Abstract
Purpose
In developing countries, how risk management technologies influence management accounting and control (MAC) practices is under-researched. By drawing on insights from institutional studies, this study aims to examine the multiple institutional pressures surrounding an entity and influencing its risk-based management control (RBC) system – that is, how RBC appears in an emerging market attributed to institutional multiplicity.
Design/methodology/approach
The authors used qualitative case study research methods to collect empirical evidence from a privately owned Egyptian insurance company.
Findings
The authors observed that in the transformation to risk-based controls, especially in socio-political settings such as Egypt, changes in MAC systems were consistent with the shifts in the institutional context. Along with changes in the institutional environment, the case company sought to configure its MAC system to be more risk-based to achieve its strategic goals effectively and maintain its sustainability.
Originality/value
This research provides a fuller view of risk-based management controls based on the social, professional and political perspectives central to the examined institutional environment. Moreover, unlike early studies that reported resistance to RBC, this case reveals the institutional dynamics contributing to the successful implementation of RBC in an emerging market.
Keywords
Citation
Metwally, A.B.M. and Diab, A. (2024), "Towards an institutional understanding of risk-based management controls: evidence from a developing market", Qualitative Research in Accounting & Management, Vol. 21 No. 2, pp. 165-191. https://doi.org/10.1108/QRAM-05-2023-0087
Publisher
:Emerald Publishing Limited
Copyright © 2024, Abdelmoneim Bahyeldin Mohamed Metwally and Ahmed Diab.
License
Published by Emerald Publishing Limited. This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence may be seen at http://creativecommons.org/licences/by/4.0/legalcode
1. Introduction
Risk management (RM) has become a broadly diffused set of practiced routines in today’s industries (Power, 2016). The concept of RM has emerged as a centre in management practices, and risk officers’ role in corporate charts has become vital (Metwally and Diab, 2023). Besides, governance and control practices have become unthinkable without reference to RM (Bhimani, 2009). Accordingly, risk and RM issues have become a research theme in multiple disciplines, embracing their presence, expansion and management methods (Giovannoni et al., 2016). As an emerging academic endeavour, enterprise risk management (ERM) has stimulated new research addressing its conceptualization and interactions with organizational systems, leading to new regulation and control methods (Hopper and Bui, 2016; Jordan et al., 2013, 2018; Metwally et al., 2019; Metwally and Diab, 2021; Rana et al., 2019; Tekathen and Dechow, 2013; Vinnari and Skærbæk, 2014; Posch, 2020; Braumann et al., 2020). Hence, ERM differs from traditional RM in that it analyses risk as a part of the company’s strategic planning and control processes. Further, unlike traditional RM, ERM allocates roles and responsibilities to many parties (i.e. the board, executive management, risk officers, chief financial officers and internal auditors), and in that sense, it represents a new way of management control (MC) or risk-based control (RBC). By RBC, we mean a new way of controlling that encompasses numerous tools, including governance, risk maps, risk metrics, value at risk and risk registers, along with traditional MC tools (e.g. Soin and Collier, 2013; Posch, 2020; Braumann et al., 2020). In practice, RBC can promote a heterogeneous form of management control (Arena et al., 2010) by mixing methods and tools (e.g. budgets and risk registers) that were previously not meant to be compatible. Thus, RBC is perceived here as a part of or a consequence of adopting ERM.
However, ERM-led management accounting (henceforth, risk-based management control or RBC) research is still an emerging area. As Hopper and Bui (2016) noted, “risk and risk management…[were] almost non-existent before 2009”. Some scholars focused on the socio-political and organizational dimensions of RM practices and examined their interaction with organizational, governance and corporate systems and the resulting new regulation and control systems (Bhimani, 2009; Soin and Collier, 2013). Yet, scarce studies have concentrated on the institutional pressures behind the adoption and transformation of RBC.
Additionally, most of the present studies were conducted in developed markets (e.g. Giovannoni et al., 2016; Palermo et al., 2017; Braumann et al., 2020), but we know less concerningly how this blueprint is implicated and instantiated in developing countries. Further, although the present few management accounting and control (MAC) studies in developing countries represent valuable insights into how neo-liberal control systems are implicated in socio-political ramifications (Alawattage et al., 2019; Hopper et al., 2012; Joannidès de Lautour et al., 2019; Rana et al., 2019), in these critical stances, minimal concern has been directed to studying RBC. Accordingly, considering the lack of any inclusive attempt to examine RBC systems as a “situated practice” in developing contexts, this study primarily seeks to investigate the institutional ramifications affecting the introduction and transformation of ERM systems, including RBC, in an Egyptian company (henceforth, ABC Company) [1].
By drawing upon previous institutional studies, especially those concentrating on situations of institutional multiplicity (e.g. Greenwood et al., 2010, 2011; Thornton et al., 2012; Cherrier et al., 2018), we sought to answer our main question: How is the transformation to risk-based control configured by the institutional pressures prevalent in a developing market? This paper contributes to the literature by enhancing our understanding of the actual RBC implementation struggles within a developing context. It provides a fuller view of risk-based management controls based on the social, professional and political perspectives central to this institutional environment, which, in turn, can present beneficial insights to corporate management and regulators concerning the adoption and development of management control mechanisms. Thus, the current study extends the institutional multiplicity literature by elaborating on how various institutions, while competing with each other, can coexist and influence the appearance of RBC. Moreover, unlike early studies that mainly reported resistance to RBC implementation in developing markets (e.g. Mohamed Metwally, 2017; Metwally and Diab, 2021), we brought new evidence of the successful implementation of RBC in an emerging market.
This paper unfolds into the five remaining sections. Section 2 outlines the theoretical perspective followed in this study and reviews the relevant literature. Section 3 discusses research methods and methodology. Section 4 analytically explains how the RBC produced institutional complexity and how corporate management resolved this complexity. Finally, Section 5 concludes the paper.
2. Theoretical framing and literature review
Traditional institutional approaches, such as the new institutional sociology, emphasise institutional isomorphism (DiMaggio and Powell, 1983). However, this institutional isomorphism perspective postulates that there are fixed templates for change and that “isomorphic” organisations develop in response to existing institutional pressures (Greenwood and Hinings, 1996), contributing to a state of homogenization (DiMaggio and Powell, 1983). This situation is serious because, in reality, current organisations, especially in socio-political settings such as Egypt, are facing multiple institutional pressures that can have significant influences on MCS.
Thus, in this study, we draw upon a new perspective of institutional theory that provides a broader framework to capture the various institutional pressures that social actors might face while applying their social structures. In particular, we use the concept of “institutional multiplicity” as defined in the institutional logics literature to refer to the situation when an institutional context is composed of a set of interacting institutional logics (Reay and Hinings, 2009; Greenwood et al., 2011; Pache and Santos, 2013). The use of “institutional multiplicity” is vital to recognising how the change in a particular institution can be fully identified and evaluated only in the context of other institutions (Metwally and Diab, 2021). It assumes that individuals’ and organisations’ interests, identities, values and assumptions are incorporated within the dominant institutional logics in the examined field (Metwally and Diab, 2023; Thornton et al., 2012).
Moreover, using such a holistic institutional perspective is important because neoliberalism and the concomitant transformation to new MCS such as RBC bring an increasing institutional connectedness and multiplicity within organizations. Supporting this view, many studies report that organizations usually experience multiple and contradictory institutional pressures (Greenwood et al., 2011; Pache and Santos, 2010). Institutional multiplicity within entities is common across diverse fields, from manufacturing to services, which requires these organizations to respond by mobilizing the different institutional forces in the organizational field (Besharov and Smith, 2014).
Multiple institutions in a particular institutional field could combine to form hybrid organizational structures or practices (van den Broek et al., 2014). Such institutional hybridity can generate incompatible prescriptions for organizational action (Greenwood et al., 2011), which may cause conflicts between blocs adhering to different institutional pressures (Lounsbury, 2007). However, hybrid organizations may also develop a strong identity that concentrates actors’ attention on convergent means (Battilana and Dorado, 2010). This view is consistent with the idea that rival institutional forces are not always constraints, but they can be deployed as enabling ones, i.e. they can represent opportunities for social change and new path creation (Schneiberg and Lounsbury, 2008). As Cherrier et al. (2018) suggest, incompatible institutions can result in new appropriation, integration, differentiation and working-through strategies. Thus, it is interesting to examine RBC systems in entities operating in a context of institutional multiplicity.
2.1 Risk-based management control from an institutional perspective
By reviewing the RBC literature, we observed three main streams. The first relates to corporate governance doctrine and its interaction with management accounting and RM (Bhimani, 2009; Woods, 2009). In this regard, Bhimani (2009) suggested that RM and governance can work together based on their analytical, technical and calculative capabilities. Woods (2009) deployed a contingency perspective to explain how contingent forces like central governmental policies, information and communication tools and corporate size can influence management controls.
Secondly, risk discourse and the calculative culture effect on management control were explored by Mikes (2009, 2011), who studied how the calculative culture can affect RM and controls. She determined two calculative cultures, “enthusiasm” and “skeptical” in RBC implementation, relating to the quantification rate along the implementation process. In both cultures, risk assessment calculations are made before determining the extent to which managers will depend on calculated numbers. Relatedly, by bringing qualitative evidence from the UK financial sector, Palermo et al. (2017) explained how the latest increasing attention to risk culture was informed by the pressures to rebalance the opportunity and risk-taking logic that was prevalent before the global financial crisis and the ensuing precaution and risk control logic that appeared later, i.e. by managing a situation of institutional complexity.
Finally, RBC praxis, problems and heterogeneity were the focus of another set of studies. Here, focusing on practical heterogeneity, Jordan et al. (2013) studied the association between management control and RM by examining risk maps’ effects concerning inter-organizational project collaborations and how risk representation techniques (e.g. risk maps) can be mediated and deployed beyond their traditional role as RM techniques. Using the perspective of diagnostic and interactive control, Braumann et al. (2020) indicated that interactive and diagnostic use of management control systems such as budgets and performance measures complement tone from the top in managing risk awareness in Austrian small and medium-sized non-financial firms. By surveying Austrian firms, Posch (2020) shows that risk-focused results’ controls make risk-focused information sharing more effective.
From the above studies, it is apparent that RM has redefined management control as RBC. RBC encourages management to bring risk levels into line with corporate appetite and enhance the company’s capability to handle risk-related decisions. According to Merchant and Otley (2007), new RM tools incorporate management control systems. Moreover, RBC implementation includes power, fear, politics, mediation, hybridisation and fusions within these hybrids and disciplines (Miller et al., 2008; Vinnari and Skærbæk, 2014).
Using an institutional perspective is crucial to revealing the various influences on MCS changes within today’s organizations. A few studies have taken some steps in this regard. For instance, by investigating an Italian bank, Giovannoni et al. (2016) indicated that we should understand RM change concerning the interactions between external pressures emerging in the broader institutional context and intra-organisational dynamics between roles. Further, in the UK, Palermo et al. (2017) explained how the risk culture was informed by both the opportunity and risk-taking logic and the precaution and risk control logic.
The present research contributes to the previous studies by using insights from the institutional multiplicity and complexity literature (Greenwood et al., 2010, 2011; Ezzamel et al., 2012) to examine how the transformation to risk-based control is configured by the institutional pressures prevalent in a developing market. This can help us understand how the prevalent multiple institutional pressures in developing countries, such as corporate, professional and governance institutions, influence RBC (Metwally and Diab, 2021; Sandelin, 2008).
In particular, this study focuses on three sets of institutional pressures, as informed by our data and the literature: business, governance and professional institutions. Firstly, the business perspective, as used in this study, is rooted in the metaphor of a corporation as a hierarchy (Ezzamel et al., 2012). This metaphor has its sources of legitimacy, authority and identity. These sources represent references for individuals’ understanding and actions concerning what they believe to be right or wrong. In theoretical terms, they are a basis for attention and strategy. A business institution’s source of legitimacy is its market position and the organisation’s prosperity. Its source of authority is the higher authorities in the hierarchical paradigm (i.e. board members and top management). Its source of identity is bureaucratic roles and orders (Thornton, 2004; Thornton et al., 2005). A business institution represents status and power in the hierarchy and is a basis for choosing appropriate strategies – for example, increasing the company’s size and implementing product diversification (Thornton et al., 2012). Secondly, a governance institution is concerned with rationalising and regulating human and organisational practices through a legal or bureaucratic hierarchy (Friedland and Alford, 1991). It includes the democratic and bureaucratic procedures related to governance and political accountability (Ezzamel et al., 2012). Finally, professional institutional logics were activated because of the continuing pressure to adopt a new risk model through ERM that was not salient before. Professional logics relate to how professionals perceive or understand their work, for example, in terms of control, strategy and governance structures and how to conduct them (see Townley, 1997). This kind of logic helps professional members identify who they are relative to others – that is, it clarifies the purpose of the profession and what it should bring about to work and society (Borglund et al., 2023). It focuses members’ attention on the professional requirements and professional roles, i.e. identifying what members of the profession should do and how they do it (Townely, 997; Borglund et al., 2023). As with other entities, insurance companies are anticipated to legitimize their existence by complying with the prevalent institutional norms, which are an element of professional logic. This compliance can help these entities attain social legitimacy and access to financial resources and decrease their risk (DiMaggio and Powell, 1983).
3. Research methods
The current research follows the interpretative methodology procedures to examine how the process of transformation to RBC includes both institutional multiplicity and complexity. This methodology is valuable for comprehending contemporary phenomena like RBC. It takes bottom-up analysis for the researchers to be reflexive in gathering, linking and reflecting on their empirical and theoretical consequences (Hopper and Powell, 1985).
Using his personal relationships, the first researcher secured access to ABC’s insurance company. ABC was established in 1979 as one of the oldest private firms in Egypt following the transformation to neoliberalism. Currently, ABC has 40 branches in Egypt and reinsures its direct insurance transactions with 130 reinsurance firms worldwide (e.g. Munich Re, Swiss Re). ABC is classified by the Egyptian Financial Supervisory Authority (EFSA) as a leading insurance company in the Egyptian insurance industry concerning investments and market share. ABC had a decent international rating history; it was last evaluated by Standard and Poor’s as [A−] rate in 2010, indicating robust financial RM and an excellent operational and business risk profile. Currently, the firm is not rated by any acknowledged global rating organizations; it was compelled to withdraw from Standard and Poor’s rating because of lateness in ERM adoption. ABC is now working to recover the rating with the A.M. best organization following compliance with Solvency II requirements.
Data is collected through interviews, conversations and documents. This triangulation policy was necessary for the researchers to fully understand the complexity of the recently applied RBC measures and how they are being used at ABC’s micro-levels. The first author conducted four interviews with the firm CEO, Vice Chairman, Chief Risk Officer (CRO) and Chief Financial Officer (CFO) in the pilot study in 2017. It was concluded that the top management is making Solvency II a priority in their strategic plan to recover the rating. This priority required many structural and procedural changes in the company, such as reserving methods, calculations and underwriting procedures.
The main data collection is conducted in three stages: 12 h of telephone and Skype calls in mid-2018 (the pilot study); 13 weeks in July–October 2020 (the main study); and, finally, phone and Skype calls in early 2021 (follow-up). The last phase confirmed the data collected earlier. In the main study period, the first researcher visited ABC daily and conducted interviews with 37 people in total (ten accountants, eight CROs and risk officers, five internal auditors, two branch managers, four insurance producers, three underwriters, two claims review technicians and three reinsurance officers). Interviews were recorded and transcribed in their original language (Arabic) before being transcribed into English. Interview times ranged from 30 min to 3 h based on work conditions and the appropriate time for each respondent. Following each interview, the researcher took the respondents’ contact details to be subsequently approached in the data analysis stage to comprehend any ambiguous issues and follow up on emerging matters in their work.
Formal observations were conducted throughout the interviews or departments’ meetings with general managers to observe how risk-based controls were being applied. Further, viewing corporate documents presented a valuable source for understanding several corporate processes related to the application of ERM and other control mechanisms. The researchers benefited from various documents, such as memos, booklets, risk maps, corporate policies, budgets, letters issued to governmental entities and global reinsurance companies, financial reports and newspapers.
Following the researcher’s visit to the case company, interview transcripts were read carefully. Then, the researchers’ reflections were combined to develop a summary sheet of the identified critical issues. The data was presented in variant ways to guide additional analyses. Subsequently, the researchers began coding to determine the principal themes and subthemes. Throughout the data analysis phases, institutional pressures in the examined context were developed in the authors’ minds. Data and the literature drove this identification of institutional pressures in the field (Jarzabkowski et al., 2013), configuring how the researchers perceive RBC and other risk issues in ABC Company. In particular, the researchers were able to identify three major sets of institutional forces in the examined case company. Firstly, before the adoption of ERM, the business institution was observed as the dominant one, appearing as the primary source of legitimacy, authority and identity. Under this institutional business perspective, a utilitarian view – that is, based on the rational calculation of costs and benefits of particular activities and in which objectives are determined by self-interests – is the culturally proper way of behaviour (Ezzamel et al., 2012). In other words, this institutional perspective relates to cost-effectiveness, efficacy, or ‘do more with less’ behaviour (Reay and Hinings, 2009). Hence, it is related to the effects of business procedures and methods (Ezzamel et al., 2012). Secondly, the institutionalisation of a governance perspective was necessary to force ABC to embrace ERM. This situation was crucial for ABC to maintain its ratings and insurance contracts with international rating organisations and global reinsurance companies. This institutional perspective is accompanied by the intervention of an authoritative power in business affairs, such as the state or the government. This kind of intervention is essential to impose the adoption of specific (new) rules or behave in one particular (novel) way (Diab, 2021). The interference of the government in business or corporate issues might be required because state macro-objectives can be achieved through or are related to corporate behaviours and objectives at the micro-level. Finally, the continuing pressures to adopt a new risk model through ERM ushered in the instantiation of a professional institutional perspective that was not salient before the real and effective embracement of the ERM model.
4. Moving from conventional to risk-based controls
4.1 Dominance of the business perspective before enterprise risk management: conventional (risk-free) controls
Consistent with the prevalence of the business perspective pre-ERM, where the principal objective was to maximise corporate value or profits to shareholders (Section 3), ABC was controlled by conventional financial and control measures – rather than advanced management control measures such as risk-based budgeting – by the financial and technical departments (see Figure 1). The CFO supervised the financial department and adopted traditional tools such as traditional budgets, financial ratios and standard costing. Here, the main recognised control tools are the hierarchy and achieving both revenue and expense targets. The technical department was supervised by the Chief Underwriting Officer (CUO), using traditional techniques such as actuarial tables and the chain ladder method. This department focused on the old insurance Silo conception of risk.
Technical and financial controls were working hand-in-hand to achieve efficiency in underwriting (sales) and claim payments (the main expense). This integration between the CFO and CUO is observed in the budgeting preparation and follow-up. The technical departments and actuarial experts generate most of the numbers used by management accountants to prepare the budgets. The Finance and Investment Manager explained:
The main control technique is budgeting. My accountants prepare budgets based on the technical actuarial expectations about the total premiums needed, claims to be paid, secure investment rates and allowances allowed for spending.
Internal auditor 2 highlighted:
We make technical and underwriting reviews, but financial reviews represent the bulk of our work.
This control system’s formalities worked as a source of hierarchy and bureaucratic roles. The pre-ERM control system applied a top-down hierarchical perspective of management control. This system uses standard costing and budgeting to express in monetary terms the contribution of individuals to the collective efficacy of the entity. It also aimed to enhance the company’s prosperity and growth, determine its market position and maximize the profits for shareholders, which are the objectives of adopting a business perspective (Thornton et al., 2012; Ezzamel et al., 2012). This context permitted deviations from the norm to be situated at the individual level.
Along with the dominance of such perspectives in the previous years, the corporate management of ABC was successful in achieving its economic-based objectives. The company was achieving profits and had good reserves and ratios in general. However, drawing mainly on a single institutional perspective would bring an incomplete picture of the company and the institutional context in which it is working. It is crucial to examine the whole set of institutional pressures affecting these systems to get a fuller perception of organizational control practices. Most of today’s companies, especially those working in socio-political and developing contexts, face multiple institutions that compete for dominance.
The companies operating in this type of environment must deal with or manage this institutional multiplicity to sustain the company and achieve the objectives of its different stakeholders, as will be clarified in detail in Section 4.4. This comprehensive approach is crucial for our case company because a risk-free system that is primarily informed by a business or economic-based perspective where minimum attention is paid to professional institutions (informed by a professional perspective, as will be explained later) would fall short of achieving other designated (professional) objectives at the macro and international levels, such as ensuring security for global reinsurance companies to continue contracting with ABC. This is because the company’s traditional control system – that is risk-free and depends mainly on financial and technical measures as explained above – was not complying with international rating institutions’ requirements, the Egyptian governmental authorities and their international partners. Thus, our case company needed to embrace risk-based management control techniques – a part of an ERM framework – to change staff members’ cognition and sense-making. This aim was attained by activating a new institutional (governance) perspective in the institutional field, as explained in Section 4.2.
4.2 Enterprise risk management adoption and the emergence of a governance perspective
To force ABC to embrace ERM, it was necessary to activate an institutional dimension to govern the company and direct its actions towards the new system – the governance perspective. This situation was crucial to maintaining the company’s ratings and insurance contracts with international rating organisations and global reinsurance companies.
In ABC, ERM implementation was made compulsory by the Egyptian state, the International Association of Insurance Supervisors (IAIS), rating organizations and global reinsurance companies. Imposing new procedures within a working system that has a previously stabilized or institutionalised perspective (i.e. the economic-based perspective) increased the centrality of a new procedure (i.e. the governance perspective) (Thornton et al., 2005). This process started in early 2000 with the attempt of the Government of Egypt to spread and apply the new corporate governance code in the Egyptian market. The Egyptian Government was the prominent country in the Middle East and North Africa to comply with this global trend by imposing new laws and regulations. This change required restructuring the controlling authorities and controlling mechanisms in all business sectors, including insurance. In the insurance sector, by late 2004, the Egyptian government and the Egyptian Insurance Supervisory Authority sought to enhance local companies’ awareness and knowledge concerning best governance practices. Then, the Egyptian Institute of Directors (EIoD) got involved in training and issuing related booklets. Internal auditor two explained:
EIoD and the Ministry of Investment issued legislation implying that corporate governance should be implemented in the Egyptian market. Guidance booklets were issued about best practices, and training was made to clarify governance and how it will be helpful to companies […].
This new perspective required a change in the old perception of risk, which necessitated new control technologies that consider the interdependency and interconnection between firms, economies and countries (Power, 2016).
Along with these changes, the Egyptian state made ERM rules and regulations obligatory and determined grace periods for listed firms to apply these rules. Insurance producer two noted:
By late 2011, EFSA made governance implementation mandatory and required firms to apply RBC as part of their governance system. This situation was followed by field visits to insurance companies from EFSA and foreign experts from international institutions.
This context ensures the idea that, especially in socio-political settings, governance systems are dominated by the presence of state institutions to enforce such systems. Here, politicians are expected to interfere in businesses’ operational affairs to achieve their economic and socio-political objectives (see Diab and Mohamed Metwally, 2019; Wickramasinghe and Hopper, 2005).
Besides, this governance perspective was also imposed by international foreign institutions following the financial crisis of 2008/2009 and the political volatility in the Egyptian context in late 2010. These major economic and political changes diffused a security alert and established risk-phobia and risk explosions that can be better managed through RBC (Arena et al., 2010). Then, rating organizations, reinsurance firms and international supervisory authorities required insurance firms to present ERM as a recent inclusive control and governance system that subsumes old conventional controls (Bhimani, 2009; Soin and Collier, 2013). Imposing ERM aimed at stimulating a governance change in ABC’s staff cognitions. For ABC’s staff, this context signifies a new materialization of the governance institution.
4.3 Activation of the professional perspective (enterprise risk management) and attempts at resistance
Changing environments often expose organizations to new institutions that may contrast the previously (historically) institutionalized ones into the organizations, leading to contestation in the organization (Besharov and Smith, 2014). In ABC Company, the pressures to adopt the ERM model ushered in a professional perspective that was there but not salient in the pre-ERM phase. It has also generated a conflict between the old and new gatekeepers, i.e. those who support the previously dominant economic-based perspective and those who support the professional perspective (Reay and Hinings, 2005; Thornton et al., 2005). Thus, the adoption of ERM highlighted not only a professional perspective; it has generated a conflict in the business context between those who use traditional RM practices and those who believe in new and more professional RM techniques. This conflict and contestation highlighted the situation of institutional multiplicity in the underlying institutional field (Greenwood et al., 2010; Greenwood et al., 2011). As a result of such a situation, the supporters of the previously dominant economic perspective initially resisted the new professional context where ERM was required. Insurance producer one clarified:
Why should I transform my full system to evade a risk or problem that may occur, and if it happens, it will not make me stop working […] because, as I told you, my position is too strong to be affected by one risk.
Risk officer 2 added:
You must note and understand that risk management is an essential part of the insurance process […] because based on the risk assessment, I make the prices of my premiums […] so we are not starting risk management today.
These extracts show that the staff’s mentality, especially insurance experts (underwriters and the actuarial team), was not ready to accept new ERM concepts (and the accompanying professional perspective). The new concepts, as those staff argue, seemed similar to the technical (traditional) insurance risks integral to their everyday work.
The old RM team adopted a procrastination game where ABC’s top management was not persuaded about ERM’s worth, arguing that the firm’s operations, profits and reserves already faced risk and depended on RM. That is, they do not believe in the need for change to new RM models. In doing so, they argued that the time was not suitable for change because of instability in Egypt’s political and economic systems. This context ensures that ERM’s imposition includes fear (Soin and Collier, 2013) and political games (Mikes, 2009). The Internal Audit GM clarified:
Our activities are directly affected by the political situation. The revolutions increased the rate of fires and burglaries in the streets, which increased claims […]. Within these problems, the reinsurers and rating institutions are pressured to apply RBC. How come?
As a result of this initial resistance, ERM was not fully embraced as part of the company’s operations, as it was not institutionalised in everyday practices. This situation is because old gatekeepers were not convinced of the need to adopt new management and control technology based on risk analysis. They did not want to be forced to change their current way of practicing insurance. Then, they decided to delay the implementation of ERM. The CFO noted:
We tried to get something called meta risk [reputation risk parameters] and QIS5 standard European formula […] [but] I don’t want to buy a Rolls-Royce car and then find it’s not suitable for Egyptian conditions. I want to purchase a capital model that I can run in my company tomorrow morning, so anyone who tells me to take the software as it is, I say thank you, I don’t need it.
These manoeuvres worked well with the Egyptian government. Subsequently, the company’s top management applied similar manoeuvres to its international partners. However, these manoeuvres were not successful with the rating institutions. Then, ABC lost its rating in 2011 with Standard and Poor’s because of the delay in embracing ERM. Rating cancellations represented a disaster for top management. Not being rated means no reinsurance premiums outside Egypt or the MENA region. This situation seriously affected ABC’s foreign currency portfolio and its capability to keep more reserves and raise long-term investments. By then, reinsurance premiums ceded could not be doubled or tripled, as international reinsurers will not recognise the company as a safe partner. This context will lead to higher premiums because of less coverage from international partners. Insurance producer two clarified:
The delay of ERM implementation was the biggest mistake we made. It was a direct reason for rating cancellation with Standard & Poor’s […]. This context badly influenced our reinsurance treaties, our foreign currency balances, and our ability to accept some types of insurance. This situation, in turn, affects our capability to pay claims locally and internationally and, in the long run, affects our investments.
The reinsurance manager clarified:
Losing my rating is a catastrophe because the company will not be recognized as a safe partner for international companies in this case […]. Reinsurance is the beating heart of the insurance company; all our risk management and actuarial statistics will not be helpful if I cannot diversify my risks through reinsurance. You will get good deals if you get a good rating; if not, you are simply out of the international market.
Thus, the current procrastination has negatively impacted the staff's professional identity at ABC. Insurance experts’ professional identity was not being applied under traditional controls, which parallels many studies in the literature about fragile professional identities when these professionals sense a threat of losing their identity (Ezzamel et al., 2012; Reay and Hinings, 2005; Thornton et al., 2005). ABC is currently at risk because of rating cancellations. Then, it must fulfil rating and reinsurance institutions’ requirements to retrieve rating, trust and reinsurance treaties. This aim can be achieved by fully embracing the changes in the professional context, rather than resisting them, and instilling a new professional identity in the workplace, as explained in the following sections.
4.4 Towards an institutionalisation of the professional perspective: the dissemination of enterprise risk management
An organisation that works within a situation of institutional multiplicity is presumed to have challenges in managing and controlling its members and attaining its aims (Schäffer et al., 2015). This organisation should be capable of using this multiplicity to its interests, i.e. by transforming its threats into benefits and contributing to attaining its aims efficiently and effectively. In other words, while the extant variant institutional pressures indicate different and even contradictory prescriptions, corporate management should be able to manage this context to reap some organisational benefits for its sustainability. This section explores how and to what extent the ERM team at ABC was successful in changing people’s mentality, behaviour, sense-making and cognition towards the new institutional requirements. ABC management knows that imposing such new material practices without changing the staff’s normative and symbolic aspects would be a cosmetic change, not an effective change (Jordan et al., 2018). In this way, ABC management implemented some measures to make their staff embrace ERM’s new ideas and change their cognition regarding ERM. ABC followed various tools or different means to institutionalise changes in the professional context, which proved its agency in the change or the institutional transformation process. These included training, organisational restructuring, developing a new strategy and policies and spreading a new corporate culture. This context eventually contributed to the successful institutionalisation of the changes in the professional context, as represented by the effective transformation to ERM, or ERM embeddedness in various organisational practices, including management accounting practices (Section 4.6).
Firstly, consistent with the new required changes, ABC management has appointed new people to lead the change, created new positions and established new units. As a response to the rating cancellation, ABC appointed a new Chairman and Vice Chairman in the first general assembly meeting following the loss of the rating. This situation had a profound effect on ERM implementation. The new management took international partners’ advice for real by restructuring the company and transforming the current control system into a risk-based system (see Figure 2 and Section 4.5). Further, the new management appointed new GMs with academic backgrounds in most top positions, as they could cascade the new ideas and culture to the lower levels. These initial changes prepared the lower levels’ cognitions for the symbols and sources of power change.
Following the introduction of the ERM department, the risk committee was established, and links between the audit committee and risk committee were introduced, as recommended in the governance and ERM procedures (COSO, 2004). In addition, the Vice Chairman and CEO organised a shared meeting with all interested constituents. They called the main GMs from the main office and regional branches and reconsidered the firm’s main short- and long-term aims and strategy while endorsing the new risk culture throughout the company. This activity ushered in three principal aims: achieving sustainable growth, increasing market share and increasing underwriting profits. In addition, other changes in the company structure happened regarding responsibilities, jurisdictions and authority distribution.
This context has changed the well-known symbols of control and sources of authority all over most old chains. Changing symbols and imposing new authority sources represent deep attempts to change cognitions by adopting the required changes in the professional environment (Pache and Santos, 2013). Further, to activate the newly established ERM department, an actuarial unit is required to calculate the ratios and reserves, like “Incurred But Not Reported Losses” (IBNR) and “Combined Loss Ratio” (CLR). The CRO summarised these moves:
The second phase started when they thought we needed to expand the RM and activate the department by adding an actuarial unit. This unit will specialise in estimating reserves […] specifically technical reserves like the IBNR, which is the principal reserve for me, and I must calculate it accurately.
These changes indicate that governing procedures and their attendant knowledge systems are not linear. Instead, these practices or systems are subject to continuous alteration and realignment as new issues arise and governing procedures are redeployed in new settings (Boer, 2019).
Secondly, it was necessary to form a partnership with foreign organisations to develop ABC’s strategic plan for its ERM implementation. They invited foreign institutions, such as the Swiss Re team, to study ABC’s operations and controls and advise its managers on how they could meet Solvency II requirements. As a reinsurance partner, Swiss Re accepted the invitation because it allowed them to understand more about ABC’s operations and gave a sense of security useful for renewing the company’s reinsurance contracts. The Reinsurance GM clarified:
We invited Swiss Re in […]. When they came, their team asked for a meeting with the main office underwriters – all of them, not a selected sample. They spent three full days interviewing them, and they noted reactions and responses. Some also observed actual underwriting and operational issues relating to the issuance and payment of claims, so they wanted to understand people’s mentality.
He added:
They left here amazed by what they saw and how we were more organised than they thought […]. They got full assurance about us having few operational risks, and they signed new treaties with us […] they changed their assumed perceptions about our processes being arbitrary and intuitive calculations.
Thirdly, the government and their international partners resorted to widespread training programmes for staff on what ERM is, ERM’s worth and how to make ERM effective. This strategy involved increasing the information individual actors have concerning the new ERM system (Pache and Santos, 2013). Later, as the required information about the new system was available and accessible, it became easy to activate this perspective in the company. Activation indicates whether the available and accessible knowledge and information are really deployed in social interactions (Pache and Santos, 2013). The Internal Audit GM explained:
Staff members had widespread training on the worth of governance and ERM […] so you should configure their views, cognitions, and sense-making. My staff should perceive that ERM is essential and can advance the firm.
Finally, after establishing the company’s strategy and goals, ABC management sought to spread and cascade these ideas to create a new risk culture, as explained in Section 4.4.1.
4.4.1 Spreading the new risk culture as per the enterprise risk management framework.
Changing practices at the micro-level at ABC Company involved constructing an ERM framework. This framework initially identified strategic objectives and clarified necessary events that hindered the strategic plan. Then, the assessment of inherent risks and risk responses followed, before finally communicating ideas and monitoring changes. ABC’s ERM framework shows its processes as a continuous cycle, as shown in Figure 3. This full cycle and its implementation represent an enforcement of self-governance as a source of identity (Ezzamel et al., 2012). After setting objectives, they sought to identify events that inherently contradict the organisation’s main goals and conduct risk assessments based on severity and frequency or “risk mapping”. Risk mapping is a by-product of spreading the new risk culture throughout the company, the CRO clarified:
I made a good project […] regarding a new risk culture transfer. I reached […] risk maps […] which are not actually full assessments. The project’s main aim was initially not to identify the risks […] [but] to notify all staff that there is a new department […] [and] to show my colleagues how to conduct RM. I tried to identify the frequency, severity and scale of risks in the company, and teach them […] what risk mapping is so they can understand the diagrams and schedules of risks […] this pilot project was made […] through questionnaires and interviews with around 60% of the staff.
A new culture of risk dissemination was the pilot project’s main aim, rather than merely identifying risks. Thus, the ERM team will not collect and manage all the risks the company faces. Instead, it should partner with all departments. Each employee is a risk officer in their own work, and every manager across all departments is a risk manager for his/her unit or department. The CRO explained:
The philosophy of […] the ERM framework is […] to partner with business units […] this is what they call a risk culture in the COSO framework […] and it is my final vision […]. The next stage is the transfer to this new risk culture […] it can’t be done with top-down instructions.
The main aim of disseminating the new culture is to make organisational members carriers of institutional scripts, not active adapters of practice (Binder, 2007). As the CROs explain above, ERM values and associated beliefs must be instantiated in actors’ minds, practices and behaviours for them to become, ultimately, carriers of the new institutional context’s symbols and language (Almandoz, 2014). This situation directly relates to making the required changes in the professional environment available and accessible while its new related risk culture is being formulated and communicated. Eventually, this perspective should be activated throughout the company, reflecting its relevant actions, sources of authority, legitimacy and identity (Pache and Santos, 2013).
From this pilot study, the ERM team identified 11 main risks, namely, capital adequacy, income, underwriting, catastrophe, reinsurance/credit, investment, operational, liquidity, governance, reputational and strategic. Of these, only five highly affect the company objectives (underwriting, operational, strategic, compliance and reinsurance), which need immediate intervention. The other six are moderate or lower level risks that can be accepted until the team solves the more critical ones. Table 1 shows how the ERM team mapped the company’s risks by connecting the risk type to the controls on the activity discovered.
Risk identification and mapping cannot be done until risks are related to the company’s risk appetite, as risk appetite is the basis for identifying what the company can take as acceptable and what is considered severe and needs immediate intervention. Table 2 clarifies ABC’s risk appetite for the coming three years.
The underwriting risks involved many interventions, some of which directly relate to the underwriting process, like making written formalised procedures instead of leaving them to the underwriters. As the CRO clarified, the issuance and collection revenue cycle formalisation intervention is currently on paper, and it will take much time for the underwriters to follow it in real practice as it involves changing their routine, internalised way of everyday underwriting (Burns and Scapens, 2000):
Underwriting requires further work in the future, as we have made underwriting procedures. Well, actually we’ve had these in the company but only informally […] this will not be done today or tomorrow morning; it will take a long time.
To push the recently formalised underwriting procedures, the CRO and top management conducted meetings with the firm underwriters. They asked about their problems and needs and talked about the merits of these recent procedures, stressing their significance. They ensured that this new context would affect the company in the long run, which will not be permitted or tolerated. So, this process involved persuasiveness and threats, which reflects the reactivation of the governance perspective (see Section 4.2) and its sources of legitimacy and identity as entailing democracy and self-governance according to formalized bureaucratic rules (Ezzamel et al., 2012).
At the micro level, employees are now exposed to new (professional) perspectives through interviews with the ERM team and top management meetings. Also, all senior parties in the company, including the CEO, Vice Chairman and CRO, are now talking about CLR, IBNR and the new incentives. So, employees are feeling the change, breezing the company and its ruling logic. The CRO is particularly keen on spreading such concepts:
When I said we need to spread the CLR and IBNR […] at first, they just looked at me, open-mouthed, and shook their heads. But now most underwriters and regional branch managers mention the CLR percentage while they work.
Now, ABC management is embracing the governance perspective and institutionalising the professional one to achieve the company’s financial objectives (business perspective). During this situation, management was trying to manage the present situation, where there are multiple conflicting and competing institutions (Diab and Aboud, 2019). In other words, ABC seeks to accommodate the salient different institutional aspects and use the various means that institutionalise them in the organisation (Kraatz and Block, 2008). This context empirically proves how firms may deploy multiple institutions as cultural apparatuses to attain their aims and interests (McPherson and Sauder, 2013), which can reshape their MCs as explained in the subsequent two sections (see Amans et al., 2015; Schäffer et al., 2015).
4.5 Impact of the professional perspective on current control measures
This section clarifies how the emergence and the latter instantiation of the new professional perspective (i.e. the recent institutional changes discussed in Sections 4.3 and 4.5) significantly configured control systems in ABC. This clarification helps us understand if and how changes in institutional perspectives could lead to changes in management control mechanisms. As previously indicated, the professional perspective has recently become more salient in ABC, resulting in changes in the firm’s strategy, goals, positions, methods and activities. These changes come from the new ERM team’s interference in all aspects of ABC, which was deemed necessary to retrieve the rating and achieve the new management’s strategic plan. This significant change has resulted in new control measures being adopted by ABC, as explained below.
Initially, the ERM team complied with solvency II, primarily concerned with appropriate capital allocation to risks taken and making reserves safe (Jabbour, 2013). At that point, ABC’s management approached a rating organisation – A.M. Best –to evaluate the firm. A.M. Best applied Best’s capital adequacy ratio (BCAR) – a comprehensive review of an insurance firm’s underwriting, economic performance and asset leverage. The BCAR system calculates the net required capital to support financial risks related to the exposure of assets and underwriting to negative economic and market circumstances and then compares these to economic capital (Best, 2013). It is used to account for long-term reserves maintained for unexpected catastrophes such as floods and hails. BCAR has a standard model for each geographical region (e.g. Middle East, Europe), which will be more convenient for ABC’s context compared to the previously adopted European systems. Risk Officer 1 emphasised:
[We] are currently working on risk identification from rating agencies’ viewpoints. Our rating agency has a program called BCAR, which gives an indication of capital adequacy and efficiency in allocating this capital.
After using the BCAR model to identify the proper capital allocation for each insurance type, the ERM team compared the number of reserves already maintained with what the new BCAR calculations extracted. There were many deviations in almost all the company’s reserves. These issues would not be solved by pumping new capital; instead, constant reserves from annual profits should be added, which needs intervention in everyday processes.
IBNR, another (temporary) reserve, is used to account for accidents that have already happened but have not been reported. IBNR calculations were previously done using fixed percentages. These percentages were determined by the EFSA as legal reserves that must appear on each year’s balance sheet as accruals. For example, 10% of car claims were previously expected to be unreported. Nowadays, though, the ERM team finds these fixed percentages inaccurate; instead, percentages should be variable to suit changes in contextual factors. Risk Officer 2 explained:
Traditionally, this was calculated through percentages from the EFSA, so they’d say retain 10%, 20%, or 25% of the percentage or reserve you already have. But you must increase the temporary reserves you have maintained by this percentage. So, if you have 100 pounds and the percentage is a 10% increase, you must have 110 reserves for this year.
The CRO added:
In 2012 […] [old management] brought in an international actuarial expert called ‘Milliman’ who found a huge deficit in the reserves […] the reason was the inaccurate percentages from the EFSA.
To end this problem, top management contracted the BWCI actuarial service group to assess the company’s reserves. This action was crucial to convincing different rating institutions that the company has a proper capital allocation and appropriate reserving procedures and, hence, to recover the lost rating. Till now, these control measures (which were required for ABC to recover their rating) are not really incorporated into the everyday practices of the company’s control system (Uddin and Hopper, 2001). To couple these new calculations with everyday practices, the CRO introduced RBC’s new concepts and procedures into the company’s reserving and investment policies. In doing so, he introduced new formalised procedures, rules and concepts, including CLR, equalisation reserves and probable maximum loss (PML) (see also Section 4.6). A risk officer clarified:
What’s more important than retained profit is the equalisation reserve. Equalization reserve philosophy concerns the years you make good profits as you should retain much of it for future bad results. We […] [started] with the combined loss ratio less than 100% as our benchmark […]. If you can reduce the CLR to less than 100%, you can increase your technical profits and equalisation reserves […] [2].
CLR implementation was successful as it decreased from 126% in 2011 to 94% in 2017 (which means that 6% of profits represents free capital or equalisation reserve). Moreover, the ERM team agreed with the CUO and all insurance divisions’ managers to apply PML, which relates to equalisation reserves and protecting amounts added to long-term reserves. The company subsequently offered customers premium decreases, but they decreased coverage percentages. Catastrophes like fires after the revolution of January 2011 were widespread. Consequently, the company could not cover 100% of properties, so the ERM team set the company’s PML at 80% coverage. This new underwriting technique allowed more free capital to be reserved in the long run. Risk Officer 3 explained:
PML is used with catastrophe and natural disasters […]. It ensures the company does not pay 100% of the insurance amount […] we say to our customers that we can’t offer full coverage for natural hazards. For example, we cover only 75%, which means we have decreased the capital allocation for this risk by 25% and have free capital to use elsewhere.
In sum, the ERM team took several actions during 2011–2018 to recover the firm’s rating. They were successful in several parts, such as CLR and PML, creating good impressions for international partners. A.M. Best revisited ABC in June 2018. They were very impressed by the company’s changes and asked for more interventions to address operational risks. Now, the different actors in ABC see RBC as vital and not contradictory to the firm’s overall goal. This situation was clear during conversations with the departments’ individuals.
This finding supports the idea that companies can develop organisational control apparatuses when balancing different institutional perspectives (Maran and Lowe, 2021) or when they work to accommodate changes in these perspectives rather than totally resisting or denying them. This context implies that MAC can be related to institutional changes in organisations. In our case, it is evident that the institutional change or the ascendance of the professional perspective in the Egyptian insurance field has affected both operational controls and MAC, as explained in Section 4.6.
4.5.1 Adoption of risk-based budgeting.
This subsection shows how the adoption of ERM contributed to risk-based MAC systems. The evidence presented here indicates how changes in MAC could be better interpreted concerning the changes or shifts in the surrounding institutional forces and the company strategy to deal with/react to these forces. We found that ERM has configured the firm’s MAC system from a conventional control system – a financially oriented MC system (see Section 4.1) – into a risk-based management control system. The ERM team’s interference and the new risk culture dissemination created a new mode of management control inside ABC. Along with the salience of the professional perspective and the concomitant dominance of the ERM team over all other people and departments in ABC, the ERM has made significant interventions in the budgeting system. They compelled the budgeting team to prepare budgets using CLRs and identify targets for every insurance division. The CRO clarified:
Regarding […] the budgeting unit, I gave them general guidelines to work with. For example, I determine the CLR, which must be less than 100% for each insurance division. All company’s departments should target this and, in fact, must comply with it.
The Budgeting Unit Manager added:
The new method […] is based on making sales forecasts for each insurance division unlike before, when the budget focused on the regional branch and how much it must sell. For example, I once told the branch to achieve a million in sales revenue, whatever insurance policies are sold. Now we divide this amount between car insurance, and fire insurance, etc.
These quotes indicate that during the domination of an economic-based perspective and the marginalisation of the professional perspective, budgets were negotiable and prepared as total sales targets for regional branches. In contrast, with the activation and dominance of the professional perspective, they are not negotiable and are more detailed for every regional branch. They currently identify specific target amounts for each type of insurance. Further, formerly, profit shares were associated with total targeted sales accomplishments. In the new environment, the ERM team linked incentives with targets to motivate regional branch managers to conform to the newly divided targets. Besides, the ERM team pressured producers to value the insurance type the ERM team required them to sell. They did so in two ways: increasing commission percentages related to insurance divisions with higher rates of regional branches’ targets and reducing commission percentages of insurance divisions they did not want to expand. Accountant 2 explained:
I will force them implicitly to comply with my new budget. This will be done by reducing commissions [their main profit share] on any insurance branch I want to reduce sales of [e.g., car or fire insurance] […]. So [I] will push them through commission mainly […] to reduce sales from the insurance type I don’t want to sell.
In addition to targets and incentives, variance analysis has also changed. Previously, the sole analysis concerned attaining targets and payments from expected claims (i.e. how much is collected and paid). Now, more analyses are needed to cover each aspect of both collections and payments. For example, claim deviations no longer only entail comparing estimated claims with actual figures. Currently, actual claims must relate to the geographical region’s total risk, the number of accidents and issuance premiums. The Budgeting Unit Manager clarified:
A key analysis [change] we made […] was connecting issuances and claims paid. This seems very easy […] but it wasn’t […] the paid claims for this year are not necessarily from this year’s issuance. They may be from last year’s issuance or five years before issuance if related to construction policies.
She added:
We’re trying to add the number of accidents that caused the claims paid – for example, did one accident or a thousand accidents cause the million-pound payment? This type of analysis was not there before. It’s a good step to help our underwriters in the future because it will give them more data about actual accidents related to the paid claims they were expecting before the year.
Additionally, the way such a budget was built differed from the old way of preparing budgets, which was built bottom-up until reaching the entire master budget. Then, top management changes the numbers of sales and costs before finalizing the formal budget and distributing it to regional branches. The ERM team found that the previous way was problematic as top management will change the numbers built from bottom to top, and the result will be different from the work done by the budgeting unit. It was also time-consuming and very rigid. Talking about the previous way of preparing budgets, Risk Officer 3 clarified:
[The old budgets’] was built from down to top. Then top management amends the final product. So, you prepare the whole budget […] then talk with them in the meeting but end up with a final product unrelated by any means to the inputs […] you have a new budget that isn’t related to the budgeting department’s work.
This new way of budgeting preserved much of the time previously consumed in preparing budgets. It was also flexible, so the ERM team could easily change the numbers and prepare a new budget within minutes. It also gave budget stability, as once prepared, the budgets will not be modified by top management.
Finally, these new ERM budgets included a signalling capability inside them by identifying four colours – green, yellow, orange and red – for every budget item. These signals identify the newly prepared budget’s problems automatically. The CRO explained:
The calculated numbers affect predefined ratios in the sheet […]. If any number surpasses the formerly determined ratios or tolerance rates, I will get notified of the change. I will have some cells coloured red or orange as an alarm […]. So, what we did was to connect the results with some ratios. This situation relates the plan and appetite with your pre-identified risks.
This context clarifies how the traditional control system, primarily based on budgets and variance analysis, is shifting to the ERM’s recent control system, which is based more on risk analysis. Having a risk-based budget that included risk reactions and signals opposed what Collier and Berry (2002) found: they reported the non-existence of any risk-based budgets. In ABC, the ERM team added coloured cells to the right of budgets that identified each budget item’s risk level. This situation has connected KPIs to budgets, facilitating risk monitoring. The CRO clarified:
We made something like a risk-based budget […] [Now] I can collect numbers and ratios, and then construct […] a risk-based budget until I get a comprehensive picture, including all revenues and expenses.
In conclusion, the ERM framework has become highly central and compatible at all levels of analysis, with minimal conflict and contestation between the extant different institutional perspectives.
This result is consistent with the literature reporting the linkage between MAC and changes in the institutional context in the field under study (e.g. Gerdin, 2020; Jalali et al., 2021; Jayasinghe et al., 2021). In particular, Gerdin (2020) found that different budget parts of a Swedish university could be underpinned by a “neoliberal” and a “programmatic” logic. These logics “glued together” social and technical control systems to create “socio-technical dyads of MC”. Yee (2020) found that the improvement in the accounting profession in China is explained through shifts in the institutional context or the ascendance of the professional perspective instead of the political perspective. Jalali et al. (2021) clarified conflicts that emerged as rival institutional change efforts from incremental to performance-based budgeting in Iranian public universities, eventually contributing to minimal change in old rules or minimum successful institutional change. Finally, while assessing the current local accounting and financial reporting activities in Sub-Saharan Africa, Jayasinghe et al. (2021) found that the generalised assumptive logics of international organisations, the economic and professional logics of epistemic community members and the political logics of local politicians have marginalised accounting and financial reporting practices. Our finding supports these studies regarding the link between MAC and institutional orders constituting the field. In addition, our finding contributes to these studies by clarifying that risk-based controls can be successfully driven by accommodating the surrounding institutional context in the field and following a smooth way to instil or spread the changes required in the professional context in the new changing environment.
5. Conclusion
This paper addresses one central question: How is the transformation to risk-based control configured by the institutional pressures prevalent in a developing market? To answer this question, we illustrated how RBC was associated with multiple institutions. Further, those multiple institutions were competing, initially precluding the implementation of RBC. For instance, professionals initially perceived RBC as threatening the prevailing power structure, cultural symbols and norms. In turn, this context fuelled competition and contestation among the various institutions in the field, which complicated the application of the new practices. However, when the company sustainability was at stake and the management team changed following the introduction of RBC, the new professionals brought about a different direction, including an innovative strategic plan to implement and support RBC. This drastic change suppressed the resistance initiatives by old professionals supported by the previous management. Hence, in other words, using an institutional perspective that draws upon institutional multiplicity, we illustrate how risk-based technologies are implicated in MAC practices in developing countries.
This paper has made some theoretical and empirical contributions to the RBC and management accounting literature in developing countries. In particular, the current study extends RBC literature, and, unlike early studies that reported resistance to RBC implementation in developing markets (e.g. Mohamed Metwally, 2017; Metwally and Diab, 2021), our research brought about new evidence on the successful implementation of RBC in an emerging market. Further, theoretically, this study contributes to the literature conceptualising MC by combining it with insights made in institutional-based research (e.g. Carlsson-Wall et al., 2016; Gerdin, 2020). By reviewing the literature, we found that several studies focused on how key actors may skilfully respond to the effect of two or more typically externally imposed institutional forces in the underlying institutional field (e.g. Rautiainen and Järvenpää, 2012; Schäffer et al., 2015). This study focuses on the other way around – how institutional perspectives affect the way of using or perceiving accounting and control practices. In doing so, the current study results extend institutional multiplicity literature by elaborating on how various institutions, while competing with each other, can coexist in a way that configures the new RBC practices (Besharov and Smith, 2014).
Our findings are different from other studies that found minimal change in MC because of changes in the institutional field (e.g. Dambrin et al., 2007; Gendron et al., 2016; Jalali et al., 2021; Jayasinghe et al., 2021). In particular, by studying the French subsidiary of a pharmaceutical laboratory, Dambrin et al. (2007) observed a decoupling phenomenon, indicating that change does not considerably alter the daily activity of organisational members. Jalali et al. (2021) explained conflicts that emerge as opposing institutional change efforts from incremental to performance-based budgeting in Iranian public universities, eventually contributing to minimal change in old rules or minimum successful institutional change. By examining hybrid ex-state-owned firms presenting information and communication technology (ICT) services in the Italian health-care field, Maran and Lowe (2021) found that the combination of hybridity, in the form of layering multiple institutional logics, generates problems for the success of ICT provision. By evaluating the extant local accounting and financial reporting practices in Sub-Saharan Africa, Jayasinghe et al. (2021) revealed that the generalised assumptive logics of international institutions, the economic and professional logics of epistemic community members and the political logics of local politicians had marginalised accounting and financial reporting practices.
However, our findings support Gerdin (2020), who showed how social and technical control systems in a Swedish university can be underpinned by different institutional logics, giving them various functionalities to achieve organization-wide goals. They are also consistent with Giovannoni et al. (2016), who, by investigating an Italian bank, indicated that RM change can better be understood concerning the interactions between external pressures emerging in the broader institutional context and intra-organizational dynamics between roles (see also Palermo et al., 2017; Braumann et al., 2020). These variant results reported in different contexts indicate the importance of interpreting the results of MAC adoption and change concerning the context where MAC systems are applied. This context also invites future research to examine the different institutional perspectives behind MAC adoption in under-researched contexts, such as developing countries.
Additionally, regarding the ongoing debates in the previous research concerning the importance and existence of risk-based management control, the present work represents an early attempt to understand ERM and RBC as situated knowledge in a developing context. This attempt was made because the body of relevant literature is primarily centred on developed markets and lacks information about developing contexts. Studying developing markets is vital to revealing the social, political and contextual factors surrounding RBC (Soin and Collier, 2013). This study enhanced our understanding of actual RBC implementation struggles within a developing context, an issue that still needs further development and reflection in future research (Subramaniam et al., 2011).
Figures
Criteria for risk mapping
| Inherent risk level detected | ||||
|---|---|---|---|---|
| Quality of controls found | Low | Moderate | Upper moderate | High |
| Strong | Low | Low | Moderate | Moderate |
| Acceptable | Low | Moderate | Upper moderate | Upper moderate |
| Need enhancement | Moderate | Upper moderate | High | High |
| Weak | Upper moderate | High | High | High |
Source: Mohamed Metwally (2017)
ABC’s new risk appetite
| Risk type | Accepted tolerance rate |
|---|---|
| Capital and equity risks |
|
| Income risks |
|
| Underwriting risks |
|
| Catastrophe risks |
|
| Reinsurance/credit risks |
|
| Investment risks |
|
| Liquidity risks |
|
| Operational risks |
|
| Governance risks |
|
| Reputation risks |
|
| Strategic risks |
|
Source: Adapted from Mohamed Metwally (2017)
Notes
The actual name of the company is not stated here for confidentiality issues.
CLR is calculated by dividing total claims paid and all other expenses over the total annual premiums.
References
Alawattage, C., Graham, C. and Wickramasinghe, D. (2019), “Microaccountability and biopolitics: Microfinance in a Sri Lankan village”, Accounting, Organizations and Society, Vol. 72, pp. 38-60.
Almandoz, J. (2014), “Founding teams as carriers of competing logics: when institutional forces predict banks’ risk exposure”, Administrative Science Quarterly, Vol. 59 No. 3, pp. 442-472.
Amans, P., Mazars-Chapelon, A. and Villesèque-Dubus, F. (2015), “Budgeting in institutional complexity: the case of performing arts organizations”, Management Accounting Research, Vol. 27, pp. 47-66.
Arena, M., Arnaboldi, M. and Azzone, G. (2010), “The organizational dynamics of enterprise risk management”, Accounting, Organizations and Society, Vol. 35 No. 7, pp. 659-675.
Battilana, J. and Dorado, S. (2010), “Building sustainable hybrid organizations: the case of commercial microfinance organizations”, Academy of Management Journal, Vol. 53 No. 6, pp. 1419-1440.
Besharov, M. and Smith, W. (2014), “Multiple institutional logics in organizations: explaining their varied nature and implications”, Academy of Management Review, Vol. 39 No. 3, pp. 364-381.
Best, A.M. (2013), Understanding BCAR for Property/Casuality for Insurers, A. M. Best, Oldwick, NJ.
Bhimani, A. (2009), “Risk management, corporate governance and management accounting: emerging interdependencies”, Management Accounting Research, Vol. 20 No. 1, pp. 2-5.
Binder, A. (2007), “For love and money: organizations' creative responses to multiple environmental logics”, Theory and Society, Vol. 36 No. 6, pp. 547-571.
Boer, H.J. (2019), “The biopolitics of carbon accounting in Indonesia’s forests”, Environment and Planning C: Politics and Space, Vol. 38 No. 1, pp. 174-192.
Borglund, T., Frostenson, M., Helin, S. and Arbin, K. (2023), “The professional logic of sustainability managers: finding underlying dynamics”, Journal of Business Ethics, Vol. 182 No. 1, pp. 59-76.
Braumann, E.C., Grabner, I. and Posch, A. (2020), “Tone from the top in risk management: a complementarity perspective on how control systems influence risk awareness”, Accounting, Organizations and Society, Vol. 84, p. 101128.
Burns, J. and Scapens, R.W. (2000), “Conceptualizing management accounting change: an institutional framework”, Management Accounting Research, Vol. 11 No. 1, pp. 3-25.
Carlsson-Wall, M., Kraus, K. and Messner, M. (2016), “Performance measurement systems and the enactment of different institutional logics: insights from a football organization”, Management Accounting Research, Vol. 32, pp. 45-61.
Cherrier, H., Goswami, P. and Ray, S. (2018), “Social entrepreneurship: creating value in the context of institutional complexity”, Journal of Business Research, Vol. 86, pp. 245-258.
Collier, P.M. and Berry, A.J. (2002), “Risk in the process of budgeting”, Management Accounting Research, Vol. 13 No. 3, pp. 273-297, doi: 10.1006/mare.2002.0190.
COSO (2004), “Enterprise risk management: integrated framework”, Committee of Sponsoring Organizations of the Treadway Commission, John Wiley and Sons, Hoboken, NJ.
Dambrin, C., Lambert, C. and Sponem, S. (2007), “Control and change—analysing the process of institutionalisation”, Management Accounting Research, Vol. 18 No. 2, pp. 172-208.
Diab, A. (2021), “The accountability process during the centrality of state institutional logics: a case from an African rural context”, Journal of Accounting in Emerging Economies, Vol. 11 No. 3, pp. 341-366.
Diab, A. and Aboud, A. (2019), “The interplay between ideological resistance and management control: an egyptian case study”, Journal of Accounting in Emerging Economies, Vol. 9 No. 2, pp. 208-236.
Diab, A. and Metwally, A.B.M. (2021), “The biopolitics of transformation to ERM technologies: a case from Egypt”, International Journal of Customer Relationship Marketing and Management, Vol. 12 No. 4, pp. 31-45, doi: 10.4018/IJCRMM.2021100103.
Diab, A.A.A. and Mohamed Metwally, A.B. (2019), “Institutional ambidexterity and management control”, Qualitative Research in Accounting and Management, Vol. 16 No. 3, pp. 373-402, doi: 10.1108/QRAM-08-2017-0081.
DiMaggio, P.J. and Powell, W.W. (1983), “The iron cage revisited – institutional isomorphism and collective rationality in organizational fields”, American Sociological Review, Vol. 48 No. 2, pp. 147-160.
Ezzamel, M., Robson, K. and Stapleton, P. (2012), “The logics of budgeting: theorization and practice variation in the educational field”, Account Org Soc, Vol. 37 No. 5, pp. 281-303.
Friedland, R. and Alford, R.R. (1991), “Bringing society back in: symbols, practices and institutional contradictions”, in Powell, W. and Dimaggio, P. (Eds), The New Institutionalism in Organizational Analysis, University of Chicago Press, Chicago, pp. 232-263.
Gendron, Y., Brivot, M. and Guénin-Paracini, H. (2016), “The construction of risk management credibility within corporate boardrooms”, European Accounting Review, Vol. 25 No. 3, pp. 549-578.
Gerdin, J. (2020), “Management control as a system: integrating and extending theorizing on MC complementarity and institutional logics”, Management Accounting Research, Vol. 49, p. 100716.
Giovannoni, E., Quarchioni, S. and Riccaboni, A. (2016), “The role of roles in risk management change: the case of an Italian bank”, European Accounting Review, Vol. 25 No. 1, pp. 109-129.
Greenwood, R. and Hinings, C.R. (1996), “Understanding radical organizational change: bringing together the old and the new institutionalism”, The Academy of Management Review, Vol. 21 No. 4, pp. 1022-1054.
Greenwood, R., Diaz, A.M., Li, S.X. and Lorente, J.C. (2010), “The multiplicity of institutional logics and the heterogeneity of organizational responses”, Organization Science, Vol. 21 No. 2, pp. 521-539.
Greenwood, R., Raynard, M., Kodeih, F., Micelotta, E.R. and Lounsbury, M. (2011), “Institutional complexity and organizational responses”, Academy of Management Annals, Vol. 5 No. 1, pp. 317-371.
Hopper, T. and Bui, B. (2016), “Has management accounting research been critical?”, Management Accounting Research, Vol. 31, pp. 10-30.
Hopper, T. and Powell, A. (1985), “Making sense of research into the organizational and social aspects of management accounting: a review of its underlying assumptions”, Journal of Management Studies, Vol. 22 No. 5, pp. 429-465.
Hopper, T., Tsamenyi, M., Uddin, S. and Wickramasinghe, D. (2012), Handbook of Accounting and Development, Edward Elgar Publishing, London.
Jabbour, M. (2013), “Investigation of risk management changes in insurance companies”, Brunel University Brunel Business School PhD Theses, available at: https://bura.brunel.ac.uk/handle/2438/7964
Jalali, F.A., Farooq, M.B., Sharma, U. and Mihret, D.G. (2021), “Institutional work and the interplay of stability and change in public budgeting reform: the case of public universities in Iran”, Accounting, Auditing and Accountability Journal, Vol. 34 No. 4, pp. 786-818.
Jarzabkowski, P., Smets, M., Bednarek, R., Burke, G. and Spee, P. (2013), “Institutional ambidexterity: leveraging institutional complexity Practice”, in Michael, L., Eva, B. (Eds), Institutional Logics in Action, Part B, Emerald Group Publishing, Leeds, pp. 37-61.
Jayasinghe, K., Adhikari, P., Soobaroyen, T., Wynne, A., Malagila, J. and Abdurafiu, N. (2021), “Government accounting reforms in Sub-Saharan African countries and the selective ignorance of the epistemic community: a competing logics perspective”, Critical Perspectives on Accounting, Vol. 78, p. 102246.
Joannidès de Lautour, V., Wickramasinghe, D. and Berland, N. (2019), “From critical accounting to an account of critique: the case of cultural emancipators”, Accounting Forum, Vol. 44 No. 2, pp. 132-159.
Jordan, S., Jørgensen, L. and Mitterhofer, H. (2013), “Performing risk and the project: Risk maps as mediating instruments”, Management Accounting Research, Vol. 24 No. 2, pp. 156-174.
Jordan, S., Mitterhofer, H. and Jørgensen, L. (2018), “The interdiscursive appeal of risk matrices: collective symbols, flexibility normalism and the interplay of ‘risk’ and ‘uncertainty”, Accounting, Organizations and Society, Vol. 67, pp. 34-55.
Kraatz, M. and Block, E. (2008), “Organizational implications of institutional pluralism”, in Greenwood, R., Oliver, C., Suddaby, R. and Sahlin K. (Eds), The Sage Handbook of Organizational Institutionalism, Sage Publications, New York, NY, pp. 243-275.
Lounsbury, M. (2007), “A tale of two cities: competing logics and practice variation in the professionalizing of mutual funds”, Academy of Management Journal, Vol. 50 No. 2, pp. 289-307.
Maran, L. and Lowe, A. (2021), “Competing logics in a hybrid organization: ICT service provision in the Italian health care sector”, Accounting, Auditing and Accountability Journal, Vol. 35 No. 3, pp. 770-800.
McPherson, C.M. and Sauder, M. (2013), “Logics in action: managing institutional complexity in a drug court”, Administrative Science Quarterly, Vol. 58 No. 2, pp. 165-196.
Merchant, K.A. and Otley, D.T. (2007), “A review of the literature on control and accountability”, Handbook of Management Accounting Research, (Ed.) C. S. Chapman, A.G Hopwood, and MD Shields, Amsterdam, Netherlands, pp. 785-804.
Metwally, A., Ali, H., Diab, A.A. and Hussainey, K. (2019), “The hype of risk-based management control: a phronetic approach”, Risk Governance and Control: Financial Markets and Institutions, Vol. 9 No. 2, pp. 18-33.
Metwally, A. and Diab, A. (2021), “Risk-based management control resistance in a context of institutional complexity: evidence from an emerging economy”, Journal of Accounting and Organizational Change, Vol. 17 No. 3, pp. 416-435.
Metwally, A.B.M. and Diab, A. (2023), “An institutional analysis of the risk management process during the COVID-19 pandemic: evidence from an emerging market”, Journal of Accounting and Organizational Change, Vol. 19 No. 1, pp. 40-62, doi: 10.1108/JAOC-03-2021-0043.
Mikes, A. (2009), “Risk management and calculative cultures”, Management Accounting Research, Vol. 20 No. 1, pp. 18-40.
Mikes, A. (2011), “From counting risk to making risk count: boundary-work in risk management”, Accounting, Organizations and Society, Vol. 36 Nos 4/5, pp. 226-245.
Miller, P., Kurunmäki, L. and O’Leary, T. (2008), “Accounting, hybrids and the management of risk”, Accounting, Organizations and Society, Vol. 33 Nos 7/8, pp. 942-967.
Mohamed Metwally, A.B. (2017), “Risk based management control logics meet geopolitics: a case study from Egypt”, Doctoral dissertation, University of Glasgow.
Pache, A.C. and Santos, F. (2013), “Embedded in hybrid contexts: how individuals in organizations respond to competing institutional logics”, In Institutional Logics in Action, Part B, Emerald Group Publishing, Leeds, pp. 3-35.
Pache, A.-C. and Santos, F. (2010), “When worlds collide: the internal dynamics of organizational responses to conflicting institutional demands”, Academy of Management Review, Vol. 35 No. 3, pp. 455-476.
Palermo, T., Power, M. and Ashby, S. (2017), “Navigating institutional complexity: the production of risk culture in the financial sector”, Journal of Management Studies, Vol. 54 No. 2, pp. 154-181.
Posch, A. (2020), “Integrating risk into control system design: the complementarity between risk-focused results controls and risk-focused information sharing”, Accounting, Organizations and Society, Vol. 86, p. 101126.
Power, M. (2016), Risk Work: Essays on the Organizational Life of Risk Management, Oxford University Press, Oxford.
Rana, T., Wickramasinghe, D. and Bracci, E. (2019), “New development: integrating risk management in management control systems—lessons for public sector managers”, Public Money and Management, Vol. 39 No. 2, pp. 148-151.
Rautiainen, A. and Järvenpää, M. (2012), “Institutional logics and responses to performance measurement systems”, Financial Accountability and Management, Vol. 28 No. 2, pp. 164-188.
Reay, T. and Hinings, B. (2005), “The recomposition of an organizational field: health care in Alberta”, Organization Studies, Vol. 26 No. 3, pp. 351-384.
Reay, T. and Hinings, C.R. (2009), “Managing the rivalry of competing institutional logics”, Organization Studies, Vol. 30 No. 6, pp. 629-652.
Sandelin, M. (2008), “Operation of management control practices as a package—a case study on control system variety in a growth firm context”, Management Accounting Research, Vol. 19 No. 4, pp. 324-343.
Schäffer, U., Strauss, E. and Zecher, C. (2015), “The role of management control systems in situations of institutional complexity”, Qualitative Research in Accounting and Management, Vol. 12 No. 4, pp. 395-424.
Schneiberg, M. and Lounsbury, M. (2008), “Social movements and institutional analysis”, in Greenwood, R., Oliver, C., Suddaby, C. andSahlin-Andersson, K. (Eds), The Sage Handbook of Organizational Institutionalism, Sage, London, pp. 648-670.
Soin, K. and Collier, P. (2013), “Risk and risk management in management accounting and control”, Management Accounting Research, Vol. 24 No. 2, pp. 82-87.
Subramaniam, N., Carey, P., Zaleha Abdul Rasid, S., Rahim Abdul Rahman, A. and Khairuzzaman Wan Ismail, W. (2011), “Management accounting and risk management in Malaysian financial institutions: an exploratory study”, Managerial Auditing Journal, Vol. 26 No. 7, pp. 566-585.
Tekathen, M. and Dechow, N. (2013), “Enterprise risk management and continuous re-alignment in the pursuit of accountability: a German case”, Management Accounting Research, Vol. 24 No. 2, pp. 100-121.
Thornton, P.H. (2004), Markets from Culture: Institutional Logics and Organizational Decisions in Higher Education Publishing, Stanford University Press.
Thornton, P.H., Jones, C. and Kury, K. (2005), “Institutional logics and institutional change in organizations: transformation in accounting, architecture, and publishing”, Transformation in Cultural Industries, Emerald Group Publishing, Leeds, pp. 125-170.
Thornton, P.H., Ocasio, W. and Lounsbury, M. (2012), The Institutional Logics Perspective: A New Approach to Culture, Structure, and Process, Oxford University Press, Oxford.
Townley, B. (1997), “The institutional logic of performance appraisal”, Organization Studies, Vol. 18 No. 2, pp. 261-285.
Uddin, S. and Hopper, T. (2001), “A Bangladesh soap opera: privatisation, accounting, and regimes of control in a less developed country”, Accounting, Organizations and Society, Vol. 26 Nos 7/8, pp. 643-672.
van den Broek, J., Boselie, P. and Paauwe, J. (2014), “Multiple institutional logics in healthcare: ‘productive ward: releasing time to care’”, Public Management Review, Vol. 16 No. 1, pp. 1-20.
Vinnari, E. and Skærbæk, P. (2014), “The uncertainties of risk management”, Accounting, Auditing and Accountability Journal, Vol. 27 No. 3, pp. 489-526.
Wickramasinghe, D. and Hopper, T. (2005), “A cultural political economy of management accounting controls: a case study of a textile mill in a traditional Sinhalese village”, Critical Perspectives on Accounting, Vol. 16 No. 4, pp. 473-503.
Woods, M. (2009), “A contingency theory perspective on the risk management control system within Birmingham city council”, Management Accounting Research, Vol. 20 No. 1, pp. 69-81.
Yee, H. (2020), “Institutional logics and institutional work: radical reform of the Chinese public accounting profession in the 1990s”, Accounting, Auditing and Accountability Journal, Vol. 33 No. 5, pp. 1019-1046.
Acknowledgements
Funding: This work was funded by the Deanship of Scientific Research, Vice Presidency for Graduate Studies and Scientific Research, King Faisal University, Saudi Arabia [Project No. GRANT 5328].