Book Review: Enterprise Risk Management In Finance

by: CFA Institute Contributors

By Marc L. Ross, CFA

Book Review: Enterprise Risk Management in Finance

Enterprise Risk Management in Finance provides a general overview of salient topics in risk management, offering along the way a primer and refresher of sorts on various metrics and techniques. Running little more than 250 pages, the book aspires to a robust treatment of a complex subject. It both stands and falls on its ambitions.

The book's purported mission is to discuss financial risk management in financial institutions and provide modeling techniques to assist in the process. Indeed, about half the book reads like an operations research guide, serving up geek fare on such varied subjects as catastrophe bond risk modeling, crude oil volatility forecasting, bank efficiency and risk evaluation, and stock volatility evaluation. The analyses are somewhat terse, assuming advanced knowledge of the topics. Interspersed with these chapters are less technical ones - their discussions are more qualitative - that afford the reader a historical perspective on recent boondoggles and how deficient risk controls and insufficiently rigorous analyses engendered them.

At issue is how the book comes together - or fails to. Much, if not all, of it appears to reference the authors' earlier work on myriad issues, as the acknowledgments page indicates. In this sense, Enterprise Risk Management in Finance may seem more akin to a compilation of articles than a cohesive work whose chapters and subject matter progress logically. Indeed, one could read the chapters in isolation. The authors seem to acknowledge this possibility in their brief discussion of the book's outline, which concludes the first chapter. Moreover, not all the chapters address enterprise risk management within financial institutions; some are concerned instead with enterprise risk management in general, which appears to contradict the brief summary of the book on the dust jacket. For example, the chapters on globalization and supply chain risks, natural disasters, and the BP Deepwater Horizon oil spill serve as primers on exogenous, as opposed to endogenous, risks that a financial institution could face. A bit more than half the content addresses the needs of the more experienced and advanced practitioner rather than the generalist, making for a more difficult read. Although the qualitative chapters put risk in the context of recent history (e.g., Enron, the 2008 global financial crisis) with sufficient clarity, they tend to be perfunctory, seemingly providing a point of departure for the more recondite matters accessible to the specialist.

Nonetheless, Enterprise Risk Management in Finance has some virtues. Its frank discussion of financial modeling's limitations and susceptibility to human error bears repeating, as history attests. Risk management is at once both an art and a science. Ultimately, matters come down to human judgment or lack thereof. Several chapters make for compelling reads in their own right. Chapter 1 ("Enterprise Risk Management") and Chapter 11 ("Economic Perspective") provide valuable context and thoughtfully survey the nature of risk. Events both recent and distant referenced in subsequent chapters highlight how risk can ravage financial institutions and markets. Long-Term Capital Management's success was short lived. The Great Recession and the pricking of the internet bubble are rich fodder. Brief taxonomies on realms of uncertainty and the evolution of risk management offer quick and useful references. A chapter on the risks inherent in globalization provides a cogent treatment of the issues in supply chain risk. Yet, even here, the interspersion of the issues-related material with the technical discussions may appear illogical and confusing to some readers.

The book would have benefited from a more rigorous copyedit and proofreading. For example, an otherwise clear definition of risk management in the first pages of the opening chapter is unnecessarily and awkwardly repeated in a subsequent paragraph. Later in the same chapter, on the topic of the ERM (enterprise risk management) process, the font is bolded for only the first of the five enumerated steps. There is also the occasional run-on sentence (see, e.g., the next-to-last paragraph of Chapter 17). Finally, there are instances of incorrect usage and sloppy editing. Under the rubric of state harmonization in Chapter 20, a sentence reads, "Government agencies such as the US Fed and SEC (Securities and Exchange Commission) or central banks usually have rules for safeguarding the trading interests of the market as a whole, claiming that the investors in markets are exposure [sic] to dependencies of risk arising from their inter-linkage." In this context, "interconnectedness" would be more accurate than "inter-linkage." In the chapter "Risk from Natural Disasters," the text reads, "We cannot hope to anticipate, nor will we find it economic [sic] to massively prepare for, every surprise. . . ."

Its limitations aside, Enterprise Risk Management in Finance can benefit the practitioner who knows how to use it. One would no more learn Pashto solely by reading a dictionary than one would become a certified public accountant solely by reading and studying pages from the Internal Revenue Code. So it is with this work, which assumes a bit more than a working knowledge of risk management and to which the experienced risk manager can turn for technical guidance and a good, succinct refresher on select topics. The beginner would do well to stick with the qualitative discussions, which can serve as useful points of departure for further study.

Disclaimer: Please note that the content of this site should not be construed as investment advice, nor do the opinions expressed necessarily reflect the views of CFA Institute.