Enterprise Risk Management in Action
The new Basel regulatory initiatives and a burgeoning risk management literature signify the rise of enterprise risk management (ERM) in the financial services sector. However, very little is known of the roles that risk management plays in organizations and how it obtains organizational significance. This study, utilising case study material from seventy-five in-depth interviews with senior managers at two large banking groups, is a first step in exploring ERM in action. Apart from the field material, the study draws on the normative-practitioner literature of risk management, as well as on a long strand of organisationally grounded studies of management control. ERM appears to be an assembly of four risk management ideal types (Risk Silo Management, Integrated Risk Management, Risk and Value Management, Strategic Risk Management), all of which aspire to be "enterprise-wide," and together constituting the "risk management mix" in a given organisation. Three distinct types of risk managers emerged in both organisations, displaying characteristic aspirations and techniques (risk silo specialists, risk capital specialists, senior risk officers). The case study analysis compared and contrasted the observed two ERM assemblies, and emphasised the alternative patterns of organizational significancedisplayed by the risk management functions. In the first case (value-based ERM) risk management was integral to the formal planning and performance measurement process, while remaining neutral in the discussions of discretionary strategic decisions. In the second case (strategic ERM) risk management was incidental to formal planning and control, however, senior risk officers exercised agenda-setting power to influence the discussion of key strategic uncertainties. The study explains the observations in terms of firm-specific factors and institutional pressures. The politics of risk control and the presence of different calculative cultures in the organisations were tampered by contemporary corporate governance imperatives, such as the shareholder-value drive and the risk-based internal control imperative.
Keywords: Banks and Banking;
Financial Services Industry;