Search results

Government reforms have seen shifts from rules-based to principles-based risk regulatory governance. This paper examines the effects of principles-based risk regulatory reforms on public sector risk management (RM) and management control practices in public sector organizations (PSOs).

The principles-based regulation focuses on providing autonomy to PSOs while maintaining control over their actions without direct intervention. This resonates with Foucault's notion of how modern forms of governments operate. The research is informed by Foucault's concept of governmentality. The authors conducted a qualitative field study of an Australian PSO, gathering and analysing data from interviews, focus groups, and archival documents.

The findings show the capillary modes by which principles-based risk regulatory regime penetrates and works with management control practices in pursuit of regulatory goals within the PSO the authors studied. In addition, the authors find that the principles-based approach (focusing on autonomy) and rules-based approach (focusing on control) are not opposites in kind and effect but rather, autonomy should be understood as a central pillar of control. Furthermore, the findings show how cultural controls and formal controls are not in conflict but are interconnected in RM practices, with cultural controls providing control architecture for RM and formal control translating the control architecture into routines. Finally, the study provides insights into how enterprise risk management (ERM) provides capabilities for and routinizes RM practices in a PSO and the management control systems (MCS) that enabled this to occur.

The paper provides novel insights into how MCS are infiltrated, mobilized and deployed to enact principles-based risk regulatory reforms. These insights are useful for regulators, practitioners and researchers.

The first purpose of this paper is to investigate whether corporate governance mechanisms, in particular the characteristics of the board, audit committee and risk management committee, are associated with the level of disclosure in integrated reports of South African listed firms. The second purpose of this paper is to analyze how integrated reporting (IR) affects the sustainable development goals (SDGs).

This paper uses a mixed methods approach. First, a multiple regression analysis is used to estimate the impact of corporate governance mechanisms on IR practices of a sample of South African listed firms during the period between 2019 and 2021. Using the content analysis method to measure the level of IR, disclosures were measured using a disclosure index consisting of 60 information items developed from the IIRC framework and previous studies. Second, based on a database containing 33 articles in the Meditari Accountancy Research journal with a publication date from 2013 to 2021, a systematic review of the academic literature focusing on IR is conducted to analyze how IR influences SDGs.

The results indicate that board size, board independence and risk management committee independence have a positive effect on IR practices. However, board expertise, board activity, audit committee independence, audit committee size, audit committee expertise, audit committee meetings, risk management committee expertise, risk management committee meetings, risk management committee size and the auditor type are negatively related to IR practices. The results also indicate that IR has an important role in achieving SDGs by relying on integrated thinking that integrates sustainability into the enterprise’s strategy and helps the integration of capitals. In addition, sustainable business models create long-term values.

This study was limited to a sample size of 75 firms, which is country-specific; however, it sets the tone for future empirical research on the subject matter. This study provides an avenue for future research in the area of corporate governance and IR practices in other emerging countries, especially other African countries.

This study provides useful insights for managers and policymakers to better understand which corporate governance mechanisms can best encourage a company to improve IR practices.

To the best of the author’s knowledge, this study is, perhaps, the first to examine the effect of risk management committee characteristics on IR practices. This study provides new insight into the contribution of accounting research toward the achievement of SDGs.

The purpose of this paper is to analyse how fish farmers manage climate-related risks and explore possible ways to strengthen risk management under current and future climate.

In total, 662 fish farmers in sites across Northern Thailand were interviewed about risks to the profitability of their fish farms and ways such risks were managed. Nonlinear canonical correlation analysis was used to relate risk factors to management practices at farm and river levels. In total, 68 in-depth interviews with farmers and other stakeholders provided additional information on climate risk management practices.

Farmers use a combination of adjustments to rearing practices, cropping calendars and financial and social measures to manage those risks, which they perceive as being manageable. Many risks are season, river and place specific; implying that the risk profiles of individual farms can vary substantially. Individual risks are often addressed through multiple practices and strategies; conversely, a particular management practice can have a bearing on several different risks. Farmers recognize that risks must be managed at farm and higher spatial and administrative scales. Social relations and information play critical roles in managing these complex combinations of risks.

This is one of the first papers to report in detail on how inland fish farmers manage climate-related risks. It underlines the need to consider multiple spatial and temporal scales and that farmers do not manage individual climate-related risks in isolation from other risks.

The purpose of the paper is to determine if owners of small manufacturing companies manage supply risk in similar ways and identify the practices constituting this potential joint approach.

An interpretive case based methodology was applied in this research. Interview data on the supply risk management practices of 11 SCOs (small company owners) were analysed.

The findings confirm that the 11 studied SCOs apply largely the same supply risk management practices, which can be characterised as defensive. The approach covers risk elimination practices such as knowledge protection and local sourcing as the major practices, combined with relational practices such as fairness, loyalty, and seeking out responsive, dependable, and like‐minded suppliers.

The study focuses exclusively on small manufacturing companies. Studies of other types of companies, such as trade or hi‐tech companies might reveal other practices.

The SCO supply risk management approach is optimised to simultaneously reduce supply risks and resource and time consumption. Especially the relational practices may be feasible alternatives and valuable to supply chain managers and purchasers. Local sourcing and knowledge protection are effective practices, but tend to work at the expense of supply chain opportunities.

No studies of small company supply risk management exist in the literature, despite the increased focus on supply risk management and small company purchasing/SCM. The study addresses this gap by offering insights into small company supply risk management practices.

The purpose of this study is to examine the nature of the risk management practices of Islamic banks as recommended by the Islamic Financial Services Board (IFSB) in managing their unique risks. This study also explores the differences in risk management practices based on the country, size, type and age of the bank.

A questionnaire was developed to investigate the risk management practices. The main reference for the questionnaire was the IFSB Guiding Principles of Risk Management and the respondents were either the chief risk officers or holders of other senior positions involved in risk management in the Islamic banks. A non-parametric test was then conducted to explain the difference in mean scores for the unique risk management practices by the Islamic banks.

A lack of effective risk management practices was found in relation to liquidity risk, displaced commercial risk and equity investment risk by Islamic banks. However, Islamic banks were comparatively good in managing operational risk/Shari’ah non-compliance risk. The study found that there was a significant difference in the practice of equity investment risk management based on the size, type and age of the Islamic bank. In addition, a significant difference was found between the Islamic banks in the Middle Eastern and North African (MENA) and Asian countries concerning the practice of both displaced commercial risk and operational risk/Shari’ah non-compliance risk management.

In spite of the limitations in non-parametric analysis, this analysis was preferred inasmuch as the data were measured on an ordinal scale with a small sample size.

This study is among the few studies that examine and explore the risk management practices of Islamic banks internationally by explaining the unique risks encountered in Islamic finance.

The purpose of this paper is to investigate the interplay between risk management and uncertainty and the contextual variability of risk management practice. More precisely, the research empirically measures the relation between the extent of use of risk management and the level of project uncertainty.

The research defines risk management from an empirical perspective., i.e. from an empirically‐identified set of tools that is actually used to perform risk management. This toolset is derived from the results of an ongoing major worldwide survey on what experienced practitioners actually do to manage their projects. This paper directly relates uncertainty to the degree of project definition. It uses a sample of 1,296 responses for which the interplay between risk management and uncertainty could be measured.

The results are very coherent. They verify and empirically validate many of the propositions drawn from a review of the literature. But results challenge some of the propositions found in the conventional project management literature and some commonly held views. The research shows that the use of risk management practices and tools is negatively related to the degree of project uncertainty. This somewhat counter‐intuitive result is consistent with a general tendency for all project management tools and techniques to be used more intensively in better defined contexts.

The empirical investigation of actual risk practices and their contextual variability can help better understand risk management practice and manage risks better. The research also clarifies the concepts of uncertainty, risk and risk management.

The results confirm some well‐known assumptions about practices, but at the same time produced unexpected results that can stimulate the development of new practices adapted to highly uncertain contexts. The project management field needs to develop new responses for specific contexts for which it was not primarily developed. The results of this research point in the direction of such a need for ill‐defined projects and highly uncertain contexts.

This study investigates firm attributes (namely level of capitalisation, scope of operation, organisational structure, organisational lifecycle, systemic importance and size) affecting the robustness of enterprise risk management (ERM) practice, the extent to which ERM affects the performance of banks and the impact of ERM on the long-term sustainability of banks in Nigeria. This was against the backdrop that the 2012 banking reform was a major regulatory intervention that mainstreamed ERM in the Nigerian banking sector.

The study employed a mixed methodology of content, trend and quantitative analyses. Ex post facto research design was deployed to analyse performance differential of banks, with respect to the implementation of ERM, over a 10-year period (2008–2017). A disclosure checklist developed from the COSO ERM integrated framework was used to assess the robustness of ERM by content-analysing divulgence on risk management in published annual reports. The banking reform periods were dichotomised into pre- (2008–2012) and post- (2013–2017) reform periods. Jonckheere–Terpstra test, independent sample t-test and Mann–Whitney test were applied to analyse a total of 1,036 firm-year observations over the period 2008–2017.

Result shows that bank attributes significantly affecting the robustness of risk management practice are level of capitalisation, scope of operation, systemic importance and size. Performance of banks improved slightly during the post-2012 banking reform period. This suggests that as banks consolidate on the gains of ERM, benefits of the regulatory policy on risk management may be realised in the long run. Result also shows that ERM enhances long-term performance, connoting that effective risk management could serve as a competitive strategy for surviving turbulence that typically characterises the banking sector.

The emergence of level of capitalisation, scope of operation, systemic importance and size as determinants of ERM provides empirical evidence to support the practice of reviewing the capital requirements for banking business from time to time by regulatory authorities (i.e. recapitalisation policy) as a strategy for managing systemic risk. Top management of banks may consider instituting mechanisms that will ensure risk management is given prominence. A proactive approach must be taken to convert risks to opportunities by banks and other financial institutions, going forward, to cope with the vicissitudes of financial intermediation.

The originality of the study stems from the consideration that it provides some new insights into the impact of ERM on banks long-term sustainability in a developing country. The study also contributes to knowledge by exposing the factors determining the robustness of risk management practice. The study developed a checklist for assessing ERM practice from annual reports and other risk management disclosure documents. The paper also adds to the scarce literature on risk governance and risk management.

This study aims to explore the formation of municipal risk management (RM) and the reasons for the differences of RM practices between the seven biggest cities in Finland.

The empirical data of this comparative qualitative case study comprises 33 interviews conducted with municipal managers. Supplementary material includes documentary material on municipal rules governing RM as well as annual reports and risk tools used in the municipalities.

This study found differences in cities with respect to when, how and why RM practices had evolved. The results indicate that differences in RM practices and development paths between cities are largely explained by the differences in the original reason to initiate RM, time span since its introduction, professional and educational backgrounds of risk managers, local risk events and accounting infrastructure such as RM tools developed in a city. These findings also suggest that even within the same municipality, different functions can be at different phases regarding RM.

This study reports on RM as a new form of accounting in the field of Finnish municipalities. This highlights how fairly uniform considerations at the field level lead to variation in the elaboration of RM practices at the municipal level. The study finds that different paths in the development of local RM involve iterative evolution between the phases of emergence, largely explained by contextual differences. This study contributes to understanding the emergence of new accounting forms in a municipal RM context.

Risk management is an under-explored topic in information systems (IS) research that involves complex and interrelated activities. Consequently, the authors explore the importance of interrelated activities by examining how the maturity of one type of information technology risk management (ITRM) practice is influenced by the maturity of other types of ITRM practices. The purpose of this paper is to explore these relationships, the authors develop a model based on organizational strategy implementation theory and the COBIT framework. The model identifies four types of ITRM practices, namely, IT governance (ITG); communications; operations; and monitoring.

The authors use a survey methodology to collect data on senior information technology (IT) executives' perceptions on ITRM practices. The authors use an exploratory factor analysis (EFA) to identify four dimensions of ITR M practices and conduct a structural equation model to observe the associations.

The survey of senior IT executives' perceptions suggests that the maturity of ITRM practices related to ITG, communications and monitoring positively influence the maturity of operations-related ITRM practices. Further, the maturity of communications-related ITRM practices mediates the relationship between ITG and operations-related ITRM practices. The aggregate results demonstrate the inter-relatedness of ITRM practices and highlight the importance of taking a holistic view of ITRM.

Given the content and complexity of the study, it is difficult to obtain senior executives’ responses in large firms. Therefore, this study did not use a separate sample to conduct the EFA to obtain the underlying four constructs. Also, the ITRM practices identified are perceptions. Even though the authors consider this to be a limitation, it also communicates the pressing areas that senior IT professionals are expected to focus given various external and internal pressures. This study focuses on large firms, hence, small to midsize firms are not well represented.

Given the demanding regulatory and financial reporting requirements and the complexity of IT, there is an increasing possibility that the accounting profession will require IT professionals to focus on operations-related ITRM practices, such as security, availability and confidentially of data and IS are closely related to internal controls. However, as this study demonstrates, the maturity of operations-related ITRM practices cannot be achieved by focusing solely on operations-related IT risks. Therefore, IT practitioners can use this study to raise awareness of the complex interrelationships among ITRM practices among managers to improve the overall ITRM practices in a firm.

The study also shows the importance of establishing proper communication channels among various business functions with regard to ITRM. Extant IT research identifies the importance of the firm’s communication structure on various firm performance measures. For example, Krotov (2015) mentions the importance of communication in improving trust between the Chief Executive Officer and Chief Financial Officer. Firms with established communication channels have the necessary medium to educate and involve other departments with regard to the security of data. Thus, such firms are more likely to have mature risk management practices because of increased awareness of risks and preventive techniques.

The study contributes to ITG and risk management literature by identifying the role of monitoring-related ITRM practices on improving other areas of risk management. The study also extends the existing ITRM literature by providing an organizational strategy perspective to ITRM practices and showing how ITRM practices follow organizational strategy implementation. Further, the authors identify four underlying ITRM categories. Consequently, researchers could choose between two factors (Vincent et al., 2017) or four factors based on the level of detail required for the particular study.

The purpose of this paper is to identify patterns of project risk management (PRM) practices’ adoption, and provides empirical evidence concerning the importance (and key attributes) of organizational PRM maturity to the use of risk-related practices and project performance.

The research involved two phases: interviews with five project managers, and a worldwide survey of project managers that resulted in the analysis of 865 valid questionnaire responses. Cluster analysis was used to classify PRM practices’ use, factor analysis to detect the structure of the relationship between the variables measuring PRM practices’ use and a multiple regression analysis (with canonical correlation) to further reveal the different degrees to which PRM practices and organizational maturity are associated.

The identified patterns of risk practices’ adoption indicate that different contexts of organization PRM maturity and project complexity influence practices selection. The PRM practices related with targets (e.g. time-phased budget plan) are the most used, and those related to tools and techniques (e.g. S-curve) are the least used. Additionally, the obtained results confirm that organizational PRM maturity influences risk practices’ usage, moderated by project complexity, and organizational PRM maturity influences project performance.

Empirical methods were used to investigate the relationship between organizational PRM maturity and a large set of PRM practices with project complexity as a moderator. Gaps in the use of PRM practices (i.e. areas where more PRM knowledge and training are needed) were identified. Finally, this work identifies the attributes of organizational maturity with implications in practices’ usage and project performance.