Emerald Publishing Limited
Copyright © 2021 Emerald Publishing Limited
Half Title Page
Enterprise Risk Management in Europe
Enterprise Risk Management in Europe
University of Naples Federico II, Italy
United Kingdom – North America – Japan – India – Malaysia – China
Emerald Publishing Limited
Howard House, Wagon Lane, Bingley BD16 1WA, UK
First edition 2021
Copyright © 2021 by Emerald Publishing Limited
Reprints and permissions service
No part of this book may be reproduced, stored in a retrieval system, transmitted in any form or by any means electronic, mechanical, photocopying, recording or otherwise without either the prior written permission of the publisher or a licence permitting restricted copying issued in the UK by The Copyright Licensing Agency and in the USA by The Copyright Clearance Center. Any opinions expressed in the chapters are those of the authors. Whilst Emerald makes every effort to ensure the quality and accuracy of its content, Emerald makes no representation implied or otherwise, as to the chapters' suitability and application and disclaims any warranties, express or implied, to their use.
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
ISBN: 978-1-83867-246-1 (Print)
ISBN: 978-1-83867-245-4 (Online)
ISBN: 978-1-83867-247-8 (Epub)
To those whose fearless dedication in the face of COVID-19 risk is securing our health in these difficult times
List of Figures
|Figure 7.1.||Risk Management Maturity.|
|Figure 13.1.||GDP Growth: UK versus EU.|
|Figure 14.1.||Competency Driver Performance for Organizations with ERM in 2015.|
List of Boxes
|Box 13.1||Corporate governance codes and reports|
|Box 13.2||Corporate Governance definition in the Cadbury Report (1992)|
|Box 13.3||Audit, Risk and Internal Control (UK Corporate Governance Code)|
|Box 13.4||Principles from the UK Stewardship Code|
List of Tables
|Table 1.1.||Risk Management Split between Governance and Internal Control.|
|Table 2.1.||Determinants of ERM Adoption and Maturity in Germany.|
|Table 7.1.||Maturity Level.|
|Table 7.3.||ERM Implementation.|
|Table 9.1.||Number of Companies that Disclose Information on ERM Practices.|
|Table 9.2.||ERM Disclosure Index of Portuguese Listed Companies.|
|Table 10.1.||Number of Companies Which Disclose a Specific ERM Item Inside the Annual Report for Each Fiscal Year.|
|Table 10.2.||The Percentage of Information Disclosed per Year About ERM.|
|Table 11.1.||Case Company Data.|
|Table 13.1.||United Kingdom Country Macroeconomic Indicators (Ranking).|
|Table 14.1.||ERM Attributes.|
|Table 15.1.||General Table.|
|Table 15.2.||Hierarchical Agglomerative Cluster Analysis.|
|Table 15.3.||The “Critical” Events Fostering the Logic of Risk Management.|
|Table 15.4.||Linkages between the State of Development of Countries and the Critical Event Triggering the ERM Development.|
About the Contributors
Diego Alcoceba Álvarez is a Senior Consultant of Risk Advisory at EY Spain, specialized in helping our international clients to get global leading best practices around IT Management and IT-Business interaction, giving SAP GRC tools implementation, SOX implementation projects, internal audit improvement and execution, compliance improvement and execution, and external audits. Additionally, he is interested in general governance, including politics and public administration, as well as digital businesses around start-up environment.
Dimitris Apostolidis has been working in KPMG Greece since 2000 and today he is a Senior Manager in the Risk Consulting department. He holds a BEng (Hons) in Manufacturing Engineering & Management (University of Dundee, 1998) and an MBA (University of Stirling, 1999). In the 20 years of his professional experience he has been offering services in the areas of business advisory, internal audit, internal control, risk management inclusive of enterprise risk assessments, assurance and sustainability and corporate responsibility, for public and private sector clients in Greece and abroad (Albania, Egypt, Kosovo and Turkey). He has published several articles, especially in the area of sustainability.
Caroline Aubry is a Lecturer at the University Paul Sabatier (Toulouse III). She teaches strategy and risk management. Her recent work analyses the history of risk management and the risk manager function (Revue Management et Avenir, 2012) and identifies its activity and its position in the organization (Recherches en Sciences de Gestion, 2013; 2017). She published in 2019 a book titled The Risk Manager Function: Organization, Methods and Position. Her actual research purpose is to understand the role of the risk manager function and propose a typology of risk manager function during its emergence period. She also collaborated with the French risk manager's association (AMRAE).
Graça Azevedo has a PhD in Management (scientific field: Accounting) from the ISCTE-IUL Business School. She is an Associate Professor in Accounting at the University of Aveiro and has teaching experience in doctoral programs, masters, programs for executive education, and undergraduate programmes. She has published and presented several articles in national and international journals such as Australian Accounting Review, Corporate Communications: An International Journal and Meditari Accountancy Research. She is a member of the Editorial Board of international journal “Accounting and Finance Research”. Her research interests are related to financial reporting, impression management strategies and international accounting standards.
Bogdan Buczkowski, PhD, is a Lecturer and a Scientific Researcher in the field of international finance and international business at the University of Lodz, Faculty of Economics and Sociology, International Trade Department. He participated in several international scientific and didactic projects. He is a co-author of books: Practical Aspects in Doing International Business, Corporate Social Responsibility and a co-editor of Business in Contemporary Economy.
Raffaela Casciello is a PhD student in management at the University of Naples Federico II. Her main areas of interest and research are Enterprise Risk Management, Earnings Management, Capital Management, Accounting Manipulations, Accrual Quality and issues related to IAS/IFRS Regulatory Framework. She is interested in European banking regulation and supervisory systems. She is interested in investigating the potential impacts that micro and macro-environmental features could have on corporate accounting choices at both national and international levels. She has been a Visiting Scholar at the University of Kentucky (USA) and attended some national and international conferences for paper presentations. She published on international-edited books and national and international journals.
Jason Crawford is an Assistant Professor at the Department of Business Studies, Uppsala University, Sweden. His research focuses on the relationship between strategy and operational decision-making in financial institutions, more specifically the relationship between strategy, risk management and management control systems as well as their integration. He has presented his research at academic conferences, published in Routledge Series in Accounting, and in 2018 he was awarded the Wallander Scholarship.
Constantinos Lefcaditis has 23 years of professional experience in the banking sector out of which 18 years in the risk management. He was Deputy Risk Manager for 5 years. He currently serves as a Senior Manager in KPMG in Greece in the Financial Risk Management Division. He has a PhD in Risk Management and currently is Visiting Professor in the Department of Economics of the National and Kapodistrian University of Athens, teaching mathematics and risk management to undergraduate and postgraduate students. He was also Instructor in various risk management seminars in Greece and Cyprus. Articles and research work in risk management have been published in various journals in Greece and abroad. His experience includes credit risk, market risk, operational risk, liquidity risk and EBA/Basel regulations in the banking sector.
Nicola Dalla Via is an Assistant Professor in Accounting at the Free University of Bozen-Bolzano. He graduated at the University of Trento and he obtained a PhD in Business at Ca’ Foscari University of Venice. Before joining the Free University of Bozen-Bolzano, he was Assistant Professor at the Rotterdam School of Management, Erasmus University (The Netherlands) until 2018. His research interests include managerial accounting, sustainability accounting and assurance, and behavioural accounting. He has published in Accounting, Organizations and Society, Accounting and Finance, and Business Strategy and the Environment, among others.
Valdonė Darškuvienė is Economist, Finance and Corporate Governance Expert at ISM University of Management and Economics, Vilnius, Lithuania. She has served Vice-President for Research at ISM (2015–2019), chaired Department of Economics in 2016–2017. Member of ISM International Doctoral Committees in Management and in Economics. Since 2008 she is in the position of Professor of Finance at Vytautas Magnus University (VMU), Kaunas. She is active in international research initiatives and networks. In 2014–2017, she served as expert at EC Horizon-2020 MSCA Advisory Group, which provides advice to the Commission regarding the Marie Skłodowska-Curie actions on skills, training and career development, as well as expert at EC Horizon-2020 Gender Advisory Group, which promoted implementation of gender dimension in research and innovation content as a cross-cutting issue in Horizon 2020 work programme. Member of scientific committee on public enterprises at CIRIEC. She is an expert at the Research Council of Lithuania. Her research is within domain of corporate finance, ownership, corporate governance and corporate social responsibility. Grant-based research with scholars including London School of Economics (LSE), Freie-Universitat Berlin, Copenhagen Business School (CBS), Corvinus University was published in European policy documents, such as Eurofound reports PEPPER III–V, EFES Position paper, 2014. She is author and co-author of a number of publications in scholarly journals and books, including published by Palgrave Macmillan, Springer.
Mirjam Durrer (Lucerne School of Business) is a Lawyer and Lecturer for Normative Board Management. She has extensive experience in dealing with risk management and corporate governance. Due to her legal background, she has also a deep knowledge in the field of compliance. At the Lucerne School of Business she is co-head of a certificate course for board members and she manages several research projects within her research focus. Three of her major publications include:
Durrer, M. (2017). Die Pflicht des Verwaltungsrates zum integralen Risikomanagement in KMU. Dissertation, Universität Luzern.
Durrer, M., & Gruber, M. (2020). Der Verwaltungsrat als erste Verteidigungslinie im integralen Risikomanagement. Zur Weiterentwicklung des Three-Lines-of-Defense-Modells im Licht von Art. 716 ff. OR. Expert Focus, (3), 124–127.
Hunziker, S., & Durrer, M. (2020). Risk Management aus der Sicht der Unternehmensführung. Perspektive von Geschäftsleitung und Verwaltungsrat – eine Studie der Hochschule Luzern und Swiss ERM. Expert Focus, (3), 118–123.
Clelia Fiondella is an Full Professor in Accounting at the Department of Economy, University of Campania “Luigi Vanvitelli”. Her research interests cover the areas of risk reporting and risk management systems, management accounting, social and environmental disclosure, accounting due process and going concern. She published articles in referred international journals, national journals, monographs and books chapters published by referred international editors. Clelia Fiondella can be contacted at firstname.lastname@example.org.
Georgios Grammenidis is a Consultant at KPMG AG Wirtschaftsprüfungsgesellschaft in Düsseldorf, Germany in the Finance Advisory Department. He studied Controlling and Risk Management at the University of Siegen, Germany, and graduated as a Master of Science in 2020.
Mohamed Taieb Hamadi is a Research Assistant Professor at the Accounting Department of Toulouse School of Management. He holds PhD in Accounting from Toulouse School of Management doctoral program. Taieb’s main research interests are IFRS, Risk and Tax. His recent work focuses on the implementation of the international accounting standards since 2002 under the European Union. He has worked as a tax advisor for the tax and law department of Ernst & Young. His various missions include business and legal tax, compliance, advisory and international tax risk and due diligence and transaction.
Manuel Giralt Herrero is a Senior Partner in the advisory practice at EY Spain with more than 22 years of experience. Manuel is working on the ERM (Enterprise Risk Management) projects, IT audit support and cybersecurity services. Right now, Manuel is leading the Construction, Infrastructure & Real Estate Practice in MED (Spain, Italy and Portugal). During his professional career he has participated in numerous projects in retail and consumer products, Telco, media and entertainment, pharmaceutical and oil and gas. Manuel is leading in EMEIA (Europe, Middle East, India and Africa) most of the SAP GRC (Governance, Risk and Compliance) in EY.
Martin R. W. Hiebl is a Professor of Management Accounting and Control at the University of Siegen, Germany, and a Visiting Professor at Johannes Kepler University Linz, Austria. His research is centred on management accounting, management control and risk management, with a focus on small firms and family businesses. His work has been published in Management Accounting Research, Journal of Management Accounting Research, European Accounting Review, Qualitative Research in Accounting & Management, Journal of Accounting Literature, Organizational Research Methods and the European Management Review, amongst other outlets.
Stefan Hunziker (Lucerne School of Business) is a Professor of Enterprise Risk Management and Internal Control. He is Head of the Competence Center Risk and Compliance Management and is Co-head of the MSc International Financial Management. He has extensive experience in dealing with risk management and internal control systems. During his work at the Lucerne School of Business, he has successfully supervised about 50 coaching and consulting projects in his field of research. Furthermore, he has published several textbooks and other publications on these topics. Professor Hunziker is chairman of the board of Swiss Enterprise Risk Management Association (SwissERM). Major publications include:
Hunziker, S. (2019). Enterprise risk management – Modern approaches to balancing risk and reward. Wiesbaden: Springer Gabler.
Hunziker, S. (2017). Efficiency of internal control: evidence from Swiss non-financial companies. Journal of Management and Governance, 21, 399–433.
Hunziker, S., Renggli, S., & Fallegger, M. (2018). Interne Kontrollsysteme im Finanzbereich: Wirksame und effiziente Steuerung, Kontrolle und Überwachung. Wiesbaden: Springer.
Hunziker, S., & Durrer, M. (2020). Risk Management aus der Sicht der Unternehmensführung. Perspektive von Geschäftsleitung und Verwaltungsrat – eine Studie der Hochschule Luzern und Swiss ERM. Expert Focus, (3), 118–123.
Marco Maffei is a Full Professor of Financial Accounting and Auditing at the Department of Economics, Management, Institutions at the University of Naples Federico II. He is also Head of the Master degree Programme in “Innovation and International Management”. He holds a PhD in Financial Accounting from the University of Naples Federico II. He taught for many years Accounting for Financial Instruments at Toulouse Business School. He has managed as principal author a good number of research projects on Accounting, Auditing, Business Ethics, Enterprise Risk Management, Management Accounting, Risk Disclosure and Public Health, co-authored with both Italian and international scholars, published in national and international top peer reviewed journals. He organized the sixth European Risk Conference “Multiple perspectives on risk management” (2014) and the 11th ENROAC Conference “The contribution of Management Accounting to Effective Risk Management” (2017). He was also guest editor of “Accounting and Risk” special issue published in The British Accounting Review (2017).
Irma Malafronte is a Senior Lecturer in Accounting and Finance at Roehampton Business School, Roehampton University, London (UK). Her research interests focus on integrated reporting, sustainability reporting, risk disclosure, market discipline, insurance companies and bank-firm relationship. Irma regularly disseminates research and findings at international conferences and her work has been published in international and national peer-reviewed academic journals, including The British Accounting Review, Journal of Financial Services Research, International Review of Financial Analysis, Review of Accounting and Finance, Applied Financial Economics. Irma's research has been supported by government scholarships and professional bodies funding.
Emmanuel Markakis has over 20 years of professional experience related with risk advisory, internal audit and project management. Emmanuel currently serves as a Senior Manager in KPMG's Internal Audit, Risk Management and Regulatory Compliance (IARCS) practice in Greece (17 years in total with KPMG). He holds a Master of Engineering degree in Industrial & Mechanical Engineering (University of Toronto, Canada) and a Diploma (M.Sc. equivalent) in Production Engineering & Management (Technical University of Crete, Greece). Also, Emmanuel is certified CIA, COSO Internal Control, CCSA, CRMA and PMP, as well as, trained to provide Quality Assurance Review (QAR) services (approved QAR volunteer by IIA). He is a member of the ΙΙΑ, PMI, PRMIA, GARP and CORS. Emmanuel has participated in many conference as presenter and has published several articles in the areas of Corporate Governance, Internal Audit, Risk Management and Regulatory Compliance.
Catherina Di Paolantonio Martorell is a Manager of Risk Advisory at EY Spain with 11 years of experience providing internal and external IT audit support and IT Consulting Services. During her professional career she has participated in numerous projects covering the following sectors: banking, telecommunications, entertainment, services, energy (oil and electricity) and pharmaceutical. Her professional performance includes International SOX projects (IT Consultancy Services), External IT Audits reviews (Various Markets Segments) and Internal IT Audit reviews (Financial Industry).
Anita Meidell is an Associate Professor in Management Control at the Norwegian School of Economics. She has published journal articles and book chapters mainly on the topics of risk management and enterprise risk management. Research and teaching focus on management control, governance, risk management and internal control. Prior to entering academia, she was a partner in EY's advisory practice.
Anette Mikes is an Associate Professor of Accounting at Oxford Saïd and a Fellow at Hertford College. Anette was the 2017 laureate of the prestigious ACA Prize of the University of St. Gallen for her contributions to the field of risk management and financial governance. Between 2014 and 2019, she was a Professor at HEC Lausanne, teaching risk management, management control and accounting for sustainability. Formerly at Harvard Business School, she launched (with professors Robert Kaplan and Dutch Leonard) the Harvard executive education programme Risk Management for Corporate Leaders. Anette completed her PhD at the London School of Economics in 2005 and worked in the City of London in 2006–2007. Her work on the evolution, variation, consequences and contextual determinants of risk management has appeared in Management Accounting Research; Accounting, Organizations and Society; the Journal of Applied Corporate Finance and in the Harvard Business Review. She won the David Solomons Award (“Best Paper in Management Accounting Research”) twice: in 2010 (for her article “Risk Management and Calculative Cultures”) and in 2016 (for the article “How Do Risk Managers Become Influential?”, with co-authors Matt Hall and Yuval Millo). Her research documentary on a man-made disaster (“The Kursk Submarine Rescue Mission”) won the Most Outstanding Short Film Award at the Global Risk Forum in Davos in August 2014. The latter project signifies her continuing interest in man-made disasters, and her current research project (“Values at Risk: Management Accounting in the Age of Corporate Purpose”) focuses on the interface between risk management, business ethics and management control.
Vilma Nasteckiene is a Management Consultant, Executive Mentor, Holistic Business Excellence, Risk and Process Management Expert, Co-founder and Partner of Holistic Enterprise©. After years of risk management, change management and continuous process improvement in the banking industry in Lithuania, in 2011 she started to develop management consultancy expertise and together with management boards and business owners create business transformations. She has initiated and chaired Risk Committee under National Standards Board in 2016–2020. Speaker and management educator. She is PhD candidate at ISM University of Economics and Management. Her research area is formal and informal risk management practices in business organizations.
Fredrik Nilsson is a Professor of Business Studies, specializing in Accounting, at Uppsala University. Previously he was Professor of Economic Information Systems at Linköping University. His research focuses on how information systems (e.g. related to financial accounting, management control and production control) are designed and used to formulate and implement strategies. Prof. Nilsson has published his research in scientific articles, monographs and book chapters. He has also co-edited several books. Two examples are “Mergers and Acquisitions: The Critical Role of Stakeholders” (editor together with Helén Anderson and Virpi Havila, Routledge) and “Strategic Management Control: Successful Strategies Based on Dialogue and Collaboration” (editor together with Carl-Johan Petri and Alf Westelius, Springer).
Jonas Oliveira has a PhD in Accounting from the School of Economics and Management, University of Minho, Portugal. He is an Assistant Professor of Accounting at ISCTE-IUL Business School and the Vice-Director of the Business Research Unit. He has teaching experience in doctoral programs, masters, programs for executive education, and undergraduate programs. His research interests are: risk reporting, corporate governance, impression management strategies, sustainability and integrated reporting. He publishes academic articles in some well-recognized journals such as Managerial Auditing Journal, Australian Accounting Review, Corporate Communications: An International Journal, Meditari Accountancy Research, European Business Review and Journal of Risk.
Sami El Omari is an Associate Professor of Accounting at Toulouse Business School. In research, he is interested in professions, accounting and management history and governance. He has published several papers dealing with professionalization in accounting (Accounting, Accountability, and Auditing journal, Accounting History Review, Comptabilité-Contrôle-Audit) and QCA method (Journal of Business Research).
John Pereira is a Senior Lecturer in Finance at Kingston Business School (UK). His research interests focus on credit risk management, risk disclosure, banks' enforcement actions and integrated reporting. John's work has been published in international and national peer-reviewed academic journals, including Journal of Economic Behaviour and Organization, Journal of International Financial Markets, Institutions & Money, The British Accounting Review, Journal of Financial Services Research, Review of Accounting and Finance. John serves as reviewer for various international peer reviewed academic journals. John is a Chartered member of the Global Management Accountant professional body (ACMA, CGMA).
Cláudia Pinto has a PhD in Accounting from the University of Aveiro and she is a Lecturer at the Polytechnic Institute of Viana do Castelo. Her research interest is risk reporting.
Paola Radaelli holds a master’s degree from Bocconi University and specializes in Financial Operators at SDA Bocconi. Her certifications include Energy Risk Professional Certificate from GARP and RIMAP Certificate from Ferma. Paola Radaelli has broad experience as a CFO, Group enterprise, insurance risk manager and Director of important industrial enterprises. She is Vice President and Member of the Scientific Committee of Anra (Italian Risk Manager Association). She has authored some published articles and the book Risk Management: How to Apply Enterprise Risk Management to a Practical Case, published by Cranfield University. She is an instructor for the RIMAP International Certification and for the University of Parma's Master's program. She is Risk Management Consultant for enterprises at Strategica Risk Consulting.
George Raounas has 37 years of professional experience, 30 years of which have been in the advisory business. He currently serves as a Partner in KPMG Greece heading the Risk Consulting division, which includes Internal Audit Risk & Compliance, Financial Risk Management and Sustainability services. He holds an MS in Theoretical Physics (Adelphi University) and a BS in Physics (Aristotelian University) and he is the Chairman of the Board of Directors of the Association of Management Consulting firms of Greece. He has offered advisory services to a variety of clients in the public and private sector in Greece and abroad (banking, industrial, telecommunications etc.). His professional experience includes many risk consulting projects, inclusive of enterprise risk assessments and financial risk. He has published several articles, especially for the banking sector challenges, including risk management issues.
Kjell Ove Røsok is an Associate Professor and the Programme Leader for the Master Programme in Accounting at the Norwegian School of Economics. He holds a PhD in Financial Accounting and is currently involved in several research projects on international standard setting. He is a member of the IFRS committee of the Norwegian Accounting Standards Board, and he is involved in editorial work as editor of an IFRS book published in 2018 and member of the editorial board of Magma, a Norwegian peer reviewed journal. Prior to entering academia, he was a partner in EY's audit practice.
Edvinas Samys is an Economist, Finance, Project Management and Business-Science Collaboration Expert at Vytautas Magnus University (VMU), Kaunas, Lithuania. He is Head of Communication and Technology transfer centre for 3 years. In the period of 2014–2019 he has participated in more than 20 local and international research and study projects (H2020, Erasmus Knowledge alliance etc.). Expert/specialist in projects related to entrepreneurship, strengthening competences of young people and developing tools for successful business management (3 Erasmus + projects). His research/expertise is within domain of banking, investment, entrepreneurship, business development and research commercialization.
Rosanna Spanò holds a PhD in Healthcare Management from the University of Catanzaro Magna Graecia and is Assistant Professor of Enterprise Risk Management at the Department of Economics, Management, Institutions of the University of Naples Federico II. Rosanna's main research interest is for the behavioural aspects of management accounting and risk management in complex settings, and is devoted to depict conflicts and resistance surrounding the difficult dialectic between economic and quality logics, in a picture of growing accountability demands. Rosanna is involved in national and international publicly funded projects, on management accounting, entrepreneurship and risk management. Rosanna is affiliate of relevant scientific associations in her field, has participated to more than 50 international conferences as a speaker, and has been invited lecturer in important Institutions. She authored over 60 publications on referred national and international journals and books that witness her consolidated hybrid knowledge of the behavioural (conflicting) aspects of accounting, and of the need for more.
Margaret Woods is Emeritus Professor of Accounting and Risk Management at the Aston Business School, Aston University, UK. She is Founder of the European Risk Research Network. Margaret Woods's wide publications on risk management topics are considered as cornerstones for scholars and researchers all over the world.
Claudia Zagaria is an Assistant Professor in Accounting at the Department of Economy, University of Campania “Luigi Vanvitelli”. Her research interests cover the areas of risk reporting and risk management systems, management accounting, social and environmental disclosure, accounting due process and going concern. She published articles in referred international journals, national journals, monographs and books chapters published by referred international editors. Claudia Zagaria can be contacted at email@example.com.
List of Contributors
|Diego Alcoceba Álvarez||EY Spain, Spain|
|Dimitris Apostolidis||KPMG, Greece|
|Caroline Aubry||Paul Sabatier University (Toulouse III), France|
|Graça Azevedo||University of Aveiro Portugal|
|Bogdan Buczkowski||University of Łódź, Poland|
|Raffaela Casciello||University of Naples Federico II, Italy|
|Jason Crawford||Uppsala University, Sweden|
|Nicola Dalla Via||Free University of Bozen-Bolzano, Italy|
|Valdonė Darškuvienė||ISM University of Management and Economics, Lithuania|
|Mirjam Durrer||Lucerne School of Business, Switzerland|
|Clelia Fiondella||University of Campania “Luigi Vanvitelli”, Italy|
|Georgios Grammenidis||KPMG Germany|
|Mohamed Taieb Hamadi||Toulouse School of Management, France|
|Manuel Giralt Herrero||EY Spain, Spain|
|Martin R. W. Hiebl||University of Siegen, Germany; Johannes Kepler University Linz, Austria|
|Stefan Hunziker||Lucerne School of Business, Switzerland|
|Constantinos Lefcaditis||KPMG, Greece|
|Marco Maffei||University of Naples Federico II, Italy|
|Irma Malafronte||Roehampton Business School, Roehampton University, UK|
|Emmanuel Markakis||KPMG, Greece|
|Catherina Di Paolantonio Martorell||EY Spain, Spain|
|Anita Meidell||Norwegian School of Economics, Norway|
|Anette Mikes||University of Oxford, UK|
|Vilma Nasteckiene||Holistic Enterprise©; ISM University of Management and Economics, Lithuania|
|Fredrik Nilsson||Uppsala University, Sweden|
|Jonas Oliveira||ISCTE-IUL Business School, Portugal|
|Sami El Omari||Toulouse Business School, France|
|John Pereira||Kingston Business School, Kingston University, UK|
|Cláudia Pinto||Polytechnic Institute of Viana do Castelo, Portugal|
|Paola Radaelli||ANRA, Italy|
|George Raounas||KPMG, Greece|
|Kjell Ove Røsok||Norwegian School of Economics, Norway|
|Edvinas Samys||Vytautas Magnus University (VMU), Lithuania|
|Rosanna Spanò||University of Naples Federico II, Italy|
|Margaret Woods||Aston University, UK|
|Claudia Zagaria||University of Campania “Luigi Vanvitelli”, Italy|
I am delighted to write the preface to this book on ERM in Europe. The book is powerful evidence that academic research on risk management in Europe is alive and well. Amazingly, it is now over a decade since, with a small group of academics from the UK, Italy and Germany, I founded the European Risk Research Network. Funding from the EU allowed us to organize a series of annual conferences across Europe that served to facilitate networking amongst existing researchers and introduce young academics to this fascinating field. It is great to see that such work continues to thrive.
One of the key contributions of the book is its geographic breadth of coverage. Nonetheless, the story that emerges from across Europe is a universal one: despite the fact that it is almost 20 years since the COSO ERM framework was first issued, companies continue to struggle to implement ERM. The main challenge seems to be its integration into the DNA of the organization, so that risk-based thinking penetrates the culture, strategic planning and decision making at all levels.
Regulation across most countries has served to push organizations into adopting some form of ERM, but the degree of maturity of systems is widely variable. In places like Norway and the Netherlands, it would seem that ERM is relatively well developed, although there is a recognition that systems remain immature and in need of further improvement. In contrast, companies in Poland and Greece are perhaps behind the curve in developing their thinking on risk management, especially in non-financial sectors. For many, risk management remains a compliance issue and reflects a silo-based mindset that is in direct conflict with the organizational breadth implicit in ERM.
Large listed companies appear to lead the way on ERM, although even then there are few that integrate risk thinking into the wider stakeholder perspective on planning. Linking ERM to sustainability remains something in the future for most organizations. This book includes some interesting and useful examples of how risk management practice is evolving.
One very clear message from the book is that ERM is a concept that is well defined in terms of regulation, but open to very widespread interpretation in practice. National contexts, corporate history, and industrial sectors all serve to influence how risks are managed, and ERM interpreted. A proliferation of associations and networks for risk managers exist across Europe to help in the exchange of ideas and new initiatives but risk management remains a practice that is organizationally specific. Unsurprisingly, therefore, the book also confirms that evidence on the impact of ERM on company performance and shareholder value remains unclear. There is clearly much research that remains to be done, and I look forward to reading more work from this book's authors in the future.
Studying Risk Management in Europe
The contributors of this book set out to document, understand and explain risk management practices (codified under the acronym ERM, Enterprise Risk Management, by corporate governance advocates) and to influence the theory and practice of risk management in organizations. The study and teaching of risk management in a business context is important, as the “risk universe” that surrounds corporations and influences their success (and indeed, survival) has expanded significantly, from financial and operational concerns to risks related to culture, reputation and sustainability. The foundational and shared assumption of this volume, underlying all its chapters, is that risk management as a discipline could help organizations and managers run their businesses better and avoid idiosyncratic pitfalls, and that it could help organizations and society solve important and vexing social problems that no organization can tackle alone. However, risk management has its own risks and, as a field, it needs a good deal more self-reflection and a critical understanding of the conditions of its own successes and failures.
The volume focuses on the study of risk management within the paradigm of accounting and management control systems. Management controls have been shown not only to monitor performance in organizations but also to empower them to innovate and navigate uncertainty. But while risk management practices have been proliferating, the failures in risk oversight – some of them globally disastrous – keep on coming. The book highlights that an important reason for this apparent failure of risk management could be the “lack of coordination” between enterprise risk management (ERM) and governance processes – calling for “integration between ERM and accounting practices”.
So why is the operationalization of ERM so far from realizing the promised benefits of the discipline? The book provides important empirical evidence across different countries in Europe that allows us to reflect on the contextual dependencies and conditions of risk management's failures (and successes). We get a sense of the varied forms, effects and contexts of risk-management practice, both in corporate and public settings. Overall, the studies confirm that risk management has to be contingent on, and tailored to, the conditions it is deployed in.
The unique pan-European reach of the studies collected in this volume is the first study to capture the contextual variation in ERM across 13 countries, brought about by the varied domestic economic conditions, cultural, academic and professional developments, and last but not least, the diverse legal and regulatory frameworks. Second, the contributors attempt at a closer look at the maturity and spread of risk management practices, collectively revealing a gap between the general practices and aspirations of ERM. Instead of being a strategically central, interactively used control practice, in more than half (seven) of the sampled 13 countries, ERM attracts “mixed level of engagement” in corporate governance and accounting practices, with a focus on compliance with internal control and audit practices. Yet in six countries, research attests to an “increasing focus on strategic risk management”, which raises important challenges for risk managers who will need to construct the specific risk management tools, principles and processes in deliberating, measuring, acting on and reporting an ever-widening universe of risks.
As a researcher, teacher and observer of risk management practices, I have to admit it still remains a challenge to define the phenomenon of risk management. Are these the control practices that are explicitly called “risk management” (and/or labelled as “ERM”) by the executives who design and implement them? Certainly, in the financial services industry, risk-management practices are more clearly identifiable due to regulatory and corporate governance imperatives to create a specialist staff function headed by a chief risk officer (CRO). There I (and many others) have observed the variation in senior risk officers' attitudes to risk modeling and in the resulting instrumentation of risk management. Elsewhere, the job of identifying risks and helping business lines manage them falls not only to risk specialists, but also to internal auditors, strategic planners, finance staff, management accountants, and importantly, to the business lines. Given the evolving nature of risk control, it is unclear which of the tools and practices now in use will ultimately make up a common body of knowledge that can define the (future) profession of risk management. Risk management may indeed evolve into an “umbrella function” for the discussion of certain kinds of risk. Its advocates, the risk managers, may gain control of important organizational agendas, such as planning, resource allocation, and reward systems and be able to standardize tools and reports that allow their companies to manage universal risk concerns. On the other hand, risk management may remain highly contingent on situational politics, opportunities, and demands, “plugging” the control gaps left unaddressed by other control agents. Either way, its survival or failure depends on whether risk managers succeed in making their function both seem and be important to the control agents and processes already in place.
This book underlines a lesson I have learnt in my first 10 years of doing intensive fieldwork in organizations, and adds an international dimension to it: Risk management is neither universally beneficial nor indifferent to managerial practice – its contribution is contingent. The essence of a contingency theory of risk management is to find “fit” between contingent factors and firms' risk-management practices, and to establish propositions of fit that will result in desired outcomes. Moving towards a contingency theory requires a more sophisticated understanding of not only the nature of relevant contingencies, but also the nature of risk management itself. Building on a growing strand of field-based studies, including the research presented in this volume, we could propose a practice-based definition of risk management with more confidence:
Risk management consists of active and intrusive processes that (1) are capable of challenging existing assumptions about the world within and outside the organization; (2) communicate risk information with the use of distinct tools (such as risk maps, stress tests, and scenarios); (3) collectively address gaps in the control of risks that other control functions (such as internal audit and other boundary controls) leave unaddressed; and, in doing so, (4) complement—but do not displace—existing management control practices.
While some risk management frameworks suggest that risk managers should focus mainly on operational risks (as an enhancement of the internal audit process), others suggest that the risk-management mix should focus mainly on strategy execution risks (COSO, 2004 1 ; International Standards Organization, 2009 2 ). This book and previous studies suggest that risk management will be most effective when it matches the organization's context and circumstances.
Yet even a world-class, thoughtfully tailored risk management system cannot prepare a company for everything. Some risks are so remote that any individual manager or group of managers could never imagine them. And even when firms envision a far-off risk, it may seem so improbable that they are unwilling to invest in the capabilities and resources to cope with it. Such distant threats, “novel risks”, cannot be managed by following a standard playbook. Future research – and much ingenuity from practitioners! – are needed to explore the defining characteristics of these risks, explain how to detect whether they've materialized, and then describe how to mobilize resources and capabilities to mitigate their impact. The current challenging environment will offer therefore important lessons about the strengths, weaknesses and the potential still unrealized in contemporary risk management practices. Finally, in the context of the Purposeful Company movement and climate-risk and sustainability concerns, the remit of risk management is being expanded, which again calls for ongoing critical and field-based research on its continually emerging instrumentation, processes and ability to address the global challenges we are facing.
Oxford, 21 September, 2020.
Committee of Sponsoring Organizations of the Treadway Commission (COSO), Enterprise Risk Management Framework, 2004.
International Standards Organisation (ISO), ISO 31000:2009, Risk Management—Principles and Guidelines, 2009.
- Chapter 1 Enterprise Risk Management in France
- Chapter 2 Enterprise Risk Management in Germany
- Chapter 3 Enterprise Risk Management in Greece
- Chapter 4 Enterprise Risk Management in Italy
- Chapter 5 Enterprise Risk Management in Lithuania
- Chapter 6 Enterprise Risk Management in the Netherlands
- Chapter 7 Enterprise Risk Management in Norway
- Chapter 8 Enterprise Risk Management in Poland
- Chapter 9 Enterprise Risk Management in Portugal
- Chapter 10 Enterprise Risk Management in Spain
- Chapter 11 Enterprise Risk Management in Sweden
- Chapter 12 Enterprise Risk Management in Switzerland
- Chapter 13 Enterprise Risk Management in the United Kingdom
- Chapter 14 Enterprise Risk Management in Practice: A European Perspective
- Chapter 15 Enterprise Risk Management Across Europe