Article

An analysis of the maturity and strategic impact of investments in ERM

February 2015
Journal of Accounting and Public Policy 34(3)

DOI:10.1016/j.jaccpubpol.2015.01.001

Authors:

Mark S Beasley

North Carolina State University

Bruce C. Branson

North Carolina State University

Don Pagach

North Carolina State University

Over the past decade, expectations for more effective oversight of risks by boards of directors have significantly increased. These expectations emanate from stock exchanges, regulators, credit rating agencies and other key stakeholders. Proponents of enhanced risk oversight argue that an increased understanding of enterprise-wide risks provides strategic benefit by helping the board and management identify and manage risks that may impact the achievement of strategic objectives while at the same time helping the board monitor the extent of risk-taking on the part of management in their desire to meet these objectives. In response to these growing expectations, some boards have asked management to explore implementation of a more holistic, top-down approach to risk oversight widely known as enterprise risk management (ERM) while others have not. Institutional theory would suggest that a number of organizations implement minimal elements of ERM for symbolic reasons, lacking substance in risk oversight. In contrast, agency theory would suggest that boards embrace explicit and robust risk oversight activities to monitor management’s risk-taking actions, and resource dependence theory would suggest that they also do so to help the organization achieve strategic objectives. Little is known about the way in which boards and management organize their processes and the impact of those processes on the level of ERM adoption. More importantly, little is known about the extent to which ERM is perceived to provide strategic benefit to those organizations that have invested in developing a robust ERM process. Based on data gathered from 645 survey responses from executives of organizations spanning a number of industries and sizes, we find that organizations with greater ERM maturity are significantly more likely to have taken steps to formally engage the board and senior management in specific risk oversight tasks (consistent with agency theory), and certain board and management risk practices are associated with perceptions that ERM provides strategic advantage (consistent with resource dependence theory).

Enterprise Risk Management Maturity and Organisational Ambidexterity: Evidence From German Mittelstand Firms

Article

Full-text available

Mar 2025
ACCOUNT FINANC

Enterprise risk management (ERM) may help firms balance tensions between explorative and exploitative innovation, thus achieving organisational ambidexterity. However, this potential effect has not yet been empirically examined by prior research. Drawing on a survey of privately-held German Mittelstand firms and quantitative analyses, we analyze the effect of ERM maturity on organisational ambidexterity. We find that ERM maturity is related to higher exploitation but not to organisational ambidexterity. Our findings also suggest that ERM maturity particularly fosters exploitation in smaller firms and organisational ambidexterity in family firms.

LOS FACTORES CRÍTICOS DE ÉXITO EN LA IMPLEMENTACIÓN DE LA GESTIÓN DE RIESGOS EN LOS INSTITUTOS FEDERALES DE EDUCACIÓN DE BRASIL

Thesis

Full-text available

Jul 2023

Lara Cristiane Santos

A gestão de riscos é considerada um componente essencial para a boa governança, sendo recomendado por todos os códigos de melhores práticas, e quando eficaz pode garantir com certo grau de certeza o alcance dos objetivos institucionais e a entrega de valor público à sociedade, uma vez, que auxiliam na alocação inteligente e eficiente de recursos, na redução de desperdícios e na mitigação de fragilidades da integridade institucional. No entanto, em que pese todos os esforços dos órgãos de controle nos últimos seis anos para incentivar a adoção dessa prática no setor público, já consolidada no setor privado, ainda é baixa a capacidade de lidar com os riscos e incertezas e um paradigma a ser alcançado. Diante do exposto, essa pesquisa teve como principal objetivo identificar quais são os principais fatores críticos de sucesso que influenciam a implementação da gestão de riscos nos Institutos Federais de Educação, Ciência e Tecnologia do Brasil. Para alcançar esse objetivo, foi realizada a revisão da literatura com o apoio da base de dados de diversas plataformas de pesquisa em relação às publicações de maior aderência ao tema, com a finalidade de identificar os fatores críticos de sucesso associados à implementação da gestão de riscos mais recorrentes na literatura. Os 12 (doze) fatores críticos de sucesso identificados na literatura foram categorizados e deram suporte a elaboração do questionário estruturado, que entre os resultados alcançados nessa pesquisa, identificou os principais FCS que influenciam a implementação da gestão de riscos: o coordenador/facilitador, a comunicação aberta e eficaz, a identificação e tratamento dos riscos-chave e a estratégia de gestão de riscos. Outro importante resultado, foi a constatação de que apesar dos FCS terem sido avaliados como influentes, sua presença ainda não é tão intensa nos IFs.

El Impacto de la Gestión de Riesgos en las Organizaciones: Una revisión de la literatura

Article

Full-text available

Dec 2023

Renzo Collins

Los eventos acontecidos en los primeros años del siglo XXI, como los escándalos financieros de Enron y WorldCom, y las crisis financieras, pusieron en evidencia, en primer lugar, importantes deficiencias en los procesos de control existentes y, en segundo lugar, dificultades de las empresas para estructurar modelos robustos de gestión de riesgos. Con la entrada en vigor de COSO ERM, ISO 31000 y la Ley Sarbanes Oxley -como principales marcos de referencia de modelos holísticos de gestión de riesgos-, se buscaba que las organizaciones mejoren sus capacidades para cumplir con sus objetivos estratégicos a través de actividades que atiendan la incertidumbre y, sobre todo, creen y retengan valor organizacional. Este artículo tiene como objetivo revisar las investigaciones realizadas sobre la eficacia que ha generado la gestión de riesgos en las organizaciones, realizando una revisión de la literatura en Scopus y la Web of Science. Esta revisión deja en evidencia que las investigaciones realizadas no son concluyentes con respecto a los reales impactos que generan los sistemas de gestión de riesgos y su contribución con la creación de valor e incremento de la rentabilidad financiera. Además, muestra que existe una brecha interesante para desarrollar futuras investigaciones, considerando que muchos de los estudios que se han realizado tienen un especial énfasis en el sector financiero, descuidándose otros sectores económicos igualmente importantes.

A maturity model for supply chain risk management

Article

Jul 2023
SUPPLY CHAIN MANAG

Purpose Supply chains are among the most important, complex and risky systems in the modern world. Thus, managing risk is no longer an option, but a fundamental process in organizations. Given the lack of pathways that guide companies toward supply chain risk management (SCRM), the purpose of this study is to provide a conceptual reference, in the form of a maturity model, to support them in the evolution and improvement of this process. Design/methodology/approach The proposal covered a broad literature review, a survey and a multiple case study. The research was conducted in the aerospace industry and included companies from the supply chain of a leading aircraft manufacturer. Findings The model elaborated with the research results has eight attributes and four levels, addressing critical issues for SCRM to achieve its scope and purposes. The attributes include the structuring and scope of the SCRM process, the importance it receives within the organization, the resources used and the qualification of employees, the role of leadership and the inter-organizational collaboration. Practical implications Managing risk along supply chains is particularly challenging, demands resources and knowledge and requires a continuous effort. The proposed model offers a reference for improvement, helping to identify areas that need to be strengthened and practices to be implemented. Thus, it can guide the focus and efforts in a more efficient and systematic way, in addition to support evaluations and comparisons. Originality/value Although maturity models are abundant in different fields and several are available for risk management, models specifically developed for SCRM are scarce. This study broadens the understanding of SCRM with novel insights about how to improve this process in an evolutionary way. While many researchers focused their efforts on the SCRM process steps, this study identified critical issues that transcend these steps. The research was carried out in a sector with a long tradition in risk management and included companies belonging to a same supply chain, that is, using an approach still little explored in studies on SCRM or risk management maturity models.

Understanding the Ecosystem of Enterprise Risk Governance

Article

Nov 2022

Approaches to risk governance are not homogeneous across organizations. Some organizations invest heavily in building formal and strategically focused enterprise-wide risk governance processes whereas others exhibit reduced formality and focus, allowing risk governance to be less structured. We argue that risk governance may best be described as a service dependent upon a network (or ecosystem) of participants who include users of risk information and providers who design and implement risk governance processes. Using a survey sample of 2,380 observations from 2011 to 2016, we find that external calls for enhanced risk governance are positively associated with risk governance processes having greater formality and strategic focus. We find this relationship is partially mediated by internal demands for enhanced risk governance. Further, we find that the positive association between internal demands and enhanced risk governance is reduced by resource constraints and that a risk-seeking attitude is negatively associated with enhanced risk governance. Data Availability: Contact the authors. JEL Classifications: G30; M10; M14; M40.

Qualitative Analysis of Enterprise Risk Management Systems in the Largest European Electric Power Companies

Article

Full-text available

Jul 2022

Enterprise risk management (ERM) is an important element of an efficient and comprehensive corporate governance system. It represents a combination of activities that minimise the negative impacts of the risk exposures on the company’s value and long-term corporate sustainability. Recently, there has been a growing awareness on the role and importance of the risk management function. Such trends are partly driven by the consequences of the last economic and financial crisis on the one hand, and on the other by legal and regulatory requirements. The economic downturn caused by the COVID-19 pandemic, volatility in the energy markets and increased uncertainty expected in the upcoming period reiterate the importance of timely risk management practices, because organisations with developed risk management systems are more resilient in case of crisis. This paper analyses the organisation and level of development of ERM systems in the ten largest European electric power companies. The companies’ data on risk management practices are collected from annual reports and analysed by applying Content Analysis (CA), searching for 29 characteristics of a developed ERM system. Research results reveal that ERM in the largest EU electric power companies can be considered as advanced as it applies the five dimensions of the COSO 2017 framework. The analysis confirms the existence of 27 out of 29 characteristics of a developed ERM system, confirming that these characteristics are rooted not only in the relevant ERM theory, but also in the practice of large and successful electric power companies.

Fatores Críticos de Sucesso na Gestão de Riscos: Uma Revisão da Literatura

Article

Full-text available

Feb 2025

A gestão de riscos de riscos é um componente essencial da boa governança e sua adoção contribui para o alcance dos objetivos institucionais. No entanto, a capacidade do setor público de lidar com os riscos e incertezas ainda permanece baixa e mantêm-se como um paradigma a ser alcançado. Os fatores críticos são elementos chave, norteadores do desempenho e aumento da performance do que se pretende alcançar. Assim, a realização da revisão sistemática da literatura buscou identificar, aprofundar e disseminar o conhecimento sobre os fatores críticos que impactam no sucesso das práticas relacionadas à gestão de riscos, de forma a contribuir com o direcionamento adequado de esforços e a adoção de melhores práticas para a implementação da gestão de riscos no setor público. PALAVRAS-CHAVE: Gestão de riscos. Fatores críticos de sucesso. Revisão da literatura

Management accounting control system and risk governance in public sector organizational resilience enhancement

Article

Full-text available

Jan 2025

This research seeks to examine the influence of the integration of management accounting control systems and risk governance (MACS-RG) on organizational resilience (OR) in public sector organizations (PSO). This investigation endeavors to offer critical insights in the enhancement of OR in the PSO by investigating the components of MACS-RG. The authors employ a two-phase methodology, incorporating both qualitative (Study 1) and quantitative (Study 2) approaches. The authors utilize qualitative research to reveal significant insights and develop a framework, which is later evaluated in the quantitative phase. The research results shed light on the significantly positive relationships among various components of MACS-RG, including continuous planning, internal control, increasing network with external stakeholders, performance measurement, risk management, with OR enhancement. The study holds important implications for managers, researchers, and individuals engaged in the making, implementing, or evaluating of decisions pertaining to the enhancement of OR via MACS-RG. The paper will delineate the strategic interventions necessary for the effective MACS-RG within the PSO context.

Modeling Enterprise Risk Management Ecosystems Using Text Analytics

Article

Full-text available

Jan 2025

Patipan Sae-Lim

In recent years, a paradigm shift in risk management has altered in a holistic way, which we call Enterprise Risk Management (ERM). ERM solves the limitations of Traditional Risk Management (TRM). Although firms perceive several benefits of ERM, the successful implementation of ERM rests upon institutional and contingency factors. The ERM approach then seeks to integrate the core system and processes of the firm rather than acting through silo perspective. With this in mind, this research applies text mining techniques to analyze bibliometric data from SCOPUS to propose the suitable ERM ecosystem. This longitudinal study uses 725 reliable documents across 26 years. The descriptive analysis relating to the journal, citation, author, and article performance is displayed. Text co-occurrence analysis of author keywords represented by network mapping shows five ecosystems that significantly integrate with ERM: (1) three lines of defense (3LOD), (2) corporate governance, (3) ERM framework, (4) firm culture, and (5) value creation. Ultimately, the hidden insight from the bibliometric data shows the correlation between ERM and modern firm direction such as sustainability.

Innovative Approaches to Improving the Process of Risk Management in the Context of Developing a Strategy for the Foreign Economic Activity of Enterprises

Article

Jan 2024

The article presents innovative approaches to improving the risk management process in the context of developing a strategy for foreign economic activity of enterprise. To identify risks and choose the optimal strategy for foreign economic activity of enterprises (FEA), economic and mathematical modelling was used using the risk matrix and the criteria of Bayes, Laplace, Wald, Savage, Hurwitz, Hodge-Lehman. To approbate the results of the study, enterprises of the pharmaceutical industry were selected. According to the theory of games, in order to improve the risk management process, elements of the payment matrix have been applied, which characterize the profit of pharmaceutical enterprises in foreign economic activity. The use of the Hurwitz criterion, which is a criterion of pessimism-optimism, made it possible to choose the optimal strategy for the selected enterprises. The developed matrix of risks of foreign economic activity (strategic, operational, financial and external) for the selection of the optimal strategy of foreign economic activity through the use of economic and mathematical modelling should be used to determine the risks of the greatest impact at different stages of foreign economic activity using the theory of games. The presented matrix of risks of foreign economic activity is built for domestic enterprises of the pharmaceutical industry and is aimed at improving the process of risk management of foreign economic activity, which will enable enterprises of the pharmaceutical industry to predict risks at the early stages of activity and take into account in the general concept of the strategy of foreign economic activity of enterprises. The pharmaceutical industry of Ukraine was chosen for research because it is the most popular in modern conditions, and, according to the results of the analytical review, very high-risk. That is why the use of economic and mathematical modelling for risk calculation allows to optimize the economic behaviour of domestic pharmaceutical enterprises, while providing a reliable basis for making sound strategic decisions in the process of risk management in the context of developing a strategy for foreign economic activity. The risk management process, consisting of 7 stages and 18 steps, has been improved, and innovative tools have been proposed that facilitate the implementation of risk management in the enterprise in the process of developing a foreign trade strategy. The use of economic and mathematical modelling in risk forecasting and the formation of a foreign economic activity strategy will help enterprise managers to significantly increase management efficiency, reduce risks at the stage of planning foreign economic activity. The article improves the risk management process, which consists of 7 stages and 18 steps, and offers innovative tools that facilitate the implementation of risk management in the enterprise in the process of developing a foreign trade strategy. The use of economic and mathematical modelling in risk forecasting and the formation of a foreign economic activity strategy will help enterprise managers to significantly increase management efficiency, reduce risks at the stage of planning foreign economic activity.

Risk Management: The Awareness of Public Managers on Risk as a Social Construction

Article

Full-text available

Jul 2023

Purpose: The aim of this study is to assess the risk awareness and appetite of public managers at each level, as well as the factors that support risk awareness. Risk awareness in Public Sector Organizations is critical as they face a growing set of uncertainties, far beyond the risks associated with financial performance. Theoretical framework: The theoretical aspect of this study was covered by previous studies published in international journals related to risk management. Design/methodology/approach: This article uses the case study method as a technique to collect and analyze data, aiming to understand how managers deal with risk in decision-making at various managerial levels. Findings: The findings of the study revealed a deficiency in risk awareness among public managers, which can be attributed to the failure of top-level managers to take action in implementing risk policies. Additionally, middle and lower-level managers appear to be trapped within the inflexible system established by top managers when responding to risks. Furthermore, public managers tend to address risks only after they have already had an impact. Research, Practical & Social implications: The study's importance to the accounting literature is to provide an overview of the social construction of risk awareness of public managers at every level related to their experience facing risk issues on strategic and operational issues. Originality/value: This study represents the initial endeavor to analyze risk awareness among managers at various levels in the public sector.

How corporate social responsibility mediates the relationship between corporate reputation and enterprise risk management: evidence from Spain

Article

Full-text available

Oct 2022

Enterprise risk management (ERM) systems lessen the probability of risks harming a firm’s reputation for a number of reasons. First, a high-quality ERM system makes it less likely a firm will suffer a risk-based reputational crisis. Second, ERM systems help companies to behave more responsibly towards all stakeholders, thereby ensuring firms meet stakeholders’ expectations. Third, when a crisis stemming from an uncontrollable risk occurs, a high-quality ERM system helps to reduce the negative impact on reputation because stakeholders will not attribute guilt to a firm which has acted responsibly in its risk management. In this research, we explore the link between corporate reputation and ERM systems together with the role played by corporate social responsibility (CSR) performance as a mediator. Our results support the notion that ERM system quality enhances CSR performance as well as corporate reputation. The results also confirm that ERM systems have a positive impact on corporate reputation via the mediating effect of CSR performance. Companies should therefore use risk management policies to bolster both their CSR and their reputation.

A Structured Approach to Enterprise Risk Management in Ethiopian Commercial Banks

Article

Apr 2025

The aim of the study was to develop an enterprise risk management framework for Ethiopian commercial banks. This approach is undertaken to enhance the risk management systems and practices and foster the soundness and stability of the Ethiopian banking system. The study employed a multi-stage mixed methods research design that includes content analysis, survey study and Delphi techniques. The study established an enterprise risk management framework that comprises seventy-one constructs and seven factors. The factors include Vision, mission, core values and strategy, Risk management environment, Risk management function, Risk Management tools and process, Risk appetite and tolerance limit, Alignment and integration, and Enhanced value.

Enterprise risk management (ERM) adoption in developing and developed markets: a comparative study

Article

Mar 2024

Ruchi Agarwal

Purpose This study aims to explore the adoption of enterprise risk management (ERM) in developing and developed countries. Is there a similarity or difference between the two contrasting institutional markets and the reasons behind them? Design/methodology/approach The adoption of ERM is analyzed on the basis of the institutional framework. The author draws empirical evidence by comparing the cases of a British and an Indian insurance company using evidence from multiple sources. This paper focuses on extra-organizational pressures exerted by economic, social and political situations across two countries that influenced the adoption decision of ERM. Findings The findings of this research revealed that early adopters of ERM in different institutional markets face coercive and normative pressure but not mimetic pressure. The adoption of ERM in India and the UK is dissimilar. Companies in the British insurance market encounter higher institutional forces than those in the Indian market because of higher coercive and normative pressure. The aspirations to adopt ERM in the Indian and UK markets included improved strategic decision-making to maintain stakeholder expectations and higher standards of corporate governance. In the UK, ERM was adopted to reduce surprises and fluctuations under flexible regulations but with stricter adoption and to improve credit ratings. Originality/value Previous literature has discussed ERM adoption in similar markets or within one market with similar institutional pressure. In contrast, this research is a comparative study that explains the analysis of institutional theory in two different institutional environments in the adoption of ERM.

Integriertes Risikomanagement - Unternehmensplanung und Value-Based Management als Treiber der Integration in kleinen und mittleren Unternehmen

Article

Nov 2024

The aim of this article is to identify key determinants for the implementation of robust and efficient risk management in small and medium-sized enterprises (SMEs). This research specifically analyzes the influences of corporate planning and value-based management, as well as their interaction with holistic risk management. By applying a structural equation model to data from a survey of 314 SMEs, the decisive success factors for comprehensive risk management are identified. The results manifest a positive, causal effect of corporate planning on risk management and value-based management. The present study also provides a theoretical framework for the systematic investigation of risk management maturity in SMEs.

OS FATORES CRÍTICOS DE SUCESSO NA IMPLEMENTAÇÃO DA GESTÃO DE RISCOS NOS INSTITUTOS FEDERAIS DE EDUCAÇÃO DO BRASIL

Article

Full-text available

Oct 2024

RESUMO A gestão de riscos é considerada um componente essencial para a boa governança, e quando eficaz pode garantir com certo grau de certeza o alcance dos objetivos institucionais e a entrega de valor público à sociedade, uma vez, que auxiliam na alocação eficiente de recursos, na redução de desperdícios e na mitigação de fragilidades. No entanto, em que pese todos os esforços dos órgãos de controle para incentivar a adoção dessa prática no setor público, permanece baixa a capacidade de lidar com os riscos e incertezas e um paradigma a ser alcançado. Diante do exposto, essa pesquisa teve como objetivo identificar quais são os principais fatores críticos de sucesso que influenciam a implementação da gestão de riscos nos Institutos Federais de Educação do Brasil. Para alcançar esse objetivo, foi realizada a revisão da literatura, que identificou 12 (doze) fatores críticos de sucesso (FCS), que deram suporte a elaboração do questionário estruturado aplicado à terceira linha de defesa. Entre os achados da pesquisa, identificou-se os principais FCS que influenciam a implementação da gestão de riscos: o coordenador/facilitador, a comunicação aberta e eficaz, a identificação e tratamento dos riscos-chave e a estratégia de gestão de riscos. Outro importante resultado, foi a constatação de que apesar dos FCS terem sido avaliados como influentes, sua presença ainda não é tão intensa nos IFs. PALAVRAS-CHAVE: Gestão de Riscos. Fatores Críticos de Sucesso. Institutos Federais de Educação do Brasil. ABSTRACT Risk management is considered an essential component for good governance, and when effective it can guarantee with a certain degree of certainty the achievement of institutional objectives and the delivery of public value to society, as they help in the efficient allocation of resources, in reducing waste and mitigating weaknesses. However, despite all the efforts of control bodies to encourage the adoption of this practice in the public sector, the capacity to deal with risks and uncertainties and a paradigm to be achieved remains low. In view of the above, this research aimed to identify the main critical success factors that influence the implementation of risk management in the Brazil Federal Institutes of Education. To achieve this objective, a literature review was carried out, which identified 12 (twelve) critical success factors (CSFs), which supported the development of the structured questionnaire applied to the third line of defense. Among the research findings, the main CSFs that influence the implementation of risk management were identified: the coordinator/facilitator, open and effective communication, the identification and treatment of key risks and the risk management

Supply chain risk management (SCRM) process: an analysis in the aerospace industry

Article

Sep 2024
Benchmark Int J

Purpose The study analysed the aerospace industry, a traditionally important sector for the topic of risk management, from three complementary perspectives: the supply chain risks present in the sector, the mitigation strategies adopted to face them, and the characteristics (dimensions) observed in the SCRM process of aerospace companies. Design/methodology/approach The research employed a quali–quantitative method: a survey was carried out, followed by interviews with professionals from companies belonging to different tiers of aerospace supply chains. Interviews helped to interpret the survey data and understand in more detail risk management in aerospace companies. Findings The study presents a panorama of the aerospace industry in terms of risk management. The sector’s turbulent environment is described as well as the strategies to prevent, minimise or postpone the impact of supply chain risks. In particular, ten dimensions that have been identified in the SCRM process of aerospace firms are discussed. These characteristics influence the objectives of this process and are related to resources, roles and responsibilities, incentives, development of competences and skills, scope (internal and external) and approaches to integrate decisions and actions in the context of the supply chain. Originality/value Articles that address the SCRM process usually focus on the process steps, whereas this study investigated dimensions that transcend these steps but whose discussion in the literature is still fragmented. It also analysed a reference sector for the topic from a broader perspective than others available in the literature (supply chain risks, mitigation strategies and characteristics of the SCRM process). Supply chain members with relationships with each other were investigated, a desirable approach for SCRM but still under-explored. The study also answers calls for industry-specific studies and research on emerging countries.

Internal control and risk management: From compliance to strategy. The case of risk mapping in a French insurance company

Article

Full-text available

Sep 2023

Gérald Naro

Early adopters of institutional creativity in integrated reporting

Article

Full-text available

Nov 2023
Rev Account Finance

Purpose In the last two decades, risk reporting has followed a normative and calculative culture rather than the “materiality” of data. Although integrated reporting (IR) has become flooded with extra information, it does not adequately disseminate material information to stakeholders. In addition, the poor tone from the top diminishes creativity. This study aims to investigate how companies creatively address issues of the materiality of risk information in IR and how IR can be aligned with enterprise risk management. Design/methodology/approach Qualitative research was conducted via interviews with 50 chief risk officers and senior management executives in the Indian and UK insurance markets. Findings Overall, five institutions were observed to exhibit elements of being early adopters of institutional creativity. This confirmed the present study’s theoretical contribution of five divergent types of early adopters. The motivations for creativity are reflected in the resources available to these institutions. Originality/value To the best of the authors’ knowledge, this study provides a new insight into IR from internal mechanisms to deal with issue of materiality.

Enterprise Risk Management: A Review and Conceptual Framework Encompassing Management and Accounting & Finance Disciplines

Article

Jan 2023

An Evolving Risk Landscape: Insights from a Decade of Surveys of Executives and Risk Professionals

Article

Full-text available

Jan 2023

We report on the results obtained from ten annual surveys of global business executives on their perceptions of the most significant risks facing their organizations in the ensuing calendar year. These surveys of C-suite executives, directors and other risk professionals elicit their concerns about risks that may affect their organization’s success over the near-term horizon (i.e., the next calendar year). After a decade, we believe these results provide an opportunity to examine how the global risk landscape has evolved. In addition, two additional survey questions allow us to examine how these executives view the overall risk context and how enterprise risk management (ERM) is deployed and augmented in the face of an escalating risk environment. On average, we find that executives view the risk landscape they face as persistently risky over the ten-year period, even during the relatively robust economic environments for much of that time frame. Two industries report much more volatility in their risk environments, with respondents from the Healthcare sector and in Technology, Media and Telecommunications acknowledging the largest volatility. We also observe an increase in entities’ decisions to devote more time and resources to risk management over the ten-year period, suggesting that ERM has become an essential mechanism for organizational success. Our goal is to highlight the realities of constantly changing risk conditions and how context (e.g., industry and time) is an important distinguishing factor that affects an organization’s given risk profile, which is relevant to both executives and academics. Collectively, our findings emphasize the importance of understanding the ever-changing context of an organization’s environment, that risk identification must be an ongoing process, and that there is no “one-size-fits-all” approach to risk governance. We believe all this signals the importance of future research to help organizations respond with robust risk governance.

Exploring the indirect links between enterprise risk management and the financial performance of SMEs

Article

Full-text available

Dec 2022
Risk Manag Int J

This paper responds to the lack of empirical evidence on how enterprise risk management (ERM) and the financial performance of small and medium-sized enterprises (SMEs) are related. Structural equation modeling is used to explore new mediators in the relationship between ERM and SME financial performance. The results show that organizational culture (mission dimension) and strategic risk management performance are full and positive mediators between ERM and financial performance. These research results highlight the fact that the implementation of ERM in an enterprise does not by itself generate the expected effects without the existence of a mature organizational culture and the monitoring of strategic risk management performance. These findings are particularly relevant for SMEs with “pretend ERM” that lacks the strategic and operational components. ERM also helps to transform the negative effect of foreign capital in SME equity on financial performance into a positive effect.

The Role of ERM and Corporate Governance in Managing COVID-19 Impacts: SMEs Perspective

Article

Full-text available

Dec 2022

SMEs are perceived as more exposed to the consequences of external shocks. The purpose of our work is to examine whether the ERM sophistication or corporate governance mechanisms could be relevant in resistance to COVID-19 shock in the SMEs. In particular, we hypothesize that the SMEs with greater degree of ERM sophistication and stronger CG mechanisms will have a clearer understanding about the severity of the impacts from COVID-19. Our empirical evidence is based on the results of a survey conducted within a large sample of SMEs operating in Poland and in Germany within different experimental settings. We have found that the ERM and CG sophistication influence the perception of COVID-19 interruptions and will alert companies to adjust their business strategy and organizational structure to better cope with effects of the current crisis. The proposed framework can also be a valuable tool for consultants to use to enhance the ERM systems in SMEs.

Spatial Distance and Risk Category Effects in Enterprise Risk Management Practice

Article

Apr 2022

Research suggests corporate board members would like to receive more information about how risk probabilities are estimated. We examine how spatial distance from a risk assessment target and risk category (operational versus non-operational risk factors) affects decision-makers' assessment of the probability that a given risk will materialize. Results from an experiment involving 141 risk managers provide some support for spatial distance effects. Importantly, we find the difference in decision-makers' probability assessments between operational and non-operational risk factors is greater when assessing a proximate rather than a remote target. We contribute to the accounting literature by demonstrating how spatial distance affects probability judgments. This is important as probability judgments are not only prevalent in managerial decision-making contexts but also in audit, tax, and other settings where decision-targets may be spatially removed from the decision-maker.

Does enterprise risk management benefit manufacturing firms? Evidence from China

Article

Full-text available

Oct 2022

It is observed that Enterprise risk management (ERM) framework has been adopted by some manufacturing firms in China in the past years. To investigate the effectiveness of ERM, data of A-share listed manufacturing firms in Shanghai and Shenzhen stock exchange during 2010-2019 are adopted from Wind database and CSMAR database, two large domestic databases, to examine the impact of ERM on value of manufacturing firms. Treatment effects model and genenralised method of moments (GMM) are employed to derive the empirical results. Our results show that adoption of ERM can add value to the firms, and firms benefit more from high-quality ERM program. Furthermore, the impact of ERM seems to be more significant among the manufacturing firms with smaller scale, or stronger institutional shareholding, or international business. Our findings encourage the manufacturing firms to implement ERM program and improve the program to achieve its targets.

The Financial Performance and the Impact of Gender Diversity in the High Management – Insights from the Banking Sector in Albania

Article

May 2025

Recently, the relationship between gender diversity and financial performance has become an important and controversial topic within the area of corporate governance. The purpose of this research is to explore the ongoing issue of gender diversity in the banking industry in Albania by paying attention to the impact of women as directors and senior managers on the organization's performance, aiming to find out if there is a relationship between gender diversity and organization performance. For this research, the authors have studied all the banks currently operating in Albania (11 banks in total) for a period of five years (2018 to 2022). The data related to the performance of the banks was collected by the annual reports published on the websites of the banks. ROA, ROE, and Net Profit were selected as indicators to measure the bank's performance with the percentage of women on boards, the percentage of women as senior managers, and the percentage of total women employed used to measure gender diversity and the board size as a control variable. The use of the regression model suggested that a higher presence of women in top leadership positions may not have the expected positive impact on the financial performance of banks, potentially due to factors like cultural barriers or tokenism. However, a higher proportion of women in the workforce was positively linked to better financial performance, indicating that women’s broader integration into the organization contributes to its success.

The Assessment of Enterprise Risk Management Practices of Ethiopian Commercial Banks

Article

Full-text available

Mar 2025

The study aims to examine the enterprise risk management (ERM) practices of Ethiopian commercial banks. This approach is undertaken to examine the current approach to enterprise risk management within the Ethiopian banking context. A mixed-methods research design is employed which comprises content analysis and a survey study. The study found that the prevailing emphasis of risk management functions in Ethiopian commercial banks revolves on ensuring compliance with regulatory reporting standards. A significant number of the banks have implemented ERM programs primarily to meet regulatory obligations, rather than leveraging ERM to generate firm value. The study identified several gaps in the risk management function of Ethiopian commercial banks, including lack of integration of risk management with the banks’ mission and core values, failure to assess the resources required for effective risk management and to prioritise resource allocation accordingly, inadequate coverage of relevant activities and functional areas by both risk management and internal audit activities, and limitations on the assignment of chief risk officers (CROs) to oversee the risk management function within the banks. Overall, the maturity level of ERM implementation among Ethiopian commercial banks is moderate and requires further enhancement.

Does Enterprise Risk Management Quality Constrain Real Earnings Management Practices? Evidence from Sub-Saharan Africa

Article

Feb 2025
Global Bus Rev

Oreshile Sulaiman

In the wake of curbing managerial opportunism and self-serving tendencies, this study investigates how enterprise risk management quality affects real earnings management practices in sub-Saharan African emerging markets. This study uses the least squares dummy variable estimator to analyze panel data from 186 non-financial firms across nine sub-Saharan African countries between 2014 and 2020. Additionally, two-stage least squares and a two-step generalized method of moments address potential endogeneity concerns. The analyses indicate that enterprise risk management quality restricts managerial real earnings management practices, particularly in Big4 audited, larger, more profitable and financially constrained firms. This result holds when considering alternative enterprise risk management quality and real earnings management measures, the disaggregated enterprise risk management quality, regional variations and endogeneity tests. Stakeholders, researchers and regulatory bodies should consider enterprise risk management quality crucial for assessing managerial opportunism via real earnings management practices, thereby mitigating information asymmetry risks. This study offers an emerging market perspective, demonstrating that sub-Saharan African firms with high-quality enterprise risk management can safeguard themselves against managerial opportunism.

Board Risk Oversight and Environmental and Social Performance

Article

Nov 2024
J ACCOUNT ECON

Strategies for implementing risk management in Brazilian state governments

Article

Jul 2024

Purpose This study explores how public sector risk management (RM) is implemented in 6 Brazilian state governments, given the existence of contextual factors in the settings. Design/methodology/approach The cases were selected following a methodological protocol, resulting in the collection of 12 interviews with government policymakers (GPMs), supplemented with legislation and website content. All collected data were analysed through the qualitative content analysis method under the multi-case study methodology. Findings Empirical evidence shows that the settings strive to operationalise public sector RM by using implementation strategies. These strategies are developed by the GPMs and represent the consequence of the influence of three perceived contextual factors: weak sup-port from some public top managers, a pre-existent innovation-oriented culture, and risk types. Moreover, developing the maturity of RM implementation was observed as being difficult given the weak support from public top managers. Practical implications This study suggests that RM is not always easily implemented in the public context. Therefore, this article provides some tips that help mitigating this problem by involving actions that stimulate a deeper engagement of public top managers and that bring RM to a more strategic place in the governments. Originality/value This article explores RM in the public sector at the government level, demonstrating that strategies can be developed by GPMs to address contextual factors that can make the implementation of RM difficult, as indicated in the study.

Strategie

Chapter

Sep 2024

Khalil Dindarian

Enterprise Risk Management

Chapter

Full-text available

Sep 2024

Khalil Dindarian

Resilienz

Chapter

Sep 2024

Khalil Dindarian

Texto para Discussão 2908

Book

Aug 2023

A administração pública brasileira adotou a gestão de riscos (GR) como prática de boa governança. A obrigatoriedade de sua implementação contempla todos os órgãos e entidades do Poder Executivo federal (PEF), com ampla difusão de normativos e manuais que abrangem também os demais poderes e níveis federativos. Em contrapartida, há uma carência de estudos mais amplos ou sistemáticos sobre o assunto na literatura nacional. Esta é a terceira publicação de uma série de três textos para discussão inter-relacionados produzidos pelo Instituto de Pesquisa Econômica Aplicada (Ipea) sobre a temática da relevância e da implementação da GR. A série se iniciou com o título Competência versus Incerteza: atitudes pessoais e percepção sobre gestão de riscos no âmbito da administração pública federal e também conta com a pesquisa Em Busca de Fatores que Levam a uma Implementação Efetiva da Gestão de Riscos em Órgãos Públicos: estudo exploratório a partir da abordagem contingencial (no prelo). Utilizando dados secundários provenientes de várias fontes (como o Tribunal de Contas da União – TCU –, o Sistema de Administração Financeira e Controle – Siafi – e o Portal da Transparência), com base no exercício de 2018, o objetivo deste estudo foi verificar empiricamente quais fatores influenciam o nível de práticas de GR, a partir da abordagem da Teoria Contingencial (TC). Para isso, se considerou a GR como parte integrante do Sistema de Controle Gerencial (SCG) das organizações. Os resultados encontrados demonstraram que os níveis de práticas de GR são influenciados de forma significativa pelo estabelecimento da estratégia organizacional.

Enterprise risk management and organizational performance: exploring mediation effects of entrepreneurial orientation

Article

Full-text available

Apr 2024
Risk Manag Int J

This study presents a conceptual model of mediation effects that Entrepreneurial Orientation (EO) has on relationship between Enterprise Risk Management (ERM) and organizational performance. Empirical evidence suggests a very limited scope of ERM relation to performance, but full mediation effect of EO dimension innovation and proactivity is confirmed on relation between ERM strategic factor and new product development. Our research contributes scientifically because it is the first research that explores how ERM and EO interwind in companies. From the practical point of view, our results may be valuable to managers aiming to increase company’s resilience by introducing innovation or are in the process of encouraging a more proactive behaviour. According to our findings, they may benefit from establishment of a sound ERM strategic framework prior to entering innovation or proactivity process, in terms of new product development.

PENGARUH EFEKTIVITAS KOMITE AUDIT TERHADAP REPUTASI PERUSAHAAN DENGAN ERM SEBAGAI VARIABEL MODERASI

Article

Full-text available

Jan 2024

Tujuan dari penelitian ini adalah untuk menguji pengaruh efektivitas komite audit terhadap reputasi perusahaan. Lebih lanjut, penelitian ini juga menguji Enterprise Risk Management (ERM) dalam memoderasi hubungan efektivitas komite audit terhadap reputasi perusahaan. Sampel dalam penelitian ini adalah perusahaan manufaktur yang terdaftar di Bursa Efek Indonesia periode 2018-2022 dan mempunyai index CII selama rentang waktu tersebut. Hasil penelitian ini menunjukkan bahwa komite audit tidak mempunyai pengaruh terhadap reputasi perusahaan. Enterprise Risk Management (ERM) tidak mempunyai pengaruh moderator terhadap hubungan efektivitas komite audit terhadap reputasi perusahaan.

PRisk-MM: a public sector risk management maturity model for Brazilian public organisations

Article

Dec 2023

Enterprise Risk Management as Part of the Organizational Control Package: Review and Implications for Management Accounting Research

Article

Jul 2024
J Manag Account Res

Research on enterprise risk management (ERM) has increased considerably in the past two decades. While management accounting researchers have substantially contributed to these advancements, previous reviews of the ERM literature have not discussed in depth the role of ERM as part of the organizational control package and how management accounting research could build on its research traditions to further our collective understanding of ERM. In this paper, we therefore adopt a management control perspective to critically analyze both quantitative and qualitative empirical ERM research, and specifically focus on the integration of ERM in organizational control packages. Taking a complementary perspective and accounting for the decision-facilitating and decision-influencing purposes of MACS, we recommend several broader avenues for future management accounting research on ERM.

Drivers for the maturity of integrated governance in organizations—An empirical investigation

Article

Nov 2023

This paper sheds light on the factors driving the maturity levels of integrated governance by analysing survey responses from 148 companies that reported on their efforts to coordinate and align their separated assurance functions. When an organization's assurance functions lack coordination, it can lead to challenges like isolated risk functions, incomplete risk coverage and redundant controls. Integrated governance aims to incorporate and optimize on organization's assurance functions to support an effective risk control environment and the integrity of information used by management and the governing bodies. Despite this goal, research indicates that no organization has achieved a mature level of integrated governance yet. To address this research gap, we identify key drivers for integrated governance maturity such as the awareness of integrated governance within the organization, the implementation of the Three Lines (of Defense) Model and the maturity levels of subsystems, that is, the risk management function and the internal control system.

Contrôle interne et management des risques : de la compliance à la stratégie: Le cas d’une cartographie des risques dans une compagnie d'assurance française

Article

Apr 2023

Lors des deux dernières décennies, l’ensemble des dispositifs destinés à anticiper et prévenir les risques économiques et financiers se sont fortement développés. Dans ce contexte, différents référentiels et méthodes de gestion des risques ont vu le jour, incarnant l’espoir d’une meilleure maîtrise des aléas du monde économique, et ce tant au niveau des entreprises qu’au niveau sociétal. Parmi les dispositifs les plus courants, le contrôle interne est surtout orienté vers la sécurisation du reporting financier et vers la conformité vis-à-vis des lois et règlements. Progressivement, a émergé la nécessité d’élargir le pilotage des risques à d’autres dimensions, dans une perspective stratégique et non plus seulement technique. L’ Enterprise Risk Management (ERM), qui incarne ce besoin, a suscité de nombreux travaux académiques. Cependant, ceux-ci laissent sous silence les modalités concrètes de mise en œuvre et de fonctionnement de l’ERM, ainsi que ses liens avec les autres dispositifs, en particulier le contrôle interne. Ce travail de recherche est basé sur l’étude de cas d’une entreprise d’assurance ayant mis en œuvre depuis une vingtaine d’années une cartographie des risques répondant à la fois à des préoccupations de compliance, et à des besoins liés à sa réflexion stratégique. L’observation de cette entreprise permet de décrire en profondeur un dispositif d’ERM et de mieux comprendre son fonctionnement et son articulation avec la fonction de contrôle interne.

Enterprise Risk Management

Chapter

Full-text available

Aug 2023

Khalil Dindarian

Understanding ERM processes and their practical application helps us to discover how organizations can deal with emerging risks. Although the traditional ERM approach gained renewed interest following the 2008 financial crisis and is applied for legal and regulatory compliance, it is not very effective in addressing unexpected and potentially catastrophic risks. A more holistic approach to risk management is required, which we might call Enterprise Resilience. In this chapter, the various definitions of ERM and its processes are discussed, and the distinction between ERM and Enterprise Resilience is clarified, so that we might better understand the interdependencies of the risks that organizations face, and how they might align their strategy and objectives with such risks.Enterprise Resilience is designed to provide a methodology for the integration of emergent risks with strategic risk, and for recognizing the interconnectedness of risks so as to enable practitioners to interrelate emerging risks through robust analytical methods.

Case Study II Enterprise Risk Management

Chapter

Full-text available

Aug 2023

Khalil Dindarian

This chapter describes an ERM case study that includes the Governance process for ensuring the transparency of consequences and the way senior executives direct and control their organization. There are different interests and expectations at every level, such as the Audit Committee of the Supervisory Board, the Board itself, the Executive Board, the Corporate Risk Committee, the divisional lines, the business-unit lines, the country lines and, finally, middle- and lower management. Nevertheless, the Board of Directors provides a functioning ERM system that will not overlook any major issues that could harm the business.The way that corporate finance, risk management, and external audit functions—including governance owners such as IT, HR, legal-&-compliance, and the supply chain—cooperate with each other is presented, as is an explanation of how emergent risks are identified at corporate level. Furthermore, the decision-making processes on individual project portfolios, including business risk, legal-&-compliance, commercial, and various technical areas are discussed.

Building the Conceptual Enterprise Resilience Framework

Chapter

Full-text available

Aug 2023

Khalil Dindarian

An analysis of the four knowledge areas of Strategy, Resilience, Complexity, and ERM has allowed us to better understand their relationship with each other. We know that changes in the business and operating environment influence strategic thinking and decision-making, making strategic planning essential. It is now time to turn our attention to how this knowledge and understanding might be employed to create a strategy that will be effective in times of uncertainty arising from complex environmental changes that can severely damage business continuity. The proposed Enterprise Resilience Framework can form the basis of this strategy.The characteristics of strategic management are identified, with a look at the critical factors of strategic decision-making and those contributing to Complexity. The relationships between nine key strategic factors and resilience are established, and the processes of different ERM frameworks and risk factors are shown.

Strategy

Chapter

Full-text available

Aug 2023

Khalil Dindarian

In this chapter, the various definitions of Strategy are considered in theoretical terms. In order to understand how effective emergent strategies are characterized by Resilience, the following are discussed: Qualifying Enterprise Resilience as a Strategic Objective Qualifying ERM as a Strategic Decision-making Property The proposed relationships between, respectively, strategy and resilience, strategy and ERM, and Strategic management and strategy formulation It can be seen that strategic management is a framework for analyzing the environment, for integrating enterprise activities, for learning, and for adapting to change. It ensures business continuity, thus creating added value for shareholders and stakeholders, both in the present and into the future, even in times of complex environmental change.Resilience is, it can therefore be concluded, a strategic objective, since effective emergent strategies are characterized by Resilience, while ERM is a property of strategic thinking and decision-making.

Resilience

Chapter

Full-text available

Aug 2023

Khalil Dindarian

The purpose here is to better understand the characteristics of Enterprise Resilience and how it is concerned with emergence—a characteristic of Complexity (discussed in Chap. 4)—and the relationship between Resilience and Complexity is explored. Discussion includes the identification of the characteristics of a resilient organization and the application of the concept of a Complex Adaptive System for a holistic assessment of complex issues in order to address them. The assessment of Organizational Resilience and Risk Management can and should be aligned, to close the dangerous gap in the Resilience profile of an enterprise. Ultimately, Resilience can be considered an emergent property that concerns a system’s ability to deal with high levels of uncertainty and to adapt to Black Swan threats, and an emergent, adaptive process.An Enterprise Risk Framework is offered, which is suitable for establishing Organizational Resilience as a strategic objective that can be defined by competitive advantage, business continuity, stakeholders, and value for shareholders.

Risk governance as a line of defense: Systematic review of hotspots for future research

Article

Full-text available

May 2023

To forestall future financial crises, risk governance has been embraced as a line of defense. Therefore, this paper seeks to synthesize the risk governance literature, identifying gaps, and suggesting direction for future research, through a systematic literature review (SLR). Analyzing 151 papers from the Scopus and Web of Science databases, this paper finds a steady increase in academic work on risk governance. Using the theory, context, characteristics, and methodology (TCCM) framework, the study emphasizes the importance of chief risk officers, geographical context coverage, and effectiveness and regulation of risk governance. Methodologically, endogeneity issues are a major concern for researchers, agency theory (AT) being the most popular theory used. Finally, moderating and mediating variables that affect risk governance are identified as important but under-explored. While providing practitioners and policymakers with a framework, empirical testing is encouraged. The study contributes to SDG Goal 8, Target 10 of strengthening financial institutions and promoting a resilient financial system.

What entails risk management maturity in public organisations?

Article

Mar 2023

This article investigates which attributes and contingent factors are crucial to develop a public sector risk management maturity model (PSRMMM). The purpose of this study is not to provide a PSRMMM per se, but to be a scientific reference in the creation of future models to better guide public organisations. Accordingly, enterprise risk management literature and specific public sector factors were analysed to build a questionnaire that was carried out in Brazilian federal and state public organisations. Next, a path of multivariate statistical techniques (CATPCA, K-modes, and multinomial logistic regression analysis) was used to analyse the data collected from 330 survey responses. Results reveal that 12 statistically significant variables explain 5 different levels of public sector risk management maturity. This study stands out for its originality in indicating the main contingent factors and attributes a PSRMMM must have per level of maturity, facilitating the development of prescriptions to guide implementation improvements. Moreover, this study has practical implications to government policymakers who use PSRMMM to assess the performance of public organizations in implementing risk management frameworks.

The Role of Construal Alignment in Enterprise Risk Management

Article

Jul 2021

According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO 2017), two important elements of an organization's enterprise risk management (ERM) framework are its risk management philosophy, and its risk appetite and tolerance. Based on Construal Level Theory (CLT), we posit that the effectiveness of ERM depends on the extent of alignment (non-fit or fit) between mental representations (high versus low construal) of those two ERM elements. We test our hypothesis across two risk cases: safety and confidentiality. Results of our experiment suggest that employees are more proactive when there is a construal fit between the emphasis placed on a firm's risk management philosophy and its expression of the key risk indicators (KRIs). This benefit is observed in the confidentiality case, but not in the safety case. Implications are discussed.

How big data analytics enables the alliance relationship stability of contract farming in the age of digital transformation

Article

Jul 2022
INFORM MANAGE-AMSTER

Notwithstanding the potential of big data analytics technology for alliance management, there is a lack of understanding of how such digital technology influences alliance relationship stability (ARS). Drawing on the information technology-enabled organizational capabilities (IT-enabled OCs) perspective, this study empirically verifies that big data analytics promotes ARS and risk management capability. Moreover, market risk management capability (MRM) enhances ARS, and data quality moderates the relationship between big data analytics usage (BDU) and MRM. This research reveals the impact mechanism of BDU on the ARS. Implications for management and future research are presented as well.

Disclosure Committees: Implications for Disclosure Quality and Timeliness

Article

Full-text available

Jun 2022
EUR ACCOUNT REV

To help companies comply with the certification requirements under Section 302 of SOX, the SEC recommends issuers form a disclosure committee, 'for considering the materiality of information and determining disclosure obligations on a timely basis' (SEC 2002a). While the importance of disclosure committees has been acknowledged by practice, little academic research has examined disclosure committees. In this study, we examine the effects of disclosure committees on disclosure quality and timeliness. We find that the presence of disclosure committees is associated with higher quality and more timely corporate disclosure. These results are distinct from the effects of other documented corporate governance mechanisms and robust to the use of controls for potential correlated omitted variables and endogeneity. In addition, we provide evidence that the benefits of disclosure committees on disclosure quality are greater if membership detail is publicly revealed and that benefits of the committee may be greatest for firms that experience a negative disclosure event. Lastly, we provide evidence that disclosure committees are associated with higher quality earnings announcements and lower likelihood of receiving a severe SEC comment letter. Collectively these results suggest disclosure committees are not merely 'window dressing', a conclusion with implications for practitioners, regulators, and academics interested in improving corporate disclosure practices.

Corporate Linkages and Organizational Environment: A Test of the Resource Dependence Model

Article

Full-text available

Oct 1990
STRATEGIC MANAGE J

Brian K. Boyd

Two competing models of corporate boards are presented. Management control proposes that the board is a rubber stamp for management, and plays a minor role in strategic management, while resource dependence asserts that the board is a tool used to manage environmental uncertainty. A structural model was developed to determine whether corporate boards respond to different types of environmental uncertainty, using data on 147 companies from nine industry groups. It was found that boards tended to be smaller in a more uncertain environment, while having an increased number of interlocks. This relationship was stronger in high-performing firms.

Information Conveyed in Hiring Announcements of Senior Executives Overseeing Enterprise-Wide Risk Management Processes

Article

Jul 2008

Enterprise risk management (ERM) is the process of analyzing the portfolio of risks facing the enterprise to ensure that the combined effect of such risks is within an acceptable tolerance. While more firms are adopting ERM, little academic research exists about the costs and benefits of ERM. Proponents of ERM claim that ERM is designed to enhance shareholder value; however, portfolio theory suggests that costly ERM implementation would be unwelcome by shareholders who can use less costly diversification to eliminate idiosyncratic risk. This study examines equity market reactions to announcements of appointments of senior executive officers overseeing the enterprise's risk management processes. Based on a sample of 120 announcements from 1992-2003, we find that the univariate average two-day market response is not significant, suggesting that a general definitive statement about the benefit or cost of implementing ERM is not possible. However, our multiple regression analysis reveals that there are significant relations between the magnitude of equity market returns and certain firm specific characteristics. For nonfinancial firms, announcement period returns are positively associated with firm size and the volatility of prior periods' reported earnings and negatively associated with leverage and the extent of cash on hand relative to liabilities. For financial firms, however, there are fewer statistical associations between announcement returns and firm characteristics. These results suggest that the costs and benefits of ERM are firm-specific.

Separation of Ownership and Control

Article

Jan 1983

This paper analyzes the survival of organizations in which decision agents do not bear a major share of the wealth effects of their decisions. This is what the literature on large corporations calls separation of 'ownership' and 'control.' Such separation of decision and risk bearing functions is also common to organizations like large professional partnerships, financial mutuals and nonprofits. We contend that separation of decision and risk bearing functions survives in these organizations in part because of the benefits of specialization of management and risk bearing but also because of an effective common approach to controlling the implied agency problems. In particular, the contract structures of all these organizations separate the ratification and monitoring of decisions from the initiation and implementation of the decisions.

The Valuation Implications of Enterprise Risk Management Maturity

Article

Mar 2014
J RISK INSUR

Enterprise Risk Management (ERM) is the discipline by which enterprises monitor, analyze, and control risks from across the enterprise, with the goal of identifying underlying correlations and thus optimizing the risk-taking behavior in a portfolio context. This study analyzes the valuation implications of ERM Maturity. We use data from the industry leading Risk and Insurance Management Society Risk Maturity Model over the period from 2006 to 2011, which scores firms on a five-point maturity scale. Our results suggest that firms that have reached mature levels of ERM are exhibiting a higher firm value, as measured by Tobin's Q. We find a statistically significant positive relation to the magnitude of 25 percent. Upon decomposition of the maturity score, we find that the most important aspects of ERM from a valuation perspective relate to the level of top–down executive engagement and the resultant cascade of ERM culture throughout the firm. Firms that have successfully integrated the ERM process into both their strategic activities and everyday practices display superior ability in uncovering risk dependencies and correlations across the entire enterprise and as a consequence enhanced value when undertaking the ERM maturity journey ceteris paribus.

Conjectures regarding empirical managerial research

Article

Jerold L. Zimmerman

Form Versus Substance: The Implications for Auditing Practice and Research of Alternative Perspectives on Corporate Governance

Article

Nov 2008

The objective of this paper is to provide a more comprehensive view of corporate governance than that considered by the traditional agency literature predominately employed in auditing and accounting studies of governance. Specifically, we discuss three widely recognized additional theoretical perspectives: resource dependence, managerial hegemony, and institutional theory. Resource dependence is developed in the strategic management literature and focuses on the contribution of governance mechanisms as a vehicle to help a firm achieve or further its strategic objectives. In contrast with the agency and resource dependence perspectives which offer a functional view of governance, the managerial hegemony perspective views the board and its attendant committees as being under the control of management and hence could be potentially viewed as dysfunctional from a stakeholder viewpoint. Finally, institutional theory, developed in the sociology of organizations and organizational behavior literatures, suggests that it is necessary to understand the substance of the interactions between different governance parties and how these parties use at times symbolic gestures and activities to maintain their form to all relevant parties. Although the value of using multiple theoretical perspectives with respect to governance has been well recognized in the economics and behavioral literatures, this is the first paper that we are aware of that examines the effect of using alternative theories of governance on auditing issues that are influenced by the governance structure of a firm. In addition, we examine how these theories provide a useful basis for reconciling conflicting findings in the existing agency-based audit-related governance literature. Finally, we provide examples of how these alternative theories provide important new insights to issues in auditing research and practice.

Expanding the Scope of Institutional Analysis

Article

Jan 1991

Walter W. Powell

Report on the Current State of Enterprise Risk

Article

Jan 2009

The Value of Investing in Enterprise Risk Management

Article

Apr 2010
J RISK INSUR

A BSTRACT Prior studies show that enterprise risk management improves firm performance. This article investigates which aspects of enterprise risk management add value. We find that the use of economic capital models and dedicated risk managers improve operating performance. Requiring the dedicated risk manager report to the board of directors or to the chief executive officer (CEO) also increases value. The following combination of enterprise risk management initiatives yields the greatest increase in firm value: a simple economic capital model, a dedicated risk manager that is a cross‐functional committee, and requiring the risk manager report to the board or CEO.

Enterprise Risk Management Program Quality: Determinants, Value Relevance, and the Financial Crisis

Article

Jul 2012
CONTEMP ACCOUNT RES

This paper investigates factors associated with high quality Enterprise Risk Management (ERM) programs in financial services firms, and whether ERM quality enhances performance and signals credibility to the financial markets. ERM, developed with the assistance of the accounting profession, provides a framework and plan to integrate management of all sources of risk. Challenged by measurement difficulties common to research on management control systems, prior ERM studies present mixed findings. Using ERM quality (ERMQ) ratings of financial companies by Standard & Poor’s, we find that higher ERMQ is associated with greater complexity, less resource constraint, and better corporate governance. Controlling for such characteristics, we find that higher ERMQ is associated with improved accounting performance. Results show a market reaction to signals of enhanced management control from initial ERMQ ratings and rating revisions, and a stronger response to earnings surprises for firms with higher ERMQ. Focusing on the recent global financial crisis, our analysis suggests that there is no relation between ERM quality and market performance prior to and during the market collapse. However, returns of higher ERMQ companies are higher during the market rebound. Overall, results reveal that firm performance and value are enhanced by high quality controls that integrate risk management efforts across the firm, enabling better oversight of managers’ risk-taking behavior, and aligning that behavior with the strategic direction of the company.

The Information Conveyed in Hiring Announcements of Senior Executives Overseeing Enterprise-Wide Risk Management Processes

Article

Sep 2007

Enterprise risk management (ERM) is the process of analyzing the portfolio of risks facing the enterprise to ensure that the combined effect of such risks is within an acceptable tolerance. While more firms are adopting ERM, little academic research exists about the costs and benefits of ERM. Proponents of ERM claim that ERM is designed to enhance shareholder value; however, portfolio theory suggests that costly ERM implementation would be unwelcome by shareholders who can use less costly diversification to eliminate idiosyncratic risk. This study examines equity market reactions to announcements of appointments of senior executive officers overseeing the enterprise's risk management processes. Based on a sample of 120 announcements from 1992-2003, we find that the univariate average two-day market response is not significant, suggesting that a broad definitive statement about the benefit or cost of implementing ERM is not possible. However, our multivariate analysis reveals that there are significant relations between the magnitude of equity market returns and certain firm specific characteristics. For non-financial firms, announcement period returns are positively associated with firm size and the volatility of prior periods' reported earnings and negatively associated with leverage and the extent of cash on hand relative to liabilities. For financial firms, however, there are fewer statistical associations between announcement returns and firm characteristics. These results suggest that the costs and benefits of ERM are firm-specific.

The Effect of Corporate Governance on the Use of Enterprise Risk Management: Evidence From Canada

Article

Feb 2003
Risk Manag Insur Rev

This article examines the use of enterprise risk management (ERM) by companies in Canada, the characteristics that are associated with the use of ERM, what obstacles companies face in implementing ERM, and what role, if any, corporate governance guidelines have played in the decision to adopt ERM. We obtained our data from the responses to a mail survey sent to Canadian Risk and Insurance Management Society members as well as telephone interviews with 19 of the respondents. The results indicate that 31 percent of the sample had adopted ERM and that reasons for adopting ERM include the influence of the risk manager (61 percent), encouragement from the board of directors (51 percent), and compliance with Toronto Stock Exchange (TSE) guidelines (37 percent). The major deterrents to ERM were an organizational structure that discourages ERM and an overall resistance to change. Although only about one-third of companies indicated that they had adopted an ERM approach, evidence was clear that a larger portion of the sample was moving in that direction, as indicated by what changes they had observed in their companies in the past three years. These include the development of company-wide guidelines for risk management (45 percent), an increased awareness of nonoperational risks by operational risk management personnel and an increased awareness of operational risks by nonoperational risk management personnel (49 percent), more coordination with different areas responsible for risk management (64 percent), and more involvement and interaction in the decision making of other departments. Contrary to what we expected, there was not a significant difference between firms that are listed on the TSE versus those that are not in terms of the propensity to use ERM. However, the fact that 37 percent of firms indicated that the TSE guidelines were influential in their decision to adopt ERM provides some evidence that the guidelines are influencing companies’ risk management strategies.

The Value of Enterprise Risk Management

Article

Dec 2011
J RISK INSUR

Enterprise risk management (ERM) has been the topic of increased media attention in recent years. The objective of this study is to measure the extent to which specific firms have implemented ERM programs and, then, to assess the value implications of these programs. We focus our attention in this study on U.S. insurers in order to control for differences that might arise from regulatory and market differences across industries. We simultaneously model the determinants of ERM and the effect of ERM on firm value. We estimate the effect of ERM on Tobin's Q, a standard proxy for firm value. We find a positive relation between firm value and the use of ERM. The ERM premium of roughly 20 percent is statistically and economically significant.

The Characteristics of Firms That Hire Chief Risk Officers

Article

Mar 2011
J RISK INSUR

We examine the characteristics of firms that adopt enterprise risk management (ERM) and find support for the hypothesis that firms adopt ERM for direct economic benefit rather than to merely comply with regulatory pressure. Using chief risk officer (CRO) hires as a proxy for ERM adoption we find that firms that are larger, more volatile, and have greater institutional ownership are more likely to adopt ERM. In addition, when the CEO has incentives to take risk, the firm is also more likely to hire a CRO. Finally, banks with lower levels of Tier 1 capital are also more likely to hire a CRO.

Conjectures Regarding Empirical Managerial Accounting Research

Article

Feb 2001

Jerold L. Zimmerman

The empirical managerial accounting literature has failed to produce a substantive cumulative body of knowledge. This literature has not matured beyond describing practice to developing and testing theories explaining observed practice, like other areas of accounting research. While the lack of publicly available data is a popular reason for this literature's underdeveloped state, it is not the only one. Other conjectures include: its inductive approach, researchers’ incentives, its use of non-economics-based frameworks, the lack of empirically testable theories, and its emphasis on decision making, not control.

Enterprise Risk Management and Firm Performance: A Contingency Perspective

Article

Jul 2009
J Account Publ Pol

In recent years, a paradigm shift has occurred regarding the way organizations view risk management. Instead of looking at risk management from a silo-based perspective, the trend is to take a holistic view of risk management. This holistic approach toward managing an organization's risk is commonly referred to as enterprise risk management (ERM). Indeed, there is growing support for the general argument that organizations will improve their performance by employing the ERM concept. The basic argument presented in this paper is that the relation between ERM and firm performance is contingent upon the appropriate match between ERM and the following five factors affecting a firm: environmental uncertainty, industry competition, firm size, firm complexity, and board of directors' monitoring. Based on a sample of 112 US firms that disclose the implementation of their ERM activities within their 10Ks and 10Qs filed with the US Securities and Exchange Commission, empirical evidence confirms the above basic argument. The implication of these findings is that firms should consider the implementation of an ERM system in conjunction with contextual variables surrounding the firm.

The Determinants of Enterprise Risk Management: Evidence From the Appointment of Chief Risk Officers

Article

Feb 2003

Enterprise risk management (ERM) has captured the attention of risk management professionals and academics worldwide. Unlike the traditional “silo-based” approach to corporate risk management, ERM enables firms to benefit from an integrated approach to managing risk that shifts the focus of the risk management function from primarily defensive to increasingly offensive and strategic. Despite the heightened interest in ERM, little empirical research has been conducted on the topic. This study provides an initial attempt at identifying the determinants of ERM adoption. We construct a sample of firms that have signaled their use of ERM by appointing a Chief Risk Officer (CRO) who is charged with the responsibility of implementing and managing the ERM program. We use a logistic regression framework to compare these firms to a size- and industry-matched control sample. While our results suggest a general absence of differences in the financial and ownership characteristics of sample and control firms, we find that firms with greater financial leverage are more likely to appoint a CRO. This finding is consistent with the hypothesis that firms appoint CROs to reduce information asymmetry regarding the firm's current and expected risk profile.

The External Control Of Organizations: A Resource Dependency Perspective

Article

Dec 1979

Among the most widely cited books in the social sciences, The External Control of Organizations has long been required reading for any student of organization studies. The book, reissued on its 25th anniversary as part of the Stanford Business Classics series, includes a new preface written by Jeffrey Pfeffer, which examines the legacy of this influential work in current research and its relationship to other theories. The External Control of Organizations explores how external constraints affect organizations and provides insights for designing and managing organizations to mitigate these constraints. All organizations are dependent on the environment for their survival. As the authors contend, âit is the fact of the organizationâs dependence on the environment that makes the external constraint and control of organizational behavior both possible and almost inevitable.â Organizations can either try to change their environments through political means or form interorganizational relationships to control or absorb uncertainty. This seminal book established the resource dependence approach that has informed so many other important organization theories.

Enterprise Risk Management: An Empirical Analysis of Factors Associated With the Extent of Implementation

Article

Nov 2005
J Account Publ Pol

This inductive study offers an examination of 23 cases in which informants from firms engaged in large-scale global projects reported unforeseen costs after failing to comprehend cognitive-cultural, normative, and/or regulative institutions in an unfamiliar host societal context. The study builds on the conceptual framework of institutional theory. The findings, which include propositions and a generic narrative model, contribute to theoretical knowledge of how institutional exceptions arise, how they are resolved, and how they typically involve three general phases: ignorance, sensemaking, and response. The findings also articulate the kinds of institutional transaction costs that an entrant incurs in each of the three phases, and the conditions that lead to the growth of these costs. Journal of International Business Studies (2008) 39, 562–588. doi:10.1057/palgrave.jibs.8400370

Enterprise Risk Management: Theory and Practice

Article

Sep 2006

The Chief Risk Officer of Nationwide Insurance teams up with a distinguished academic to discuss the benefits and challenges associated with the design and implementation of an enterprise risk management program. The authors begin by arguing that a carefully designed ERM program—one in which all material corporate risks are viewed and managed within a single framework—can be a source of long-run competitive advantage and value through its effects at both a “macro” or company-wide level and a “micro” or business-unit level. At the macro level, ERM enables senior management to identify, measure, and limit to acceptable levels the net exposures faced by the firm. By managing such exposures mainly with the idea of cushioning downside outcomes and protecting the firm's credit rating, ERM helps maintain the firm's access to capital and other resources necessary to implement its strategy and business plan. At the micro level, ERM adds value by ensuring that all material risks are “owned,” and risk-return tradeoffs carefully evaluated, by operating managers and employees throughout the firm. To this end, business unit managers at Nationwide are required to provide information about major risks associated with all new capital projects—information that can then used by senior management to evaluate the marginal impact of the projects on the firm's total risk. And to encourage operating managers to focus on the risk-return tradeoffs in their own businesses, Nationwide's periodic performance evaluations of its business units attempt to refl ect their contributions to total risk by assigning risk-adjusted levels of “imputed” capital on which project managers are expected to earn adequate returns. The second, and by far the larger, part of the article provides an extensive guide to the process and major challenges that arise when implementing ERM, along with an account of Nationwide's approach to dealing with them. Among other issues, the authors discuss how a company should assess its risk “appetite,” measure how much risk it is bearing, and decide which risks to retain and which to transfer to others. Consistent with the principle of comparative advantage it uses to guide such decisions, Nationwide attempts to limit “non-core” exposures, such as interest rate and equity risk, thereby enlarging the firm's capacity to bear the “information-intensive, insurance- specific” risks at the core of its business and competencies.

Separation of Ownership and Control

Article

Jun 1998

This paper analyzes the survival of organizations in which decision agents do not bear a major share of the wealth effects of their decisions. This is what the literature on large corporations calls separation of "ownership" and "control." Such separation of decision and risk bearing functions is also common to organizations like large professional partnerships, financial mutuals and nonprofits. We contend that separation of decision and risk bearing functions survives in these organizations in part because of the benefits of specialization of management and risk bearing but also because of an effective common approach to controlling the implied agency problems. In particular, the contract structures of all these organizations separate the ratification and monitoring of decisions from the initiation and implementation of the decisions. Journal of Law and Economics, Vol. XXVI, June 1983. Separation of Ownership and Control * Eugene F. Fama and Michael C. Jensen Journal of...

Risk Intelligent Proxy Disclosures - 2011: have Risk Oversight Practices Improved? Deloitte

Deloitte

Deloitte, 2011. Risk Intelligent Proxy Disclosures -2011: have Risk Oversight Practices Improved? Deloitte. New York. <http:// www.deloitte.com/view/en_US/us/Services/additional-services/governance-risk-compliance/ 40a7fb1b4c612310VgnVCM3000001c56f00aRCRD.htm>.

Enterprise Risk Management: Standard & Poor's to Apply Enterprise Risk Analysis to Corporate Ratings

Jan 2008

Standard

Standard and Poor's, 2008. Enterprise Risk Management: Standard & Poor's to Apply Enterprise Risk Analysis to Corporate Ratings. S&P, New York.

Enterprise risk management program quality: determinants, value relevance, and the financial crisis

Jan 2013
1264

Baxter

An analysis of the maturity and strategic impact of investments in ERM

Abstract

No full-text available

Recommended publications

The Effect of the Enterprise Risk Management Quality on Firm Risks: A case of the South African Mini...

Linking Risk Management to Strategic Controls: A Case Study of Tesco Plc

The Changing Face of Corporate Defence in the 21st Century

Organization Performance and Enterprise Risk Management