Integration of enterprise risk management and management control system: Based on a case study

This paper aims to discuss the concepts and methodological issues of enterprise risk management (ERM). The case study of company A shows that ERM has been implemented and integrated with management control as a means of monitoring its subsidiaries. First, ERM system was implemented through comprehensive review of corporate risk policies, risk management processes, roles and responsibilities, and risk culture. Second, company A integrated ERM with the existing management control system in order to evaluate the risk underlying the current management activities. Finally, ERM implementation was expanded to all subsidiaries so that each business unit would be delegated for its own risk management. This paper provides insight on the process how group-level internal auditors can use ERM as a tool to manage risk of subsidiaries, thereby filling the gap between academic research and practice. This successful ERM adoption case can be used as a guideline for other organizations, which plan to adopt ERM with reduced costs and improved processes.