The decision to internally generate or outsource risk management activities

  • Jacqueline Christensen

Student thesis: Doctoral Thesis


Risk management is a recognised business discipline with a broad supporting infrastructure in academe and professional practice. Development of a sound framework of risk oversight, risk management and internal control is fundamental to good corporate governance (ASX Corporate Governance Council, 2008; ASX Markets Supervision, 2009). The board and the senior management of Australian listed companies have a statutory duty to develop, implement, oversee and report on an effective system of risk management (structures, policies, and procedures and culture) to identify, assess, treat and monitor risk to support achievement of the organisation‟s objectives. This is articulated in the ASX Corporate Governance Principles and extended under the ASX listing rules which are given legal authority by the Corporations Act 2001. The services required to support a company‟s risk management activities can be conducted in house by employees of the company, outsourced to professionals such as accounting practices or other professional consultants or by a combination of internal and external sources.
This study examines internal and external factors that influence the decision to internalise or outsource risk management activities using the theoretical framework of TCE (transaction cost economics). A transaction‟s attributes can be characterised by the three broad principal dimensions of asset specificity, uncertainty and frequency according to TCE. It is these dimensions which determine why some transactions are internalised and directed by managers in a hierarchy and others are outsourced in the market to external suppliers. Four hypotheses are developed and operationalised using a unique data set combined with archival data from company annual reports. A survey questionnaire sent to ASX listed companies requesting information about their risk management function for the financial year ending 2009 achieved a sample of 271 companies. Linear and logistic multivariate regression analysis is used to test the hypotheses and explain the governance choice for risk management activities for ASX listed companies.
Results suggest 46 per cent of Australian listed companies outsource risk management activities. Financial reporting, compliance and operational risks are identified as the top three categories of risk management and are the top three risk priorities. Environmental, sustainability and climate change are the least identified categories of risk management with lowest priorities given by respondents. Risk associated with human capital and the environment are the most frequently outsourced categories.
Broadly in line with the TCE propositions expenditure on research and development, staff turnover in risk management relative to other service functions and environmental uncertainty measured in terms of technological change and transaction frequency is associated with less outsourcing of risk management activities. Uncertainty due to environmental diversity measured by the number of subsidiaries and recent restructures, acquisitions or mergers is associated with more outsourcing of risk management activities. Behavioural uncertainty related to new staff is also associated with more outsourcing. Contrary to the theoretical predictions of TCE, volatile sales are associated with more outsourcing and competition and overseas sales are associated with less outsourcing of risk management activities. Training and contract duration, hypothesised as indicators of asset specificity, are associated with more outsourcing. Big4 supplier is associated with more outsourcing of risk management activities and leverage is associated with less outsourcing of risk management activities. Financial distress is associated with the decision not to outsource in the whole sample of companies and associated with more outsourcing for the subsample of companies that do outsource risk management activities. Capital intensity is associated with more outsourcing in the whole sample of companies and there is a marginal association with less outsourcing for the subsample of companies that do outsource risk management activities.
This study is motivated to extend the boundaries of research into companies‟ risk management practices. Limited comparable studies of risk management activities have been found to have been conducted in Australia or internationally and the accounting discipline has concentrated on internal audit. The research period of 2009 is important because it is the first full reporting year following the implementation of the revised ASX Principle 7: Recognise and Manage Risk which extended the scope of management‟s responsibilities. Application of TCE to the risk management function contributes to the body of knowledge by expanding the scope of the theory‟s application to an area of corporate governance which incorporates operations, compliance, financial reporting and strategic imperatives. Increasing our understanding of risk management practices benefits organisations, accounting professionals and regulators concerned with governance practice and enables policy development to be based on informed research. This study undertakes to investigate directly the factors influencing the risk management sourcing decision. This knowledge, by increasing and promoting understanding of the issues, can be used by managers and professional bodies to enhance their decision making on the choice of governance for risk management.
Date of Award8 Oct 2011
Awarding Institution
SupervisorPamela Kent (Supervisor)

Cite this

The decision to internally generate or outsource risk management activities
Christensen, J. (Author). 8 Oct 2011

Student thesis: Doctoral Thesis