Much has been written about enterprise risk management, yet ERM still does not appear to be gaining the traction it should with organizations that would benefit from its implementation.

Outside the financial services industry, ERM is practiced by few companies, and those that do have ERM programs tend to have very large balance sheets. But a new book proposes that organizations of all kinds—private, nonprofit and even government entities—can apply ERM to their benefit.

“Fundamentals of Enterprise Risk Management: How Top Companies Assess Risk, Manage Exposure and Seize Opportunity” by John J. Hampton offers insights and case studies of many actual companies, from American International Group Inc. to Boeing Inc. to IKEA.

Mr. Hampton is familiar to Business Insurance readers because he writes a regular column, “Emerging Risk Strategies,” in which he explores aspects of ERM, many of which he explores in depth in his new book. His column appears in print and online at www.BusinessInsurance.com/ERM. In addition to his frequent writings, Mr. Hampton is the KPMG professor of business and director of graduate business programs at St. Peter's College in Jersey City, N.J., and is a former executive director of the Risk & Insurance Management Society Inc.

According to Mr. Hampton, successful ERM programs need to align with an organization's business model, have owners accountable for every risk category, use a central risk function to scan for changing conditions, and apply technology to see risks and opportunities clearly.

Risk identification is vital to managing risk, but knowing that a single organization might face thousands of specific risks is not helpful. Rather, the ability to visualize risk in the context of an organization's business model is critically important, he writes. A knowledge warehouse offers the ability to share risk information, which also is critical.

Such a tool might have helped AIG avoid its near collapse in September 2008 and billions of dollars in federal assistance, Mr. Hampton suggests.

AIG has had 90 years of expertise underwriting insurance risks, which it always hedged in some fashion. But once AIG began doing business in noninsurance securitizations—that is, credit default swaps—it wrote enormous amounts of swaps unhedged and, worse, lost sight of its exposures. Without the ability to see clusters of risks and mitigation steps in the noninsurance setting, AIG was unable to assess how exposed it was to CDS relating to subprime mortgages. As we all know now, the subprime market blew up, devaluing hundreds of billions of dollars in assets underlying CDS written by AIG and others. The resulting triggering of collateral nearly bankrupted the world's largest financial services company. “A visual story supported by mitigation strategies and actions might help us identify an exposure before it becomes a crisis,” Mr. Hampton writes.

Examples in Mr. Hampton's book are not all lessons after disaster. Risk, after all, has upsides. He discusses best practices, such as those of IKEA in leadership. The Swedish home furnishings company used ERM to create a “state of mind” for its employees and customers that has produced strong financial results. IKEA, he writes, “takes advantage of beliefs, facts, emotions and assumptions, but not of the leaders themselves. Rather, of the customers.”

“Fundamentals of Enterprise Risk Management” offers insights for anyone eager to know more about ERM. Copies are available from AMACOM, a division of the American Management Assn., 1601 Broadway, New York, N.Y. 10019; www.amacombooks.org.