Abstract

This paper aims to discuss the concepts and methodological issues of enterprise risk management (ERM). The case study of company A shows that ERM has been implemented and integrated with management control as a means of monitoring its subsidiaries. First, ERM system was implemented through comprehensive review of corporate risk policies, risk management processes, roles and responsibilities, and risk culture. Second, company A integrated ERM with the existing management control system in order to evaluate the risk underlying the current management activities. Finally, ERM implementation was expanded to all subsidiaries so that each business unit would be delegated for its own risk management. This paper provides insight on the process how group-level internal auditors can use ERM as a tool to manage risk of subsidiaries, thereby filling the gap between academic research and practice. This successful ERM adoption case can be used as a guideline for other organizations, which plan to adopt ERM with reduced costs and improved processes.

Highlights

  • Bankruptcies of Enron and Worldcom in early 2000s proved that companies which achieved shortterm growth and profitability through fraudulent accounting and falsehood contracting failed

  • This paper provides insight on the process how group-level internal auditors can use enterprise risk management (ERM) as a tool to manage risk of subsidiaries, thereby filling the gap between academic research and practice

  • Enterprise risk management (ERM) has emerged as a paradigm for managing various kinds of risks faced by organizations, and the trend is to focus on its role in improving risk management and enterprise value

Read more

Summary

Concepts and methodological issues of ERM implementation

Corporate control itself does not create value. Rather, it is a mechanism that can be used to manage an entity’s objective, strategies, and risk. In responding to demands of external environment, internal audit function hasexpanded and become a department in charge of ERM, playing a leading role in monitoringvarious ERM components (information & communication, control activities, risk response, risk assessment, event identification, objective setting, internal environment) based on COSO 2 ERM Framework. Strategic Reporting Compliance Monitoring Information & communication Control activities Risk response Risk assessment Event identification Objective setting Internal environment. A continuous audit is generally defined as “a methodology that enables independent auditors to provide written assurance on a subject matter, for which an entity’s management is responsible, using a series of auditors’ reports issued virtually simultaneously with, or a short period of time after, the occurrence of events underlying the subject matter (CICA/AICPA Committee, 1999)” As confirmed by this definition, a continuous audit requires auditors with expertise who can monitor information processed through ERP system and a continuous monitoring system as an infrastructure that can be utilized by auditors. This will enable comprehensive risk management at process level, which is the main concern of strategic risk management and continuous audit system

Case study: company A
Findings
Discussion and conclusions

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.