A framework for enterprise risk identification and management: the resource-based view

This study aims to examine the factors influencing enterprise risk management and propose a framework for identifying and explaining the components of enterprise risk management. To enable broader analytical thinking about risk factors, the framework utilizes the resource-based theory to link various classes of risks to an extended set of organizational resources.

The paper opted for an exploratory study using a sample from an online survey. The survey subjects were recruited from the membership database of the American Institute of Certified Public Accountants, focusing primarily on CFOs. The survey consisted of six sections: demographics, a section on each of the four risk types included in ERM: strategic risk, operational risk, financial risk and hazard risk, and exit questions (where very general questions about ERM were asked). The survey yielded a data set of 227 valid responses.

Using the associated sample survey data, the paper provides empirical validation of the proposed framework that managers in any organizations could use to identify and manage risks.

The proposed model does have limitations that predominantly exist from the fact that human judgment in decision-making is not always data-driven, and hence, a proper risk exposure could be ignored based on pure arguments of cost and benefits from domain experts. Therefore, researchers and practitioners are encouraged to test the proposed framework further.

Risk exposure is not a snapshot event in an organization’s time horizon. Rather, risk identification is an ongoing process and the proposed framework allows organizations to handle increasing complex risks and/or identifying them based on how the organizational resources may be exposed over time. Managers could use a form of risk control analytics (monitoring dashboard of all identified risks under each interaction sets on a regular basis) to become more proactive in managing risk or exploiting opportunities across enterprise.

This paper fulfills an identified need to study how enterprise risks exposure can be proactively assessed and managed.