Fundamentals of Risk Management

Author: Paul Hopkin


Throughout the book, the author approaches all the concepts for which risk management is concerned: the implementation of risk management in organizations. The book is divided into 6 parts and an important appendix:

Introduction to risk management
Risk strategy
Risk assessment
Risk response
Risk and organizations
Risk insurance and reporting
Appendix “C”: implementation guide

To read this work well you start with appendix C: this gives a manual on how to best read this work with its implementation as an objective. Then you start with the first four chapters of part 1. There the author lays the foundation for the reason of risk management. As an eye opener for risk management, one discovers that risks are something that is versatile. Afterwards, the chapters can be read in the order indicated in Appendix C. Thanks to this appendix, the book is a stepping stone for anyone who is involved in risk management. This makes it a stepping stone for every organization that has to work out its own risk management: using this book, each organization can write and maintain its own book as an implementation. I would like to see this book developed into an encyclopaedia series for which the ISO 31xxx series could form a basis. The book is a good introduction for every type of CxO in every type of organization.

However, what I feel is lacking is how to classify someone as CRO. There is no warning to be found in the book concerning appointed volunteers or people who do it on a non-priority basis.

Another mistake in my view is the discussion of BCM in this book. BCM deserved more than a chapter of about 10 pages and what is also lacking is how, in the current evolution of BCM regarding ERM, these two issues in cadence can run together. To that end, appendix C could be used as an approach, but this did not happen.

In addition, the author put some emphasis on supply chain (for the economic sector) and the financial sector. The government is also discussed, but only very little.

The problem of ICT is also not really addressed, nor is the ISO 2700x series of standards. However, there too a whole space is open for a book like this.

The benefits of risk management are also insufficiently emphasized.


This book is suitable as eye-opener for CxO’s and holds a promise for the elaboration of all risk management-related matters, for which, in chapter 36, it is stated that more risk management development must take place. Given that risk management applies to all management topics, at all levels in every organization, but also for governments, and globally the whole world, humanity is committed to supporting and implementing risk management, at all levels of society. After all, we are all experts in risk management in our own environment.