Search results

This study aims to explore the relationship between risk governance characteristics (chief risk officer [CRO], chief financial officer [CFO] and senior directors [SENIOR]) and regulatory adjustments (RAs) in Organization for Economic Cooperation and Development public commercial banks.

Using principal component analysis (PCA) and regression models, the research analyzes a representative data set of these banks.

A significant negative correlation between risk governance characteristics and RAs is found. Sensitivity analysis on the regulatory Tier 1 capital ratio and the total capital ratio indicates mixed outcomes, suggesting a complex relationship that warrants further exploration.

The study’s limited sample size calls for further research to confirm findings and explore risk governance’s impact on banks’ capital structures.

Enhanced risk governance could reduce RAs, influencing banking policy.

The study advocates for improved banking regulatory practices, potentially increasing sector stability and public trust.

This study contributes to understanding risk governance’s role in regulatory compliance, offering insights for policymaking in banking.

In developing countries, how risk management technologies influence management accounting and control (MAC) practices is under-researched. By drawing on insights from institutional studies, this study aims to examine the multiple institutional pressures surrounding an entity and influencing its risk-based management control (RBC) system – that is, how RBC appears in an emerging market attributed to institutional multiplicity.

The authors used qualitative case study research methods to collect empirical evidence from a privately owned Egyptian insurance company.

The authors observed that in the transformation to risk-based controls, especially in socio-political settings such as Egypt, changes in MAC systems were consistent with the shifts in the institutional context. Along with changes in the institutional environment, the case company sought to configure its MAC system to be more risk-based to achieve its strategic goals effectively and maintain its sustainability.

This research provides a fuller view of risk-based management controls based on the social, professional and political perspectives central to the examined institutional environment. Moreover, unlike early studies that reported resistance to RBC, this case reveals the institutional dynamics contributing to the successful implementation of RBC in an emerging market.

This paper aims to explore the reporting challenges and related organisational mechanisms of change associated with disclosing corporate risks within integrated reports.

This paper adopts a Latourian performative approach to explore the organisational mechanisms of change in terms of networks of actors, both “human” and “non-human”, involved in the preparation of risk-related disclosure. Empirical evidence is collected by means of in-depth interviews with the preparers of an integrated reporting pioneer company.

Preparing disclosure on corporate risks in the context of integrated reporting demands close interaction among several actors. When disclosure shifts from listing key risks to providing information on how these risks are managed or connect with corporate strategy and value creation, departments not usually involved in corporate reporting play an active role and external stakeholders offer pertinent insights, benchmarks and feedback. Integrated reporting and risk management frameworks are the “non-human” actors that facilitate the engagement of diverse “human” actors.

Preparers should be aware that risk disclosure within integrated reports requires collaboration among (“human”) actors belonging to different departments and the engagement of external stakeholders. Preparers should consider the frameworks of integrated reporting and risk management as facilitators of cross-departmental discussions and dialogue, rather than mere contributors of guidelines and recommendations.

This study enriches the scant literature on organisational mechanisms of change made in response to integrated reporting challenges, showing subsequent advancements in the organisational process underlying the preparation of risk disclosure.

Even though every decision a leader makes carries an element of risk, no review on the topic of leadership and risk has appeared in highly-ranked management journals in the past 20 years. This is in contrast to the discipline of psychology in which leadership and risk receives considerable attention, particularly in the field of heroism studies. In the context of the established body of research on the topic of leadership and risk in the discipline of psychology, this review therefore explores the research on leadership and risk in highly-ranked management studies’ journals.

The review was conducted in five stages. During phase 1, journal rankings were used as basis to determine which highly-ranked journals to include in the review. Phase 2 focused on identifying all relevant articles in the journals included in our review. We searched for articles published from 2000 to 2021 with the words “risk” or “danger” and “leader” or “leadership” in their abstracts. In phase 3, the author analysed the abstracts of the articles in depth to determine whether the keywords were included on the basis of an explicit scholarly reflection or research on leadership and risk. Phase 4 focused on analysing articles' treatment of leadership and risk, and assigning key words and key phrases. Finally, during phase 5 key words and key phrases were clustered together thematically.

This study analysis yielded six thematic clusters. The first two clusters – on risk appetite of followers and leaders – are closely related. In total, 12 journal articles explored these themes. The remaining thematic clusters contain four and seven articles each. These clusters are risk, creativity and innovation; risk and failure; risk in dangerous contexts; and risk and gender. Nine of the selected articles did not fit in any of the thematic clusters.

The review reveals a significant lack of research on leadership and risk in highly-ranked management studies’ journals. The author found that the topic of leadership and risk is approached in a binary fashion: successful leaders are viewed as using risk to drive innovation and unsuccessful leaders fail because of risk. The author argues that the heroic bias in leadership research could be partly blamed for this binarism. In practical terms, the author highlights that the growing importance of chief risk officers – leaders appointed to deal with company risk – indicates a clear need for research on leadership and risk in general management studies’ journals.

Inspired by new findings on and perceptions of risk governance, such as the necessity of taking a broader perspective in coping with risks in companies and working together in interactive groups with various stakeholders to deal with complex risks in the modern world, the purpose of this paper is looking for new ways to deal with financial risks. Current methods dealing with those risks are confronted with the problems of being primarily based on past data and experience, neglecting the need for objectivity, focusing on the short-term future and disregarding the interconnectedness of different financial risk categories.

A literature review of risk governance, financial risk management and open foresight was executed to conceptualize solutions to the mentioned-above problems.

Collaborative financial risk assessment (CFRA) is a promising approach in financial risk governance with respect to overcoming said problems. It is a method of risk identification and assessment, which combines aspects of “open foresight” and the financial risk management and governance literature. CFRA is characterized as bringing together members of different companies in trying to detect weak signals and trends to gain knowledge about the future, which helps companies to reduce financial risks and increase the chance of gaining economic value. By overcoming organizational boundaries, individual companies may gain the knowledge they would probably not have without CFRA and achieve a competitive advantage.

A conceptual paper like the one at hand wants empirical proof. Therefore, the authors developed a research agenda in the form of five propositions for further research.

This paper discusses the existing problems of financial risk identification and assessment methods. It contributes to the existing literature by proposing CFRA as a solution to those problems and adding a new perspective to financial risk governance.

Debate is growing around the expansion of risk-based regulation. The regulation scholarship provides evidence of regulatory failure of the risk-based approach in different domains, including financial regulation. Therefore, this paper aims to provide cautionary evidence about the risk of regulatory failure of risk-based strategy in the financial regulation while using enterprise risk management (ERM) as a meta-regulatory toolkit.

Based on interview data gathered from 30 risk managers of banks and five regulatory personnel, combined with secondary data, this study mainly explores the challenges for meaningful use of ERM based self-regulation in regulated banks. The evidence helps to assess the risk of regulatory failure of the risk-based regulation while using ERM.

The evidence reflects that regulated banks face diverse challenges arising from both peripheral and internal environments that limit the true internalization of ERM-based self-regulation. Despite this, the regulator uses this self-regulation as a meta-regulatory toolkit under the risk-based regulation to achieve the regulatory aims. However, the lack of true internalization of ERM based self-regulation is likely to raise the risk of regulatory failure of risk-based regulation to achieve the regulatory goals. Risk-based regulation is an evolving strategy in the regulatory regime. Therefore, care should be taken while using ERM as a regulatory toolkit before relying on it substantially.

The paper provides empirical insights about the challenges for effective use of ERM as a meta regulatory toolkit that might be useful practically both to the regulators and regulated firms.

This paper aims to update the cybersecurity-related accounting literature by synthesizing 39 recent theoretical and empirical studies on the topic. Furthermore, the paper provides a set of categories into which the studies fit.

This is a synthesis paper that summarizes the research literature on cybersecurity, introducing knowledge from the extant research and revealing areas requiring further examination.

This synthesis identifies a research framework that consists of the following research themes: cybersecurity and information sharing, cybersecurity investments, internal auditing and controls related to cybersecurity, disclosure of cybersecurity activities and security threats and security breaches.

Academics, practitioners and the public would benefit from a research framework that categorizes the research topics related to cybersecurity in the accounting field. This type of analysis is vital to enhance the understanding of the academic research on cybersecurity and can be used to support the identification of new lines for future research.

This is the first literature analysis of cybersecurity in the accounting field, and it has significant implications for research and practice by detailing, for example, the benefits of and obstacles to information sharing. This synthesis also highlights the importance of the model for cybersecurity investments. Further, the review emphasizes the role of internal auditing and controls to improve cybersecurity.

The purpose of this study is to examine how companies integrate cyber risk into their enterprise risk management practices. Data breaches have become commonplace, with thousands occurring each year, and some costing hundreds of millions of dollars. Consequently, cyber risk has become one of the gravest risks facing organizations, and has attracted boardroom-level attention. On the other hand, companies already manage many kinds of difficult and growing risks, and that firms lose less than 1% of annual revenues as a result of cyber incidents. Therefore, how should firms appropriately address cyber risk? Is it indeed a materially different kind of risk area, or is it simply just one more risk that can seamlessly be integrated into existing enterprise risk management (ERM) practices?

The authors performed thematic analysis based on semi-structured interviews, with non-probabilistic, purposive sampling, to answer two main questions. First, how do firms manage enterprise risks, generally? And second, how are they integrating cyber risk into these existing processes?

The authors find that there is considerable variation in the approach and sophistication in ERM practices, such as whether they are driven more like an auditing function, or as a risk champion. The authors also find that despite the novelty of cyber risk, it can be integrated like other enterprise risks, and that cyber risk is most often seen as an operational risk (similar to workplace accidents or fraud), rather than a strategic risk, emerging from, for example, technology innovation and R&D.

The generalization of the results is limited by the sample size and variation of firms interviewed. While the authors attempted to interview enterprise risk managers across a wide variation of firms, there were clear limitations in the scope. That being said, the authors were fortunate to be able to examine ERM and cyber risk practices across small and large, private and publicly traded companies, from a variety of business sectors.

The authors believe these finding are important because they present evidence that while cyber risk may be new, it does not require specialized handling or processes to track it at the enterprise level. While some firms may choose to provide special accommodations or attention because of their data collection or business practices, this approach is neither necessary nor required of all firms in all situations.

This research is one of the only papers that, to the best of the authors’ knowledge, examines how cyber risk is integrated at an enterprise level.

This paper investigates the relationship between risk management practices and potential fraudulent financial reporting in Malaysia by considering recent regulatory reforms of the Malaysian government on risk management practices.

The sample of this study was based on 257 firm-year observations during the 2012–2017 period. This study employed panel-least square regressions with period fixed effects.

This study found a significant association between risk management activities in the disclosure and potential fraudulent financial reporting. Nevertheless, this study found there is insignificant effect of the risk-management committee in reducing potential of fraudulent financial reporting.

This study is a pioneer research that relates firms’ risk management practices with potential fraudulent financial reporting measured by F-score. Thus, this study provides an insight to regulators on the extent of risk-management practices in deterring potential fraudulent financial reporting which can be used as an input for greater enforcement of risk-management regulations.

Insurance companies exist to manage the risk of others, which is why they are perceived to be competitive in risk management (RM). Considering this, we investigate how different RM capabilities make insurers effective in RM. These capabilities include understanding risk and risk management (URRM), risk identification (RI), risk assessment and analysis (RAA) and risk monitoring (RMON) activities in insurance companies. In addition, the authors probe how these capabilities can jointly yield a competitive advantage for the insurance industry under the resource-based view (RBV) and dynamic capabilities perspective (DCP).

The authors present a latent variable RM model for the insurance industry and employ structural equation modeling (SEM) to test the hypotheses. Furthermore, the authors also conduct confirmatory factor analysis (CFA) and convergent and discriminant validity analysis for model fit and invariance testing, respectively.

The results show that insurers who investigated RM-related capabilities directly influence their risk management practices (RMPs). Moreover, improving these capabilities will make insurers more effective in managing the risks of others. Thus, RM as a business process will yield a competitive advantage for the insurance sector. The findings are supported by the theoretical insights presented by the RBV and DCP. Furthermore, the model also adheres to the convergent and discriminant validity cut-off values.

To the best of the authors’ knowledge, this is the first study examining insurers' RM practices as a source of a competitive advantage.

保險公司存在的目的是為其它公司或個人管理其風險；因此，保險公司在風險管理方面、被認為具有競爭能力。故此、我們擬研究不同的風險管理能力是如何能使保險公司有效地管理風險的呢？這些風險管理能力包括對風險及風險管理之了解、風險辨識、風險評估和分析，以及在保險公司內的風險監控活動。再者，我們探究這些風險管理能力如何根據資源基礎觀點及動態能力理論共同為保險業創造競爭優勢。

我們為保險業展示一個潛在變項風險管理模型，並使用結構方程模型，來測試我們的假設；而且，我們為模型適配度而進行了驗證性因素分析，又為不變性檢定而進行了驗證輻合及驗證區別效度分析。

研究結果顯示、若保險公司審査與風險管理相關之能力，這會直接影響其對風險管理之措施；而且，若保險公司能改善其風險管理之能力，這會使它們更有效地管理其它公司或個人的風險。因此，作為業務過程的一環、風險管理會為保險業創造競爭優勢。我們的研究結果，得到資源基礎理論及動態能力理論提供之理論見解所支持；而且，我們的模型從附驗證輻合及驗證區別效度的截止值。

據我們所知，本研究為首個研究、去探討保險公司的風險管理措施如何為它們創造競爭優勢。