The Internal Organization of Enterprise Risk Management
59 Pages Posted: 26 Aug 2014
Date Written: August 20, 2014
This study examines the association between the internal organization of the enterprise risk management (ERM) process (as reflected in the assignment of risk accountabilities or “risk ownership”) and the specific risk management practices adopted enterprise-wide. Using a global survey spanning multiple industries, we find that overall ERM sophistication is positively associated with the functional and hierarchical breadth of risk ownership. Furthermore, the risk management practices adopted by a firm are more strongly associated with the risk owners’ specific functions and levels than with the number of owners alone. When we examine the influence of risk ownership on the firms’ finance units, we find that units whose CFOs have risk ownership responsibilities make significantly greater contributions to a wider range of strategic and operational risks than those whose CFOs are not risk owners. In addition, the organization of risk responsibilities within finance (i.e., whether or not the compliance, internal audit, risk management, and treasury functions report to the CFO) has a significant influence on the types of financial and nonfinancial risks emphasized by the unit. We find relatively little evidence that the presence of risk owners other than the CFO reduces finance’s contributions to ERM.
Keywords: enterprise risk management, organizational design, risk owner, finance unit, internal audit
JEL Classification: G3, M4, M10
Suggested Citation: Suggested Citation