Rethinking the Implementation of Enterprise Risk Management (ERM) As a Socio-technical Challenge (original) (raw)
Related papers
Three key enablers to successful enterprise risk management
IBM Journal of Research and Development, 2010
Enterprise risk management (ERM) refers to a set of processes that enables the effective management of the risks, opportunities, and expected and unexpected events that may affect the enterprise. The successful implementation of ERM is a challenging task in part because it requires collaboration among multiple business units of different sizes, scope, and capability, each facing what it perceives as unique risks. Other difficulties with ERM implementations include lack of adoption of an enterprise-wide governance model, lack of a common risk language (e.g., taxonomy), and uneven levels of maturity within an organization regarding the management of risks. This paper establishes three conceptual frameworks that provide a basis for an enterprise embarking on ERM: 1) a risk management cycle; 2) a risk-related taxonomy; and 3) an ERM maturity model. The risk management cycle provides a discipline to consistently and coherently manage virtually all risks in the enterprise. The risk taxonomy provides a foundation for clear and concise communication about risk across the enterprise to enable better risk management. The ERM maturity model, and its associated capability assessment, allows an organization to determine gaps in its current risk management processes and define ways to improve those ERM capabilities. Together, these three frameworks are key enablers for a successful ERM implementation and ongoing operation.
Enterprise risk management: Challenges and the strategies for success
International Journal of Research in Business and Social Science (2147- 4478)
The objective of this paper is to identify the challenges of implementing and adopting an effective ERM system and to suggest alternative strategies that could be pursued as countermeasures to those challenges. This study is based on survey data gathered from 379 respondents representing 129 companies listed on the Colombo Stock Exchange of Sri Lanka. This study found that the lack of availability of information to make risk-based decisions; the need to ensure that all decisions are made within the organization’s risk tolerance level, and the lack of top management support for ERM implementation; are the most influencing challenges for business organizations that obstruct ERM effectiveness. This study suggests that organizations should promote a good corporate culture that fosters ERM supportive internal environment. It is also suggested that the support of the top management and their commitment to being corporative with the firms’ ERM function without making ERM is the sole respon...
Journal of Accounting and Public …, 2005
Enterprise risk management (ERM) has emerged as a new paradigm for managing the portfolio of risks that face organizations, and policy makers continue to focus on mechanisms to improve corporate governance and risk management. Despite these developments, there is little research on factors associated with the implementation of ERM. Research is needed to provide insights as to why some organizations are responding to changing risk profiles by embracing ERM and others are not.
Operationalising Enterprise Risk Management (ERM) Effectiveness
Asian Journal of Accounting Perspectives, 2014
Studies on ERM effectiveness appear to suffer from the same catastrophic dilemma as that of organizational effectiveness. To the best of the author's knowledge, very little research has been done on the effectiveness of ERM in managing risks. Based on the guidance from the COSO (2004) framework and the existing literature coupled with the insights gathered from semi-structured interviews, the current article aims to demarcate a workable model, and, thereafter, an instrument to be operationalized in ERM effectiveness studies. The findings suggest that the COSO framework is still relevant for ERM and that to improve the robustness of the effectiveness instrument, a multidimensional approach is key. This paper suggests a multiple model approach comprising a process model, system resource model and outcome model for measuring ERM effectiveness. Additionally, the perspectives from various ERM stakeholders of the risk, including the risk function itself, such as from the internal audit and finance or other members of the management team, may enhance the assessment of the effectiveness of ERM in managing risks. It is hoped that the model and instrument developed in this paper will encourage more studies to be conducted on the effectiveness of ERM in particular. From the practical standpoint, with some modifications to the fit, the instrument can also be applied to evaluate the effectiveness of ERM implementation in the respective organisations.
Enterprise Risk Management: Factors Associated with Effective Implementation
SSRN Electronic Journal, 2015
Risk management is undergoing a great change, as organizations shift from the traditional and compartmental to an enterprise wide approach. Consequently, enterprise risk management (ERM) is gaining global attention among risk management professionals and academics. The demand for the adoption of ERM has led to several companies embracing it, yet its implementation has become challenging. Research shows that ERM approach emphasizes a holistic approach for assessing and evaluating the risks that an organization faces as against the "silo" approach of the traditional methods. The extant literature shows that through the reduction of the risk that an organization faces, ERM is capable of improving the performance and value. The study used a non-experimental correlational approach to explore the relationship between the presence of a chief risk officer (CRO) and an audit committee (AC), and the support of top management (TM) in relation to the implementation of ERM. A survey instrument was provided to self-identified risk-management professionals who are members of Survey Monkey Audience Service database. The target sample frame requested for analysis using a power of .95 was (n = 119). However, the final number analyzed was (n = 134). Frequencies and percentages were conducted on the demographic survey items and regression and correlational analyses were also performed. The study findings show that there was a significant relationship between the role of a CRO, the presence of an AC, and the support of TM and the level of ERM deployment. The study also found significant correlations between management support level and CRO, and AC. In addition, a much strong positive correlation was noted between the presence of a CRO and an AC.
The organizational dynamics of Enterprise Risk Management
a r t i c l e i n f o a b s t r a c t This paper explores the organizational dynamics of Enterprise Risk Management (ERM). ERM is the main form taken by firms' increasing efforts to organize uncertainty, which 'exploded' in the 1990s. The ERM approach seeks to link risk management with business strategy and objective-setting, entering the domains of control, accountability and decision making. In this work, the organizational variations of ERM are investigated through a longitudinal multiple case study, using data from three companies collected over a 7-year period (from 2002 to 2008). The findings contribute to our understanding of ERM as a practice, revealing its trajectory within the organizations as it encounters pre-existing logics, and as both are shaped by risk rationalities, experts and technologies.
An Exploratory Study of Enterprise Risk Management: Pillars of ERM
There is a general consensus that enterprise risk management's (ERM) popularity has resulted from a response to pressure on organizations to holistically manage risk. Multiple frameworks for implementation of ERM contribute to an overall uncertainty regarding the essential components of ERM. This uncertainty carries forward to empirical studies of ERM where results regarding value creation are inconclusive. There exists no real consensus about what the principal components of ERM are; this has led to identification and measurement methods that are inconsistent. By using inconsistent indicators and measures of ERM implementation, it is impossible to compare ''apples to apples'' and arrive at conclusive and convincing results regarding ERM's ability to create value. This is an exploratory study of ERM aimed at determining the integral components of ERM based on how firms actually implement ERM dimensions. The result is the identification of four discrete components, or pillars, of ERM implementation; two prerequisite components related to the general internal environment and control activities of the firm, one component identifying risk management activities of the firm and one component with the defining attributes of ERM implementation. All four components must be implemented to have well-implemented ERM, but only one separates ERM firms from non-ERM firms. The resulting four components challenge existing frameworks to adapt to better reflect how firms implement ERM and can have a valuable impact on identifying and measuring ERM, leading to more informative empirical studies on the value creating abilities of ERM.
The Adoption and Design of Enterprise Risk Management Practices: An Empirical Study
European Accounting Review, 2012
Using data from 825 organizations, we examine (1) the extent of ERM implementation and the factors that are associated with cross-sectional differences in the level of ERM adoption, and (2) specific ERM design choices and their effect on perceived ERM effectiveness. Broadly consistent with previous work in this area, we find that the extent of ERM implementation is influenced by the regulatory environment, internal factors, ownership structure, and firm and industry-related characteristics. As to ERM effectiveness, we find that organizations generally subscribe to a key premise of the COSO ERM framework, i.e. that ERM should address the full set of risks that affect the entity's strategic, operational, reporting, and compliance objectives. However, our results also raise some concerns as to the COSO framework. Particularly, we find no evidence that application of the COSO framework improves ERM effectiveness. Neither do we find support for the mechanistic view on risk management that is implicit in COSO's recommendations on risk appetite and tolerance.
Modelling the Determinants, Barriers and Outcomes of Enterprise Risk Management Implementation
2018
Enterprise risk management (ERM) proponents held that implementing ERM to mitigate business risks in today's more complex and challenging environment also adds value as well as beneficial. However, the extant literature on ERM implementation is limited, mixed and inconclusive while concentrated on some geographical jurisdictions. Not much is known about ERM implementation among Australian companies despite the emphasis given to effective risk management and its related disclosures by the Australian corporate governance authorities. This study developed and examined, using PLS-SEM, a path relationships model consisting of determinants, barriers and outcomes of ERM implementation among a sample of 2009 Top 300 Australian listed companies. PLS-SEM results were proven to have predictive quality in terms of ability and power. Empirical evidence shows that ERM is widely embraced by the sample firms as 85% of them implemented the holistic risk management approach while the extent of im...
Organizational Factors in Enterprise Risk Management Effectiveness: A Conceptual Framework
International Journal of Academic Research in Business and Social Sciences
During the last financial crisis there were many companies suffered losses despite their engagement in enterprise risk management (ERM). Most of the literatures on ERM effectiveness give little attention to the elements of human and organizational factors. Therefore, it is important to give a close attention to current ERM practices and measure the effectiveness of ERM frameworks in the context of Malaysia especially by considering one of the elements namely organizational factors. The main objective of this study is to develop a conceptual model that shows relationship between organizational factors and ERM effectiveness. An extensive literature search was employed for this study. This study contributes to enhance the body of knowledge in ERM specially in understanding significant organizational factors that influence ERM effectiveness from Malaysian perspective.