Abstract
This study has been motivated by the fact that organizations embracing Enterprise Risk Management (ERM) face different design problems with little guidance on the methods of implementing it successfully. To explore whether the implementation of ERM in companies differs from the prevailing COSO ERM framework, we conducted a survey regarding the implementation of the important ERM characteristics that were derived from a thorough literature review and their connections to COSO (Enterprise risk management integrating with strategy and performance. Executive summary, American Institute of Certified Public Accountants, New York, 2017). The results of exploratory factor analysis indicate the existence of three factors relevant for ERM implementation—strategic, operational, and oversight—suggesting a discrepancy between implementing ERM in practice and the COSO Framework. The descriptive statistics indicates that operational and oversight aspects are implemented in a lesser degree than the strategic aspects. This leads to the conclusion that companies need guidance in operational aspects of the ERM implementation, and that it is necessary to enhance ERM oversight and corporate governance mechanisms. This article can contribute to ERM literature by raising a discussion on practical aspects of implementing ERM and on the possible reasons for companies’ preferences to easier solutions. This study may be useful to companies that are in the process of ERM implementation or enhancement.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Change history
20 May 2022
Discrepancy in copyright year between XML and online pdf. It has been corrected as 2021.
References
Aebi, V., G. Sabato, and M. Schmid. 2012. Risk management, corporate governance and bank performance in the financial crisis. Journal of Banking and Finance 36: 3213–3226.
AICPA. 2021. The state of risk oversight. An overview of enterprise risk management practices, 12th Edition. NC State, Poole College of Management, Enterprise Risk Management Initiative.
Arena, M., M. Arnaboldi, and G. Azzone. 2011. Is enterprise risk management real? Journal of Risk Research. 14 (7): 779–797.
Arrindel, W.A., and J. van der Ende. 1985. An empirical test of the utility of the observations-to-variables ratio in factor and components analysis. Applied Psychological Measurement 9 (2): 165–178.
Beasley, M., B.C. Branson, B.V. Hancock. 2010. Developing key risk indicators to strenghten enterprise risk management. ERM Initiative at North Carolina State University and the Committee of Sponsoring Organizations of the Treadway Commission, Raleigh, NC.
Beasley, M.S., B.C. Branson, and D. Pagach. 2015. An analysis of the maturity and strategic impact of investments in ERM. Journal of Accounting and Public Policy 34 (3): 219–243.
Beasley, M., R. Clune, and D. Hermanson. 2005. Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy 24 (6): 521–531.
Beasley, M., D. Pagach, and R. Warr. 2008. Information conveyed in hiring announcements of senior executives overseeing enterprise-wide risk management process. Journal of Accounting, Auditing and Finance 23: 311–332.
Bertinetti, G.S., E. Cavezzali, G. Gardenal. 2013. The effect of the enterprise risk management on the firm value of European companies. Working Paper 10/2013. Department of Management. Universita Venezia.
Bohnert, A., N. Gatzert, R.E. Hoyt, and P. Lechner. 2018. The drivers and value of enterprise risk management: Evidence from ERM ratings. The European Journal of Finance 25: 1–22.
Bromiley, P., M. McShane, A. Nair, and E. Rustambekov. 2015. Enterprise risk management: Review, critique and research directions. Long Range Planning 48: 265–276.
Callahan, C., and J. Soileau. 2017. Does enterprise risk management enhance operating performance? Advances in Accounting 37: 122–139.
CGMA. 2015. Global state of enterprise risk oversight, 2nd Edition, Analysis of the challenges and opportunities for improvement.
Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2004. Enterprise risk management framework. New York: American Institute of Certified Public Accountants.
Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2017. enterprise risk management integrating with strategy and performance. Executive summary. New York: American Institute of Certified Public Accountants.
Cumming, C., and B. Hirtle. 2001. The challenges of risk management in diversified financial companies. Economic Policy Review 7 (1): 1–14.
Desender, K.A. 2007. On the determinants of enterprise risk management implementation. Enterprise IT governance, business value and performance measurement, ed. Nan Si Shi and Gilbert Silvius. SSRN: http://ssrn.com/abstract=1025982, Accessed 08 Nov 2018.
ERM Initiative Faculty. 2014. Five basics to managing innovation risk. https://erm.ncsu.edu/library/article/five-basics-to-managing-innovation-risk. Accessed 22 March 2018.
Farrell, M., and R. Gallagher. 2015. The valuation implications of enterprise risk management maturity. The Journal of Risk and Insurance 82 (3): 625–657.
Florio, C., and G. Leoni. 2017. Enterprise risk management and firm performance: The Italian case. The British Accounting Review 49: 56–74.
Fraser, J., and B. Simkins. 2016. The challenges of and solutions for implementing enterprise risk management. Business Horizons 59 (6): 689–698.
Frigo, M., and R.J. Anderson. 2009. Strategic risk assessment: A first step for improving risk management and governance. Strategic Finance (december) 25: 25–33.
Grace, M.F., J.T. Leverty, R.D. Phillips, and P. Shimpi. 2015. The value of investing in enterprise risk management. The Journal of Risk and Insurance 82 (2): 289–316.
Hair, J.F., W.C. Black, B.J. Babin, and R.E. Anderson. 2014. Multivariate data analysis, 7th ed. Essex: Pearson Education Limited.
Herrinton, M. 2012. How mature is your risk management? Harvard Business Review. https://hbr.org/2012/06/how-mature-is-your-risk-manage Accessed 01 Aug 2018.
Henschel, T. 2007. Risk management practices in the main industries of German small to medium-sized enterprises. An empirical investigation. PhD Thesis, Edinburgh.
Hoyt, R.E., and A.P. Liebenberg. 2011. The value of enterprise risk management. Journal of Risk and Insurance 78: 795–822.
ISO - International Organisation of Standardisation. 2018. A risk practitioners guide to ISO 31000:2018. https://www.theirm.org/media/3513119/IRM-Report-ISO-31000-2018-v3.pdf. Accessed 09 Jan 2019.
Ittner, C.D., and J. Michels. 2017. Risk-based forecasting and planning and management earnings forecasts. Review of Accounting Studies 22: 1005–1047.
Ittner, C.D., and D.F. Oyon. 2014. The internal organization of enterprise risk management. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2486588. Accessed 01 Sep 2018.
Jordan, A., L. Jorgensen, and H. Mitterhofer. 2013. Performing risk and the project: Risk maps as mediating instruments. Management Accounting Research 24: 156–174.
Kline, P. 1994. An easy guide to factor analysis. Routledge: Abingdon on Thames.
Lam, J. 2001. The CRO is here to stay. Risk Management 48 (4): 16.
Liebenberg, A.P., and R.E. Hoyt. 2003. The determinants of enterprise risk management: Evidence from the appointment of chief risk officers. Risk Management and Insurance Review 6 (1): 37–52.
Lipe, M.G., and S.E. Salterio. 2000. The balanced scorecard: Judgmental effects of common and unique performance measures. The Accounting Review 75 (3): 283–298.
Lundqvist, S.A. 2014. An exploratory study of enterprise risk management: Pillars of ERM. Journal of Accounting, Auditing and Finance 29 (3): 393–429.
Marc, M., Sprčić D. Miloš, and M. Mešin Žagar. 2018. Is enterprise risk management a value added activity? Economics and Management XXI: 68–84.
McKinsey. 2020. Covid-19: Briefing materials. Global health and crisis response. COVID-19-Facts-and-Insights-June-1-vF.pdf (mckinsey.com). Accessed 21 Dec 2020.
McShane, M.K. 2018. Enterprise risk management: History and a design science proposal. The Journal of Risk Finance 19 (2): 137–153.
McShane, M.K., A. Nair, and E. Rustambekov. 2011. Does enterprise risk management increase firm value? Journal of Accounting, Auditing and Finance 26 (4): 641–658.
Meulbroek, L.K. 2002. A senior manager’s guide to integrated risk management. Journal of Applied Corporate Finance 14 (4): 56–70.
Mikes, A., and R.S. Kaplan. 2014. Towards a contingency theory of enterprise risk management. Working Paper. Harvard Business School. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2311293 Accessed 24 Oct 2018.
Mikes, A., and R.S. Kaplan. 2015. When one size doesn’t fit all: Evolving directions in the research and practice of enterprise risk management. Journal of Applied Corporate Finance 27 (1): 37–40.
Miloš Sprčić, D. 2019. Determining quality and effectiveness of enterprise risk management system. In Education excellence and innovation management through vision 2020., ed. K.S. Soliman, 902–913. Granada, Spain.
Miloš Sprčić, D., A. Kožul, and E. Pecina. 2015. State and perspectives of Enterprise risk management system development—The case of Croatian companies. Procedia Economics and Finance 30: 768–779.
Miloš Sprčić, D., A. Kožul, and E. Pecina. 2017a. Managers’ support—A key driver behind enterprise risk management maturity. Zagreb International Review of Economics and Business 20: 25–39.
Miloš Sprčić, D., M. Mešin, Ž Šević, and M. Marc. 2016. Does enterprise risk management influence market value—A long-term perspective. Risk Management 18 (2): 65–88.
Miloš Sprčić, D., E. Pecina, and S. Orsag. 2017b. Enterprise risk management practices in listed Croatian companies. UTMS Journal of Economics 8 (3): 219–230.
Monda, B., and M. Giorgino. 2013. An enterprise risk management maturity model. MPRA paper, 45421.
Nair, A., E. Rustambekov, M. McShane, and S. Fainshmidt. 2014. Enterprise risk management as a dynamic capability: A test of its effectiveness during a crisis. Managerial and Decision Economics 35: 555–566.
Nocco, B.W., and R.M. Stulz. 2006. Enterprise risk management: Theory and practice. Journal of Applied Corporate Finance 18 (4): 8–20.
OECD. 2014. Risk management and corporate governance. Paris: OECD Publishing.
Paape, L., and R.F. Spekle. 2012. The adoption and design of enterprise risk management practices: An empirical study. European Accounting Review 21 (3): 533–564.
Pagach, D., and R. Warr. 2011. The characteristics of firms that hire chief risk officers. Journal of Risk and Insurance 78 (1): 185–211.
Pierce, E.M., and J. Goldstein. 2018. ERM and strategic planning: A change in paradigm. International Journal of Disclosure and Governance 15 (1): 51–59.
Power, M. 2009. The risk management of nothing. Accounting, Organizations and Society 34: 849–855.
Tabachnick, B.G., and L.S. Fidell. 2014. Using Multivariate Statistics. Boston: Pearson Education Limited.
Thekdi, S., and T. Aven. 2016. An enhanced data-analytic framework for integrating risk management and performance management. Reliability Engineering and System Safety 156: 277–287.
Viscelli, T.R., D.R. Hermanson, and M.S. Beasley. 2017. The Integration of ERM and strategy: Implications for corporate governance. Accounting Horizons 31 (2): 69–82.
Woods, M. 2009. A contingency theory perspective on the risk management control system within Birmingham City Council. Management Accounting Research 20: 69–81.
Zhao, X., B.G. Hwang, and S.P. Low. 2013. Developing fuzzy enterprise risk management maturity model for construction firms. Journal of Construction Engineering and Management 139 (9): 1179–1189.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
On behalf of all authors, the corresponding author states that there is no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Dvorski Lacković, I., Kurnoga, N. & Miloš Sprčić, D. Three-factor model of Enterprise Risk Management implementation: exploratory study of non-financial companies. Risk Manag 24, 101–122 (2022). https://doi.org/10.1057/s41283-021-00086-3
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1057/s41283-021-00086-3