Incorporating Strategic Risk into Enterprise Risk Management: A Survey of Current Corporate Practice

Since ERM is a relatively recent activity and has yet to be fully implemented in most companies, there has been little academic research about its accomplishments and about the obstacles to further progress. In particular, very little has been published about corporate attempts to identify and manage corporate strategic risks while integrating them into a corporate‐ wide ERM framework. This article uses responses collected from a survey of 271 risk and financial executives in North American and European companies to address the following questions: What forces are behind this push for a more organized and integrated management of significant risks? What challenges are companies encountering as they implement implement ERM? Once fully in place, how does ERM affect the company's ability to implement its strategy? The primary drivers of ERM are said to be corporate governance requirements and other regulatory pressures, and management and investor demand for greater understanding of strategic and operating risks. The benefits of full ERM implementation are increased management accountability and better governance practices, greater managerial understanding of and consensus about corporate strategy, and, in some cases, higher credit ratings and hence a lower cost of capital. The tools and techniques to measure the impact of strategic risks appear to vary, depending on the stage of ERM implementation. For advanced ERM companies, the most frequently used tools and techniques are key risk indicators, self‐assessments, and scenario analysis.     

Enterprise risk management and firm performance: The Italian case

This paper investigates whether a relationship exists between the extent of implementation of enterprise risk management (ERM) systems and the performance of Italian listed companies. While many contributions in the literature focus on the determinants of ERM adoption and use one-dimensional feature to proxy for ERM implementation, we detect the consequences of ERM implementation and capture a variety of features to measure the sophistication of the ERM system. The results show that firms with advanced levels of ERM implementation present higher performance, both as financial performance and market evaluation. Additional tests also corroborate the expectation that effective ERM systems lead to higher performance by reducing risk exposure and that reverse causality between ERM and performance is not present in the short term. The study provides a twofold contribution to the ERM literature. First, it introduces new and more complete measures for ERM implementation, concerning not only corporate governance bodies dedicated to risk management, but also the characteristics of the risk assessment process. Moreover, it provides evidence of a positive relationship between ERM implementation and firm performance in an under-investigated context such as Italy.     

Determinants and value of enterprise risk management: empirical evidence from Germany

Enterprise risk management (ERM) has become increasingly relevant in recent years, especially due to an increasing complexity of risks and the further development of regulatory frameworks. The aim of this paper is to empirically analyze firm characteristics that determine the implementation of an ERM system and to study the impact of ERM on firm value. We focus on companies listed at the German stock exchange, which to the best of our knowledge is the first empirical study with a cross-sectional analysis for Germany and one of the first for a European country. Our findings show that size, international diversification and the industry sector (banking, insurance, energy) positively impact the implementation of an ERM system, and financial leverage is negatively related to ERM engagement. In addition, our results confirm a significant positive impact of ERM on shareholder value.     

Is enterprise risk management real?

Moving from the growing relevance of the enterprise risk management (ERM) concept, this paper provides empirical evidence of ERM in practice. The paper presents ERM actual uses in a panel of nine Italian companies from different industrial fields and legislative settings and analyses the relationship between the uses and the characteristics of the ERM tool implemented in each case. The data analysis highlights the existence of different activities that are supported by the ERM tool and also different types of use (i.e. responsive, discoursive and prospective) corresponding to a different contribution of ERM to managerial action. These uses related to the specific characteristics of the tools generally indicated with the label ‘ERM’.     

The Effect of Corporate Governance on the Use of Enterprise Risk Management: Evidence From Canada

This article examines the use of enterprise risk management (ERM) by companies in Canada, the characteristics that are associated with the use of ERM, what obstacles companies face in implementing ERM, and what role, if any, corporate governance guidelines have played in the decision to adopt ERM. We obtained our data from the responses to a mail survey sent to Canadian Risk and Insurance Management Society members as well as telephone interviews with 19 of the respondents. The results indicate that 31 percent of the sample had adopted ERM and that reasons for adopting ERM include the influence of the risk manager (61 percent), encouragement from the board of directors (51 percent), and compliance with Toronto Stock Exchange (TSE) guidelines (37 percent). The major deterrents to ERM were an organizational structure that discourages ERM and an overall resistance to change. Although only about one‐third of companies indicated that they had adopted an ERM approach, evidence was clear that a larger portion of the sample was moving in that direction, as indicated by what changes they had observed in their companies in the past three years. These include the development of company‐wide guidelines for risk management (45 percent), an increased awareness of nonoperational risks by operational risk management personnel and an increased awareness of operational risks by nonoperational risk management personnel (49 percent), more coordination with different areas responsible for risk management (64 percent), and more involvement and interaction in the decision making of other departments. Contrary to what we expected, there was not a significant difference between firms that are listed on the TSE versus those that are not in terms of the propensity to use ERM. However, the fact that 37 percent of firms indicated that the TSE guidelines were influential in their decision to adopt ERM provides some evidence that the guidelines are influencing companies’ risk management strategies.     

Enterprise risk management: An empirical analysis of factors associated with the extent of implementation

Enterprise risk management (ERM) has emerged as a new paradigm for managing the portfolio of risks that face organizations, and policy makers continue to focus on mechanisms to improve corporate governance and risk management. Despite these developments, there is little research on factors associated with the implementation of ERM. Research is needed to provide insights as to why some organizations are responding to changing risk profiles by embracing ERM and others are not.This exploratory study examines factors associated with the stage of ERM implementation at a variety of US and international organizations. Based on data gathered from 123 organizations, we find the stage of ERM implementation to be positively related to the presence of a chief risk officer, board independence, CEO and CFO apparent support for ERM, the presence of a Big Four auditor, entity size, and entities in the banking, education, and insurance industries. We also find US organizations to have less-developed ERM processes than international organizations. We believe this paper will provide an initial foundation for more advanced research about ERM.     

Is ERM Legally Required? Yes for Financial and Governmental Institutions,No for Private Enterprises

We examine whether enterprise risk management (ERM) is legally required for financial institutions (e.g., banks, securities brokerage firms, insurance, hedge funds and mutual funds), government entities, publicly traded companies, and private enterprises. We find that ERM is legally required for U.S. financial institutions and for some government‐sponsored enterprises. Legally required means required by U.S. statutes, federal case law, or U.S. regulatory agencies (e.g., Securities and Exchange Commission [SEC]). ERM is an important factor for rating organizations (e.g., Standard & Poor's [S&P]), but not legally required. We found no U.S. statutes or federal court cases requiring an ERM framework for private enterprises, although ERM is accepted as a value‐contributing best practice, and elements of ERM are practiced by some private enterprises. For publically traded companies, elements of ERM are required by federal statute, by the SEC, and by S&P. We suggest that if a private enterprise is sued in U.S. federal court alleging breach of a legal duty to practice ERM, the suit will likely be dismissed. We trace the development of ERM from a traditional risk management (TRM) base. Fortunately, ERM is recognized as a value‐contributing best practice in corporate governance even when legal standards do not require it.     

The Determinants of Enterprise Risk Management: Evidence From the Appointment of Chief Risk Officers

Enterprise risk management (ERM) has captured the attention of risk management professionals and academics worldwide. Unlike the traditional "silo-based" approach to corporate risk management, ERM enables firms to benefit from an integrated approach to managing risk that shifts the focus of the risk management function from primarily defensive to increasingly offensive and strategic. Despite the heightened interest in ERM, little empirical research has been conducted on the topic. This study provides an initial attempt at identifying the determinants of ERM adoption. We construct a sample of firms that have signaled their use of ERM by appointing a Chief Risk Officer (CRO) who is charged with the responsibility of implementing and managing the ERM program. We use a logistic regression framework to compare these firms to a size- and industry-matched control sample. While our results suggest a general absence of differences in the financial and ownership characteristics of sample and control firms, we find that firms with greater financial leverage are more likely to appoint a CRO. This finding is consistent with the hypothesis that firms appoint CROs to reduce information asymmetry regarding the firm's current and expected risk profile.     

The drivers and value of enterprise risk management: evidence from ERM ratings

In the course of recent regulatory developments, holistic enterprise-wide risk management (ERM) frameworks have become increasingly relevant for insurance companies. The aim of this paper is to contribute to the literature by analyzing determinants (firm characteristics) as well as the impact of ERM on the shareholder value of European insurers using the Standard & Poor’s ERM rating to identify ERM activities. This has not been done so far, even though it is of high relevance against the background of the introduction of Solvency II, which requires a holistic approach to risk management. Results show a significant positive impact of ERM on firm value for the case of European insurers. In particular, we find that insurers with a high quality risk management (RM) system exhibit a Tobin’s Q that on average is about 6.5% higher than for insurers with less high quality RM after controlling for covariates and endogeneity bias.     

A proposed enterprise risk management model for health organizations

Health care organizations are environments with high management complexity and subject to a constant exposure to risks. Enterprise risk management (ERM) has been studied and applied in different economic environments with the aim of improving organizational performance. However, the health sector still suffers from a lack of attention in this context, in particular with regard to the need for a high degree of financial transparency and for the establishment of process-orientated management, and this provides the motivation for the study described in this paper. An ERM model for health organizations is proposed, based on a systematic literature review and on seven case studies in Brazilian hospitals. An approach to economic risk assessment using indicators such as the cash flow at risk and the variability of costs and receipts from the proposed model is suggested. The health organizations involved in the case studies all interpret ERM as a source of information contributing to corporate governance, and the indicators listed provide constructive data for improvement-driven decision-making. Given the interest expressed by the organizations involved, further application and validation of the proposed model in subsequent studies is suggested.     

Tax credit rating and corporate innovation decisions

The tax credit rating mechanism was formally implemented in 2014. As an important tax collection and management innovation, it has attracted the attention of regulatory authorities and scholars. Different from the literature that directly examines corporate tax compliance, we focus on the impact of tax credit rating implementation on corporate research and development (R&D) investment decisions. Using listed companies’ data from 2014 to 2019, we find that companies with higher tax credit ratings invest more in innovation, because the system helps managers identify R&D opportunities, alleviates corporate financing constraints and reduces agency costs. We confirm that tax credit ratings have manifold impacts on corporate information environments and business decisions, with better ratings positively affecting firms’ business decisions. This discovery can inform tax policy reform, encourage corporate innovation and construct social credit systems.     

Risk management and calculative cultures

Enterprise risk management (ERM) has recently emerged as a widespread practice in financial institutions. It has been increasingly codified and encrypted into regulatory, corporate governance and organizational management blueprints. A burgeoning literature of regulatory and practitioner texts is indicative of the apparent diversity of ambitions, objectives and techniques that constitute the ERM agenda. Making sense of these developments is a challenge. This paper presents field-based evidence from two large banking organizations suggesting that systematic variations in ERM practices exist in the financial services industry. The cases illustrate four risk management ideal types and show how they form the ‘risk management mix’ in a given organization. Further, drawing on the literature of the roles and uses of management control systems (MCS), the paper explores how ERM achieved organizational significance in the studied settings. The findings are indicative of the current co-existence of alternative models of ERM. In particular, two types of ERM models are postulated: one driven by a strong shareholder value imperative (ERM by the numbers), the other corresponding to the demands of the risk-based internal control imperative (holistic ERM). This paper explains the differences in the two risk management mixes pointing towards alternative logics of calculation [Power, M.K., 2007. Organized Uncertainty—Designing a World of Risk Management. Oxford University Press, Oxford], which I conceptualise and describe as different calculative cultures. The study suggests that calculative cultures, which in these cases shaped managerial predilections towards ERM practices, are relevant, albeit so far neglected, constituents of the fit between MCS and organizational contexts.     

Exploring value creation from corporate-foresight activities

This paper looks at value creation from corporate futures research. Through a literature review, potential value creation is identified. This serves as guidance for an empirical investigation in which value creation is observed and linked to methods and practices. Using data from 20 case studies, three examples of value creation are discussed in detail. In addition, cross-case analysis allowed me to identify four success criteria for corporate foresight activities: (1) foresighters committed to creating value, (2) participation of internal stakeholders, (3) analysis that follows a systemic logic, and (4) methods and processes that are tailored to companies’ needs. The paper concludes with the recommendation to take a dynamic-capabilities perspective on future research into corporate foresight.     

Enterprise risk management and firm performance: A contingency perspective

In recent years, a paradigm shift has occurred regarding the way organizations view risk management. Instead of looking at risk management from a silo-based perspective, the trend is to take a holistic view of risk management. This holistic approach toward managing an organization’s risk is commonly referred to as enterprise risk management (ERM). Indeed, there is growing support for the general argument that organizations will improve their performance by employing the ERM concept. The basic argument presented in this paper is that the relation between ERM and firm performance is contingent upon the appropriate match between ERM and the following five factors affecting a firm: environmental uncertainty, industry competition, firm size, firm complexity, and board of directors’ monitoring. Based on a sample of 112 US firms that disclose the implementation of their ERM activities within their 10Ks and 10Qs filed with the US Securities and Exchange Commission, empirical evidence confirms the above basic argument. The implication of these findings is that firms should consider the implementation of an ERM system in conjunction with contextual variables surrounding the firm.     

The relationship between enterprise risk management,value and firm characteristics based on the literature

In the wake of the increasing importance of comprehensive enterprise-wide risk management approaches (ERM) in the last years, e.?g. due to stronger regulatory requirements, the field of research on ERM has attracted a considerable amount of attention in the literature. The aim of this paper is to provide a literature-based analysis of the theoretical arguments and empirical findings regarding firm characteristics in the context of measuring the impact of ERM on firm value. Due to the endogeneity problem, we focus on the direct impact as well as on the indirect impact (via ERM) of firm characteristics on firm value.     

The Theory and Practice of Corporate Risk Management*

The financial crisis of 2008 and the resulting recession caught many companies unprepared and, in so doing, provided a stark reminder of the importance of effective risk management. While academic theory has long touted the benefits of risk management, companies have varied greatly in the ways and extent to which they put theory into practice. Drawing on a global survey of over 300 CFOs of non‐financial companies, the authors report that while most CFOs felt that their risk management programs have significant benefits, the risk management function in general needs more attention. A large percentage of the finance executives surveyed acknowledged that the most important corporate risks extend far beyond the CFO's direct reports, and that risk‐based thinking is not incorporated into everyday business activities or corporate strategies. A large majority of executives also said they were seeking a more widespread understanding of risk throughout their organizations—and many confessed their firms' inability, or lack of interest, in evaluating their own risk management functions. At the same time, the efforts of most companies to develop enterprise‐wide risk management (ERM) programs were said to fall well short of the comprehensive and highly coordinated programs envisioned by the proponents of such programs. Three areas of opportunity were clearly identified as having potential to improve corporate risk management in ways that increase firm value over an entire business cycle:

• ? Incorporate risk management thinking into the strategic planning process. Line executives, and not just technicians, need to be sensitive to risks, thereby building flexibility into the firm's business plan and its execution.
• ? Clearly define the objectives of the risk management function, in part by developing appropriate benchmarks. The risk management process should be subject to the same rigorous evaluation process that is used when measuring risks throughout the business.
• ? Instill a risk management culture throughout the organization. While an effective risk management function is necessary, only when employees at all levels of the company embrace risk management as part of their daily operations will the firm get maximum value from risk management.

     

有效预警上市公司违规的递延所得税异动指标和人工智能模型

2000-2017年,3434家A股上市公司样本中的47.79%至少有一次违规记录,每年平均有17%的公司违规,而监管机构平均需要2.7年查证并通告违规行为。我们用当年数据构建递延所得税异动指标,可有效预判违规,并发现监管机构未能识别这一指标的警示作用,实际激励了违规公司通过操纵递延所得税提高财务指标以规避稽查。进一步构建决策树模型,对违规事件实现样本外精准判别。本文揭示了A股公司大面积违规而稽查过程冗长迟缓这一重要现象,并分析了违规机制,指出了所得税数据在稽查违规中可以发挥的预警作用,为监管者和投资者提供有效预警上市公司违规行为的新指标和方法。     

Does Risk Management Add Value? A Survey of the Evidence

The fact that 92% of the world's 500 largest companies recently reported using derivatives suggests that corporate managers believe financial risk management can increase shareholder value. Surveys of finance academics indicate that they too believe that corporate risk management is, on the whole, a valueadding activity. This article provides an overview of almost 30 years of broadbased, stock‐market‐oriented academic studies that address one or more of the following questions:

• ? Are interest rate, exchange rate, and commodity price risks reflected in stock price movements?
• ? Is volatility in corporate earnings and cash flows related in a systematic way to corporate market values?
• ? Is the corporate use of derivatives associated with reduced risk and higher market values?

The answer to the first question, at least in the case of financial institutions and interest rate risk, is a definite yes; all studies with this focus find that the stock returns of financial firms are clearly sensitive to interest rate changes. The stock returns of industrial companies exhibit no pronounced interest rate exposure (at least as a group), but industrial firms with significant cross‐border revenues and costs show considerable sensitivity to exchange rates (although such sensitivity actually appears to be reduced by the size and geographical diversity of the largest multinationals). What's more, the corporate use of derivatives to hedge interest rate and currency exposures appears to be associated with lower sensitivity of stock returns to interest rate and FX changes. But does the resulting reduction in price sensitivity affect value—and, if so, how? Consistent with a widely cited theory that risk management increases value by limiting the corporate “underinvestment problem,” a number of studies show a correlation between lower cash flow volatility and higher corporate investment and market values. The article also cites a small but growing group of studies that show a strong positive association between derivatives use and stock price performance (typically measured using price‐to‐book ratios). But perhaps the nearest the research comes to establishing causality are two studies—one of companies that hedge FX exposures and another of airlines' hedging of fuel costs—that show that, in industries where hedging with derivatives is common, companies that hedge outperform companies that don't.     

有效预警上市公司违规的递延所得税异动指标和人工智能模型

2000-2017年,3434家A股上市公司样本中的47.79%至少有一次违规记录,每年平均有17%的公司违规,而监管机构平均需要2.7年查证并通告违规行为。我们用当年数据构建递延所得税异动指标,可有效预判违规,并发现监管机构未能识别这一指标的警示作用,实际激励了违规公司通过操纵递延所得税提高财务指标以规避稽查。进一步构建决策树模型,对违规事件实现样本外精准判别。本文揭示了A股公司大面积违规而稽查过程冗长迟缓这一重要现象,并分析了违规机制,指出了所得税数据在稽查违规中可以发挥的预警作用,为监管者和投资者提供有效预警上市公司违规行为的新指标和方法。