Using data from 825 organizations, we examine (1) the extent of ERM implementation and the factors that are associated with cross-sectional differences in the level of ERM adoption, and (2) specific ERM design choices and their effect on perceived ERM effectiveness. Broadly consistent with previous work in this area, we find that the extent of ERM implementation is influenced by the regulatory environment, internal factors, ownership structure, and firm and industry-related characteristics. As to ERM effectiveness, we find that organizations generally subscribe to a key premise of the COSO ERM framework, i.e. that ERM should address the full set of risks that affect the entity's strategic, operational, reporting, and compliance objectives. However, our results also raise some concerns as to the COSO framework. Particularly, we find no evidence that application of the COSO framework improves ERM effectiveness. Neither do we find support for the mechanistic view on risk management that is implicit in COSO's recommendations on risk appetite and tolerance.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.