Search results

Since the mid-1990s, enterprise risk management (ERM) has proliferated in both the private and public sector as a holistic, enterprise-wide approach to risk management. In this chapter, we begin by exploring the economic, regulatory and professional context of ERM practices in Norway. To gain an understanding of the current state of ERM practices among Norwegian entities, we have conducted a survey among members of the Institute of Internal Auditors (IIA) Norway. Based on the survey data, we go on to analyse the perceived maturity of risk management practices of the surveyed organizations, as well as their integration of risk management with governance mechanisms and accounting practices. Four main findings emerged from the survey. We firstly observed that a majority of the respondents perceived that they had implemented ERM. Secondly, the average maturity of risk management practice is at a medium level, with ambitions to improve it further in the future. We further observed that a majority of the organizations have established risk management governance structures regarding the roles of risk management. However, there is still work to be done in relation to risk management functions in order for them to gain more attention and influence in the organizations. Finally, we find that risk management is more integrated with reporting processes than with strategic and performance planning processes, suggesting a more reactive than proactive approach to managing risks.

This exploratory study attempted to determine the level of formalization and implementation of corporate governance and risk management practices, and the role of human resource management in the design and formulation of such practices. This study also attempted to derive some patterns of association among the variables studied, including the degree to which specific human resource management practices were linked with the overall corporate governance and risk management objectives. Human resource management was consulted from time to time during the formulation of strategic plan, the design of behavioral control mechanisms, and the development of risk management guidelines and formal corporate culture programs. However, it was consulted only during implementation of corporate governance structures at the board level. Generally, human resource management involvement in the formulation of corporate governance and risk management mechanisms was related to the degree of formalization and implementation of such mechanisms, but not to the degree of congruence of human resource management functions with corporate governance and risk management objectives. However, the degree of formalization and implementation of corporate governance structures at the board level was related to the degree of congruence of human resource management functions with corporate governance and risk management objectives and the driver measures of performance. The latter was likewise related to mechanisms of behavioral control.

Understanding the context of any subject is crucial and this is certainly true of risk management in the public sector. Undoubtedly, what we face today is the highly path-dependent result of what has happened in the past. And, what happens today in a local government, for example, is very much influenced by the wider current situation that surrounds it. Further, it must be said that even the future can be part of the present context (climate change would be a stark example of this).

Described in this way, it seems a daunting challenge to understand past, present, and future – and, indeed, it verges on the impossible. The remaining chapters of this book revisit the context through the lens of the various components of risk management (assessment, analysis, forecasting, and more) and by looking at the present and future through the concepts and principles used by risk managers. Here, in Chapter Three, the issue of context is first considered by examining the relationship between past and present with specific reference to risk management as a management practice. Thus, the chapter does not specifically address how uncertainty is assessed, or how insurance is used, or even how a risk management programme operates – these are topics for later chapters. Rather, the history of risk management is presented as a narrative that seeks to explain how risk management has evolved into what it is today.

Finally, the chapter leads into the present by providing an overview of the current public environment in Europe. This allows the book to develop both a history of how risk management became what it is today, and to understand the key risks and uncertainties that define the current context. Chapter Four presents the administrative nature of today’s practices and offers some speculation about alternative ways of thinking about risk management practices now and in the future.

Traditional or technical risk management practices have been observed in local governments since the early 1960s. These practices tended to focus on the management and control of insurable risks (fires, thefts, and liability suits), as well as responsibility for insurance purchasing, for occupational safety and health, security, and similar matters. Later, financial risk management became a rather distinct technical practice, among other technical additions.

Chapter Three focussed on developments since the late 1980s, notably a general trend of expansion and extension of risk management followed closely by a rapidly evolving view – both in academia and in practice – that risk management should take an organisation wide and integrated stance and that this integration would be demonstrably value adding. Recent legal, regulatory, and best practice initiatives have further accelerated the expansion of risk management. But while this expansive view, ultimately emerging as enterprise risk management (ERM), is well advanced in the private sector, it has not penetrated the public sector in any significant way. And, indeed when it has been applied, it has revealed several fundamental problems. As a result, the current state of risk management is somewhat less easily summarised than might be expected. Traditional (hereafter ‘technical’) practices remain uneven, though widespread; holistic ERM-like efforts are somewhat widely – but inconsistently – implemented in the private sector while in the public sector technical practices are seen, though to a lesser degree, and there have been very few ERM adoptions. Nevertheless, as sometimes happens, the presence of an idea (ERM) has been highly influential and sufficient to reorient thinking about risk management.

For discussion and clarity purposes, this chapter introduces the concept public organisation risk management (PORM). Clarity is important, but the concept PORM serves a second function here. It provides a label that allows actual technical practices to be linked to the ERM ideas that shape thinking about risk management in the public sector. Furthermore, this concept also allows for the inclusion of some even more recent developments (beyond ERM) that will lead to an alternative framing of risk management in the final chapters. PORM, therefore, ultimately involves an inclusion of past, present, and future thinking about risk management in public sector organisations.

This chapter aims to advance the debate on enterprise risk management (ERM) frameworks within different contexts. We discuss the economic, business and regulatory environments that set the framework for company risk management practices in Lithuania while contrasting ERM features at the company level. ERM practices are examined using two company cases – a private business company and a state-owned enterprise (SOE), and evidence is based on interviews with their management, as well as their documentation. The findings indicate the co-existence of a functional vs systematic approach to risk management. Moreover, evidence supports the notion of the shifting of risk management from a functional risk management approach to a systematic approach within risk portfolio management. We assume that risk management is a conceptualized subject of management and research, with a rather weak connection with enterprise goals and operations.

The present chapter tries to assess the state of art of enterprise risk management (ERM) among Portuguese non-financial companies regarding two main aspects: the ERM background in Portugal and the level of disclosure of ERM practices by non-financial listed companies. Since the analysis of disclosures is useful to understand the level of evolution and adoption of ERM framework we tried to assess the ERM practices disclosed by 26 Portuguese non-financial listed companies at the Euronext Lisbon Stock Exchange regulated market, during the period of 2006–2016. Main findings indicate that regulation on ERM in Portugal emanates from three main Codes (The Portuguese Companies Code, The Stock Exchange Code, and The Corporate Governance Code). The ERM professionalization in Portugal is its infancy and has been promoted mainly by the Institute of Portuguese Internal Auditors. Moreover, research on topics such as risk reporting and risk management/ERM is very scarce. Overall, findings of prior literature are consistent with results from our exploratory study. We conclude that Portuguese non-financial listed companies still disclose very little information on ERM activities. However, over the period of analysis, the disclosure practices evolved positively. Findings show that ERM disclosure can still be extensively improved in the future.

The purpose of this chapter is to review the risks Islamic financial institutions face in an emerging market context, including risk sharing in Islamic financing and Shari’ah (Islamic law) compliance risk. We explore current risk management practices and establish the link between risk management and the financial performance of banks and the efficiency and effectiveness of financial sectors in emerging markets. Because of their distinctive risk profile, Islamic finance institutions face challenges in risk management. We show that Islamic banking is riskier in emerging markets because of the presence of immature money markets, limitations in the availability of lender of last resort facilities, and deficiencies in market infrastructure. There is also no evidence that Islamic banks have developed effective solutions for managing the risks conventional banks face as well as their own unique risks. We suggest that the countries that do this best are those that prioritize the structure of risk management knowledge and capabilities in a single financial regulator.

Purpose – This article examines management accounting practice in relation to the two aspects of Enterprise Risk Management (ERM): risk management and internal controls.

Methodology/Approach – We conducted a survey of experienced management accountants to find out about the risk management and internal control aspects of their current ERM practices, and their perceived effectiveness in performing various ERM roles, within the context of the ERM culture and the level of information systems support for ERM in their organizations.

Findings – In terms of the risk management aspects of ERM, the management accountants in the survey contribute highly to managing risks of a financial or compliance/legal nature and tend to focus mostly on risks with potentially higher impact and higher likelihood of occurring. In terms of the internal control aspects of ERM, they play a highly important role in ERM activities related to prevention and internal risk treatment. Their organizations have an ERM culture that is perceived as open to challenging discussions about risk and have implemented IS support for management accounting in areas such as information security and standardized information architecture. Overall, the effectiveness of their contributions to ERM is perceived to be high in the areas of compliance and finance-related risk.

Originality/Value – We develop a framework and offer empirical evidence about the ERM contributions of management accountants. We propose and use two original scales: one to classify ERM activities, and the other to assess ERM culture.

Risks are an integral part of business, and enterprise risk management (ERM) is making its way towards effectively leading enterprises in addressing these risks. This chapter seeks to describe how European ERM practitioners minimize the risks they face by taking into consideration insights from the sector's best practices reflected in the ISO 31000 Risk Management Guidelines, COSO's ERM framework, contributions from university researchers, from the national risk management associations and the Federation of European Risk Management Associations (FERMA). This chapter will underscore the need for total alignment of practices and make a case for the need to align between ERM, governance, accounting and disclosure systems. In addition, there is no doubt that ERM – when incorporated in operations through appropriate governance mechanisms and accounting practices – could help firms respond to real-time volatilities more effectively. However, ERM practitioners' perspectives differ slightly from those of accountants in that no extensive legally binding rules are required in risk management, and a different scope of work is pursued.

Most non-financial companies in Greece do not have an ERM function nor present one in their organizational charts. The enterprise risk management is still more theory than practice even for companies that have embraced it so far, and in general the enterprise risk management seems to be at its infancy in Greece with only some prominent and mature organizations showing the way forward. The aim of this study is to provide some reflections about risk disclosure in annual reports and accounting practices in Greece. Although companies in Greece do seem reluctant to apply ERM, during last years, non-financial information demonstrated to emerge within financial statements and annual reports, giving a broader perspective to risk.