Towards a Contingency Theory of Enterprise Risk Management
44 Pages Posted: 19 Aug 2013 Last revised: 17 Oct 2013
Date Written: October 16, 2013
Enterprise risk management (ERM) has become a crucial component of contemporary corporate governance reforms, with an abundance of principles, guidelines, and standards. This paper portrays ERM as an evolving discipline and presents empirical findings on its current state of maturity, as evidenced by a survey of the academic literature and by our own field research. Academics are increasingly examining the adoption and impact of ERM, but the studies are inconsistent and inconclusive, due, we believe, to an inadequate specification of how ERM is used in practice. Based on a ten-year field project, over 250 interviews with senior risk officers, and three detailed case studies, we put forward a contingency theory of ERM, identifying potential design parameters that can explain observable variation in the “ERM mix” adopted by organizations. We also add a new contingent variable: the type of risk that a specific ERM practice addresses. We outline a “minimum necessary contingency framework” (Otley 1980) that is sufficiently nuanced, while still empirically observable, that empirical researchers may, in due course, hypothesize about “fit” between contingent variables, such as risk types and the ERM mix, as well as about outcomes such as organizational effectiveness.
Keywords: risk management, ERM, multiple controls, contingency theory, management controls
JEL Classification: M40
Suggested Citation: Suggested Citation