Next Article in Journal
The Effect and Impact of Signals on Investing Decisions in Reward-Based Crowdfunding: A Comparative Study of China and the United Kingdom
Next Article in Special Issue
The Role of ERM and Corporate Governance in Managing COVID-19 Impacts: SMEs Perspective
Previous Article in Journal
The Impact of Credit Constraints on International Quality and Environmental Certifications: Evidence from Survey Data
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JRFM
Volume 13
Issue 12
10.3390/jrfm13120323
jrfm-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

The Challenges and Opportunities for ERM Post-COVID-19: Agendas for Future Research

by
Don Pagach
1 and
Monika Wieczorek-Kosmala
2,*
1
Poole College of Management, North Carolina State University, Raleigh, NC 27695, USA
2
College of Finance, University of Economics in Katowice, 1 Maja 50, 40-287 Katowice, Poland
*
Author to whom correspondence should be addressed.
J. Risk Financial Manag. 2020, 13(12), 323; https://doi.org/10.3390/jrfm13120323
Submission received: 21 November 2020 / Revised: 10 December 2020 / Accepted: 14 December 2020 / Published: 16 December 2020
(This article belongs to the Special Issue The Challenges and Opportunities for ERM Post-COVID-19)
Browse Figures
Versions Notes

Abstract

:
In this paper, we examine the impact that COVID-19 has had on enterprise risk management (ERM). Guided by the origins and philosophy of ERM, we suggest an agenda for future research on ERM in a “post-COVID-19” reality, by addressing its integrated, strategic, and value-enhancing orientation. To guide future research endeavors in ERM, which is still an evolving discipline, we present topics that would benefit from additional research attention within both risk identification and analysis, as well as the strategic dimension of ERM.

1. Introduction

Pandemic risk has been long recognized as a focus of risk management in practice; however, the COVID-19 pandemic has shown that generic pandemic risk was underestimated in both magnitude and dimension. Enterprise risk management’s (ERM) role is to evaluate and define the risks that may affect the organization’s success in achieving its strategic objectives. ERM does this by helping the board and managers understand the organization’s risk appetite, identify risks, assess the risks impacts, develop a risk response, and finally communicate and monitor the risks. Ultimately, ERM is responsible for helping boards and management create, preserve, and realize value. COVID-19 has shown that pandemic consequences are difficult to reliably estimate and the persistence is difficult to define. In this respect, pandemic risk should be perceived in terms of a severe threat to an entity’s overall strategic objectives and suggests that many organizations’ risk management approaches may need substantial reexamination.
Not surprisingly, the COVID-19 pandemic has become a focus for risk management professionals and will likely remain the focus of businesses, governments, and academics, as it has caused challenges and stresses for ERM. A major question to be examined is whether organizations that viewed ERM as part of their strategic initiative can use ERM processes and methodologies to safeguard enterprise aspirations, capital, and performance while reducing variability in these measures.
The concept of ERM is a relatively recent phenomena, with an evolving research agenda. As highlighted recently by Anton and Nucu (2020), the COVID-19 impacts emerge as a relevant gap that needs to be addressed by the ERM-related literature. Thus, in this paper we conceptually identify the main challenges for ERM in a “post-COVID-19” reality. As the ERM philosophy calls for an integration of strategic oriented and value-enhancing processes for identifying, assessing, and managing risk, we develop suggestions for future research endeavors within these aspects. Facing the current stage of the ERM-literature development, our study will add to the emerging discussion on enterprise risk management in a pandemic environment.
In Section 2, we briefly discuss the main features of pandemic risk and we address the specific features of the COVID-19 pandemic. In Section 3, we provide an overview of the ERM process and identify the related challenges and opportunities for ERM in a “post-COVID-19 world”. In Section 4 we conclude, by suggesting areas for future research.

2. The Features of Pandemic Risk

Over 100 years ago, the world was threatened by the Spanish Flu Influenza pandemic, which resulted in approximately 500 million infections and an estimated 50 to 100 million deaths (Madhav et al. 2017). Following the three waves of the Spanish Flu influenza, the world experienced a notable economic downturn, in which developed countries’ per capita GDP is assumed to have decreased by approximately 6% on average (Barro et al. 2020). The incidents of an influenza pandemic repeated in 1957 (Asian Flu) and 1968 (Hong Kong Flu). In this millennium, the most threatening incidents have been the SARS outbreak in 2003, the “Swine flu” influenza in 2009, the MERS coronavirus outbreak in 2012, the Zika virus in 2015, and the Ebola virus in 2018 (Madhav et al. 2017; Broekhoven et al. 2006). However, the COVID-19 outbreak is unprecedented compared to the outbreaks that have occurred since the 1918 Spanish Flu influenza in both global reach and number of infections. Driven by the urgent need to stop the spread of the disease, severe restrictions on movement and association have been implemented globally. Lock downs, social distancing requirements, border closures, travel restrictions, and bans on mass events have all severely affected economies and communities. According to WHO (2020), as of 10th of December 2020, the number of people confirmed with COVID-19 exceeded 68 million, with the number of victims of more than 1.5 million, as shown in Figure 1. In addition, economists at the International Monetary Foundation (IMF) predicted that the virus would result in 2020 global growth decreasing significantly, from a pre-COVID-19 forecast of 3.4% growth to a post-COVID-19 forecast of a contraction of almost 5% (Jackson et al. 2020). As of the end of 2020, there are still questions about the nature of the virus, the evolution of the pandemic, as well as effective medical treatments and the timeline of possible vaccines.
As a result of the smaller virus and flu outbreaks from 2000 to 2015, many members of the global risk management community were aware of the severity of the possible consequences of a global pandemic outbreak. In particular, the SARS and swine flu pandemics created the necessary impetus for discussion on organizations’ abilities to properly identify and assess the risk of a pandemic, as well as managing its consequences (Trock et al. 2015; Jonas 2014; Verikios et al. 2016; Broekhoven et al. 2006). In addition, while many view the COVID-19 pandemic as a black swan event, there were notable voices stating that the world is inadequately prepared for a major global pandemic that may potentially strike again (Fan et al. 2018). Moreover, the analysis of the overall consequences of the pandemic needs to address the interplay of social (loss of lives) and economic consequences (loss of income, expenditures made to prepare and recover from pandemic) (Fan et al. 2018; Jonas 2014; Prager et al. 2017; Keogh-Brown et al. 2010; Estrada et al. 2016; Baumgart et al. 2007; Woolnought and Kramer 2007).
Jonas (2014) discusses in detail the most relevant characteristics of pandemic risk, by referring to prior epidemic and pandemic incidents. In general, although the hazard (infectious pathogen) is natural, the pandemic risk shall be classified as a man-made disaster, as human actions are relevant for controlling the spread of the disease. If these actions are ineffective, the epidemic escalates into a pandemic. COVID-19 is particularly difficult in this context, as this pathogen is easily transmissible.
The first dimension of human activities relevant for controlling the contagion are the actions initiated by authorities, in particular the nature and timelines of the restrictions in response to the spread of the disease. However, equally relevant actions are the effective procedures of detection, contact tracing, and diagnosis of infections. The authorities are also responsible for communication, building public trust, and enhancement of preparedness, which is extremely relevant to the second dimension of human actions, on the individual level. The behavior of the individuals, driven by the understanding of the pandemic threat seems essential for controlling the escalation of infections.
The second relevant feature of pandemic risk is its cascading nature related to the development and transmission of health risk into other types of risk (Jonas 2014). From the economic perspective, the first risk that emerges shortly after the pandemic outbreak is related to the insufficient labor supply. The restrictions imposed shortly after the COVID-19 outbreak have generated further shocks; in particular, loss of customers and supply chain disruptions, which has led to the dramatic business discontinuities. The fragile business climate ultimately results in the disruptions in capital flow, as related to the transmissions of shocks in the financial system. Jonas (2014) explained this mechanism with the example of the SARS outbreak (2003), and which suggests that the COVID-19 pandemic will result in a greater degree of economic downturn. Moreover, globalization and interconnectedness of economies amplifies the cascading consequences of the pandemic.
The unique characteristics of the COVID-19 pandemic can also be addressed using risk analysis. Commonly, the impact of risk is analyzed with reference to the probability of risk occurrence and the severity of its consequences (Aven 2016). Going beyond this view, Renn (2008) suggested consideration of other dimensions of risk relevant for analysis: risk ubiquity (geographic dispersion of damage), risk persistence (temporal extension of potential damage), and risk reversibility (resilience and recovery capabilities). First, Renn (2008) classified pandemic risk as an indecisive risk probability (as we have limited ability to capture the chance of its occurrence) but defined it as severe when considering the extent of the damage in terms of the number of fatalities. Following Jonas (2014), the severity of the COVID-19 pandemic must be considered by the transmission of health consequences into economic and societal consequences. If we consider risk ubiquity, COVID-19 has affected the whole globe in a relatively short period of time. As presented in Figure 2, since the confirmation of first infections on 31 December 2020 in Wuhan, China, to the end of April 2020, almost the entire global community was under some form of government-mandated lock down. The system intervention measures and restrictions, imposed to stop the spread of the disease, were believed needed to ensure the sufficiency of healthcare systems. However, such interventions and restrictions prolong the duration of pandemic and its persistence, as explained by Linkov and Trump (2019), using the example of the Ebola virus. Moreover, as of October 2020, our knowledge of COVID-19, while increasing, is still limited and thus we are unable to predict further escalation of the disease and its ultimate duration. Finally, the cascading consequences of COVID-19 in economic dimensions, as amplified by the globalization and interconnectedness of economies, lead to a questioning of the timing and recoverability from COVID-19 pandemic consequences. As we observed shortly after the pandemic outbreak in Europe or in the United States, the imposed restrictions resulted in the severe operating disruptions of numerous businesses and sectors. The possible bankruptcy waves and increase in structural unemployment, as well as the anxiety of the business community and financial sector, may result in further consequences driven by the economic downturn.

3. ERM and Pandemic Risk and Suggestions for Further Research

3.1. ERM Concept: Origins and Philosophy

Risk management has been practiced by organizations for centuries; however, in most cases it was considered only in a narrow context with reference to risky events that could be addressed through the transference of risk through insurance. In the 1970s and 1980s, the risk management discipline was mostly focused on financial risk management coinciding with the emergence and increased use of financial derivatives (Crockford 1982; Kloman 2010; Dionne 2013). During this time, organizations managed risks mostly within the business unit or silo in which the risk resided—credit risk within finance and treasury, customer loyalty and retention within sales, employee succession risk within human resources, etc. In the mid-1990s, the risk management concept evolved further toward an integrative, holistic dimension, which proposed the management of the portfolio of risks across the whole enterprise (Bromiley et al. 2015). In this context, the term ERM (enterprise-wide risk management) was created, to distinguish between this broadened view, as opposed to the previous narrow silo view, often referred to as traditional risk management (Dickinson 2001; Hoyt and Liebenberg 2011).
The organizational practice of ERM is still relatively new, with a limited but growing number of academic works examining its adoption, implementation, and consequences (Beasley et al. 2015; McShane 2018; Anton and Nucu 2020). Organizational use of ERM began in the late 1990s to early 2000s, starting with the insurance industry. However, there is no framework or standard setting organizational mandating of ERM. In 2003, the Casualty Actuarial Society’s issued its Overview of Enterprise Risk Management (CAS 2003) that outlines best practices principles for designing and implementing an effective ERM process. Additional frameworks have been developed by other organizations, such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO 2004, 2017) and its Enterprise Risk Management—Integrated Framework, the International Organization for Standardization’s ISO 31000—Risk Management—Principles and Guidelines (ISO 31000:2009 2009), the United Kingdom’s Corporate Governance Code (UK 2012), Australia/New Zealand’s 4360 Risk Management1 standard (AS/NZS 2004), and Tillinghast-Tower Perrin’s Enterprise Risk Management: An Analytic Approach (Miccolis and Shah 2000). However, these frameworks only provide guidance to organizations and do not require a specific version of ERM be implemented.
The existing ERM definitions highlight the evolutionary context of ERM (Mikes and Kaplan 2015) and its strategic orientation, designed to identify and manage the portfolio of risk (threats and opportunities), to assure the achievement of an organization’s objectives (see e.g., definitions provided by Beasley et al. 2015, Lundqvist 2014, or Ai et al. 2012).
The board risk oversight and comprehensiveness of ERM are also sub-components of rating evaluations (e.g., Standard and Poor’s 2008, 2012). However, there is growing evidence that organizations do not adopt ERM solely to comply with regulatory pressure, but to enjoy its direct economic benefits (Pagach and Warr 2011). The positive association between firm performance and ERM implementation has been confirmed by numerous empirical works (e.g., Smithson and Simkins 2005; Gordon et al. 2009; Hoyt and Liebenberg 2011; Baxter et al. 2013; Farrell and Gallagher 2015; Bromiley and Rau 2016; Florio and Leoni 2017).
In practical terms, the evolution of ERM was emboldened by how some organizations were able to use the ERM process of risk identification, assessment, response, and monitoring to weather risks associated with corporate scandals (e.g., Enron collapse in 2002) or as a consequence of natural catastrophes (Beasley et al. 2015; McShane 2018). Thus, the ERM framework is greatly concerned with the alignment of risk management with corporate governance strategies, with specific attention to the definition of risk appetite and board risk oversight (Beretta 2019; Beasley et al. 2015).
As an on-going process, ERM has several interrelated stages (Falkner and Hiebl 2015; ISO 31000:2018 2018). It begins with the identification of risk, that is directed toward the consideration of the threats and opportunities that could affect the organization’s performance. Next, the assessment of risk is performed, with the assessment of probability (frequency of occurrence) and severity (the consequences, as the possible damage caused) of the previously identified risks (Bromiley and Rau 2016). The results of risk assessment are essential for the next stage of the process, which is the decision on the best risk treatment methods to be used (often the compilation of methods). The spectrum of the possible treatments is summarized by Hopkin’s (2015) proposal, which distinguished between the decision to: (i) tolerate (accept/retain), (ii) treat (control/reduce), (iii) transfer (insure/contract), or (iv) terminate (avoid/eliminate). The actions taken within the ERM process shall be constantly monitored and reviewed, as well as communicated and reported internally and to the stakeholders. The stages of the ERM process, according to the ISO framework, are presented in Figure 3. With reference to these stages, we list the most relevant post-COVID-19 ERM challenges in the next section.

3.2. ERM Post-COVID-19

Undoubtedly, with its unique features, the COVID-19 pandemic is an example of a tail-risk that has materialized and has a potential to impact ERM systems on an unprecedented scale. In response to the crisis caused by COVID-19, organizations across the globe have examined their risk identification, analysis, and evaluation processes in order better respond to continuing and new risks, communicate to stakeholders, and better connect risk management with strategy. In addition, the crisis has underscored the importance of treating ERM not just as a required regulatory requirement but as part of the strategic process that generates value for an organization.
The initial response to the pandemic may be more in the form of short-term actions to stabilize the organization and see it through the initial crisis. Smith et al. (2020) suggest that organizations adopt a three-phased response to the current crisis, involving first a rapid response to urgent pandemic needs, then shifting resources to ensure stabilization and then finally implementing changes to ensure long-term success. The initial response requires ensuring that employees and others are safe, and that the organization has a way to communicate critical policies and information to stakeholders. In the second phase, there is evaluation of risks, assurance of compliance with emerging safety and legal protocols, and an examination of risk recurrence. In the final phase of response, an organization should examine and implement changes to ensure sustainability and continued success of the organization. It is this third phase that is the focus of this Special Issue.
An initial response that organizations should take in the third phase is an examination of their risk identification process. Methods to identify risks are a fundamental part of implementing ERM. In addition, one of the most important aspects of an effective and mature ERM process is the ability to understand and manage tail events (Dardis et al. 2020). Many organizations were surprised by the depth and severity that the pandemic has had on their organizations. Given this, it is important that organizations examine scenarios that depict the type of scenario the world is currently facing in terms of concurrent pandemic predicaments resulting from demographic, economic, operational, and strategic risks. In this context, examining ERM from a strategic lens is required. This requires examining risk scenarios with a special focus on how the organizations’ most valuable assets and value drivers are affected, so that in future crises these value drivers can be maintained to sustain the organizations’ viability.
A second important activity that must take place is an analysis of risks facing an organization. The development of risk assessment tools and how the value drivers of the organization are affected under various scenarios is the establishment of “what-if” scenarios. In addition, an investigation of the models that the organization is using to assess and analyze risks should be undertaken; are the inputs reasonable? Are the interactions too simple or too complex? Are the outputs consistent with the current economy and organization strategy?
With respect to risk identification and risk analysis, we believe that the following areas of research would provide insight into how ERM can be more effective in a post-COVID-19 environment:
  • How have organizations identified, assessed, and evaluated the risks associated with pandemics, such as COVID-19 and the derivative risks caused by pandemic?
  • What has been the role of ERM in identifying and monitoring specific high-impact low-probability risks? Did organizations with more mature ERM processes fare better in identifying the pandemic risk?
  • What methodologies might organizations use or have used to consider and monitor long-term trends and the risks that they pose? Which methodologies are best practices?
  • What additional challenges has COVID-19 brought to ERM? What new risk management methods and risk response strategies could help firms better endure COVID-19 disruptions in operating activity?
A third important ERM activity that organizations should undertake within the third phase is an assessment of risk strategy. A critical outcome for organizations and ERM personnel will be to use momentum from their crisis responses to strengthen the foundation, framework, and strategy for enterprise risk management, including formal resilience principles (Smith et al. 2020). Boards of directors have a duty to exercise oversight and monitor the corporation’s operational viability, legal compliance, and financial performance. Directors should regularly monitor the impact that COVID-19 is having on the organization’s operations, understand how management is assessing the impact, and think through the acceptability of managers’ response to the pandemic. Communication of this information should come in both the management discussion and analysis (MD&A), as well as risk factors (Item 1A for SEC filers). In this sense, the ERM process can be strengthened through communication and the further establishment of a risk culture. In both cases, the CRO will play an important role in providing information and reports to the board and management, ultimately strengthening the ERM organization and its centralized role. As Deans (2020) states, many risk managers have essentially acted as compliance managers and now must play a key role in crisis management and business continuity.
Examining the role of the CRO and communication, we believe that the following areas of research would provide insight into how ERM can be more effective in a post-COVID-19 environment:
  • How have the effects of COVID-19 been disclosed and communicated?
  • Have organizations that disclosed pandemic risk factors better responded and prevailed during the COVID-19 pandemic?
  • How can ERM provide better risk reporting and communication during a crisis?
  • Have organizations’ disclosure processes adequately identified COVID-19 issues that may arise and ensured that this information is disclosed?
In addition, organizations should examine the importance that aspects of an organization’s culture have on an organization’s ERM maturity and sophistication. This is especially true given the role of culture and its foundational relation to effective ERM. In fact, COSO’s (2017) ERM Framework emphasizes the role of culture in supporting effective ERM:
Enterprise risk management is defined as “The culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating preserving, and realizing value”.
(COSO 2017, p. 10)
With respect to risk strategy, we believe that the following areas of research would provide insight into how ERM can be more effective in a post-COVID-19 environment:
  • What role did the importance of ERM maturity play in understanding and responding to COVID-19 risk?
  • What is the role of culture in implementing a successful ERM response to COVID-19?
  • What is the role of ERM in providing a framework for organizations to understand the effect that the COVID-19 pandemic has in transforming inherent risks?
  • What is the extent of COVID-19 pandemic impacts on the redefinition of risk appetite strategies?
  • What is the role of ERM in responding to COVID-19 challenges, development of new risk management methods, and new risk response strategies in response to continued disruptions in operating activity?

4. Conclusions

As we near the completion of 2020, we know that the global COVID-19 pandemic has created new and important challenges for the contemporary evolution of ERM. In this paper we have discussed these challenges, by referring to ERM philosophy and its strategic orientation. In addition, we have identified several broad areas of concern that would benefit from additional examination in future discussions. In this respect, our paper offers a map of possible research endeavors that may potentially fill in the emerging research gap on the role of ERM in responding to COVID-19 pandemic impacts, as identified recently by Anton and Nucu (2020).
In the risk identification and risk analysis dimension, there is a need to address the ability to understand and manage pandemics as a tail event, as well as to develop the reasonable scenarios for dealing with these types of risk events in the future. Moreover, future research endeavors should address the challenges within the available risk response strategies to COVID-19 disruptions, as well as the emergence and applicability of new risk management methods.
As a second relevant agenda for future research, we identified the role that ERM and the CRO play in communicating risk information to the board, management, and stakeholders. Disclosure is critical to a company’s ability to help users discern the impact that risks and developments related to the COVID-19 pandemic may have on the company and its business, financial condition, and results of operations.
A final relevant agenda for future research we identified is the role that ERM has in organizations’ strategic process, in which ERM culture, maturity, and sophistication play a significant role. An effective response to COVID-19 consequences and the enhancement of resilience strategies require an examination of the role of ERM in crisis management. An effective ERM function focused on governance and culture and which helps the organization align risk management with strategy will aid the organization in identifying opportunities that may be missed. As a result, existing industries and processes will be transformed as risks change and evolve, creating significant transformation.

Author Contributions

D.P. and M.W.-K. contributed equally to conceptualization and writing. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Acknowledgments

We gratefully acknowledge insightful comments provided by the reviewers.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Ai, Jing, Patrick L. Brockett, William W. Cooper, and Linda L. Golden. 2012. Enterprise risk management through strategic allocation of capital. Journal of Risk and Insurance 79: 29–56. [Google Scholar] [CrossRef]
  2. Anton, Sorin Gabriel, and Anca Elena Afloarei Nucu. 2020. Enterprise Risk Management: A Literature Review and Agenda for Future Research. Journal of Risk and Financial Management 12: 281. [Google Scholar] [CrossRef]
  3. AS/NZS. 2004. Australia/New Zealand’s 4360 Risk Management Standard; Sydney: Standards Australia International Ltd., Wellington: Standards New Zealand. Available online: http://mkidn.gov.pl/media/docs/pol_obronna/20150309_3-NZ-AUST-2004.pdf (accessed on 15 December 2020).
  4. Aven, Tierie. 2016. Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research 253: 1–13. [Google Scholar] [CrossRef] [Green Version]
  5. Barro, Robert, Jose Ursúa, and Joanna Weng. 2020. The Coronavirus and the Great Influenza Pandemic: Lessons from the “Spanish Flu” for the Coronavirus’s Potential Effects on Mortality and Economic Activity. NBER Working Paper No. 26866 March 2020, Revised April 2020. Available online: https://www.nber.org/papers/w26866 (accessed on 20 October 2020).
  6. Baumgart, Claus, Robert Lempertseder, Ashutosh Riswadkar, Keith Woolnough, and Manuela Zweimüller. 2007. Influenza Pandemics. CRO Briefing, Emerging Risks Initiative—Position Paper. Available online: https://www.thecroforum.org/wp-content/uploads/2012/10/cro_pandemie_final-2.pdf (accessed on 20 October 2020).
  7. Baxter, Ryan, Jean Bedard, Rani Hoitash, and Ari Yezegel. 2013. Enterprise risk management program quality: Determinants, value relevance, and the financial crisis. Contemporary Accounting Research 30: 1264–95. [Google Scholar] [CrossRef]
  8. Beasley, Mark, Bruce Branson, and Don Pagach. 2015. An analysis of the maturity and strategic impact of investments in ERM. Journal of Accounting and Public Policy 34: 2019–243. [Google Scholar] [CrossRef]
  9. Beretta, Sergio. 2019. Directors’ Duties and Risk Governance. In Multiple Perspectives in Risk and Risk Management. Edited by Philip Linsley, Philip Shrives and Monika Wieczorek-Kosmala. Berlin/Heidelberg: Springer. [Google Scholar] [CrossRef]
  10. Broekhoven, Henk, Erik Alm, Tapani Tuominen, Anni Hellman, and Wojciech Dziworski. 2006. Actuarial Reflections on Pandemic Risk and Its Consequences. Report of the European Actuarial Consultation Group. Available online: https://actuary.eu/documents/pandemics_web.pdf (accessed on 20 October 2020).
  11. Bromiley, Philip, and Devaki Rau. 2016. A better way of managing major risks: strategic risks management. IESE Insight 28: 15–22. [Google Scholar] [CrossRef]
  12. Bromiley, Philip, Michael McShane, Anil Nair, and Elzotbek Rustambekov. 2015. Enterprise risk management: Review, Critique and Research Directions. Long Range Planning 48: 265–76. [Google Scholar] [CrossRef] [Green Version]
  13. CAS. 2003. Overview of Enterprise Risk Management. Arlington County: Casualty Actuarial Society. [Google Scholar]
  14. COSO. 2004. Enterprise Risk Management-Integrated Framework. New York: Committee of Sponsoring Organizations of the Treadway Commission (COSO). [Google Scholar]
  15. COSO. 2017. Enterprise Risk Management—Integrating with Strategy and Performance. New York: Committee of Sponsoring Organizations of the Treadway Commission (COSO). [Google Scholar]
  16. Crockford, G. Neil. 1982. The Bibliography and History of Risk Management: Some Preliminary Observations. The Geneva Papers on Risk and Insurance 7: 169–79. [Google Scholar] [CrossRef] [Green Version]
  17. Dardis, Tony, Chloe Lau, and Ariel Weis. 2020. COVID-19 and Enterprise Risk Management. Milliman White Paper, 30 March 2020. Available online: https://www.milliman.com/en/insight/covid-19-and-enterprise-risk-management (accessed on 15 November 2020).
  18. Deans, Peter. 2020. The Big COVID-19 Blind Spot: Lack of Risk Management Is Leaving Us Wanting, 24 April 2020. Available online: https://singularityhub.com/2020/04/24/the-big-covid-19-blind-spot-lack-of-risk-management-is-leaving-us-wanting/ (accessed on 20 October 2020).
  19. Dickinson, Gerry. 2001. Enterprise risk management: Its origins and conceptual foundations. The Geneva Papers on Risk and Insurance—Issues and Practice 26: 360–66. [Google Scholar] [CrossRef]
  20. Dionne, Georges. 2013. Risk Management: History, Definition and Critique. Risk Management and Insurance Review 16: 147–66. [Google Scholar] [CrossRef] [Green Version]
  21. Estrada, Rachel, Andrew Griffith, Colbye Prim, and Jeongsu Sinn. 2016. Pandemics in a Changing Climate—Evolving Risk and the Global Response. Zurich: Swiss Re, Available online: https://www.swissre.com/dam/jcr:552d59b2-76c6-4626-a91a-75b0ed58927e/Pandemics_in_a_changing_climate_Full_report_FINAL.pdf (accessed on 15 November 2020).
  22. Falkner, Eva M., and Martin R. W. Hiebl. 2015. Risk management in SMEs: A systematic review of the available evidence. The Journal of Risk Finance 16: 122–44. [Google Scholar] [CrossRef]
  23. Fan, Victoria Y., Dean T. Jamison, and Lawrence H. Summers. 2018. Pandemic risk: How large are the expected losses? Bulletin of the World Health Organisation 96: 129–34. [Google Scholar] [CrossRef] [PubMed]
  24. Farrell, Mark, and Ronan Gallagher. 2015. The valuation implications of enterprise risk management maturity. Journal of Risk and Insurance 82: 625–57. [Google Scholar] [CrossRef]
  25. Florio, Cristina, and Giulia Leoni. 2017. Enterprise risk management and firm performance: The Italian case. The British Accounting Review 49: 56–74. [Google Scholar] [CrossRef]
  26. Gordon, Lawrence A., Martin P. Loeb, and Chih-Yang Tseng. 2009. Enterprise risk management and firm performance: A contingency perspective. Journal of Accounting and Public Policy 28: 301–27. [Google Scholar] [CrossRef]
  27. Hopkin, Paul. 2015. Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management, 3rd ed. London: Kogan Page. [Google Scholar]
  28. Hoyt, Robert E., and Andre P. Liebenberg. 2011. The value of enterprise risk management. Journal of Risk and Insurance 78: 795–822. [Google Scholar] [CrossRef]
  29. ISO 31000:2009. 2009. Risk Management—Principles and Guidelines. Geneva: The International Organization for Standardization, Available online: www.iso.org/iso/home/standards/iso31000.html (accessed on 20 October 2020).
  30. ISO 31000:2018. 2018. Risk Management—Guidelines. Geneva: The International Organization for Standardization, Available online: https://www.iso.org/standard/65694.html (accessed on 20 October 2020).
  31. Jackson, James, Martin A. Weiss, Andreas Schwarzenberg, Rebecca Nelson, Karen Sutter, and Michael Sutherland. 2020. Global Economic Effects of COVID-19, Congressional Research Service, Report No. R46270, Updated 21 August 2020. Available online: https://fas.org/sgp/crs/row/R46270.pdf (accessed on 20 October 2020).
  32. Jonas, Olga B. 2014. Pandemic Risk. World Development Report, The World Bank. Available online: https://www.worldbank.org/content/dam/Worldbank/document/HDN/Health/WDR14_bp_Pandemic_Risk_Jonas.pdf (accessed on 5 June 2020).
  33. Keogh-Brown, Marcus R., Richard D. Smith, John W. Edmunds, and Philippe Beutels. 2010. The macroeconomic impact of pandemic influenza: Estimates from models of the United Kingdom, France, Belgium and The Netherlands. European Health Economics 11: 543–54. [Google Scholar] [CrossRef]
  34. Kloman, Felix H. 2010. A Brief History of Risk Management. In Enterprise Risk Management. Today’s Leading Research and Best Practices for Tomorrow’s Executives. New York: John Wiley & Sons. [Google Scholar]
  35. Linkov, Igor, and Benjamin Trump. 2019. The Science and Practice of Resilience. Cham: Springer. [Google Scholar] [CrossRef]
  36. Lundqvist, Sara A. 2014. An exploratory study of enterprise risk management: pillars of ERM. Journal of Accounting, Auditing and Finance 29: 393–429. [Google Scholar] [CrossRef]
  37. Madhav, Nita, Ben Oppenheim, Mark Gallivan, Prime Mulembakani, Edward Rubin, and Nathan Wolfe. 2017. Pandemics: Risks, impacts, and mitigation. In Disease Control Priorities. Improving Health and Reducing Poverty. Edited by Jamison Dean, Gelband Hellen, Horton Susan, Jha Prabhat, Laxminarayan Ramanan, Mock Charkes and Rachel Nugent. Washington, DC: World Bank Group, vol. 9, pp. 315–45. [Google Scholar] [CrossRef] [Green Version]
  38. McShane, Michael. 2018. Enterprise risk management: history and a design science proposal. The Journal of Risk Finance 19: 137–53. [Google Scholar] [CrossRef]
  39. Miccolis, Jerry, and Samir Shah. 2000. Enterprise Risk Management: An Analytic Approach. Tillinghast-Towers Perrin. Available online: https://www.irmi.com/docs/default-source/expert-commentary-documents/miccolis05a.pdf?sfvrsn=4 (accessed on 5 June 2020).
  40. Mikes, Anette, and Robert S. Kaplan. 2015. When one size doesn’t fit all: Evolving directions in the research and practice of enterprise risk management. Journal of Applied Corporate Finance 27: 37–41. [Google Scholar] [CrossRef]
  41. Pagach, Don, and Richard Warr. 2011. The characteristics of firms that hire chief risk officers. Journal of Risk and Insurance 78: 185–211. [Google Scholar] [CrossRef]
  42. Prager, Fynnwin, Dan Wei, and Adam Rose. 2017. Total Economic Consequences of an Influenza Outbreak in the United States. Risk Analysis 37: 4–19. [Google Scholar] [CrossRef] [PubMed]
  43. Renn, Ortwin. 2008. Concepts of Risk: An interdisciplinary review. Part 2: Integrative Approaches. GAIA 17: 196–204. [Google Scholar] [CrossRef]
  44. Smith, Lee, Anne Pifer, and Adam Fennel. 2020. Higher Education COVID-19 Response: Enterprise Risk Management. Huron Consulting Group. Available online: https://www.huronconsultinggroup.com/insights/enterprise-risk-management (accessed on 20 November 2020).
  45. Smithson, Charles, and Betty J. Simkins. 2005. Does Risk Management Add Value? A Survey of the Evidence. Journal of Applied Corporate Finance 17: 8–17. [Google Scholar] [CrossRef]
  46. Standard and Poor’s. 2008. Enterprise Risk Management: Standard & Poor’s to Apply Enterprise Risk Analysis to Corporate Ratings. New York: S&P. [Google Scholar]
  47. Standard and Poor’s. 2012. Methodology: Management and Governance Credit Factors for Corporate Entities and Insurers. New York: S&P. [Google Scholar]
  48. Trock, Susan C., Burke Stephen A, and Nancy J. Cox. 2015. Development of Framework for Assessing Influenza Virus Pandemic Risk. Emerging Infectious Diseases 21: 1372–78. [Google Scholar] [CrossRef]
  49. UK. 2012. Corporate Governance Code. Financial Reporting Council. Available online: https://www.frc.org.uk/getattachment/e322c20a-1181-4ac8-a3d3-1fcfbcea7914/UK-Corporate-Governance-Code-(September-2012).pdf (accessed on 5 June 2020).
  50. UNWTO. 2020. UNWTO World Tourism Barometer. Special Focus on the Impact of COVID-19, May 2020. Available online: https://www.e-unwto.org/doi/book/10.18111/9789284421817 (accessed on 20 November 2020).
  51. Verikios, George, Maura Sullivan, Pane Stojanovski, James Gisecke, and Gordon Woo. 2016. Assessing Regional Risks from Pandemic Influenza: A Scenario Analysis. The World Economy 39: 1225–55. [Google Scholar] [CrossRef]
  52. WHO. 2020. WHO Coronavirus Disease (COVID-19) Dashboard. Available online: https://covid19.who.int/ (accessed on 10 December 2020).
  53. Woolnought, Keith, and Stephen Kramer. 2007. Influenza Pandemics: Time for a Reality Check? Swiss Re Focus Report. Zurich: Swiss Re, Available online: https://media.swissre.com/documents/influenza_pandemics_time_for_a_reality_check_en.pdf (accessed on 5 June 2020).
1
Originally issued in 1995 and revised in 2004 by Standards New Zealand, the joint Australian/New Zealand Committee decided to not revise that standard in 2009 and instead agreed to promote ISO’s 31000—Risk Management standard.
Jrfm 13 00323 g001 550
Figure 1. Number of confirmed cases according to WHO, as of 10.12.2020. Source: own study based on WHO (https://covid19.who.int) (WHO 2020).
Figure 1. Number of confirmed cases according to WHO, as of 10.12.2020. Source: own study based on WHO (https://covid19.who.int) (WHO 2020).
Jrfm 13 00323 g001
Jrfm 13 00323 g002 550
Figure 2. Key dates in the COVID-19 timeline in the first phase of its escalation. Source: own study based on “COVID-19 timeline” by United Nations World Tourism Organization (https://unwto.org) (UNWTO 2020).
Figure 2. Key dates in the COVID-19 timeline in the first phase of its escalation. Source: own study based on “COVID-19 timeline” by United Nations World Tourism Organization (https://unwto.org) (UNWTO 2020).
Jrfm 13 00323 g002
Jrfm 13 00323 g003 550
Figure 3. The key stages of the enterprise risk management (ERM) process in accordance with ISO 31000. Source: own study based on (ISO 31000:2018 2018).
Figure 3. The key stages of the enterprise risk management (ERM) process in accordance with ISO 31000. Source: own study based on (ISO 31000:2018 2018).
Jrfm 13 00323 g003
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Pagach, D.; Wieczorek-Kosmala, M. The Challenges and Opportunities for ERM Post-COVID-19: Agendas for Future Research. J. Risk Financial Manag. 2020, 13, 323. https://doi.org/10.3390/jrfm13120323

AMA Style

Pagach D, Wieczorek-Kosmala M. The Challenges and Opportunities for ERM Post-COVID-19: Agendas for Future Research. Journal of Risk and Financial Management. 2020; 13(12):323. https://doi.org/10.3390/jrfm13120323

Chicago/Turabian Style

Pagach, Don, and Monika Wieczorek-Kosmala. 2020. "The Challenges and Opportunities for ERM Post-COVID-19: Agendas for Future Research" Journal of Risk and Financial Management 13, no. 12: 323. https://doi.org/10.3390/jrfm13120323

Article Metrics

Back to TopTop