The Adoption and Design of Enterprise Risk Management Practices: An Empirical Study

Abstract

We examine (1) the extent of ERM implementation and the factors that are associated with cross-sectional differences in the level of ERM adoption, and (2) specific risk management design choices and their effect on perceived risk management effectiveness. Broadly consistent with previous work in this area, we find that the extent of ERM implementation is influenced by the regulatory environment, internal factors, ownership structure, and firm and industry-related characteristics. In addition, we find that perceived risk management effectiveness is associated with the frequency of risk assessment and reporting, and with the use of quantitative risk assessment techniques. However, our results raise some concerns as to the COSO framework. Particularly, we find no evidence that application of the COSO framework improves risk management effectiveness. Neither do we find support for the mechanistic view on risk management that is implied by COSO’s recommendations on risk appetite and tolerance.