For most firms risk management is a necessary evil, increasingly consigned to being an adjunct to compliance, finance and other so called “business prevention” functions. Non-financial firms traditionally address risk through a series of transfer mechanisms, such as insurance, self-funded vehicles or they merely absorb unforeseen losses with their earnings. The financial sector, on the other hand, applies sophisticated statistical methods in a form of speculative risk management that captures the upside and the downside of risk-taking. These approaches are used to calculate value at risk (VaR), regulatory capital and other internal and external risk measures. Many of these methods, however, are based on backward looking book values and a permissive fox watching the chicken coop environment, wherein financial institutions often develop their own internal risk metrics with loose guidance from regulators.