Search results

There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation.

The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic.

The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives.

There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.

The high occurrence of procurement fraud requires the management of an enterprise, the risk manager of the enterprise and the internal auditor to address procurement fraud risks effectively within the enterprise risk management concept. The purpose of the article is to explain a procurement fraud risk management process which will serve as a comprehensive framework for enterprise risk managers and for internal auditors to limit the enterprise’s exposure to procurement fraud as far as possible. The study by Venter (2005) on which the article is based proposes a procurement fraud risk matrix which can be used to manage fraud risks within the procurement function efficiently. This matrix is based on the Committee of Supporting Organizations of the Treadway Commission’s (COSO’s) Enterprise Risk Management ‐Integrated Framework which is specifically applied to address the procurement fraud risk problem.

The present chapter tries to assess the state of art of enterprise risk management (ERM) among Portuguese non-financial companies regarding two main aspects: the ERM background in Portugal and the level of disclosure of ERM practices by non-financial listed companies. Since the analysis of disclosures is useful to understand the level of evolution and adoption of ERM framework we tried to assess the ERM practices disclosed by 26 Portuguese non-financial listed companies at the Euronext Lisbon Stock Exchange regulated market, during the period of 2006–2016. Main findings indicate that regulation on ERM in Portugal emanates from three main Codes (The Portuguese Companies Code, The Stock Exchange Code, and The Corporate Governance Code). The ERM professionalization in Portugal is its infancy and has been promoted mainly by the Institute of Portuguese Internal Auditors. Moreover, research on topics such as risk reporting and risk management/ERM is very scarce. Overall, findings of prior literature are consistent with results from our exploratory study. We conclude that Portuguese non-financial listed companies still disclose very little information on ERM activities. However, over the period of analysis, the disclosure practices evolved positively. Findings show that ERM disclosure can still be extensively improved in the future.

The Public Sector is usually assumed to have a risk avoidance culture, with a reactive rather than proactive approach towards the management. However, an improved holistic approach seems to be required, especially when considering the complexity and size of the Public Sector, and the challenges it faces to connect the services, clients and the different levels of governance.

Within this chapter, the authors lay out a maturity level evaluation of Governance, Risk Management and Compliance (GRC) within the Maltese Public Sector. Through documentation analysis of the available literature on the subject, the authors determine the principal themes required to develop an effective GRC practice across the Public Sector. The authors then design statements based on the identified GRC themes and administer it using an online survey tool to Public employees across different Ministries, Departments, Agencies and Entities, in order to obtain their perception. This is in order to determine gaps, weaknesses or limiting factors towards the implementation of an effective GRC.

The results show that, although, there is a substantial percentage of scepticism and few disagreements towards some of the statements, especially those which related to Risk Management (RM) and Internal Auditing (IA), the majority of Public Sector bodies do in fact show high standards of GRC practices integrated and present in their day-to-day operations and internal environment, showing that there is a well-developed Governance, Compliance and Control structure and Internal Audit function across the Sector.

However, the perception of participants is that the RM function is the least developed area. IA needs some improvement especially where trust on advice is involved.

This study investigates firm attributes (namely level of capitalisation, scope of operation, organisational structure, organisational lifecycle, systemic importance and size) affecting the robustness of enterprise risk management (ERM) practice, the extent to which ERM affects the performance of banks and the impact of ERM on the long-term sustainability of banks in Nigeria. This was against the backdrop that the 2012 banking reform was a major regulatory intervention that mainstreamed ERM in the Nigerian banking sector.

The study employed a mixed methodology of content, trend and quantitative analyses. Ex post facto research design was deployed to analyse performance differential of banks, with respect to the implementation of ERM, over a 10-year period (2008–2017). A disclosure checklist developed from the COSO ERM integrated framework was used to assess the robustness of ERM by content-analysing divulgence on risk management in published annual reports. The banking reform periods were dichotomised into pre- (2008–2012) and post- (2013–2017) reform periods. Jonckheere–Terpstra test, independent sample t-test and Mann–Whitney test were applied to analyse a total of 1,036 firm-year observations over the period 2008–2017.

Result shows that bank attributes significantly affecting the robustness of risk management practice are level of capitalisation, scope of operation, systemic importance and size. Performance of banks improved slightly during the post-2012 banking reform period. This suggests that as banks consolidate on the gains of ERM, benefits of the regulatory policy on risk management may be realised in the long run. Result also shows that ERM enhances long-term performance, connoting that effective risk management could serve as a competitive strategy for surviving turbulence that typically characterises the banking sector.

The emergence of level of capitalisation, scope of operation, systemic importance and size as determinants of ERM provides empirical evidence to support the practice of reviewing the capital requirements for banking business from time to time by regulatory authorities (i.e. recapitalisation policy) as a strategy for managing systemic risk. Top management of banks may consider instituting mechanisms that will ensure risk management is given prominence. A proactive approach must be taken to convert risks to opportunities by banks and other financial institutions, going forward, to cope with the vicissitudes of financial intermediation.

The originality of the study stems from the consideration that it provides some new insights into the impact of ERM on banks long-term sustainability in a developing country. The study also contributes to knowledge by exposing the factors determining the robustness of risk management practice. The study developed a checklist for assessing ERM practice from annual reports and other risk management disclosure documents. The paper also adds to the scarce literature on risk governance and risk management.

The purpose of this study is to examine the design and implementation of enterprise risk management (ERM) in three large Chinese state-owned enterprises and to develop propositions on integrating ERM, budgetary control system and cash flow stability approach.

This study adopts a field study approach to analyze the risk assessment and risk-return matching of ERM. A field study was carried out over three years from 2008 to 2011 in three Chinese state-owned enterprises. These companies were chosen because less attention has been given to the implementation of ERM in such firms.

First, the authors find that all three companies use budgetary control to identify risks, analyze each risk to determine the potential consequences, determine the acceptable levels of risk, develop a risk mitigation plan and monitor the activities in all business processes that may change the levels of risks continuously. Second, the companies focus on cash flow risks through budgetary control to ensure the stability of cash flows. Finally, the degree of intensity of using budgetary control institutionalization to design and implement ERM has a positive impact on the level of risk acceptance and risk assessment culture.

The findings of this study, however, should be interpreted with caution because this study was conducted in three Chinese state-owned enterprises. To increase the generalizability of the findings, future research is encouraged to replicate this study in different industries, as well as in different countries. Furthermore, future research might also examine the authors’ propositions using a large-scale survey across other regions of the world.

Companies can minimize resistance to change by using budgetary control institutionalization when implementing the ERM. State-owned enterprises can initiate and implement a new risk management system by identifying the potential risks and by developing a risk mitigation plan.

The results of this study will help companies, particularly state-owned enterprises, to improve their performance and become more competitive, which in turn will benefit the society as a whole by performing their risk driver identification, risk driver impact assessment, risk management actions and risk management optimization more effectively.

The authors investigate how the firms use a legitimate system, namely, budgetary control, that is widely accepted and used in China to foster the acceptance and use of ERM. The authors also develop testable propositions of ERM implementation and cash flow stability that will provide useful guidelines for future research.

The purpose of this paper is to appraise the current status of enterprise risk management (ERM) in the Gulf Co‐operation Council (GCC) oil and gas entities to develop a practical, region‐specific, and systematic action plan for the GCC oil and gas industry that can transform the existing ERM models to a mature and robust framework.

The paper reviews current relevant literature on Committee of Sponsoring Organization of the Treadway Commission ERM Framework; and enterprise wide risk framework within the precincts of the GCC oil and gas industry to identify the knowledge gaps which form the basis for the research questions. The paper then empirically investigates the GCC oil industry through six case studies, encompassing the six countries in the GCC (GCC comprising of Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and United Arab Emirates). The case study has focused by exploring the ERM system per se through comparative case studies to answer the research questions. The research questions and the work have been done from the perspective of the naturalistic (inductive) research paradigm.

This paper establishes the understanding of the current existing ERM models while identifying the determinants of ERM adoption and the most significant challenges for its implementation. Furthermore, the paper also develops the best practice approach for successful ERM implementation in the GCC oil and gas entities.

The use of a case study has been made precluding the use of other direct methods such as survey questionnaires. The analytical methods used are deductive and discursive in nature, limited to the nature of the methodology of case study used. Rigorous statistical methods could not be applied owing to the limitations of the case study method. The paper explores and compares the industry structure of oil and gas sector in GCC countries, for this purpose, only a few selected entities in the upstream and downstream oil and gas sector are discussed.

Although ERM is conceptually straightforward, its implementation in practice is not. Furthermore, ERM is accepted as a contemporary hot topic and also a board room priority in most industries. The present paper steers the way forward for an improved understanding of the ERM system in a strategic industry dealing with a strategic commodity.

There is a need for a proactive ERM program in the oil and gas industry and also a need for additional research especially in terms of its implementation. Nevertheless, an apparent caveat in the ERM system is that there is no standard approach to implementing and entities grapple with how they should go about putting together an ERM program. The findings provide useful and timely analysis of the GCC oil and gas industry from the perspective of implementation of an ERM framework which is contemporaneous business priority item in most entities in the GCC hydrocarbon sector.

This chapter presents an analysis illustrating the evolution of information systems’ development based on three interdependent phases. In the first period, information systems were mainly considered as a strictly technical discipline. Information technology (IT) was used to automate manual processes; each application was treated as a separate entity with the overall objective of leveraging IT to increase productivity and efficiency, primarily in an organizational context. Secondly, the introduction of networking capabilities and personal computers (instead of fictitious terminals) has laid the foundations for a new and broader use of information technologies while paving the way for a transition from technology to its actual use. During the second phase, typical applications were intended to support professional work, while many systems became highly integrated. The most significant change introduced during the third era was the World Wide Web, which transcended the boundaries of the Internet and the conventional limits of IT use. Since then, applications have become an integral part of business strategies while creating new opportunities for alliances and collaborations. Across organizational and national boundaries, this step saw a transformation of IT in the background. These new ready-to-use applications are designed to help end-users in their daily activities. The end-user experience has become an essential design factor.

This study aims to examine the effect of enterprise risk management (ERM) on financial performance and firm value, as well as the moderating role of environmental, social and governance (ESG) performance.

The samples in this study are listed companies in the ASEAN 5 (Indonesia, Malaysia, Philippines, Singapore and Thailand) during the years 2014–2018, with total observations of 680 firm-years. Fixed effect panel data regressions were used to test the hypotheses. The data was collected from Financial Report, Annual Reports and Thomson Reuters.

The results show that ERM has a positive significant effect on financial performance and firm value. This paper also finds that ESG has a significant moderating role in increasing the effect of ERM on firm value. Further, this paper divides the samples into sensitive and non-sensitive industries and find a significant moderating role of ESG performance on firm performance for sensitive industries.

Extant studies have not empirically examined the moderating role of ESG on the effect of ERM on firm performance and firm value. The findings have important implications in suggesting that firms need to analyze various threats and opportunities related to and ESG risks in achieving competitive advantage.

The purpose of this paper is to consolidate research in whistleblowing, wrongdoing prevention and enterprise risk management (ERM) frameworks with the goal of creating a more comprehensive and effective framework for the prevention of wrongdoings.

A gap analysis based on organizational learning theory (OLT) is performed between the research fields of whistleblowing, wrongdoing prevention and ERM to identify enhancements that are needed for effective wrongdoing prevention.

ERM is an incomplete framework for wrongdoing prevention which omits the components of prevention and learning. A culture of continuous learning is required to minimize the experience component of learning and maximizing sharing. Storytelling can be used to protect individuals and provide transparency. The stakeholder dimension must be expanded beyond the borders of the legal entity to include all stakeholders. Every stakeholder experiences the climate of wrongdoing prevention differently, and the evaluation of these different perspectives is essential in establishing a culture of prevention. Personal psychological safety is a critical element in empowering stakeholders to discuss and address wrongdoings. Standards established through professional associations enable innovations to diffuse more quickly throughout society than legislation. Standards and standard setting processes that are able to adapt to changes in societal expectations proactively help organizations to independently protect stakeholders. Global standards are needed to overcome incongruences between countries and cultures.

The effectiveness of a prevention framework is difficult to measure. Declining incidence of wrongdoing within an institution is an incomplete picture. Rare and severe types of wrongdoing, and their prevention throughout society should require a more concerted, centralized approach which could be modeled upon the health system’s national centers for disease prevention. By combining the dimensions of the learning organization questionnaire(Marsick and Watkins, 2003) and Whistleblowing and Wrongdoing statistics, organizations should be able to develop complex KPIs and be able monitor their development over time. Researchers should be able to use the same strategy to confirm the assertions made here will improve the safety and security of all stakeholders.

Organizations which use ERM frameworks may be unable to effectively prevent wrongdoings and protect stakeholders from the consequences of such wrongdoings. The shortcomings identified here provide specific clear points that organizations can address to be more effective in preventing wrongdoings. Any one of these actions and the scope of their impact within the organization and their environment represent substantial challenges for all stakeholders. Like the ascent of a great mountain, the planning of the each step taken and thorough understanding of the challenges faced along the path to each waypoint are essential to reach the summit and the achieve the objective.

This paper advocates for changes that may take decades or generations to fully accept: inter-organizational sharing; stronger use of guidelines instead of legislation; and enhanced transparency on all organizational levels. The resources required to drive change on this scale are considerable with the private sector and public sectors having unique needs and requiring potentially different approaches.

The novelty lies in the identification of shortcomings in ERM frameworks to effectively prevent wrongdoing, through the integration of OLT, Whistleblowing and Wrongdoing Literature and the COSO Enterprise Risk Management Framework.