LITERATURE REVIEW: ON ENTERPRISE RISK MANAGEMENT
ELK ASIA PACIFIC JOURNAL OF FINANCE AND RISK MANAGEMENTSSN 2349-2325 (Online); DOI: 10.16962/EAPJFRM/issn. 2349-2325/2015; Volume 8 Issue 3 (2017)www.elkjournals.com LITERATURE REVIEW: ON ENTERPRISE RISK MANAGEMENTRam NiraliaABSTRACTThe current study intends to examine the previous researches on Enterprise Risk Management (ERM). On examining theprevious researches it is evident that there has been very limited work done on ERM. Furthermore, both primary basedand secondary based approaches adopted by the studies which are taken into account shall be reviewed in this paper. It isnoted that the previous studies based Risk Management (ERM) have mostly used primary data for research purposes. Thescope of the previous studies are inclusive of va riables such as financial institutions, construction, consumerproducts, service sector, technology, industrial products, plantation, and trade and services, and these studies usedinterviews and questionnaires through mail. Thereafter, evidently studies based on secondary data sources are noted to beinclined on companies based on industrial products, of which the data gathered is from the annual reports.Key words: Literature Review, Enterprise Risk Management, Primary Data, Secondary Data.INTRODUCTION(TRM). In the views of Meulbroek (2002) theThe Enterprise risk management is, in core;meaning of ‘enterprise’ is that to integrateseemingly it is recent as well as persistentlyrisks of diverse kinds; with the help ofused term globally in the current time so as tointegrated toolsrefer risk management approach. As elaboratedalleviates the risks and further connectsby Kawamoto (2001), the overall risks in anacrossenterprise is dealt collectively than individuallyTraditional Risk Management. Thereafter, theand hence this is indicative of one of the coreterm integration in context to ERM as detailedfeatures of ERM. Furthermore, the termby Meulbroek (2002), refers to employing‘enterprise’ in context to Enterprise Risktargeted financial instruments along withManagement (ERM) depicts a distinct meaningadjustments in capital structuring as well asin contrast with Traditional Risk Managementmodification of firm’s operations.andtechniques whichon business levels as compared to
ELK ASIA PACIFIC JOURNAL OF FINANCE AND RISK MANAGEMENTSSN 2349-2325 (Online); DOI: 10.16962/EAPJFRM/issn. 2349-2325/2015; Volume 6 Issue 4 (2015) Furthermore, on examining various researchesit in common mentioned in each of theconducted by scholars such as D’Arcy (2001);definitions given by the scholars aboveKleffner et al. (2003); Hoyt and Liebenbergsummarizes the significance of ERM.(2006); Manab et al. (2007) and Yazid et al.(2009) who are of the opinion that the nameENTERPRISE RISK MANAGEMENT,ERMisalikewithIntegratedRiskITS ORIGIN AND DEVELOPMENTBusinessRiskD’Arcy (2001) suggests that the emergence ofRiskrisk management roots back to 1950s by aManagement (SRM), Enterprise-WideRiskgroup of professors, Robert I. Mehr and BobManagementRiskhedges along with other innovative insuranceRiskprofessors. Furthermore, in the year 1963 cCorporateManagement (CRM), and HolisticManagement (HRM).first text referring to risk management waspublished titled as –“Risk Management and theFurthermore, Enterprise Risk Management(ERM) is defined as an integrated structurewhich involves managing of all business relatedrisks such as market risks, credit risk, economicBusiness Enterprise” with an aim to bring aboutan increment in the productivity and efficiencyof the enterprise specifically focusing on purerisks and speculative risks.capital, operational risk, and risk transfer so asto upgrade the value of the firm as defined byHowever, in the year 1990, evidently in theLam (2000). Whereas, on the other handUnited States the usage of financial tools wasMakomaski (2008) refers to Enterprise Riskprevalent such as ‘futures’ and ‘forwards’.Management as a tool for decision-making inDuring this time notably risk managementcases of companies holding varied businesswas not confined to hazard risks but dealt moregoals. Therefore, Walker et al., (2003) defineswith risks related to finances, strategies andERM as an integrated and a disciplined methodoperational risks. Furthermore, according towhich exists in organizations and facilitatesevidences managers efficiently were known tosystematic managing of firm related risks in anmitigate risks more proactively as a result oforganization and helps in achieving thepressureobjectives of an enterprise. Therefore, instakeholders’ end as a push to take more taskscontext to the above, the Enterprise Riskrather than buying insurances to combat againstManagement is detailed differently by variousthescholars with a persisting integrative feature ofThereafter, as a result managers were seen landcrisis.
ELK ASIA PACIFIC JOURNAL OF FINANCE AND RISK MANAGEMENTSSN 2349-2325 (Online); DOI: 10.16962/EAPJFRM/issn. 2349-2325/2015; Volume 6 Issue 4 (2015) acquire better management techniques andmanagement’ (Traditional Risk Management)better risk information Skipper and Kwonis difficult to be managed separately and hence(2007).the need of it to be managed aesthetically rose.The risks faced by organizations are due toIn reference to risk management, Mangovarious factors the multiplicity of the risks(2007) is of the view that due to the inability toexisting in an organization are operational risk,well define and understand it one could say thatstrategic risk, political risk, technology risk,strategic risk has no certain definition. Helegal risk, financial risk, reputational risk andfurthers the emergence of risk managementhuman capitalcouldregulatoryliterature concerns mostly with the riskspoliticalnamely of four types such as financial risks,impediments. Whereas, according to Li and Liuhazard risk, operational risk, as well as strategic(2002) the uncertainty of loss of organizationrisk (D’ Arcy, 2001; CAS, 2003; Cassidy,in total, where the loss could either be2005). Furthermore, Cassidy (2005) assessedprofitable or non-profitable can be stated asthe existence of Enterprise Risk Managementstrategic risks.in context to organizational activities such asbeoftechnologicaltheresultinnovationsofandrisk. However, notably theplanning, organizing, leading, and controllingIn context to operational risks which is definedby Basel Committee (2001), as the risk of director indirect losses acquired either due to the lackso as to minimize firms’ major risks such asfinancial, strategic and operational risks.or failure of internal processes, people andPRIMARY DATA ANALYSISsystems or due to other related external events.A study by Yusuwan et al., (2008) whichWhereas, the further insight upon operationalfocuses on the practices adopted by riskrisk,managementby ational risk is more related to internalconstruction project companies specifically inproblems such as employee fraud, segregationKlang Valley of Malaysia. The study wasof duties, product flaws, and information risks.conducted to identify the level of awareness ofIn late 1990s the emergence of Enterprise RiskManagement was evident due to the pertainingmultiple perspectives on risks which resulted ina common conclusion stating that ‘riskrisk management, furthermore, to examine thepolicy adopted in order to deal with risks in aconstruction project, and lastly to identify theproblemsandchallengesfacedintheimplementation of risk management. The study
ELK ASIA PACIFIC JOURNAL OF FINANCE AND RISK MANAGEMENTSSN 2349-2325 (Online); DOI: 10.16962/EAPJFRM/issn. 2349-2325/2015; Volume 6 Issue 4 (2015) employed questionnaire survey and interviews.banks, discount houses, development financialThe respondents comprises of 27 companiesinstitutions andfrom public and private sectors that arequestionnaires were mailed to the Chiefoperated in Klang Valley of Malaysia. TheFinancial Officer or the most senior position instudy examines awareness and perception ofthe finance department. Of this, 76 respondentsrisk management and is conclusive of that 44.4orpercentriskemployed eight variables consisting of jobmanagement have heard of it occasionally, 29.6designation, length of time holding currentpercent have heard of it and have attendedposition, typestraining, 14.8 percent have practiced riskemployees, annual revenue, annual totalmanagement and 11.1 percent has never heardassets, firm’s age, and ownership structure.about risk management at all. Furthermore,The study found that size was not related to51.9 percent of the respondents believed thattherisk management could add value to dailyconcluded that financial institutions tend towork,adopt ERM because of the requirements set agement was useful in time of crises eveninsurance companies. The68 percent responded.extentTheof services,studynumber ofof ERM development andregulators.it only benefits the organization. Therefore,from this study, we can conclude that riskmanagementaffectsproductivity,performance, quality and project budget andthat risk management is suitable to apply forproject with certain characteristics such asnew technology and is suitable to companyduring unstable political conditions.Thereafter, a research done by Manab et al.,(2010) focused on the factors and ementationwith corporate governance compliance andvalue creation in for profit companies inMalaysia. The study selected 132 listedcompanies in the service sector and only 85RasidandRahman(2009)investigatedcompanies agreed to participate. The studymanagement accounting and risk managementchose two types of company, namely financialpractices in financial institutions in Malaysiacompaniesusing mail surveys. These were sent to 106Thereafter, 11 EWRM drivers were employedfinancial institutions listed under Malaysianin the study: corporate governance; mandateCentral Bank,fromconsisting ofcommercialbanks, Islamic banks, es.shareholder value, BOD; improvedmaking;technology;improved
ELK ASIA PACIFIC JOURNAL OF FINANCE AND RISK MANAGEMENTSSN 2349-2325 (Online); DOI: 10.16962/EAPJFRM/issn. 2349-2325/2015; Volume 6 Issue 4 (2015) communication;practice;the quality of CRO and ERM were significantpressure;indicating that CRO is an important factor forstakeholder pressure; and catastrophic event.companies to adopt ERM. This section willThe study found five main drivers whichdiscuss brief on the development of ERMcontribute to the success of EWRM forespecially the developing factors that impactfinancial and non-financial companies. Thesecompanies towere corporate governance, mandate frompractices (Traditional Risk Management) toBOD, shareholder value, improved decisionEnterprise Risk Management. Therefore, themaking and good business petitiveshift from risk managementwill aim atperspectives;Daud et al., (2010) investigated the odies.between quality of Chief Risk Officer (CRO)and Enterprise Risk Management (ERM) inSECONDARY DATA ANALYSISMalaysia. The study focused on the level ofAccording to sources Liebenberg and HoytEnterprise Risk Management adoption within(2003) are considered to be the inventors of theMalaysian companies and the quality of Chiefstudy of ERM which successfully takenRisk Officer in implementation of Enterprisesecondary data into account. The notablyRisk Management. The questionnaires werefocuses on the determining factors which aresent to 500 companies through main fromknown to influence the companies to practiceseven types of industry such as Technology,Enterprise Risk Management. The majorIndustrialConsumerobjective of the study is to specifically forwardProduct, Plantation, Trade and Services andto the existence of Chief Risk Officer in ngthese,only89ofEnterpriseRiskrespondents participated in the study. TheManagement. Whereas the other significantstudy focused on four levels of adoption ofdynamicEnterprise Risk Management: complete ERMimplementation of ERM which is alsoin place; partial ERM in place; planning toevidently discussed in the study. Thereafter, theimplement in ERM; and (d) investigating tostudy facilitates the identification of two majoradopt ERM. The results of the study showedfactors, internal factors which refers to issuesthat only 43 percent of various companies haverelated to the maximization of shareholderscomplete ERM program while 57 percent werewealth and external factors which comprises ofconsidered as partial. The study also found nancetheand
ELK ASIA PACIFIC JOURNAL OF FINANCE AND RISK MANAGEMENTSSN 2349-2325 (Online); DOI: 10.16962/EAPJFRM/issn. 2349-2325/2015; Volume 6 Issue 4 (2015) technological progress. Therefore, in all sixwas the role of CRO in applying and managinghypotheses were formulated for the study:the ERM program. The results were alsoindicative that firms with greater financialH1: firms with greater earnings and stock priceleverage were more likely to appoint a CROvolatility are more likely to appoint CRO.and size was also found to be substantial toH2: firms that are more highly leveraged areERM.more likely to appoint a CRO.H3: firms with greater growth opportunities aremore likely to appoint a CRO.H4: firms that are more financially opaque aremore likely to appoint a CRO.H5: firms with a higher percentage ofinstitutional shareholder ship are more likely toThereafter, in another study, Hoyt andLiebenberg (2006), which examines thedeterminants of Enterprise Risk Managementfor 275 insurance companies based in UnitedStates during the period of 1995 to 2004. Theaim of the study was to determine the factorsassociated with insurance companies so as toappoint a CRO.H6: firms that have subsidiaries in the UnitedKingdom or Canada are more likely to appointexercise Enterprise Risk Management and toassess the relationship between Enterprise RiskManagement and value of the firm. The studya CRO.found that, out of 275 companies, only 166Variables engaged in the study were eight infirms were could be considered for analysis.number: average size; earnings volatilityThe study adopted CRSP/COMPSTAT as afinancial services dummy; average leverage;primarystock price volatility; average market-to-bookThompson, financial reports, newswires, andratio; average percentage of institutionalother media for evidence of Enterprise Riskownership;Management activities.Usingdummy. The final sample consisted of 26 U.S.regression,employedfivefirms which were gathered from Lexis-Nexis,independentpercentageofDow Jones and PR Newswire. Logit regressioninstitutionalapproach is employed in the study since thediversificationindependent variable was a dummy variable.diversification dummy;The results of their study showed thedummy. Enterprise Risk Management noted asprominence to appoint CRO in order to lessendummy 1 user, 0 else was the independentirregular information, and the most importantvariables. The results of the study indicated thatandU.K/Canadian tiva,Probitownership, size; internationaldummy;andindustriallife insurance
ELK ASIA PACIFIC JOURNAL OF FINANCE AND RISK MANAGEMENTSSN 2349-2325 (Online); DOI: 10.16962/EAPJFRM/issn. 2349-2325/2015; Volume 6 Issue 4 (2015) size, institutional ownership and internationalmodel, the study used hazard model (Coxdiversification were important in determiningProportional Hazard Model) which wasERM adoption.commonly used in medical research. Theresults of their study indicated that increased inFurthermore, according to Pagach and Warr(2007) who assesses the factors that influencedfirm to adopt Enterprise Risk Management?This study was quite alike with Hoyt andLiebenberg (2006) but they seem to improve interms of approach used in the study. The studyhad larger sample of ERM adopters, moreleverage at 10 percent will increase 7.8 percentfor companies to hire CRO. In addition, thestudy found that 10 percent increased in sizewill increase 27 percent for companies to hireCRO, increased in 10 percent of earnings willresult in 4.7 percent likelihood companies tohire CRO.variables and different model used to test thedata. The study employed data from 1992 toHowever,2004 for all firms listed in COMPUSTAT.advanced their study done in 2006 byThey focused mostly on banks and utilitiesimproving the previous model i.e. probitcompanies. To apprehend for firms that appointregression to maximum-likelihood treatmentChief Risk Officer (CRO), the study usedeffect to estimate the determinants of companybusiness archive of LEXIS-NEXIS. Thethat practiced Enterprise Risk Managementvariables were grouped into four categories.(ERM). The study also extended the timeFirstly, financial characteristics consisted ofperiod, from 1995 to2005 (previously up toleverage, cash ratio, earnings volatility and2004).size.characteristicsconcentrated in 2000 to 2005, in terms of ERMconsisted of capacity and growth options.activity. The sample of the study consisted ofThirdly, market features consisted of standard275 insurance which were gathered fromdeviation of the firm’s daily returns over theCRSP/COMPUSTAT database. To ensure theyear (SDRET) prior to the hiring of the CRO.activity of ERM for firms was valid, detailedFourthly, managerial incentives consisted ofsearch from financial reports, newswires,Vega and Delta ratio as a proxy of the CEO’sFactiva,risk taking incentives. The study also usedindependent variables were employed asnumber of operating segment of the firm,function of ERM (ERM 1, as a dummyinstitutional ownership, institutional investorsvariable for companies that involved in ERM).and firm size as control variables. For theThese variables ,Thompsonthewerestudyused.(2008)onlyEightof institutional
ELK ASIA PACIFIC JOURNAL OF FINANCE AND RISK MANAGEMENTSSN 2349-2325 (Online); DOI: 10.16962/EAPJFRM/issn. 2349-2325/2015; Volume 6 Issue 4 (2015) ownership, size),industrial diversificationUser (FERM) and 55 percent as a Non-User.dummy, international diversification dummy,The study also evaluated two factors whichlife insurance dummy, leverage, intra-industryinfluenced companies to involve in riskdiversification and reinsurance used. In termsmanagement, i.e. assets and employees.of number of firms with ERM activity, thereFurthermore, from the study it was found thatwere 24 companies or 19.2 percent out of 12518 percent of users of risk management havecompanies engaged in ERM. Furthermore, foradopted ERM framework in their strategican appointment of CRO, out of 125 companies,business operation.the study found that 15 companies had CRO,where 8 of these companies announced theCONCLUSIONappointment of CRO.The current study aims at the discourses overthe definitions of ERM, its emergence and itsThe results of the determinants of ERMgradual development happened over the years.evidently shown that larger firms were moreIn addition, previous studies that are related tolikely to engage in ERM as compared to thethe determinants of companies that practicedsmaller firms. This was maintained by forceEnterprise Risk Management (ERM) are alsofrom(institutionaldiscussed. The paper starts with the definitionownership) for companies to engage in ERM.of ERM and its development. The furtherWhereas, the other independent variables i.e.section discusses researches based on twol
risks and speculative risks. However, in the year 1990, evidently in the United States the usage of financial tools was prevalent such as ‘futures’ and ‘forwards’. During this time notably risk management was not confined to hazard risks but dealt more with risks related to finances, strategies and operational risks.
3 Enterprise Anti-Fraud Committee: Purpose: To establish governance, visibility, and direction for enterprise fraud risks, controls and response activities. Chartering committee: Enterprise Operational Risk Committee (EORC) Key Responsibilities: -Recommend:- Enterprise Fraud Risk Policy updates - Enterprise-level tolerances-Manage:- Enterprise fraud risk standards
Risk Matrix 15 Risk Assessment Feature 32 Customize the Risk Matrix 34 Chapter 5: Reference 43 General Reference 44 Family Field Descriptions 60 ii Risk Matrix. Chapter 1: Overview1. Overview of the Risk Matrix Module2. Chapter 2: Risk and Risk Assessment3. About Risk and Risk Assessment4. Specify Risk Values to Determine an Overall Risk Rank5
Risk is the effect of uncertainty on objectives (e.g. the objectives of an event). Risk management Risk management is the process of identifying hazards and controlling risks. The risk management process involves four main steps: 1. risk assessment; 2. risk control and risk rating; 3. risk transfer; and 4. risk review. Risk assessment
operational risk management as part of enterprise risk management. Keywords: Operational Risk, Enterprise Risk, Banking, Financial Services, Cyber Risk 1 Clinical Associate Professor, Managerial Economics and Decision Sciences. Kellogg School of Management Northwestern University, Evanston, IL USA. E-mail: russell-walker@kellogg.northwestern.edu
management and Board Established risk officer or head of risk position (may not be solely focused on risk) Functioning cross-functional senior management risk committee Risk management viewed as a "partner" by the business units Resources dedicated to risk management at the enterprise level Existence of some risk policy
Enterprise Risk Management Enterprise risk management is a process, applied in strategy setting across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. COSO COSO's ERM Framework
81. Risk Identification, page 29 82. Risk Indicator*, page 30 83. Risk Management Ω, pages 30 84. Risk Management Alternatives Development, page 30 85. Risk Management Cycle, page 30 86. Risk Management Methodology Ω, page 30 87. Risk Management Plan, page 30 88. Risk Management Strategy, pages 31 89. Risk
1.5 Tactical Risk Decisions and Crisis Management 16 1.5.1 Risk preparation 17 1.5.2 Risk discovery 17 1.5.3 Risk recovery 18 1.6 Strategic Risk Mitigation 19 1.6.1 The value-maximizing level of risk mitigation (risk-neutral) 19 1.6.2 Strategic risk-return trade-o s for risk-averse managers 20 1.6.3 P
