Integration of enterprise risk management and management control system: based on a case study

  • Published March 31, 2017
  • Author(s)
    Ilhang Shin
    ORCID ,
    Sorah Park
    ORCID
  • DOI
    http://dx.doi.org/10.21511/imfi.14(1).2017.02
  • Article Info
    Volume 14 2017, Issue #1, pp. 19-26
  • TO CITE АНОТАЦІЯ
  • Cited by
    6 articles
  • 2004 Views
  • 1973 Downloads

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License

This paper aims to discuss the concepts and methodological issues of enterprise risk management (ERM). The case study of company A shows that ERM has been implemented and integrated with management control as a means of monitoring its subsidiaries. First, ERM system was implemented through comprehensive review of corporate risk policies, risk management processes, roles and responsibilities, and risk culture. Second, company A integrated ERM with the existing management control system in order to evaluate the risk underlying the current management activities. Finally, ERM implementation was expanded to all subsidiaries so that each business unit would be delegated for its own risk management. This paper provides insight on the process how group-level internal auditors can use ERM as a tool to manage risk of subsidiaries, thereby filling the gap between academic research and practice. This successful ERM adoption case can be used as a guideline for other organizations, which plan to adopt ERM with reduced costs and improved processes.

view full abstract hide full abstract
    • Fig. 1. ERM as a management control infrastructure
    • Fig. 2. Integration of ERM and management control systems
    • Fig. 3. Risk governance system in company
    • Table 1. Comparison of COSO 1 and COSO 2 ERM Framework
    • Table 2. Risk profile of company A
    • Table 3. Measurement of ERM maturity
    • Alles, M., Brennan, G., Kogan, A., and Vasarhelyi, M.A. (2006). Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens. International Journal of Accounting Information Systems, 7(2), 137-161.
    • Arena, M., Arnaboldi, M., and Azzone, G. (2010). The organizational dynamics of enterprise risk management. Accounting, Organizations and Society, 35(7), 659-675.
    • Beasley, M. S., Clune, R., and Hermanson, D.R. (2005). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation, Journal of Accounting and Public Policy, 24(6), 521-531.
    • Casualty Actuarial Society Enterprise Risk Management Committee. (2003). Overview of enterprise risk management. Fairfax, VA: Casualty Actuarial Society.
    • Chan, D. Y., and Vasarhelyi, M. A. (2011). Innovation and practice of continuous auditing. International Journal of Accounting Information Systems, 12(2), 152-160.
    • CICA. (1999). Continuous auditing. A CICA/AICPA research report.
    • COSO, S. (1992). Internal Control ̶ Integrated Framework. The Committee of Sponsoring Organizations of the Treadway Commission.
    • Committee of Sponsoring Organizations of the Treadway Commission. (2004). The (COSO). (2004). Enterprise Risk Management-Integrated Framework: Executive Summary.
    • De Franco, G., Guan, Y., and Lu, H. (2005). The wealth change and redistribution effects of Sarbanes-Oxley internal control disclosures. Available at SSRN 706701.
    • Doyle, J., Ge, W. and McVay, S. (2007). Determinants of weaknesses in internal control over financial reporting, Journal of accounting and Economics, 44(1), 193-223.
    • Flesher, D. L., and Zarzeski, M. T. (2002). The roots of operational (value-for-money) auditing in English-speaking nations. Accounting and business research, 32(2), 93-104.
    • Gordon, L. A., Loeb, M. P., and Tseng, C.Y. (2009). Enterprise risk management and firm performance: A contingency perspective. Journal of Accounting and Public Policy, 28(4), 301-327.
    • Meulbroek, L. K. (2002). A senior manager’s guide to integrated risk management. Journal of Applied Corporate Finance, 14(4), 56-70.
    • Power, M. (2009). The risk management of nothing. Accounting, organizations and society, 34(6), 849-855.
    • Selim, G., and McNamee, D. (1998). Risk management: changing the internal auditor’s paradigm. Institute of Internal Auditors Research Foundation, Altamonte Springs, Fla.
    • Vasarhelyi, M.A., Alles, M.G., and Kogan, A. (2004). Principles of analytic monitoring for continuous assurance, Journal of emerging technologies in accounting, 1 (1), pp. 1-21.
    • Weidenmier, M. L., and Ramamoorti, S. (2006). Research opportunities in information technology and internal auditing. Journal of Information Systems, 20(1), 205-219.
Related Articles

  • The risk management practices in the manufacturing SMEs in Cape Town

    Clinton Mbuyiselo Sifumba , Kevin Boitshoko Mothibi , Anthony Ezeonwuka , Siphesande Qeke , Mamorena Lucia Matsoso doi: http://dx.doi.org/10.21511/ppm.15(2-2).2017.08
    Problems and Perspectives in Management Volume 15, 2017         Issue #2 (cont. 2)         pp. 386-403 Views: 3390 Downloads: 536 TO CITE АНОТАЦІЯ

    Risk management is one of the prominent issues which are pivotal to the success of a business and may adversely affect profitability if not properly practised. Therefore, the main objective of this paper was to determine risk management practices in manufacturing SMEs in Cape Town. The research conducted was quantitative in nature and constituted the collection of data from 74 SME leaders, all of whom had to adhere to a list of strict delineation criteria. All data collected were thoroughly analyzed through means of descriptive statistics. From the findings made, it is clear that SMEs in the manufacturing sector do in fact understand risk management initiatives applicable to ‘manage’ their respective businesses towards sustainability, but not to a large extent. It was found that respondents are unaware of the elements which make risk management effective, which ultimately aids to the development of problems for SMEs. All employees, managers and owners must coordinate their efforts together to identify and manage organizational risks within their ambit to obtain total risk coverage, as well as provide assurance that these risks are effectively managed from a coordinated approach. Further studies may be carried out to identify measures that can be taken to improve the effectiveness of risk management practices in SMEs.

  • The determinants of liquidity risk of commercial banks in Vietnam

    Tu T. T. TranORCID , Yen T. Nguyen , Thuy T.H. NguyenORCID , Long Tran doi: http://dx.doi.org/10.21511/bbs.14(1).2019.09
    Banks and Bank Systems Volume 14, 2019         Issue #1         pp. 94-110 Views: 1974 Downloads: 1196 TO CITE АНОТАЦІЯ

    This research identifies factors that explain the liquidity of commercial banks in the Vietnam banking system from 2010 to 2015. Using the OLS regression method for analysis, it was found that:

    1. the interbank market helps commercial banks improve their liquidity;
    2. the larger the loan size, the higher the liquidity risk;
    3. good credit risk management has a positive impact on liquidity risk management; and
    4. long-term interest rate is negatively related to the liquidity of commercial banks.

    The research also makes recommendations on liquidity risk management policies to banks and policy-makers from the Government and the State Bank of Vietnam.

  • The mitigation of liquidity risk in Islamic banking operations

    Nabil Bello , Aznan Hasan , Buerhan Saiti doi: http://dx.doi.org/10.21511/bbs.12(3-1).2017.01
    Banks and Bank Systems Volume 12, 2017         Issue #3         pp. 154-165 Views: 1837 Downloads: 552 TO CITE АНОТАЦІЯ

    The purpose of this paper is to discuss the issues and challenges of liquidity risk management in Islamic banks. At the same time, the authors are going to identify the sources of liquidity risk in Islamic banks and the common instruments used to mitigate liquidity mismatches in both sides of their balance sheets. The study is a qualitative study that uses secondary sources of data to describe and analyze risk mitigation in the Islamic banking context. Data were collected from libraries by referring to books, journals from both online and offline sources. The research objectives were addressed by critically analysing various issues from both the Islamic principles and contemporary applications. The authors found that Islamic liquidity management is an important building block for stable and efficient banking. Even though there are several attempts, for example, i) organized tawarruq (commodity murabahah), ii) salam sukuk and iii) short-term ijarah sukuk, to find solutions to the incessant problems of liquidity faced by majority of Islamic banks, there are still several underlying problems such as i) in terms of deficiency in infrastructure especially in countries where Islamic finance is still at an early stage, ii) lack of hedging instruments and iii) Shariah restrictions on some instruments. Regulatory bodies should come up with more innovative practices of Islamic liquidity management to solve unresolved theoretical issues and also meeting market requirements for liquidity.

Download Preview
Close
Investment Management and Financial Innovations
Investment Management and Financial Innovations