Creating Value Through ERM Process

  • Stefan HunzikerEmail author


This chapter takes you step by step through the ERM process and presents practical challenges using concrete examples. Robustly developed risk scenarios can challenge management intuition with more rational information on risky decisions. In addition to risk identification and risk assessment, the integration of risk-relevant information into decision-making processes is a key element of value-creating risk management. Level-appropriate, integrated risk reporting suggestions and concepts for continuous improvement of ERM quality complete this chapter.


  1. Abraham, S., & Shrives, P. J. (2014). Improving the relevance of risk factor disclosure in corporate annual reports. The British Accounting Review, 46 (1), 91–107.CrossRefGoogle Scholar
  2. Andersen, T. J., & Winther Schrøder, P. (2010). Strategic risk management practice. How to deal effectively with major corporate exposures. Cambridge: Cambridge University Press.CrossRefGoogle Scholar
  3. Andrews, K. R. (1971). The Concept of Corporate Strategy. Irwin: Homewood.Google Scholar
  4. Barnett, M., Jermier, J., & Lafferty, B. (2006). Corporate reputation: The definitional landscape. Corporate Reputation Review, 9 (1), 26–38.CrossRefGoogle Scholar
  5. Barney, J. B. (2002). Gaining and sustaining competitive advantage (2nd Ed.). Upper Saddle River, NJ: Prentice-Hall.Google Scholar
  6. Barney, J. B., & Hesterly, W. S. (2006). Strategic management and competitive advantage. Upper Saddle River, NJ: Pearson Education.Google Scholar
  7. Barry Callebaut (2018). Annual Report 2017/18. Accessed 24 January 2019.
  8. Beasley, M. S., & Frigo, M. L. (2007). Strategic Risk Management: Creating and Protecting Value. Strategic Finance, May, 24–31.Google Scholar
  9. Budescu, D. V., Broomell, S., & Por, H.-H. (2009). Improving Communication of Uncertainty in the Reports of the Intergovernmental Panel on Climate Change. Psychological Science, 20 (3), 299–308.CrossRefGoogle Scholar
  10. Bunnenberg, S. (2016). Reputationsrisikomanagement: „Es fängt mit der Kultur an“. Accessed 24 January 2019.
  11. Buss, E. (2007). Image und Reputation—Werttreiber für das Management. In M. Piwinger & A. Zerfaß (Eds.), Handbuch Unternehmenskommunikation (pp. 227–243). Wiesbaden: Gabler.CrossRefGoogle Scholar
  12. Calabretta, G., Gemser, G., & Wijnberg, N. M. (2016). The Interplay between Intuition and Rationality in Strategic Decision Making: A Paradox Perspective. Organization Studies, 38 (3–4), 1–37.Google Scholar
  13. Casas i Klett, T. (2008). Der Mensch in der Uncertainty Governance: Wertschöpfung jenseits von Risiko-Management. In R. Wunderer (Ed.), Corporate Governancezur personalen und sozialen Dimension (pp. 26–30). Köln: Luchterhand.Google Scholar
  14. Chapelle, A. (2015). Is reputation risk overstated? Operational incidents do not always give firms a bad name. Accessed 24 January 2019.
  15. Choo, C. W. (1999). The Art of Scanning the Environment. Bulletin of the American Society for Information Science and Technology, 25 (3), 21–24.CrossRefGoogle Scholar
  16. Clayton Christensen (n.d.). Disruptive Innovation. Accessed 20 November 2018.
  17. Collier, P. M., & Agyei-Ampomah, S. (2006). CIMA Learning System 2007 Management AccountingRisk and Control Strategy. Elsevier Science & Technology.Google Scholar
  18. Collis, D. J., & Montgomery, C. A. (2004). Corporate strategy: Resources and the scope of the firm (2nd Ed.). Chicago: McGraw-Hill Irwin.Google Scholar
  19. Collis, D. J., & Rukstad, M. G. (2008). Can You Say What Your Strategy Is? Harvard Business Review, 86, 82–90.Google Scholar
  20. Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2017). Enterprise Risk ManagementIntegrating with Strategy and Performance. Jersey City, NJ: AICPA.Google Scholar
  21. Cox, L. A. (2008). What’s Wrong with Risk Matrices? Risk Analysis, 28 (2), 497–512.CrossRefGoogle Scholar
  22. Dane, E., & Pratt, M. G. (2007). Exploring intuition and its role in managerial decision making. Academy of Management Review, 32 (1), 33–54.CrossRefGoogle Scholar
  23. Day, R., & Woodward, T. (2004). Disclosure of information about employees in the Directors’ report of UK published financial statements: substantive or symbolic? Accounting Forum, 8, 43–59.CrossRefGoogle Scholar
  24. De Bruin, T., Freeze, R., Kulkarni, U., & Rosemann, M. (2005). Understanding the Main Phases of Developing a Maturity Assessment Model. ACIS 2005 Proceedings. 109.Google Scholar
  25. Dean, J. W., & Sharfman, M. P. (1996). Does decision making process matter? A study of strategic decision making effectiveness. Academy of Management Journal, 39 (2), 368–396.Google Scholar
  26. Deloitte (2012). Cultivating a Risk Intelligent Culture. Understand, measure, strengthen, and report. Luxembourg. Accessed 18 December 2018.
  27. Deloitte (Ed.) (2017). Strategic Risk. A cornerstone of risk transformation. Accessed 24 January 2019.
  28. Deloitte (Ed.) (2016). How to meet top management reporting expectations? Accessed 28 January 2019.
  29. Deloitte (Ed.) (2015). Global Survey on Reputation Risk. Accessed 24 January 2019.
  30. Diederichs, M. (2013). Risikomanagement und Risikocontrolling (3rd Ed.). München: Vahlen.Google Scholar
  31. Duijm, N. J. (2015). Recommendations on the Use and Design of Risk Matrices. Safety Science 76 (1), 21–31.CrossRefGoogle Scholar
  32. Eccles, R. G., Newquist, S. C., & Schatz, R. (2007). Reputation and its risks. Harvard Business Review, 85 (2), 104–114.Google Scholar
  33. Elzahar, H., & Hussainey, K. (2012) Determinants of narrative risk disclosures in UK interim reports. The Journal of Risk Finance, 13 (2), 133–147. Scholar
  34. Erben, R. F. (2015). Normen und Standards im Risikomanagement—Anwendbarkeit und Nutzen von ISO 31000, ONR 49000 ff. und COSO ERM. In W. Gleißner & F. Romeike (Eds.), Praxishandbuch Risikomanagement: Konzepte, Methoden, Umsetzung (pp. 143–174). Berlin: Erich Schmidt Verlag.Google Scholar
  35. Filatotchev, I., Toms, S., Wright, M. (2006). The firm’s strategic dynamics and corporate governance life‐cycle. International Journal of Managerial Finance, 2 (4), 256–279. Scholar
  36. Fleischer, A. (2015). Reputation und Wahrnehmung. Wie Unternehmensreputation entsteht und wie sie sich beeinflussen lässt. Wiesbaden: VS Verlag für Sozialwissenschaften.Google Scholar
  37. Frick, N., Küttner, T. F., & Schuber, P. (2013). Assessment Methodology for a Maturity Model for Interorganizational Systems—The Search for an Assessment Procedure. 46th Hawaii International Conference on System Sciences.Google Scholar
  38. Frigo, M. L., & Anderson, R. J. (2011). Strategic Risk Management: A Foundation for Improving Enterprise Risk Management and Governance. Journal of Corporate Accounting & Finance, 22, 81–88.CrossRefGoogle Scholar
  39. Frigo, M. L., & Anderson, R. J. (2009). A Strategic Framework for Governance, Risk, and Compliance. Strategic Finance, 90, 20–61.Google Scholar
  40. Gleißner, W. (2018). Prüfung des Risikomanagements—ein Reifegradmodell. Der Aufsichtsrat, 2/2018, 18–21.Google Scholar
  41. Gleißner, W. (2014). 10 Gebote für gute unternehmerische Entscheidungen. Controller Magazin, 4/2014, 34–41.Google Scholar
  42. Gleißner, W. (2004). Die Aggregation von Risiken im Kontext der Unternehmensplanung. ZfCMZeitschrift für Controlling & Management, 5/2004, 350–359.Google Scholar
  43. Grundy, T. (2006). Rethinking and reinventing Michael Porter’s five forces model. Briefings in Entrepreneurial Finance, 15 (5), 213–229.Google Scholar
  44. Hillmann M. (2011). Storytelling: Mit Geschichten Unternehmen gestalten. In M. Hillmann (Ed.), Unternehmenskommunikation kompakt (pp. 63–73). Wiesbaden: Gabler.CrossRefGoogle Scholar
  45. Howard, R. A. (1988). Decision analysis: practice and promise. Management Science, 34 (6), 679–695.CrossRefGoogle Scholar
  46. Hubbard, D. W. (2009). The failure of risk management. Why it’s broken and how to fix it. Hoboken, NJ: John Wiley & Sons Inc.Google Scholar
  47. Hubbard, D. W., & Evans, D. (2010). Problems with scoring methods and ordinal scales in risk assessment. Journal of Research and Development, 54 (3), 2:1–2:10.Google Scholar
  48. Hunziker, S. (2018). Erfolgskriterien von Enterprise Risk Management in der praktischen Umsetzung. In S. Hunziker & J. O. Meissner (Eds.), Ganzheitliches Chancen- und Risikomanagement. Interdisziplinäre und praxisnahe Konzepte (pp. 1–28). Wiesbaden: Springer Gabler.Google Scholar
  49. Hunziker, S., & Meissner, J. O. (2017). Risikomanagement in 10 Schritten. Wiesbaden: Springer Gabler.CrossRefGoogle Scholar
  50. Hunziker, S., & Rautenstrauch, T. (2015). Risk Map: Instrument im Risikocontrolling—Breit akzeptiert, kaum hinterfragt. Accessed 24 January 2019.
  51. Hunziker, S., Balmer, P., & Schellenberg C. (2016). Enterprise Risk Management Studie zum Risikomanagement in Schweizer Unternehmen. Zug: SwissERM und IFZ—Hochschule Luzern.Google Scholar
  52. Hunziker, S., Fallegger, M., & Jovic, K. (2018). Risiko-Management im Führungssystem einbinden. Controlling & Management Review, 62 (9), 54–59.CrossRefGoogle Scholar
  53. Jonkman, S. N., van Gelder, P. H., & Vrijling, J. K. (2003). An overview of quantitative risk measures for loss of life and economic damage. Journal of Hazardous Materials, 99 (1), 1–30.CrossRefGoogle Scholar
  54. Kirstein, S. (2009). Unternehmensreputation. Corporate Social Responsibility als strategische Option für deutsche Automobilhersteller. Wiesbaden: Gabler Verlag.Google Scholar
  55. KPMG (2008). Understanding and articulating risk appetite. Accessed 24 January 2019.
  56. Kunz, M. (2015). Non-financial risk disclosures in annual reports and the relationship to company risk factors: Evidence from Swiss listed companies. Master Thesis, Lucerne University of Applied Sciences and Arts.Google Scholar
  57. Levine, D. (2015). ERM at the Speed of Thought: Mitigation of Cognitive Bias in Risk Assessment. 2015 Enterprise Risk Management Symposium. National Harbor, Maryland.Google Scholar
  58. Linsley, P. M., & Shrives, P. J. (2006). Risk reporting: A study of risk disclosures in the annual reports of UK companies. The British Accounting Review, 38 (4), 387–404.CrossRefGoogle Scholar
  59. Liu, W., & Pergler, M. (2013). Concrete steps for CFOs to improve strategic risk management. McKinsey Working Papers on Risk. Accessed 23 January 2019.
  60. Moutchnik, A. (2015). The maturity model for corporate environmental management. uwf UmweltWirtschaftsForum, 23 (4), 161–170.CrossRefGoogle Scholar
  61. Müller, M. (2018). Risk Culture at Roche. Development of a Risk Culture Measurement Framework. Master Thesis, Lucerne University of Applied Sciences and Arts.Google Scholar
  62. OECD (2014). Risk Management and Corporate Governance. Corporate Governance, OECD Publishing.
  63. Porter, K. (2018). A Beginner’s Guide to Fragility, Vulnerability, and Risk. University of Colorado Boulder. Accessed 21 November 2018.
  64. Porter, M. E. (1985). The Competitive Advantage: Creating and Sustaining Superior Performance. New York: Free Press.Google Scholar
  65. Porter, M. E. (1980). Competitive Strategy: Techniques for Analyzing Industries and Competitors. New York: Free Press.Google Scholar
  66. Protecht (2013). A Bow Tie Event. Accessed 24 April 2019.
  67. Rautenstrauch, T., & Hunziker, S. (2011). Internes KontrollsystemPerspektiven der Internen Kontrolle. Zürich: WEKA Business Media AG.Google Scholar
  68. Rees, M. (2015). Business Risk and Simulation Modelling in Practice: Using Excel, VBA and @RISK. Chichester: John Wiley & Sons.CrossRefGoogle Scholar
  69. RIMS (Ed.). (2012). Exploring Risk Appetite and Risk Tolerance. Accessed 24 January 2019.
  70. Romeike, F. (2018). Risikomanagement. Wiesbaden: Springer Gabler.CrossRefGoogle Scholar
  71. Romeike, F., & Weissensteiner, C. (2015). Reputation: A Risk Factor. Risk Management Review, 6–10.Google Scholar
  72. Roth, M. (2015). Compliancein a nutshell (3rd Ed.). Zürich, St. Gallen: Dike Verlag.Google Scholar
  73. Samad-Khan, A. (2005). Why COSO is flawed. Operational Risk, January, 1–6.Google Scholar
  74. Schilling, B. (2018). Risikoadjustierte Unternehmensplanung—Integration von Unternehmensplanung und Risikomanagement. Controller Magazin, 6/2018, 30–36.Google Scholar
  75. Segal, S. (2011). Corporate Value of Enterprise Risk Management: The Next Step in Business Management. New Jersey: John Wiley & Sons, Inc.Google Scholar
  76. Sidorenko, A., & Demidenko, E. (2017). Guide to effective risk management 3.0. Accessed 18 December 2018.
  77. Sieler, C. (2007). Präventives Reputationsrisikomanagement: Reputationsrisiken als Handlungsfeld im Enterprise Risk Management. Risiko Manager, 11, 6–11.Google Scholar
  78. Sika (2017). ANNUAL REPORT 2017. Risk Management. Accessed 28 January 2019.
  79. Simon, H. A. (1987). Making management decisions: The role of intuition and emotion. The Academy of Management Executive, 1 (1), 57–64.Google Scholar
  80. Slywotzky, A., & Drzik, J. (2005). Countering the Biggest Risk of All. Harvard Business Review, 83 (4), 78–88.Google Scholar
  81. Spetzler, C., Winter, H., & Meyer, J. (2016). Decision Quality: Value Creation from Better Business Decisions. New York: Wiley.CrossRefGoogle Scholar
  82. Soliman, A., & Adam, M. (2017). Enterprise Risk Management and firm performance: an integrated model for the banking sector. Banks and Bank Systems, 12 (2), 116–123.CrossRefGoogle Scholar
  83. Swisscom (2017). Annual Report 2017. Risk situation. Accessed 24 January 2019.
  84. Taleb, N. N. (2007). The black swan: The impact of the highly improbable. New York: Penguin Books.Google Scholar
  85. Tian, Y., & Chen, J. (2009). Concept of Voluntary Information Disclosure and A Review of Relevant Studies. International Journal of Economics and Finance, 1 (2), 55–59.Google Scholar
  86. Weissensteiner, C. (2014). Reputation als Risikofaktor in technologieorientierten Unternehmen. Wiesbaden: Gabler Verlag.CrossRefGoogle Scholar
  87. Wendler, R. (2012). The maturity of maturity model research: A systematic mapping study. Journal Information and Software Technology, 54 (12), 1317–1339.CrossRefGoogle Scholar

Copyright information

© Springer Fachmedien Wiesbaden GmbH, part of Springer Nature 2019

Authors and Affiliations

  1. 1.RotkreuzSwitzerland

Personalised recommendations