A Theory of Enterprise Risk Management

Abstract

In this paper I submit a theoretical analysis of Enterprise Risk Management (ERM). ERM is proposed as the solution adopted by the Board of Directors to solve two general risk management problems faced by firms. The first is the agency problem of corporate risk management, according to which agents have interests and behavioral biases that conflict with the best interests of the principal. The second is the information problem of corporate risk management, which is the problem of collecting information about risk centrally in the organization to support decision-making regarding the firm’s total risk-return profile (including the deployment of economic capital). ERM consists of risk governance and risk aggregation. These are sets of mechanisms that address the agency and information problems, respectively.