Search results

Traces the history of the development of the chief risk officer. Considers where the value of such a role lies. Outlines the skills required by the individual and discusses the competing issues which firms must bear in mind.

There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation.

The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic.

The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives.

There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.

In most financial institutions, chief risk officers (CROs) and their risk management (RM) staff fulfill a role in managing risk exposures, yet their lack of involvement in the governance has been cited as an influential factor that contributed to the financial crisis of 2007-2008. Various legislative and regulatory bodies have pressured financial firms to improve their risk governance structures to better weather potential future crises. Assuming that CROs and risk committees are given sufficient power to influence the corporate governance of financial institutions, can CROs and risk committees protect financial institutions from violating litigable securities law? Can they improve bank performance? The paper aims to discuss these issues.

The authors employ a principal component analysis to construct a single measure that captures various aspects of RM in a firm. The authors compare the risk governance characteristics of sued firms with their non-sued peers and consider one of the final outcomes of risky behavior: shareholder litigation. The authors compute ROA and buy-and-hold abnormal returns to capture operating and stock performance and examine whether risk governance improves bank performance by reducing litigation risk.

Proper risk governance reduces a firm’s litigation probability. The addition of the RM factor to models that have been previously proposed in the literature improves the accuracy of those models in identifying companies that are most susceptible to class action lawsuits. Better RM improves the financial and stock price performance of financial institutions.

The data collection is laborious as the information about CRO governance has to be hand-collected from the 10-K report. A broader sample employing, e.g., non-US banks may provide additional insights into the relationship between RM practices, shareholder litigation, and bank performance.

The study shows that a bank’s RM functions play a critical role in improving bank and operating performance and in reducing shareholder litigation. Banks should emphasize the RM function.

This is the first study to examine the mechanism behind the positive association between RM and bank performance. The study shows that better RM improves overall bank performance by decreasing litigation risk.

Enterprise risk management (ERM) has become an important subject of increasing interest among companies throughout the world. It is gaining global attention among risk management professionals and academics. However, little is known about the extent of ERM implementation in the Tunisian context. More importantly, there are limited studies in literature that examine the determinants of this implementation. The purpose of this study is threefold, to propose an index to measure the level of ERM implementation, to examine the level of ERM implementation in Tunisian companies and to propose a conceptual framework for the determinants of this implementation. From the review of literature, several factors are found to be determinants of ERM implementation. Such factors are the presence of a Chief Risk Officer, the appointment of an internal auditor, the type of industry and the firm size.

To further understand the relation between ERM implementation and its determinants, a questionnaire survey was conducted in 2016 and administrated to 80 companies. Respondents were CRO and more often internal auditors or financial directors. Other data were collected from annual reports and notes to the financial statements. Along with this, the ordinal regression was applied to test the dependence between ERM implementation and its determinants.

Based on the data gathered, Tunisian companies have shown an increasing interest in risk management in the post-revolution context; however, an integrated approach of ERM implementation is still at an early stage. Descriptive statistics suggest that ERM is essentially developed in financial institutions, especially in banks and some large companies operating in non- financial industries. With regard to the multivariate regression results, the level of ERM implementation is positively related to the presence of a Chief Risk Officer, internal auditor, the type of industry and the firm size.

This study attempts to contribute to the risk management literature in two ways. Conceptually, this study proposes an ERM index to assess the level of ERM implementation. Empirically, it provides some empirical evidence that highlights factors which determine the level of ERM implementation. Therefore, this study will extend the scope of literature by providing novel empirical evidence by exploring the Tunisian context.

Does the adoption of the Enterprise Risk Management (ERM) improve bank profitability? Does ERM also reduce bank risk? By analyzing a sample of banks located in European emerging markets between 2005 and 2013, the aim of this chapter is to empirically investigate the determinants of firm performance, both in terms of bank profitability and risk, with respect to the adoption of Enterprise Risk Management (ERM). In order to capture the effect of the ERM program adoption on banks’ performance, we both use market-based measures as well as accounting-based indexes. Following the seminal literature on the topic (Aebi, Sabato, & Schmid, 2012; Eckles et al., 2014; Ellul & Yerramilly, 2013; Hoyt & Liebenberg, 2003, 2011; Lin, Wen, & Yu, 2012; Pagach & Warr, 2010), we adopt a binary proxy variable, that is, the appointment of a Chief Risk Officer (CRO), to define whether the firm is currently undertaking an ERM program. Our results show that a post-ERM firm experiences an increase in the risk-adjusted profits and a reduction of the overall risk.

This study aims to explore the relationship between risk governance characteristics (chief risk officer [CRO], chief financial officer [CFO] and senior directors [SENIOR]) and regulatory adjustments (RAs) in Organization for Economic Cooperation and Development public commercial banks.

Using principal component analysis (PCA) and regression models, the research analyzes a representative data set of these banks.

A significant negative correlation between risk governance characteristics and RAs is found. Sensitivity analysis on the regulatory Tier 1 capital ratio and the total capital ratio indicates mixed outcomes, suggesting a complex relationship that warrants further exploration.

The study’s limited sample size calls for further research to confirm findings and explore risk governance’s impact on banks’ capital structures.

Enhanced risk governance could reduce RAs, influencing banking policy.

The study advocates for improved banking regulatory practices, potentially increasing sector stability and public trust.

This study contributes to understanding risk governance’s role in regulatory compliance, offering insights for policymaking in banking.

This paper aims to examine the influence of risk management (RM) practices on the credit risk of significantly supervised European banks.

To avoid regulatory and reporting discrepancies, this paper samples banks that come under the direct supervision of the European Central Bank. Significantly supervised European Banks are selected for the five years from 2013 to 2017. The RM and governance data is manually drawn (from annual reports, registration documents, governance and RM reports), and financial data sets are also used (from Moody’s BankFocus and ORBIS).

The results indicate that strong risk control and supervision by a powerful chief risk officer (CRO) reduces banks’ credit risk. Banks with sufficiently powerful and independent CROs tend to manage their risks effectively, therefore reporting lower credit risk.

European Union introduced Capital Requirement Directive IV in 2013 and new guidelines on the banks' internal governance in 2017, which were to be implemented in 2018. Thus, this paper limited the sample to five years (from 2013 to 2017) to avoid inconsistencies in the results. Future studies can extend the research and compare banks' credit risk before and after the implementation of regulatory guidelines.

Since the global financial crisis, the regulatory environment has sufficiently changed. Hence, this study reveals that not all RM practices but a few important ones reduce credit risk.

Effective risk control and supervision at the bank level can lower credit risk, ultimately enhancing overall financial stability.

Most existing studies focus on classic governance indicators to analyze banks’ credit risk; however, this paper considers risk governance indicators which include RM practices used by European banks. Moreover, existing studies in this line focus on the crisis period of 2007–2008. This paper considered the postfinancial crisis period, specifically after the implementation of the Capital Requirements Directive IV at the European level.

This paper aims to investigate various institutional pressures driving the adoption and implementation of a new risk management system; enterprise risk management (ERM).

The implementation of ERM-related practices is analysed based on an institutional framework and drawing on empirical evidence from multiple sources in ten large/medium-sized insurance companies. This paper focuses on extra-organisational pressures exerted by political, social and economic institutions on insurance companies which drove the adoption decision.

It was found that different change agents have taken part in the decision to introduce new risk management system as a part of ERM implementation process. Further, the institutional pressures, coercive, mimetic and normative, were found to differ in character and strength over different intervals of time in relation to the adoption of ERM. Companies that adopted ERM early were mostly driven by internal strategic drivers, whereas the recent adoption decision was more driven by coercive and mimetic pressures. Thus, evidence of divergence between insurance companies was found.

The findings have implications for policy makers, regulatory agencies and innovation developers. ERM was considered not only as a necessity but also as a value added to the insurance companies under study. Thus, regulators and innovation developers should survey main players in any specific organisational field to understand their views before issuing new compulsory regulations or developing innovations. They also need to consider exploring companies’ experiences with ERM, which can provide a basis for the development of strengthened and more informative regulatory ERM frameworks. This will support a faster and easier understanding and implementation of ERM framework hindered by the confusions companies may face when considering the complicated/changing regulatory and risk requirements.

This study extends the scope of institutional analysis to the risk management field, particularly ERM and to the explanation of how different institutions affect the decision to move towards ERM and modify the risk management rules applied within the organisational environment. It looks not only at convergences but also divergences associated with the period of time when ERM adoption decision was made. Thus, it develops a processual view of change.

The purpose of this paper is twofold: first to add to the debate on good governance and ethics of enterprise risk management (ERM) and second to describe an ethical maturity scale based on duty and responsibility for practical implementation to ensure better governance.

The methodology has centred on risk governance as a way for many organisations to improve their risk management (RM) practices from an ethical perspective based on responsibility and on fulfilling one's duty within the organisation.

While companies in Australia, for example, are more mature than those in Russia in terms of governance systems life cycle, there are a number of common international challenges in risk governance implementation. These relate to a link between risk framework, enterprise value model and strategic planning; to a definition of risk appetite, the embodiment of RM in organisational culture, internal audit and ERM function, the evolving role of a chief risk officer (CRO) and senior management buy‐in and sponsorship of the integrated ethical RM from a chief executive officer.

ERM – a way for many organisations to improve their RM practices – is a key component of the applied ethics of corporate governance. It has developed into a philosophy to assist organisations with the process of protecting shareholders' value while also increasing the bottom‐line profitability. Effective ERM is based on ethical risk governance. Internal audit needs to be involved in the process of integrating RM and compliance. It should maintain a degree of independence when assisting with ERM establishment. CRO is most effective when reporting to the board.

Global companies are becoming more accountable to multiple stakeholders. It is the adoption of an ethical code to arrest the lack of clarity of roles ascribed to the audit committee and risk committee and management's accountability or lack thereof that remains the challenge across different jurisdictions. In attempting to implement good governance and meet the challenges, the paper introduces an ethical maturity scale as an internal measure that could be embedded in an organisation's strategy.

The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit.

For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF).

The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit.

This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.