JFRM  Vol.7 No.1 , March 2018
A Study on Enterprise Risk Management and Business Performance
Author(s) Linshan Li
ABSTRACT
The value proposition of enterprise risk management (ERM) has always been called into question as companies struggle to justify the time and effort an ERM requires. The global economic crisis in 2008 and 2009 provides an excellent opportunity to examine the effects of ERM. In this study, we will analyze the abilities of the 12 sample companies to preserve and create value in the face of myriad uncertainties. Our analysis mainly focuses on financial indicators which were collected from annual reports and online disclosures. While looking into the risk committee (RC) and audit committee (AC)’s existence, components, and operating guidelines, we first notice that among the 12 companies, 5 companies have separate Board RCs, 4 exercise ERM oversight simply through AC, and 3 do not have any Board ERM oversight at all. In general, our analysis of profitability, liquidity, and share price shows that Board oversight of ERM is associated with superior performance. We attempt to explain the few exceptions found in the study and find that these are associated with general industry performance and strategies adopted by the respective companies. Through a qualitative exploration of RC characteristics, desirable features regarding RC composition, committee meeting frequency pattern, number of board positions and Board’s oversight on committee provide some suggestions on what actually makes an RCtick. Closer examination of these elements revealed plausible connections between the qualitative aspects of the RC and the performance of the outliers in the quantitative study. Next we explore why companies organize their ERM in the way they did and then found an association between ERM oversight by Board and company size and operation structure. We hypothesise that as a business expands in complexity, a more sophisticated risk management framework is needed particularly at the highest level of the organization. However this study itself does not provide enough evidence to arrive at any absolute conclusion that ERM indeed led to a company’s performance. In part, our small sampling size is insufficient to represent the wider community. Business results can vary heavily relating to business model complexities, industry and ERM operating effectiveness. Future studies may create more value if industry benchmarking and longer periods are taken into considerations.

1. Introduction

The US subprime mortgage fiasco came to a spectacular head in 2008 with the collapse of well known institutions like Bear Sterns in March 2008 and Lehman Brothers later in September. The open economy of Singapore did not come out unscathed in the ensuing global financial crisis. To add to the woes, global crude oil price touched its nominal peak at over USD147 per barrel in July 2008 between the collapse of the two Wall Street giants.

Figure 1 shows the wild gyrations in the Straits Times Index (STI), a barometer of Singapore’s economy, between January 2008 and December 2009. However, since March 2009, economic outlook for Singapore seemed to have turned around just as quickly as it had tanked from 2008. This immense volatility over the two-year period therefore presents an appropriate backdrop for the present investigation into the effects of enterprise risk management (ERM), specifically, its ability in preserving and creating value for companies in the face of myriad uncertainties.

In a nutshell, risk management in the corporate context is a set of coordinated activities to direct and control an organization with regard to the effect of uncertainty on the objectives of the company. Boards commonly insist they see the value of ERM but it is difficult to make a solid business case for ERM (McCuaig, 2009) . This may be due to the difficulties of fleshing out ERM costs and benefits. A 2007 Deloitte survey of over 130 firms revealed that while over three quarters of the executives from companies with ERM initiatives said that the benefits of their programmes exceeded costs, only 13% said that their firms had actually

Figure 1. Straits Times Index (STI), 2 Jan 2008 - 31 Dec 2009 (Source: Yahoo Finance).

quantified ERM costs and a paltry 4% said that they quantified ERM benefits (Deloitte & Touche LLP, 2007) .

Therefore, we believe that the findings from this study on the benefits of ERM initiatives can add to existing body of knowledge on ERM.

2. Methodology

This study collected information regarding the ERM programme and several performance indicators over 2008 and 2009 for a sample of 12 companies to allow analysis of ERM features with firm performance.

2.1. Data Collection

The ERM programme in each of the companies was investigated by the 3 high-level components of any risk management efforts―structure, people and processes. Based on only publicly available information, structure was the most easily discernable component. It was first determined how each company structured its Board’s risk oversight responsibilities, through a dedicated risk committee (RC) at Board level, through the audit committee (AC), or not at all. Then for the RC and the AC, data was collected on parameters such as the committee size and meeting frequency. The composition of the committees―whether members were independent, executive or non-executive―was also determined and any mention of the office of the Chief Risk Officer was duly noted (Committee of Sponsoring Organizations of the Treadway Commission, 2007) .

It was more difficult to determine the people component from publicly available information. Nevertheless, this study gathered information that provided clues to the competency and commitment of the RC and AC members. To that end, data was collected on number of experts in each committee, how many other committees on average each member sat in (to provide a proxy for how much time the committee members were able to commit to their ERM responsibilities), average board tenure and average shareholdings (as a proxy for how vested they were).

ERM process was the most difficult component to know about from publicly available information as management discussions in annual reports generally do not go into discussions of business processes. Nevertheless, this study kept track of companies that mentioned their ERM and associated processes (Deloitte & Touche LLP, 2007) . To that end, we looked out for any mentions of ERM and any stress tests conducted in the company.

Other relevant information such as ownership structure, existence of other risk related specialized committee and complexity and remoteness of operations (with number of local and overseas subsidiaries and associates as proxy) were also noted.

Several high level performance indicators collected to facilitate the analysis included revenue growth, net income growth, and key ratios like liquidity (current ratio was used), indebtedness (defined by current payable and debt as a percentage of common equity), returns on equity (ROE) and changes in share price in the one-year period between 31 Dec 2008 and the same date in 2009.

While indicators of non-financial performance such as citations for regulatory breaches, awards won or elements of brand equity were also noted, this analysis will concentrate on financial indicators. This is because non-financial performance indicators may not contain significant additional information value beyond financial indicators. For example, we note that many of the companies in the sample have garnered awards for investor relations. However, consider the case of China Aviation Oil (CAO), once the retail investor’s darling on SGX, which won the Securities Investors Association of Singapore’s award for being the “Most Transparent Company” in 2003. In the same year, its then-CEO, Chen Juilin, was named one of 40 “New Asian Leaders” by the influential World Economic Forum. Yet just one year later, CAO blew up spectacularly in a complete break-down of corporate governance.

Financial data and business performance information of the 12 sample companies included and processed in this report are all collected from public information, such as annual reports and social responsibility report, through the respective websites of the 12 enterprises.

2.2. Analysis Approach

Based on the information gathered on the ERM structure, the companies were categorized into three groups: those with dedicated RC, those that implemented ERM through the AC and those whose Board did not exercise risk oversight. The general performance of the companies in each category was compared to that of companies in the other categories to generate high level conclusions on the benefits of ERM structures.

We then zoomed on the five companies with dedicated RCs to qualitatively explore whether characteristics of the RC, such as its structure and composition, bore relations to performance. In the process, we distilled key characteristics that emerged as important in an RC. The analysis then took a step back to examine possible relationships between company characteristics and the choice of ERM structure.

Following the above research directions, this paper performs both qualitative and quantitative analysis. In the detailed analysis part, various methods such as horizontal analysis, vertical analysis, trend analysis, ratio analysis, and factor analysis are all carried out to make the final conclusion.

2.3. Company Overview

A sample of 12 companies listed in the SGX was used in the study. Table 1 shows the classification the sample companies according to their ERM structure.

3. ERM Structure and Performance

3.1. Financial Performance

Financial performance, in this study, is examined through 6 measures―Revenue, Net Income, Liquidity, Indebtedness, Return on Equity and Share Price for

Table 1. Sample companies according to ERM structure.

the years of 2008 and 2009. Against a backdrop of a volatile state of world economy, the study finds that in general, companies with formal ERM framework registered better top-line and bottom-line performance for the year in review.

3.1.1. Net Income and Revenue

4 out of 5 of the companies with RCs registered positive growth in net income while 3 out of 4 companies with AC oversight of ERM registered the same. The exceptions were Cosco in the former group and Hwa Hong in the latter.

Cosco, along with many of its peers in the shipping industry, was severely hit by the downturn in world trade. Shipping volumes and ocean freight rates to and from the US and Europe plummeted during the recession of 2008-09. As carriers laid up ships in order to ease the glut in supply, accordingly demand for ship repair and ship building services receded thus impacting Cosco’s order books. It is noted, however, that Cosco remains in the black unlike many of its shipping peers. This could be partly due to its diversified portfolio of businesses. Unfortunately, the extent to which active ERM has contributed to this performance is unknown and cannot be conjectured with available data.

Hwa Hong, the other exception, registered a small 2% drop in net income after tax, possibly attributable to its strategy of keeping a low profile in challenging times. During the year, Hwa Hong had played a conservative hand and did not invest in any new property developments. Instead, it concentrated on improving the occupancy rate of its rental properties and realizing gains from its investment securities portfolio when the stock market turned for the better.

Of the companies in these two groups with risk management oversight at the Board-level, half actually showed a reduction in their toplines, yet only Cosco and Hwa Hong showed a reduction in net income. It can be hypothesized at this point that some form of cost optimization had occurred in these companies that allowed them to weather the economic crisis and emerge in good shape. As most risk management activities focus on reducing the downside in a risk event, it may be that having a risk management framework at the highest level of the organization contributes to the robustness of the organization.

Conversely, in the category of companies without Board-level risk management oversight, two out of three companies registered substantial drops in net income and revenue. The exception is Ho Bee which reported the highest increases in net income and revenue amongst the sample companies. Ho Bee’s case may be an interesting demonstration that an owner-managed company may not benefit as much from formal oversight offered at the Board level. Companies helmed by owners tend to be guided by the business intuition and judgment of these individuals who generally exert significant influence as shareholders, members of the Board (often as Chairman) and key executives. There have been suggestions that a high level of monitoring by the Board may not be optimal in family-owned companies for a few reasons (Office of Research at Singapore Management University, 2009) . Higher information asymmetry between the family and outsiders may render outside monitoring less effective. In any case, the dominance of the owner and his family may mean that even directors who are independent on paper may not be truly so.

Moreover, high levels of monitoring could impede wealth creation by the family for the firm, for instance when the monitoring activities draw resources away from wealth creation activities, especially in relatively small firms. These costly monitoring activities may also be duplicating the informal and non-explicit but, nonetheless, effective monitoring performed by the family. In the specific case of risk management, it may be that the owner-manager who has a high level of mastery in the business was able to conduct key aspects of risk management by himself or within his inner circle. However, when we later examine the relationship between firm characteristics in terms of size and complexity and the ERM structure, we will see that there may be limitations to the effectiveness of the owner-manager model in growing and sustaining a business.

3.1.2. Liquidity and Indebtedness

The study found that companies with a formal Board risk structure generally were less liquid and had more debt. For FY2009, as you can see in Figure 2, those with a Board RC had current ratios of between 1.00 and 1.85; companies that performed ERM oversight through the AC showed a slightly higher liquidity range of 1.01 - 5.18 with most at the lower end; and interestingly, companies with no formal Board risk oversight were even more liquid with a current ratio range of 2.73 - 4.92. In terms of indebtedness, which is displayed in Figure 3, 3 out of 5 companies in the first category had debt ratio of over 0.5. For companies with AC oversight over ERM, 3 out of 4 companies were over the 0.5 threshold, while only 1 out of the 3 companies with no Board oversight of ERM had a debt ratio over 0.5.

The received wisdom is that higher liquidity and lower debt are desirable traits so on the surface, one would expect companies with proper ERM frameworks to be more liquid and display more aversion to debt. To explain the apparent dissonance, consider that liquidity comes at an opportunity cost―cash-in-hand and inventory earn little or no returns―and debt financing is usually cheaper than equity financing. Therefore, our findings suggest that a holistic, formalised ERM framework at Board level allows a company to put in place clearly delineated means and methods with which it can respond to risk events.

Figure 2. Range of current ratio. Financial data are collected and calculated from the 12 companies’ 2009 annual reports.

Figure 3. Proportion of companies and debt profile. Financial data are collected and calculated from the 12 companies’ 2009 annual reports.

Consequently, it is able to realize a more efficient capital structure without having to build unnecessary resource buffers to address risk events. Companies like these can then redeploy their resources into value-creating activities and sustain if not improve their financial performance; we had earlier seen that ERM oversight at Board level was associated with better top and bottom-line performance under difficult circumstances. Clearly, ERM allows the company to sustain lower liquidity and higher debt. This is somewhat akin to a state-of-the-art braking system providing a Formula-One driver absolute confidence to navigate the tight corners at great speed.

3.1.3. Return on Equity

The group was unable to identify clear patterns at a general level between ERM practices and the ROE performance parameter. The 5 companies with Board RC registered an average ROE of 0.18 (range: 0.06 - 0.37) while the 4 companies which ERM oversight through the AC had an average ROE of 0.21 (0.13 - 0.29), similar to those without Board ERM oversight, which also had average ROE of 0.21 (0.09 - 0.34). Given the association of ERM practices with better financial performance and more efficient capital structure, one would have expected an association with higher ROE. The absence of a clear pattern could be because ROE is highly dependent on industry and may require an intra-industry benchmarking exercise to better isolate the effect of ERM on ROE.

3.1.4. Share Price

This study obtained the closing prices of the respective counters in SGX as at 31-Dec-2008 and 31-Dec-2009 to calculate the change in share price of each company. While the share price is indicative of the value of the company to investors, it is subject to market sentiments and investor perceptions at a particular point in time. Therefore, this study comments on general observations on the movement of share prices in the period of 2008-2009 in relation to the 3 categories of ERM oversight structure but cautions against the hasty reading of a cause-effect relationship.

Generally, 11 out of the 12 companies experienced a rise in share prices from 2008 to 2009. The exception was Straits Trading which showed a 1% drop within this time period.

Amongst the 3 categories, companies with RCs showed an average increase of 71% in share prices with the lowest increment at 25% and the highest at 130%. Companies with ERM oversight in the AC showed a more modest change in share price with an average of 38% upswing with a lowest of −1% and a highest of 82%. In the last category, the average share price upswing was 175% (lowest 28% and highest 355%).

This seems to suggest that companies with no risk management framework at the Board level experience more volatile share price movements. This is perhaps, in part, due to the ownership and management structure. All 3 companies in the last category are owner-managed, and as suggested previously, risk management in this type of companies are largely dependent on the risk-reward appetites and philosophies of the owner-managers. There is no form of aggregation or balancing out of risk-taking that exists in companies with formal risk management structures. As such, share prices may swing upward when risk-taking on the part of the owner pans out and then downward sharply when the risk-taking turns sour.

3.2. Non-Financial Performance

In general, the study notes that companies with Board RC won many more awards than those without. Out of the 5 of our stable of companies in this category, 4 have won awards on corporate governance and transparency. As mentioned earlier through the example of CAO, corporate governance awards are not entirely indicative of truly good corporate governance practices. The evidence of the study, however, does suggest that companies with dedicated RCs promote better governance and enhances the efficacy of the Board as a whole, or at least appear to do so.

4. Focus on Risk Committees

Corporations of all sizes are increasingly focusing on the systemic risks that threaten their health and profitability. The benefits of a successful RC are obvious: improved board oversight of management and of company operations; and an ability to anticipate and react to events and trends that might otherwise be inscrutable. (Ware, 2009) We have seen in the previous section that formal Board oversight of ERM is generally associated with better performance but the question remains how different features of an RC actually impact performance. Thus this section examines the individual performances of the 5 companies with Board RCs in relation to these committees’ composition, meeting frequency and other operating effectiveness attributes.

4.1. Sembcorp Marine Ltd

Sembcorp Marine turned in the best performance amongst the 5, with a 13% increase in revenue and a 63% bottom-line expansion from 2008 to 2009. An ROE of 37% also shows it has the highest efficiency among the five companies in generating earnings growth from every unit of shareholders’ investment funds. The stellar performance may be attributed to Sembcorp Marine’s ERM practices. All 4 members of the committees are non-executives but with expertise in the financial, legal and engineering fields. In addition, Sembcorp Marine has an ERM committee at the management level overseeing the risk management of operations and the internal environment of the business. The combination of external expertise (the Board RC) and internal insights (the Management RC) may be an important factor in the results shown by Sembcorp Marine.

4.2. Wilmar International Ltd

It was noted that Wilmar’s net income rose 27% between 2008 and 2009 despite a 16% decline in revenue. It was similarly observed that this could be because ERM prepared the company against downside risks. Except for the CEO for the company, the other two members of risk committee are both independent and non-executive experts with accounting and finance expertise. The RC met every quarter to discuss the potential risk areas, review risk assessment and risk management processes with both internal and external viewpoints. Wilmar’s RC has a very high ownership of the company (deemed interest is over 30% of common shares) almost entirely attributed to the CEO member in the RC.

4.3. United Engineers Ltd

In United Engineers, the long tenure of the RC is notable. All 3 members of the RC have served on the Board for some time with average board tenure of 10.7 years. 2 of the 3 RC members were considered experts: one with more than 40 years of banking experience while another’s corporate experience in different public listed and private companies were thought to be able to benefit the company. Although the committee only held 2 formal meetings in 2009, the duties of each meeting were clearly specified and executed. The assessment and monitoring of all risks associated with the investments and operations were immediately reported and recommended to the Board. The experience of United Engineers suggests that the RC can benefit from members who can combine broad understanding of the complex business environment with intimate familiarity of the company’s operating style.

4.4. Thai Beverage Public Company Ltd

At 14 members, ThaiBev has the largest RC in our sample. Interestingly, the RC not only comprises directors from the Board, but has also co-opted management executives. However, its annual report does not provide more information on the RC such as its meeting frequency and RC formalities. ThaiBev’s performance, while not bad, was not sterling either. Thus we might think Thai Beverage’s RC is merely set up there without taking any actual actions. This may indicate that, when it comes to the RC, more does not necessarily mean better. Rather, a committee with the right mix of expertise and with sound risk management practices would deliver more desirable results.

4.5. Cosco Corporation (Singapore) Ltd

Cosco seems to have an excellent committee structure, 4 independent directors, 1 executive director (the company President) and 1 non-Board employee, all with strong background in finance or accounting areas. The RC met 5 times in 2009 and benefited from the professional advice of Deloitte & Touche. It also dedicated 4 full pages in its annual report―the most amongst companies in our sample―to the discussion of ERM. The efforts of the RC at Board level is cascaded down to the risk management committees in each operating subsidiary.

Closer examination, however, reveals some problems. The Board members in its RC hold an average of 3.8 other board positions, including the AC, which held 9 meetings in 2009. The demands of multiple committees and the high frequency of meetings could dilute the directors’ attention and focus on their responsibilities in each committee. In fact, we noted that Cosco’s RC is simply an expanded version of the AC. All 4 members of the AC sit in it. The company President and employee make up the remaining 2 of the 6-member RC. Such a composition has a flavor of a risk management oversight by AC structure (International Organization for Standardization, 2009a, 2009b, 2009c) .

We also noted from the annual report that the RC’s agenda seems to take a relatively short term view of risks. A formalistic RC like this can itself create risk, because the result of responsibility confusion could be overlapping efforts and ambiguous accountability distributions among the AC members.

Despite elements of a comprehensive ERM structure, the observed shortcomings may have contributed to Cosco’s relatively dismal performance in 2009; as seen earlier, Cosco’s net income performance was the poorest within the group of companies with Board RCs.

4.6. Key Considerations for an Efficient and Effective Risk Committee

Based on the examination of the 5 companies with a dedicated RC, we surmised that an efficient and effective RC ought to have the following characteristics:

4.6.1. Committee Composition

From the study, an ideal RC should have least 3 members. Larger committees may not necessarily be better as evidenced in ThaiBev’s case, but a minimum size of 3 would enhance the mix of skills and expertise.

The proportion of executive and non-executive directors can be flexible but the RC must have a mix of external as well as internal expertise in order to gain a reasonably holistic view of enterprise risks. If the RC members are wholly made up of non-executive directors, it can be supplemented with a management level risk management team.

Preferably, at least one person should be a risk expert. While the definition of a risk expert can be variably interpreted, one or more experts ought to have some familiarity with the industry in which the company is operating. International experience would be beneficial particularly in a modern connected world.

4.6.2. Committee Meetings

The RC should meet on a regular basis to review any changes to the risk assessment. Meeting frequency should increase during crisis periods when volatility in the business environment can cause a change to the consequence and likelihood of risks. By adapting the frequency of reviews to the situation, appropriate and timely risk responses can be formulated and acted upon.

The example of Cosco indicates that during committee meetings, AC (or RC?) should take actions proactively rather than search for solutions only when problems have already appeared apparently. Proper follow-up would then be required to effectively monitor implementation of risk responses. This can be achieved by establishing a clear reporting and feedback channel to the RC.

4.6.3. Number of Board Positions

It may be a reflection of how the Board views ERM that determines how members of an RC are selected. We see in the case of Cosco that poor and inadequate staffing of the RC may pose a different sort of risk. As the benefits of true ERM becomes more evident, it would also become clear that the RC has responsibilities unique from the other committees of the Board and, to function effectively, members must have proper focus on the tasks of the RC. Hence, the number of board positions that an RC member assumes should also be taken into consideration when forming the RC.

4.6.4. Other Considerations

A clear mandate of the responsibility of the RC should be established by the Board. The Board also should dedicate some time at board meetings to review the performance of the RC. In addition, the RC should have clear communication and engagement channels with other Board committees, management and key employees, in order to garner an enterprise view of risks.

5. ERM Oversight Structure and Company Characteristics

The alternative approach of having board oversight in ERM is to have the AC concurrently carry out the RC function. Of course it is always an option not to have any ERM oversight at Board level at all. We next try to rationalize the choices of companies in their ERM structures with respect to various firm characteristics.

5.1. Company Complexity

The implication of assigning the AC a dual role of overseeing ERM on top of its primary audit function is that there is dilution of focus in the two domains. However if the firm has a less complex business model and operations, there might be synergy to be harnessed by having the AC oversee risk management.

One proxy to estimate the complexity of the firm is the number of subsidiaries and associate companies under the firm. Using the proxy shown on Figure 4, the team found that, on an aggregated level, firms that have risk management through the AC have about 62% lesser subsidiaries and associate companies compared to firms with dedicated RCs. This seems to indicate that companies that are less complex in nature choose to perform their risk management oversight through the AC.

This discovery also prompted the team to further deliberate on the role of risk management on the level of complexity business environments and operations. To that end, we extend the analogy, introduced earlier, of risk management to the enterprise being akin to the braking system of a car.

The case of an ERM oversight through the AC can be thought of as having a “moderate” braking system for a moderate growth engine. However, as the growth engine becomes more complex, the braking device will need to evolve in tandem.

On the flip side, having a top-of-the-line braking system might be overkill for a relatively small and less complex firm as the resources required to appoint

Figure 4. Level of complexity. Numbers are counted from the 12 companies’ 2009 annual reports.

additional directors can be better invested in other parts of the firm. Therefore a delicate balance needs to be maintained to ensure optimal growth, while having a reasonable board oversight in the ERM.

5.2. Company Size

Our data also showed that on an aggregated level, firms that have no RC had the lowest aggregate revenue. As shown in Figure 5, we found that generally, the larger a firm was, as measured by revenue, the more elaborate and resourced its Board level ERM oversight was. This observation could also be suggesting that firms need to achieve a higher level of sophistication in terms of risk management in order to achieve and sustain larger scale businesses, more so in the rapidly changing business environment of today.

5.3. Company Ownership Structure

We next explore if the company ownership structure influences the way risk management is handled. From Figure 6, there is no conclusive association between ownership structure and the way ERM oversight is structured either through RC or AC.

However the data clearly indicated that companies without any form of Board level oversight over ERM were all owner-managed. As hypothesized earlier, this could be because a high level of Board monitoring may not be optimal for owner-managed firms. However, the association of Board oversight of ERM with firm size and complexity may imply that without subjecting themselves to greater Board oversight, in ERM and other matters of governance, these owner-managed companies may not be able to grow beyond their current state.

5.4. Challenges of AC with ERM Oversight Responsibilities

Conducting Board oversight of ERM through the AC could present a couple of areas of concern. Firstly, one would expect an AC with ERM oversight responsibility to meet more frequently. However, data from the company sample did not support this. Generally, the ACs of the companies in our sample met quarterly whether or not they had ERM oversight responsibilities. It could imply that these ACs were not spending as much time on ERM as those with dedicated RCs

Figure 5. Revenue profile of sample data (log scale). Revenue figures are extracted and recalculated into 3 categories from the 12 companies’ 2009 annual reports.

Figure 6. Company Ownership Structure Profile. Numbers of companies in different structure are collected and counted from the 12 companies’ 2009 annual reports.

either because of time or resource constraints. It may be that ACs with responsibilities for ERM adopt a manage-by-exception approach, only concentrating on obvious problems and leaving the formulation and execution of the risk management plan to the executive management.

A second area of concern is that the ideal AC and RC have perhaps rather difference requirements in terms of composition and such different requirements would obviously not be met if the RC and AC are combined. The paramount principle of the AC composition is the independence of members with accounting or related financial management expertise or experience, while RC was seen earlier to benefit from domain expertise and executive or insider participation to fully appreciate the relevant risk and formulate optimal responses. It seems to be a tall order to expect an AC to satisfy both requirements without compromise.

6. Conclusion

6.1. Implication of the Study Results

In examining the ERM practices of the 12 sample companies and their performance in the highly volatile period between 2008 and 2009, we found that generally, Board oversight of ERM was associated with superior performance in value preservation and creation. By focusing on the characteristics of the 5 companies with dedicated RCs, we found that there are certain desirable RC features such as in RC composition and commitment of members that could contribute to better performance. It was also found that there was an association between ERM oversight by Board and company size and complexity. On the whole there is probably sufficient evidence to say that formal oversight of ERM at the Board enhances performance and is necessary to sustain a company operating beyond a certain scale and complexity (Mensah & Gottwald, 2016) .

6.2. Limitations

There were several limitations with this study. The reluctance of firms to disclose information about their risk management strategies makes it difficult to locate organizations implementing enterprise risk management. As a result, despite the variety of parameters for which data were collected, there are only limited sample sizes of 12 companies, clear associations between ERM and performance parameters could not be established in with a fair degree of confidence.

And also, it must be noted that the current study has only gone as far as the identification of correlation between ERM features and firm performance without identifying causality. For example, while Board level oversight of ERM was associated with good performance, it was not possible with this study to conclude if it was indeed ERM that led to performance or that superior financial performance provided resources that allowed ERM implementation.

Similarly, this study was not able to determine if it was in fact ERM that sustained large scale, complex businesses, or that the large scale and complexity of firms necessitated ERM; or perhaps there was causality in both directions. Therefore, this paper reports only those for which the author observed plausible relationships.

6.3. Recommendations for Further Research

We would like to make some suggestions for future studies. Future efforts at investigating the effect of ERM on performance could benefit from intra-industry benchmarking to better isolate the impact of ERM by controlling for unique industry factors. It was also thought that collecting data over a longer period, instead of over just one year, will provide for a more in-depth insight to the development of ERM and company performance.

It would be enlightening for future studies to be conducted with the explicit purpose of identifying causal relations between ERM practices, performance and firm characteristics. An experimental research approach could be used to establish a direct qualitative relationship between variables. While this may be easier said than done, we believe this presents fertile research grounds for the present generation of risk management practitioners and scholars.

Cite this paper
Li, L. (2018) A Study on Enterprise Risk Management and Business Performance. Journal of Financial Risk Management, 7, 123-138. doi: 10.4236/jfrm.2018.71008.
References
[1]   Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2007). Enterprise Risk Management—Integrating with Strategy and Performance: Executive Summary. Committee of Sponsoring Organizations of the Treadway Commission (COSO).

[2]   Deloitte, & Touche LLP (2007). Global Risk Management Survey: Fifth Edition—Accelerating Risk Management Practices (p. 13). London: Deloitte & Touche LLP.

[3]   International Organization for Standardization (2009a). IEC 31010 Risk Management—Risk Assessment Guidelines (p. 14). Geneva: International Organization for Standardization.

[4]   International Organization for Standardization (2009b). ISO 31000 Risk Management—Principles and Guidelines (p. 18). Geneva: International Organization for Standardization.

[5]   International Organization for Standardization (2009c). ISO Guide 73:2009 Risk Management—Vocabulary (p. 8). Geneva: International Organization for Standardization.

[6]   McCuaig, B. (2009). Practical Guidance: Seven Steps for Effective Risk Management. Toronto: Thomson Reuters.

[7]   Mensah, G., & Gottwald, W. (2016). Enterprise Risk Management: Factors Associated with Effective Implementation (p. 198). Amsterdam: Social Science Electronic Publishing.

[8]   Office of Research at Singapore Management University (2009). Leave Some Breathing Room for Optimal Value Creation in Asian Family-Owned Firms. Knowledge@SMU.

[9]   Ware, W. N. (2009). Does Your Board Need a Risk Committee? Directors and Boards. HighBeam Research.

 
 
Top