Graduate Professional Studies Banner

Resource Library

Recommend Readings

1995- (CoCo)- published by the Criteria of Control Board of the Canadian Institute of Chartered Accountants- (excellent principles based interpretation of internal controls- 20 key principles and is quite focused-unfortunately this document was never introduced to the United States)

2004 AS/NZS 4360:2004-Australia and New Zealand- an outstanding framework on risk management which provided the entire DNA for ISO 31000

2008- Case Study- Harvard Business School- Enterprise Risk Management at Hydro One- Dr. Anette Mikes- (one of only a few cases in existence on this subject matter and clearly outstanding)

January 2010- Textbook "Enterprise Risk Management: Today's Leading Research and Best Practices For Tomorrow's Executives- John Fraser and Betty Simkins The following Chapters are a must read

• Chapter 7 ERM Frameworks by John Shortreed (summation of ISO 31000 with explanations)

• Chapter 8-Identifying and communicating key risk indicators –Susan Hwang

• Chapter 10-How to plan and run a risk management workshop-Rob Quail

• Chapter 11- How to prepare a risk profile- John Fraser

• Chapter 16-Operational risk management-Diana Del Bel Belluz

• Chapter 28-The rise and evolution of the Chief Risk Officer-John Fraser

June 2010- Grant Purdy- ISO 31000:2009-Setting a new standard for Risk Management- "Risk Analysis, Volume 30, No.6- (Grant describes the framework for ISO 31000 which includes both the process on this chart together with a framework)

June 2010 Financial Reporting Council-The UK Corporate Governance Code-Combined Code- (This represents a third update of the Combined Code that includes several other governance and risk codes as well. Excellent references to the area of risk management)

2010- COSO ERM Ten Deadly Sins- Author- Grant Purdy (this is an excellent summation of the problems inherent in COSO ERM and why it should not be used and why the ISO 31000 is so much more preferable. It is almost a compilation of how COSO ERM has led us astray)

2010- GRC- What's wrong with GRC- blog posting by Grant Purdy and Arnold Schanfield on the IIA website under columns by Norman Marks- succinct summary of all of the problems of this governance, risk and compliance approach and why it is not necessary given existence of holistic approaches to risk management

May 2011- RiskWatch-pp2-5-Conference Board of Canada Smart and dumb questions to ask about risk management (a solid article for those new and experienced in this field on how to frame specific questions to get maximum bang for the buck. The author is quite critical on those individuals who "don't get it" by their apparent dumb questions)

December 2011- The future role of internal audit in enterprise risk management- Grant Purdy, Dr. John Shortreed and John Fraser due to be released shortly (this is an excellent interpretation of what internal audit's role needs to be and especially given fiascoes over the past ten years and lax role played by internal audit until today in this critical field )

January 2012 -World Economic Forum-Global Risks-2012 Seventh Edition: An initiative of the Risk Response Network

2011- BSI 31100- United Kingdom- This is a code of practice and guidance for the implementation of BS ISO 31000.( Some differences between this and ISO but overall still is a very good document and a great references when undertaking a risk management implementation especially for understanding risk assessment and analysis techniques)