企业风险管理案例研究--企业管理论文指导

　　在本文中，我们负责研究有关企业风险管理的两大主题。首先，我们研究企业风险管理的实施程度，这可能有助于分析实施程度的影响因素。在第二部分的研究中，我们探讨具体的企业风险管理战略选择和行业协会对企业风险管理有效性的看法。

　　In this paper, we examined two broad themes relating to ERM. First, we studied the extent of ERM implementation and the factors that may help to explain cross-sectional differences in the level of adoption. In the second part of the study, we explored specific ERM design choices and their association with perceived ERM effectiveness.

　　在本文的第二部分我们有针对性的研究特定的企业风险管理战略和它们之间的关系，这会影响到企业风险管理的可靠性。据我们所知，我们是第一次采用如此大规模的实例研究来分析这种关系。在分析中，我们也发现了一个关系到企业风险管理实施程度的特别之处，我们认为这会影响到企业风险管理的有效性。

　　The second part of the paper addresses specific ERM design choices and their relation with ERM effectiveness. As far as we know, our paper is the first large scale empirical study to examine this relation. In the analysis, we found a positive association between the extent of ERM implementation and perceived ERM effectiveness.

　　The first part of the paper builds on the findings of previous research into the extent of implementation (e.g. Beasley et al., 2005; Kleffner et al., 2003; Liebenberg & Hoyt, 2003). Using data from 825 organizations, our study considerably broadens the empirical basis underlying this stream of research. Specifically, whereas prior studies were based mainly on US and Canadian data, we work with data from organizations headquartered in the Netherlands, allowing some insights into the generalizability of the earlier findings in a different institutional context. Also, unlike the earlier studies, we include small and medium-sized enterprises, as well as public sector organizations. The findings largely corroborate the results of prior work. Thus, we found that publicly traded firms and organizations with a CRO and audit committee have more mature ERM systems, whereas the applicability of governance regulation does not appear to influence ERM adoption. In addition, we found that larger organizations and firms in the financial sector tend to have more sophisticated ERM systems. There is no evidence of an effect of institutional ownership, which is also consistent with previous findings. We do, however, observe that owner-managed firms are less prone to invest in ERM. Earlier studies did not include this factor. Finally, we found no auditor-related influences, suggesting that in the Netherlands, Big 4 and non-Big 4 audit firms are equally effective in promoting high quality ERM among their clients.

　　This finding generally supports a key premise of the COSO ERM framework, i.e. that ERM should be broad and inclusive, spanning the full set of risks that affect the entity’s strategic, operational, reporting, and compliance objectives. Together with the data on the extent of ERM implementation, this result also indicates that organizations still have some work to do: only about 11% of the organizations in the sample report that their current ERM system covers all relevant risk categories.

　　We showed that the frequency of risk assessment, the frequency of risk reporting, and the richness of risk reporting contribute to perceived ERM effectiveness. But perhaps more interesting than these positive findings are the null-results on some of the factors included in the analysis. For instance, we found that only 21.5% of the respondents report to use the COSO ERM framework. In addition, we found that application of the COSO ERM framework as such does not contribute to ERM effectiveness. These findings raise concern as to the assumed authoritative status of this framework: if the framework is actually good, why do firms choose not to use it, and why are firms that do use it not more successful than those that don’t? Because the data do not allow a more elaborate examination, we can only speculate on the answer to this question. We do, however, reiterate an earlier remark: because the questionnaire does not capture the indirect impact of the COSO framework (e.g. through the solution packages of consulting agencies), the data may underestimate the true influence of COSO. This may very well drive the null result just reported. But it is also possible that application of COSO just does not help very much.#p#分页标题#e#

　　Another interesting finding is that the large majority of organizations does not quantify risk tolerances. In fact, two-thirds of them do not explicate risk tolerances at all. This practice is contrary to COSO, which claims that explication of risk appetite and, subsequently, quantification of risk tolerances is pretty much a conditio sine qua non for reliable risk management. The regression results, however, indicate that explication and quantification of risk tolerances do not contribute to perceived ERM effectiveness. Also, the use of quantitative risk assessment techniques does not seem to support ERM quality. In conjunction, these findings may be taken to suggest that organizations generally see risk management as a way of thinking, rather than as a hard and measureable process. If this reading is correct, this implies that COSO’s mechanistic and technocratic perspective on sound and structured risk management does not accord very well with organizational reality.

　　Perceived ERM effectiveness is industry-specific. Firms in the financial services industry appear less satisfied with the quality of their ERM practices –even though the implementation study indicated that they tend to have more fully developed systems. This finding suggests that firms in this industry have higher aspiration levels as to the quality of ERM systems, which is consistent with the idea that the value of these systems is typically larger in the financial services sector, ceteris paribus. In addition, we observe a significant negative effect for organizations in the public sector: on average, public sector organizations report lower ERM effectiveness than private sector organizations. In the part of the paper focussing on ERM adoption, we argued that that public sector organizations may experience unique problems in ERM implementation, because of the complex political environment in which they operate, and because of the dominant culture and management style of these organizations. The data did not corroborate this expectation, and apparently, there are no differences in the extent of ERM implementation between the public and the private sector. However, in conjunction with the negative public sector effect in the analysis of ERM effectiveness, the data suggest the following interpretation: it may be the case that in the public sector, organizations seek to conform to general expectations by implementing relatively sophisticated ERM systems from a technical point of view, even though the generic ERM concepts, tools, and techniques are less effective in a public sector context. This suggests that there may be considerable value in developing an ERM approach that is more tailored to the specific needs and circumstances of the public sector.

　　This study has several limitations that should be recognized when interpreting the evidence. Although we sincerely cherish the permission to use the data, the fact that we rely on secondary data forced us to focus the analysis on the factors on which we have information, rather than on the factors that are most interesting from a research point of view. Fortunately, the two largely coincide. Nevertheless, it would have been interesting to include for instance the way in which organizations have integrated risk management in strategy setting, or elements of the internal environment in the analysis of ERM effectiveness –to name but a few of the central premises of the COSO ERM framework. For now, me must leave the exploration of these factors to future research.

　　Another consequence of our reliance on a pre-existing dataset is that some of our measures are rather naïve. Most variables are single item metrics. Although this is adequate for the more factual variables (actually, most of the independent variables qualify as such), several other constructs are so complex that measuring them with only one indicator is clearly not ideal. Especially the measurement of perceived ERM effectiveness could be improved, and we expect future studies to make significant progress in that area. It should also be emphasized that the measure of ERM effectiveness is based on perceptions rather than on ‘hard’ data. Therefore, the scores on this measure may be biased, and may also more generally be an inaccurate reflection of the actual contribution of ERM to the functioning of the organization (cf. Ittner & Larcker, 2001). On the other hand, the respondents are senior executives or staff members in high organizational positions, and we must assume them to be knowledgeable about the functioning of the ERM systems, and to be able to make meaningful evaluative statements about these systems. http://www.ukassignment.org/fxgllw/ Therefore, we believe that the analysis is at least informative of current ERM practices and of the contribution of elementary ERM design choices to overall ERM quality. As a first step towards a more rigorous, evidence-based understanding of successful ERM practices, this seems well worth the effort.