Click here to download

Risk management and firm size: a survey of Italian private companies
Author/s: Elisabetta Mafrolla, Felice Matozza 
Year:  2014 Issue: Language: Italian 
Pages:  22 Pg. 87-108 FullText PDF:  136 KB
DOI:  10.3280/MACO2014-003005
(DOI is like a bar code for intellectual property: to have more infomation:  clicca qui   and here 

This paper studies enterprise risk management (ERM) systems within private firms, and examines how firm size influences risk settlement decisions inside micro, small, medium and large unlisted corporations. This paper contributes to the literature with an empirical analysis of whether private firms consider it worth managing risk using formalized organization and procedures, even if this is not imposed by any mandatory rule or by self-regulation. Submitting a questionnaire to a sample of Italian unlisted companies, it is found that 67% of respondents have no risk management department and only 10% are planning to create one. It seems that formalized risk-management systems amongst private entities are not widespread. It is likely that significant opportunities remain, especially for medium and big organizations, to strengthen underlying processes for identifying and assessing the key risks that the entity normally faces.
Keywords: Enterprise risk management, unlisted companies, small-micro-medium entities, SMEs.

  1. Fraser J., Simkins B.J. (2009), Enterprise risk management: today’s leading research and best practices for tomorrow’s executives, Hoboken, John Wiley & Sons.
  2. Allegrini M., D’Onza G. (2011), Corporate governance, risk management e responsabilità sociale fra presente e futuro dell’attività di internal auditing, Management Control, 1, 1, pp. 151-178., DOI: 10.3280/MACO2011-001007
  3. Arena M., Arnaboldi M., Azzone G. (2010), The organizational dynamics of enterprise risk management, Accounting, Organization and Society, 35, 7, pp. 659-675., DOI: 10.1016/j.aos.2010.07.003
  4. Arena M., Arnaboldi M., Azzone G. (2011), Is enterprise risk management real?, Journal of Risk Research, 14, 7, pp. 779-797., DOI: 10.1080/13669877.2011.571775
  5. Arena M., Azzone G. (2007), Internal audit departments: adoption and characteristics in Italian companies, International Journal of Auditing, 11, 2, pp. 91-114., DOI: 10.1111/j.1099-1123.2007.00357.x
  6. Aureli S., Salvatori F. (2013a), Investigation of risk management and risk disclosure practices of Italian listed local utilities, Financial Reporting 1, pp. 121-167., DOI: 10.3280/FR2013-001006
  7. Aureli S., Salvatori F. (2013b), The current state of risk management in Italian small and medium-sized enterprises, the 8th International Conference Accounting And Management Information Systems AMIS 2013, available at, pp. 15-36.
  8. Baxter R., Bedard J.C., Hoitash R., Yezegel A. (2013), Enterprise risk management program quality: determinants, value relevance, and the financial crisis, Contemporary Accounting Research, 30, 4, pp. 1264-1295., DOI: 10.1111/j.1911-3846.2012.01194.x
  9. Beasley M.S., Pagach D., Warr R. (2008), Information conveyed in hiring announcements of senior executives overseeing enterprise-wide risk management processes, Journal of Accounting, Auditing & Finance, 23, 3, pp. 311-332., DOI: 10.1177/0148558X0802300303
  10. Beasley M.S., Clune R., Hermanson D.R. (2005), Enterprise risk management: an empirical analysis of factors associated with the extent of implementation, Journal of Accounting and Public Policy, 24, 6, pp. 521-531., DOI: 10.1016/j.jaccpubpol.2005.10.001
  11. Beck U. (1992), Risk Society: Towards a New Modernity, London, Sage eds.
  12. Beretta S. (2004), Valutazione dei Rischi e Controllo Interno, Milano, Egea ed. Beretta S., Bozzolan S. (2004), A framework for the analysis of firm risk communication, The International Journal of Accounting, 39, 3, pp. 265-288., DOI: 10.1016/j.intacc.2004.06.006
  13. Beretta S., Bozzolan S., Michelon G. (2011), La disclosure sul sistema di controllo interno come meccanismo di monitoraggio: evidenze empiriche da differenti contesti istituzionali, Management Control, 1, 1, pp. 125-149., DOI: 10.3280/MACO2011-001006
  14. Bertini U. (1987), Introduzione allo Studio dei Rischi nell’Economia Aziendale, Milano, Giuffrè ed.
  15. Blome C., Schoenherr (2011), Supply chain risk management in financial crisis- A multiple case-study approach, International Journal of Production Economics, 134, 1, pp. 43-57., DOI: 10.1016/j.ijpe.2011.01.002
  16. Clarke C.J., Varma S. (1999), Strategic risk management: the new competitive edge, Long Range Planning, 32, 4, pp. 414-424., DOI: 10.1016/S0024-6301(99)00052-7
  17. Comitato per la Corporate Governance (2011), Corporate governance code, available at:
  18. Committee of Sponsoring Organizations of the Treadway Commission - COSO (2004), Enterprise risk management- integrated framework executive summary, available at:
  19. De la Torre A., Perìa M.S.M., Schmukler S.L. (2010), Bank involvement with SMEs: beyond relationship lending, Journal of Banking and Finance, 34, 9, pp. 2280-2293., DOI: 10.1016/j.jbankfin.2010.02.014
  20. D’Onza G. (2008), Il Sistema di Controllo Interno nella Prospettiva del Risk Management, Milano, Giuffrè ed.
  21. Gephart R. P., Van Maanen J., Oberlechner T. (2009), Organizations and risk in late modernity, Organization Studies, 30, 2-3, pp. 141-155., DOI: 10.1177/0170840608101474
  22. Gordon L. A., Loeb M.P., Tseng C.-Y. (2009), Enterprise risk management and firm performance: a contingency perspective, Journal of Accounting and Public Policy, 28, 4, pp. 301-327., DOI: 10.1016/j.jaccpubpol.2009.06.006
  23. Henschel T. (2006), Risk management practices in German SMEs: an empirical investigation, International Journal of Entrepreneurship and Small Business, 3, 5, pp. 554-571., DOI: 10.1504/IJESB.2006.010543
  24. Hoyt R.E., Liebenberg A.P. (2011), The value of enterprise risk management, The Journal of Risk and Insurance, 78, 4, pp. 795-822., DOI: 10.1111/j.1539-6975.2011.01413.x
  25. Institute of Chartered Accountants in England and Wales – ICAEW (2005), Risk management among SMEs, available at:
  26. International Organization for Standardization – ISO (2009), ISO 31000 – Risk Management- Principles and Guidelines, available at:
  27. Islam A., Tedford D. (2012), Risk determinants of small and medium-sized manufacturing enterprises (SMEs) – an exploratory study in New Zealand, Journal of Industrial Engineering International, 8, 12, pp. 1-13 ., DOI: 10.1186/2251-712X-8-12
  28. Knight F. (1921), Risk, Uncertainty and Profit, Boston, Houghton Miffin ed.
  29. KPMG (2010), L’enterprise Risk Management in Italia, available at:
  30. KPMG (2012), L’enterprise Risk Management in Italia, available at:
  31. Liebenberg A.P., Hoyt R.E. (2003), The determinants of enterprise risk management: evidence from the appointment of chief risk officers, Risk Management and Insurance Review, 6, 1, pp. 37-52., DOI: 10.1111/1098-1616.00019
  32. Lin H.H., Wu F.H. (2006), How to manage section 404 of the Sarbanes-Oxley Act: what is wrong with Section 404 of the Sarbanes-Oxley Act, Journal of Accounting and Corporate Governance, 3, 21, pp. 1-16.
  33. Lin Y., Wen M-M., Yu J. (2012), Enterprise risk management: Strategic antecedents, risk integration and performance, North American Actuarial Journal, 16, 1, pp. 1-28., DOI: 10.1080/10920277.2012.10590630
  34. Makomaski J. (2008), So what exactly is ERM?, Risk Management, 55, 4, pp. 80-81.
  35. March J., Shapira Z. (1987), Managerial perspectives on risk and risk taking, Management Science, 33, 11, pp. 1404-1418., DOI: 10.1287/mnsc.33.11.1404
  36. McShane M.K., Nair A., Rustambekov E. (2011), Does enterprise risk management increase firm value?, Journal of Accounting, Auditing & Finance, 26, 4, pp. 641-658., DOI: 10.1177/0148558X11409160
  37. Mikes A. (2009), Risk management and calculative cultures, Management Accounting Research, 20, 1, pp. 18-40., DOI: 10.1016/j.mar.2008.10.005
  38. Organisation for Economic Co-operation and Development – OECD (2009), Risk management and corporate governance, available at:
  40. Pagach D., Warr R. (2008), The characteristics of firms that hire chief risk officers, available at:
  41. Pagach D., Warr R. (2010), The effects of enterprise risk management on firm performance, available at SSRN., DOI: 10.2139/ssrn.1155218
  42. Pagach D., Warr R. (2011), The characteristics of firms that hire chief risk officers, The Journal of Risk and Insurance, 78, 1, pp. 185-211., DOI: 10.1111/j.1539-6975.2010.01378.x
  43. Power M. (2007), Organized uncertainty designing a world of risk management, Oxford, Oxford University Press eds.
  44. Power M. (2009), The risk management of nothing, Accounting, Organizations and Society, 34, 6-7, pp. 849-855., DOI: 10.1016/j.aos.2009.06.001
  45. Santini F. (2013), Strategic management accounting and financial performance in the small
  46. and medium sized Italian manufacturing enterprises, Management Control, 1, 1, pp. 77-107., DOI: 10.3280/MACO2013-001005
  47. Scapens B., Bromwich M. (2009), Editorial: Risk management, corporate governance and management accounting, Management Accounting Research, 20, 1, pp. 1-2., DOI: 10.1016/j.mar.2010.08.003
  48. Schmit J. T., Roth K. (1990), Cost effectiveness of risk management practices, The Journal of Risk and Insurance, 57, 3, pp. 455-470.
  49. Simkins B. (2008), Enterprise risk management: current initiatives and issues, Journal of Applied Finance, 18, 1, pp. 115-132.
  50. Tagliavini P. (1995), Risk management: the state of the art in Italy, The Geneva Papers on Risk and Insurance, 20, 76, pp. 315-324., DOI: 10.1057/gpp.1995.27
  51. Wahlström G. (2009), Risk management versus operational action: Basel II in a Swedish context, Management Accounting Research, 20, 1, pp. 53-68., DOI: 10.1016/j.mar.2008.10.002

Elisabetta Mafrolla, Felice Matozza, in "MANAGEMENT CONTROL" 3/2014, pp. 87-108, DOI:10.3280/MACO2014-003005


FrancoAngeli is a member of Publishers International Linking Association a not for profit orgasnization wich runs the CrossRef service, enabing links to and from online scholarly content