Search results

The purpose of this study is to examine how companies integrate cyber risk into their enterprise risk management practices. Data breaches have become commonplace, with thousands occurring each year, and some costing hundreds of millions of dollars. Consequently, cyber risk has become one of the gravest risks facing organizations, and has attracted boardroom-level attention. On the other hand, companies already manage many kinds of difficult and growing risks, and that firms lose less than 1% of annual revenues as a result of cyber incidents. Therefore, how should firms appropriately address cyber risk? Is it indeed a materially different kind of risk area, or is it simply just one more risk that can seamlessly be integrated into existing enterprise risk management (ERM) practices?

The authors performed thematic analysis based on semi-structured interviews, with non-probabilistic, purposive sampling, to answer two main questions. First, how do firms manage enterprise risks, generally? And second, how are they integrating cyber risk into these existing processes?

The authors find that there is considerable variation in the approach and sophistication in ERM practices, such as whether they are driven more like an auditing function, or as a risk champion. The authors also find that despite the novelty of cyber risk, it can be integrated like other enterprise risks, and that cyber risk is most often seen as an operational risk (similar to workplace accidents or fraud), rather than a strategic risk, emerging from, for example, technology innovation and R&D.

The generalization of the results is limited by the sample size and variation of firms interviewed. While the authors attempted to interview enterprise risk managers across a wide variation of firms, there were clear limitations in the scope. That being said, the authors were fortunate to be able to examine ERM and cyber risk practices across small and large, private and publicly traded companies, from a variety of business sectors.

The authors believe these finding are important because they present evidence that while cyber risk may be new, it does not require specialized handling or processes to track it at the enterprise level. While some firms may choose to provide special accommodations or attention because of their data collection or business practices, this approach is neither necessary nor required of all firms in all situations.

This research is one of the only papers that, to the best of the authors’ knowledge, examines how cyber risk is integrated at an enterprise level.

This study investigates an under-researched yet fundamental question of how a developed country multinational enterprises (DMNE) perceives and manages political risks when undertaking infrastructure projects in the emerging markets (EMs).

The authors use an abduction-based qualitative research approach to analyze six international project operations of a multinational enterprise originating from Finland in five EMs.

The findings suggest that the overall nature of political risks in EMs is not the same, except few political risk factors that are visible in most EMs. Consequently, the applied risk management mechanisms vary between EMs, except with few common mechanisms. The authors develop an integrative analytical framework of political risk management based on the findings.

This paper is one of the first studies to identify political risk factors for western MNEs while undertaking international project operations and link them to reduction mechanisms used by them. The authors go beyond the notion of risk being conceptualized at a general level and evaluate 20 specific political risk factors referred to in extant literature. The authors further link these political risk factors with both social exchange and transaction cost theories conceptually as well as empirically. Finally, the authors develop a relatively comprehensive analytical framework of political risk management based on the case projects' findings that combine several strands of literature, including the social exchange theory, transaction cost theory, international market entry, project management and finance literature streams.

The vulnerability of the tourism industry to an array of risks, encompassing family-related, small- and medium-sized enterprise-specific, strategic, tourism-specific and external factors, highlights the landscape within which small and medium family enterprises (SMFEs) operate. Although SMFEs are an important stakeholder in the dynamic tourism sector, they are not one homogenous group of firms, but have different strategic orientations. This study aims to investigate the interplay between strategic orientation and risk perception to better understand SMFEs risk perception as it is impacting their decision-making processes, resilience and long-term survival. The authors investigate how different strategic orientations contribute to different perspectives on risk among owner-managers.

Based on a qualitative data corpus of 119 face-to-face interviews, the authors apply various coding rounds to better understand the relationship between strategic orientations and the perceptions of risks. Firstly, the authors analysed the owner–manager interviews and identified three groups of different strategic orientations: proactive and sustainability-oriented SMFE, destination-affirmative and resilience-oriented SMFE and passive SMFE. Secondly, the authors coded the interviews for different risks identified. The authors identified that the three groups show differences in the risk perceptions.

The data unveil that the three groups of SMFEs have several differences in how they perceive risks. Proactive and sustainability-oriented SMFEs prioritize business risks, demonstrating a penchant for innovation and sustainability. Destination-affirmative and resilience-oriented SMFEs perceive a broader range of risks, tying their investments to destination development, emphasizing family and health risks and navigating competitive pressures. Passive SMFEs, primarily concerned with external risks, exhibit limited awareness of internal and strategic risks, resist change and often defer decision-making to successors. The findings underscore how different strategic orientations influence risk perceptions and decision-making processes within SMFEs in the tourism industry.

The authors contribute to existing knowledge include offering a comprehensive status quo of perceived risks for different strategic orientations, a notably underexplored area. In addition, the differences with respect to risk perception shown in the paper suggest that simplified models ignoring risk perception may be insufficient for policy recommendations and for understanding the dynamics of the tourism sector. For future research, the authors propose to focus on exploring the possible directions in which strategic orientation and risk perception influence one another, which might be a limitation of this study due to its qualitative nature.

Varying strategic orientations and risk perceptions highlight the diversity within the stakeholder group of SMFE. Recognizing differences allows for more targeted interventions that address the unique concerns and opportunities of each group and can thus improve the firm’s resilience (Memili et al., 2023) and therefore leading to sustainability destinations development. The authors suggest practical support for destination management organizations and regional policymakers, aimed especially at enhancing the risk management of passive SMFEs. Proactive SMFE could be encouraged to perceive more family risks.

Viewing tourism destinations as a complex stakeholder network, unveiling distinct risk landscapes for various strategic orientations of one stakeholder has the potential to benefit the overall destination development. The proactive and sustainability-oriented SMFEs are highly pertinent as they might lead destinations to further development and create competitive advantage through innovative business models. Passive SMFEs might hinder the further development of the destination, e.g. through missing innovation efforts or succession.

Although different studies explore business risks (Forgacs and Dimanche, 2016), risks from climate change (Demiroglu et al., 2019), natural disasters (Zhang et al., 2023) or shocks such as COVID-19 (Teeroovengadum et al., 2021), this study shows that it does not imply that SMFE as active stakeholder perceive such risk. Rather, different strategic orientations are in relation to perceiving risks differently. The authors therefore open up an interesting new field for further studies, as risk perception influences the decision-making of tourism actors, and therefore resilience.

Debate is growing around the expansion of risk-based regulation. The regulation scholarship provides evidence of regulatory failure of the risk-based approach in different domains, including financial regulation. Therefore, this paper aims to provide cautionary evidence about the risk of regulatory failure of risk-based strategy in the financial regulation while using enterprise risk management (ERM) as a meta-regulatory toolkit.

Based on interview data gathered from 30 risk managers of banks and five regulatory personnel, combined with secondary data, this study mainly explores the challenges for meaningful use of ERM based self-regulation in regulated banks. The evidence helps to assess the risk of regulatory failure of the risk-based regulation while using ERM.

The evidence reflects that regulated banks face diverse challenges arising from both peripheral and internal environments that limit the true internalization of ERM-based self-regulation. Despite this, the regulator uses this self-regulation as a meta-regulatory toolkit under the risk-based regulation to achieve the regulatory aims. However, the lack of true internalization of ERM based self-regulation is likely to raise the risk of regulatory failure of risk-based regulation to achieve the regulatory goals. Risk-based regulation is an evolving strategy in the regulatory regime. Therefore, care should be taken while using ERM as a regulatory toolkit before relying on it substantially.

The paper provides empirical insights about the challenges for effective use of ERM as a meta regulatory toolkit that might be useful practically both to the regulators and regulated firms.

The purpose of this paper is to identify the effect of enterprise risk management (ERM) with firm size, ROA and managerial ownership as control variables on firm value that is proxied by Tobin’s Q.

Population of this research was manufacturing companies listed on the Indonesian Stock Exchange (IDX) in 2010–2013. The used method in this research is multiple linear regression-ordinary least square and hypotheses testing using t-test to test the regression coefficients with level of significance of 5 percent.

The results showed that ERM, ROA and size of the company have a significant positive effect on the firm value. While the managerial ownership has a significant negative effect on the firm value.

The results showed that firm value increases as ERM, ROA and size of the company improves. While the managerial ownership has a significant negative effect on the firm value.

This paper aims to investigate the factors influencing chief executive officers’ (CEOs') intentions to implement cloud technology in Italian small and medium-sized enterprises (SMEs).

The study proposes a model that integrates the theoretical construct of the technology acceptance model (TAM) with a classification of perceived benefits and risks related to cloud computing. The study employs a structural equation modeling approach to analyze data gathered through a Likert scale-based survey.

The findings indicate that risk perception has a strong negative effect on the intention to introduce cloud technology in firms. This effect is partially offset by the perceived ease of use of the technology.

The study provides a new theoretical framework that integrates the TAM and a classification of perceived risks to provide a clear view of management's cognitive processes during technological change. Moreover, the results show the main factors influencing decisions regarding the implementation of cloud computing in firms in light of the perception of risks. Finally, this study provides interesting findings for cloud service providers (CSPs) about their customers' decision-making processes.

Although brand risk management (BRM) is widely acknowledged as critical concern of business leaders, there exists little empirical evidence regarding what activities firms could do to make their brand secured in the increasingly competitive market. Moreover, previous studies find out the important role of innovation stimulus in firm performance, but little attention is paid on how firm's innovation stimulates the firm's brand security. This study aims at exploring the impacts of BRM activities on brand security with the innovation stimulus as a moderator.

Mixed method is applied in conducting this research. In the qualitative research, an interview with managers of 20 large-size foodstuff companies in Vietnam is conducted to obtain insights into their understanding BRM activities and brand security as well as the role of innovation stimulus in managing brand risk and developing measurements for new constructs. In the quantitative research, a sample of 258 respondents is collected for the tests of reliability and validity as well as all hypotheses using SPSS software.

The authors’ findings show that the level of implementation of BRM activities influences the brand security with the moderating effect of innovation stimulus. Specifically, four dimensions of BRM activities including: strategy, personnel, processes and investment have direct, positive and significant impact on brand security. Innovation stimulus including innovation in leadership and innovation in knowledge management could serve as a moderating variable.

The findings of the current study have contributed to BRM literature by highlighting the importance of the implementation of BRM activities and the key role of innovation stimulus in ensuring the brand security, on which previous studies have paid little attention. The study suggests some guidance for firms about how to improve the innovation stimulus in enhancing the effectiveness of BRM activities and, as a result, increasing the brand security of the firm.

Organizations, would they be individual companies or large multi-firm networks, face a wide variety of potential risks requiring dedicated keen management. It all the better applies to supply-chains as risk, related to both physical and information flows, pervades the whole logistics network and has acquired a new and growing security dimension since 9/11. More specifically, as they are now under the permanent threat of terrorism, and because offering sufficient security levels is bound to become a necessary condition for global supply-chain membership, seaports need to adjust their risk management strategy and processes accordingly. In such a context, this paper aims at describing the project of a decision-support system, dedicated to container transit security-wise decision making and which features an expert-system architecture.

The purpose of this paper is to study the effectiveness of the risk management system in the European context, especially with regard to the risk management committee, the uncertainty of the environment and company performance. In summary, it evaluates European companies listed on the stock exchange in France, Germany and the United Kingdom to determine how risk management systems influence financial companies' performance.

To study the effectiveness of risk management systems and their influence on performance, the large companies selected in our sample are fairly representative of the European market, according to the Dutch indices of each country (SBF 120 in France, HDAX 110 in Germany and FTSE 100 in United Kingdom).The empirical evidence is based on an international quantitative analysis, using a data set involving 320 companies listed on the stock exchange over a ten-year period from 2005 to 2014.

The results indicate that the establishment of a risk management and control system by a company positively influences its management, and its performance level and value creation also improve. The results of this study demonstrate a significant strengthening of the role of the risk management committee in the three countries. The surveillance function is reinforced, and in particular, the internal control system is accentuated.

This study has some limitations that can form leads for future research. One of these limitations is the sample size. The authors have represented the European context by three countries that certainly constitute great European powers, but have regulations different from other countries. The company size is also a possible research element. Indeed, risk management system varies between large, small and medium-sized enterprises, so it is important to study each type of company well.

This study identifies the risk management committee as a mechanism of control that is highly important in the company, and it proposes an international framework that comparatively and empirically evaluates how the risk management system used in large European companies can improve their financial performance.

In developing countries, how risk management technologies influence management accounting and control (MAC) practices is under-researched. By drawing on insights from institutional studies, this study aims to examine the multiple institutional pressures surrounding an entity and influencing its risk-based management control (RBC) system – that is, how RBC appears in an emerging market attributed to institutional multiplicity.

The authors used qualitative case study research methods to collect empirical evidence from a privately owned Egyptian insurance company.

The authors observed that in the transformation to risk-based controls, especially in socio-political settings such as Egypt, changes in MAC systems were consistent with the shifts in the institutional context. Along with changes in the institutional environment, the case company sought to configure its MAC system to be more risk-based to achieve its strategic goals effectively and maintain its sustainability.

This research provides a fuller view of risk-based management controls based on the social, professional and political perspectives central to the examined institutional environment. Moreover, unlike early studies that reported resistance to RBC, this case reveals the institutional dynamics contributing to the successful implementation of RBC in an emerging market.