Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Simple Tools and Techniques for Enterprise Risk Management", Robert J. Chapman

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKSTTERM.RVW 20070213 Simple Tools and Techniques for Enterprise Risk Management , Robert J. Chapman, 2006, 0-470-01466-0, U$110.00/C$131.99 %A Robert J.
    Message 1 of 1 , Mar 26, 2007
      BKSTTERM.RVW 20070213

      "Simple Tools and Techniques for Enterprise Risk Management", Robert
      J. Chapman, 2006, 0-470-01466-0, U$110.00/C$131.99
      %A Robert J. Chapman mail@...
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2006
      %G 0-470-01466-0
      %I John Wiley & Sons, Inc.
      %O U$110.00/C$131.99 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/0470014660/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0470014660/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 466 p.
      %T "Simple Tools and Techniques for Enterprise Risk Management"

      The preface is not terribly clear on the purpose of the book, and lays
      claim to an ambitiously wide audience. (It goes on to outline the
      structure of the work, basically by repeating the table of contents.)

      Part one looks at enterprise risk management in context. (What
      context is not stated: from the material is seems to be just "in
      general.") Chapter one lists various perspectives on risk and
      management. Corporate governance in the United Kingdom is reviewed in
      chapter two, with positions in the United States and Canada in three.
      Chapter four outlines internal controls and the relation to risk
      management. United Kingdom government documents on risk management
      are described in chapter five.

      Part two deals with aspects of consulting. Chapter six views the
      process from the perspective of the client: how to choose a
      consultant. The remaining chapters are advice on how to operate as a
      consultant: seven tells how to conduct an interview with the client
      (the material is of questionable value), eight mentions components
      that should go into a proposal, and nine tells you to be a really good
      consultant and delight the client.

      A risk management process is described in part three. The delineation
      is supposed to be structured as six stages, but the phases seem to
      come in three pairs. Chapter ten is on analysis: chapter eleven, on
      risk identification, duplicates much of the material. Risk assessment
      is covered in chapter twelve, and while chapter thirteen's "risk
      evaluation" does not copy the content of twelve, it is certainly
      closely related. Risk planning, in fourteen, and risk management, in
      fifteen, are both generic outlines of the risk management process
      overall. I suppose that these are the titularly promised simple tools
      and techniques: while they are simple, the processes and tools would
      require a great deal of work by anyone who wants to get value from

      Part four examines influences within the environment of the
      enterprise. Chapter sixteen looks at financial matters. Operational
      risk management, in seventeen, is the banking industry term, and
      covers what is known in business and security circles simply as
      general risk management. The material is similar to that in chapters
      fourteen and fifteen, but has more details. Technological risk, as
      presented in chapter eighteen, is a generic overview of information

      The external influences that are discussed in part five are vaguely
      related issues. Chapters nineteen and twenty deal with macro economic
      and environmental risks (on the scope of global warming), but are
      rather beyond the ability of most corporations to control. The
      material on legal matters, in chapter twenty-one, is more directly
      helpful. Chapter twenty-two reviews political factors. The
      deliberation about market considerations, in twenty-three, is fairly
      similar to the content of nineteen. Social perspectives finish off
      the book in twenty-four.

      There is not much in this work that could not be found in cheaper and
      more accessible resources. (To give only one example, there is the
      "Risk Management Guide for Information Technology Systems," document
      800-30 available at no cost from the US National Institute for
      Standards and Technology.) In fact, the valuable content could have
      been compressed into a magazine article, if a somewhat lengthy one.
      If you wish to set up a risk management consultancy, and are
      completely new to the game, there is an outline here that will get you
      started. (If you rely only on this book, those clients who hire you
      will deserve everything they get ...)

      copyright Robert M. Slade, 2007 BKSTTERM.RVW 20070213

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Si hoc legere scis nimium eruditionis habes
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
    Your message has been successfully submitted and would be delivered to recipients shortly.