1 Introduction

Over the last decade, enterprise risk management (ERM) has emerged as a significant tool for transforming risk management from a peripheral technical instrument into a company-wide and integrated process ([64] Mikes, 2009; [78] Power, 2007; [91] Woods, 2009; [8] Arena et al. , 2011). This trend has emerged since the early 2000s, yet it gained wider diffusion in 2004 when the Committee of Sponsoring Organisations of the Treadway Commission ([27] COSO, 2004) formally defined a reference framework, introduced as follows:

Enterprise Risk Management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of the entity's objectives.

The COSO framework emphasizes the potential of ERM to enhance performance management by relating risk management to organisational objectives ([89] Woods, 2008; [79] Power, 2009). These indications were followed by a number of practitioners who attempted to demonstrate the value-enhancing role of ERM for achieving better corporate performances ([86] Sobel and Reding, 2004; [17] Beasley et al. , 2006; [53] Lam, 2006). Also the consulting and advisory industries have actively accentuated the link between ERM and performance management, presenting them as two related and synergic processes ([35] Ernst & Young, 2005; [81] PWC, 2009; [63] McKinsey, 2010), as emerges from the following quote:

Enterprise risk management and enterprise performance management are really two sides of the same coin. To achieve balance between the two, companies must fully integrate risk management with their operating model, performance goal and decision making frameworks (www.accenture.com).

The nature and the goals of performance management show similarities and connections to those of risk management ([25] Collier and Berry, 2002; [36] Ferreira and Otley, 2009; [69] Ojiako, 2012), as highlighted by the following definition of performance management systems (PMS):

[...] the formal and informal mechanisms, processes, systems, and networks used by organizations for conveying the key objectives and goals elicited by management, for assisting the strategic process and on-going management through analysis, planning, measurement, control, rewarding, and broadly managing performance, and for supporting and facilitating organizational learning and change ([36] Ferreira and Otley, 2009, p....