Adoption of enterprise risk management (ERM) in small and medium-sized enterprises: evidence from Malaysia

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Consilz Tan ◽  
Su Zy Lee
Keyword(s):  
Risk Management ◽  
Best Practices ◽  
Business Environment ◽  
Risk Tolerance ◽  
Enterprise Risk Management ◽  
Risk Governance ◽  
Success Factor ◽  
Content Type ◽  
Enterprise Risk ◽  
Risk Appetite

Purpose The critical success factor of enterprises is the ability to identify risks and subsequently adapt to the ever-changing technology, as well as the business environment. This paper aims to investigate the top risks faced by small and medium-sized enterprises (SMEs). In the meantime, this paper outlines the perspectives on enterprise risk management (ERM)-based best practices and the adoption level of ERM practices in SMEs. Design/methodology/approach A mixed methodology was used to collect a comprehensive understanding of the adoption of ERM, especially in SMEs. The research is based on cross-sectional questionnaires and collected from risk practitioners in Malaysia. Detailed analysis of the top risks and best practices presented in this paper to identify the developments of risk management in changing organizations. This study used chi-square tests to examine the distribution of the adoption of the ERM programme using risk and insurance management society risk maturity model attributes. Logit regression was used to test the association of ERM efforts with the probability of adopting/considering ERM practices. Findings The findings indicated that business interruption risk and economic slowdown risk are the major concern for companies in Malaysia. A business continuity plan was found to be the most common risk management practice. Efforts such as the establishment of a risk management team and the development of risk appetite and/or risk tolerance statements in an organization are associated with the probability of adopting/considering ERM practices. Research limitations/implications This paper helps to identify challenges of implementing risk governance and management in SMEs that shed light on the regulatory setting which we rather know a little about its impacts. Originality/value There are limited studies conducted in emerging countries on ERM and the application of the ERM framework in SMEs. Prior research studies are mostly generalized and lack details of risk management strategies applying to specific risks. This paper successfully examined the low maturity level of ERM practices and how SMEs in Malaysia managed those risks that emerged in their organizations.

scholarly journals Evaluation of the Level of Enterprise Risk Management Adoption and Maturity of Insurance Companies in Kenya

2017 ◽  
Vol 1 (2) ◽  
pp. 1
Author(s):  
Caroline Njagi ◽  
Dr. Amos Njuguna
Keyword(s):  
Risk Management ◽  
Risk Tolerance ◽  
Enterprise Risk Management ◽  
Strategic Decision ◽  
Insurance Companies ◽  
Top Management ◽  
Organizational Strategies ◽  
Risk Management Framework ◽  
Enterprise Risk ◽  
Risk Appetite

Purpose: The purpose of this study was to evaluate the extent to which insurance companies in Kenya have adopted ERM process, and then to assess the maturity, challenges and strategies in the implementation of this process.Materials and methods: The research design adopted for the study is descriptive research. The researcher conducted a survey on the 49 insurance companies of Kenya to encapsulate the factors that are relevant in articulating the extent of adoption of ERM and the level of maturity. A sample of 196 respondents was selected from a population of 245 respondents. The study used quantitative and qualitative methods of data analysis. Statistical Package for Social Sciences (SPSS) version 20 program was used for analysis. The results were presented using tables and pie charts. Similarly, qualitative data was summarized and categorized according to common themes and presentedin continuous prose form.Results: The study concluded that organizational related challenges hindered implementation of ERM programs. Results revealed that inadequate application of the risk management framework, ambiguity in roles and responsibilities in risk management, complexities in risk measurement, lack of embodiment of ERM in organizational culture, difficulty in risk quantification, linking risk information to strategic decision making, ensuring that all decisions remain within the organization’s risk tolerance, proactively identifying current and emerging risks, cost and budgetary constraints, misalignment of the risk and business operating models, risk management not seen as a priority by top management and inadequate information to make risk-based decisions hindered implementation of ERM frameworks among insurance firms in Kenya. The findings imply that organization related challenges have a significant effect on ERM implementation.Recommendations: The study recommends that there should be better organizational strategies to help improve implementation of ERM programs. It was found that building a strong risk culture, engaging consultants, building a dedicated ERM function, committed board of directors and top management, developing risk appetite statement, appointment of a Chief Risk Officer (CRO) and availing ERM budgets improved the implementation of ERM programs. Key words: enterprise risk management, adoption, maturity

scholarly journals The Role of Risk Culture in Enterprise Risk Management Implementation

2020 ◽  
Vol 15 (11) ◽  
pp. 13
Author(s):  
Mohamed Santigie Kanu
Keyword(s):  
Risk Management ◽  
Organizational Performance ◽  
Empirical Evidence ◽  
Business Environment ◽  
Enterprise Risk Management ◽  
Study Objective ◽  
Enterprise Risk ◽  
Risk Appetite ◽  
Study Results ◽  
Risk Culture

Enterprise Risk Management (ERM) and risk culture academics and practitioners have argued that they are inherently related without empirical evidence. They continue to advocate for their implementation by firms to face the dynamic business environment with certainty. The lack of empirical evidence to underpin this relationship partly contributes to their fragmented implementation and the lack of proper attention to risk culture in ERM implementation. The challenge in measuring these two abstract concepts contributes to their dichotomous measures in the literature, with most studies concentrated in the developed economies. The study objective is to provide a comprehensive measurement of the two constructs and empirically determine their relationship in the less-researched context of Africa. The study results empirically confirm risk culture and ERM to have a significant positive relationship. A firm's size and financial leverage were found to be significant determinants for ERM implementation, whereas capital opacity, financial slack, and board composition are not. Organizational leaders are advised by the study not to treat risk culture and ERM as substitutes but as complements. A sound risk culture provides a solid base for ERM implementation. Risk culture should be managed and developed in full alignment with the risk appetite and the ERM framework to improve organizational performance. These shall enable the promotion of a risk-aware culture and ingraining risk-related measures into performance management that help drive the organization forward. The constructs measures presented in the study can be used by academics and risk practitioners to determine the level of risk culture and ERM implementation in organizations.

An enterprise risk management knowledge-based decision support system for construction firms

2016 ◽  
Vol 23 (3) ◽  
pp. 369-384 ◽  
Author(s):  
Xianbo Zhao ◽  
Bon-Gang Hwang ◽  
Sui Pheng Low
Keyword(s):  
Risk Management ◽  
Decision Support ◽  
Best Practices ◽  
Support System ◽  
Enterprise Risk Management ◽  
Action Plans ◽  
Content Type ◽  
Construction Firms ◽  
Knowledge Based ◽  
Enterprise Risk

Purpose – The purpose of this paper is to develop a knowledge-based decision support system for enterprise risk management (KBDSS-ERM) for Chinese construction firms (CCFs) to facilitate their ERM implementation. The specific objectives of the KBDSS-ERM are: first, assess the ERM maturity in a CCF; second, visualize the ERM maturity assessment results; third, provide action plans for improving the ERM implementation along the maturity continuum; and finally, generate a printable ERM maturity assessment report. Design/methodology/approach – Microsoft Visual Studio 2010 was used to develop the KBDSS-ERM. Based on literature review and structured interviews, 191 action plans for improving ERM implementation were identified and included in the knowledge base. A fuzzy ERM maturity model, including 16 maturity criteria and 66 best practices, was embedded into the KBDSS-ERM. A total of ten experts from ten different CCFs, who were not involved in the survey or the development of the action plans, were invited to validate the KBDSS-ERM. Findings – The validation results indicated that the results of the KBDSS-ERM were consistent with the expert judgments, and that the KBDSS-ERM had the accuracy ranging from 92.9 to 83.7 percent in assessing the maturity criteria and the overall ERM maturity of CCFs. In addition, the experts recognized the KBDSS-ERM as being a robust, convenient and useful tool for ERM implementation in CCFs. Research limitations/implications – First, the maturity criteria and ERM best practices that were identified in this study may not be exhaustive even though close attention was paid in the research methodology adopted to circumvent this risk. Additionally, as the applicability of the best practices and the importance of the maturity criteria were checked in the context of CCFs, one should be cautious when the KBDSS-ERM is being applied in other construction firms outside of the CCFs domain. Practical implications – Using the KBDSS-ERM, the management can clearly understand its ERM implementation as well as the strengths and weaknesses, and obtain the action plans recommended by the KBDSS-ERM. Thus, with the information from the KBDSS-ERM, the management would make better decisions relating to ERM. In addition, while using the KBDSS-ERM, the staffs need to read the ERM best practices, which allows them to learn the ERM fundamentals and produce practical or innovative ideas relating to ERM. Thus, the KBDSS-ERM would contribute to the organizational learning of companies. Originality/value – The primary contribution is the provision of 191 specific action plans that could be followed to enhance ERM practice. These action plans are arguably the first to be presented for the construction industry and therefore add to existing knowledge of ERM, now embedded in the KBDSS. In addition, the KBDSS-ERM is also the first computerized ERM tool developed specifically for construction firms. Although the KBDSS-ERM is primarily designed for CCFs, the implications of this study are not limited to CCFs because researchers and practitioners could adopt the research method of this study to develop KBDSSs for other construction firms.

A theory of enterprise risk management

2019 ◽  
Vol 19 (3) ◽  
pp. 565-579 ◽  
Author(s):  
Håkan Jankensgård
Keyword(s):  
Risk Management ◽  
Boards Of Directors ◽  
Enterprise Risk Management ◽  
Risk Governance ◽  
Corporate Risk Management ◽  
Content Type ◽  
Enterprise Risk ◽  
Risk Aggregation ◽  
The Board Of Directors

Purpose The purpose of this paper is to develop a theory of enterprise risk management (ERM). Design/methodology/approach The method is to develop a theory for ERM based on identifying the general risk management problems that it is supposed to solve and to apply the principle of deduction based on these premises. Findings ERM consists of risk governance, which is a set of mechanisms that deals with the agency problem of risk management and risk aggregation, which is a set of mechanisms that deals with the information problem of risk management. Research limitations/implications The theory, by identifying the central role of the Board of Directors, encourages further research into the capabilities and incentives of directors as determinants of ERM adoption. It also encourages research into how ERM adoption depends on proxies for agency problems of risk management, such as a decentralized company structure. Practical implications The theory encourages Boards of Directors to focus on understanding where the under and over management of risk are likely to be greatest, as opposed to the current practice of mapping a large number of risk factors. Originality/value The theory complements existing theory on corporate risk management, which revolves around the role of external frictions, by focusing on internal frictions in the firm that prevent effective risk management. It is the first work to delineate ERM vis-a-vis existing risk theory.

Does the hiring of chief risk officers align with the COSO/ISO enterprise risk management frameworks?

2017 ◽  
Vol 25 (3) ◽  
pp. 274-295 ◽  
Author(s):  
Erastus Karanja
Keyword(s):  
Risk Management ◽  
Enterprise Risk Management ◽  
Clear Understanding ◽  
Press Releases ◽  
Apparent Lack ◽  
Content Type ◽  
Business Operations ◽  
Enterprise Risk ◽  
The Press ◽  
Iso 31000

Purpose There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation. Design/methodology/approach The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic. Findings The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives. Originality/value There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.

Enterprise risk management and sustainability of banks performance

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Babajide Oyewo
Keyword(s):  
Risk Management ◽  
Banking Sector ◽  
Management Practice ◽  
Enterprise Risk Management ◽  
Annual Reports ◽  
Banking Reform ◽  
Content Type ◽  
Enterprise Risk ◽  
The Impact

PurposeThis study investigates firm attributes (namely level of capitalisation, scope of operation, organisational structure, organisational lifecycle, systemic importance and size) affecting the robustness of enterprise risk management (ERM) practice, the extent to which ERM affects the performance of banks and the impact of ERM on the long-term sustainability of banks in Nigeria. This was against the backdrop that the 2012 banking reform was a major regulatory intervention that mainstreamed ERM in the Nigerian banking sector.Design/methodology/approachThe study employed a mixed methodology of content, trend and quantitative analyses. Ex post facto research design was deployed to analyse performance differential of banks, with respect to the implementation of ERM, over a 10-year period (2008–2017). A disclosure checklist developed from the COSO ERM integrated framework was used to assess the robustness of ERM by content-analysing divulgence on risk management in published annual reports. The banking reform periods were dichotomised into pre- (2008–2012) and post- (2013–2017) reform periods. Jonckheere–Terpstra test, independent sample t-test and Mann–Whitney test were applied to analyse a total of 1,036 firm-year observations over the period 2008–2017.FindingsResult shows that bank attributes significantly affecting the robustness of risk management practice are level of capitalisation, scope of operation, systemic importance and size. Performance of banks improved slightly during the post-2012 banking reform period. This suggests that as banks consolidate on the gains of ERM, benefits of the regulatory policy on risk management may be realised in the long run. Result also shows that ERM enhances long-term performance, connoting that effective risk management could serve as a competitive strategy for surviving turbulence that typically characterises the banking sector.Practical implicationsThe emergence of level of capitalisation, scope of operation, systemic importance and size as determinants of ERM provides empirical evidence to support the practice of reviewing the capital requirements for banking business from time to time by regulatory authorities (i.e. recapitalisation policy) as a strategy for managing systemic risk. Top management of banks may consider instituting mechanisms that will ensure risk management is given prominence. A proactive approach must be taken to convert risks to opportunities by banks and other financial institutions, going forward, to cope with the vicissitudes of financial intermediation.Originality/valueThe originality of the study stems from the consideration that it provides some new insights into the impact of ERM on banks long-term sustainability in a developing country. The study also contributes to knowledge by exposing the factors determining the robustness of risk management practice. The study developed a checklist for assessing ERM practice from annual reports and other risk management disclosure documents. The paper also adds to the scarce literature on risk governance and risk management.

Enterprise risk management and Solvency II: the system of governance and the Own Risk and Solvency Assessment

2020 ◽  
Vol 21 (4) ◽  
pp. 317-332 ◽  
Author(s):  
Pablo Durán Santomil ◽  
Luis Otero González
Keyword(s):  
Risk Management ◽  
Insurance Industry ◽  
Solvency Ii ◽  
Enterprise Risk Management ◽  
Insurance Companies ◽  
Legal Form ◽  
Content Type ◽  
Enterprise Risk ◽  
Solvency Assessment

Purpose The purpose of this paper is to analyze how enterprise risk management (ERM), the system of governance and the Own Risk and Solvency Assessment (ORSA) have been boosted with the entry of Solvency II. Design/methodology/approach For this analysis, the authors have undertaken a survey of chief risk officers (CROs) working in Spanish insurance companies. Findings The results show that Solvency II has definitely promoted ERM in the European insurance industry and improved the system of governance of the insurance companies, and that the perceived value of the ORSA for the companies is higher than the cost. It is clear that the quality of ERM implemented by companies is higher in those that face more complex risks and with greater interdependencies – that is, larger companies, foreign insurers and insurers with several lines of business – but is unaffected by the legal form of the entity (mutual/corporation). Originality/value This study conducts primary research with surveys of CROs and develops a measure of the quality of ERM implemented by insurance companies.

Enterprise risk management and bow ties: going beyond patient safety

2019 ◽  
Vol 26 (3) ◽  
pp. 770-785
Author(s):  
Hossam Elamir
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Patient Safety ◽  
Assessment Tool ◽  
Enterprise Risk Management ◽  
Risk Assessment Tool ◽  
Management Tool ◽  
Content Type ◽  
Enterprise Risk ◽  
Bow Tie

Purpose The growing importance of risk management programmes and practices in different industries has given rise to a new risk management approach, i.e. enterprise risk management. The purpose of this paper is to better understand the necessity, benefit, approaches and methodologies of managing risks in healthcare. It compares and contrasts between the traditional and enterprise risk management approaches within the healthcare context. In addition, it introduces bow tie methodology, a prospective risk assessment tool proposed by the American Society for Healthcare Risk Management as a visual risk management tool used in enterprise risk management. Design/methodology/approach This is a critical review of published literature on the topics of governance, patient safety, risk management, enterprise risk management and bow tie, which aims to draw a link between them and find the benefits behind their adoption. Findings Enterprise risk management is a generic holistic approach that extends the benefits of risk management programme beyond the traditional insurable hazards and/or losses. In addition, the bow tie methodology is a barrier-based risk analysis and management tool used in enterprise risk management for critical events related to the relevant day-to-day operations. It is a visual risk assessment tool which is used in many higher reliability industries. Nevertheless, enterprise risk management and bow ties are reported with limited use in healthcare. Originality/value The paper suggests the applicability and usefulness of enterprise risk management to healthcare, and proposes the bow tie methodology as a proactive barrier-based risk management tool valid for enterprise risk management implementation in healthcare.

Risk disclosure and risk governance characteristics: evidence from a developing economy

2020 ◽  
Vol 28 (4) ◽  
pp. 577-605 ◽  
Author(s):  
Shamsun Nahar ◽  
Mohammad Istiaq Azim ◽  
Md Moazzem Hossain
Keyword(s):  
Risk Management ◽  
Developed Countries ◽  
Business Environment ◽  
International Standards ◽  
Risk Governance ◽  
Developing Economy ◽  
Risk Disclosure ◽  
Content Type ◽  
Governance Practices ◽  
The Impact

Purpose The purpose of this paper is to explore to what extent risk disclosure is associated with banks’ governance characteristics. The research also focuses on how the business environment and culture may create a bank’s awareness of risk management and its disclosure. This study is conducted in a setting where banks are not mandated to follow international standards for their risk disclosures. Design/methodology/approach Using 300 bank-year observations comprising hand-collected private commercial bank data, the study uses regression analysis to investigate the influence of risk governance characteristics on risk disclosure. Findings This paper reports a positive relationship between risk disclosure and banks’ governance characteristics, such as the presence of various risk committees and a risk management unit. Practical implications Because studies are lacking on risk disclosure and risk governance conducted in developing countries, it is expected that this research will make a significant contribution to the literature and provide a foundation for further research in this field. Social implications This study complements the corporate governance literature, more specifically the risk governance literature, by incorporating agency theory, institutional theory and proprietary cost theory to provide robust evidence of the impact of risk governance practices in the context of a developing economy. Originality/value Previous studies on risk disclosure and governance determinants primarily involve developed countries. This paper’s contribution is to examine risk disclosure and risk governance characteristics in a developing country in which reporting according to international standards is effectively voluntary.

Management accounting systems, enterprise risk management and organizational performance in financial institutions

2014 ◽  
Vol 22 (2) ◽  
pp. 128-144 ◽  
Author(s):  
Siti Zaleha Abdul Rasid ◽  
Che Ruhana Isa ◽  
Wan Khairuzzaman Wan Ismail
Keyword(s):  
Risk Management ◽  
Organizational Performance ◽  
Financial Institutions ◽  
Management Accounting ◽  
Enterprise Risk Management ◽  
Accounting Systems ◽  
Content Type ◽  
Management Accounting Systems ◽  
Enterprise Risk ◽  
And Control

Purpose – The purpose of this paper is to examine the linkages between management accounting systems (MAS), enterprise risk management (ERM) and organizational performance by examining MAS information characteristics that match ERM implementation and joint effects of MAS and ERM on organizational performance. Design/methodology/approach – The research method involved administering a questionnaire to 106 financial institutions (FIs) in Malaysia. The respondents were chief financial officers or staff members holding the most senior positions in the finance department of the institutions. Findings – The significant findings on the association between ERM and MAS show that implementation of ERM requires the use of sophisticated MAS information. ERM and MAS complement each other as both are integral to decision making, planning and control in an organization. The finding also substantiates the important role of ERM in enhancing non-financial performance. Research limitations/implications – This study covered only MAS as part of sub-control systems in an organization. Future studies could investigate the link between a more comprehensive management accounting and control system and ERM. Furthermore, this study used perceptual measures of MAS, ERM and organizational performance. Practical implications – The regulating body should promote best management practices of sophisticated MAS and ERM among FIs as these practices will create competitive advantage as well as help those institutions comply with regulations. Originality/value – This study has contributed to the body of knowledge on the linkages between MAS, risk management system and organizational performance.

Sign in / Sign up

Export Citation Format

Share Document