What Leads Firms to Enterprise Risk Management Adoption? A Literature Review

Similar documents
The Impact of Enterprise Risk Management on Firm Performance: Evidence from Malaysia

MEDIATING EFFECT OF ENTERPRISE RISK MANAGEMENT PRACTICES ON RISK CULTURE AND ORGANIZATIONAL PERFORMANCE

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Value of Companies Listed in the Nairobi Stock Exchange

ENTERPRISE RISK MANAGEMENT, PERFORMANCE MEASUREMENT SYSTEMS AND ORGANIZATIONAL PERFORMANCE IN MALAYSIAN PUBLIC LISTED FIRMS

Shiho Fujita, Keita Iwasawa, Eisuke Yoshida. Keio University, Tokyo, Japan

Procedia - Social and Behavioral Sciences 164 ( 2014 )

Determiners of enterprise risk management applications in Turkey BEH, June 2012

The Effects Of Organizational Culture And Enterprise Risk Management On Organizational Performance: A Conceptual Framework

DRAFT. Influence of Audit Committee and Internal Audit Function Effectiveness Characteristics on Enterprise Risk Management Adoption

Actors in Risk Governance: An Upper-Echelons Perspective

Current State of Enterprise Risk Oversight:

The Determinant of Enterprise Risk Management Implementation: Evidence in Thailand and Malaysia

Factors Affecting Implementation of Enterprise Risk Management: An Exploratory Study among Saudi Organizations

Setting Up the Enterprise Risk Management Office

Four faces of the CFO

The Adoption and Design of Enterprise Risk Management Practices: An Empirical Study

The ERM Process: Evidence from Interviews of ERM Champions

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Customizing Enterprise Risk Management

Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting

ISACA. The recognized global leader in IT governance, control, security and assurance

9/17/2017. An Overview of COSO s New Framework and Implementation Guidance SPEAKER. Laura Harden, CPA History

The Impact of Enterprise Risk Management on the Internal Audit Function

Canadian Insurance Accountants Association

Using the PLS Modelling in Assessing the Effects of Corporate Governance on Enterprise Risk Management and Firm Value: Malaysian Evidence

Practical Approach to Internal Controls for Pre & Post IPOs in Hong Kong & China

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

AUDITING. Auditing PAGE 1

Enterprise Risk Management

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

Enterprise Risk Management and Firm Performance Empirical evidence from Vietnam

risk management ERM Roles & Responsibilities In Community Banks: Who is Responsible for What?

Enterprise Risk Management in Health Care

International Forum of Independent Audit Regulators Report on 2013 Survey of Inspection Findings April 10, 2014

altercfo White Paper Series September 2018

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Lya Villasuso OECD Corporate Affairs Division Response ed to: RE: Corporate Governance and the Financial Crises

Emerging Trends in Auditing ERM COSO ERM 2017

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

KPMG s financial management practice

Managing your risk, creating value: The role of Internal Audit and emerging technologies

Enterprise Risk Management: A Process for Enhanced Management and Improved Performance

Introduction to ERM (Enterprise Risk Management)

MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.

Mubarak for Accounting, Auditing & Financial Consultancy

Charter for Enterprise Risk Management

Operational Risk Management

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Engagement Performance 49% Independence and Ethical Requirements 40% Human Resources 31% Monitoring 28%

The Future of Internal Auditing:

Third Party Governance and Risk Management

Cultivating a Risk Intelligent Culture A fresh perspective

Risk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director

ERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2

AUDIT COMMITTEE CHARTER

Drivers for and Obstacles to Enterprise Risk Management in Construction Firms: A Literature Review

GAAP Introducing. A Survey of National Accounting Rules Benchmarked against International Accounting Standards

2013 Risk Maturity Index Report

Generating value within the Risk Ecosystem Risk powers performance

Dynamic antecedents of enterprise risk management implementation in the Nigerian banks

Internal Control Integrated Framework. An IAASB Overview September 2016

Internal Control Integrated Framework. An IAASB Overview September 2016

The enhanced auditor s report bulletin 2 A review of the latest auditor s reports

Deloitte Governance Framework and Maturity Model

Extended Enterprise Risk Management

Revista Economică 70:3 (2018) THE CFO, A MODERN BUSINESS VALUE DRIVER. Marius Costin DARABAN 1. Lucian Blaga University of Sibiu, Sibiu, Romania

IMPACT OF ENTERPRISE RISK MANAGEMENT ON COMPANIES FINANCIAL PERFORMANCE AND VALUE DURING CRISIS: EUROPEAN NON-FINANCIAL SECTORS.

Maximizing value from your lines of defense

Enterprise Risk Management Workshop Modular Approach

In the first year of The 13th Medium-term Management Plan. Earnings capability. Net income

Strengthening Your Enterprise Risk Management Process

Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018

EY Center for Board Matters. Leading practices for audit committees

IFC Corporate Governance Progression Matrix for Listed Companies. (Integrating Environmental, Social, and Governance Issues)

ENTERPRISE RISK MANAGEMENT: FACTORS ASSOCIATED WITH EFFECTIVE IMPLEMENTATION. Werner D. Gottwald, PhD. Capella University, Minnesota

Should boards and CEOs care about COSO ERM 2017? By Tim J. Leech

Agenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit.

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

MASTER CLASS RISK GOVERNANCE TRAINING & CERTIFICATION SEA SERIES 2016 FOR SENIOR MANAGERS AND BOARD MEMBERS

The Fourth Industrial Revolution Is Here Are You Ready? Key findings

FourA Mohd Ariff Bin Kasim 1*, and Siti Rosmaini Binti Mohd Hanafi 1

An Overview of the 2013 COSO Framework. August 2013

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

PRACTICE. Reframing risk BY MARK BUTTERWORTH

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

Digital leadership in the Public Sector

ENTERPRISE RISK MANAGEMENT SURVEY RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY:

Enterprise Risk Management 2016

Capital Modeling Principles and Practices in the Insurance Industry

Roles of Internal Auditors in the Public Sector

Integrating Corporate Compliance Programs into Enterprise Risk Management Programs

Enterprise Risk Management

Solving Human Resources Pain Points

The Value- Driven CFO. kpmg.com

Revista Economica 67:6 (2015) THE ISSUE OF ASSESING HR IMPACT FOR THE STRATEGIC HUMAN RESOURCE MANAGEMENT

Transcription:

2012 International Conference on Economics, Business and Marketing Management IPEDR vol.29 (2012) (2012) IACSIT Press, Singapore What Leads Firms to Enterprise Risk Management Adoption? A Literature Review Nargess Mottaghi Golshan 1 and Siti Zaleha Abdul Rasid 2 International Business School, University Technology Malaysia Abstract. Since its inception, Enterprise Risk Management (ERM) has gained a large momentum in the literature (i.e. seebeasley, Pagach, & Warr, 2008; Calandro Jr & Lane, 2006; COSO, 2004; Gordon, Loeb, & Tseng, 2009; Kucuk Yilmaz, 2009; Lai & Samad, 2010; Woon, Azizan, & Samad, 2011), however there are many evidences that although ERM is known as a tool to increase shareholders value, still not many firms have adopted this new financial tool to manage risks evolving inside and outside the organization. The aim of this paper is to propose a conceptual framework in order to understand the influential factors for ERM adoption. Clearly the framework suggests that ERM adoption depends on firm size, firm complexity, firm industries, firm s headquarter and subsidiaries country of domicile, having a big four auditor, and independency level of the BOD. From the review of literatures, hypotheses are developed to suggest the relationship between firm size, firm industries, firm s headquarter and subsidiaries country of domicile, having a big four auditor, and independency level of the BOD and ERM adoption tat could be empirically proved in future researches. Keywords: Risk, Enterprise risk management, Silo-based risk management 1. Introduction Since its inception, ERM has gained a large momentum in the literature and many researchers have provided insights of how ERM enhances firm performance and results in maximization of shareholders value (i.e. seebeasley, et al., 2008; Calandro Jr & Lane, 2006; COSO, 2004; Gordon, et al., 2009; Kucuk Yilmaz, 2009; Lai & Samad, 2010; Woon, et al., 2011). However there are many evidences that although ERM is known as a tool to increase shareholders value, still not many firms have adopted this new financial tool to manage risks evolving inside and outside the organization. For instance Liebenberg and Hoyt (2003) have identified only 26 firms that have adopted ERM during 1997 to 2001, and even the most recent study of Pagach and Warr (2011) detected only 138 firms in the US have adopted ERM framework by searching in LexisNexis database. Another example is the survey results of the Economist Intelligence unit, which discovered that only 41 percept of companies in Europe, North America, and Asia have adopted some form of ERM (Kleffner, Lee, & McGannon, 2003). The reasons behind this fact may include either or all of the following cases: a misunderstanding of how ERM can be implemented effectively and how to understand its benefits, an organizational structure, which is not in-line with ERM framework. ERM requires a top-down approach instead of a collaborative one (Pagach & Warr, 2010), and troubles in measuring risks across the company (Kleffner, et al., 2003). Therefore it is necessary to understand which factors stimulate companies to adopt the new holistic risk management approach and to the authors knowledge there are few studies which have examined this issue (see Beasley, Clune, & Hermanson, 2005; Gordon, et al., 2009; Liebenberg & Hoyt, 2003; Pagach & Warr, 2011). The present work contributes to filling this gap by accumulating all the influencing factors on ERM adoption appeared in the literature and finally a framework of the most influential factors, which inspire firms to adopt ERM, is suggested. It is noteworthy to mention that the 1 Corresponding author: Tel:+6 017 2368671, Fax: +6 03 26926435 Email address: nargess.golshan@gmail.com 276

authors do not intend to answer the question of why firms choose to manage risk at all, rather, they try to understand which factors are directly associated with ERM adoption among firms. 2. Literature review Since its introduction, ERM has been used meaning different things. Many scholars and managers have associated their writings and ideas with ERM and it has appeared that they are meaning apparently different things. On the other hand several textbooks and journals have discussed about business risk management, strategic risk management, holistic risk management, integrated risk management, corporate risk management, and enterprise-wide risk management and it has become clear that they are all talking about ERM, which is the new substitute of traditional silo-based risk management. There are various definitions of ERM appeared in the literature. Liebenberg & Hoyt (2003) which is an often cited study in the field of enterprise risk management have mentioned that ERM enables organizations to take advantage of a broad and integrated approach to risk management which is more offensive and strategic unlike the silo-based risk management which was primarily a defensive method of managing risk. The clearest definition of ERM, which comes from the inventor of an ERM framework, defines it as: A process, effected by an entity s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.(coso, 2004) 3. Proposed framework of factors associated with ERM adoption As mentioned above the heightened interest in ERM implementation among firms across the world has been clearly fuelled by some internal and external factors. To authors knowledge there are only few studies, which have focused on the influencing factors of ERM adoption among firms. Table 1 provides an overview of these studies. Table 1: Comparative studies on ERM adoption among firms, Source: Author s compilation Authors Type Focus Liebenberg Hoyt (2003) & Beasley, et al. (2005) Pagach & Warr (2011) Quantitative study including 26 firms in the US Quantitative study of 123 firms in the US Quantitative study of 138 firms in the US Determinants of ERM adoption including firm size, firm industry, earnings volatility, stock price volatility, average leverage, average market-book value ratios, financial opacity, average institutional ownership, subsidiaries countries Influential factors on extent of ERM adoption including Presence of CRO, independence of board of directors, management commitment, auditor firm type, firm size, firm s Industry, firm s country Focuses on examining the characteristics of firms that hire chief risk officer (CRO). These characteristics include four perspectives of financial, asset, and market perspectives Our analysis of the influential factors of ERM adoption among firms is developed in the remainder of this paper. 3.1. Firm size It is a logical argument that when an organization s size increases, the nature, timing and the extent of the events threatening it will be different as well. Additionally, larger entities are able to dedicate greater resources for implementing ERM (Beasley, et al., 2005). Consistent with these rational theories Colquitt, Hoyt, & Lee (1999) found that larger firms are more likely to implement integrated risk management concepts than smaller firms. Moreover, the study of Pagach & Warr (2011) who investigated the characteristics of firms that hire CROs revealed that larger firms have greater risk of financial distress and more volatile operating cash flows and as a result they are more likely to adopt ERM practices.in addition, 277

Liebenberg & Hoyt (2003) also found from their study of 26 firms in the US who had CFO position that firm size is an important factor in deciding to implement ERM. Meanwhile Gordon, et al. (2009) in their study of 112 firms revealed one factor that ERM and firm performance is contingent upon is the firm size. COSO (2004) also mentions the importance of firm size when deciding to implement ERM in a firm. Therefore, the above noted literature suggests that there should be a positive significant relationship between the size of the firm and ERM implementation. 3.2. Firm complexity Firm complexity is referred to the number of business segments within a firm (Doyle, Ge, & McVay, 2007; Gordon, et al., 2009). This means that a firm with higher number of business segments is considered more complex. To be more precise, there are generally two types of complexity discussed in the literature. One form is industrial diversification, which indicated that a firm is operating in different related or unrelated industries. Another type of complexity is international diversification and is referred to firms with geographic segments. Both industrial and international diversifications are positively related to engagement of ERM framework. The reason is that diversified firms normally face multifaceted risks (Hoyt & Liebenberg, 2010). Meanwhile Gordon (2009) and Pagach & Warr (2011) have found that firms which are more complex are more likely to implement ERM concept. Hence, the above-mentioned literature indicates that there should be a positive relationship between firm s complexity and ERM implementation. 3.3. Firm s industries The fact implies that some industries are more regulated than the others are. Therefore, firms operating in intensive-regulated industries are more likely to adopt ERM and they have been at the forefront of ERM implementation. Two examples of these regulated industries are financial firms and energy firms (Pagach & Warr, 2011). Moreover, industry competition acts as a fundamental concern for all the organizations. At one hand, in some industries, there are many firms providing the same services/products and therefore services/products of a firm s competitor are a substitute for the firm s services/products. This kind of industry is referred as a competition-intensive industry and firms operating in them face substantial risk of not earning a sustainable level of profits. On the other hand, in some industries firms have monopolistic situation. In such a situation firms face a relatively low risk of not earning a sustainable level of profits, while as long as the demand for such a product/service exists the firm will have sales and will earn profits. Beasley, et al. (2005) in their study of the level of ERM adoption of 123 firms found that firms in banking and insurance industries have deployed further-developed ERM. Consistent with this results Liebenberg & Hoyt (2003) and Pagach & Warr (2011) affirmed that firms in financial services industry have long been implemented ERM. Also among studies performed to identify riskiest industries utilities, telecommunications, and oil & gas have been determined to be industries with highest risk (Frantz, 2011). Therefore as the literature suggests, firm in banking, insurance, utilities, and telecommunication industries are more likely to have adopted ERM framework. 3.4. Country of domicile for the whole firm as well as the subsidiaries Different rules and regulation in different countries have acted as an external pressure for firms to adopt ERM concept. As Beasley et al. (2005) have mentioned ERM frameworks were invented in United Kingdom, Australia, New Zealand, and South Africa before the emergence of COSO s (2004) ERM framework. Moreover, PWC (2004) claimed in their survey that 46% of Asia-Pacific CEOs strongly agreed that ERM is a top priority compared to only 28% of their US counterparts. Additionally, Liebenberg & Hoyt (2003) indicated that firms based in United Kingdom and Canada are more likely to adopt an ERM program than firms headquartered in the US. Hence, it can be concluded that firms headquartered or having subsidiaries in United Kingdom, Canada, Australia, and New Zealand more likely to implement ERM framework. 3.5. Presence of the big four auditors Beasley, et al. (2005) have claimed in their study that the stage of ERM implementation is positively affected by the firm s auditor type. They have proved that if the firm s auditor is one of the big four (KPMG LLP, Ernst & Young LLP, PriceWaterhouseCoopers LLP, and Deloitte Touche Tohmatsu Limited 278

(Talley, 2006) the firm is more likely to have adopted a more-developed framework of ERM. Meanwhile, there is positive relationship between disclosing a high level of risk management and audit fees which tend to be higher when the company uses one of the big four auditors (Knechel & Willekens, 2006). Therefore, the authors assume that engaging one of the Big Fours as firm s auditor is positively related to ERM framework adoption. 3.6. Independence of board of directors While today s market situation guides organizations to embed some risk-taking framework, in many cases the board and the management do not have shared perspectives of risk, reward preferences, and tradeoffs. Meanwhile, the board of directors in many organizations, who are the ultimate stewards of the company s capital, are often unaware of their responsibility in developing a risk management strategy within the organization (Chase-Jenkins, Farr, & Lebens, 2010). Therefore, the board needs to provide a direction for the firm s risk management. On the other hand, management should realize that their responsibility differs from that of the board. Management is accountable for developing strategies and business plans that are consistent with the board s risk-taking approach. Fig. 1 presents the risk contract between the board of directors and the management. Board of Directors 1. Sets/ agrees to overall risk appetite and corporate risk tolerance 2. Approves capital plan 3. Ensures appropriate corporate governance Risk contract Management 1. Develops business strategy 2. Sets financial targets 3. Determines overall (economic) capital 4. Allocates capital 5. Manages business Fig. 1: The risk contract between the board of directors and the management Hence as the above figure suggests, the independency of the board of directors from the management team of an organization is a crucial factor of ERM implementation throughout the firm. Consistently Beasley, et al. s (2005) study revealed that independence of the board of directors will positively affect the stage of ERM implementation among firms. Therefore, according to the aforementioned literature, the more independent the board of director is, the more seemingly the firm has adopted ERM. Based on the review and interpretation of enterprise risk management adoption literature the framework of the dominant factors in ERM adoption is shaped in fig. 2. Firm size Firm complexity Industries Country of domicile ERM Adoption Auditor type BOD independency 4. Concluding comments Fig. 2: ERM Adoption influencing factors Although ERM was initially introduced as a shareholder value-increasing tool, not all firms have understood its benefits. In fact costs and benefits of ERM are firm-specific (Beasley, et al., 2008) and the same ERM framework of a specific firm can not be prescribed to another. Therefore policymakers and firm rulers, who promulgate ERM adoption, must recognize that there are some factors, which should be considered before making decision about implementing an ERM framework in a firm. These factors include firm size, firm complexity, firm industries, firm s headquarter and subsidiaries country of domicile, having 279

a big four auditor, independency level of the BOD. By considering these factors before deciding about ERM implementation, there is a higher chance that the real benefits of ERM will be understood within the firm and the effects of its pitfalls will be minimized. Enterprise risk management is a popular topic several extant literatures including strategic management and financial management. It is this important that researchers be aware of, understand, and build upon the already significant work in the literature. It is our hope that the ideas, arguments, and research issues set forth in this paper will arise interest in future work in the risk management area. 5. References [1] Beasley, M., Clune, R., & Hermanson, D. (2005). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy, 24(6), 521-531. doi: 10.1016/j.jaccpubpol.2005.10.001 [2] Beasley, M., Pagach, D., & Warr, R. (2008). Information conveyed in hiring announcements of senior executives overseeing enterprise-wide risk management processes. JOURNAL OF ACCOUNTING AUDITING AND FINANCE, 23(3), 311. [3] Calandro Jr, J., & Lane, S. (2006). An introduction to the enterprise risk scorecard. Measuring Business Excellence, 10(3), 31-40. [4] Chase-Jenkins, L., Farr, I., & Lebens, J. (2010). Risk Appetite: The Foundation of Enterprise Risk Management. In T. Watson (Ed.), Thought Leadership Series: Towers Watson. [5] Colquitt, L. L., Hoyt, R. E., & Lee, R. B. (1999). Integrated risk management and the role of the risk manager. Risk Management and Insurance Review, 2(3), 43-61. [6] COSO, C. o. S. O. o. t. T. C.-. (2004). Enterprise Risk Management- Integrated Framework. [7] Doyle, J., Ge, W., & McVay, S. (2007). Determinants of weaknesses in internal control over financial reporting. Journal of Accounting and Economics, 44(1-2), 193-223. [8] Frantz, M. (2011). How much cash is at risk? Evidence from US non-financial firms. [9] Gordon, L. A., Loeb, M. P., & Tseng, C. Y. (2009). Enterprise risk management and firm performance: A contingency perspective. Journal of Accounting and Public Policy, 28(4), 301-327. [10] Kleffner, A. E., Lee, R. B., & McGannon, B. (2003). The effect of corporate governance on the use of enterprise risk management: Evidence from Canada. Risk Management and Insurance Review, 6(1), 53-73. [11] Knechel, W. R., & Willekens, M. (2006). The role of risk management and governance in determining audit demand. Journal of Business Finance & Accounting, 33(9 10), 1344-1367. [12] Kucuk Yilmaz, A. (2009). Airport Enterprise Risk Management. 1(1). [13] Lai, F. W., & Samad, A. (2010). Enterprise Risk Management Framework and The Empirical Determinants of Its Implementation. [14] Liebenberg, A. P., & Hoyt, R. E. (2003). The determinants of enterprise risk management: evidence from the appoitnment of chief risk officers. Risn Management and Insurance Review, 6(1), 37-52. doi: 10.1111/1098-1616.00019/,DanaInfo=onlinelibrary.wiley.com full [15] Pagach, D., & Warr, R. (2010). The effects of enterprise risk management on firm performance. [16] Pagach, D., & Warr, R. (2011). The characteristics of firms that hire chief risk officers. Journal of Risk and Insurance. [17] Talley, E. L. (2006). Cataclysmic Liability Risk Among Big Four Auditors. Colum. L. Rev., 106, 1641. [18] Woon, L. F., Azizan, N. A., & Samad, M. F. A. (2011). A Strategic Framework For Value Enhancing Enterprise Risk Management. Journal of Global Business and Economics, 2(1), 23-48. 280

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback