Introduction
In the article “Learning to organise risk management in organisations,” the authors, Schiller and Prpich (2014), analyze the concept of enterprise risk management (ERM). They argue that, although ERM was developed as a more comprehensive alternative to other risk management systems, it did not become widely utilized by organizations. Schiller and Prpich (2014) suggest that this happened because ERM had considerable conceptual weaknesses. Their article explores the major features of ERM and argues that unknown interdependencies of risks, insufficient theoretical base, and a lack of recognizing diverse institutional contexts hinder the effective implementation of ERM.
Key Arguments
In the introduction, Schiller and Prpich (2014) describe ERM development and explain its key difference from other risk management systems. The authors report that ERM was created for finance and insurance fields, but later it was adopted by business and government organizations. Schiller and Prpich (2014) state that the main feature of ERM is that it considers all risks, even secondary ones, and suggests that they can be compared and used to inform the organization’s future strategy. However, despite the ERM adoption by organizations in various sectors, it received skeptical feedback from risk management experts because it does not account for differences in organizational contexts.
In the second section of the article, the authors review the recent literature to discuss challenges faced by risk management in organizations. Schiller and Prpich (2014) point out that there are scarce academic studies investigating organization-wide risk management approaches. This may be because various organizations face specific risk management challenges that cannot be transferred to other contexts. ERM, in its turn, tries to encompass all possible risks faced by organizations. As a result, it can be difficult to commensurate risks in the organization’s portfolio, track interdependencies between risks, and communicate risks equally (Schiller & Prpich, 2014). The authors conclude that for these reasons, and because of ERM’s insensitivity to context, ERM can often be misapplied and lead to false beliefs that risks are effectively managed within the organization.
The third section explains the purpose of risk management frameworks. Schiller and Prpich (2014) describe the COSO framework released in 1992 and 2004, which defines risk management as “the purpose of internal control” but does not set independent risk management standards (p. 1002). The authors also review the ERM framework and state that it lacks specifics about how organizations should integrate and manage risks. Again, the authors emphasize that ERM does not consider the organizational context; instead, it suggests that organizations should focus on risks that threaten organizational objectives and strategy.
In the fourth section, the researchers explore the problem of commensurating risks. Schiller and Prpich (2014) argue that ERM suffers from risk incommensurability for two reasons. First, it tries to render all risks in financial terms because of its origins in the financial sector. Second, it aims to be comprehensible and include all possible risks, so there is a high probability that some of these multiple risks will be incommensurable and incomparable. The fifth section also contains the authors’ discussion of risk commensuration. Schiller and Prpich (2014) note that organizations are often faced with situations when their portfolios include dissimilar risks. ERM suggests that this problem can be resolved by constant risk assessment and their identification as secondary risks, but the authors note that this solution is not feasible.
The sixth section explores organizational learning processes necessary for the successful implementation of risk management. Schiller and Prpich (2014) argue that, within an organization, tacit and explicit knowledge should be constantly shared through such processes as socialization, externalization of knowledge, a combination of new data, and its internalization. The authors also point out that ERM ignores the need for implicit and explicit knowledge sharing within an organization.
In the final section, the researchers note that there is little empirical evidence that ERM’s comprehensiveness is reasonable. They also assume that it is one reason why organizations and governments do not adopt ERM with enthusiasm (Schiller & Prpich, 2014). Therefore, the authors call on scholars to conduct empirical studies to validate the ERM framework and devote special attention to investigating commensuration and knowledge generation processes.
Conclusion
The reviewed article describes the ERM framework and provides compelling arguments about weaknesses of ERM conceptualization. The discussed weaknesses include ERM’s insensitivity to organizational context, excess comprehensiveness resulting in commensuration problems, disregard of knowledge generation processes within the organization, and a lack of empirical evidence validating ERM. The article is of value for scholars because it elaborates on the shortcomings in the current ERM conceptualization and provides directions for future research in risk management.
Reference
Schiller, F., & Prpich, G. (2014). Learning to organise risk management in organisations: What future for enterprise risk management? Journal of Risk Research, 17(8), 999-1017. Web.