Next Article in Journal
Carbon Footprint, Financial Structure, and Firm Valuation: An Empirical Investigation
Previous Article in Journal
Impact of Macroeconomic Shocks on Financial Performance and Risk Management: A Case Study of LPP SA During the COVID-19 Pandemic and the Ukraine War
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Risks
Volume 12
Issue 12
10.3390/risks12120196
risks-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Enterprise Risk Management: Improving Embedded Risk Management and Risk Governance

by
Werner Gleißner
1,2 and
Thomas B. Berger
3,*
1
Faculty of Business and Economics, TUD Dresden University of Technology, 01062 Dresden, Germany
2
FutureValue Group AG, Obere Gärten 18, 70771 Leinfelden-Echterdingen, Germany
3
Department of Business and Engineering, Faculty of Engineering, Baden-Wuerttemberg Cooperative State University (DHBW Stutgart), Lerchenstr. 1, 70174 Stuttgart, Germany
*
Author to whom correspondence should be addressed.
Risks 2024, 12(12), 196; https://doi.org/10.3390/risks12120196
Submission received: 25 October 2024 / Revised: 18 November 2024 / Accepted: 22 November 2024 / Published: 5 December 2024
Browse Figures
Versions Notes

Abstract

:
We argue for an integrated, decision-oriented enterprise risk management (ERM) system focused on value drivers rather than risk minimization and using quantitative risk aggregation based on the best available information. Our holistic view on ERM includes cultural, organizational, and technical aspects, presenting seven areas for more effective risk governance and resilience grounded in a robust enterprise framework. Our analysis, supported by a structured literature review, covers these seven key areas for ERM development. Our review shows that risk aggregation, quantification, and decision-making support are only covered by a few publications. The paper offers insights on linking risk management with strategic decision-making using risk aggregation techniques (Monte Carlo simulation).

1. Introduction

Risk-oriented corporate management, especially enterprise risk management (ERM), aims to preventively address risks while fostering opportunities, moving beyond traditional risk management (McShane 2017; Hunziker 2019).
Numerous studies confirm that sustained economic success depends on the type and extent of risks taken, making risk management crucial to success (e.g., Krause and Tse 2016; Arrfelt et al. 2018). Joyce and Mayer (2012) indicate that low fundamental risk brings higher stock returns. The relevance of idiosyncratic risks, like those common in imperfectly diversified capital market operators, further justifies risk management, and the volatility anomaly reflects the well-known risk–return paradox (Budd 1993; Bowman 1980). In their meta-study, Horvey and Odei-Mensah (2023) also find that comprehensive ERM enhances profitability and value. We, therefore, believe that a sound risk management approach should inform management about potential crises timeously (risk management as an early-warning system) and provide information on risk exposure to facilitate decisions by making it possible to weigh risks against returns (risk management as a decision-oriented system).
Recent publications on risk management, including Hardy and Saunders (2022), Fraser et al. (2021), Froot et al. (1993), Kaplan and Mikes (2012, 2016), and Nocco and Stulz (2022), highlight a developing emphasis on integrative risk management and risk culture. Additional guidance comes from standards developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and their ERM framework (Hunziker 2019) and risk governance approach, as discussed by Stein and Wiedemann (2016), which extends and evolves ERM. Alternative frameworks such as those by Stein and Wiedemann (2016), Kaplan and Mikes (2016), and Mthiyane et al. (2022) (who focus on SMEs in developing countries) aim at improving risk management. While these publications have closed major gaps in the literature on conceptions of risk management, ERM concepts still focus on existing risks and potential mitigations, often overlooking how each action, especially strategic decisions, alters a company’s risk exposure, and do not adequately address value creation based on risk information.
This weak link between risk management and strategic decisions has complex roots: First, the importance of risk information in decision-making in general is sometimes undervalued since many companies treat risk management as a kind of ‘book-keeping’—as though risks were static—not adequately addressing the dynamism of risks as part of decision-making. Second, the two methods—aggregating risks based on corporate planning and linking the overall scope of risk with enterprise value as a decision criterion—receive scant attention in the ERM literature. Even current textbooks on quantitative ERM rarely discuss key topics such as risk aggregation. The deficits in most publications and frameworks are mirrored in the methodological gaps in available risk management systems, despite the fact that most managers now recognize that a focus on legal compliance is too narrow (Horvey and Ankamah 2020) and cannot aid decision-making.
By placing risk management in the strategic context of sustainable corporate safeguarding, making it decision oriented, and aligning it with value-based management, we diverge from existing frameworks. Our integrative approach addresses key challenges in modern companies, such as the inclusion of new kinds of risks—like ESG risks (economic, social, or governance)—and improves resilience to economic and geopolitical risks, all of which form part of a holistic risk management approach.
In this paper, we first outline the robust enterprise framework before detailing the outer layer of this framework—competence in risk management—divided into seven key areas of development:
  • Risk identification;
  • Risk quantification;
  • Risk aggregation;
  • Decision orientation;
  • Value contribution of risk management;
  • Integrative risk management;
  • Risk culture and communication.
We then present insights derived from a concise literature analysis, examining the coverage of these seven areas in the existing literature before providing the conclusion. The seven areas we identify are covered in various risk management standards and maturity models, but these standards and models do not always explicitly name or emphasize these areas. Our areas are therefore not derived from a single standard or publication but are instead based on our own experiences and the wider literature.

2. Robust Enterprise Framework

For long-term success and resilience, we propose adopting the robust enterprise framework, characterized by Gleißner (2023) and shown in Figure 1:
  • Financial sustainability at the core, aiming at a stable rating and/or low earnings risk;
  • A robust strategy focusing on stable strategic potential for success driving future financial performance and enterprise value;
  • High competence in managing risks (both opportunities and threats), especially in decision-making.
Here, risk management is not a separate function but rather one layer of a wider framework centered on financial sustainability and enclosing a robust strategy. These elements are detailed below.

2.1. Financial Sustainability

Robust enterprises aim at high financial sustainability (Gleißner et al. 2022) that emerges when the following occur:
(1)
The enterprise at least matches the growth of the industry, in real terms and over the long term;
(2)
The risk-dependent probability of insolvency (p) is low;
(3)
The earnings risk, expressed by the coefficient of variation (V) of profits, is acceptable to the owners;
(4)
Capital returns exceed the risk-based cost of capital.
High financial sustainability implies low risk of insolvency and a favorable risk position. Ensuring such sustainability serves as a secondary condition for owners seeking to limit risk (Telser 1955; Kataoka 1963). Financially stable companies are less risky and generate significant risk-adjusted excess returns over the long term (Gleißner et al. 2022).

2.2. Robust Strategies

Ensuring financial sustainability requires a robust strategy, and recent research has sought to identify the strategies that foster resilience during economic crises (Ayyub 2014; Buchner et al. 2021; Novak et al. 2021). A robust strategy is grounded in core competencies that have long-term value and are versatile and difficult to replicate. Such strategies create competitive advantages, enabling companies to differentiate themselves from competitors and retain customers. This allows companies to pass on cost fluctuations to business partners while avoiding unattractive fields of activity and customer groups, as well as critical dependencies. The value chain retains only those activities that cannot be outsourced, and operations maximize simplicity while balancing cost, risk, speed, and quality considerations.
Resilience is maintained by duplication of main resources, a competent workforce, and a financial cushion. Where possible, conditions aim to support self-organizing, agile structures that offer employees the freedom and incentives to act flexibly yet accountably. Diversifying and limiting losses and liabilities protects solvency from unexpected and negative events. Robust companies pursue strategies that are likely to ensure at least a sufficient minimum rating, even during major crises.
Along with a robust strategy, an effective risk early warning system is needed—particularly to identify strategic risks. Quantifying early warning signs also helps with planning.

2.3. Competence in Managing Risks

Addressing opportunities and threats (risks1) is vital to sustainable success. All employees should address risks openly and proactively. Deficits in existing risk culture (e.g., reckless behavior) must be addressed (Kunz and Heitz 2021). This should be accompanied by a sound methodology due to the central importance of understanding risks when pursuing positive outcomes (Kaplan and Mikes 2012). Since it is usually not an individual risk but rather a combination of risks that precipitates crises, risk aggregation based on risk quantification is crucial.
The two most relevant frameworks—the COSO ERM framework (COSO 2017) and the ISO 31000 standard (ISO 2018)—stress the importance of a portfolio view, hinting at risk quantification and risk aggregation, but permit qualitative approaches—a central weakness. Instead, we argue that only consistently quantifying all relevant risks as part of risk aggregation will render a portfolio view. We, therefore, now move on to a discussion of the major components of sound risk governance.

3. Sound Risk Governance

Robustness and resilience improve through early crisis detection via risk analysis and aggregation, making ERM as important as robust strategy and financial sustainability. An integrative risk management approach focused on supporting business decisions and tied to corporate planning via risk aggregation becomes the foundation of management control. The strategic, decision-oriented development of ERM has many commonalities with risk governance (see Stein and Wiedemann 2016; Stein et al. 2019; Wiedemann et al. 2022) as ERM’s decision orientation aligns with the risk governance approach (see, for example, Weigel et al. 2018). Moreover, risk governance is integrative, emphasizing the importance of involving all employees in risk culture. The highest maturity level is reached when all employees consciously manage risk (“embedded risk management”).
Thus, risk governance supplies a suitable framework for improving resilience and robustness. This strategic form of risk management becomes essential for success and management control.
Below, we detail seven areas for improvement (see Figure 2), using embedded risk management as the new paradigm. This builds on existing ERM considerations as outlined in COSO (2017) and Nocco and Stulz (2022); we show how ERM requires further development to become foundational to corporate success.

3.1. Risk Identification

A well-designed ERM system analyses “strategic, financial, operational, and hazard risks under a single overarching process” (Ai et al. 2016, p. 1). Both the COSO ERM framework and ISO 31000 stress that risk management should be about “linking business objectives to risk [and] integrated with strategy-setting and performance” (COSO 2017, p. 10). Similarly, ISO 31000 (p. 2) states that the “purpose of risk management is the creation and protection of value” and that risk management “should be a part of […] the organizational purpose, governance, leadership and commitment, strategy, objectives and operations.” Despite this mention of operational and strategic risks, many companies focus solely on operational risks, such as potential failures of critical machinery. Though these are relevant, a company’s overall risk exposure is mostly determined by strategic and macroeconomic risks, which tend to be more severe.
Consequently, during risk analysis, the company’s business model and strategy must first be examined for strategic risks, arising, for example, from threats to key success factors. Serious threats to the company’s existence often result from macroeconomic risks and crises, which can create sharp drops in demand; rising inflation, interest rates, and raw material prices; and supply chain disruptions. Key strategic and macroeconomic risks should, therefore, be systematically monitored and analyzed. These can stem from the following:
  • Threats to individual success potentials or the business strategy as a whole, often arising from technological or societal trends;
  • Changes in competitive forces in the industry environment (e.g., removal of barriers to entry, increasing dependence on customers or suppliers, availability of substitutes);
  • The macroeconomic environment.
Threats to a company’s potential for success can also arise if it fails to meet stakeholder expectations regarding the stability of the business model. Here, so-called sustainability risks arise, which can be reduced by introducing an ESG (economic, social, or governance) framework, such as one based on ESG scoring as a guideline (El Ghoul et al. 2018; Gupta 2018). A sound sustainability strategy requires systematic identification of relevant sustainability risks in all three ESG areas.
Risk identification should cover all potentially relevant risk areas and then focus on the most relevant ones for quantification, as resources are limited and these risks may have the highest impact. This does not mean excluding risks below the threshold altogether: risks that occur regularly and only have a minor impact can be quantified via modeling of fluctuations in items such as sales or material costs to be included in the overall risk exposure.

3.2. Risk Quantification

Many companies describe risks in terms of probability and expected damage, but this is seldom justifiable, as many risks cannot be described in this way. Risks differ in nature and require a quantitative description that models risk characteristics. Even “event-oriented” risks, such as catastrophic IT failures, have uncertain impacts, which should be modeled in the form of a range (Orlando 2021). An ERM system should use adequate probability distributions to form a sound foundation for risk aggregation (Vose 2008; Hargreaves 2021).
Sustainability risks must also be quantified to assess their contribution to risk exposure, which is challenging as the effects are both financial and non-financial. In addition, we must quantify the consequences of the indirect effects of the company’s business activities on the environment and society (and vice versa), and on its own reputation, which, in turn, influence sales and cash flows.

3.3. Risk Aggregation

Neither the COSO ERM standard nor the bulk of the literature elaborates on the risk aggregation method required for decision-oriented risk management. References to risk aggregation are primarily found in countries where aggregation is required by law, as is the case in Germany (Berger and Gleißner 2018). Without risk aggregation, however, it is impossible to evaluate the combined effects of individual risks on target indicators. Even risk management scholars often limit the use of Monte Carlo simulations to risks where there is a wealth of historical data or to large companies. However, we have implemented such systems in smaller companies to quantify low-frequency risks or personnel risks. Some authors also distinguish between controllable and non-controllable risks (e.g., Kaplan and Mikes 2012, 2016), but this is neither necessary nor useful; both categories together determine the overall scope of risk, insolvency risk, and the need for equity to cover risk.
Aggregating quantified risks using a Monte Carlo simulation enables a well-supported assessment of insolvency risk (Saha and Malkiel 2012) from which a “bandwidth plan” can be derived. This creates transparency and allows for the calculation of equity and liquidity requirements in line with risk. In particular, it provides a basis for balancing risks and returns in decision-making. Furthermore, risk management and corporate finance benefit from calculating equity requirements.

3.4. Decision Orientation

All management decisions have uncertain effects because they are associated with opportunities and threats, that is, risks. Risk mitigation measures affect the scope of risk, but so do decisions to invest, alter strategy, acquire, or improve ESG scores. Accordingly, properly comparing the risk–return profiles of various options requires clarity about how the risk scope might change with each available option. In other words, hypothetical risks—those that would arise as a result of decisions that have not yet been taken—must also be considered.
Ordinary risk management systems primarily monitor existing risks to summarize the risk situation in a standardized format. However, this information is rarely incorporated into business decisions, limiting economic benefits. Risk management that focuses solely on transparency will fail to properly serve company interests.
Risk management analyses therefore must be included when preparing business decisions. This enables management to consider underlying risks and their potential effects before a decision is made. The concept of a decision-oriented approach to risk management is found in COSO’s ERM standard (Hunziker 2019), in Stein and Wiedemann’s (2016) risk governance concept, and in Beasley and Branson (2022).

3.5. Value Contribution of Risk Management

Reducing cash flow volatility improves planning certainty and reliability (Amit and Wernerfelt 1990). Predictable cash flows reduce the likelihood of forced reliance on external financing sources and defaults (Li and Wu 2009). Krause and Tse (2016) confirmed that “risk management increases firm value and returns, while reducing return and cash flow volatility”.
In many companies, risk management, management accounting, and value-oriented management approaches are siloed. Firms derive the value driver (i.e., the cost of capital or discount rate) from historical stock returns, so enterprise value and value-based performance measures fail to consider changes in the scope of risk, leaving management quasi “risk-blind”. Risks are excluded from decision-making in these capital market-oriented approaches, and risk management systems remain isolated. No meaningful information exchange occurs between management systems, and potential synergies are lost (Hunziker 2019). Gleißner (2019) and Ernst (2022) show that traditional finance approaches—especially CAPM—cannot be used to calculate the value contribution of risk management via the cost of capital (see Gleißner and Ernst 2023 with a case study on simulation-based company valuation).
Assuming imperfect capital markets, no model of perfect markets, including the CAPM, should be used to derive the cost of equity, and insolvency should always be seen as possible (see Shleifer and Vishny 1997; Campbell et al. 2008; Joyce and Mayer 2012; Dempsey 2013; Fama and French 2015; Rossi 2016; Fernández 2019).
Figure 3 shows how the cash flow (CF) distribution and default probability can be determined via risk aggregation and how this informs valuation. Such methods allow us to deduce the expected value E(CF) and the cost of capital directly from the scope of risk via a risk measure (R), such as standard deviation or value at risk (Dorfleitner and Gleißner 2018). The probability of insolvency—often overlooked but acting as a long-term negative growth rate—must also be taken into account (Gleißner 2019).

3.6. Organization-Wide Integrative Risk Management

In embedded risk management, the central idea is that risk management is decision-oriented and uses existing resources, processes, and tools, such as those employed for planning and budgeting. This improves the efficiency and acceptance of risk management organization wide. Integrating essential risk management tasks into other management systems should be commonplace (Berger and Gleißner 2018). For example, risks can be identified while planning and budgeting by recording the underlying assumptions, each of which is, by definition, uncertain and, therefore, a risk. Quality management can easily analyze and monitor technical risks using proven tools, such as failure mode and effects analysis. Essential risk management tasks can thus be included within the controlling, corporate planning, and budgeting processes (Gleißner 2020):
(a)
Planned values and budgets are based on assumptions (e.g., raw material prices). Every uncertain assumption is a risk. Therefore, it is efficient to explicitly record all assumptions as part of the planning process and to share this information for risk management.
(b)
A new risk is identified whenever a deviation from the plan is caused by an as-yet unrecorded risk.
(c)
Strategic management and control systems (e.g., the balanced scorecard) are used to implement corporate strategy by clearly describing strategic objectives, expressed as key performance indicators (KPIs), and assigning measures and responsibilities. Assigning risks to key indicators reveals whether they can trigger deviations from the plan, augmenting the traditional scorecard approach. Those responsible for a particular metric then monitor the associated risks, which incentivizes employees to identify risks that can cause deviations. Moreover, deviation analysis makes it possible to assign responsibility for deviations that have occurred according to their cause. As a rule, the effects of exogenous risks cannot be attributed to those responsible for the performance indicator in the performance assessment.
In order to implement a risk management system with a decision-oriented focus, we must seamlessly connect risk analyses to decision-making. This requires cooperation between risk management and management accounting—or the department responsible for preparing major decisions (see Section 3.4).

3.7. Risk Culture and Communication

Risks are unpleasant, and people often neglect unpleasant information, failing to develop necessary routines. Consequently, their ability to correctly assess risks intuitively is underdeveloped. Societies, industry practices, market competition, and occupational practices also influence the process. While these influences cannot be eliminated, cultural issues must be addressed to steer an organization toward a desirable risk culture (Kunz and Heitz 2021). These are the aims of risk communication and risk culture (Pan et al. 2020), ideally based on a sound risk policy.
Risk policies must align with the normative elements of corporate management (e.g., decision rules and ethical norms). Here, risk policy is a matter of documented behavioral rules aligned with corporate values. As the COSO ERM framework states, “culture supports the achievement of the entity’s mission and vision” (COSO 2017, p. 27). Definitions of risk culture often reference norms, values, and beliefs surrounding risk awareness, risk-taking, and decision-making; they also stress the importance of individual perceptions and cognitive processes (Kunz and Heitz 2021). Risk culture manifests itself in definitions of key terms, key indicators in dashboards, or the definition of roles and responsibilities.
Risk policies address, for example, decision criteria for weighing risks against profits, individual risk limits, and risk-bearing capacities, offering a starting point for creating a risk management organization that both documents behavioral rules involving all staff in the handling of risk but also lays the foundations for an enduring, established risk-conscious culture.
To effectively communicate risks, risk management systems must provide information in a format that supports the decision-making process. Risk communication mostly relies on lists and explanatory text, sometimes accompanied by ratios such as RORAC (return on risk-adjusted capital), and can be improved by adding charts and diagrams. The design of graphs is critical for transparency and functionality—people often fail to correctly interpret risk information from visual displays (e.g., Berger et al. 2022; Garcia-Retamero and Cokely 2013; Bao et al. 2017). To overcome issues such as distortions and end-anchoring, guidelines on the correct design of graphical displays in reporting should be followed. These issues deserve attention, as reports determine how people perceive a system, which then affects their decisions.
We now analyze how these seven areas are covered in the existing literature analysis on ERM systems.

4. Literature Analysis

We used Horvey and Odei-Mensah’s (2023) meta-study, which analyzed 37 studies on the measurement and performance of ERM, to examine the coverage of the seven areas of development. We defined a question for each:
  • Risk identification: Do the authors include strategic and macroeconomic risks?
  • Risk quantification: Do the authors mention risk quantification?
  • Risk aggregation: Do the authors stress that risks must be aggregated via simulations?
  • Decision orientation: Do the authors stipulate that risk analysis must be linked to business decisions?
  • Value contribution: Do the authors mention how risk management can improve firm value?
  • Integrative risk management: Do the authors view risk management integratively?
  • Risk culture and communication: Are risk culture and communication referenced?
In Table 1, we assigned a “YES” if the authors elaborated on these topics;2 “Partly” if the authors included a literature reference only, pointed to a standard, or included a relevant term but provided no details; and “NO” if the topic was not addressed in one of the above ways.
Our analysis is obviously limited as we used only the publications included in Horvey and Odei-Mensah (2023). In addition, we reviewed that document as it stood without contacting the researchers. It is, therefore, possible that the authors addressed all seven areas in their research but included only a short or no reference in the publication. Our categorization is also open to challenge, as such groupings are always somewhat subjective. We nevertheless believe that this analysis supports our view of these seven areas as crucial to the theoretical and practical improvement of integrated risk management systems.
We analyzed all the sources featured in Horvey and Odei-Mensah’s (2023) literature review, not biasing the analysis with our own filtering process. These publications offer consensus only for the integration of risk management, with most papers insisting that risk management be integrated—perhaps because Horvey and Odei-Mensah explicitly focused on ERM-related studies. Similar reasoning explains why many of the studies discuss the value implications of ERM: Horvey and Odei-Mensah explicitly used the term “value of ERM” in their analysis. The other five areas are inadequately covered in the empirical literature.
Particularly surprising is the treatment of risk aggregation, which only six publications include more than a passing mention of. Bohnert et al. (2018), one notable exception, states that “by aggregating risks into one risk portfolio … firms are able to improve the understanding of their overall risk exposure” (p. 3). Using Standard and Poor’s ERM rating (S&P Global 2005) as a proxy for the quality of an ERM system, they found a positive relation to the value of an insurance company. The COSO ERM framework also mentions such a portfolio view, although it is unclear whether this is based on a thorough risk aggregation like that provided by Monte Carlo simulation.
Farrell and Gallagher (2015) also mention risk aggregation, noting that “the ultimate goal of [ERM] is to model, measure, analyze, and respond to … risks in a holistic manner, treating each risk exposure not in isolation, but rather in a portfolio context” (p. 625). Grace et al. (2014) are the only ones who include simulations to aggregate risks as part of a maturity model. Some publications do therefore highlight the importance of risk modeling, aggregation, and other important areas for developing meaningful, effective, and integrated risk management, but this is not adequately emphasized. Companies frequently pay inadequate attention to this when implementing risk management systems, resulting in poor risk cultures where risks are neither quantified nor considered in decision-making. In addition, these publications describe risk aggregation as a stand-alone tool for deriving risk exposure but do not elaborate on its integration with business planning, as we suggest.

5. Conclusions

All important strategic and operational decisions should be assessed with reference to the risk-adjusted earnings value, and—because of the uncertainties inherent in decisions and actions—all forms of management are in fact risk management. Risk management supports the analysis, monitoring, and management of risks. Personnel skilled in dealing with business opportunities and threats are therefore essential to corporate success, incentivizing the expansion of corporate risk management capabilities. This requires designing a risk management system that can provide the information required for such decisions. We outline seven areas for development based on assessing current risk management concepts, giving special consideration to the following:
(a)
Decision orientation and links to value-oriented corporate management: risk management should reveal how the risk scope changes before a decision is made and how this change should factor into the decision calculus.
(b)
Risk quantification, including commonly disregarded risk areas such as economic, geopolitical, and non-financial sustainability risks.
(c)
Risk aggregation procedures that link corporate planning to risk analysis using Monte Carlo simulations, facilitating decision-oriented risk management.
Robust strategy undergirds financial sustainability, stable ratings, acceptable earnings risks, and capital returns. Effective risk management means strategic risks that could endanger the enterprise are identified early on and properly considered in decision-making. The integrative, decision-oriented approach of embedded risk management enables as many employees as possible to address identified risks and is highly consistent with risk governance. Our analysis shows that the seven areas presented in this article—particularly risk aggregation based on corporate planning via simulation methods—are inadequately covered in the literature and should receive more attention.

Author Contributions

Conceptualization, W.G.; methodology, W.G.; data analysis, W.G. and T.B.B.; data collection, T.B.B.; writing—original draft preparation, W.G. and T.B.B.; writing—review and editing, W.G. and T.B.B. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

All data is included in the text.

Conflicts of Interest

The authors declare no conflicts of interest.

Notes

1
We do not distinguish between uncertainty and risk, since in a Bayesian model based on subjective expert estimates, it is in principle possible to quantify all risks; see Holton (2004).
2
We did not limit the analysis to the below-mentioned exact terms but used similar terms for the respective categories or truncated search terms such as “strateg*”, “cultur*”, or “quanti*”. To identify strategic and macroeconomic risks, we use these two terms and their truncated forms. For risk quantification, we used “metric”, “assessment”, “modelling”, “evaluation”, “quantification” and their truncated versions. For aggregation, we used aggregation (and a truncated form) as well as “portfolio”, “collective”, “simulat*”, and “dependenc*”. For decision orientation, we used “decisio*”; for value contribution, we used “value*”; for organization, we used “integrat*”, “holistic”, and “ERM”; and for risk culture, we used “cultur*”. We then related these terms to the context of their usage and assigned the respective grades.

References

  1. Ai, Jing, Vickie Bajtelsmit, and Tianyang Wang. 2016. The Combined Effect of Enterprise Risk Management and Diversification on Property and Casualty Insurer Performance. Journal of Risk and Insurance 85: 513–43. [Google Scholar] [CrossRef]
  2. Amit, Raphael, and Birger Wernerfelt. 1990. Why Do Firms Reduce Business Risk? Academy of Management Journal 33: 520–33. [Google Scholar] [CrossRef]
  3. Annamalah, Sanmugam, Murali Raman, Govindan Marthandan, and Aravindan Kalisri Logeswaran. 2018. Implementation of Enterprise Risk Management (ERM) Framework in Enhancing Business Performances in Oil and Gas Sector. Economies 6: 4. [Google Scholar] [CrossRef]
  4. Anton, Sorin. 2018. The Impact of Enterprise Risk Management on Firm Value: Empirical Evidence from Romanian Non-financial Firms. Engineering Economics 29: 151–57. [Google Scholar] [CrossRef]
  5. Arrfelt, Mathias, Michael Mannor, Jennifer Nahrgang, and Amanda Christensen. 2018. All Risk-Taking Is Not the Same: Examining the Competing Effects of Firm Risk-Taking with Meta-Analysis. Review of Management Science 12: 621–60. [Google Scholar] [CrossRef]
  6. Ayyub, Bilal. 2014. Systems Resilience for Multihazard Environments: Definition, Metrics, and Valuation for Decision Making. Risk Analysis 34: 340–55. [Google Scholar] [CrossRef]
  7. Bao, Chunbing, Dengsheng Wu, Jie Wan, Jianping Li, and Jianming Chen. 2017. Comparison of Different Methods to Design Risk Matrices from the Perspective of Applicability. Procedia Computer Science 122: 455–62. [Google Scholar] [CrossRef]
  8. Baxter, Ryan, Jean Bedard, Rani Hoitash, and Andrew Yezegel. 2013. Enterprise Risk Management Program Quality: Determinants, Value Relevance, and the Financial Crisis. Contemporary Accounting Research 30: 1264–95. [Google Scholar] [CrossRef]
  9. Beasley, Mark, and Bruce Branson. 2022. 2022 Global State of Enterprise Risk Oversight. Enterprise Risk Management Initiative. September 27. Available online: https://erm.ncsu.edu/library/article/2022-global-state-of-enterprise-risk-oversight (accessed on 24 October 2024).
  10. Beasley, Mark, Don Pagach, and Richard Warr. 2008. Information Conveyed in Hiring Announcements of Senior Executives Overseeing Enterprise-Wide Risk Management Processes. Journal of Accounting, Auditing and Finance 23: 311–32. [Google Scholar] [CrossRef]
  11. Beasley, Mark, Richard Clune, and Dana Hermanson. 2005. Enterprise Risk Management: An Empirical Analysis of Factors Associated with the Extent of Implementation. Journal of Accounting and Public Policy 24: 521–31. [Google Scholar] [CrossRef]
  12. Berger, Thomas, and Werner Gleißner. 2018. Integrated Management Systems: Linking Risk Management and Management Control Systems. International Journal of Risk Assessment and Management 21: 215–31. [Google Scholar] [CrossRef]
  13. Berger, Thomas, Ignace Hooge, and Pankaj Trivedi. 2022. Processing of Information from Risk Maps in India and Germany: The Influence of Cognitive Reflection, Numeracy, and Experience. Asia-Pacific Journal of Risk and Insurance 17: 63–85. [Google Scholar] [CrossRef]
  14. Bohnert, Alexander, Nadine Gatzert, Robert Hoyt, and Philipp Lechner. 2018. The Drivers and Value of Enterprise Risk Management: Evidence from ERM Ratings. The European Journal of Finance 25: 234–55. [Google Scholar] [CrossRef]
  15. Bowman, Edward. 1980. A Risk/Return Paradox for Strategic Management. Sloan Management Review 21: 17–33. [Google Scholar]
  16. Buchner, Markus, Michael Kuttner, Christine Mitter, and Petra Sommerauer. 2021. Resilienz von Familienunternehmen—Eine systematische Literaturanalyse. Betriebswirtschaftliche Forschung und Praxis 73: 225–52. [Google Scholar]
  17. Budd, James. 1993. Characterizing Risk from the Strategic Management Perspective. Ph.D. dissertation, Kent State University, Kent, OH, USA. [Google Scholar]
  18. Callahan, Carolyn, and Jared Soileau. 2017. Does Enterprise Risk Management Enhance Operating Performance? Advances in Accounting 37: 122–39. [Google Scholar] [CrossRef]
  19. Campbell, John, Jens Hilscher, and Jan Szilagyi. 2008. In Search of Distress Risk. Journal of Finance 63: 2899–939. [Google Scholar] [CrossRef]
  20. Chen, Yu-Lun, Yi-Wie Chuang, Hong-Gia Huang, and Jhuan-Yu Shih. 2020. The Value of Implementing Enterprise Risk Management: Evidence from Taiwan’s Financial Industry. The North American Journal of Economics and Finance 54: 100926. [Google Scholar] [CrossRef]
  21. Committee of Sponsoring Organizations of the Treadway Commission (COSO), ed. 2017. Enterprise Risk Management—Integrating with Strategy and Performance. Durham: Committee of Sponsoring Organizations of the Treadway Commission (COSO). [Google Scholar]
  22. Dempsey, Mike. 2013. The Capital Asset Pricing Model (CAPM): The History of a Failed Revolutionary Idea in Finance? Abacus 49: 7–23. [Google Scholar] [CrossRef]
  23. Dorfleitner, Gregor, and Werner Gleißner. 2018. Valuing Streams of Risky Cashflows with Risk-Value Models. Journal of Risk 20: 1–27. [Google Scholar] [CrossRef]
  24. Eckles, David, Robert Hoyt, and Steve Miller. 2014. The Impact of Enterprise Risk Management on the Marginal Cost of Reducing Risk: Evidence from the Insurance Industry. Journal of Banking and Finance 49: 409–23. [Google Scholar] [CrossRef]
  25. El Ghoul, Sadok, Omrame Guedhami, Hakkon Kim, and Kwangwoo Park. 2018. Corporate Environmental Responsibility and the Cost of Capital: International Evidence. Journal of Business Ethics 149: 335–361. [Google Scholar] [CrossRef]
  26. Ernst, Dietmar. 2022. Simulation-Based Business Valuation: Methodical Implementation in the Valuation Practice. Journal of Risk and Financial Management 15: 200. [Google Scholar] [CrossRef]
  27. Fama, Eugene, and Kenneth French. 2015. A Five-Factor Asset Pricing Model. Journal of Financial Economics 116: 1–22. [Google Scholar] [CrossRef]
  28. Farrell, Mark, and Ronan Gallagher. 2015. The Valuation Implications of Enterprise Risk Management Maturity. Journal of Risk and Insurance 82: 625–57. [Google Scholar] [CrossRef]
  29. Farrell, Mark, and Ronan Gallagher. 2019. Moderating Influences on the ERM Maturity-Performance Relationship. Research in International Business and Finance 47: 616–28. [Google Scholar] [CrossRef]
  30. Fernández, Pablo. 2019. Is It Ethical to Teach That Beta and CAPM Explain Something? S&P Global Market Intelligence. Available online: https://dx.doi.org/10.2139/ssrn.2980847 (accessed on 24 October 2024).
  31. Florio, Cristina, and Giulia Leoni. 2017. Enterprise Risk Management and Firm Performance: The Italian Case. The British Accounting Review 49: 56–74. [Google Scholar] [CrossRef]
  32. Fraser, John, Rob Quail, and Betty Simkins, eds. 2021. Enterprise Risk Management: Today’s Leading Research and Best Practices for Tomorrow’s Executives, 2nd ed. Hoboken: Wiley. [Google Scholar]
  33. Froot, Kenneth, David Scharfstein, and Jeremy Stein. 1993. Risk Management: Coordinating Corporate Investment and Financing Policies. The Journal of Finance 48: 1629–58. [Google Scholar] [CrossRef]
  34. Garcia-Retamero, Rocio, and Edward Cokely. 2013. Communicating Health Risks with Visual Aids. Current Directions in Psychological Science 22: 392–99. [Google Scholar] [CrossRef]
  35. Gleißner, Werner. 2019. Cost of Capital and Probability of Default in Value-Based Risk Management. Management Research Review 42: 1243–58. [Google Scholar] [CrossRef]
  36. Gleißner, Werner. 2020. Integratives Risikomanagement – Schnittstellen zu Controlling, Compliance und Interner Revision. Controlling 32: 23–29. [Google Scholar] [CrossRef]
  37. Gleißner, Werner. 2023. Uncertainty and Resilience in Strategic Management: Profile of a Robust Company. International Journal of Risk Assessment and Management 26: 75–94. [Google Scholar] [CrossRef]
  38. Gleißner, Werner, and Dietmar Ernst. 2023. The Simulation-Based Valuation of Companies and Their Strategies–Classification, Methodology and Case Study. EBVM–The European Business Valuation Magazine 2: 4–16. [Google Scholar]
  39. Gleißner, Werner, Thomas Günther, and Christian Walkshäusl. 2022. Financial Sustainability: Measurement and Empirical Evidence. Journal of Business Economics 92: 467–516. [Google Scholar] [CrossRef]
  40. Golshan, Nargess, and Siti Zaleha Abdul Rasid. 2012. Determinants of Enterprise Risk Management Adoption: An Empirical Analysis of Malaysian Public Listed Firms. International Journal of Social and Human Sciences 6: 119–26. [Google Scholar]
  41. Gordon, Lawrence, Martin Loeb, and Chih-Yang Tseng. 2009. Enterprise Risk Management and Firm Performance: A Contingency Perspective. Journal of Accounting and Public Policy 28: 301–27. [Google Scholar] [CrossRef]
  42. Grace, Martin, Tyler Leverty, Richard Phillips, and Prakash Shimpi. 2014. The Value of Investing in Enterprise Risk Management. Journal of Risk and Insurance 82: 289–316. [Google Scholar] [CrossRef]
  43. Gupta, Kartick. 2018. Environmental Sustainability and Implied Cost of Equity: International Evidence. Journal of Business Ethics 147: 343–65. [Google Scholar] [CrossRef]
  44. Hanggraeni, Dewi, Beata Ślusarczyk, Liyu Sulung, and Athor Subroto. 2019. The Impact of Internal, External, and Enterprise Risk Management on the Performance of Micro, Small, and Medium Enterprises. Sustainability 11: 2172. [Google Scholar] [CrossRef]
  45. Hardy, Mary, and David Saunders. 2022. Quantitative Enterprise Risk Management. Cambridge: Cambridge University Press. [Google Scholar]
  46. Hargreaves, Jane. 2021. Quantitative Risk Assessment in ERM. In Enterprise Risk Management: Today’s Leading Research and Best Practices for Tomorrow’s Executives, 2nd ed. Edited by John Fraser, Rob Quail and Betty Simkins. Hoboken: Wiley, pp. 441–57. [Google Scholar]
  47. Holton, Glyn. 2004. Defining Risk. Financial Analysts Journal 60: 19–25. [Google Scholar] [CrossRef]
  48. Horvey, Sylvester, and Jacob Ankamah. 2020. Enterprise Risk Management and Firm Performance: Empirical Evidence from Ghana Equity Market. Cogent Economics and Finance 8: 1840102. [Google Scholar] [CrossRef]
  49. Horvey, Sylvester, and Jones Odei-Mensah. 2023. The Measurements and Performance of Enterprise Risk Management: A Comprehensive Literature Review. Journal of Risk Research 26: 778–800. [Google Scholar] [CrossRef]
  50. Hoyt, Robert, and Andre P. Liebenberg. 2011. The Value of Enterprise Risk Management. Journal of Risk and Insurance 78: 795–822. [Google Scholar] [CrossRef]
  51. Hunziker, Stefan. 2019. Enterprise Risk Management: Modern Approaches to Balancing Risk and Reward. Wiesbaden: Springer Gabler. [Google Scholar]
  52. International Organization for Standardization (ISO). 2018. Risk Management—Guidelines. ISO Standard No. 31000:2018. Geneva: International Organization for Standardization (ISO).
  53. Joyce, Chuck, and Kimball Mayer. 2012. Profits for the Long Run: Affirming the Case for Quality. GMO White Paper. June. Available online: http://csinvesting.org/wp-content/uploads/2012/06/gmo_wp_-_2012_06_-_profits_for_the_long_run_-_affirming_quality.pdf (accessed on 24 October 2024).
  54. Kaplan, Robert, and Anette Mikes. 2012. Managing Risks: A New Framework. Harvard Business Review 90: 48–60. [Google Scholar]
  55. Kaplan, Robert, and Anette Mikes. 2016. Risk Management—The Revealing Hand. Journal of Applied Corporate Finance 28: 8–18. [Google Scholar] [CrossRef]
  56. Kataoka, Shinji. 1963. A Stochastic Programming Model. Econometrica 31: 181–96. [Google Scholar] [CrossRef]
  57. Khan, Majid, Dildar Hussain, and Waqar Mehmood. 2016. Why Do Firms Adopt Enterprise Risk Management (ERM)? Empirical Evidence from France. Management Decision 54: 1886–907. [Google Scholar] [CrossRef]
  58. Krause, Timothy, and Yiuman Tse. 2016. Risk Management and Firm Value: Recent Theory and Evidence. International Journal of Accounting and Information Management 24: 56–81. [Google Scholar] [CrossRef]
  59. Kunz, Jennifer, and Mathias Heitz. 2021. Banks’ Risk Culture and Management Control Systems: A Systematic Literature Review. Journal of Management Control 32: 439–93. [Google Scholar] [CrossRef]
  60. Lechner, Philipp, and Nadine Gatzert. 2018. Determinants and Value of Enterprise Risk Management: Empirical Evidence from Germany. The European Journal of Finance 24: 867–87. [Google Scholar] [CrossRef]
  61. Li, Xun, and Zhenyu Wu. 2009. Corporate Risk Management and Investment Decisions. The Journal of Risk Finance 10: 155–68. [Google Scholar] [CrossRef]
  62. Liebenberg, André, and Robert Hoyt. 2003. The Determinants of Enterprise Risk Management: Evidence from the Appointment of Chief Risk Officers. Risk Management and Insurance Review 6: 37–52. [Google Scholar] [CrossRef]
  63. Lin, Yijia, Min-Ming Wen, and Jifeng Yu. 2012. Enterprise Risk Management: Strategic Antecedents, Risk Integration, and Performance. North American Actuarial Journal 16: 1–28. [Google Scholar] [CrossRef]
  64. Malik, Muhammad, Mahbub Zaman, and Sherrena Buckby. 2020. Enterprise Risk Management and Firm Performance: Role of the Risk Committee. Journal of Contemporary Accounting and Economics 16: 100178. [Google Scholar] [CrossRef]
  65. Mardessi, Sana, and Sonda Ben Arab. 2018. Determinants of ERM Implementation: The Case of Tunisian Companies. Journal of Financial Reporting and Accounting 16: 443–63. [Google Scholar] [CrossRef]
  66. McShane, Michael. 2017. Enterprise Risk Management: History and a Design Science Proposal. The Journal of Risk Finance 19: 137–53. [Google Scholar] [CrossRef]
  67. McShane, Michael, Anil Nair, and Elzotbek Rustambekov. 2011. Does Enterprise Risk Management Increase Firm Value? Journal of Accounting, Auditing, and Finance 26: 641–58. [Google Scholar] [CrossRef]
  68. Miloš Sprčić, Danijela, Marina Mešin Žagar, Zeljko Sevic, and Mojca Marc. 2016. Does Enterprise Risk Management Influence Market Value—A Long-Term Perspective. Risk Management 18: 65–88. [Google Scholar] [CrossRef]
  69. Mthiyane, Zodwa, Huibrecht van der Poll, and Makgopa Tshehla. 2022. A framework for risk management in small medium enterprises in developing countries. Risks 10: 173. [Google Scholar] [CrossRef]
  70. Nair, Anil, Elzotbek Rustambekov, Michael McShane, and Stav Fainshmidt. 2014. Enterprise Risk Management as a Dynamic Capability: A Test of Its Effectiveness During a Crisis. Managerial and Decision Economics 35: 555–66. [Google Scholar] [CrossRef]
  71. Nasr, Arash, Saideh Alaei, Fateme Bakhshi, Farzin Rasoulyan, Hojat Tayaran, and Mohammad Farahi. 2019. How Enterprise Risk Management (ERM) Can Affect on Short-Term and Long-Term Firm Performance: Evidence from the Iranian Banking System. Entrepreneurship and Sustainability Issues 7: 1387–405. [Google Scholar] [CrossRef] [PubMed]
  72. Nguyen, Duc, and Dinh-Tri Vo. 2020. Enterprise Risk Management and Solvency: The Case of the Listed EU Insurers. Journal of Business Research 113: 360–69. [Google Scholar] [CrossRef]
  73. Nocco, Brian, and René Stulz. 2022. Enterprise Risk Management: Theory and Practice. Journal of Applied Corporate Finance 34: 81–94. [Google Scholar] [CrossRef]
  74. Novak, David, Zhaohui Wu, and Kevin Dooley. 2021. Whose Resilience Matters? Addressing Issues of Scale in Supply Chain Resilience. Journal of Business Logistics 42: 323–35. [Google Scholar] [CrossRef]
  75. Orlando, Albina. 2021. Cyber risk quantification: Investigating the role of cyber value at risk. Risks 9: 184. [Google Scholar] [CrossRef]
  76. Otero González, Luís, Pablo Santomil, and Aracely Herrera. 2020. The Effect of Enterprise Risk Management on the Risk and the Performance of Spanish Listed Companies. European Research on Management and Business Economics 26: 111–20. [Google Scholar] [CrossRef]
  77. Pagach, Don, and Richard Warr. 2011. The Characteristics of Firms That Hire Chief Risk Officers. Journal of Risk & Insurance 78: 185–211. [Google Scholar]
  78. Pan, Yihui, Stephan Siegel, and Tracy Wang. 2020. The Cultural Origin of CEOs’ Attitudes Toward Uncertainty: Evidence from Corporate Acquisitions. The Review of Financial Studies 33: 2977–3030. [Google Scholar] [CrossRef]
  79. Ping, Ai Teoh, and Rajendran Muthuveloo. 2015. The Impact of Enterprise Risk Management on Firm Performance: Evidence from Malaysia. Asian Social Science 11: 149–59. [Google Scholar] [CrossRef]
  80. Quon, Tony, Daniel Zeghal, and Michel Maingot. 2012. Enterprise Risk Management and Business Performance During the Financial and Economic Crises. Problems and Perspectives in Management 10: 95–103. [Google Scholar]
  81. Rossi, Matteo. 2016. The Capital Asset Pricing Model: A Critical Literature Review. Global Business and Economics Review 18: 604–17. [Google Scholar] [CrossRef]
  82. S&P Global. 2005. Evaluating the Enterprise Risk Management Practices of Insurance Companies. Standard and Poor’s RatingsDirect, October 17. [Google Scholar]
  83. Saeidi, Parvaneh, Sayyedeh Saeidi, Leonardo Gutierrez, Dalia Streimikiene, Melfi Alrasheedi, Sayedeh Saeidi, and Abbas Mardani. 2021. The Influence of Enterprise Risk Management on Firm Performance with the Moderating Effect of Intellectual Capital Dimensions. Economic Research-Ekonomska Istraživanja 34: 122–51. [Google Scholar] [CrossRef]
  84. Saha, Anatu, and Burton Malkiel. 2012. DCF Valuation with Cash Flow Cessation Risk. Journal of Applied Finance 22: 175–85. [Google Scholar]
  85. Shleifer, Andrei, and Robert Vishny. 1997. The Limits of Arbitrage. The Journal of Finance 52: 35–55. [Google Scholar] [CrossRef]
  86. Silva, Juliano, Aldy da Silva, and Betty Chan. 2019. Enterprise Risk Management and Firm Value: Evidence from Brazil. Emerging Markets Finance and Trade 55: 687–703. [Google Scholar] [CrossRef]
  87. Stein, Volker, and Arnd Wiedemann. 2016. Risk Governance: Conceptualization, Tasks, and Research Agenda. Journal of Business Economics 86: 813–36. [Google Scholar] [CrossRef]
  88. Stein, Volker, Arnd Wiedemann, and Christiane Bouten. 2019. Framing Risk Governance. Management Research Review 42: 1224–42. [Google Scholar]
  89. Telser, Lester. 1955. Safety First and Hedging. Review of Economic Studies 23: 1–16. [Google Scholar] [CrossRef]
  90. Vose, David. 2008. Risk Analysis: A Quantitative Guide, 3rd ed. Hoboken: Wiley. [Google Scholar]
  91. Weigel, Christine, Martin Hiebl, and Arnd Wiedemann. 2018. Vom Risk Management zur Risk Governance. Controlling and Management 62: 34–40. [Google Scholar] [CrossRef]
  92. Wiedemann, Arnd, Volker Stein, and Mark Fonseca. 2022. Risk Governance in Organizations: Future Perspectives. Siegen: Universitätsverlag Siegen. [Google Scholar]
  93. Zou, Xiang, Che Isa, and Mahfuzur Rahman. 2019. Valuation of Enterprise Risk Management in the Manufacturing Industry. Total Quality Management and Business Excellence 30: 1389–410. [Google Scholar] [CrossRef]
Risks 12 00196 g001
Figure 1. Robust enterprise framework.
Figure 1. Robust enterprise framework.
Risks 12 00196 g001
Risks 12 00196 g002
Figure 2. Competence in risk management: areas for development.
Figure 2. Competence in risk management: areas for development.
Risks 12 00196 g002
Risks 12 00196 g003
Figure 3. Corporate planning, risk aggregation, and valuation with a Monte Carlo simulation (based on Gleißner 2019, p. 1252).
Figure 3. Corporate planning, risk aggregation, and valuation with a Monte Carlo simulation (based on Gleißner 2019, p. 1252).
Risks 12 00196 g003
Table 1. Literature analysis: results.
Table 1. Literature analysis: results.
AuthorsIdentificationQuantificationAggregationDecision OrientationValue ContributionOrganizationRisk Culture
(Ai et al. 2016)YESPartlyNOPartlyPartlyYESPartly
(Annamalah et al. 2018)PartlyNONOPartlyNOPartlyPartly
(Anton 2018)NONONOPartlyPartlyPartlyPartly
(Baxter et al. 2013)NOPartlyNONOPartlyPartlyNO
(Beasley et al. 2005)NOPartlyNONOPartlyYESNO
(Beasley et al. 2008)YESYESYESPartlyYESYESPartly
(Bohnert et al. 2018)NONONONOYESYESNO
(Callahan and Soileau 2017)NONONONOYESPartlyNO
(Chen et al. 2020)NOPartlyNONOPartlyYESPartly
(Eckles et al. 2014)PartlyYESYESYESYESYESYES
(Farrell and Gallagher 2015)NONOYESYESYESYESYES
(Farrell and Gallagher 2019)YESPartlyNOPartlyYESYESPartly
(Florio and Leoni 2017)NONONONONOYESNO
(Golshan and Rasid 2012)NOPartlyNONOPartlyYESNO
(Gordon et al. 2009)PartlyYESPartlyYESYESYESPartly
(Grace et al. 2014)NOPartlyNOYESNOYESNO
(Hanggraeni et al. 2019)NONONONOPartlyYESNO
(Horvey and Ankamah 2020)NONONOPartlyYESYESNO
(Hoyt and Liebenberg 2011)NOPartlyNONOPartlyYESNO
(Khan et al. 2016)NOPartlyNONOYESYESYES
(Lechner and Gatzert 2018)NONONOYESYESYESNO
(Liebenberg and Hoyt 2003)NOPartlyPartlyNOYESYESPartly
(Lin et al. 2012)NONONOYESYESYESYES
(Malik et al. 2020)YESYESNONOPartlyYESPartly
(Mardessi and Arab 2018)PartlyNOYESYESYESYESPartly
(McShane et al. 2011)NONOYESYESYESYESPartly
(Miloš Sprčić et al. 2016)NONONOYESPartlyNOYES
(Nair et al. 2014)NONONONOPartlyYESNO
(Nasr et al. 2019)NONONONONOPartlyNO
(Nguyen and Vo 2020)NOPartlyYESPartlyPartlyYESNO
(Otero González et al. 2020)NOPartlyNONOPartlyYESNO
(Pagach and Warr 2011)NOYESNONOPartlyYESNO
(Ping and Muthuveloo 2015)YESPartlyNOPartlyPartlyPartlyNO
(Quon et al. 2012)NOPartlyPartlyYesPartlyYESNO
(Saeidi et al. 2021)NOPartlyNOPartlyPartlyYESYES
(Silva et al. 2019)NOPartlyNOPartlyPartlyYESPartly
(Zou et al. 2019)NONONOPartlyPartlyYESNO
Share “Yes”13.5%13.5%16.2%27.0%37.8%81.1%16.2%
Share “No”75.7%43.2%75.7%43.2%10.8%2.7%51.4%
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Gleißner, W.; Berger, T.B. Enterprise Risk Management: Improving Embedded Risk Management and Risk Governance. Risks 2024, 12, 196. https://doi.org/10.3390/risks12120196

AMA Style

Gleißner W, Berger TB. Enterprise Risk Management: Improving Embedded Risk Management and Risk Governance. Risks. 2024; 12(12):196. https://doi.org/10.3390/risks12120196

Chicago/Turabian Style

Gleißner, Werner, and Thomas B. Berger. 2024. "Enterprise Risk Management: Improving Embedded Risk Management and Risk Governance" Risks 12, no. 12: 196. https://doi.org/10.3390/risks12120196

APA Style

Gleißner, W., & Berger, T. B. (2024). Enterprise Risk Management: Improving Embedded Risk Management and Risk Governance. Risks, 12(12), 196. https://doi.org/10.3390/risks12120196

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop