Monda, Barbara and Giorgino, Marco (2013): An Enterprise Risk Management maturity model.
Preview |
PDF
MPRA_paper_45421.pdf Download (425kB) | Preview |
Abstract
In the recent years, Enterprise Risk Management (ERM) has emerged as a new risk management technique aimed to manage the portfolio of risks that faces an organization in a integrated, enterprise- wide manner. Unlike traditional risk management, where individual risk categories are managed from a silo-based perspective, ERM involves an holistic view of risks allowing to take into account correlations across all risk classes. The academic literature on ERM is focused on two main aspects: the analysis of the factors that influence ERM adoption and its effects on firms performances. No studies have been conducted yet to propose robust and rigorous models to evaluate the quality, or maturity, of ERM programs implemented by firms. The aim of the research described in this paper is to fill this gap in the literature. In order to build a rigorous ERM maturity model, we have run an e-mail Delphi procedure involving a panel of worldwide experts on ERM and reached their consensus on the selection of a set of ERM best practice parameters, which are used to develop a structured questionnaire to be administered to firms. Experts consensus in obtained also on the scales and the scores for each questionnaire answer option. The output of the Delphi method is a scoring model that can be used to assess the maturity of an ERM program by administering a questionnaire composed of 22 closed-end questions to firms: answers are collected and scored, and all scores are combined in a single final score, the ERM Index (ERMi). The robustness of the model has finally been tested on a small sample of firms. We foresee two different uses of the ERMi maturity model, one by scholars for further quantitative research on ERM topics, and one by practitioners, as ERMi is suitable to be used by firms for a self- assessment of their ERM programs (internal use), and by consultancy firms, auditors and rating agencies (external use). The difference with other existing maturity models is its solid scientific base, the rigour with which it has been designed and the fact that it is derived from a Delphi procedure involving leading ERM experts who reached consensus on the model detailed design.
| Item Type: | MPRA Paper |
|---|---|
| Original Title: | An Enterprise Risk Management maturity model |
| Language: | English |
| Keywords: | Enterprise Risk Management, Maturity model, Delphi method |
| Subjects: | G - Financial Economics > G3 - Corporate Finance and Governance > G32 - Financing Policy ; Financial Risk and Risk Management ; Capital and Ownership Structure ; Value of Firms ; Goodwill |
| Item ID: | 45421 |
| Depositing User: | Ms Barbara Monda |
| Date Deposited: | 22 Mar 2013 15:19 |
| Last Modified: | 26 Sep 2019 16:10 |
| References: | ERM references Aabo, T., J., Fraser, R. S., & Simkins, B.J. (2005). The rise and evolution of the chief risk officer: Enterprise risk management at Hydro One. Journal of Applied Corporate Finance 17(3): pp. 62–75. Abrahim, A., Henry, K., and Keith, J. (2012). ERM Culture Alignment to enhance competitive advantage. 2012 ERM Symposium, 18-20 April 2012, Washington D.C. USA) ACT Insurance Authority (2004). Guide to Risk Management. ACT Insurance Authority. AIRMIC (2009). Research into the Definition and Application of the concept of Risk Appetite. AIRMIC. Altenbach, T. J. (1995). A Comparison of Risk Assessment Techniques from Qualitative to Quantitative. Proceedings of the ASME Pressure and Piping Conference, July 23-27, Hawaii, USA. Antonucci D. (2011). Benchmarker Gap Analysis Iso 31000. Available online. Barfield, R. (2007). Risk appetite- How hungry are you? PricewaterhouseCoopers. Beasley, M. S., Branson, B. C., and Hancock, B. V. (2010). Developing Key Risk Indicators to Strengthen Enterprise Risk Management. New York: The Committee Sponsoring Organizations of the Treadway Commissions (COSO). Beasley, M., Chen, A., Nunez, K., & Wright, L. (2006). Working Hand in Hand: Balanced Scorecards and Enterprise Risk Management. Strategic Finance, pp. 49-55. Beasley M.S., & Frigo, M.L. (2007). Strategic Risk Management: Creating and Protecting Value. Strategic Finance. Beasley, M., Pagach, D., and Warr, R. (2008). The Information Conveyed in Hiring Announcements of Senior Executives Overseeing Enterprise-Wide Risk Management Processes. Journal of Accounting, Auditing and Finance, 23(3) pp. 311-332. Berta, G. (2011). I Gruppi Societari. Giappichelli Editore. Brooks, D. W. (2010). Creating a Risk-Aware Culture. In J. Fraser, and B. J. Simkins, Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives. John Wiley & Sons. Calandro, J., & Lane, L. (2006). Insights from the Balanced Scorecard An Introduction to the Enterprise Risk Scorecard. Measuring Business Excellence, pp. 31-40. CAS (2003). Overview of Enterprise Risk Management. Casualty Actuarial Society. Chase-Jenkins, L., & Farr, I. (2008). Risk appetite: a boundary for decisions. Towers Perrin. Cendrowski, H., and William , M. C. (2009). Enterprise Risk Management and COSO. A guide for Directors, Executive and Practictioners. John Wiley & Sons. Coleman, M. E., and Marks, H. M. (1999). Quantitative and Qualitative Risk Assessment. Elsevier Science Ltd. COSO (2004). Enterprise risk management - integrated framework, executive summary. New York: AICPA. COSO - The Committee of Sponsoring Organisations of the Treadway Commission. Covello, V. T., and Merkhofer, M. W. (1993). Assessment methods. Approaches for Assessing Health and Environmental Risks. Plenum Press. David-O' Neill, J., and Stephens, M. (2010). ERM: the value proposition. Milliman - Risk Advisory Services White Paper. Dean, J., & Giffin, A.F. (2009). What’s your risk appetite? Towers Perrin. DeLoach, J. (2005). Enterprise risk management: practical implementation ideas. Protiviti MIS SuperStrategies Conference (April 26-29, 2005). Las Vegas, Nevada. Deloitte (2006). The Risk Intelligent Enterprise. ERM Done Right. Deloitte Touch. Deloitte (2008). Designing a Successful ERM function. Deloitte Touch. Deloitte (2010). Risk Intelligence in the energy and resources industry. Enteprise Risk Management Benchmark survey. Deloitte Touch. Deloitte (2012). Cultivating a Risk Intelligent Culture. Understand, measure, strengthen, and report. Deloitte Touch. Economist Intelligence Unit (2005). The evolving role of the CRO. ACE, Cisco Systems, Deutsche Bank and IBM. Ernst & Young (2010). Risk Appetite - The strategic Balancing Act. Ernst & Young. Farrel, J.M.& Hoon, A. (2009). What’s your company Risk Culture? National Association of Corporate Directors Directorship, April 15, 2009 Fraser, J., & Simkins, B. J. (2010). Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives. John Wiley & Sons. Frigo, M. L. (2007). Strategic Risk Management: Creating and Protecting Value. Strategic Finance, 25-32. Frigo, M. (2008). When Strategy and ERM Meet. Strategic Finance. Frigo, M.L. (2009). Strategic Risk Management: The New Core Competency. Balanced Scorecard Report. Harvard Business Review, January - February 2009. Frigo M.L., & Anderson, R.J. (2009). Strategic Risk Assessment: A First Step for Improving Risk Management and Governance. Strategic Finance. Frigo, M. L., and Anderson, R. J. (2009). Strategic Risk Assessment: a First Step for Improving Risk Management and Governance. Strategic Finance, (December): pp. 24-33 Frigo, M.L., & Anderson, R.J. (2011). Embracing Enterprise Risk Management: Practical Approaches for Getting Started. COSO - The Committee of Sponsoring Organisations of the Treadway Commission. Giorgino, M., & Travaglini, F. (2008). Il risk management nelle imprese italiane. Milano: Il Sole 24 Ore. Govindarajan, D. (2011). Corporate Risk Appetite: Ensuring Board and Senior Management Accountability for Risk. ICMA Centre, Henley Business School, University of Reading. IIF (2009). Risk Culture. Reform in the financial Services Industry: Strengthening Practices for a More Stable System. Institue of International Finance. The Institute of International Finance. IRM. (2002). A Risk Management Standard. The Institute of Risk Management. IRM (2012). Risk culture. Under the microscope guidance for Board. The Institute of Risk Management. ISO (2009a). Guide 73. International Organization for Standardization. ISO (2009b). Risk Management - Principles and guidelines. International Organization for Standardization. KPMG (2008). Understanding and articulating risk appetite. KPMG. Lai, F. W., & Samad, F. A. (2010). Enterprise Risk Management Framework and The Empirical Determinants of Its Implementation. International Conference on Business and Economic Research. Lam, J. (2000). Enterprise-Wide Risk Management and the Role of the Chief Risk Officer. White paper, ERisk, March 2000. Lam, J. (2001). The CRO Is Here to Stay. Risk Management, April: pp. 16-20. Lam, J., (2003). Enterprise Risk Management: From Incentives to Controls. John Wiley & Sons, Inc., Hoboken, New Jersey. Lam, J.& Associates (2008). Emerging Best Practices in Developing Key Risk Indicators and ERM Reporting. Executive White Paper sponsored by Cognos, January 2008. Lawrence, R. Q. (2005). ERM. Embracing a Total Risk Model. Financial Executives Internationals, 21(1): pp. 32. Liebenberg, A. P., and Hoyt, R. E. (2003). The Determinants of Enterprise Risk Management: Evidence from the Appointment of Chief Risk Officers. Risk Management and Insurance Review, 6(1): pp. 37-52. Lin, Y., Wen, M.-M., & Yu, J. (2011). Enterprise Risk Management: Strategic Antecedents, Risk Integration and Performance. Working Paper. McShane, M. K., Nair, A., and Rustambekov, E. (2010). Does Enterprise Risk Management increase Firm Value? Journal of Accounting, Auditing and Finance, 26(4): pp. 641-658. Melnick E. & Everitt, B.S. (2008). Encyclopedia of Quantitative Risk Analysis and Assessment, 1st Edition, Wiley & Sons Ltd. Meulbroek, L.K. (2002). Integrated Risk Management for the Firm: A Senior Manager’s Guide. Journal of Applied Corporate Finance 14: pp. 56–70. Miccolis, J., & Shah, S. (2000). Enterprise Risk Management: An Analytic Approach. Tillinghast - Towers Perrin Monograph. Milliman (2011). Formalising risk appetite - a key element of enterprise risk management. Briefing Note, Milliman. Moeller, R. R. (2007). COSO Enterprise Risk Management. Understanding the new Integrated ERM Framework. New Jersey: John Wiley & Sons. MoR (2010). Management of Risk: Guidance for Practitioners (3rd Edition). OGC. Nocco, B. W., & Stulz, R. M. (2006). Enterprise risk management: Theory and practice. Journal of Applied Corporate Finance 18(4): pp. 8-20. Oracle. (2009). Risk Management: Protecting and Maximize Stakeholder Value. Oracle. Paape, L., & Speklé, R. (2012). The adoption and design of enterprise risk management practices: An empirical study. European Accounting Review 21(3): pp. 533-564. Protiviti (2010a). Making Your Risk Assessment Count: An Operational and a Compliance Perspective. The Bullettin Newsletters, 4(3): 1-4. Protiviti. Protiviti. (2010b). Integrating Risk Management with what matters. The Bulletin, Volume 4 Issue 1, Protiviti. Protiviti (2011). Risk Management: A look Back and a Look Forward. The Bulletin, Volume 4, Issue 6, April 11, 2011. Protiviti (2012). Risk Appetite Framework: uno strumento chiave di sostenibilità per il mondo finanziario. 1-4. Protiviti PwC (2008). A Practical Guide to Risk Assessment- How principles based Risk Assessment enables organizations to take the right risks. PriceWaterHouseCoopers. Risaliti, G. (2008). Gli Strumenti Finanziari Derivati nell' Economia Delle Aziende. Milano: Giuffrè Editore. Rittenberg, L., & Martens, F. (2012). Understanding and Communicating Risk Appetite. COSO - The Committee of Sponsoring Organisations of the Treadway Commission. Rochette, M. (2009). From risk management to ERM. Journal of Risk Management in Financial Institutions 2(4): pp. 394-408. Segal, S. (2011). Corporate Value of Enterprise Risk Management. The next step in business management. John Wiley & Sons. Shenkir, W. G., and Walker, P. L. (2008). Enterprise Risk Management: Tool and Techniques for Effective Implementation. Statements on Management Accounting. Montvale, NJ: Institute of Management Accountant (IMA). Shenkir, W. G., and Walker, P. L. (2011). Enterprise Risk Management: Frameworks, Elements and Integration. Montvale, NJ: Institute of Management Accountant (IMA). Vose, D. (2008). Risk Analysis: A quantitative Guide. John Wiley and Sons. Zurich & HBRAS (2012). Risk Management in a time of Global Uncertainty. Zurich & HBRAS, January 17, 2012. Delphi method References Barnes, J. L. (1987). An International study of curricular organizers for the study of technology. Unplished doctoral dissertation Virginia Polytechnic Institute and State University, Blacksburg, Virginia. Fitzsimmons, J. A. & Fitzsimmons, M. J. (eds) (2001). Service management:Operations, Strategy and Information Technology (4th Edition) Boston, McGraw-Hill. Hanafin, S. (2004). Review of literature on the Delphi Technique. Dublin, Ireland. Hsu, C. C., & Sandford, B. A. (2007). The Delphi Technique: Making Sense of Consensus. Practical Assessmente, Research & Evaluation, 12(10): pp. 1-8. Mitroff, I., and Turoff, M. (1975). Philosophical and methodological foundations of Delphi. In H. Linstone, and M. Turoff, The Delphi Method: Techniques and Applications (p. 17-35). Addison-Wesley. Okoli, C., & Pawlowski, S. D. (2004). The Delphi Method as a Research Tool: an example, design considerations and applications. Information and Management, 42, pp:15-29. Powell, C. (2003). The Delphi Technique: myths and realities. Journal of Advanced Nursing, 41(4): pp. 376-382. Rowe, G., & Wright, G. (1999). The Delphi Technique as a forecasting tool: Issues and analysis. International Journal of Forecasting, 15, pp:353-375. Sackman, H. (1975). Delphi Critique. Boston: Lexington Books. Skulmoski, G. J., Krahn, J., & Hartman, F. T. (2007). The Delphi Method for Graduation Research. Journal of Information Technology Education, 6, pp: 1-21. Sumsion T. (1998). The Delphi technique: an adaptive research tool. British Journal of Occupational Therapy 61(4), 153-156. Witkin, B. R., & Altschuld, J. W. (1995). Planning and conducting needs assessment: a practical guide. Thousand Oaks, CA: Sage Publications. |
| URI: | https://mpra.ub.uni-muenchen.de/id/eprint/45421 |
All papers reproduced by permission. Reproduction and distribution subject to the approval of the copyright owners.
 |
View Item |
