Enterprise Risk Management Encyclopedia Entry.docx

1、Enterprise Risk Management Encyclopedia EntryTitle: Enterprise Risk ManagementAuthors: Jing AiThe University of Texas at AustinAustin Texas U.S.A.Patrick L. Brockett (corresponding author)The University of Texas at AustinAustinTexas U.S.A.Keywords: enterprise risk management (ERM); risk appetite; op

2、erational risk; risk integration; risk measure; risk aggregation; holistic risk managementAbstract:Enterprise risk management (ERM) is a recent risk management technique where a portfolio of risks is managed in a holistic manner. ERM has inspired interests from various parties including corporate ex

3、ecutives, regulators, and rating agencies. Under the ERM framework, corporations take on necessary risks to pursue their strategic objectives within their respective risk appetite. The core of the ERM process is efficient risk integration. Inter-relations among risks and risk prioritization are high

4、lighted in the risk integration process under ERM. Certain risk measures and aggregation methods are usually involved in its implementation. Effective risk reporting and communications in a well-designed organizational structure are also essential for the success of ERM. Being an evolving process, t

5、he ultimate goal of ERM is to move beyond the initial incentive of fulfilling compliance need to achieving real economic value. Note: * in the main text suggests possible cross-references to other entries in the encyclopedia. The same term which appears multiple times is only marked once. WHAT IS ER

6、M?Definition Enterprise risk management (ERM) is a recent risk management technique practiced increasingly by large corporations in all industries throughout the world. It was listed as one of the twenty breakthrough ideas for 2004 in Harvard Business Review 1. ERM reflects the change of mindset in

7、risk management over the past decades. Business leaders realize that certain risks are inevitable in order to create value through operations and some risks are indeed precious opportunities if effectively exploited and managed. In pursuit of the above, a corporations risk management practice should

8、 be carried out in a holistic fashion, aligned with its strategic objectives. It flows from the recognition that a dollar spent on risk is a dollar cost to the firm regardless of whether this risk arises in the finance arena or in the context of a physical calamity such as a fire. ERM proposes that

9、the firm address these risks in a unified manner. The prevailing definition of ERM adopted by most corporations is the one proposed by Committee of Sponsoring Organizations of the Treadway Commission (COSO) in their 2004 ERM framework 2. It intended to establish key concepts, principles and techniqu

10、es of ERM. In this framework, ERM is defined as “a process, effected by an entitys board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appeti

11、te, to provide reasonable assurance regarding the achievement of entity objectives.” This definition highlights that ERM reaches to the highest level of the organizational structure and is directly related to the corporations business strategies. The concept of risk appetite is a crucial component o

12、f the definition. Risk appetite reflects the firms willingness and ability to take on risks in order to achieve the objective. Once it is established, all subsequent risk management decisions will be made within the corporations risk appetite. Thus, the articulation of risk appetite greatly affects

13、the robustness and success of an ERM process. Different themes of business objectives are applied to determine risk appetite. Among the most common ones are solvency concerns, ratings concerns, and earnings volatility concerns 3. The themes directing the risk appetite process should be consistent wi

14、th the corporations risk culture and overall strategies. Despite its wide acceptance, the COSO definition is not the only available definition. For example, Casualty Actuarial Society (CAS) offered an alternative definition in its 2003 overview of ERM. In CASs definition, “ERM is the discipline by w

15、hich an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organizations short- and long-term value to its stakeholders.” 4 Individual corporations may define ERM uniquely according to their own understanding and

16、 objectives. Creating a clear, firm-tailored definition is an important precursor to the firm implementing a successful ERM framework. In fact, a 2006 survey of US corporations identified that lack of an unambiguous understanding of ERM is the one obstacle preventing companies from putting ERM in pl

17、ace 5. Current development of ERM As a rising management discipline, current development of ERM varies across industries and corporations. The insurance industry, financial institutions, and the energy industry are among the industry sectors where ERM has seen relatively advanced development in a br

18、oad range of corporations 6. The enforcement of ERM in these industries was originally stimulated by regulatory requirements. Recently, more corporations in other industries, and even the public sector, are becoming aware of the potential value of ERM and risk managers are increasingly bringing it t

19、o top executives agendas. According to a 2006 survey of US corporations, over two thirds of the surveyed companies either have an ERM program in place or are seriously considering adopting one 5. An earlier survey of Canadian companies obtained similar results. It found that over a third of the samp

20、le companies were practicing ERM in 2003 and an even larger portion of the sample companies were moving in that direction 7. Different stages of ERM implementation have been identified. According to a 2005 survey conducted of Canadian and US organizations, ERM implementation can be broken down into

21、three stages based on the level of development 8. Stage one is ERM strategy development, where corporations define key concepts, make ERM policies and establish the risk management framework. The second stage is ERM strategy implementation. Corporations at this stage implement the established ERM fr

22、amework in their overall strategies and operations. The third stage of ERM is monitoring and maintaining the system. At this stage, ERM sustainability is the main focus achieved by effective internal and/or external evaluations. Only a small number of corporations, mainly in insurance, financial and

23、 utility industries, are at this stage of ERM practice. It is worth noting that ERM is a continuous evolving process, by no means limited to the above identified three stages. As more in-depth understanding and techniques are developed, corporations will move upward to higher stages and more advance

24、d stages are also likely to emerge.ERM IMPLEMENTATION Notwithstanding the attractiveness of ERM conceptually, corporations are often challenged to put it into effect. One of the main challenges in ERM implementation is to manage the totality of corporation risks as a portfolio rather than as individ

25、ual silos as is traditionally done. Several specific aspects of ERM implementation together with present challenges are considered below.Determinants of ERM Although ERM is largely considered as the most advanced risk management concept and toolkit, it is carried out at different paces by corporatio

26、ns. Studies have examined corporate characteristics that appear to be determinants of ERM adoption. For example, Liebenberg and Hoyt (2003) 9 find that firms with greater financial leverage are more likely to appoint a Chief Risk Officer (CRO), to signal their adoption of ERM. In another study, fact

27、ors including presence of CRO, board independence, Chief Executive Officer (CEO) and Chief Financial Officer (CFO) support for ERM, use of Big Four auditors, and entity size are found to be positively related to the stage of ERM adoption 6. These factors reflect ERMs role in corporate governance. La

28、unch and pursuit of the ERM process lead to better corporate governance, which is desired by both external and internal constituencies.Operationalization of ERM The core of the challenge lies in operationalizing ERM in practice. Integration of risks is not merely a procedure of stacking all risks to

29、gether, but rather a procedure of fully recognizing the inter-relations among risks and prioritizing risks to create true economic value. Important components of this procedure include risk identification, risk measurement, risk aggregation, risk prioritization and risk communication.Risk identifica

30、tion The four major categories of risks considered under an ERM framework are hazard risk, financial risk, operational risk*, and strategic risk 4. Hazard risk refers to physical risks whose financial consequences are traditionally mitigated by purchasing insurance policies. Examples of hazard risk

31、include fire, theft, business interruption, liability claims, etc. Financial risk refers to those risks involving capital and financial market. Market risk (interest rate risk, commodity risk, foreign exchange risk) and credit risk (default risk) are among the most important financial risks. This ty

32、pe of risk is usually hedged by financial instruments, such as derivatives. Operational risk is a nascent risk category and has inspired increasing interest. Operational risk includes internal fraud, external fraud, employment practices and workplace safety, clients, products and business practices, damage to physical assets, business disruption and system failures, and execution, delivery and process management 10. The newly released Basel Capital Accord II 10 first drew attention to operational risk in the banking industry. The impact soon spreads to other industries and now operat