Emerald Publishing Limited
Copyright © 2018, Emerald Publishing Limited
Roles and actors in risk governance
Introduction and background of the special issue
Risk governance has been highlighted as a relevant issue at the economic and political levels for over a decade now (Renn, 2008; van Asselt and Renn, 2011), but more recently, it has also been conceptualized for corporations (Stein and Wiedemann, 2016). According to Stein and Wiedemann (2016), risk governance centers on four tasks:
the design of risk models;
the determination of model risks;
research and development on risk issues; and
risk consultancy for top management.
The basic rationale of such risk governance is that the risk landscape of a corporation has to be captured holistically and circulated to the top management as the final decision-makers on corporate strategy. This view suggests that risks should be put on the radar screen at the strategic level rather than filtered out at more operational levels.
Given these principal objectives, risk governance proponents claim that risk governance may close the gap between the “institutionally oriented field of corporate governance and the methodologically oriented area of risk management” (Baule and Fandel, 2016, p. 809), and should be institutionalized in addition to the existing corporate functions of risk management, internal auditing, compliance and corporate governance. While there is some evidence that gives credence to the importance of risk governance (Aebi et al., 2012; Lundqvist, 2015), the application of risk governance in corporate practice seems to be still in its infancy (Cohen, 2015; Mongiardino and Plath, 2010; Stein and Wiedemann, 2018). This limited explicit practical application may be because of the existence of other important corporate functions, such as risk management. Many large firms have established separate risk management departments that are mostly accepted as process specialists in terms of risk identification and mitigation (Colquitt et al., 1999; Kleffner et al., 2003; Mikes, 2009). However, dealing with viability-related risks in corporations is no longer purely operative, as it not only takes place in isolated functions, and thus, it should include a broad involvement of employees. Dealing with such risks, therefore, requires a widespread range of actors involved in risk governance, embedded in a corporation-wide risk culture (Stein and Wiedemann, 2016, 2018).
So far, it mostly remains an open question as to how corporations can and do institutionalize more general risk governance tasks and which actors may take care of them. On the one hand, such institutionalization would require actors that support the risk governance approach and put it into practice (Gatzert and Schmit, 2016), whereas on the other hand, the institutionalization of risk governance would require the definition of organizational roles that handle risk governance tasks, including role content, role competences and role accountability (Biddle, 1986). In addition, it would also be necessary to allocate these roles to respective actors. Given the paramount importance of actors and the roles they obtain in processes of institutionalization (Barley and Tolbert, 1997; Burns and Scapens, 2000; Quinn and Hiebl, 2018), a closer understanding of roles and actors is necessary in furthering our understanding of risk governance.
It is against this backdrop that we developed the idea for this Journal of Risk Finance special issue on roles and actors in risk governance. The genesis of the special issue was the fifth Annual Conference on Risk Governance, held in October 2017 at the University of Siegen, Germany. This annual conference originates from the risk governance research group at the University of Siegen, which aims to offer an interdisciplinary view on risk governance. While prior editions of the conference have focused on the more general applications of risk governance in practice and some special issues have resulted from these conferences (see the editorials by Baule and Fandel, 2016; Hiebl et al., 2018), the 2017 edition specifically focused on roles and actors in risk governance. A number of papers presented at this fifth Annual Conference on Risk Governance have been selected for publication in this special issue, and in the next section, we introduce and discuss the relevance of these papers. We then chart some important avenues for future research on roles and actors in risk governance, and in the final section, we offer some conclusions and acknowledge actors without whom this special issue would not have been possible.
Papers included in this special issue
Before discussing the individual papers in this special issue, we would like to note their diversity. With authors from institutions in Asia, Europe and North America, our special issue underpins the global relevance of research on risk governance. But the special issue is not only diverse in geographical terms, but also regarding the research methods applied. In fact, the five papers included in this issue have drawn on five different methodological approaches to studying roles and actors in risk governance. The special issue features a qualitative case study (Agarwal and Kallapur, 2018), empirical-archival research (Gupta and Prakash, 2018), a survey study (Pratono, 2018), a meta-analysis (Sassen et al., 2018) and a study based on a laboratory experiment (Schedlinsky et al., 2018). This issue, thus, shows the variety of methods and underlying paradigms that can further our understanding of risk governance in a corporate context.
The paper by Agarwal and Kallapur (2018) examines how risk culture – an important ingredient of risk governance (Stein and Wiedemann, 2016) – changed in financial institutions after the 2008 financial crisis. To do so, the paper draws on systems theory and an in-depth case study of a UK insurance company. The findings by Agarwal and Kallapur (2018) highlight that to change risk culture and risk governance effectively, the interplay and communication between various actors is important, rather than a focus on one type of actor. In addition, the paper also identifies the steps necessary to arrive at such change, which delivers interesting insights for practitioners facing similar needs for change.
Another paper that is positioned in the aftermath of the 2008 financial crisis is the study by Schedlinsky et al. (2018). After the crisis, regulators have widely suggested non-monetary mechanisms to complement incentive schemes in preventing excessive risk taking in the financial services industry, with risk-sensitizing codes of conduct and justification schemes being two of these non-monetary mechanisms. Based on a laboratory experiment with business students, Schedlinsky et al. (2018) examine the effectiveness of these two non-monetary mechanisms and find that when used in isolation, both mechanisms lower risk-taking. However, Schedlinsky et al.’s (2018) results also suggest that the two mechanisms do not work well in tandem, which rather makes them substitutes and not complements. These findings suggest that control elements need to be well balanced to direct actors’ risk-taking behavior as desired and, thus, to arrive at a sound risk governance.
The paper by Gupta and Prakash (2018) also focusses on risk governance in the financial services industry, by comparing the risk-taking of two types of holding companies:
holding companies that feature banking activity and insurance underwriting; and
stand-alone bank holding companies.
As these two types of holdings differ significantly in terms of their overall risk governance setup, Gupta and Prakash (2018) expect and find that bank holding companies that also underwrite insurance risk exhibit lower levels of discretionary accruals. This signals that such holding companies have less volatile earnings and do not need to engage that much in earnings management with the help of discretionary accruals, when compared with pure-play bank holding companies. In addition, Gupta and Prakash (2018) also find that good risk governance can further reduce the level of discretionary accruals in holding companies featuring both banking and insurance activity, which underpins the important role of effective risk governance in the financial services industry.
A decisive group of actors in establishing such effective risk governance is the board of directors (Stein and Wiedemann, 2016), which is the focus of Sassen et al.’s (2018) study. Using meta-analytical procedures, they analyze the effect of directors working on more than one board committee (i.e. committee overlap) on the monitoring effectiveness of boards of directors. Sassen et al. (2018) report that across their sample of prior empirical studies, there is no significant correlation between committee overlap and monitoring effectiveness. However, they find that in certain settings such as common law legal systems, committee overlap and monitoring effectiveness show significant associations. These findings imply that when designing effective risk governance structures, solutions need to be adapted to the institutional and legal setting and cannot readily be transferred across different environments.
The importance of considering the corporate environment when establishing a sound risk governance is further supported by the paper by Pratono (2018). This author draws on a survey of Indonesian small- and medium-sized firms to analyze the effect of owner-managers’ risk-taking behavior on firm performance in environments of technological turbulence. While a number of prior studies have found positive associations between small business owner-managers’ risk-taking behavior and firm performance, Pratono’s (2018) findings qualify such prior results by indicating that the risk-taking-behavior–performance relationship is weaker when technological turbulence is high. Such technological turbulence may make innovations that were once sources of small businesses’ success less relevant or entirely irrelevant. This is why Pratono (2018) suggests that small businesses also need to establish sound risk governance to ensure sustainable development (Stein and Wiedemann, 2016; Stein et al., 2018).
Collectively, the papers included in this special issue all underpin the relevance of sound risk governance for various outcomes, including firm performance, monitoring effectiveness, lower earnings volatility and curbing employee risk-taking. They also indicate that interaction between various actors in risk governance is decisive for arriving at these outcomes. At the same time, this special issue shows that the routes to such often-desired outcomes differ substantially across firms and legal settings. Consequently, it seems that the design and implementation of appropriate risk governance is very much dependent on the respective organization’s context (Stein and Wiedemann, 2016). Given that there is a multitude of different contextual settings in organizational practice, we are convinced that there remains a multitude of research opportunities to understand better the roles and actors in risk governance in various contexts just as well. We shall elaborate on some of these opportunities in the next section.
Suggestions for further research
While there certainly remain many avenues for future research on risk governance, the following topics seem most pressing from our perspective. Thus, the following list of research opportunities and questions cannot be considered comprehensive, but instead represents a subjective view (Quinn et al., 2018) while hopefully offering some inspiration for researchers interested in risk governance.
Influential actors in risk governance.
Existing research has already highlighted some influential actors in risk management and risk governance (Aebi et al., 2012; Arena et al., 2010, 2017; Hall et al., 2015; Mikes, 2011). Some of the papers included in this issue have contributed to the extant literature by investigating classes of influential actors such as board members (Sassen et al., 2018), owner-managers (Pratono, 2018) or chief risk officers (Agarwal and Kallapur, 2018). Despite these advances, more explicit investigation of influential actors that may shape the application of holistic risk governance approaches is still scarce. Such research would be necessary not only for furthering our understanding of risk governance dynamics, but may also yield valuable insights for practice on how risk governance may be changed or implemented in the first place. Questions that could be addressed by such research include the following:
Which types of actors are most suitable as role takers and which as role makers in regard to risk governance and why?
Do dominant actors in risk governance change over time, and if so, why and how?
How can actors become influential in risk governance and what are the effects of such increased influence?
How do these influential actors interact with other actors at the organizational and political/economic levels (Dillard et al., 2004) in shaping their organization’s risk governance?
The context of roles and actors in risk governance.
As discussed above, the papers included in this special issue collectively indicate that risk governance may play out differently in various contexts. A better understanding of risk governance in contexts that are widespread in business practice therefore seems desirable. For instance, family firms usually differ from non-family firms in terms of their risk appetites (Hiebl, 2013), which may be a prime reason why family firms have been found elsewhere to apply holistic risk management approaches to a lower degree than non-family firms (Hiebl et al., 2018). However, there is also evidence indicating that owner managers or family managers more generally may perform effective risk governance much more informally in comparison with their peers from non-family firms (Gao et al., 2013; Herbane, 2010; Poba-Nzaou et al., 2014). This is why more explicit research attention on how family actors shape risk governance in family firms seems useful. Similar to these considerations, we may also theorize that firms from different industries are more or less likely to attach high value to risk governance (Stein and Wiedemann, 2016), and small firms may differ from larger firms given various levels of resource availability (Falkner and Hiebl, 2015). Consequently, we call for research that examines the peculiarities of how actors influence risk governance in contexts such as family firms, specific industries and small firms.
Interaction of actors in shaping risk governance.
The findings presented by Agarwal and Kallapur (2018) in this special issue show that a concerted interplay between various actors seems necessary when establishing more effective risk governance and changing risk culture in the financial services industry. However, related research reports suggest that despite various efforts by regulators, risk management systems in the financial services sector are still “fundamentally flawed” (Lim et al., 2017, p. 76 ). Lim et al. (2017) ascribe such flaws to power imbalances between the three lines of defense, a model which suggests that for effective risk management, three lines of defense should contribute to managing risks: the first line is the front-office staff and top managers, the second line represents the control functions and the third line is the internal audit function (Institute of Internal Auditors, 2013). The findings by Lim et al. (2013) suggest that in financial-service firms, the control functions often still lack sufficient internal power to effectively challenge more powerful front-office staff, making the risk management systems in such firms ineffective. These findings imply that more research attention should be given to power and politics in shaping effective risk governance. While power and politics have been the subject of other strands of finance and accounting research (Hiebl, 2018; Markus and Pfeffer, 1983), their role has not yet been sufficiently analyzed in research on risk governance. Interesting questions for future research include the following:
Which actors are dominant in shaping risk governance in various types of firms and what are the implications of such dominance?
What degree of independence from top management is appropriate for the actors in risk governance and how can such actors be empowered?
How can power imbalances between the three lines of defense be reduced in order to create more effective risk governance?
How can risk governance roles be aligned to powerful actors’ more generalist role sets, such as top managers and directors?
Institutionalization of risk governance.
The above three broader fields for future research have mostly centered on the antecedents of effective risk governance related to actors and the roles they obtain. That is, they relate to the basic question of how effective risk governance can be institutionalized. This very process of institutionalizing risk governance is, however, not well understood so far. This is why future research is needed to analyze the details or micro-dynamics of institutionalization processes in risk governance. Such research could be informed by various strands of institutional theory such as structuration theory (Giddens, 1984), new institutional sociology (DiMaggio and Powell, 1983), institutional entrepreneurship (Battilana et al., 2009) and organizational routines (Feldman and Pentland, 2003). Such institutional views have already been shown to function well as theoretical frames for other phenomena in finance and accounting (Englund et al., 2011; Hiebl, 2018; Quinn, 2011, 2014; Ribeiro and Scapens, 2006), and we believe they would suit the risk governance phenomenon just as well. Interesting research questions would be:
What (micro-)dynamics need to be mobilized by actors to change risk governance?
Which structuration logic can be applied to link the risk identification at operative levels with the business model decisions at the strategic level?
How can personal accountability in respect to risk governance task fulfillment be institutionalized?
Is the appropriate resulting type of risk governance institutionalization a centralistic type, a fully delegated type or a network type, and which actors take which type-compatible roles?
How are alternative types of risk governance institutionalization related to risk governance effectiveness and firm performance?
Concluding comments and acknowledgements
As discussed above, we view research on roles and actors in risk governance to be embryonic, and thus, many attractive opportunities for further research remain. We believe this special issue illuminates some important aspects of roles and actors in risk governance and we hope that it will ignite further research in this field.
Of course, the special issue would not have been possible without the support of many people. First, the authors would like to thank Bonnie Buchanan, editor-in-chief of The Journal of Risk Finance, for supporting this special issue. They also thank Claudia Knight and Valerie Robillard from Emerald for their assistance in administrating the special issue and the review process. This latter process would not have been possible without the help of the following external reviewers, who the authors owe their gratitude for giving away freely their time to provide highly constructive and cogent reviews:
Martin Angerer, University of Liechtenstein, Liechtenstein;
Yevgen Bogodistov, Frankfurt School of Finance and Management, Germany;
Tami Dinh, University of St. Gallen, Switzerland;
Sheila Donohoe, Waterford Institute of Technology, Ireland;
Susanne Durst, University of Skövde, Sweden;
Martin Eling, University of St. Gallen, Switzerland;
Bernhard Gärtner, Johannes Kepler University Linz, Austria;
James W. Kolari, Texas A&M University, the USA;
Marc Lenglet, NEOMA Business School, France;
Leen Paape, Nyenrode Business University, The Netherlands;
Jannes Rauch, University of Cologne, Germany;
Anja Schwering, Ruhr-Universität Bochum, Germany;
Veit Wohlgemuth, Hochschule für Technik und Wirtschaft Berlin, Germany; and
Arnt Wöhrmann, University of Gießen, Germany.
Finally, it is of course the authors of the published papers that have made this special issue possible. They have worked hard to improve their research in response to the suggestions by reviewers and our editorial comments. The authors hope that their efforts pay off in terms of increased awareness of the importance of roles and actors in risk governance.
Aebi, V., Sabato, G. and Schmid, M. (2012), “Risk management, corporate governance, and bank performance in the financial crisis”, Journal of Banking and Finance, Vol. 36 No. 12, pp. 3213-3226.
Agarwal, R. and Kallapur, S. (2018), “Cognitive risk culture and advanced roles of actors in risk governance: a case study”, The Journal of Risk Finance, this issue, doi: 10.1108/JRF-11-2017-0189.
Arena, M., Arnaboldi, M. and Azzone, G. (2010), “The organizational dynamics of enterprise risk management”, Accounting, Organizations and Society, Vol. 35 No. 7, pp. 659-675.
Arena, M., Arnaboldi, M. and Palermo, T. (2017), “The dynamics of (dis) integrated risk management: a comparative field study”, Accounting, Organizations and Society, Vol. 62, pp. 65-81.
Barley, S.R. and Tolbert, P.S. (1997), “Institutionalization and structuration: studying the links between action and institution”, Organization Studies, Vol. 18 No. 1, pp. 93-117.
Battilana, J., Leca, B. and Boxenbaum, E. (2009), “How actors change institutions: towards a theory of institutional entrepreneurship”, Academy of Management Annals, Vol. 3, pp. 65-107.
Baule, R. and Fandel, G. (2016), “Editorial”, Journal of Business Economics, Vol. 86 No. 8, pp. 809-811.
Biddle, B.J. (1986), “Recent developments in role theory”, Annual Review of Sociology, Vol. 12 No. 1, pp. 67-92.
Burns, J. and Scapens, R.W. (2000), “Conceptualizing management accounting change: an institutional framework”, Management Accounting Research, Vol. 11 No. 1, pp. 3-25.
Cohen, M.S. (2015), “Governance as the driver of culture change and risk management”, Journal of Risk Management in Financial Institutions, Vol. 8 No. 4, pp. 347-357.
Colquitt, L.L., Hoyt, R.E. and Lee, R.B. (1999), “Integrated risk management and the role of the risk manager”, Risk Management and Insurance Review, Vol. 2 No. 3, pp. 43-61.
Dillard, J.F., Rigsby, J.T. and Goodman, C. (2004), “The making and remaking of organization context: duality and the institutionalization process”, Accounting, Auditing and Accountability Journal, Vol. 17 No. 4, pp. 506-542.
DiMaggio, P.J. and Powell, W.W. (1983), “The iron cage revisited: collective rationality and institutional isomorphism in organizational fields”, American Sociological Review, Vol. 48 No. 2, pp. 147-160.
Englund, H., Gerdin, J. and Burns, J. (2011), “25 years of giddens in accounting research: achievements, limitations and the future”, Accounting, Organizations and Society, Vol. 36 No. 8, pp. 494-513.
Falkner, E.M. and Hiebl, M.R.W. (2015), “Risk management in SMEs: a systematic review of available evidence”, The Journal of Risk Finance, Vol. 16 No. 2, pp. 122-144.
Feldman, M.S. and Pentland, B.T. (2003), “Reconceptualizing organizational routines as a source of flexibility and change”, Administrative Science Quarterly, Vol. 48 No. 1, pp. 94-118.
Gao, S.S., Sung, M.C. and Zhang, J. (2013), “Risk management capability building in SMEs: a social capital perspective”, International Small Business Journal, Vol. 31 No. 6, pp. 677-700.
Gatzert, N. and Schmit, J. (2016), “Supporting strategic success through enterprise-wide reputation risk management”, The Journal of Risk Finance, Vol. 17 No. 1, pp. 26-45.
Giddens, A. (1984), The Constitution of Society: Outline of the Structuration Theory, Cambridge, Polity Press.
Gupta, M. and Prakash, P. (2018), “Impact of underwriting insurance risk on bank holding company behavior”, The Journal of Risk Finance, doi: 10.1108/JRF-11-2017-0191.
Hall, M., Mikes, A. and Millo, Y. (2015), “How do risk managers become influential? A field study of toolmaking in two financial institutions”, Management Accounting Research, Vol. 26, pp. 3-22.
Herbane, B. (2010), “Small business research: time for a crisis-based view”, International Small Business Journal, Vol. 28 No. 1, pp. 43-64.
Hiebl, M.R.W., Baule, R., Dutzi, A., Menk, M.T., Stein, V. and Wiedemann, A. (2018), “Risk governance im mittelstand: eine einführung der gastherausgeber”, Zeitschrift Für KMU Und Entrepreneurship, Vol. 66 No. 1, pp. 1-11.
Hiebl, M.R.W. (2013), “Risk aversion in family firms: what do we really know?”, The Journal of Risk Finance, Vol. 14 No. 1, pp. 49-70.
Hiebl, M.R.W. (2018), “Management accounting as a political resource for enabling embedded agency”, Management Accounting Research, Vol. 38, pp. 22-38.
Hiebl, M.R.W., Duller, C. and Neubauer, H. (2018), “Enterprise risk management in family firms: evidence from Austria and Germany”, The Journal of Risk Finance, doi: 10.1108/JRF-01-2018-0003.
Institute of Internal Auditors (2013), The Three Lines of Defense in Effective Risk Management and Control, The Institute of Internal Auditors, Altamonte Springs.
Kleffner, A.E., Lee, R.B. and McGannon, B. (2003), “The effect of corporate governance on the use of enterprise risk management: evidence from Canada”, Risk Management and Insurance Review, Vol. 6 No. 1, pp. 53-73.
Lundqvist, S.A. (2015), “Why firms implement risk governance – stepping beyond traditional risk management to enterprise risk management”, Journal of Accounting and Public Policy, Vol. 34 No. 5, pp. 441-466.
Markus, M.L. and Pfeffer, J. (1983), “Power and the design and implementation of accounting and control systems”, Accounting, Organizations and Society, Vol. 8 Nos 2/3, pp. 205-218.
Mikes, A. (2009), “Risk management and calculative cultures”, Management Accounting Research, Vol. 20 No. 1, pp. 18-40.
Mikes, A. (2011), “From counting risk to making risk count: boundary-work in risk management”, Accounting, Organizations and Society, Vol. 36 Nos 4/5, pp. 226-245.
Mongiardino, A. and Plath, C. (2010), “Risk governance at large banks: have any lessons been learned?”, Journal of Risk Management in Financial Institutions, Vol. 3 No. 2, pp. 116-123.
Poba-Nzaou, P., Raymond, L. and Fabi, B. (2014), “Risk of adopting mission-critical OSS applications: an interpretive case study”, International Journal of Operations and Production Management, Vol. 34 No. 4, pp. 477-512.
Pratono, A.H. (2018), “Does firm performance increase with risk-taking behavior under information technological turbulence? Empirical evidence from indonesian SMEs”, The Journal of Risk Finance, doi: 10.1108/JRF-10-2017-0170.
Quinn, M. (2011), “Routines in management accounting research: further exploration”, Journal of Accounting and Organizational Change, Vol. 7 No. 4, pp. 337-357.
Quinn, M. (2014), “Stability and change in management accounting over time – a century or so of evidence from guinness”, Management Accounting Research, Vol. 25 No. 1, pp. 76-92.
Quinn, M. and Hiebl, M.R.W. (2018), “Management accounting routines: a framework on their foundations”, Qualitative Research in Accounting and Management, forthcoming, doi: 10.1108/QRAM-05-2017-0042.
Quinn, M., Hiebl, M.R.W., Moores, K. and Craig, J.B. (2018), “Future research on management accounting and control in family firms: suggestions linked to architecture, governance, entrepreneurship and stewardship”, Journal of Management Control, Vol. 28 No. 4, pp. 529-546.
Renn, O. (2008), Risk Governance: Coping with Uncertainty in a Complex World, Earthscan, London, Sterling, VA.
Sassen, R., Stoffel, M., Behrmann, M., Ceschinski, W. and Doan, H. (2018), “Effects of committee overlap on the monitoring effectiveness of boards of directors: a meta-analysis”, The Journal of Risk Finance, doi: 10.1108/JRF-11-2017-0187.
Schedlinsky, I., Sommer, F. and Wöhrmann, A. (2018), “Influencing risk taking in competitive environments: an experimental analysis”, The Journal of Risk Finance, this issue, doi: 10.1108/JRF-11-2017-0193.
Stein, V. and Wiedemann, A. (2016), “Risk governance: conceptualization, tasks, and research agenda”, Journal of Business Economics, Vol. 86 No. 8, pp. 813-836.
Stein, V. and Wiedemann, A. (2018), “Risk governance: basic rationale and tentative findings from the German banking sector”, in Idowu, S.O., Sitnikov, C., Simion, D. and Bocean, C.G. (Eds), Current Issues in Corporate Social Responsibility: An International Consideration, Springer, Cham, pp. 97-110.
Stein, V., Wiedemann, A. and Wilhelms, J.H. (2018), “Integrative risikosteuerungsansätze für KMU: enterprise risk management versus risk governance”, Zeitschrift Für KMU Und Entrepreneurship, Vol. 66 No. 1, pp. 61-70.
van Asselt, M.B. and Renn, O. (2011), “Risk governance”, Journal of Risk Research, Vol. 14 No. 4, pp. 431-449.