Introductory chapters – setting the scene

Chapters 1-5 aim to provide the context for ERM including different types of institutions, their stakeholders and the legal and regulatory environment in which they operate. It is quite good in detailing the various, often conflicting, interests of different stakeholders. However, it falls short in its coverage of legal and regulatory regimes. In my opinion, it suffers from a lack of focus. For instance, there is as much on South African accounting standards as there is on IFRS. Also, the evolution of UK financial regulators is outlined but there is nothing about the FSA's Prudential Sourcebook and its systems and controls (SYSC) risk management standards. To be fair, the legal and regulatory frameworks of different institutions across the world merit a book in their own right, and it is a valiant effort to try and cover these in a few chapters.

Risk Management – the basics

Chapter 6 gives a brief overview of the ERM process before Chapter 7 introduces the reader to key types of risks. The categories are driven by the ST9 syllabus but anyone new to ERM should be aware these are not definitive. There are many other equally valid risk classification systemsFootnote 1. For instance, the people risk category under operational risk includes anti-selection but this would commonly be considered as an insurance/underwriting risk.

Chapter 8 outlines basic, qualitative, risk management tools. I found this a useful summary of tools such as the Delphi technique.

Quantitative Risk Management Techniques

The book hits its stride in chapters 9–13 which outlines key quantitative risk management tools. After setting a sound statistics foundation in chapter 9, chapter 10 provides excellent coverage of statistical distributions and copula techniques. I particularly liked how it sought to define distributions in terms of scale, location and shape. While I found the order in which distributions were covered slightly disjointed, it was good in highlighting the linkages between these. The coverage of copulas is excellent. In my opinion, this chapter alone makes the book an excellent source of reference for the ERM professional.

It is followed in chapter 11 with a detailed reprise of modelling techniques. Amongst other things it covers generalised linear and other types of models; techniques for fitting data to models; and credibility theory. Again, this is an excellent source of reference for ERM professionals.

Chapter 12 provides a useful introduction to Extreme Value Theory, though I felt there could have been more on mean excess plots: thin- and fat-tailed distributions will not see a levelling off but may be downward or upward sloping.

Chapter 13 gives the reader a sound grasp of time series modelling, building up in a methodical way to the derivation of ARIMA and GARCH models.

Putting techniques into practice

Having outlined the tools risk managers can use to assess and model risk, the rest of the book looks to put these into practice. Chapter 14 shows how the tools can be used to quantify particular risks such as market, credit and demographic risk. This is a comprehensive outline of available models and techniques, ranging from the KMV model for credit risk to Lee-Carter for longevity risk.

Chapter 15 covers risk assessment including setting risk appetite, measures of risk such as Value at Risk (VaR), return measures and optimising risks and return. I found the discussion on risk appetite somewhat theoretical, focusing on utility and prospect theory. The reality of setting risk appetite is messier, and needs to take into account qualitative factors like whether the firm has the requisite expertise to compete in a market, as well as regulatory capital and accounting perspectives of a firm. The coverage of risk measures was good but I would have liked more detail on how return measures n are calculated. The section on optimisation struck me as being more focused on investment portfolios than a firm.

Chapter 16 covers responses to risk. While it is a broad topic, the coverage varies from very detailed to scanty. For instance, the coverage of hedging with futures is good, but in discussing hedging with options, it does not mention rho even though this can be significant for long-term guarantee and option costs. Similarly in discussing interest rate risks it jumps from Redington's immunisation to hedging using model points. I would have like to have seen more on the limitations of immunisation with non-parallel yield curve changes as well as interim approaches such as matching by broad term “buckets”. The coverage of responses to operational risks such as processing risk and project risk is poor.

After a brief chapter on documentation, communication and audit, the book recovers its poise in chapter 18 with a solid introduction to economic capital. The penultimate chapter 19 covers risk frameworks including regulatory standards such as the Basel accords and Solvency II. Unfortunately, given the pace of developments, a lot of this is out of date. It also gives a useful synopsis of advisory risk frameworks like COSO and proprietary frameworks like those of the rating agencies.

The book finishes in chapter 20 with a selection of case studies. This is useful in highlighting just what can go wrong and the multiple control failures that give rise to losses, but the reader should be aware coverage is not complete – for instance, the Equitable Life example does not cover the Penrose report – though some case studies like that on the current financial crisis merit a book to themselves.