Abstract
The significance of the Enterprise Risk Management (ERM) is widely recognized by the academic and professional literature. Knowledge and management of business risks are an integral part of every successful business strategy and are increasingly becoming a primary factor of competitiveness. Although several risk management frameworks have been published and updated over time, these standards still have limitations. The advent of IT helped companies to better manage business risks. The rise of the IT governance has improved the management and the monitoring of business processes as well as the implementation of policies and procedures. The aim of this paper is twofold. First, a comparative analysis of the main risk management frameworks was carried out, highlighting their limits and weaknesses. Second, it was highlighted how the IT governance and the related frameworks as COBIT could contribute to a better implementation of the risk management process that allows to overcome the limitations of the examined standards.The significance of the Enterprise Risk Management (ERM) is widely recognized by the academic and professional literature. Knowledge and management of business risks are an integral part of every successful business strategy and are increasingly becoming a primary factor of competitiveness. Although several risk management frameworks have been published and updated over time, these standards still have limitations. The advent of IT helped companies to better manage business risks. The rise of the IT governance has improved the management and the monitoring of business processes as well as the implementation of policies and procedures. The aim of this paper is twofold. First, a comparative analysis of the main risk management frameworks was carried out, highlighting their limits and weaknesses. Second, it was highlighted how the IT governance and the related frameworks as COBIT could contribute to a better implementation of the risk management process that allows to overcome the limitations of the examined standards.
Highlights
The relevance of the role played by the Enterprise Risk Management (ERM) is widely recognized by the academic (Jensen, 1993; Spira & Page, 2003; Power, 2004; Rubino & Vitolla, 2012a; Mikes & Kaplan, 2015) and professional literature (COSO, 1992, 2004 and 2017; ISACA, 2012 and 2013)
The analysis focuses on the COSO ERM (Enterprise Risk Management), the ISO 31000 standard, the AS/NZS 4360 framework and on the Risk Management Framework applied in Canada
Implementing risk management is a complex activity that varies from company to company based on a series of elements such as corporate culture in terms of control, the existence of a well-defined organizational structure, the provision of appropriate procedures and company policies, the existence of an effective action carried out by the corporate governance bodies, the presence of managerial skills and so on (Rubino & Vitolla, 2012a; Rubino et al, 2017a; Bogodistov & Wohlgemuth, 2017; Agarwal & Kallapur, 2018)
Summary
The relevance of the role played by the ERM is widely recognized by the academic (Jensen, 1993; Spira & Page, 2003; Power, 2004; Rubino & Vitolla, 2012a; Mikes & Kaplan, 2015) and professional literature (COSO, 1992, 2004 and 2017; ISACA, 2012 and 2013). The last standard to be compared is the Framework for the Management of Risk - Canada which in 2010 replaced the Integrated Risk Management Framework (2001) and the Integrated Implementation Management Guide (2004) This framework represents a tool which is applicable to public administrations. Both the ISO 3100 guideline and the AS/NZS 4360 standard clearly state that they not intend to promote uniformity of risk management across organizations In this regard the ISO 31000 highlights that the design and implementation of risk management plans and frameworks will need to consider the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed. The Framework for the Management of Risk – Canada provide guidance to apply ERM into the public administration
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
