The Traditional Risk Management System - Coursework Example

Enterprise Risk Management Introduction Enterprise Risk Management (ERM) is a relatively new concept, which has been gaining importance due to various organisational crises occurring in recent years. Given the current scenario, the growing financial and other market risks have compelled organisations to consider ERM as one of the important approaches for risk management. ERM can be viewed as a holistic approach, where it incorporates management of various kinds of risks (Wu and Olson, 2009; Power, 2009). Enterprise Risk Management can be defined as the process through which corporations assess, exploit, manage and fund risks arising from different sources for the purpose of maximising shareholders’ wealth. The above definition indicates that ERM is a disciplined approach that determines behaviour pattern in an organisation and influences its decision making process, thereby forming an integrated part of organisational culture (McShane, Nair and Rustambekov, 2011). A number of authors have classified the sources of risk as hazardous, financial, strategic and operational (McNeil, 2013). On the other hand, few other authors classify risk as pure risk and speculative risk (Olson and Wu, 2008). The traditional risk management system was developed to deal with pure risk. However, changing market scenario has given rise to speculative risk. Speculative risk in the financial sector is mainly related to derivatives and other speculation activities that are currently unregulated. The current business world and financial market is exposed to major risks due to financial innovation, liquidity and credit crisis, foreign exchange risk, regulatory risk and risk related to resource management (Stulz, 1996; Rasmussen, 1997). The following sections will evaluate strengths and weaknesses of the ERM system and provide necessary recommendations to improve its applications. Strengths of Enterprise Risk management In past two decades, capital risk has magnified to a great extent and since 1990s, organisations are suffering major losses. Then again, these losses are relatively less severe and can be avoided, but that would require a certain degree of monitoring and control. Certain distinct features of ERM have caused increased level of recognition and attention for the system. These features include enhancing disclosure of non-financial risks that are generally ignored in a company’s balance sheet and greater investments in and promotion of corporate risk management (Power, 2005; Gates, 2006). The ERM ensures that companies are financially well-equipped for the risks considered so that, in case of adversity, they are able to pay off the debt. Another important feature of ERM system is that it highlights and reduces systematic risk (Hoyt and Liebenberg, 2011). There is an increasing demand of ERM because it is highly sensitive from the business point of view and incorporates innovative processes and technologies in the corporate environment for developing better risk taking abilities (Pagach and Warr, 2010). The strengths of the ERM system are built on grounds of corporate culture, procedures and technologies. Each of these three components is important from the organisational requirement aspect. Thus, the ERM is adequately flexible to be modified as per risk aversion needs (Liebenberg and Hoyt, 2003). These three elements of ERM have been discussed below: Figure 1 (Source: Author’s creation) Culture In most organisations, it has been observed that different types of risks are the upper layer of any crisis, while the underlying rationale is mainly culture based. In all organisations, a corporate culture exists that is responsible for managing and confronting unacceptable behaviour. In this context, it is important to mention that an enterprise can manage risk only when the organisational members are cooperative in nature. Organisational conflicts often result in greater degree of risk, which is internal to the organisation. The process of ERM is mainly facilitated by corporate culture (Mikes, 2009; Arena, Arnaboldi and Azzone, 2010). The main characteristics of a positive risk culture are: Individual decision making: In risk management, an individual should be accountable for his activities. Hence, risk culture encourages individual decision making so that role ambiguity can be eliminated. When individuals are held accountable for their activities, the level of sincerity increases; this helps to minimize mistakes. Many authors have explained that group effort often minimises individual contribution and thereby developing low level of accomplishment. Further, individual decision making also improves the leadership and other management skills of individuals, as a result improving their risk bearing abilities (Barton, Shenkir and Walker, 2002). Encouragement to inquisitiveness: Risk culture encourages the individuals to question every decision. It develops and promotes an inquisitive environment, thereby increasing knowledge sharing. Inquisitiveness ensures that employees have a clear understanding of various operations and processes. In risk culture, curiosity and conscientiousness is given priority over intelligence as it has an important role in forecasting activities. According to certain authors, a culture of inquisitiveness recognises new possibilities towards growth and risk management (Arena, Arnaboldi and Azzone, 2010). Admitting ignorance: Risk culture urges the individuals to admit their flaws and provides them with learning scope, which in turn helps to avoid major risks related to ignorance. Admitting ignorance result in better decision making on part of an individual as self-justification often cause distortion of reality. Further, it mitigates small problems at its initial stages before it take the shape of a complicated issue. Admitting faults helps in maintaining clear communication with others and also strengthen interpersonal relationships in an enterprise (Brooks, Fraser and Simkins, 2010). Procedure In Enterprise Risk Management, procedures are vital for strengthening role of the system. Contrary to the general notion of it being related to red tape or bureaucratic activities, procedures are more useful in empowering employees when utilized appropriately. Procedures or methods are meant to guide individuals in accomplishing their tasks. However, any kind of negligence and/or misuse can result in procedures acting as hindrance or obstacles. Procedures depend critically on risk culture as they are mainly responsible for systematising the risk management process. Procedures help in developing risk limits for every task or segment of operation. Alongside, these present with rational judgement that minimizes potential conflicts and misunderstandings. Risk can be calculated, while uncertainty is not measurable. Effective procedures contribute towards lowering risk as well as eliminating uncertainty (Beasley, et al., 2010). Owing to high flexibility, ERM ensures that there are sufficient measures to alter procedures keeping mind the changing risk profile of a company. Procedures for altering existing procedures enable individuals to adapt to changing scenario in a faster manner. Most organisations implement regulatory procedures for minimisation of risk. Nonetheless, ERM aims at introducing changes or procedures that facilitate risk optimisation (D’Arcy and Brogan, 2001). Technology ERM is technology dependent as different organisations have dissimilar levels of dependency on technology. Technologies are important for a number of institutions such as, banks, investment firms and IT companies. Companies with high dependency on technology require a different kind of ERM than those with lesser inclination towards the same (D’Arcy and Brogan, 2001). ERM increases interaction between technologies and human operators so that they are able to understand the role of technologies in organisational development. Data or information is an important component of technology, which is essential for ERM. According to ERM, data management should be automated as manual processing often give rise to data security issues. ERM secures data safety through data aggregation and data repository (Chapman, 2011). Integrated ERM framework Apart from the above mentioned strengths, there are certain components of the integrated framework of ERM that has a profound effect on the strength of the system: Figure 2 (Source: Chapman, 2011; Beasley, et al., 2010; Arena, Arnaboldi and Azzone, 2010; Wu and Olson, 2009; Andrews, 1995) Internal Environment: The ERM helps the management to define risk appetite and risk philosophy for the internal environment of the organisation. ERM influences the internal environment as it is primarily responsible for the way individuals view and address risk. Internal environment is an important component of ERM because it serves as a platform where individual attributes, values, integrity and competence surfaces. Objective setting: The ERM ensures that the objectives of the organisation are clearly defined and well-aligned with the mission, vision and risk appetite of the organisation. Such an approach helps organisation recognising a risky event. Event identification: It is important to identify the potential threats that may affect the organisational activities. ERM constantly monitors various events to classify them as threatening or non-threatening activities so that various hindering factors can be removed from achieving the objectives and goals of the organisation (Chapman, 2011; Beasley, et al., 2010). Risk Assessment: The ERM identifies the risks and analysis them in order to formulate steps to manage them. It is the responsibility of the ERM system to assess and prevent risks from affecting the organisational goals and functions. In this context, the ERM system assesses risk as inherent and residual risks and they are evaluated on the basis of their likelihood of occurrence and impact. Risk response: The ERM prepares personnel to respond adequately to risk so that panic and uncertainty is minimised in the organisation during exigencies. ERM helps management develop a set of selective actions that may improve the ability of risk tolerance of the enterprise entities. Control activities: ERM strengths the risk oriented policies and course of actions so as to ensure that the routine activities of the organisation are carried out smoothly (Arena, Arnaboldi and Azzone, 2010). Information and communication: Information is necessary at various management levels for identification, assessment and developing appropriate response for the risk. Information is of little importance if it is not communicated. Thus effective communication plays an important role to disseminate messages related to risk and its mitigation. Moreover, the ERM ensures the communication occurs from both ends, that is, top level as well as operational level. Two-way communication helps in better understanding of the problem and its relevant solution (Chapman, 2011). Monitoring: the overall structure of ERM system requires strong monitoring so that deviations and distractions can be avoided timely. Monitoring helps in improving the dynamic nature of the ERM as well as that of the organisation as a whole. The process of monitoring is achieved through continuous evaluation of ongoing activities in the management and the process of ERM (Wu and Olson, 2009; Andrews, 1995). Weaknesses of Enterprise Risk management In the late 20th century, entry of ERM had rescued several highly leveraged organisations from the verge of collapse. Its strengths and advantages have heightened its popularity even in the most conventional public organisations. However, this risk management system suffers from a number of serious flaws (Fraser and Simkins, 2010). They are discussed as follows: The framework of the system is not as strong as it claims Traditionally, organisations invested heavily in managing risk, thereby constructing a risk financing system. This system could not mitigate the risk effectively and only camouflaged the same temporarily. Global financial crisis resulted in introduction of ERM as a risk optimiser that will be able to control the risk. The sudden extension and conversion of traditional risk management into Enterprise Risk Management had caused randomisation of activities and haphazardness (Ballou, 2005). ERM consolidates various functions and operations so that the risk is easily recognised, assessed and mitigated as a unit. Even so, there is no specific mechanism on grounds of which ERM functions, meaning there is no specific structure that can assure complete management of risk. The term ‘enterprise’ is a vague concept and not sufficiently descriptive. Since there is no base of ERM formation, its structure is extremely fluid and fragmented (Lehar, 2005). ERM is more reactive, instead of being proactive Risk management is a vast arena and requires addressing various relevant and irrelevant risks. In general, the risk that any organisation manages so as to protect the interest of its stakeholders comprises only a part of the total risk. According to certain authors, unseen fragment of the total risk bears more consequences than the visible portion, which organisations traditionally manage. Unfortunately, in ERM, there is no process or procedure for identifying or predicting these risks unless they are experienced (Ballou, 2005). This shortcoming has caused ERM to act in a reactive manner instead of being proactive. Although ERM can take precautions on the basis of past risk trends, it is unable to predict less occurring yet expensive risk such as, major financial crisis. It is noteworthy in this context that reactionary management is generally more expensive and inefficient compared to proactive management. Reactive attitude damages defensive approach of the system severely (Holton, 1998). The erudition and experience of individuals is neglected by the system The efficiency of ERM has been observed to be limited to details that are already known to various executives inside an organisation. Nevertheless, these executives are rarely aware of their knowledge and erudition and hire external experts for managing risk. For greater efficiency, ERM should take into consideration the experience and knowledge of risk managers before designing risk management procedures. The failure of ERM to incorporate these factors results in companies spending significant amount for no additional output. ERM lacks sophistication and effectiveness in its approach to extract requisite information from the right individual. The inability of the ERM system to exploit resource base of risk knowledge present within the organisation is another drawback of the risk management system. This flaw not only increases the cost of risk aversion for organisations, but also hinders full utilisation of the potential of ERM (Fraser, et al., 2010). ERM ignores the risk mitigation cost Cost is an important element in every activity that an organisation pursues as it determines the level of significance that an activity should earn in long run. There are three main aspects of risk management, namely probability of occurrence, extent of severity and mitigation cost. The cost is mainly associated with consequence. ERM determines the likelihood of risk occurrence and the extent of its severity, but fails to realize the cost to be incurred by an organisation in case the risk materialises (Fraser and Simkins, 2010). The absence of mitigation cost leads organisations to neglect the risk, unless it occurs. This drawback existed in various traditional risk management systems, which is why ERM encounters similar problems as that of the traditional systems. Due to this inability of ERM, firms overlook the risk as a whole as soon as they ignore the cost component (Galloway and Funston, 2000). The structure fails to prioritise the risks The growing scarcity of resources does not allow organisations to mitigate every risk that is encountered. Hence, it is important for organisations to be able to distinguish between relevant and irrelevant risks so as to allocate the resources wisely. Even so, ERM cannot prioritise risks as it does not consider the cost associated. As cost is the only basis of ranking risks, ERM in this respect proves useless. Considering ERM’s inability to prioritize risks, firms often rank risks randomly, which results in wastage of resources and entails higher cost (Fraser and Simkins, 2007; Andrews, 1995). Recommendations for improving effectiveness of ERM Figure 3 (Source: Ballou, 2005; Iyer, et al., 2010; Lam, 2014) Based on the drawbacks, the following recommendations can be made so that ERM can utilise its strength to improve effectiveness: According to Arena, Arnaboldi and Azzone (2011), ERM is still evolving and requires more time to mature as an accepted risk management system. The informal nature of the framework has been questioned by various researchers (Iyer, et al., 2010). Lam (2014) has suggested that ERM needs to incorporate an integrated structure that has a comprehensive approach for various kinds of risks such as, credit risk, capital risk, market risk and economic risk. Gordon, Loeb and Tseng (2009) in their paper had proposed that ERM must adopt systems approach in order to resolve problems associated to establishment of a desired framework. The systems approach, unlike existing risk management theories, does not implement domain specific strategies for resolving risk issues. The system dynamics ensures that a model related to the risks is developed while locating significant feedback loops, followed by examining and implementing necessary policies so as to mitigate the risk (Nocco and Stulz, 2006). The system approach is necessary for development and quality enhancement of ERM, given that it is a holistic approach that encompasses different aspects of risk while designing the system dynamics model. It clearly defines the area of concern and related entities so that ambiguity is reduced. Systems approach to ERM presents a functional platform for determining the necessary inputs, expected output and relevant risks (ODonnell, 2005; Abrams, 2007). One of the major drawbacks of ERM is its inability to foresee and identify the risk. The demand for proactive ERM system is growing at a rapid rate and to enable the same, it is essential to develop processes or procedures that can identify potential risks. There are a number of techniques with respective merits whereby the ERM system can recognise risk. Some of these techniques are brainstorming, even inventories, interviews and self-assessment, SWOT analysis, PESTLE analysis and risk questionnaires and surveys (Nocco and Stulz, 2006). The brainstorming sessions are useful in determining potential risks because these foreground creative side of the individuals. With greater participation, more opinions and information are gathered, which can be subsequently analysed for generating a list of potential risks. In context of brainstorming, event repositories are quite useful as they provide specific forms of risk stimulations. Discussions based on past or lost event produce better outcome (Mikes and Kaplan, 2013). In the ERM framework, another useful technique of risk identification is interview and self-assessment. Interviews and self-assessment measures the individuals’ opinion and their understanding, thereby encouraging inquisitiveness. SWOT and PESTLE analysis are useful for realizing the internal and external threats, which have the potential to create a leveraging situation. Risk questionnaires and surveys constitute a set of questions based on various situations. When these questionnaires are analysed, they help in identifying various kinds of risks (Monahan, 2008; Mikes and Kaplan, 2013). ERM has been criticised on the grounds that it does not consider or value the knowledge and experience of executives and other individuals, who have already been exposed to a particular type of risk. It was explained by authors such as, Kaplan and Mikes (2012), that without contribution from internal organisational members, development of risk management strategies is not feasible. The knowledge and wisdom of risk managers and officers are valuable and cannot be denied or ignored. Through these internal sources of information, a number of qualitative and quantitative approaches to risk assessment can be built. The qualitative approaches include risk identification, risk ranking, risk mapping and developing and establishing relationship between various risks. On the other hand, the quantitative methods of assessing risk are various statistical and probabilistic models, which are cash flow at risk, earnings at risk, earning distribution and earnings per share distribution. Moreover, in ERM, both qualitative and quantitative methods can be combined in order to obtain risk-adjusted revenue, develop gain/loss curve and tornado curve and net present value of a project for attaining the optimum outcome (McNeil, Frey and Embrechts, 2010). Each of these methods has certain advantages and is suitable owing to fluid nature of the ERM system. In this context, it is important to note that since the vital sources of risk knowledge reside within the organisation, initiation of cultural transformation and encouragement to risk culture may prove beneficial for information collection purpose (Chapman, 2011). Risk assessment involves risk ranking and risk mapping, as suggested under qualitative measures. It was observed that risk ranking and cost analysis are few of the major flaws of ERM. For ranking the risks, the ERM team needs to prioritise various risks on a scale based on importance, as high, moderate and low. This may prove time consuming, but classifying various risks elaborately will provide a better insight into a given situation. The risks can be prioritised based on criticality of the situation such as, potential impact, probability of occurrence and cost of consequence. Risk ranking is important because it offers an influential method of gathering data and facilitates comparisons between various attributes of the identified risks. Furthermore, risk ranking allows the management to allocate the limited risk management resources to various risks, depending upon its potential impact (Beasley, Clune and Hermanson, 2005). According to Moeller (2007), risk ranking is a dynamic approach, which is consistently evolving depending upon the circumstances. The author added that risk ranking requires to be adjusted with risk identification and assessment, which are ongoing processes. Additionally, with mitigation of risk, its rank changes accordingly. As a result, continuous evaluation helps in exercising better control on the risk factors. The risk mapping process helps to present the risk assessment data in a pictorial form for bettering understanding of intricacies involved. There are certain factors that must be considered before generating a risk map, namely confidentiality, time frame, correlations and directions. Currently, a number of software tools are available, which can be employed to develop a risk map. The timeframe and direction in a risk map can improve its credibility and validity. The last recommendation for improving effectiveness of ERM is incorporation of the mitigation cost factor into the system. The cost of the consequences needs to be determined as a part of the ERM system so that the management does not ignore any risk as irrelevant (Beasley, Clune and Hermanson, 2005). Conclusion In present globalised market, risk and complexity is increasing at a rapid rate and the traditional risk management systems are proving to be inadequate in mitigating the growing uncertainty. In the recent years, ERM has become quite popular for its holistic approach to risk management. The strength of the ERM is primarily dependent on three pillars, namely, culture, procedures and technology. ERM fosters a risk culture within the organisation to improve risk appetite and risk tolerance of individuals associated with the organisation. Procedure provides certain frameworks and guidelines that the organisation needs to incorporate in its activities so as to improve defensive capabilities of the firm. ERM explains that to manage risk, it is important to implement the procedures instead of filing them and saving them in paperwork. The last pillar is the technology. Technological interventions is very important to identify, access and manage risk as technologies are the fastest measure of acquiring requisite information and its processing. In addition, there are eight components of integrated framework of the ERM that integrates the structure of ERM with that of the organisation so as to achieve optimum result. Nevertheless, there are certain issues that hinder the ERM system from being fully functional in its approach. It has been observed by eminent authors that there is little difference between traditional risk management and enterprise risk management system and the framework is not sufficient to mitigate unforeseen risks. Present structure of the ERM is random and chaotic and requires measures to develop specific working framework. According to previous studies, it was observed that ERM is more focused on external sources of information and rarely considers the internal sources such as knowledge and experience of executives. Furthermore, ERM is not capable of prioritising the risks and also does not undertake the impact cost. It was also noticed that ERM was developed under certain critical circumstances and thus the flaws were ignored during those moments of urgency. However, various measures had been suggested so as to address shortcomings of the ERM system in the recommendation section of this paper. These recommendations include, incorporation of risk identification through management activities, risk and cost analysis and risk prioritising and mapping. Reference list Abrams, C., Von Kanel, J., Muller, S., Pfitzmann, B. and Ruschka-Taylor, S., 2007. Optimized enterprise risk management. IBM Systems Journal, 46(2), pp. 219-234. Andrews, C. J., 1995. Evaluating risk management strategies in resource planning. Power Systems, IEEE Transactions on, 10(1), pp. 420-426. Arena, M., Arnaboldi, M. and Azzone, G., 2010. The Organizational Dynamics of Enterprise Risk Management. Accounting Organization and Society, 35, pp. 659- 675. Arena, M., Arnaboldi, M. and Azzone, G., 2011. Is Enterprise Risk Management Real? Journal of Risk Research, 14(7), pp. 779-797. Ballou, B., 2005. Enterprise Risk Management—Integrated Framework. [pdf] COSO. Available at: http://speakersbureau.imanet.org/PDFs/Public/MAQ/2005_Q1/2005MAQ_winter.pdf [Accessed on 11 July 2014]. Barton, T. L., Shenkir, W. G. and Walker, P. L., 2002. Making enterprise risk management pay off. New Jersey: FT Press. Beasley, M. S., Frigo, M. L., Fraser, J. and Simkins, B. J., 2010. ERM and its role in strategic planning and strategy execution. Enterprise Risk Management, pp. 31-50. Beasley, M., Clune, R. and Hermanson, D., 2005. Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy, 24, pp. 521-531. Brooks, D. W., Fraser, J. and Simkins, B. J., 2010. Creating a Risk‐Aware Culture. Enterprise Risk Management, pp. 87-95. Chapman, R. J., 2011. Simple tools and techniques for enterprise risk management. New Jersey: John Wiley & Sons. D’Arcy, S. P. and Brogan, J. C., 2001. Enterprise risk management. Journal of Risk Management of Korea, 12(1), pp. 207-228. Fraser, J. and Simkins, B. J., 2010. Enterprise Risk Management: Current Initiatives and Issues. Enterprise Risk Management, pp. 479-503. Fraser, J. R. and Simkins, B. J., 2007. Ten common misconceptions about enterprise risk management. Journal of Applied Corporate Finance, 19(4), pp. 75-81. Fraser, J. R., Schoening‐Thiessen, K., Simkins, B. J. and Fraser, J., 2010. Who Reads What Most Often?: A Survey of Enterprise Risk Management Literature Read by Risk Executives. Enterprise Risk Management, pp.385-417. Galloway, D. and Funston, R., 2000. The challenges of enterprise risk management. Balance Sheet, 8(6), pp. 22-25. Gates, S., 2006. Incorporating strategic risk into enterprise risk management: A survey of current corporate practice. Journal of Applied Corporate Finance, 18(4), pp. 81-90. Gordon, L. A., Loeb, M. P. and Tseng, C. Y., 2009. Enterprise risk management and firm performance: A contingency perspective. Journal of Accounting and Public Policy, 28(4), pp. 301-327. Holton, G. A., 1998. Enterprise risk management. [pdf] Contingency analysis. Available at: http://exinfmvs.securesites.net/pdffiles/erm.pdf [Accessed on 10 July 2014]. Hoyt, R. E. and Liebenberg, A. P., 2011. The value of enterprise risk management. Journal of Risk and Insurance, 78(4), pp. 795-822. Iyer, S. R., Rogers, D. A., Simkins, B. J. and Fraser, J., 2010. Academic Research on Enterprise Risk Management. Enterprise Risk Management, pp.419-439. Kaplan, R. and Mikes, A., 2012. Managing Risks: A New Framework. Harvard Business Review, 90(6), pp. 48-60. Lam, J., 2014. Enterprise risk management: from incentives to controls. New Jersey: John Wiley & Sons. Lehar, A., 2005. Measuring systemic risk: A risk management approach. Journal of Banking & Finance, 29(10), pp. 2577-2603. Liebenberg, A. P. and Hoyt, R. E., 2003. The determinants of enterprise risk management: Evidence from the appointment of chief risk officers. Risk Management and Insurance Review, 6(1), pp. 37-52. McNeil, A. J., 2013. Enterprise Risk Management. Annals of Actuarial Science, 7(1), pp. 1-2. McNeil, A. J., Frey, R. and Embrechts, P., 2010. Quantitative risk management: concepts, techniques, and tools. New Jersey: Princeton university press. McShane, M. K., Nair, A. and Rustambekov, E., 2011. Does enterprise risk management increase firm value? Journal of Accounting, Auditing & Finance, 26(4), pp. 641-658. Mikes, A. and Kaplan, R., 2013. Managing Risks: Towards a Contingency Theory of Enterprise Risk Management. [online] Available at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2311293 [Accessed on 10 July 2014]. Mikes, A., 2009. Risk management and calculative cultures. Management Accounting Research, 20(1), pp. 18-40. Moeller, R. R., 2007. COSO enterprise risk management: understanding the new integrated ERM framework. New Jersey: John Wiley & Sons. Monahan, G., 2008. Enterprise risk management: A methodology for achieving strategic objectives (Vol. 20). New Jersey: John Wiley & Sons. Nocco, B. W. and Stulz, R. M., 2006. Enterprise risk management: theory and practice. Journal of Applied Corporate Finance, 18(4), pp.8-20. ODonnell, E., 2005. Enterprise risk management: A systems-thinking framework for the event identification phase. International Journal of Accounting Information Systems, 6(3), pp. 177-195. Olson, D. L. and Wu, D. D., 2008. Enterprise risk management (Vol. 1). Singapore: World Scientific. Pagach, D. and Warr, R., 2010. The effects of enterprise risk management on firm performance. [pdf] SSRN. Available at: http://www.garp.org/media/51855/firm%20performance%20and%20the%20implementation%20of%20erm%20-%20warr.pdf [Accessed on 10 July 2014]. Power, M., 2005. Enterprise risk management and the organization of uncertainty in financial institutions. The sociology of financial markets, pp. 250-268. Power, M., 2009. The Risk Management of Nothing. Accounting Organizations and Society, 34(6-7), pp. 849-855. Rasmussen, J., 1997. Risk management in a dynamic society: a modeling problem. Safety science, 27(2), pp. 183-213. Stulz, R. M., 1996. Rethinking risk management. Journal of applied corporate finance, 9(3), pp. 8-25. Wu, D. D. and Olson, D. L., 2009. Enterprise risk management: small business scorecard analysis. Production Planning and Control, 20(4), pp. 362-369. Read More