Multiple Perspectives in Risk and Risk Management

In recent years, growing expectations from financial markets, increasing requirements by regulators and dedicated guidelines on risk governance have raised the bar for board involvement in the management of risks. Board risk oversight refers to the practices used by directors to define the appropriate level of risk for their companies to communicate appetite for risk and to oversee the institution and functioning of controls aimed at keeping the company operating within established boundaries. Managerial literature offers anecdotal evidence that board risk oversight is mainly driven by the search for compliance with regulatory requirements, thus turning a value creation mechanism into an ineffective bureaucratic exercise. The inadequate risk culture of most boards is often reported as the main determinant of the gap between the expected and the actual effectiveness of board risk oversight. We provide an additional explanation based on a review of the leading guidance on corporate governance. We contend that the image of board risk oversight marketed through most of the governance literature is a simplified, unrealistic representation of a complex set of activities whose effectiveness depends on the solution of theoretical as well as practical problems. In our view, leading risk management frameworks and guidance do not address most of those critical issues but merely provide one size fits all solutions that are frequently derived from concepts and practices developed in highly regulated industries and later transferred to different and distant industries without adequate contextualization. We argue that this practice has led to some significant biases that make the implementation of risk oversight in different contexts less effective than the original one. We also re-examine board risk oversight in the light of directors’ fiduciary duties. We contend that the well-established jurisprudential orientation of courts, inspired by the business judgment rule, may even encourage boards to be uninformed of aggressive risk-taking by officers and management. Nonetheless, recent jurisprudence seems to reconsider directors’ responsibility (and liability) for risk oversight, apparently recognising the conflict between the weak fiduciary standards set by previous jurisprudence and the increasing requests from investors for boards to play a more active role.

Enterprise Risk Management (ERM) represents a paradigm envisioned to provide an organization both resilience and opportunity in the face of uncertainty. The debate around ERM’s value contribution to the organization has led to key ERM research questions arising, highlighting the need for further investigation of empirical measurement of ERM and its implementation. Calls from several scholars specifically request extending the academic body of knowledge on ERM measurement. Motivated by the above calls, this study presents the findings of a systematic review of the ERM literature. The review examines the academic discipline of journals existing ERM studies are published in, these journals’ H-indices, the location of the studies, and the methodology of how ERM is measured in the studies. The review establishes that the ERM literature cuts across several academic research disciplines such as accounting, finance and strategy. Moreover, the extant literature underscores that it is very difficult to quantify and measure ERM in practice within organizations. Consequential to this, most empirical studies of ERM have emphasized either a qualitative approach focusing in depth on specific organizations, or a quantitative approach relying on accessible, basic secondary data available in company reports. A gap in knowledge is presented around extending ERM measurement, in particular in terms of methodologies based on primary data collection and analysis. This paper concludes that further development of empirical measurement scales based on primary data, whereby direct, first-hand input from members of organizations implementing ERM is collected, will augment the ERM body of knowledge. Such scales will allow for important aspects of ERM as it is implemented in the organization to be empirically measured.

The case of the ILVA steel plant in Taranto represents an example of contrasting, incommensurable sustainability issues, explored in terms of “social” and “societal” risks (Asenova et al. in Managing the risks of public spending cuts in Scotland, 2013; Redistribution of social and societal risk: the impact on individuals, their networks and communities, 2015) [Asenova et al. (2015) refer to social risks as the risks of unemployment, and to societal risks as environmental and health risks.]. The case of ILVA has received significant attention for the great amount of dangerous pollutants spread in the environment, as well as the evidence of higher illness and mortality rates in the districts nearest to the plant. In July 2012, the Italian Judiciary halted activity in the steel plant. Four months after, the Italian Government declared the steel plant site as a “Strategic National Interest Site”, and allowed the company to restart its activity. Drawing on governmentality (Foucault in Questions of method, 1991), the paper aims to explore the role of accounting—here broadly intended as calculative practices (Miller in Soc Res 68:379–396, 2001)—in moulding ministerial discourse to support decisions when the governance of contrasting risks is needed to safeguard public interest. Supported by discourse analysis of governmental speech, the research shows that the Italian Government based its decision on various experts’ risk appraisals: accounting shaped governmental discourse by giving more visibility and relevance to “social” risks (i.e. unemployment, economic development, productivity and competitiveness risks), while silencing “societal” ones (i.e. environmental and health risks). Focusing on a case of incommensurable contrasting issues, the findings contribute to show that accounting concurrently plays a significant role in government decisions legitimizing the business continuity through the creation of a specific risk discourse.

Worldwide governance organizations and regulators have recently called for more enhanced disclosures about how organizations manage risks. Enterprise Risk Management (ERM) is recognized as a value-contributing best practice even when legal standards do not require it (Whitman in Risk Manag Insur Rev 18(2):161–197, 2015), but public disclosure on such a process is not generally mandatory. In Italy emphasis on risk disclosure started in 2008 but it was the 2011 revision of the Corporate Governance (CG) code for listed companies to ask for the board commitment in disclosing, within the CG report, about the main internal control and risk management system’s characteristics (Borsa Italiana in Codice di Autodisciplina, 2011). Given the proprietary nature of risk information in addition to the Italian capital market characteristics (small capitalization and presence of a dominant shareholder) and the lack of any mandate for what specific aspects board should disclose, the study aims at investigating a potential variation between private and public disclosure on ERM. Relying on the ERM concepts provided by the COSO framework (2004) the author submitted a survey seeking information about ERM practices within Italian listed companies. Such a private information is compared to public CG reports released by the same companies. The comparison shows companies tend to privately reveal a more effective ERM process than the one they publicly disclose. An examination of CG and firm’s risk variables potentially determining higher variation—i.e. information inconsistency—supports proprietary costs theory rather than agency theory expectations. Thus showing the limits of voluntary disclosure dealing with risk management systems. The study might have international policy implications.

Contemporary accounting faces a full range of challenges in addressing the growing need for information from financial statements. Non-financial information disclosures are becoming increasingly common and important. Especially for the largest Polish companies its’ disclosure is a legal obligation. Among non-financial information, forward-looking disclosures might be considered crucial, as they are bound with a certain level of risk for both the entity and the recipients of the financial statement. In this paper the problem of risk in accounting will be analysed from the perspective of the forward-looking disclosures. This paper aims to investigate the relationship between the type and range of forward-looking information disclosures and the problem of risk in the accounting system, which is an emerging research area on Polish ground. The main goal of this paper is to present the general concept of forward-looking information disclosures and their associations with risk factors. The research method applied in the theoretical part of the paper is a critical analysis of the available literature and law regulations on the topic. The paper also features an empirical part which examines the forward-looking information in financial statements of companies quoted on the Warsaw Stock Exchange. There is a very limited number of studies that cover forward-looking disclosures in Poland. Therefore, a preliminary study conducted in this paper might serve as a basis for an extended research. The study bases on the content analysis method, which along with the usage of text analysis software is a widespread tool in international studies. General results indicate a relatively low level of forward-looking information disclosures, which could indicate an aversion towards risk in accounting. However, a variation of results among industries may be observed.

This paper addresses the buffering function of financial slack (understood as the pool of available resources) in the company from risk management perspective. The main purpose of this paper is to study the relationship between financial slack and risk retention, as one of risk management strategies. Risk retention is here considered as a risk financing method, whereby a company intentionally assumes the self-sufficient coverage of the negative financial outcomes of risk. The paper offers an original, conceptual model of the assessment of the company’s risk retention capacity, as determined by the existence of financial slack. It considers more-in-depth three main strategies of risk retention: earmarked capital reserves, compensation and contingent financing and links them with the three types of financial slack: available, recoverable and potential one, respectively. The contribution of the study is manifold. Firstly, it defines and systemizes the category of a financial slack in the broad meaning, together with its measures. Secondly, it offers an original, conceptual model of the application of the financial slack measures to the assessment of the company’s risk retention capacity. Finally, it provides the empirical illustration of the sector-relativity of the existence of risk retention capacity, based on the financial data of the 500 largest Polish companies. This empirical illustration is executed separately for each of the distinguished risk retention strategies and linked to the presence of a various types of financial slack.

To better understand where and why errors happen in risk assessment, we propose a model of the risk assessment process as a distributed cognitive task for a group of agents. This model provides the foundation for an agent-based simulation that allows a systematic investigation of the risk assessment process in a controlled setting. Building on a perspective of sensemaking and cognition on risk analysis, we present a new approach to assess a whole class of group decision-making problems by building generalized constraint satisfaction networks as a starting point for a randomized agent-based simulation.

In the paper, we discuss the problem of risk monitoring in small and medium-sized enterprises (SMEs). To this aim, we propose to use the results of the analysis of enterprise financial standing. We indicate the crucial groups of financial ratios as well as the most important financial ratios themselves, that should be taken into account in the process of continuous risk monitoring in an enterprise. We also present the features of eanaliza.pl online service, which can be helpful in calculating the up-to-date information on enterprise financial situation. Using the service we investigate the possible risk factors for a hypothetical small-sized enterprise. We conclude the paper by stating that the use of IT tools, such as the eanaliza.pl service, can bring important benefits to the SMEs in the context of risk management.

Although the majority of German companies in general and leasing companies in particular are small and medium-sized enterprises (SMEs) and even though risk management is gaining more and more practical as well as academic relevance, there are only very few studies focusing on risk management in SMEs. This paper aims to fill this gap by presenting a comprehensive approach to the topic and presenting a framework tailored for leasing SMEs. Research was based on 40 semi-structured in-depth interviews, thereof 35 SMEs and 5 large German leasing companies. This represents about 25% of the whole German leasing market in terms of annual sales volume and number of active leasing firms. Based on the interviews, a framework on enterprise-wide risk management was developed with a grounded theory approach and also a scoring of interviewees was undertaken. The scoring was based on the Miles and Snow typology (Miles et al., Acad Manage Rev 3(3):546–562, 1978). It was found that a clear size effect exists. Smaller and owner-managed companies tend more often to have a passive and simplistic approach to risk management, whereas larger and non-owner-managed firms have more active, sometimes also enterprise-wide approaches to risk management in place.

Digitalization is not only a source of development and innovation, but also carries a risk related to the growing number of threats in cyberspace—so-called cyber risk. Any significant disruption in cyberspace, whether global or local, will have an impact on the security of business transactions, a sense of security for citizens, the efficiency of public sector institutions, the course of production processes and services, and consequently on national security in general. Modeling extreme events in the area of cyber risk may be used in determining the level of capital necessary to cover financial losses resulting from low-probability high-impact (LPHI) events. We conduct an analysis of the tail distributions, using univariate extreme value theory. In particular, we adopt the peak-over-threshold (POT) by Generalized Pareto Distribution (GPD) approach for exceedances (tails). Moreover, we applied another approach to extreme risk modelling—fitting a spliced distribution. The splicing of a Mixed Erlang distribution for the body and an extreme value distribution (Pareto or GPD) for the tail as well as mixtures of gamma/log-normal/Weibull distributions with GDP are considered. This approach overcomes the subjectivity of manual threshold selection, because it can be estimated as a parameter. We compare the results of fitted distributions and draw conclusions based on VaR’s estimates for each analyzed models. We found that the GPD model has proven its superiority over spliced distributions in terms of goodness-of-fit and accuracy of VaR estimations. Therefore we conclude that the GPD is the most recommended distribution to model extreme risk measures (VaR, ES). VaR and ES indicate the level of risk capital that should be carried by a company in case of LPHI cyber event.

A main aim of the article is to provide complex information about risk management in areas where robotic process Automation are implemented in order to fully or partially replace manual work in various accounting systems and structures. Approach to the cost savings and quality increase forcing companies to introduce to their process RPA—Robotic Process Automation. Although a fast progress in the development of these tools could be observed in the last years, the impact is still known to be challenging because of the lack of data about the scope of the savings, risk management, quality upgrade. Risk management and cost savings are main factors of the creation tools which allowing companies to reduce need of the manual work and generate significant savings. In this study we investigate the process of the replacing manual process in accounting systems with. Article make The purpose of the research is to identify impact of the RPA solution for the risk management of global companies.

In the appraisal of intergenerational public investments due to their extraordinary long life-cycle special attention must be given to the value of discount rate that influences greatly the net present value of a project in appraisal procedures. Of tremendous importance is the issue of including uncertainty via discounting due to the fact that intergenerational investments face high uncertainty which is coupled with the lack of unambivalent theoretical foundations and variety of empirical estimations of discount rates. The paper contributes to the discussion of social discount rate based on the Ramsey formula in the context of intergenerational allocations as well as discrepancies in treatment of costs and benefits from individual and social perspective. The reconstructed social discount rate formula that is proposed in the paper differentiates: firstly, between intra- and intergenerational frame due to discontinuity between generations, and secondly, between project’s costs and benefits owing to opposite signs of risk premia and the differences in gains and losses valuation.

The aim of the present article is to conduct the considerations aiming at the identification and presentation of the role of financial inclusion in realization of main purposes of monetary policy—financial stability and economic growth. To achieve the aim of the paper, the reviewed articles and reports of international organizations as well as the case studies from many countries will be used. Financial inclusion is strongly connected with many other financial parameters and processes and influences the financial well-being of households, financial management in enterprises, financial stability and economy as a whole. This impact—although it is ambiguous—accompanies the monetary policy of central banks. Financial inclusion may both increase as well as decrease the efficiency of usage the different tools and channels of central bank’s monetary policy in achieving the most important purposes—financial stability and economic growth. This means that many activities carried out to increase the level of financial inclusion may turn out to be risky. Complex relationships of many financial categories and processes, including financial inclusion and monetary policy require the detailed analysis to develop their coherent policy. A consideration of the financial inclusion as supporting process to monetary policy implies further research on ways of increasing the level of financial inclusion, taking into account multifaceted and bidirectional as well as direct and indirect relations between financial inclusion and monetary policy. The article presents integrated attitude to the influence of the financial inclusion on financial stability and economic growth.

The global financial crisis of 2007–2009 had a huge impact on financial markets and especially on liquidity (understood as the ability of economic agents to exchange existing wealth for goods and services or for other assets). The consequences of the crisis which have been visible till today forced the authorities and supervisory boards to establish new liquidity risk measures as well as to improve existing ones. The aim of the paper is to show bank’s approach to FTP (fund transfer pricing) and their impact on main liquidity risk measures. The survey includes an analysis of chosen Austrian and Polish banks.

The aim of the article is to indicate the most crucial aspects of cyber risk in the financial institutions as well as the problems connected with cyber security system and relationship with a customer. The article reviews the state of the cyber risk as a potentially one of the most dangerous ways of reputation damaging of a firm as well as a financial loss. Every firm must understand the constantly evolving risk and, moreover, the tools and all techniques to protect their systems. There is no difference between small and big companies in terms of risk. Moreover, not only financial services companies may be in danger. The cyber risk management may be seen as a way for a company to distinguish from its competitors which may build a long-lasting relationship between a client and a company. Security in a cyberspace is one of the most important issues for IT departments but not only. Nowadays, it is very popular to organise the large-scale hacker attacks. The reason of organising such attacks is generally the desire of getting the profit and ransom for the recovery of the data or control over the company’s computers. The attacks may be organised by both; a hacker or employees. Most of the criminals target financial companies because they strongly believe that it is the most profitable. Online and offline fraud incidents have also raised during the last few years. It resulted in monetary and also reputational losses for all the victims—financial institutions. Improving defenses require implementations of new products or systems and people. If a client is aware of the fact that the financial institution is very committed to prevent a fraud or cyber-attack, a good relationship with a customer may be established, as well as the good reputation of a company.