Hakan Jankensgard - Empowered Enterprise Risk Management: Theory and Practice

1. Chapter 3
2. Chapter 6

1. Chapter 3
2. Chapter 4
3. Chapter 7
4. Chapter 8
5. Chapter 9
6. Chapter 10
7. Chapter 11

HKAN JANKENSGRD

PETTER KAPSTAD

This edition first published 2021

2021 John Wiley & Sons, Ltd

Registered office
John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ,

United Kingdom

For details of our global editorial offices, for customer services and for information about how to apply for permission to reuse the copyright material in this book please see our website at www.wiley.com.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by the UK Copyright, Designs and Patents Act 1988, without the prior permission of the publisher.

Wiley publishes in a variety of print and electronic formats and by printondemand. Some material included with standard print versions of this book may not be included in ebooks or in printondemand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The publisher is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. It is sold on the understanding that the publisher is not engaged in rendering professional services and neither the publisher nor the author shall be liable for damages arising herefrom. If professional advice or other expert assistance is required, the services of a competent professional should be sought.

Library of Congress CataloginginPublication Data

Names: Jankensgrd, Hkan, author. | Kapstad, Petter, author.

Title: Empowered enterprise risk management : theory and practice / Hkan Jankensgrd, Petter Kapstad. Description: First Edition. | Hoboken : Wiley, 2021. | Series: Wiley corporate F&A | Includes index.

Identifiers: LCCN 2020035534 (print) | LCCN 2020035535 (ebook) | ISBN 9781119700159 (hardback) | ISBN 9781119700180 (adobe pdf) | ISBN 9781119700203 (epub)

Subjects: LCSH: Risk management. | Organizational effectiveness.

Classification: LCC HD61 .J356 2020 (print) | LCC HD61 (ebook) | DDC 658.15/5dc23

LC record available at https://lccn.loc.gov/2020035534

LC ebook record available at https://lccn.loc.gov/2020035535

Cover Design: Wiley

Cover Images: kool99/Getty Images, Ascent Xmedia/Getty Images

For August and Wilma HJ

Many thanks to Tone, Lotte, and Kaja for their support and inspiration PK

IN THIS BOOK, WE ARE INTERESTED in how firms should organize themselves to deal with risks affecting their performance, as well as the process of risktaking itself. When enterprise risk management (ERM) arrived on the scene in the 1990s, it presented itself as a framework that allows firms to deal with precisely these questions. ERM brought novel ideas to bear on the risk management process, such as the involvement of the board of directors and taking an integrated perspective on the firm's various risks. Ideas like these set corporate risk management on a whole new path, and the response has been massive among practitioners as much as academics. Today, ERM is a rapidly expanding field that has become the new benchmark for how to think about risk management in firms.

Our interest in principles means that we will take a tour of the theories of risk management in search of insights. Theory, as we will argue in the first chapter of the book, is not only of interest for its own sake. It can often be a powerful guide to action, as it articulates the problems to be solved and identifies the mechanisms whereby value can be created. In an eclectic and sprawling field such as ERM, which has proven to be an endlessly malleable concept, we feel that such a returntofundamentals approach has many benefits.

Our goal is to draw up a vision of an empowered version of ERM that fully leverages these valuecreating mechanisms and makes a real difference. But theory can only get you so far. ERM challenges the status quo in organizations and is sometimes met with raised eyebrows or even disinterest. Consequently, in some cases ERM is reduced to an uninspired activity far below potential: a boxticking exercise that does just enough to meet outside expectations. The stakes are high, because empowered ERM will interact with several important decisionmaking processes in the firm.

The second theme of this book is that if we want to tap into ERM's full potential, we need to harness lessons learnt from practice as well. Our quest will lead us to explore the experiences of Equinor, a Norwegian energy company, where risk management has reached the status of core value in the sense of being expected by every employee. The firm's culture and governance structures have been profoundly influenced by ERM since its humble beginnings over two decades ago. The hardwon lessons learnt by Equinor over many years give us valuable insights into how ERM can deepen its impact.

This book is organized into twelve chapters that chart out something akin to a journey. In the first chapters, we create a foundation on which to build further, identifying theories and principles that can guide action () integrates the previous chapters and concludes the book. Below follows a brief description of the individual chapters.

traces out the origins and ideas behind organized forms of risk management, and shows how ERM sprung out of an increasingly felt need to improve risk governance in firms. We also elaborate on the roles of theory and lessons to be learnt from practice in arriving at an empowered and more impactful version of ERM.

discusses how risk can be defined and how that connects with the valuecreation process. We establish increasing longterm value and living up to the standards of good corporate citizenship as the twin goals of companies, and by extension of ERM, arguing that these goals are not mutually exclusive.

identifies the distinguishing features of ERM and compares that to traditional forms of risk management. In developing a theory of ERM, we focus on coordination and cost efficiency problems resulting from decentralized risk management, and on information and incentive problems that are also created by the existence of such risk management silos'.

discusses risk culture: how it can be understood, the benefits it brings, and what stands in its way. We emphasize the role of shorttermism in creating its opposite, a riskprone culture, and highlight the importance of clarifying expectations and desired behaviours with respect to risk management to create a culture that contributes towards successful risk management.