The Practice of Enterprise Risk Management and Sustainable Performance in Jordan

: The primary objective of any organization is to minimize risks and losses while optimizing values, revenues, and returns. Therefore, risk management, which is often referred to as risk identification, likelihood of occurrence, and impact on the business, is essential. Recent corporate catastrophes have brought to light how inadequately corporations handle risks. In reaction to these challenges, organizations have shifted from separate and personalized procedures to a more comprehensive and integrated enterprise risk management (ERM) perspective in their risk management strategies. Therefore, to address these new global sustainable challenges which include hunger, poverty, high unemployment, climate change, and other related issues, businesses should place a strong priority on environmental preservation and social responsibility. Jordan is one of the countries dealing with several issues related to sustainability. The sustainable performance of Jordanian firms deserves further attention. Managers in Jordanian industrial businesses must keep a close eye on how the company's environmental environment is being improved to reduce air pollution, the usage of hazardous materials, and other difficulties. Therefore, companies in Jordan must adopt strategies that will allow them to face this issue to improve their social, environmental, and economic performance. Jordan's manufacturing and service industries should be at the forefront of a comprehensive approach to risk management and board monitoring, given the growing concerns regarding the environment, society, and economy. Since ERM is a relatively new concept, its implementation in Jordanian industrial and service companies is still in its early stages. Moreover, there is a lack of comprehensive research regarding the ERM in Jordan.


Introduction and Background
Any organization's main goal is to maximize profits, values, and returns while lowering risks and losses (Shatnawi et al., 2022).Thus, risk management is also known as the identification of the risks, likelihood of occurrence, and impact on the business (Adhariani, 2022).Corporate crises in recent years have highlighted how poorly organizations manage risks (Rubino, 2018).Organizations have changed their risk management strategies in response to these difficulties from discrete and individualized techniques to a more thorough and integrated enterprise risk management (ERM) perspective (Nasr et al., 2019).To overcome the shortcomings of traditional risk management (TRM), which functioned in separate silos within businesses, ERM was developed (Ade et al., 2020).International organizations have created a variety of ERM frameworks and standards in that regard.Businesses then integrate the framework into their risk management processes based on the one that best fits their needs (Bromiley et al., 2015;Perera et al., 2022).However, according to Dubosson et al. (2019), ERM is commonly implemented in organizations utilizing the COSO and ISO frameworks.
Through the facilitation of coordination across individuals, processes, and departments, ERM integrates and manages a variety of risks, including financial, operational, and strategic risks (Shatnawi et al., 2022).As a result, this integration lowers overall risks and improves the long-term viability of the organization (Fakir & Jusoh, 2020).The notion of sustainable performance can be assessed by financial metrics such as return on equity, which indicates the efficiency with which a company utilizes its equity, return on investment, and numerous others.Furthermore, the company assesses its performance by non-financial metrics such as the use of sustainable resources, community service, adhering to public ethics, and other relevant aspects (Al-Awamleh et al., 2022).Sustainable performance is in line with the triple bottom line theory (Cameron, 1988) and is comprised of three P's: profit (relating to economic concerns); people (covering social considerations); and planet (focusing on environmental factors).Since the manufacturing and service sectors have a significant impact on the national economy, the implementation of ERM is important.For example, there is a positive correlation between rising per capita income and the expansion of the manufacturing sector in emerging nations (Attiah, 2019).Moreover, it is significant that the service industries such as business processing, software, and tourism are thought to be key contributors to economic growth in emerging nations (Attiah, 2019).According to the Jordan Ministry of Investment's Promotion Strategy 2023-2026, the manufacturing and service sectors are particularly important to the nation's economy in Jordan, which is categorized as a developing and emerging country by the United Nations World Economic Situation and Prospects Report 2020 (United Nations, 2020).Jordan is located in the Middle East and is bordered to the south by Saudi Arabia, to the northeast by Iraq, to the north by Syria, and the west by Palestine (Department of Statistics Jordan, 2021).The geographical size of the Jordan region is 89213 square kilometers.In addition, the population is anticipated to number approximately 10 million people (Shamout et al., 2021).Moreover, Jordan is seen as a tiny developing nation with scarce resources (Al Amosh & Khatib, 2023).However, the Jordanian stock market, which spans a variety of sectors including manufacturing and services, is regarded by many as one of the biggest Arab financial markets in the area (Bataineh & Ntim, 2020).As per the Jordan Securities Commission's draft of modified corporate governance guidelines from 2021, all 194 manufacturing and service businesses listed in the Amman Stock Exchange are required to form a specialized risk committee.This prerequisite demonstrates their dedication to encourage the use of ERMs (Alkelani et al., 2020).Based on data shown in Table 1, the manufacturing sector generated 23.93% of the GDP in 2021 and employed roughly 17.63% of the workforce.During the same period, Jordan's services sector, which employed 79.12% of the working force, made up 61.68% of the GDP of the nation (Statista, 2021).Overall, this study on the practice of enterprise risk management and its impact on sustainable performance in Jordan has the potential to inform strategic decision-making, enhance business resilience, and contribute to the country's economic development and sustainability efforts.

Problem Statement:
The COVID-19 pandemic catastrophe has impacted several nations and industries, as well as the general economy and specific companies (Al Amosh et al., 2022).Additionally, it has altered how economies and businesses handle risk (Aldaas, 2022).Conversely, Wang and Huang (2021) asserted that the pandemic of 2020 has a noteworthy impact on social, economic, and environmental domains.As a result, businesses should prioritize environmental preservation and social responsibility to meet these new global sustainable challenges, which include hunger, poverty, high unemployment, climate change, and other associated difficulties (Nofryanti et al., 2021;Lin & Qamruzzaman, 2023).Jordan is one of the nation's facing several sustainability-related difficulties (Shamout et al., 2021).More focus should be placed on the sustainable performance of Jordanian businesses (Taha et al., 2023).To cut down on air pollution, the use of hazardous products, and other issues, managers in Jordanian industrial companies need to closely monitor how the company's environmental environment is being improved (Jum'a et al., 2021).Furthermore, Jordan's lack of natural resources is contributing to the country's rising rates of unemployment and poverty (Al Amosh et al., 2022).
Apart from that, since the crisis started in September 2008, the Jordanian economy has been affected in every area (Matar & Nauimat, 2014).Consequently, Jordan's economy has been experiencing modest and steady development patterns even before the COVID-19 crisis (WB, 2023).Allan et al. (2018) stated that because of fierce competition from nations like Turkey and the Gulf countries, Jordan's manufacturing sector has had difficulties like rising prices and declining demand.In addition, the sector is negatively impacted by a notable decline in demand brought on by the unrest in nearby nations like Syria and Iraq (Alshourah, 2021).Thus, businesses in Jordan must improve their social, environmental, and economic performance by implementing strategies that will enable them to meet this challenge (Alshourah, 2021).Given the growing environmental, social, and economic concerns, a comprehensive approach to risk management and board supervision ought to focus on Jordan's manufacturing and service sectors (Chairani & Siregar, 2021).Furthermore, the implementation of digital transformation introduces new risks and hazards, so it is imperative to prioritize IT security because it directly affects the long-term viability of manufacturing and service companies.
For example, security flaws in the manufacturing industry have raised the possibility of hackers gaining unauthorized access to systems or halting a production line until they get payment (Oduoza, 2020).Furthermore, unapproved access to client data or disruptions to IT system availability in the service sector can erode customer trust, damage a company's brand and reputation, and hurt social and economic outcomes (Legowo & Juhartoyo, 2022).According to the Jordan Digital Transformation Strategy 2020, the Ministry of Digital Economy and Entrepreneurship of Jordan is actively engaged in the country's digital transformation.However, according to AlSobeh et al. (2023), Jordan is becoming a more frequent victim of cyberattacks and data breaches.Furthermore, according to Othman and AL-Dweikat (2021), the Jordanian service sector is currently facing several challenges in properly managing the risks connected with digital transformation.As such, businesses are realizing the importance of implementing ERM (Shad et al., 2019).ERM oversees managing all types of risks that businesses face, including those related to IT (Roslan et al., 2017).However, according to Silva et al. (2018), ERM adoption in Jordanian industrial and service organizations is still in its infancy and is a relatively new concept.Furthermore, thorough research is deficient concerning the ERM in Jordan (Shatnawi et al., 2020).

Literature Review
All kinds of businesses, including financial and non-financial enterprises, could use ERM (COSO, 2004).Accordingly, a great deal of earlier research has looked at how ERM affects performance in the financial sector as well (Nasr et al., 2019;Oyewo, 2021).Conversely, research in the non-financial sector has been done by Syrová and Špička, (2022).Nevertheless, most studies have focused on the financial sector, which includes banks and insurance providers (Harvey et al., 2020).Furthermore, several studies (Valaskova et al., 2018;Yang et al., 2018) have concentrated on the implementation of ERM in poor nations, while other studies (Altuntas et al., 2021;Sax & Andersen, 2019) have studied the implementation of ERM in developed countries.Still, very few research has been conducted in impoverished countries (Chen et al., 2019;Saeidi et al., 2021).On top of that, scholars in underdeveloped nations tend to address risk management in isolated ways rather than emphasizing comprehensive risk management (Taha et al., 2023).Moreover, a dummy variable has been used in earlier studies to gauge the adoption of ERM (Chen et al., 2019;Ojeka et al., 2019).Additionally, prior research has suggested that the effect of ERM implementation on non-financial performance indicators be examined, particularly regarding reputation (Pérez-Cornejo et al., 2019;Shad et al., 2019).
It was suggested by Altanashat et al. (2019) that more research be done on ERM in the manufacturing companies listed on the Amman Stock Exchange.As such, there is alarmingly much research that concentrates on Jordan's service industry (Gharaibeh & Bani Khaled, 2020).Conversely, one may legitimately contend that the relationship between ERM and sustainable performance is mediated by IT security.For example, ERM enables managers to identify specific security policies to address IT risk and have a thorough picture of all risks that the organization faces (Roslan et al., 2017).Moreover, maintaining company success over the long term depends on IT security (Loonam et al., 2020).On the other hand, the incidence of IT failure has a substantial effect on the reputation of the company, which can therefore affect long-term performance (Sorongan & Nugroho, 2013).So far, there has not been much research done on the relationship between ERM, IT, and performance (Saeidi et al., 2019).In addition, prior research has not sufficiently examined how ERM affects IT security, especially in developing nations (Owusu Kwateng et al., 2022).As such, there is a strong likelihood that CRO will moderate the relationship between ERM and sustainable performance, according to earlier studies.Numerous studies have demonstrated the critical role that the CRO plays in the execution of ERM (Bailey, 2019).
There have been conflicting outcomes regarding the CRO's influence on the ERM's implementation (Zhang et al., 2021).Drawing from the aforementioned and in alignment with the research conducted by Hassan et al. (2021), it is suggested that the next investigation ought to examine the moderator variables that influence this association.Moreover, moderating and mediating variables, as well as intangible elements, should be used to influence the ERM firm performance connection (Saeidi et al., 2021).Thus, by examining the effect of ERM implementation on sustainable performance -which includes environmental, social, and economic aspectswithin non-financial Jordanian organizations particularly in the service and manufacturing sectors, this research aims to close the aforementioned gaps.Additionally, this study will evaluate ERM using the five core components specified in four recognized standards: AS/NZ 4360 (2009( ), ISO 31000 (2009)), CSA (2003), IRM, AIRMIC, andALARM (2002), andAS/NZ 41000 (2009).Performance in the social, environmental, and economic domains will also be used to gauge sustainable performance.Meanwhile, a small number of studies have looked at all three aspects of sustainability (Cancela et al., 2020).It also examined how IT security influences the relationship between ERM and sustainable performance, where the inclusion of a CRO moderates the relationship.
Definition of Risk: Depending on one's interpretation, the term "risk" can have several meanings (Slovic, 1987).For example, the term "risk" comes from the Greek nautical lexicon "rhizikon" or "rhiza," which symbolically denotes the difficulties encountered at sea.By way of translation, the terms "risk" and "risq," respectively, have a more positive meaning in Arabic and Maltese.A more optimistic interpretation is presented in this translation, which suggests that God (called 'Allah' in Arabic and 'Alla' in Maltese) bestows wealth on a person (Grima & Bezzina, 2018).Within the realm of business, an individual's understanding of risk is contingent upon their experiences, viewpoints, and mentalities.Risk is assessed by engineers and designers from a variety of perspectives, including technological, financial, environmental and health (Walke et al., 2011).Moreover, risk and uncertainty can affect an organization in both positive and negative ways, according to Rubino (2018).As a result, businesses that do not accept risk as an essential part of their operations will not be able to prosper and create value for their stakeholders.Therefore, controlling these risks is crucial.

Definition of Risk Management:
Risk management has its roots in the Athenians of ancient Greece, who regularly assessed risks before making choices about 2400 years ago.A pivotal moment in the area was in 1654 when Blaise Pascal and Chevalier de Mere played a game of Trivial Pursuit, which resulted in the creation of the theory of probability.According to Bernstein and Bernstein (1996), this discovery gave risk management a strong foundation.Risk management is a systematic approach used in the business domain that is specifically intended to oversee and control risks.It involves several activities, including identifying, analyzing, assessing, treating, monitoring, and reviewing risks as well as providing appropriate context, communication, and consultation (ISO, 2009).A company can choose between two essentially different approaches to risk management: the first, known as traditional risk management, addresses each risk separately, frequently in a compartmentalized way, and also tends to ignore the firm's strategic aspects (Stein & Wiedemann, 2016).However, the second strategy, known as enterprise risk management (Nocco & Stulz, 2006), manages hazards comprehensively.
Traditional Risk Management: Traditionally, organizations have managed risks in distinct and segregated divisions, like departments (Harvey et al., 2020;Shad et al., 2019).The linked nature of risks across several categories, such as operational, financial, and technical risks, which could have an impact on results, has not been sufficiently considered by this method.Furthermore, rather than using risk to create value, it focuses largely on managing risks individually, recognizing and evaluating their impact on organizations, and prioritizing risk mitigation and setting risk boundaries (Alawattegama, 2018).Therefore, one could claim that the effectiveness of the TRM technique has limitations.Thus, the idea of ERM developed as a result of certain TRM limitations.ERM is a comprehensive and integrated method that manages all potential risk types and synchronizes them with the overarching business goals (Perera, 2019).Moreover, taking into account qualitative and strategic risks in addition to the traditional emphasis on risk reduction, it identifies and seizes opportunities besides minimizing any potential drawbacks (Bromiley et al., 2015).
Enterprise Risk Management Framework: Businesses have realized how important it is to put in place a robust risk management system in recent years.It became clear that change was required as they battled to withstand financial losses brought on by unanticipated events, interruptions to their routine operations, damage to their reputation, or loss of their market position while utilizing traditional risk management systems (IRM, 2018b).As a result, ERM has become a popular substitute for traditional risk management.With the release of the AZ/NZS 4360 risk management framework, Australia and New Zealand led the way in the integration of risk management.After going through changes, this model was first presented in 1999 and then reissued as AZ/NZS 4360 in 2004 (Govender, 2019).As per Husaini et al. (2020), Enterprise Risk Management (ERM) is defined by AS/NZS 4360, 2004 as a collection of cultural practices, procedures, and endeavors that are intended to facilitate the accomplishment of organizational goals through efficient handling of events or possible occurrences that may impact goal achievement.However, the Enterprise Risk Management Integrated Framework was created in 2004 by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) (COSO, 2004).It defines ERM as "a strategic process involving an entity's board of directors, management, and other stakeholders, applied across the entire enterprise.This process facilitates the identification and management of potential events that may impact the entity and aligns risk management with the entity's risk appetite to ensure the reasonable achievement of its objectives" (COSO, 2004, p. 2).
In addition, the 2004 release of the COSO ERM Framework was followed by the 2017 release of the most recent version (COSO, 2017).This paradigm offers a fresh viewpoint, highlighting the fact that ERM is now more than just lowering risk to a manageable level.Rather, it is viewed as an essential part of developing strategies and spotting chances to create and maintain value (COSO, 2017).Moreover, it is significant to note that the COSO frameworks of 2004 and 2017 have their roots in the COSO Internal Control Framework, which was first created in 1992 and widely adopted by many large organizations across the globe to manage their internal control systems (Alijoyo & Norimarna, 2021).Furthermore, ISO 31000 was released by the International Organization for Standardization.The 2009 original edition was followed by the 2018 release.Process, framework, and principles are the three main pillars that both versions of the program use to guide firms (Rampini et al., 2019).The Framework was defined as "a set of components that provide the foundations and organizational arrangements for integrating, designing, implementing, evaluating, and improving risk management throughout the organization".The process includes "coordinated activities to direct and control an organization concerning risk," according to the principles, which stand for "the characteristics necessary for a risk management system to enable a company to manage the effects of uncertainty on its objectives" (ISO 31000, 2018).
Risk Assessment: According to ISO 31000 (2018), the risk assessment consists of three phases; (1) Risk identification, which is further divided into the subsequent steps: Once the potential negative occurrences have been identified, the causes or origins of these events may need to be tracked.Finding the conditions that generate or raise the likelihood of an event coming to pass comes next, and determining the possible outcomes that could result from the event's occurrence is the last step.Extensive identification is necessary since any danger that is missed at this stage will not be taken into account in later research.In addition, the risk identification process should involve people with the requisite experience (ISO 31000:2009); (2) Risk analysis: After risks are identified, it is crucial to carry out an analysis to determine which one requires prompt action from management (Kutsch et al., 2014) and assesses the efficiency and efficacy of the controls in place at the moment (ISO 31000, 2018).Investigating the causes of risk, its possible benefits and drawbacks, as well as its likelihood, is risk analysis.Consequences can take the form of both concrete and abstract effects.In some cases, determining the likelihood of an outcome at different times, locations, groups, or conditions requires the use of multiple numerical values or descriptors; (3) Risk evaluation: It Is critical to assess risks by contrasting them with the organization's predetermined risk standards.This is the risk assessment procedure.Based on the organization's appetite for and risk tolerance, which defines the types and levels of risks deemed acceptable, risk evaluation establishes whether or not the risks are acceptable.A company's willingness to accept different types and amounts of risk to meet its goals is referred to as its "risk appetite."On the other hand, risk tolerance indicates how much a company is willing to accept risk to achieve its objectives.
Sustainable Performance Determinants: Throughout the 20th century, organizations predominantly relied on economic indicators to assess their performance (el-Dalabeeh et al., 2019).However, this limited reliance on financial indicators failed to capture a company's innovation and continuous improvement efforts (Kaplan & Norton, 1996).Additionally, it often led them to overlook the significant environmental consequences of their actions (Bojnec & Tomšič, 2020).Therefore, there is a growing need to establish a proper balance among economic, social, and ecological objectives (Maali et al., 2021).Consequently, the concept of corporate sustainability, also known as corporate sustainable performance, emerged.This concept represents an organization's ability to efficiently utilize its finite resources over time, reduce waste, and implement best practices (Aksoy et al., 2020).Corporate sustainability is assessed and quantified through three dimensions: economic, environmental, and social performance (Kouaib et al., 2021;Shad et al., 2019;Tze San et al., 2022).A study by Mousa et al. (2022) found that organizations with superior sustainable performance are more likely to be able to lessen the negative effects of crises, like the current pandemic.
Additionally, Al Amosh and Khatib (2023) found that sustainable performance is crucial in boosting a company's image and reputation.As a result, businesses that are dedicated to long-term sustainability need to make an effort to create economic value while tackling the myriad environmental and social issues that are related to their day-to-day operations (Cancela et al., 2020).In contrast, some previous research has utilized various dimensions of sustainability, including environmental, social, and governance (ESG) factors, to assess sustainable performance (Martínez-Ferrero et al., 2020;Pozzoli et al., 2022;Yadav & Prashar, 2022).Meanwhile, other studies have applied corporate social responsibility and corporate social performance as indicators of sustainable performance (Radu et al., 2022).The management of both the social and environmental aspects of a company is encompassed under Corporate Social Responsibility (CSR) and Corporate Social Performance (CSP) while the ESG concept not only addresses environmental and social aspects but also encompasses governance considerations (Gleißner et al., 2022).Environmental performance involves assessing a business's environmental impact, while social performance pertains to an organization's interactions with its employees, suppliers, and local community.Governance, on the other hand, is focused on finding a balance between the interests of the corporation and its stakeholders (Gleißner et al., 2022).

Economic Sustainable Performance:
The concept of economic sustainability has been defined in a variety of ways by various scholars, but a consensus on a common definition has not yet been reached (Tennakoon & Janadari, 2022).For example, Mokbel Al Koliby et al. ( 2022) and Moslehpour et al. (2022) defined economic sustainability performance as an organization's ability to efficiently utilize its resources to achieve sustainable growth, while Tennakoon and Janadari (2022) defined economic sustainability as long-term competitive advantages, satisfying the needs of shareholders, and profitability.Nevertheless, economic sustainability is typically measured through financial indicators (Alsayegh et al., 2020), such as return on equity and return on assets (Miransyah & Dempo, 2021).
Environment Sustainable Performance: Environmental concerns have gained considerable attention within the global society (Banday & Aneja, 2019).These concerns encompass issues such as carbon and greenhouse gas emissions, which have been associated with adverse climatic changes (Adnan et al., 2018).The increasing global awareness of these environmental concerns aligns with the growing scholarly discourse concerning the adoption of eco-friendly business practices in recent years (Gangi et al., 2019).Furthermore, many organizations are compelled to effectively manage and mitigate their ecological impact to enhance their environmental efficacy (Bakhsh Magsi et al., 2018).According to Zaid et al. (2020), entities must operate their businesses in an environmentally sustainable manner rather than solely focusing on financial considerations.Thus, organizations are increasingly inclined to incorporate environmental considerations into their strategic plans, recognizing them as a fundamental component of their operational effectiveness and long-term sustainability (Issa & Zaid, 2021).
Social Sustainable Performance: Companies today aim to enhance their social sustainability performance by focusing on philanthropy, improved education and training, creating safer workplaces, increasing gender diversity, fostering a more ethnically diverse workforce, increased employee satisfaction, creating safer workplaces, employee motivation, improved occupational health and safety (Maali et al., 2021;Nofryanti et al., 2021).This emphasis on social sustainability performance fosters trust and loyalty among customers, employees, and society (Kouaib et al., 2021).This enhances a company's reputation and relationships with stakeholders (Nirino et al., 2022).According to prior research, the social dimensions have a substantial influence on the sustainable and financial success of firms (Kong et al., 2020).Consequently, good perception is expected to enhance the company's future success (Palma-Ruiz et al., 2020) (i.e., decrease the risk that comes with investments in buyer-supplier relations by preventing fraud and boosting the willingness to allocate resources) (Wang et al., 2015).In contrast, companies with lower social performance tend to have lower financial performance, which decreases the value of the share (Nirino et al., 2022).In relation to ERM, the more successful risk management has a stronger firm reputation (Kuo et al., 2021).In turn, enhanced social performance decreases exposure to the risk of contradictions with stakeholders (Becchetti et al., 2015).

Relevant Theory
Agency Theory: The principle of agency theory pertains to the relationship between the principal and the agent.According to Jehnsen and Meckling (1976), the principal refers to the individual or entity that possesses ownership of a company or acts as an investor.On the other hand, the agent represents the managerial entity responsible for overseeing the operations of the firm on behalf of the owner.In addition, according to Scott (2015), agency theory focuses on the idea that the agent should behave in the best interests of principals.This is because divergent interests result in conflicts between the agents and principals.With regard to ERM, agency theory mainly benefits firm owners where the set-up objectives of the firm will become more reasonable and more achievable (Muslih, 2019).Furthermore, it has been demonstrated by Saeidi et al. (2021) that industry performance and overall shareholder value are affected positively by ERM implementation.This can be done by minimizing external capital payments, share price fluctuations, external capital payments, and improving the efficiency of capital.
Moreover, ERM is expected to increase industry and shareholder value and efficiency while decreasing the risk of total organizational failure.According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), executive management's commitment is necessary for the successful implementation of the ERM model.As a result, given their responsibility for protecting, creating, and advancing shareholder value, it is strongly that company executives fully support ERM.By utilizing the CRO to apply ERM, a more formal and transparent risk perspective can be achieved, which will lessen the information asymmetry that exists between corporate management and other stakeholders by having them report directly to the board (Husaini & Saiful, 2019).As a result, the agency theory provides the theoretical framework for this investigation.
Resource-Based View (RBV) Theory: Wernerfelt first proposed the RBV theory in 1984.Since then, it has gained significant recognition as a management theory in recent decades.The term "resources" encompasses a wide range of elements that are under the control of a firm, including assets, capabilities, business processes, information, level of expertise, and firm qualities and play a crucial role in enhancing the firm's efficiency and effectiveness (Barney, 2001).For instance, organizations can readily gain a competitive advantage when they have the necessary assets (Yakob & Abdullah, 2021).According to the theory, ERM adoption can lead to higher sustainable performance and a beneficial impact on a company's reputation (Kejwang, 2022;Pérez-Cornejo et al., 2019).Where ERM is considered, it is an organizational intangible resource that manages risks such as competition, regulatory pressures risks, environmental, fraud lack of volunteers, investment risks, reduced fund flow and economic (Bali & Uslu, 2017;Elahi, 2013).For instance, dealing with reputable risks will encourage firms to apply good business practices, which will lead to a good reputation.
Another example is when a company manages environmental risks that hurt the environment to avoid environmental problems.Additionally, RBV theory supports the idea that secured IT has an impact on sustainable performance.RBV holds that firms can use their unique resources to gain a competitive advantage (Barney, 1991).For example, a secured IT system can improve overall firm performance, strengthen channels of communication, increase employee engagement, and boost competitiveness (Hagen, 2010).As a result, RBV theory supports the idea that secured IT is essential to ensuring sustainable performance.Furthermore, firm intangible capabilities, like the application of ERM, allow organizations to effectively utilize their exclusive resources, like secure IT, to reduce risks and create a long-term competitive advantage (Yang et al., 2018).In other words, intangible capabilities and exclusive resources can be translated into success and sustained performance.The impact of IT security on firm sustainability and the effect of ERM on IT security on firm sustainability is also strongly supported by RBV.
ERM and Sustainable Performance: Additionally, ERM was found to have a positive effect on organizational performance when measured by non-financial performance, which was proxied by learning and growth (innovation), customer satisfaction, competitive advantage, and internal business processes.On the other hand, a study by Al-Nimer et al. (2021) looked into the effects of ERM on the financial, non-financial, and environmental performance of companies and investigated the potential moderating role of business model innovation.Data were gathered and analyzed from a sample of 228 companies in Jordan, and the results showed a strong and significant positive relationship between ERM and environmental performance, but no direct impact on financial performance.Moreover, a six-year study carried out in Spain by Pérez-Cornejo et al. (2019) revealed a positive relationship between the quality of ERM systems and firm reputation.

Significance and Contribution of Research:
The practical significance of the present research has provided valuable information and created awareness among the managers of non-financial companies in Jordan and other countries with similar factors to those in Jordan, particularly in the Mena region, which shares a similar culture, religion, language, tribal, and family tradition, to improve their sustainable performance.The findings of the study will extend their current knowledge by understanding how ERM, IT security, and CRO presence enhance sustainable performance.The present research will suggest that managers of manufacturing and service firms pay more attention to CRO presence to improve their sustainable performance.Moreover, the present research conceptual framework and findings could help owners and managers formulate relevant internal control mechanisms as proactive mechanisms, recognizing risks at an early stage and evaluating their impact on the company's sustainable performance in uncertain and risky environments.It also provides awareness to the managers in capitalizing on IT security which in turn affects the sustainable performance of the organization.
The current research conceptual model combines ERM with the impact of IT security as a mediator, and the presence of CROs modifies the relationship between ERM and sustainable performance.This highlights the major role that ERM plays in sustainable performance, as well as the significance of effective IT security mediators in enhancing sustainable performance.Additionally, the presence of CROs is a moderator that supports ERM to improve sustainable performance.The goal of the current study is to investigate the manufacturing and service industries in Jordan.Previous studies have shown that ERM has a significant impact on firm performance.To make a theoretical and practical contribution to the body of knowledge that is already in existence, this study looks into the theoretical contribution of analyzing the relationship between ERM and its impact on sustainable performance.It also looks into the roles of IT security as a mediator and CRO presence as a moderator.The current investigation expands upon the research conducted by Owusu Kwateng et al. ( 2022), which examined the impact of ERM on economic firm performance.
Furthermore, this study aims to extend the work of Saeidi et al. ( 2019) by investigating the role of intangible assets as a moderator in the relationship between ERM performance and its outcomes.The inclusion of a research study on ERM in developing countries would enhance the existing body of knowledge on ERM and contribute to the development of a distinct framework for ERM.This is particularly important as previous studies on ERM have predominantly focused on developed countries, with limited research conducted in developing countries (Saeidi et al., 2019).Research is scarce regarding risk management in Jordan (Al-Nimer et al., 2021).This research aims to provide a comprehensive framework that examines the mediating role of IT security in ERM-sustainable performance relations.Additionally, it investigates the moderating effect of CRO presence, specifically in the context of the manufacturing and service industries in Jordan.This study will address the gaps in previous research that have not adequately explored in this particular industry context.

Conclusion and Recommendations
This paper concludes with a detailed review of Enterprise Risk Management (ERM) practices in Jordanian manufacturing and service companies, highlighting the implications of these practices for sustainable performance.Previous research has been examined, and it was found that although there is a growing recognition of the significance of ERM, more research that is specifically tailored to the Jordanian business context is still needed.This emphasizes the importance of investigating the complex opportunities and challenges that manufacturing and service companies in the region face when it comes to risk management practices.Furthermore, the conversation has brought attention to the various advantages that successful ERM implementation can offer Jordanian businesses.These advantages range from better decision-making procedures to increased operational effectiveness and financial performance.
ERM helps businesses navigate uncertainty and seize opportunities more quickly.By encouraging a culture of risk awareness and incorporating risk management into strategic planning, businesses can become more resilient and adaptable, which in turn ensures long-term sustainability and competitiveness in the market.The efficacy of ERM in promoting sustainability in Jordanian manufacturing and service firms depends on several factors, some of which have already been discussed.First and foremost, ERM is essential in tackling social, economic, and environmental risks, which in turn supports overall efforts towards sustainability.By recognizing and reducing risks related to labor practices, supply chain disruptions, financial instability and environmental impacts, businesses can improve their social responsibility, economic viability, and environmental stewardship, ultimately promoting long-term sustainability.
Additionally, ERM can act as a growth accelerator, allowing businesses to actively spot and seize new opportunities while skillfully handling the risks that come with them.By incorporating sustainability into risk management procedures, businesses can better align their business goals with larger social and environmental objectives, which will ultimately improve their reputation, stakeholder trust, and competitiveness in the market.The conversation also underlines how crucial stakeholder participation and cooperation are to advancing ERM efficacy and sustainability results.Through the engagement of employees, suppliers, customers, and other relevant parties in the discovery, evaluation, and mitigation of risks, businesses may use a range of viewpoints and specialized knowledge, ultimately strengthening the resilience and pertinence of their risk management plans.Transparent reporting and communication on sustainability and ERM performance can also promote trust and accountability, which will improve the company's standing and social license to operate.The potential benefits of implementing and optimizing ERM practices within Jordanian manufacturing and service companies are significant, despite potential obstacles.Companies in Jordan can harness the transformative power of ERM to navigate uncertainties, capitalize on opportunities, and achieve sustainable growth.
Meanwhile, it also contributes to broader societal and environmental goals by prioritizing stakeholder engagement, innovation, and transparency.In conclusion, this review has shed light on the significance of ERM practices and their impact on sustainable performance in the context of Jordan.In addition, ERM plays a crucial role in enhancing the resilience and sustainability of businesses in Jordan by helping them identify, assess, and mitigate various risks that may affect their operations and performance.Despite the benefits of ERM, many challenges exist in its implementation within the Jordanian context.These include limited awareness and understanding of ERM principles, resource constraints, and cultural barriers.However, there are also significant opportunities for businesses to leverage ERM to gain a competitive advantage, enhance stakeholder trust, and adapt to evolving market dynamics.Based on the findings of this review, government agencies, industry associations, and academic institutions should collaborate to raise awareness about the importance of ERM and provide training programs and educational resources to help businesses develop the necessary skills and knowledge.
Besides, businesses should integrate environmental, social, and governance (ESG) factors into their risk management frameworks to address emerging sustainability challenges and capitalize on opportunities for value creation.ERM is an ongoing process that requires regular review and adaptation to changing circumstances.Businesses should establish mechanisms for continuous monitoring, evaluation, and improvement of their risk management practices remaining agile and responsive to evolving threats and opportunities.Moreover, policymakers should consider implementing supportive regulations and incentives to encourage businesses to adopt robust ERM practices and integrate sustainability into their operations.This may include providing tax incentives, grants, or recognition for companies that demonstrate excellence in risk management and sustainability performance.Thus, by embracing ERM practices and integrating sustainability considerations into their operations, businesses in Jordan can enhance their resilience, drive long-term value creation, and contribute to the country's economic development and sustainable future.