Corporate governance and the information system: how a framework for IT governance supports ERM

Purpose – The purpose of this paper is to illustrate how information technology (IT) governance supports the process of enterprise risk management (ERM). In particular, the paper illustrates how the Control Objectives for Information and related Technology (COBIT) framework helps a company reach its objectives by integrating and supporting the Enterprise Risk Management by the Committee of Sponsoring Organizations (COSO ERM) framework. Design/methodology/approach – This paper explains how the integration between the two frameworks (COSO ERM and COBIT 5) can represent, for any organization, a good way to achieve the objectives of internal control and risk management and, more generally, corporate governance. Findings – The paper identifies some gaps in the COSO ERM and illustrates how the COBIT framework facilitates the implementation of an adequate system of internal control. Originality/value – The originality of the work presented here is in analyzing the COBIT 5 together with the COSO ERM framework. This paper highlights that is not enough to apply only an internal control framework for achieving the risk management and internal control system objectives. An IT governance framework, such as COBIT 5 is proposed as a tool that support risk management in order to develop an adequate system of internal control.

Download Full-text

Does the hiring of chief risk officers align with the COSO/ISO enterprise risk management frameworks?

International Journal of Accounting and Information Management ◽

10.1108/ijaim-04-2016-0037 ◽

2017 ◽

Vol 25 (3) ◽

pp. 274-295 ◽

Cited By ~ 2

Author(s):

Erastus Karanja

Keyword(s):

Risk Management ◽

Enterprise Risk Management ◽

Clear Understanding ◽

Press Releases ◽

Apparent Lack ◽

Content Type ◽

Business Operations ◽

Enterprise Risk ◽

The Press ◽

Iso 31000

Purpose There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation. Design/methodology/approach The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic. Findings The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives. Originality/value There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.

Download Full-text

Empirical Analysis of Joint Impact of Enterprise Risk Management (ERM) and Corporate Governance (CG) on Firm Value

SSRN Electronic Journal ◽

10.2139/ssrn.3849160 ◽

2016 ◽

Author(s):

Ananth Rao

Keyword(s):

Risk Management ◽

Corporate Governance ◽

Empirical Analysis ◽

Firm Value ◽

Enterprise Risk Management ◽

Enterprise Risk

Download Full-text

Enterprise risk management and sustainability of banks performance

Journal of Accounting in Emerging Economies ◽

10.1108/jaee-10-2020-0278 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Babajide Oyewo

Keyword(s):

Risk Management ◽

Banking Sector ◽

Management Practice ◽

Enterprise Risk Management ◽

Annual Reports ◽

Banking Reform ◽

Content Type ◽

Enterprise Risk ◽

The Impact

PurposeThis study investigates firm attributes (namely level of capitalisation, scope of operation, organisational structure, organisational lifecycle, systemic importance and size) affecting the robustness of enterprise risk management (ERM) practice, the extent to which ERM affects the performance of banks and the impact of ERM on the long-term sustainability of banks in Nigeria. This was against the backdrop that the 2012 banking reform was a major regulatory intervention that mainstreamed ERM in the Nigerian banking sector.Design/methodology/approachThe study employed a mixed methodology of content, trend and quantitative analyses. Ex post facto research design was deployed to analyse performance differential of banks, with respect to the implementation of ERM, over a 10-year period (2008–2017). A disclosure checklist developed from the COSO ERM integrated framework was used to assess the robustness of ERM by content-analysing divulgence on risk management in published annual reports. The banking reform periods were dichotomised into pre- (2008–2012) and post- (2013–2017) reform periods. Jonckheere–Terpstra test, independent sample t-test and Mann–Whitney test were applied to analyse a total of 1,036 firm-year observations over the period 2008–2017.FindingsResult shows that bank attributes significantly affecting the robustness of risk management practice are level of capitalisation, scope of operation, systemic importance and size. Performance of banks improved slightly during the post-2012 banking reform period. This suggests that as banks consolidate on the gains of ERM, benefits of the regulatory policy on risk management may be realised in the long run. Result also shows that ERM enhances long-term performance, connoting that effective risk management could serve as a competitive strategy for surviving turbulence that typically characterises the banking sector.Practical implicationsThe emergence of level of capitalisation, scope of operation, systemic importance and size as determinants of ERM provides empirical evidence to support the practice of reviewing the capital requirements for banking business from time to time by regulatory authorities (i.e. recapitalisation policy) as a strategy for managing systemic risk. Top management of banks may consider instituting mechanisms that will ensure risk management is given prominence. A proactive approach must be taken to convert risks to opportunities by banks and other financial institutions, going forward, to cope with the vicissitudes of financial intermediation.Originality/valueThe originality of the study stems from the consideration that it provides some new insights into the impact of ERM on banks long-term sustainability in a developing country. The study also contributes to knowledge by exposing the factors determining the robustness of risk management practice. The study developed a checklist for assessing ERM practice from annual reports and other risk management disclosure documents. The paper also adds to the scarce literature on risk governance and risk management.

Download Full-text

Enterprise risk management and Solvency II: the system of governance and the Own Risk and Solvency Assessment

The Journal of Risk Finance ◽

10.1108/jrf-09-2019-0183 ◽

2020 ◽

Vol 21 (4) ◽

pp. 317-332 ◽

Cited By ~ 1

Author(s):

Pablo Durán Santomil ◽

Luis Otero González

Keyword(s):

Risk Management ◽

Insurance Industry ◽

Solvency Ii ◽

Enterprise Risk Management ◽

Insurance Companies ◽

Legal Form ◽

Content Type ◽

Enterprise Risk ◽

Solvency Assessment

Purpose The purpose of this paper is to analyze how enterprise risk management (ERM), the system of governance and the Own Risk and Solvency Assessment (ORSA) have been boosted with the entry of Solvency II. Design/methodology/approach For this analysis, the authors have undertaken a survey of chief risk officers (CROs) working in Spanish insurance companies. Findings The results show that Solvency II has definitely promoted ERM in the European insurance industry and improved the system of governance of the insurance companies, and that the perceived value of the ORSA for the companies is higher than the cost. It is clear that the quality of ERM implemented by companies is higher in those that face more complex risks and with greater interdependencies – that is, larger companies, foreign insurers and insurers with several lines of business – but is unaffected by the legal form of the entity (mutual/corporation). Originality/value This study conducts primary research with surveys of CROs and develops a measure of the quality of ERM implemented by insurance companies.

Download Full-text

Message from the chair on introducing enterprise risk management (ERM) to a company

International Journal of Disclosure and Governance ◽

10.1057/jdg.2013.12 ◽

2013 ◽

Vol 10 (2) ◽

pp. 98-104 ◽

Cited By ~ 2

Author(s):

John R S Fraser

Keyword(s):

Risk Management ◽

Enterprise Risk Management ◽

Enterprise Risk ◽

A Company

Download Full-text

IMPACT OF GOOD CORPORATE GOVERNANCE TOWARDS CORPORATE VALUE WITH ENTERPRISE RISK MANAGEMENT AS MODERATING VARIABLE (EMPIRICAL STUDY OF FINANCIAL COMPANIES LISTED IN IDX FOR THE PERIOD 2017-2019)

Jurnal Manajemen ◽

10.31937/manajemen.v13i1.1957 ◽

2021 ◽

Vol 13 (1) ◽

pp. 74-98

Author(s):

Lydia Sibarani ◽

Herlina Lusmeida

Keyword(s):

Risk Management ◽

Corporate Governance ◽

Audit Committee ◽

Enterprise Risk Management ◽

Managerial Ownership ◽

Corporate Value ◽

Good Corporate Governance ◽

Enterprise Risk ◽

Multiple Regression Method ◽

The Impact

Abstract- This research aims to observe and analyze the impact of Good Corporate Governance towards Corporate Value as well as analyzing whether Enterprise Risk Management is able to moderate its impact. Good Corporate Governance is proxied by the presence of Independent Commissioners, Audit Committee, as well as Managerial Ownership. The population of this research includes all financial companies that publish their annual report in Bursa Efek Indonesia (BEI) over the period of 2017-2019. Data were analyzed using the multiple regression method and the moderated regression analysis. The result of this research found that Independent Commissioners and Audit Committee gives positive and significant impact towards Corporate Value while Managerial Ownership gives negative and insignificant impact towards Corporate Value. Enterprise Risk Management is not able to moderate the impact of Independent Commissioner and Managerial Ownership towards Corporate Value but is able to moderate the impact of the Audit Committee towards Corporate Value. Keywords: Audit Committee; Corporate Value; Corporate Governance; Independent Commissioner; Managerial Ownership

Download Full-text

Enterprise risk management and bow ties: going beyond patient safety

Business Process Management Journal ◽

10.1108/bpmj-03-2019-0102 ◽

2019 ◽

Vol 26 (3) ◽

pp. 770-785

Author(s):

Hossam Elamir

Keyword(s):

Risk Assessment ◽

Risk Management ◽

Patient Safety ◽

Assessment Tool ◽

Enterprise Risk Management ◽

Risk Assessment Tool ◽

Management Tool ◽

Content Type ◽

Enterprise Risk ◽

Bow Tie

Purpose The growing importance of risk management programmes and practices in different industries has given rise to a new risk management approach, i.e. enterprise risk management. The purpose of this paper is to better understand the necessity, benefit, approaches and methodologies of managing risks in healthcare. It compares and contrasts between the traditional and enterprise risk management approaches within the healthcare context. In addition, it introduces bow tie methodology, a prospective risk assessment tool proposed by the American Society for Healthcare Risk Management as a visual risk management tool used in enterprise risk management. Design/methodology/approach This is a critical review of published literature on the topics of governance, patient safety, risk management, enterprise risk management and bow tie, which aims to draw a link between them and find the benefits behind their adoption. Findings Enterprise risk management is a generic holistic approach that extends the benefits of risk management programme beyond the traditional insurable hazards and/or losses. In addition, the bow tie methodology is a barrier-based risk analysis and management tool used in enterprise risk management for critical events related to the relevant day-to-day operations. It is a visual risk assessment tool which is used in many higher reliability industries. Nevertheless, enterprise risk management and bow ties are reported with limited use in healthcare. Originality/value The paper suggests the applicability and usefulness of enterprise risk management to healthcare, and proposes the bow tie methodology as a proactive barrier-based risk management tool valid for enterprise risk management implementation in healthcare.

Download Full-text

On the Determinants of Enterprise Risk Management Implementation

Enterprise IT Governance, Business Value and Performance Measurement ◽

10.4018/978-1-60566-346-3.ch006 ◽

2011 ◽

pp. 87-100 ◽

Cited By ~ 6

Author(s):

Kurt Desender

Keyword(s):

Risk Management ◽

Corporate Governance ◽

Enterprise Risk Management ◽

Important Influence ◽

Board Composition ◽

Board Independence ◽

Enterprise Risk ◽

Fraudulent Reporting

Corporate governance failures and new legislation have emphasized the importance of enterprise risk management (ERM) in preventing fraudulent reporting. Despite the increased attention to ERM, little research has been done to explain why some organizations embrace ERM while others do not. The objective of this paper is to explore how the board composition is related to the degree of enterprise risk management implementation. Our main results reveal that the position of the CEO in the board has an important influence on the level of ERM. Furthermore, we find that board independence by itself is not sufficient to induce higher levels of ERM. Board independence is only significantly related to ERM when there is a separation of CEO and chairman. Firms with an independent board and a separation of CEO and chairman show the highest level of ERM. One possible explanation for our results is that CEOs do not favour ERM implementation and are able to withstand pressure from the board when they are occupying the seat of chairman.

Download Full-text

Enterprise Risk Management

Impact of E-Business Technologies on Public and Private Organizations ◽

10.4018/978-1-60960-501-8.ch008 ◽

2011 ◽

pp. 125-142 ◽

Cited By ~ 1

Author(s):

Gary A. Stair

Keyword(s):

Risk Management ◽

Financial Reporting ◽

Internal Control ◽

Risk Mitigation ◽

Enterprise Risk Management ◽

Executive Management ◽

Organizational Governance ◽

Enterprise Risk ◽

The Difference ◽

Virtual Sales

How a company successfully implements an Enterprise Risk Management (ERM) program, to identify and manage potential risks, can mean the difference between financial freedom and financial despair. The Committee of Sponsoring Organizations (COSO) guidelines, a voluntary private-sector organization in the United States, has developed internal control guidelines to provide guidance to executive management and governance entities on critical aspects of organizational governance, business ethics, internal control, fraud, and financial reporting. This chapter will discuss an approach to build an ERM implementation plan within a pharmaceutical company by outlining the responsibilities and influences of industry participants, sales forces, middle-management and senior leadership and the ways in which they focus on monitoring and developing the risk mitigation process. The influences of technologies are integrated and new directions, such as e-media and e-detailing (Virtual Sales Representatives) are also explored.

Download Full-text

Management accounting systems, enterprise risk management and organizational performance in financial institutions

Asian Review of Accounting ◽

10.1108/ara-03-2013-0022 ◽

2014 ◽

Vol 22 (2) ◽

pp. 128-144 ◽

Cited By ~ 11

Author(s):

Siti Zaleha Abdul Rasid ◽

Che Ruhana Isa ◽

Wan Khairuzzaman Wan Ismail

Keyword(s):

Risk Management ◽

Organizational Performance ◽

Financial Institutions ◽

Management Accounting ◽

Enterprise Risk Management ◽

Accounting Systems ◽

Content Type ◽

Management Accounting Systems ◽

Enterprise Risk ◽

And Control

Purpose – The purpose of this paper is to examine the linkages between management accounting systems (MAS), enterprise risk management (ERM) and organizational performance by examining MAS information characteristics that match ERM implementation and joint effects of MAS and ERM on organizational performance. Design/methodology/approach – The research method involved administering a questionnaire to 106 financial institutions (FIs) in Malaysia. The respondents were chief financial officers or staff members holding the most senior positions in the finance department of the institutions. Findings – The significant findings on the association between ERM and MAS show that implementation of ERM requires the use of sophisticated MAS information. ERM and MAS complement each other as both are integral to decision making, planning and control in an organization. The finding also substantiates the important role of ERM in enhancing non-financial performance. Research limitations/implications – This study covered only MAS as part of sub-control systems in an organization. Future studies could investigate the link between a more comprehensive management accounting and control system and ERM. Furthermore, this study used perceptual measures of MAS, ERM and organizational performance. Practical implications – The regulating body should promote best management practices of sophisticated MAS and ERM among FIs as these practices will create competitive advantage as well as help those institutions comply with regulations. Originality/value – This study has contributed to the body of knowledge on the linkages between MAS, risk management system and organizational performance.

Download Full-text