Authors: Dermot Williamson
Addresses: Lancaster China Management Centre, Lancaster University Management School, Lancaster University, Lancaster, LA1 4YX, UK
Abstract: COSO|s (2004) framework on Enterprise Risk Management (ERM) makes a valuable contribution to the emerging practice of ERM, but suffers serious limitations. It fails to provide a workable standard for identifying ERM effectiveness. Its definition of |risk| diverts attention from opportunities and from uncertainties that fall outside its closed rational systems perspective. By taking a command and control approach, it ignores shared management of uncertainties with external parties and social implications of ERM. As a result, threats will be created if this framework is widely followed, which seems likely as ERM is institutionalised within regulations, professional practice and expected norms of good management.
Keywords: enterprise risk management; ERM; institutions; management accounting; management control; systems theory.
International Journal of Risk Assessment and Management, 2007 Vol.7 No.8, pp.1089 - 1119
Published online: 02 Oct 2007 *Full-text access for editors Access for subscribers Purchase this article Comment on this article