From Traditional Risk Management Approaches to Enterprise Risk Management

Differences, Current Research Areas, and Potential Benefits of ERM

Seminar Paper, 2021

26 Pages, Grade: 1,7


Table of contents

List of Abbreviations

List of Tables

1 Introduction

2 Methodology

3 Literature Review
3.1 Definition of ERM and differentiation from traditional risk management approaches
3.2 Research streams
3.3 Determinants of ERM implementation
3.4 Enterprise Risk Management and value creation
3.5 Comparison of the results with a prior literature review

4 Conclusion



List of Abbreviations

Abbildung in dieser Leseprobe nicht enthalten

List of Tables

Table 1: Summary of the papers that are concerned with ERM and value creation (Source: Own illustration based on the examined papers)

Table 2: Summary of the papers that are concerned with the determinants of ERM implementation (Source: Own illustration based on the examined papers)

1 Introduction

Due to the recent developments regarding the Coronavirus that have greatly impacted the world economy, the topic of adequate risk management is more relevant than ever before. This is reflected in the CFO panel conducted by the FINANCE magazine in the spring of 2020 where 38% of the respondents reported that risk management was among their top three priorities (see “CFO Panel: Umfrage Frühjahr 2020 - Coronakrise verändert Schwerpunkte der CFOs,” 2020, p. 1). However, this is not the only reason, why risk management considerations are highly relevant. Regulatory requirements like the Sarbanes Oxley Act from 2002 (see Banham, 2005, p. 20) or Solvency II from 2016 (see Bohnert, Gatzert, Hoyt, & Lechner, 2019, pp. 1-2) call for an integrated, enterprise-wide perspective on firms’ risk portfolios and rating agencies emphasize the importance of holistic risk management practices.

In this context, Enterprise Risk Management has become increasingly important in the management of corporate risks. This holistic and integrated risk management approach considers risk on the entity level and as a part of the overall company strategy and is thus an alternative to traditional, silo-based risk management approaches (see COSO, 2017, p. 6; McShane, Nair, & Rustambekov, 2011, p. 644).

The benefits of ERM are well known. It can reduce earnings volatility, stock price volatility, external capital costs and increase capital efficiency (see e.g., Liebenberg & Hoyt, 2003, p. 38; Miccolis & Shah, 2000, p. 4). This leads to the conclusion that ERM can be very beneficial for the companies that implement it. However, while some scholars confirm the hypothesis that ERM creates value (see e.g., Ali, Hamid, & Ghani, 2019, p. 239; Hoyt & Liebenberg, 2011, p. 795; Lechner & Gatzert, 2018, p. 1; Phan, Dang, Nguyen, Ngo, & Hoang, 2020, p. 473), others have found insignificant or mixed empirical results (see e.g., Anton, 2018, p. 151; Gonzalez, Santomil, & Herrera, 2020, p. 111; Li, Wu, Ojiako, Marshall, & Chipulu, 2014, p. 1; Sprcic, Zagar, Sevic, & Marc, 2016, p. 65). This seminar paper thus aims to answer the question whether ERM can in fact create value for implementing firms by comparing the results of 25 empirical papers from 2011-2020.

According to a survey by Deloitte (2018, p. 25), 83% of their sample of 94 financial institutions have an implemented ERM system. This raises the question of which company characteristics make an implementation more likely and why certain firms implement ERM, while others do not. To answer this question, ten empirical papers from 2011-2020 will be examined regarding the determinants that facilitate ERM implementation.

This paper consists of the following sections: The next chapter presents the methodology. After that, ERM is defined more thoroughly and it will be outlined, how this approach differs from traditional risk management. Relevant research streams and determinants of ERM implementation will be presented consecutively, followed by a review of 25 papers concerning ERM’s value creating abilities. The results from these papers will be discussed by comparing them to a prior literature review. A conclusion will be drawn in section 4.

2 Methodology

The literary database Scopus was used to gather papers from 2011-2020 for this literature review. Two search queries were carried out to find papers regarding the determinants of ERM implementation: The first search included the keywords “Enterprise Risk Management”, “determinants” and “implementation”, which yielded a total of 46 documents. Filtered by title and abstract, this yielded only two Papers. Thus, the search was expanded by only including “enterprise risk management” and “determinants” as keywords. Limited to the years of 2011-2020 and filtered by title and abstract, this search yielded five papers. Three additional papers were found through cross-references. Thus, the final number of papers for the determinants of implementation of ERM amounted to ten papers.

Three search queries were carried out for ERM and value creation. The first included the keywords “Enterprise risk management”, “value creation”, “valuation” and “performance”. With the years limited to 2011-2020, this yielded a total of 2049 documents. The search was then limited to the exact keyword “enterprise risk management” so that there was a total of 113 documents in the end. Screened by title and abstract, this search yielded ten papers. The second query used only the keyword “Enterprise Risk Management” with the subject area limited to business, management and accounting and the exact keyword “enterprise risk management”. This only yielded 3 additional documents, which is why a third search was carried out. It included also only the keyword “enterprise risk management”, but the search was conducted in the article title. The subject area was again limited to business, management, and accounting. This yielded a total of 269 documents. After filtration (title and abstract) this search yielded 8 documents. 4 additional documents were found through cross-references. Thus, the final number of papers for ERM and value creation amounts to 25 papers.

3 Literature Review

The following chapter provides a definition of enterprise risk management, distinguishes it from traditional risk management approaches and explains how ERM can contribute to the general aim of risk management, which is to create shareholder value (see Meulbroek, 2002, p. 56). Additionally, an overview of the current literature is undertaken in which two strands are going to be examined more closely, namely the determinants of ERM adoption and the value creating capabilities of ERM.

3.1 Definition of ERM and differentiation from traditional risk management approaches

There are several frameworks that provide an overview of the key aspects of an Enterprise risk management framework. COSO (2004, p. 2), the Committee of Sponsoring Organizations of the Treadway Commission, for instance, defined the ERM approach as: “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

Thus, ERM can be described as a holistic and company-wide risk management framework, which considers the impact of individual risks on the entire enterprise and hence aims to enable a portfolio view of risk by embedding risk considerations into the core of a company’s strategy (see e.g., COSO, 2017, p. 6). ERM aggregates the risks across the entire firm and aims to uncover interdependencies between risks which enables a more thorough assessment of the firm’s entire portfolio risk and can lead to improved strategic and operative decision-making processes (see Hoyt & Liebenberg, 2011, pp. 795798; Miccolis & Shah, 2000, p. 4). This can increase shareholder value, because the entire portfolio risk should be less than the sum of the individual risks, if they are not entirely correlated and especially if there are natural hedges (see McShane et al., 2011, pp. 644-645).

ERM thus differs considerably from traditional risk management approaches which compartmentalize risks into isolated “risk-silos” that entail the management of individual risks in separate units in a highly disaggregated manner (see McShane et al., 2011, p. 644). This means that e.g., insurance risk managers address hazard and liability risks, business units handle project risks, treasury deals with foreign exchange risk (see Banham, 2005, p. 16). Hence, the traditional form of risk management is rather defensive because it aims to protect the company against adverse financial scenarios (see Meulbroek, 2002, p. 69). Conversely, ERM is more offensive because it is specifically intended to contribute to an increase in shareholder value through integration into the corporate strategy and the decision process (see Liebenberg & Hoyt, 2003, p. 37; Meulbroek, 2002, p. 57). ERM is thus not focused on mere risk avoidance or mitigation but aims to take into account risk-related emerging and strategic opportunities as well (see Banham, 2005, p. 14; COSO, 2017, pp. 3-4; Rochette, 2009, p. 403).

ERM requires a deep understanding of a firm’s operations and financial policies, which is why it is the senior management’s responsibility to ensure that the company’s total risk appetite will not be exceeded by defining the objectives of the ERM system and integrating them into the corporate strategy (see Gatzert & Martin, 2015, p. 32; Meulbroek, 2002, pp. 68-69). ERM thereby centralizes the management of risk under a chief risk officer or ERM committee who are supposed to implement and manage the enterprise risk management program (see Banham, 2005, p. 14; Liebenberg and Hoyt, 2003, p. 37-38). This can reduce information asymmetries concerning the current and expected risk profile of a company (see Liebenberg & Hoyt, 2003, p. 37).

The objective of any risk management system in more general terms is to protect and enhance shareholder value (see Hoyt & Liebenberg, 2011, p. 797; Meulbroek, 2002, p. 56). There are different ways in which enterprise risk management contributes to this objective: ERM can reduce earnings volatility, stock price volatility, external capital costs and increase capital efficiency by providing an objective basis for allocating firm resources, exploiting natural hedges and portfolio effects. Furthermore, considering risk dependencies allows companies to exploit synergy effects in the risk management process (see Liebenberg & Hoyt, 2003, p. 38; Miccolis & Shah, 2000, p. 4). A successful ERM system needs suitable governance structures, as well as proper physical, IT and human resources with well-defined roles and responsibilities, ERM policies and standards, accountability and reporting relationships and performance indicators that are supported by an adequate audit and compliance function (see Rochette, 2009, p. 398). These factors could be possible obstacles in the implementation of a successful ERM program. Establishing a strong risk culture where the people in the organisation own and take accountability for risks, even if the ERM system is initially implemented top- down, can be an additional challenge. It is also necessary that an organisation is agile enough to be able to learn from mistakes and thus improve continuously which requires transparency and extensive communication from the CRO (see Rochette, 2009, p. 403).

3.2 Research streams

The different research streams in the Enterprise Risk Management literature can be broadly categorized as follows: Frameworks of ERM (see e.g., Etges, de Souza, Neto, & Felix, 2018, p. 1; Mishra, Rolland, Satpathy, & Moore, 2019, p. 162; Umanath & Santosh Kumar, 2019, p. 154), scholars that examine the implementation status of ERM (see e.g., Dabari & Saidin, 2015, p. 2817; Jayantha, 2015, p. 238) and the interrelation of ERM with other company functions. The latter includes e.g., business strategy (see e.g., Soltanizadeh, Rasid, Golshan, & Wan Ismail, 2016, p. 1016), strategic cost management (see e.g., Elsayed, Wickramainghe, & Razik, 2011, p. 184) or corporate social responsibility and sustainability considerations, which is a rather new research direction (see e.g., Fakir & Jusoh, 2020, p. 351; Naseem, Shahzad, Asim, Rehman, & Nawaz, 2020, p. 501). Determinants that can lead to ERM implementation, as well as the value creating capabilities of ERM also constitute two major fields of research. In the following, the current seminar paper will present empirical research papers that examine these two research strands more closely.

3.3 Determinants of ERM implementation

The review of the ten papers on the determinants of ERM implementation revealed 14 categories of determinants. However, only those determinants which were mentioned by at least five of the papers will be outlined more thoroughly. The number of determinants would otherwise exceed the scope of this seminar paper. Following this criterion, five categories of determinants are included in the analysis. More details about the ten examined papers can be found in Table 2 in the Appendix.

Firm size - This determinant of ERM implementation was considered by eight papers and is therefore the factor that was considered most often. Three papers found an insignificant relationship (see Golshan & Rasid, 2012, p. 458; Hernandez-Madrigal, Guzman-Aibar, Aibar-Guzman, & Flores-Ramfrez, 2020, p. 86; Razali, Yazid, & Tahir, 2011, p. 202) while five have found a significant positive relationship (see Bohnert et al., 2019, pp. 20-21; Farrell & Gallagher, 2015, p. 649; Lechner & Gatzert, 2018, p. 24; Mafrolla, Matozza, & D’Amico, 2016, p. 681; Mardessi & Arab, 2018, p. 454). Greater firm size is generally associated with more resources that make it possible to bear the high costs of implementing an ERM system (see Beasley, Clune, & Hermanson, 2005, p. 524). Additionally, firms that are greater in size also face an increasing scope and complexity of uncertainty, as well as a greater risk of financial distress (see Gatzert & Martin, 2015, p. 38; Pagach & Warr, 2011, pp. 8-9). Thus, bigger firms may also have a greater need for ERM.

Financial Leverage - This category yielded ambiguous results. Two papers have found an insignificant relationship (see Farrell & Gallagher, 2015, p. 649; Razali et al., 2011, p. 202), while Lechner and Gatzert (2018, p. 24) and Bohnert et al. (2019, pp. 20-21) found a significant negative relationship. Bohnert et al. (2019, pp. 20-21) argue that this could be because firms with high quality risk management systems may decrease their leverage to reduce the risk of debt pay-out defaults. Conversely, Golshan and Rasid (2012, p. 453) found a significant positive relationship between ERM implementation and financial leverage. They hypothesize that more leveraged firms have a higher cost of financial distress, which is an incentive to disclose their risk exposure more comprehensively to signal their commitment to the debt holders (see Golshan & Rasid, 2012, p. 458).

Performance indicator - This category includes different key indicators which is why the results of the papers are not directly comparable. Razali et al. (2011, p. 202), for instance, found a significant positive relationship between ERM implementation and a high turnover but an insignificant one for profitability. Khan, Hussain, and Mehmood (2016, pp. 1901-1902) found a significant positive result for growth opportunities. Lechner and Gatzert (2018, p. 24) found a significant negative relationship between ROA and ERM in their sample of 160 German listed firms. This could be due to the high amounts of human and financial resources required for an ERM implementation (see Lechner & Gatzert, 2018, p. 24). Conversely, Mafrolla et al. (2016, p. 681) found a significant positive relationship between increasing ROA and ERM. They hypothesized that firms with a growing performance have stronger ERM systems due to higher resources for an effective implementation (see Mafrolla et al., 2016, p. 677).

Managerial structures - Significant positive relationships for the presence of a CRO in a company were found by Gottwald and Mensah (2015, pp. 36-37), Mardessi and Arab (2018, p. 452) and Razali et al. (2011, p. 202). Independence of the board of directors was found to be positively related to ERM implementation by Khan et al. (2016 pp. 1901-1902) and an insignificant relationship was found by Golshan and Rasid (2012, p. 458). Furthermore, Gottwald and Mensah (2015, pp. 36-37) found significant positive relationships for ERM implementation and the presence of an audit committee, as well as top management support of an ERM program. These findings underline the importance of adequate managerial structures for the implementation of an effective ERM program.

Risk indicator - This category again encompasses different indicators, which is why the results are not directly comparable. This indicator yielded only a significant positive result in one paper for the probability of financial distress and earnings volatility (see Khan et al., 2016, pp. 1901-1902) for a sample of 40 French listed firms. Otherwise, there were mostly insignificant results e.g., for stock price volatility (see Golshan & Rasid, 2012, p. 458), earnings variability (see Farrell & Gallagher, 2015, p. 649) and the Beta indicator (see Farrell & Gallagher, 2015, p. 649; Hernandez-Madrigal et al., 2020, pp. 97-98). Bohnert et al. (2019, pp. 20-21) even found a significant negative relationship between ERM implementation and the volatility of stock returns. This could be explained by the fact that their sample of 41 European insurance companies already benefits from fairly mature risk management systems (see Bohnert et al., 2019, p. 21).

3.4 Enterprise Risk Management and value creation

This section of the current seminar paper presents 25 empirical research papers from 2011-2020 that tested whether ERM can indeed create value. They will be analysed according to the following criteria: The applied sample, indicators of ERM activity, the methodology, the indicator of company value, as well as the results. A thorough overview over the examined papers can pe found in Table 1.

Sample - The samples that were used in the individual papers differ greatly in their size. The smallest sample consists of 20 companies (see Nasr, Alaei, Bakhshi., Rasoulyan, Tayaran, & Farahi, 2019, p. 1391) and the largest of 532 companies (see Grace, Leverty, Phillips, & Shimpi, 2015, p. 301). The years that are considered overall range from 1995 to 2018 and most papers’ analyses span multiple years. The greatest analysed time span is 11 years (see Anton, 2018, p. 152) and the smallest is 1 year (see e.g., McShane et al., 2011, p. 649; Waweru & Kisaka, 2012, p. 82). The countries in the samples of the empirical papers include the US (see e.g., Callahan & Soileau, 2017, p. 127; Grace et al., 2015, p. 297; Hoyt & Liebenberg, 2011, p. 795; Marc, Sprcic, & Zagar, 2018, p. 84; Sprcic et al., 2016, p. 65), followed by three papers with Malaysian company samples (see Abdullah, Janor, Hamid, & Yatim, 2017, p. 3; Ali et al., 2019, p. 239; Tahir & Razali, 2011, p. 32) and China with two papers (see Li et al., 2014, p. 1; Zou & Hassan, 2015, p. 1). Asia is further represented by samples from Indonesia (see Iswajuni, Manasikana, & Soetedjo, 2018, p. 224), Iran (see Nasr et al., 2019, p. 1387) and Vietnam (see Phan et al., 2020, p. 473). Bohnert et al. (2019, p. 3) employ a sample of European companies. Europe is further represented by samples from e.g., Germany (see Lechner & Gatzert, 2018, p. 2), Spain (see Gonzalez et al., 2020, p. 111) and Italy (see Florio & Leoni, 2017, p. 56). Farrell and Gallagher (2015, p. 630) employ an international sample of firms that includes more than 60 countries. Furthermore, 21 of the 25 papers used listed company samples (see e.g., Hoyt & Liebenberg, 2011, p. 796; McShane et al., 2011, p. 649; Quon, Zéghal, & Maingot, 2012, p. 95).

The samples also differ considerably in terms of the industries that are examined. There are several papers which consider exclusively non-financial industry samples (see e.g., Florio & Leoni, 2017, p. 62; Quon et al., 2012, p. 95; Sprcic et al., 2016, p. 65). Other papers include a variety of different industries in their sample (financial and nonfinancial) (see e.g., Bertinetti, Cavezzali, & Gardenal, 2013, p. 6; Callahan & Soileau, 2017, p. 127; Waweru & Kisaka, 2012, p. 88). The banking and insurance industry face increasing regulatory pressures which is why it is essential to install adequate risk management systems (see e.g., Gatzert & Martin, 2015, p. 49). They are therefore popular target industries in ERM research that were considered by eight of the 25 papers (see e.g., Baxter, Bedard, Hoitash, & Yezegel, 2013, p. 1265; Hoyt & Liebenberg, 2011, p. 799; Li et al., 2014, p. 5). Lastly, there are papers which consider individual industries, like e.g., the manufacturing sector (see Iswajuni et al., 2018, p. 224; Zou & Hassan, 2015, p. 3), industrial enterprises (see Phan et al., 2020, p. 474) or the technology sector (see Abdullah et al., 2017, p. 3).

Indicator of ERM activity - The most popular ERM indicator in the chosen papers were Keyword searches and content analyses of companies’ annual reports, websites and SEC filings (see e.g., Abdullah et al., p. 6; Ali et al., 2019, p. 243; Anton, 2018, p. 152). These manual content analyses often focused on the presence of a CRO in the company or other keywords related to risk management (see e.g., Bertinetti et al., 2013, p. 6; Sprcic et al., 2016, p. 72). Florio and Leoni (2017, p. 62) created their own ERM measure that they employed in their analysis of the corporate government reports of their sample companies. Other means that were used to detect whether a company had implemented an ERM system were S&P’s risk management ratings (see Baxter et al., 2013, p. 1270; Bohnert et al., 2019, p. 1; McShane et al., 2011, p. 646), information from the OSIRIS database (see Tahir & Razali, 2011, p. 34), the RIM’s Risk Maturity Model (see Farrell & Gallagher, 2015, p. 642), and the Tillinghast Towers Perrin ERM survey (see Grace et al., 2015, p. 290). Survey-based approaches were also applied occasionally. To this end, Callahan and Soileau (2017, p. 126) obtained responses from internal audit function management concerning the existence and maturity of ERM implementation, based on the COSO framework’s four objectives for ERM (namely strategy, operations, reporting and compliance). Waweru and Kisaka (2012, p. 91) approached CROs and CFOs to gather information about the level of ERM implementation in the respective company.


Excerpt out of 26 pages


From Traditional Risk Management Approaches to Enterprise Risk Management
Differences, Current Research Areas, and Potential Benefits of ERM
Friedrich-Alexander University Erlangen-Nuremberg
Catalog Number
ISBN (eBook)
ISBN (Book)
Enterprise Risk Management, ERM, TRM, Risikomanagement
Quote paper
Reka Müller (Author), 2021, From Traditional Risk Management Approaches to Enterprise Risk Management, Munich, GRIN Verlag,


  • No comments yet.
Read the ebook
Title: From Traditional Risk Management Approaches to Enterprise Risk Management

Upload papers

Your term paper / thesis:

- Publication as eBook and book
- High royalties for the sales
- Completely free - with ISBN
- It only takes five minutes
- Every paper finds readers

Publish now - it's free