Search results

This study aims to explore the controllability of risk culture, identify and categorize risk culture controls used in firms and explore how industry and ownership structure affect the use of different risk culture controls.

This explorative study is based on 32 semi-structured interviews with 37 participants who are heads of risk management or top managers in German firms from different industries with different ownership structures.

Interviewees perceive risk culture to be largely controllable. The authors identify a wide spectrum of risk culture controls, ranging from leadership and motivational controls to risk competence controls; in each category, the authors find value-, symbol- and clan-based controls. Leadership controls were most extensively discussed by the interviewees. The use of risk culture controls varied based on industry and ownership structure.

Due to the explorative character of the approach, the authors cannot claim representativeness for the results. The study is limited to one point in time and to a German sample. The findings imply that companies should select risk culture controls according to their own context and that implementation requires support by the top and middle management.

The authors respond to the call for more organizational studies on risk management that consider cultural paradigms (Arena et al., 2010; Mikes, 2011; Power, 2009). The study systematically identifies risk culture controls used in corporate practice and categorizes them. It provides tentative evidence of the relevance of context-specific factors for the use of risk culture controls.

Driving for work has been identified as potentially one of the riskiest activities performed by workers within the course of their working day. Jurisdictions around the world have passed legislation and adopted policy and procedures to improve the safety of workers. However, particularly within the work driving setting, complying with legislation and the minimum safety standards and procedures is not sufficient to improve work driving safety. This chapter outlines the manner in which safety citizenship behavior can offer further improvement to work-related driving safety by acting as a complementary paradigm to improve risk management and current models and applications of safety culture.

Research on concepts associated with risk management and theoretical frameworks associated with safety culture and safety citizenship behavior are reviewed, along with their practical application within the work driving safety setting. A model incorporating safety citizenship behavior as a complementary paradigm to safety culture is proposed. It is suggested that this model provides a theoretical framework to inform future research directions aimed at improving safety within the work driving setting.

The main objective of this study is to investigate an impact of organizational culture on supply chain risk and strategic sourcing. It also examines the relationship between organizational culture and strategic sourcing. By collecting 159 survey responses from supply, executives and managers of U.S. manufacturing firms, it provides empirical evidence that organizational culture and strategic sourcing mitigate supply chain risks. Organizational culture also makes a positive impact on the implementation of strategic sourcing. This study emphasizes the importance of cultural impacts to supply executives and managers in supply chain risk management.

The vulnerability issue in supply chains is among the most pressing concerns that firms are currently facing. As a preliminary attempt to address the lack of empirical research, this paper aims to primarily explore the relationship between vulnerability mitigation strategies and supply chain effectiveness with security culture as a moderator.

Data are gathered via a survey of 209 Indonesian manufacturing firms. The data are analyzed using partial least squares technique.

Results indicate that supply chain visibility, supply chain flexibility and supplier development strategies positively affect supply chain effectiveness. Moreover, risk culture positively moderates the effects of supply chain visibility and supplier development on supply chain effectiveness.

The findings may improve supply chain effectiveness by mitigating the effects of vulnerability causes.

This study contributes to the advancement of knowledge on the relationships between vulnerability mitigation strategies and supply chain effectiveness.

This study aims to explore how risk culture – tone at the top (TATT) and informed risk decision (IRD) – can affect the effectiveness of risk management (EORM) in the government.

The authors experimented on 84 civil servants working in central and local governments in Indonesia, focusing on vital local governments and critical ministries/institutions in central governments.

TATT and its interaction with IRD do not affect the EORM, while IRD and socialization of risk affect and improve it. A weak TATT, low commitment and ineffective implementation of risk culture to the lower-middle echelon may impair a country’s risk management (RM) practice. IRD with socialization is also the key to improving decision-making and RM.

This paper illuminates the possibility of risk culture in regulating the EORM in the governmental general planning process using the experiment as the research method and provides different facets in the application of risk culture in the government, where the focus is on policy-making, budgeting and planning aspects by involving several important ministries, institutions and strategic local government’s civil servants.

Although risk culture is a key determinant for an effective risk management, identifying the risk culture of a firm can be challenging due to the abstract concept of culture. This paper proposes a novel approach that uses unsupervised machine learning techniques to identify significant features needed to assess and differentiate between different forms of risk culture.

To convert the unstructured text in our sample of banks' 10K reports into structured data, a two-dimensional dictionary for text mining is built to capture risk culture characteristics and the bank's attitude towards the risk culture characteristics. A principal component analysis (PCA) reduction technique is applied to extract the significant features that define risk culture, before using a K-means unsupervised learning to cluster the reports into distinct risk culture groups.

The PCA identifies uncertainty, litigious and constraining sentiments among risk culture features to be significant in defining the risk culture of banks. Cluster analysis on the PCA factors proposes three distinct risk culture clusters: good, fair and poor. Consistent with regulatory expectations, a good or fair risk culture in banks is characterized by high profitability ratios, bank stability, lower default risk and good governance.

The relationship between culture and risk management can be difficult to study given that it is hard to measure culture from traditional data sources that are messy and diverse. This study offers a better understanding of risk culture using an unsupervised machine learning approach.

Purpose – This article examines management accounting practice in relation to the two aspects of Enterprise Risk Management (ERM): risk management and internal controls.

Methodology/Approach – We conducted a survey of experienced management accountants to find out about the risk management and internal control aspects of their current ERM practices, and their perceived effectiveness in performing various ERM roles, within the context of the ERM culture and the level of information systems support for ERM in their organizations.

Findings – In terms of the risk management aspects of ERM, the management accountants in the survey contribute highly to managing risks of a financial or compliance/legal nature and tend to focus mostly on risks with potentially higher impact and higher likelihood of occurring. In terms of the internal control aspects of ERM, they play a highly important role in ERM activities related to prevention and internal risk treatment. Their organizations have an ERM culture that is perceived as open to challenging discussions about risk and have implemented IS support for management accounting in areas such as information security and standardized information architecture. Overall, the effectiveness of their contributions to ERM is perceived to be high in the areas of compliance and finance-related risk.

Originality/Value – We develop a framework and offer empirical evidence about the ERM contributions of management accountants. We propose and use two original scales: one to classify ERM activities, and the other to assess ERM culture.

One of the most familiar nostrums of the public management reform literature is that public managers must be risk takers (e.g. Gore, 1993). As is so often the case with prescriptions for public management reform, there is much more advice about risk-taking, its merits and demerits, than there is research on its the incidence, causes and effects of public management risk-taking. Only a handful of studies have actually provided systematic evidence about public agencies’ risk-taking (e.g. Bellante & Link, 1981; Berman & West, 1998; Bozeman & Kingsley, 1998) and some of these studies point to the complexities of conceptualizing and measuring public management risk.

This article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.

This is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.

The results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.

This paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.

Risk appetite is widely accepted as a guiding metaphor for strategic risk management, yet metaphors for complex practice are hard to critique. This paper aims to apply an analytical framework comprising three categories of flaw – futility, perversity and jeopardy – to critically explore the risk appetite metaphor. Taking stock of management literature emphasising the need for metaphor to give ideation to complex management challenges and activities and recognising the need for high-level metaphor within strategic risk management in particular, the authors propose a means to scrutinise the risk appetite metaphor and thereby illustrate its use for further management metaphors.

The authors apply a structured analytical perspective designed to scrutinise conceivably any purportedly progressive social measure. The three flaw categories are used to warn that organisational risk appetite specifications can be: futile vis-a-vis their goals, productive of perverse outcomes with respect to these goals and so misleading about the true potential for risk management as to jeopardise superior alternative use of risk management resource. These flaw categories are used to structure a critical review of the risk appetite metaphor, which moves towards identifying its most fundamental flaws.

Two closely interrelated antecedents to flaws discussed within the three flaw categories are proposed: first, false confidence in organisational risk assessment and, second, organisational blindness towards contributions of behavioural risk-taking to true organisational risk exposure. A theory of high (over-optimistic, excessive or inappropriate) risk-taking organisations explores flaws within the three flaw categories with reference to these antecedents under organisational-cultural circumstances where the risk appetite metaphor is most needed and yet most problematic.

The paper is highly original in its representation of risk management as an organisational practice reliant on metaphor and in proposing a structured means to challenge it as a dominant guiding metaphor where it has gained widespread uncritical acceptance. The discussion is also innovative in its representation of high risk-taking organisations as likely to harbour strong managerial motives, aptitudes and capacities for covert and illicit forms of risk-taking which, being subversive and sometimes reactionary towards risk appetite specifications, may cause particularly serious futility, perversity and jeopardy problems. To conclude, the theory and its implications are summarised for practitioner and educational use.