BOOK REVIEW: Enterprise Risk Management: Today’s Leading Research and Best Practices for Tomorrow’s Executives, Second Edition, by John R.S. Fraser, Rob Quail, and Betty Simkins (John Wiley and Sons, 2021)

[this is a re-print from Dec. 2021]

By Harold Barnshaw, former AFERM Board Member

As ERM gains acceptance and recognition within the public and private sectors, there is growing pressure for professionalism on the part of those in the discipline. The Second Edition of Enterprise Risk Management makes a major contribution to the literature. Fundamental to effective ERM is appreciation for the importance of ERM theory and practice in an ever-evolving local, national, and global context. The knowledge and experience captured in this book will serve as a valuable reference for students, academics, and experienced practitioners for well into the future.

This book explores growing new risk areas such as cyber and climate, plus traditional areas such as outsourcing, operational risk, project delivery, and strategic risk. It also provides practical guidance about tools and techniques and how to carry out key parts of the ERM process: developing ERM frameworks, specifying the role of the Chief Risk Officer, using key risk indicators, prescribing risk appetite and tolerance, running a risk management workshop, preparing a risk profile, scenario planning, quantitative risk assessment, addressing bias in risk decisions, allocating resources based on risk, and developing a risk-aware culture. Each chapter is written by an accomplished ERM practitioner or academic. While some topics relate to private sector experiences, many are directly relevant to public sector ERM as well. One chapter traces the development of ERM in the US federal government and highlights AFERM and our accomplishments in making governmental ERM a reality.

Many chapters provide guidance at the cutting edge of ERM research and best practices and provide insights that sometimes challenged my assumptions regarding effective risk management. As I read through the chapters, I started to see possibilities for using ERM and operational risk management in new ways. I also found myself wanting to consult various chapters to discover new details and consider ways to implement the authors’ suggestions to enhance my own risk program. I enthusiastically recommend this book to anyone with an interest in the extraordinary power and potential of ERM to help us anticipate and respond to major risks facing our organizations.