Enterprise risk management: history and a design science proposal

2018 ◽  
Vol 19 (2) ◽  
pp. 137-153 ◽  
Author(s):  
Michael McShane
Keyword(s):  
Risk Management ◽  
Management Practices ◽  
Design Science ◽  
Enterprise Risk Management ◽  
Content Type ◽  
Research And Practice ◽  
Enterprise Risk ◽  
Risk Management Process ◽  
Management Concepts ◽  
Science Approach

Purpose This paper aims to investigate the evolution of enterprise risk management (ERM) out of fragmented disciplinary perspectives to provide a foundation for promoting interdisciplinary research and proposes a design science approach for more effective ERM implementation in organizations. Design/methodology/approach This conceptual paper synthesizes ERM research and practice from multiple disciplines. Findings Corporate risk management concepts were born in academic finance and developed further in the finance subset known as risk management and insurance. With the advent of ERM, efforts must broaden beyond applying statistical models to quantifiable risks. Other disciplines have expanded ERM research by embracing techniques to investigate risk management practices to produce knowledge that integrates practice and theory. ERM is promoted as integrated risk management, yet silos still remain in both practice and research. Originality/value This study provides a foundation and a proposal for moving ERM past academic and organizational silos, which is necessary to achieve the ERM philosophy and increase organizational resilience. Understanding the evolution and fragmented nature of ERM research and practice provides a foundation for interdisciplinary cooperation necessary to achieve the holistic ERM philosophy. A next frontier is effective ERM implementation. This paper argues for an organizational design science approach for mitigating the resistance to change that confounds effective implementation of ERM in organizations facing an increasingly uncertain environment and outlines future research for applying the approach to implementing the ISO 31000 risk management process.

Enterprise risk management: a capability-based perspective

2017 ◽  
Vol 18 (3) ◽  
pp. 234-251 ◽  
Author(s):  
Yevgen Bogodistov ◽  
Veit Wohlgemuth
Keyword(s):  
Risk Management ◽  
Dynamic Capabilities ◽  
Enterprise Risk Management ◽  
Dynamic Capability ◽  
Resource Based View ◽  
Content Type ◽  
Enterprise Risk ◽  
Risk Management Process ◽  
Management Concepts ◽  
The Impact

Purpose The purpose of this study is to enhance the existing enterprise risk-management (ERM) theory by introducing both a resource-based view and a dynamic capability perspective. These strategic management concepts might resolve several theoretical shortcomings in the field of risk management. The concept of risk-management capabilities is proposed as an explanation of a firm’s risk resilience. Design/methodology/approach This paper is conceptual in nature. For illustrative purposes, the paper refers to practical examples. Findings First, the resource-based view provides a framework that helps to set priorities in risk management. Second, the dynamic capability perspective illustrates how firms can handle unforeseen events. Third, it is proposed that dynamic capabilities are needed to allow a constant reassessment of the impact of specific resources and, consequently, of ERM priorities. Fourth, a risk-management capability, as an integral part of a dynamic capability, allows firms to develop risk resilience in turbulent environments. Research limitations/implications This paper develops an enhanced framework for ERM within specific boundary conditions. It shows how priorities at the strategic level are to be set, and how these priorities influence the operational level of risk management. Practical implications The framework provides clear guidelines on setting priorities in ERM and implementing a risk-management process within firms. Originality/value This study contributes to the theoretical literature on ERM by enhancing it through a new framework. The resource-based view and dynamic capability perspective benefit through insights from risk-management literature.

Customisable framework for project risk management

2017 ◽  
Vol 17 (1) ◽  
pp. 68-89 ◽  
Author(s):  
Jennifer Firmenich
Keyword(s):  
Risk Management ◽  
Management Practices ◽  
New Institutional Economics ◽  
Future Research ◽  
Project Risk Management ◽  
Management Process ◽  
Project Risk ◽  
Content Type ◽  
Risk Management Process ◽  
Management Concepts

Purpose The purpose of this paper is to emphasise on the need for efficient and effective project risk management practices and to support project managers in increasing the cost certainty of projects by proposing a new framework for project risk management. Design/methodology/approach The author adopts a “constructivist” methodology, drawing on practices common in construction management sciences and new institutional economics. Findings The author presents a holistic and customisable project risk management framework that is grounded in both practice and academia. The framework is holistic because, amongst others, all steps of the typical risk management process are addressed. The framework is customisable, because it allows for alternative ways of implementing the project risk management steps depending on the project-specific circumstances. Research limitations/implications The framework does not address the potential unwillingness of the project players to set up a project risk management process, at all. The proposed framework has not yet been tested empirically. Future research will seek to validate the framework. Originality/value The framework is designed to account for the difficult circumstances of a complex construction project. It is intended to support decision makers in customising a practical yet comprehensive project risk management concept to the characteristics of the unique project. Although many other project risk management concepts are designed based on the assumption that actors are perfectly rational and informed, this framework’s design is based on the opposite assumption. The framework is dynamic and should adapt over time.

A conceptual model for enterprise risk management

2019 ◽  
Vol 32 (5) ◽  
pp. 843-868 ◽  
Author(s):  
Rafael Almeida ◽  
José Miguel Teixeira ◽  
Miguel Mira da Silva ◽  
Paulo Faroleiro
Keyword(s):  
Risk Management ◽  
Research Methodology ◽  
Enterprise Architecture ◽  
Design Science ◽  
Enterprise Risk Management ◽  
Business Systems ◽  
Content Type ◽  
Enterprise Risk ◽  
Model Complex ◽  
Iso 31000

Purpose The purpose of this paper is to ease the ISO 31000 standard understanding and provide mechanisms that allow organizations to adopt and adapt this standard to their reality. Design/methodology/approach The research methodology adopted in this research was the design science research methodology. Findings Key finding is that enterprise architecture (EA) models and EA tools can help reduce the complexity of the ISO 31000 standard and improve the communication between stakeholders. Practical implications The research proposal serves the purpose of supporting the evidence collection for an enterprise risk management (ERM) initiative in an as-was, as-is, or to-be perspective. Originality/value Traditional ERM efforts operate on silos, limiting the sharing of risk information and the achievement of an organization-wide view of risks. EA can provide a common way to model complex business systems, from the strategic level to implementation details. This paper proposes the use of an EA model and an EA tool (Atlas) to represent ISO 31000, allowing a better understanding on the value of assets that can be affected from the manifestation of some risks over time.

Analysis of enterprise risk management practices in Malaysian waqf institutions

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Rubayah Yakob ◽  
Mohd Hafizuddin-Syah Bangaan Abdullah ◽  
Sajiah Yakob ◽  
Nooraida Yakob ◽  
Nurul Hidayah Md. Razali ◽  
...  
Keyword(s):  
Risk Management ◽  
Management Practices ◽  
Enterprise Risk Management ◽  
Successful Implementation ◽  
Management Support ◽  
Structured Interviews ◽  
Research Attention ◽  
Content Type ◽  
Mean Values ◽  
Enterprise Risk

Purpose This study aims to assess enterprise risk management (ERM) practices in waqf institutions (WIs) along with their strengths and weaknesses; highlight ERM trends in WIs; and determine the best ERM practices for these institutions. Design/methodology/approach Data were collected via structured interviews with nine WI managers in Malaysia. A standardised questionnaire was adopted for the interviews, which focussed on ERM implementation in WIs. The collected data were analysed in three steps, namely, data reduction, data display and verification/conclusion. The frequency distribution of these data were then illustrated and the mean values and differences of the studied groups/variables were examined. Findings WIs have a sub-optimal ERM implementation, whose aspects need to be improved over time. These institutions have focussed on their ERM practices at the strategic level yet ignored those at the operational level. Specifically, WI officers have well-defined internal environments and objectives, but risk monitoring, which ensures effective implementation of ERM, is lacking. The presence of risk management committees and units may be linked with the successful implementation of ERM. However, ERM knowledge and top management support do not show clearly associations with ERM implementation. WIs should focus on improving their ERM implementation governance. Research limitations/implications Findings underscore the need for WIs to launch a formal ERM programme and for relevant stakeholders to create the appropriate infrastructures that support ERM implementation, including amended rules, ERM policies and allocated funds for training and education, to promote ERM implementation knowledge and awareness. The successful implementation of ERM not only improves the service quality, sustainability and performance of WIs but also promotes the national waqf agenda as a key economic driver. Originality/value ERM in non-profit organisations, such as WIs, has received limited research attention relative to that in profit-driven organisations despite having unique risks. To the best of the knowledge, this study is the first to identify those trends that explain ERM practices and to determine the ERM best practices of WIs.

Competitive strategies-performance nexus and the mediating role of enterprise risk management practices: a multi-group analysis for fully fledged Islamic banks and conventional banks with Islamic window in Pakistan

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Waqas Ali ◽  
Imran Ibrahim Alasan ◽  
Mushtaq Hussain Khan ◽  
Shujahat Ali ◽  
Jun-Hwa Cheah ◽  
...  
Keyword(s):  
Risk Management ◽  
Management Practices ◽  
Low Cost ◽  
Enterprise Risk Management ◽  
Islamic Banks ◽  
Competitive Strategies ◽  
Content Type ◽  
Differentiation Strategy ◽  
Enterprise Risk ◽  
Conventional Banks

Purpose This paper aims to investigate whether the effect of competitive strategies on the performance is significantly different for fully fledged Islamic banks vis-a-vis conventional banks with Islamic window. Specifically, two competitive strategies namely the low-cost strategy and the differentiation strategy were considered. In addition, we examined further the competitive strategies–performance nexus by introducing enterprise risk management as a mediating factor. Design/methodology/approach This study used structured questionnaires to collect data from 506 respondents (251 from fully fledged Islamic banks and 255 from conventional banks with Islamic window). A disjoint two-stage approach was employed to analyze a hierarchical component model. Construct Level Correction and Measured Latent Marker Variable approaches were employed to assess the common method variance. As a robustness check, two-stage approach was used to explore the curvilinear relationship, and the Gaussian copula approach was adopted to address the endogeneity issue. Findings The findings show the evidence of complementary partial mediation in the relationships between low-cost strategy, differentiation strategy, and performance through enterprise risk management practices in both types of banks. Practical implications Competitive strategies are essential as they send signals to owners, managers, policymakers, and regulatory authorities. On the one hand, fully fledged Islamic banks face dual competition from pure conventional counterparts as well as conventional banks with Islamic window. On the other hand, Islamic window banks also face strong competition from the fully fledged Islamic banks due to their strong Shariah roots. Hence, this competitive pressure on both types of banks calls for more attention to focus on competitive strategies and enterprise risk management practices to accelerate their performance and overcome the bank risk. Moreover, these competitive strategies can be used as a tool to enter into a new market by reducing costs and risks. Besides, banks cannot achieve a competitive advantage without implementing enterprise risk management practices because competitive strategies are significant antecedents of enterprise risk management practices. Therefore, this study recommends both types of banks to focus on enterprise risk management practices to make these strategies successful. Originality/value To the best of our knowledge, this is the first study to examine the competitive strategies–performance nexus and the mediating role of enterprise risk management practices in an unexplored area of Islamic banking.

Does the hiring of chief risk officers align with the COSO/ISO enterprise risk management frameworks?

2017 ◽  
Vol 25 (3) ◽  
pp. 274-295 ◽  
Author(s):  
Erastus Karanja
Keyword(s):  
Risk Management ◽  
Enterprise Risk Management ◽  
Clear Understanding ◽  
Press Releases ◽  
Apparent Lack ◽  
Content Type ◽  
Business Operations ◽  
Enterprise Risk ◽  
The Press ◽  
Iso 31000

Purpose There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation. Design/methodology/approach The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic. Findings The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives. Originality/value There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.

Enterprise risk management and sustainability of banks performance

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Babajide Oyewo
Keyword(s):  
Risk Management ◽  
Banking Sector ◽  
Management Practice ◽  
Enterprise Risk Management ◽  
Annual Reports ◽  
Banking Reform ◽  
Content Type ◽  
Enterprise Risk ◽  
The Impact

PurposeThis study investigates firm attributes (namely level of capitalisation, scope of operation, organisational structure, organisational lifecycle, systemic importance and size) affecting the robustness of enterprise risk management (ERM) practice, the extent to which ERM affects the performance of banks and the impact of ERM on the long-term sustainability of banks in Nigeria. This was against the backdrop that the 2012 banking reform was a major regulatory intervention that mainstreamed ERM in the Nigerian banking sector.Design/methodology/approachThe study employed a mixed methodology of content, trend and quantitative analyses. Ex post facto research design was deployed to analyse performance differential of banks, with respect to the implementation of ERM, over a 10-year period (2008–2017). A disclosure checklist developed from the COSO ERM integrated framework was used to assess the robustness of ERM by content-analysing divulgence on risk management in published annual reports. The banking reform periods were dichotomised into pre- (2008–2012) and post- (2013–2017) reform periods. Jonckheere–Terpstra test, independent sample t-test and Mann–Whitney test were applied to analyse a total of 1,036 firm-year observations over the period 2008–2017.FindingsResult shows that bank attributes significantly affecting the robustness of risk management practice are level of capitalisation, scope of operation, systemic importance and size. Performance of banks improved slightly during the post-2012 banking reform period. This suggests that as banks consolidate on the gains of ERM, benefits of the regulatory policy on risk management may be realised in the long run. Result also shows that ERM enhances long-term performance, connoting that effective risk management could serve as a competitive strategy for surviving turbulence that typically characterises the banking sector.Practical implicationsThe emergence of level of capitalisation, scope of operation, systemic importance and size as determinants of ERM provides empirical evidence to support the practice of reviewing the capital requirements for banking business from time to time by regulatory authorities (i.e. recapitalisation policy) as a strategy for managing systemic risk. Top management of banks may consider instituting mechanisms that will ensure risk management is given prominence. A proactive approach must be taken to convert risks to opportunities by banks and other financial institutions, going forward, to cope with the vicissitudes of financial intermediation.Originality/valueThe originality of the study stems from the consideration that it provides some new insights into the impact of ERM on banks long-term sustainability in a developing country. The study also contributes to knowledge by exposing the factors determining the robustness of risk management practice. The study developed a checklist for assessing ERM practice from annual reports and other risk management disclosure documents. The paper also adds to the scarce literature on risk governance and risk management.

Enterprise risk management and Solvency II: the system of governance and the Own Risk and Solvency Assessment

2020 ◽  
Vol 21 (4) ◽  
pp. 317-332 ◽  
Author(s):  
Pablo Durán Santomil ◽  
Luis Otero González
Keyword(s):  
Risk Management ◽  
Insurance Industry ◽  
Solvency Ii ◽  
Enterprise Risk Management ◽  
Insurance Companies ◽  
Legal Form ◽  
Content Type ◽  
Enterprise Risk ◽  
Solvency Assessment

Purpose The purpose of this paper is to analyze how enterprise risk management (ERM), the system of governance and the Own Risk and Solvency Assessment (ORSA) have been boosted with the entry of Solvency II. Design/methodology/approach For this analysis, the authors have undertaken a survey of chief risk officers (CROs) working in Spanish insurance companies. Findings The results show that Solvency II has definitely promoted ERM in the European insurance industry and improved the system of governance of the insurance companies, and that the perceived value of the ORSA for the companies is higher than the cost. It is clear that the quality of ERM implemented by companies is higher in those that face more complex risks and with greater interdependencies – that is, larger companies, foreign insurers and insurers with several lines of business – but is unaffected by the legal form of the entity (mutual/corporation). Originality/value This study conducts primary research with surveys of CROs and develops a measure of the quality of ERM implemented by insurance companies.

Cyber risk management in SMEs: insights from industry surveys

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Felicitas Hoppe ◽  
Nadine Gatzert ◽  
Petra Gruner
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Future Research ◽  
Management Process ◽  
Content Type ◽  
Security Culture ◽  
Current State ◽  
Enterprise Risk ◽  
Risk Management Process ◽  
Cyber Risk

PurposeThis article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.Design/methodology/approachThis is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.FindingsThe results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.Originality/valueThis paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.

Enterprise risk management and bow ties: going beyond patient safety

2019 ◽  
Vol 26 (3) ◽  
pp. 770-785
Author(s):  
Hossam Elamir
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Patient Safety ◽  
Assessment Tool ◽  
Enterprise Risk Management ◽  
Risk Assessment Tool ◽  
Management Tool ◽  
Content Type ◽  
Enterprise Risk ◽  
Bow Tie

Purpose The growing importance of risk management programmes and practices in different industries has given rise to a new risk management approach, i.e. enterprise risk management. The purpose of this paper is to better understand the necessity, benefit, approaches and methodologies of managing risks in healthcare. It compares and contrasts between the traditional and enterprise risk management approaches within the healthcare context. In addition, it introduces bow tie methodology, a prospective risk assessment tool proposed by the American Society for Healthcare Risk Management as a visual risk management tool used in enterprise risk management. Design/methodology/approach This is a critical review of published literature on the topics of governance, patient safety, risk management, enterprise risk management and bow tie, which aims to draw a link between them and find the benefits behind their adoption. Findings Enterprise risk management is a generic holistic approach that extends the benefits of risk management programme beyond the traditional insurable hazards and/or losses. In addition, the bow tie methodology is a barrier-based risk analysis and management tool used in enterprise risk management for critical events related to the relevant day-to-day operations. It is a visual risk assessment tool which is used in many higher reliability industries. Nevertheless, enterprise risk management and bow ties are reported with limited use in healthcare. Originality/value The paper suggests the applicability and usefulness of enterprise risk management to healthcare, and proposes the bow tie methodology as a proactive barrier-based risk management tool valid for enterprise risk management implementation in healthcare.

Sign in / Sign up

Export Citation Format

Share Document