Why firms implement risk governance – Stepping beyond traditional risk management to enterprise risk management

Stakeholders of firms have pushed for enterprise risk management (ERM) as a response to flawed risk management and corporate governance systems (Kirkpatrick, 2009). Previous studies explaining why ERM is implemented have been informative but overly simplified. The basic argument presented in this study is that ERM should be seen as a composition of traditional risk management and risk governance, each with their own determining factors. Implementation of risk governance is the active step beyond traditional risk management to ERM. This study addresses the complexity of ERM by dividing it into its traditional risk management and risk governance components and investigating the determinants of these components separately but simultaneously. Based on a survey of 145 firms, empirical evidence suggests that the level of risk governance in a firm is related to the size of the firm, leverage and dividend payments and the chief executive officer’s influence on the board; this may suggest that corporate governance motives, like the need for governance, existing governance and the control a CEO has over governance decisions, determine the decision to take the step toward implementing ERM. This study is a step toward clarifying the existing ad hoc theoretical foundations of ERM and implies that firms are implementing ERM in accordance with stakeholder desires for better governance of the risk management system.