Enterprise risk management: The maturity model for the ISO 31000 adopters

Purpose There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation. Design/methodology/approach The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic. Findings The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives. Originality/value There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.

Download Full-text

Developing Fuzzy Enterprise Risk Management Maturity Model for Construction Firms

Journal of Construction Engineering and Management ◽

10.1061/(asce)co.1943-7862.0000712 ◽

2013 ◽

Vol 139 (9) ◽

pp. 1179-1189 ◽

Cited By ~ 62

Author(s):

Xianbo Zhao ◽

Bon-Gang Hwang ◽

Sui Pheng Low

Keyword(s):

Risk Management ◽

Enterprise Risk Management ◽

Maturity Model ◽

Construction Firms ◽

Enterprise Risk

Download Full-text

Enterprise Risk Management Discloure, Komite Manajemen Risiko Dan Nilai Perusahaan

Syntax Literate ; Jurnal Ilmiah Indonesia ◽

10.36418/syntax-literate.v5i8.1557 ◽

2020 ◽

Vol 5 (8) ◽

pp. 595

Author(s):

Luluul Jannah ◽

Darlin Aulia ◽

Kurnia Indah Sumunar

Keyword(s):

Risk Management ◽

Enterprise Risk Management ◽

Enterprise Risk ◽

Iso 31000

Kepercayaan stakeholder terhadap informasi yang diberikan pada laporan keuangan semakin menurun. Saat ini, stakeholder lebih tertarik pada pengungkapan informasi mengenai risiko. Penelitian ini bertujuan untuk menguji apakah terdapat pengaruh pengungkapan enterprise risk management sebagai variabel moderasi terhadap komite manajemen risiko dan nilai perusahaan. Penelitian ini menggunakan sampel pada 110 perusahaan yang terdaftar di Bursa Efek Indonesia dengan kriteria perusahaan pertambangan pada tahun 2016-2018 dan perusahaan yang mengungkapkan enterprise risk management disclosure pada tahun 2016-2018. Berdasarkan pengukuran enterprise risk management disclosure menggunakan checklist yang dikembangkan berdasarkan ISO 31000: 2009, penelitian ini menemukan bahwa komite manajemen risiko berpengaruh positif signifikan terhadap nilai perusahaan dan enterprise risk management disclosure memperkuat pengaruh komite manajemen risiko terhadap nilai perusahaan. Komite manajemen risiko memberikan sinyal positif kepada stakeholder sehingga asimetri informasi tidak terjadi.

Download Full-text

OPERATIONAL RISK MANAGEMENT OF SURABAYA MAIN NAVAL BASE V REPAIR AND MAINTENANCE FACILITY BASED ON ISO 31000 FRAMEWORK

JOURNAL ASRO ◽

10.37875/asro.v10i3.168 ◽

2019 ◽

Vol 10 (3) ◽

pp. 111

Author(s):

Yunus Patabang ◽

Suprayitno Suprayitno ◽

Erpan Sahiri ◽

I Made Jiwa

Keyword(s):

Risk Management ◽

Phase 1 ◽

Armed Forces ◽

Risk Identification ◽

Enterprise Risk Management ◽

Phase 2 ◽

Effective Prevention ◽

Enterprise Risk ◽

Iso 31000 ◽

Naval Base

Surabaya Main Naval Base V Repair and Maintenance Facility is one of the work units under the auspices of the Indonesian Navy that is tasked with carrying out the maintenance and repair of all major weapons systems of the Indonesian Navy. In carrying out their duties Surabaya Main Naval Base V Repair and Maintenance Facility has a big challenge and even there are various kinds of risks to prepare all the Indonesian Armed Forces defense equipment in accordance with the demands of need. Therefore, in this research, risk management will be carried out at the Surabaya Main Naval Base V Repair and Maintenance Facility Operational based on the ISO 31000: 2018 framework. Based on this framework, risk management will be carried out, namely how to carry out risk assessments in the form of risk identification, risk analysis, and risk evaluation for all risks in the operational field. Enterprise Risk Management (ERM) is also used to carry out in-depth risk management processes. One method used to solve existing problems is to use the House of Risk (HOR) method, which is divided into two stages. Stage 1 HOR focuses on ranking the Aggregate Risk Potential (ARP) value and with the help of the Pareto diagram the cumulative ARP value is obtained to determine the risk event (risk agent) selected, which then requires treatment on a priority scale. The results of this HOR phase 1 are then included in HOR phase 2 to rank the most effective prevention measures based on costs and resources. From the results of the HOR phase 2, further brainstorming was carried out with the Surabaya Main Naval Base V Repair and Maintenance Facility in accordance with the actions chosen for preventive actions that could be immediately carried out.Keywords: House of Risk, Enterprise Risk Management, SNI ISO 31000: 2018.

Download Full-text

Enterprise Risk Management Maturity Levels of the Insurance Industry in Botswana

EAST AFRICAN JOURNAL OF EDUCATION AND SOCIAL SCIENCES ◽

10.46606/eajess2021v02i01.0062 ◽

2021 ◽

Vol 2 (Issue 1 (January to March 2021)) ◽

pp. 23-32

Author(s):

Moreblessing Ngwenya ◽

Sam Ngwenya

Keyword(s):

Risk Management ◽

Insurance Industry ◽

Continuous Process ◽

Enterprise Risk Management ◽

Insurance Companies ◽

Maturity Model ◽

Enterprise Risk ◽

Term Insurance ◽

Risk Maturity

Enterprise Risk Management (ERM) has become a necessity in the financial sector to fulfil stakeholder expectations. Studies confirm that ERM impacts positively on the performance of firms. The main objective of the study was to assess ERM maturity levels of the insurance industry in Botswana. This was achieved through first designing a framework to measure enterprise risk management maturity levels. The ERMMF incorporated elements from COSO’s ERM framework and the AON risk maturity model obtained through literature review. Data were sourced from four strata; 9 long term insurance companies (15 respondents), 11 short-term insurance companies (19 respondents), 3 reinsurers (5 respondents), and 44 brokerages (75 respondents). While all organisations in the population were used, a sample of 114 out of possible 134 respondents was used. Data were analysed using SPSS version 16. The findings revealed that the insurance industry in Botswana had somewhat implemented ERM. It is therefore recommended that the insurance industry in Botswana should take ERM as a continuous process for growth in ERM maturity levels as such an improvement is highly likely to enhance their performance.

Download Full-text

Operational Risk Analysis in Department of Enterprise Risk Management of PT. XYZ Based on ISO 31000: 2018 Framework

Proceedings of the 1st Annual Management, Business and Economic Conference (AMBEC 2019) ◽

10.2991/aebmr.k.200415.007 ◽

2020 ◽

Author(s):

Lucyana Dewi ◽

Mandra Lazuardi Kitri

Keyword(s):

Risk Management ◽

Risk Analysis ◽

Operational Risk ◽

Enterprise Risk Management ◽

Enterprise Risk ◽

Iso 31000

Download Full-text

Enterprise Risk Management (ERM) Practices to Achieve Long Term and Sustainable Organization’s Goals: Case of Institut Teknologi Bandung (ITB)

International Journal of Current Science Research and Review ◽

10.47191/ijcsrr/v4-i12-16 ◽

2021 ◽

Vol 04 (12) ◽

Author(s):

Johan Candra ◽

Keyword(s):

Risk Management ◽

Management Practices ◽

Management Practice ◽

Global Scale ◽

Enterprise Risk Management ◽

Trade Offs ◽

Enterprise Risk ◽

Risk Appetite ◽

Iso 31000

Every choice made in the pursuit of objectives has its risks. From day-to-day operational decisions to the fundamental trade-offs in the boardroom, dealing with uncertainty in these choices is a part of the organizational lives. A strategy is nothing more than a commitment to a set of coherent, mutually reinforcing policies or behaviours aimed at achieving a specific competitive goal. In order to ensure the implementation of efforts and the allocation of resources to achieve strategic goals, top management should conduct integrated risk management practices to all activities/initiatives of the organization’s management, both individually and collectively. Risk management is an intrinsic part of business planning and decision making. No direction is taken without looking at the potential risks and comparing them against the organization’s risk appetite. This paper aims to research in general the practice of enterprise risk management within Institut Teknologi Bandung (ITB) as a well-known and public-state-owned university in Indonesia. This research concludes that the enterprise risk management implementation is not fully implemented yet within ITB as an enterprise. Almost all respondents agree that the implementation of enterprise risk management has a positive and significant influence on the organization’s objectives achievement. Improving university performance overall will require an effective enterprise risk management practice. Author highly recommends ITB to adopt risk management practice based on ISO-31000 standard, and it can be combined with other risk management standards available nowadays if necessary. ITB needs to start the implementation at the soonest as possible, in order to maintain its strategic position as a top university in Indonesia, increase its competitive advantages to compete in the global scale, and at the same time achieving its vision and mission in a long-term and sustainable manner.

Download Full-text

The use ISO 31000:2018 in Indonesian Fintech Lending Companies: What Can We Learn?

Journal of Business and Management Studies ◽

10.32996/jbms.2022.4.1.3 ◽

2022 ◽

Vol 4 (1) ◽

pp. 16-22

Author(s):

Franciskus Antonius Alijoyo

Keyword(s):

Risk Management ◽

Enterprise Risk Management ◽

Analysis Method ◽

Enterprise Risk ◽

Study Results ◽

Interactive Data Analysis ◽

Iso 31000 ◽

Pros And Cons ◽

Interactive Data ◽

A Company

Enterprise risk management (ERM) is significant in running a company. ISO 31000 is one of the ERM types that are familiar. However, there are still pros and cons of ISO 31000. Thus, this study aimed to find out the responses of the Indonesian fintech lending companies managements in implementing ISO 31000. Specifically, this study tried to identify the problems in implementing ISO 31000:2018 to be implemented as ERM. Besides, it also discussed the benefits of the ISO 31000:2018 implementation from the companies' management's perspectives. The data were collected through questionnaires and interviews. The questionnaire results were quantified and interpreted in percentage, while the interview results were analyzed qualitatively using the interactive data analysis method. The study results showed that most of the companies' management believed that they had no significant problems implementing ISO 31000:2018. In addition, they felt that implementing ISO 31000:2018 as ERM gave many benefits in running the companies. The study's findings were discussed by connecting them with the current theories and empirical reviews. However, since the study was done qualitatively, a further study that involves quantitative study to measure the effectiveness of ISO 31000 empirically is needed to support the results of this study.

Download Full-text

Review of Literature on Methodological Approaches of Assessing the Adoption of Enterprise Risk Management Practices

Journal of Scientific Research and Reports ◽

10.9734/jsrr/2020/v26i1130332 ◽

2021 ◽

pp. 21-26

Author(s):

S. P. G. M. Abeyrathna ◽

A. J. M. Priyadarshana ◽

U. D. P. Priyashantha

Keyword(s):

Risk Management ◽

Management Practices ◽

Secondary Data ◽

Enterprise Risk Management ◽

Primary Data ◽

Review Of Literature ◽

Dummy Variables ◽

Enterprise Risk ◽

Iso 31000 ◽

Methodological Approaches

This study intends to examine the previous researches on Enterprise Risk Management (ERM). On examining the previous researches, it is evident that both primary data based (using robust models) and secondary data based (using Dummy variables) approaches adopted by the previous researchers and those are taken into account and have been reviewed in this paper. In here, researchers have identified that most of the recent studies have used robust models in assessing the adoption of ERM practices, while earlier researchers used dummy variables in assessing ERM practices. Here, in some cases, there are some contradictories of results of the studies in two approaches. Based on the recommendations, conclusions of prior research, and the analysis of the available literature, it has been recommended to use robust models like COSO ERM framework, ISO 31000 etc. in case of assessing the adoption of ERM practices in future studies.

Download Full-text

Risk management in higher education: An open distance learning perspective

Southern African Business Review ◽

10.25159/1998-8125/5807 ◽

2019 ◽

Vol 19 ◽

pp. 74-98

Author(s):

J S Wessels ◽

E Sadler

Keyword(s):

Higher Education ◽

Risk Management ◽

Distance Learning ◽

Reading Strategies ◽

Enterprise Risk Management ◽

Management Framework ◽

Risk Management Framework ◽

Enterprise Risk ◽

Iso 31000 ◽

Scholarly Discourse

This article contributes to the continuing scholarly discourse on risk and risk management within the context of higher education institutions by reporting on a qualitative assessment of the appropriateness of the risk management framework of a selected open distance learning institution. The assessment is based on a single instrumental case study of an open distance learning institution. The assessment was undertaken by conducting a qualitative content analysis of the institution’s enterprise risk management framework document. For the purpose of this analysis, two reading strategies were followed, namely the reproductive (literal) and hermeneutic reading strategies. This article’s unique contribution to the scholarly discourse is to apply a conceptual framework derived from the work by Tufano (2011) providing trustworthy evidence that the critique by Leitch’s (2010) on the ISO 31000:2009 standard does not necessarily have an empirical sound foundation. The research has indicated that an enterprise risk management framework meeting the ISO 31000:2009 standard, is not only appropriate for a risk imbedded open distance higher education institution such as the selected institution, but has the potential to contribute significantly to the enhancement of the institution’s mission, strategic goals and objectives within an astringent national regulatory and funding context and an ever-changing international higher education landscape.

Download Full-text