Four emerging strategies of enterprise risk management (ERM) – ‘Rudimentary,’ ‘Anticipatory,’ ‘Resilient,’ and ‘Transformation’ – are identified based on strategic change of ERM.
A learning process highlights decision criteria in risk acceptance/rejection using resilient strategies.
Despite differing business environment needs, companies need to adopt transformation strategies to implement resilience strategies such as understanding of risks, risk reporting, and risk culture, and to integrate large-scale change in the business.
Good risk governance can be promoted with a ‘rational’ lens or a combination of ‘rational and learning’ lens with ‘cognitive’ lens of change.
There have been rising concerns among executives and boards in recent years, dealing with the complexity, uncertainty, and ambiguity present in current dynamic markets (Frigo and Anderson, 2011a ; Klinke and Renn, 2002 ). Enterprise risk management (ERM) has been adopted as an acceptable practice to deal with variability in market situations, and has become a significant part of the umbrella term ‘governance risk and compliance’ (GRC) (Renn and Walker, 2008 ). ERM provides a framework for corporates to balance downside risks and to exploit the opportunities (upside risks) in a holistic manner. Overall, it supports the achievement of organizational objectives by focusing on the interrelatedness of risks (COSO, 2004 ).
There is no standard universal approach prescribed by any regulator or professional advisory body to implement ERM, though some frameworks have been suggested (Frigo and Anderson, 2014 ; Purdy, 2010 ). Companies need to think ‘out of the box’ and customize the existing framework suggested by various advisory bodies such as the Committee of Sponsoring Organisations of the Treadway (COSO), ISO 31000 (2009), and credit rating agencies such as Standard & Poor (S&P) or devise new approaches according to their own organizational objectives. ERM is still evolving, and the standardization of ERM as such is in an initial phase and perhaps may hamper innovation (Bromiley et al., 2014 ; Frigo and Anderson, 2014 ; Mikes and Kaplan, 2015 ).
There are few contributions in the literature on ERM strategies (see, e.g., Klinke and Renn, 2002 ), although its execution is critical in the financial world. All financial companies – such as banks, insurance firms, and also the companies listed on the New York Stock Exchange (NYSE) – have to follow ERM to some extent (FSB, 2014 ; Stewart, 2012 ; Thomson, 2007 ; Votano et al., 2004 ). Understanding ERM strategies at various stages of the companies may help in gaining benefits and following compliance.
The aim of this article is to explore different risk strategies in order to establish good risk governance. The traditional literature on corporate governance relies mainly on agency theory. Cohen et al. (2008 ) argued that an agency-based perspective is not able to fully explore the governance structures. Rather, the resource-dependence theory developed in the strategy literature may aid organizations to achieve their strategic objectives. Furthermore, the ‘resource dependence theory posits that stakeholders and/or management may rely on the board as a means to access and manage scarce resources and help set the strategy of the firm. The primary role of the board is less that of a monitor than a partner to management, and one that helps set effective policies and strategies for the firm’ (p. 184).
In this article, we try to explore how the ERM strategies have evolved over a period of time and what led companies to change their strategies in variable market situations. Therefore, we focus on the strategic change literature. Grundy (1995 ) criticized change programs for not leveraging financial performance, and linked change with finance and accounting to understand the formation of corporate value. Later, he connected it with human resource to achieve competitive advantage against a backdrop of uncertainty (Grundy, 1997 ). Very little research has explored good risk-management practices (Cormican, 2014 ; Klinke and Renn, 2002 ) to understand the needs of the business environment by employing appropriate ERM strategies (Frigo and Anderson, 2009b).
The structure of this article is as follows: the first section discusses the research methodology and the theoretical framework, with an in-depth empirical study to understand strategic change among corporates. Qualitative research involved over 40 chief risk officers (CROs) and a comparative case study using over 20 senior management interviews in two insurance companies in India and the UK insurance market. The theoretical framework is based on Rajagopalan and Spreitzer (1997 ) using three lenses of strategic change: the rational lens, the learning lens, and the cognition lens. The second section of the article discusses the key concepts, such as strategic change in the context of ERM and how the known, unknown, and partially known risks are linked with the acceptance/rejection of risk. The third section of the article presents four strategies in ERM emerging from theory and practice. This is followed, in the fourth section, by a comparative case study in India and the UK insurance market highlighting how companies have adopted resilience strategies and the issues faced in their implementation with reference to the theoretical lens of strategic change. A final section concludes.