The Impact of Enterprise Risk Management on Firm Performance : Evidence from Sri Lankan Banking and Finance Industry

This study explores the impact of the adoption of enterprise risk management (ERM) practices on firm performance. A sample of forty five banking and finance companies listed on the Colombo Stock Exchange (CSE) was selected for this study and uses both primary and secondary data for the empirical analysis. The extent of adoption of ERM practices was assessed by using the ERM integrated framework of committee of sponsoring organization (COSO) of the Treadway Commission of USA. Return on equity (ROE) is used as a proxy to measure the firm performance and uses multivariate regression analysis to assess the impact of key ERM functions on firm performance. This study finds none of the eight key ERM functions suggested by the COSO’s ERM integrated framework has a significant impact on firm performance. Event identifications, risk assessment, risk response and information & communication indicate a positive impact on firm performance. However, none of those impacts were significant. Surprisingly, empirical evidence reveals that objective setting; event identification, control activities and monitoring of ERM functions have a negative, but not significant, impact on the firm performance. These findings induce the corporate managers to pay a close attention to the cost-benefits considerations when designing and implementing ERM practices and not heavily relied upon and extensively invest on ERM as a vehicle for creating firm value.


Introduction
Amidst the global economic crisis (1998,2008), high profile corporate scandals and business failures such as Barings Bank (1995), Enron (2001), WorldCom (2002), the emerging concept of enterprise risk management (ERM) has been widely discussed by the academia and the practitioners in the recent past.ERM has been highly considered by today's corporate managers as a strategic approach to managing risk face by business firms in a holistic way as oppose to traditional silo-based risk management.Despite there is a growing concern on the adoption of ERM practices with the key objective of enhancing firm value, there is little empirical evidence supporting the value relevance of the ERM implementation.Prior researchers have made some attempts to empirically verify the relationship between ERM and firm performance and find mixed results about the value relevance of the ERM implementation.
Many of the prior researchers (Liebenberg & Hoyt, 2003;Beasley et.al 2008;Hoyt et. al, 2011, Hoyt et al. 2008, Pegach et al. 2008, Pegach et al. 2010, Pegach et al. 2011, Tjahjono, 2017) use dummy variables such as, the presence of the; chief risk officer (CRO), risk committee, big four auditors and institutional shareholders to assess the extent of ERM implementation by business firms.There are some criticisms of this approach and some researchers suggest dummy variables could not effectively assess the extent of ERM adoption by the business firms.Hoyt et al. (2008), suggests the researchers are required to find more robust models for assessing the extent of ERM implementation.Based on the direction of prior researchers (Hoyt et al, 2008;Tjahjono, 2017) this study uses real variables to assess the extent of adoption of ERM using a robust model suggested by COSO's ERM integrated framework.This study explores the extent of ERM adoption by the listed companies in the Sri Lankan banking and finance industry where it is presumed, in line with the prior researchers' works (Hoyt et al, 2011;Soliman et al., 2017;Li et al., 2014;Beasley et al. 2005), ERM practices are widely adopted.
As far as the evolution of the concept of risk management in modern time is concerned, it is apparent that the committee of sponsoring organization (COSO) of Treadway Commission has provided the thought leadership for both academics and practitioners.According to the enterprise risk management-integrated framework published by the committee of sponsoring organization (COSO,2004) ERM is defined as; " a process affected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives." Unlike traditional risk management where individual risk categories are separately managed in risk "silos," ERM enables firms to manage a wide array of risks in an integrated, enterprise-wide fashion (Hoyt et al. 2008).ERM is a process that helps firms to identify, assess and responds risk more effective and efficient way that facilitate managers in making risk-aligned decisions towards enhancing firm value.

Literature Review
Business firms in the modern pristine capitalistic economy mainly focus on adding value to the shareholders.Adoption of any new technology, methodology or management approach is expected to be adding value to the firm, for it to be accepted by the industry.The concept of ERM, as a holistic and strategic approach to manage the risk facing by a business, is expected to enhance firms' performance.The proposition, as to whether the adoption of ERM has an impact on the firm performance has long been discussed by both practitioners and academia.A considerable number of researchers have significantly contributed to the body of knowledge of the ERM's impact on firm performance through their empirical studies.According to Beasley et al. (2005), their study on "enterprise risk management: an empirical analysis of factors associated with the extent of implementation", suggests that despite there is a substantial interest in ERM by academics and practitioners and the abundance of survey evidence on the prevalence and characteristics of ERM programs there is an absence of empirical evidence regarding the impact of such programs on firm value.Despite the growing interest in ERM, there exists little research examining its value (Gates et al. 2012).This idea confirms the Beasley et al (2005) above.This lack of empirical evidence on the value of ERM practices hinders their popularity and application in the industries.Monda et al (2013) states that the academic literature on ERM is focused on two main aspects: the analysis of the factors that influence ERM adoption and its effects on firms' performance.They further state that no studies have been conducted yet to propose a robust and rigorous model to evaluate the quality and the maturity level of ERM programs implemented by firms.According to Beasley et al. (2008) ERM is intended to promote awareness of the sources of risks and address them by improving strategic and operational decision making.As a result of improved efficiency, firm performance should increase, volatility should decrease and cost of capital should be reduced thus firm value should increase.This rational given by Beasley et al. (2008) explains from where does value come from ERM.Lawrence et al. (2009) state that there is a growing support for the general argument that organizations improve their performance by employing the ERM concept.Nevertheless, the findings of some other researchers highlight the fact that adoption of ERM has no value implication on firms.For example, according to Pagach et al, (2010), in their study on "the effects of ERM on firm performance" results fail to find support the proposition that ERM is value creating.Similarly, according to Papee et al. (2010), Quon et al. (2012) Otieno (2012), Tahir et al. 2011 andLi et al. (2014) their findings fail to support the theoretical expectation that ERM has a positive impact on firm performance.The findings of these researchers put forward some mixed result in the premise that ERM has an implication on firm performance and value.
Prior researchers have mainly relied on dummy variables when assessing the extent of adoption of ERM by business firms.Indicator variables such as the presence of chief risk officer (CRO), risk committee, big four auditors, and the presence of institutional shareholders are widely used as indicators of adoption of ERM practices by firms (Liebenberg et al., 2003;Beasley et al. 2005;Pegach et al., 2011).Literature on ERM shows that some researchers have empirically verified that the presence of the CRO/CEO, big four audit firm, audit committee, risk committee, institutional investor has a positive impact on the firm performance.(Pegach & Warr, 2011;Bouaziz, 2012;Stanley, 2011;Mountiho, 2012 andNajjar, 2015).Nevertheless, some of these researches have recognized the limitations of assessing ERM adoption by using dummy variables and they have directed future researches to adopt some robust methods to assess the extent of ERM adoptions.Taking the prior researchers directions and recommendations into consideration, this study aims to empirically verify, whether adoption of ERM practices has an impact on firm performance by assessing the extent of ERM implementation using a robust model.The modal adopted in this study encompasses an in-depth assessment of the adoption of eight key ERM functions suggested by the ERM integrated framework of the committee on sponsoring organizations (COSO) of the Treadway Commission (2004).
Literature supports that the degree of adoption of ERM or the maturity level of the ERM implementation in the banking and finance industry, compared to other industries, is relatively high (Mukhtar et al., 2017, Pagach et al. 2008, Beasley et al., 2005).Banking and finance industry is highly vulnerable during the periods of global financial crisis.Moreover, there are many regulatory and supervisory involvements to this industry where those institutions are required to comply with some strict regulatory requirements.According to Golshan et al., (2012) firms operating in intensely regulated industries are more likely to adopt ERM and they have been at the forefront of ERM implementation.In this context, this study focuses on the banking and finance industry in Sri Lanka to empirically explore the ERM impact on the firm performance.In a similar study conducted by Hoyt et al. (2008) on the value implication of ERM, a study is conducted about the U.S. insurers in order to control for differences that might arise from regulatory and market differences across industries.Despite several studies have attempted to verify as to whether the adoption of ERM practices by the banking and finance industry has an impact on their firm performance, there is a lacking concern over the evaluation of the extent of ERM adoption and its maturity level by using a robust model.In order to assess the ERM implementation maturity in the banking and finance industry and its impact on firm performance, this study adopts COSO's ERM integrated framework which is said to be the most popular and widely accepted framework by the practitioners around the world.According to Beasley, Branson & Hancock (2010), survey conducted in 2010 with a participation of 460 respondents reveals that 65 percent of the respondents were fairly familiar or very familiar with the COSO's ERM Framework.The researcher believes that COSO's ERM integrated framework (here after 'ERM integrated framework) provides a reasonably sound basis for assessing ERM maturity levels of the banking and finance institutes.

Sample and Data Collection
The total population of the listed companies in the Sri Lankan banking and finance industry represents 53 firms (as of September, 2016).Using convenient sampling method researcher collected survey questionnaires from 45 firms.According to Research Advisor's sample adequacy table (2006), a sample of 45 firms is a reasonably representative sample of a population of 53 firms.This study uses both primary and secondary data relating to the listed companies in the banking and finance industry in Sri Lanka.In order to assess the extent of adoption of the key functions suggested by the integrated framework, primary data were collected by distributing a survey questionnaire.The respondents represent personnel who are attached to the finance divisions of the head office and branches of the observing companies.For the purpose of this study, return on equity (ROE) is used as a proxy for the financial performance of the observing firms.ROE is measured using secondary data available in the published annual reports of the respective observing firms.Annual reports used for this study were downloaded from the official website of the Colombo Stock Exchange, where those reports are freely available online as a digital copy.It is presumed that the audited financial statements, which are an integral part of the annual report, provide a more reliable source of information with respect to financial performance of the listed companies.
The ERM integrated framework recognizes the internal environment (IE), objective setting (OS), even identification (EI), risk assessment (RA), risk response (RR), control activities (CA), information and communication (IC) and monitoring (M) as the key functions requires for a company to adopt a robust ERM model.The survey questionnaire was developed by considering the prior research works of Beasley et al. (2005), Gates et al. (2012), Njagi (2015), Altermeyer (2004).A five scale questionnaire was used in this study, which let the respondents to choose among, "strongly disagree," "disagree," "neutral," "agree" and "strongly agree" that best fit for their firm.If the respondent strongly disagree with the statement relating to the particular ERM function a numerical value of "1" is assigned and if the respondent strongly agree with the stated risk management practice a numerical score of "5" is assigned.For other responses i.e. disagree, neutral and agree, scores of 2, 3 and 4 were assigned respectively.According to Beasley, Clune and Hermanson (2005), who conducted a similar study, the measure the extent of ERM implementation using a 1 to 5 scale based upon the respondent's response to a survey question about the degree of ERM deployment.So, the researcher is confident that the methodology adopted in this study provides a reasonable theoretical basis for assessing the extent of ERM adoption by the banking and finance industry in Sri Lanka. ijbm.ccsen

Theor
The conc and direc sources.Risk aligned objective setting allows the top management to consider risk at the time of setting the firm's long term objectives.It is the type of the objectives that determines the type and nature of the risk, the firm is likely to face in the future.Objectives usually link to the expected return.Expected return is always associated with the risk element.To this effect, it is the time of the objective setting the firm is effectively set its desired risk appetite.In this context, with respect to risk aligned objective setting, the hypothesis is derived as below;

Indep
H2: Risk aligned objective setting has a positive impact on firm performance (ROE).

Event Identification (EI)
Events identification enables an organization to foresee the favorable and unfavorable internal and external events affecting the achievements of the objectives of the entity.This function effectively lets an organization to identify events that would result in either a positive or a negative impact on firm performance.As such event identification minimizes the risk of facing business surprises that will adversely affect the performance.According to Beasley et al. (2008), minimizing business surprises will minimize volatility in return will improve firm value.Kiprop et al., (2017) state that there is a positive relationship between risk identification and performance of financial institutions.According to COSO's ERM integrated framework, the internal and external events affecting the achievement of a firm's objectives must be identified, distinguishing between risks and opportunities.Opportunities are channeled back to management's strategy or objective setting process (COSO, 2004).Thus, event identification lets an organization to identify threats and opportunities and appropriately set the strategies assuring the achievement of firm's long term objectives.In this context, researcher derives the third hypothesis as below, H3: Event identification has a positive impact on firm performance (ROE).

Risk Assessment (RA)
Risk assessment encompasses assessing the likelihood and the impact of events affecting the achievement of the objectives of a firm.It enables an organization to determine a more effective approach to address the risk factors emerging from the internal and external environment.Unlike the ISO 31000 standard on ERM (2009), which recognizes only the residual risks, ERM integrated framework assesses the risk on both inherent and residual basis.According to Solomon & Muntean, (2012), company's risk assessment on the basis of leverage coefficients is required for the predicted behavior analysis for estimating future results.According to Deloitte & Touche LLP; Curtis and Carey (2012), Risk assessment is important since it is the way in which enterprises get a handle on how significant each risk is to the achievement of their overall goals.Thus, with respect to risk assessment researcher derives the following hypothesis, H4: Risk assessment has a positive impact on firm performance (ROE).

Risk response (RR)
Based on the risk assessment and in the light of the firm's risk tolerance and risk appetite, management should decide upon the suitable response to each identified risk factors choosing amongst the risk avoidance, risk acceptance, risk sharing and risk reduction.Effective risk responding strategy is expected to have a positive impact on the firm performance.According to Vollmer (2015), a cost-effective and efficient risk response plan helps balance the mitigation of risk with the expected benefits of the strategic programme.Thus, this study derives its fifth hypothesis as below; H5: Risk response has a positive impact on firm performance (ROE).

Control Activities (CA)
Control activities that are designed to address the risk factors identified involves the policies and procedures established by the management to ensure that risk responses are effectively implemented.There are some researchers who assert that the effective implementation of control activities enhance operating efficiency that leads to enhance firm performance.According to Munene (2013), results established a significant relationship between internal control system and financial performance.Eniola and Akinselure (2016), state that effective internal controls will significantly improve financial performance by helping the organization to significantly reduce fraud perpetration.According to Beeler et al. (1999) internal controls provide an independent appraisal of the quality of managerial performance in carrying out assigned responsibilities for better revenue generation.Control activities usually strengthen the firm's internal control functions, which in return enhances the efficiency and effectiveness of the operations affecting positively on the firms' performance.Thus, this study derives its sixth hypothesis as below; H6: Control activities have a positive impact on firm performance (ROE).

Information and Communication (IC)
Effective information and communication channel is vital to achieve the intended benefits of an integrated risk management framework.Effective integration can only be achieved by ensuring an effective communication among the related functions and people throughout the organization.This is a crucial feature which differentiates ERM from traditional silo-based risk management.The improvement in the information of the organization's risk profile is another potential source of value created by ERM (Eikenhout, 2015).According to Fisher and Kenny (2000) as Cited by Olugbode et al. (2008), they suggest that organizations infuse information systems into their operations so as to enhance competitiveness and facilitate business growth and success.According to Chaffey and Wood 2005 as Cited by Olugbode et al. (2008), when the communication is thorough and accurate, decisions tend to be more informed and effective.It is apparent that enhanced communication of risk information lets the organizational managers to make informed and risk aligned decisions which leads towards achieving better performance.Thus, this study develops its seventh hypothesis as below; H7: Information and communication of risk information has a positive impact on firm performance (ROE).

Monitoring (M)
Firm's ERM functions are required to be monitored on an ongoing basis to ensure the intended objectives of each function and the ERM as a whole are achieved.According to Wholey (2010) monitoring and evaluation is used in government to increase transparency, strengthen accountability, and improve performance.Monitoring function could be an ongoing process or timely evaluation aiming to decide as to whether further modifications are required for the firm's ERM.Monitoring and evaluation (M&E) systems and structures are often linked to public service reform initiatives in budgeting and accountability (Mutinda and Kiruja, 2015).Effective ongoing monitoring of a firm's key ERM functions ensures the achievement of the objectives of each function.Thus, this study derives its eighth hypothesis as below; H8: Monitoring of ERM functions has a positive impact on firm performance (ROE).

Regression Model
In order to test the impact of the eight ERM functions, of the COSO's ERM framework, on the firm performance (ROE) and to assess the relationship between the extent of the adoption of the eight ERM practices and the firm performance, this study adopts following regression model.01.This descriptive data table captures key indicators of the respondents and the observing companies of the Sri Lankan banking and finance industry.Many of the respondents are in their middle age category representing junior and middle level management layers of the observing companies and hold at least a bachelor degree or above qualifications that imply their academic rigor.In order to assess the perceived maturity level of the firms' ERM, respondents were given an opportunity to make a judgmental assessment based on their perception about the maturity level of the firm's ERM adoption.Approximately 30 percent of the respondents stated that their firm identify, assess and control strategic, financial, operational, compliance risks and ERM is an integral part throughout the organization.Sixty five percent of the respondents are of the view that their firms identify, assess and controls strategic, financial, operational and compliance risks and are in the process of implementing a complete ERM system.Eighteen firms, out of the total sample of 45 firms, are employed with a chief risk officer (CRO) who is responsible for overseeing the ERM functions.Approximately 90 percent of the firms have engaged one of the big four auditors as their external auditors who could facilitate banking and finance firms to implement a sound system of ERM.Presence of institutional shareholders was visible in all most all the banking institutes.However, banking and fiancé industry as a whole shows approximately 80% of the firms had an institutional shareholder as its major shareholder.This favorably affects the shareholder activism and greater concern on the governance and risk management by the board of directors.

Correlation Analysis
Pearson's correlation coefficient measures the strength of a linear association between the independent and dependent variables and is usually denoted by "r".Correlation coefficient (r) can take a range of values from +1 to -1.A correlation coefficient value of "zero" indicates that there is no association between the two variables.A coefficient value greater than 0 indicates a positive association, it means an increase in one variable will result in an increase in the other variable, vice versa.The output values of the Pearson's correlation coefficient and the coefficient for regression analysis are presented in Table 3 and Table 4 respectively.The results of the statistical analysis indicate that there is a weak relationship between the extent of the adoption of ERM functions and the firm performance.Before analyzing the strength of the relationship based on the correlation coefficient value, researcher must check whether there is a significant relationship between the two variables by testing hypothesis.
According to statistical output, with respect to Pearson's correlation, all P values are greater than 0.05.So, it can be concluded that none of the ERM functions have a significant relationship with firm performance.Since the relationships are none significant it is not meaningful to analyze the strength and the direction of the relationships between ERM functions and firm performance.Nevertheless, Pearson's correlation coefficient does not assess the causal impact of the independent variables.In order to assess the impact of the adoption of ERM on the firm performance researcher needs to analyze the regression coefficients.The output of the regression analysis is given in the Table 4.

Hypothesis Testing
The Pearson's correlation assesses the strength and the direction (whether the relationship is positive or negative) of the relationship between the independent variables and the dependant variable.In order to assess the causal impact of the adoption of ERM functions on the firm performance, the regression result should be analyzed by testing the hypothesis.The summary of the hypothesis testing and the decisions are given in the Table 5.The coefficient for event identification (IE) is positive, but not significant (p value.847 is greater than 0.05), So, the researcher has no enough evidence to say that ERM supportive internal environment has an impact on firm performance as measured by the ROE.This result is inconsistent with the findings of some researchers who found that ERM supportive internal environment has a positive and significant impact on the firm performance.
According to Liebenberg et.al (2003) and Kinyua et. al, (2015) ERM supportive internal environment adds value to the firm and there is a significant association between internal control environment and financial performance.
Nevertheless, finding of this study is consistent with Li Wu et al. (2014) where their empirical study on enterprise risk management and firm value within China's insurance industry reveals that ERM functions make no significant impact on firm value.The second hypothesis (H 2 ) postulates that risk align objective setting has a positive impact on the firm performance.Correlation significance value (p value) is 0.756.Since the p value is greater than 0.05, researcher has no enough evidence to say that risk aligned objective setting has a positive impact on firm performance.This result contradicts with the findings of Liebenberg & Hoyt, 2003;Beasley et al. 2005 andPegach &Warr, 2011.However, this result is consistent with Rao et al. (2007) where their survey of executives and managers reveals that there is dissatisfaction with the link between ERM and strategy setting.The third hypothesis (H3) hypothesize that the event identification (EI) has a positive impact on firm performance.The coefficient for event identification is negative, but not significant (p value .350 is greater than 0.05).So, the author has no enough evidence to say that event identification has a significant impact on firm performance.This result contradicts with the findings of Beasley et al. (2008) who assert that effective ERM implementation will let the organizations to foresee the risky events that results, minimizing business surprises and volatility in return which contributes a firm towards enhancing the value of the firm.
Fourth and fifth hypotheses postulate that risk assessment (RA) has a positive impact on firm performance (H 4 ) and risk response (RR) has a positive impact on firm performance (H 5 ) respectively.The regression correlation coefficient for RA shows that risk assessment has a positive, but not significant (p value .417 is greater than 0.05).So, the researcher has no enough evidence to say that risk assessment has an impact on ROE.The regression Coefficient value for risk response shows there is a positive, but not significant (p value .191 is greater than 0.05) impact on firm performance.In this context, the researcher has no enough evidence to say that risk assessment has an impact on the firm performance.This result is much more consistent with freewheeling opportunists' theory of strategic management.Freewheeling opportunists do not greatly rely on strategic planning and risk management.They identify market opportunities as they arise and take corrective and remedial actions for risky events as they occur.According to Steffan (2008), freewheeling opportunism is a concept that suggests a company does not need formal business planning instead it should remain open to opportunities as they arise and led by market conditions and events therefore adapting to changes required in order to take advantage of the environment to create competitive advantage.
Sixth hypothesis (H 6 ) presumes that control activities have a positive impact on the firm performance.Nevertheless, the regression coefficient value of internal control is negative with p value .583which is greater than cut off point 0.05.So, the researcher has no enough evidence to say that control activities have a positive impact on firm performance.Improved control activities are usually expected to bring improved efficiency and positive impact on firm performance.But the result of this study finds it's opposite.This could be due to the fact that tighten control activities have some cost benefit considerations.Specially banking and financial institutes are expected to deploy a sound system of internal control system due to their inherent nature of the risk facing by the business.These tight controls may result in additional cost to the firm which may out-weight the expected incremental benefits.Nevertheless, a sound internal control system is a salient feature for banking and finance firms to preserve the firm's value rather than enhancing it.
Seventh hypothesis (H 7 ) postulates that information and communication has a positive impact on firm performance.Regression coefficient indicates that information and communication has a positive, but not significant impact on firm performance.The p value of information and communication variable is .272which is greater than the cutoff value of 0.05.As such the researcher has no enough evidence to say that information and communication has a significant impact on firm performance.H 8 hypothesizes that monitoring of ERM functions has a positive impact on firm performance.Coefficient for monitoring shows there is a negative, but not significant impact on firm performance.These, the results are contradictory with Najjar, 2015;Mountiho, 2012;Stanley, 2011;Bouaziz, 2012 ;Pegach et al., 2011;Beasley et al., 2005 andLiebenberg et al., 2003 where, they assert that the adoption of ERM functions has a positive and significant impact on firm performance.

Conclusions
The objective of this study was to empirically verify as to whether the extent of adoption of ERM functions, suggested by the COSO's ERM integrated framework, has an impact on the firms' performance.This study finds none of the eight key ERM functions suggested by the COSO's ERM integrated framework has a significant impact on firm performance.Event identifications, risk assessment, risk response and information & communication indicate a positive impact on firm performance.Nevertheless, none of those impacts were significant.Surprisingly, empirical evidence reveals that objective setting, event identification, control activities and monitoring of ERM functions have a negative impact on the firm performance.Nevertheless, none of those functions have a significant impact on firm performance.Based on the empirical evidence, this study concludes that the adoption of ERM has no impact on the firm performance.The findings of this study are contradictory with the theoretical expectation of adoption of ERM practices has a positive impact on firm performance confirmed by Beasley et al. (2008), Hoyt et al. (2010), Pegach et al. (2011), Bouaziz (2012) , Stanley (2011), Mountiho (2012) and Najjar (2015).However, the findings of this study are consistent with some other researchers who find that ERM has no value implication on firms.For example, according to Pagach et al. (2010), in their study on "the effects of ERM on firm performance", their results fail to support for the proposition that ERM is value creating.Similarly, according to Papee et al. ( 2010), Quon et al. (2012) Otieno (2012), Tahir et al. 2011 andLi et al. (2014) their findings fail to support the theoretical expectation that ERM has a positive impact on firm performance.
Many of prior researchers who find that ERM has a positive impact on firm performance and value, assesses the extent of ERM adoption by using dummy variables such as the presence of CRO, risk committee, audit committee, big four auditors, institutional shareholders etc.Those dummy variables effectively represent and assess only the extent of ERM supportive internal environment which is only one aspect of the COSOs ERM integrated framework.They are not adequate to assess the other functions of the ERM framework.Despite the findings of this study confirm that ERM functions of COSO's framework ( 2004) in isolation have no significant impact on firm performance, that significant level would be affected by adding further variables to the regression model or by appropriately regrouping some of those functions to measure their integrated impact on firm performance.Future researchers are recommended to take these matters into consideration and empirically verify the impact of ERM on firm performance based on an in-depth analysis using a robust model.

ROE
Demographic characteristics of research respondents and companies are presented in the Table

Table 1 .
Sample contentDescriptive statistics the existing levels of return on equity (ROE), ERM supportive internal environment, risk aligned objective setting, event identification, risk assessment, risk response, control activities, information and communication and monitoring are provided in Table-2.This study uses Return on equity (ROE), which is one of the popular tools used by the researchers, as a proxy to measure the financial performance of observing companies.Mean values for three years average ROE is 0.134 and highest and lowest values for the same are -0.15 and 0.37 respectively.Mean values of ERM supportive Internal Environment, Risk align Objective Setting, and Control Activities were between from 4 to 5.This brings into light that the ERM supportive internal environment, Risk aligned objective setting and Control activities in the banking and finance industry are adopted at a higher level.Mean values of Event Identification, Risk assessment, Risk response, Information and Communication and monitoring were between from 3.8 to 4. It indicates that Event Identification, Risk assessment, Risk response, Information & Communication and monitoring related ERM functions of the banking and finance industry are implemented at a moderately high level.

Table 4 .
Coefficient for regression model