A framework for enterprise risk identification and management: the resource-based view

Purpose This study aims to examine the factors influencing enterprise risk management and propose a framework for identifying and explaining the components of enterprise risk management. To enable broader analytical thinking about risk factors, the framework utilizes the resource-based theory to link various classes of risks to an extended set of organizational resources. Design/methodology/approach The paper opted for an exploratory study using a sample from an online survey. The survey subjects were recruited from the membership database of the American Institute of Certified Public Accountants, focusing primarily on CFOs. The survey consisted of six sections: demographics, a section on each of the four risk types included in ERM: strategic risk, operational risk, financial risk and hazard risk, and exit questions (where very general questions about ERM were asked). The survey yielded a data set of 227 valid responses. Findings Using the associated sample survey data, the paper provides empirical validation of the proposed framework that managers in any organizations could use to identify and manage risks. Research limitations/implications The proposed model does have limitations that predominantly exist from the fact that human judgment in decision-making is not always data-driven, and hence, a proper risk exposure could be ignored based on pure arguments of cost and benefits from domain experts. Therefore, researchers and practitioners are encouraged to test the proposed framework further. Practical implications Risk exposure is not a snapshot event in an organization’s time horizon. Rather, risk identification is an ongoing process and the proposed framework allows organizations to handle increasing complex risks and/or identifying them based on how the organizational resources may be exposed over time. Managers could use a form of risk control analytics (monitoring dashboard of all identified risks under each interaction sets on a regular basis) to become more proactive in managing risk or exploiting opportunities across enterprise. Originality/value This paper fulfills an identified need to study how enterprise risks exposure can be proactively assessed and managed.

Download Full-text

Retail 4.0 adoption and firm performance among Malaysian retailers: the role of enterprise risk management as moderator

International Journal of Retail & Distribution Management ◽

10.1108/ijrdm-09-2020-0344 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Poorni Sakrabani ◽

Ai Ping Teoh

Keyword(s):

Risk Management ◽

Firm Performance ◽

Balanced Scorecard ◽

Online Survey ◽

Enterprise Risk Management ◽

Cross Sectional ◽

Content Type ◽

Enterprise Risk ◽

Impact Of Technology ◽

The Impact

PurposeThe purpose of this study was to ascertain the determinants of firm performance for Malaysian retailers.Design/methodology/approachAn online survey was conducted to collect responses from members of the Malaysian Retailers' Chain Association. A total of 126 responses were obtained. Data analysis was done by using the PLS-SEM method.FindingsThe results of the study indicate that Retail 4.0 adoption is able to improve retailers' performance as-a-whole by improving the four perspectives of firm performance as given in the Balanced Scorecard, i.e. the finance perspective, the customer perspective, the internal processes' perspective and also learning and growth perspective. Further, enterprise risk management was found to have a positive moderating effect on retailers' performance as-a-whole and also on the finance and customer perspectives of performance.Research limitations/implicationsThe study was conducted only in Malaysia and so, it might be geographically limited. Besides, it is cross-sectional in nature and therefore, the impact might be different if the study had been conducted over a longer period.Practical implicationsThis study provides a useful framework for retailers who are seeking to improve firm performance.Originality/valueThis is one of the first studies to show the impact of Retail 4.0 adoption on firm performance. Besides, this is also the first time, enterprise risk management has been introduced as a positive moderator on the impact of technology adoption on retailers' performance.

Download Full-text

Does the hiring of chief risk officers align with the COSO/ISO enterprise risk management frameworks?

International Journal of Accounting and Information Management ◽

10.1108/ijaim-04-2016-0037 ◽

2017 ◽

Vol 25 (3) ◽

pp. 274-295 ◽

Cited By ~ 2

Author(s):

Erastus Karanja

Keyword(s):

Risk Management ◽

Enterprise Risk Management ◽

Clear Understanding ◽

Press Releases ◽

Apparent Lack ◽

Content Type ◽

Business Operations ◽

Enterprise Risk ◽

The Press ◽

Iso 31000

Purpose There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation. Design/methodology/approach The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic. Findings The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives. Originality/value There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.

Download Full-text

How Can Enterprise Risk Management Help in Evaluating the Operational Risks for a Telecommunications Company?

Journal of Risk and Financial Management ◽

10.3390/jrfm14030139 ◽

2021 ◽

Vol 14 (3) ◽

pp. 139

Author(s):

José Ruiz-Canela López

Keyword(s):

Risk Management ◽

Banking Sector ◽

Operational Risk ◽

Field Work ◽

Risk Identification ◽

Enterprise Risk Management ◽

Management Tool ◽

Self Assessment ◽

Operational Risks ◽

Enterprise Risk

Operational risk is defined as the potential losses resulting from events caused by inadequate or failed processes, people, equipment, and systems or from external events. One of the most important challenges for the management of the company is to improve its results through its operational risk identification and evaluation. Most of Enterprise Risk Management (ERM) scholarship has roots in the finance/risk management and insurance (RMI) discipline, mainly in the banking sector. This study proposes an innovative operational risk assessment methodology (OpRAM), to evaluate operational risks focused on telecommunications companies (TELCOs), on the basis of an operational risk self-assessment (OpRSA) process and method. The OpRSA process evaluates operational risks through a quantitative analysis of estimates which inputs are the economic impact and the probability of occurrence of events. The OpRSA method is the “engine” for calculating the economic risk impact, applying actuarial techniques, which allow estimation of unexpected losses and expected losses distributions in a TELCO. The results of the analyzed business unit in the field work were compared with standardized ratings (acceptable, manageable, critical, or catastrophic), and contrasted against the company’s managers, proving that the OpRSA framework is a reliable and useful management tool for the business, and leading to more research in other sectors where operational risk management is key for the company success.

Download Full-text

Enterprise risk management and sustainability of banks performance

Journal of Accounting in Emerging Economies ◽

10.1108/jaee-10-2020-0278 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Babajide Oyewo

Keyword(s):

Risk Management ◽

Banking Sector ◽

Management Practice ◽

Enterprise Risk Management ◽

Annual Reports ◽

Banking Reform ◽

Content Type ◽

Enterprise Risk ◽

The Impact

PurposeThis study investigates firm attributes (namely level of capitalisation, scope of operation, organisational structure, organisational lifecycle, systemic importance and size) affecting the robustness of enterprise risk management (ERM) practice, the extent to which ERM affects the performance of banks and the impact of ERM on the long-term sustainability of banks in Nigeria. This was against the backdrop that the 2012 banking reform was a major regulatory intervention that mainstreamed ERM in the Nigerian banking sector.Design/methodology/approachThe study employed a mixed methodology of content, trend and quantitative analyses. Ex post facto research design was deployed to analyse performance differential of banks, with respect to the implementation of ERM, over a 10-year period (2008–2017). A disclosure checklist developed from the COSO ERM integrated framework was used to assess the robustness of ERM by content-analysing divulgence on risk management in published annual reports. The banking reform periods were dichotomised into pre- (2008–2012) and post- (2013–2017) reform periods. Jonckheere–Terpstra test, independent sample t-test and Mann–Whitney test were applied to analyse a total of 1,036 firm-year observations over the period 2008–2017.FindingsResult shows that bank attributes significantly affecting the robustness of risk management practice are level of capitalisation, scope of operation, systemic importance and size. Performance of banks improved slightly during the post-2012 banking reform period. This suggests that as banks consolidate on the gains of ERM, benefits of the regulatory policy on risk management may be realised in the long run. Result also shows that ERM enhances long-term performance, connoting that effective risk management could serve as a competitive strategy for surviving turbulence that typically characterises the banking sector.Practical implicationsThe emergence of level of capitalisation, scope of operation, systemic importance and size as determinants of ERM provides empirical evidence to support the practice of reviewing the capital requirements for banking business from time to time by regulatory authorities (i.e. recapitalisation policy) as a strategy for managing systemic risk. Top management of banks may consider instituting mechanisms that will ensure risk management is given prominence. A proactive approach must be taken to convert risks to opportunities by banks and other financial institutions, going forward, to cope with the vicissitudes of financial intermediation.Originality/valueThe originality of the study stems from the consideration that it provides some new insights into the impact of ERM on banks long-term sustainability in a developing country. The study also contributes to knowledge by exposing the factors determining the robustness of risk management practice. The study developed a checklist for assessing ERM practice from annual reports and other risk management disclosure documents. The paper also adds to the scarce literature on risk governance and risk management.

Download Full-text

Enterprise risk management and Solvency II: the system of governance and the Own Risk and Solvency Assessment

The Journal of Risk Finance ◽

10.1108/jrf-09-2019-0183 ◽

2020 ◽

Vol 21 (4) ◽

pp. 317-332 ◽

Cited By ~ 1

Author(s):

Pablo Durán Santomil ◽

Luis Otero González

Keyword(s):

Risk Management ◽

Insurance Industry ◽

Solvency Ii ◽

Enterprise Risk Management ◽

Insurance Companies ◽

Legal Form ◽

Content Type ◽

Enterprise Risk ◽

Solvency Assessment

Purpose The purpose of this paper is to analyze how enterprise risk management (ERM), the system of governance and the Own Risk and Solvency Assessment (ORSA) have been boosted with the entry of Solvency II. Design/methodology/approach For this analysis, the authors have undertaken a survey of chief risk officers (CROs) working in Spanish insurance companies. Findings The results show that Solvency II has definitely promoted ERM in the European insurance industry and improved the system of governance of the insurance companies, and that the perceived value of the ORSA for the companies is higher than the cost. It is clear that the quality of ERM implemented by companies is higher in those that face more complex risks and with greater interdependencies – that is, larger companies, foreign insurers and insurers with several lines of business – but is unaffected by the legal form of the entity (mutual/corporation). Originality/value This study conducts primary research with surveys of CROs and develops a measure of the quality of ERM implemented by insurance companies.

Download Full-text

Enterprise risk management and bow ties: going beyond patient safety

Business Process Management Journal ◽

10.1108/bpmj-03-2019-0102 ◽

2019 ◽

Vol 26 (3) ◽

pp. 770-785

Author(s):

Hossam Elamir

Keyword(s):

Risk Assessment ◽

Risk Management ◽

Patient Safety ◽

Assessment Tool ◽

Enterprise Risk Management ◽

Risk Assessment Tool ◽

Management Tool ◽

Content Type ◽

Enterprise Risk ◽

Bow Tie

Purpose The growing importance of risk management programmes and practices in different industries has given rise to a new risk management approach, i.e. enterprise risk management. The purpose of this paper is to better understand the necessity, benefit, approaches and methodologies of managing risks in healthcare. It compares and contrasts between the traditional and enterprise risk management approaches within the healthcare context. In addition, it introduces bow tie methodology, a prospective risk assessment tool proposed by the American Society for Healthcare Risk Management as a visual risk management tool used in enterprise risk management. Design/methodology/approach This is a critical review of published literature on the topics of governance, patient safety, risk management, enterprise risk management and bow tie, which aims to draw a link between them and find the benefits behind their adoption. Findings Enterprise risk management is a generic holistic approach that extends the benefits of risk management programme beyond the traditional insurable hazards and/or losses. In addition, the bow tie methodology is a barrier-based risk analysis and management tool used in enterprise risk management for critical events related to the relevant day-to-day operations. It is a visual risk assessment tool which is used in many higher reliability industries. Nevertheless, enterprise risk management and bow ties are reported with limited use in healthcare. Originality/value The paper suggests the applicability and usefulness of enterprise risk management to healthcare, and proposes the bow tie methodology as a proactive barrier-based risk management tool valid for enterprise risk management implementation in healthcare.

Download Full-text

Management accounting systems, enterprise risk management and organizational performance in financial institutions

Asian Review of Accounting ◽

10.1108/ara-03-2013-0022 ◽

2014 ◽

Vol 22 (2) ◽

pp. 128-144 ◽

Cited By ~ 11

Author(s):

Siti Zaleha Abdul Rasid ◽

Che Ruhana Isa ◽

Wan Khairuzzaman Wan Ismail

Keyword(s):

Risk Management ◽

Organizational Performance ◽

Financial Institutions ◽

Management Accounting ◽

Enterprise Risk Management ◽

Accounting Systems ◽

Content Type ◽

Management Accounting Systems ◽

Enterprise Risk ◽

And Control

Purpose – The purpose of this paper is to examine the linkages between management accounting systems (MAS), enterprise risk management (ERM) and organizational performance by examining MAS information characteristics that match ERM implementation and joint effects of MAS and ERM on organizational performance. Design/methodology/approach – The research method involved administering a questionnaire to 106 financial institutions (FIs) in Malaysia. The respondents were chief financial officers or staff members holding the most senior positions in the finance department of the institutions. Findings – The significant findings on the association between ERM and MAS show that implementation of ERM requires the use of sophisticated MAS information. ERM and MAS complement each other as both are integral to decision making, planning and control in an organization. The finding also substantiates the important role of ERM in enhancing non-financial performance. Research limitations/implications – This study covered only MAS as part of sub-control systems in an organization. Future studies could investigate the link between a more comprehensive management accounting and control system and ERM. Furthermore, this study used perceptual measures of MAS, ERM and organizational performance. Practical implications – The regulating body should promote best management practices of sophisticated MAS and ERM among FIs as these practices will create competitive advantage as well as help those institutions comply with regulations. Originality/value – This study has contributed to the body of knowledge on the linkages between MAS, risk management system and organizational performance.

Download Full-text

The effect of enterprise risk management (ERM) on firm value in manufacturing companies listed on Indonesian Stock Exchange year 2010-2013

Asian Journal of Accounting Research ◽

10.1108/ajar-06-2018-0006 ◽

2018 ◽

Vol 3 (2) ◽

pp. 224-235 ◽

Cited By ~ 1

Author(s):

Iswajuni Iswajuni ◽

Arina Manasikana ◽

Soegeng Soetedjo

Keyword(s):

Risk Management ◽

Firm Value ◽

Stock Exchange ◽

Enterprise Risk Management ◽

Managerial Ownership ◽

Manufacturing Companies ◽

Content Type ◽

Significant Negative Effect ◽

Enterprise Risk ◽

Negative Effect

Purpose The purpose of this paper is to identify the effect of enterprise risk management (ERM) with firm size, ROA and managerial ownership as control variables on firm value that is proxied by Tobin’s Q. Design/methodology/approach Population of this research was manufacturing companies listed on the Indonesian Stock Exchange (IDX) in 2010–2013. The used method in this research is multiple linear regression-ordinary least square and hypotheses testing using t-test to test the regression coefficients with level of significance of 5 percent. Findings The results showed that ERM, ROA and size of the company have a significant positive effect on the firm value. While the managerial ownership has a significant negative effect on the firm value. Originality/value The results showed that firm value increases as ERM, ROA and size of the company improves. While the managerial ownership has a significant negative effect on the firm value.

Download Full-text

Enterprise risk management: history and a design science proposal

The Journal of Risk Finance ◽

10.1108/jrf-03-2017-0048 ◽

2018 ◽

Vol 19 (2) ◽

pp. 137-153 ◽

Cited By ~ 11

Author(s):

Michael McShane

Keyword(s):

Risk Management ◽

Management Practices ◽

Design Science ◽

Enterprise Risk Management ◽

Content Type ◽

Research And Practice ◽

Enterprise Risk ◽

Risk Management Process ◽

Management Concepts ◽

Science Approach

Purpose This paper aims to investigate the evolution of enterprise risk management (ERM) out of fragmented disciplinary perspectives to provide a foundation for promoting interdisciplinary research and proposes a design science approach for more effective ERM implementation in organizations. Design/methodology/approach This conceptual paper synthesizes ERM research and practice from multiple disciplines. Findings Corporate risk management concepts were born in academic finance and developed further in the finance subset known as risk management and insurance. With the advent of ERM, efforts must broaden beyond applying statistical models to quantifiable risks. Other disciplines have expanded ERM research by embracing techniques to investigate risk management practices to produce knowledge that integrates practice and theory. ERM is promoted as integrated risk management, yet silos still remain in both practice and research. Originality/value This study provides a foundation and a proposal for moving ERM past academic and organizational silos, which is necessary to achieve the ERM philosophy and increase organizational resilience. Understanding the evolution and fragmented nature of ERM research and practice provides a foundation for interdisciplinary cooperation necessary to achieve the holistic ERM philosophy. A next frontier is effective ERM implementation. This paper argues for an organizational design science approach for mitigating the resistance to change that confounds effective implementation of ERM in organizations facing an increasingly uncertain environment and outlines future research for applying the approach to implementing the ISO 31000 risk management process.

Download Full-text

Risk of regulatory failure of “risk-based regulation” while using enterprise risk management as a meta-regulatory toolkit

Asian Journal of Economics and Banking ◽

10.1108/ajeb-05-2021-0067 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Mohammad Moniruzzaman

Keyword(s):

Risk Management ◽

Financial Regulation ◽

Self Regulation ◽

Secondary Data ◽

Enterprise Risk Management ◽

Regulatory Regime ◽

Content Type ◽

Enterprise Risk ◽

Regulatory Failure ◽

Risk Managers

PurposeDebate is growing around the expansion of risk-based regulation. The regulation scholarship provides evidence of regulatory failure of the risk-based approach in different domains, including financial regulation. Therefore, this paper aims to provide cautionary evidence about the risk of regulatory failure of risk-based strategy in the financial regulation while using enterprise risk management (ERM) as a meta-regulatory toolkit.Design/methodology/approachBased on interview data gathered from 30 risk managers of banks and five regulatory personnel, combined with secondary data, this study mainly explores the challenges for meaningful use of ERM based self-regulation in regulated banks. The evidence helps to assess the risk of regulatory failure of the risk-based regulation while using ERM.FindingsThe evidence reflects that regulated banks face diverse challenges arising from both peripheral and internal environments that limit the true internalization of ERM-based self-regulation. Despite this, the regulator uses this self-regulation as a meta-regulatory toolkit under the risk-based regulation to achieve the regulatory aims. However, the lack of true internalization of ERM based self-regulation is likely to raise the risk of regulatory failure of risk-based regulation to achieve the regulatory goals. Risk-based regulation is an evolving strategy in the regulatory regime. Therefore, care should be taken while using ERM as a regulatory toolkit before relying on it substantially.Originality/valueThe paper provides empirical insights about the challenges for effective use of ERM as a meta regulatory toolkit that might be useful practically both to the regulators and regulated firms.

Download Full-text