The relation between risk oversight and firm performance

(1)

1

The relation between risk oversight and

firm performance

Master Thesis

Abstract

This paper analyses the role of the board of directors in overseeing enterprise risk. Recent fraud investigations, accounting scandals and other corporate disasters have shed doubt on whether the governance at firms is designed in such a way that boards are overseeing their risks in an appropriate manner. For this reason, the Securities and Exchange Commission in the USA expanded its disclosure requirements for listed companies. Since 2010, US listed companies are required to disclose the role of the board in the oversight of risk. Using the additional information in the proxy disclosures of non-financial S&P 500 firms, this paper examines whether effective risk oversight is related to firm performance. This research finds only ambiguous evidence that effective risk oversight is associated with firm performance. This study develops a new proxy for effective risk oversight - the Risk Oversight Index. I find no evidence that the Risk Oversight Index is significantly related to either Tobin’s Q, ROA (EBIT) or ROA (NI). Interestingly, an alternative statistical method of constructing an index, the principal component analysis, provides some support that particular risk oversight practices are positively related to firm performance.

Key words: Risk Oversight, Firm Performance, Corporate Governance, Risk Management

Author Rik Plender

10352562 Supervisor

Prof. dr. F. (Florencio) Lopez-de-Silanes Molina University of Amsterdam

Faculty of Economics and Business MSc Business Economics, Finance Track

(2)

2

Acknowledgements

In front of you lies the final product of my master studies in Business Economics, Finance track at the University of Amsterdam. Although this thesis is ultimately my individual work, I consider it as a joint effort. I am not going to point out individual people but I would like to thank family, friends, colleagues and my supervisor for their support and critical reviews. Their feedback definitely helped to get to a better thesis. Also, I would like to thank EY for giving me the opportunity to write my thesis with their help. The good working environment (and delicious coffee) on the ninth floor of the EY Amsterdam office made the process of writing my thesis a pleasant and valuable learning experience.

Thanks,

Rik Plender

(3)

3

I. Introduction

This paper analyses the role of the board of directors in overseeing enterprise risk. Many people believe that the recent crisis was the result of a failure of companies to apply effective risk management practices (Kirkpatrick, 2009). In addition, recent fraud investigations, accounting scandals and other corporate disasters have shed doubt on whether the governance at firms is designed in such a way that boards are overseeing their risks in an appropriate manner (Economist Intelligence Unit (2009). For example, the BP oil spill in the Gulf of Mexico was attributed to the failure of management “to identify the risk they faced, and to properly evaluate, communicate and address them” (National Commission, 2011, p. 90). Because of these corporate failures, the Securities and Exchange Commission (SEC) in the USA expanded its disclosure requirements for listed companies (SEC, 2009). Since February 28th 2010, US listed companies are required to disclose the role of the board in the oversight of risk. Using the additional information in the proxy disclosures of non-financial S&P 500 firms, this paper examines whether effective risk oversight is related to firm performance.

This study is related to two areas of academic research in the field of finance: corporate governance and risk management. Corporate governance refers to the structures, rights, duties, and obligations by which investors assure themselves the company is ran in their best interests (Shleifer and Vishny, 1997). Risk management is concerned with the early diagnosis and assessment of risks and subsequently tries to minimize its negative consequences (Hubbard, 2009). In the past, academics have independently tried to link both governance attributes and best practices in risk management to firm performance. For example, Bebchuk, Cohen, and Ferrell (2009) find that governance provisions related to the entrenchment of boards are negatively associated with firm performance. Other studies focused on the relation of risk management and firm performance. For example, Pérez-González and Yun (2013) find that the use of weather derivatives is positively related to firm value. However, the more specific way in which risk management is embedded in a firms’ governance has had little attention by academia (Aebi, Sabato, and Schmid, 2012). As noted by Mark Beasley, Branson, and Hancock (2011) it is the responsibility of the board of directors to oversee whether management is effectively managing risks. Recently, Ellul and Yerramilli (2013) and Aebi et al. (2012) examined the link between effective risk oversight and firm performance at banks. Their results suggest that risk oversight matters and reduces risk and increases performance.

(5)

5

This study adds to the existing literature in multiple ways. In contrast to most of the existing corporate governance studies, I focus on governance practices related to risk management. In addition, whereas most risk management literature is related to risk management practices at business-level, like hedging, I focus on risk management at board level i.e. risk oversight. Furthermore, Ellul and Yerramilli (2013) and Aebi et al. (2012) studied risk oversight practices at banks and I limit the sample to non-financial firms.

It is a challenge to measure such a qualitative and multi-interpretable term as effective risk oversight. This study attempts to quantify risk oversight effectiveness based on the disclosures and subsequent identification of various risk oversight practices. The expanded disclosure requirements by the SEC (2009) provide the necessary information to identify these practices. Based on the analysis of the most recent proxy disclosures of all non-financial S&P 500 firms, eight risk oversight practices are distinguished. Subsequently the Risk Oversight Index, the sum of the individual practices, is constructed as a proxy for risk oversight effectiveness.

The eight risk oversight practices identified from the analysis of the aforementioned proxy disclosures are discussed next. First, some companies have established a dedicated board risk committee. Second, others have established a management committee specifically dedicated to continuously inform the board about its risk management processes. Third, some firms have appointed a Chief Risk Officer. Fourth, many firms have adopted an Enterprise Risk Management (ERM) program, which is subsequently monitored at board level. Fifth, some boards have secured its risk oversight responsibility within its charters or formal policies. Sixth, several companies make sure their risk oversight is aligned with the company’s overall strategy. Seventh, risk appetite discussions are part of the boards’ risk oversight responsibility at some firms. Finally, instead of delegating the risk oversight responsibility to a specific committee, various firms have assumed the full board to be responsible for this task.

These practices are designed to increase the effectiveness of risk oversight by the board, however whether this actually is the case remains unexplored. This paper hypothesizes that effective risk oversight increases firm performance. Alternatively, risk oversight could be solely a window-dressing activity. In the event that risk oversight practices would only be adopted to comply with the law or meet listing requirements, they would be unrelated to firm performance.

This research finds ambiguous evidence that effective risk oversight is associated with firm performance. Tobin’s Q, ROA (EBIT) and ROA (Net Income) are the firm performance

(6)

6

measures used in this study. The involvement of the Chief Risk Officer is positively associated with firm performance. All other risk oversight practices do not consistently show a significant relation with firm performance. This is also the most probable reason why the accumulation of all individual practices, the Risk Oversight Index, does not show a significant relation with firm performance. Interestingly, an alternative statistical method of constructing an index, principal component analysis, provides some support that particular risk oversight practices might be positively related to firm performance. The alternative indices might be superior proxies for risk oversight since they take into account the relative importance of each of the individual risk oversight practices. Future research will need to explore this issue further.

However, before interpreting the results one should be aware of the limitations of this study. First, the risk oversight practices and subsequent Risk Oversight Index might be unjust measures of risk oversight effectiveness. Second, limiting the sample to non-financial S&P 500 firms evokes a sample selection bias. Third, although I have tried to limit heteroskedasticity and multicollinearity concerns, they may still persist. Fourth, because of endogeneity concerns one should be careful before any causal relation can be inferred out of aforementioned results.

Nevertheless, the results of this study are relevant to both investors and regulators. Regulators might impose certain practices in legislation. In addition, regulators outside the United States could require similar disclosure requirements as the SEC. Furthermore, investors might be able to improve their investment decision by including risk oversight practices as decision criteria. To summarize, in this thesis I aim to shed more light on the importance of effective risk oversight at board level and its relation with firm performance.

The rest of the paper proceeds as follows: section 2 discusses the relevant market developments, section 3 critically reviews related academic literature and addresses the focus of this research, section 4 describes the data and research method, section 5 presents the results and the robustness checks. Lastly, section 6 lists the limitations of this study, and section 7 concludes and gives suggestions for future research.

II. Market developments

This section starts with an overview of the most relevant developments at legislators and market participants regarding risk oversight. The amount of regulation that stipulates the risk management responsibilities of corporate directors has increased significantly over the

(7)

7

last decade. In addition, market participants such as credit rating agencies and consultants show an increased interest in the risk oversight practices of boards of directors.

The last couple of years an increasing amount of legislation has been approved. First, since 2004 the Sarbanes-Oxley Act requires firms to perform a top-down risk assessment. Second, since 2010 the SEC (2009, p. 44) requires companies to “describe how the board administers its risk oversight function”. Third, since 2010 the Dodd-Frank Act requires a dedicated risk committee for financial companies. This might cause a trickle-down effect to non-financial companies and lead them to also establish a separate risk committee (Baumier and DeLoach, 2012). Finally, since 2013 the New York Stock Exchange requires the audit committee of listed companies to review the firm’s risk management process (NYSE, 2014).

Risk oversight is also getting more attention by a broad arena of market participants. First, industry guidelines make the link between governance and risk management. For example, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) explicitly states the risk oversight responsibility of the board in its widely adopted ERM framework. Second, since 2009 credit rating agency Standard & Poor’s is taking a firm’s ERM practices, including board oversight, into account while reviewing its creditability. Third, renown business and mainstream media have covered the risk management responsibilities of corporate leadership. For example, the Economist Intelligence Unit (2009) conducted a comprehensive survey that revealed the increased importance of risk management within the board room. Fourth, consultants are communicating the importance of appropriate risk oversight to their clients. For instance, EY (2013a), one of the Big Four audit and advisory firms, recently published a study titled turning risks into results. One of the key messages of this study is that leading companies tend to have a strengthened risk oversight function at board level.

To summarize, both regulators and market participants show an increased interest in the way board of directors deal with their risk oversight responsibility. Whereas this section provided an overview of the most relevant market developments regarding risk oversight, the next section gives an overview of the academic literature related to this topic.

III. Literature review and research focus

This section critically reviews previous academic research related to risk oversight. The literature review is split into three parts. First, studies that investigate the added value of risk management are examined. Second, an overview of the research that relates corporate

(8)

8

governance mechanisms with firm performance is provided. Third, the two areas of research are combined and previous papers that study the effect of risk oversight on firm performance are introduced.

A. Risk management and firm performance

Risk management is concerned with the early diagnosis and assessment of risks and subsequently tries to minimize the probability and impact of such risks by implementing and coordinating appropriate solutions and controls (Hubbard, 2009). Previous literature found that risk management has the potential to increase firm performance. These findings contrast Modigliani and Miller (1958), in one of their most renown studies they argue that, in a market without frictions, risk management is irrelevant for value. In other words, in a perfect world setting firms should not bother about firm-specific risks. However, when other theoretical studies took into account market frictions such as financial distress costs (Smith and Stulz, 1985), informational asymmetries (DeMarzo and Duffie, 1995) and taxes (Smith and Stulz, 1985) they showed that risk management can affect value. This subsection discusses several studies that empirically tested these theories and subsequently introduces the concept of enterprise risk management.

The theoretical hypothesis that risk management adds value was the basis of several empirical studies that examine the effect of derivatives on firm performance. Allayannis and Weston (2001) find that the use of foreign currency derivatives positively affects firm value. In addition, Carter, Rogers, and Simkins (2006) state that fuel hedging added value in the US airline industry. A more recent study done by Pérez-González and Yun (2013) finds that the use of weather derivatives is positively related to firm value.

Only lately a more holistic approach to risk management, Enterprise Risk Management (ERM), started to gain more attention by both the business world and academia. The traditional approach to risk management was focused on pure financial risks and hedging these with derivatives. However, this approach was uncoordinated and did not consider operational and strategic risks (McShane, Nair, and Rustambekov, 2011). In response to these limitations firms started to adopt ERM, a more comprehensive risk management approach. ERM is in line with the reasoning of Stulz (1996), he proposed a new approach to risk management. According to his theory firms should focus their risk management activities beyond the, at that time, dominant variance-minimization model. He argues that firms should exploit risks in which they have a comparative advantage and should minimize exposure to

(9)

9

risks in which they have no such advantage. This theory is the basis for the concept that ERM could create value for a firm and enhance its performance.

The definition of ERM used throughout the remainder of this paper is the one formulated by the Committee of Sponsoring Organizations of the Treadway Commission, a private-sector organization set-up to help businesses assess and enhance their internal control processes. Their definition is the following: “Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives” (COSO, 2004, p. 2).

Recently several studies have tried to test whether firms that implement ERM are more successful than other firms. For example, Hoyt and Liebenberg (2011) find a positive effect for the appointment of a Chief Risk Officer on firm value for US insurers. McShane et al. (2011) did a similar research in the same industry. They use the rating Standard & Poor’s applies to a firm’s ERM practices as a proxy for ERM adoption. In contrast to their expectations they find that firms with a strong ERM rating did not perform better than firms with a moderate ERM rating. However, these firms outperformed their counterparts with a weak rating.

The majority of the studies support the hypothesis that risk management adds value. However, all studies note that the relation of risk management and firm performance is prone to endogeneity. Therefore, these results should be interpreted with caution. Also, most studies are limited to a specific type of derivative or industry.

B. Corporate governance and firm performance

Corporate governance refers to the way in which investors make sure their investments generate a fair return (Shleifer and Vishny, 1997). In other words, corporate governance concerns the structures, rights, duties, and obligations by which suppliers of finance assure themselves the company is ran in their best interests. Besides direct monitoring, investors’ interest are represented through the board of directors (Bebchuk and Weisbach, 2010). However, as noted already in the 18th century by Adam Smith (1776) directors might not have the same interests as the shareholders. In recent years a vast amount of research covering how boards can be made to work better was published. Since this paper hypothesizes that the way boards fulfill their risk management responsibilities affects firm performance, it is essential to first examine how other board characteristics influence its

(10)

10

decisions. Hence, previous research that examines whether board structure and board characteristics matter are discussed in this subsection.

Bebchuk and Weisbach (2010) provide a good overview of the academic research in this field. They discuss various papers that find specific board characteristics to positively improve board decision making. The importance of independent directors is the most discussed topic in this area. Independent directors are directors that do not hold an executive position at the same firm as where they are in the board of directors. Core, Holthausen, and Larcker (1999) find director independence to be positively related to executive compensation decisions. In addition, Beasley (1996) shows that independent boards have a lower likelihood of fraud. Interestingly, a study done by Klein (1998) shows that the percentage of inside directors in the finance and investment board committees positively relates to financial performance. Ashbaugh-Skaife, Collins, and LaFond (2006) find that board characteristics influence a firms’ credit rating.

Whereas the previous studies focused on the quality of the individual board members other studies describe the potential impact of committees on firm performance. Sun, Cahan, and Emanuel (2009) show that the quality of the compensation committee has a positive impact on firm performance. They measure the quality of the committee by using several characteristics: committee size, experience, independence, and the number of busy directors. Anderson, Mansi, and Reeb (2004) find that firms with independent audit committees have lower cost of debt. Also, during the financial crisis the characteristics of the audit committee were associated with firm performance (Aldamen, Duncan, Kelly, McNamara, and Nagel, 2012).

These studies reveal the importance of board characteristics and board structure. This supports the hypothesis of this thesis that more specific board characteristics, namely risk oversight practices, influence firm performance.

C. Risk oversight and firm performance

Risk oversight is where risk management and corporate governance intertwine. Risk oversight refers to the responsibilities the board has regarding the risk management activities of the firm. The board of directors has to ensure the firm acts in the interests of its shareholders. In that respect, the board has to ensure its risk management activities are in line with shareholder interests. The risk management responsibility of the board is twofold.

First, the board should define the firms’ risk appetite. Risks are managed more appropriately at the business level if the board has made an explicit choice of its risk appetite

(11)

11

(Nocco and Stulz, 2006). As Stulz (2008) notes the choice of which risks a firm wants to bear and which risks it wants to avoid, its risk appetite, is at the heart of its strategy. In addition, defining the amount and the type of risks a firm wants to be exposed to is critical for value creation (Nocco and Stulz, 2006). Therefore, responsibility for defining the risk appetite should be at board level (Stulz, 2008).

Second, the risk management activities the firm undertakes should be monitored by the board (Stulz, 2008). Once risk appetite is defined, an appropriate risk management program should be in place. It is the task of the board to oversee and monitor this risk management program. Thus, defining risk appetite and monitoring its risk management is the core of the risk oversight task of the board.

As noted by Goldberg and Harsch (2010) firms choose to structure the risk oversight function in various ways. In other words, board characteristics related to the boards’ risk management responsibilities are heterogeneous. One of the first studies to combine these two research areas is done by Mongiardino and Plath (2010). They distinguish three best practices for banks to structure their risk governance. According to them banks should at least have (1) a risk committee (2) of which a majority should consist out of independent directors and (3) a chief risk officer (CRO) in the board.

Aebi et al. (2012) build upon this and research whether specific risk governance characteristics affect firm performance and firm risk. The main measures of risk governance they use are related to the importance of the CRO within the board, the financial expertise of the board and the existence of a risk committee. They control their results for standard corporate governance variables, like independence and board size, and find those not to affect bank performance. With regard to risk governance, they find that banks where a CRO reports directly to the CEO outperformed their competitors during the financial crisis. The other risk governance variables show less pronounced results.

Ellul and Yerramilli (2013) research whether the way the risk function is established in a firm’s governance influences its financial performance. They measure the strength and independence of the risk management function within a bank by constructing a risk management index (RMI). The RMI is based on various variables related to the importance and independence of the CRO and risk committee within the board. They find that a strong and independent risk management function, proxied by their RMI, at banks results in lower tail risk exposures. Both studies amplify the importance of appropriate risk governance.

(12)

12

D. Research focus

Whereas Ellul and Yerramilli (2013) and Aebi et al. (2012) focus on banks, this research focuses on non-financial firms. In addition, this study solely focuses on risk oversight at board level, while Ellul and Yerramilli (2013) also take into account risk oversight at management level. Hence, the hypothesis central to this thesis is that at non-financial S&P 500 firms effective risk oversight is positively associated with firm performance.

IV. Data and methodology

This section discusses the data and methodology used in this study. First, I describe the sample of the study. Second, the proxy for risk oversight effectiveness is introduced. Third, I discuss the firm performance and control variables. Fourth, descriptive statistics and the Pearson correlation matrix of the data are examined. Finally, I introduce the regression models used in this paper.

A. Sample

The sample is restricted to non-financial Standard & Poor’s 500 (S&P 500) firms. Financial companies (SIC codes: 6000 to 6999) are excluded from the sample for three reasons. First, previous studies have focused on the link between risk oversight and firm performance at financial firms, the same link at non-financial firms is so far unexplored. Second, risk oversight practices are more heterogonous at non-financial firms compared to financial firms (Baumier and DeLoach, 2012). Third, the firm characteristics of financial firms, like banks and insurers, are difficult to compare with non-financial firms. This might unintentionally affect the results.

Furthermore, focusing on the S&P 500 firms yields three advantages. First, only US listed firms are required to disclose their risk oversight practices. Second, the relative short time risk oversight has grabbed the attention of firms means that only a few have adapted their risk oversight practices accordingly. It is more likely to find risk oversight practices that increase firm performance in this sample, since larger firms, i.e. S&P 500 firms, are generally quicker to adapt their governance structures to best practices (Pincus, Rusbarsky, and Wong, 1989). Third, all SEC proxy filings need to be studied manually, this makes it essential to put limits on the sample. Taken together, this study focuses on non-financial S&P 500 firms.

(13)

13

B. Risk Oversight Index

In order to determine the effectiveness of risk oversight at individual firms, I construct the Risk Oversight Index. This index is based on eight risk oversight components. As discussed previously, the data regarding the individual risk oversight practices can be derived from the definitive proxy statements (i.e. SEC Form DEF 14A). The enhanced disclosure requirements came into effect in 2010. Since then, firms have on average every year become more transparent in their disclosures about risk oversight (Deloitte, 2013). Therefore the most recent definitive proxy statements are the main source for the risk oversight practices deployed at firms. Since this study was undertaken in spring 2014, the proxy statements referring to the fiscal year 2012 are the most recent ones. In order to ensure like-for-like comparability the performance data is also limited to the same fiscal year.

After collecting the proxy statements from the EDGAR database, the public database with all SEC filings, the paragraph dedicated to risk oversight was extracted from these disclosures. Subsequently within those extracts a keyword search was performed. Aebi, Sabato, and Schmid (2012) and Ellul and Yerramilli (2013) also use the DEF14A proxy statements to hand-collect data on the existence of a CRO and a board risk committee. Furthermore, Hoyt & Liebenberg (2011) use keyword searches to determine whether firms have implemented ERM. Similar to my method they manually reviewed each “hit” within its context in order to determine its validity. For example, they explicitly mention they perform a search within the disclosures for the following words: “enterprise risk management”, “chief risk officer”, “risk committee”, “strategic risk management”, “consolidated risk management”, “holistic risk management”, “integrated risk management”. Gordon, Loeb and Tseng (2009) copy the key word search method of Hoyt and Liebenberg (2011).

Specifically, I scanned the risk oversight extracts of the proxy disclosures to generate the following eight dummies: Chief Risk Officer (CRO), management risk committee (Management RC), board risk committee (Board RC), Enterprise Risk Management (ERM), risk appetite, strategy, charter and full board. Similar to Aebi et al. (2012) and Ellul and Yerramilli (2013) I test whether firms have an executive dedicated to risk management and whether a specific risk committee exists and at what level. In addition, according to Stulz (2008) responsibility for defining the risk appetite should be at board level, also this should be aligned with a firm’s strategy. A study by EY (2013a) finds that firms with strong risk governance have developed a clear mandate i.e. charter and scope for each committee involved in risk oversight. Goldberg and Harsch (2010) analysed the proxy disclosures of

(14)

14

thirty leading firms listed in the USA. They distinguish two models of risk oversight; primary responsibilities are delegated either to the entire board or to a specific committee. The keywords used to identify each of these dummy variables are outlined in Table I.

The Risk Oversight Index is constructed by simply adding up the dummies of all eight variables

.

This method of constructing an index does not reflect any difference in the relative importance of each of the components. However, it has the advantage of being easily reproducible and transparent (Gompers et al., 2003). Adding the individual components in order to construct an index is a method previously applied by Gompers, Ishii and Metrick, 2003) and Bebchuk, Cohen and Ferrell, (2009). The Governance Index (Gompers et al., 2003) and Entrenchment Index (Bebchuk et al., 2009) are constructed to determine whether corporate governance attributes are associated with firm performance.

Furthermore, in additional regressions, principal component analysis is applied and the first and second component are used as proxies for effective risk oversight. As discussed by Tetlock (2007), principal component analysis avoids the problem of making subjective judgements about the relative importance of each variable Previously, Ellul and Yerramilli (2013) constructed their Risk Management Index with the same method. They use the first component to construct their index. However, based on the scree test, first proposed by Cattell (1966), I choose to use both the first and second component. The results of the principal component analysis and the scree plot can be found in the appendix, respectively Table VII and Figure I.

A closer look at the composition of the two components reveals the dummies that have the most impact on the construction of the variable. The first component is particularly constructed based on the dummies for management risk committee, ERM, strategy and risk appetite. The most important variables in the second component are the board risk committee chief risk officer. Interestingly, in front of the dummies identifying ERM and the strategy alignment is a negative sign. A very holistic interpretation of a possible positive coefficient for this second component would thus imply that the existence of a CRO and a board risk committee is positively associated with firm performance. Vice versa, it would also imply that oversight of an ERM program and strategy alignment is negatively associated with firm performance.

(15)

15

C. Firm performance and control variables

Whereas the previous subsection discussed the risk oversight variables, this subsection describes the firm performance variables and control variables. Tobin’s Q and return on assets are used as proxies for firm performance. Tobin’s Q is the ratio of a firms’ market value to its book value. As explained by Lang and Stulz (1993) Tobin’s Q is superior to other proxies for firm performance, because it does not require risk-adjustment. In addition, Tobin’s Q is comparatively free from manipulation by management since it is based on market expectations (Lindenberg and Ross, 1981). In addition to Tobin’s Q, two alternative measures of return on assets (ROA) are used as the accounting-based proxies for firm performance. As done by Core et al. (1999) ROA (EBIT) is computed by taking the ratio of earnings before interest and taxes (EBIT) and the average book value of assets over the past fiscal year. Similar to Aebi et al. (2012) and Hoyt and Liebenberg (2011), ROA (Net Income) is computed by taking the ratio of net income and the average book value of assets over the past fiscal year. The accounting based measures are derived from Standard & Poor’s Compustat. Market data is collected from the database of the Center for Research in Security Prices (CRSP). As discussed before firm performance data is collected for 2012. The variables ROA and Tobin’s Q are winsorized at the 5th and 95th percentile. However, when the winsorizing of these variables is omitted in unreported robustness tests the results do not differ qualitatively.

The control variables used in this study, i.e. firm size, leverage, beta, industry and two corporate governance measures, are based on Hoyt and Liebenberg (2011), McShane et al. (2011) and Bebchuk et al. (2009). Both ERM implementation and board characteristics are found to be related to firm size (Beasley et al., 2005). To avoid the risk oversight variables to proxy for firm size it is important to include it as a control variable. The natural logarithm of the book value of assets is used as the estimate for firm size. In addition, leverage is added to correct for any relation between capital structure and risk oversight effectiveness. The degree of leverage at firms is proxied by the ratio of the book value of liabilities and the market value of equity. Furthermore, due to varying risk and regulatory environments, risk oversight practices might vary per industry. To correct for these industry-effects, industry dummies are included as control variables. As in Campbell (1996) the aggregated two-digit SIC codes classifies the various firms in their industry. The beta of the firm is used to correct for volatility. As is done by Hoyt and Liebenberg (2011), the one-year beta is based on the past

(16)

16

60 months’ excess returns. Excess returns are calculated by correcting the monthly returns for the yield on the 3-month T-bill.

The Entrenchment Index developed by Bebchuk et al. (2009) and the percentage of independent directors are used to control for more general corporate governance differences. Building on the governance index of Gompers et al. (2003), Bebchuk et al. (2009) find that only six out of the original 24 provisions of the governance index have a significant impact on firm value. Five of these six provisions are included in the Entrenchment Index used in this study. The sixth variable, limits to amend the charter, proved to be non-existent at all companies in the sample. Also, Beasley et al. (2005) find that more independent boards are more likely to implement ERM programs. Including board independence and the Entrenchment Index in the regression ensures that the Risk Oversight Index does not proxy for these more general governance variables. Table I provides a more comprehensive definition of the various variables.

(17)

17 Table I

Definition of variables

Variable Description Source Reference

Chief Risk Officer (CRO)

Does the company have a Chief Risk Officer involved in risk oversight?

Manually collected from the risk oversight

paragraph in the DEF 14A proxy statements. The proxy statements are collected from SEC’s EDGAR database

Aebi et al. (2012) Ellul and Yerramilli (2013) Enterprise Risk

Management (ERM)

Is the board in involved in the oversight of an Enterprise Risk Management program?

Board Risk

Committee (BRC) Does the company have a Risk Committee at board level? Aebi et al. (2012) Ellul and Yerramilli (2013) Management Risk

Committee (MRC) Does the company have a Risk Committee at senior-management level? Aebi et al. (2012) Ellul and Yerramilli (2013)

Risk Appetite (RA) Is the board involved in defining Risk Appetite? Stulz (2008)

Full Board (FB) Is risk oversight a full board responsibility? Goldberg and Harsch

(2010)

Strategy (Str) Is a firm’s risk policy aligned with its strategy? Stulz (2008)

Charter (Cht) Does any charter or policy define the risk oversight responsibility?

EY (2013a) Risk Oversight

Index (RO Index)

Sum of all risk oversight dummies:

(CRO + ERM + BRC + MRC + FB + RA + Str + Cht )

Gompers et al. (2003) RO Index pc1 First principal component of all risk oversight dummies Ellul and Yerramilli

(2013)

RO Index pc2 Second principal component of all risk oversight dummies Ellul and Yerramilli (2013)

Tobin’s Q

Tobin’s Q =Market value of equity + book value of liabilities Book value of assets

CRSP/Compustat Merged Hoyt and Liebenberg (2011)

ROA (EBIT)

B T = arnin s before nterest an Ta es

vera e book value of assets

(18)

18 Table I

Definition of variables

Variable Description Source Reference

ROA (Net Income)

= et n o e

CRSP/Compustat Merged Hoyt and Liebenberg (2011)Aebi et al. (2012) Leverage

Levera e = Book value of liabilities

CRSP/Compustat Merged Hoyt and Liebenberg (2011)

Firm size Natural logarithm of book value of assets CRSP/Compustat Merged

Beta Annual beta for each firm is calculated as follows:

= where =∑ ̅ ̅ and

= ∑ ̅

is the monthly return for firm i, is the monthly market (CRSP value-weighted) return, and n=60

CRSP Hoyt and Liebenberg

(2011)

Industry The aggregated two-digit SIC codes CRSP/Compustat Merged Campbell (1996)

Entrenchment Index

Based on the sum of five provisions: Staggered boards, limits to amend bylaws, supermajority, golden parachutes and poison pills

RiskMetrics Bebchuk et al. (2009) Board

independence

(19)

19

D. Descriptive statistics

An overview of the descriptive statistics is provided in Table II. Out of the original S&P 500 firms, 378 firms are left after dropping both the financial firms and the firms of which its normal operations and financials were influenced by a major acquisition. The average Tobin’s Q within this sample is 1.9 and the average ROA (EBIT) and ROA (Net Income) were respectively 12.4% and 7.5%. The average beta is 1.04 and thus as expected approaches the market portfolio. The average beta is slightly different from one for two main reasons. First, the sample excludes financial firms. Second, the average beta reported is unweighted, i.e. the reported beta does not account for differences in market capitalization. Both, The average value for the Entrenchment Index (2,7) and the average percentage of independent directors (82%) are roughly in line with findings of respectively Bebchuk et al. (2009) and Bhagat and Black (2001).

Some of the eight risk oversight practices are more frequently identified than others. Full board responsibility is found in 60% of the firms on the other side of the spectrum are risk committees at board level, only 3% of the firms disclose to have such a committee. Furthermore, a chief risk officer and risk appetite responsibility is disclosed at 6% of the firms. A risk committee at management level is found at 15% of the firms and 20% of the companies have their risk oversight responsibility defined in their charters. Also, 36% disclose that their risk oversight responsibility is aligned with their corporate strategy and 43% of the firms oversee an ERM program. Those findings are in line with a similar analysis done by Deloitte (2013) where they scanned the proxy disclosures of the 200 biggest S&P 500 firms. Those findings result in an average value for the Risk Oversight Index of 1.9. A standard deviation of 1.2 gives sufficient potential to examine any link with firm performance. The first and second principal component have similar standard deviations.

Table III presents the frequency of the various risk oversight practices per industry. As discussed before, the degree of risk oversight is expected to differ per industry. For this reason, industry is included as a control variable. The results presented in Table III confirm that some risk oversight practices are more common in one industry than in the other. Notable are the relatively high frequency of CRO’s and board risk committee’s at utility firms. These results are in line with Deloitte (2013). Utilities operate in a high-risk environment and therefore have more advanced risk governance practices EY (2013b). Furthermore, the food and tobacco industry has the highest average Risk Oversight Index value. This might be explained by the consumer-oriented nature of the industry. Presumably, consumer-oriented

(20)

20

firms also use their annual reports for marketing reasons and therefore potentially provide more extensive disclosure, subsequently resulting in a higher Risk Oversight Index.

The correlation matrix between the different variables is presented in Table IV. The table shows that most variables are only lowly correlated with each other. The dependent variables, Tobin’s Q, ROA (Net Income) and ROA (EBIT) are positively correlated. Furthermore, leverage and firm size are both negatively correlated with the firm performance variables. Interestingly, the second component of the risk oversight practices does not correlate with the Risk Oversight Index. In contrast, the first component is highly correlated with the Risk Oversight Index and is therefore expected to provide similar results in the subsequent regressions. All other variables have small correlation coefficients with each other.

E. Regression model

The relation between risk oversight effectiveness and firm performance is examined using ordinary least squares (OLS) regressions. More specifically, the following model is tested:

Firm performance = β0 + β1 (Risk oversight effectiveness) + γi (Xi) + ε

The dependent, i.e. firm performance, variables of the regressions are Tobin’s Q, ROA (EBIT) and ROA (Net Income). Furthermore, firm size, leverage, beta, Entrenchment Index and the percentage of independent directors are included as control variables, represented by Xi. For each of the three dependent variables four regressions are performed. First, firm performance and only the control variables are regressed. Second, the Risk Oversight Index replaces the individual practices. Third, the first and second principal component are included instead of the Risk Oversight Index. Fourth, all risk oversight practices are added to the regression model. The various variables are described in more detail in Table I.

(21)

21 Table II Descriptive statistics

Variable N Mean Median S.D. Min. Max

Tobin's Q 376 1.93 1.66 0.87 1.00 4.10

ROA (Net Income) 376 11.19 10.47 5.59 -0.54 34.21

ROA (EBIT) 377 12.55 11.09 7.64 -2.28 38.08 Leverage 376 37.04 34.42 18.51 1.81 82.36 Firm size 378 9.54 9.46 1.10 6.95 13.44 Beta 378 1.04 1.00 0.52 -0.86 2.66 Entrenchment Index 378 2.72 3.00 1.00 0.00 5.00 % Independent directors 378 0.82 0.86 0.10 0.40 1.00

Enterprise Risk Management 378 0.43 0.00 0.50 0.00 1.00

Chief Risk Officer 378 0.06 0.00 0.24 0.00 1.00

Management Risk Committee 378 0.15 0.00 0.36 0.00 1.00

Board Risk Committee 378 0.03 0.00 0.17 0.00 1.00

Strategy 378 0.36 0.00 0.48 0.00 1.00 Risk Appetite 378 0.06 0.00 0.23 0.00 1.00 Full Board 378 0.60 1.00 0.49 0.00 1.00 Charter 378 0.20 0.00 0.40 0.00 1.00 RO Index 378 1.89 2.00 1.23 0.00 6.00 RO Index pc1 378 0.00 -0.19 1.21 -1.37 5.43 RO Index pc2 378 0.00 -0.22 1.15 -1.08 7.07

(22)

22 Table III

Risk oversight practices: means per industry

The table below presents the means of the various risk oversight variables per industry. The industry classification is based on Campbell (1996), and is constructed as: Petroleum (SIC 13,29), Consumer durables (SIC 25, 30, 36, 37, 50, 55, 57), Basic industry (SIC 10, 12, 14, 24, 26, 28, 33), Food and tobacco (Sic 1, 2, 9, 20, 21, 54), Construction (SIC 15, 16, 17, 32, 52), Capital goods (SIC 34, 35, 38), Transportation (SIC 40, 41, 42, 44, 45, 47), Utilities (SIC 46, 48, 49), Textiles and trade (SIC 22, 23, 31, 51, 53, 56, 59), Services (SIC 72, 73, 75, 76, 80, 82, 87, 89) and Leisure (SIC 27, 58, 70, 78, 79) and Other. This excludes financial and real estate companies (SIC 60 to 69). The different definitions of the reported variables can be found in Table I.

Obser-vations ERM CRO MRC BRC Str RA FB Cht RO-index

RO Index pc1 RO- index pc2 Petroleum 31 52% 3% 19% 3% 29% 10% 52% 6% 1.7 0.1 -0.1 Consumer durables 52 38% 2% 15% 0% 40% 6% 56% 12% 1.7 -0.1 -0.2 Basic industry 53 49% 6% 8% 0% 25% 6% 70% 26% 1.9 -0.1 -0.1

Food and tobacco 28 61% 4% 21% 4% 54% 4% 71% 21% 2.4 0.4 -0.2

Construction 7 14% 0% 0% 14% 43% 0% 43% 14% 1.3 -0.7 0.4

Capital goods 56 41% 2% 11% 0% 34% 5% 68% 11% 1.7 -0.2 -0.3

Transportation 11 36% 9% 9% 0% 9% 0% 55% 36% 1.5 -0.5 0.2

Utilities 52 37% 21% 29% 10% 37% 8% 46% 31% 2.2 0.3 0.8

Textiles and trade 28 46% 0% 18% 0% 46% 4% 68% 32% 2.1 0.1 -0.3

Services 40 50% 10% 13% 5% 48% 8% 60% 10% 2.0 0.2 0.0

Leisure 11 18% 0% 0% 0% 27% 0% 64% 27% 1.4 -0.7 -0.1

Other 9 22% 11% 11% 11% 22% 11% 56% 33% 1.8 -0.2 0.7

(23)

23 Table IV Correlation matrix

The table below presents the correlation matrix for the main variables used. The definitions of the individual variables can be found in Table I. Tobin's Q ROA (NI) ROA (EBIT) Lever-age Firm

size Beta E-index

Percent. Indep. RO-index RO Index pc1 RO Index pc2 Tobin's Q 1.00

ROA (Net Income) 0.74 1.00

ROA (EBIT) 0.78 0.88 1.00 Leverage -0.76 -0.70 -0.65 1.00 Firm size -0.46 -0.29 -0.35 0.42 1.00 Beta -0.19 -0.11 -0.13 0.11 -0.09 1.00 Entrenchment Index 0.12 0.12 0.12 -0.04 0.14 -0.02 1.00 Percentage independent directors -0.17 -0.12 -0.19 0.19 0.21 0.00 -0.18 1.00 ROindex -0.19 -0.13 -0.12 0.21 0.19 -0.10 -0.02 0.10 1.00 RO Index pc1 -0.20 -0.12 -0.12 0.21 0.19 -0.08 -0.02 0.10 0.87 1.00 RO Index pc2 -0.01 -0.07 -0.06 0.15 0.09 -0.07 -0.02 0.06 0.06 0.00 1.00

(24)

24

V. Results and Robustness

A. Results

The results of the twelve regressions are presented in Table V. For each of the three performance measures four regressions are done. This section discusses the results of these twelve regressions. Furthermore, several additional regression models are introduced to check for robustness.

For the first regressions only the control variables are included in the model. The signs in front of the coefficients of the various control variables are in general consistent across the three firm performance measures. When Tobin’s Q is used as the dependent variable the results for the control variables are most significant. As expected firm size, leverage and beta are negatively associated with Tobin’s Q. Similar to the results of Bebchuk et al. (2009) the Entrenchment Index is positively related to firm performance. The percentage of independent directors is the sole insignificant predictor of firm performance. This is in line with findings by Bhagat and Black (2001).

The eight risk oversight practices are added in the second regressions. Across the three dependent variables the presence of a CRO is the most significant risk oversight practice to be associated with firm performance. For both Tobin’s Q and ROA (NI) this association is significant at the 5% level. These regressions show there is some evidence that the presence of the CRO is positively associated with firm performance. This is not in line with findings by Aebi et al. (2012), they found no relation between firm performance and a CRO. However, their sample was limited to banks and this study focuses on non-financial firms. The results of this study are consistent with Pagach and Warr (2011), they found that non-financial firms with a higher market-to-book ratio were more likely to hire a CRO. The only other risk oversight practice that is significant in one regression is Management Risk Committee. Interestingly this practice is negatively associated with Tobin’s Q. However, this practice is insignificant in the other regressions and only at the 10% level in the Tobin’s Q regression, therefore these results are rather inconclusive. The presence of a risk committee has an insignificant effect on firm performance. This is in line with the results of the aforementioned research of Aebi et al. (2012). In contrast to expectations and the theory of Nocco and Stulz (2006) the variables risk appetite and strategy are not significantly related to firm performance. There are two reasons that can explain the insignificant results of the individual risk oversight variables. First, the relation between the risk oversight practice and

(25)

25

firm performance might in theory make sense but in practice just non-existent. Second, the limitations of this research inhibit the possibility to empirically identify the relation. Those limitations will be discussed in the next section.

Next, for the third regressions the Risk Oversight Index is introduced instead of the eight individual practices. The Risk Oversight Index accumulates the eight risk oversight practices and is a simple proxy for risk oversight effectiveness. The Risk Oversight Index is insignificant for all regressions. This means that similar to most individual risk oversight practices, the accumulation of the eight practices is not significantly associated with firm performance. For the same reason as Gompers et al. (2003), the Risk Oversight Index was constructed to amplify any relation its components might have with firm performance. But whereas the Governance Index of Gompers et al. (2003) was positively associated with firm performance, no such relation is found for the Risk Oversight Index.

In the fourth and the last regressions the two principal components are introduced. The first principal component is insignificant in all regressions. However, the second principal component is significantly positively associated with Tobin’s Q at the 1% level. As described previously, the main determinants of the second principal component are CRO, board risk committee, management risk committee and ERM. The appearance of a CRO and a board risk committee increase, and the appearance of ERM and a management risk committee decrease the second principal component. Thus, the positive and significant coefficient indicates that a combination of a CRO and board risk committee without a management risk committee and ERM program is positively associated with firm performance. However, before any conclusions are drawn from these results it is important to check for robustness and to consider the limitations of this study. The former is examined next and the latter is discussed in the subsequent section.

B. Additional robustness tests

In order to get more robust results three alternative regression models are considered. First, two additional firm performance indicators are used. Second, the time frame is expanded to three years. Third, to check for endogeneity a propensity matched sample is constructed. The three robustness tests will be discussed in more detail in the remainder of this section.

To start, return on equity (ROE) and the buy-and-hold return (BHR) are used as two additional performance measures. ROE is defined as the net income divided by the average book value of equity. The buy-and-hold return is calculated based on the cumulative stock

(26)

26

return over the firm’s fiscal year 2012. Aebi et al. (2012) also use ROE and the buy-and-hold return as alternative proxies for firm performance. The results can be found in the appendix (Table VIII). In general, the models are not very robust since they both have a R2 of below 0.2. Similar to the results for the ROA regressions, the Risk Oversight Index and the first and second principal components are insignificant predictors for firm performance in both regressions. Interestingly though, CRO is significantly positively associated with ROE. This finding is in line with the results of the original regression models.

In addition, similar to Aebi et al. (2012) I expand the time frame with two years. The financial data for 2010 and 2011 are added to the model. By expanding the time frame the analysis will be more robust since it is based on more performance data. However, the risk oversight data are only collected for 2012 and might therefore not be representative for the risk oversight practices in place during 2010 and 2011. The results are presented in the appendix (Table IX). The number of observations is tripled and this might explain the more significant results in these regressions. In general, the results are in line with the original model. Interestingly, the risk oversight variables show more significant results. First, the Risk Oversight Index is negatively and significantly associated with Tobin’s Q. However, the relation with ROA is insignificant. Second, the second principal component is significantly and positively associated with all three firm performance measures. These results are in line with but also more significant than previous. Third, several of the individual risk oversight practices show some significant relation with one or more firm performance measures. Consistent with previous findings is the positive relation of CRO with firm performance. Based on these results the relation between CRO appointment and firm performance seems rather robust.

Lastly, a propensity matched sample is constructed twice. First, for firms with a high score for the Risk Oversight Index and second, for firms with a high score for the alternative index based on the second principal component of the individual risk oversight practices. The propensity matched sample allows us to check whether companies self-select to implement effective risk oversight (Gordon et al., 2009). The regression models for which the firm performance are a direct function of the Risk Oversight Index or the alternative index might suffer from a selectivity bias. This bias arises from the endogenous choice of adopting ERM practices (Liebenberg and Hoyt, 2003) or in this study more specifically risk oversight practices. In other words, high performance firms may choose effective risk oversight practices, just because they are high performance firms and not because risk oversight practices actually further improve their performance. In order to construct the propensity

(27)

27

matched sample a new binary variable is created. This binary variable, high-ROI (high-ROI pc2), is equal to one when the Risk Oversight Index (RO index pc2) is greater than or equal to three (0.2) and zero otherwise. Both thresholds represent the upper quartile\. Next, the 104 (122) firms with a score higher or equal to the upper quartile for the Risk Oversight Index (RO index pc2) are matched with one of the remaining firms that have the closest propensity score. The propensity scores are obtained from a logistic model that estimates the probability of firms having a high score for the Risk Oversight Index or RO index pc2 (Gordon et al., 2009). The variables used in the logistic model are the same as those in the original regressions.

A summary of the results for the propensity matched sample can be found in the appendix (Table VIII). The average treatment effect on the treated is insignificant for both variables of interest. The insignificant result for the Risk Oversight Index, Panel A, is in line with previous findings. However, the insignificant results for the second principal component of the risk oversight practices, Panel B, are a signal of endogeneity within the results of the original model. In contrast to the original findings, when the firms with a high score on this alternative index are propensity matched with control firms no difference is found in the average firm performance. The results show that future research should take the endogeneity concerns into account when designing their research setup. An alternative proxy for risk oversight, for example survey data, and risk oversight data over a longer period of time might help to overcome the endogeneity problem. Also, a change in regulation that obliges certain risk oversight practices for some firms but does not so for other firms could provide a research setting with less severe endogeneity concerns. Unfortunately, such data and such a research setting were not yet available for this research.

(28)

28 Table V

Regression results: Tobin’s Q, ROA (EBIT) and ROA (NI)

pval in parentheses *** p<0.01, ** p<0.05, * p<0.1

Tobin's Q Tobin's Q Tobin's Q Tobin's Q ROA (EBIT) ROA (EBIT) ROA (EBIT) ROA (EBIT) ROA (NI) ROA (NI) ROA (NI) ROA (NI)

(1) (2) (3) (4) (1) (2) (3) (4) (1) (2) (3) (4) RO Index -0.031 0.019 -0.054 (0.176) (0.931) (0.727) RO Index pc1 -0.034 0.038 0.026 (0.140) (0.862) (0.868) RO Index pc2 0.065*** 0.260 0.167 (0.007) (0.255) (0.314) Enterprise Risk Management -0.050 0.614 0.292 (0.380) (0.262) (0.459)

Chief Risk Officer 0.283** 1.843 1.831**

(0.016) (0.100) (0.024)

Management Risk Committee

-0.158** -0.842 -0.785

(0.041) (0.256) (0.142)

Board Risk Committee 0.056 0.799 -0.629

(0.739) (0.618) (0.586) Risk Appetite 0.004 -0.888 -0.221 (0.971) (0.422) (0.782) Charter 0.052 0.084 0.158 (0.450) (0.898) (0.740) Strategy -0.071 0.133 0.013 (0.215) (0.809) (0.974) Full board -0.058 -0.573 -0.728* (0.293) (0.284) (0.059) Firm Size -0.161*** -0.157*** -0.158*** -0.153*** -0.754*** -0.756*** -0.762*** -0.728*** -0.139 -0.132 -0.144 -0.100 (0.000) (0.000) (0.000) (0.000) (0.005) (0.005) (0.005) (0.007) (0.474) (0.500) (0.460) (0.610) Leverage -0.031*** -0.031*** -0.031*** -0.031*** -0.208*** -0.209*** -0.209*** -0.210*** -0.196*** -0.195*** -0.197*** -0.196*** (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) Beta -0.151** -0.156** -0.155** -0.154** -0.704 -0.701 -0.695 -0.623 -0.310 -0.322 -0.304 -0.299 (0.013) (0.010) (0.010) (0.011) (0.231) (0.236) (0.239) (0.296) (0.466) (0.452) (0.477) (0.487) Entrenchment Index 0.083*** 0.081*** 0.083*** 0.080*** 0.440 0.441 0.451* 0.357 0.392** 0.389** 0.399** 0.329* (0.004) (0.004) (0.003) (0.006) (0.104) (0.104) (0.097) (0.196) (0.046) (0.048) (0.043) (0.099) % Independent directors 0.156 0.169 0.151 0.128 -2.489 -2.497 -2.618 -3.328 0.114 0.137 0.030 -0.454 (0.574) (0.543) (0.583) (0.645) (0.344) (0.343) (0.321) (0.211) (0.952) (0.943) (0.988) (0.813) Constant 4.421*** 4.424*** 4.388*** 4.446*** 28.974*** 28.971*** 29.159*** 29.681*** 15.250*** 15.258*** 15.372*** 15.804*** (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) (0.000) (0.000)

Industry-effects Included Included Included Included Included Included Included Included Included Included Included Included

Observations 377 377 377 377 376 376 376 376 376 376 376 376

(29)

29

VI. Limitations

The previous section presents the results. In order to get a better understanding of these results and its implications it is important to discuss the limitations of this study. First, the risk oversight practices and subsequent Risk Oversight Index might be unjust measures of risk oversight effectiveness. Second, limiting the sample to non-financial S&P 500 firms evokes a sample selection bias. Third, although I have tried to limit heteroskedasticity and multicollinearity concerns they may still persist. Fourth, because of endogeneity concerns no causal connection can be inferred out of aforementioned results. Because of the potential implications of each limitation and to provide a complete overview of the opportunities for improvement for future research I discuss each of these limitations individually in this section.

First, within this research risk oversight effectiveness is proxied by quantifying information distilled from proxy disclosures. The requirement to disclose risk oversight practices is relatively new. For this reason the disclosures provide a new source of information to evaluate a firm’s risk oversight practices on. However, the newness of the disclosure requirement also implies that in academics the source was thus far unexplored. Hence, the proxy for risk oversight effectiveness is unique but its validity also untested.

Second, this study limits itself to non-financial S&P 500 firms and their risk oversight disclosures in 2012. Since the S&P 500 index only consists out of large firms the findings of this study might suffer from a large-firm bias and therefore do not naturally apply to smaller firms. Also, although most firms in the sample are active across the globe most of their revenues still originates from the USA (Business Insider, 2013). For this reason one should be careful generalizing these results to other countries. Lastly, inferences based on the disclosures in 2012 are not necessarily the same for other years. Risk oversight effectiveness might have a different impact on firm performance depending on the economic environment in a particular year. This hypothesis would be in line with previous studies. For example, Ellul and Yerramilli (2013) show risk management and governance have more impact in crisis years. Despite that the specific sample is chosen for good reasons one should be aware of the biases this sample selection might create.

Third, before any conclusions are made it is important to validate the assumptions underlying the regression models presented in the previous section. Data plots and histograms are inspected to check for normality. Outliers within the dependent variables are removed by winsorizing at the 5th and 95th percentile. Robust standard errors are used to limit

(30)

30

heteroskedasticity concerns. Also, to test for multicollinearity Variance Inflation Factors (VIF) are computed for the different independent variables. None of the VIF are greater than ten, therefore multicollinearity is probably not present among the independent variables and no issue within this study. The individuals VIF are reproduced in Table VI.

Lastly, the results of an academic study ideally invite for causal interpretations. However endogeneity concerns tend to hinder corporate governance studies from establishing such causality. First, reverse causality concerns might hint to endogeneity. When it is plausible that the dependent variable i.e. firm performance influences the independent variable (e.g. risk oversight effectiveness) one speaks of reverse causality. For example, it could be that better performing firms have more resources available to invest in an effective risk oversight environment. If this is the case, risk oversight does not affect firm performance but the other way around; firm performance affects risk oversight. Second, omitted variables might cause endogeneity issues. Unobserved characteristics could impact firm performance through one of the observed characteristics thereby unintentionally influencing the results. One example of such a potential omitted variable is the risk propensity of a board. According to Core et al. (1999) the degree of risk-seeking or risk-averse behaviour of a board impacts firm performance. Risk propensity is an omitted variable in this study and might thus unintentionally influence one of the variables of interest. To summarize, when interpreting the results it is important to be aware of the limitations of this study.

(31)

31 Table VI

Variance inflation factors

The table below presents the variance inflation factors (VIF) for the independent variables used. Several variables are used in multiple regressions, if this is the case the highest VIF are reported. VIF Leverage 1.34 Firm size 1.34 Beta 1.07 Entrenchment Index 1.12 % Independent directors 1.13

Enterprise Risk Management 1.12

Chief Risk Officer 1.16

Management Risk Committee 1.12

Board Risk Committee 1.13

Strategy 1.08 Risk Appetite 1.07 Full Board 1.04 Charter 1.03 RO Index 1.08 RO Index pc1 1.07 RO Index pc2 1.04

(32)

32

VII. Conclusion and discussion

This research finds only ambiguous evidence that effective risk oversight is associated with firm performance. This study develops a new proxy for effective risk oversight, the Risk Oversight Index. It uses the proxy disclosures of non-financial S&P 500 firms as the source to determine the effectiveness of their risk oversight. I find no evidence that the Risk Oversight Index is significantly related to either Tobin’s Q, ROA (EBIT) or ROA (NI). The Risk Oversight Index is comprised of eight different risk oversight practices. One of them is the involvement of a dedicated executive, the CRO, with the risk oversight process. CRO involvement is positively associated with firm performance. Although one should be careful with causal interpretations, this might mean that appointing a CRO is rewarded by investors and results in better firm performance. All other risk oversight practices do not consistently show a significant relation with firm performance. Interestingly, an alternative statistical method of constructing an index, the principal component analysis, provides some support that particular risk oversight practices might be positively related to firm performance. The alternative indices might be superior proxies for risk oversight since they take into account the relative importance of each of the individual risk oversight practices. Future research will need to explore this issue further.

These results are not in line with the hypothesis. I expected that effective risk oversight at non-financial firms would be positively related to firm performance. Previous research found that both good governance and effective risk management impacts firm performance. Also, for financial firms, prior studies found a relation between risk oversight and firm performance. To my knowledge this study is the first attempt to study the relation between risk oversight and firm performance at non-financial firms.

The results of this research might differ from its hypothesis for various reasons. First of all, the proxy for effective risk oversight might be invalid. If, for example, the proxy only measures the extent to which a firm is willing to disclose its risk oversight policy instead of the actual way it deploys this policy, the proxy measures something different than intended. In this case the disclosures are regarded as pure window-dressing. Also, the sample size is relatively small and homogenous. Due to the size and US base of the S&P 500 firms risk oversight could turn out not to be a differentiator among these firms. All firms within the sample have the resources available to apply best practices regarding risk oversight. Furthermore, the mere fact the firms are listed in the United States and thus are required to

The relation between risk oversight and firm performance