Prelims

Half Title Page

Enterprise Risk Management in Today’s World, Part A

Series Page

EMERALD STUDIES IN FINANCE, INSURANCE, AND RISK MANAGEMENT

Series Editor: Simon Grima

Books in this series collect quantitative and qualitative studies in areas relating to finance, insurance, and risk management. Subjects of interest may include banking, accounting, auditing, compliance, sustainability, behaviour, management, and business economics.

In the disruption of political upheaval, new technologies, climate change, and new regulations, it is more important than ever to understand risk in the financial industry. Providing high-quality academic research, this book series provides a platform for authors to explore, analyse and discuss current and new financial models and theories, and engage with innovative research on an international scale.

Previously published:

• Uncertainty and Challenges in Contemporary Economic Behaviour

  Ercan Özen and Simon Grima

• New Challenges for Future Sustainability and Wellbeing

  Ercan Özen, Simon Grima and Rebecca Dalli Gonzi

• Insurance and Risk Management for Disruptions in Social, Economic and Environmental Systems: Decision and Control Allocations within New Domains of Risk

  Simon Grima, Ercan Özen and Rebecca Dalli Gonzi

• Public Sector Leadership in Assessing and Addressing Risk

  Peter C. Young, Simon Grima and Rebecca Dalli Gonzi

• Big Data Analytics in the Insurance Market

  Kiran Sood, B. Balamurugan, Simon Grima and Pierpaolo Marano

• Big Data: A Game Changer for Insurance Industry

  Kiran Sood, Rajesh Kumar Dhanaraj, B. Balamurugan, Simon Grima and R. Uma Maheshwari

• The Adoption and Effect of Artificial Intelligence on Human Resources Management, Part A

  Pallavi Tyagi, Naveen Chilamkurti, Simon Grima, Kiran Sood and B. Balamurugan

• The Adoption and Effect of Artificial Intelligence on Human Resources Management, Part B

  Pallavi Tyagi, Naveen Chilamkurti, Simon Grima, Kiran Sood and B. Balamurugan

• Contemporary Studies of Risks in Emerging Technology, Part A

  Simon Grima, Kiran Sood and Ercan Özen

• Contemporary Studies of Risks in Emerging Technology, Part B

  Simon Grima, Kiran Sood and Ercan Özen

• The Framework for Resilient Industry: A Holistic Approach for Developing Economies

  Narinder Kumar, Kiran Sood, Ercan Özen and Simon Grima

• VUCA and Other Analytics in Business Resilience, Part A

  Deepmala Singh, Kiran Sood, Sandeep Kautish and Simon Grima

• VUCA and Other Analytics in Business Resilience, Part B

  Deepmala Singh, Kiran Sood, Sandeep Kautish and Simon Grima

• Finance Analytics in Business: Perspectives on Enhancing Efficiency and Accuracy

  Sanjay Taneja, Pawan Kumar, Kiran Sood, Ercan Özen and Simon Grima

Title Page

Enterprise Risk Management in Today’s World: Enterprise-Wide Risk Management and Strategy, Part A

BY

JEAN-PAUL LOUISOT

JPLA Consultants LLC, France

EDITED BY

SIMON GRIMA

University of Malta, Malta

United Kingdom – North America – Japan – India – Malaysia – China

Copyright Page

Emerald Publishing Limited

Emerald Publishing, Floor 5, Northspring, 21-23 Wellington Street, Leeds LS1 4DL.

First edition 2024

Copyright © 2024 Jean-Paul Louisot and Simon Grima.

Published under exclusive licence by Emerald Publishing Limited.

Reprints and permissions service

Contact: www.copyright.com

No part of this book may be reproduced, stored in a retrieval system, transmitted in

any form or by any means electronic, mechanical, photocopying, recording or

otherwise without either the prior written permission of the publisher or a licence permitting restricted copying issued in the UK by The Copyright Licensing Agency

and in the USA by The Copyright Clearance Center. Any opinions expressed in the chapters are those of the authors. Whilst Emerald makes every effort to ensure the quality and accuracy of its content, Emerald makes no representation implied or otherwise, as to the chapters’ suitability and application and disclaims any warranties, express or implied, to their use.

British Library Cataloguing in Publication Data

A catalogue record for this book is available from the British Library

ISBN: 978-1-83797-407-8 (Print)

ISBN: 978-1-83797-406-1 (Online)

ISBN: 978-1-83797-408-5 (Epub)

Epigraph

Whenever a theory appears to you as the only possible one, take this as a sign that you have neither understood the theory nor the problem which it was intended to solve.

The old scientific ideal of episteme – of absolutely certain, demonstrable knowledge – has proved to be an idol. The demand for scientific objectivity makes it inevitable that every scientific statement must remain tentative forever.

Karl Popper

You can’t depend on your eyes when your imagination is out of focus.

Mark Twain

Our greatest glory is not in ever falling, but in rising every time we fall.

Confucius

The position and momentum of a particle cannot be simultaneously measured with arbitrarily high precision. There is a minimum for the product of the uncertainties of these two measurements. There is likewise a minimum for the product of the uncertainties of the energy and time.

Heisenberg, in Uncertainty principle paper, 1927

The world is changing. Networks without a specific branding strategy will be killed I envision a world of narrowly niche services and tightly run companies without room for all the overhead the established networks carry.

Barry Diller, press Tycoon

If a nation expects to be ignorant and free in a state of civilization, it expects what was and never will be. The people cannot be free without information.

Thomas Jefferson letter to Charles Yancy (1816)

Contents

List of Figures and Tables

About the Author

Prof Jean-Paul Louisot holds a PhD in Management Sciences (Université PARIS 1 Panthéon Sorbonne – 2014), a mining engineering degree, a Master in Economics, and an MBA from the Kellogg School of Management. Since 1993, he has been teaching and coaching postgraduate students and risk-management professionals. After 9 years at Paris 1 Panthéon-Sorbonne University, and 10 years in postgraduate courses in risk management at the Institut Catholique de Lille, he has participated in the development of the European designation, Rimap, promoted by FERMA.

About the Editor

Professor Simon Grima is the Deputy Dean of the Faculty of Economics, Management and Accountancy, Associate Professor, and the Head of the Department of Insurance and Risk Management. He is also a Professor at the University of Latvia, Faculty of Business, Management and Economics and a Visiting Professor at UNICATT Milan.

Preface: Context for Linking ERM and Strategy

The complexity of the business context, combined with the intricacy and interconnections of risk and objectives – necessitates the organisation implement a strategic approach to business and operational resilience. Indeed, there is a growing focus on resilience exacerbated by the pandemic and ensuing geopolitical upheavals. Resilience is the capacity to recover quickly from difficulties/ruptures; the ability of a business to spring back from any disturbance. This is quite critical and many organisations rightfully merge risk management and business continuity management into what is enterprise risk management (ERM), sometimes defined as a resilience programme.

Any academic studying risk management can only be surprised that at a time when the world is becoming more and more complex and volatile, most MBA programmes are still resting on old scientific principles: they remain founded on Democritus’ description of the atom or at best Bohr’s. To be specific, management principles are still anchored on classical physics that allows five-year planning exercises. If governments dropped this practice after the fall of the Soviet Union, how is it possible that so many firms are still indulging in it? Could it be that too many managers have failed to recognise that times are no longer such that a deterministic approach to the future is reasonable?

Traditional physics is founded on the principle that similar causes have similar consequences and proportional causes have proportional consequences. This was fundamentally challenged with advances of modern microphysics, which can be summarised in the uncertainty principle, also called the uncertainty relations, set out by Heisenberg. To some extent, it is this research that opened the path to chaos theory, which does not yet seem to have influenced strategic thinking in most organisations, even if some visionaries appear to be inspired by it, consciously or unconsciously.

Of course, the founders of Apple, Google, and other GAFA come to mind. However, there are also leaders of start-ups and small- and medium-sized enterprises (SMEs) that may be visionary in their own right like the founders of Air B&B, Uber, etc. SMEs are at the heart of jobs and value creation not only in developed countries but also in emerging countries.

To summarise, it seems reasonable to assess the strategic processes currently implemented in most organisations as too rigid and sequential; strategy rests still on the idea that the world’s evolution is a series of stems that allows controllable processes. Resting on periodic reviews of their internal and external contexts, the leaders of these organisations operate without the continuous scouting of the future that would allow them to decipher low-level noises or sentinel events that facilitate an efficient forecast of future evolutions and anticipation of revolutions so that the organisation’s relevance for its stakeholders’ networks can be maintained at all times.

Major economic players, including nation states, have now the capacity to develop and implement models that are increasingly powerful and even include learning capabilities thanks to artificial intelligence (AI):

Our systems learn by themselves from experience; however, we still choose their learning path. But we must always keep in mind that even the more complex games are more accessible to the computers than the general issues confronting the real world.¹

However, even AI specialists remain cautious when it comes to replacing human brains with machines in complex decision-making. As for Werner Heisenberg, reading his principle makes it clear that he questioned the use of the normal distribution, thus opening the possibility of extreme situations, rupture, or black and grey swans. Risk management professionals prefer the concept of artificially enhanced intelligence.

About quantum physics, Heisenberg stipulated that as the exact position of a particle cannot be known at a given point in time, the future cannot be determined. A specific trajectory does not lend itself to a precise computation, but only a range of possible trajectories can be determined (however, using Erwin Schrödinger’s equation, it is possible to assign a probability to each trajectory).

Economists have yet to produce an equivalent of Schrödinger’s equation, as the economic world cannot be described with a simple list of drivers. It is complex and necessitates factoring in the human dimension, so interactions are volatile and will need to be approached with fuzzy logic integrations. Would it be reasonable to expect forecasting the future with precision, when even the present eludes the human brain?

For risk management professionals, the good news is that uncertainty and risk must be more and more at the centre of all decision-making, strategic, tactical, or operational; that does not result in the world of decision-making belonging to risk-managers. However, all professionals have understood that the issue of risk has become essential in any decision-making, and they are ready to occupy the field should the existing risk-management professionals not step up to the plate. Competition for the attention of the board for risk issues is open with:

• internal and external auditors with their three lines of defence,

• quality control managers (whose legitimacy in tackling risk is reinforced by the ISO 9000:2015 which includes a chapter on risks),

• security and safety specialists, economic intelligence consultants, and

• continuity managers (another member of the risk professional community)!

And the list is still open with resilience management as the newest entry. There is a growing list of risk management in specialised branches, but they can be gathered under one roof as they have common goals and use the same tools. With the proliferation of ISO standards dealing with specific risks, the erection of new silos can be feared.

There is no doubt that risk management has a bright future, especially after the pandemic and the geopolitical unrest, even if it might be shared by many, indeed by all practitioners. As far as the risk manager’s function in any organisation is concerned, even adorned with the title of chief risk officer (CRO), a function that is still developing after over two decades of existence while the Chief Information Officer (CIO) is now widespread and involved in cyber-risk management, it will survive in this maelstrom only if the incumbents can acquire the talents and competencies needed to grasp what is at stake and manoeuvre to make it to the front of the pack!

The management of risk is a director’s and officer’s mission; there is not much debate about it now that the codes of governance worldwide tend to assign them direct responsibility and liability to develop and guide their organisations’ policies with a clear understanding of and due consideration to the uncertainties and storms of the future. However, without proper gears and relays at all levels in the organisation and with its main partners, the extended enterprise, even the best-defined policy would have little effect on the well-being of the organisation or society at large.

Managing risk is a core mission for all public and private actors. The survival of all depends on the vigilance of each one. This has a special echo for those individuals who have been trained for special forces or intervention units and those dealing with terrorist attacks!

Furthermore, the generalised explosion of social media, now a key player in all social debates, means that transparency in communication and consultation with key stakeholders has become essential; however, it may interfere with speedy decisions required at the early stages of a rupture when a dramatic strategic change may be called for.

Whatever the situation, any new strategy has a reasonable chance of success only if all those involved embrace the change, not only within the organisation but also beyond, i.e., both internal and external stakeholders. This is the reason why a continuous strategic process must be developed and implemented, provided it is informed by global and integrated risk management and positioned in a change management effort where all can be heard and listened to.

In such a context, the question of democracy in the company, which was at the heart of the debates at the end of the 1960s during the students’ upheavals, seems to gain new momentum. However, it is unlikely that there will be a ‘one size fits all’ route to democracy. Sometimes, it will surge from the base; others, it will result from the will of top management, but success will require both to meet on a common course.

When it comes to change, top management must do it, but all those involved must then embrace it. There is no unique strategy to develop and implement the instruments and processes of resilience, and this is indeed the case for the guidelines proposed in the ISO 31000 standard: it is a toolbox where each artisan must find the most efficient way to use them in each organisation.

In a world evermore complex and volatile, it is not reasonable to build models on deterministic approaches or one man’s vision; therefore, ERM becomes a key as it offers an approach in which uncertainty is at the centre of any decision. Furthermore, ERM top-bottom and bottom-up paths ensure that all adhere to permanent change, whereas change is what destabilises human beings in any society, as well as any organisation.

As far as democracy and equality are concerned, nobody (except for a few admirers of Proudhon) wants to stray from capitalism, but many want to see a return to the reduced levels of inequality that prevailed before the late eighties.2

Readers looking for simple solutions or checklists will be disappointed. The present book is not a cookbook with recipes but rather a book of questions, on all the challenges that any entrepreneur, director, officer, or elected official must meet if (s)he is to promote resilience and justice for the future in a very uncertain context and to navigate safely through the high seas ahead. ERM does not set aside hazards but aims to optimise risk-taking: enhancing opportunities and curbing threats. ERM is therefore in essence at the core of any strategic exercise.

If climate change is not heavily mentioned, it is because there are already many books offering experts’ thoughts on the matter, from the likely causes to the prevention and protection measures that could be implemented, not to mention the Intergovernmental panel on climate change (IPCC) reports.

Furthermore, most of these solutions are beyond the domain of decision and strategy of individual actors, even if individual efforts should not be undervalued. There is also the nagging issue of artificial intelligence, already mentioned. Organisation for Economic Co-operation and Development (OECD) expects AI will become a major threat to humankind within 20 years, but investigations into this scenario seem still at an early stage despite recent developments like chatGPT. However, all organisations must consider these risks in their strategic process at the horizon of 2030/2050. As with other emerging risks, AI and climate change are sources of threats, but they also offer many opportunities for innovators, including transition risk.