Enterprise risk management and firm performance: Role of the risk committee

In recent years, there have been increasing efforts in the corporate world to invest in risk management and governance processes. In this paper, we examine the impact of Enterprise Risk Management (ERM) on firm performance by examining whether firm performance is strengthened or weakened by the establishment of a board-level risk committee (BLRC), an important governance mechanism that oversees ERM processes. Based on 260 observations from FTSE350 listed firms in the UK during 2012–2015, we find the effectiveness of ERM significantly and positively affects firm performance. We also find strong BLRC governance complements this relationship and increases the firm performance effects of ERM. Our findings suggest the mere formation of a BLRC is not a panacea for ERM oversight; however, existence of a structurally strong BLRC is crucial for effective ERM governance.     

Enterprise risk management: An empirical analysis of factors associated with the extent of implementation

Enterprise risk management (ERM) has emerged as a new paradigm for managing the portfolio of risks that face organizations, and policy makers continue to focus on mechanisms to improve corporate governance and risk management. Despite these developments, there is little research on factors associated with the implementation of ERM. Research is needed to provide insights as to why some organizations are responding to changing risk profiles by embracing ERM and others are not.This exploratory study examines factors associated with the stage of ERM implementation at a variety of US and international organizations. Based on data gathered from 123 organizations, we find the stage of ERM implementation to be positively related to the presence of a chief risk officer, board independence, CEO and CFO apparent support for ERM, the presence of a Big Four auditor, entity size, and entities in the banking, education, and insurance industries. We also find US organizations to have less-developed ERM processes than international organizations. We believe this paper will provide an initial foundation for more advanced research about ERM.     

Enterprise risk management and firm performance: A contingency perspective

In recent years, a paradigm shift has occurred regarding the way organizations view risk management. Instead of looking at risk management from a silo-based perspective, the trend is to take a holistic view of risk management. This holistic approach toward managing an organization’s risk is commonly referred to as enterprise risk management (ERM). Indeed, there is growing support for the general argument that organizations will improve their performance by employing the ERM concept. The basic argument presented in this paper is that the relation between ERM and firm performance is contingent upon the appropriate match between ERM and the following five factors affecting a firm: environmental uncertainty, industry competition, firm size, firm complexity, and board of directors’ monitoring. Based on a sample of 112 US firms that disclose the implementation of their ERM activities within their 10Ks and 10Qs filed with the US Securities and Exchange Commission, empirical evidence confirms the above basic argument. The implication of these findings is that firms should consider the implementation of an ERM system in conjunction with contextual variables surrounding the firm.     

Is enterprise risk management real?

Moving from the growing relevance of the enterprise risk management (ERM) concept, this paper provides empirical evidence of ERM in practice. The paper presents ERM actual uses in a panel of nine Italian companies from different industrial fields and legislative settings and analyses the relationship between the uses and the characteristics of the ERM tool implemented in each case. The data analysis highlights the existence of different activities that are supported by the ERM tool and also different types of use (i.e. responsive, discoursive and prospective) corresponding to a different contribution of ERM to managerial action. These uses related to the specific characteristics of the tools generally indicated with the label ‘ERM’.     

Determinants and Value of Enterprise Risk Management: Empirical Evidence From the Literature

The development of an enterprise risk management (ERM) program enables companies to manage corporate risks in a holistic manner as opposed to the silo‐based perspective in traditional risk management frameworks. One main question in this regard is what factors drive the implementation of an ERM system in companies and whether ERM programs can actually create value once implemented. This article addresses these questions by conducting a comparative assessment of empirical evidence from the literature regarding the determinants of ERM and its value once implemented. In doing so we are able to illustrate differences in model specifications and the underlying data. Our literature study shows that particularly the company size and the level of institutional ownership are significantly positively related to the implementation of ERM in most empirical studies and, furthermore, that ERM generally has a (significant) positive impact on corporate value and performance (to a different extent and depending on the focus of the studies). However, geographic and/or industrial restrictions regarding the underlying data sets partly limit the generalization of the empirical results.     

The impact of enterprise risk management on the marginal cost of reducing risk: Evidence from the insurance industry

We test the hypothesis that practicing enterprise risk management (ERM) reduces firms’ cost of reducing risk. Adoption of ERM represents a radical paradigm shift from the traditional method of managing risks individually to managing risks collectively allowing ERM-adopting firms to better recognize natural hedges, prioritize hedging activities towards the risks that contribute most to the total risk of the firm, and optimize the evaluation and selection of available hedging instruments. We hypothesize that these advantages allow ERM-adopting firms to produce greater risk reduction per dollar spent. Our hypothesis further predicts that, after implementing ERM, firms experience profit maximizing incentives to lower risk. Consistent with this hypothesis, we find that firms adopting ERM experience a reduction in stock return volatility. We also find that the reduction in return volatility for ERM-adopting firms becomes stronger over time. Further, we find that operating profits per unit of risk (ROA/return volatility) increase post ERM adoption.     

A proposed enterprise risk management model for health organizations

Health care organizations are environments with high management complexity and subject to a constant exposure to risks. Enterprise risk management (ERM) has been studied and applied in different economic environments with the aim of improving organizational performance. However, the health sector still suffers from a lack of attention in this context, in particular with regard to the need for a high degree of financial transparency and for the establishment of process-orientated management, and this provides the motivation for the study described in this paper. An ERM model for health organizations is proposed, based on a systematic literature review and on seven case studies in Brazilian hospitals. An approach to economic risk assessment using indicators such as the cash flow at risk and the variability of costs and receipts from the proposed model is suggested. The health organizations involved in the case studies all interpret ERM as a source of information contributing to corporate governance, and the indicators listed provide constructive data for improvement-driven decision-making. Given the interest expressed by the organizations involved, further application and validation of the proposed model in subsequent studies is suggested.     

The drivers and value of enterprise risk management: evidence from ERM ratings

In the course of recent regulatory developments, holistic enterprise-wide risk management (ERM) frameworks have become increasingly relevant for insurance companies. The aim of this paper is to contribute to the literature by analyzing determinants (firm characteristics) as well as the impact of ERM on the shareholder value of European insurers using the Standard & Poor’s ERM rating to identify ERM activities. This has not been done so far, even though it is of high relevance against the background of the introduction of Solvency II, which requires a holistic approach to risk management. Results show a significant positive impact of ERM on firm value for the case of European insurers. In particular, we find that insurers with a high quality risk management (RM) system exhibit a Tobin’s Q that on average is about 6.5% higher than for insurers with less high quality RM after controlling for covariates and endogeneity bias.     

New development: Integrating risk management in management control systems—lessons for public sector managers

Exploring multiple dimensions of management control systems (MCS), this article proposes a new framework to integrate risk management with strategy, MCS and performance measurement systems (PMS). Considering the public sector as a focal point, the article points to some enterprise risk management (ERM) issues and argues that ERM-enabled MCS has potential to improve PMS and strategic decision-making, leading to a more proactive risk management framework and a culture that promotes performance driven accountability. Consequently, the article calls for further research towards solving the public sector’s risk management problems, motivating its managers to adopt best practices, and stimulating suitable policy developments.     

Critical success factors associated with the implementation of enterprise risk management

The present research aimed to identify which critical success factors have the most influence on the implementation of Enterprise Risk Management – ERM, taking into consideration the important mission to ensure the survival, growth, and perpetuity of businesses in an environment with strong technology integration, global competition, and political, cultural, and economic contexts. To achieve this objective, a systematic and structured literature review was conducted, making it possible to identify 10 critical success factors for ERM initiatives that were analyzed and detailed, based on the literature findings and consultation with experts.     

How did enterprise risk management first appear in the Korean public sector?

This research addresses the rise and fall of the Crisis Management Guideline of Public Organizations (CMGPO) from a historical perspective. In the Korean public sector, as a form of enterprise risk management (ERM), CMGPO is not designed to be merely a tool of financial risk management but also to be a policy tool for crisis management. CMGPO emerged within the conflict between integrated crisis management and dispersed crisis management. The purpose of CMGPO is to bureaucratically integrate the crisis management of public organizations with the governmental crisis management system. ERM as a form of self-regulation is entangled with the pre-existing command and control of the Korean government over integrated crisis management. As a result, CMGPO is characterized as ‘enforced self-regulation’ rather than self-regulation; this is a fundamental idea in ERM.     

Risk management and calculative cultures

Enterprise risk management (ERM) has recently emerged as a widespread practice in financial institutions. It has been increasingly codified and encrypted into regulatory, corporate governance and organizational management blueprints. A burgeoning literature of regulatory and practitioner texts is indicative of the apparent diversity of ambitions, objectives and techniques that constitute the ERM agenda. Making sense of these developments is a challenge. This paper presents field-based evidence from two large banking organizations suggesting that systematic variations in ERM practices exist in the financial services industry. The cases illustrate four risk management ideal types and show how they form the ‘risk management mix’ in a given organization. Further, drawing on the literature of the roles and uses of management control systems (MCS), the paper explores how ERM achieved organizational significance in the studied settings. The findings are indicative of the current co-existence of alternative models of ERM. In particular, two types of ERM models are postulated: one driven by a strong shareholder value imperative (ERM by the numbers), the other corresponding to the demands of the risk-based internal control imperative (holistic ERM). This paper explains the differences in the two risk management mixes pointing towards alternative logics of calculation [Power, M.K., 2007. Organized Uncertainty—Designing a World of Risk Management. Oxford University Press, Oxford], which I conceptualise and describe as different calculative cultures. The study suggests that calculative cultures, which in these cases shaped managerial predilections towards ERM practices, are relevant, albeit so far neglected, constituents of the fit between MCS and organizational contexts.     

Determinants and value of enterprise risk management: empirical evidence from Germany

Enterprise risk management (ERM) has become increasingly relevant in recent years, especially due to an increasing complexity of risks and the further development of regulatory frameworks. The aim of this paper is to empirically analyze firm characteristics that determine the implementation of an ERM system and to study the impact of ERM on firm value. We focus on companies listed at the German stock exchange, which to the best of our knowledge is the first empirical study with a cross-sectional analysis for Germany and one of the first for a European country. Our findings show that size, international diversification and the industry sector (banking, insurance, energy) positively impact the implementation of an ERM system, and financial leverage is negatively related to ERM engagement. In addition, our results confirm a significant positive impact of ERM on shareholder value.     

The Effect of Corporate Governance on the Use of Enterprise Risk Management: Evidence From Canada

This article examines the use of enterprise risk management (ERM) by companies in Canada, the characteristics that are associated with the use of ERM, what obstacles companies face in implementing ERM, and what role, if any, corporate governance guidelines have played in the decision to adopt ERM. We obtained our data from the responses to a mail survey sent to Canadian Risk and Insurance Management Society members as well as telephone interviews with 19 of the respondents. The results indicate that 31 percent of the sample had adopted ERM and that reasons for adopting ERM include the influence of the risk manager (61 percent), encouragement from the board of directors (51 percent), and compliance with Toronto Stock Exchange (TSE) guidelines (37 percent). The major deterrents to ERM were an organizational structure that discourages ERM and an overall resistance to change. Although only about one‐third of companies indicated that they had adopted an ERM approach, evidence was clear that a larger portion of the sample was moving in that direction, as indicated by what changes they had observed in their companies in the past three years. These include the development of company‐wide guidelines for risk management (45 percent), an increased awareness of nonoperational risks by operational risk management personnel and an increased awareness of operational risks by nonoperational risk management personnel (49 percent), more coordination with different areas responsible for risk management (64 percent), and more involvement and interaction in the decision making of other departments. Contrary to what we expected, there was not a significant difference between firms that are listed on the TSE versus those that are not in terms of the propensity to use ERM. However, the fact that 37 percent of firms indicated that the TSE guidelines were influential in their decision to adopt ERM provides some evidence that the guidelines are influencing companies’ risk management strategies.     

Enterprise risk management and continuous re-alignment in the pursuit of accountability: A German case

COSO defines ERM as a set of activities that lead to organizational alignment and accountability, given structured work with stable, mobile and combinable information objects. This study argues against this representation by offering three insights developed from case research. We observe ERM as a practice that oscillates between IT-based representations and social interpretations, which never “adds-up” but creates circulation and movement instead. Rather than to produce a common understanding of corporate affairs, ERM communalizes the process of identifying risks and chances and promotes a quest for accountability. Thus, ERM does not focus on improving performance or compliance. Nevertheless, by separating subjects and objects in the organizational context, ERM creates space for otherness and heterogeneity. To the extent that these are mobilized as resources, ERM might offer “intelligence” beyond the coherence and homogeneity, which accounting systems represent.     

Profiling the environmental risk management of Chinese local environmental agencies

The increasing frequency and impact of environmental accidents have pushed the issue of environmental risk management (ERM) to the top of the Chinese governments’ agendas and popularized the term ‘emergency response.’ Although the boundary between environmental accidents and other types of accidents is blurred and effective ERM requires an integrated and coordinated management system, environmental risks have not been given due weight in the overall risk management framework in China. The Ministry of Environmental Protection and Environmental Protection Bureaus at various governmental levels are responsible for the management of environmental risks. In recent years, major developments have taken place within these environmental agencies, but the upward trend in number of environmental accidents has remained unchanged. This raises questions on how these organizations respond to and prevent environmental risks, which shortcomings can be indicated, and what improvements can be made in ERM. This study addresses these questions through a survey among environmental bureaus at provincial and municipal levels. The results indicate that environmental emergency response and ERM have become a major concern of local environmental officials. However, the attitudes, available resources, and organizational capacities vary among environmental agencies, which results in considerable differences in the adopted strategies and management tools. This survey is the first attempt to profile the ERM of the Chinese environmental agencies, which serves as a basis for further analysis of ERM in China.     

The dispositif of risk management: Reconstructing risk management after the financial crisis

Despite its dubious role during the global financial crisis of 2008, risk management has continued its expansion. This paper addresses the question why risk management, in the face of its evident failure to manage risks during the crisis, has retained its importance even today. We build on the existing critical literature on risk management (Power, 2007) and advance it by introducing a more rigorous consideration of power. We refer to the notion of the “permanent state of exception” as conceptualized by the Italian social theorist Giorgio Agamben, 1998, Agamben, 2005 in order to argue that risk is a powerful social category as it reflects a potential exception, challenging norms as well as normalizing forms of control. We conclude that a dispositif of risk management, an assemblage of institutions, regulations and models, lies at the heart of risk management. This dispositif provides elites engaged in risk management with an argument that allows them – in exceptional situations – to take extraordinary measures which cannot be rescinded after the initial state of exception has ended. The logic of the state of exception can be used as a discursive resource and adds to, but also gradually replaces, other forms of management control. Our study contributes to management control theory by focusing on post-disciplinary forms of control and provides a novel focus on how elites use management control systems for their own interests.     

Incorporating Strategic Risk into Enterprise Risk Management: A Survey of Current Corporate Practice

Since ERM is a relatively recent activity and has yet to be fully implemented in most companies, there has been little academic research about its accomplishments and about the obstacles to further progress. In particular, very little has been published about corporate attempts to identify and manage corporate strategic risks while integrating them into a corporate‐ wide ERM framework. This article uses responses collected from a survey of 271 risk and financial executives in North American and European companies to address the following questions: What forces are behind this push for a more organized and integrated management of significant risks? What challenges are companies encountering as they implement implement ERM? Once fully in place, how does ERM affect the company's ability to implement its strategy? The primary drivers of ERM are said to be corporate governance requirements and other regulatory pressures, and management and investor demand for greater understanding of strategic and operating risks. The benefits of full ERM implementation are increased management accountability and better governance practices, greater managerial understanding of and consensus about corporate strategy, and, in some cases, higher credit ratings and hence a lower cost of capital. The tools and techniques to measure the impact of strategic risks appear to vary, depending on the stage of ERM implementation. For advanced ERM companies, the most frequently used tools and techniques are key risk indicators, self‐assessments, and scenario analysis.     

The Rise and Evolution of the Chief Risk Officer: Enterprise Risk Management at Hydro One

This article describes the five-year implementation of enterprise risk management at Hydro One, a Canadian electric utility in a newly deregulated market. Starting with the creation of the position of Chief Risk Officer and the implementation of a pilot risk study involving one of the firm's subsidiaries, the ERM process has made use of a variety of tools and techniques, including the "Delphi Method," risk trends, risk tolerances, and risk rankings.
Among the most tangible benefits of ERM at Hydro One are (1) a better coordinated and more effective process for allocating capital and (2) a favorable reaction to the program by Moody's and Standard & Poor's, which has arguably improved the company's credit rating and lowered its cost of capital. But perhaps equally important is the company's progress in realizing the first principle of its ERM policy—namely, that "risk management is everyone's responsibility, from the Board of Directors to individual employees." As a result, Hydro One's management feels that the company is much better positioned today to respond to new business developments than it was five years ago.     

A systematic review of risk management in innovation-oriented firms

Innovation and risk are inseparable. In fact, literature on innovation management often recommends that innovation-oriented firms must actively monitor, evaluate, analyze and treat future events in order to mitigate risks whenever possible. This approach is particularly important in emergent economies characterized by unstructured national innovation systems and constant economic and market instability. However, there has been no systematic effort to identify and categorize risks that potentially impact businesses based on innovation. Thus, we propose an interpretative framework of risk events with potential financial impact in innovation-oriented firms constructed and tested by means of a mixed studies review. The risk events were identified through a comprehensive systematic search and review of the published literature on risk and innovation. From the 115 works that were analyzed, it was possible to identify nine categories of risk events frequently associated with innovation-oriented businesses that may generate financial impacts. The proposed interpretative framework was tested in an empirical study with 13 innovation-oriented firms located in six Brazilian technological parks. Results from the empirical study suggest that managers found the proposed interpretative framework complete and comprehensive. Moreover, the empirical study signaled which risk events are more relevant for the Brazilian context. The proposed framework is a first necessary step for future development of ERM models applicable in innovation-intensive contexts.