REVIEW: "Simple Tools and Techniques for Enterprise Risk Management", Robert J. Chapman
- BKSTTERM.RVW 20070213
"Simple Tools and Techniques for Enterprise Risk Management", Robert
J. Chapman, 2006, 0-470-01466-0, U$110.00/C$131.99
%A Robert J. Chapman mail@...
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$110.00/C$131.99 416-236-4433 fax: 416-236-4448
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 466 p.
%T "Simple Tools and Techniques for Enterprise Risk Management"
The preface is not terribly clear on the purpose of the book, and lays
claim to an ambitiously wide audience. (It goes on to outline the
structure of the work, basically by repeating the table of contents.)
Part one looks at enterprise risk management in context. (What
context is not stated: from the material is seems to be just "in
general.") Chapter one lists various perspectives on risk and
management. Corporate governance in the United Kingdom is reviewed in
chapter two, with positions in the United States and Canada in three.
Chapter four outlines internal controls and the relation to risk
management. United Kingdom government documents on risk management
are described in chapter five.
Part two deals with aspects of consulting. Chapter six views the
process from the perspective of the client: how to choose a
consultant. The remaining chapters are advice on how to operate as a
consultant: seven tells how to conduct an interview with the client
(the material is of questionable value), eight mentions components
that should go into a proposal, and nine tells you to be a really good
consultant and delight the client.
A risk management process is described in part three. The delineation
is supposed to be structured as six stages, but the phases seem to
come in three pairs. Chapter ten is on analysis: chapter eleven, on
risk identification, duplicates much of the material. Risk assessment
is covered in chapter twelve, and while chapter thirteen's "risk
evaluation" does not copy the content of twelve, it is certainly
closely related. Risk planning, in fourteen, and risk management, in
fifteen, are both generic outlines of the risk management process
overall. I suppose that these are the titularly promised simple tools
and techniques: while they are simple, the processes and tools would
require a great deal of work by anyone who wants to get value from
Part four examines influences within the environment of the
enterprise. Chapter sixteen looks at financial matters. Operational
risk management, in seventeen, is the banking industry term, and
covers what is known in business and security circles simply as
general risk management. The material is similar to that in chapters
fourteen and fifteen, but has more details. Technological risk, as
presented in chapter eighteen, is a generic overview of information
The external influences that are discussed in part five are vaguely
related issues. Chapters nineteen and twenty deal with macro economic
and environmental risks (on the scope of global warming), but are
rather beyond the ability of most corporations to control. The
material on legal matters, in chapter twenty-one, is more directly
helpful. Chapter twenty-two reviews political factors. The
deliberation about market considerations, in twenty-three, is fairly
similar to the content of nineteen. Social perspectives finish off
the book in twenty-four.
There is not much in this work that could not be found in cheaper and
more accessible resources. (To give only one example, there is the
"Risk Management Guide for Information Technology Systems," document
800-30 available at no cost from the US National Institute for
Standards and Technology.) In fact, the valuable content could have
been compressed into a magazine article, if a somewhat lengthy one.
If you wish to set up a risk management consultancy, and are
completely new to the game, there is an outline here that will get you
started. (If you rely only on this book, those clients who hire you
will deserve everything they get ...)
copyright Robert M. Slade, 2007 BKSTTERM.RVW 20070213
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Si hoc legere scis nimium eruditionis habes
Dictionary of Information Security www.syngress.com/catalog/?pid=4150