Board Bookshelf: Implementing Enterprise Risk Management. From Methods to Application. By James Lam. Wiley. 2017

The financial crisis of 2008 frames a lot of the discussion on risk in James Lam’s “Implementing Enterprise Risk Management.” In 2025, the premise remains relevant for the crises that have since hit the fund industry and the unknowns posed by artificial intelligence and the rise of private credit investing. James Lam is a globally recognized risk expert and an early advocate of enterprise risk management. He was the first-ever chief risk officer, and his books have been adopted by top college degree and professional certification programs. This book was published in 2017 and remains probably one of the most comprehensive primers on risk management.

Lam, currently an independent director and Risk Committee Chair at Blackrock iShares, brings a commonsense approach to defining the elements of risk, evaluating the traditional risk management frameworks (such as COSO and ISO 31000), and offering a more adaptive and intuitive model for enterprise risk management. The book details the evolution of risk management in corporations, historical missteps, and examines risk management as a key executive function. The book is overall engaging, but very much a textbook and manual for enterprise risk management frameworks and thus it can be technical in places. Lam, however, does have important critiques of the traditional risk management frameworks and makes a strong case for his model.

Lam’s “Continuous ERM Model” is informed by the traditional risk models but is simplified to fewer components and aims to “illustrate the cyclical iterative nature of continuous ERM using feedback loops.” It addresses the four components related to risk management:

  1. Governance structure and policies
  2. Risk assessment and quantification
  3. Risk management
  4. Reporting and monitoring

There is much to recommend in this book for a mutual fund director. The most helpful sections are: Risk Culture, Role of the Board, The View from the Risk Chair, Risk Appetite Statement, Strategic Risk Management, and Feedback Loops. Directors who chair or sit on a risk committee and/or those who need a primer on risk would enjoy the takeaways this book provides

Overall, directors will gain a deeper understanding of enterprise risk management and the reporting dynamics within the organizational chart; tools to interpret the data and reporting from management; a more informed view to evaluate the soundness of a risk management program, and a knowledge base for better-informed questions. On the more practical side, boards and risk committees will find the model risk report template provided in chapter 20 to be quite helpful.