Development of a Risk Register Spreadsheet Tool for Enterprise- and Program-Level Risk Management

2017 ◽  
Vol 2604 (1) ◽  
pp. 19-27 ◽  
Author(s):  
John Patrick O'Har ◽  
Christopher W. Senesi ◽  
Keith R. Molenaar
Keyword(s):  
Risk Management ◽  
Management Practices ◽  
Good Practice ◽  
The United States ◽  
Additional Information ◽  
Enterprise Risk ◽  
Survey Results ◽  
Enterprise Level ◽  
Staff Commitment ◽  
Departments Of Transportation

Enterprise risk management is an area of growing interest for state departments of transportation in the United States. This research developed a risk register spreadsheet tool—applicable at the enterprise and program levels—that supports the user in identifying risk events, defining risk categories, and assessing the likelihood (probability) and consequence (effect) of an event occurring. A state-of-the-practice survey was conducted with regard to the use of risk register tools to support enterprise- and program-level risk management at U.S. state departments of transportation, international transportation agencies, and nontransportation organizations. On the basis of the survey results and to further inform development of the risk register tool, several organizations were selected for in-depth interviews to gather additional information on their risk management practices and use of risk register tools. The resultant risk register reflects information from the interviews and examples provided by the participants. The spreadsheet-based risk register is an editable template that does not use any macros or custom code. In addition to the editable template, two prepopulated examples—one for enterprise-level risk management and one for program-level risk management—were created. While the risk register tool can help facilitate good practice risk management, the findings of this research indicate that an organization's risk management governance along with staff commitment, availability, and capability to support risk management activities are equally, if not more, important to effective risk management as the risk register tool itself.

Management Accounting And Risk Management Practices In Financial Institutions

2012 ◽  
Author(s):  
Siti Zaleha Abdul Rasid ◽  
Abdul Rahim Abdul Rahman
Keyword(s):  
Risk Management ◽  
Financial Institutions ◽  
Management Practices ◽  
Management Accounting ◽  
Enterprise Risk Management ◽  
Chief Financial Officers ◽  
Operational Risks ◽  
Enterprise Risk ◽  
Budgetary Control ◽  
Contemporary Management

Tujuan kertas kerja ini adalah untuk melaporkan hasil kajian terhadap amalan perakaunan pengurusan dan amalan pengurusan risiko di institusi kewangan. Data dikutip menggunakan borang soal selidik yang dihantar kepada 106 institusi kewangan yang tersenarai di dalam website Bank Negara Malaysia, di mana Ketua Pegawai Kewangan atau pegawai terkanan di jabatan kewangan institusi–institusi tersebut dilantik sebagai responden kajian. Analisis amalan perakaunan pengurusan berdasarkan kerangka IFAC (1998) menunjukkan bahawa amalan yang lazim diguna pakai adalah amalan di peringkat pertama, diikuti dengan amalan selepas era 1995. Dapatan ini menunjukkan bahawa amalan perakaunan pengurusan tradisional masih diguna pakai secara meluas oleh institutsi-institusi kewangan di Malaysia walapun amalan–amalan kontemporari (peringkat ke 4 dan ke atas) telah diperkenalkan. Bagi amalan pengurusan risiko, kebanyakan institusi telah melaksanakan kerangka Enterprise Risk Management (ERM) secara menyeluruh atau sebahagian. Amalan perakaunan pengurusan berkaitan penyata kewangan dan analisis nisbah dianggap sebagai memberikan sumbangan utama kepada pengurusan risiko. Kawalan belanjawan, belanjawan dan pengurusan strategik juga dianggap penting dalam pengurusan risiko operasi. Kata kunci: Perakaunan pengurusan; pengurusan risiko; institusi kewangan The aim of this paper is to report the results of a study on management accounting and risk management practices in financial institutions. The research method involved administering a questionnaire to 106 financial institutions listed on the Malaysian Central Bank’s website and the respondents were the chief financial officers (CFO) or the most senior positions in the finance department of the institutions. Based on the IFAC’s (1998) framework, it was found that the most widely practiced were the management accounting practices at Stage 1, followed by practices of Post 1995. This finding shows that despite the emergence of contemporary management accounting practices (Stage 4 onwards), traditional management accounting that focuses on financial performance and budgetary control is still widely practiced by financial institutions in Malaysia. As for the risk management practices, most of the firms have either implemented a complete or partial Enterprise Risk Management (ERM) framework. The findings from the survey showed that management accounting practices related to financial statement and ratio analysis were perceived to contribute most towards risk management. Budgetary control, budgeting and strategic planning were also perceived to be important in managing operational risks. Key words: Management accounting; risk management; financial institutions

scholarly journals Enterprise Risk Management: A Literature Review and Agenda for Future Research

2020 ◽  
Vol 13 (11) ◽  
pp. 281
Author(s):  
Sorin Gabriel Anton ◽  
Anca Elena Afloarei Nucu
Keyword(s):  
Risk Management ◽  
Literature Review ◽  
Organizational Factors ◽  
Enterprise Risk Management ◽  
Empirical Literature ◽  
Future Research ◽  
Enterprise Risk ◽  
Risk Management Process ◽  
Starting Point ◽  
Enterprise Level

The Enterprise Risk Management (ERM) process has heterogeneously developed across the world, although it represents a leading paradigm, supporting organizations to identify, evaluate, and manage risks at the enterprise level. Academics have studied the process, but there is no complete picture of the determinants and implications of such an integrated risk management process. Therefore, we present a systematic empirical literature review on ERM, based on a research protocol. The review highlights that the ERM literature can be divided into four general lines of research: the ERM adoption, the determinants of the ERM implementation, the effects of ERM adoption, and other aspects. In contrast to the richness of studies devoted to ERM engagement in small and medium-sized enterprises (SMEs), studies exploring ERM adoption in banks or insurance are relatively few. The literature review has revealed that the most frequently investigated effect of ERM is on firm performance. Little effort has been dedicated to the analysis of the effectiveness of ERM by its components and to institutional, individual, and organizational factors that affect ERM adoption. The study can serve as a starting point for scholars to explore research gaps related to ERM, while the practitioners can rely on the presented findings to identify the effects of the ERM implementation.

scholarly journals Effectiveness of Enterprise Risk Management Practices: A Case Study

2019 ◽  
Vol 10 (2) ◽  
pp. 213
Author(s):  
Hafizah Zainol Abidin ◽  
Siti Zaleha Abdul Rasid ◽  
Haliyana Khalid ◽  
Rohaida Basiruddin ◽  
Shathees Baskaran
Keyword(s):  
Risk Management ◽  
Management Practices ◽  
Gap Analysis ◽  
Enterprise Risk Management ◽  
Web Based ◽  
Enterprise Risk ◽  
Telecommunication Companies ◽  
Planning Development ◽  
Current Risk

Enterprise risk management (ERM) is used to manage, integrate and aggregate all types of risks encountered by the concerned organisation. Despite having established framework and guidelines, the implementation of ERM at divisional level seemed to be lacking. There are gaps in the actual risk management practices that need to be studied and narrowed to ensure a more effective implementation of risk management. Therefore, the objective of this study is to identify characteristics of effective risk management practices and to gauge the effectiveness level at a telecommunication company. The gaps between the actual practices and the expected practices based on twenty-four (24) identified characteristics are identified and compared upon before recommendations are made to close the gaps and further enhance the risk management practices. For the purpose of this research the self-administered, web-based questionnaires were distributed to a total number of 130 engineers who were actively involved with network infrastructure planning, development and maintenance. The feedbacks received indicated that the respondents agreed with the identified characteristics of effective risk management practices and generally agreed that the effectiveness level of current risk management practices in the company is moderate or average. Furthermore, the gap analysis based on the variances indicates that there are rooms for further improvement. The study is important for more effective risk management practices in telecommunication companies. 

Enterprise risk management: history and a design science proposal

2018 ◽  
Vol 19 (2) ◽  
pp. 137-153 ◽  
Author(s):  
Michael McShane
Keyword(s):  
Risk Management ◽  
Management Practices ◽  
Design Science ◽  
Enterprise Risk Management ◽  
Content Type ◽  
Research And Practice ◽  
Enterprise Risk ◽  
Risk Management Process ◽  
Management Concepts ◽  
Science Approach

Purpose This paper aims to investigate the evolution of enterprise risk management (ERM) out of fragmented disciplinary perspectives to provide a foundation for promoting interdisciplinary research and proposes a design science approach for more effective ERM implementation in organizations. Design/methodology/approach This conceptual paper synthesizes ERM research and practice from multiple disciplines. Findings Corporate risk management concepts were born in academic finance and developed further in the finance subset known as risk management and insurance. With the advent of ERM, efforts must broaden beyond applying statistical models to quantifiable risks. Other disciplines have expanded ERM research by embracing techniques to investigate risk management practices to produce knowledge that integrates practice and theory. ERM is promoted as integrated risk management, yet silos still remain in both practice and research. Originality/value This study provides a foundation and a proposal for moving ERM past academic and organizational silos, which is necessary to achieve the ERM philosophy and increase organizational resilience. Understanding the evolution and fragmented nature of ERM research and practice provides a foundation for interdisciplinary cooperation necessary to achieve the holistic ERM philosophy. A next frontier is effective ERM implementation. This paper argues for an organizational design science approach for mitigating the resistance to change that confounds effective implementation of ERM in organizations facing an increasingly uncertain environment and outlines future research for applying the approach to implementing the ISO 31000 risk management process.

scholarly journals Comparative analysis and implications of sustainable Flood Risk Management in four front-end countries: The United Kingdom, the Netherlands, the United States, & Japan 

2021 ◽  
Author(s):  
Faith Ka Shun Chan ◽  
Liang Emlyn Yang ◽  
Gordon Mitchell ◽  
Nigel Wright ◽  
Mingfu Guan ◽  
...  
Keyword(s):  
United States ◽  
Risk Management ◽  
The Netherlands ◽  
Flood Risk ◽  
Management Practices ◽  
Social Economic ◽  
Flood Management ◽  
The United States ◽  
Flood Risk Management

Abstract. Sustainable flood risk management (SFRM) has become popular since the 1980s. Many governmental and non-governmental organisations have been keen on implementing the SFRM strategies by integrating social, ecological and economic themes into their flood risk management (FRM) practices. However, justifications for SFRM are still embryonic and it is not yet clear whether this concept is influencing the current policies in different countries. This paper reviews the past and present flood management approaches and experiences from flood defence to FRM in four developed countries with the aim of highlighting lessons for developing mega deltas. The paper explored recent strategies such as “Making Space for Water, PPS 25, and NPPF” in the UK; “Room for Rivers” in the Netherlands which was promoted to cope with flooding, integrate FRM with ideas on sustainability, and deliver good FRM practice for next generations. The United States has also established a sound National Flood Insurance Program (NFIP), and Japan has developed an advanced flood warning and evacuation contingency system to prepare for climatic extremes. These case studies showed some good lessons to achieve long term SFRM direction to deliver flood management practices with social-economic and environmental concerns. Most of developing coastal megacities especially in Asia are still heavily reliant on traditional hard-engineering approach, that may not be enough to mitigate substantial risks due to human (exist huge populations, rapid socio-economic growth, subsidence) and natural (climate change) factors. We understand different countries and cities have their own interpretation on SFRM, but recommend policy makers to adopt “mixed options” towards thinking about long term and sustainability that with social, economic and environmental considerations. 

scholarly journals Risk management focusing on the best practices of data security systems for healthcare

2021 ◽  
Vol 9 (1) ◽  
pp. 45-78
Author(s):  
Fábio Martins Dias ◽  
Mauro Luiz Martens ◽  
Sonia Francisca de Paula Monken ◽  
Luciano Ferreira da Silva ◽  
Ernesto Del Rosario Santibanez-Gonzalez
Keyword(s):  
Risk Management ◽  
Best Practices ◽  
Data Security ◽  
Management Practices ◽  
The United States ◽  
Healthcare Sector ◽  
Security Systems ◽  
Healthcare Data ◽  
Source Selection ◽  
Minimum Requirements

Objective of the study: Statistics shows a worrisome picture of challenges to be overcome by cybersecurity in the healthcare sector. Data evidence that the healthcare industry experiences four data breaches per week in the United States alone, making it the sector most often affected by digital security breaches. Thus, the current article aims to investigate risk management focusing on identifying requirements and best practices for healthcare data security systems.Methodology/approach: It is based on a systematic literature review. Studies on state-of-the-art data security systems were collected and interpreted through content analysis. Assertive keywords, source-selection criteria, interpretation of selected articles, and database analysis were used to form the investigated sample and to represent the broad applications of this study’s objective.Originality/Relevance: The current study contributes to define a set of minimum requirements and best practices that can be adopted to manage data security risks in the healthcare sector and medical devices.Main results: Results have pointed out that there is no fully effective way to prevent all violations by cybercriminals; however, cybersecurity must be part of management processes adopted by different organizations.Theoretical/methodological contributions: It is found that cybersecurity has a great importance for the healthcare sector, the information generated is rich in content and that cybersecurity is neglected in the sector, that is not able to deal with the reality of cyber threats in the industry 4.0 context.Social /management contributions: By the good risk management practices and the adoption of minimum security items, institutions can ensure that managers can prepare and respond efficiently to cyber risks.

scholarly journals Economic Decision-Making and Risk Management

2021 ◽  
Vol 10 (4) ◽  
pp. 1-25
Author(s):  
Brian J. Galli
Keyword(s):  
Risk Management ◽  
Best Practices ◽  
Management Practices ◽  
Financial Sector ◽  
The United States ◽  
Regulatory Agencies ◽  
National Corporation ◽  
Economic Decision Making ◽  
Recent Financial Crisis

Because of the recent financial crisis in the United States that shook the financial sector, the need for adopting effective Risk Management practices has increased. Essentially, the volatility of the sector calls for an augmented re-evaluation of the framework, as well as the components of uncertainty management practices by commercial banks, regulatory agencies, and scholars. By doing so, the stakeholders in the financial sector would ensure the conformity to the best practices. To further fortify this, the research herein uses the Ames National Corporation (ANC), which is a commercial Bank in Iowa, USA, as a case study. The institution risk profile and risk management practices are evaluated to give insights on conforming to the best international practices. The research also seeks to establish whether effective risk management results in enhanced performance and profitability for financial institutions.Stating areas on which further research should be conducted is how the study is concluded.

scholarly journals Empirical investigation of risk management practices

2021 ◽  
Vol 26 (2) ◽  
pp. 79-98
Author(s):  
Vilma Nasteckienė
Keyword(s):  
Risk Management ◽  
Management Practices ◽  
Empirical Investigation ◽  
Daily Basis ◽  
Linear Process ◽  
Enterprise Risk Management ◽  
Subject Matter Experts ◽  
Line Managers ◽  
General Managers ◽  
Enterprise Risk

In risk management research, dealing with known risks and helping companies foresee new risks are areas for subject matter experts. In practice, risk management is often perceived as a set of formal tools and procedures that must be delegated to the professionals. Despite this overall perception of risk, general managers, department managers, and other senior or line managers in organizations deal with questions associated with risk on a daily basis. They are, therefore, sometimes—even without consciously realizing it—involved in risk management practices. This article aims to analyze 'managers' involvement in risk management by empirically exploring how managers identify, assess, and respond to risks. Based on thematic analysis of observational and interview data, management practices used to manage risks were identified, and risk management as a non-linear process that is anchored on the strategic and operational levels and supported by learning from failures was defined. Two different ways of risk management can co-exist in an organization as a result of formal Enterprise Risk Management implementation.

scholarly journals Analysis of the effect of corporate governance attributes on risk management practices

2018 ◽  
Vol 8 (1) ◽  
pp. 14-23 ◽  
Author(s):  
Raef Gouiaa
Keyword(s):  
Risk Management ◽  
Corporate Governance ◽  
Management Practices ◽  
Management Approach ◽  
Financial Risks ◽  
Research Attention ◽  
Operating Process ◽  
Governance Systems ◽  
Enterprise Risk ◽  
Increased Risk

Despite recent increased risk research attention being focussed on the Canadian and international scene, there are few research studies that specifically address the relation between corporate governance systems and risk management practices. This paper examines the relation between corporate governance systems and enterprise risk management. More specifically, we analyze how corporate governance attributes and particularly board characteristics can affect risk management practices in the context of Canadian listed companies. Using a content analysis approach, the level of exposure to risk in terms of likelihood, the consequences of such risk and the strategies for managing that risk were identified for each type of risk. The results reveal that corporate governance attributes related to board’s structure, directors’ characteristics and the board’s operating process play a significant and important role in establishing an integrative risk management approach. The results show that directors’ characteristics and the board’s process significantly determine the quality of risk management through the level of risk-taking in decisions, especially in terms of financial risks.

Sign in / Sign up

Export Citation Format

Share Document