From the back cover: “This book offers a comprehensive guide to several aspects of risk, including information systems, disaster management, supply chain and disaster management perspectives”--the redundancy is not explained. It goes on: “This book comes at a time when the world is increasingly challenged by different forms of risk and how to manage them.... Businesses, in fact, exist to cope with risk in their area of specialization.” That last sentence seems rather odd. I would think that businesses exist to manufacture goods or supply services, so as to enhance individual or national well-being or apparent well-being. The idea that Disney, IBM, Nissan, Caledonia Mining (gold), and Boeing exist “to cope with risk” seems rather an odd way to view the world. Some businesses may include “coping with risk” as part of their mandate, but I do not see that as a generic statement, equally applicable to all (though businesses include risks and their management as part of their corporate well-being).
The first chapter of the book is called “Enterprise Risk Management in Supply Chains”--though it is actually an introduction to the book. It discusses the literature and ends with four pages of endnotes. It lacks, rather glaringly, definitions of terms and frames of reference, which would have made the book more useful to readers. As a general statement, the book is lacking in clear structure, clear audience, and clear definitions of frameworks.
Chapter 2, “Risk Matrices,” begins well: “There is no doubt that risk management is an important and growing area in this uncertain world.” However, an oversimplification follows: “The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is an accounting organization concerned with enterprise risk management (ERM).” ERM is one of the organization’s mandates, but it is primarily directed at fraud; this means that a risk management view is primarily directed at financial risks and fraudulent activity detection. This seems a rather parochial view. The subsequent chapter actually mitigates this framework and broadens the discussion, though insufficiently. The chapter concludes: “the first step is generally considered to be application of a systematic process, beginning with consideration of the organization’s risk appetite.” I discussed systematic processes for risk management as far back as 30 years ago, but my article also provided an algorithm for risk management quantification and comparisons. There are always competing risks and, at the level of ERM, there are almost always cascading risks with far-reaching ramifications.
Risk management techniques have advanced considerably in the past 30 years. Certainly, quantitative techniques, at least for comparisons and tradeoffs, are far in advance of what this book provides. A good manager, when looking at risks to a project, a venture, an enterprise, or a corporate or governmental process, needs to decide on tradeoffs. All human endeavors contain risks, as the book shows. Tradeoff management needs to be backed with quantitative thinking--if for no other reason than for the manager to present to those to whom he or she is responsible (including politically responsible, if governmental). This book does not seem to advance the state of the art of risk management, enterprise or otherwise. It is not particularly well done, or impressive.
Unfortunately, I do not see that this book provides any advance whatsoever. The book is simply not written well enough to serve as an introduction to risk management. If the objective is a textbook, the book is too poorly structured (no index, no clear bibliography, and so on). If the objective is for corporate or governmental management, the book is weak in all of its proposed objectives. While labeled a third edition, there is quite a bit of room to improve this work before it can be a significant contribution to the field.