Enterprise Risk Management

Table of Contents

1. Frontmatter

2. Chapter 1. Risks, Opportunities, and Enterprise Risk Management

   Robert Rieg, Ute Vanini, Werner Gleißner

   Abstract

   Corporate success is not possible without risk-taking. Risks and opportunities result from the unpredictable future and lead to either negative or positive deviations from planned corporate targets. The extent of risks and opportunities depends on numerous factors such as the volatility of relevant market prices, which must be identified, analyzed, and controlled using enterprise risk management (ERM). In many countries, companies are required by law to implement risk management (RM) approaches. Therefore, this section discusses the need for enterprise-wide RM, defines key terms, and introduces the concept of ERM in detail.

3. Chapter 2. Theories of Decision-Making Under Risk

   Robert Rieg, Ute Vanini, Werner Gleißner

   Abstract

   Enterprise risk management (ERM) should support managerial decision-making to increase firm performance and firm value. Although decisions are made every day, few people realize that decisions are fundamentally structured in terms of cost and benefits and risks and opportunities. These factors must be analyzed to understand how decisions are made and how they can be improved. The underlying structure is not always visible in risk decisions and risk models in practice, so it is important to be aware of it when individuals in organizations build risk models and make decisions under risk. Such decisions should consider expected values, risk attitudes, and risk diversification which are explained in this chapter.

4. Chapter 3. Heuristics and Biases in Enterprise Risk Management

   Robert Rieg, Ute Vanini, Werner Gleißner

   Abstract

   This chapter explores the pivotal role of heuristics and biases in ERM. It provides an in-depth examination of how cognitive shortcuts or heuristics, while beneficial for quick decision-making, can also introduce significant biases that potentially skew judgment and lead to suboptimal outcomes. The chapter delves into various types of biases, including motivational, cognitive, and group-specific, elucidating how they influence decisions in business environments. One key focus of the chapter is prospect theory, which articulates how individuals evaluate potential losses and gains from a specific reference point, thereby impacting their risk assessments and decisions. This theory is illustrated through practical examples demonstrating its application in real-world business decisions. Additionally, the chapter discusses strategies to mitigate the adverse effects of these biases, emphasizing the importance of structured decision-making processes, continuous education on cognitive biases, and a risk-aware culture within organizations. Through this comprehensive analysis, the chapter aims to equip business administration students with the necessary tools and understanding to apply psychological insights effectively in ERM and beyond, fostering better decision-making practices in their professional careers.

5. Chapter 4. Methods of Decision-Making Under Risk

   Robert Rieg, Ute Vanini, Werner Gleißner

   Abstract

   Most managerial decisions are made under uncertainty about the decisions of other agents as well as about future events. This chapter outlines and explains several methods for dealing with such decisions under risk. All the methods described assume knowledge or at least some expectations about future events and decisions of other agents with some probability. However, this assumption is controversial, and some proponents argue that in a world of “radical uncertainty,” other ways of making decisions may be more appropriate.

6. Chapter 5. Risk Quantification, Risk Modelling, Risk Aggregation, and Model Risks

   Robert Rieg, Ute Vanini, Werner Gleißner

   Abstract

   This chapter introduces the principles and methods of appropriate risk quantification and risk aggregation. In addition to explaining the most important probability distributions for quantification, this chapter discusses typical problems with this task. Within the guidelines of risk quantification, a method is provided that enables the appropriate quantification of different risks. The chapter additionally shows how the overall scope of risk of a company is determined based on corporate planning by means of risk aggregation, especially Monte Carlo simulation.

7. Chapter 6. Risk Metrics and Risk Measures

   Robert Rieg, Ute Vanini, Werner Gleißner

   Abstract

   Risk metrics are used to measure and evaluate risk. Risk metrics include spread, volatility, the coefficient of variation, the Sharpe ratio, risk-adjusted performance indicators, sensitivity analysis, value drivers, and at-risk metrics like cash flow at risk and earnings at risk. These metrics help organizations identify potential risks and develop strategies to mitigate them.

8. Chapter 7. Strategic Perspective on Enterprise Risk Management

   Robert Rieg, Ute Vanini, Werner Gleißner

   Abstract

   The implementation of the operational ERM process requires a strategic framework that links ERM with the corporate strategy and goals, the company’s risk-bearing capacity, and its performance and incentive systems. The risk-bearing capacity depends on a company’s financial reserves, liquidity, and creditworthiness, which can be measured by its financial rating. The risk-bearing capacity is related to the firm’s overall risk exposure under different scenarios or for different probabilities of occurrence. The targeted risk-return profile, on the other hand, is an expression of the company’s risk culture and the risk appetite of its shareholders and top management.

9. Chapter 8. Operational Perspective on the ERM Process

   Robert Rieg, Ute Vanini, Werner Gleißner

   Abstract

   Risks must be identified and assessed on an ongoing basis as part of the operational ERM process. Companies have various methods and tools at their disposal for this purpose, including early warning systems, scenario analyses, statistical risk modelling, and aggregation methods. Monte Carlo simulation (MCS) is particularly suitable for determining the overall risk exposure and thus for monitoring the risk-bearing capacity. In addition, a firm’s risk status and risk-bearing capacity must be reported as part of internal risk reporting and external risk disclosure so that mitigation measures can be taken if necessary.

10. Chapter 9. Strategy, Resilience, Robustness, Sustainability, and ERM

    Robert Rieg, Ute Vanini, Werner Gleißner

    Abstract

    The task of strategic risk management, which constitutes an important part of ERM, is to identify and strategically manage uncertainties, opportunities, and risks such as threats to success factors.

    This chapter explains the importance of risk management in ensuring the sustainable success of an organization. Building on the model of a robust company, it shows how financial sustainability (strength), a robust strategy, organizational resilience, and the ability to deal with risks improve the future viability of a company. A robust company is one that is highly likely to withstand the effects of risks due to its characteristics—even if the risks were not recognized or managed as part of a risk analysis. The most important characteristics of such a company are summarized at the end of the chapter, expressed as 20 core criteria. In this context, the importance of sustainability is also discussed.

11. Chapter 10. Value-Based Management and Enterprise Risk Management

    Robert Rieg, Ute Vanini, Werner Gleißner

    Abstract

    This chapter outlines the relationship between value-based management and enterprise risk management (ERM). In particular, it is made clear that information from risk analysis and risk aggregation is especially relevant for modern value-based management. ERM provides the risk information that is required to provide unbiased projected values of cash flows or earnings and derive a risk-adequate cost of capital from the fluctuation around this planned value (planning uncertainty). By linking ERM and value-based management, one obtains value-based ERM. This uses insider information about existing risks as the basis for assessing the risk-return profile of options for action. In contrast to traditional concepts such as the capital asset pricing model for deriving the cost of capital, the approach can be used on apparently imperfect capital markets and in consideration of rating and financing restrictions. The application is shown in this chapter with a case study (strategy valuation).

12. Chapter 11. Enterprise Risk Management and Business Planning

    Robert Rieg, Ute Vanini, Werner Gleißner

    Abstract

    Business planning and budgeting are important tools for many organizations. They are used to set goals, allocate resources, and evaluate performance. Plans and budgets relate to the future and are therefore uncertain. There is always the risk of not achieving a plan. Thus, rational managers should always consider risks as well as opportunities in planning and budgeting. The chapter first discusses the reasons and general ways to integrate risk before explaining several approaches to risk integration. It also highlights that an operational plan has many functions and are not necessarily identical to forecasts.

13. Chapter 12. Organizational Aspects of Enterprise Risk Management

    Robert Rieg, Ute Vanini, Werner Gleißner

    Abstract

    For successful implementation, enterprise risk management (ERM) must be well organized. That means that specific ERM tasks in the operational ERM process must be assigned to specific positions in a firm and organized into a specific process over time. The idea of ERM organization is closely related to the theoretical concept of risk governance, which aims to solve agency problems resulting from ERM. Depending on the regulatory requirements, size, and complexity of a firm, the relevant ERM actors (which include risk owners, risk managers, and management accountants) and approaches for implementing ERM vary. A firm’s risk managers can take on different roles, such as compliance champions or business partners, depending on the main ERM relations of the firm. Especially in larger companies, many different functions are involved in ERM. The three lines (of defense) model can be used for an efficient and effective task sharing of these functions. Overall, ERM implementation can achieve different maturity levels in corporate practice.

14. Chapter 13. Case Studies: Risk Analysis, Company Valuation, and Strategy Valuation

    Robert Rieg, Ute Vanini, Werner Gleißner

    Abstract

    This chapter uses two case studies to illustrate how key methods and concepts of modern enterprise risk management explained in the book can be applied. The case study in Sect. 13.1 shows how a company’s strategic option can be evaluated in a risk-appropriate manner. In particular, it illustrates the implementation of the valuation methods explained in Chap. 11, which combine risk analysis and aggregation with discount rate and shareholder value. The case study in Sect. 13.2 shows how an existing integrated business plan is linked to risks to generate a range planning using risk aggregation (Monte Carlo simulation). It shows how key metrics are derived to describe the overall risk exposure of the business.

15. Backmatter