The Binomial Bookstore

BUSINESS RISK ASSESSMENT
by David McNamee, CIA, CISA, CFE, CGFM, FIIA(M)

"The Nature of Risk
The Role of Control
Risk Identification
Risk Measurement
Risk Prioritization
Implementation Issues
Risk Management"

"This book serves both general business people as well as internal auditors by outlining
risk from the manager's point of view including strategic, project and operational. It details
the
nature of change and risk and the role of control. It also discusses how to assess and
manage risk including identification, measurement, prioritization, and implementation
issues."

= = = = = = = = = =

"Risk Analysis is a decision-making tool that involves considering the consequences of
alternative actions. Because businesses must function in an ever-changing environment,
awareness of evolving risks is crucial to survival. In Business Risk Assessment, McNamee
discusses the nature of risk, processes that mitigate risk, business risk assessment in
general, risk identification, risk measurement, risk prioritization, and risk modeling. He
provides a risk management self-assessment questionnaire that involves all parts of an
organization and leads to organization-wide risk management controls that result in effective
response to rapidly changing conditions." - - - from The Natural Hazards Observer, March,
2000.

= = = = = = = = = =

CONTENTS
About the Author
Chapter 1 - The Nature of Change
Chapter 2 - The Nature of Risk
Exercise: Using Risk Analysis in Decisions
Strategic Risk
Risk Terms
Strategic Influences on Business Risk Assessment
Chapter 3 - The Role of Control
COSO
Coco
Cadbury and Other National Models
Malcolm Baldrige Award Criteria and ISO 9000-Series Standards
Chapter 4 - Business Risk Assessment
Strategic Risk Assessment
Project Risk Assessment
Operational Risk Management
Chapter 5 - Risk Identification
The Exposure Approach
The Environmental Approach
The Threat Scenario Approach
Exercise: Three-Way Risk Identification
Identifying Inherent Risk: Generating Ideas
The Texas Instruments Brainstorming Approach
A Framework for Risk Identification
Exercise: Operational Risk Identification
Chapter 6 - Risk Measurement
Methods for Measuring Risk
Direct Probability Estimates
Risk Factors
Measuring Risk and Removing Bias from Subjective Risk Factors
Using and Weighing Risk Factors
Exercise: Measuring and Classifying Risk
Weighted Matrices
Weighted Matrices: A Case Study
Chapter - 7 Risk Prioritization
Absolute Ranking
Relative Ranking
Matrices Ranking
Exercise: Risk Assessment Case Study
Chapter 8 - Risk Model Implementation
Macro and Micro Risk Assessment Models
Major Implementation Issues
Deciding on the "Make-or-Buy" Question
Evaluating Commercial Assessment Software
Standard Software Evaluation Criteria
Management and User "Buy-In"
Chapter 9 - Risk Management
Project Risk Management: Self -Assessment Questionnaire
Suggested Answers to Exercises
Glossary
Bibliography

ABOUT THE AUTHOR
"David McNamee, CIA, CISA, CFE, CGFM,. FIIA(M), is President of Management
Control Concepts, a consulting firm he founded in 1991 to specialize in improving
governance processes through improved risk management and internal audit practice.
Management Control Concepts serves a worldwide client list from all segments of public and
private enterprise.

"Prior to forming his own practice in 1991, McNamee was Director - Internal Auditing at
Pacific Bell. The balance of his 22-year career at Pacific was spent in Information Systems
Project Development and Information Systems line management. He has over 25 years'
experience in designing, building, managing, and auditing major systems, including
hands-on
experience in state-of-the-art business risk assessment for both public and private sector
organizations.

"McNamee holds a Master of Business Administration as well as a Master of Science in
Telecommunications Management. He is a Certified Internal Auditor, Certified Information
Systems Auditor, a Certified Fraud Examiner, and a Certified Government Financial
Manager. He is the author of The Institute of Internal Auditors (IIA) seminar Assessing Risk:
A
Better Way to Audit and the recent IIA text Assessing Risk. He has published additional
books, numerous articles, and a "Best Practices" video through The IIA. His articles on risk,
fraud, and internal auditing have been published in the United States, Europe, Asia, and the
South Pacific. He is a frequently invited speaker at major internal audit conferences on six
continents, and he has given seminars on risk in more than 12 countries.

"McNamee's other major honors include the Ratliff Award for service to The IIA (New
Zealand). He is also the only overseas Fellow elected by The IIA (Malaysia). He is currently
Chairman of The IIA international Relations Committee and a member of the Board of
Directors of IIA, Inc. In addition to his IIA activities, he is a member of the Association of
Certified Fraud Examiners, the Association of Government Accountants, and the Institute of
Management Consultants.

1998, 107 pages. Order #DR367, $87.50

The Binomial Bookstore

Risk Management, Business Impact

Rothstein Associates Inc.