Citation
Hiebl, M.R.W. (2022), "Guest editorial", Journal of Accounting & Organizational Change, Vol. 18 No. 1, pp. 1-11. https://doi.org/10.1108/JAOC-02-2022-212
Publisher
:Emerald Publishing Limited
Copyright © 2021, Emerald Publishing Limited
Risk governance and risk management in change: a guest editorial
1. Crises, scandals and change in risk governance and risk management
Since the financial crisis of 2008, many organizations worldwide have rethought their approaches to risk governance and risk management (Bailey, 2019; Sinha and Arena, 2020; Stein and Wiedemann, 2016, 2018; Stein et al., 2019). These change processes have also been triggered by regulatory change, much of which has focused on the financial industry (Alexander, 2020; Gatzert and Kolb, 2013; Hanafizadeh and Marjaie, 2020; Sinha and Arena, 2020; Sheedy, 2021). In addition, corporate scandals such as BP’s Deepwater Horizon incident and Volkswagen’s Dieselgate scandal have led to questions about large corporations’ approaches to risk management and risk governance (Sheedy, 2021).
A potential answer to address these issues is an increased focus on risk governance, where actors at the top of organizational hierarchies adopt a more holistic and strategic approach to steering risks (Stein and Wiedemann, 2016) and are more accountable for the risks their decisions include (Sheedy, 2021). In line with this notion, risk governance as a “system of rules and relationships in an organization that support decisions and oversight relating to risk” (Sheedy, 2021, p. 21) may need to be strengthened to bridge the gap between the “institutionally oriented field of corporate governance and the methodologically oriented area of risk management” (Baule and Fandel, 2016, p. 809). Accordingly, standard setters such as COSO have published new editions of their frameworks (COSO, 2017) and we have witnessed a series of new or updated regulation on more strategically oriented risk management systems (Alexander, 2020; Grammenidis and Hiebl, 2021; Maffei and Spanó, 2021). At the same time, such arising needs for stronger risk governance and regulatory change are likely to trigger substantial change in risk management and governance in many organizations.
Some research has already picked up these or similar developments and investigated how they affect and interact with organizational change more generally (Agarwal and Kallapur, 2018; Alsharari, 2021; Jabbour and Abdel-Kader, 2015; Sinha and Arena, 2020; Subramaniam et al., 2011). While such research has allowed us to understand the effects of these more general institutional changes around risk governance on organizations, how these changes interact with factors at the organizational level and how organizations or individuals further develop their way of governing and managing risk remain unclear. For this reason, this special issue of the Journal of Accounting and Organizational Change aims to shed more light on risk governance and risk management in change.
The special issue emanates from the 8th Annual Conference on Risk Governance held in October 2020. Normally, this conference is held in Siegen, Germany, but due to the Covid-19 pandemic, it was held virtually in 2020. Whereas past editions of the conference had focused on general applications and the framing of risk governance and have led to a number of special issues in preceding years (see the guest editorials by Baule and Fandel, 2016; Hiebl, 2019; Hiebl et al., 2018a, 2018b), the 2020 edition of the conference focused on the role of change around risk governance and risk management. Several of the papers presented at the 2020 conference, having undergone a rigorous blind review process, have been selected for publication in the present special issue.
This guest editorial aims to provide an overview of the seven papers included in this issue, explain how they relate to each other as well as to risk governance and risk management in change and delineate pressing issues to be resolved in future research. In the next section, I briefly introduce the papers included in this issue. Afterward, I chart some avenues for future research that emanate from this special issue. Finally, I draw conclusions and acknowledge those important actors who have made this issue possible.
2. Papers included in this special issue
The seven articles in this issue cover a wide range of notions about how risk governance and risk management can evolve over time and how such developments interact with organizational change. Methodologically, the seven papers are based on several data generation approaches such as in-depth case studies (Murr and Carrera, 2022; Tica and Weißenberger, 2022), archival data (Nagel et al., 2022), survey data (Hassan et al., 2022; Schäfer et al., 2022), a combination of survey and interview data (Tan and Lee, 2022) and agent-based modeling (Harten et al., 2022). At the same time, the articles rely on data from across the world such as Germany (Tica and Weißenberger, 2022; Schäfer et al., 2022), Malaysia (Tan and Lee, 2022), Saudi Arabia (Murr and Carrera, 2022), the USA (Nagel et al., 2022) and Qatar (Hassan et al., 2022). The geographical spread of the data used in the articles signals that new and changing approaches to risk governance and risk management are relevant in many countries, but are, at the same time, influenced by national regulations and idiosyncratic pressures (Alsharari, 2021; Haustein and Lorson, 2021; Maffei and Spanó, 2021; Murr and Carrera, 2022; Rana et al., 2019a; Schäfer et al., 2022; Tica and Weißenberger, 2022).
In line with this notion, Murr and Carrera (2022) present a case study of how institutional logics affected the adoption and implementation of risk management practices in a governmental entity in a developing country. Murr and Carrera (2022) thus enrich the growing literature on risk management in public sector organizations (Bracci et al., 2021) by confirming the usefulness of the institutional logics perspective for analyzing accounting and control change (Damayanthi and Gooneratne, 2017; Nguyen and Hiebl, 2021). In particular, Murr and Carrera (2021) illustrate how two competing institutional logics – in this case, a traditional logic and a modernization logic – confronted the involved actors with several tensions, which could only be lifted when a Royal Order was issued that mandated that all Saudi Arabian government entities adopt and implement adequate risk management practices. The case study by Murr and Carrera (2022) shows that in this developing country, the competition between the logics was only solved by making risk management a compliance requirement. At the same time, the paper shows that change in developing countries’ risk management systems may only be ceremonial at first with the aim to signal conformance with external pressures, a finding that connects with other accounting and control research on developing country organizations (Damayanthi and Gooneratne, 2017; Hopper et al., 2009; Ndemewah and Hiebl, 2021; van Helden and Uddin, 2016). However, this raises the question of whether adequate risk governance in a developing country organization necessarily needs to be in line with approaches that have proven useful in developed countries.
The paper by Schäfer et al. (2022) complements the case study by Murr and Carrera (2022). Schäfer et al. (2022) draw on a different strand of institutional theory to examine how stakeholder pressures relate to municipalities and state agencies’ implementation and use of risk management practices. Unlike the situation in Saudi Arabia described by Murr and Carrera (2022), German public administrations have not thus far been subject to mandated risk management, which opens up the opportunity for Schäfer et al. (2022) to analyze the non-regulatory factors that led to the increased use of risk management practices. Based on a survey of 136 financial managers in public sector organizations in Germany, their results indicate that stakeholder pressure – as perceived by those financial managers – is not directly related to the adoption of risk management practices. However, they find that stakeholder pressure increases top management support for risk management practices in public sector companies, which, in turn, is positively related to the adoption of risk assessment practices, use of risk reporting practices and integration of risk aspects into the strategies of public administrations. These results indicate that to professionalize risk management in the public sector, translating stakeholder pressure into top management support for risk management is crucial. Similar to Murr and Carrera (2022), the study by Schäfer et al. (2022) thus adds to the literature on risk management in public sector organizations (Bracci et al., 2021) by highlighting the decisive role of top managers in these companies, such as mayors and agency heads.
The third paper, authored by Tica and Weißenberger (2022), sheds light on how risk-related regulatory change may arise in developed countries. In particular, Tica and Weißenberger (2022) illustrate that an organization’s questionable business practices may ignite regulatory change across a national industry – the German private health insurance industry in this case. Tica and Weißenberger (2022) present the story of the so-called MEG scandal and conclude that not only risk-related regulation may be imposed on firms. Their case study highlights that the competitors of a scandalized firm urged regulators to impose new regulation on the entire industry to prevent it from suffering further reputational damage. Tica and Weißenberger (2022) argue that a potential ex ante remedy for the involved insurance firms would have been a closer integration of risk management and control systems, which could have prevented the scandal from materializing. That is, another learning from this case could be that tightened risk governance in terms of a more integrated and strategically oriented steering of risks that is coupled with management control systems may be more promising than keeping these risk management and control systems separate (cf. Culasso et al., 2016; Kunz and Heitz, 2021; Posch, 2020; Rana et al., 2019a, 2019b).
The survey study by Hassan et al. (2022) further adds to this line of thinking. It analyzes whether elements of organizational culture are related to the adoption of risk governance practices. Besides the presence of an internal audit department in firms and private ownership, the results presented by Hassan et al. (2022) show that an organizational culture marked by tight control and little teamwork is also related to higher rates of adopting risk governance practices. Since both these aspects of organizational culture could also be seen as elements of cultural controls (Goebel and Weißenberger, 2017; Malmi and Brown, 2008; van der Kolk et al., 2019), the study by Hassan et al. (2022) delivers further evidence of the interplay between management control systems and risk governance/risk management systems. In addition, it adds to the growing literature on how risk culture shapes organizational risk management practices (for reviews, see Cimini, 2021; Kunz and Heitz, 2021). This literature has thus far used firms from the financial service industry and samples from developed countries. The article by Hassan et al. (2022) therefore complements existing risk culture studies by offering evidence from a mixed sample of financial and non-financial firms in an emerging economy.
Similarly, the paper by Tan and Lee (2022) describes the implementation of risk management practices in a developing country. Their mixed-method study focuses on the adoption of enterprise risk management (ERM) in small Malaysian businesses and thus contributes to the literature on risk management in small enterprises (for reviews, see Crovini et al., 2021; de Araújo Lima et al., 2020; Falkner and Hiebl, 2015). So far, this literature has tilted toward research from developed countries (Falkner and Hiebl, 2015) and, as indicated above, we cannot assume that risk management practices function in the same ways in emerging economies. Tan and Lee (2022) find that business interruption risks are the most relevant risk in the small businesses they survey, which explains why business continuity plans are the most frequently used aspect of ERM in these firms. In addition, they find that the presence of a risk management team actually lowers the likelihood that the small business will adopt ERM practices. This indicates that risk management teams serve as a substitute to ERM in taking care of risk governance in small businesses. More generally, this finding nurtures the idea that small businesses use different forms of risk management and risk governance than large firms, as the latter tend to rely on more formal applications such as ERM (cf. Grammenidis and Hiebl, 2021; Hiebl et al., 2018a, 2018b; Mitter et al., 2020).
By contrast, for large listed firms in developed countries such as those included in the S&P 500 index, Nagel et al. (2022) find that the phrasing of risk disclosures helps explain cumulative abnormal stock returns. Specifically, Nagel et al. (2022) find that investors seem to react to both positive and negative phrases in risk disclosures. In addition, the paper shows that business-related information conveyed in risk disclosures has a larger impact on cumulative abnormal stock returns than purely financial, legal or regulatory information. Nagel et al. (2022) also find that tailored phrases are specifically valued by investors as long as they are not too rare and feature some comparability to the phrases used in other firms’ risk disclosures. In summary, Nagel et al. (2022) identify various ways in which firms can change their risk disclosures to better meet the needs of equity investors and thus strengthen their risk governance (cf. Sheedy, 2021; Stein and Wiedemann, 2016).
Further such opportunities are highlighted by Harten et al. (2022), who rather focus on how the effectiveness of risk assessments as part of risk workshops may be improved. While such risk workshops are frequently applied in practice and included in prominent risk management frameworks (COSO, 2017; Fraser et al., 2021b; Quail, 2021), little research has been conducted to improve their outcomes – even though this research topic, as well as the research method used by Harten et al. (2022), hold much attractiveness and novelty. Indeed, the paper by Harten et al. (2022) may be the first to use a combination of agent-based modeling and simulation experiments to study why and how risk assessments can or cannot meet an organization’s expectations for such assessments. The findings presented by Harten et al. (2022) indicate that by increasing the discussion rounds during risk workshops, risk assessments progress from an underestimation to an overestimation of risks. The organizers of such risk workshops can thus infer from the paper that when they want to assess high risks accurately, they may need to extend the discussion around these risks as much as possible. Thus, just as the other papers included in this issue, the one by Harten et al. (2022) not only offers novel research insights but also charts potential ways for changing and improving the practice of risk management and risk governance.
3. Future research on risk governance and risk management in change
While risk management and risk governance in practice have changed substantially in the past two decades (Kloman and Fraser, 2021; Maffei and Spanó, 2021; McShane, 2018; Sheedy, 2021), the articles included in this special issue suggest that such change has not yet halted. Indeed, many articles continue to present opportunities for improving or professionalizing risk governance and risk management in various countries and types of organizations. Moreover, research has yet to examine how novel risks such as climate change risk (Fraser et al., 2021a) and cyber risks (Krupowicz and Young, 2021) can appropriately be addressed and included in existing risk management and risk governance approaches. In short, risk governance and risk management can be expected to remain a fruitful field for accounting research and beyond in the years to come.
Given the plethora of important and interesting questions to be addressed in these fields, it seems impossible to cover all interesting areas for future research in one brief editorial. I thus focus on two of the fields touched upon in several of the articles in this issue that have received little research attention yet.
3.1 Top managers, risk governance and risk management in change.
First, some papers in this issue and beyond (Caldarelli et al., 2016; Murr and Carrera, 2022; Schäfer et al., 2022), especially those relying on in-depth case studies, have noted the importance of top managers when aiming to change or professionalize existing risk management and risk governance approaches. In particular, the pivotal role of top management support is highlighted in the survey study by Schäfer et al. (2022), who find that external pressures materialize in more professional risk management through increasing top management support for such professionalization. While top management support seems an important factor for innovation in accounting and control practices more generally (Al-Sayed and Dugdale, 2016; Chanegrih, 2008; Pike et al., 2011; Wang et al., 2019), knowledge on how top managers can support such change and on the resources needed to equip them to do so is lacking. Risk management and risk governance are no longer new concepts, and an increasing number of top managers have been educated in novel approaches such as ERM during their studies and/or further training (Fiondella and Zagaria, 2021; Grammenidis and Hiebl, 2021; Kunsch and Bart, 2021). Some research has already found such training to be important for applying more sophisticated risk management approaches (Beasley et al., 2015). In addition, there is initial evidence that top manager characteristics such as the CEO’s tenure, ownership stake, locus of control and risk-taking propensity, as well as the CRO’s education and career trajectory can help explain why some organizations feature more sophisticated risk management systems than others (Bailey, 2019; Glowka et al., 2021; Hiebl et al., 2019; Ludin et al., 2017; Paape and Speklé, 2012). However, the findings on how other characteristics of top managers such as CEOs, CFOs and CROs, as well as entire top management teams influence change in risk management and risk governance are still missing. Bolstering this strand of the literature would be desirable given top managers’ pivotal role in such change processes.
One fruitful way to advance our understanding of how risk management and risk governance could be further professionalized would thus be an increased focus on top managers and their characteristics. In particular, quantitative studies could build on the literature on manager effects and upper echelons theory that has become an established research stream in studies of management accounting, control and financial reporting (Abernethy and Wallis, 2019; Hiebl, 2014; Plöckinger et al., 2016). Building on existing knowledge, such research could, for instance, focus on answering the following questions:
To what extent do typical top manager characteristics and values (Abernethy and Wallis, 2019; Hiebl, 2014; Plöckinger et al., 2016) explain the variation and change in applied risk management systems?
Which top manager characteristics better fit with formal risk management systems in raising an organization’s risk awareness (cf. Braumann, 2018; Braumann et al., 2020)?
To what extent do top managers, their characteristics and their ways of successfully steering a business compensate for the absence of more formal risk management approaches in small businesses (cf. Crovini et al., 2021; Grammenidis and Hiebl, 2021; Mitter et al., 2020)?
3.2 Regulating risk governance and risk management: can one size fit all?
As mentioned by several papers included in this issue and elsewhere (Alexander, 2020; Alsharari, 2021; Haustein and Lorson, 2021; Maffei and Spanó, 2021; Murr and Carrera, 2022), the past decade or so has seen manifold regulatory change on risk management. These regulatory efforts tend to follow a “the more, the better” paradigm and focus on being able to prove and audit the application of formal risk management systems (Power, 2004, 2009), leading to increasing demand for formal risk management in many organizations worldwide. In turn, case studies such as the one by Murr and Carrera (2022) continue to report internal resistance against such highly standardized and formalized risk management approaches such as those included in COSO (2017) and other frameworks. When regulation that would demand the application of such standardized frameworks is missing, empirical studies tend to conclude that many organizations deviate from such risk management “ideals” (Schäfer et al., 2022; Tan and Lee, 2022).
These observations raise the question of whether frameworks such as COSO (2017) can and should universally be applied to organizations from all sectors – private, public and non-profit alike – and organizations of all sizes, ownership structures and industries. Or is it really “non-compliant” organizations that are just not up-to-date in their risk management approaches and need to catch up with the latest developments as exemplified in best practice cases? Interesting questions for future research could include the following:
Among organizations that are not mandated to apply formal risk management approaches (e.g. small businesses, public sector and third-sector organizations in some jurisdictions), are those that adopt formal risk management approaches similar to frameworks such as COSO (2017) more or less effective at managing risks than organizations that adopt less formalized approaches to risk management? To what degree have such less formalized approaches changed over the past few years? What were the effects of such change?
To what extent are the assumptions (e.g. the formalization of business objectives and a desired culture, a focus on intended strategy development in contrast to emerging strategy; see Johnson et al., 2011) built into popular risk management frameworks (COSO, 2017) applicable to organizations in developing countries? Do national regulators account for the diversity of contexts? If not, how could regulation be informed to increase its fit with the context of regulated organizations?
4. Conclusions and acknowledgments
I hope you – as the readers of this issue – concur that the included articles represent an interesting collection of insights into the changing nature of risk governance and risk management and how this nature might change further in the future. Nonetheless, as indicated in Section 3, many relevant questions remain to be addressed by research and the articles included in this issue may serve as a trigger for such further study.
Many parties have supported me in compiling this issue and I would like to acknowledge some of them here. First, I would like to thank Zahirul Hoque, editor-in-chief of the Journal of Accounting and Organizational Change, for his support and openness to publish a special issue on the changing nature of risk governance and risk management. Second, I thank my colleagues Arnd Wiedemann, Volker Stein, Rainer Baule and Andreas Dutzi for their ongoing efforts to make the University of Siegen and the annual conference on risk governance one of the main venues for research on risk governance and management in Germany and beyond. These efforts include hosting the 2020 edition of the annual conference on risk governance where most of the papers included in this special issue could be discussed. Moreover, I would like to thank the many peer reviewers for freely giving their time to provide constructive and cogent reviews, including:
Giovanni Azzone, Politecnico di Milano, Italy.
Rainer Baule, University of Hagen, Germany.
Evelyn Braumann, Vrije Universiteit Amsterdam, The Netherlands.
Karen Brickman, University of Greenwich, United Kingdom.
Martin Carlsson-Wall, Stockholm School of Economics, Sweden.
Philna Coetzee, Tshwane University of Technology, South Africa.
Carolyn Cordery, Aston University, United Kingdom.
Susanne Durst, Tallinn University of Technology, Estonia.
Tamer Elshandidy, Ajman University, United Arab Emirates.
Cristina Florio, University of Verona, Italy.
Giuseppe Grossi, Kristianstad University, Sweden.
Thomas Henschel, Hochschule für Technik und Wirtschaft Berlin, Germany.
Fabian Hollstein, Leibniz University Hannover, Germany.
Susanne Homölle, University of Rostock, Germany.
Robert Hoyt, University of Georgia, United States.
Christian Huber, Copenhagen Business School, Denmark.
Michael Kuttner, Salzburg University of Applied Sciences, Austria.
Stephan Leitner, University of Klagenfurt, Austria.
Anita Meidell, Norwegian School of Economics, Norway.
Don Pagach, North Carolina State University, United States.
Rob Quail, Robert Quail Consulting, Canada.
Patrick Ring, Glasgow Caledonian University, United Kingdom.
Vikash Sinha, Aalto University, Finland.
Eija Vinnari, Tampere University, Finland.
Rüdiger Weber, Vienna University of Economics and Business, Austria.
Finally, a big thank you goes to the authors of the articles included in this issue. They have invested significant amounts of time and thought in crafting and revising their papers with the help of peer reviewers’ comments. I am confident that the included articles will improve our understanding of past change in risk governance and risk management and help predict future need for action.
References
Abernethy, M.A. and Wallis, M.S. (2019), “Critique on the ‘manager effects’ research and implications for management accounting research”, Journal of Management Accounting Research, Vol. 31 No. 1, pp. 3-40.
Agarwal, R. and Kallapur, S. (2018), “Cognitive risk culture and advanced roles of actors in risk governance: a case study”, The Journal of Risk Finance, Vol. 19 No. 4, pp. 327-342.
Al-Sayed, M. and Dugdale, D. (2016), “Activity-based innovations in the UK manufacturing sector: extent, adoption process patterns and contingency factors”, The British Accounting Review, Vol. 48 No. 1, pp. 38-58.
Alexander, K. (2020), “Regulating agency relationships and risk culture in financial institutions”, in Tuveson, M., Ralph, D. and Alexander, K. (Eds), Beyond Bad Apples: Risk Culture in Business, Cambridge University Press, Cambridge, pp. 165-189.
Alsharari, N.M. (2021), “Risk management practices and trade facilitation as influenced by public sector reforms: institutional isomorphism”, Journal of Accounting and Organizational Change, Vol. ahead-of-print No. ahead-of-print, doi: 10.1108/JAOC-11-2018-0117, in press.
Bailey, C. (2019), “The relationship between chief risk officer expertise, ERM quality, and firm performance”, Journal of Accounting, Auditing and Finance, Vol. 37 No. 1, doi: 10.1177/0148558X19850424, in press.
Baule, R. and Fandel, G. (2016), “Editorial”, Journal of Business Economics, Vol. 86 No. 8, pp. 809-811.
Beasley, M., Branson, B. and Pagach, D. (2015), “An analysis of the maturity and strategic impact of investments in ERM”, Journal of Accounting and Public Policy, Vol. 34 No. 3, pp. 219-243.
Bracci, E., Tallaki, M., Gobbo, G. and Papi, L. (2021), “Risk management in the public sector: a structured literature review”, International Journal of Public Sector Management, Vol. 34 No. 2, pp. 205-223.
Braumann, E.C. (2018), “Analyzing the role of risk awareness in enterprise risk management”, Journal of Management Accounting Research, Vol. 30 No. 2, pp. 241-268.
Braumann, E.C., Grabner, I. and Posch, A. (2020), “Tone from the top in risk management: a complementarity perspective on how control systems influence risk awareness”, Accounting, Organizations and Society, Vol. 84, p. 101128.
Caldarelli, A., Fiondella, C., Maffei, M. and Zagaria, C. (2016), “Managing risk in credit cooperative banks: Lessons from a case study”, Management Accounting Research, Vol. 32, pp. 1-15.
Chanegrih, T. (2008), “Applying a typology of management accounting change: a research note”, Management Accounting Research, Vol. 19 No. 3, pp. 278-285.
Cimini, R. (2021), “A systematic and bibliometric review on risk culture: a novel theoretical framework”, The Journal of Risk Finance, Vol. 22 No. 2, pp. 153-168.
COSO (2017), Enterprise Risk Management: Integrating with Strategy and Performance, COSO.
Crovini, C., Ossola, G. and Britzelmaier, B. (2021), “How to reconsider risk management in SMEs? An advanced, reasoned and organised literature review”, European Management Journal, Vol. 39 No. 1, pp. 118-134.
Culasso, F., Broccardo, L., Manzi, L.M. and Truant, E. (2016), “Management accounting and enterprise risk management. A potential integration as a new change in managerial systems”, Global Business and Economics Review, Vol. 18 Nos 3/4, pp. 344-370.
Damayanthi, S. and Gooneratne, T. (2017), “Institutional logics perspective in management control research: a review of extant literature and directions for future research”, Journal of Accounting and Organizational Change, Vol. 13 No. 4, pp. 520-547.
de Araújo Lima, P.F., Crema, M. and Verbano, C. (2020), ” “Risk management in SMEs: a systematic literature review and future directions”, European Management Journal, Vol. 38 No. 1, pp. 78-94.
Falkner, E.M. and Hiebl, M.R.W. (2015), “Risk management in SMEs: a systematic review of available evidence”, The Journal of Risk Finance, Vol. 16 No. 2, pp. 122-144.
Fiondella, C. and Zagaria, C. (2021), “Enterprise risk management in Italy”, in Maffei, M. (Ed.), Enterprise Risk Management in Europe, Emerald, Bingley, pp. 57-74.
Fraser, J.R., Quail, R. and Simkins, B.J. (2021a), “Climate change risk”, in Fraser, J., Quail, R. and Simkins, B.J. (Eds), Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives, 2nd ed., Wiley, Hoboken, pp. 589-602.
Fraser, J.R., Quail, R. and Simkins, B.J. (2021b), “Questions that are asked about enterprise risk management by risk practitioners”, Business Horizons, doi: 10.1016/j.bushor.2021.02.046, in press.
Gatzert, N. and Kolb, A. (2013), “Risk measurement and management of operational risk in insurance companies from an enterprise perspective”, Journal of Risk and Insurance, Vol. 81 No. 3, pp. 683-708.
Glowka, G., Kallmünzer, A. and Zehrer, A. (2021), “Enterprise risk management in small and medium family enterprises: the role of family involvement and CEO tenure”, International Entrepreneurship and Management Journal, Vol. 17 No. 3, pp. 1213-1231.
Goebel, S. and Weißenberger, B.E. (2017), “Effects of management control mechanisms: towards a more comprehensive analysis”, Journal of Business Economics, Vol. 87 No. 2, pp. 185-219.
Grammenidis, G. and Hiebl, M.R.W. (2021), “Enterprise risk management in Germany”, in Maffei, M. (Ed.), Enterprise Risk Management in Europe, Emerald, Bingley, pp. 23-37.
Hanafizadeh, P. and Marjaie, S. (2020), “Trends and turning points of banking: a timespan view”, Review of Managerial Science, Vol. 14 No. 6, pp. 1183-1219.
Harten, C., Meyer, M. and Bellora-Bienengräber, L. (2022), “Talking about the likelihood of risks: an agent-based simulation of discussion processes in risk workshops”, Journal of Accounting and Organizational Change, Vol. 18 No. 1, doi: 10.1108/JAOC-11-2020-0197.
Hassan, M.K., Abdulkarim, M.E. and Ismael, H.R. (2022), “Risk governance: exploring the role of organisational culture”, Journal of Accounting and Organizational Change, Vol. 18 No. 1, doi: 10.1108/JAOC-01-2021-0003.
Haustein, E. and Lorson, P.C. (2021), “Co-creation and co-production in municipal risk governance – a case study of citizen participation in a German city”, Public Management Review, doi: 10.1080/14719037.2021.1972704, in press.
Hiebl, M.R.W. (2014), “Upper echelons theory in management accounting and control research”, Journal of Management Control, Vol. 24 No. 3, pp. 223-240.
Hiebl, M.R.W. (2019), “Guest editorial: from theoretical framing to empirical testing in risk governance research: moving the field forward”, Management Research Review, Vol. 42 No. 11, pp. 1217-1223.
Hiebl, M.R.W., Duller, C. and Neubauer, H. (2019), “Enterprise risk management in family firms: evidence from Austria and Germany”, The Journal of Risk Finance, Vol. 20 No. 1, pp. 39-58.
Hiebl, M.R.W., Baule, R., Dutzi, A., Stein, V. and Wiedemann, A. (2018b), “Guest editorial: roles and actors in risk governance”, The Journal of Risk Finance, Vol. 19 No. 4, pp. 318-326.
Hiebl, M.R.W., Baule, R., Dutzi, A., Menk, M.T., Stein, V. and Wiedemann, A. (2018a), “Risk governance im mittelstand: Eine einführung der gastherausgeber”, ZFKE – Zeitschrift Für Kmu Und Entrepreneurship, Vol. 66 No. 1, pp. 1-11.
Hopper, T., Tsamenyi, M., Uddin, S. and Wickramasinghe, D. (2009), “Management accounting in less developed countries: what is known and needs knowing”, Accounting, Auditing and Accountability Journal, Vol. 22 No. 3, pp. 469-514.
Jabbour, M. and Abdel-Kader, M. (2015), “Changes in capital allocation practices – ERM and organisational change”, Accounting Forum, Vol. 39 No. 4, pp. 295-311.
Johnson, G., Whittington, R., Scholes, K., Angwin, D. and Regnér, P. (2011), Exploring Strategy: Text and Cases, 11th ed., Financial Times Prentice Hall, Harlow.
Kloman, H.F. and Fraser, J.R.S. (2021), “A brief history of risk management”, in Fraser, J., Quail, R. and Simkins, B.J. (Eds), Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives, 2nd ed., Wiley, Hoboken, pp. 23-36.
Krupowicz, A. and Young, P. (2021), “Cybersecurity: Risks and governance”, in Fraser, J., Quail, R. and Simkins, B.J. (Eds), Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives, 2nd ed., Wiley, Hoboken, pp. 603-629.
Kunsch, D.W. and Bart, C. (2021), “Directors and risk: Whither the best practice – evidence from Canada”, in Fraser, J., Quail, R. and Simkins, B.J. (Eds), Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives, 2nd ed., Wiley, Hoboken, pp. 883-903.
Kunz, J. and Heitz, M. (2021), “Banks’ risk culture and management control systems: a systematic literature review”, Journal of Management Control, Vol. 32 No. 4, doi: 10.1007/s00187-021-00325-4, in press.
Ludin, K.R.M., Mohamed, Z.M. and Mohd-Saleh, N. (2017), “The association between CEO characteristics, internal audit quality and risk-management implementation in the public sector”, Risk Management, Vol. 19 No. 4, pp. 281-300.
McShane, M. (2018), “Enterprise risk management: history and a design science proposal”, The Journal of Risk Finance, Vol. 19 No. 2, pp. 137-153.
Maffei, M. and Spanó, R. (2021), “Enterprise risk management across Europe”, in Maffei, M. (Ed.), Enterprise Risk Management in Europe, Emerald, Bingley, pp. 279-303.
Malmi, T. and Brown, D.A. (2008), “Management control systems as a package – opportunities, challenges and research directions”, Management Accounting Research, Vol. 19 No. 4, pp. 287-300.
Mitter, C., Postlmayr, M. and Kuttner, M. (2020), “Risk management in small family firms: insights into a paradox”, Journal of Family Business Management, Vol. ahead-of-print No. ahead-of-print, doi: 10.1108/JFBM-06-2020-0051, in press.
Murr, P. and Carrera, N. (2022), “Institutional logics and risk management practices in government entities: evidence from Saudi Arabia”, Journal of Accounting and Organizational Change, Vol. 18 No. 1, doi: 10.1108/JAOC-11-2020-0195.
Nagel, D.Y., Fuhrmann, S. and Guenther, T.W. (2022), “‘Red’ and ‘green’ flags of risk disclosures – identifying associations between positive and negative key phrases and consecutive cumulative abnormal stock returns”, Journal of Accounting and Organizational Change, Vol. 18 No. 1, doi: 10.1108/JAOC-11-2020-0193.
Ndemewah, S.R. and Hiebl, M.R.W. (2021), “Management accounting research on Africa”, European Accounting Review, doi: 10.1080/09638180.2021.1897025, in press.
Nguyen, D.H. and Hiebl, M.R.W. (2021), “Individual responses to using management control practices for hybridizing public-sector organizations: evidence from an emerging country”, International Public Management Journal, doi: 10.1080/10967494.2021.1937414, in press.
Paape, L. and Speklé, R.F. (2012), “The adoption and design of enterprise risk management practices: an empirical study”, European Accounting Review, Vol. 21 No. 3, pp. 533-564.
Pike, R.H., Tayles, M.E. and Mansor, N.N.A. (2011), “Activity-based costing user satisfaction and type of system: a research note”, The British Accounting Review, Vol. 43 No. 1, pp. 65-72.
Plöckinger, M., Aschauer, E., Hiebl, M.R. and Rohatschek, R. (2016), “The influence of individual executives on corporate financial reporting: a review and outlook from the perspective of upper echelons theory”, Journal of Accounting Literature, Vol. 37, pp. 55-75.
Posch, A. (2020), “Integrating risk into control system design: the complementarity between risk-focused results controls and risk-focused information sharing”, Accounting, Organizations and Society, Vol. 86, p. 101126.
Power, M. (2004), “The risk management of everything”, The Journal of Risk Finance, Vol. 5 No. 3, pp. 58-65.
Power, M. (2009), “The risk management of nothing”, Accounting, Organizations and Society, Vol. 34 Nos 6/7, pp. 849-855.
Quail, R. (2021), “How to plan and run a risk management workshop”, in Fraser, J., Quail, R. and Simkins, B.J. (Eds), Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives, 2nd ed., Wiley, Hoboken, pp. 369-390.
Rana, T., Hoque, Z. and Jacobs, K. (2019a), “Public sector reform implications for performance measurement and risk management practice: insights from Australia”, Public Money and Management, Vol. 39 No. 1, pp. 37-45.
Rana, T., Wickramasinghe, D. and Bracci, E. (2019b), “New development: integrating risk management in management control systems – lessons for public sector managers”, Public Money and Management, Vol. 39 No. 2, pp. 148-151.
Schäfer, F.-S., Hirsch, B. and Nitzl, C. (2022), “Stakeholder pressure as a driver of risk management practices in public administrations”, Journal of Accounting and Organizational Change, Vol. 18 No. 1, doi: 10.1108/JAOC-11-2020-0188.
Sheedy, E. (2021), Risk Governance: Biases, Blind Spots and Bonuses, Routledge, Abingdon and New York, NY.
Stein, V. and Wiedemann, A. (2016), “Risk governance: conceptualization, tasks, and research agenda”, Journal of Business Economics, Vol. 86 No. 8, pp. 813-836.
Stein, V. and Wiedemann, A. (2018), “Risk governance: Basic rationale and tentative findings from the German banking sector”, in Idowu, S.O., Sitnikov, C., Simion, D. and Bocean, C.G. (Eds), Current Issues in Corporate Social Responsibility: An International Consideration, Springer, Cham, pp. 97-110.
Stein, V., Wiedemann, A. and Bouten, C. (2019), “Framing risk governance”, Management Research Review, Vol. 42 No. 11, pp. 1224-1242.
Subramaniam, N., Collier, P., Phang, M. and Burke, G. (2011), “The effects of perceived business uncertainty, external consultants and risk management on organisational outcomes”, Journal of Accounting and Organizational Change, Vol. 7 No. 2, pp. 132-157.
Tan, C. and Lee, S.Z. (2022), “Adoption of enterprise risk management (ERM) in small and medium-sized enterprises: evidence from Malaysia”, Journal of Accounting and Organizational Change, Vol. 18 No. 1, doi: 10.1108/JAOC-11-2020-0181.
Tica, A. and Weißenberger, B. (2022), “How regulatory changes are driven by need for control in reputational scandals: a case study in the German insurance industry”, Journal of Accounting and Organizational Change, Vol. 18 No. 1, doi: 10.1108/JAOC-11-2020-0196.
van der Kolk, B., van Veen-Dirks, P.M. and ter Bogt, H.J. (2019), “The impact of management control on employee motivation and performance in the public sector”, European Accounting Review, Vol. 28 No. 5, pp. 901-928.
van Helden, J. and Uddin, S. (2016), “Public sector management accounting in emerging economies: a literature review”, Critical Perspectives on Accounting, Vol. 41, pp. 34-62.
Wang, S., Wang, H. and Wang, J. (2019), “Exploring the effects of institutional pressures on the implementation of environmental management accounting: Do top management support and perceived benefit work?”, Business Strategy and the Environment, Vol. 28 No. 1, pp. 233-243.