Learning to organise risk management in organisations: what future for enterprise risk management?

Enterprise risk management (ERM) was originally developed to manage financial risks and was later transferred to other businesses, sectors and, crucially, government. ERM aims at a maximum of comprehensiveness suggesting the integration of all risks to an organisation’s objective in a portfolio to inform organisational strategy. However, the concept suffers from unknown interdependencies between risks, implementation strategies that lack empirical validation and ambivalences and uncertainties arising from their management. It is only weakly rooted in organisational theory. Drawing on knowledge generation, theory key aspects for the empirical study of risk management in organisations are identified. These address the commensuration of risks, the comprehensiveness of the risk portfolio and the communication of explicit and tacit knowledge enabling organisational learning processes in different institutional contexts.

[1]  Stephen N. Luko,et al.  Risk Management Principles and Guidelines , 2013 .

[2]  Jörg Balsiger,et al.  Logic of appropriateness , 2014 .

[3]  The End of Enterprise Risk Management , 2007 .

[4]  I. Berlin The Pursuit of the Ideal , 2013 .

[5]  Léa A. Deleris,et al.  Three key enablers to successful enterprise risk management , 2010, IBM J. Res. Dev..

[6]  A. Amin,et al.  Learning and Adaptation in Decentralised Business Networks , 1999 .

[7]  J E Strutt,et al.  Capability maturity models for offshore organisational management. , 2006, Environment international.

[8]  Georg Schreyögg,et al.  Organizational Path Dependence: Opening the Black Box , 2009 .

[9]  Mark L. Frigo,et al.  Strategic risk management: creating and protecting value , 2007 .

[10]  C. Lindblom THE SCIENCE OF MUDDLING THROUGH , 1959 .

[11]  Ortwin Renn,et al.  Global Risk Governance , 2008 .

[12]  B. Mandelbrot “New Methods of Statistical Economics,” revisited: Short versus long tails and Gaussian versus power-law distributions , 2009 .

[13]  David Hillson,et al.  Using a Risk Breakdown Structure in project management , 2003 .

[14]  I. Cartuja ON SCIENCE AND PRECAUTION IN THE MANAGEMENT OF TECHNOLOGICAL RISK , 2000 .

[15]  Georg Schreyögg,et al.  Organizing for Fluidity? Dilemmas of New Organizational Forms , 2010, Organ. Sci..

[16]  P. Collier,et al.  A Comparison of the Local Authority Adoption of Risk Management in England and Australia , 2011 .

[17]  C. Verbano,et al.  Development paths of risk management: approaches, methods and fields of application , 2011 .

[18]  R. Coase,et al.  The Problem of Social Cost , 1960, The Journal of Law and Economics.

[19]  Steven Yearley,et al.  Regulatory science—Towards a sociological framework☆ , 1997 .

[20]  Michael K. Mauws,et al.  Learning to Build a Car: An Empirical Investigation of Organizational Learning , 2005 .

[21]  M. Stevens,et al.  COMMENSURATION AS A SOCIAL PROCESS , 1998 .

[22]  George Gaskell,et al.  A theory of risk colonization: The spiralling regulatory logics of societal and institutional risk , 2006 .

[23]  Ikujiro Nonaka,et al.  The knowledge-creating theory revisited: knowledge creation as a synthesizing process , 2003 .

[24]  B. Frey,et al.  Motivation, Knowledge Transfer, and Organizational Forms , 2000 .

[25]  David A. Moss Reversing the Null: Regulation, Deregulation, and the Power of Ideas , 2010 .

[26]  Avinash Dixit,et al.  # Incentives and Organizations in the Public Sector: An Interpretative Review , 2002 .

[27]  E. Kutsch,et al.  Deliberate ignorance in project risk management , 2010 .

[28]  K. Arrow A Difficulty in the Concept of Social Welfare , 1950, Journal of Political Economy.

[29]  Niam Yaraghi,et al.  Critical success factors for risk management systems , 2011 .

[30]  John W. Meyer,et al.  Institutional Environments and Organizations: Structural Complexity and Individualism , 1994 .

[31]  T. Kuhn,et al.  The Structure of Scientific Revolutions. , 1964 .

[32]  Gerardo Reyes,et al.  Crisis Economics: A Crash Course in the Future of Finance , 2012 .

[33]  Anne P. Massey,et al.  Unraveling the Temporal Fabric of Knowledge Conversion: A Model of Media Selection and Use , 2006, MIS Q..

[34]  Ortwin Renn Risk Governance: Coping with Uncertainty in a Complex World , 2008 .

[35]  Barry Bozeman,et al.  Risk Culture in Public and Private Organizations , 1998 .

[36]  J. V. Sharp,et al.  Benchmarking Risk Management Within the International Water Utility Sector. Part I: Design of a Capability Maturity Methodology , 2007 .

[37]  A. Tversky,et al.  Judgment under Uncertainty: Heuristics and Biases , 1974, Science.

[38]  Isabelle Huault,et al.  A Market for Weather Risk? Conflicting Metrics, Attempts at Compromise, and Limits to Commensuration , 2011 .

[39]  J. Martínez-Alier,et al.  Weak Comparability of Values as a Foundation for Ecological Economics , 1998 .

[40]  I. Nonaka A Dynamic Theory of Organizational Knowledge Creation , 1994 .

[41]  Adrian Smith,et al.  Dynamic Systems and the Challenge of Sustainability , 2007 .

[42]  Henry Rothstein,et al.  Business Risk Management in Government: Pitfalls and Possibilities , 2000 .

[43]  Angela Wilkinson,et al.  Canaries in the Mind: Exploring How the Financial Crisis Impacts 21st Century Future-Mindfulness , 2010 .

[44]  G. Bounds,et al.  Risk and regulatory policy : improving the governance of risk , 2010 .

[45]  N. Stehr,et al.  The Moralization of the Markets , 2006 .

[46]  J. L. Grand,et al.  Motivation, Agency, and Public Policy , 2003 .

[47]  L. Spira,et al.  Risk Management: The Reinvention of Internal Control and the Changing Role of Internal Audit , 2003 .

[48]  W. Cooper,et al.  Enterprise Risk Management Through Strategic Allocation of Capital , 2011 .

[49]  L. Kruse-Graumann Strategies for managing global environmental risks , 2000 .

[50]  J. March,et al.  Managerial perspectives on risk and risk taking , 1987 .

[51]  Michela Arnaboldi,et al.  Is enterprise risk management real? , 2011 .

[52]  B. Simkins,et al.  The Rise and Evolution of the Chief Risk Officer: Enterprise Risk Management at Hydro One , 2004 .

[53]  S. Rayner,et al.  How Fair Is Safe Enough? The Cultural Approach to Societal Technology Choice1 , 1987 .

[54]  Rob Cross,et al.  A Relational View of Information Seeking and Learning in Social Networks , 2003, Manag. Sci..

[55]  D. Vaughan THE DARK SIDE OF ORGANIZATIONS: Mistake, Misconduct, and Disaster , 1999 .

[56]  Georg von Krogh,et al.  Perspective - Tacit Knowledge and Knowledge Conversion: Controversy and Advancement in Organizational Knowledge Creation Theory , 2009, Organ. Sci..

[57]  F. Scharpf Games Real Actors Could Play , 1994 .

[58]  Lois Quam,et al.  The Audit Society: Rituals of Verification , 1998 .

[59]  Johan P. Olsen,et al.  The Logic of Appropriateness , 2008 .

[60]  D. Williamson The COSO ERM framework: a critique from systems theory of management control , 2007 .

[61]  Herbert A. Simon,et al.  Organizing and coordinating talk and silence in organizations , 2002 .

[62]  Peter Miller,et al.  Accounting, hybrids and the management of risk , 2008 .

[63]  Margaret Woods A contingency theory perspective on the risk management control system within Birmingham City Council , 2009 .

[64]  A. Mikes Risk Management at Crunch Time: Are Chief Risk Officers Compliance Champions or Business Partners? , 2008 .

[65]  Jürgen Habermas,et al.  Truth and Justification , 2003 .

[66]  I. Nonaka,et al.  Organizational Knowledge Creation Theory: Evolutionary Paths and Future Advances , 2006 .

[67]  Donald Davidson,et al.  On the Very Idea of a Conceptual Scheme , 1973 .

[68]  Michael Power,et al.  The risk management of everything , 2004 .

[69]  Andrea Coulson,et al.  Organized uncertainty: designing a world of risk management , 2008 .

[70]  B. McKelvey,et al.  Beyond Gaussian averages: redirecting international business and management research toward extreme events and power laws , 2007 .

[71]  A. Tversky,et al.  Judgment under Uncertainty , 1982 .

[72]  N. Luhmann Risk: A Sociological Theory , 1993 .

[73]  Anette Mikes,et al.  Chief risk officers at crunch time: Compliance champions or business partners? , 2008 .

[74]  M. Power The risk management of nothing , 2009 .

[75]  Daniel A. Levinthal,et al.  A model of adaptive organizational search , 1981 .

[76]  L. Leaverton Internal control. , 2018, Journal of the Iowa Medical Society.

[77]  A. Mikes Risk Management and Calculative Cultures , 2008 .

[78]  A. Wildavsky,et al.  A CULTURAL THEORY OF INFORMATION BIAS IN ORGANIZATIONS , 1986 .

[79]  Julia Lutz Committee of Sponsoring Organizations of the Treadway Commission : Internal Control ; Integrated Framework mit besonderer Berücksichtigung der Änderungen in der Neuauflage 2013 , 2015 .

[80]  Gerald Zeitz,et al.  Organizational Encounters with Risk , 2007 .

[81]  Simon J T Pollard,et al.  Characterizing Environmental Harm: Developments in an Approach to Strategic Risk Assessment and Risk Management , 2004, Risk analysis : an official publication of the Society for Risk Analysis.

[82]  S. Pollard,et al.  Character of environmental harms: overcoming implementation challenges with policy makers and regulators. , 2011, Environmental science & technology.

[83]  Loizos Heracleous,et al.  Discourse and the study of organization: Toward a structurational perspective , 2000 .

[84]  Donald A. Schön,et al.  Organizational Learning: A Theory Of Action Perspective , 1978 .

[85]  H. Rothstein Neglected risk regulation: The institutional attenuation phenomenon , 2002 .

[86]  Louis Anthony Cox,et al.  What's Wrong with Risk Matrices? , 2008, Risk analysis : an official publication of the Society for Risk Analysis.

[87]  Alexander Ardichvili,et al.  Motivation and barriers to participation in virtual knowledge-sharing communities of practice , 2003, J. Knowl. Manag..

[88]  W. Henry,et al.  Embedding risk management: structures and approaches , 2007 .

[89]  Perri,et al.  Information-Sharing and Confidentiality in Social Policy: Regulating Multi-Agency Working , 2008 .

[90]  B. Hutter Organizational Encounters with Risk: ‘Ways of seeing’: understandings of risk in organizational settings , 2005 .

[91]  Mario Bunge,et al.  Bayesianism: Science or Pseudoscience? , 2008 .