risk Management, New York, February 1998, pp. 40-44.

By incorporating a careful investigation of a large loss into the organization's contingency plans, a risk manager can help establish cause and improve the company's ability to pursue any responsible parties legally. Even if your firm decides not to pursue a recovery action, an investigation can generate information that will be helpful for the insurance claim and may also provide valuable insights into preventing similar incidents at other facilities. Two examples are presented which illustrate the importance of a thorough investigation and meticulous evidence preservation.

Gluyas, Richard. Australia: Governance Bombshell - Only 1 in 10 Up to Scratch. Australian, April 17, 1997, p. 17.

A recent survey by the Australian Investment Managers Association revealed that 90% of Australia's 100 top listed companies fell short of international best practice in disclosure of their corporate governance practices and policies. At the same time, investors are increasingly willing to pay a premium for those companies that adhere to best practice in corporate governance.

Grabowski, Martha and Roberts, Karlene. Risk mitigation in large-scale systems: lessons from high reliability organizations. Vol. 39, No. 4, 1997 Information Access Company, a Thomson Corporation Company, 1997 Regents of the University of California, California Management Review, p.152.

The author defines risk mitigation as the process of identifying risks and articulating and introducing measures to reduce them. The article specifically discusses the implementation of risk mitigation strategies in large-scale systems. Autonomy and interdependence in large-scale organizations makes it difficult to implement risk mitigation if risks are not articulated, understood or properly managed. The author argues that organizational protections should be instituted to insure that autonomy and interdependence mitigate, rather than exacerbate risk.

Grapperhaus, Roberta. Management's Perspectives on Risk. Risk Management, September 1997, pp. 11-16.

This article shares the perspectives and experiences of managers. Northwest Airlines learned that management must constantly examine each specific risk to see if and how can it be reduced. Canada Post's risk management philosophy is based on human resources, operating principles and strategic principles. MedRisk believes that every company should know what its risks are, what the risk drivers are and what influences the per-unit cost. Through its many acquisitions, Pettibone Inc. has learned to communicate standard policies to all new companies.

Group Success. Risk Management, December 1998, pp. 53-54.

This article shares information about the activities and success of the Risk and Insurance Management Society (RIMS) Ozarks, Missouri Chapter.

Hanley, Mike. Chain Reactions. Vol. 6, No. 1, International Risk Management, An Emap Business Publication, December 1998/January 1999, p. 23.

This article discusses how companies are looking to manage their risks from a holistic perspective, realizing that risks in one part of the company will impact on different risks in other parts of the company. Organizations are now seeking insurance that covers them on a portfolio basis, comprehensive 'bottom-line protection', rather than on a line-by-line basis.

Hanley, Mike. Containing the Colossus. Vol. 5, No. 4, International Risk Management, An Emap Business Publication, April 1998, p.18.

Nelson Chanfrau, risk manager for the Port Authority of New York and New Jersey, discusses how his risk management department handles a variety of risks, ranging from bus accidents to terrorist bombs. The goal of the department is to ensure complete safety for customers and employees.

Harper, Timothy F. Sharing our sandbox: Commonsense advice from an aviation risk manager. Vol. 44, Risk Management, New York, October 1997, pp. 35-40.

An aviation risk manager offers suggestions for selecting an aviation insurance carrier and discusses matters that are particular to aviation risk management. As in other areas, it is important to do homework. Talk to the companies contracting with you for a particular service. Find out what they know about their own insurance, what it covers and what risks a specific operation entails. When one can define the risks and its associated liability, each company can deal with the other on a more equitable basis.

Harpole, Tom. Weathering the storm. Vol. 46, Risk Management, New York, January 1999, pp. 47-49.

As standard practices evolve in response to the threat of hurricanes, it would be untenable for any risk manager with responsibility for property protection to claim a lack of information on missile-impact resistant window glazing. Managers need to be sure that the claims made by manufacturers are based on recognized standards developed by credible institutions.

Head, George L. Risk management education goes global. Risk Management, New York, June 1996.

Thanks in part to the support the Insurance Institute of American's Associate in Risk Management program has received from the Risk and Insurance Management Society (RIMS) since its development in 1965, it is growing not only in numbers - more than 17,000 members now have earned the designation - but also in influence and reputation within the international risk management community. As a result of several agreements that the Insurance Institute of America (IIA) has signed recently with educators in France, Australia and Germany, the Associate in Risk Management program (ARM) is becoming more readily available and meaningful in those countries.

HK Banks Remain Strong Despite Loan Losses - Study. Reuter News Service-Far East, Reuter Textline, May 8, 1997.

This article discusses a recent study which revealed that Hong Kong banks still compare favourably to other banks worldwide even though they have recently experienced a rise in bad debts. The author notes that Hong Kong banks are well protected against the rise of bad debts.

Hunt, Ben. Staying out of Court. Vol. 6, No. 2, International Risk Management, An Emap Business Publication, February 1999, p. 20.

This article discusses the growing trend of European legal departments becoming more risk-management oriented. This trend has resulted from the introduction of new legislation, i.e., KonTraG - the German corporate governance law on control and transparency introduced in May 1988. New legislation and fear of US-style legislation has forced companies to place greater emphasis on law and regulatory issues. Examples of preventive law include the implementation of education programmes once risks have been identified.

Investing in employees' futures. Vol. 44, Risk Management, New York, April 1997, p. 14.

Employers have traditionally shied away from offering employees investment advice for their 401k assets for fear of legal implication in the event that an employee portfolio turned sour. But now, employers are bringing in outside advisers to assist employees with their retirement funding strategies, according to an article from Institutional Investor.

Irvine, Julia. Taking a calculated risk. Vol. 122, No. 1263, 1998 UMI, Inc., Institute of Chartered Accountants in England & Wales 1998, Accountancy, pp.42-43.

Ian Brindle, senior partner at Price Waterhouse UK, discusses the collapse of the Bank of Credit and Commerce International (BCCI) and the recent $95 million settlement. Mr. Brindle also discusses his recent role as head of PwC's global risk management. One key step taken by the firm is to place the responsibility for risk management high up in the organizational hierarchy. Mr. Brindle acknowledges that had well-developed risk management procedures been in place, then BCCI would have been considered a high-risk client that may not have been taken on.

Kelly, William J. The role of management consultant. Vol. 45, Risk Management, New York, January 1998, p. 50.

This is a book review of "Dangerous Company: The Consulting Powerhouses and the Businesses They Save and Ruin", by James O'Shea and Charles Madigan. The book takes a critical look at management consultants. It is particularly important for risk and insurance managers because they generally reside in a cost center. As organizations cut costs the insurance and risk management department, along with every support function, will be evaluated on the basis of analytical methods.

Kirkwood, Don. Australia: Smaller Companies Risk Financial Loss. Business Queensland, 1998 Business Newspapers Australia Pty Ltd., April 20, 1998.

This article discusses a recent survey of small Australian companies, and revealed that many had inadequate risk management strategies to protect them against bad debts. Many small sized companies had low levels of awareness of simple credit checking procedures and policies. As well, many did not seek professional help due to lack of time, cost, or awareness.

Knight, Curtis. Statement on best practices. Vol. 80, No.6, Journal of Lending & Credit Risk Management, Feb. 1998, p. 79.

This short article discusses a new series of guideline style papers, 'Statement of Best Practices Paper', produced by the RMA Committee on Securities Lending. The purpose of these papers is to enhance communications within the securities lending industry between securities lending agents and clients. Each paper establishes a framework for discussion of various risk aspects of securities lending with industry participants.

Knight, Rory F. and Pretty, Deborah J. Value at risk: The effects of catastrophes on share price. Vol. 45, Risk Management, New York, May 1998, p. 39-41.

The effect of catastrophes on shareholder value was examined by focusing on 15 major losses including the Tylenol product tampering and recall in 1982, the gas leak in Bhopal, India, and the Exxon Valdez oil spill. As would be expected, each catastrophe has a significant negative initial effect amounting to, on average, an almost 8% decline in the shareholder value of the analyzed companies. This reduction was followed, in most instances, by an apparent full recovery in just over 50 trading days, which suggest that the net impact on a firm's share price is negligible. The ability to recover lost shareholder value over the long term, however, varies considerably between firms. In formulating risk management policies, corporate managers have to evaluate alternative strategies against the criterion of shareholder value maximization.

Knowledge Management: Leveraging Information. Gartner Group, Conference Presentation, 1998.

This article focuses on the application of knowledge management. Organizations need to identify where the use of knowledge has an effect on performance impact and what are the characteristics of the type of knowledge that can be captured and shared. Companies need to recognize the increasing dependence on knowledge, and they should use the trend of increasing market value coming from intangibles such as knowledge to bring attention to knowledge management. The article outlines the guidelines that should be followed to maximize acceptance and use of knowledge sharing within an organization's culture.

Lange, Scott. Disaster planning: The challenge within. Vol. 45, Risk Management, New York, May 1998, pp. 34-37.

Much has been written on the subject of organizational planning for disasters. Yet even with this bounty of intelligence and the imprinted lessons of the past, most organizations do not have an effective plan for surviving a major catastrophe. Indeed, the real key to surviving disaster lies in changing the psychological patterns that prevent people from accepting that they are at risk.

Larner, Digby. Benchmark or Impediment? Vol. 5, No. 7, International Risk Management, An Emap Business Publication, July/August 1998, p. 35.

The author discusses the difficulties with implementing a global industry standard. The joint Australia/New Zealand standard was put forward but rejected by the French who argued that it was submitted to the wrong body. Arguments for and against the implementation of a global risk management standard are presented in this article.

Levin, Michael R. and Rubenstein, Michael L. A Unique Balance: The Essence of Risk Management. Risk Management, September 1997, pp. 37-40.

The term risk management means different things to different people. For investment bankers: hedging, FX, interest rates, liquidity, and commodity price exposures. Internal auditors: operational and financial controls. The article first discusses why risk managers find the euphemism can sometimes imply a lack of stature and a narrow focus in their organizations, when they like to think they add considerable value. Addressing the confusion, the author clarifies the unique value-added contributions of risk managers (i.e. exposure management, risk identification and assessment, risk financing). Risk managers appear to have a better perspective, more effective tools, better resources and knowledge than the managers do in various functions. Risk managers also study the relationship among risks and apply the most advanced concept of balance. Risk management should be the process of understanding exposure in an organization and balancing the appropriate control and financing tools for a given exposure or portfolio of exposures.

Managing risk, FNB, p. 67.

This article discusses the purpose of group risk management, which is to ensure that all material risk is properly controlled and managed on a continual basis. The components of proper risk management for derivative instruments includes an appropriate overview by the board of directors and senior management, and continuous independent risk monitoring with frequent management reporting.

Managing Risks - Top-down Coordination is Crucial. Business Times (Singapore) Reuter Textline, October 22, 1997.

KPMG Asia Pacific Consulting notes that companies should implement a firm-wide risk management function (RMF) to carry out the risk management on a day-to-day basis. The RMF must be able to measure risk consistently across all lines of business and monitor value at risk limits. Consequently, KPMG defines risk management as a continuous process of balancing risk-taking against a well-designed control environment.

Managing Risks - Top-down Coordination is Crucial. Business Times (Singapore) Reuter Textline, October 22, 1997.

KPMG Asia Pacific Consulting notes that companies should implement a firm-wide risk management function (RMF) to carry out the risk management on a day-to-day basis. The RMF must be able to measure risk consistently across all lines of business and monitor value at risk limits. Consequently, KPMG defines risk management as a continuous process of balancing risk-taking against a well-designed control environment.

Matheson, David and Matheson, Jim. Get Smart About Big Risks. Risk Management, September 1998, pp. 73-76.

Strategic risks are the type of risks that can kill a company and turn an entire industry on its head (i.e. deregulation, technological innovation, social change, and the emergence of maverick competitors). Over 20 years, every industry has been working to become more operationally fit. Unfortunately, few quality improvements have been made at the top. At forks in the road, smart companies determine their alternatives and sort out the risks and opportunities for each. If they are unsatisfied with their options, they encourage employees to find new ones. Their methods of evaluation are apolitical and objective. The article stresses that uncertainty should be confronted, measured and factored into each decision, improving the odds that the decisions will benefit shareholders and employees. The author lists 8 common characteristics of successful companies who adhere to the principle of embracing uncertainty.

McGahern, Rachael. Super Highway Bandits. Vol. 5, No. 9, International Risk Management, An Emap Business Publication, October 1998, p. 25.

Internet fraud is a major problem for corporations trying to become part of the global e-commerce revolution. Many risk managers are concerned with the ease with which people are able to access and corrupt websites. Risk managers cannot afford to ignore e-commerce-they need to foresee the impact of e-commerce, its risks and how it can be used to commercial advantage.

Meet the risk manager. Vol. 43, Risk Management, New York, August 1996, p. 41.

Kay Millonzi, risk manager for Pleasant Co., is briefly profiled.

Meltzer, Susan. Limits on a company's ability to manage risk. Vol. 44, Risk Management, New York, January 1997, pp. 18-20.

There are many arguments supporting risk management standards. Risk managers' experience and skills, however, are varied by necessity. Risk management is a multifaceted discipline that requires fluidity in its practice rather than the rigidity that would be imposed by following a body of specific standards. Restrictions on the practice of risk management would limit organizations' abilities to effectively manage this function in a manner of their own choosing.

Mendzela, Elisa. Managing Customer Risk. Chartered Accountants Journal, April 1998, p. 27-29.

The author discusses how customer risk can be managed. Companies need to identify risks, quantify and analyze risks, and explore values. The author also mentions the importance of managing the 'people' risk. People build or break an organization. It is employees that provide service to customers and thus distinguishes the company from its competitors. The article also emphasizes the importance of empowering people.

Millonzi, Kay and Passannante, William G. Beware of the pirates: How to protect intellectual property. Vol. 43, Risk Management, New York, August 1996, p. 39.

There are several things a company can do to protect its intellectual property. Some methods require legal support; others can be handled by strong company policies. Registering trademarks, trade dress and copyrights with the Patent and Trademark Office or US Copyright Office provides valuable protection, such as the right to sue in federal court, and a number of remedies including statutory damages, attorney fees, and constructive notice of ownership. In addition, US protection provides a basis for foreign registrations. Other methods for protecting intellectual property include implementing a controlled process for reviewing the proposed (and unauthorized) use of one's marks by others.

Nichols, David. A changing landscape: Construction risk management. Vol. 43, Risk Management, New York, November 1996, pp. 17-20.

Almost every risk manager of a large construction company will say that external factors are helping to reduce their organization's risk management costs. Insurance company consolidation, the arrival of additional carriers and the introduction of new products are creating a level of competition among insurance companies not previously witnessed by the construction industry. An increased focus on loss control and claims management is also allowing major construction firms to reduce their cost of risk. In addition, improved experience in workers' compensation programs has resulted from benefit level changes, managed care, fraud management and a labour market sensitive to the value of maintaining a safe environment.

Parry, John. Profile: Endesa's Vincente Martin. Vol. 5, No. 6, International Risk Management, An Emap Business Publication, June 1998, p. 23.

Vincente Martin, risk manager at Endesa and head of Spain's risk management association, discusses the various risk elements that Endesa confronts: privatization, malfunctioning computer systems, etc. Mr. Martin also discusses Spain's risk management association's recent achievements, which include allowing insurers and other professional associated with risk management to join the association in order to permit the exchange of information.

Pelland, Dave. Emerging markets, emerging risks. Vol. 44, Risk Management, New York, February 1997, pp. 60.

The growing importance of the risk management function and recognition of the contributions that risk managers can make to the economic success of their companies prompted more than 300 attendees from 22 nations to gather for the 2nd Latin America Risk Management Congress. Participants exchanged advice about the best ways to implement risk management practices and in a series of multi-lingual presentations, received international perspectives on loss control, risk allocation, environmental awareness and other techniques used by their colleagues in more developed regions.

Pelland, Dave. Extortion risk awareness increasing: Exporting products, importing risk. Risk Management, New York, October 1997, Vol. 44, p. 10.

As organizations begin to conduct business internationally, they experience increased exposure to extortion, product tampering and kidnapping incidents. As a result, a growing number of mid-size companies are starting to incorporate these exposures into their enterprise security and crisis management programs. An effective crisis management plan must spell out the steps a company will take immediately after an extortion threat or incident.

Pelland, Dave. Greater emphasis on financial skills: Changing face of risk management. Vol. 44, Risk Management, New York, April 1997, p. 108.

According to several speakers at a seminar sponsored by Johnson & Higgins, as more organizations adopt integrated approaches to risk management, the function is evolving into a more important part of their overall financial strategies. As a result, a greater emphasis is being placed on the ability of risk managers to understand and communicate the financial effects of their efforts. As risk managers are asked to play a larger role in the financial management of their organizations, they are becoming involved more closely in daily operational issues.

Pelland, Dave. Planning to survive. Vol. 43, Risk Management, New York, September 1996, p. 10.

Increased recognition of the need for catastrophe management, recovery planning and the growing availability of disaster management resources, such as planning consultants and software, are helping companies evaluate not only what can go wrong but also what they can do to respond.

Pelland, Dave. Several Trends Influencing Risk Management: Future Success Stories? Risk Management, December 1997, p. 72.

Risk management is becoming more important, visible, complex, and increasingly dependent on technology and finance. The dynamics are changing rapidly. An integrated approach to risk attempts to address operating, financial and traditional hazard exposures. In addition, capital market techniques are likely to play a larger role in risk financing. The role is being threatened, however, by bankers or consultants proposing intriguing alternatives.

Perkins, Pia. Break for the Border. Vol. 6, No. 1, International Risk Management, An Emap Business Publication, December 1998/January 1999, p. 26.

Globalization has provided new opportunities for companies to enter new markets, but it has also exposed these companies to greater risks, i.e., economic, political, cultural, etc. One key to managing this risk is to carefully select contractors and suppliers to ensure that they complement company values.

Perkins, Pia. Leading Lights. Vol. 5, No. 5, International Risk Management, An Emap Business Publication, May 1998, p. 18.

Pia Perkins summarizes the findings from the International Risk Management Journal's annual survey of Europe's top 30 companies. The article identifies the most important risks faced by companies, which include: business interruption, public safety & liability, reputation impairment, employee health & safety, and IT-related. A key finding of this survey is that risk management is becoming important as a corporate function.

Perkins, Pia. What Do You Think Chief? Vol. 5, No. 7, International Risk Management, An Emap Business Publication, July/August 1998, p. 22.

Findings of the International Risk Management's survey of chief executives from the top 400 companies in Europe are summarized in this article. The top five risks identified by CEOs were: financial, regulatory, country/political, product liability, and business interruption. CEOs also noted that risk management has increased in importance over the past five years, and that it is a key part of their strategic planning.

Perkins, Pia. You keep me hanging on. Vol. 5, No. 4, International Risk Management, An Emap Business Publication, April 1998, p. 30.

The author discusses the risks associated with call centers: loss of the customer, giving the competition the edge, and possible damage to brand image. Recent findings have indicated that call centers often change a customer's mood from good to bad. This is worst in the utilities, government and rail sectors. It is vital that companies implement a disaster recovery program as the call center is increasingly becoming the first port of call for customers.

Pittsburgh gives it their best. Vol. 44, Risk Management, New York, December 1997, p. 50.

The Pittsburgh chapter of Risk and Insurance Management Society will publish its long-awaited Risk Management Best Practices in December. This compendium of how-to's prepared by 400 members of the Pittsburgh insurance community (insurance companies, brokers, consultants, RIMS) is sure to be a best seller among novice risk managers, part-timers and practitioners.

Public Cost of Risk Rising. Risk Management, November 1998.

According to the latest "Cost of Risk Evaluation" survey conducted by D&T and the Public Risk Management Association, the total average risk for entities in the private sector has risen $500,000 since 1994 to $6.7 million due to larger self-insured claims in property and workers' compensation. Safety and loss control activity has shifted to public safety and environmental loss control.

Rahardjo, Kay and Dowling, Mary Ann. A Broader Vision: Strategic Risk Management. Risk Management, September 1998, pp. 44-50.

This article provides a thorough step-by-step guide to Strategic Risk Management. The author examines topics such as cross-functional risk management, creating a business risk profile & risk map, determining management's objectives, developing and implementing a comprehensive risk strategy and measuring the performance of the selected risk management tools and methods. The process documented could facilitate the implementation and understanding of risk management strategy for senior management, the board of directors and potential risk managers across most business functions.

Risk management activities found lacking. Vol. 55, No. 3, 1998 UMI, Inc., Copyright Institute of Internal Auditors Inc. 1998 Internal Auditor, p.14.

A recent survey conducted by Coopers and Lybrand noted that 86% of major European businesses had addressed risk and control issues at the board level. Many respondents noted, however, that companies required more effective monitoring of risk. One key observation is that companies do not always view key risks and success factors as two sides of the same issue. For instance, people risks do not feature highly on management's list of risks even though they are seen as critical to success.

Risk Management in the Australian Customs Service, Australian Customs Service.

The paper provides an overview of the Australian Customs Service, and describes its risk management policy which was based on Guidelines for Managing Risk in the Australian Public Services and the Australian/New Zealand Standard for Risk Management. The Australian Customs Service risk management process involves a six step cycle: establishing the context; identifying the risk; analyzing the risk; evaluating and ranking the risk; treating the risk; and maintaining a continuous monitoring and review strategy.

Risk Report. Risk Management, December 1998, p. 8.

This page gives brief news reports on the happenings in field of risk management. $2M was granted to the Peruvian government by the Multilateral Investment Fund to assist in the implementation of shared health management and consumer protection systems; The Office of Dispute Resolution for NASD are calling for arbitrators to hear disputes involving customer complaints and employment issues concerning the National Association of Securities Dealers; Rhode Island business and government leaders are working to help protect life and property from natural disasters.

Sanderson, Scott. Taking stock of your risks, includes related article. Vol. 13; No. 4, 1997 Information Access Company, a Thomson Corporation Company, 1997 Financial Executives Institute Financial Executive, p.42.

The author discusses how companies may take on a high-risk retention rather than invest money in insured arrangements. The author notes that companies should view risk retention as an investment. The test of a good retention decision is whether senior management considers it a wise choice after the company has experienced a loss.

Sawyer, Lawrence B. When the problem is management. Vol. 55, No. 4, 1998 UMI, Inc., Institute of Internal Auditors Inc. 1998, Internal Auditor, pp.33-38.

The author notes that mismanagement places organizations at significant risk and therefore internal auditors should provide counsel on effective management as part of an audit. The author presents examples of management failing to fulfil its four primary functions (planning, organizing, directing, and controlling) and presents ways that internal auditors can address these management shortcomings.

Schneier, Robert and Jerry Miccolis. Enterprise Risk Management. Vol. 26, No. 2, Strategy & Leadership, p.10.

This article discusses the practice of Enterprise Risk Management (ERM). It provides an overview of the process that an organization must undertake to apply ERM. The two major phases described are: risk identification and assessment (Risk Scanning) and risk mitigation and financing (Risk Shaping). Significant work is involved in implementing ERM and senior-level commitment is required. The article describes companies that practice ERM effectively and the benefits that accrue as a result.

Schroeder, Stephanie. Alternative dispute resolution resources. Vol. 45, Risk Management, New York, June 1998, p. 10.

Alternative dispute resolution (ADR) is increasing in popularity among employers looking to cut litigation costs when legal disputes arise. Many organizations now require employees and other companies they conduct business with to agree in advance to use ADR procedures in the event of a business-related dispute. The ADR umbrella covers various forms of dispute resolution, the most common of which are arbitration, mediation and negotiation.

Schroeder, Stephanie. Risk management key notes. Vol. 46, Risk Management, New York, January 1999, p. 56.

REBEX is a risk management conference held by the Risk and Insurance Management Society. Linda Lamel, executive director and keynote speaker for a meeting, presents briefly her view of risk management and risk managers. As for issues of concern for risk management in the future, Ms. Lamel listed enterprise risk management, health privacy, superfund, and tort reform.

Schroeder, Stephanie. The human factor. Vol. 46, Risk Management, New York, January 1999, p. 1.

Risk managers looking for information, products, services or other assistance to transform their company workplaces into safe, health, employee-friendly and ergonomically correct environments can find help on the Web. A few general sites of interest are presented and include: 1) Occupational Safety & Health Administration (www.osha.gov): 2) Center for Office Technology (www.cot.org): 3) University of Louisville's Center for Industrial Ergonomics (www.louisville.edu/speed/ergonomics).

Sime Bank CEO Leaves, Sparking Talk of Friction. Business Times (Singapore), Reuter Textline, January 20, 1998.

Sime Bank, Malaysia's fifth largest bank, will be seeking help in its risk management policies from the Australia and New Zealand Banking Group. This initiative has come about because there are estimates that place Sime Bank's non-performing loans at just under 10 percent of total loans.

Small, Sheila L. What you can expect. Vol. 43, Risk Management, New York, October 1996, pp. R11-R13.

Part of the frustration that risk managers can encounter in international communications comes from the fact that there is virtually no information to guide them. Soliciting the support and assistance of companies' executives and counsel will be invaluable. Cultural differences must be accommodated. For example, Americans have a much stronger sense of urgency than businesses in Latin America. Other challenges may include a lack of systems to gather underwriting data, non-existent loss control activities and no concept of business continuity planning.

Smit, Barbara. Ahead of the Game. Vol. 6, No. 1, International Risk Management, An Emap Business Publication, December 1998/January 1999, p. 30.

The article reports on how risk management has become an integral part of overall management for leading French companies. The author discusses the experience of various leading French companies, i.e., Danone, Synthelabo. Pressure from foreign shareholders was one of the driving forces toward the implementation of risk management policies. Today many of these companies have centralized insurance programmes which help companies to be more coherent in the management and financing of risks.

Smit, Barbara. Profile: Alain Lemaire. Vol. 5, No. 8, International Risk Management, September 1998, An Emap Business Publication, p. 39.

Alain Lemaire, risk manager at Nestle France, discusses his recent appointment as head of the association of France's risk managers-Amrae. The main issues affecting Amrae, i.e. regulations regarding faulty products, are discussed and the steps taken by the association to address these concerns are presented. Mr. Lemaire also discusses brand/image risks that can affect Nestle, and notes future risks which include genetic engineering and the Internet.

Smit, Barbara. Profile: Pierre Sonigo. Vol. 5, No. 5, International Risk Management, An Emap Business Publication, May 1998, p. 35.

Pierre Sonigo, risk manager for Pechiney, discusses recent changes that he has initiated within the company regarding safety, risk coverage and environmental strategies. To ensure an integrated approach to risk management, Mr. Sonigo has set up a risk committee composed of senior officers responsible for running the 10 divisions within Pechiney. Risk management strategies are communicated from top senior personnel downward within the company.

Sparrow, Adrian. Business Risk Management. Chartered Accountants Journal, April 1998, pp. 11-13.

From a business point of view, this article identifies three main uses of risk management: insurance, treasury, and business. The author proceeds to identify dangers that have emerged from the implementation of business risk management. Key problems that have emerged include: analysis paralysis which results from the failure of a system to identify and prioritize risks; ISO 9000 trap which is the danger that a bureaucracy of form-filling will submerge the process into irrelevance; etc.

Strickland, Katrina. Australia: CBA Criticism of Wallis Report "Almost Absurd", Australian, April 28, 1997, p. 19.

This short article discusses how Australia is not at risk of a US savings and loans type scandal. Dr. Carmichael, a Wallis Committee member, had stated that Australia has a much greater focus on risk management, on capital, and none of the prescriptions that led to the problems in the US.

Vaughan, Patricia C. Risk managers: Creating public policy and influencing legislation. Risk Management, New York, June 1996.

Risk managers possess expertise in institutional risk issues and should be at the front of developing and promoting public policy that advances the interests of their organizations in such matters. Risk managers can influence that outcome of the current Superfund reform efforts embodied in proposals such as the Reform of Superfund Act 1995 and the Accelerated Clean-Up and Environmental Restoration Act of 1995, yet developing policies that address superfund's liability scheme, the remedy selection process, the role of the states and local communities in Superfund efforts and the redevelopment of sites. By developing their organizations' position on the remedy selection process that governs the cleanup of contaminated sites, risk managers may advocate establishing a uniform standard to replace the cumbersome and overly prescriptive rules now in place.

Waring, Dr. Alan. Iran: Facts and Fables. Vol. 4, No. 13, International Risk Management, An Emap Business Publication, March 1998, p. 35.

This article discusses the need to manage strategic risks relating to overseas markets. Relevant and up-to-date information regarding country risk assessment is needed. Various risks associated with doing business in other countries include: personal safety and risk, time and timetables, child labour, nepotism, and religious faith. A case study of Iran and the risk associated with entering this market are addressed.

West, Kathryn Z. Part-time risk managers full-time risks. Risk Management, New York, June 1996.

Part of Risk and Insurance Management Society (RIMS)'s mission is to serve as an educational resource for all professionals charged with risk management responsibilities. In fact, since last year, RIMS has offered a course specifically for part-time risk managers. These half-day sessions, hosted in co-operation with local RIMS chapters, not only to help to educate part-time risk managers-on the basics of risk management, workers' compensation, working with a broker and employee benefits-they also bring practitioners together to share perspectives and approaches.

West, Kathryn Z. Unlock the Power of Global Risk Management. Risk Management, October 1996, p. 4.

Risk management has never been confined by geographic boundaries. Risk management is defined and applied differently, however, depending on the economic and social disposition of the business systems in which a firm operates. This article entitled "Editor's Prerogative" introduces the global perspective issue of Risk Management.

When Things Go Bad, Fast. Risk Management, December 1998, pp. 22-24.

PT Renful Indonesia, a risk management consulting firm, provides security-related services including protective services. On May 15, when embassies in Indonesia sent out a call for evacuation, Renful assisted with the withdrawal of several corporations' staff, coordinating the dispatch of security officers and vehicles and liaisons at airports. Renful provided intelligence services to evaluate the threat level of the ongoing crisis.

White, Earl. New Zealand: Letter - Diary Board Defends its Forex Management. Independent business Weekly (NZ), September 9, 1998.

This article discusses the risk management strategies undertaken by the New Zealand Dairy Board. The Board annually reviews its stated objectives on forex, interest rate, liquidity, financial credit and operational risks. As well, the Board undertakes active management which involves looking at risks against business and market strategies and conditions, not in isolation. Active management requires constant, detailed scenario analysis and decisions on value at risk.

According to The Zona Report 97: Internet and Intranets, the focus of computing has shifted from captive processing to distributed access as the Internet has evolved into a global infrastructure that facilitates communication, control and computing. As the use of these technologies becomes more common, increasing attention is being devoted to managing the attendant risks. As they do for other exposures, risk managers must apply a systemic approach to examining their organization's monitoring. This approach must consider not only the downside of risk (and seek to avoid financial loss) but must also evaluate business opportunities and strike a balance between risk and reward.



Date modified: