Integration of enterprise risk management and management control system: based on a case study
-
DOIhttp://dx.doi.org/10.21511/imfi.14(1).2017.02
-
Article InfoVolume 14 2017, Issue #1, pp. 19-26
- Cited by
- 2032 Views
-
1984 Downloads
This work is licensed under a
Creative Commons Attribution-NonCommercial 4.0 International License
This paper aims to discuss the concepts and methodological issues of enterprise risk management (ERM). The case study of company A shows that ERM has been implemented and integrated with management control as a means of monitoring its subsidiaries. First, ERM system was implemented through comprehensive review of corporate risk policies, risk management processes, roles and responsibilities, and risk culture. Second, company A integrated ERM with the existing management control system in order to evaluate the risk underlying the current management activities. Finally, ERM implementation was expanded to all subsidiaries so that each business unit would be delegated for its own risk management. This paper provides insight on the process how group-level internal auditors can use ERM as a tool to manage risk of subsidiaries, thereby filling the gap between academic research and practice. This successful ERM adoption case can be used as a guideline for other organizations, which plan to adopt ERM with reduced costs and improved processes.
- Keywords
-
JEL Classification (Paper profile tab)M41, E3
-
References17
-
Tables3
-
Figures3
-
- Fig. 1. ERM as a management control infrastructure
- Fig. 2. Integration of ERM and management control systems
- Fig. 3. Risk governance system in company
-
- Table 1. Comparison of COSO 1 and COSO 2 ERM Framework
- Table 2. Risk profile of company A
- Table 3. Measurement of ERM maturity
-
- Alles, M., Brennan, G., Kogan, A., and Vasarhelyi, M.A. (2006). Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens. International Journal of Accounting Information Systems, 7(2), 137-161.
- Arena, M., Arnaboldi, M., and Azzone, G. (2010). The organizational dynamics of enterprise risk management. Accounting, Organizations and Society, 35(7), 659-675.
- Beasley, M. S., Clune, R., and Hermanson, D.R. (2005). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation, Journal of Accounting and Public Policy, 24(6), 521-531.
- Casualty Actuarial Society Enterprise Risk Management Committee. (2003). Overview of enterprise risk management. Fairfax, VA: Casualty Actuarial Society.
- Chan, D. Y., and Vasarhelyi, M. A. (2011). Innovation and practice of continuous auditing. International Journal of Accounting Information Systems, 12(2), 152-160.
- CICA. (1999). Continuous auditing. A CICA/AICPA research report.
- COSO, S. (1992). Internal Control ̶ Integrated Framework. The Committee of Sponsoring Organizations of the Treadway Commission.
- Committee of Sponsoring Organizations of the Treadway Commission. (2004). The (COSO). (2004). Enterprise Risk Management-Integrated Framework: Executive Summary.
- De Franco, G., Guan, Y., and Lu, H. (2005). The wealth change and redistribution effects of Sarbanes-Oxley internal control disclosures. Available at SSRN 706701.
- Doyle, J., Ge, W. and McVay, S. (2007). Determinants of weaknesses in internal control over financial reporting, Journal of accounting and Economics, 44(1), 193-223.
- Flesher, D. L., and Zarzeski, M. T. (2002). The roots of operational (value-for-money) auditing in English-speaking nations. Accounting and business research, 32(2), 93-104.
- Gordon, L. A., Loeb, M. P., and Tseng, C.Y. (2009). Enterprise risk management and firm performance: A contingency perspective. Journal of Accounting and Public Policy, 28(4), 301-327.
- Meulbroek, L. K. (2002). A senior manager’s guide to integrated risk management. Journal of Applied Corporate Finance, 14(4), 56-70.
- Power, M. (2009). The risk management of nothing. Accounting, organizations and society, 34(6), 849-855.
- Selim, G., and McNamee, D. (1998). Risk management: changing the internal auditor’s paradigm. Institute of Internal Auditors Research Foundation, Altamonte Springs, Fla.
- Vasarhelyi, M.A., Alles, M.G., and Kogan, A. (2004). Principles of analytic monitoring for continuous assurance, Journal of emerging technologies in accounting, 1 (1), pp. 1-21.
- Weidenmier, M. L., and Ramamoorti, S. (2006). Research opportunities in information technology and internal auditing. Journal of Information Systems, 20(1), 205-219.