The Risk Management Handbook offers readers knowledge of current best practice and cutting-edge insights into new developments within risk management. Risk management is dynamic, with new risks continually being identified and risk techniques being adapted to new challenges. Drawing together leading voices from the major risk management application areas, such as political, supply chain, cybersecurity, ESG and climate change risk, this edited collection showcases best practice in each discipline and provides a comprehensive survey of the field as a whole. This second edition has been updated throughout to reflect the latest developments in the industry. It incorporates content on updated and new standards such as ISO 31000, MOR and ISO 14000. It also offers brand new chapters on ESG risk management, legal risk management, cyber risk management, climate change risk management and financial risk management. Whether you are a risk professional wanting to stay abreast of your field, a student seeking a broad and up-to-date introduction to risk, or a business leader wanting to get to grips with the risks that face your business, this book will provide expert guidance.

Describing OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation), a method of evaluating information security risk, this text should be of interest to risk managers.

A practical, real-world guide for implementing enterprise risk management (ERM) programs into your organization Enterprise risk management (ERM) is a complex yet critical issue that all companies must deal with in the twenty-first century. Failure to properly manage risk continues to plague corporations around the world. ERM empowers risk professionals to balance risks with rewards and balance people with processes. But to master the numerous aspects of enterprise risk management, you must integrate it into the culture and operations of the business. No one knows this better than risk management expert James Lam, and now, with Implementing Enterprise Risk Management: From Methods to Applications, he distills more than thirty years' worth of experience in the field to give risk professionals a clear understanding of how to implement an enterprise risk management program for every business. Offers valuable insights on solving real-world business problems using ERM Effectively addresses how to develop specific ERM tools Contains a significant number of case studies to help with practical implementation of an ERM program While Enterprise Risk Management: From Incentives to Controls, Second Edition focuses on the "what" of ERM, Implementing Enterprise Risk Management: From Methods to Applications will help you focus on the "how." Together, these two resources can help you meet the enterprise-wide risk management challenge head on—and succeed.

Few software projects are completed on time, on budget, and to their original specifications. Focusing on what practitioners need to know about risk in the pursuit of delivering software projects, Applied Software Risk Management: A Guide for Software Project Managers covers key components of the risk management process and the software development process, as well as best practices for software risk identification, risk planning, and risk analysis. Written in a clear and concise manner, this resource presents concepts and practical insight into managing risk. It first covers risk-driven project management, risk management processes, risk attributes, risk identification, and risk analysis. The book continues by examining responses to risk, the tracking and modeling of risks, intelligence gathering, and integrated risk management. It concludes with details on drafting and implementing procedures. A diary of a risk manager provides insight in implementing risk management processes. Bringing together concepts across software engineering with a project management perspective, Applied Software Risk Management: A Guide for Software Project Managers presents a rigorous, scientific method for identifying, analyzing, and resolving risk.

Winner of the Project Management Institute’s David I. Cleland Project Management Literature Award 2010 It’s no wonder that project managers spend so much time focusing their attention on risk identification. Important projects tend to be time constrained, pose huge technical challenges, and suffer from a lack of adequate resources. Identifying and Managing Project Risk, now updated and consistent with the very latest Project Management Body of Knowledge (PMBOK)® Guide, takes readers through every phase of a project, showing them how to consider the possible risks involved at every point in the process. Drawing on real-world situations and hundreds of examples, the book outlines proven methods, demonstrating key ideas for project risk planning and showing how to use high-level risk assessment tools. Analyzing aspects such as available resources, project scope, and scheduling, this new edition also explores the growing area of Enterprise Risk Management. Comprehensive and completely up-to-date, this book helps readers determine risk factors thoroughly and decisively...before a project gets derailed.

Project success is an elusive goal in every business or technical domain. Project failure usually results from unhandled risks to the technical, cost, and schedule aspects of the project. There are four primary root causes of project failure. Unrealistic performance expectation, with missing Measures of Effectiveness Unrealistic cost and schedule estimates based on inadequate risk adjusted growth models Inadequate assessment of risk and unmitigated exposure to these risks without proper handling strategies Unanticipated technical issues with alternative plans and solutions to maintain the effectiveness of the project processes and its deliverables Risk Management provides a comprehensive overview of the people, principles, processes, and practices as the fundamental base upon which an effective risk management system resides. However, this does not guarantee effective risk management and successful projects and businesses. The first half of the book describes risk management processes, as well as a delineation between risk and hazards and how these are connected. The second half of the book provides industry examples of the approach to risk management in specific context and with specific approaches and artifacts where applicable. The book focuses on risks created by uncertainty, their identification, and the corrective and preventive actions needed to address these risks to increase the probability of project success. The book’s goal is to provide a context-driven framework, developing a foundation for a rational approach to risk management that makes adaptation to circumstances as easy as possible.

This pocket guide is an excellent bridge between risk-based thinking and operational risk management. As a risk management practitioner with the Department of Defense I find it's not that easy to set up a formal management structure to support risk analysis and it's a much larger challenge to obtain and sustain the "risk mindset" that's needed by all in the value chain to effectively and continuously identify and manage operational risk. For example, many organizations routinely perform a SWOT analysis but often fail at carrying the threats and opportunities into frequent and critical decision-making events thus increasing risk to operations, stakeholders, and customers.Mr. Levinson makes the link between risk-based thinking and risk management through a comprehensive coverage of pro-active risk thinking coupled with risk management principles and guidelines with emphasis on preventive-based methodologies. He's done an excellent job of explaining the role of waste (from the LEAN perspective) and how it can increase risk to organizations who fail to "see and think" that the many forms of waste are a source of operational risk to the organization. Of key interest is his explanation of external risks driven from external forces such as economic conditions, cultural differences, conflicting value systems, and the high-speed changing environments of technology and consumer demand. He provides historic and highly relevant examples ranging from world trade and global markets to national defense. This guidebook flows very well. All concepts and methodologies are well supported and linked to associate management standards (ISO 9001 & 31000).If you're an organization that wants to raise its level of risk-based awareness across the enterprise then give every member a copy of this pocket guide and don't stop there! Add this to your strategic objectives: Get grokked on risk-based thinking!

Overcome ERM implementation challenges by taking cues from leading global organizations Implementing Enterprise Risk Management is a practical guide to establishing an effective ERM system by applying best practices at a granular level. Case studies of leading organizations including Mars, Statoil, LEGO, British Columbia Lottery Corporation, and Astro illustrate the real-world implementation of ERM on a macro level, while also addressing how ERM informs the response to specific incidents. Readers will learn how top companies are effectively constructing ERM systems to positively drive financial growth and manage operational and outside risk factors. By addressing the challenges of adopting ERM in large organizations with different functioning silos and well-established processes, this guide provides expert insight into fitting the new framework into cultures resistant to change. Enterprise risk management covers accidental losses as well as financial, strategic, operational, and other risks. Recent economic and financial market volatility has fueled a heightened interest in ERM, and regulators and investors have begun to scrutinize companies' risk-management policies and procedures. Implementing Enterprise Risk Management provides clear, demonstrative instruction on establishing a strong, effective system. Readers will learn to: Put the right people in the right places to build a strong ERM framework Establish an ERM system in the face of cultural, logistical, and historical challenges Create a common language and reporting system for communicating key risk indicators Create a risk-aware culture without discouraging beneficial risk-taking behaviors ERM is a complex endeavor, requiring expert planning, organization, and leadership, with the goal of steering a company's activities in a direction that minimizes the effects of risk on financial value and performance. Corporate boards are increasingly required to review and report on the adequacy of ERM in the organizations they administer, and Implementing Enterprise Risk Management offers operative guidance for creating a program that will pass muster.

This important new text defines the steps to effective risk management and helps readers create a viable risk management process and implement it on their specific project. It will also allow them to better evaluate an existing risk management process, find some of the shortfalls, and develop and implement needed enhancements.