ME  Vol.5 No.4 , April 2014
Integrated Enterprise Risk Management: From Process to Best Practice
Author(s) Kathryn Cormican*
ABSTRACT

There are strong motivating factors for increased awareness and action with regard to Enterprise Risk Management (ERM). Effective ERM policies and practices are lauded to increase stakeholder confidence, competitive advantage and ultimately an organization’s long-term viability. However previous studies suggest that the concept is poorly understood in practice and organizations are failing to implement the intended benefits. Furthermore, insufficient research has been conducted in this area and there are few comprehensive or practical guides available to managers in his domain. This paper attempts to address this deficit and expand the discussion on integrated enterprise risk management practices. The study presents findings from a qualitative study where critical success factors for effective enterprise risk management are identified and categorized. From this analysis an audit tool to assess ERM best practices is presented. The tool acts as an independent validation resource to ensure that an organization’s efforts are proactive and effective against current and emerging threats. The contributions of this research are many. First it enhances knowledge and skills in a neglected but essential multi-disciplinary area. Second the research is grounded in best practice and so adds to academic debate by validating and contradicting previous studies. Third the development of new and innovative tools in enterprise risk management adds bridges the gap from theory to practice.


Cite this paper
Cormican, K. (2014) Integrated Enterprise Risk Management: From Process to Best Practice. Modern Economy, 5, 401-413. doi: 10.4236/me.2014.54039.
References
[1]   Bowling, D.M. and Rieger, L.A. (2005) Making Sense of COSO’s New Framework for Enterprise Risk Management. Bank Accounting & Finance, 18, 29-34.

[2]   Chapman, C. (2003) Bringing ERM into Focus. The Internal Auditor, 60, 30-35.

[3]   Thompson, R.M. (2013) A Conceptual Framework of Potential Conflicts with the Role of the Internal Auditor in Enterprise Risk Management. Accounting and Finance Research, 2, 65-77.
http://dx.doi.org/10.5430/afr.v2n3p65

[4]   Frigo, M.L. and Anderson, R.J. (2011) Strategic Risk Management: A Foundation for Improving Enterprise Risk Management and Governance. Journal of Corporate Accounting & Finance, 22, 81-88.
http://dx.doi.org/10.1002/jcaf.20677

[5]   Bromiley, P., McShane, M.K., Nair, A. and Rustambekov, E. (2014) Enterprise Risk Management: Review, Critique, and Research Directions. Forthcoming: Long Range Planning.

[6]   McShane, M.K., Nair, A. and Rustambekov, E. (2011) Does Enterprise Risk Management Increase Firm Value? Journal of Accounting, Auditing & Finance, 26, 641-658.
http://dx.doi.org/10.1177/0148558X11409160

[7]   Hoyt, R.E. and Liebenberg, A.P. (2011) The Value of Enterprise Risk Management. Journal of Risk and Insurance, 78, 795-822. http://dx.doi.org/10.1111/j.1539-6975.2011.01413.x

[8]   McNeil, A.J. (2013) Enterprise Risk Management. Annals of Actuarial Science, 7, 1-2.
http://dx.doi.org/10.1017/S1748499512000334

[9]   Arena, M., Arnaboldi, M. and Azzone, G. (2010) The Organizational Dynamics of Enterprise Risk Management. Accounting, Organizations and Society, 35, 659-675.
http://dx.doi.org/10.1016/j.aos.2010.07.003

[10]   Onder, S. and Ergin, H. (2012) Determiners of Enterprise Risk Management Applications in Turkey: An Empirical Study with Logistic Regression Model on the Companies Included in ISE (Istanbul Stock Exchange). Business and Economic Horizons, 7, 19-26.

[11]   Mikes, A. (2011) From Counting Risks and Making Risks Count: Boundary-Work in Risk Management. Accounting, Organizations and Society, 36, 226-245. http://dx.doi.org/10.1016/j.aos.2011.03.002

[12]   Nocco, B. and Stulz, R. (2006) Enterprise Risk Management: Theory and Practice. Journal of Applied Corporate Finance, 18, 8-20. http://dx.doi.org/10.1111/j.1745-6622.2006.00106.x

[13]   Carona, F., Vanthienena, J. and Baesensa, B. (2013) A Comprehensive Investigation of the Applicability of Process Mining Techniques for Enterprise Risk Management. Computers in Industry, 64, 464-475.http://dx.doi.org/10.1016/j.compind.2013.02.001

[14]   Smithson, C. and Simkins, B. (2005) Does Risk Management Add Value? A Survey of the Evidence. Journal of Applied Corporate Finance, 17, 8-17. http://dx.doi.org/10.1111/j.1745-6622.2005.00042.x

[15]   Beasley, M., Branson, B. and Hancock, B. (2009) Report on the Current State of Enterprise Risk Oversight. ERM Initiative at North Carolina State University, Raleigh.

[16]   Barton, T.L., Shenkir, W.G. and Walker, P.L. (2002) Making Enterprise Risk Management Pay Off. FT Press, Upper Saddle River.

[17]   Kleffner, A.E., Lee, R.B. and McGannon, B. (2003) The Effect of Corporate Governance on the Use of Enterprise Risk Management: Evidence from Canada. Risk Management and Insurance Review, 6, 53-73.http://dx.doi.org/10.1111/1098-1616.00020

[18]   Mitchell, V.W. (1995) Organizational Risk Perception and Reduction: A Literature Review. British Journal of Management, 6, 115-133. http://dx.doi.org/10.1111/j.1467-8551.1995.tb00089.x

[19]   Macdonald, D. (2004) Practical Hazops, Trips and Alarms. Elsevier, Oxford.

[20]   Sadgrove, K. (2005) The Complete Guide to Business Risk Management. Gower Publishing, Ltd., London.

[21]   Harland, C., Brenchley, R. and Walker, H. (2003) Risk in Supply Networks. Journal of Purchasing and Supply Management, 9, 51-62. http://dx.doi.org/10.1016/S1478-4092(03)00004-9

[22]   Smith, P.G. and Merritt, G.M. (2002) Proactive Risk Management—Controlling Uncertainty in Product Development. Productivity Press, New York.

[23]   Gericke, K. and Blessing, L. (2008) A Framework to Understand Project Robustness. Proceedings of 3rd International Conference on Design Computing and Cognition (DCC08), Atlanta, 21-22 June 2008, 919-926.

[24]   Raghavan, R.S. (2005) Risk Management in SMEs. The Chartered Accountant, 6, 528-535.

[25]   Pojasek, R.B. (2008) Quality Toolbox: Risk Management 101. Environmental Quality Management, 17, 95-101. http://dx.doi.org/10.1002/tqem.20180

[26]   Ammar, A., Berman, K. and Sataporn, A. (2007) A Review of Techniques for Risk Management in Projects. Benchmarking: An International Journal, 14, 22-36.

[27]   Leopoulos, V.N., Kirytopoulos, K.A. and Malandrakis, C. (2006) Risk Management for SMEs: Tools to Use and How. Production Planning & Control, 17, 322-332.
http://dx.doi.org/10.1080/09537280500285136

[28]   Kim, C.H., Yim, D.S. and Weston, R.H. (2001) An Integrated Use of IDEF0, IDEF3 and Petri Net Methods in Support of Business Process Modelling. Proceedings of the Institution of Mechanical Engineers, Part E: Journal of Process Mechanical Engineering, 215, 317-329.

[29]   Kostiuk, P.F. and Ky, P. (2004) Use of Generalized Activity Network Models for Analysis of European ATM Development Projects. 1-9.

[30]   Golenko-Ginzburg, D. and Blokh, D. (1997) A Generalized Activity Network Model. The Journal of the Operational Research Society, 48, 391-400.

[31]   Hallikas, J., Kaarvonen, I., Pulkkinen, U., Virolainen, V.M. and Tuominen, M. (2004) Risk Management Processes in Supplier Networks. International Journal of Production Economics, 90, 47-58.
http://dx.doi.org/10.1016/j.ijpe.2004.02.007

[32]   Rooney, J.J., Vanden Heuvel, L.N. and Lorenzo, D.K. (2009) Cause and Effect. Quality Progress, 42, 38-44.

[33]   Pillay, A. and Wang, J. (2003) Modified Failure Mode and Effects Analysis Using Approximate Reasoning. Reliability Engineering & System Safety, 79, 69-85. http://dx.doi.org/10.1016/S0951-8320(02)00179-5

[34]   Aven, T. and Heide, B. (2009) Reliability and Validity of Risk Analysis. Reliability Engineering & System Safety, 94, 1862-1868. http://dx.doi.org/10.1016/j.ress.2009.06.003

[35]   Mobey, A. and Parker, D. (2002) Risk Evaluation and Its Importance to Project Implementation. Work Study, 51, 202-208. http://dx.doi.org/10.1108/00438020210430760

[36]   Sun, Y., Huang, R., Chen, D. and Li, H. (2008) Fuzzy Set-Based Risk Evaluation Model for Real Estate Projects. Tsinghua Science & Technology, 13, 158-164.
http://dx.doi.org/10.1016/S1007-0214(08)70143-3

[37]   Simons, R. (2000) Performance Measurement & Control Systems for Implementing Strategy Text and Cases. Prentice Hall, Upper Saddle River.

[38]   Jeong, K.Y., Cho, H.B. and Phillips, D.T. (2008) Integration of Queuing Network and IDEF3 for Business Process Analysis. Business Process Management Journal, 14, 471-482.
http://dx.doi.org/10.1108/14637150810888028

[39]   Dorador, J.M. and Young, R.I.M. (2000) Application of IDEF0, IDEF3 and UML Methodologies in the Creation of Information Models. International Journal of Computer Integrated Manufacturing, 13, 430-445.http://dx.doi.org/10.1080/09511920050117928

[40]   Ang, C.L. (1999) Enactment of IDEF0 Models. International Journal of Production Research, 37, 3383-3397.http://dx.doi.org/10.1080/002075499190103

[41]   Huang, X.G., Wong, Y.S., Liu, Z.J. and Qiu, Z.M. (2005) Critical-Path-Analysis-Based Dynamic Component Supplier Optimization. International Journal of Computer Integrated Manufacturing, 18, 702-709.http://dx.doi.org/10.1080/09511920500324290

[42]   Cobb, B.R. (2009) Influence Diagrams for Capacity Planning and Pricing under Uncertainty. Journal of Management Accounting Research, 21, 75-97. http://dx.doi.org/10.2308/jmar.2009.21.1.75

[43]   Cobb, B.R. and Shenoy, P.P. (2008) Decision Making with Hybrid Influence Diagrams Using Mixtures of Truncated Exponentials. European Journal of Operational Research, 186, 261-275.
http://dx.doi.org/10.1016/j.ejor.2007.01.036

[44]   Detwarasiti, A. and Shachter, R.D. (2005) Influence Diagrams for Team Decision Analysis. Decision Analysis, 2, 207-228. http://dx.doi.org/10.1287/deca.1050.0047

[45]   Howard, R.A. and Matheson, J.E. (2005) Influence Diagrams. Decision Analysis, 2, 127-143.
http://dx.doi.org/10.1287/deca.1050.0020

[46]   Hughes, B., Hall, M. and Rygaard, D. (2009) Using Root-Cause Analysis to Improve Risk Management. Professional Safety, 54, 54-55.

[47]   Arabian-Hoseynabadi, H., Oraee, H. and Tavner, P.J. (2010) Failure Modes and Effects Analysis (FMEA) for Wind Turbines. International Journal of Electrical Power & Energy Systems, 32, 817-824.
http://dx.doi.org/10.1016/j.ijepes.2010.01.019

[48]   Tunchel, G. and Alpan, G. (2010) Risk Assessment and Management for Supply Chain Networks: A Case Study. Computers in Industry, 61, 250-259. http://dx.doi.org/10.1016/j.compind.2009.09.008

[49]   Chin, K.S., Wang, Y.M., Poon, G.K.K. and Yang, J.B. (2009) Failure Mode and Effects Analysis Using a Group-based Evidential Reasoning Approach. Computers & Operations Research, 36, 1768-1779.
http://dx.doi.org/10.1016/j.cor.2008.05.002

[50]   Van Leeuwen, J.F., Nauta. J., De Kaste, D., Odekerken-Rombouts, Y.M.C., Oldenhof, M.T., Vredenbregt, M.J. and Barends, D.M. (2009) Risk Analysis by FMEA as an Element of Analytical Validation. Journal of Pharmaceutical and Biomedical Analysis, 50, 1085-1087.
http://dx.doi.org/10.1016/j.jpba.2009.06.049

[51]   Ferdous, R., Khan, F.I., Veitch, B. and Amyotte, P.R. (2007) Methodology for Computer-Aided Fault Tree Analysis. Process Safety and Environmental Protection, 85, 70-80.
http://dx.doi.org/10.1205/psep06002

[52]   Reay, K.A. and Andrews, J.D. (2002) A Fault Tree Analysis Strategy Using Binary Decision Diagrams. Reliability Engineering & System Safety, 78, 45-56. http://dx.doi.org/10.1016/S0951-8320(02)00107-2

[53]   Bernroider, E. (2002) Factors in SWOT Analysis Applied to Micro, Small-to-Medium, and Large Software Enterprises: An Austrian Study. European Management Journal, 20, 562-573. http://dx.doi.org/10.1016/S0263-2373(02)00095-6

[54]   Markovska, N., Taseska, V. and Pop-Jordanov, J. (2009) SWOT Analysis of the National Energy Sector for Sustainable Energy Development. Energy, 34, 752-756.
http://dx.doi.org/10.1016/j.energy.2009.02.006

[55]   Tixier, J., Dusserre, G., Salvi, O. and Gaston, D. (2002) Review of 62 Risk Analysis Methodologies of Industrial Plants. Journal of Loss Prevention in the Process Industries, 15, 291-303.
http://dx.doi.org/10.1016/S0950-4230(02)00008-6

[56]   Kaplan, S. (1997) The Words of Risk Analysis. Risk Analysis, 17, 407-417.
http://dx.doi.org/10.1111/j.1539-6924.1997.tb00881.x

[57]   Solomon, K., Giesy, J. and Jones, P. (2000) Probabilistic Risk Assessment of Agrochemicals in the Environment. Crop Protection, 19, 649-655. http://dx.doi.org/10.1016/S0261-2194(00)00086-7

[58]   El-Gayar, O.F. and Leung, P.S. (2001) A Multiple Criteria Decision Making Framework for Regional Aquaculture Development. European Journal of Operational Research, 133, 462-482.
http://dx.doi.org/10.1016/S0377-2217(00)00183-1

[59]   Dey, P.K. (2012) Project Risk Management Using Multiple Criteria Decision-Making Technique and Decision Tree Analysis: A Case Study of Indian Oil Refinery. Production Planning & Control: The Management of Operations, 23, 903-921. http://dx.doi.org/10.1080/09537287.2011.586379

[60]   Knechel, W.R. (2007) The Business Risk Audit: Origins, Obstacles and Opportunities. Accounting, Organizations and Society, 32, 383-408. http://dx.doi.org/10.1016/j.aos.2006.09.005

[61]   Curtis, E. and Turley, S. (2007) The Business Risk Audit-A Longitudinal Case Study of an Audit Engagement. Accounting, Organizations and Society, 32, 439-461.
http://dx.doi.org/10.1016/j.aos.2006.09.004

[62]   Yin, R.K. (2002) Case Study Research, Design and Methods. 3rd Edition, Sage, Newbury Park.

[63]   Creswell, J.W. (2003) Research Design Qualitative, Quantitative, and Mixed Methods Approaches. 2nd Edition, Sage Publications, Thousand Oaks.

[64]   Voss, C., Tsikriktsis, N. and Frohlich, M. (2002) Case Research in Operations Management. International Journal of Operations and Production Management, 22, 195-219.
http://dx.doi.org/10.1108/01443570210414329

[65]   Robson, C. (2002) Real World Research. 2nd Edition, Blackwell Publishing, Hoboken.

[66]   Lam, J. (2014) Enterprise Risk Management: From Incentives to Controls. John Wiley & Sons, Hoboken.http://dx.doi.org/10.1002/9781118836477

[67]   Hopkin, P. (2012) Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management. Kogan Page Publishers, London.

[68]   Moeller, R.R. (2007) COSO Enterprise Risk Management: Understanding the New Integrated ERM Framework. John Wiley & Sons, Hoboken.

 
 
Top