This chapter explores whether we can (and should) think of the EU as a unitary system or as one that allows for internal differentiation and layering, both in terms of the horizontal relationship between the EU Member States and the one between the EU and non-EU states. The chapter highlights the legal methods of differentiation, such as enhanced cooperation and opt-in and outs, and analyses the limits and pathologies of differentiating EU obligations. It also looks at the different models of differentiation that are available, beginning with the process of joining and leaving the EU, before moving on to think about the interaction between the EU and the EEA, the United Kingdom and the role of Free Trade Agreements. As we will see, the question of which model of cooperation to choose, or of how differentiated the EU should be, once again poses fundamental trade-offs between sovereignty and unity that ultimately depend on how we understand the EU’s purpose.

Much of the work involved in the development of medical software (and in particular the process of software validation) depends critically on an understanding of topics such as probability theory, statistics, and increasingly machine learning. The goal of this chapter is to provide students with some theoretical grounding in this general area.

This chapter sets out to analyse to what extent the role of the individual citizen in Europe, and the rights attached to that status, inform us about the nature of the EU. What does it mean, legally speaking, for someone to be an EU citizen? This chapter distinguishes between different types of citizenship. First, we can trace the emergence of an incipient form of supranational or federal citizenship. Second, we analyse the much more significant transnational citizenship that has been formed. This form of citizenship becomes stronger where the mobile European is economically active, and weaker where the mobile European is economically inactive. The reason for this fragmentation is simple: it aims to protect the national welfare systems. Third, we will look at the legal position of those individuals who find themselves on the EU’s territory without being European citizens, such as British nationals, refugees or third-country national spouses of EU citizens.

In this chapter, we describe some numerical methods used for calculating VaR and Expected Shortfall for losses related to investment portfolios, measured over short time horizons – typically 10 days or less. These are techniques commonly used for regulatory capital calculations under Basel III. We start with simple portfolios investments, and then add derivatives. We review the covariance approach, the delta-normal approach, and the delta-gamma-normal approach to portfolio risk measures. Each of these approaches ultimately uses a normal approximation to the distribution of the portfolio value. We also consider the use of historical simulation, based on the empirical distribution of asset prices over the recent past. Finally, we discuss backtesting the risk measure distributions. Backtesting is required under the Basel regulations.

The changeover from 1999 to 2000 introduced a major risk of system failure in computer systems worldwide. This had to do with older software’s use of two-digit numbers to store the year. As the year (in two digits) moved from 99 to 00, there were serious possibilities of many systems failing. This resulted in a huge effort to fix this problem across multiple major computer systems.

Risk measures are used to give a numerical value, measuring risk, to a random variable representing losses. In this chapter, we introduce several risk measures, including the two most commonly used in risk management: Value at Risk (VaR) and Expected Shortfall. The risk measures are tested for ‘coherence’ based on a list of properties that have been proposed as desirable for risk measures used in internal and regulatory risk assessment. We consider computational issues – including estimating risk measures – and standard errors from Monte Carlo simulation.

This chapter describes the process of creating a system requirements document which is one of the most important steps in the software life cycle. First, we orient ourselves as to our position in this life cycle (Section 12.1). Next, we present a brief review of key regulatory issues (Section 12.2), and following this we describe a template for creating this document (Section 12.3).

This chapter begins by defining what medical software is and what makes it unique, and describing the regulatory process that governs it (Section 1.1), including a brief introduction to industry standards. Following this, we discuss the constraints (both business and technical) placed on the software process by the medical environment (Section 1.2).

This vignette describes the accidental destruction of a multi-million-dollar outer space satellite, primarily due to inconsistency of mathematical units used in different components of the system. Poor fault analysis, decision-making, integration testing, and auditing led the Mars Climate Orbiter to burn up in Mars’ atmosphere, never to be contacted again.

“In this chapter, we consider how individual, univariate distributions can be combined to create multivariate, joint distributions, using copula functions. This can be very valuable when a firm is looking at aggregating dependent risks from different business units. We present Sklar’s seminal theorem, which states that for continuous distributions, every joint distribution can be expressed with a unique copula, and every copula defines a valid joint distribution.

We present some important copulas, both explicit and implicit, and discuss their features. We show how measures of rank dependency can be more informative than traditional correlation. In keeping with our interest in tail behaviour of loss distributions, we consider how different copulas exhibit different dependency in the tails of the marginal distributions.

Finally, we discuss construction and estimation of copulas.”

This chapter describes the regulatory process for medical software, with a particular emphasis on the documents issued by the United States Food and Drug Administration (FDA). We first describe the FDA itself (Section 2.1), including a brief history of how the current process has evolved over the past century.

In this chapter, we discuss stress and scenario tests and testing frameworks. We begin with an introduction to stress testing and a discussion of where stress and scenario testing is most useful, as well as noting some limitations. This is followed by a study of methods for designing and generating stress scenarios. We then discuss regulator stress tests, and illustrate using examples of past failures and successes of real-world stress tests.

In this appendix, we review the major concepts, notation, and results from probability and statistics that are used in this book. We start with univariate random variables, their distributions, moments, and quantiles. We consider dependent random variables through conditional probabilities and joint density and distribution functions. We review some of the distributions that are most important in the text, including the normal, lognormal, Pareto, uniform, binomial, and Poisson distributions. We outline the maximum likelihood (ML) estimation process, and summarize key properties of ML estimators. We review Bayesian statistics, including the prior, posterior, and predictive distributions. We discuss Monte Carlo simulation, with a particular focus on estimation and uncertainty.

To understand ‘Europe as a bureaucracy’, this chapter lays down a central principle underlying the EU’s bureaucracy – the notion of ‘institutional balance’. What is the EU’s institutional structure trying to balance? Answering this question is important to understanding how different institutions in the EU inter-relate. It also outlines the composition and powers of the main EU institutions and examines how these institutions produce law, examining the EU’s central decision-making process. As we will see, the practice of EU decision-making is often untransparent and complex. Yet these very features are difficult to avoid given the need to balance the different interests that have to be brought on board for EU policy to be both effective and legitimate. The EU’s bureaucracy creates inevitable trade-offs, the resolution of which depend on one’s normative view of what Europe is for.

In this chapter, we present an overview of enterprise risk management (ERM). We begin by discussing the concepts of risk and uncertainty. We then review some of the more important historical developments in different areas of risk management, propose a definition for ERM, and show how ERM has its origins in all of the individual areas of risk management that came before. We discuss how ERM can be implemented as an ongoing process, which is optimally built into the operations of an organization from the top down, through a risk governance framework. Stages of the ERM cycle include risk identification and analysis, risk evaluation, and risk treatment. Each of these stages is introduced in this chapter, and then developed in more detail in subsequent chapters.