**Meet the editor**

Dr Jan Emblemsvåg is Senior Vice-President of Innovation and Process Management at STX OSV AS – one of the major, global offshore shipbuilders in the world. He is responsible for improving the shipbuilding process across eight yards and several product companies. He is a Professor II at Ålesund University College, gives lectures and serves as a management consultant if time

permits. He holds his Ph.D. in engineering design, but his research and work is inter-disciplinary ranging from cost management, strategy/risk management, general management to business development. He has published three books – the most notable is one on Activity-Based Life-Cycle Costing published by John Wiley & Sons. He has also published more than dozen journal papers on a variety of subjects.

Contents

**Preface IX** 

Roland Iosif Moraru

Chapter 4 **Health Technology Assessment:** 

Giovanni Improta,

**Section 1 Health, Safety and the Environment 1** 

Chapter 2 **Hazard Matrix Application in Health,** 

Assed Haddad, Erick Galante, Rafaell Caldas and Claudia Morgado

Chapter 3 **The Deterministic and Stochastic Risk Assessment** 

P.K. Marhavilas and D.E. Koulouriotis

**An Essential Approach to Guide** 

Antonio Fratini and Maria Triassi

Chapter 5 **Preventing Societal Health Risks Emerging** 

Chapter 6 **Post-Operative Residual Curarization (PORC): A Big Issue for Patients' Safety 117** 

**What Should Prevail? 85**  Roberte Manigat, Florent Allix, Céline Frochot and Jean Claude André

A. Castagnoli, M. Adversi,

Chapter 7 **Risk Assessment On-Scene 139** 

Eivind L. Rake

**in the Development Of Nanomedicine –** 

G. Innocenti, G.F. Di Nino and R.M. Melotti

Chapter 1 **Current Trends and Future Developments in** 

**Occupational Health and Safety Risk Management 3** 

**Safety and Environmental Management Risk Evaluation 29** 

**Techniques in the Work Sites: A FTA-TRF Case Study 51** 

**Clinical Governance Choices on Risk Management 67** 

## Contents


Eivind L. Rake

#### X Contents

### **Section 2 Engineering 157**  Chapter 8 **Uncertainties and Risk Analysis Related to Geohazards: From Practical Applications to Research Trends 159**  Olivier Deck and Thierry Verdel Chapter 9 **A Monte Carlo Simulation and Fuzzy Delphi-Based Approach to Valuing Real Options in Engineering Fields 185**  Roberta Pellegrino and Nicola Costantino Chapter 10 **Fire Analysis and Production of Fire Risk Maps: The Trabzon Experience 215**  Recep Nisanci, Volkan Yildirim and Yasar Selcuk Erbas Chapter 11 **Flood Risk Management in Rivers and Torrents 233**  Luca Franzi Chapter 12 **Analysis of Historical River Floods – A Contribution Towards Modern Flood Risk Management 275**  Jochen Seidel, Paul Dostal and Florian Imbery **Section 3 Information Management 295**  Chapter 13 **Understanding Components of IT Risks and Enterprise Risk Management 297**  Abdul Rahman Ahlan and Yusri Arshad Chapter 14 **Enterprise Cyber Risk Management 319**  Patrick L. Brockett, Linda L. Golden and Whitley Wolman Chapter 15 **Trust in an Asynchronous World: Can We Build More Secure Infrastructure? 341**  Dragutin Vuković Chapter 16 **Adopting and Adapting Medical Approach in Risk Management Process for Analysing Information Security Risk 367**  Ganthan Narayana Samy, Rabiah Ahmad and Zuraini Ismail **Section 4 Finance and Economics 389**  Chapter 17 **Risk, Return and Market Condition: From a Three-Beta to a Functional-Beta Capital Asset Pricing Model 391**  Zudi Lu and Yuchen Zhuang

Contents VII

Chapter 18 **Linking U.S. CDS Indexes with** 

Hayette Gatfaoui

Irina Voronova

Chapter 20 **Supply Chain Risk Management**

**in the Electronics Industry 467** Frank Zwißler and Marco Hermann

**the U.S. Stock Market: A Multidimensional Analysis**

Chapter 19 **Financial Risks: Cases Of Non-Financial Enterprises 435** 

**with the Market Price and Market Volatility Channels 413**


VI Contents

**Section 2 Engineering 157** 

Chapter 8 **Uncertainties and Risk Analysis Related to Geohazards:**

Chapter 9 **A Monte Carlo Simulation and Fuzzy Delphi-Based** 

Roberta Pellegrino and Nicola Costantino

**Fire Risk Maps: The Trabzon Experience 215** Recep Nisanci, Volkan Yildirim and Yasar Selcuk Erbas

**Towards Modern Flood Risk Management 275** 

**IT Risks and Enterprise Risk Management 297** 

**Can We Build More Secure Infrastructure? 341**

**Process for Analysing Information Security Risk 367**

**Medical Approach in Risk Management** 

**From a Three-Beta to a Functional-Beta Capital Asset Pricing Model 391** 

Chapter 11 **Flood Risk Management in Rivers and Torrents 233** 

Chapter 12 **Analysis of Historical River Floods – A Contribution**

Abdul Rahman Ahlan and Yusri Arshad

Linda L. Golden and Whitley Wolman

Paul Dostal and Florian Imbery

Chapter 14 **Enterprise Cyber Risk Management 319** 

Olivier Deck and Thierry Verdel

Chapter 10 **Fire Analysis and Production of** 

Luca Franzi

Jochen Seidel,

**Section 3 Information Management 295**

Chapter 13 **Understanding Components of** 

Patrick L. Brockett,

Chapter 15 **Trust in an Asynchronous World:**

Ganthan Narayana Samy, Rabiah Ahmad and Zuraini Ismail

Chapter 17 **Risk, Return and Market Condition:** 

Zudi Lu and Yuchen Zhuang

**Section 4 Finance and Economics 389** 

Dragutin Vuković

Chapter 16 **Adopting and Adapting** 

**From Practical Applications to Research Trends 159** 

**Approach to Valuing Real Options in Engineering Fields 185** 

Preface

If you think predicting the future is risky, try ignoring it.

corporations that supposedly were conducting risk management.

factors that by themselves may not have resulted in a disaster.

present a unified theory of risk management.

Risk management is a topic on the agenda of an increasing number of organizations around the world for the last 20 years or so. In fact, due to the large number of corporate scandals, risk management has become central in the boardrooms of large enterprises around the world as some stock exchanges in fact demand risk management in the corporate governance work. Despite this, we have a financial crisis that abundantly illustrated that risks were not properly understood – also in

While risk management in corporate governance is a relatively new idea, we have been managing risk in engineering for decades. Yet, engineering disasters appears every now and then often indicating (*posteriori*) lack of, or at least insufficient, risk management. There are many other cases in all aspects of human society that could have been mentioned here, as well, but the point is that managing risks is difficult.

This illustrates further important facts about risk – it is pervasive, it is timeless and it is inevitable. The pervasiveness and timelessness of risk means that it is found in all kinds of scholarly disciplines and human endeavors. An important side effect is that it is often slowly emerging, which makes it even harder to address – disasters are rarely due to a single mistake or single source of problems, but due to a complex interplay of

Furthermore, because it is inevitable, risk has been addressed in a large number of ways. This means that basic terminology is still not unified. Depending on whom you ask, and what background they have, you will get different definitions and approaches towards risk management. The ISO 31000 Risk Management standard has therefore been developed to provide principles and generic guidelines on risk management (without intending to promote uniformity of risk management across organizations). Yet, many find the standard unsatisfactory and therefore find their own ways towards risk management. In this book, we therefore present a flavor of current advances in risk management theory as well as some cases with no attempt to

The Economist

## Preface

If you think predicting the future is risky, try ignoring it.

The Economist

Risk management is a topic on the agenda of an increasing number of organizations around the world for the last 20 years or so. In fact, due to the large number of corporate scandals, risk management has become central in the boardrooms of large enterprises around the world as some stock exchanges in fact demand risk management in the corporate governance work. Despite this, we have a financial crisis that abundantly illustrated that risks were not properly understood – also in corporations that supposedly were conducting risk management.

While risk management in corporate governance is a relatively new idea, we have been managing risk in engineering for decades. Yet, engineering disasters appears every now and then often indicating (*posteriori*) lack of, or at least insufficient, risk management. There are many other cases in all aspects of human society that could have been mentioned here, as well, but the point is that managing risks is difficult.

This illustrates further important facts about risk – it is pervasive, it is timeless and it is inevitable. The pervasiveness and timelessness of risk means that it is found in all kinds of scholarly disciplines and human endeavors. An important side effect is that it is often slowly emerging, which makes it even harder to address – disasters are rarely due to a single mistake or single source of problems, but due to a complex interplay of factors that by themselves may not have resulted in a disaster.

Furthermore, because it is inevitable, risk has been addressed in a large number of ways. This means that basic terminology is still not unified. Depending on whom you ask, and what background they have, you will get different definitions and approaches towards risk management. The ISO 31000 Risk Management standard has therefore been developed to provide principles and generic guidelines on risk management (without intending to promote uniformity of risk management across organizations). Yet, many find the standard unsatisfactory and therefore find their own ways towards risk management. In this book, we therefore present a flavor of current advances in risk management theory as well as some cases with no attempt to present a unified theory of risk management.

#### XIV Preface

The book is divided into four, broad topics – each covering an entire part of the book. The first topic is Health, Safety and the Environment (HSE) in which we have seven contributions. The opening chapter is written by R.I. Moraru and it concerns the identification of effective practices, processes and structures in occupational health and safety risk management. The authors identifies and argues that there is an urgent need for the formulation and implementation of a new management framework for occupational hazards; one that is appropriate for the new economic and occupational structure of work.

Preface XI

carried out by incident commanders and other professional leaders of emergency response units; the police, paramedics and fire brigade. The chapter gives insight in how risk assessment on-scene is performed and how effective risk assessment can be

The second part of the book, Part II, concerns Engineering. Here we have five chapters focusing largely on issues pertinent to geology and civil engineering, although there should be good thinking for other engineers as well. The first chapter (Chapter 8) in Part II concerns classic issues like uncertainty and risk. The authors – O. Deck and T. Verdel – focus on clarifying the interactions between risk management and uncertainties within the context of geohazards. Recent trends developed in the field of risk management within the context of mining subsidence

R. Pellegrino and N. Costantino have written Chapter 9. Here, they develop an approach to analyze real options in real world investment opportunities. It combines two well-known techniques, namely the Monte Carlo simulation for real option pricing and the fuzzy-Delphi method for eliciting probabilistic input parameters, when historical data are missing, from the knowledge of even more than one expert in

Chapter 10 provides a case from Turkey written by R. Niscanci, V. Yildirim, Y.S. Erbas where the city center of Trabzon was selected as the pilot area for the establishment of a sample fire database based on Geographic Information System (GIS) and as the basis of sample spatial queries in support of fire management. Specifically, an analysis of fire hydrant location was carried out and the related

From fire in Chapter 10, we move to river flooding in Chapter 11. L. Franzi provides in this chapter a concept of Flood Risk Management (FRM) with the aim of replacing the earlier and narrower paradigms of flood defense and flood control. The aim is to show and discuss the state-of-the–art as well as provide a more in-depth description of the FRM relating to the Northern part of Italy. It will be shown, in particular, that the effectiveness of the applied FRM strategies strongly depends on the uncertainties in the flood risk assessment. As a consequence, FRM strategies should be enough flexible to adapt to new circumstances and evidences, taking into account a good balance

Chapter 12 also concerns flood risk management. J. Seidel, P. Dostal and F. Imbery present a case study of the Neckar Catchment in southwest Germany where different methods are used applied to reconstruct and analyze two historical flood events in 1824 and 1882. These results were then used to extend the data series for a gauging station in the Neckar River where modern discharge data exists from 1921 and onwards. In total, the authors illustrate how this information can be used to produce

more stable calculation of return times and river discharge characteristics.

carried out in real time while the crisis unfolds on-scene.

hazards, are also discussed.

needs were identified.

a consistent, structured and transparent way.

between planning and civil protection.

Next, in Chapter 2, A. Haddad, E. Galante, R. Caldas and C. Morgado focus on the development and usage of a risk assessment methodology called Hazard Matrix (HM) and its application in Health, Safety and Environmental Management (HSE). The HM is a prioritization methodology suitable to be used in the analysis phase of a risk management program. The authors argue that the HM in HSE is a very powerful methodology to highlight critical hazards and sectors/areas in a business unit or company under study.

In Chapter 3, P. K. Marhavilas and D.E. Koulouriotis present a new risk assessment framework based on the combination of the deterministic FTA ("fault-tree-analysis") technique and the stochastic TRF ("time at risk failure)" model, and they apply it on an industrial worksite to test its usefulness.

Then, in Chapter 4, G. Improta, A. Fratini and M. Triassi present an example on a possible design and implementation of a Health Technology Assessment (HTA) protocol for the classification of hospitals or health facilities equipment, realized by combining the classic HTA concepts with hierarchic clustering techniques in a multidisciplinary analysis of requirements, cost, impact of logistics, technology associated risks.

Chapter 5 is written by R. Manigat, F. Allix, C. Frochot and J.C. André. They chose to develop a case study on nanomedicine based on nanotechnology, with integrated inputs from each individual of the multidisciplinary team (photo chemist conducting research in basic sciences, risk management specialist, public health medical specialist), in order to develop an interdisciplinary expertise open to large societal needs.

The objective of the 6th chapter, written by A. Castagnoli, M. Adversi, G. Innocenti, G.F. Di Nino and R. M. Melotti, is to update the state of the art on Post-Operative Residual Curarization (PORC) and risk management of patients with persistent neuromuscular blockade. They start by careful reviewing the literature using electronic databases, analyzing original papers, systematic reviews and guidelines and end up by suggesting possible ways to correctly prevent or manage PORC.

The final chapter in the first section – Chapter 7 – is written by E.L. Rake. It describes the assessments on-scene, the arena where the crisis take place, especially assessment carried out by incident commanders and other professional leaders of emergency response units; the police, paramedics and fire brigade. The chapter gives insight in how risk assessment on-scene is performed and how effective risk assessment can be carried out in real time while the crisis unfolds on-scene.

X Preface

structure of work.

company under study.

associated risks.

needs.

industrial worksite to test its usefulness.

The book is divided into four, broad topics – each covering an entire part of the book. The first topic is Health, Safety and the Environment (HSE) in which we have seven contributions. The opening chapter is written by R.I. Moraru and it concerns the identification of effective practices, processes and structures in occupational health and safety risk management. The authors identifies and argues that there is an urgent need for the formulation and implementation of a new management framework for occupational hazards; one that is appropriate for the new economic and occupational

Next, in Chapter 2, A. Haddad, E. Galante, R. Caldas and C. Morgado focus on the development and usage of a risk assessment methodology called Hazard Matrix (HM) and its application in Health, Safety and Environmental Management (HSE). The HM is a prioritization methodology suitable to be used in the analysis phase of a risk management program. The authors argue that the HM in HSE is a very powerful methodology to highlight critical hazards and sectors/areas in a business unit or

In Chapter 3, P. K. Marhavilas and D.E. Koulouriotis present a new risk assessment framework based on the combination of the deterministic FTA ("fault-tree-analysis") technique and the stochastic TRF ("time at risk failure)" model, and they apply it on an

Then, in Chapter 4, G. Improta, A. Fratini and M. Triassi present an example on a possible design and implementation of a Health Technology Assessment (HTA) protocol for the classification of hospitals or health facilities equipment, realized by combining the classic HTA concepts with hierarchic clustering techniques in a multidisciplinary analysis of requirements, cost, impact of logistics, technology

Chapter 5 is written by R. Manigat, F. Allix, C. Frochot and J.C. André. They chose to develop a case study on nanomedicine based on nanotechnology, with integrated inputs from each individual of the multidisciplinary team (photo chemist conducting research in basic sciences, risk management specialist, public health medical specialist), in order to develop an interdisciplinary expertise open to large societal

The objective of the 6th chapter, written by A. Castagnoli, M. Adversi, G. Innocenti, G.F. Di Nino and R. M. Melotti, is to update the state of the art on Post-Operative Residual Curarization (PORC) and risk management of patients with persistent neuromuscular blockade. They start by careful reviewing the literature using electronic databases, analyzing original papers, systematic reviews and guidelines and

The final chapter in the first section – Chapter 7 – is written by E.L. Rake. It describes the assessments on-scene, the arena where the crisis take place, especially assessment

end up by suggesting possible ways to correctly prevent or manage PORC.

The second part of the book, Part II, concerns Engineering. Here we have five chapters focusing largely on issues pertinent to geology and civil engineering, although there should be good thinking for other engineers as well. The first chapter (Chapter 8) in Part II concerns classic issues like uncertainty and risk. The authors – O. Deck and T. Verdel – focus on clarifying the interactions between risk management and uncertainties within the context of geohazards. Recent trends developed in the field of risk management within the context of mining subsidence hazards, are also discussed.

R. Pellegrino and N. Costantino have written Chapter 9. Here, they develop an approach to analyze real options in real world investment opportunities. It combines two well-known techniques, namely the Monte Carlo simulation for real option pricing and the fuzzy-Delphi method for eliciting probabilistic input parameters, when historical data are missing, from the knowledge of even more than one expert in a consistent, structured and transparent way.

Chapter 10 provides a case from Turkey written by R. Niscanci, V. Yildirim, Y.S. Erbas where the city center of Trabzon was selected as the pilot area for the establishment of a sample fire database based on Geographic Information System (GIS) and as the basis of sample spatial queries in support of fire management. Specifically, an analysis of fire hydrant location was carried out and the related needs were identified.

From fire in Chapter 10, we move to river flooding in Chapter 11. L. Franzi provides in this chapter a concept of Flood Risk Management (FRM) with the aim of replacing the earlier and narrower paradigms of flood defense and flood control. The aim is to show and discuss the state-of-the–art as well as provide a more in-depth description of the FRM relating to the Northern part of Italy. It will be shown, in particular, that the effectiveness of the applied FRM strategies strongly depends on the uncertainties in the flood risk assessment. As a consequence, FRM strategies should be enough flexible to adapt to new circumstances and evidences, taking into account a good balance between planning and civil protection.

Chapter 12 also concerns flood risk management. J. Seidel, P. Dostal and F. Imbery present a case study of the Neckar Catchment in southwest Germany where different methods are used applied to reconstruct and analyze two historical flood events in 1824 and 1882. These results were then used to extend the data series for a gauging station in the Neckar River where modern discharge data exists from 1921 and onwards. In total, the authors illustrate how this information can be used to produce more stable calculation of return times and river discharge characteristics.

#### XVI Preface

Then, in Part III, we change topicality radically and enter the world of Information Management. Here, we have four contributions. The first is made by A.R. Ahlan and Y. Arshad in Chapter 13. Here, they perform a thorough literature review to synthesize the risk factors associated with information technology (IT), or information system (IS), and subsequently categorize or classify them into a few main major themes to guide IT management in managing their risks.

Preface XIII

**Jan Emblemsvåg** 

Norway

STX OSV AS and Ålesund University College

I. Voronova investigates financial risks in the context of non-financial, small and medium-sized enterprises (SME) in Chapter 19. For SMEs the principle of KISS (Keep It Simple, Stupid) are important. The application of these principles in relation to the choice of the methods of financial risks assessment means that mainly simple methods should be used. The author evaluates the development in SMEs in nine East European countries concerning the usage of discriminant and conditional probability methods to assess, predict and manage risks related to liquidity, credit, decreasing financial

Since supply chains are very large systems with a great number of economic transactions, the book is closed off with a chapter that focuses on supply chains. In this final chapter, Chapter 20, F. Zwißler sets out to define basic terms in supply chain risk management before presenting the results of a survey from 2010. From this, he introduces an approach for identifying, assessing, and managing risks in a supply

In the *Hitchhiker's Guide to the Galaxy*, Vroomfondel states that "We demand rigidly defined areas of doubt and uncertainty". These rigidly defined areas, constituting science and engineering, have since the Renaissance undoubtedly produced great results in many avenues of human civilization. However, I cannot free my mind from Peter Bernstein's ascertainment that risk management approaches have led us as society to take risks we would otherwise not have embarked upon. It seems that good judgment is always needed and that risk management will always have an element of

As editor of the book, I hope you find all these chapters and pages to your satisfaction and a good source of new ideas and fresh thinking to help you in *your* thinking and

Concerns for man and his fate must form the chief interest of all technical endeavors.

practice. May we all keep in mind Albert Einstein's cautious words;

Never forget this in the midst of your diagrams and equations.

stability and insolvency/bankruptcy.

art.

chain, particularly to help SMEs with risk management.

In Chapter 14, P.L. Brockett, L.L. Golden and W. Wolman focus on enterprise cyber risk management and risk mitigation (as opposed to individual consumer cyber risk, which is not addressed in this chapter). They investigate cyber risks including information theft, compromise of consumer information, and the interruption of e-commerce and how these risks affect the economics and security of organizations.

With the development of internet technologies, transfer and storage procedures are becoming more asynchronous, and this introduces new risks in its own right. In Chapter 15, D. Vuković addresses this challenge and investigates what this means in terms of trust in the system and what we can do to the system infrastructure to increase its security and thereby trust. Basically, "could we envision a model for distributed computer system which would foster sociological notions of trust and confidence within the infrastructure?"

In Chapter 16, G.N. Samy, R. Ahmad and Z. Ismail introduce a new method for analyzing information security risk. They adopt a medical approach namely survival analysis and adapting the overall risk management process. Under survival analysis approach, a method which is known as Cox Proportional Hazards (PH) Model can be applied to identify significant information security threats. The overall risk management process is based on ISO 31000:2009.

Our final topic in Part IV is broadly defined as Finance and Economics. Z. Lu and Y. Zhuang start this part of the book with a technical chapter concerning the Capital Asset Pricing Model (CAPM) and how the beta risk is linked to the market condition as measured by the market volatility as modeled in the CAPM. This is a particularly interesting topic in the light of the recent interest in the large and unexpected swings in asset values.

From Chapter 17, Chapter 18 follows quite naturally as H. Gatfaoui assess the impact of the stock market trend on the credit market trend while describing also how the magnitude of stock market moves impacts the magnitude of credit market moves. The importance of this assessment is evident from the recent mortgage subprime crisis and the partly resulting global financial crisis which partly illustrate the weaknesses of prevailing risk management practices where Credit Default Swaps (CDS) or corporate bond spreads become highly sensitive to the stock market trend and/or the corresponding market volatility.

I. Voronova investigates financial risks in the context of non-financial, small and medium-sized enterprises (SME) in Chapter 19. For SMEs the principle of KISS (Keep It Simple, Stupid) are important. The application of these principles in relation to the choice of the methods of financial risks assessment means that mainly simple methods should be used. The author evaluates the development in SMEs in nine East European countries concerning the usage of discriminant and conditional probability methods to assess, predict and manage risks related to liquidity, credit, decreasing financial stability and insolvency/bankruptcy.

XII Preface

Then, in Part III, we change topicality radically and enter the world of Information Management. Here, we have four contributions. The first is made by A.R. Ahlan and Y. Arshad in Chapter 13. Here, they perform a thorough literature review to synthesize the risk factors associated with information technology (IT), or information system (IS), and subsequently categorize or classify them into a few main major

In Chapter 14, P.L. Brockett, L.L. Golden and W. Wolman focus on enterprise cyber risk management and risk mitigation (as opposed to individual consumer cyber risk, which is not addressed in this chapter). They investigate cyber risks including information theft, compromise of consumer information, and the interruption of e-commerce and how these risks affect the economics and security of organizations.

With the development of internet technologies, transfer and storage procedures are becoming more asynchronous, and this introduces new risks in its own right. In Chapter 15, D. Vuković addresses this challenge and investigates what this means in terms of trust in the system and what we can do to the system infrastructure to increase its security and thereby trust. Basically, "could we envision a model for distributed computer system which would foster sociological notions of trust and

In Chapter 16, G.N. Samy, R. Ahmad and Z. Ismail introduce a new method for analyzing information security risk. They adopt a medical approach namely survival analysis and adapting the overall risk management process. Under survival analysis approach, a method which is known as Cox Proportional Hazards (PH) Model can be applied to identify significant information security threats. The overall risk

Our final topic in Part IV is broadly defined as Finance and Economics. Z. Lu and Y. Zhuang start this part of the book with a technical chapter concerning the Capital Asset Pricing Model (CAPM) and how the beta risk is linked to the market condition as measured by the market volatility as modeled in the CAPM. This is a particularly interesting topic in the light of the recent interest in the large and unexpected swings

From Chapter 17, Chapter 18 follows quite naturally as H. Gatfaoui assess the impact of the stock market trend on the credit market trend while describing also how the magnitude of stock market moves impacts the magnitude of credit market moves. The importance of this assessment is evident from the recent mortgage subprime crisis and the partly resulting global financial crisis which partly illustrate the weaknesses of prevailing risk management practices where Credit Default Swaps (CDS) or corporate bond spreads become highly sensitive to the stock market trend and/or the

themes to guide IT management in managing their risks.

confidence within the infrastructure?"

in asset values.

corresponding market volatility.

management process is based on ISO 31000:2009.

Since supply chains are very large systems with a great number of economic transactions, the book is closed off with a chapter that focuses on supply chains. In this final chapter, Chapter 20, F. Zwißler sets out to define basic terms in supply chain risk management before presenting the results of a survey from 2010. From this, he introduces an approach for identifying, assessing, and managing risks in a supply chain, particularly to help SMEs with risk management.

In the *Hitchhiker's Guide to the Galaxy*, Vroomfondel states that "We demand rigidly defined areas of doubt and uncertainty". These rigidly defined areas, constituting science and engineering, have since the Renaissance undoubtedly produced great results in many avenues of human civilization. However, I cannot free my mind from Peter Bernstein's ascertainment that risk management approaches have led us as society to take risks we would otherwise not have embarked upon. It seems that good judgment is always needed and that risk management will always have an element of art.

As editor of the book, I hope you find all these chapters and pages to your satisfaction and a good source of new ideas and fresh thinking to help you in *your* thinking and practice. May we all keep in mind Albert Einstein's cautious words;

Concerns for man and his fate must form the chief interest of all technical endeavors. Never forget this in the midst of your diagrams and equations.

> **Jan Emblemsvåg**  STX OSV AS and Ålesund University College Norway

**Section 1** 

**Health, Safety and the Environment** 
