BKMIENRI.RVW   20020916

"Minimizing Enterprise Risk", Corinne Gregory, 2003, 0-273-66158-2,
UK#156.99/C$319.99
%A   Corinne Gregory corinne.gregory@hartgregorygroup.com
%C   London, UK
%D   2003
%G   0-273-66158-2
%I   Prentice Hall/Financial Times
%O   UK#156.99/C$319.99 +1-201-236-7139 fax: +1-201-236-7131
%O  http://www.amazon.com/exec/obidos/ASIN/0273661582/robsladesinterne
%P   120 p.
%T   "Minimizing Enterprise Risk: A practical guide to risk and
      continuity"

Chapter one defines four types of risks--and immediately contradicts
itself with tables of other types of risks.  The basic point seems to
be that risks exist.  Chapter two looks at the new product development
process and reputation management (after all, one type of risk is bad
publicity).  There is a look at risk mitigation, but not risk
acceptance or avoidance, a cost/benefit analysis that is not very
detailed, and a contrived use of the "9/11" World Trade Center
disaster (but no mention of the brokerage firm that survived) that
undercuts the ultimate message about having a disaster plan. 
Enterprise continuity, in chapter three, has, like other chapters,
good ideas mixed in with a random collection of topics from business
continuity planning, disaster recovery, incident response, contingency
planning, and other areas.  Business impact analysis is proposed as a
justification for planning, in chapter four, although it should be
part of risk analysis itself.  Otherwise this material is pretty
basic; get a committee, list the risks, think of what to do about
them; the type of thing you would see in any decent article on risk
management.  Chapter five states that Internet use is risky, and has a
(short) list of some precautions.

Anyone who thinks that they understand risk management or business
continuity planning from reading this book is seriously misled, and
possibly a liability to the company.

copyright Robert M. Slade, 2002   BKMIENRI.RVW   20020916