Search results

This paper aims to provide an easy to follow, practical guide for small traditional banks and credit unions to conduct an enterprise-wide risk assessment of the financial institution’s anti-money laundering compliance program.

Information was collected from relevant documents published by global standard setters in the disciplines of anti-money laundering, financial crime prevention and risk management. The data was integrated with common challenges experienced by small financial institutions to produce an application-based guide that practitioners can readily implement.

Though not a new concept, macro-level financial crises and institutional level financial crimes have influenced the rapid evolution of risk management in financial institutions over the past three decades. Small unsophisticated banks and credit unions are expected to now perform an internal risk assessment. An abundance of information is available on risk assessment, but small institutions remain challenged in finding a turnkey document that is readily actionable to stimulate a less arduous undertaking, especially given the institutions’ limited resources.

The setting reflects small deposit-taking institutions with traditional services. It is tailored for easy understanding and practical use by the institutions.

This could influence small institutions to conduct enterprise-wide risk assessments and formulate and use more specific risk management policies.

This paper aims to identify the influence of business strategy on enterprise risk management (ERM) adoption and organizational performance (OP). In addition, the mediation effect of ERM on the relationship between business strategy and OP is assessed.

A cross-sectional analysis of primary data gathered from 174 public listed companies in Malaysian Bourse through survey was conducted.

Companies with cost leadership business strategy are more eager to implement ERM compared to companies with differentiation strategy. The results also indicate that ERM implementation has a significant positive impact on OP. Though ERM is a partial mediator of the relationship between cost leadership strategy and OP, it does not mediate the relationship between differentiation strategy and OP.

One of the limitations of this study was the small number of respondents, comprising only 174 public listed companies. In addition, the manifest variables adopted from previous studies may not be the best indicators to measure latent variables. Nonetheless, this study fills the gaps in ERM studies by determining the impact of different kinds of strategy on ERM adoption and investigating the mediating effect of ERM on the relationship between business strategy and OP.

Although the trend in Malaysia seems to move toward ERM adoption, evidence shows that it is not widely practiced among Malaysian firms. Directors of Malaysian companies can understand better the impact of enterprise business strategy on the adoption of risk management and how ERM influences OP. The results of this study also provide valuable insights for the corporate governance regulatory authorities.

This paper is among the few to assess the impact of firm’s strategy on ERM adoption and to determine the mediation effect of ERM on the relationship between business strategy and OP.

The growing importance of risk management programmes and practices in different industries has given rise to a new risk management approach, i.e. enterprise risk management. The purpose of this paper is to better understand the necessity, benefit, approaches and methodologies of managing risks in healthcare. It compares and contrasts between the traditional and enterprise risk management approaches within the healthcare context. In addition, it introduces bow tie methodology, a prospective risk assessment tool proposed by the American Society for Healthcare Risk Management as a visual risk management tool used in enterprise risk management.

This is a critical review of published literature on the topics of governance, patient safety, risk management, enterprise risk management and bow tie, which aims to draw a link between them and find the benefits behind their adoption.

Enterprise risk management is a generic holistic approach that extends the benefits of risk management programme beyond the traditional insurable hazards and/or losses. In addition, the bow tie methodology is a barrier-based risk analysis and management tool used in enterprise risk management for critical events related to the relevant day-to-day operations. It is a visual risk assessment tool which is used in many higher reliability industries. Nevertheless, enterprise risk management and bow ties are reported with limited use in healthcare.

The paper suggests the applicability and usefulness of enterprise risk management to healthcare, and proposes the bow tie methodology as a proactive barrier-based risk management tool valid for enterprise risk management implementation in healthcare.

The aim of this paper is to present risk analysis procedures which have been successfully applied by Czech small and medium enterprises (SMEs). The methodology, which is based on the modification and combination of two standard methods, aims to accelerate (and make more affordable) the risk analysis process, as compared to other risk analysis methods used for public organizations and major corporations in the Czech Republic.

The paper presents in detail the individual steps the authors used in risk analysis of SMEs in the Czech Republic. The method is based on the facilitated risk analysis process (FRAP) methodology and the BITS recommendation. Modifications of both methodologies are described in detail.

To perform risk analysis in the SME sector in the Czech Republic, it is necessary to have a broad portfolio of instruments. Besides using the CRAMM methodology, the authors have created a new method based on combining the BITS and FRAP methods. The advantage of this method is its ability to accelerate the risk analysis, especially the identification and asset evaluation phases. Another advantage is that the method produces simple spreadsheet tables, providing the consumer with a tool that is easily editable and may be used for follow‐up procedures.

The risk analysis method produces benefits for SMEs by speeding up the risk analysis and lowering its cost. Another benefit is that the method is open‐source and can potentially be further modified.

The paper presents in detail an approach to risk analysis based on the modification of the FRAP methodology and the BITS recommendation.

There is a relatively low risk management (RM) level and maturity in China’s state-owned construction enterprises (CSCEs). The purpose of this paper is to find the main factors impacting RM in practice to promote rapid, sound and sustained development in CSCEs.

There are a few state-owned CSCEs in China. Most enterprises know little about RM. Because of the limited number of RM departments in these enterprises, 200 questionnaires were sent to the enterprises to investigate the RM strategies employed by them. The research is quantitative and used a questionnaire survey to determine the important factors influencing RM practice. The collected data were analyzed with the Statistical Package for the Social Sciences to identify the most important factors affecting RM as well as the extent of influence of these factors, in order to facilitate further research.

The survey revealed the top eight factors (i.e. leaders’ support, personnel’s responsibility, comprehensiveness of identification, costs and benefits, risk appetite, understanding of language, frequency of training and performance management) that highly impact RM in CSCEs and the extent to which these factors impact RM. The data reveal that the average RM level is low. Some methods have been recommended to improve RM.

The research lays the foundation for further RM development in CSCEs. The low RM level in CSCEs should encourage researchers to find better ways to improve RM. Some factors in the research will function as valuable guides for China’s private and public-private partnership enterprises.

A quantitative analysis methodology for RM has been developed for CSCEs that can reflect their RM level. In addition, the degree of impact of key factors on RM has been shown. The results can act as a reference to improve RM quantitatively, making the RM system more explicit in dealing with risks more accurately and instructively.

Structural RM research is utilized to evaluate RM in CSCEs by following an empirical method. With the continuous improvement in RM, CSCEs can cooperate well with construction enterprises of other countries for infrastructure projects and gain more benefits.

The purpose of this paper is to explore that relational capability plays a mediator role in the relationship between focal enterprises' control on knowledge transfer risks in R&D network.

The paper reviews the related literature from which it proposes a theoretical hypothesis and conceptual framework which is tested empirically adopting regression methodology by mathematical statistics software.

The results reveal that focal enterprises' control (core technological capability and network position) have a positive effect on knowledge transfer risks without the mediation of relational capability. Moreover, relational capability mediates the positive relationship between core technological capability and knowledge transfer risks.

The cross-sectional data of this research has difficult in testing causality between the variables, and future research should take account of the potential factors that can impact on knowledge transfer risks.

The results provide more valuable information to managers in alleviating knowledge transfer risks in R&D networks. For one thing, the study indicates how focal firms' control (core technological capability and network position) can be taken advantage of improving R&D efficiency and reducing the knowledge transfer risks. For another, the results emphasize that relational capability plays an important role in interacting with cooperative enterprises in the process of R&D activities.

Few studies present a theoretical discussion on focal firms control as the important determinants of knowledge transfer risks especially in the R&D network. Moreover it expands the related risk management theory by relational capability that mediates the relationship between focal firms control and knowledge transfer risks.

The purpose of this paper is to ease the ISO 31000 standard understanding and provide mechanisms that allow organizations to adopt and adapt this standard to their reality.

The research methodology adopted in this research was the design science research methodology.

Key finding is that enterprise architecture (EA) models and EA tools can help reduce the complexity of the ISO 31000 standard and improve the communication between stakeholders.

The research proposal serves the purpose of supporting the evidence collection for an enterprise risk management (ERM) initiative in an as-was, as-is, or to-be perspective.

Traditional ERM efforts operate on silos, limiting the sharing of risk information and the achievement of an organization-wide view of risks. EA can provide a common way to model complex business systems, from the strategic level to implementation details. This paper proposes the use of an EA model and an EA tool (Atlas) to represent ISO 31000, allowing a better understanding on the value of assets that can be affected from the manifestation of some risks over time.

To provide the strategic model of approach which helps enterprise executives to solve the managerial problems of planning, implementation and operation about information security in business convergence environments.

A risk analysis method and baseline controls of BS7799 were used to generate security patterns of business convergence. With the analysis of existing enterprise architecture (EA) methods, the framework of the enterprise security architecture was designed.

The adaptive framework, including the security patterns with quantitative factors, enterprise security architecture with 18 dimensions, and reference models in business convergence environments, is provided.

Information assets and baseline controls should be subdivided to provide more detailed risk factors and weight factors of each business convergence strategy. Case studies should be performed continuously to consolidate contents of best practices.

With the enterprise security architecture provided in this paper, an enterprise that tries to create a value‐added business model using convergence model can adapt itself to mitigate security risks and reduce potential losses.

This paper outlined the business risks in convergence environments with risk analysis and baseline controls. It is aguably the first attempt to adapt the EA approach for enterprise executives to solve the security problems of business convergence.

The pervasive use of information technology in enterprises of every size and the emergence of widely deployed ubiquitous networking technologies have brought with them a widening need for security. Information system security policy development must begin with a thorough analysis of sensitivity and criticality. Risk analysis methodologies, like CRAMM, provide the ability to analyse and manage the associated risks. By performing a risk analysis on a typical small enterprise and a home‐office set‐up the article identifies the risks associated with availability, confidentiality, and integrity requirements. Although both environments share weaknesses and security requirements with larger enterprises, the risk management approaches required are different in nature and scale. Their implementation requires co‐operation between end users, network service providers, and software vendors.

The reason for concern is the rapid decline in loans to small enterprises which is critical to their performance, compared to large businesses following the periods of banking reformations in Nigeria. Thus, the purpose of this paper is to investigate the influence of risk perception on bank lending behaviour to small enterprises. It also investigates the impact of government intervention, consolidation and recapitalization on the relationship between risk perception and bank lending behaviour to small enterprise.

This study empirically analysed (ordinary least square) secondary data obtained from the Central Bank of Nigeria Statistical Bulletins, Annual Statement of Accounts covering the period 1992–2020.

The results show that the absence of government interventions and the presence of banking reformations have statistically negative significant effect on bank lending to small enterprises. The findings challenge the argument that generally assumes risk aversion of banks towards small enterprise lending because of small enterprise’s inability to prove their credit worthiness and consequently constraining access to finance to the sector. Instead, the results and analysis from this study found theoretical support for the variation of bank behaviour in lending to small enterprises depending on the status of wealth of the financial system.

A key lesson from this study for government concerned about promoting performance of the small enterprise sector is that regulating and enforcing lending requirements on access to debt financing of the sector is necessary if constraints in access debt finance is to be eliminated. Second, while strategies such as bank consolidation, recapitalization may help strengthen and make financially robust the banking system; it places the banks in a gain position where losses looms to them than gain.

This study challenges the argument that generally assumes risk aversion of banks towards small enterprise lending as a result of inability to prove their credit worthiness and consequently constraining access to finance to the sector. Instead, the results and analysis from this study reveal a variation in lending to small enterprises and suggests that the position of the bank in relation to a reference point influences how risk is perceived by the bank and thus impacts on their risk decision-making behaviour.