Accounting

, 189, 215, 217

and ERM

, 269–270

integration of ERM practices with accounting practices

, 52

integration of risk management with accounting practices

, 70, 72, 122, 125

Accounting Act

, 143

Act on insurance and reinsurance

, 145

Act on Public Finances

, 144

Act on Public Offering and Conditions for Introducing Financial Instruments to the Organized Trading System and Public Companies

, 142

Act on Statutory Auditors, Audit Firms, and Public Oversight

, 143

Act on Trading in Financial Instruments

, 142–143

Advanced measurement approach (AMA)

, 265

AENOR

, 188

AFEP-MEDEF code for publicly traded companies

, 10

Agricultural sector

, 114

Aktiengesellschaft (AG)

, 25

American Associate in Risk Management (ARM)

, 13

American Risk and Insurance Association (ARIA)

, 29

AMRAE Risk Manager Barometer

, 17

Anglo-Saxon model

, 99

Annual report

integration of ERM practices with

, 52–53

integration of risk management with disclosure in

, 72–73

of Spanish listed companies

, 192–194, 202

ANRA Learning Path (ALP)

, 66–67

Artificial Intelligence

, 59

Asociación Española de Compliance (ASCOM)

, 187

Asociación Española de Gerencia de Riesgos y Seguros (AGERS)

, 187

Association des Professionnels de la Gestion des Risques et des Assurances (ACADEF)

, 13

Association of Accountants and Auditors of Lithuania

, 81

Association of Financial analysts

, 81

Association of Financial directors

, 81

Association of Insurance and Risk Managers (AIRMIC)

, 254

Association of Internal Auditors

, 81

Association of Investors

, 81

Association of Italian Controllers (Assocontroller)

, 65

Association of Professional Consultants

, 81

Association of Registered Controllers (VRC)

, 100

Association of Risk Management Professionals

, 81

Association of Risk Managers and Corporate Insurance Managers (ANRA)

, 63

Association pour le Management des Risques et Assurances de l’Enterprise (AMRAE)

, 13–14

Athens Stock Exchange (ASE)

, 46

Atlas Copco

, 219–220

Audit

, 251

Audit committee

, 9–10

Australian Securities Exchange (ASX)

, 25–26

Autorité des Marchés Financiers (AMF)

, 10

Banco Português de Negócios (BPN)

, 159

Banco Privado Português (BPP)

, 159

Banking Act

, 144–145

Barnier Law

, 12

Basel agreements

, 12

Basel Committee on Banking Supervision (BCBS)

, 187

Best practices

, 262, 280

Big four

, 118, 216

Blockchain

, 59

Board of Directors (BoD)

, 9, 43–44, 49, 59, 116, 231, 233

Board of statutory auditors

, 59

Board Risk Committee (BRC)

, 49

Brexit

, 247

Business plan implementation

, 86

Business population in United Kingdom

, 245

Business risks, regulatory responses to management of

, 81–83

CAC 40 Companies, frameworks employed by

, 18–19

Cadbury Code

, 249

Capital Markets Union

, 2–3

Chief Audit Executives (CAEs)

, 45

Chief Executive Officer (CEO)

, 49, 84, 234–235

Chief Financial Officer (CFO)

, 190, 234–235

Chief Risk Officer (CRO)

, 16, 49, 63, 69, 85, 108–109, 152, 191–192

Civil liability

, 233

Cluster analysis

, 281–289

Commercial Companies Code of 2000 (CCC)

, 140–142

Commercial law

, 59

Commissione Nazionale per le Società e la Borsa (CONSOB)

, 60

Committee for Sponsoring Organisations (COSO)

, 188–189, 228, 262

ERM framework

, 50

Companies Code

, 160

Company value

, 276

Compliance-based ERM

, 266

Comply or explain

approach

, 249

basis

, 116

mechanism

, 213–214, 223–224

rule

, 97, 160

Context

, 281

Control activities

, 165

Control-based ERM

, 266

Corporate culture

, 219–220

Corporate governance. See also Governance

, 9, 11, 46–47, 138, 158–159, 191

bodies

, 29

in Cadbury Report

, 249

code of practice for

, 116

codes and reports

, 248

enterprise risk management

, 250–253

Sweden’s model of

, 213

Corporate Governance Code

, 99–100, 160–161, 250

Corporate Governance Monitoring Committee

, 98

Corporate organization

, 60

Corporate reporting

, 253

Corporate risk

, 25–26

Country economic highlights

, 3

Criminal liability

, 233

Crisis and Insolvency Code

, 60–61

Crisis-based ERM

, 266

Culture

, 280

Cyber-attacks

, 12

Data Protection Authority

, 98

Data Protection Code

, 62

Decision-making processes, missing ERM integration into

, 237–238

Delegation opportunities

, 232–233

Dendrogram

, 288

Digital transformation, barriers risks to

, 238–239

Digitalization

, 114–115

Directors’ and officers’ liability insurance (D&O liability insurance)

, 233

Disclosure

, 213–214

Domestic ERM. See also Enterprise risk management (ERM)

chief risk officer role

, 49

corporations

, 48

principles and practices

, 4, 49, 51

profession

, 48–49

Domestic legal regulation of ERM

, 3–4, 9, 13

Domestic professional bodies/associations

, 4, 13, 15, 47–48

Dual model

, 160

Dutch Association of Accountants (NOvAA)

, 99–100

Dutch Central Bank (DNB)

, 96

Dutch Corporate Governance code

, 97

Dutch foreign investments (FDI)

, 96

Dutch government

, 97

Dutch Working Conditions Act

, 98

Economic system in United Kingdom

, 245–247

Empirical studies

, 62

Enterprise risk assessment (ERA)

, 50

Enterprise risk management (ERM). See also Risk management (RM)

, 1, 24, 45, 138, 185, 244, 262, 280

academic research on

, 254–256

impact of academic research on ERM practices

, 4

authorities and professional bodies

, 253–254

companies heading

, 272–275

and corporate governance

, 250–253

and corporate reporting

, 253

degree of integration

, 4

developments in

, 212

discipline and practice

, 228

domestic ERM principles and practices

, 4

domestic legal regulation of

, 3–4

embeddedness

, 298–301

insufficient effectiveness check

, 237

integration

, 1

operationalization

, 1

practices

, 3

principles

, 2

professionalization of

, 63–68

status quo

, 158

in United Kingdom

, 247–254

Environmental, social and governance-related risks (ESG-related risks)

, 184–185

Europe, ERM in

, 280

EU landscape for ERM

, 281–289

risk management in institutional context

, 294–298

state of development of risk management

, 289–294

European Banking Authority (EBA)

, 147

European Confederation of Institutes of Internal Auditors (ECIIA)

, 100, 117–118

European countries

, 3

European Economic Area (EEA)

, 114

European Federation of Accountants and Auditors (EFAA)

, 99–100

European Insurance and Occupational Pensions Authority (EIOPA)

, 147

European Organization for Quality (EOQ)

, 118

European Risk Management Professional Certification (RIMAP)

, 66–67

European Securities and Markets Authority (ESMA)

, 147

European Space Agency

, 97

European Stability Mechanism (ESM)

, 41

European Supervisory Authorities (ESA)

, 2–3

European Union

, 2–3

Events identification

, 165

Executive Board

, 9

Family business

, 30–32

Federal Financial Supervisory Authority (BaFin)

, 27

Federation of European Risk Management Associations (FERMA)

, 13–14, 28, 63, 100–101, 149, 187–188, 215–216, 270–271

European Risk Manager Report 2020

, 272–275

Field visit evidence

, 217–223

Finance law

, 59–60

Financial Conduct Authority (FCA)

, 254

Financial Institutions Act

, 115–116

Financial Markets Supervision Act

, 97

Financial sector

, 59

Financial Security Act (2003)

, 9

Financial Services and Markets Act 2000 (FSMA)

, 254

Firms

, 2

Follower adopters

, 291

France, ERM in

characteristics of risk management information in

, 18

domestic legal regulation

, 9–13

domestic professional bodies/associations

, 13–15

emerging literature

, 15–16

frameworks employed by CAC 40 Companies

, 18–19

key characteristics of French economy

, 8–9

principles and practices in companies

, 17

research impact on ERM practices in

, 15–17

research impact on ERM practices in France

, 15–17

risk manager function analysis in

, 16–17

French Institute of Internal Audit and Control (IFACI)

, 15

French National Agency for the Security of Information Systems (ANSSI)

, 15

Functional approach

, 89–90

Fundación Inade, Instituto Atl´antico del Seguro (INADE)

, 187

General Data Protection Regulation (GDPR)

, 43, 98

General meeting of shareholders

, 140–142

General Regulations for Data Protection (GDR)

, 12

German Accounting Law Modernization Act (BilMoG)

, 26–27

German Accounting Law Reform Act (BilReG)

, 26–27

German Auditing Standard 340 (IDW PS 340)

, 26–27

German Banking Act

, 27

German Commercial Code (HGB)

, 26–27

German Institute of Internal Auditors (DIIR)

, 27

German Mittelstand firms

, 24–25

German Stock Corporation Act (AktG)

, 25–26

Germany, ERM in

, 24

determinants of ERM implementation

, 30–32

empirical evidence

, 30–32

environment

, 25–29

German economy

, 24–25

implications

, 33–34

legislation and regulation

, 25–28

outcomes of ERM implementation

, 32

professional associations

, 28–29

research

, 29

Gesamtverband der versicherungsnehmenden Wirtschaft (GVNW)

, 28

Gesellschaft mit beschränkter Haftung (GmbH)

, 25

Global Association of Risk Professionals (GARP)

, 47

Global Reporting Initiative (GRI)

, 49–50

Global Risk Report 2020, The

, 2

Global value chains

, 79

Governance

, 80

and ERM

, 268–269

integration of ERM practices with

, 51–52

integration of risk management with

, 69–70, 122, 125

legal requirements for government agencies

, 116–117

models

, 98–99

Governance Coordination Centre

, 82–83

Greece, ERM in

, 40

impact of academic research on ERM practices

, 45–47

country economic highlights

, 40–41

domestic ERM principles and practices

, 49–51

domestic ERM profession

, 48–49

domestic legal and regulatory framework

, 41–45

domestic professional bodies/associations

, 47–48

financial services industry

, 42–43

integration of ERM practices with accounting practices

, 52

integration of ERM practices with disclosure in annual report

, 52–53

integration of ERM practices with governance mechanisms

, 51–52

legal provisions

, 41–42

soft law for listed companies

, 43–44

soft law for non-listed companies

, 44–45

Greek banks

, 46

Gross domestic product (GDP)

, 24, 58, 96, 114, 184, 212, 246

Groupement des Assur´es du Commerce et de l’Industrie (GACI)

, 13

Hampel Committee

, 249–250

Hellenic Corporate Governance Council (HCGC)

, 41

Hellenic Federation of Enterprises and Manufacturers (SEV)

, 43

Hierarchical agglomerative cluster analysis

, 281, 288

Hierarchical cluster analysis

, 281–288

Independent auditors

, 64–65

Industry 4. 0

, 58

Industry sector

, 114

Information and communication

, 165

Information Systems Audit and Control Association (ISACA)

, 215–216

Information technology (IT)

, 271

Iniciativa Gerentes de Riesgos Espanoles Asociados (IGREA)

, 187

Institut pour la Maîtrise des Risques (IMdR)

, 14

Institute for the Accountancy Profession in Sweden (FAR)

, 215–216

Institute of Internal Auditors (IIA)

, 64, 100, 117, 215–216

Institute of Portuguese Internal Auditors

, 163

Institute of Risk Management (IRM)

, 66, 254

Instituto de Auditores Internos de España (IAI)

, 187

Instituto de Contabilidad y Auditoría de Cuentas (ICAC)

, 187

Integrated National Plan for Energy and Climate 2030

, 59

Integration

of ERM practices, accountability and annual financial reporting

, 68, 73, 104, 108

of risk management with accounting practices

, 70, 72, 122, 125

of risk management with disclosure in annual report

, 72–73

of risk management with governance mechanisms

, 69–70, 122, 125

Integrity principles

, 76

Internal Audit function

, 51

Internal auditor

, 64

Internal control (IC)

, 9–10, 46–47, 100, 103–104, 251

Internal control system (ICS)

, 40, 43–44, 162–163

Internal environment

, 165

International accounting standards (IAS)

, 81

International Accounting Standards Board (IASB)

, 240

International Federation for Human Rights (FIDH)

, 11

International Federation of Accountants (IFAC)

, 99–100

International Federation of Risk and Insurance Management Association (IFRIMA)

, 13–14, 271

International Financial Reporting Standards (IFRS)

, 240, 270

International Institute of Risk and Safety Management (IIRSM)

, 254

International Integrated Reporting Council (IIRC)

, 73

International Organisation for Standardisation (ISO)

, 262

ISO 14001 standard

, 186

ISO/IEC 20000 standard

, 186

ISO31000 framework

, 50

Internationaler Controllerverein (ICV)

, 28

Internet of Things

, 59

Italian Association of Auditors (ASSIREVI)

, 64–65

Italian Association of Financial Analysts (AIAF)

, 65

Italian Corporate Governance Committee

, 60

Italian financial markets

, 60

Italian firms

, 58, 61

Italian industrial policy

, 58

Italian Internal Auditors Association (AIIA)

, 64

Italy, ERM in

impact of academic research on ERM practices

, 62–63

ERM legal requirements

, 59–62

integration of ERM

, 68–73

Italian economy

, 58–59

professionalization of ERM

, 63–68

James Lam Maturity mode

, 266

KonTraG

, 25–27

Latin model

, 160

Legislation

, 25–28

Legislative Decree no. 231, dated 8 June 2001

, 61

Limited Liability Company (AS)

, 115

Lithuania, ERM in

, 76

business environment

, 79–80

economy

, 78–79

ERM in practice

, 84–87

regulatory responses to management of business risks

, 81–83

research on risks and risk management in

, 77

risk management and ERM role and practices in organization

, 83–84

LitSOE (State-Owned Enterprise)

, 85–86

London Stock Exchange

, 253

Maandblad voor Accountancy en Bedrijfseconomie (MAB)

, 101

Management board

, 140–142

Markets in Financial Instruments Directive (MiFID)

, 42

Materiality analysis

, 50

Maturity of ERM practices

, 120–122

Micro-enterprises

, 234

“Middlenext” code

, 10

Minimum Requirements for Risk Management (MaRisk)

, 27

Ministry of Finance

, 82–83, 144–145, 147

Mittelstand

, 24, 30

Model 231

, 61

Money Laundering

, 98

Monitor and review

, 244

Monitoring

, 165

mWIG40 indices

, 153

NARIM

, 100–101

National Association of Accountants (CNDCEC)

, 65, 72

National Court Register Act

, 145–146

National Strategy for the Ultra-Wide Band

, 59

Netherlands, ERM in

, 96

academic research on ERM practices

, 101

ERM principles and practices

, 101–104

governance models

, 98–99

integration of ERM practices, accountability and annual financial reporting

, 104–108

professional bodies and associations

, 99–101

regulation

, 97–98

second national risk management survey

, 108–110

Network and information security (NIS)

, 188

Netzwerk Risikomanagement

, 235

New Anglo-Saxon model

, 160

New Economic Regulations Act (NRE)

, 9

Non-financial/sustainability reporting standards

, 50

Norway, ERM in

, 114

impact of academic research on ERM practices

, 117

code of practice for corporate governance

, 116

company legislation

, 115–116

legal requirements

, 115–117

legal requirements for government agencies

, 116–117

Norwegian economy

, 114–115

professional bodies, associations and ERM profession

, 117–118

survey on ERM practices in

, 118–120, 125

Norwegian Government Agency for Financial Management (DFØ)

, 116–117

Norwegian Risk Management Association (NORIMA)

, 117

Nyenrode Corporate Governance Institute (NCGI)

, 101

Objectives setting

, 165

OECD corporate governance guidelines

, 82

OHSAS18001/ISO45001 systems

, 50

Order of Certified Accountants

, 163

Order of the Public Chartered Accountants

, 163

Oslo Stock Exchange

, 116

PCV (Private Company)

, 86–87

Performance-based ERM

, 266

Perspektivmeldingen 2017

, 114–115

Poland, ERM in

, 138

economic highlights

, 139–140

impact of ERM research on practice

, 147–148

legal framework

, 140–146

polish listed companies

, 152–153

principles and practices

, 149–152

professionalization of ERM

, 148–149

self-regulatory framework

, 146–147

Polish Financial Supervision Authority (PFSA)

, 147

Political risks

, 78

POLRISK

, 149

Portugal, ERM in

, 158, 167, 175

impact of academic research on ERM practices

, 161–163

data

, 164–165

economic highlights

, 158–159

research method

, 164–165

results

, 166–179

sample

, 164

Portuguese companies

, 159

Portuguese corporate governance legal framework

, 159–161

Portuguese Institute of Corporate Governance (PICG)

, 159–160

Portuguese professional bodies/associations

, 163–164

PricewhaterhouseCoopers (PwC)

, 108–109

Private risk-sharing mechanisms

, 2–3

Professional association

, 14

Professional Risk Managers’ International Association (PRMIA)

, 47

Professionalization of ERM

, 63, 68, 148–149, 187, 190, 215, 217

ERM principles and practices

, 67–68, 216–217

ERM profession in Italy

, 65–67

professional bodies, associations and ERM profession

, 63–65

professional bodies and associations

, 149, 187–188, 215–216

risk management principles and practices

, 188–190

Profitability

, 268

Prudential Regulation Authority (PRA)

, 254

Public Finance Act

, 144

Public Limited Liability Company (ASA)

, 115

Public-private partnerships (PPPs)

, 159

Quality and Risk Norway

, 117

Registration, Evaluation, Authorisation and Restriction of Chemicals Directive (Reach Directive)

, 12

Regulated corporate practices

, 3

Regulation

, 25–28

Report on the Current State of ERM (2015)

, 272

Reporting principle of materiality

, 50

Rijnland model of corporate governance

, 98–99

RIMS Risk Maturity Model

, 266

Risk and Insurance Management Society (RIMS)

, 267

Risk Based Internal Audit approach (RBIA)

, 45

approach

, 46

planning

, 46

Risk disclosure

, 206

academic research on

, 254–256

in Switzerland

, 233–234

weak decision-making relevance of risk disclosures in annual reports

, 238

“Risk in Focus 2020” report

, 100

Risk Management & Rating Association (RMA)

, 28

Risk management (RM)

, 8–9, 11, 76–77, 115, 159–160, 221, 231–233, 244, 262

complexities

, 263–265

contributions from RM associations and researchers

, 270–272

efficacy of extensive compulsory regulations

, 265

efficacy of regulations and guidelines

, 265–266

ERM maturity

, 266–268

across Europe

, 298–301

to global economic crisis

, 46–47

goals of RM and best practices

, 262–270

information characteristics in France

, 18

maturity model

, 119

profession in Switzerland

, 234–235

Risk Management Manager Academy

, 149

Risk Management Professional (RIMAP)

, 13, 271–272

Risk managers

, 234

aims of

, 262–270

function analysis in France

, 16–17

training and updating

, 271–272

Risk Talks

, 14

Risk(s)

, 8, 158, 251, 262

appetite

, 236

assessment

, 165, 244

culture

, 235–236, 298, 301

governance

, 122

missing portfolio view on

, 236

policy

, 235–236

portfolio management

, 78, 89–90

professionals

, 68

reporting

, 245

response

, 165

specific

, 11–12

treatment

, 244

universe

, 221

RiskNET

, 28–29

Royal Dutch Institute of Chartered Accountants (Royal NIVRA)

, 99–100

Royal Netherlands Institute of Chartered Accountants (NBA)

, 99–100

Sandvik

, 220–222

Sapin II law

, 11

Sarbanes–Oxley Act (SOX)

, 34, 98–99, 108

Securities Exchange Commission (SEC)

, 25–26

Senior management

, 9

Service sector

, 114

Seveso standards

, 12

Signals

, 86

SIX Swiss Exchange

, 238

Skandia’s business model

, 218–219

Small and medium-sized enterprises (SMEs)

, 8–9, 24, 229–230, 245

Small Business Act for Europe (SBA)

, 245

Society for Risk Analysis (SRA)

, 117

Soft Law

, 12–13

for listed companies

, 43–44

for non-listed companies

, 44–45

Spain, ERM in

annual report of Spanish listed companies

, 192–194, 202

economic highlights

, 184–185

ERM integration with governance mechanisms

, 190–192

percentage of information disclosed per year about ERM

, 204

professionalization of ERM

, 187–190

results

, 193–205

Spanish normative framework

, 185–187

Specific risks

, 11–12

Standardized measurement approach (SMA)

, 265

State Treasury

, 140–142

Stock Exchange Code

, 160–161

Stock exchange market

, 58

Stock Exchange Supervisory Board

, 152–153

Structured questionnaires

, 46–47

Supervisory board

, 140–142

Survey on ERM practices in Norway

, 118–120, 125

Sustainability risks

, 72

Svenska Kraftnät

, 222–223

Sweden, ERM in

, 212

economic highlights

, 212–213

ERM integration

, 217–223

impact of ERM research on practice

, 214–215

professionalization of ERM

, 215–217

Swedish Corporate Governance Board (SCGB)

, 215–216

Swedish financial organizations

, 214

Swedish legal and self-regulatory framework

, 213–214

Swedish Risk Management Association (SWERMA)

, 215–216

Swiss Association of Insurance and Risk Managers (SIRM)

, 235

Swiss Code of Best Practice for Corporate Governance (SCBP)

, 232

Swiss Code of Obligations (CO)

, 230, 232–234, 239

Swiss economy

, 229–230

Swiss Enterprise Risk Association (SwissERM)

, 235

Swiss GAAP FER standard

, 239–240

Swiss Performance Index (SPI)

, 238

Swiss Risk Association (SRA)

, 235

Switzerland, ERM in

, 228

empirical evidence on ERM maturity in

, 235–239

legal aspects of risk management

, 230–234

relevance of accounting standards for ERM

, 239–240

risk management profession in

, 234–235

Systematic approach

, 89–90

Tabaksblat Code. See Dutch Corporate Governance code

Tabaksblat Committee

, 97

Terrorist Financing Prevention Act (Wwtf)

, 98

Three Lines of Defence Model

, 69

Tick-box approach

, 253

Tolerance-based ERM

, 266

Top management team (TMT)

, 83

Trade openness

, 79

Turnbull Report

, 250

UK Stewardship Code, principles from

, 252

Under-regulated corporate practices

, 3

United Kingdom, ERM in

, 247–254

academic research

, 254–256

business population in

, 245

economic system in

, 245–247

macroeconomic highlights in

, 246–247

regulation and practices

, 247–250

Value creation

, 149

Van Manen Committee

, 98

WIG20 indices

, 153