۲- Existing enterprise risk management frameworks – overview and criticism

۳- A theory of enterprise risk management

۴- The information problem of corporate risk management – a closer look

۵- The agency problem of corporate risk management – a closer look

۶- Enterprise risk management as a solution

۷- Conclusions

References

Abstract

Purpose – The purpose of this paper is to develop a theory of enterprise risk management (ERM).
Design/methodology/approach – The method is to develop a theory for ERM based on identifying the general risk management problems that it is supposed to solve and to apply the principle of deduction based on these premises.
Findings – ERM consists of risk governance, which is a set of mechanisms that deals with the agency problem of risk management and risk aggregation, which is a set of mechanisms that deals with the information problem of risk management.
Research limitations/implications – The theory, by identifying the central role of the Board of Directors, encourages further research into the capabilities and incentives of directors as determinants of ERM adoption. It also encourages research into how ERM adoption depends on proxies for agency problems of risk management, such as a decentralized company structure.
Practical implications – The theory encourages Boards of Directors to focus on understanding where the under and over management of risk are likely to be greatest, as opposed to the current practice of mapping a large number of risk factors.
Originality/value – The theory complements existing theory on corporate risk management, which revolves around the role of external frictions, by focusing on internal frictions in the firm that prevent effective risk management. It is the first work to delineate ERM vis-a-vis existing risk theory.

Conclusions

This paper provides a theoretical analysis of ERM. Rather than describing ERM in terms of a process aimed at meeting corporate objectives, it proposes to view ERM as a solution, i.e. a set of mechanisms, to address two general risk management problems faced by the firm. These are the agency and information problems of risk management, respectively. The theory is predicated on the observation that there are internal agency problems and information asymmetries in firms with decentralized decision-making authority. It therefore complements existing corporate risk management theory, which tends to focus on frictions between the firm and external actors. It challenges both the presumption of a harmonious relationship between various actors in the ERM-process, as well as the suggestion that ERM should be viewed primarily as an evolving set of practices that will eventually become codified.