Does the hiring of chief risk officers align with the COSO/ISO enterprise risk management frameworks?

Purpose There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation. Design/methodology/approach The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic. Findings The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives. Originality/value There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.

Download Full-text

A conceptual model for enterprise risk management

Journal of Enterprise Information Management ◽

10.1108/jeim-05-2018-0097 ◽

2019 ◽

Vol 32 (5) ◽

pp. 843-868 ◽

Cited By ~ 4

Author(s):

Rafael Almeida ◽

José Miguel Teixeira ◽

Miguel Mira da Silva ◽

Paulo Faroleiro

Keyword(s):

Risk Management ◽

Research Methodology ◽

Enterprise Architecture ◽

Design Science ◽

Enterprise Risk Management ◽

Business Systems ◽

Content Type ◽

Enterprise Risk ◽

Model Complex ◽

Iso 31000

Purpose The purpose of this paper is to ease the ISO 31000 standard understanding and provide mechanisms that allow organizations to adopt and adapt this standard to their reality. Design/methodology/approach The research methodology adopted in this research was the design science research methodology. Findings Key finding is that enterprise architecture (EA) models and EA tools can help reduce the complexity of the ISO 31000 standard and improve the communication between stakeholders. Practical implications The research proposal serves the purpose of supporting the evidence collection for an enterprise risk management (ERM) initiative in an as-was, as-is, or to-be perspective. Originality/value Traditional ERM efforts operate on silos, limiting the sharing of risk information and the achievement of an organization-wide view of risks. EA can provide a common way to model complex business systems, from the strategic level to implementation details. This paper proposes the use of an EA model and an EA tool (Atlas) to represent ISO 31000, allowing a better understanding on the value of assets that can be affected from the manifestation of some risks over time.

Download Full-text

Enterprise risk management implementation in construction firms

Management Decision ◽

10.1108/md-02-2014-0082 ◽

2014 ◽

Vol 52 (5) ◽

pp. 814-833 ◽

Cited By ~ 25

Author(s):

Xianbo Zhao ◽

Bon-Gang Hwang ◽

Sui Pheng Low

Keyword(s):

Risk Management ◽

Organizational Change ◽

High Response Rate ◽

Enterprise Risk Management ◽

Clear Understanding ◽

Content Type ◽

Construction Firms ◽

Enterprise Risk ◽

Managerial Implications ◽

Practical Implications

Purpose – The purposes of this paper are to: first, identify the critical drivers for and hindrances to enterprise risk management (ERM) implementation in Singapore-based Chinese construction firms (CCFs); second, interpret the critical drivers and hindrances in tandem with organizational change theories; and third, provide possible strategies to strengthen the drivers and overcome the hindrances. Design/methodology/approach – A questionnaire survey was conducted and responses were received from 35 experienced managers in CCFs operating in Singapore. Findings – A total of 13 drivers and 25 hindrances with significant influence were identified. Of them, “improved decision-making” was the top driver, while “insufficient resources (e.g. time, money, people, etc.)” was the most influential hindrance. Research limitations/implications – As the survey was performed with the Singapore-based CCFs, there may be geographical limitation on the identification of the critical drivers for and hindrances to ERM implementation. The sample size was still small, despite a relatively high response rate. Practical implications – Specific strategies were identified to strengthen the drivers for ERM implementation and overcome the hindrances to ERM implementation. Originality/value – This study present the theoretical rational behind the critical drivers for and hindrances to ERM implementation. As few studies have attempted to investigate ERM in construction firms, this study contributes to the literature through interpreting ERM implementation from an organizational change perspective. The identification of the drivers and hindrances and the managerial implications provide practitioners and academics with valuable information as well as a clear understanding of how to consolidate ERM programs and overcome the hindrances.

Download Full-text

Enterprise risk management and sustainability of banks performance

Journal of Accounting in Emerging Economies ◽

10.1108/jaee-10-2020-0278 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Babajide Oyewo

Keyword(s):

Risk Management ◽

Banking Sector ◽

Management Practice ◽

Enterprise Risk Management ◽

Annual Reports ◽

Banking Reform ◽

Content Type ◽

Enterprise Risk ◽

The Impact

PurposeThis study investigates firm attributes (namely level of capitalisation, scope of operation, organisational structure, organisational lifecycle, systemic importance and size) affecting the robustness of enterprise risk management (ERM) practice, the extent to which ERM affects the performance of banks and the impact of ERM on the long-term sustainability of banks in Nigeria. This was against the backdrop that the 2012 banking reform was a major regulatory intervention that mainstreamed ERM in the Nigerian banking sector.Design/methodology/approachThe study employed a mixed methodology of content, trend and quantitative analyses. Ex post facto research design was deployed to analyse performance differential of banks, with respect to the implementation of ERM, over a 10-year period (2008–2017). A disclosure checklist developed from the COSO ERM integrated framework was used to assess the robustness of ERM by content-analysing divulgence on risk management in published annual reports. The banking reform periods were dichotomised into pre- (2008–2012) and post- (2013–2017) reform periods. Jonckheere–Terpstra test, independent sample t-test and Mann–Whitney test were applied to analyse a total of 1,036 firm-year observations over the period 2008–2017.FindingsResult shows that bank attributes significantly affecting the robustness of risk management practice are level of capitalisation, scope of operation, systemic importance and size. Performance of banks improved slightly during the post-2012 banking reform period. This suggests that as banks consolidate on the gains of ERM, benefits of the regulatory policy on risk management may be realised in the long run. Result also shows that ERM enhances long-term performance, connoting that effective risk management could serve as a competitive strategy for surviving turbulence that typically characterises the banking sector.Practical implicationsThe emergence of level of capitalisation, scope of operation, systemic importance and size as determinants of ERM provides empirical evidence to support the practice of reviewing the capital requirements for banking business from time to time by regulatory authorities (i.e. recapitalisation policy) as a strategy for managing systemic risk. Top management of banks may consider instituting mechanisms that will ensure risk management is given prominence. A proactive approach must be taken to convert risks to opportunities by banks and other financial institutions, going forward, to cope with the vicissitudes of financial intermediation.Originality/valueThe originality of the study stems from the consideration that it provides some new insights into the impact of ERM on banks long-term sustainability in a developing country. The study also contributes to knowledge by exposing the factors determining the robustness of risk management practice. The study developed a checklist for assessing ERM practice from annual reports and other risk management disclosure documents. The paper also adds to the scarce literature on risk governance and risk management.

Download Full-text

Enterprise risk management and Solvency II: the system of governance and the Own Risk and Solvency Assessment

The Journal of Risk Finance ◽

10.1108/jrf-09-2019-0183 ◽

2020 ◽

Vol 21 (4) ◽

pp. 317-332 ◽

Cited By ~ 1

Author(s):

Pablo Durán Santomil ◽

Luis Otero González

Keyword(s):

Risk Management ◽

Insurance Industry ◽

Solvency Ii ◽

Enterprise Risk Management ◽

Insurance Companies ◽

Legal Form ◽

Content Type ◽

Enterprise Risk ◽

Solvency Assessment

Purpose The purpose of this paper is to analyze how enterprise risk management (ERM), the system of governance and the Own Risk and Solvency Assessment (ORSA) have been boosted with the entry of Solvency II. Design/methodology/approach For this analysis, the authors have undertaken a survey of chief risk officers (CROs) working in Spanish insurance companies. Findings The results show that Solvency II has definitely promoted ERM in the European insurance industry and improved the system of governance of the insurance companies, and that the perceived value of the ORSA for the companies is higher than the cost. It is clear that the quality of ERM implemented by companies is higher in those that face more complex risks and with greater interdependencies – that is, larger companies, foreign insurers and insurers with several lines of business – but is unaffected by the legal form of the entity (mutual/corporation). Originality/value This study conducts primary research with surveys of CROs and develops a measure of the quality of ERM implemented by insurance companies.

Download Full-text

Enterprise risk management and bow ties: going beyond patient safety

Business Process Management Journal ◽

10.1108/bpmj-03-2019-0102 ◽

2019 ◽

Vol 26 (3) ◽

pp. 770-785

Author(s):

Hossam Elamir

Keyword(s):

Risk Assessment ◽

Risk Management ◽

Patient Safety ◽

Assessment Tool ◽

Enterprise Risk Management ◽

Risk Assessment Tool ◽

Management Tool ◽

Content Type ◽

Enterprise Risk ◽

Bow Tie

Purpose The growing importance of risk management programmes and practices in different industries has given rise to a new risk management approach, i.e. enterprise risk management. The purpose of this paper is to better understand the necessity, benefit, approaches and methodologies of managing risks in healthcare. It compares and contrasts between the traditional and enterprise risk management approaches within the healthcare context. In addition, it introduces bow tie methodology, a prospective risk assessment tool proposed by the American Society for Healthcare Risk Management as a visual risk management tool used in enterprise risk management. Design/methodology/approach This is a critical review of published literature on the topics of governance, patient safety, risk management, enterprise risk management and bow tie, which aims to draw a link between them and find the benefits behind their adoption. Findings Enterprise risk management is a generic holistic approach that extends the benefits of risk management programme beyond the traditional insurable hazards and/or losses. In addition, the bow tie methodology is a barrier-based risk analysis and management tool used in enterprise risk management for critical events related to the relevant day-to-day operations. It is a visual risk assessment tool which is used in many higher reliability industries. Nevertheless, enterprise risk management and bow ties are reported with limited use in healthcare. Originality/value The paper suggests the applicability and usefulness of enterprise risk management to healthcare, and proposes the bow tie methodology as a proactive barrier-based risk management tool valid for enterprise risk management implementation in healthcare.

Download Full-text

Management accounting systems, enterprise risk management and organizational performance in financial institutions

Asian Review of Accounting ◽

10.1108/ara-03-2013-0022 ◽

2014 ◽

Vol 22 (2) ◽

pp. 128-144 ◽

Cited By ~ 11

Author(s):

Siti Zaleha Abdul Rasid ◽

Che Ruhana Isa ◽

Wan Khairuzzaman Wan Ismail

Keyword(s):

Risk Management ◽

Organizational Performance ◽

Financial Institutions ◽

Management Accounting ◽

Enterprise Risk Management ◽

Accounting Systems ◽

Content Type ◽

Management Accounting Systems ◽

Enterprise Risk ◽

And Control

Purpose – The purpose of this paper is to examine the linkages between management accounting systems (MAS), enterprise risk management (ERM) and organizational performance by examining MAS information characteristics that match ERM implementation and joint effects of MAS and ERM on organizational performance. Design/methodology/approach – The research method involved administering a questionnaire to 106 financial institutions (FIs) in Malaysia. The respondents were chief financial officers or staff members holding the most senior positions in the finance department of the institutions. Findings – The significant findings on the association between ERM and MAS show that implementation of ERM requires the use of sophisticated MAS information. ERM and MAS complement each other as both are integral to decision making, planning and control in an organization. The finding also substantiates the important role of ERM in enhancing non-financial performance. Research limitations/implications – This study covered only MAS as part of sub-control systems in an organization. Future studies could investigate the link between a more comprehensive management accounting and control system and ERM. Furthermore, this study used perceptual measures of MAS, ERM and organizational performance. Practical implications – The regulating body should promote best management practices of sophisticated MAS and ERM among FIs as these practices will create competitive advantage as well as help those institutions comply with regulations. Originality/value – This study has contributed to the body of knowledge on the linkages between MAS, risk management system and organizational performance.

Download Full-text

The effect of enterprise risk management (ERM) on firm value in manufacturing companies listed on Indonesian Stock Exchange year 2010-2013

Asian Journal of Accounting Research ◽

10.1108/ajar-06-2018-0006 ◽

2018 ◽

Vol 3 (2) ◽

pp. 224-235 ◽

Cited By ~ 1

Author(s):

Iswajuni Iswajuni ◽

Arina Manasikana ◽

Soegeng Soetedjo

Keyword(s):

Risk Management ◽

Firm Value ◽

Stock Exchange ◽

Enterprise Risk Management ◽

Managerial Ownership ◽

Manufacturing Companies ◽

Content Type ◽

Significant Negative Effect ◽

Enterprise Risk ◽

Negative Effect

Purpose The purpose of this paper is to identify the effect of enterprise risk management (ERM) with firm size, ROA and managerial ownership as control variables on firm value that is proxied by Tobin’s Q. Design/methodology/approach Population of this research was manufacturing companies listed on the Indonesian Stock Exchange (IDX) in 2010–2013. The used method in this research is multiple linear regression-ordinary least square and hypotheses testing using t-test to test the regression coefficients with level of significance of 5 percent. Findings The results showed that ERM, ROA and size of the company have a significant positive effect on the firm value. While the managerial ownership has a significant negative effect on the firm value. Originality/value The results showed that firm value increases as ERM, ROA and size of the company improves. While the managerial ownership has a significant negative effect on the firm value.

Download Full-text

Enterprise risk management: history and a design science proposal

The Journal of Risk Finance ◽

10.1108/jrf-03-2017-0048 ◽

2018 ◽

Vol 19 (2) ◽

pp. 137-153 ◽

Cited By ~ 11

Author(s):

Michael McShane

Keyword(s):

Risk Management ◽

Management Practices ◽

Design Science ◽

Enterprise Risk Management ◽

Content Type ◽

Research And Practice ◽

Enterprise Risk ◽

Risk Management Process ◽

Management Concepts ◽

Science Approach

Purpose This paper aims to investigate the evolution of enterprise risk management (ERM) out of fragmented disciplinary perspectives to provide a foundation for promoting interdisciplinary research and proposes a design science approach for more effective ERM implementation in organizations. Design/methodology/approach This conceptual paper synthesizes ERM research and practice from multiple disciplines. Findings Corporate risk management concepts were born in academic finance and developed further in the finance subset known as risk management and insurance. With the advent of ERM, efforts must broaden beyond applying statistical models to quantifiable risks. Other disciplines have expanded ERM research by embracing techniques to investigate risk management practices to produce knowledge that integrates practice and theory. ERM is promoted as integrated risk management, yet silos still remain in both practice and research. Originality/value This study provides a foundation and a proposal for moving ERM past academic and organizational silos, which is necessary to achieve the ERM philosophy and increase organizational resilience. Understanding the evolution and fragmented nature of ERM research and practice provides a foundation for interdisciplinary cooperation necessary to achieve the holistic ERM philosophy. A next frontier is effective ERM implementation. This paper argues for an organizational design science approach for mitigating the resistance to change that confounds effective implementation of ERM in organizations facing an increasingly uncertain environment and outlines future research for applying the approach to implementing the ISO 31000 risk management process.

Download Full-text

Risk of regulatory failure of “risk-based regulation” while using enterprise risk management as a meta-regulatory toolkit

Asian Journal of Economics and Banking ◽

10.1108/ajeb-05-2021-0067 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Mohammad Moniruzzaman

Keyword(s):

Risk Management ◽

Financial Regulation ◽

Self Regulation ◽

Secondary Data ◽

Enterprise Risk Management ◽

Regulatory Regime ◽

Content Type ◽

Enterprise Risk ◽

Regulatory Failure ◽

Risk Managers

PurposeDebate is growing around the expansion of risk-based regulation. The regulation scholarship provides evidence of regulatory failure of the risk-based approach in different domains, including financial regulation. Therefore, this paper aims to provide cautionary evidence about the risk of regulatory failure of risk-based strategy in the financial regulation while using enterprise risk management (ERM) as a meta-regulatory toolkit.Design/methodology/approachBased on interview data gathered from 30 risk managers of banks and five regulatory personnel, combined with secondary data, this study mainly explores the challenges for meaningful use of ERM based self-regulation in regulated banks. The evidence helps to assess the risk of regulatory failure of the risk-based regulation while using ERM.FindingsThe evidence reflects that regulated banks face diverse challenges arising from both peripheral and internal environments that limit the true internalization of ERM-based self-regulation. Despite this, the regulator uses this self-regulation as a meta-regulatory toolkit under the risk-based regulation to achieve the regulatory aims. However, the lack of true internalization of ERM based self-regulation is likely to raise the risk of regulatory failure of risk-based regulation to achieve the regulatory goals. Risk-based regulation is an evolving strategy in the regulatory regime. Therefore, care should be taken while using ERM as a regulatory toolkit before relying on it substantially.Originality/valueThe paper provides empirical insights about the challenges for effective use of ERM as a meta regulatory toolkit that might be useful practically both to the regulators and regulated firms.

Download Full-text

Corporate governance and the information system: how a framework for IT governance supports ERM

Corporate Governance ◽

10.1108/cg-06-2013-0067 ◽

2014 ◽

Vol 14 (3) ◽

pp. 320-338 ◽

Cited By ~ 14

Author(s):

Michele Rubino ◽

Filippo Vitolla

Keyword(s):

Risk Management ◽

Corporate Governance ◽

Internal Control ◽

It Governance ◽

Enterprise Risk Management ◽

Content Type ◽

Enterprise Risk ◽

Control Framework ◽

Internal Control System ◽

A Company

Purpose – The purpose of this paper is to illustrate how information technology (IT) governance supports the process of enterprise risk management (ERM). In particular, the paper illustrates how the Control Objectives for Information and related Technology (COBIT) framework helps a company reach its objectives by integrating and supporting the Enterprise Risk Management by the Committee of Sponsoring Organizations (COSO ERM) framework. Design/methodology/approach – This paper explains how the integration between the two frameworks (COSO ERM and COBIT 5) can represent, for any organization, a good way to achieve the objectives of internal control and risk management and, more generally, corporate governance. Findings – The paper identifies some gaps in the COSO ERM and illustrates how the COBIT framework facilitates the implementation of an adequate system of internal control. Originality/value – The originality of the work presented here is in analyzing the COBIT 5 together with the COSO ERM framework. This paper highlights that is not enough to apply only an internal control framework for achieving the risk management and internal control system objectives. An IT governance framework, such as COBIT 5 is proposed as a tool that support risk management in order to develop an adequate system of internal control.

Download Full-text