| HBS Working Paper Series
Towards a Contingency Theory of Enterprise Risk Management
Enterprise risk management (ERM) has become a crucial component of contemporary corporate governance reforms, with an abundance of principles, guidelines, and standards. This paper portrays ERM as an evolving discipline and presents empirical findings on its current state of maturity, as evidenced by a survey of the academic literature and by our own field research. Academics are increasingly examining the adoption and impact of ERM, but the studies are inconsistent and inconclusive, due, we believe, to an inadequate specification of how ERM is used in practice. Based on a ten-year field project, over 250 interviews with senior risk officers, and three detailed case studies, we put forward a contingency theory of ERM, identifying potential design parameters that can explain observable variation in the "ERM mix" adopted by organizations. We also add a new contingent variable: the type of risk that a specific ERM practice addresses. We outline a "minimum necessary contingency framework" (Otley, 1980) that is sufficiently nuanced, while still empirically observable, that empirical researchers may, in due course, hypothesize about "fit" between contingent variables, such as risk types and the ERM mix, as well as about outcomes such as organizational effectiveness.
Keywords: Risk Management;