Accepted Manuscript

The Impact of Enterprise Risk Management on Competitive

Advantage by Moderating Role of Information Technology

Parvaneh Saeidi , Sayyedeh Parisa Saeidi , Saudah Sofian ,

Sayedeh Parastoo Saeidi , Mehrbakhsh Nilashi , Abbas Mardani

PII: S0920-5489(18)30145-4
DOI: https://doi.org/10.1016/j.csi.2018.11.009
Reference: CSI 3316

To appear in: Computer Standards & Interfaces

Received date: 25 April 2018

Revised date: 22 November 2018
Accepted date: 23 November 2018

Please cite this article as: Parvaneh Saeidi , Sayyedeh Parisa Saeidi , Saudah Sofian ,
Sayedeh Parastoo Saeidi , Mehrbakhsh Nilashi , Abbas Mardani , The Impact of Enterprise Risk
Management on Competitive Advantage by Moderating Role of Information Technology, Computer
Standards & Interfaces (2018), doi: https://doi.org/10.1016/j.csi.2018.11.009

This is a PDF file of an unedited manuscript that has been accepted for publication. As a service
to our customers we are providing this early version of the manuscript. The manuscript will undergo
copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please
note that during the production process errors may be discovered which could affect the content, and
all legal disclaimers that apply to the journal pertain.
 ACCEPTED MANUSCRIPT

Highlights
 We examine the influence of ERM on competitive advantage.
 Moderating role of information technology dimensions is investigated.
 Partial Least Squares software was used to analyse the data.

T
IP
CR
US
AN
M
ED
PT
CE
AC

1
 ACCEPTED MANUSCRIPT

The Impact of Enterprise Risk Management on Competitive

Advantage by Moderating Role of Information Technology

Parvaneh Saeidi 1, Sayyedeh Parisa Saeidi 1, Saudah Sofian 1, Sayedeh Parastoo

Saeidi 2, Mehrbakhsh Nilashi 3,*, Abbas Mardani 1
1
Faculty of Management, Universiti Teknologi Malaysia, 81310, Skudai, Johor
Malaysia
1
Faculty of Management, Universiti Teknologi Malaysia, 81310, Skudai, Johor

T
Malaysia
1
Faculty of Management, Universiti Teknologi Malaysia, 81310, Skudai, Johor

IP
Malaysia
2
Department of Economics, Faculty of Economics and Management, University Putra Malaysia,

CR
43400, Serdang, Selangor, Malaysia
3
School of Computing, Faculty of Engineering, Universiti Teknologi Malaysia, 81310 UTM
Johor Bahru, Johor, Malaysia
*
US
Corresponding author e-mail address: [email protected]

Abstract. The main purpose of this paper is to examine the influence of Enterprise Risk Management
AN
(ERM) on Competitive Advantage (CA) by moderating role of information technology dimensions
including Information Technology (IT) strategy and Information Technology (IT) structure. A total of 84
valid questionnaires were obtained through self-administered survey conducted at Iranian financial
institutions. Partial Least Squares Structural Equation Modelling (PLS-SEM) approach was conducted for
M

the analysis of data and hypotheses testing. The findings of this study showed that ERM had a positive
relationship with the firms‟ competitive advantage. The results also showed that IT strategy and IT
structure had a direct effect on the competitive advantage as a well as moderating effect on ERM-
ED

competitive advantage relationship. This study extends on previous ERM studies by considering Iran as a
developing country which is neglected among previous empirical researches. It also extends previous
ERM works by empirically evaluating ERM, IT, competitive advantage and relationships among them.
PT

This paper provides insights into the value of implementation of ERM among organizations which could
lead to improve competitive advantage. In addition, this study provides implication in terms of manager‟s
planning and decision making to consider IT as one of the critical success factors of ERM practices.
CE

Keyword: Competitive Advantage, Enterprise Risk Management, Information Technology, IT Structure, IT

Strategy, Financial Institutions
AC

1. Introduction
Nowadays, organizations are exposed to a large number of risks from different sources such as
globalization, deregulation, environmental changes, technological changes, complicated financial model,
and corporate governance changes (Gatzert and Martin, 2015, Tekathen and Dechow, 2013, Gordon et
al., 2009). In such a dynamic context, increasing the competitive advantage becomes one of the major
challenges among organizations. Improving competitive advantage is greatly dependent on the enhance
organization and management control system (Simons, 1990). In fact, organizations with a robust control
system and risk management are better able to cope with today‟s complexes (Tekathen and Dechow,
2013, Grace et al., 2015, Ahmed and Manab, 2016).
 ACCEPTED MANUSCRIPT

Parallel to this, various studies recognize enterprise risk management (ERM) as a new method of
organization control system, which allows organizations to manage an extensive range of risks (based on
Thomson 2007, including strategic, operational, financial and hazards) in a coordinated and
comprehensive enterprise-wide manner (Hoyt and Liebenberg, 2011, Grace et al., 2015, Olson and Wu,
2015). ERM is a system that helps organizations to gain a higher level of competitive advantage by
controlling, managing, and organizing the risk management activities better than traditional risk
management method (Elahi, 2013, COSO, 2004). It is worth noting that, based on Deloitte‟s Global risk
management survey (2012), adoption of ERM was most common among institutions in the developed
countries such as the United States/Canada, Australia, and countries in Europe, compared to developing
countries. In other words, developed countries have the higher growth rate of ERM compared to
developing countries (Subhani and Osman, 2011). Consequently, ERM in previous published studies is

T
mostly limited to developed countries. For instance, Gordon et al. (2009) considered 112 US companies,
Pagach and Warr (2010) 106 US companies, Grace et al. (2015) 523 US insurance companies, Hoyt and

IP
Liebenberg (2011) 117 US insurance and Quon et al. (2012) 156 Canadian firms, Ahmad and Mcmanus
(2014) considered Australian companies. While, a few research have has been done in developing

CR
countries such as Malaysia (e.g., Manab et al., 2010; Tahir and Razali, 2011) Brazil (e.g., Souza et
al.,2012) China (e.g., Zou and Hassan 2017; Nan, 2015) and Nigeria (Ahmed and Manab, 2016) .
Therefore, following the suggestions of different researchers and authors in the field of ERM who
recommended to do more research in developing countries (e.g., Manab et al. 2010; Tahir and Razali,

US
2011, Ahmad et al., 2014), this study attempts to extend the scope by evaluating ERM in Iran as a
developing country in the Middle East which suffers from a lack of study in this field.
This is important, as ERM has never been adequately addressed in Iranian businesses, especially
AN
in the financial institutions in context with practical terms. The reasons that have initiated this study to
select Iran and its financial institutions as the sample of the study is related to the nature and importance
of the financial sector. According to the literature, financial firms are among the first companies which
adopted and implemented ERM system and hire chief risk officer (Platt, 2004; Beasley et al., 2005; Hoyt
M

and Liebenberg, 2011). By nature, they are exposed to face a wide array of risk because they deal with
various types of customers, complicated trades, and an extensive range of financial assets. Therefore, risk
management has more importance among these institutions than others (Talwar, 2011; Shafique et al.,
ED

2013). Moreover, they have a vital effect on the nation‟s economy due to their intermediary role in
surplus and deficit units (Llewellyn, 1999) as well as their efficient role in resource allocation in today‟s
modern economy (El-Hawary et al., 2007). Consequently, the health and success of these companies are
significant (Llewellyn, 1999; Hoyt and Liebenberg, 2011). Moreover, this research followed the previous
PT

studies in the literature (Aebi et al., 2012; Hoyt and Liebenberg, 2011; McShane et al., 2011; Grace et al.,
2015) which have been conducted on financial institutions.
Aligned with that, based on Iran's 20-year perspective (vision) plan, Iran is going to be ranked first
CE

in the Middle East region in terms of economic, scientific and technology levels by the year 2025. In this
regard, as these institutions have an important effect on the economy of Iran, their health and success are
very important. In other words, the success of these institutions is important for the economic growth of
AC

Iran to obtain the first rank position in the Middle East by 2025. Existence of any problem and crisis in
this sector could have major negative effect on the total economy of the country. Moreover, due to the
appearance of difficulties such as international sanctions, high exchange rate volatility, and establish
unauthorized financial institutions, the improvement of risk management among financial institution of
Iran is necessary. Therefore, sufficient ground exists for such studies in Iran that is mainly outside the
scope of international researches and is underutilized as a selected sample in the area of ERM. Further,
selecting one industry helps the researcher to control the differences that may arise from regulatory and
market variation across industries (Hoyt and Liebenberg, 2011). In addition, a specific industry analysis
has more significant superior internal validity than a multi-industry analysis (Ittner et al., 2003).
 ACCEPTED MANUSCRIPT

Parallel to above, based on Resource Based View theory (RBV) of the organization, the existence
of intangible assets, those are rare, inimitable, valuable and very difficult to substitute as strategic assets
could create a competitive advantage (Wernerfelt, 1984; Mikes and Kaplan, 2013). Adopting an ERM
approach to risk management and also as an instrument for internal control system enables organizations
to improve resource allocation and utilization of resources through greater return on equity and better
capital efficiency (Li et al., 2014, Berry-Stölzle and Xu, 2014, Ai et al., 2012, Jabbour and Abdel-Kader,
2015). Therefore, ERM could be related to competitive advantage. However, by reviewing the literature it
was found that despite normative studies explaining the relationship between management control system
and competitive advantage (Simons, 1990, lakis and giriūnas, 2012, Langfield-Smith, 1997, Chenhall,
2003) there is a lack of empirical evidence about ERM as the newest control system. In other words,
while the importance role of ERM and its potential strategic role has been generally considered in

T
previous studies, the question of how ERM implementation can lead to increase competitive advantage
has received less attention (Jalal-Karim, 2013, Elahi, 2013).

IP
In addition to the above, there are some important organizational factors which may influence
ERM function. Based on the Kleffner et al. (2003), lack of understanding about influential factors of

CR
ERM is among the barriers of ERM adoption, implementation, and improvement. In this regard, the
information technology (IT) one of the important factors in today‟s knowledge-intensive economy could
not be neglected. According to Wilkinson (2011), and Rolland (2008), without effective information
technology it is impossible to have effective risk management. It is almost not possible for risk managers

US
to perform well without the storage and processing abilities of advanced IT and immediate capacity to
communicate data-rich material around the organization (Wilkinson, 2011). In addition, the computerized
controls play an ever-increasing role in the risk management system (Lam, 2003, Yaraghi and Langhe,
AN
2011). It has commonly been assumed that control systems combine tight with IT (Scapens and Jazayeri,
2003, Hyvönen, 2003, Rom and Rohde, 2007). However, up to now, far too little attention has been paid
to empirically investigate the effect of IT in the field of ERM as one of the newest methods of
organization control system. Moreover, the few existing research (e.g., Ranong and Phuenngam, 2009;
M

Arena 2010) on ERM and IT do not seem to be able to evaluate comprehensively.

Furthermore, based on the contingency theory, it is usually not correct to consider only a simple
bivariate relationship between independent and dependent variables (Donaldson, 2006). Ordinarily, in
ED

reality there are some other influential variables which could affect the relationship between two
variables. These factors could be known as moderator or mediator variables. Therefore, to have a valid
generalization it is better to consider a more complex causal relationship (at least a trivariate relationship).
A bivariate relationship is too simple to capture the law like regularity connecting (Donaldson, 2006). By
PT

considering the above discussions about the relationships among ERM, IT and competitive advantage, IT
has the potential to be an influential factor (moderator) on ERM-competitive advantage relationship.
Accordingly, the main aim of present research is to explore the moderating effects of IT on the
CE

relationship between ERM and competitive advantage.

Moreover, ERM and IT in this study are evaluated in a way not previously addressed. This study
followed the study of Bergeron et al. (2004), and considered both dimensions of IT including IT strategy
AC

and IT structure, which have been ignored in previous studies, and also ERM is measured based on all
eight components of ERM offered in a model by the Committee of Sponsoring Organisations of the
Treadway Commission (COSO) (COSO, 2004). This model issued and supported by five big accounting
and finance institutions in the US. It also is one of the most common models adopted by previous studies
(Tahir and Razali, 2011, Yazid et al., 2011).
Besides all, the central bank of Iran provided a guidebook based on COSO (2004) framework in
order to help financial and credit organizations of Iran to understand the concept and obtain knowledge
about how to implement ERM. Therefore, this study tried to evaluate ERM through COSO‟s (2004)
framework and provide a comprehensive view of the company‟s ERM.
 ACCEPTED MANUSCRIPT

This study is considered significant in several ways. Regarding academic and theoretical
contribution; first, this study adds to the literature about resource based view (RBV) theory of
organization by recognizing ERM as a strategic asset which could increase competitive advantage and
firm performance. The main contribution of RBV is that when all firms have access to similar resources,
only management differences (e.g., risk management) determine sustainable competitive advantage.
Therefore, this study can confirm RBV theory as underlying theory in the risk management field.
Moreover, this study extends previous research framework and methodology in different ways.
It extend most previous ERM studies, which evaluated ERM as a dummy variable or by some
simple scale questions (e.g., Liebenberg and Hoyt, 2003; Pagach and Warr, 2007; Wan Daud et al., 2011)
by considering all eight components of ERM and evaluating them separately to give more comprehensive
view of ERM among financial institutions of Iran. This could be a good help for researchers and

T
academicians to have better knowledge about the evaluation of ERM. Moreover, by considering
intangible assets such as IT as contingency and dynamic variable, this study extent existent literature and

IP
frameworks, which mostly focused solely on the direct and bivariate relationship between ERM and
organization‟s outcomes. In this way, researchers could understand the important effects of different

CR
organizational factors on ERM and its function. In other words, this study is among the pioneer studies
which considered ERM, IT, and competitive advantage and measure their relationships on each other.
Similarly, to the researcher knowledge, there have been no studies done on ERM among Iranian
firms. Iranian firms are less mature in their ERM perspective, thus, investigating ERM and its influential

US
factors in more details among those firms can add value by providing a better understanding about the
concept of ERM and intangible organizational factors (i.e., IT), that affect its improvement.
In terms of practical significance, this study can help organization leaders, risk managers, and
AN
managers of Iranian financial institutions to gain knowledge about the ERM and its contribution to the
company‟s performance, success, and sustainability that will help them to improve their organization
internal control system by utilizing ERM and have better reaction regarding today‟s risks and challenges.
The findings of this study also will be useful to organizations, regulators, policymakers, and planner,
M

including the Central Bank, to stress the importance of designing sophisticated ERM as an organizational
control device to cope with the challenges and uncertainties in today‟s environment. They can develop
new strategies based on the empirical evidence of this study. It paves the way for firms and managers to
ED

think more cautiously on how the varying factors of IT affect the risk management system, ERM, and
subsequently enhance the firm‟s value. Moreover, this study could increase the knowledge about the
ERM and its effects among developing countries especially in the Middle East area which is suffering
from the lack of ERM studies. Consequently, all the above-mentioned contributions make this study
PT

worth to be conducted.
The remainder of this paper is structured in the following way. The first section is the literature
review, background information on the variables and the detailed formulation of the study‟s hypotheses.
CE

The second section has research methodology and data collection described in it. Thereafter, this paper
presented analysis and the result. Finally, we provide the conclusion and the discussion of the study
outcomes, which is followed by the contribution of study, limitation and suggested directions for future
AC

studies.

2. Literature review
2.1 Enterprise Risk Management (ERM)
ERM is now rapidly becoming popular among organizations and institutions in different countries. ERM
is an authority by which a company in an industry gains access, controls, exploits, and monitors risks
from all avenues with the intention to increase the firm‟s long and short-term value for its stakeholders.
According to Liebenberg and Hoyt (2003), ERM is a combined effort for coordinating risks that shift the
attention of the risk management task from being principally defensive to being progressively more
 ACCEPTED MANUSCRIPT

offensive and calculated. Some researchers argued ERM as an integrated method that raises organization
value by lessening the uncertainties inherent in the conventional method, reducing the stock return
volatility, stabilizing earnings, enhancing capital efficiency, and lowering the anticipated costs of external
capital and regulatory inspection, and maximizing shareholders value (Miccolis and Shah, 2000, Lam,
2001, Hoyt and Liebenberg, 2011, Cumming and Hirtle, 2001).
Different models presented by different researchers for ERM (Olson and Wu, 2008). However,
one of the most accepted models among previous researchers is the COSO‟s (2004) ERM integrated
framework (Arena et al., 2010, Wan Daud et al., 2010, Tahir and Razali, 2011, Yazid et al., 2011,
Moeller, 2007, Olson and Wu, 2008, Ahmad et al., 2014).
This framework provides a risk management infrastructure in terms of eight elements to be
studied under each of the four themes of objectives. Consequently, each level of the company implements

T
the eight ERM elements into the four themes of the objectives. According to this framework, ERM
components are (1) internal environment: which is the basis for all other components. It includes many

IP
variables such as entity‟s risk appetite; the entity‟s risk management philosophy; the entity‟s competence
and ethical values development of personnel, and how the manager assigns responsibility and authority in

CR
organizations; (2) objective setting: It is a process to set objectives which are consistent with the entity‟s
risk appetite and its mission; (3) event identification: which means identification of both risks and
opportunities that affect the achievement to entity‟s objectives from internal and external environment;
(4) risk assessment: it permits an entity to consider the impact and likelihood of events and analyzing risk

US
by using both quantitative and qualitative approaches. It examines the positive and negative effects of
potential events all over the entity; (5) risk response: management should select a proper reaction
(avoiding, reducing, accepting and sharing risk) which is in line with the risk tolerance and risk appetite
AN
of entity; (6) control activities: it includes the policies and procedure which help manager to ensure that
risk responses are effectively performed at all level of organization; (7) information and communication:
this means information communicate to staff in a form and timeframe which helps them to fulfill their
role and responsibility regarding ERM and other activities; and (8) monitoring: the ERM process and
M

activities are monitored through separate evaluations, ongoing management activities, or both and
modifications made as necessary (COSO, 2004).
This framework suggested that a company‟s enterprise risk management mechanism should be
ED

positioned to attain the following four objectives: (1) strategy: high-level objectives which are in line with
the mission of the organization; (2) operations: short-level objectives which are related to the efficient and
effective use of the resources; (3) reporting: accuracy of the quality of organization‟s reporting system;
and (4) compliance: acting according to accepted regulation and lows (COSO, 2004).
PT

As this framework is committed by five big accounting and finance institutions in the U.S.A.
including the Institute of Management Accountants (IMA), the American Accounting
Association (AAA), the American Institute of Certified Public Accountants (AICPA), the Institute of
CE

Internal Auditors (IIA), and Financial Executives International (FEI), and furthermore, due to the
importance of this framework in the literature (Arena et al., 2010; Wan Daud et al., 2010; Tahir and
Razali, 2011; Yazid et al., 2011), and also because of existence guidebook provided by central bank of
AC

Iran which was mostly based on COSO (2004), this study considered all eight components of ERM as
presented by COSO (2004) to evaluate ERM. In this way, the level of ERM could be more reliable and
valid rather than the evaluation of ERM by considering only some questions regarding the organization‟s
ERM stage (from not implemented to fully implementation) or considering ERM as a dummy variable.

2.2 Enterprise Risk Management and Competitive Advantage

In the history of development of risk management systems, ERM has been considered as a key factor in
attaining organizations goals and wealth creation (COSO, 2004, Bartram, 2000, Acharyya, 2008). In this
regard, many researchers attempted to find a global association between ERM and its wealth creation
 ACCEPTED MANUSCRIPT

ability (e.g., Acharyya, 2008, Berry-Stölzle and Xu, 2014, Grace et al., 2015, Hoyt and Liebenberg,
2011). As an example, empirical findings by some researchers found a positive association between ERM
and firm performance (e.g., Grace et al., 2015, Quon et al., 2012, Florio and Leoni, 2017, Khan et al.,
2016, Farrell and Gallagher, 2014). In addition, Berry-Stölzle and Xu (2014) found that ERM adoption
significantly reduces the firm‟s cost of capital and in this way it can create value and increase an
organization‟s wealth. Moreover, Bartram (2000) represented ERM as a means to promote firm value for
the benefit of the shareholders.
Review of available ERM literature reveals that competitive advantage as a key factor for
increasing the organizational wealth is omitted. Considering the question that arises on how ERM can aid
competitive advantage in commerce, there are several possible explanations as follows:
The first explanation is related to the RBV theory. The RBV of the firm has emerged as a common

T
theory of competitive advantage. This theory was first introduced by Wernerfelt in 1984 (Fahy, 2000).
The RBV emphasized company‟s resource portfolio, resource identification, deployment and

IP
development in order to increase organizations returns (Fahy, 2000). There are so many tangible and
intangible resources in an organization, however, Barney (1991) claims that the resources that are

CR
simultaneously valuable and rare can create competitive advantages, and if these resources are also hard
to transfer, irreplaceable, and hard to imitate, they will sustain the advantages. Such resources are known
as strategic assets.
In view of the above discussions, ERM could be known as a strategic asset which can create

US
competitive advantage. Effective ERM system could be considered as a resource for organizations. This
system is not available in the market. In other words, each organization has its own system which is
matched with its activities, mission, and objectives (Beasley et al., 2005). Therefore, as stated by COSO
AN
(2004) and Hoyt and Liebenberg (2011), ERM system in one organization cannot be applicable in
another. It is unique for each and its success is valuable for that organization and nobody can sell it.
Moreover, ERM can create benefits for organization which implement and utilized it, while other
organizations cannot have those benefits. Consequently, according to the RBV theory of the organization,
M

companies could achieve competitive advantage via the implementation and successive use of ERM as
strategic assets. Eventually, according to the RBV theory, organizations should make optimal use of their
resources in such a way to achieve competitive advantages (Wade and Hulland, 2004). Hence, the capital
ED

and the fund resources are the main part of the organization‟s resources, so the optimal allocation of
resource in a safe environment is needed for the success of companies. ERM allows organizations and
management to effectively enhance capital allocation, investment opportunities (Beasley et al., 2005,
COSO, 2004, Meier, 2000) and accordingly catch better market position.
PT

The next possible explanation for recognizing ERM as an important resource which makes it as a
necessity to gain sustained competitive advantages is related to ERM nature and its function in
organizations. ERM helps a firm to set up and manage its risks in an integrated manner. In this way,
CE

organizations can attain a competitive advantage by managing their risks better than their competition
(COSO, 2004, Elahi, 2013). Moreover, if a company knows more about their industry‟s risks than their
competitors, they are capable to manage those risks properly by actively aggressive actions. They will
AC

manage opportunities as well as risks to arrange a vision of both its downsides and upsides (Nocco and
Stulz, 2006). By having a better understanding of internal and external risks, they could be able to adjust
and change their conditions faster than their competitors. Likewise, companies which embed ERM into
their strategic and business planning process could provide them a support for making risk-informed
decisions (Meidell and Kaarbøe, 2017). In that manner, the organization‟s chances of achieving financial
and non-financial objectives will increase.
Elahi (2013), demonstrated that through proper risk management system organizations can make
four different benefits which can cause competitive advantage. In his opinion, appropriate risk
 ACCEPTED MANUSCRIPT

management can lead to keep organization to serve when others are not able, seeking riskier businesses,
excellence in everyday performance, and build a resilient image which leads to competitive advantage.
Harvesting from all above discussions and considering literature in the field of ERM, it could be
realized that, while there has been a substantial increase in practitioners focusing on ERM, limited
empirical research about ERM and competitive advantage exists. In other words, most of the previous
studies focused on the effect of ERM on financial performance or shareholder value maximization.
However, based on the discussion of COSO (2004) and Acharyya (2008), while ERM is a comprehensive
view, it should have effect on all aspects of the organization. To the researcher knowledge, competitive
advantage as a resource of wealth creation was omitted in previous ERM studies.
This position can be supported by RBV theory, by which ERM could be known as the strategic
asset (due to its characteristics such as its uniqueness, non-salable, and its help for resource management

T
and allocation) which can help organizations to improve competitive advantage. However, practical effort
in this aspect is rare.

IP
Furthermore, there is a lack of studies which evaluated ERM comprehensively by considering all
its COSO (2004) components. Most of the previous studies evaluated ERM by considering its

CR
implementation as a dummy variable or with a simple question regarding its adoption and its stage of
implementation in organization (Pagach and Warr, 2007, Liebenberg and Hoyt, 2003, Wan Daud et al.,
2010, Wan Daud, 2011). However, in this study, ERM is measured based on all eight components of
ERM offered by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)

US
(COSO, 2004), which gives a more comprehensive view of ERM implementation.
Furthermore, most studies on ERM have been carried out in developed countries. Developing
countries often have to consider risks on a much broader scale than well-established corporations in
AN
developed countries (Khattab et al., 2015). Developed countries have higher growth rate regarding the
implementation of ERM compare to developing countries (Subhani and Osman, 2011). This gap might be
due to the lack of awareness and understanding of ERM concepts and its effect in developing nations.
Consequently, some authors such as Li et al. (2014), Jalal-Karim (2013), suggested doing more research
M

on ERM and its status among developing countries. Accordingly, in order to assist and demonstrate ERM
outcomes in a worldwide context, this study considered Iran as a developing country for its sample target.
This is significant, as ERM has not sufficiently addressed in Iranian academic environment in theoretical
ED

terms and in the businesses in practical terms.

All mentioned considerable reasons have heightened the needs for such research in Iran which is
underutilized as a chosen sample in the field of ERM. Therefore, this study sought to fulfill all the above
gaps by testing the following hypotheses.
PT

H1: ERM has a positive and significant effect on competitive advantage.

CE

2.3 Enterprise Risk Management, Information Technology and Competitive Advantage

The role of Information Technology (IT) is unquestionably vital in this present trade and business arena.
With IT, businesses are now able to disseminate information and news across various events, to innovate
AC

fresh products/services, to grasp business prospects, as well as to devise creative and flexible business
strategies (Weill et al., 2002). On top of that, IT is viewed as a tool to boost competitive advantage in this
present ever-changing world (Bhatt and Grover, 2005; Mao et al., 2016).
Bhatt and Grover (2005) claimed that advanced IT features permit enterprises to react rapidly
towards harmful threats or to grasp available opportunities. Hence, such organizational capability enables
a company to carry out numerous activities, such as searching, exploring, and acquiring, assimilating, and
applying knowledge regarding resources, opportunities, and configuration of available resources in taking
advantage of opportunities which become a basis of competitive advantage (Bhatt and Grover, 2005,
Hunter, 2003, Leornard-Barton, 1995). In another study, Dehning and Stratopoulos (2003) examined
 ACCEPTED MANUSCRIPT

empirically the factors which due to an IT strategy lead to a sustainable competitive advantage. Their
findings showed that managerial IT skills are positively related to sustainability. However, technical IT
skills or IT infrastructure was not recognized as a source of sustainable competitive advantage.
Lai et al. (2006) examined the effect of IT on the competitive advantages of third‐party
logistics (3PL) firms in China. They found that IT could significantly influence a firm's competitive
advantage, and the effects are nonlinear. Moreover, Okumus (2013) states that companies can create
and sustain a competitive advantage through the use of IT which can help in creating, storing, transferring
and using tacit and explicit knowledge. In another study, Cakmak and Tas (2012) evaluated the levels of
IT usage, IT skill levels and IT training of Turkish contractor firms. They assessed whether Turkish
contractor companies utilized IT or not on achieving competitive advantage. It is found that IT has been
using mostly at operational level works that make only economic and technical effects, not strategic ones.

T
Although in order to gain competitive advantage firms need to use IT at the strategic level; there is not
much evidence that the firms using IT are gained competitiveness. Cohen and Olsen (2013), assessed the

IP
association of a complementary system of tangible and intangible IT resources on competitive
performance among 112 hospitality firms in South Africa. Analytic Results indicated that the

CR
complementary system of IT resources has direct significant effects on competitive performance.
Moreover, Marinagi et al., (2014) explored the influence of IT practices on competitive advantage
throughout the supply chain. The data was gathered from 76 manufacturing firms in Greece which
confirmed the crucial role of IT practices and techniques on the formation of a sustainable competitive
advantage based on the supply chain management.
US
Furthermore, Mao et al. (2016) evaluated three types of IT resources (i.e., IT infrastructure, IT
human, and IT relationship) effect on knowledge management capability, which positively leads to
AN
competitive advantage among 168 organizations in China. The evaluative result supported all hypothesis
of the study. Mikalef and Pateli (2017) empirically searched the relationship between IT-enabled dynamic
capabilities and competitive performance. Finding showed that IT-enabled dynamic capabilities facilitate
market capitalizing and operational adjustment agility, which in result improve competitive performance.
M

In addition, Gunasekaran et al. (2017) extended the previous studies and highlighted the role of
top management in creating capabilities through the orchestration of resources, which support companies
to achieve competitive advantage. They discussed that RBV is important to understand big data and
ED

predictive analytics and its effect on organization performance which subsequently lead to the
achievement of competitive advantage at a firm and supply chain level. In another study, Zhou et al.
(2017) have done a research among traditionally low-tech industries and evaluated the role of IT in the
resource orchestration processes of incumbent firms. They found that low-tech companies which attempt
PT

to implement modern IT in their resource orchestration process were more likely to reach enhanced
organizational performance and gain competitive advantages than their competitors. Further, Neirotti and
Raguseo (2017) assessed the importance of the capabilities enhanced through the utilization of IT in
CE

Small and Medium Enterprises. They indicated that externally oriented IT-based capabilities have a
superior effect on the firm‟s intra-industry differential in profitability and revenue growth than those
focused on internally oriented IT-based capabilities.
AC

Various studies have identified different essential factors in relation to measure IT, for
instance, the IT infrastructure (Li et al., 2000), IT capabilities (Bhatt and Grover, 2005; Bi and
Zhang, 2008; Santhanam and Hartono, 2003), the IT resources (Jamporazmey et al., 2011), the IT
investment (Bazaee, 2010; Bi and Zhang, 2008; Hong and Ghobakhloo, 2012; Li et al., 2000),
and the IT acquisition (Majumdar and Chang, 2010; Sohn and Yang, 2006), and many more.
According to Bergerona et al. (2004), IT could be classified into two categories: IT strategy and IT
structure. IT strategy refers to information processing required by organizations, which has been
examined by many researchers. In an instance, Das et al. (1991) determined a construct with four
dimensions for IT strategy, which incorporated i) role, ii) competencies, iii) infrastructure, as well as iv)
 ACCEPTED MANUSCRIPT

system design and development. Other than that, Chan et al. (1996) asserted that the strategic orientation
of an information system gives emphasis on organizational application portfolio, which blankets several
attributes, including business strategic orientation, as well as the rudiments of being aggressive,
defensive, analytical, proactive, futuristic, innovative, and risk aversive.
On the other hand, IT structure refers to the ability of a company to process information, which
can be further categorized into three main aspects. The first is „organizational architecture‟, which depicts
the decentralization level for an IT organizational structure, as well as the degree of accountability for IT
functions (Brown and Magill, 1998, Brown and Magill, 1994). Next, the second attribute, technological
architecture, is comprised of hardware deployment nature, data integration and application levels, as well
as technology standardization. Lastly, the third dimension refers to the process and skills that consist of
mechanisms of arrangement, as well as standardization of application progress and execution techniques

T
(Bergerona et al., 2004, Allen and Boynton, 1991).
Beside all, based on the Bergerona et al. (2004), IT strategy includes IT environmental scanning

IP
and strategic use of IT. Through IT environment scanning as a systematic way, companies can recognize
the external IT forces of change and formulate adaptive strategies for coping with external environment

CR
uncertainties. Business organizations focus their scanning on information technology sectors of the
environment. They scan in order to avoid surprises, recognize opportunities and threats, and gain
competitive advantage (Amuna, 2017; Choo, 2001; Maier et al., 1997).
Strategic use of IT embroils the use of IT in order to obtain strategic objectives of the

US
organizations. The aim is to make an organization more competitive by aligning IT strategies with
business strategies. For example, Mithas and Rust (2016) stated that IT can be used to decrease costs by
enhancing efficiency and productivity; and growth revenues by completely optimize opportunities
AN
through existing or creating new customers, channels, and products or services. Likewise, Abri and
Mahmoudzadeh (2014) and Appiahene et al., (2018), stated an increase in information technology will
result in a positive impact on productivity. Moreover, several evidences indicated that strategic use of IT
lead to increase customer satisfaction, and enhance profitability through the reduction of marketing and
M

selling costs and positive effects on customer loyalty, and cross-selling (Mithas et al. 2005; Fornell et al.
2009; Mithas and Jones 2007; Fornell et al. 2006). Through these organizations could enhance their
competency.
ED

Furthermore, Bergerona et al. (2004) divided IT structure to IT planning and control and IT
acquisition and implementation. IT planning and control refer to how well the organization manages its
IT resources, function, and infrastructure compared to its competitors (Bergeron and Raymond, 1997;
Bergerona et al., 2004). Successful IT planning and controlling would obviously lead to improvement of
PT

competitive advantage. IT acquisition and implementation mean organization selection and the
introduction of new IT applications. In other words, a proper IT infrastructure in the form of enhanced IT
planning, implementation, acquisition, and control processes would result in booster competitive
CE

advantage of the organizations.

Calculative from the above literature review, it can be concluded that IT can lead to a sustainable
competitive advantage (Feeny and Ives, 1990; Bhatt and Grover, 2005, Hunter, 2003, Leornard-Barton,
AC

1995; Lai et al., 2006; Okumus, 2013; Cakmak and Tas, 2012). However, the determinants of IT-induced
competitive advantage have not been investigated well in the finance industry especially in Iran.
In fact, a number of IT researchers have examined IT structure and IT strategy distinctly. In line
with that, some contingency theorists claimed that aggregated conceptualization elaborates better due to
its increased ability in retaining relationships and depicting the complex association among selected
constructs (Venkatraman and Prescott, 1990). Thus, the two aspects of the IT structure and IT strategy are
investigated together in this particular study.
In the context of risk management, Rolland (2008) asserted that carrying out effective risk
management is almost an impossible feat without an IT system that is effective. Additionally, Ranong and
 ACCEPTED MANUSCRIPT

Phuenngam (2009) also posited that missing data and vague information cause glitches in managing
organizational risks and challenges. Simply put, information implies benefits for decision-making in risk
management. Ranong and Phuenngam (2009) identified several essential success factors that determined
successful and efficient procedures related to risk management among 111 organizations located in
Thailand. As a result, the study had listed IT as one of the seven critical success factors, which can
function as essential parameters to enhance the efficiency related to risk management procedures. The
outcomes from the study further showed that IT has been indeed the most significant attribute in
determining the success of an organizational risk management system. Rolland (2008) is in support of this
view and further claims that risk management is heavily influenced by IT in numerous ways. Some of the
related instances are given in the following: establishing a relevant link between risk management and
business performance; providing data security at a personnel level; decreasing access permitted to a user

T
by time, line of commerce, commercial activity, and personal risk; as well as the application of IT tools to
collect data for organizations to learn from experience and thus, repeating the same mistakes can be

IP
avoided.
Moreover, Wilkinson (2011) depicts that technology can function as an aid to managing risk in

CR
commerce from four essential aspects: gathering data and storage; analyzing risks and modelling;
monitoring risks and controlling; as well as risk information and communication. In conjunction to that,
Wilkinson (2011) mentioned that an efficient IT system, coupled with intelligent technology, helps to
make better decisions with minimum interference from people if sufficient information structure and

US
database is provided. Nonetheless, this approach necessitates qualified personnel to accurately gather, log
in, and analyze data in an effective manner. In addition, risk analysis and modelling functions as the
platform for decision-making in managing organizational risk (Jamieson and Handzic, 2003).
AN
Furthermore, with technology usage, managers are enabled to analyze, model, and control risks and
challenges, as well as prospects that are viable to an organization. This is because; it is an impossible task
for risk managers to effectively perform their duties without the aid of advanced technology in storing
and processing data, besides disseminating useful information all out to the borderless world (Wilkinson,
M

2011).
In another study, Arena et al. (2010) outlined three dynamic variables that influenced ERM based
on analyzing three private companies between 2002 and 2008 in Italy, which are uncertainty among
ED

experts, risk rationalities, and technologies. On the other hand, the documentation system, which is
comprised of hardware and software capabilities, influences the structure of an organization based on
three levels of risk management: readiness, execution, and administration, as investigated by Yaraghi and
Langhe (2011) upon 28 Swedish companies. Their findings exhibited that the accessibility of all kinds of
PT

resources and infrastructure in documentation is significant for the success of all three mentioned phases
of the risk management system.
Harvesting from all above discussion, proper IT strategy and IT structure in the form of enhanced
CE

IT environmental scanning, strategic use of IT, and IT planning and controlling, and IT acquisition and
implementation would result in strengthening ERM function, its efficiency, effectiveness, and their effect
on competitive advantage in organization. For example, with appropriate use of IT and IT environmental
AC

scanning companies can better recognize threat and opportunities facing their business. In this way, IT
can help ERM system to obtain information about different internal and external forces such as
appearance of new competitors, new technologies, changes in customer preferences, changes in economic
environment, political and regulations which help to have rapid reaction to all environment pressure
compare to competitors (Wilkinson, 2011). Furthermore, with more information which can be acquired
through IT environmental scanning, ERM system can help organization to have better and faster reaction
to the environmental changes in order to have a superior position in the market compared to their
competitors.
 ACCEPTED MANUSCRIPT

Moreover, in order to have a better impact on competitive advantage and booster competitiveness,
ERM needs screening and monitoring organization internal and external environment, it needs gathering
data and analyzing them, identify events both opportunities and hazards, analyze the events, and choose
best response and control them (COSO, 2004; Grace et al., 2015; Lam, 2003). In this regard,
organization‟s IT structure could be a good instrument. For instance, by improving IT planning and IT
acquisition (IT structure), organizations could identify, implement, and maintain new technologies which
is a great help for ERM systems to recognize, analyze, response, and monitor events better than their
competitors (Yaraghi and Langhe, 2011) and help ERM system to enhance competitive advantage of the
institution.
From another perspective, based on contingency theory (system approach), the organizations are
comprised of a multitude of subsystems which have interrelationship with each other. In other words,

T
organizations are open systems with multiple interactive parts, consequently, they cannot be thought of in
unsophisticated one-dimensional terms. Based on this approach, researchers tend to be more concrete,

IP
emphasize more precise features of organizations, and depend upon the patterns of relationships among
subsystems (Reinking, 2012). According to the contingency theory, there is no valid bivariate relationship

CR
between two variables and the effect of the independent variable on dependent variable depends upon
some third variable (interaction, moderator or mediator). It means that the relationship between two
variables is part of a large causal system involving other variables so that the valid generalization takes
the form of trivariate or more relationships. A bivariate relationship is too simple to capture the law like

US
regularity connecting. Therefore, a more complex casual statement is required (Donaldson, 2006).
Consequently, this study used a system approach of contingency theory to explain the effect of different
dimensions of IT on ERM relationship with competitive advantage as a moderator.
AN
From all the above discussion, it can be formulated that, IT has a positive effect on competitive
advantage, however, empirical studies are limited. In addition, among them, none had investigated the
links between ERM, IT, and competitive advantage. As competitive advantage is supported by IT (Feeny
and Ives, 1990; Hunter, 2003, Leornard-Barton, 1995; Lai et al., 2006; Okumus, 2013; Cakmak and Tas,
M

2012; Gunasekaran et al., 2017, Bhatt and Grover, 2005) and considering the fact that IT, mostly, has
enhanced ERM system (Yaraghi and Langhe, 2011, Ranong and Phuenngam, 2009, Arena et al., 2010,
Elahi, 2013), it could be hypothesized that companies with advanced IT level displayed stronger effect of
ED

ERM on competitive advantage. This notion has been missed by previous scholars, and therefore, this
study had gathered sufficient data to bridge this research gap by considering IT as an influential factor
upon the ERM-competitive advantage link.
Unfortunately, previous studies also suffer from limited wholesome measurements of IT and ERM.
PT

Simply put, the essential requisite is an effective measurement for all constructs related to both IT and
ERM. As such, the present study has considered IT and ERM implementation in a way that has yet to be
addressed. In precise, this study measured both dimensions of IT: IT strategy (IT environment scanning,
CE

and strategic use of IT) and IT structure (IT planning and control, as well as IT acquisition and
implementation), which had been disregarded in prior researches. The measurement of ERM comprised
of eight components that derived from the Committee of Sponsoring Organizations of the Treadway
AC

Commission (COSO) (internal environment, objective settings, event identification, risk assessment, risk
response, control of activities, information and communication, as well as monitoring) (COSO, 2004). In
view of that, this study offers a comprehensive outlook of the applications of IT and ERM in
organizations. Accordingly, it has been hypothesized that:
H2: IT strategy has a positive and significant effect on competitive advantage.
H3: IT structure has a positive and significant effect on competitive advantage.
H4: IT strategy has a moderation effect on ERM-competitive advantage relationship.
H5: IT structure has a moderation effect on ERM-competitive advantage relationship.
The proposed research model of this study is shown in the Figure 1.
 ACCEPTED MANUSCRIPT

Internal environment

Objective setting
H1
Event identification ERM Competitive Advantage

Risk assessment H4 H5

T
Risk response
IT strategy IT structure

IP
Control activity H3
H2

CR
Information &
communication

Monitoring

Figure 1: Path Diagram of Conceptual Framework US

AN
3. Methodology and Data Collection
A quantitative approach was employed to test the research framework and the above-mentioned
hypotheses. The research data was collected through the questionnaire with self-administered survey
method. A review of extended ERM literature leads to the conclusion that financial institutions are the
M

best scope for evaluation. The reason for selecting this sector is due to the importance of risk management
among financial institutions. Talwar (2011) stated that even the failure of one financial institution can
threaten the financial system of that country and will lead to system-wide failure which consequently will
ED

spread to other sectors, to the macroeconomic, and internationally as well. Further, based on the literature,
this sector is among the first institutions that implemented ERM and got engaged into it (Platt, 2004, Hoyt
and Liebenberg, 2011, Beasley et al., 2005). Besides, recently improving managing the risk among
financial institutions of Iran is more essential due to different problems. For example, fluctuation of
PT

exchange rate; due to the international sanctions, the volatility of the exchange rate has been increased in
recent years and Riyal exchange rate has dropped dramatically and got more instability than any other
time in past decade. The level of stock market indices over the past year have gone down, and the banks
CE

were afraid of getting breakups due to dealing with foreign credit lines, stock markets, and customers.
Based on Behravan and Jokar (2014), in this situation bank‟s deposits would decrease. Decreasing the
deposits will lead to the lack of efficiency of the banking system in best providing and allocating the
AC

financial resources which consequently could lead to the economic downturn (Behravan and Jokar, 2014;
Nejad, 2011).
Moreover, recently, the bankruptcy of unauthorized financial institutions in Iran has increased.
Some of these institutions were initially set up in a number of state organizations by passing themselves
off as companies or credit cooperatives but later gradually expanded their illegal activities and became
financial institutions without obtaining permits from the Central Bank of Iran (CBI). However, since
these foundations have not received their permits from Iran's main fiscal governing system and, so far,
have not been subjected to CBI oversight. They frequently flout the bank's orders and directives, violate
its bylaws and, thus, create turmoil in the domestic fiscal market (Amini, 2015).
 ACCEPTED MANUSCRIPT

For example, they offer higher deposit rates than government authorized banks as well as paying
loan more than twice the value of customers‟ loan deposit. Consequently, these institutions may be
dissolved by the government or merge with other institutions or in many cases they faced bankruptcy due
to the lack of resources (e.g., Mizan credit institution with 107 branches). All these create trouble and
increase risks among the financial industry of the country.
Harvesting from all the above discussions, it is really essential to improve the risk management
system among Iranian financial institutions. Therefore, population of this study consisted of 91 financial
institutions of Iran which implemented ERM as their risk management system. These institutions are
recognized among companies listed on the Iranian central bank and Iranian central insurance websites, as
well as on the stock exchange market website.
With regard to recognition of implemented ERM institutions, the researcher looked for different

T
words as proxies of ERM existence among the organization‟s annual reports. These includes words such
as “chief risk officer”, “vice president enterprise risk management”, “risk management committee”,

IP
“executive risk manager”, “senior risk manager”, “head of risk manager”, and “vice president risk
management” which is similar in approach to the studies of Liebenberg and Hoyt (2003), Gordon et al.

CR
(2009), Pagach and Warr (2007, 2010), Golshan and Rasid (2012). After recognizing practitioners from
annual report the researcher called one by one to be sure of adopting ERM among these organizations.
Then the questionnaires were administered. It should be noted here that as all branches of each of the
financial institutions of Iran have to follow the rule and regulations of their headquarters; therefore, this

US
study gathered information from headquarter of each institution as a representative of their branches.
Due to the small number of population this study used census sampling and distributed the questionnaire
among all population organizations and finally used 84 valid collected questionnaires for data analysis.
AN
Table 1 shows the list of Iranian financial institutions in 2013.
Table 1: List of Iranian Financial Institutions
Number of Final sample
Type Name Implementing ERM
Companies frequency
M

Government bank 8 6 6
Banking
System

Private bank 21 17 16
Gharzolhasane banks 9 5 5
ED

Finance and Credit Institution 4 2 2

Non-banking

intermediary

Mutual fund institution 112 41 36

financial

Investment companies 8 4 2
Government insurance 2 2 2
PT

Private insurance 19 16 15
Total 183 19 84
CE

Source: Iranian Central Bank, Central Insurance, and Stock Exchange Market Website (2013)
In order to describe the characteristic of data, descriptive statistic was used in this study. This
method summarizes and describes the set of scores and the distribution of data. In other words, this entails
AC

the standard deviation, frequency, and mean analysis to explain the features of the data (Hair et al., 2014;
Sekaran, 2000). Table 2 shows descriptive statistics (i.e., mean and standard deviation) of the main
variables including ERM, IT, and competitive advantage.
 ACCEPTED MANUSCRIPT

Table 2: Descriptive Statistic

Constructs NO. Mean Std. Deviation
IE 84 2.84523 1.380011
OS 84 2.92687 1.439203
EI 84 3.09523 1.43617
RA 84 3.03571 1.449211
RR 84 2.99702 1.370257
CA 84 3.00595 1.29521
IC 84 2.88690 1.32676

T
MO 84 3.0000 1.349406

IP
ITC 84 2.876323 1.452051
ITG 84 2.936905 1.411538

CR
CMA 84 2.946429 1.397289

(IE: internal environment; OS: objective setting; EI: event identification; RA: risk assessment; RR: risk response; CA: control activity; IC: information and
communication; MO: monitoring; ITG: IT strategy; ITC: IT structure; CMA: competitive advantage)

3.1 Variable measurement

US
In order to measure and cover all eight components of ERM construct, this study used both the existing
scale developed by Collier et al. (2007), Al-Tamimi and Al-Mazrooei (2007), Subramaniam (2011) and
AN
Gates (2006), as well as scale development work. Briefly, the scale development was based on the
principal definitions of each component provided by COSO (2004), which is presented in Table 3.

Table 3: ERM Measurement base on COSO

M

ERM Dimensions Measurement

Looking at organizations perception about risk, identification of existence of policies and
Internal Environment
ED

procedures for risk management, consideration of risk tolerance and appetite of organization.
Examining the level of objectives alignment with entity mission, level of risk consideration while
Objective Setting
formulating the objectives.
Event Identification Level of identifying internal factors, and external factors driving events and opportunity.
PT

Level of estimation of likelihood and impacts of the events, using qualitative or quantitative
Risk Assessment
analysis method, risk classification, and assessment of residual risk.
Looking at risk mitigation strategies including cost and benefits analysis, resource analysis,
CE

Risk Response
residual risk analysis, and consideration of risk tolerance and appetite while responding to risk.
Control Activities Level of control over risk response effectiveness, control over risk response execution.
Information and Level of information qualification, timeline, availabilities, internal and external communication
Communication and information flow.
AC

Examining the level of monitoring activities, ongoing and separate monitoring activities, and level
Monitoring
of internal control.

Questions related to the firm‟s competitive advantage were derived from Saeidi et al. (2015).
Managers were asked to respond to seven questions about the growth of their company, quality of their
products or services, their market position, corporate image, diversity and differentiation, flexibility to
change, and market leadership which are the most ordinary applied factors in evaluating competitive
advantage in previous researches.
 ACCEPTED MANUSCRIPT

With respect to IT, the scale is constructed to measure IT strategy and IT structure. It is adopted
from the scale of Bergerona et al. (2004) which is designed to evaluate IT strategy by considering IT
environmental scanning, and strategic use of IT as well as IT planning and control, and also IT acquisition
and implementation for IT structure.
The pilot study examined the reliability and validity of the instrument of the study. Before
conducting the pilot study and measuring its construct validity and reliability, the questionnaire‟s content
was validated. Content validity ensures the measures included items that adequately represent and tap the
concept of the study (Sekaran, 2000; Hair et al., 2014; Cooper and Schindler, 2008). The content of the
questionnaire of this study was validated in three stages. First, as some questions of ERM evaluation was
self-developed, it was validated by three academicians related to ERM to ensure the clarity of questions
and to make sure that the instruments measure the variables in the best way. Second, to ensure the use of

T
clear language, the researcher employed two language professionals to revise the study‟s questions. In
this study, the forward-translation and back-translation approach was applied. Finally, the validity of this

IP
study was measured through expert interviews with three Chief Risk Officers (CRO) to gather
information on ERM, and two top managers on information technology and organizations performance.

CR
After doing the corrections and suggestions, the questionnaire was ready for pilot test (construct validity,
convergent validity, and reliability).
By considering the results of pilot study some minor editing was required and finally, there were
36 items for ERM, 29 items for IT, and 7 items for competitive advantage applied in the main survey

US
based on a respondent‟s agreement level on a five-point Likert scale. The questionnaires were
administered through self-administration supervision method to gather a maximum response. Out of 91
companies, 86 questionnaires were filled of which 84 were usable. The questionnaire is presented in the
AN
Appendix A.

4. Analysis and Results

To perform a statistical analysis on the collected data, this study used Structural Equation Modeling
M

(SEM) and Partial Least Square (PLS). The empirical results were evaluated through following two steps.
First, the validity and reliability of the scales (measurement model) were examined and second, the
structural model (hypotheses testing) was tested. However, before performing the measurement model,
ED

multicollinearity test was used as instruments to evaluate pre-analysis of data. To do this, the present
study tested Variance Inflation Factor (VIF) test through running the stepwise regression analysis which
is presented in Table 1. If VIF is greater than 10 and Tolerance is less than 0.1, it shows the existence of
multicollinearity (Hair et al., 2014). Therefore, based on the values dedicated in Table 4, non-existence of
PT

multicollinearity could be concluded.

Table 4: Multicollinearity
CE

Independent variable Dependent variable Tolerance VIF

IT structure 0.302 3.316
Competitive advantage IT Strategy 0.326 3.071
AC

ERM 0.631 1.584

IT strategy 0.290 3.446
Competitive advantage IT Structure 0.291 3.431
ERM 0.666 1.501
IT strategy 0.220 4.545
IT structure Competitive Advantage 0.205 4.887
ERM 0.640 1.562
IT strategy 0.182 5.486
IT structure ERM 0.200 5.003
Competitive advantage 0.274 3.655
 ACCEPTED MANUSCRIPT

4.1 Measurement Model

In order to assess the measurement model, the indicators were subject to convergent and discriminant
validity along with reliability analysis. Following of Hair et al. (2014), the convergent validity of this
study calculated through factor loading and Average Variance Extracted (AVE) for all items (questions)
and constructs. The factor loading (outer loading) ranged from 0.79 to 0.98 which meet the adequate
value above 0.7 (Hair et al., 2014) and AVE from 0.70 to 0.92 which meet the minimum 0.5 thresholds
(Hair et al., 2014) (see Appendix B and C).
The assessment of the discriminant validity was conducted via Fornell and Larcker‟s (1981) test at
the construct level and Cross-loading at the item level. Appendix D shows that the AVE square root for

T
each variable is greater than the squared correlations for all pairs of variables. The analysis of cross-
loading indicated that except than two items of ERM, all other items have the largest value on their own

IP
construct. Therefore, these two items were eliminated from the study (IE6, OS5).
Reliability was also gauged via Composite Reliability (CR) and Cronbach alpha (Hair et al., 2014,

CR
Cronbach, 1951) which suggested to be more than 0.7 for each variable. As it can be seen from Appendix
C, composite reliability and Cronbach‟s alpha values reach the value higher than 0.7.
Overall consideration, it can infer that all criteria of the measurement model including the validity
and reliability of instrument and constructs were verified.

4.2 Structural Model (Hypotheses Testing) US

To test the hypotheses of this study, a path-weighting scheme was utilized. This test determined the
AN
amount of variance of the dependent variable explained by the independent variable (Hair et al., 2013).
Generally, this value is known as R square (R2), which vary between 0 and 1 (Hair et al., 2014). A
bootstrapping technique with 250 resamples was used to assess the statistical significance of the path
estimates (t-value).
M

In order to examine the hypotheses of this study, at first, a direct effects model (excluding
moderator) was tested which was followed by an interaction model (including the moderator) to
determine whether adding the moderator improves the explanatory power of the model. The moderating
ED

effect was test based on the guidelines prescribed by Kline and Dunn (2000) using SEM. In this approach,
every item of each component of ERM was cross multiplied with every item of the information
technology factors. The outcome of this process formed moderator constructs (i.e., ERM × IT strategy;
ERM × IT structure). Table 5 presents the result of the structural model for both main and interaction
PT

models.

Table 5: Structural Models

CE

Model 1(direct effect) Model 2 (moderators)

Path Coefficient t-value ƒ2 R2 Coefficient t-value ƒ2 R2
**
ERM → CMA 0.1668 3.064 0.1781
IT strategy → CMA 0.3991 6.552 0.382 0.348
AC

IT structure → CMA 0.4522 7.340 0.463 0.317

ERM * IT strategy→ CMA 0.1752 2.3347* 0.4416
ERM * IT structure→ CMA 0.1811 2.4617* 0.6018
ITG:
0.760
Competitive advantage 0.654
ITC:
0.784
*significant at 0.05
**significant at 0.01
***significant at 0.001
(ERM: Enterprise risk management; CMA: Competitive advantage)
 ACCEPTED MANUSCRIPT

As it is clear, there are three direct effects including IT strategy, IT structure, and ERM effect on
the competitive advantage. The result clarified that all direct hypotheses are supported. In other words,
ERM has a positive significant effect on competitive advantage (β=0.166, p<0.01, t-value=3.064).
Moreover, the analysis shows a highly significant link between both IT strategy (β=0.399, p<0.001, t-
value= 6.552) and IT structure (β=0.452, p<0.001, t-value= 7.340) and competitive advantage. The R2
values showed that ERM, IT strategy, and IT structure explain 65.4% of the variance of competitive
advantage (IT structure 46.3%, IT strategy 38.2%, ERM 17.8%).
In the context of indirect relationships (moderators), based on the analysis, the moderating effect
of the IT strategy and IT structure on the relationship between ERM and competitive advantage were
significant (β=0.175, p<0.05, t-value=2.33; β=0.181, p<0.05, t-value=2.46). In more details, the
moderators increased variance explained (R2) in firm competitive advantage from 65.4% in the main

T
structural model to 78.4% and 76% in the moderating effect models. This indicates that the value of the

IP
coefficient of ERM in explaining competitive advantage will increase as the level of IT increases.
In order to evaluate the effect size (ƒ2) of the moderator, this study used Cohen‟s (1988) formula

CR
(R2 interaction model - R2 simple model / 1-R2 interaction model). According to Cohen (1988), the ƒ2
values can be interpreted as follows: >0.02=weak effect; >0.15=moderate effect; >0.35=strong effect.
Therefore, based on the mentioned Cohen‟s formula the effect size of moderators is 0.601 and 0.441 for
IT structure and IT strategy respectively which are almost strong effect size. Figures 2 and 3 show the
direct and indirect model of the study.
US
AN
OS 0.871 0.949 IE

0.933
EI 0.662 0.974
0.814
M

RA 0.680 0.166
0.825
0.000 0.654
RR 0.908
0.825 0.399
ED

0.901 ERM CMA

CA
0.812 0.930 0.000
0.452
0.000
PT

IC 0.865 ITG
0.896
ITC
MO 0.803
CE

(ERM: enterprise risk management; CMA: competitive advantage; ITG: IT strategy; ITC: IT structure)
Figure 2: Direct Model
AC
 ACCEPTED MANUSCRIPT

OS 0.871 0.949 IE

0.933
EI 0.662 0.974
0.814
RA 0.680
0.825 0.179
0.000 0.784
RR 0.908
0.825
0.901 ERM 0.348 CMA

T
CA 0.181
0.812 0.930 0.000

IP
0.000
IC 0.865 ITC
0.896
ITC*ERM

CR
MO
0.803

OS

EI
0.871

0.662
0.949

0.933
IE

0.974
US
AN
0.814
RA 0.680
0.825 0.173
0.000 0.760
RR 0.908
0.825
M

0.901 ERM 0.317 CMA

CA 0.175
0.812 0.930 0.000
ED

0.000
IC 0.865 ITG
0.896
ITG*ERM
MO 0.803
PT

(ERM: enterprise risk management; CMA: competitive advantage; ITC: IT structure; ITG: IT strategy)

Figure 3: Indirect Models

CE

5. Discussion
As stated before, ERM could affect the different function of the organization. However, there are limited
AC

empirical studies on the effect of ERM (as a new control system) on competitive advantage. Therefore,
the present study evaluated such link empirically by considering all financial institutions of Iran which
implemented the ERM.
This study revealed that ERM displayed a significantly positive impact upon organizational
competitive advantage. This impact could be generated by ERM itself which is an all-inclusive approach
related to risk management. In this way, a particular firm is able to determine its own industrial risks, thus
providing the chance to manage better identified risks. Hence, each risk and opportunity can be weighed
and considered in all angles. Furthermore, it is utmost important for a firm to recognize and acknowledge
the risks faced, especially more than the competitor so that the firm could be on-guard at all times and
sense any danger before the competitor does. With such information at hand, a firm can adapt to the
 ACCEPTED MANUSCRIPT

rapidly changing surrounding. Additionally, companies can successfully attain their financial and
operative goals by embedding the ERM practice into their strategic and business planning, which offers
support in making risk-informed decisions by weighing both risks and opportunities (Meidell and
Kaarbøe, 2017).
In addition to the above, this study also attempted to explain the relationship between ERM and
firm competitive advantage by the use of RBV theory. According to COSO (2004) and Liebenberg and
Hoyt (2003), ERM is a unique system for each organization. It means that according to the nature,
function, and culture of each organization, their ERM systems are different. Moreover, based on the
discussions by Burnaby and Hass (2009), Barton et al. (2002), Deloitte (2012), and COSO (2004), not all
organizations have utilized ERM as their risk management system yet. Therefore, it can be said that ERM
is unique, valuable, and not duplicable and salable in the market. Parallel to this, based on the arguments

T
of Barney (1991), DeCastro and Chrisman (1995), and Kristandl and Bontis (2007), an asset tangible or
intangible, which has above-mentioned criteria could be known as strategic asset which will lead to

IP
increase competitive advantage and firm performance. Therefore, the positive relationship between ERM
and competitive advantage could be a support for RBV theory based on which we can recognize ERM as

CR
a strategic asset that will improve optimal resource allocation and competitive advantage of the
organization.
On top of that, this study demonstrates that the significant positive effects of ERM upon
organizational competitive advantage, functions as an empirical support for the previous theoretical and

US
few empirical claims pertaining to the topic discussed, such as those investigated by Elahi (2013), COSO
(2004), Bailey et al. (2004), Nocco and Stulz (2006), Beasley et al. (2005).
Moreover, the effects of both IT strategy and IT structure on competitive advantage are also found
AN
to be positive and significant. It means that the competitive advantage could be greater by improving
technology in the organization. In contrast, inefficient, obsolete and outdated technology could be a
source of increasing hazards and organizational challenges in today‟s competitive environment. IT could
help in information gathering, data collection, data analysis, planning, procedure and almost all activities
M

in organizations. Information creates more value for decision making in risk management and then avoid
repeating the same mistakes. It can help with analysing risks and modelling; monitoring risks and
controlling; as well as risk information and communication.
ED

However, data analysis showed that IT structure has a stronger impact on competitive advantage
among financial institutions of Iran. Even though, the effect size of these variables may be different
among other countries or industries. Nevertheless, the positive relationship between IT and competitive
advantage could be interpreted as a supports to previous researched such as Lai et al. (2006), Okumus
PT

(2013), Cohen and Olsen (2013), Marinagi et al., (2014), Mao et al., (2016), Mikalef and Pateli (2017),
Zhou et al. (2017), which linked different dimensions of technology to competitive advantage and found a
significant and positive relationship. However, the result is inconsistence with Cakmak and Tas (2012),
CE

who stated there is not much evidence that the firms using IT are gained competitiveness.
Considering the result of the present study, it can be concluded that, by improving and
investigation on IT, organisations could make superior competitive advantage. In other words,
AC

organisations could enhance their level of market position and achieve their goals and objectives by
improving technology which leads to better market level in today ever-changing environment.
Furthermore, based on the findings, this study concludes that the positive relationship between
ERM and competitive advantage is affected by IT structure and IT strategy as moderator variables. The
result could be a support for contingency theory system approach which stated that researchers should try
to have a holistic view of contingencies and performance relationships in order to better understand the
organizational variables and their functions (Drazin and Van de Ven, 1985). Therefore, considering more
variables and contingencies are the main focus rather than a single variable (Mintzberg, 1979). Moreover,
according to Chenhall (2003), who‟s referring the newest approach of contingency theory as the
 ACCEPTED MANUSCRIPT

relationship between two variables is dependent on some other variable such as mediating or moderator.
The evidence from this study clearly support earlier discussion and revealed that IT and its specific
dimensions such as IT strategy and IT structure could be considered as contingencies variables which can
enhance ERM effectiveness on competitive advantage.
This positive and significant effect indicated that the effect of ERM on competitive advantage will
increase as the IT‟s level increase. This might be due to the fact that strategic assets i.e. information
technology are involved in most activities of organizations (Halliday et al., 1996, Bi and Zhang, 2008)
and ERM is not exceptional. Observing and responding to risks in an organization and enhancing
competitive advantage is very much depend on corporate IT.

6. Conclusions and Recommendations

T
The current research constitutes one of the first empirical steps toward a greater understanding of control
systems and risk management by considering ERM, IT, and competitive advantage.

IP
This study is considered significant in several ways. Regarding knowledge and theoretical
contribution; first, this study measured all eight components of ERM for its evaluating despite previous

CR
studies which considered only its adoption as a dummy variable or its implementation by a simple
question (Liebenberg and Hoyt, 2003; Pagach and Warr, 2007; Wan Daud, 2011; Wan Daud et al., 2011).
Therefore, this study increased understanding and insight about the overall effect of ERM by looking at
all its components and competitive advantage. Similarly, to the researcher knowledge, there had been no

US
studies done on ERM among Iranian firms. Thus, this study adds value by providing a better
understanding of the ERM status among Iranian institutions and developing countries especially middle
east region. This study also contributes insights into the worldwide concept and implementation of ERM.
AN
While the majority of previous studies were among developed countries, the present study extended the
generalizability of such research into the context of Iran.
The result support RBV theory which justified ERM as a strategic asset which leads to
competitive advantage. Moreover, this study empirically adds support to the contingency theory argument
M

and recognized IT as a contingent factor which influences the relationship between ERM and competitive
advantage. This adds to the body of knowledge that ERM effect on firm value creation is not a merely
bivariate relationship.
ED

In addition, this study extended previous research framework and methodology in different ways.
First, the present study extended most previous ERM studies by considering all eight components of
ERM and evaluating them separately to give a more comprehensive view of ERM among financial
institutions of Iran. Second, to the researcher knowledge the present study extended previous ERM
PT

models by considering competitive advantage as a firm value factor which was not evaluated empirically
among previous frameworks. Third, this study focused on the moderating role of IT, as the main today‟s
intangible asset, on the relationship between ERM and competitive advantage. To the researcher‟s
CE

knowledge, there had not been any study which examined IT as an influential factor which can improve
the effect of ERM on firm competitive advantage.
This idea rooted from the past studies, suggestions of the exploration of more enriching research
AC

that cover wider ERM related area (e.g., Beasley et al., 2005; Arena et al., 2010; Berry-Stolzle and Xu,
2014). To the researcher‟s knowledge, this study can be considered to be the first that applied three
economic phenomena ERM, IT and competitive advantage.
In terms of practical contribution, demand for a robust risk management system is growing rapidly
with today‟s environmental changes and complexity especially in business transactions and economy.
Considering the fact that financial institutions have an important and vital role in sustainability and
improvement of economic growth, the risk management in those organizations has absolutely high effects
in their performance and the overall economic system of the countries.
 ACCEPTED MANUSCRIPT

The competition among financial institution of Iran is very aggressive, those institutions that are
able to control, manage, and overcome their challenges and risks are more successful. The findings of this
study carried the weight of importance of ERM and IT on improving competitive advantage. This might
motivate organizations and managers to increase and improve their risk management system along with
IT capabilities which consequently result in better global and market situation. Further, the findings
contribute to managers‟ knowledge of using and benefits of improving the ERM system through
promoting IT system and its dimensions. In other words, this study has the managerial implication in
terms of planning, decision making, and development of new strategies based on the empirical evidence
of IT importance as one of the critical success factors of ERM practice.
Moreover, the findings will be useful to regulators, policymakers, and planner; including the
Central Bank and central insurance of Iran, to stress the importance of designing sophisticated ERM as

T
organizational control device to cope with the challenges and uncertainties in the environment arising
from the globalization, rapid technological changes, deregulation, and market competition.

IP
Overall, this study could be the reference point for academic and non-academic in the field of
ERM, IT, and competitive advantage.

CR
As with any research, this study has some weaknesses that need to be considered in further
studies. First, the generalizability is subject to limitations. While the selected sample firms were financial
institutions, their features, regulations, practices may not be reflective of all firms in all industries.
Moreover, as the present study conducted in Iran, there is possibility that the result may be different in

implemented ERM. US
other countries. In addition, the current study utilized financial institutions only those which have

Therefore, the limitation of this study can introduce some interesting future research projects.
AN
First, more studies are required into the nature and importance of ERM among developing countries.
Second, future researches could profit from the re-evaluation of the ERM concept and its position within
extent models, frameworks, and theories. They can evaluate other organizational factors and functions as
moderation or mediation variables (e.g., organizational culture, training, auditing system and etc.).
M

Moreover, as stated earlier, the current study utilized only financial institutions those which have
implemented ERM. Therefore, future studies should include a broader range of industries and
organizations as their sample size. Third, the present study applied questionnaire survey, while future
ED

studies which evaluate the casual relationships of variables through interview or case studies could be a
good support for the result of this research.
PT

Reference

ABRI, A. G., & MAHMOUDZADEH, M. 2014. Impact of Information Technology on Productivity and Efficiency in Iranian
CE

Manufacturing Industries. Journal of Industrial Engineering International, 11, 143–157.

ACHARYYA, M. 2008. In Measuring the Benefits of Enterprise Risk Management in Insurance: An Integration of Economic
Value Added and Balanced Score Card Approaches. ERM Monograph. USA: Society of Actuaries.
AEBI, V., SABATO, G., & SCHMID, M. (2012). Risk management, corporate governance, and bank performance in the
AC

financial crisis. Journal of Banking & Finance, 36(12), 3213-3226.

AHMAD, S., NG, C. & MCMANUS, L. A. 2014. Enterprise Risk Management (ERM) Implementation: Some Empirical
Evidence from Large Australian Companies. Procedia - Social and Behavioral Sciences, 164, 541-547.
AHMED, I. & MANAB, N. A. 2016. Moderating Effects of Board Equity Ownership on the Relationship between Enterprise
Risk Management, Regulatory Compliance and Firm Performance: Evidence from Nigeria. International Journal of
Economics, Management and Accounting, 24, 163-187.
AI, J., BROCKETT, P. L., COOPER, W. W. & GOLDEN, L. L. 2012. Enterprise Risk Management through Strategic
Allocation of Capital. Journal of Risk and Insurance, 79, 29-56.
ALLEN, B. R. & BOYNTON, A. C. 1991. Information Architecture: in Search of Efficient Flexibility. MIS Quarterly, 15,
435-446.
 ACCEPTED MANUSCRIPT

AL‐TAMIMI, H. A. H. & AL‐MAZROOEI, F. M. 2007. Banks' Risk Management: A Comparison Study of UAE National and
Foreign Banks. The Journal of Risk Finance, 8, 394-409.
AMINI, A. 2015. Legalizing Financial Institutes, Vital for Ending Recession, Publication. Retrieved 22-1-2016, from Iran
Daily Online Journal: available at: http://www.irandaily.com/News/122243.htm
AMUNA, Y. M. A., AL SHOBAKI, M. J., & ABU NASER, S. S. 2017. Strategic Environmental Scanning: an Approach for
Crises Management. International Journal of Information Technology and Electrical Engineering ITEE, 6, 28 - 34.
APPIAHENE, P., USSIPH, N., & MISSAH, Y. M. 2018. Information Technology Impact on Productivity: A Systematic
Review and Meta-Analysis of the Literature. International Journal of Information Communication Technologies and
Human Development (IJICTHD), 10, 39-61.
ARENA, M., ARNABOLDI, M. & AZZONE, G. 2010. The Organizational Dynamics of Enterprise Risk Management.
Accounting, Organizations and Society, 35, 659-675.
BAILEY, M. A., BLOOM, L. & HIDA, E. T. 2004. Assessing the Value of Enterprise Risk Management. Deloitte
Development LLC.

T
BARNEY, J. B. 1991. Firm Resources and Sustained Competitive Advantage. Journal of Management, 17, 99-120.
BARTON, T. L., SHENKIR, W. G., & WALKER, P. L. (Eds.) 2002. Making Enterprise Risk Management Pay Off: How

IP
Leading Companies Implement Risk Management. Prentice Hall: Financial Times.
BARTRAM, S. M. 2000. Corporate Risk Management as a Lever for Shareholder Value Creation. Financial Markets,
Institutions and Instruments 9, 279-323.

CR
BEASLEY, M. S., CLUNE, R. & HERMANSON, D. R. 2005. Enterprise Risk Management: an Empirical Analysis of Factors
Associated with the Extent of Implementation. Accounting and Public Policy 24, 521-531.
BEHRAVAN, E., & JOKAR, I. 2014. The Effect Of Exchange Rate Fluctuation and Inflation on Deposited in Meli Bank (The
Study of Top Branches of Bushehr Province) for the Years 2007-2012. Journal of Novel Applied Sciences, 3, 1293-
1302.

Business Management, 30, 21–26. US

BERGERON, F., & RAYMOND, L. 1992. Planning of Information Systems to Gain a Competitive Edge, Journal of Small

BERGERONA, F., RAYMONDB, L. & RIVARDC, S. 2004. Ideal Patterns of Strategic Alignment and Business Performance.
Information & Management, 41, 1003-1020.
AN
BERRY-STÖLZLE, T. R. & XU, J. 2014. Enterprise Risk Management and the Cost of Capital. The Journal of Risk and
Insurance, 85,159-201.
BHATT, G. D. & GROVER, V. 2005. Types of Information Technology Capabilities and their Role in Competitive
Advantage: An Empirical Study. Journal of Management Information Systems, 22, 253-277.
M

BI, X. & ZHANG, H. 2008. An Empirical Research on Relationship between Information Technology Capability and Firm
Performance: the Evidence from Listed Companies and Informatization Power 500 in China. In: SOCIETY, I. C. (ed.)
International Conference on Computer Science and Software Engineering. Washington, DC, USA.
BROWN, C. V. & MAGILL, S. L. 1994. Alignment of the IS Function with the Enterprise: Toward a Model of Antecedents.
ED

MIS Quarterly, 18, 371-403.

BROWN, C. V. & MAGILL, S. L. 1998. Reconceptualizing the Context design Issue for the Information Systems Function.
Organization Science, 9, 176-194.
BURNABY, P., & HASS, S. 2009. Ten Steps to Enterprise-Wide Risk Management. Corporate Governance, 9(5), 539-550.
PT

CAKMAK, P. I. & TAS, E. 2012. The Use of Information Technology on Gaining Competitive Advantage in Turkish
Contractor Firms. World Applied Sciences Journal, 18, 274-285.
CHAN, Y., HUFF, S., BARCLAY, D. W. & COPELAND, D. G. 1996. Business Strategic Orientation, Information Systems
Strategic Orientation, and Strategic Alignment. Information Systems Research, 8, 125-150.
CE

CHENHALL, R. H. 2003. Management Control Systems Design within its Organizational Context: Findings from
Contingency-Based Research and Directions for the Future. Accounting, Organizations and Society, 28, 127–168.
CHOO, C.W. 2001. Environmental scanning as information seeking and organizational learning. Information Research, 7.
Available at http://InformationR.net/ir/7-1/paper112.html.
AC

COHEN, J. E. 1988. Statistical Power Analysis for the Behavioral Sciences, London, Routledge.
COHEN, J. F. & OLSEN, K. 2013. The Impacts of Complementary Information Technology Resources on the Service-Profit
Chain and Competitive Performance of South African Hospitality Firms. International Journal of Hospitality
Management, 34, 245– 254.
COLLIER, P. M., BERRY, A. J. & BURKE, G. T. 2007. Risk and Management Accounting: Best Practice Guidelines for
Enterprise-Wide Internal Control Procedures, Burlington, USA, CIMA, Elsevier Ltd.
COOPER, D. R. & SCHINDLER, P. S. 2008. Business research methods (10 ed.). New York: McGraw-Hill.
COSO 2004. Enterprise Risk Management – Integrated Framework Executive Summary & Framework, Committee of
Sponsoring Organizations of the Treadway Commission, New York, NY.
CRONBACH, L. J. 1951. Coefficient Alpha and the Internal Structure of Tests. Psychometrika, 16, 297–334.
 ACCEPTED MANUSCRIPT

CUMMING, C. & HIRTLE, B. 2001. The Challenges of Risk Management in Diversified Financial Companies. FRBNY
Economic Policy Review, 7, 1-17.
DAS, S. R., ZAHRA, S. A. & WARKETIN, M. E. 1991. Integrating the Content and Concept of Strategic Planning with
Competitive Strategy. Decision Sciences, 22, 953-984.
DECASTRO, J. O. & CHRISMAN, J. J. 1995. Order of Market Entry, Competitive Strategy, and Financial Performance.
Journal of Business Research, 33, 165-177.
DEHNING, B. & STRATOPOULOS, T. C. 2003. Determinants of a Sustainable Competitive Advantage Due to an IT-
Enabled Strategy. The Journal of Strategic Information Systems, 12, 7-28.
DELOITTE. 2012. Global risk management survey: Deloitte Touche Tohmatsu Limited and its Member Firmso.
DONALDSON, L. 2006. The Contingency Theory of Organizational Design: Challenges and Opportunities. In: BURTON, R.
M., HÅKONSSON, D. D., ERIKSEN, B. & SNOW, C. C. (eds.) Organization Design. US: Springer.
DRAZIN, R. & VAN DE VEN, A. H. 1985. Alternative Forms of Fit in Contingency Theory. Administrative Science
Quarterly, 30, 514-539.
ELAHI, E. 2013. Risk Management: The Next Source of Competitive Advantage. Foresight, 15, 117-131.

T
EL-HAWARY, D., GRAIS, W., AND IQBAL, Z. 2007. Diversity in the Regulation of Islamic Financial Institutions. The

IP
Quarterly Review of Economics and Finance, 46, 778-800.
FAHY, J. 2000. The Resource-Based View of the Firm: Some Stumbling-blocks on the Road to Understanding Sustainable
Competitive Advantage. Journal of European Industrial Training, 24, 94-104.

CR
FARRELL, M. & GALLAGHER, R. 2014. The Valuation Implications of Enterprise Risk Management Maturity. The Journal
of Risk and Insurance, 82, 625-657.
FEENY, D. F. & IVES, B. 1990. In Search of Sustainability: Reaping Long-Term Advantage from Investments in Information
Technology. Journal of Management Information Systems Archive, 7, 27-46.
FLORIO, C. & LEONI, G. 2017. Enterprise Risk Management and Firm Performance: the Italian Case. The British Accounting
Review, 49, 56-74.
US
FORNELL, C. & LARCKER, D. F. 1981. Evaluating Structural Equation Models with Unobservable Variables and
Measurement Error. Journal of Marketing Research, 18, 39-50.
FORNELL, C., MITHAS, S., & MORGESON, F. V. 2009. The Economic and Statistical Significance of Stock Returns on
AN
Customer Satisfaction. Marketing Science, 28, 820-825.
FORNELL, C., MITHAS, S., MORGESON, F. V., & KRISHNAN, M. S. 2006. Customer Satisfaction and Stock Prices: High
Returns, Low Risk, Journal of Marketing, 70, 3-14.
GATES, S. 2006. Incorporating Strategic Risk into Enterprise Risk Management: A Survey of Current Corporate Practice.
M

Journal of Applied Corporate Finance, 18, 81-91.

GATZERT, N. & MARTIN, M. 2015. Determinants and Value of Enterprise Risk Management: Empirical Evidence from the
Literature. Risk Management and Insurance Review, 18, 29-53.
GOLSHAN, N. M. & RASID, S. A. 2012. Determinants of Enterprise Risk Management Adoption: An Empirical Analysis of
ED

Malaysian Public Listed Firms. International Journal of Social and Human Sciences, 6, 119-126.
GORDON, L. A., LOEB, M. P. & TSENG, C. Y. 2009. Enterprise Risk Management and Firm Performance: A Contingency
Perspective. Journal of Accounting and Public Policy 28, 301-327.
GRACE, M. F., LEVERTY, J. T., PHILLIPS, R. D. & SHIMPI, P. 2015. The Value of Investing in Enterprise Risk
PT

Management. Journal of Risk and Insurance, 82, 289-316.

GUNASEKARAN, A., SUBRAMANIAN, N. & PAPADOPOULOS, T. 2017. Information Technology for Competitive
Advantage within Logistics and Supply Chains: A Review. Transportation Research Part E: Logistics and
Transportation Review, 99, 14-33.
CE

HAIR, J. F., HULT, G. T. M., RINGLE, C. M. & SARSTEDT, M. 2013. A Primer on Partial Least Squares Structural
Equation Modeling (PLS-SEM), USA, SAGE.
HAIR, J. F., SARSTEDT, M., HOPKINS, L. & KUPPELWIESER, V. G. 2014. Partial Least Squares Structural Equation
Modeling (PLS-SEM) an Emerging Tool in Business Research. European Business Review, 26, 106-121.
AC

HALLIDAY, S., BADENHORST, K. & SOLMS, R. V. 1996. A Business Approach to Effective Information Technology Risk
Analysis and Management. Information Management & Computer Security, 4, 19-31.
HAMPTON, J. J. 2009. Fundamentals of Enterprise Risk Management: How Top Companies Assess Risk, Manage Exposure,
and Seize Opportunity, New York, AMACOM.
HOYT, R. E. & LIEBENBERG, A. P. 2011. The Value of Enterprise Risk Management. The Journal of Risk and Insurance,
78, 795-822.
HOYT, R. E., & LIEBENBERG, A. P. (2011). The value of enterprise risk management. Journal of risk and insurance, 78(4),
795-822.
HUNTER, S. D. 2003. Information Technology, Organizational Learning, and the Market Value of the Firm. Journal of
Information Technology Theory and Application, 5, 1-28.
 ACCEPTED MANUSCRIPT

HYVÖNEN, T. 2003. Management Accounting and Information Systems: ERP versus BoB. European Accounting Review, 12,
155-173.
ITTNER, C. D., LARCHER, D. F., AND RANDALL, T. 2003. Performance Implications of Strategic Performance
Measurement in Financial Services Firms. Accounting, Organizations and Society, 28, 715-741.
JABBOUR, M. & ABDEL-KADER, M. 2015. Changes in Capital Allocation Practices – ERM and Organisational Change.
Accounting Forum, 39, 295-311.
JALAL-KARIM, A. 2013. Leveraging Enterprise Risk Management (ERM) for Boosting Competitive Business Advantages in
Bahrain. World Journal of Entrepreneurship, Management and Sustainable Development, 9, 65-75.
JAMIESON, R. & HANDZIC, M. 2003. A Framework for Security, Control and Assurance of Knowledge Management
Systems. In: HOLSAPPLE, C. (ed.) Handbook on Knowledge Management. New York, NY: Springer-Verlag.
KHAN, M. J., HUSSAIN, D. & MEHMOOD, W. 2016. Why do Firms Adopt Enterprise Risk Management (ERM)? Empirical
Evidence from France. Management Decision, 54, 1886-1970.
KHATTAB, A. A., AL-RAWAD, M., SOBOA, S. A. & K., A.-K. 2015. Country Risk Management in a Developing Country.
Journal of Service Science and Management, 8, 24-33.

T
KLEFFNER, A. E., LEE, R. B. & MCGANNON, B. 2003. The Effect of Corporate Governance on the Use of Enterprise Risk

IP
Management: Evidence from Canada. Risk management and insurance Review, 6, 53-73.
KLINE, T. J. B., & DUNN, B. 2000. Analysis Of Interaction Terms in Structural Equation Models: a Non-Technical
Demonstration Using the Deviation Score Approach. Canadian Journal of Behavioural Science / Revue canadienne

CR
des sciences du comportement, 32, 127-132.
KRISTANDL, G. & AND BONTIS, N. 2007. Constructing a Definition for Intangibles Using the Resource Based View of the
Firm. Management Decision, 45, 1510-1524.
LAI, F., ZHAO, X. & WANG, Q. 2006. The Impact of Information Technology on the Competitive Advantage of Logistics
Firms in China, Industrial Management & Data Systems, 106, 1249-1271.

US
LAKIS, V. & GIRIŪNAS, L. 2012. The Concept of Internal control system: theoretical aspect. Economika, 91, 142-152.
LAM, J. C. 2001. The CRO Is Here to Stay. Risk Management, 48, 16-20.
LAM, J. C. 2003. Enterprise Risk Management: From Incentives to Controls, Hoboken, New Jersey, John Wiley & Sons.
LANGFIELD-SMITH, K. 1997. Management Control System and Strategy: a Critical Review. Accounting, Organizations and
AN
Society, 22, 207-232.
LEORNARD-BARTON, D. 1995. Wellsprings of Knowledge: Building and Sustaining the Source of Innovation, Boston,
Harvard Business School Press.
LI, Q., WU, Y., OJIAKO, U., MARSHALL, A. & CHIPULU, M. 2014. Enterprise Risk Management and Firm Value within
M

China‟s Insurance Industry. Acta Commercii, 14, 1-10.

LIEBENBERG, A. P. & HOYT, R. E. 2003. The Determinants of Enterprise Risk Management: Evidence from the
Appointment of Chief Risk Officers. Risk Management and Insurance Review 6, 37-52.
LLEWELLYN, D. 1999. The Economic Rationale for Financial Regulation. UK. Financial Services Authority Occasional
ED

Papers in Financial Regulation.

MAIER, J. L., RAINER R. K. JR., & SNYDER, C. A. 1997. Environmental Scanning for Information Technology: An
Empirical Investigation. Journal of Management Information Systems, 14, 177-200.
MAO, H., LIU, S., ZHANG, J. & DENG, Z. 2016. Information Technology Resource, Knowledge Management Capability,
PT

and Competitive Advantage: The Moderating Role of Resource Commitment. International Journal of Information
Management, 36, 1062–1074.
MARINAGI, C., TRIVELLAS, P. & P.SAKAS, D. P. 2014. The Impact of Information Technology on the Development of
Supply Chain Competitive Advantage. Procedia – Social and Behavioral Sciences, 147, 586-591.
CE

MCSHANE, M. K., NAIR, A., & RUSTAMBEKOV, E. (2011). Does enterprise risk management increase firm
value?. Journal of Accounting, Auditing & Finance, 26(4), 641-658.
MEIDELL, A. & KAARBØE, K. 2017. How the Enterprise Risk Management Function Influences Decision-Making in the
Organization a field Study of a Large, Global Oil And Gas Company. The British Accounting Review, 49, 39-55.
AC

MEIER, R. L. 2000. Integrating Enterprise-Wide Risk Management concepts into Industrial Technology Curricula. Journal of
Industrial Technology, 16, 1-15.
MICCOLIS, J. & SHAH, S. 2000. Enterprise Risk Management: an Analytic Approach. New York. Tillinghast-Towers Perrin
Monograph, available online at www.tillingast.com.
MIKALEF, P. & PATELI, A. 2017. Information Technology-Enabled Dynamic Capabilities and Their Indirect Effect on
Competitive Performance: Findings from PLS-SEM and fsQCA. Journal of Business Research, 70, 1–16.
MIKES, A. & KAPLAN, R. S. 2013. Towards a Contingency Theory of Enterprise Risk Management. AAA 2014 Management
Accounting Section (MAS) Meeting Paper, Available at SSRN: https://ssrn.com/abstract=2311293 or
http://dx.doi.org/10.2139/ssrn.2311293.
MINTZBERG, H. 1979. The Structuring of Organizations: a Synthesis of the Research. United States: Prentice-Hall.
 ACCEPTED MANUSCRIPT

MITHAS, S., & JONES, J. L. 2007. Do Auction Parameters Affect Buyer Surplus in E-Auctions for Procurement? Production
and Operations Management, 16, 455-470.
MITHAS, S., & RUST, R. T. 2016. How Information Technology Strategy and Investments Influence Firm Performance:
Conjecture and Empirical Evidence. MIS Quarterly, 40, 223-245.
MITHAS, S., KRISHNAN, M. S., & FORNELL, C. 2005. Why Do Customer Relationship Management Applications Affect
Customer Satisfaction? Journal of Marketing, 69, 201-209.
MOELLER, R. 2007. COSO Enterprise Risk Management: Understanding the New Integrated ERM Framework, Hoboken,
NJ: John Wiley & Sons.
Nan, L. 2015. Study on Assess of Enterprise Risk Management in China Based on Entropy Weight/TOPSIS Method.
International Journal of u- and e- Service, Science and Technology, 8, 21-30.
NEIROTTIA, P. & RAGUSEO, E. 2017. On the Contingent Value of IT-Based Capabilities for the Competitive Advantage of
SMEs: Mechanisms and Empirical Evidence. Information & Management, 54, 139–153.
NEJAD, O. D. 2011. The Review of Financial Repression Policies and Banking System in Iran. Forthcoming in: International
Bulletin of Business Administration, 11, 1-14.

T
NOCCO, B. W. & STULZ, R. M. 2006. Enterprise Risk Management: Theory and Practice. Journal of Applied Corporate

IP
Finance 18, 8-20.
OKUMUS, F. 2013. Facilitating Knowledge Management through Information Technology in Hospitality Organizations,
Journal of Hospitality and Tourism Technology, 4, 64-80.

CR
OKUMUS, F. 2013. Facilitating Knowledge Management through Information Technology in Hospitality
Organizations, Journal of Hospitality and Tourism Technology, 4, 64-80.
OLSON, D. L. & WU, D. 2008. New Frontiers in Enterprise Risk Management, Berlin Heidelberg, Springer.
OLSON, D. L. & WU, D. 2015. Enterprise Risk Management in Finance, London, Palgrave Macmillan.
PAGACH, D. & WARR, R. 2007. An Empirical Investigation of the Characteristics of Firms Adopting Enterprise Risk

North Carolina State University. US

Management. Enterprise Risk Management Research Conference. North Carolina State: College of Management,

PAGACH, D. & WARR, R. 2010. The Effects of Enterprise Risk Management on Firm Performance. Available at SSRN:
http://ssrn.com/abstract=1155218.
AN
PLATT, G. 2004. Beyond Compliance: When Risk Management Becomes a Competitive Advantage. Global Finance,
September, 22-24.
QUON, T. K., ZÉGHAL, D. & MAINGOT, M. 2012. Enterprise Risk Management and Business Performance during the
Financial and Economic Crises. Problems and Perspectives in Management, 10, 95-103.
M

RANONG, P. N. & PHUENNGAM, W. 2009. Critical Success Factors for effective risk management procedures in financial
industries. Master Thesis, Umeå University.
REINKING, J. 2012. Contingency Theory in Information Systems Research. In Y. K. Dwivedi, M. R. Wade and S. L.
Schneberger (Eds.), Information Systems Theory. New York: Springer New York.
ED

ROLLAND, H. 2008. Using IT to Drive Effective Risk Management. Risk Management, 55, 43-43.
ROM, A. & ROHDE, C. 2007. Management Accounting and Integrated Information Systems: a Literature Review.
International Journal of Accounting Information Systems, 8, 40-68.
SAEIDI, S. P., SOFIAN, S., SAEIDI, P., SAEIDI, S. P. & SAAEIDI, S. A. 2015. How Does Corporate Social Responsibility
PT

Contribute to Firm Financial Performance? The Mediating Role of Competitive Advantage, Reputation and Customer
Satisfaction. Journal of Business Research, 68, 341-350.
SCAPENS, R. W. & JAZAYERI, M. 2003. ERP Systems and Management Accounting Change: Opportunities or Impacts? a
Research Note. European Accounting Review, 12, 201-233.
CE

SEKARAN, U. 2000. Research Methodology for Business: a Skill- Building Approach (3rded.). New York: John Wiley &
Sons.
SHAFIQUE, O., HUSSAIN, N., & HASSAN, M. T. 2013. Differences in the Risk Management Practices of Islamic Versus
Conventional Financial Institutions in Pakistan an Empirical Study. The Journal of Risk Finance, 14, 179-196.
AC

SIMONS, R. 1990. The Role of Management Control Systems in Creating Competitive Advantage: New perspectives.
Accounting Organizations and Society, 15, 127-143.
SUBHANI, M. I. & OSMAN, A. 2011. The Essence of Enterprise Risk Management in Today‟s Business Enterprises in
Developed and Developing Nations. European Journal of Social Sciences, 25, 515-524.
SUBRAMANIAM, N., COLLIER, P., PHANG, M. & BURKE, G. 2011. The Effects of Perceived Business Uncertainty,
External Consultants and Risk Management on Organisational Outcomes. Journal of Accounting & Organizational
Change, 7, 132-157.
TAHIR, I. M. & RAZALI, A. R. 2011. The Relationship between Enterprise Risk Management (ERM) and Firm Value:
Evidence from Malaysian Public Listed Companies. International Journal of Economics and Management Sciences,
1, 32-41.
 ACCEPTED MANUSCRIPT

TALWAR, S. 2011. Averting Bank Distress in International Financial System: Evolving a Comprehensive Risk Management
Process. The IUP Journal of Financial Risk Management, 8, 37-51.
TEKATHEN, M. & DECHOW, N. 2013. Enterprise Risk Management and Continuous Re-Alignment in the Pursuit of
Accountability: a German Case. Management Accounting Research, 24, 100-121.
THOMSON, C. J. (2007). SOX 404 and ERM: Perfect Partners or Not? The Journal of Corporate Accounting & Finance,
March/April.
VENKATRAMAN, N. & PRESCOTT, J. E. 1990. Environment-Strategy Coalignment: an Empirical Test of its Performance
Implications. Strategic Management Journal, 11, 1-23.
WADE, M. & HULLAND, J. 2004. Review: The Resource-Based View and Information Systems Research: Review,
Extension and Suggestions for Future Research. Management Information Systems Quarterly, 28.
WAN DAUD, W. N. 2011. The Role of the Quality Internal Adult Support in Enterprise Risk Management (ERM) Practices:
Evidence from Malaysia. International Journal of Business and Social Science, 2, 189-197.
WAN DAUD, W. N., YAZID, A. S. & HUSSIN, H. M. R. 2010. The Effect of Chief Risk Officer (CRO) on Enterprise Risk
Management (ERM) Practices: Evidence from Malaysia. International Business and Economics Research 9, 55-64.

T
WEILL, P., SUBRAMANI, M. & BROADBENT, M. 2002. Building IT Infrastructure for Strategic Agility. Sloan

IP
Management Review, 44, 57-65.
WERNERFELT, B. 1984. A Resource-based View of the Firm. Strategic Management Journal, 5, 171-180.
WILKINSON, M. 2011. The Role of Technology in Risk Management. Available at:https://www.towerswatson.com/en-

CR
GB/Insights/IC-Types/Ad-hoc-Point-of-View/2011/Insights-The-role-of-technology-in-risk-management.
YARAGHI, N. & LANGHE, R. G. 2011. Critical Success Factors for Risk Management Systems. Journal of Risk Research,
14, 551-581.
YAZID, A. S., HUSSIN, M. R. & WAN DAUD, W. N. 2011. An Examination of Enterprise Risk Management (ERM)
Practices among the Government-Linked Companies (GLCs) in Malaysia. International Business Research, 4, 94-
103.
US
ZHOU, N., ZHANG, S., CHEN, J. E. & HAN, X. 2017. The Role of Information Technologies (Its) In Firms‟ Resource
Orchestration Process: A Case Analysis of China‟s “Huangshan 168. International Journal of Information
Management, 37, 713–715.
AN
ZOU, X. & HASSAN, C. H. 2017. Enterprise Risk Management in China: The Impacts on Organisational Performance.
International Journal of Economic Policy in Emerging Economies, 10, 226–239.
M
ED
PT
CE
AC
 ACCEPTED MANUSCRIPT

Appendix A: Questions Related to Variable of the Study

Item Statement
ENTERPRISE RISK MANAGEMENT
Internal Environment
IE1 There is a common understanding of risk management across the organization.
IE2 Your organization has an effective risk management policy.
IE3* In your organization, risk appetite is considered in strategy setting.
IE4 Responsibility for risk management is clearly set out and understood throughout the organization.
IE5 Risk management is embedded in your organization‟s culture.
Objective Setting (Not at all ... slightly… moderately…very…extremely...)
Management has in place a process and procedure to set business objectives (strategic, operational, reporting,
OS1*
compliance).

T
OS2* Organization‟s objectives support entity‟s mission and are aligned with that.
OS3 When formulating the Strategic plans, to what extent are risks identified and factored in.

IP
OS4 When formulating the Budgets plans , to what extent are risks identified and factored in.
OS5 When formulating the Operational plans, to what extent are risks identified and factored in.
OS6 When formulating the Project management plans, to what extent are risks identified and factored in.

CR
OS7 When formulating the Capital investment plans, to what extent are risks identified and factored in.
Event Identification
Your organization considers external factors driving events that could affect the achievement of objectives (e.g.
EI1*
Economic, Natural environment, Political, Social, Technological).
EI2*

EI3
Infrastructure, Personnel, Process, Technology).
US
Your organization considers internal factors driving events that could affect the achievement of objectives (e.g.

Your organization considers the positive events and opportunities that could affect the achievement of objectives.
Risk Assessment
AN
RA1* The positive and negative impacts of potential events are examined across the entity.
RA2 This organization‟s risks are assessed by using qualitative analysis methods (e.g. high, moderate, low)
This organization‟s risks are assessed by using quantitative analysis methods. (e.g. percentages or probability
RA3
charts, or using tools such as metrics and software).
RA4 The organization is effective at prioritizing risks and determining the residual risks.
M

Risk Response
RR1* Your organization selects a set of actions to align risks with the entity‟s risk tolerance and risk appetite.
In determining risk response, your organization considers possible opportunities to achieve entity objectives going
RR2*
beyond dealing with the specific risk.
ED

In determining risk response, your organization considers possible residual risk and assesses and determines that
RR3*
the residual risk is within the entity‟s risk tolerance and appetite.
Your organization‟s response to analyzed risks includes prioritizing risk treatments where there are resource
RR4
constraints on risk treatment implementation.
PT

Control Activities
The organization‟s risk management procedures include policies and processes which help to ensure that risk
CA1*
responses are appropriately carried out.
CA2 In your organization control activities are executed to ensure risk responses are in a timely manner.
CE

CA3 The level of existing control activities by your organization are sufficient and appropriate for the risks that it faces.
Many different types of control activities are performed by your organization at various organizational level and
CA4*
entities.
Information and Communication
AC

In the organization relevant information is identified, captured and communicated in a form and time frame that
IC1*
enable people to carry out their responsibilities.
The information infrastructure is consistent with an entity‟s need to identify, assess, and respond to risk and
IC2*
remained within its risk tolerance.
IC3 Formal procedures are in place for reporting risks.
IC4 Changes to risks are assessed and reported on an ongoing basis.
In your organization, there is appropriate communication with people outside of the organization. (e.g. customers,
IC5*
suppliers, shareholders).
Monitoring
In your organization some combination of ongoing monitoring and separate evaluations will ensure that ERM
MO1*
maintains its effectiveness over time.
MO2 Monitoring the effectiveness of risk management is an integral part of routine management reporting.
 ACCEPTED MANUSCRIPT

Your organization has highly effective continuous review/feedback on risk management strategies and
MO3
performance.
MO4 Your organization regularly reviews internal controls
INFORMATION TECHNOLOGY
IT Strategy
ITG1 Using an external information network to identify your requirements in information technology.
ITG2 Knowing the information technology used by your competition.
ITG3 Instituting a technology watch in order to change rapidly your information technology when necessary.
ITG4 Ensuring that your choice of information technology follows the evolution of your environment.
ITG5 Using the information technologies that will permit a rapid reaction to environmental pressure.
ITG6 Use of IT to reduce your production costs.
ITG7 Use of IT to make substantial savings.
ITG8 Use of IT to improve your firm‟s productivity.
ITG9 Use of IT to increase your firm‟s profitability.

T
ITG10 Use of IT to improve the quality of products or services.
ITG11 Use of IT to respect the deadlines requested by your customers.

IP
IT Structure
ITC1 Mastering current information technology products.
ITC2 Maintaining control over projects involved with the acquisition of new technology.

CR
ITC3 Being considered as a leader in information technology usage.
ITC4 Development of a technological culture in your firm.
ITC5 Having the required human and organizational resources to manage the information systems.
ITC6 Having the ability to effectively identify and fill your needs in information technology.
ITC7 Strategic planning of information systems in relation to the organization‟s business objectives.
ITC8
ITC9
ITC10
ITC11
US
Mastering the technology presently in use in your organization.
Using a distributed system to share information within the firm.
Structured approach to acquire the needed information systems.
Use of specific selection criteria for the acquisition of new information systems.
AN
ITC12 Using financial tools in planning the acquisition of new information systems.
ITC13 Choosing information technology related to the strategic orientation of your firm.
ITC14 Knowing the impact that IT will have on the different functions of your firm.
ITC15 Evaluating potential problems related to the strategic orientation of your firm.
ITC16 Knowing the results of a financial feasibility study before the acquisition of IT.
M

ITC17 Identification of possible sources of resistance to change before implementation.

ITC18 Evaluating the employee‟s aptitude to use the chosen IT.
COMPETITIVE ADVANTAGE
The quality of the products or services that your company offers is better than that of the competitor‟s products or
ED

CMA1
services
CMA2 Your company is more capable of R&D and innovation than the competitors
CMA3 Your company has better managerial capability than the competitors
CMA4 Your company‟s profitability is better than the competitors
PT

CMA5 Your corporate image is better than your competitors

CMA6 Your company is much more flexible (regarding the risks and challenges) than the competitors
CMA7 Overall, your company‟s growth is better than the competitors
Note: self-developed items are sign with *.
CE
AC
 ACCEPTED MANUSCRIPT

Appendix B: Factor Loading

Internal Environment
Loading values IE1: 0.9697 IE2: 0.9814 IE3: 0.9844 IE4: 0.894 IE5: 0.9632
Objective Setting
Loading values OS1: 0.9671 OS2: 0.8636 OS3: 0.9534 OS4: 0.9892 OS6: 0.9338 OS7: 0.8885
Event Identification
Loading values EI1: 0.8849 EI2: 0.9886 EI3: 0.9839
Risk Assessment
Loading values RA1: 0.9872 RA2: 0.9663 RA3: 0.9856 RA4: 0.8602
Risk Response
Loading values RR1: 0.8715 RR2: 0.9828 RR3: 0.985 RR4: 0.7968
Control Activity
Loading values CA1: 0.9815 CA2: 0.8801 CA3: 0.9809 CA4: 0.8829
Information and Communication

T
Loading values IC1: 0.9782 IC2: 0.9651 IC3: 0.793 IC4: 0.9789
Monitoring

IP
Loading values MO1: 0.9898 MO2: 0.9697 MO3: 0.9868 MO4: 0.897
IT Strategy
Loading values ITG1: 0.9426 ITG2: 0.9252 ITG3: 0.9579 ITG4: 0.7809 ITG5: 0.8016 ITG6: 0.9329 ITG7: 0.9567

CR
ITG8: 0.9514 ITG9: 0.9455 ITG10: 0.8217 ITG11: 0.8118
IT Structure
Loading values ITC1: 0.8512 ITC2: 0.8962 ITC3: 0.8648 ITC4: 0.9001 ITC5: 0.9631 ITC6: 0.9427 ITC7: 0.8873
ITC8: 0.8945 ITC9: 0.8789 ITC10: 0.9584 ITC11: 0.9732 ITC12: 0.9768 ITC13: 0.9483 ITC14: 0.9794
ITC15: 0.9144 ITC16: 0.8977 ITC17: 0.8179 ITC18: 0.8041

Loading values CMA1:0.8296

US
Competitive Advantage
CMA2: 0.8232 CMA3: 0.8221 CMA4: 0.831 CMA5: 0.8422 CMA6: 0.8657 CMA7: 0.8545
(IE: internal environment; OS: objective setting; EI: event identification; RA: risk assessment; RR: risk response; CA: control activity; IC: information and
communication; MO: monitoring; ITG: IT strategy; ITC: IT structure; CMA: competitive advantage)
AN
Appendix C: AVE and Reliability of the Constructs

Constructs AVE Composite reliability Cronbach‟s Alpha

M

Internal environment 0.9198 0.982854 0.980581

Objective setting 0.8716 0.975988 0.978647
Event identification 0.9094 0.967794 0.948944
Risk assessment 0.9048 0.974316 0.931415
ED

Risk response 0.8325 0.951788 0.916428

Control activity 0.8698 0.963845 0.948634
Information and communication 0.8688 0.963371 0.912443
Monitoring 0.9245 0.92457 0.909382
PT

IT strategy 0.8029 0.978044 0.948429

IT structure 0.8275 0.988522 0.978293
Competitive advantage 0.7031 0.943089 0.930794
CE

Appendix D: Fornell and Larcker‟s Test

CMA ITG ITC IE OS EI RA RR CA IC
CMA 0.839
AC

ITG 0.563 0.896

ITC 0.744 0.586 0.910
IE 0.642 0.545 0.611 0.959
OS 0.552 0.555 0.561 0.886 0.934
EI 0.546 0.469 0.509 0.658 0.633 0.954
RA 0.553 0.443 0.438 0.793 0.713 0.620 0.951
RR 0.424 0.462 0.530 0.476 0.811 0.671 0.733 0.912
CA 0.447 0.496 0.587 0.490 0.597 0.681 0.713 0.703 0.933
IC 0.449 0.496 0.568 0.716 0.635 0.806 0.722 0.616 0.838 0.932
Diagonal items: AVE square roots (IE: Internal environment, OS: Objective setting, EI: Event Identification, RA: Risk assessment, RR: Risk response,
CA: Control activities, IC: Information and communication, MO: Monitoring, ITG: IT strategy; ITC: IT structure; CMA: Competitive advantage)