Effective Enterprise Risk Management Practices

Subject: Risk Management
Pages: 6
Words: 1672
Reading time:
7 min
Study level: PhD


The modern business environment has become very intricate over the past few years, and this trend has increased the degree of risks in running companies. The degree of complexity within the business environment has been prompted by a multitude of factors such as economic, technological, global politics, and an increase in the intensity of competition (Althonayan, Keith & Misiura 2011). Moreover, businesses encounter risks originating from internal operations. This aspect underlines the fact that risk constitutes an integral reality in business operations. In a bid to survive in such an intricate environment, it is imperative for businesses to incorporate effective risk management practices. Risk is linked to negative organisational impact. The new paradigm in risk management, viz. the impact of risk on a firm, can be categorised into two main categories, which include downside and upside risk. Downside risk affects a firm’s ability to attain the predetermined strategic goals. Conversely, Althonayan, Keith, and Misiura (2011, p.110) assert that upside ‘risk is represented by all the potential benefits or the business opportunities that an organisation may draw from the same event’. Therefore, the importance establishing a system that assists organisational managers to manage risk effectively should not be ignored.

Problem statement

Despite the growth in the level of consciousness amongst managers on the significance of managing risk, most businesses have not adopted a holistic approach to enable them to augment the efficacy of their risk management practices. Traditional risk management practices affirm that organisations encounter challenges in managing risks. The existence of such imperfections leads to an increment in real costs within organisations. Some of the traditional risk management approaches adopted by organisations have not assisted businesses in coping with risks originating from the external environment. For example, the risk management approach incorporated by the UBS Group failed in assisting the organisation to detect and alleviate the adverse effects of the 2007/2008 economic recession in time (Harner 2010). Therefore, most entities have not been in a position to maximise their value. However, the adoption of optimal risk management techniques can promote an organisation’s value by minimising risk. McShane, Nair, and Rustambekov (2011, p. 643) affirm that the ‘benefits of risk management can be classified as reduction in expected costs related to tax payments, financial distress, underinvestment, asymmetric information, and un-diversifiable stakeholders’.

The positive correlation between risk and an organisation’s value highlights the significance of adopting effective risk management approach such as the Enterprise Risk Management [ERM] approach. Althonayan, Keith, and Misiura (2011, p. 110) define ERM as ‘a structured approach combining strategies, resources, technology, and knowledge to assess and manage the uncertainties that various enterprises face as value is being generated’. The ERM approach can assist organisations to not only manage risk, but also exploit the opportunities inherent in a particular risk. Harner (2010) further emphasises that effective implementation of the ERM approach enables organisations to manage risk exposure. Ignoring or under utilising ERM can affect an organisation’s long-term excellence.

Research objective

The purpose of this research proposal is to examine how organisations can attain business excellence by effectively managing risk. The research will focus on Enterprise Risk Management.

Research question

In order to undertake the study successfully, the researcher will be guided by the research question outlined below.

  1. How can organisations in the UK attain business excellence by incorporating Enterprise Risk Management?

Literature review

Bharathy and McShane (2014) argue that ERM aims at assisting organisations to develop a holistic approach to managing the diverse types of risks that might be experienced. Some of the common types of risks that businesses might experience include strategic risk, hazards, operational, and financial risks. Traditionally, risk management was considered as a technical function. Subsequently, mid-level managers mainly undertook it. Furthermore, risk management was mainly concerned with insurable risks such as hazard risks, employee safety exposure, and liabilities (Bharathy & McShane 2014).

The decision to formulate the ERM has been motivated by the need to assist organisations to cope with additional risks, for example, strategic and operational risks (Baxter et al. 2013). Therefore, ERM does not mainly focus on hazards. On the contrary, it assists organisations in the course of managing diverse categories of risks such as those arising from corporate governance, information technology, human resource, distribution systems, and supply chain management (Arnold et al. 2014). The significance of the ERM approach is further illustrated by the view that it enables organisational managers to develop an understanding of the relationship and correlations amongst different risk categories (McShane, Nair & Rustambekov 2011).

Organisations have formulated and implemented diverse ERM frameworks such as the Committee of Sponsoring Organisations [COSO] and ISO 31000. The COSO framework is mainly focused on enhancing the effectiveness with which an organisation undertakes internal audit. However, the application of the COSO ERM framework has been relatively lower as compared to ISO 31000 (Bharathy & McShane 2014).

According to Hurlimann (2014), organisations’ attitude towards ERM has undergone a remarkable transformation due to the emergence of diverse risks facing businesses. The significance of integrating comprehensive ERM approach in business operations is underscored by the adverse impacts of the recent global economic recession. A study involving 1,419 business executives around the world conducted by the Harvard Business Review Analytic Services showed that over 75% of business executives recognise risk management as one of the most important elements since the emergence of the 2008 economic recession (Hurlimann 2014).

Despite the view that most businesses around the world had adopted risk management practices, Althonayan, Keith, and Misiura (2011, p.110) assert that the ‘existing risk management programmes failed and abnormalities took serious tolls on enterprises performance’. Bharathy and McShane (2014) further affirm that the ERM programmes were based on a ‘reductionist’ approach. Previously, businesses followed traditional approaches in dealing with new types of risks, which limited their effectiveness. McShane, Nair, and Rustambekov (2011) argue that the implementation of ERM enables organisations to minimise its exposure to risk. Hurlimann (2014) emphasises that it is essential for business managers to adopt a proactive approach to managing risk as opposed to adopting a reactive approach. Therefore, organisational managers have a duty of ensuring that they gain insight on the most effective approach to adopt in order to hedge against risks successfully. Such approach increases an organisation’s capacity to deal with financial risks. Firms established within the highly regulated economic sectors such as healthcare, energy, and financial services are amongst the sectors that have succeeded in implementing best ERM practices. For example, such companies are increasingly employing Chief Risk Officers, which highlights their commitment to attaining effective management of risk (Hurlimann 2014).

Companies established in other sectors are also entrenching ERM in their strategic management practices. However, some of the companies are adopting ERM in an effort to comply with the regulatory mechanisms implemented by governments. For example, the European governments are increasingly pressurising businesses to implement ERM in their risk management practices. Conversely, other firms are adopting businesses as a personal initiative to cope with the changing business environment such as the financial crisis (Hurlimann 2014).


This study intends to evaluate how organisations can survive in an environment characterised by diverse risks originating from the internal and external business environments by incorporating Enterprise Risk Management approaches. In conducting this study, the researcher will evaluate how businesses in the UK have incorporated ERM in their operations and the contribution of the ERM frameworks in managing risks. Businesses operating in the UK are not shielded from changes in the global business environment. Thus, it is essential for organisational managers to understand how the ERM framework can enhance long-term sustainability. This goal can only be attained by understanding the shortcomings of the already implemented ERM approaches.

The study will be conducted by incorporating the mixed research approach. Subsequently, the study will adopt both qualitative and quantitative research approaches. Adopting qualitative research design will enhance the research process by undertaking an in-depth analysis of the extent to which organisations have integrated the ERM approach to managing risks. Conversely, quantitative research approach will enable the data collected to be analysed quantitatively.

Data collection

The study will rely on secondary and primary sources of data. Secondary data will be sourced from already published reports and studies on the implementation of ERM. However, the researcher will specifically select published reports and studies on the UK firms. On the other hand, primary data will be sourced from well-established businesses enterprises in the UK. The researcher will identify and select a number of businesses based in the UK from which a number of respondents will be selected. Selecting business managers and other internal organisational stakeholders will enable the researcher to collect relevant data. The respondents will be selected by using the simple random sampling approach. This approach will eliminate bias in selecting research respondents. During the data collection process, the researcher will adopt two main techniques, which include interviews and questionnaires. A set of semi-structured questionnaires comprising of open and close-ended questionnaires will be designed.

Data analysis

The data collected from the field will be analysed using Microsoft Excel. Using this software will enable the researcher to illustrate the research findings using statistics. In addition, Microsoft Excel will enable the researcher to present the research findings using graphs, percentages, pie charts, and tables. Furthermore, using these tools will enable the researcher to manage the raw data effectively, for example, by condensing the data.


In order to enhance the outcome of the study, the researcher will ensure that the methodology will be implemented optimally. To achieve this goal, the researcher will adhere to the concepts of validity and reliability during the data collection and analysis process. Focusing on the UK will ensure that the research findings are relevant to businesses operating in the UK. The study’s findings will contribute to a better understanding of the importance of incorporating and utilising effective ERM in their operation. Moreover, businesses operating in the UK will evaluate the effectiveness of the already established ERM approaches coupled with how best they can improve their risk management techniques.


Althonayan, A, Keith, J & Misiura, A 2011, ‘Aligning enterprise risk management with business strategy and information systems’, European, Mediterranean & Middle Eastern Conference on Information Systems, vol. 2, no. 3, pp. 109-129.

Arnold, V, Benford, T, Hampton, C & Sutton, S 2014, ‘Enterprise risk management; re-conceptualising the role of risk and trust on information sharing in transnational alliances’, Journal of Information Systems, vol. 28, no. 2, pp. 257-285.

Baxter, R, Bedard, J, Hoitash, R & Yezegel, A 2013, ‘Enterprise risk management program quality; determinants, value relevance and the financial crisis’, Contemporary Accounting Research, vol. 30, no. 4, pp. 1264-1295.

Bharathy, G & McShane, M 2014, ‘Applying a systems model to enterprise risk management’, Engineering Management Journal, vol. 26, no. 4, pp. 38-46.

Harner, M 2010, Ignoring the writing on the wall; the role of enterprise risk management in the economic crisis, University of Maryland, New York.

Hurlimann, T 2014, Risk management in a time of global uncertainty, Harvard Business Review Analytic Services, Zurich.

McShane, M, Nair, A & Rustambekov, E 2011, ‘Does enterprise risk management increase firm value’, Journal of Accounting Auditing & Finance, vol. 26, no. 4, pp. 641-658.