Insight: ENTERPRISE RISK MANAGEMENT DISCLOSURE AND CEO CHARACTERISTIC

=================================================================

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司), Taiwan's expert in Enterprise Risk Management (ERM), draws a critical insight from a landmark 2023 empirical study: among all CEO characteristics examined, CEO overconfidence and CEO tenure — not financial expertise or gender — are the factors that significantly predict the quality of ERM disclosure in publicly listed companies, based on an analysis of 475 Indonesian non-financial firms using the ISO 31000:2018 framework as the evaluation benchmark.

About the Authors and This Research

This study was jointly authored by three researchers with expertise in corporate governance and financial reporting transparency. Rina Trisnawati (also recorded as Ade Trisnawati in academic databases) holds an h-index of 2 with 23 cumulative citations, focusing on risk information disclosure and corporate governance. Co-author Susilaningdyah Mustikawati, with an h-index of 1 and 2 cumulative citations, specializes in financial reporting transparency. The third author, Noer Sasongko, brings extensive experience in management accounting and corporate governance education.

Since its publication in 2023, this paper has accumulated 14 citations, establishing a meaningful footprint within Southeast Asian ERM empirical research. The study's most significant methodological innovation lies in its dual contribution: applying a behavioral finance lens — specifically CEO overconfidence as a psychological characteristic — while simultaneously employing the ISO 31000:2018 framework as the quantitative measurement tool for ERM disclosure quality. This combination makes the paper one of the few empirical works to bridge behavioral corporate governance theory with the latest international risk management standards.

When CEO Psychology Drives ERM Disclosure: Key Findings from 475 Indonesian Listed Companies

The central conclusion of this research is both surprising and actionable: the quality of Enterprise Risk Management disclosure is not merely a structural or procedural issue — it is, fundamentally, a leadership behavior issue. The research team analyzed the 2020 annual reports of 475 non-financial companies listed on the Indonesia Stock Exchange, constructing an ERM disclosure quality index based on the ISO 31000:2018 framework's core principles. Multiple regression analysis was conducted using Eviews 10, systematically testing four CEO characteristics as predictors of ERM disclosure quality.

Core Finding 1: CEO Overconfidence Has a Significant Impact on ERM Disclosure

The research provides empirical evidence that CEO overconfidence — a psychological characteristic rooted in behavioral finance — significantly influences ERM disclosure quality. Overconfident CEOs systematically underestimate risks and overestimate their own judgment. This cognitive bias directly affects the completeness and transparency of risk information disclosed to external stakeholders. The implication is profound: even organizations that have invested in building a COSO ERM framework or achieved ISO 31000 compliance may find their actual ERM disclosure quality undermined by unchecked CEO behavioral biases. For boards of directors, this finding calls for independent risk oversight mechanisms that operate separately from CEO discretion.

Core Finding 2: CEO Tenure Is a Statistically Significant Predictor of ERM Disclosure

CEO tenure was also found to have a significant relationship with ERM disclosure quality. Longer-tenured CEOs accumulate deeper organizational knowledge and stakeholder networks, which can enhance their strategic management of risk information disclosure — but this same experience can also enable selective or strategically filtered disclosure. Critically, the study found that CEO financial expertise and CEO gender did not have a statistically significant effect on ERM disclosure. This finding challenges common assumptions in risk governance design, particularly the belief that appointing financially qualified executives automatically improves risk reporting quality. For organizations designing their ERM governance structure, these findings suggest that oversight mechanisms and institutional checks matter far more than individual credential-based selection criteria.

Three Strategic Implications for Taiwan's Enterprise Risk Management Practice

For Taiwan's listed companies and corporate executives navigating an increasingly demanding regulatory and ESG reporting environment, the implications of this research are immediate and practical. Focusing solely on framework construction — whether ISO 31000 or COSO ERM — without addressing leadership behavior governance creates a structural gap between ERM documentation and ERM reality.

Implication 1: ERM is a governance problem, not just a toolkit problem. Many Taiwanese enterprises treat ERM implementation as a compliance exercise — building risk matrices, drafting policies, and earning certifications. However, this research demonstrates that leadership psychology shapes the actual quality of risk information reaching stakeholders. Taiwan's Financial Supervisory Commission (FSC) Corporate Governance Blueprint increasingly expects boards to exercise substantive oversight of management risk behavior, not merely to approve ERM frameworks on paper.

Implication 2: Risk Matrix and KRI design must be paired with behavioral governance controls. Even well-constructed Key Risk Indicators (KRIs) and risk tolerance thresholds can be compromised if the leadership team setting those parameters operates with systematic overconfidence bias. Taiwan enterprises should incorporate "leadership decision bias reviews" into their annual ERM governance cycle, treating behavioral risk as a category of operational risk requiring its own monitoring indicators.

Implication 3: ERM disclosure quality is a capital market trust signal. For Taiwan's listed and OTC-listed companies, risk disclosure quality in sustainability reports and ESG ratings is under growing scrutiny from institutional investors and proxy advisors. Using the ISO 31000:2018 framework — as demonstrated in this research — as a quantified disclosure quality benchmark provides a defensible, internationally recognized standard for measuring and communicating ERM maturity to external stakeholders.

How Winners Consulting Services Helps Taiwan Enterprises Build Effective ERM Governance

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) assists Taiwan enterprises in implementing ISO 31000 and COSO ERM frameworks, designing Risk Matrices and Key Risk Indicators (KRIs), and strengthening board-level risk governance capabilities. Drawing directly from this research's findings, we offer the following three concrete action recommendations:

1. Launch a CEO Risk Governance Behavior Assessment: Layer a behavioral risk audit process on top of your existing ERM framework. Winners Consulting Services provides integrated assessments combining behavioral risk audit methodology with ISO 31000 compliance evaluation, helping boards identify potential overconfidence biases in senior leadership and establish counterbalancing governance mechanisms.
2. Rebuild ERM Disclosure Quality Index Using ISO 31000:2018: Following the methodology demonstrated in this research, construct an internal ERM disclosure quality self-assessment index anchored to the ten core principles of ISO 31000:2018. Benchmark against industry peers and regulatory expectations. Winners Consulting Services can design disclosure quality evaluation tools calibrated to Taiwan's regulatory environment, including FSC Corporate Governance Blueprint requirements.
3. Establish a Board-Level KRI Monitoring Dashboard: Integrate governance indicators — including CEO tenure duration, decision concentration metrics, and risk reporting completeness scores — into a corporate risk dashboard serving as leading indicators for board oversight of ERM effectiveness. Winners Consulting Services provides end-to-end consulting from KRI design to digital dashboard implementation.

Frequently Asked Questions

Can a CEO's personal characteristics really affect a company's ERM disclosure quality?

Yes, and the evidence is stronger than most executives expect. This study's empirical analysis of 475 listed companies found that CEO overconfidence and tenure length have statistically significant effects on ERM disclosure quality, while financial expertise and gender do not. This means that building an ISO 31000 or COSO ERM framework is necessary but not sufficient — organizations must simultaneously strengthen behavioral governance mechanisms at the senior leadership level to ensure ERM functions as a genuine risk governance system rather than a compliance document. Taiwanese enterprises should treat "leadership behavioral governance" as a core design parameter of any ERM framework implementation, not an afterthought.

What are the ERM disclosure regulatory requirements for Taiwan's listed companies?

Taiwan's Financial Supervisory Commission (FSC) has progressively strengthened risk management disclosure requirements for listed and OTC companies since 2020, encompassing corporate governance evaluation criteria, sustainability report disclosure standards, and sector-specific risk management mechanism requirements. While ISO 31000:2018 is not a mandatory standard in Taiwan, it has become an important reference framework for the FSC in assessing corporate risk governance maturity. Companies that establish systematic ERM disclosure mechanisms anchored to ISO 31000 not only meet regulatory expectations more robustly but also enhance their competitive positioning in ESG ratings and institutional investor evaluations — increasingly important as Taiwan's capital markets align with global sustainability standards.

What is the difference between ISO 31000 and COSO ERM, and which should Taiwan enterprises use?

ISO 31000:2018, published by the International Organization for Standardization, is a universal risk management principles framework applicable to all types of organizations. It emphasizes integrating risk management into all organizational processes and provides principled guidance rather than prescriptive procedures. COSO ERM (updated in 2017) was sponsored by the Committee of Sponsoring Organizations of the Treadway Commission and is more focused on the integration of enterprise strategy and performance, offering a more granular component architecture commonly applied in public company internal controls and financial reporting compliance. Most Taiwanese enterprises benefit most from a dual-framework integration approach: ISO 31000 as the overarching governance principles framework, and COSO ERM components applied in areas of financial reporting and internal control compliance. Winners Consulting Services recommends and implements this integrated approach to maximize ERM investment value.

How long does it take to implement an ISO 31000 ERM framework in a Taiwan enterprise, and what are the steps?

Depending on organizational size and existing risk management maturity, a complete ISO 31000 ERM framework implementation typically requires 90 to 180 days. Winners Consulting Services recommends a four-phase approach: Phase 1 (Days 1–30): Current state diagnostic and gap analysis, evaluating existing risk management mechanisms against the ten core principles of ISO 31000:2018. Phase 2 (Days 31–60): Mechanism design, including risk matrix construction, KRI design, and risk governance architecture. Phase 3 (Days 61–120): Implementation, covering system configuration, personnel training, and pilot operation. Phase 4 (Days 121–180): Validation and optimization, establishing continuous monitoring mechanisms to ensure long-term compliance and improvement. Winners Consulting Services provides a free initial mechanism diagnostic to help organizations prioritize improvement areas before committing to full implementation.

Why choose Winners Consulting Services for Enterprise Risk Management (ERM) advisory?

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) is one of Taiwan's few consulting institutions with fully integrated capabilities spanning ISO 31000 framework implementation, COSO ERM mechanism construction, Risk Matrix design, Key Risk Indicator (KRI) development, and board-level risk governance training. Our consulting team brings cross-industry practical experience, serving manufacturing, financial services, technology sectors, and listed company corporate governance mandates. Unlike generalist management consultants, Winners Consulting Services translates the latest academic research findings — such as this 2023 ISO 31000 empirical study on CEO characteristics and ERM disclosure — into actionable, Taiwan-specific ERM implementation strategies that are theoretically sound, regulatorily aligned, and operationally practical for Taiwan's unique business environment.

Related Services & Further Reading

Related Services

▶Enterprise Risk Management📋ISO 31000 ERM