Abstract
Purpose
The purpose of this paper is to develop a theory of enterprise risk management (ERM).
Design/methodology/approach
The method is to develop a theory for ERM based on identifying the general risk management problems that it is supposed to solve and to apply the principle of deduction based on these premises.
Findings
ERM consists of risk governance, which is a set of mechanisms that deals with the agency problem of risk management and risk aggregation, which is a set of mechanisms that deals with the information problem of risk management.
Research limitations/implications
The theory, by identifying the central role of the Board of Directors, encourages further research into the capabilities and incentives of directors as determinants of ERM adoption. It also encourages research into how ERM adoption depends on proxies for agency problems of risk management, such as a decentralized company structure.
Practical implications
The theory encourages Boards of Directors to focus on understanding where the under and over management of risk are likely to be greatest, as opposed to the current practice of mapping a large number of risk factors.
Originality/value
The theory complements existing theory on corporate risk management, which revolves around the role of external frictions, by focusing on internal frictions in the firm that prevent effective risk management. It is the first work to delineate ERM vis-a-vis existing risk theory.
Subject
Business, Management and Accounting (miscellaneous)
Reference46 articles.
1. A stupidity-based theory of organizations;Journal of Management Studies,2012
2. Enterprise risk budgeting: bringing risk management into the financial planning process;Journal of Applied Finance,2009
3. Value and risk: enterprise risk management in Statoil,2015
4. On the need for rethinking current practice that highlights goal achievement risk in an enterprise context;Risk Analysis - An International Journal,2015
Cited by
24 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献