The impact of enterprise risk management on institutional performance in Jordanian public shareholding companies

This study examined the impact of Enterprise Risk Management (ERM) on institutional performance of public shareholding companies in Jordan based on COSO (2004) ERM Integrated Framework. Questionnaire survey was adopted as the research methodology for this study, and a total of 313 questionnaires were successfully collected. The obtained data was analyzed by Structural Equation Modeling Tool (Smart-PLS), and based on the analysis, implementation of ERM was found to have a significant influence on institutional performance. From the finding’s analysis, it was revealed that enterprise risk management framework had a role in improving the performance of extraction companies in Jordan. The analysis also highlighted that the increase of enterprise risk management framework implementation will increase the performance of the extraction companies in Jordan. Furthermore, all the independent variables (Internal Environment, Event Identification, Risk Assessment, Risk Response, Control Activities, Information and Communication, and Monitoring) are significant predictors, except for objective setting. These variables statistically and significantly predicted performance of extraction companies in Jordan. The findings from this study enable organizations to better understand the status of their ERM implementation and assist them in identifying areas of improvement, with regards to the processes within each ERM elements. Corresponding author: Mohammad Altanashat Email addresses for the corresponding author: altanashat.mohammad@yahoo.com First submission received: 5th May 2018 Revised submission received: 20th July 2018 Accepted: 8th August 2018 Introduction A variety of risks confronts organizations today. Forces such as globalization, regulatory uncertainty, competition and technology add complexity to the business environment, thereby imposing additional risks on the economic entity, and ultimately, decreasing shareholder value. Given these risk factors and others, managers have to achieve a more holistic orientation towards risk management and stronger governance in their organizations (Shannak, 2010). In order to be able to face the complex internal and external challenges of the modern world, a firm's investment in an Enterprise Risk Management (ERM) program is no longer a matter of choice, but of necessity. Poor risk management is found to be a major contributor to the credit crisis, and consequently an increasing number of shareholders, Boards of Directors (BOD) and rating agencies are taking a serious view of and analytical approach to adopting risk management (Shoter, 2016). The word enterprise for Enterprise Risk Management (ERM) clearly shows a different meaning than traditional Risk Management. Enterprise means to integrate or aggregate all types of risks, using integrated tools and techniques to mitigate the risks and to communicate across business lines or level compared to Traditional Risk Management (Izah, Tahir, Ahmad, 2011). In recent years, a shift of trend has been observed on how the organizations view and manage risks (Shad, Lai, & Iskandar, 2015) as a fundamental concern of any organization. Instead of the traditional risk management method, which is based on the silo approach, organizations now treat risk management from a holistic perspective which is commonly known as Enterprise Risk Management Journal of Business and Retail Management Research (JBRMR), Vol. 13 Issue 3 April 2019 www.jbrmr.com A Journal of the Academy of Business and Retail Management (ABRM) 257 (ERM) (Gordon, Loeb, Tseng, 2009). The instability in the international financial, currency and commodity markets, and uncertainties on the direction of monetary policy in some dominant economies have caused substantial risk facing emerging economies (Ai Ping & Muthuveloo, 2015). The global financial crisis and the consequential implications and effects on the business environment, whether internal or external, constitute one of the most important topics in contemporary research, although analysts are unable to determine their precise causes and sources. While companies face the inevitable risks of the crisis and its consequences that threaten, in some cases, their survival and continuity if not responded to and adapted to. Since the crisis broke out in September 2008, its repercussions and consequences have affected the Jordanian economy in all its sectors (Matar & Nuaimat, 2014). The most significant manifestation of these repercussions was the sharp drop in the profits of the Jordanian public shareholding companies listed on the Amman Stock Exchange in 31/12/2008, with all sectors reaching an average drop rate of 48%. This decline was reflected in the trading volumes of those companies, which also fell by 62%. On average, this effect extends to its market values, which fell by an average of 55% (Burghol, 2015); in other words, the wider business and management implications of having or not having a system of ERM should be considered. Forces such as globalization and instability in the political and economic environment add complexity to business and have provided a significant impetus to the importance of managing risks. Internationally, the financial crisis of 2008 has highlighted some weaknesses in the process of risk management (Voinea & Anton, 2009). In the context of the Middle East, the events of the Arab Spring have increased the risk perceptions of organizations (Al Khattab & Hood, 2015). Previous risk management studies on Jordanian organizations (Khattab, Anchor, & Davies, 2008) reported that risk assessment practice is crisis-oriented. Risk management is not fully integrated into the general business and management decision-making process, in that it focuses only on the negative outcomes of possible events and not on the balance between risk and reward. ERM is seen as a top down approach, which constitutes identifying, assessing, and responding to strategic, operational, and financial risks in order to achieve four objectives: strategy (high level goals that align with company mission), operations (effective and efficient use of resources), reporting (reliability of reporting), and compliance (compliance with applicable laws and regulations) (Harner, 2010). ERM is believed to have positive impact on firm’s performance (Shad, Lai, Iskandar, 2015). Therefore, this study sought to determine the relationship between enterprise risk management and institutional performance in public shareholding companies in the southern region of Jordan. Literature Review Risk and Risk Management The term "risk management" is an open-concept that has no specific fixed agreed definition. Every specialist in this area has its own definition of the concept, based on his personal experience and the experience and culture of the organization, which works to manage risks (Abdel-Hay, 2010). Risk management is a continuous process of making and implementing decisions that will minimize the extent of uncertainty concerning exposure to risks that have an impact on the business in other words, it is the natural tendency of the organization to balance between opportunities (Martin, 2013). In this regard risk management is a process affected by an entity’s board of directors, management and other personnel, and is applied in strategy setting and across the enterprise, designed to identify potential events. In turn, it may affect the entity, and manage risk to be within its risk appetite and provide reasonable assurance of the achievement of the entity’s objectives (Bujayrami, 2011). In a state of uncertainty, it is the probability of the occurrence of circumstances/events that could have an influence on the goals established, including the possibility of a loss or a profit based on the difference found in the desired result. Both risk and incident are associated with the possibility of the occurrence of the event causing the danger, and the related effects or consequences (AS/NZS, 2004). The common feature of many risk definitions is that risk deals with uncertainty (Ferkolj, 2010). One of the most general definitions of risk was provided by the International Organization for Standardization in the ISO 31000 standard. According to such standard, risk is defined as the effect of uncertainty on objectives (ISO, 2015). Similarly, Hopkin (2010) provided a comprehensive definition of the word risk in the business context and described a major risk to an organization as "an event with the ability to impact (inhibit, enhance or cause doubt about) the mission, strategy, project, routine operation, objective, core process, key dependencies and/or the delivery of Journal of Business and Retail Management Research (JBRMR), Vol. 13 Issue 3 April 2019 www.jbrmr.com A Journal of the Academy of Business and Retail Management (ABRM) 258 stakeholder expectations. By the term uncertainty, we mean the absence of certainty or something, which is not known. It refers to a situation where there are multiple alternatives resulting in a specific outcome, but the probability of the outcome is not certain. This is because of insufficient information or knowledge about the present condition. Hence, it is hard to define or predict the future outcome or events. Uncertainty cannot be measured in quantitative terms through past models. Therefore, probabilities cannot be applied to the potential outcomes, because the probabilities are unknown (Surbhi, 2016). Risk management is a central part of any organization’s management as it helps managers gain an understanding of the potential positive and negative effect of all the internal and external factors surrounding the organization, and thereby, increases the probability of achieving the organization’s