Enterprise risk management implementation : perceptions of risk practitioners in the South African mining industry

09 December 2013

M.Comm. (Financial Economics) / Enterprise risk management (ERM) is emerging as a risk management methodology that is seemingly superior to that of traditional, silo-based risk management. Although ERM implementation is on the increase, research into ERM is still limited. There is, for instance, a lack of clarity within the literature regarding which factors lead to companies embracing ERM, as well as a lack of consensus on ERM’s benefits. The purpose of this study was therefore to explore the drivers of ERM implementation, its inhibitors and enablers, the benefits that are realised through ERM, as well as the advantages and disadvantages associated with ERM as a risk management methodology. Data were gathered through semi-structured, face-to-face interviews with seven risk practitioners working in the South African mining industry. The study found that drivers of ERM implementation include regulatory pressure and compliance with corporate governance and listing requirements, but that there are other incentives. Inhibitors of ERM implementation include the large amount of managerial time needed, competition with other initiatives, resistance, and low initial buy-in levels, as well as a shortage of experienced ERM practitioners. Regarding ERM enablers, the design of the ERM framework is seen as critical, as is sound project discipline in planning and organising the implementation, along with visible support from executive and senior management, and ongoing training. Benefits derived through ERM include greater confidence that the company has a complete understanding of its risk profile, better decision-making, and improved tracking of risk mitigation. Disadvantages associated with ERM include the tendency of it being regarded as a corporate administrative function, subjectivity, and difficulty in aligning ERM to short- and medium-term priorities, as compared to longer-term strategic issues. This study makes a unique contribution to the existing body of knowledge on ERM by exploring the disadvantages associated with ERM as a risk management methodology. At a practical level and with reference to the South African mining industry, in particular, this study provides more clarity on the rationale for adopting ERM, as well as the challenges associated with implementing and sustaining ERM programmes. Recommendations are made with respect to ERM in practice, as well as for further research on ERM.

Enterprise risk management

Risk management

An investigation of the impact of psychology of leadership on effective enterprise risk management behaviour

Abdulldaim, Muneer Ali

January 2017

This research examined the psychology of leadership with respect to Enterprise Risk Management (ERM). ERM a risk management process that has been developed to enable organizations to minimize internal and external risks and exploit opportunities for gain. Despite the prevalence of several ERM frameworks for various kinds of risk, their implementation has been at best, partially effective. Given that the implementation of ERM's is the responsibility of senior management / leaders of organizations, it was assumed that one of the reasons for the faulty ERM implementation may be attributed to poor leadership. The literature indicated that the psychology of leadership related to implementation of risk management programmes refers to the ability to make rational decisions under condition of risk and uncertainty and the ability to influence others in the organizations to adopt and develop a risk management culture. However, the elements of a psychology of leadership that would lead to effective ERM implementation have been largely ignored in the literature. The gap in the literature this research attempts to bridge. The abductive pragmatic approach was used using qualitative and quantitative methods and primary and secondary data. The analysis of the secondary data led to the formulation of a framework containing various psychological factors related to decision making, leadership style and organisational culture. Qualitative data was collected through semi-structured interviews with 42 respondents from private organisations operating in the Saudi oil and gas sector, whilst quantitative data were gathered from 100 respondents from private organisations operating across various sectors in Saudi Arabia. The analysis of primary data collected from the empirical survey and the information gathered from the literature review corroborated all the factors identified in relation to decision making, leadership style and organisational culture. The key factors found to impact psychology of decision making included risk perception, psychometric paradigms, bias, culture, gender, emotion, decision-making style, attitude and protective zones. The factors impacting psychology of creating organisational culture of risk included leadership style, development, communication and appetite for monitoring risk, the development of an ethical organisation, role identification, the transformational leadership style and facilitation of the emergence of champions at all levels of the organisational hierarchy. One of the key findings of this research highlighted the occurrence of bias or heuristics that can impede rational decision making under condition of risk and uncertainty. The most important of these include representation, availability and anchoring, which can lead individuals to overestimate or underestimate the consequences of their decisions, and make decisions that do not lead to the desired outcomes from occurring. Another finding is the corporate environment in Saudi Arabia related to risk management. It was found that women in Saudi Arabia are more risk averse than their male counterparts. Findings suggest that this is the outcome of social prescriptions related to the role of women and indicate that steps must be taken to break down cultural barriers that prevent female participation in decision-making processes. In this connection, it was also found that in Saudi Arabia there is low tolerance for uncertainty and ambiguity, high tolerance for hierarchy, that values the community over the individual and that is more masculine than feminine in its worldviews. All of these have resulted in a risk averse management culture in Saudi Arabian organizations. It was also found that it is the transactional leadership style that is better suited to risk management activity than authoritarian, individualistic or transactional leaders. These finding are relevant as they constitute a framework or model of ERM implementation that may be used by any organization that seeks to effectively implement ERM frameworks. The leaders of these organizations can use this framework to understand the mental processes that they undergo when they have to make rational decisions under condition of risk and uncertainty as also how to leverage various psychological factors in creating an organizational culture of risk. The key limitation of this research is that it does not conduct statistical tests to explore positive and significant links between the various dimensions of the psychology of risk leadership and the benefits of an effective ERM implementation. The recommendations aims to help improve ERM implementation in Saudi Arabia and a future research for those interested in investigating the influence the psychology of leadership on ERM in a context of a particular sector.

Enterprise risk management and firm performance : developing risk management measurement in accounting practice

Sithipolvanichgul, Juthamon

January 2016

The current extremely volatile business world requires firms to deal with a wide range of risks that pose threats to their organisations. The poor practices of risk management, based on Traditional Risk Management (TRM), was cited time and time again in the aftermath of the recent Global Crisis. Enterprise Risk Management (ERM) has been advocated as a solution to the problems of TRM. The aim is to centralise the management of risk within the organisation and ensure that the board deals with the risk. Hence strategic, external, internal, operational, compliance and reputational risk are dealt with jointly. In doing so, it is expected that ERM will bring value creation to firms. One of the main limitations facing researchers is the lack of a good standardised measurement of ERM implementation; therefore, it has not been possible to establish whether ERM does actually bring benefit to firms. In addition, many companies have set up ERM initiatives, but they lack a clear understanding of the factors that will lead to successful ERM implementation. The remaining unanswered problematic situation has led to two unanswered questions that will determine whether the solution to ERM implementation is avoiding potential pitfalls and improving business sustainability. Firstly, does ERM implementation have an impact on firm performance? And secondly, which is the firm-specific characteristic that leads to better ERM implementation level? This thesis answers the aforementioned questions by proposing a reliable ERM measurement method, and then testing whether firms that adopt ERM actually improve financial performance and determine the influential factor of ERM implementation. The proposed method for measuring ERM implementation is based on the components developed from the current ERM frameworks, where contribution scoring can be standardised to measure ERM implementation level. To demonstrate its viability, data was collected from publicly listed firms in Thailand and was then compared to three alternative methodologies: cluster analysis (CA), principal component analysis (PCA) and partial least squares (PLS). The results show that the proposed method did well compared to the alternatives, both statistically and in prediction performance. The relationship between the proposed ERM measurement and firm performance is then considered by taking appropriate control variables into account, such as the firm’s size and characteristics, industry effects, sales growth and the external environment: technology, market uncertainty, as well as economic factors. By using data from the Thailand Stock Exchange, it was found that implementing ERM could improve firm performance in term of Tobin's Q, ROE and ROA. The results show that ERM and firm performance are related. For the influential factor of ERM implementation, the empirical results show that a firm’s size and economic factors have a statistically positive relationship with a high level of ERM implementation, while lower ERM scores show more revenue volatility than those who have well-implemented ERMs. Furthermore, technology and growth are positively related to each ERM in the scoring system considered.

658.15

An analysis of the effect of enterprise risk management maturity on shareholder value during the economic downturn of 2008-2010

Tillman, Philip Ian

11 August 2012

This research studies the effect of enterprise risk management (ERM) on financial indicators that effect the shareholder value of Johannesburg Stock Exchange (JSE) listed companies during the economic downturn of 2008 – 2010.Enterprise risk management is the organisational process of identifying risks that affect the company’s ability to achieve its objectives; the financial indicators that effect shareholder value include the publicly traded share price, the dividends paid out to shareholders, the volatility of the share price, earnings and the price to earnings (P/E) ratio of the organisation.The research data was gathered utilising an enterprise risk management maturity survey and publicly available company financial data.The data was analysed for correlations between the ERM principles and the financial data; the outcome shows that a correlation exists between a single ERM principle (risk architecture) and Shareholder value when an economic downturn occurs.This indicates that the structure of an organisation’s enterprise risk management process is the best indicator of shareholder value protection when and economic downturn occurs, and is more significant than the way an organisation executes its risk strategy or manages its risk protocols. / Dissertation (MBA)--University of Pretoria, 2012. / Gordon Institute of Business Science (GIBS) / unrestricted

UCTD

Shareholder value

Enterprise risk management

An evaluation of the risk culture at management level in a South African government organisation

Naidoo, Gonaseelan Soobramoney

January 2015

A strong risk culture is critical for any organisation to manage its risks. Recent reports from the Auditor-General about a South African government institution (Auditor General of South Africa, 2014) demonstrated that its risks were not being adequately mitigated. The purpose of the study reported on here has therefore been to put this judgement to the test and, because no recognised instrument could be found to evaluate the risk culture, an instrument was developed. Many of the risk culture assessment frameworks available have been developed by consulting companies which could be of value to organisations however this study chose to focus mainly on academic literature. In this descriptive study we used a focus group to identify the possible strengths and weaknesses of the prevailing risk culture, following which a questionnaire was designed and used to assess the current risk culture of the organisation. The results were used to evaluate the risk culture with the aim of proposing steps in which to embed a risk culture. We found that the existing risk culture does not contribute to this organisation’s capacity to manage its risks. We also found that managers in this organisation are not encouraged to take risks to achieve their objectives and employees are not held accountable for the management of risks. In agreement with previous studies which found that training in risk management is important, this study suggests that training should be compulsory for all senior management. This study also found that factors of tone at the top, accountability, communication, risk competence and risk capacity are critical to embed a risk culture in an organisation. This study contributes to the existing literature by suggesting ways in which a risk culture could be embedded in an organisation. The results of this research could be useful to organisations, boards, and risk committees.

Enterprise risk management

Risk culture

Embedding a risk culture

An evaluation of the risk culture at management level in a South African government organisation

Naidoo, Gonaseelan Soobramoney

January 2015

A strong risk culture is critical for any organisation to manage its risks. Recent reports from the Auditor-General about a South African government institution (Auditor General of South Africa, 2014) demonstrated that its risks were not being adequately mitigated. The purpose of the study reported on here has therefore been to put this judgement to the test and, because no recognised instrument could be found to evaluate the risk culture, an instrument was developed. Many of the risk culture assessment frameworks available have been developed by consulting companies which could be of value to organisations however this study chose to focus mainly on academic literature. In this descriptive study we used a focus group to identify the possible strengths and weaknesses of the prevailing risk culture, following which a questionnaire was designed and used to assess the current risk culture of the organisation. The results were used to evaluate the risk culture with the aim of proposing steps in which to embed a risk culture. We found that the existing risk culture does not contribute to this organisation’s capacity to manage its risks. We also found that managers in this organisation are not encouraged to take risks to achieve their objectives and employees are not held accountable for the management of risks. In agreement with previous studies which found that training in risk management is important, this study suggests that training should be compulsory for all senior management. This study also found that factors of tone at the top, accountability, communication, risk competence and risk capacity are critical to embed a risk culture in an organisation. This study contributes to the existing literature by suggesting ways in which a risk culture could be embedded in an organisation. The results of this research could be useful to organisations, boards, and risk committees.

Enterprise risk management

Risk culture

Embedding a risk culture

Improving SPAWAR PEO C4I organizational alignment to better enable enterprise technical risk management

Crosson, Steven C.

03 1900

Approved for public release; distribution is unlimited / This thesis examined how the Navy's Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) has performed enterprise risk management (ERM). Based on ERM literature, the study developed an analytical framework to assess PEO C4I's ERM practices against documented ERM best practices, including evaluating a new risk in terms of its impact on existing risks and ensuring risks are managed at the most detailed level possible. The thesis also utilized organizational alignment literature to include organizational alignment principles in the evaluation. Key principles include 1) every employee has the responsibility to manage risk and 2) multiple teams are able to manage a single risk. The resultant analytical framework was applied to PEO C4I and documented for application to other organizations. PEO C4I performed well in the areas of 1) evaluating risks in areas other than the originating program office and 2) providing the framework to elevate risks to leadership. PEO C4I could use improvement in cross-team risk coordination and development of enterprise models to provide context for enterprise risks. Recommended interventions focus on having more functional areas involved in risk mitigation and developing a common enterprise architecture to improve understanding of potential areas of risk. / Civilian, Department of the Navy

organizational alignment

enterprise risk management

DOD risk management

Att verka inom ramarna : riskhanteringsramverk samt Enterprise Risk Management

Melinder, Daniel, Jervelius, Mia

January 2007

<p>Den omgivning organisationer idag ställs inför blir alltmer krävande. En allt hårdare reglering, hot från nya teknologier, samt de företagsskandaler som härjat i media, har lett till att dagens organisationer ser på risk på ett nytt sätt. En utveckling som nyligen skett inom riskhantering är Enterprise Risk Management (ERM). Denna uppsats undersöker den roll ERM, och i synnerhet ett nyutvecklat ramverk som används för att implementera ERM, har i en organisations riskarbete. Ramverket, COSO:s ERM, består av åtta kontrollpunkter som enligt ramverket bör finnas i en organisation som utför sitt ERM-arbete på ett korrekt sätt.</p><p>Studiens syfte är att undersöka likheter och olikheter mellan en organisations riskarbete och COSO:s riskhanteringsramverk samt den teoribildning som skapats kring Enterprise Risk Management. En fallorganisation studerades med hjälp av intervjuer och analyseras efter förekomsten av ramverkets kontrollpunkter samt ERM-teori.</p><p>Författarna fann att ramverkets alla kontrollpunkter till viss mån kunde utläsas i fallorganisationens riskarbete, men inte fullt ut. Under varje punkt kunde element utläsas som var i likhet med ramverket, men även element där fallorganisationen arbetade annorlunda. De största olikheterna mot ramverket var att en integrering mellan riskaptit och strategisättning inte kunde utläsas, att fallorganisationen inte använde sig av ramverkets fyra målområden samt att kommunikationen av risk inte förmedlades ut i organisationen.</p><p>Förutom de olikheter som uppmärksammats anser författarna att fallorganisationen till stor del skapat ett riskarbete präglat av ERM. En implementering av COSO-ramverket skulle inte nödvändigtvis resultera i bättre riskhanteringsrutiner, men skulle däremot kunna bidra till en tydligare struktur i arbetet.</p>

COSO

ERM

Enterprise Risk Management

Riskhantering

ramverk

Business studies

Företagsekonomi

Att verka inom ramarna : riskhanteringsramverk samt Enterprise Risk Management

Melinder, Daniel, Jervelius, Mia

January 2007

Den omgivning organisationer idag ställs inför blir alltmer krävande. En allt hårdare reglering, hot från nya teknologier, samt de företagsskandaler som härjat i media, har lett till att dagens organisationer ser på risk på ett nytt sätt. En utveckling som nyligen skett inom riskhantering är Enterprise Risk Management (ERM). Denna uppsats undersöker den roll ERM, och i synnerhet ett nyutvecklat ramverk som används för att implementera ERM, har i en organisations riskarbete. Ramverket, COSO:s ERM, består av åtta kontrollpunkter som enligt ramverket bör finnas i en organisation som utför sitt ERM-arbete på ett korrekt sätt. Studiens syfte är att undersöka likheter och olikheter mellan en organisations riskarbete och COSO:s riskhanteringsramverk samt den teoribildning som skapats kring Enterprise Risk Management. En fallorganisation studerades med hjälp av intervjuer och analyseras efter förekomsten av ramverkets kontrollpunkter samt ERM-teori. Författarna fann att ramverkets alla kontrollpunkter till viss mån kunde utläsas i fallorganisationens riskarbete, men inte fullt ut. Under varje punkt kunde element utläsas som var i likhet med ramverket, men även element där fallorganisationen arbetade annorlunda. De största olikheterna mot ramverket var att en integrering mellan riskaptit och strategisättning inte kunde utläsas, att fallorganisationen inte använde sig av ramverkets fyra målområden samt att kommunikationen av risk inte förmedlades ut i organisationen. Förutom de olikheter som uppmärksammats anser författarna att fallorganisationen till stor del skapat ett riskarbete präglat av ERM. En implementering av COSO-ramverket skulle inte nödvändigtvis resultera i bättre riskhanteringsrutiner, men skulle däremot kunna bidra till en tydligare struktur i arbetet.

COSO

ERM

Enterprise Risk Management

Riskhantering

ramverk

Business studies

Företagsekonomi

L'impact de la Solvabilité II et de l'Enterprise Risk Management sur le pilotage des sociétés d'assurance / The Impact of Solvency II and Enterprise Risk Management on Insurance Companies’ Steering

Arias Arellano, Liliana

07 July 2015

L’implémentation de Solvabilité II constitue une révolution pour les sociétés d’assurance car elle entraine d’importants changements dans leurs pratiques de gestion. Plusieurs inquiétudes ont été soulevées quant aux impacts de la calibration de la formule standard sur les investissements des assureurs et l’économie en général. A cela s’ajoutent les exigences sur la gouvernance et la gestion des risques qui vont modifier la culture de risques des entreprises et qui vont encourager l’adoption d’une approche ERM. Cette thèse a donc pour objectif d’analyser les impacts des exigences de Solvabilité II et de l’ERM sur la gestion d’actifs et la gestion des risques des assureurs.Une première partie traite des effets potentiels de Solvabilité II sur les investissements obligataires. Nous analysons la pertinence du SCR obligataire et le comportement du couple rendement-SCR. Les résultats montrent que la mesure de risque réglementaire est globalement satisfaisante pour les obligations à faible risque mais qu’elle est surestimée (sous-estimée) en période d’absence de crise (en période de crise) pour les obligations à risque élevé. Nous montrons également que la calibration de Solvabilité II favorise les obligations à faible duration et notamment, les obligations high yield. Une deuxième partie porte sur les facteurs déterminants de l’état d’avancement de l’ERM et ses bénéfices. Notre principale contribution est la construction d’un indice continu sur l’ERM qui permet de déterminer l’état d’avancement de l’ERM pour les assureurs. Nos résultats montrent que le statut de mutuelle, la taille de l’assureur et sa localisation géographique influencent l’état d’avancement de l’ERM, et qu’une relation positive et significative existe entre l’état d’avancement de l’ERM et la rentabilité des assureurs. / Solvency II implementation constitutes a revolution for insurance companies because it leads to major changes their management practices. Solvency II propositions have thus become a major concern for the insurance sector, especially regarding the potential impact of the standard formula on insurers’ investments and on the economy. Aditionnally, Solvency II governance and risk management principles will modify insurers’ risk management culture and will encourage them to adopt ERM practices. This thesis analyses the impact of Solvency II requirements and ERM on insurer’s management practices.A first analysis focuses on the effects of Solvency II calibration on insurance companies’ bond investments. We analyse the adequacy of bond SCR and the behaviour of the return-SCR couple. The results show that the regulatory risk measure for low risk bonds is overall adequate, but that it is overestimated (underestimated) for high risk bonds in non-crisis periods (in crisis periods). We also show that Solvency II calibration encourages investments in low duration bonds and especially high yield bonds. A second analysis focuses on understanding the determinants of ERM adoption and its benefits. Our main contribution is the creation of a continuous ERM index that measures the level of development of insurance companies’ ERM program. We conclude that insurers’ mutual status, size, and geographical location are determinants of ERM state of progress and that there is a positive and significant relationship between ERM state of progress and companies’ profitability.

Solvabilité II

Enterprise Risk Management

Assurance

Gestion Obligataire

Capital Requis

Régulation

Value-at-Risk

Gestion des risques

Solvency II

Enterprise Risk Management

Insurance

Bond Management

Capital

650