Enterprise Risk Management: Review, Critique, and Research Directions (original) (raw)
Related papers
SSRN Electronic Journal, 2014
Many regulators, rating agencies, executives, and academics have advocated a new approach to risk management: enterprise risk management (ERM). ERM proposes the integrated management of all the risks an organization faces, which inherently requires alignment of risk management with corporate governance and strategy. Academic research on ERM is still in its infancy with articles largely in accounting and finance journals, but rarely in management journals. We argue that ERM offers an important new research domain for management scholars. A critical review of ERM research allows us to identify limitations and gaps that management scholars are best equipped to address. The paper not only identifies how management scholars can contribute to ERM research, but also points out why ERM research (and practice) needs management research for its development.
Enterprise Risk Management and Corporate Governance
SSRN Electronic Journal, 2019
As of late, a change in outlook has happened with respect to the way organizations view risk management. The pattern now is to take a holistic view of risk management instead of looking at it from a silo-based perspective. An enterprise risk management (ERM) is commonly referred as holistic approach toward managing an organization's risk. For decades, risk management has been a fundamental focus for top managements, particularly in multinationals. Given the benefit of creating greater awareness on the risks potentially faced by the firm, the proponents of enterprise risk management (ERM) also allows for decision-makers to gauge the firm's ability and resilience towards such risks and subsequently enables the formulation of strategies to mitigate such issues. In today's dynamic global environment, the importance of enterprise risk management has accelerated and expanded to include enterprise of all forms and sizes.
Enterprise Risk Management (ERM): A bibliometric review and future agenda
Zenodo (CERN European Organization for Nuclear Research), 2023
This paper is a bibliometric review of 541 articles, from 1989 to 2022, on the concept of enterprise risk management (ERM). We employed a bibliometric citation and content analyses in analyzing the data using the biblioshiny application. We identified four research streams: (1) the determinants (firm characteristics) of enterprise risk management adoption and implementation, (2) enterprise risk management and firm performance, (3) the value of enterprise risk management, and (4) enterprise risk management in practice. Also, we identified “sustainability risk management” as the emerging future theme on the concept of ERM, and this should be the focus of future studies and development. We recommend that more future research on ERM be focused on the contingency perspective, and that a general theoretical contingency framework be developed to guide future contingency studies on ERM. We propose 10 future research questions.
An Exploratory Study of Enterprise Risk Management: Pillars of ERM
There is a general consensus that enterprise risk management's (ERM) popularity has resulted from a response to pressure on organizations to holistically manage risk. Multiple frameworks for implementation of ERM contribute to an overall uncertainty regarding the essential components of ERM. This uncertainty carries forward to empirical studies of ERM where results regarding value creation are inconclusive. There exists no real consensus about what the principal components of ERM are; this has led to identification and measurement methods that are inconsistent. By using inconsistent indicators and measures of ERM implementation, it is impossible to compare ''apples to apples'' and arrive at conclusive and convincing results regarding ERM's ability to create value. This is an exploratory study of ERM aimed at determining the integral components of ERM based on how firms actually implement ERM dimensions. The result is the identification of four discrete components, or pillars, of ERM implementation; two prerequisite components related to the general internal environment and control activities of the firm, one component identifying risk management activities of the firm and one component with the defining attributes of ERM implementation. All four components must be implemented to have well-implemented ERM, but only one separates ERM firms from non-ERM firms. The resulting four components challenge existing frameworks to adapt to better reflect how firms implement ERM and can have a valuable impact on identifying and measuring ERM, leading to more informative empirical studies on the value creating abilities of ERM.
Enterprise Risk Management: A Literature Review and Agenda for Future Research
Journal of Risk and Financial Management
The Enterprise Risk Management (ERM) process has heterogeneously developed across the world, although it represents a leading paradigm, supporting organizations to identify, evaluate, and manage risks at the enterprise level. Academics have studied the process, but there is no complete picture of the determinants and implications of such an integrated risk management process. Therefore, we present a systematic empirical literature review on ERM, based on a research protocol. The review highlights that the ERM literature can be divided into four general lines of research: the ERM adoption, the determinants of the ERM implementation, the effects of ERM adoption, and other aspects. In contrast to the richness of studies devoted to ERM engagement in small and medium-sized enterprises (SMEs), studies exploring ERM adoption in banks or insurance are relatively few. The literature review has revealed that the most frequently investigated effect of ERM is on firm performance. Little effort ...
Rethinking the Building Blocks of the Enterprise Risk Management Model
Rethinking the building blocks of ERM
Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. This paper argues, that Enterprise risk management being the process of aligning competitive strategy with the mechanisms that identify, aggregate, mitigate, avoid and transfer risk, is a goal of reducing losses while seizing opportunities in the marketplace. It is a disciplined approach to better manage the effects of uncertainty of an organization's capital and earnings. In theory, according to the authors, ERM guides managers as they coordinate the multitude of tasks in order to identify the potential risks encountered by individual employees, business units, geographic divisions and corporate leadership. The resulting portfolio of risk sets the stage for planning the avoidance, transfer and mitigation of potential risks so the uncertainty of achieving the expected outcome is reduced. Furthermore, the paper highlights that with ERM, effectiveness is predicated on a process orientation, proper tools and high-quality information from operating units and individuals. In this regard, the letter 'E' in the acronym ERM could just as easily stand for employee. Therefore, the importance of employee is important in ethics and legal compliance, where successful management depends as much on how leadership and culture influences employee behaviour as on quantifiable controls and procedures. The above point will ground the first part of the paper. The authors argued that the ethical health of an organization culture has gained importance due to high-profile business failures where material weakness was found in the control environment. This issue will be addressed in the second part of the paper. The details pertaining control
SSRN Electronic Journal, 2013
The paper outlines the importance of Corporate Risk Management Process and the Role of the Board in mitigating and managing the risks within an organization. Risk is prevalent in all organizational activities. It influences the achievement and non achievement of organizational goals. This necessitates the need for a structured process for effective risk management. Traditionally, risk management strategies were centred of insurance solutions, however due to the change in business landscapes, organizations moved towards an integrated holistic strategy-focused risk discipline. Corporate Risk Management is an integral part of the decision-making process and effective risk management can proactively help in overcoming the possibilities of the business failures. The purpose of this report is to examine the current status of risk management in BSE-30 Companies and to explore the reasons for the adoption or lack of adoption of integrated approach to risk management. It identifies the imperatives for implementation of comprehensive risk management solutions leading to Enterprise Risk Management (ERM).The report shows that effective risk management can improve organizational performance. ERM enables firms to benefit from an integrated approach to managing risk that shifts the focus of the risk management function from primarily defensive to increasingly offensive and strategic.
Enterprise Risk Management: A Review of Two Decades
Journal of Information System and Technology Management
This paper is a modest review spanning a 20-year period on Enterprise Risk Management. Enterprise Risk Management (ERM) deals with risks and opportunities which have an impact on value creation. Unlike traditional risk management (TRM) which is silobased, ERM is a holistic approach to risk management. Past studies have produced many contradicting results on the impact of ERM implementation on firm performance and also on the factors which are crucial for the successful implementation of ERM. As such, it is of absolute necessity to identify the determinants of ERM implementation and also how ERM improves performance. The research methodology for this paper began with a literature search for ERM-related articles from journals of various rankings from 2000 to 2020. Relevant papers for the review were selected by using the `going backward’ and `going forward’ process. Fifty research papers were selected in this manner for this review. Prior studies have used different variables to show ...
Managing Risks: Towards a Contingency Theory of Enterprise Risk Management
SSRN Electronic Journal, 2000
Enterprise risk management (ERM) has become a crucial component of contemporary corporate governance reforms, with an abundance of principles, guidelines, and standards. This paper portrays ERM as an evolving discipline and presents empirical findings on its current state of maturity, as evidenced by a survey of the academic literature and by our own field research. Academics are increasingly examining the adoption and impact of ERM, but the studies are inconsistent and inconclusive, due, we believe, to an inadequate specification of how ERM is used in practice. Based on a ten-year field project, over 250 interviews with senior risk officers, and three detailed case studies, we put forward a contingency theory of ERM, identifying potential design parameters that can explain observable variation in the "ERM mix" adopted by organizations. We also add a new contingent variable: the type of risk that a specific ERM practice addresses. We outline a "minimum necessary contingency framework" (Otley 1980) that is sufficiently nuanced, while still empirically observable, that empirical researchers may, in due course, hypothesize about "fit" between contingent variables, such as risk types and the ERM mix, as well as about outcomes such as organizational effectiveness. 2 TOWARDS A CONTINGENCY THEORY OF ENTERPRISE RISK MANAGEMENT An expanding list of companies, such as BP, Tokyo Electric, and Lehman Brothers, has become identified with failure to anticipate and manage risks within their organizations 2. These examples of man-made disasters, along with many less catastrophic governance and corporate failures, reveal the challenges (and in extremis, to some, the futility) of enterprise risk management (ERM). While advocates argue that efficient risk management practices are the solution to the problem of how to avoid corporate disasters and failures (National Commission 2011), some skeptics see ERM as part of the problem itself (Power 2004; Power 2009). We have ample regulations and prescriptive frameworks for "enlightened" risk management, including the risk disclosure recommendations in the UK Turnbull report; the COSO Enterprise Risk Management Framework; and the International Standards Organisation's ISO 31000:2009, Risk Management-Principles and Guidelines on Implementation. More recently, the US Securities and Exchange Commission (SEC) has mandated that a publicly traded company's annual proxy statements include a description of the board's role in risk oversight. The Toronto Stock Exchange requires the establishment and disclosure of a company's risk management function, and the Dodd-Frank Wall Street Reform and Consumer Protection Act requires large publicly traded financial firms to have a separate board risk committee composed of independent directors. Credit-rating agencies now evaluate how firms manage risks, with Moody's and Standard & Poor's (S&P) having an explicit focus on ERM in the energy, financial services, and insurance industries (Moody's Analytics 2010; S&P 2013).