Approaches to risk governance are not homogeneous across organizations. Some organizations invest heavily in building formal and strategically focused enterprise-wide risk governance processes while others exhibit reduced formality and focus, allowing risk governance to be less structured. We argue that risk governance may best be described as a service dependent upon a network (or ecosystem) of participants who include users of risk information and providers who design and implement risk governance processes. Using a survey sample of 2,380 observations from 2011–2016, we find that external calls for enhanced risk governance are positively associated with risk governance processes having greater formality and strategic focus. We find this relationship is partially mediated by internal demands for enhanced risk governance. Further, we find that the positive association between internal demands and enhanced risk governance is reduced by resource constraints and that a risk-seeking attitude is negatively associated with enhanced risk governance.

This content is only available via PDF.
You do not currently have access to this content.