Enterprise Risk Management in Europe

Risk management (RM) is a rapidly developing field in France. Several associations are trying to promote an approach of ERM that is far removed from insurance and compliance. In practice, we note that the RM in French companies is still very strongly rooted in internal control. Risk managers in France do not have yet the “risk champion” role of the chief risk officer.

The enterprise risk management (ERM) approach promises to manage corporate risks holistically, as opposed to the silo perspective in traditional risk management frameworks. There is evidence that different economic and regulatory environments profoundly shape the implementation of ERM in different countries. To understand better the specific situation in Germany, this chapter presents an analysis on the current application, the regulatory environment, and the development over time of ERM in Germany. Finally, we highlight some important avenues for further research on ERM in Germany and beyond.

Most non-financial companies in Greece do not have an ERM function nor present one in their organizational charts. The enterprise risk management is still more theory than practice even for companies that have embraced it so far, and in general the enterprise risk management seems to be at its infancy in Greece with only some prominent and mature organizations showing the way forward. The aim of this study is to provide some reflections about risk disclosure in annual reports and accounting practices in Greece. Although companies in Greece do seem reluctant to apply ERM, during last years, non-financial information demonstrated to emerge within financial statements and annual reports, giving a broader perspective to risk.

In this chapter, we address the operationalization of the enterprise risk management (ERM) system in Italy. We first present some Italian economic highlights emphasizing the uncertainty characterizing the domestic development, and we focus on the recent changes in domestic regulation which are related to the concept of risk. Then, we examine the degree of knowledge of ERM in the academic arena and the role of professional bodies in this field, focusing on if and how ERM principles are embedded within organizations and effectively integrated into their practices. On the basis of the evidence from questionnaires collected from risk professionals working in prominent Italian firms, who are involved in different ways in the ERM process, we provide some concluding considerations about the degree of integration of ERM practices with governance mechanisms, accounting practices and disclosure in annual reports.

This chapter aims to advance the debate on enterprise risk management (ERM) frameworks within different contexts. We discuss the economic, business and regulatory environments that set the framework for company risk management practices in Lithuania while contrasting ERM features at the company level. ERM practices are examined using two company cases – a private business company and a state-owned enterprise (SOE), and evidence is based on interviews with their management, as well as their documentation. The findings indicate the co-existence of a functional vs systematic approach to risk management. Moreover, evidence supports the notion of the shifting of risk management from a functional risk management approach to a systematic approach within risk portfolio management. We assume that risk management is a conceptualized subject of management and research, with a rather weak connection with enterprise goals and operations.

After the Royal Ahold accounting scandal occurred in 2003, the Dutch government responded by publishing a new Corporate Governance code, often referred to as the “Tabaksblat Code”, updated in 2016. The Code focuses on long-term value creation by emphasizing risk management and accountability and reinforcing the roles and duties of management board, internal audit function, and supervisory board in designing adequate risk management and control systems and in assessing their effectiveness. Differently than the rule-based Anglo-Saxon regulations, the Code is based on best practices provisions and adopts a “comply or explain” approach. Professional bodies are actively supporting their associates in developing skills in current and emerging risk management areas. Despite these efforts, it is worth noting that there are still significant differences on how companies apply the risk management provisions. For instance, in terms of appointing a dedicated manager as Chief Risk Officer (CRO), in the frequency and scope of risk assessment, and in defining the risk appetite of the company.

Since the mid-1990s, enterprise risk management (ERM) has proliferated in both the private and public sector as a holistic, enterprise-wide approach to risk management. In this chapter, we begin by exploring the economic, regulatory and professional context of ERM practices in Norway. To gain an understanding of the current state of ERM practices among Norwegian entities, we have conducted a survey among members of the Institute of Internal Auditors (IIA) Norway. Based on the survey data, we go on to analyse the perceived maturity of risk management practices of the surveyed organizations, as well as their integration of risk management with governance mechanisms and accounting practices. Four main findings emerged from the survey. We firstly observed that a majority of the respondents perceived that they had implemented ERM. Secondly, the average maturity of risk management practice is at a medium level, with ambitions to improve it further in the future. We further observed that a majority of the organizations have established risk management governance structures regarding the roles of risk management. However, there is still work to be done in relation to risk management functions in order for them to gain more attention and influence in the organizations. Finally, we find that risk management is more integrated with reporting processes than with strategic and performance planning processes, suggesting a more reactive than proactive approach to managing risks.

In this chapter, I present the development of enterprise risk management (ERM) in Poland from the policy and the organizational point of view. I examine the impact of ERM research on practice, and the professionalization of ERM, being facilitated by professional bodies and associations, and promoted by the evolvement of principles and practices. At the organizational level, I analyse and present the effects of laws and regulations on ERMs development, the advantages and disadvantages of decentralized corporate governance. While Poland is considered to be behind other European countries in leveraging the value creation aspects of ERM, I see evidence at the individual firm level that organizations in different industries are actively working with their version of ERM to realize organizational benefits, and that certain dimensions of integration can still be reached even in the absence of some of the formalized structural components of ERM to create value for the firm.

The present chapter tries to assess the state of art of enterprise risk management (ERM) among Portuguese non-financial companies regarding two main aspects: the ERM background in Portugal and the level of disclosure of ERM practices by non-financial listed companies. Since the analysis of disclosures is useful to understand the level of evolution and adoption of ERM framework we tried to assess the ERM practices disclosed by 26 Portuguese non-financial listed companies at the Euronext Lisbon Stock Exchange regulated market, during the period of 2006–2016. Main findings indicate that regulation on ERM in Portugal emanates from three main Codes (The Portuguese Companies Code, The Stock Exchange Code, and The Corporate Governance Code). The ERM professionalization in Portugal is its infancy and has been promoted mainly by the Institute of Portuguese Internal Auditors. Moreover, research on topics such as risk reporting and risk management/ERM is very scarce. Overall, findings of prior literature are consistent with results from our exploratory study. We conclude that Portuguese non-financial listed companies still disclose very little information on ERM activities. However, over the period of analysis, the disclosure practices evolved positively. Findings show that ERM disclosure can still be extensively improved in the future.

The aim of this study is to investigate whether and how Spanish listed companies adopt formalized and integrated models of risk management during the period 2016–2018 and disclose them inside annual reports. Such investigation rebuilds the international regulatory and self-regulatory framework about risk management and examines the pressures and constraints influencing the adoption and implementation of ERM model in Spain. Indeed, the instability and uncertainty of the global macroeconomic context and the new threats to the corporate profitability and survival are now contributing to the development of a new dimension of risk management system more updated, dynamic and integrated. The results of the content analysis on ERM disclosure in annual reports show that Spanish listed companies are not equipped with structured and integrated risk management systems and their risk management approach is not aligned with any ERM framework. Notwithstanding, the Spanish companies are taking remarkable steps to strengthen the risk management systems towards a higher level of integration and systematization.

The aim of this research is to examine the evolvement of enterprise risk management (ERM) in Sweden. We examine how the Swedish legal and self-regulatory framework influences ERM development. We examine the impact of ERM research on practice, the professionalization of ERM facilitated by professional bodies and associations, and its promotion by the evolvement of principles and practices. This research is based on interviews with national experts ¹ at the policy level as well as four field visits to large Swedish organizations in order to deepen our understanding of ERM integration with corporate governance, accounting, and disclosures. We find that: There is no obvious misalignment between the legal and self-regulatory framework and ERM practices in organizations; ERM is more integrated with disclosures than with governance and accounting practices; decentralized organizations experience more difficulty in integrating ERM compared to centralized organizations; no tensions were evident between compliance and business partnering in the four field visits, enabling ERM integration; regulation can be useful in promoting minimum standards for ERM integration. This study adds to our understanding of ERM integration and the role of unique governing contracts in linking profitability, growth and risk from an ERM perspective. It also deepens our understanding of ERM integration as a multidimensional construct.

A commonly misunderstood characteristic of ERM in Switzerland is that it is perceived as a risk minimization tool. However, ERM is about controlling an ideal risk exposure level to pursue strategic objectives. ERM has emerged as an important business topic in Switzerland. As major challenges still pose a threat to successful ERM implementation, this study provides some causes for reflection on how to implement ERM model in order to gain a comprehensive view on all risks, opportunities and their respective interdependencies. Moreover, this study suggests policy makers to think about how to strengthen risk-based disclosures in the future.

Companies face a wide number of risks and need to have in place appropriate measures and techniques to be able to identify, manage, and monitor risks. Risk management is a fundamental responsibility of the corporate governance structure of an organization; it means managing all risks on a holistic basis, all together rather than just one, through an appropriate and systematic process. This chapter provides an overview of enterprise risk management in the United Kingdom. It presents key information on the economic system of the United Kingdom, emphasizing the role of small and medium enterprises, and presents country macroeconomic highlights. It provides a summary of regulation, practices, and authorities; it presents the key milestones of the regulation on corporate governance and reporting in the United Kingdom, and stresses the importance of corporate governance mechanism in companies' enterprise risk management practices. Further, it discusses the importance of transparency and disclosure in the context of enterprise risk management, specifically the relevance of risk management and internal control related disclosure in the annual reports and accounts. Finally, it reviews the growing academic research on enterprise risk management and previous studies on risk disclosure practices in companies' reports.

Risks are an integral part of business, and enterprise risk management (ERM) is making its way towards effectively leading enterprises in addressing these risks. This chapter seeks to describe how European ERM practitioners minimize the risks they face by taking into consideration insights from the sector's best practices reflected in the ISO 31000 Risk Management Guidelines, COSO's ERM framework, contributions from university researchers, from the national risk management associations and the Federation of European Risk Management Associations (FERMA). This chapter will underscore the need for total alignment of practices and make a case for the need to align between ERM, governance, accounting and disclosure systems. In addition, there is no doubt that ERM – when incorporated in operations through appropriate governance mechanisms and accounting practices – could help firms respond to real-time volatilities more effectively. However, ERM practitioners' perspectives differ slightly from those of accountants in that no extensive legally binding rules are required in risk management, and a different scope of work is pursued.

This chapter discusses the state of development of enterprise risk management (ERM) in Europe and draws attention to the commonalities and differences in ERM use across European countries. The analysis carried out considers relevant aspects, such as the state of development of risk management across countries, the institutional context and the cultural features surrounding risk management development, which are examined from a comparative stance. This analysis allowed us to identify five clusters of countries, by tapping into the whole European picture concerning risk management and highlighting that ERM development advances in the European area at different speeds, and that more effort should be put into aligning and making coherent ERM thinking and ERM use. In so doing, the analysis unveils the drivers that can boost the appropriate implementation of ERM, the dissemination of best practices (or better, best logics) and the early detection of those conditions contributing to resistance and ineffectiveness.