Post on 08-Mar-2018
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
AN ASSESSMENT OF RISK MANAGEMENT PRACTICES:A CASE OF EVANGELICAL ASSOCIATION OF MALAWI
BY
JOYCE MUE
SUBMITTED TO UNIVERSITY OF BOLTON IN PARTIAL
FULFILMENT OF THE REQUIREMENTS FOR THE AWARD OF
M.Sc. DEGREE IN PROJECT MANAGEMENT
Off campus Division
University of Bolton
09 MAY 2016
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
ABSTRACTToday, organisations operate in a more dynamic and uncertain environment
that exposes them to all kinds of risks, thus making risk an important aspect of
any entity strategy. Consequently risk management has begun a strategic tool
for development as well as for achieving organisational goals.
Despite numerous studies on risk management, currently, risk management is
still a business practice that is under studied in the developing countries and
more so in Faith Based Organisations. Hence, this study aimed to assess the
risk management practices in EAM.
The study adopted an interpretivist philosophy. A case study strategy and a
multiple data collection tools and sources were used (triangulation) to collect
data from twenty- five purposively selected key informants in EAM.
Content analysis was used to analyse the qualitative data collected. The
analysis focused mainly on the themes that emerged from the data namely;
value of risk management, potential risks, current risk management practices,
critical success factors for an effective risk management in EAM.
The findings reviewed inadequate funding, human resources, sustainability of
projects, and economic instability risks as the most significant risks in EAM. In
addition, it was observed that EAM has tried to put some measures to address
some of its risks especially on financial matters. However, there is neither
structured risk management process nor a wide-organisational risk
management approach. The study identified risk management policy,
appointment of risk manager, adequate resources allocation and capacity
building on risk management as the most critical success factors for an effective
risk management in EAM.
This study recommends EAM to adopt an enterprise-wide approach to risk that
ensures a more proactive, consistent and greater responsiveness to risk
management approach.
ii
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Table of ContentsABSTRACT................................................................................................................................ ii
ACKNOWLEDGEMENT..........................................................................................................vi
ABBREVIATIONS AND ACRONYMS...................................................................................vii
LIST OF FIGURES.................................................................................................................viii
LIST OF TABLES....................................................................................................................viii
DEDICATION............................................................................................................................ix
CHAPTER 1: BACKGROUND AND INTRODUCTION.......................................................1
1.0 Introduction......................................................................................................................1
1.1 Background Information.................................................................................................1
1.2 An overview of Evangelical Association of Malawi (EAM).........................................2
1.3 Problem statement..........................................................................................................3
1.4 Significance of the study................................................................................................4
1.5 Aim and objectives of the research..............................................................................5
1.6 Research questions........................................................................................................5
1.7 Structure of the study.....................................................................................................5
1.8 Summary of chapter one................................................................................................6
CHAPTER 2: LITERATURE REVIEW...................................................................................7
2.0 Introduction......................................................................................................................7
2. 1 Definitions of Risk and Uncertainty..............................................................................7
2.2 Risk management practices..........................................................................................9
2.3 Traditional “silo” risk management approach............................................................10
2.4 Enterprise Risk Management (ERM)..........................................................................11
2.5 Enterprise Risk Management Frameworks...............................................................13
2.6. Enterprise Risk Management process......................................................................15
2.7 Tools and techniques for risk management..............................................................20
2.8 Common risks in organisations...................................................................................21
2.9. Critical success factors (CSFs) for effective risk management.............................22
2.10 Framework for benchmarking Risk management practices..................................25
2.11 Gap in Knowledge......................................................................................................25
2.12 Conceptual framework...............................................................................................26
2.13 Summary of chapter two............................................................................................27
iii
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
CHAPTER 3: RESEARCH DESIGN AND METHODOLOGY............................................29
3.0 Introduction....................................................................................................................29
3.1 Research Philosophy....................................................................................................29
3.2 Research Approach......................................................................................................31
3.3 Research strategy.........................................................................................................32
3.4 Time Horizon.................................................................................................................33
3.5 Data collection techniques...........................................................................................33
3.6 Determining the sample size.......................................................................................37
3.7 Sampling technique......................................................................................................37
3.8 Data analysis and interpretation.................................................................................38
3.9 Validity............................................................................................................................40
3.10 Reliability......................................................................................................................41
3.11 Ethical considerations................................................................................................41
3.12 Summary of chapter three.........................................................................................42
3.13 Conclusions.................................................................................................................43
CHAPTER 4 DATA COLLECTION, FINDINGS AND ANALYSIS.....................................44
4.0 Introduction....................................................................................................................44
4.1 General information......................................................................................................44
4.2. Potential risks in EAM.................................................................................................47
4.3 Findings on risk management practices in EAM.......................................................50
4.4 Findings on CFSs for risk management in EAM.......................................................54
4.5 Discussion of the research findings............................................................................56
4.6 Summary of Chapter four.............................................................................................65
4.7 Conclusions...................................................................................................................66
CHAPTER 5 CONCLUSIONS AND RECOMMENDATIONS............................................67
5.0 Introduction....................................................................................................................67
5. 1 Conclusion....................................................................................................................67
5.2 Recommendations........................................................................................................69
5.3 Limitations of this study................................................................................................71
5.4 Proposed future research............................................................................................71
References...............................................................................................................................73
Appendices...............................................................................................................................85
Appendix I Attributes of Risk Maturity Model (RMM) .....................................................85
iv
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Appendix II: Interview guide for assessing risk management practices in EAM.........87
Appendix III: Information Sheet for the questionnaire...................................................89
Appendix IV Questionnaire for assessing risk management practices in EAM...........90
Appendix V Filled questionnaire from Respondent Number 23(R23)..........................93
Appendix VI An example of how responses from the questionnaires were combined for each question.................................................................................................................96
Appendix VII List of respondents.......................................................................................97
Appendix VIII An example of paraphrasing and grouping of the texts.........................98
v
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
ACKNOWLEDGEMENTFirst and foremost I thank the Almighty God for granting me strength,
understanding, speed and direction throughout the pursuit of this program.
My sincere gratitude also goes to my supervisors Myers Frans and Alex Chanza
for their time, input, counsel, support and credible contribution to the success of
this work.
I also appreciate the moral support and encouragement from my husband and
children.
Thanks to Evangelical Association of Malawi for allowing me to undertake this
study in their institution. Special thanks to all the respondents.
Finally I thank all my friends and colleagues who in one way or another
contributed to my successful completion of this dissertation.
vi
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
ABBREVIATIONS AND ACRONYMS AIRMC Association of the Information Resources Management College
APM Association of Project Management
COSO Committee of Sponsoring Organizations of the Treadway
Commission
EAM Evangelical Association of Malawi
DFID Department for International Development
EIU Economist Intelligence Unit
ERM Enterprise Risk Management
FBO Faith Based Organisation
HIV Human Immunodeficiency Virus
HM Her Majesty’s
IEC International Electro technical Commission
IMA Institute Management of Accountants
IRM Institute of Risk Management
ISO International Organisation for Standardization
M-o-R Management of Risk
NGOs Non-Governmental Organisations
PLCs Public Listed Companies
PMI Project Management Institute
PRAM Project Risk Analysis and Management
RM Risk Management
RMM Risk Maturity Model
RS Respondent
SWOT Strengths Weaknesses Opportunities and Threats
TRM Traditional Risk Management
UNECE United Nations Economic Commission for Europe
WDR World Development Report
vii
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
LIST OF FIGURES
Figure 2.1 COSO ERM framework matrix…………………………………...…………….14
Figure 2.2 Risk management process……………………………………………………...17
Figure 2.3 Conceptual framework for the proposed study………………….……………27
Figure 3.1 The research ‘onion’…………………………………………………………..…29
Figure 3.2 Summary of the research process ………………………………………….…37
Figure 4.1 Number of years the study respondents have been in EAM……………..…45
LIST OF TABLES
Table 2.1 Evolution of Traditional risk management…………………...….…………......10
Table 2.2 Generic risk management process……………………………………………..15
Table 2.3 Tools and Techniques for risk management process……..………………….20
Table 2.4 Common risks in Organisations………………………………….……………...21
Table 2.5 Critical success factors for a successful risk management……...…………...23
Table 4.1 Risks faced in EAM………………………….………………………….………...47
viii
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
DEDICATION I wish to dedicate this work to my husband, who through his encouragement I
was able to enrol for this course. His constant reminder and assurance that I
was more than able to complete this course gave me the much needed moral
and financial support to start and complete this course. He was always flexible
and understanding.
I therefore dedicate this work to him as my deep appreciation to him for that
entire he has been to me over this period.
ix
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
CHAPTER 1: BACKGROUND AND INTRODUCTION1.0 IntroductionThe purpose of this study was to assess risk management practices in
Evangelical Association of Malawi (EAM). As a result, this chapter presents
background information on risk management, an overview of EAM, research
problem statement, objectives and research questions, significance of the study
and the overall structure of this dissertation.
1.1 Background Information Organisations, irrespective of their size or business, are under increasing
pressure to improve their risk management practices (Woods, 2012;
Gupta ,2011). Many authors (Harvey, 2012; Gupta, 2011; Malik and Holt, 2013)
agree that though the concept of risk management is not a new phenomenon,
what is of concern is how to improve the process. Others (Cooper, 1999; Gupta,
2011; Schroeck, 2002; Woods, 2012; Wieczorek-Kosmala, 2014) indicate that,
the prime reason for this shift is the increased corporates collapse, financial
crash, technology growth and complex business environment among others.
These cannot be dealt with by a “silo” based risk management approach. Many
attribute the global financial crisis to poor risk management (Li and Wearing,
2012; Ismail et al., 2013) hence an effective risk management approach is
paramount for the success and competitive advantage of any organisation
(Hillson, 2012;Woods, 2012).
Despite the fact that many Enterprise Risk Management (ERM) frameworks
have been developed to aid organisations establish ERM program (Rosenthal,
2008; Woods, 2012) a good understanding of the importance of ERM is still
wanting. This is confirmed by Akotey and Abor (2013) study on insurance
companies that showed eight nine percent of those surveyed demonstrated
compliance to regulation and the need to avoid legal actions as the most
important reason for practicing risk management. As observed from literature
(Hassan and Ali, 2013; Malik and Holt, 2013), a number organisations have
1
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
grasped that ERM has the potential for enhancing competitive advantage.
However, other organisations are still unclear about ERM and as a result they
have not incorporated risk management in their operations.
As demonstrated by recurrent business and project failures, risk management
though still in practice fails to meet its objectives (Fadun, 2013). Hence, this
study seeks to bring to light the risk management practices in EAM, the gaps
and areas of improvement.
1.2 An overview of Evangelical Association of Malawi (EAM)EAM is a Faith Based Organisation (FBO) that exists to unite, mobilize and
empower Churches and Christian organisations for effective and efficient social
and spiritual transformation of the people in Malawi. EAM serves as the
umbrella body whose current membership is 108 organisations comprising fifty
eight Church denominations and fifty FBOs (EAM, 2008). The highest policy
and regulatory body is the General Assembly of all member church
denominations, FBOs and individuals. A board of trustees and a secretariat
management committee serves as the custodian of the vision, implementation
of its objectives and stewardship of its assets. The General Secretary, assisted
by finance and administration manager, program managers and regional
coordinators are accountable for the day to day operations of EAM.
EAM’s main objectives include:
a) Building the capacity of Church denominations and FBOs to participate
actively in national development and provision of social services
b) Promote coordination, networking, sharing of best practices and a common
voice by Churches on major national issues of concern.
c) Promote programs and initiatives committed to the holistic proclamation of
the gospel in the nation through word and deeds.
d) Promote peace and justice for all, cognisant that all are created equal.
2
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
In the current strategy, EAM’s main focus areas of development revolve around;
a) HIV/AIDS interventions
b) Food Security and livelihood
c) Advocacy, peace and justice
d) Leadership development
e) Education
f) Missions and discipleship,
g) Environment and climatic change.
h) Church and community mobilization (EAM,2008)
Besides the member church denominations and FBOs, EAM has several
partners who support and fund their programs. These include; National Aids
Commission ,Tear Fund United Kingdom, Norwegian Church AID, Geneva
Global and Department for International Development (DFID)(EAM,2008).
1.3 Problem statement As argued by Loghry and Veach (2009) and Hassan and Ali (2013), every
organisation faces a certain level of risk every day either due to natural
happenings, calamities, intentional or business decisions. The risks may lead to
gains or losses and that is why management of risk is crucial. In addition, as
stated by Harvey (2015), the rapid and evolution of technology, government
regulations and natural disasters are creating unforeseen emerging risks and
opportunities that have a chance of affecting any firm at some level.
As discussed earlier, EAM is a FBO involved in community development
activities with funding from a cross section of donors. Owning to an increased
donor accountability requirements prompted by the need to demonstrate value
for money (Brown and Moore, 2001; Yasmin et al., 2014), development
organisations such as EAM are faced with a great challenge to demonstrate
this. This demands for sound and robust risk management practices that can
guarantee effective identification and mitigation all risks that are faced by the
organisation.
3
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
According to EAM strategy (2013), EAM is faced with a number of challenges
that include; inadequate commitment of support members, inadequate technical
skills, overdependence on donors, poor documentation skills and as well as
weak monitoring and evaluation systems among others. Beside, EAM operates
in a country whose economy is very volatile with high inflation rates and political
instability all of which poses risks and uncertainties to EAM’s planning and
execution of their program activities (EAM, 2013).
Despite the many activities undertaken by EAM, there no structured risk
management approach. This coupled with a weak monitoring and evaluation
system would pose uncertainties that could hinder the achievement of their
objectives (EAM, 2013). As argued in the World Development Report (WDR)
(2014), mismanaged risks may have detrimental effects on lives, assets, trust,
and social stability and more so among the poor.
1.4 Significance of the studyFaith Based Organisations as argued by Clarke and Ware (2015) and
Hoffstaedter (2013) play an important role in social and economic development
and more so in Africa. Consequently, a proper risk management is an important
development tool for FBOs (WDR) (2014). To effectively manage risks that may
hinder a development agency from achieving its goals, it is crucial to shift from
unplanned and ad hoc risk responses to proactive integrated risk management
approach (WDR, 2014). The purpose of this study is therefore to reveal how
risks are effectively managed in EAM.
Therefore, the results will provide insights to EAM leadership on how to improve
on the current risk management practices. This could lead to increased chances
of success as an institution and enhancement of donor support.
In addition, research findings of this study will add to the body of knowledge on
risk management and more so for FBOs which have limited literature in this
4
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
subject. Finally, the study will provide more room for further studies on risk
management in other organisations.
1.5 Aim and objectives of the researchThe main purpose of the research was to assess the current risk management
practices in Evangelical Association of Malawi and as a result the following
objectives were formulated:-
a) To identify the potential risks in EAM
b) To establish the current risk management practices at EAM
c) To establish the critical success factors for an effective risk management
in EAM
d) To recommend an appropriate risk management framework in EAM.
1.6 Research questionsIn order to achieve the above mentioned objectives and in line with research
topic, the following questions that guided the study were developed:
a) What are the potential risks in EAM?
b) What are the current risk management practices in EAM?
c) What are the critical success factors for risk management in EAM?
d) What are the gaps in the risk management practices at EAM?
1.7 Structure of the study This section outlines the content of the different chapters and sections. The
dissertation is organized into five chapters.
Chapter one gives an overview of background information on risk management
and EAM, the research problem, the objectives of the research, significance of
the study and the overall structure of this dissertation. Chapter two critically
reviews the existing literature on risk management and relevant studies
undertaken in the context of this research and concludes by giving the
conceptual frame work of the study. Chapter three outlines the study
methodology frame work. The chapter discusses the research philosophy,
5
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
research approach, strategy, sampling techniques, sample size and procedures
for collection and analysis of data. Chapter four presents the results of the
study, an analysis and discussion of the results. Chapter five provides
conclusion and recommendations, limitations of the study as well as areas of
further research.
1.8 Summary of chapter oneAs discussed earlier, risk management process and practices are wanting and if
development organisations have to meet their objectives, risks have to be
effectively managed. Risk management is a powerful development tool hence
risk management need to be an integral part of any institution. Therefore the
need for an assessment of risk management practices in EAM.
Having provided the background information on risk management, the problem
statement, the research objectives and the rationale of the study; the following
chapter reviews relevant literature in line with risk management practices and
tries to identify the gap in knowledge.
6
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
CHAPTER 2: LITERATURE REVIEW
2.0 IntroductionThe purpose of this study was to assess the risk management practices at
Evangelical Association of Malawi hence this chapter endeavours to provide the
fundamental findings from literature and other studies on risk management
practices. The literature review critically looks into the definitions of risk,
uncertainty and risk management, traditional and integrated risk management
approaches, ERM process, tools and techniques for risk process, identifies the
potential risks and critical risk factors for a successful risk management. The
review further identifies the gaps in knowledge. The literature consulted was
mainly from books, academic journals and relevant reports.
2. 1 Definitions of Risk and UncertaintyToday, organisations operate in a more dynamic and uncertain environment
and as such they are exposed to all kinds of risks, thus making risk an important
aspect of any entity’s strategy.
Consequently, as argued by (Hillson, 2012), for risks to be managed well, there
must be a clear understanding of what risk is. This is evidenced by Hameeda
and Al-Ajmi (2012) study that established that, the risk management practices
were depended on the degree to which the managers had a vibrant
understanding of risk and risk management.
However, there exists confusion between the terms risk and uncertainty
resulting to the terms being used interchangeable though they differ from each
other (Hillson, 2012).
A number of authors (Hillson, 2012; Elahi, 2013; Maylor, 2013) have almost
similar views on uncertainty and defines uncertainty as the occurrence of an
event whose probability is unknown and in which people have no or limited
information. Still Hillson (2012) further considers risk as a subset of uncertainty
while alluding that all uncertainties are not necessarily risks.
7
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
A wide range of definitions of risk exist as observed from literature (Hillson,
2012; Woods, 2012; Maylor, 2013; Project Management Institute(PMI), 2013)
signifying a wide view on risk still exists. Despite of this, Hillson (2012)
maintains that a clear definition of risk is critical for an effective risk
management.
Hillson (2012,p.7), PMI (2013,p.310) and International Organisation for
Standardization (ISO) 73 guidelines have a similar opinion of risk as the
uncertainty whose occurrence affects the attainment of the organisational goals
either positively or negatively. Maylor (2013, p. 219) defines risk “as uncertainty
intrinsic in plans that can affect the prospects of achieving business”.
Schroeck (2002) and Gupta (2011), bears similar view on risk as possibility of
deviancy from the expected outcome. However Dinu (2014,p.157) broadens the
definition and defines risk “as the probability or threat of damage, injury,
liability, loss, or any other negative occurrence as result of external or internal
vulnerabilities, and that may be avoided through pre-emptive actions”. This
definition by Dinu (2014) closely resonates with the realities faced by many
organisations.
However, despite the varied definitions, all have similar opinion that risk has two
distinct features; that is uncertainty and consequences (Hillson and Murray-
Webster, 2004.)
Hillson (2012) and Woods (2012) suggest that since uncertainties are
unpredictable, there is need for holistic approach that does not only seek to
evade the risks but grasp the opportunities for the advancement of the
organisational objectives. This is supported by Gupta’s (2011) view on risk as
being the lifeblood of every organisation.
As stated by (Dinu, 2011; Bezzina et al., 2012; Hillson,2012), risk is inevitable in
any organisation and as result this research adopts risk as an uncertainty of a
consequence that has either positive or negative outcome that has to be
effectively managed for the success of the organisation.
8
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
2.2 Risk management practices As observed in the above section (2.1), just as there is no universal description
of risk, there is no universal definition of risk management. Hillson (2012) and
PMI (2013) have a similar approach to risk management to include all the
activities undertaken to manage risk including risk planning, identification,
analysis, responses planning, implementation, communication and review.
Noticeably, Elahi’s (2013) definition is not far from them as it describes risk
management as process that includes all the activities that an organisation does
to effectively manage the identified risks and all the efforts undertaken to make
the organisation more resilient to risks.
Dinu, (2014, p.157) define risk management “as the process of identification,
analysis and either acceptance or mitigation of uncertainty in any decision-
making”. In addition, Hillson (2012) emphasizes the need for the appropriate
policies, resources, organisational risk culture, management support and
infrastructure.
Several authors (Carey, 2001; Benta et al., 2011; Hillson, 2012; Bezzina et al.,
2014) suggest that, these practices should not be intended to eliminating risk
but effectively manage risks in a manner that enables the organisations to
achieve their goals. This is supported by Bezzina et al.(2014) study that
established that ineffective risk management practices contributed greatly to the
worldwide economic down turn. In addition Gupta (2011) study on Indian
companies also established that an effective risk management improved
organisational performance.
As evidenced from the above definitions, risk management is a systematic
process intended to manage risks. It comprises of identifying, analysing,
monitoring and controlling risks, reducing negative effects and enhancing the
opportunities. However, as observed by Wieczorek-Kosmala (2014), there are
two distinct approaches to risk management; traditional (“silo”) risk
management and an integrated systematic risk management. As a result, the
9
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
following section discusses the traditional risk management as well as the
integrated systematic risk management processes.
2.3 Traditional “silo” risk management approachSimona-Iulia, (2014) define Traditional Risk Management (TRM) as a
manager’s or administrative role in which that have to plan, organise, lead and
control the organisation’s activities. The TRM is aimed at minimising the
negative effects of accidental and business losses of that organisation at
realistic cost. Wieczorek-Kosmala (2014) has almost a similar view on a
traditional risk management as a process that aim to identify measures and
treat exposures to potential unintended losses. Study by Simona-Iulia (2014)
showed that the TRM has evolved over time as shown on table 2.1. In the ‘70s,
the focus was mainly on financial risk and accidental risk. In the ‘80s, market
risk was added but in the following years started to consider keys risks affecting
entities such as strategic risk, operational risk, financial risk, and accidental risk
(Simona-Iulia, 2014).
Table 2.1 Evolution of Traditional risk management (Adopted from: Simona-Iulia 2014, p.280)
The ‘70s The ‘80s The ‘90s
credit risk Market risk Strategic risk
Operational risk
Accidental risk Credit risk Financial risk
Accidental risk Accidental risk
As observed from literature (Simona-Iulia, 2014; Wieczorek-Kosmala, 2014),
TRM result to viewing risk from a negative perspective that is limiting and
ambiguous. This could lead to a bias approach to risk management while on the
contrary, risk may manifest itself as either negative or positive or both (Hillson,
2012; Fadun, 2013). As Cretu et al. (2011) argue biasness towards risk as a
bad thing forces business/organisations to miss great opportunities. Focusing
mainly on threats and losses as Fadun, (2013) and Simona-Iulia, (2014)
observe only few organisations view risks as potential opportunities. As
10
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Wieczorek-Kosmala (2014) note, the risk responses in a TRM are directed
towards reducing the loss frequency or loss impact which is achieved either
through risk avoidance, risk prevention or risk repression and financial risk
control tools.
Both Lai and Lau (2012) and Dornberger et al., (2014) argue that “silo”
approach leads to closed thinking with some departments of the organisation
failing to share information thus making risk management function parallel to
other business functions.
Other studies by Abrams et al. (2007) and Jalal-Karim (2013) have evidenced
that a "silo" approach or a segmented risk approach is not a proficient method
for managing the innumerable types of risks/threats that are faced by
organisation. Hence, following section discusses an integrated risk
management approach.
2.4 Enterprise Risk Management (ERM)ERM is a global subject that has gained great interest (Jalal-Karim, 2013).
Different authors use numerous synonyms for ERM namely; integrated risk management (IRM), holistic risk management, global risk management and strategic risk management (Hoyt and Liebenberg, 2011; Simona–lulia,
2014). However this research uses ERM is for consistency.
Many definitions do exit for ERM;
COSO (2004) defines ERM as "a process, effected by an entity's board of
directors, management and other personnel, applied in strategy setting and
across the enterprise, designed to identify potential events that may affect
the entity, and manage risk to be within its risk appetite, to provide
reasonable assurance regarding the achievement of entity objectives"
(COSO, 2004, p.2)
According to Jalal-Karim, (2013) ERM is the process of identifying and
analysing risk from an integrated, organisation-wide approach.
11
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
As Carroll (2016) and Abrams et al. (2007) suggest, that ERM must be
comprehensive and entity-wide whose effectiveness is governed by strength
and grip of its practices and processes.
As noted by Abram et al. (2007) the various ERM definitions share critical aspects namely;
(i) Integrated-ERM that cover the all lines of business/operations.
(ii) Comprehensive-ERM that must include all types of risk.
(iii) Strategic-ERM that must be affiliated with overall business/organisational
strategy.
However, the ERM framework highlights two distinct elements of the risk
management process: corporate governance and internal control. The
corporate governance element focuses on the need to place the obligation of
risk management on the management board. The internal control includes
internal control aspects such as policies, responsibilities, and other aspects of
an organisation that support the risk management process (Wieczorek-
Kosmala, 2014).
As argued by Elahi (2013) and Woods (2012), one of the challenges in ensuring
a successful ERM strategy is making ERM an organisation wide issue. This is
confirmed by COSO (2010) study on executives leading risk management in
their organisations that found that only 28.2 % of 460 respondents had a
systematic risk management process while sixty percent had an informal and ad
hoc process. In addition Harvey (2015) study established that several
organisations especially small entities had not yet embraced ERM mainly due to
cost and difficulties involved in the process. Malik and Holt (2013) study found
people’s perception of risk, organisational risk culture and risk technology as
other factors affecting ERM adoption while Zhao et al. (2014) study found
insufficient resources (time, money, and people) as a significant limitation to
ERM.
12
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
However, the benefits of ERM over the “silo’’ type risk management approach
outweigh the challenges as evidenced by several authors (Carey, 2001; Hillson,
2012; Elahi, 2013; Fadun, 2013). For example, as demonstrated by Hillson
(2012), ERM allows integration of risk management at all levels, which is an
essential factor since there exist a hierarchy of objectives at all levels of an
organisation which may be affected by uncertainties. In addition, as stated by
Majdalawieh and Gammac (2005), a wide approach allows ERM to be
implemented in dynamic manner that ensures all barriers are eliminated with an
ultimate purpose of creating value. This is confirmed by Gupta’s (2011) study of
risk management in Indian companies established that companies with an
ineffective risk management had not mingled risk management practices into
the corporates strategy in addition to limited use of information technology. Ping
and Muthuveloo (2015) study still found that implementation of ERM influenced
firms’ performance. Waweru and Kisaka (2013) study further established that,
the level of ERM execution in the study companies had a positive correlation
with the value of the companies. Hence most companies viewed ERM
implementation as part of the business strategic plan other than a compliance
requirement.
On the contrary to this; McShane et al. (2011) study found no additional value
for firms with higher ERM rating as opposed to those firms with increased levels
of traditional risk management.
However, as evidenced, risks still need to be managed in a systematic process
and several frame works have been developed to aid organisations hence the
following section discusses some of those frameworks.
2.5 Enterprise Risk Management FrameworksSeveral international frameworks and standards have been developed to help
organisations evaluate, develop and improve their organisational ERM
capability (Malik and Holt, 2013) such include;
13
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Committee of Sponsoring Organisations of the Treadway
Commission(COSO) (2004) ERM framework (COSO, 2004);
International Standards of Organisations (ISO) 31000:2009 (United
Nations Economic Commission for Europe (UNECE), 2014);
International Electro technical Commission (IEC)/ISO 27001:2005
(UNECE, 2014) ;
Protiviti Risk Model (Malik and Holt, 2013)
These standards provide common universal language and embody best
practice in risk management. Some standards deal with specific category of risk
or different steps of the risk management process (UNECE, 2014). Though
studies (COSO, 2004; Malik and Holt, 2013) show that ISO and COSO ERM
framework are the most widely used, this study briefly discusses COSO
framework.
The COSO ERM framework is provided in three-dimensional model to help
organisations understand enterprise risk as shown on figure 2.1
Figure 2.1 COSO ERM framework matrix (Adopted from COSO, 2004, p.5)
14
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
As shown on figure 2.1, the first dimension entails eight horizontal rows that
highlight eight risk components (internal environment, objective setting, event
identification, risk assessment, risk response, control activities information and
communications, monitoring). The second dimension presents the strategic
objectives of ERM namely strategic, Operations, Reporting and Compliance.
Lastly the third dimension denotes the organisational units namely entity,
division, business and subsidiary level (COSO, 2004).
The COSO framework networks the risk management process to the
organisational structure and strategic planning thus provides a clear direction on
ERM process (UNECE, 2014). Hence the following section discusses the main
risk management steps.
2.6. Enterprise Risk Management processAs stated by Smith et al. (2009) risk management process is a set of
procedures that an organisation establishes to provide guidelines in risk
management. Though the process depends on the type of operations (Harvey,
2012), it can be noted that the process has evolved over time as evidenced by
the varied steps from several authors shown on table 2.2. However COSO
(2004) asserts that an effective ERM ought to follow eight stages namely control
environment, objective setting, risk assessment, risk response, control activities,
information, communication and monitoring.
Table 2.2 Generic risk management process (Adopted from Hillson, 2012, p.29)
INFORMAL PROCESS STEP
FORMAL PROCESS STEP
APM Body of Knowledge; APM Project Risk Analysis and Management (PRAM) Guide
PMI PMBOK Chapter 11 Project Risk Management; PMI Practice Standard for Project Risk Management
AS/NZS 4360:2004 Risk Management [also ISO/DIS 31000 Risk Management – Principles and Guidelines]
Management of Risk (M_o_R)
IRM Risk Management Standard
BS31100:2008 Risk Management – Code of Practice
Getting started
Risk process
Initiate Plan risk management
Establishing the context
Identify context
organisation strategic
Risk context
15
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
initiation
objectives
Finding risks
Risk identification
Identify Identify risks
Risk identification
Identify risks
Risk identification risk description
Risk identification
Setting priorities
Qualitative risk assessmentQuantitative risk analysis
Assess Perform qualitative risk analysis perform quantitative risk analysis
Risk analysis risk evaluation
Assess Risk estimation risk evaluation
Risk assessment
Deciding what to do
Risk response planning
Plan responses
Plan risk responses
Risk treatment
Plan Risk treatment
Risk response
Taking action
Risk response implementation
Implement responses
- Implement
Telling others
Risk communication
- - Monitor & control risks
Communication and consultation
Communicate
Risk reporting
Risk reporting
Keeping up to date
Risk review
Manage process
Monitoring and review
Embed and review
Monitoring and review
Risk review
Capturing lessons
Post project review
-
Though as evidenced on table 2.2 that different authors offer a varied risk
management process; the dominant observation is that all seem to have a
similar approach. Hence this study discusses the key steps of the risk process
in the following sub sections as shown on figure 2.2.
16
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Figure 2.2 Risk management process (Adapted from Woods, 2012)
2.6.1 Establishment of the contextThough many authors omit this step in their risk process as evidenced on table
2.1, it is very important to establish the context under which risk management is
undertaken. However, Hillson (2012) designate this step as the risk
management planning. The context comprises the objectives, the criteria,
measures of success or failure, and resources (Emblemsvåg, 2010) in addition
to culture and risk attitude (Woods, 2012). As Emblemsvåg (2010) argue
clarification of objectives and parameter is crucial as risks arise in pursuit of
objectives.
2.6.2 Risk identificationOnce the context is established the next step is risk identification. Tachankova
(2002) argue that risk identification is the most vital step. This is confirmed by
Hameeda and Al-Ajmi (2012) study that examined the risk management
practices of conventional and Islamic banks in Bahrain and established that an
efficient risk identification was a determining factor in risk management
practices. Tachankova, 2002 and Hillson (2012) agree that this has to involve
identification of hazard factors, risks exposure, sources of risks, perils, factors
affecting the organisational resources and the hindrances to achievement of the
17
Establish Context
Risk analysis
Assess and evaluate
Risk Treatment
Identification of risks
Communicate and consult Monitor and Review Context
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
firm’s objectives. Simona-Iulia (2014) further emphasis that every company
personnel must know risk Identification and understand the risk factor as
effective risk management reduces the negative impact on the organisation.
Theil and Ferguson (2003) and Dornberger et al. (2014) have a similar view on
risk identification as the most difficult step. Dornberger et al. (2014) study further
recognised that most problems of the RM process occurs during this step as it
is done by a team that has to identify all the risks, uncover all risks and learn the
techniques for risk identification. Contrary, Harvey (2012) found that many firms
fall short of this step by failing to focus on strategic risks but on hazards and
operational risks. As noted by many, risk identification is a continuous process
as other risks may appear later (Hillson, 2012; Dornberger et al., 2014).
However, Driscoll (2014) study found that only nineteen percent of
organisations studied had an effective ERM process that could identify risks not
encountered before.
2.6.3 Risk assessment and evaluationHarvey (2012), Hillson (2012) and UNECE (2012) agree that the risk
assessment and evaluation should involve evaluation and prioritization of the
identified risks in relation of their probability of occurrence and the
consequences. As Institute Management of Accountants (IMA) (2007) argue
after risk assessment organizations should also reflect on the residual risk. A
residual risk can be defined as the remaining risk after mitigation measures
have been put in place to address the initial identified risks (IMA, 2007).
2.6.4 Risk treatment The four main accepted strategies include risk retention, mitigation, avoidance
and transfer. In consideration to the business’s risk tolerances and risk appetite,
specific action plans are developed to address the identified risks
(Emblemsvåg, 2010; Hillson, 2012; Harvey, 2012). Benta et al. (2011) and
Hillson (2012) further argue that both threats and opportunities should be
addressed appropriately.
18
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
2.6.5 Risk monitoring, review and communication Bharathy and McShane (2014) argue that one way of ensuring that silo
mentality does not develop is to ensure effective communication within internal
and external stakeholders. Accordingly, the risk management process in ISO
approach added another step that deals with communication and consultation at
each stage (Wieczorek-Kosmala, 2014).
Fadun (2013) further claim that, regular review of risk exposures may prevent
risk management incremental failure. Nielson et al. (2005), Harvey (2012) and
Hillson (2012) agree on the need for regular risk monitoring and reporting to all
stakeholders for an effective RM. As Ismail et al. (2013) state, proper control
systems for managing and controlling the risks should be established and
regularly reviewed.
Harvey (2012) highlights continuous risk monitoring and communication as one
of the furthermost significant aspect in the risk process. This is supported by
Ping and Muthuveloo (2015) study that confirmed that monitoring by the board
of directors as one of the factors that significantly influenced the relationship
between risk management and the organisational performance. In addition,
Ismail et al. (2013) study established that the risk identifications and reporting
were crucial in ensuring the survival of the firm and the market value.
Harvey (2012) applauds the involvement of internal and external audits who
would give unbiased report to the executive.
For the success of every step of the risk process, appropriate tools and
techniques have to be used hence the following section briefly outline tools and
techniques.
19
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
2.7 Tools and techniques for risk managementThere are many available tools and techniques for risk management at every
step as shown on table 2.3. However it has been established that for
effectiveness of the tools, more than one tool/technique should be used in each
of the step (Hillson, 2012, IMA, 2007). In addition, the right people with the
appropriate skills and knowledge must be involved (Hillson, 2012). According to
IMA (2007) the end result of risk process is a risk language that is specific to the
organisation.
Table 2.3 Tools and techniques for risk management process (Adapted from Hillson, 2012: PMI, 2013)
Steps of risk management process
Appropriate tools and techniques
1. Understanding the context Analytic techniques, review meeting, expert judgment
2. Risk Identification Braining storming, interviews, workshops, review meetings, expert judgment, document reviews, information gathering techniques, checklist analysis, risk register, assumptions and constraint analysis, Delphi technique ,SWOT analysis
3. Risk analysis Qualitative Risk Analysis:-Risk probability and impact assessment, probability- impact matrix, risk categorization, expert judgment, Top Ten Risk Item TrackingQuantitative Risk Analysis:-Data gathering, decision tree analysis, sensitivity analysis ,quantitative risk analysis, modelling techniques, expert judgment
4. Risk assessment and evaluation
Risk reassessment ,risk audits, variance and trend analysis, technical performance measurement, review meetings
5. Risk treatment Strategies for threats, strategies for opportunities, contingent plans, response strategies, expert judgment
6. Risk monitoring and control Risk response audits, periodic risk reviews, earned value analysis, variance and trend analysis
7. Risk review and communication
Risk reports and communication, risk review workshops, review meetings
For risk to be managed they have to be identified hence the following section
discusses the key potential risks in many institutions.
20
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
2.8 Common risks in organisations Different frameworks (UNECE, 2014) categorise risk differently but this study
has grouped them into eight categories a stipulated on the table 2.4.
Table 2.4 Common risks in Organisations (Adapted from HM Treasury, 2009)
Risk category Main risky issues
Political Effects of change of government, change of national policies
Economic Economic stability to attract and retain competent personnel,
inflation rates and foreign exchange rates, effect on costs of
transnational transactions, effects of global economy
Socio cultural Socio cultural effects on delivery of services, effects of
demographic change
Technological Obsolete or current systems, cost of procuring and management
of technology
Legal/regulatory Legal/regulatory requirement or laws such as on safety or
employment terms
Environmental Effects of natural disasters such as floods, earthquake, drought,
climate change
Strategic All risks related to strategy, policies, reputation risk, management
of risk, leadership
Operational
risks
Threats that an organisation faces in managing day to day
operations related to human, service delivery, business
processes, technology, project continuity, customer’s
/stakeholders satisfaction, health and safety; reporting and
communication
Financial risks This includes frauds, inadequate or constrained funding, poor
budget management, donor dependency, donor fatigue
As cited in Ennis (2015) Deloitte's 2014 reputation risk survey, eighty seven
percent of the three hundred global executives surveyed regarded reputation
risk as the most significant risk that faced in their companies. The same report
also cites a 2012 World Economic Forum report that found that, on average,
more than twenty five percent of a company's market value is positively
correlated to its reputation (Ennis, 2015). This could be confirmed by Haron et
21
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
al. (2015) study Islamic banks in Murabaha that established that reputation risk
affected their stability and performance like any other institution. Contrary,
Gaudenzi et al. (2015) study reviewed that though reputational risk is
considered to be grave, in practice no particular attention had been paid to
address the specific reputation risk sources.
Operational risk is found to be indisputable and managing it is essential for the
effective overall management of an organisation (Schwartz-Gârliste, 2013). This
is supported by Dardac and Chiriac (2010) study that established that
operational risk as a significant source of loss especially to financial institutions.
Woods (2012) study viewed regulatory risk to be the most second significant
risk for most executives as failing to comply with set regulations could result to
huge penalties.
2.9. Critical success factors (CSFs) for effective risk managementCritical success factors (CSFs) are defined differently depending on the context.
Yaraghi et al. (2011) define CSFs from three perspectives notably:
(i) as the factors that have an effect on the inclination and willingness of a
firm to implementing Risk Management Systems(RMS);
(ii) as important factors in a firm that can significantly affect the success of
RMS design and implementation;
(iii) the factors that are significantly imperative to effectively run, maintain,
and administrate RMS after the closure of the project of RMS design and
implementation
Chileshe and Kiwasi (2014) view CSFs as requisite aspects which organisations
have to put in place in order to achieve their mission and objectives.
However, this study define CSFs as the crucial drivers of a successful risk
management practices without which as asserted by Hillson (2012)
effectiveness of the process is hindered.
22
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
A number of studies have identified different CSFs as shown on table 2.5.
Table 2.5 Critical success factors for a successful risk management
Authors Critical Success Factors
Campbell (2015) Leadership Governance
Rahma et al (2015) Leadership Training programme Use of technology Entrepreneurship orientation Accounting information
Chileshe and Kikwasi( 2014)
Management style Awareness of risk management process Teamwork and cooperation Cooperative culture Customer requirement Positive human dynamics
Carey (2001) Sound judgement Identification of issues Keep control and reputation Assessing the important risks Verifying judgement Embedding risk Change management Cultural challenges Remuneration issues Management not elimination
Hillson (2012) Process design Facilitation Resources Infrastructure Risk Culture Management support
Driscoll, 2014 Build a reliable and repeatable risk process Monitoring and regular reporting to the board and top
executives. Training the board and managers on common risk
language and concepts. Ensure the visibility of new or growing risks Creatively build a risk -intelligent culture. Demonstrating the potential financial impact of a
strategic risk. Ensuring strategic plans have plans that address
identified strategic risks. Leverage technology for uniformity, collaboration, and
risk correlation.
23
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
However this study discusses the following critical success factors deemed
necessary for successful risk management.
2.9.1 Management support As many (Hillson, 2012; Hung, 2012) agree risk management should be led
from the top for the success of the process. As Hillson (2012) suggest, the top
management support is evidenced by allocating adequate resources, appointing
a risk manager, using risk information in decision making and acknowledgement
and appreciation of risk takers.
2.9.2 Development of a risk policy A policy statement primarily asserts the management’s support to risk
management in addition to facilitating the risk management process and giving
authority to the risk manager (Hung, 2012).
2.9.3 Establishment of an appropriate structure and infrastructure A suitable structure that is applicable to the organisation and the context has to
be put in place as any successful risk management. The structure ensures a
risk strategy, roles, rules; guidelines and techniques are clearly stipulated
(AIRMIC, Alarm, IRM, 2010). Further, an appropriate infrastructure should be in
place to support the risk process. However, it will be determined by the level of
risk implementation and availability of resources. This could include buying of
software, tools and techniques, staff training, allocation of resources and so
forth (Hillson, 2012).
2.9.4 Organisational risk management culture Organisational risk management culture looks into the values, beliefs, views
and the understanding about risk, that are collectively shared by a group of
individuals in that particular organisation. Every entity should endeavour to be
risk aware and in a position to recognise the risk takers (Hillson, 2012). As
Hillson (2012) further argue, a mature organisation risk culture should be a
robust proactive risk management approach that is wide spread at all levels.
24
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
2.9.5 Effective facilitationHillson (2012) suggest the need for a skilful and knowledgeable facilitator that
has technical risk competences as well as people skills. This person may
assume different titles such as risk champion, risk manager among others
(Hillson, 2012).
2.9.6 Resilience BELOBROV (2014) recommend recognition of resilience as a crucial CFS for
improving risk management among business entities. This is because
organisations operate in complex environment characterised by economic crisis
and increased competition.
Organisations at some point may wish to assess their risk management
practices hence following section discuses briefly a framework that could be
used for such.
2.10 Framework for benchmarking Risk management practices As Hillson (1997) and Hopkinson (2011) agree organisations which desire to
improve or assess their risk management approach require a framework to
measure their current practices. Several empirical studies (Elmaallam and
Kriouile, 2012) have used a number of models to test the maturity of risk
management practices in different fields. Hillson (1997) developed a risk
maturity model (RMM) that has been adopted by others (Hopkinson, 2011). The
Hillson model matrix is designed to assess risk management capacity against
four levels with each with each attributes as shown on appendix I. These
attributes may help an organisation to develop risk management competences.
2.11 Gap in Knowledge Despite various studies on risk management and as observed by Khattab and
Hood (2015), risk management practice is still a business practice that is under-
researched in the developing countries. Furthermore studies that have
25
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
examined risk management practices globally have had limited focus on risk
management practices in FBOs. Based on the literature review, majority of
earlier studies on risk management have majored on finance sector and
insurance industry (Mersland, 2011; Singh, 2012; Zerai and Rani, 2012; Akotey
and Abor, 2013; Nar, 2014; Nikita, 2014). There is no prior research on risk
management practices in EAM hence this study is timely and the results will
provide insights on how to improve on the current risk management practices.
This will raise value of EAM among stakeholders and increase its chances for
success and competitive advantage. In addition the research will create an
opportunity to noticeably further knowledge in the area of risk management and
will provide more room for further studies on risk management in other
organisations.
2.12 Conceptual frameworkBased on the related literature discussed earlier, a conceptual framework for
this study was developed as shown figure 2.3. This study suggests independent
variables namely value of risk management, risk management practices,
enterprise risk management and risk management process while risk
management is the dependent variable.
26
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Figure 2.3 Conceptual framework for the proposed study
2.13 Summary of chapter two As earlier discussed, risk and risk management have to be clearly understood
for any successful risk management. In order for an organisation to achieve its
goals, risk management should be integrated throughout all the aspects of the
organisation. Risk management process ought to be iterative and systematically
undertaken. All potential risks that would affect the achievement of the
organisational objectives have to be identified, analysed and appropriate risk
responses implemented and monitored continuously.
As the process of risk management is rather abstract, several risk management
standards, such as COSO, ISO 3100 have been developed. The guidelines
offered by these standards are broadly applicable in any organisation and
different context. However several prerequisite factors such as top leadership
27
Effective risk management
Risk management process
Enterprise/Integrated Risk Management
Risk Management practices
Value of risk management
Critical success factors
Risk management tools and techniques
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
support, risk culture, infrastructure has to put place for any successful risk
management. A risk maturity model could be used by any organisation to help
assess and improve on their current risk management practices.
Having reviewed the relevant literature the following chapter looks into the study
methodology.
28
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
CHAPTER 3: RESEARCH DESIGN AND METHODOLOGY3.0 Introduction The purpose of the study was to assess the risk management practices at
Evangelical Association of Malawi and as result this chapter describes the
research methodology in relation to the steps highlighted in the research ‘onion’
as shown on figure 3.1. It discusses in details the research philosophy, research
approach, research strategy; time Horizon, data collection and data analysis
techniques that have been used. A summary of the research process is shown
on figure 3.2. In addition, issues of validity, reliability and research ethics have
been tackled.
Figure 3.1 Research ‘Onion’ (Adopted from Saunders et al., 2015, p. 108)
3.1 Research Philosophy As stated by Saunders et al. (2015), a research philosophy represents a set of
beliefs and assumptions about the development of certain information in a
specific domain. Saunders et al. (2015) further state that, research philosophy
undertaken in any study shapes the choice of the research methodology,
strategy, data collection tools and the data analysis procedures. As observed
29
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
from the outer layer of the research ‘onion’ as shown on figure 3.1, there are
basically four research philosophies namely; positivism, realism, pragmatism
and interpretivism all of which hold varied assumptions as far as ontology,
epistemology and axiology is concerned (Saunders et al., 2015).
3.1.1 PositivismIn this philosophy researcher advocates that view of the nature of reality
(ontology) to be external, objective and independent of the study objects.
Furthermore, only observable phenomena can offer reliable data and facts and
research is undertaken in value free (objective) and results can be generalised.
The purpose of the research using positivism is to test theories and hypotheses
(Saunders et al., 2015).
3.1.2 RealismRealism philosophy unlike positivism advocates that the scientist’s
conceptualization is simply a way of knowing the reality. The researcher’s view
of the world is objective and free of human thoughts and beliefs or knowledge of
their existence (realist), but is interpreted through social conditioning. The
observable phenomenon can provide credible data and facts (Saunders et al.,
2015).
3.1.3 Pragmatism Pragmatism philosophy belief that the world view is external and multiple in
which the best is chosen to answer the research question(s). Either observable
phenomena or subjective meaning could provide credible data and facts chosen
to best enable answering of research question. Value plays a big role in data
interpretation (Saunders et al., 2015).
3.1.4 InterpretivismInterpretivism contrasts positivism in which it is believed that the world is
socially constructed and hence subjective. This Philosophy is concerned with
how social entities make sense of the world around them and focus more on the
30
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
details of the situation. The researcher interacts freely with the research objects
and as a result, the researcher is research bound (Bryman, 2008; Saunders et
al., 2015).
Guided by the purpose and the research questions of this study, an interpretivist
philosophy was adopted. This is because the researcher had to gather an in-
depth analysis of risk management practices in EAM. The research was value
bound as the researcher was part of the research (Crowther and Lancaster,
2012; Saunders et al., 2015). Additionally, the researcher had to seek to
understand and interpret the meanings the respondents attach to risk
management practices in EAM. The researcher considered reality of risk
management in EAM to be socially constructed, hence subjective. As such, the
success or failure of risk management depended on the perspectives of the
subjects understudy. The practices could be observed in diverse ways by
different people (Saunders et al., 2015). The researcher focused on making
sense or meanings from the data collected as opposed to positivist that focus
on facts (Gray, 2010). As far as ontology is concerned, the study is subjective
as the researcher holds that the social phenomena under study can be created
from the views and activities of those under study as opposed to objectivism in
which social entities exist independent of social actors (Saunders et al., 2015).
3.2 Research Approach There are basically two research approaches; deductive and inductive.
Deductive approach is a scientific research approach in which theories and
hypothesis (hypotheses) are first developed and then tested as opposed to an
inductive approach, in which data is first collected and theories developed
after data analysis (Fisher ,2011 ; Saunders at al., 2012).
The current study adopted an inductive approach. This approach was
appropriate for this study because the researcher was interested in
understanding the risk management practices in EAM and the context (Fisher,
2011; Saunders at al., 2012). As a result, the researcher formulated concepts
31
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
after analysis of the collected data (Saunders at al., 2012). In addition the
inductive approach provided some flexibility in determining the sample size,
data collection methods used and types of data collected (Crowther and
Lancaster, 2009). As noted in other studies (Leech and Onwuegbuzie, 2009;
Saunders et al., 2015) of this tradition, this study was not aimed at making
statistical generalizations but rather to obtain insights into risk management
practices in EAM and the context.
3.3 Research strategy There are several research strategies as shown on the research ‘onion’ figure
3.1. However, guided by the current research questions and objectives and the
philosophy adopted in this study, a case study strategy was found to be
appropriate.
A case study research strategy embroils a first-hand investigation of the study
phenomenon within its real life context in which multiple sources of evidence
can be used (Saunders et al., 2015).
Therefore, case study strategy in this study enabled a first-hand investigation of
risk management practices in EAM within its real life context contrasting
experiment strategy where the context is controlled (Saunders et al., 2015).
Moreover, case study strategy facilitated an in-depth analysis of the risk
management practices and offered some level of flexibility that is not possible
with other qualitative approaches such as grounded theory. The strategy
provided a chance to answer the how, why and what questions that was
necessary for the analysis of the risk management practices in EAM (Willing,
2008; Saunders et al., 2012). This is contrary to survey strategy that seeks to
answer who, what, where, how many, how much (Gray, 2010). The data
collected by the case study strategy is more wide-ranging as opposed to data
collected through other strategies such as survey (Saunders et al., 2015). Other
advantages included the possibility of collection of data from multiple sources
(triangulation) (Rowley, 2002; Saunders et al., 2012). As Whitley and Crawford
(2005) state, triangulation helps to check on validity by allowing cross-
comparison so that similarity and inconsistency can be assessed.
32
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
3.4 Time HorizonThis study employed cross-sectional design rather than longitudinal. This
implies that the study phenomenon (risk management) was studied at a precise
point of time that is from August 2015 to May 2016 as opposed to longitudinal
study that is carried out over a prolonged period of time (Saunders et al.,
2015).The cross-sectional design was due to time and resources constraint on
the side of the researcher. Moreover, there was no need for comparing risk
management practices over time as the study was aimed at establishing the
current practices in EAM.
3.5 Data collection techniques There exist two main sources of data that is primary data and secondary data.
Primary data is the fresh data that is collected for the purpose of the study
undertaken while secondary is that which already exists in books, reports,
organisational reports and so forth (Collins and Hussey, 2003).
There are various data collection techniques for collecting primary data such as
interviews, journals, observations and questionnaires (Zohrabi, 2013; Saunders
et al., 2015). Primary data collected in this study was qualitative in nature
because of the purpose of the study was to assess the risk management
practices in EAM. Secondary data relevant for this study was collected from
EAM documents, journals, reports and text books.
The study employed the following data collection techniques.
3.5.1. Document review Several EAM documents, reports, journals, books were reviewed as source of
secondary data. This helped to compare the collected/primary data with the
secondary data in addition to aiding triangulation of the research findings
(Kothari, 2008; Crowther and Lancaster, 2012; Saunders et al., 2015).
3.5.2 Face to face interviewsInterviews are extensively used for collecting qualitative data. This is mainly
because they help the researcher to get information directly from the
33
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
respondents in addition aiding the researcher to understand what and how
people perceive the world around them (Zohrabi, 2013). As Saunders et al.
(2015) suggest, interviews could be either structured, semi structured or
unstructured or in-depth interviews. Contrary to this, Zohrabi,(2013) categorise
interviews as informal conversation, interview guide approach, structured open-
ended or closed response interviews.
Owning to the interpretivist philosophy adopted and the purpose of the study in
addition to the exploratory nature of the study, a semi-structured and an in-
depth interview (interview guide approach) was found to be suitable. This
approach provided an opportunity to the researcher to enter the world of the
participants and gather in-depth information on risk management in EAM
relevant to the research questions and objectives (Pitney, 2009; Saunders et
al., 2015). The approach further gave the researcher a chance to compare and
contrast the collected data. Further, the process was organized, conversational,
flexible and enabled great amount of data to be collected (Zohrabi, 2013).
The in-depth and semi-structured interviews enabled the interviewees to
discuss freely their feelings and attitudes and provided an opportunity to gather
more information not previously considered (Lai and Lau, 2012). Other benefits
of the in-depth and semi-structured interviews included the ease to arrange
data, the flexibility in ordering and type of questions (open/probing/specific
questions) to ask the interviewees (Fisher, 2011; Saunders et al., 2015).
An interview guide was developed to aid the data collection process. The guide
had four sections as shown on Appendix II; each containing questions on risk
management aspects that were considered important in answering the research
questions. Section A covered the respondent’s profile while B, C, and D tackled
potential risks, the current risk management practices, and critical success
factors for an effective risk management in EAM respectively. The respondent
profile captured respondent’s current position, number of years they had worked
in EAM and their experience in risk management. The questions on the
34
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
interview guide facilitated an exploration into the key themes on risk
management practices that were deemed necessary to answer the research
questions and objectives (Broom, 2005; Bryman, 2008). Both open and closed
ended questions were used though the closed ended questions were followed
up with probes where necessary (Pitney, 2009).
The interview guide was pilot-tested in another organisation before the actual
data collection. This helped the researcher to refine the questions in addition to
familiarizing with the tool and gaining confidence (Bryman, 2009)
The one on one, face to face interviews were conducted in a convenient and
comfortable place where respondents had freedom to express themselves
without distraction. Each interview started with a brief introduction about the
research and its objectives. The respondents were assured of anonymity and
confidentiality (Saunders et al., 2015). Each interview took about thirty to forty
five minutes. A total of seven-teen respondents were interviewed face to face.
The researcher made notes as the interview was progressing. However, in a
few cases, audio recording was done concurrently with note taking in order to
provide a backup after permission to record was granted. Follow-up interviews
with some respondents was conducted to ensure what the researcher captured
was similar to what the respondents had said in order to check on validity
(Saunders et al., 2015). However, after all the scheduled interviews were
complete all the responses were put together for each question in which the
respondents’ identifies were concealed to ensure confidentiality and anonymity
of the respondents.
c.) Self- administrated Questionnaires Questionnaires can be either structured, unstructured or a mixture of both.
Despite the fact that structured questionnaires are more effectual because of
their easiness of analysis unlike the unstructured questionnaire, the researcher
chose to use unstructured self-administrated questionnaires. This was due to
the qualitative nature of the study in addition to the fact that the responses to
35
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
the questions in an unstructured questionnaire could truthfully reflect what the
respondent wanted to say (Zohrabi, 2013).
The researcher used questionnaires to gather data from seven respondents
who were neither available for a face to face or telephone interviews. The
questionnaires were emailed to respondents with the help of the EAM
management. The questionnaires were sent with an information sheet as shown
on Appendix III explaining the purpose of the study. The questions on the
questionnaire as shown appendix IV were carefully constructed with some
explanations provided on some questions in order to obtain adequate
responses. The respondents took about two weeks before responding and as
Saunders et al. (2015) argue, this allowed the interviewee ample time to reflect
on the questions before responding. The respondents sent the filled
questionnaires (an example shown on Appendix V) directly to the researcher.
The respondents gave the researcher freedom to call back for any clarification
to validate responses.
d. Telephone interview Although non-standardized interviews are best on face to face basis, one
respondent was interviewed on telephone (Saunders et al., 2015). This was due
to time and cost constraint on the side of the researcher owing to distance in
addition to the respondent’s unavailability. The interview took twenty two
minutes and the researcher took notes as the interview progressed.
36
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Philosophy
Approach
Strategy
Time Horizon
Data collection Techniques
Figure 3.2 Summary of the research process (adapted from the Research process
onion (Saunders et al., 2015)
3.6 Determining the sample sizeThe study population was the whole population that comprised of seventy four
staff of EAM and ten members of the board of directors. Unlike in probability
sampling and Quota sampling where there are rules on how to determine the
sample size; for non-probability sampling the size depends on research
questions and objectives. Owing to the inductive approach taken and to the fact
that the concern was on the context in which risk management was happening
and in addition to Saunders et al. (2015) recommendation a small sample size
of twenty five was selected. The researcher viewed the validity and knowledge
gained from the data collected depended on the researcher’s ability and skills to
collect and analyse rather the sample size. The small sample size enabled the
researcher to select the most informative respondents across the entire
organisation.
3.7 Sampling techniqueThere exist two sampling techniques; probability sampling and non-probability
sampling. Through probability sampling, the probability of each respondent
being selected from the population is known and all have equal chance of being
37
Interpretivism
Inductive
Case study
Cross-sectional
Interviews, questionnaires, telephone interview, document
review
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
selected unlike the non-probability sampling, where the probability of the
respondents been selected from the population is unknown.
Owing to the research questions, research objectives and the research strategy
chosen in this study, non-probability sampling was found to be suitable. This is
because it provided an opportunity to select the desired key informant
respondents in EAM based on subjective judgment. In addition due that fact that
statistical inferences were not to be made from the sample and that the data did
not need to be collected from the entire population, non-probability sampling
was used (Saunders et al., 2015).
Purposive sampling technique enabled the researcher to seek an in-depth
analysis of risk management practices in EAM thus addressing the research
objectives and providing answers to the research questions (Bryman 2009;
Saunders et al., 2012).
A purposive sampling technique targeted the most informative respondents that
had the desired information. These were people that had worked for EAM for
more than one year. The researcher ensured a maximum variation of the
sample (heterogeneous) (Saunders et al., 2015) by selecting participants from
the board of directors (two members were selected), management (four people
seleceted), regional leadership, different departments (finance, administration,
monitoring and evaluation), projects and field staff. This included people drawn
from the three regions where EAM operates.
3.8 Data analysis and interpretationAs supported by Broom (2006) and Saunders et al. (2015) and the process of
data analysis began at the same time as the data collection process and
continued as the data collection progressed. This helped to shape the whole
data collection process while ensuring a high quality data was collected. This
sequential analysis as described by Broom (2006) accorded the researcher an
opportunity to refine questions as the data collection went on and at the same
38
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
time pursuing emerging issues. This helped the researcher to regroup the
already collected data into themes (Saunders et al., 2015).
After the completion of the data collection, the researcher put together all the
responses of each question from all the respondents. This was to ensure the
data was in a format that was easy to read and analyse in line with the themes
identified (Saunders et al., 2015). However, all the responses from
questionnaires were compiled separately as shown on the example on
Appendix VI. Each questionnaire or interview guide script and its respective
responses were given a unique identification to ensure confidentiality and
anonymity of the respondents’ identify as demonstrated on the list of
participants (Appendix VII). All the unstandardised data was cleaned and
summarised and grouped into themes that were linked to conceptual framework
of the study (figure 2.3) in order to seek to answer the research questions.
(Saunders et al. 2015).
Qualitative content analysis was used to analyse the collected qualitative data.
Content analysis as some (Elo and Kyngäs, 2008) indicate, could be used for
either qualitative or quantitative data; in an inductive or deductive approach. It is
a method of analysing written, verbal or graphic communication messages (Elo
and Kyngäs, 2008). Content analysis is a procedure of categorising the data for
the purpose of classification and summarisation as well as identifying concepts
and patterns (White and Marsh, 2006). As Gray (2010) state, it also involved
making interpretations about the collected data (text) in a systematic manner
while summarising similar phrases together and less relevant passages
eliminated.
In summary the content analysis involved the following steps:
(i) Compiling all the raw data
(ii) Condensing/Paraphrasing the data/text and eliminating what was
irrelevant as shown in example Appendix VIII
(iii) Grouping the data
(iv) Analysis and interpretation
39
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Notably, though the study was qualitative, quantitative analysis was used to
analyse some of the respondents’ responses.
3.9 ValidityValidity focuses on establishing if the research findings are actually what they
appear to be (Saunders et al, 2015) or “the extent to which the research
describes, measures or explains what it aims to describe, measures or explain”
(Willing,2008. p.16).
In this study, the researcher ensured validity by the following:
3.9.1 A pilot testing A pilot testing of the interview guide was done in another organisation. This
helped to redefine the questions and ensure data collected was as expected
(Lancaster, 2007; Saunders et al., 2015).
3.9.2 Level of knowledge Prior to data collection, the researcher had adequate knowledge on
phenomenon under study namely risk management theories/concepts and as
well as EAM as an organisation (Gray, 2010; Saunders et al., 2015).
The organisation and the respondents were provided with the relevant
information before data collection to ensure credibility and confidence to the
respondents (Saunders, et al., 2015).
3.9.3 Triangulation As Riege, 2003 and Whitley and Crawford (2005) argue, in order to strengthen
and cross-compare the findings, multiple data collection methods were used
such interviews, questionnaires and document review.
3.9.4 Control of researcher biasTo avoid researcher’s bias as Zohrabi (2013) argue, the researcher tried to
remain as non-judgmental throughout the research process.
40
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
3.9.5 Respondent’s validationThe researcher was able verify some of the research findings to some
respondents in order to confirm and validate the content of what they had stated
during the interviews to ensure it was a true reflection of what they intended
(Willing, 2008; Zohrabi, 2013).
3.10 ReliabilityReliability refers to the consistency, dependency and replicability of the
research findings (Zohrabi, 2013) or the degree to which data collection
techniques or analysis processes produce consistent and reliable findings
(Saunders et al, 2015). As pointed out by Zohrabi (2013), obtaining the same
results is difficult in a narrative and subjective data unlike in quantitative data.
However the main focus of the researcher was not on having the same results
but to ensure that the data collection process, the findings and results were
consistent and dependable. As many (Riege 2003; Gary, 2010; Zohrabi, 2013)
recommend, dependability of the results was enhanced by use of multiple data
collection methods (triangulation) and comprehensive data recording in addition
to follow up interviews. In addition, variation of respondents and the time the
respondents had been in EAM was ensured as discussed section 3.7 and
Chapter 4.1.1.
3.11 Ethical considerations Research ethics could be stated as the standards of behaviour that guide
proper choices about the researcher’s behaviour and interactions others during
the researcher process (Saunders et al., 2015). In addition to adhering to the
Bolton university research ethnical guidelines the researcher observed the
following:
3.11.1 Informed consent The researcher ensured that the participants had full knowledge of the research
procedure before giving consent to participant. As Pitney (2009) and Saunders
41
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
et al. (2015) argue, participants were allowed to withdraw from participation
without fear of being victimized.
3.11.2 Privacy The researcher ensured confidentiality of the data collected and anonymity of
the respondents during data analysis and discussion of the results (Saunders et
al., 2015). All data collected was anonymous and stored securely in order to
protect both the respondent and the organisation. In reporting and
dissemination of the study findings the researcher ensured participants’
anonymity and confidentiality by concealing their identity (Saunders et al.,
2015).
3.11.3 Avoiding harm to respondents or the study organisation (EAM)Data collection and analysis in addition to reporting of the research finding were
handled in a manner that could not cause humiliation, embarrassment or pain to
the respondents or EAM (Saunders at al., 2015).
3.11.4 No deception As Gray (2010) and Saunders et al. (2015) state, the researcher maintained
objectivity by ensuring that the intended data was collected fully and recorded
accurately without deception.
3.12 Summary of chapter threeThis research adopted an interpretivist philosophy which as a result determined
the research approach, strategy and the data collection techniques utilized. An
inductive approach was used. A case study strategy helped to facilitate an in-
depth analysis of risk management practices in EAM. Semi-structured
interviews, un-structured questionnaires, telephone interviews and document
reviews were used to collect data on risk management practices in EAM.
Content analysis was used to analyse the data collected.
42
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
3.13 Conclusions Chapter three discussed in detail the research methodology undertaken in this
study. It looked at the research philosophy, approach, strategy, time horizon,
data collection techniques, sampling techniques, and data analysis and
interpretation aspects. The validity, reliability, ethical issues and research
limitations were discussed.
The next chapter looks at the research findings, analysis and discussions of the
results.
43
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
CHAPTER 4 DATA COLLECTION, FINDINGS AND ANALYSIS
4.0 IntroductionThe purpose of the study was to asses risk management practices in EAM with
the following objectives:
a) To identify the potential risks at Evangelical Association of Malawi
b) To establish the current risk management practices at Evangelical
Association of Malawi
c) To establish the critical success factors for an effective risk management
at Evangelical Association of Malawi
d) To recommend a framework for suitable risk management practices at
Evangelical Association of Malawi
This chapter presents the results, analysis and discussions of the research
findings. The findings focus on the themes that emerged from the collected data
namely; potential risks identified, current risk management practices, critical
success factors for an effective risk management. The findings are in addition
collated and examined in comparison with other related studies and theories. As
recommended by many (Collins and Hussy, 2003; and Saunders et al; 2015), in
data that is qualitative in nature, text has been interspersed with verbatim
quotes from some of the respondents. This is aimed at helping readers share in
the researcher’s analysis in addition to giving the text validity and vibrancy
(Collins and Hussy, 2003).
4.1 General information4.1.1 Composition of the respondents Data was collected from twenty five key informants, seventeen of which were
interviewed on face to face basis, while seven filled questionnaires and one was
interviewed on telephone. All the respondents had worked in EAM for more than
a year with majority (twenty two respondents) having worked for more than two
years as shown on figure 4.1.
44
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
1 year to less than 2 years
2-5 years 6-10 years More than 10 years
0
2
4
6
8
10
12
Number of years in EAM
Number of years
Num
ber o
f res
pond
ents
Figure 4.1 Numbers of years the respondents have been in EAM
4.1.2 Experience on risk management From the responses, eighty four percent of the respondents had some working
knowledge on risk management. However, all the respondents interviewed
indicated that they were aware of some of the risks facing EAM such as
financial risks, donor dependency and staff retention risks. They were also
familiar with some risk mitigation measures currently in use in EAM mainly in
the finance management. However, three of the respondents indicated that risk
management was a new concept in Malawi among both the government and
Non-governmental organisations (NGOs) in Malawi as reflected in the following
quotes:-
“It is a new field in most of the Government and Non-Government
Organisations (NGOs). Hence critical to have expertise that involve planning
and handling of risk; get ready and plan on how to handle the risks”.
“There are very few, if any, especially Malawian NGOs that you can confidently
say have structures or systems for risk management, this is a new concept just
coming in and people are yet to grasp the concept”.
“I doubt if they are any organisations with a risk manager”.
45
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
4.1.3 Value of risk management in EAMThe researcher also wanted to know respondents’ perception on importance of
risk management in EAM. All respondents agreed that risk management was
crucial in this era of many uncertainties with majority indicating that EAM
needed to be more prepared handling uncertainties.
The following is a summary of responses from most of the respondents on the
value of an effective risk management to EAM:-
Ensure proper systems and procedures that would enable EAM to
achieve its goals and objectives
Enable implementation and achievement EAM activities on time
Improve on EAM trustworthy by both internal and external stakeholders.
Enhance cohesion between departments
Ensure risks are managed effectively
This would enhance quality and timely reporting of EAM activities
Lead to greater confidence and motivation among staff
Improve financial prudence and minimise financial losses
Improve on effectiveness and efficiency
Two other respondents added other views as evidenced by the following quotes
on value of risk management:- “It would help reduce the some of the challenges
EAM faces, address some challenges on time, be able to foresee and plan in
goodtime, promote team work, promote efficient and effective operation in
EAM”.
“Effective risk management would help EAM to be more organised in dealing
with issues in project implementation”
However, forty percent of the respondents felt that risk management had added
value to EAM to greater extent as captured in the following quotes:
‘‘Risk management has enabled EAM to effectively use the its resources and
reassure the stakeholders on how the resources are prudently used”.
“Foreign donors have confidence in EAM leading continued funding as the
minimum standards are met”.
46
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
“It has led to projects registering a lot of successes/achievements and desired
impacts to communities thereby helping the projects achieving their goals and
objectives”.
“It has resulted into attracting donor confidence especially in financial risk
management”.
“It has helped the organisation identify the gaps it has and find possible
solutions to the problems identified”
“It instils the spirit of preparedness for uncertainties”.
4.2. Potential risks in EAMWhen asked of the potential risks encountered in EAM and the measures that
had been taken to address them, most respondents indicated several risks that
have been grouped and shown on table 4.1.
Table 4.1 Risks faced in EAM
Risk Sources of risk Measures taken1. Inadequate
fundingMost of the funding for EAM is donor dependent and some cases donor driven projects, some of the donor funds are tied to projects that may not align with EAM’s core values ; Other costs for example administration may not be factored in some projects; fatigue of donors
Diversified donor support. In addition, there are mechanisms
to generate resources through establishing a teachers’ college, in the process of starting a microfinance facility, forming a commercial marketing agency for agricultural produce.
Introduction of strict budget controls such as operating within approved budget and abiding by donor requirement
Cost sharing introduced in some activities that are not fully funded
2. Staff turnover/ low competence
EAM is has a challenge of attracting and retaining qualified and competent staff force because of inability to provide competitive salaries. Consequently, EAM is faced with a challenge to attracting the requisite skills
Capacity building of staff Supporting further staff training
3. Sustainability of projects
Fixed funding period and in sometimes
Provided a platform for beneficiaries to participate and
47
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Risk Sources of risk Measures takenprojects that are not fully aligned with EAM’s strategic priorities, staff attached to projects have to be laid off
own the projects Capacity building of beneficiaries,
close supervision, Revision of EAM’s constitution to
raise member contributions4. Financial
risksFrauds by EAM staff or the banks, poor financial record keeping, debts; Limited funds on administrative activities
Close supervision; Instituted internal audit, annual
external audit, employed an internal auditor
Have put in place prudent financial management and accounting systems;
Verification of records with their service providers; project officer are accountable for the funds under their projects
Close weekly monitoring of the banks statements and accounts
Instituted a computerized disbursement forms ;
Ensuring only finance officers handle money
Appropriate policies and guidelines in place
Disciplinary measures taken against implicated staff
Peg administrative activities on the respective projects
5 Economic instability at global and national level
High inflation rates; unstable foreign exchange rates ; high cost of products and services; Inability to retain qualified staff
Have no much control but where possible maintain EAM funds in foreign currency
6 Loss of organisational data and information coupled with poor intra-communication
Inadequate ICT skills, high cost of acquiring and installing ICT equipment. Limited sharing of information across the organisation
Daily backup of EAM information by use of an external hard drive
Developed EAM web site (www.evangelical association of Malawi)
Setting up a common saver
7 Political interference
Interference from political leaders, one respondent said: sometimes the government seeks to know the stand of the church through EAM especially on sensitive issues and if EAM
Strict adherence to the code of conduct ;
Proper orientation for all EAM personal, board members, stakeholders ; Ensure they remain objective; nonpartisan;
Sensitisation of political leaders on EAM activities
Good relationship with
48
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Risk Sources of risk Measures takenspeaks in the favour of the Government the opposition may think EAM is on the Government side and the vice-versa ;Some political leaders not clear of EAM programs
Government ministries and stakeholders
8. Natural and environmental risks
Climate change, floods; prevailing hunger
Focus more on Irrigation projects Assessment of project impact on
the environment before commencement
9 Social Cultural risks
Some community cultural values, beliefs and practices affect EAM work including conflicts with other faiths, power structure between the beneficiaries/community members
“Ensure proper community entry by understanding and respecting the values and beliefs of the community”;
Incorporated communities of other faiths in EAM project activities
10 Governance risks
Formulation of inappropriate policies. Possible conflicts between the different EAM FBO members ; some gaps in some polices
Orientation of board members on governance for all
Close collaboration between the management and the board members
11 Legal/regulatory risks
Failure to meet Malawi Government’s legal requirements
Ensured adherence to the Government regulations
However others respondents mentioned other risks.
One respondent brought out the issue of competition risk among the owners
EAM and EAM secretariat as evidenced by the following quote:
…’’EAM is umbrella body and EAM secretariat does not own EAM but EAM is
owned by members (churches) who also have programs that tap their
resources from the same EAM donors such as Christian Aid, National Aid
Council hence creating competition. In addition the respondent said that ``some
members look to EAM secretariat for technical capacity building and moral
support hence some members wished that EAM was not implementing
programs”.
49
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Two other respondents brought the ‘faith’ issue in EAM as a risk as noted from
the following quotes:
“The faith issue is also a risk because even though EAM is Faith Based
Organisation not all staff really holds to the faith hence that is still a risk to the
organisation”.
“Some people do not hold to the value of EAM and as a result, it impacts on its
reputation”.
Another respondent stated that limited mainstreaming gender in EAM was
also a risk by stating the following:
..“ Mainstreaming gender in EAM is a risk especially when trying to bring in
women in the top leadership as there are few qualified women in Malawi even
as noted in the 2012 Malawi National Household survey”. “This sometimes has
resulted to a compromise on competency”.
Operational risks also featured from three respondents as other risks faced in
EAM as supported by the following quotes:
“Unclear job descriptions results in a situation where officers do more than what
is expected”
“Most projects are managed at the secretariat and the regional offices are at the
receiving end. The risk in all this is that program delivery is affected hence
affecting quality of the end product”.
“in some aspects the organizational structure does not have a clear defined
boundary between the roles of the secretariat and that of its main organ”.
4.3 Findings on risk management practices in EAMThe findings on risk management practices in EAM have been summarised into
six themes:-
4.3.1 Risk management approach Only sixteen percent of respondents that indicated risks were proactively
managed in EAM. However, majority of respondents indicated that risks were in
50
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
most cases reactively managed except for financial risks. This is supported by
the following different respondent’s quotes:
“Risks are generally managed reactively”
“Risks are managed through both approaches but more generally reactively”.
“For EAM as an entity, only the finance department is proactive”.
“Risks are managed reactively; only disaster management that is proactive as
they have been trained in disaster management but only active during
emergencies like the floods”.
“Reactive as we addresses issues as they arise however on finance the
systems are well organised”.
“Risk approach is reactively because everything is done based on the situation
that has come out”.
“In EAM risks are managed both proactively and reactively. Proactively, risk-
based audits are done to ensure activity implementers are aware of the
common areas which attract audit quarries so that they avoid them. Secondly,
other risks that emerge during the implementation of activities are managed
reactively through adherence to standard operating procedures during
approvals and conducting post-activity audits”
However, one respondent attributed the reactive approach to risk management
to the absence of a structured risk management process in EAM. Others
attributed it to limited funding in addition to it being a top management matter as
stated in the following quote by one respondent “risk management is a decision
makers’ issue”.
4.3.2 Risk management processEighty four percent of the respondents felt that risks were not managed in a
structured manner as supported by some of the following respondents’ quotes:
“There is no known procedure”.
“No structured process but risks are tackled as they arise”.
“No official guidance on risk management”
51
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
“After risks are identified normally either management or concerned staff and
their line manager convene meeting to strategize on how to mitigate the risk
identified”.
4.3.2 How risks are identified in EAMAll the respondents indicated that most of the risks facing EAM are identified
during review meeting that are held mainly on quarterly basis with project team
and other stakeholders. Other occasions are during project development,
routine staff and management meetings, internal or external audits, and district
fora as well as from EAM reports. However, some respondents indicated that
some of these meetings or fora are not necessarily organised for risk
identification but for other normal routine operation issues. One respondent
indicated that sometimes risks are just identified to satisfy some donor
requirement as quoted below:-
“Sometimes we capture the risks as we develop the proposals just to meet the
donor requirement but now it’s the high time we looked into this issue”.
4.3.3 How risk management is integrated in all EAM activitiesAll the respondents indicated that each project or department tries to identify
and mitigate their specific risks. Though independently, each tries to integrate
risk management in their projects implementation. However, the researcher
found no evidence that there is an organisation-wide approach to risk
management in EAM apart from mainly the financial risk management aspects
that are shared across the organisation.
One respondent indicated that though risk management is new a concept, it
needs to be fully integrated as evidenced by the following quote:
“It a new area where we are looking at risk management as something that has
to be integrated into all programs and management systems”
52
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
4.3.4 Measures in place to reduce risks in EAMAll the respondents indicated that there are some measures that have been put
in place to mitigate most of risks as shown on table 4.1. However, majority
indicated that more measures focused on financial risk management than with
the other areas in EAM as evidenced by this quote: - “the management of risks
in the finance department is excellent”.
Two respondents attributed the focus to financial risk management to meeting
donor requirement as can be observed from the following quotes:
“Donors look for organisational reputation and financial capacity”.
“Donors assess EAM on annual basis and checks on all policies, risks and
quality”
Two other respondents indicated that mitigation measures against natural
disasters like floods have been put in place such as capacity building both for
staff and community members on preparedness, response and disaster
management. This is supported by the following quotes:
“Disaster management is active though when they are emergencies’’… “Some
staffs have been trained on disaster management”
4.3.5 Risk monitoring and reporting in EAMAll the respondents indicated that quarterly or monthly review meetings, staff
meeting, and internal audits are conducted to review progress and challenges
facing EAM’s project implementation. Reports are written and shared with the
management, board of directors and respective donors either quarterly, bi-
annually or as scheduled.
However, two respondents felt that risk monitoring was the role of the senior
management as evidenced by the following quotes:
“It is mainly senior management does the monitoring”
“Risk monitoring is a planned activity done by the finance team and the
outcome is incorporated into the normal management and reporting system to
their employees for action”.
53
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
4.3.6 Use of international risk management standards in EAMMajority of the respondents were not aware of the international risk
management standards and guidelines. Nonetheless, twenty four percent of the
respondents indicated that the finance department sometimes makes reference
to International Standards of Organisations (ISO), EAM and other international
financial management guidelines as they address and report on financial risks.
4.3.7 Effectiveness of risk management in EAMOnly thirty two percent of respondents indicated that generally risks were
effectively managed in EAM of which a few respondents said this could be
evidenced by the continued donor funding. However, there were contrary views
as evidenced by the following quotes:-
“Risks are not effectively managed because risk management practices only
focus on financial issues but risks that directly affect employees are not taken
seriously.
“Some identified risks are not addressed”
“Some areas need some improvement”.
“Risk assessment is done but not adequately hence risk thresholds are neither
clear nor known”
All the respondents indicated that risks related to financial aspects in EAM were
effectively handled and appropriate measures and policies were in place to
mitigate them as evidenced by the following quote from one respondent: “Risk
management at EAM is biased towards finance”. Nonetheless, one respondent
indicated that more could be done to address operational, human and natural
disasters risks more effectively.
4.4 Findings on CFSs for risk management in EAMTo determine the critical success factors for effective risk management in EAM,
the respondents were asked to state what needed to be done to make risk
management effective in EAM. The following is a summary of the responses
obtained from most of the respondents:
Development of a risk management policy
54
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
An appointment of a risk manager/desk officer to spearhead risk process
Capacity building of on risk management for all staff
More support from top leadership and the board in terms of resource
allocation and implementation of plans
Inculcate a strong risk management culture in EAM among staff,
management, board members and partners
An improvement on information technology and communication capacity
Addressing the human resources issues such health and safety,
remuneration and motivation.
Make use and comply with risk international standards
Enhance organisational reputational through publishing and strong
public relations
Strengthen governance and management capacity in policy and strategy
formulation
Broaden the funding resource base
Two respondents indicated that there was need to extend risk management
aspects to the EAM members as evidenced by the following quotes:-
“There is need to guide individual member churches on risk management as
well as train and prepare EAM staff on how to be accountable to the people we
serve in addition to being able to detect and identify the issues or expectations
of the beneficiaries ’’
“We need to build capacity on the churches”
To stress the need for a risk manager, one respondent said that “There is need
to hire an officer who has expertise in risk management to look after all risks
affecting the organisation”.
Having provided the research findings the following section provides a
discussion of the results.
55
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
4.5 Discussion of the research findingsThis section analyses and discusses the research findings with the aim of
answering the research questions and fulfilling the objectives of the study in
EAM. The discussions are around the themes that emerged from the data
collected namely, value of risk management, potential risks at EAM, risk
management practices and critical success factors.
4. 5.1 Value of risk managementAs shown from the results (section 4.1.3), all the respondents were aware of the
importance and value that an effective risk management has added or could
add to EAM as an entity. However as noted the level of risk awareness and
capacity to mitigate the identified risks is still inadequate and needs
enhancement as indicated by many respondents. Results show that EAM could
increase the organisational value by ensuring effective risk management. This
is evidenced by some who indicated that risk management would improve on
EAM trustworthy by both internal and external stakeholders. However, as noted
by Kubitscheck (2000), risk management could only be more valuable if
undertaken in a proactive approach.
4.5.2 Potential risks in EAMAs discussed in literature review in Chapter 2 of this study, it is evident that
organisations are faced with many risks. From the results, it is clear that
inadequate funding, human resource especially staff retention , sustainability of
projects, financial risks, economic instability, unfavourable environmental
factors, inadequate skills and knowledge, political interference, social -cultural
risks are all intrinsic in the day to day activities of EAM as shown on table 4.1.
Among all the identified risks by most respondents, inadequate funding tied to
donor dependence was cited by fifty six percent of respondents as the most
significant risk in EAM. This can be attributed to the fact that over ninety percent
of EAM’s activities are donor funded. This is a big risk factor that warrants
appropriate mitigation measures to be in place above what EAM management
has tried to institute as indicated on the results table 4.1. Otherwise, as two
56
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
respondents indicated, with the growing donor fatigue, dwindling external aid
globally and withdrawal of some donors in Malawi, EAM may not be able to
realize her objectives. This could be supported by an example given by one of
the respondent on what happened at one time when EAM had only one donor.
At that particular time, the donor froze their funding for seven months due to
misinformation by one of the EAM staff and the EAM secretariat had difficult
time sustaining staff and its operations. These circumstances forced EAM to
broaden its donor base.
It is evident donor dependency remains a significant risk as one respondent
quoted: “due to the recent corruption cases in the country in addition to
misappropriation of funds by other sister organisations, reliance on donors
funding remains unpredictable for EAM”.
The second most significant risk in EAM relates to human resources as
indicated by forty eight percent of the respondents. This is no surprise because
human resource is a source of risks in many organisations (TĂTĂRUŞANU,
2009). The issues of concern in EAM are related to the ability to attract and
retain staff with the requisite qualification in terms of skills and knowledge. As
argued by Collins (2011), to move an organisation from good to great
organisation requires having the right people first before a strategy. As Knowles
(2011) posit, for EAM to be an outstanding organisation, there is need to
identify, train and sustain staffs’ capabilities and knowledge. However, EAM’s
ability to attract and retain the right people is currently challenged by the current
level of funding that limits EAM from offering competitive salaries. As observed
(Table 4.1), EAM has already taken some measures to mitigate the human
resources risks such as staff training. However, as Schmidt et al. (2011) argue,
there is need for EAM to plan ahead of the current demand of personnel
because the competition for competent staff is greatly increasing. The
unfortunate aspect as mentioned by one respondent is that “EAM offers good
platform for capacity building and good exposure for its staff after which the
staff became more marketable hence retention becomes a challenge”. Aspects
of motivation, health and safety and security of staff that did not feature much
57
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
should also be included in the human resources risks and mitigated
appropriately.
Sustainability of projects after the end of funding was identified as the third most
significant risk in EAM. This is not different from study by Wabwoba and
Wakhungu (2013) that established sustainability as major challenge facing food
security projects studied. If this risk is not properly managed by EAM, the
objective of transforming social and economic lives of the target population may
not be realised in the long-term. Notably, one respondent indicated that the
aspect of sustainability of projects is sometimes overlooked in the project
strategy. Hence more needs to be done especially in the areas of strengthening
community ownership and capacity to manage these projects from the onset.
The economic instability owing to global as well as national economic instability
in Malawi was the fourth most significant risk in EAM. Most of EAM projects are
funded in Kwacha and as a result, when the Kwacha depreciates, as it has
been in the recent past, a number of these activities may not be completed as
planned. This would significantly impact on the reputation of EAM among peers,
target beneficiaries and donor community because donor funded projects have
agreed targets.
Although the EAM management felt that they had put in place adequate
measures, to mitigate financial risks, it still remains a major risk. This is because
finance related risks still remains a major threat in many organisations as one
respondent quoted “we have to ensure mitigation measures are in place
because there will always be some financial losses”.
There are other risks that were identified in this study as discussed in section
4.2. These should form part of an integrated ERM framework in EAM.
4.5.4 Risk management practices As earlier discussed in Chapter 2.2 of this study, risk management practices are
all the activities that involves identifying, analysing, risk treatment, monitoring
58
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
and controlling risks with an aim of reducing the negative impact and enhancing
the opportunities. On the contrary, risks are not handled in a systematic way in
EAM as observed from the results.
The current EAM risk management practices have some elements of a
traditional risk management that that puts more emphases on financial risks as
opposed to all business risks. This is evidenced by the strong internal audit
function. Furthermore, each department or project deals with their risks
independently. Consequently, internal auditing may need to be strengthened
and extended to manage all risks in EAM. The independent risk management
approach in EAM could create ineffectiveness due to of lack of coordination
between projects or departments (Hoyt and Liebenberg, 2011), in addition to
creation of communication barriers as indicated by some respondents.
An integrated risk management approach in EAM as established in Hoyt and
Liebenberg (2011) study may be helpful by ensuring integration of decision
making process across all EAM projects. This helps in maximisation of resource
utilisation and reduction in duplication of efforts. A systematic risk process could
ensure all EAM risks are properly managed.
The fact that EAM has no risk manager with expertise to spearhead an
organisational wide risk management may be a challenge for EAM to coordinate
and manage all the risks effectively. Notably, most respondents felt the internal
audit played the role of a risk manager. This is no different from other studies
(Castanheira et al., 2010) where audit played the role of risk manager. In a
different study by Driscoll (2014), it established that finance officers were taking
the responsibility of ERM in their organisations. However, as observed by
Abdullatif and Kawuq (2015) the role of an internal auditor in risk management
is limited only to compliance on financial matters while overlooking other risks.
As argued by Elahi (2013) this compliance driven risk management in EAM
cannot effectively manage all the risks.
59
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
From the results, risks are identified either during proposal development stage,
quarterly review meeting and internal audits or in district fora. There is therefore
no clarity on how risks are analysed and prioritized. In addition, there is no risk
register that should be showing the risk owner, actions taken to address the risk
and the status of the risk in the project cycle or emerging risks. As some
respondents indicated risks are basically captured as assumptions, challenges
or gaps. In addition each project separately reports on what challenges were
encountered and how they were addressed.
Moreover many respondents acknowledged that in today’s world, risk
management has become an important business process as a result of many
emerging issues and the volatile working conditions and unstable environments.
As a result, many respondents felt the need for a more proactive integrated risk
management approach as opposed a reactive approach. This agrees with
Botkin and Felton (2009) study that revealed the need for paradigm shift on how
risk management was handled in the troublesome times requiring organisations
have to move from traditional risk management to a more integrated risk
management system.
Integrated risk management practices in EAM would improve on decision
making process, organisation stability and problem solving. This is evidenced
by a study by Oehmen et al. (2014) that found a direct association between risk
management practices with decision making, program stability and problem
solving.
4.5.5 Critical success factors for risk management This section discusses the aspects that the respondents indicated were
necessary for effective risk management in EAM:-
4.5.5.1 Development of a risk management policy and strategy The respondents identified establishment of a risk management policy and
strategy as vital for EAM. This agrees with study by Pana and Simionescu
(2011) that identified the rational for establishment of risk department and a risk
60
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
strategy in organisation that endeavours to achieve. A well-structured policy
drives the risk agenda by providing guidelines that spells out what is expected
from different players, roles and responsibilities as far as risk management is
concerned. This agree with Yaraghi et al. (2011) study that found risk strategy
as key influential factor for risk management systems as it helps to shape
organisational culture, structure and resource allocation.
Prior studies have shown the importance of a risk policy. For example,
Majdalawieh and Gammack (2005) and Hung (2012) have a similar opinion that
an organisational risk policy demonstrates board’s commitment to risk
management and provides guidelines and authority to the risk manager. Addo
and Twun (2013) study revealed that sound risk management polices impacted
on the sustainability of micro financial institutions and facilitated their
complementary role in economic development. This is supported by Dionne
(2013) study that revealed that the failure of top management to support
independent risk management polices contributed to losses during the 2008
financial crises.
4.5.5.2 Staff training Respondents felt that staff training in various organisational aspects and project
management as well as on risk management was crucial. This is due to many
emerging issues challenging their delivery of their services hence the need to
be kept abreast with current skills and knowledge. As argued by Carey (2001),
for an organisation to effectively respond to changing conditions, staff capacity
building on risk management and involvement in early warning system is
paramount.
Some respondents indicated that training and orientation was critical for the
new employees. This is confirmed by Paula and Montana (2013) study that
established that precise policy awareness training at every organisation’s new
hire orientation program was one of the contributing factors to ensuring a
sustainable policy management for an effective risk management.
61
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
As argued by HM Treasury (2009), for staff to effectively handle risks, they need
to receive appropriate direction and training on the typical risks that their
organisation faces in relation to their work and the action to take in managing
those risks. In addition staff performance reviews should include assessment of
relevant risk management skills and identification of the gaps.
4.5.5.3 Risk management culture Most respondent indicated that there was no strong risk management culture
within EAM hence the need for embedding risk culture in EAM at all levels. As
noted from Malik and Holt (2013) study people’s awareness of risk and
organisational risk culture are contributing factors to ERM adoption.
A mature risk culture provides an environment where staff feels capable of
raising risk related issues and have confidence that their issues will be heard
and acted upon (HM treasury, 2009). Establishing a risk culture permits a
focused strategic planning by the management that promotes greater business
opportunities and potential improvement (Lai and Lau, 2012).
Hillson and Murray-Webster (2004) view an appropriate and mature risk culture
as a crucial CSF for an effective RM that is mostly lacking in many firms. As
argued by Dornberger et al. (2014), a risk-aware culture is indispensible as it
ensures that the risk process is institutionalised in the organisation. McConnell
(2012) study established that risk management culture was a pre-requisite for
improvement of RM after the 2008 global financial crisis while Driscoll (2014)
study established that risk-intelligent culture keeps decision-makers engaged in
the process. The importance of a risk management culture is supported by
Kimbrough and Componation (2009) study that found a strong correlation
between importance of risk culture and staff performance on risk management.
4.5.5.4 Appointment of a risk manager Respondents indicated that there was need for a person designated to
coordinate risk management activities in EAM. This agrees with study by Arya
(2012) that established the role of chief risk officer as critical in risk
62
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
management in any enterprise. Owing to the many projects undertaken by
EAM, a qualified risk manager with good facilitation skills is vital for an effective
risk management. A study by Daud et al., (2013) within Public Listed
Companies (PLCs) found that, a qualified Chief Risk officer (CRO) had stout
influence on the level of risk management adoption. Other studies Daud et al.
(2010) and Waweru and Kisaka (2013) established a significant relationship
between the presence of CRO and the level of risk management
implementation. It is important to note that the CRO can bear different titles
such as risk coordinator, risk manager, risk champion, or risk process facilitator
(Hillson, 2013). Dionne (2013) recommends the CRO to have decision making
powers as opposed to passive risk assessment and analysis.
4.5.5.5 Top leadership support and involvementIt was clear from majority of the respondents that organisational risk
management was top leadership function. This concur with HM Treasury (2009)
guideline that states that senior leaders of an organisation are supposed to
reinforce and sustain risk proficiency, while ensuring organisational resilience
and obligation to excellence.
As evidenced from the results, the top leadership has not provided all the
necessary support to risk management in EAM. As both Hillson (2012) and
Wieczorek-Kosmala (2014) argue, the commitment of top leadership in risk
management can be demonstrated by use of risk information in decision
making, appointment of a risk manager and allocation of resources.
Respondents felt that adequate resources were required to ensure an effective
risk management in EAM notwithstanding the budgetary constraints in EAM.
This view is supported by Zhao et al. (2014) study that found insufficient
resources as a significant limitation to ERM implementation in many
organisations.
Hung (2012) posits that effective risk management should begin from the top.
Campbell (2015) study established that leadership and governance were critical
success factors for risk management. This agrees with Rahman et al., (2013)
63
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
study that found high participation of boards in risk management considerably
increased the risk management process, leading to advanced risk management
practices in Islamic banks. As suggested by Dionne (2013), the use of risk
management information by the top leadership is crucial as they venture into
new investment opportunities.
4.5.5.6 Information Technology (IT)Adequate use of information technology was found to be a significant factor for
effective risk management in EAM. The organisation has developed as website
that enables publication of its operation and achievements. This website as
Njegomir and Ciric, (2011) argue, could also improve organisational reputation.
However, other respondent felt an intra-communication network could also
significantly support risk management by connecting all levels of management.
Respondents indicated that improved communication could enhance service
delivery. This is evidenced by Melville et al. (2004) study, which established IT
as a crucial factor to improving organisational performance. As noted by
Patterson, (2015) information technology could help EAM to perfectly link,
communicate and process organisation’s transactions with all their stakeholders
easily. This would enhance timely risk information which is critical for an
effective ERM program.
As observed from COSO ERM (COSO, 2004), risk framework information and
communication are vital framework aspects that also serve as feedback tools.
Patterson, (2015) argue that the use information technology enhances risk
management effectiveness though lacks in many organisations.
It is important for an organisation to maintain an inventory of all the
organisation’s risks either in simple well managed spread sheets, tables or
other sophisticated ERM software. A tool like a risk register could help to
capture, categorize, organize, track, and prioritize the organisation’s inventory
of risks (Hillson, 2012).
64
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
4.6 Summary of Chapter fourThe current study has established that most respondents are aware of the
important of risk management. From the study, it has also emerged that risk
management is still a new concept in Malawi. There is evidence that risk
management practices in EAM have to greater extend resulted into donor
confidence and reduction of financial losses. Moreover, a more effective risk
management in EAM has the potential to ensure all the potential risks are
effectively managed thus enabling EAM to achieve its goals and objectives.
EAM is faced with varied potential risks that include inadequate funding,
financial risks, human resource related, political interferences, and social
cultural issues among others. Several measures have been put in place to
mitigate a number of risks in EAM. Most of the risks in EAM are reactively
managed as opposed being proactive. There is neither a risk policy nor strategy
to guide in risk management in EAM.
The lack of adequate resources to support in risk management was also
evident. Most risks are captured and identified during proposal development,
review meeting, internal auditing routine staff meeting as well as from EAM
reports as opposed to a formal process of risk identification. There is no
organisation-wide approach to risk management in EAM except for the financial
risk management aspects. However each department or project tries to manage
their respective risks independently.
Most of the international risk management guides are new to most of the people
in EAM. Forty percent of the respondents indicated that more needs to be done
to address operational, human and natural disasters risks more effectively.
Several critical success factors have been found to be crucial for an effective
risk management practices in EAM. This include development of a risk
management policy, appointment of a risk manager, capacity building,
management support, adequate resource allocation as well as inculcating risk
management culture among others.
65
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
4.7 Conclusions Chapter four has presented in detail the research findings and an analysis and
discussions of the study results. The discussions focused on the themes that
emerged from the collected data namely; value of risk management, potential
risks, current risk management practices and the critical success factors for an
effective risk management in EAM.
The following chapter presents the conclusion of the study highlighting the
findings of the study in relation to the purpose and objectives of the study. In
addition, recommendations and limitations of the study and possible areas of
further research have been suggested.
66
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
CHAPTER 5 CONCLUSIONS AND RECOMMENDATIONS5.0 Introduction The purpose of the study was to assess the risk management practices at EAM
with the following objectives.
a) To identify the potential risks at Evangelical Association of Malawi
b) To establish the current risk management practices at Evangelical
Association of Malawi
c) To establish the critical success factors for an effective risk management
at Evangelical Association of Malawi
d) To recommend a framework for suitable risk management practices at
Evangelical Association of Malawi
This chapter presents the final conclusion of the study by answering the
research questions, providing recommendations, areas of further research and
limitations of the study.
5. 1 Conclusion Risk management is a business aspect that has been recognized as a crucial
contributor to the success or failure of any organisation (Hillson, 2012). As a
result, risk management practices must be embedded in every organisation’s
strategy to meet its culture and risk profile. In addition, risk management must
be integrated into all organisational decision making process in wider
organisational approach for added advantage.
However, for risks to be well managed there must be a clear understanding of
what risk is in addition to differentiating between risk and uncertainty. Since
uncertainties or risks are inherent in every organisation, a proactive integrated
approach to risk management is paramount. It is essential for organisations to
move from traditional risk management approaches into more formalised risk
management process.
67
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
An integrated risk management approach ensures all potential risks are
identified, assessed and prioritised, treated appropriately, monitored, controlled
and the process reviewed and continually improved. All these practices are
intended not just to eliminate risks but to successful manage risks in order for
the organisation to achieve its goal. Several international frameworks have
been developed to help organisations evaluate, develop and improve their
organisational enterprise risk management capacity (Malik and Holt, 2013). In
addition a model for assessing and improving risk management practices has
been developed (Hillson, 1997; Hopkinson, 2011).
For a successful risk management, the right policies, resources, organisational
risk culture, management support and infrastructure must be in place (Hillson,
2012). Literature review in this study still established that risk management
concept is still understudied especially in developing countries (Khattab, 2015)
in addition to FBOs. Earlier studies have been biased to towards financial
matters (Nar, 2014; Akotey and Abor, 2013; Nikita, 2014; Singh, 2012).
Without an earlier research into risk management practices in the EAM, this
study was vital in order to assess the risk management practices in EAM. It
further contributes to the body knowledge on risk management and in addition
to providing room for further research in this field.
A case study strategy was used to assess the risk management practices in
EAM in which several data collection methods were used to collect qualitative
data. The study established that most respondents are aware of the important
of risk management in EAM. Risk management practices in EAM have added to
donor confidence and reduction of financial losses. However a more effective
risk management in EAM has the potential to ensure all the potential risks are
effectively managed thus enabling EAM to achieve its goals and objectives.
From the study, EAM is faced with various potential risks that include
inadequate funding, sustainability of projects, financial risks, inadequate skills
and knowledge, political interferences, social cultural issues among others.
68
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Several measures have been put in place to address most of the risks
experienced in EAM though biased to financial and disaster management risks.
Most of the risks in EAM are reactively managed as there is neither structured
risk management nor risk policy or strategy in addition to inadequate resources.
Most risks are captured and identified during proposal development, review
meeting, internal auditing routine staff meeting as well as from EAM reports.
There is no organisation-wide approach to risk management in EAM except for
the financial risk management aspects. However each department or project
tries to manage their respective risks independently. Most of the international
risk management guidelines are new to most of the people in EAM.
Several critical success factors have been found to be crucial for an effective
risk management practices in EAM that include development of a risk
management policy, an appointment of a risk manager, capacity building,
management support, adequate resources and risk management culture among
others.
Risk management practices in EAM needs to be improved hence the following
section provides recommendations for consideration by the management.
5.2 Recommendations As observed, EAM is an organisation with a wide coverage, many stakeholders
and projects. It is therefore faced with an array of risks that requires an effective
risk management approach. Consequently, in the light of the findings of this
study, the following recommendations have been given with the aim of
improving risk management in EAM:-
5.2.1. Adoption of an enterprise-wide approach to risk managementBased on the study findings, EAM should adopt an enterprise-wide approach to
risk management that enables an holistic approach to risk management. The
ISO and COSO risk management frame work would be of great help. EAM
should endeavour to inculcate a more proactive, consistent and greater
responsiveness risk management approach. The holistic approach should seek
69
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
not only to avoid the risks but seize the opportunities to advance the
organisations objectives.
5.2.2 Develop a structured risk management processEAM will need a more structured risk management process that guarantees an
effective understanding of the context in which EAM operates, proper risk
identification, analysis, prioritisation, monitoring and control of all risks. There
should be a continuous improvement of the process. For the success of the
process, appropriate tools and techniques should be used in addition building
the capacity of the staff and all EAM members (Churches and FBOs) on risk
management.
5.2.3 Creating long-term linkages for sustainable fundingDonor dependency was identified as one of the top risks in EAM. Being a FBO,
EAM could explore long-term linkages with other likeminded FBOs in the North
(America and Europe) for sustained and flexible funding in an effort to diversify
its funding base. EAM need to strengthen fundraising capacity among the
management and the board members by including this as their key performance
deliverables.
5.2.4 Establish and sustain a risk management culture EAM top leadership and the board should ensure a risk management culture is
developed and sustained across the entire organisation and with their partners.
This culture could be sustained by development of a system that recognises
and rewards risk takers among staff and partners. The use of risk information in
strategy formulation, proposal development and in decision making process is
recommended as a demonstration of EAM’s commitment to risk management.
5.2.5 Establishment of the appropriate risk management infrastructureThe lack of risk strategy, policy and a point person was pointed out as major
gap in EAM. Consequently, EAM should establish a risk strategy, policy and
appoint a risk manager. Additionally, the internal audit function should be
70
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
strengthened and extended in order to manage other risks. Regular staff
training on risk management is highly recommended for both new and old staff
to ensure all staffs have a common knowledge and language for risk.
Furthermore, staff should be exposed and trained on the appropriate tools and
techniques for the risk process. EAM could make use of risk maturity model to
improve and assess their risk management practices or benchmark with other
organisations.
Like in any other study, there were a number of limitations that faced this study
as discussed the section that follows.
5.3 Limitations of this study The study was based on a single case study and a small sample size hence
difficult to generalize the results. This was due to the fact the small sample was
ideal for in-depth case studies. Another limitation was limited research
discussions on qualitative analysis in addition to limited studies on risk
management on FBOs. As Crowther and Lancaster (2012) argue qualitative
data analysis methods are not well articulated and noted by Saunders et al
(2015) hence demanding in terms of time and skills. The study was also cross-
sectional hence the responses of the respondents were as per that particular
time hence subjective.
The current study has provided room for more research on risk management
practices in FBOs. The following section provides areas for further research.
5.4 Proposed future research Further studies may be needed to refine and verify these results with other
organisations within or from other geographical locations and with a large
sample size. A study on how donors and partners of EAM could contribute
positively or negatively on risk management practices may be essential. In
addition, owing to the current environment of poor governance and culture of
impunity especially in the public sector, a study on how these impacts on risk
management practices could be done. With a number of respondents in this
71
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
study indicating that risk management concept in new in Malawi, there is room
for more studies in other organisations and the public sector as a way of
triangulating the findings of this study. A study on the adoption rate of risk
management practices in Malawi in general may be necessary.
72
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
ReferencesAIRMIC, ALARM, IRM. (2010) A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000. [Online] Available from: https://www.google.com/?gws_rd=ssl#q=airmic+alarm+irm+2010 FINAL PDF/. [Accessed 07 August 2015].
Abdullatif, M. and Kawuq, S. (2015) The role of internal auditing in risk management: evidence from banks in Jordan. Journal of Economic and Administrative Sciences, [Online] 31(1), pp. 30-50. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 03 April 2016].
Abrams, C., J, v.K., Müller, S., Pfitzmann, B. and Ruschka-Taylor, S. (2007) Optimized enterprise risk management. IBM Systems Journal, [Online] 46(2), pp. 219-234.Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 24 March 2016].
Addo, C.K. and Twum, S.B. (2013) Sustainability of microfinance institutions in developing countries through sound credit risk management: evidence from business experience, purpose of loan, loan term, and profit maximization motive. Global Journal of Finance and Banking Issues, [Online]. 7 (7), pp. 9-18. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 20 January 2016].
Akotey, J.O. and Abor, J. (2013) Risk management in the Ghanaian insurance industry. Qualitative Research in Financial Markets, [Online] 5(1), pp. 26-42. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 17 September 2015].
Arya, P.B. (2012) Integrated Risk Management Practices. International Journal of Knowledge and Research in Management and E-Commerce, [Online] 2(2), pp. 8-12. Available from: http://bolton.summon.serialssolutions.com/search?/.[Accesed 19 April 2016].
BELOBROV, A. (2014) Resilience as a critical success factor of risk management. Risk in Contemporary Economy, [Online] 1 (1), pp. 325-330. Available from: http://bolton.summon.serialssolutions.com/search?/.[Accessed 01 May 2016].
Benta, D., Podean, I.M. and Mircean, C. (2011) On Best Practices for Risk Management in Complex Projects. Informatica Economica, [Online] 15 (2), pp. 142-152. Available from: http: //search.proquest.com.ezproxy.bolton.ac.uk/ . [20 September 2015].
Bezzina, F., Grima, S. and Mamo, J. (2014) Risk management practices adopted by financial firms in Malta. Managerial Finance, [Online] 40 (6), pp. 587-612. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 22 October 2015].
73
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Bharathy, G.K. and McShane, M.K. (2014) Applying a Systems Model to Enterprise Risk Management. Engineering Management Journal, [Online] 26(4), pp. 38-46. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/docview/.[Accessed 24 March 2016].
Botkin, M. and Felton, K. (2009) Troublesome times demand more effective practices. Journal of healthcare risk management: the journal of the American Society for Healthcare Risk Management, [Online] 29(2) pp. 21. Available from: http://bolton.summon.serialssolutions.com/.[Accessed 27 April 2016].
Broom, A. (2005) Using qualitative interviews in CAM research: A guide to study design, data collection and data analysis. Complementary Therapies in Medicine, [Online] 13 (1), pp. 65-73.Availabale from: http://bolton.summon.serialssolutions.com/.[Accessed 07 April 2016].
Brown, L.D. and Moore, M.H. (2001) Accountability, Strategy, and International Nongovernmental Organisations. Non-profit and Voluntary Sector Quarterly, [Online] 30(3), pp. 569-587. Availabale from: http://nvs.sagepub.com.ezproxy.bolton.ac.uk/content/30/3/569/.[Accessed 28 March 2016].
Bryman, A. (2008) Social Research Methods. 3rd ed. New York: Oxford University press.
Campbell, K.A. (2015) Can Effective Risk Management Signal Virtue-Based Leadership? Journal of Business Ethics, [Online] 129 (1), pp. 115-130. Available from: http://dx.doi.org/10.1007/s10551-014-2129-4/. [Accessed [09 August 2015].
Carey, A. (2001) Effective risk management in financial institutions: The Turnbull approach. Balance Sheet, [Online]. 9 (3), pp. 24-27. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 22 October 2015].
Carroll, R. (2016) Identifying risks in the realm of enterprise risk management. Journal of healthcare risk management: the journal of the American Society for Healthcare Risk Management, [Online] 35(3), pp. 24. Available from: http://bolton.summon.serialssolutions.com/. [Accessed 24 March 2016].
Castanheira, N., Lúcia, L.R. and Russell, C. (2010) Factors associated with the adoption of risk-based internal auditing. Managerial Auditing Journal, [Online] 25(1), pp. 79-98. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 03 April 2016].
Chileshe, N. and Kikwasi, G.J. (2014) Critical success factors for implementation of risk assessment and management practices within the Tanzanian construction industry. Engineering, Construction and Architectural
74
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Management, [Online] 21(3) pp. 291-319. Available from: http://search.proquest.com/docview/1519212585?accountid=9653/. [Accessed 09 August 2015].
Clarke, M. and Ware, V. (2015) Understanding faith-based organizations: How FBOs are contrasted with NGOs in international development literature. Progress in Development Studies, [Online] 15(1), pp. 37-48.Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 14 April 2016].
Collis, J. and Hussey, R. (2003) Business Research. A practical guide for undergraduate students. 2nd ed. Hampshire: Palgrave Macmillan.
Collins, J. (2011) Good to Great. Why some companies make lead...and other do. United States of America: William Collins.
COSO (2004) Committee of Sponsoring Organizations of the Treadway Commission. Enterprise Risk Management — Integrated Framework, [Online] Available from: http:// www.coso.org/documents/coso_erm_executivesummary.pdf/. [Accessed 07 August 2015].
COSO (2010) Report on ERM: Current State of Enterprise Risk Oversight and Market Perceptions of COSO’s ERM Framework. [Online] Available from: http: www.coso.org/.../COSOSurveyReportFULL-Web-R6FINALforWEBPOS.com/. [Accessed 07 August 2015].
Cretu, O., Stewart, R. B. and Berends, T (. 2011) Risk Management for Design and Construction. [Online] Hoboken: John Wiley & Sons, Inc. Available from: http://www.myilibrary.com/. [Accessed 21 October 2015].
Crowther, D. and Lancaster, G. (2012) Research Methods. 2nd ed. [online]. Routledge. Available from :http://www.myilibrary.com?ID=366075/. [Accessed 16 May 2015].
Dardac, N. and Chiriac, P. (2010) The Management of Operational Risk Specific to Non-banking Financial Institutions in the Context of Actual Financial Crisis. Theoretical and Applied Economics, [Online] 4 (4), pp. 93-100. Available from: http://www.mylibrary.com/. [Accessed 20 January 2016].
Daud, W.N.W., Yazid, A.S. and Hussin, H.M.R. (2010) The Effect Of Chief Risk Officer (CRO) On Enterprise Risk Management (ERM) Practices: Evidence From Malaysia. The International Business & Economics Research Journal, [Online] 9 (11), pp. 55-64. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 14 January 2016].
75
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Dinu, A. (2014) General concepts regarding risk appetite. Knowledge Horizons Economics, [Online] 6 (2), pp. 157-159. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 13 December 2015].
Dionne, G. (2013) Risk Management: History, Definition, and Critique. Risk Management and Insurance Review, [Online] 16 (2), pp. 147-166. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/docview/17?accountid=9653#/. [Accessed 22 October 2015].
Dornberger, K., Oberlehner, S. and ZadrazilM, N. (2014) Challenges in implementing enterprise risk management. ACRN Journal of Finance and Risk Perspectives, [Online] 3(3), pp.1 – 14.Available from: ISSN 2305-7394
Driscoll, M. (2014) Enterprise risk management: seven imperatives for process excellence. Corporate Finance Review, [Online] 19(3), pp. 13-19. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/docview//12?accountid=9653/. [Accessed 13 January 2016].
Elahi, E. (2013) Risk management: the next source of competitive advantage. Foresight: the Journal of Futures Studies, Strategic Thinking and Policy, [Online] 15(2), pp. 117-131. Available from: http://search.proquest.com/docview/.?accountid=9653/. [Accessed 27 July 2015].
Elmaallam, M. and Kriouile, A. (2012) A Model of Maturity for IS Risk Management Case Study. Computer and Information Science, [Online] 5(3), pp. 97-109. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/docview/1011569433?pq-origsite=summon/.[Accessed 17 March 2016].
Emblemsvåg, J. (2010) The augmented subjective risk management process. Management Decision, [Online] 48(2), pp. 248-259. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 17 March 2016].
Elo, S. and Kyngäs, H. (2008) The qualitative content analysis process. Journal of Advanced Nursing, [Online] 62 (1), pp. 107-115. Available from: http://onlinelibrary.wiley.com.ezproxy.bolton.ac.uk/. [Accessed 03 April 2016].
Ennis, T. (2015) Risk Management: Reputation Is Key. Professional safety, [Online] 60 (1), pp. 8. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 23 March 2016].
Evangelical Association of Malawi (EAM) (2008) Brief Profile
76
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Evangelical Association of Malawi (EAM) (2013) 2014- 2018 strategy EAM national strategy. Actively Engaged In Effective Transformational Ministries Positively Changing Lives in Communities in Malawi
Fadun, O.S. (2013) Risk Management and Risk Management Failure: Lessons for Business Enterprises. International Journal of Academic Research in Business and Social Sciences, [Online] 3 (2), pp. 225-239. Available from: http://bolton.summon.serialssolutions.com/search.com/.[Accessed 23 February 2016].
Fisher, C. (2011) Researching and Writing a Dissertation. An essential guide to Business students. 3rd ed. [Online] Harlow: Pearson Education Limited. Available from: http://www.myilibrary.com/.[Accessed 18 May 2015].
Gaudenzi, B., Confente, I. and Christopher, M. (2015) Managing Reputational Risk: Insights from an European Survey. Corporate Reputation Review, [Online] 18 (4), pp. 248-260. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 23 March 2016].
Gray, D. (2010) Doing Research in the Real world. 2nd ed. London: Sage
Gupta, P. K. (2011). Risk management in Indian companies: EWRM concerns and issues. The Journal of Risk Finance, [Online] 12 (2), pp. 121-139. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 10 January 2016].
Hameeda, A.H. and Al-Ajmi, J. (2012) Risk management practices of conventional and Islamic banks in Bahrain. The Journal of Risk Finance, [Online] 13 (3), pp. 215-239. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 15 February 2016].
Haron, M.S., Ramli, R., Malek Marwan Yousef Injas and Injas, R.A. (2015) Reputation Risk and Its Impact on the Islamic Banks: Case of the Murabaha. International Journal of Economics and Financial Issues, [Online] 5 (4). Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 24 January 2016].
Harvey, G.E. (2012) The process of risk management: important steps to take. Petroleum Accounting and Financial Management Journal, [Online] 31(1), pp. 77-86. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 13 January 2016].
Harvey, G. (2015) Enterprise Risk Management: an update. Petroleum Accounting and Financial Management Journal, [Online] 34(3), pp. 10-19. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 27 March 2016].
77
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Hassan, A. and Ali, T.Y. (2013) Analysis of Risk Management Practices in Business Enterprises of Pakistan. Global Management Journal for Academic & Corporate Studies, [Online] 3 (1) pp. 45-61. Available from: http://search.proquest.com/docview/. [Accessed 14 September 2015].
Hillson D.A., (1997) The international of journal of project and business risk management. [Online] 1(2), pp.34-45 Available from: http://risk-doctor.com/pdf-files/rmm-mar97.pdf /. [Accessed 16 March 2016].
Hillson D. A. and Murray-Webster R. (2004) Understanding and managing risk attitude. Proceedings of 7th Annual Risk Conference, held in London, UK, 26 November 2004. Available from: https://www.kent.ac.uk/scarr/events/finalpapers/Hillson%20+%20Murray-Webster.pdf [Accessed 29 April 2016].
Hillson, D., (2012) Managing Risk in Projects. [Online] Farnham: Ashgate Publishing. Available from: http://www.myilibrary.com/. [Accessed 12 June 2015].
HM Treasury (2009) Risk Management assessment framework: A tool for departments. [Online].Available from: https://www.gov.uk/government/publications/green-book-supplementary-guidance-risk.com/.[Accessed 03 March 2016].
Hoffstaedter, G. (2013) Religion and development: Australian Faith-Based Development Organisations. International Journal of Religion and Society, [Online] 4 (1/2), pp. 113.Available from: http://trn.sagepub.com.ezproxy.bolton.ac.uk/content/29/1/1.full.pdf+html/.[Accessed 14 April 2016].
Hopkinson, M. (2011) The Project Risk Maturity Model: Measuring and Improving Risk Management capacity. [Online] Farnham: Gower publishing limited available from: https://books.google.mw/books.com/. [Accessed 16 March 2016].
Hoyt, R.E. and Liebenberg, A.P. (2011) The value of Enterprise Risk Management. Journal of Risk and Insurance, [Online] 78 (4), pp. 795-822.Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 02 April 2016].
Hung, H. (2012) A Framework for Corporate Risk Management Development. Journal of Accounting, Finance & Management Strategy, [Online] 7(1), pp. 69-87. Available from: http://search.proquest.com/docview/. [Accessed 07 August 2015].
78
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Hyett, N., Kenny, A. and Dickson-Swift, V. 2014, Methodology or method? A critical review of qualitative case study reports", International Journal of Qualitative Studies on Health and Well-Being, vol. 9Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 19 September 2015].
Institute Management of Accountants (IMA) (2007). Enterprise Risk Management: Tools and Techniques for Effective Implementation [online] Available from: http://www.bing.com/search?/. [Accessed 03 May 2016].
Ismail, R., Rahman, R.A. and Ahmad, N. (2013) Risk Management Disclosure in Malaysian Islamic Financial Institutions: Pre- and Post-Financial Crisis. Journal of Applied Business Research, [Online] 29 (2), pp. 419. Available from: http://lib.myilibrary.com/. [Accessed 20 January 2016].
Jalal-Karim, A. (2013) Leveraging enterprise risk management (ERM) for boosting competitive business advantages in Bahrain. World Journal of Entrepreneurship, Management and Sustainable Development, [Online] 9(1), pp. 65-75. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 24 March 2016].
Khattab, A.A. and Hood, J. (2015) The Risk Management Process in Jordanian Public Shareholding Organisations. International Journal of Business and Management, [Online] 10 (8), pp. 151.Available from: http://bolton.summon.serialssolutions.com/search?/.[Accessed 20 January 2015].
Kimbrough, R.L. and Componation, P.J. (2009) The Relationship Between Organisational Culture and Enterprise Risk Management. Engineering Management Journal, [Online] 21(2), pp. 18-26. Available from: http://search.proquest.com/docview/208984533?accountid=9653 / [Accessed 07 August 2010].
Knowles, G. (2011) Quality Management. Downloaded free e-book. [Online]Available from: http://bookboon.com/en/textbooks/management-organisation/quality-management/. [Accessed 10 February 2015].
Kothari, C.R., (2008) Research Methodology.Methods and Techniques. 2nd ed. New Delhi: New Age International publishers
Kubitscheck, V. (2000) Risk management: Finding the value within.Balance Sheet, [Online] 8 (5), pp. 38-41. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 04 May 2016].
Lai I.K.W. and Lau H. C.W. (2012) A hybrid risk management model: A case study of the textile industry. Journal of Manufacturing Technology Management, [Online] 23 (5), pp. 665-680. Available from:
79
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 20 September 2015].
Lancaster, G. (2007) Research Methods in Management. A concise introduction to Research in Management and Business, [Online] Oxford: Routledge. Available from: http://www.myilibrary.com/. [Accessed 9 June 2015].
Leech, N.L. and Onwuegbuzie, A.J. (2009) A typology of mixed methods research designs. Quality and Quantity, [Online] 43(2), pp. 265-275. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 25 January 2016].
Li, C. A., and Wearing, R. T. (2012). Risk management and non-executive directors in UK quoted banks and other financial institutions. International Journal of Disclosure and Governance, [Online] 9 (3), pp. 226-237. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 20 January 2016].
Loghry, J.D. and Veach, C.B. (2009) Enterprise Risk Assessments: Holistic approach provides companywide perspective. Professional safety, [Online] 54(2), pp. 31-35. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 25 January 2016].
Malik, S.A. and Holt, B. (2013) Factors that affect the adoption of Enterprise Risk Management (ERM) OR Insight, [Online] 26(4), pp. 253.Availabale from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 27 March 2016].
Maylor, H. (2013) Project management .4th ed. [Online] Harlow: Financial times Prentice hall. Available from: http://lib.myilibrary.com/.> [Accessed 15 May 2015].
McShane, M.K., Nair, A. and Rustambekov, E. (2011) Does Enterprise Risk Management Increase Firm Value? Journal of Accounting, Auditing & Finance, [Online] 26 (4), pp. 641-658. Available from: http://bolton.summon.serialssolutions.com/search?/.[Accessed 27 March 2016].
Melville, N., Kraemer, K. and Gurbaxani, V. (2004) Review: information technology and organisational performance: an integrative model of it business value1", MIS Quarterly, [Online] 28 (2), pp. 283-322.Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 04 April 2016]
Mersland, R. (2011) The governance of non-profit micro finance institutions: lessons from history. Journal of Management and Governance [online].15 (3), pp. 327-348. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Assessed 21 September 2015].
80
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Nar, M., (2014) Credit Risk Management in the Financial Markets. Journal of Applied Finance and Banking [Online] 4 (4), pp.107-125. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 21 September 2015].
Nielson, N.L., Kleffner, A.E. and Lee, R.B. (2005) The evolution of the role of risk communication in effective risk management. Risk Management and Insurance Review, [Online] 8(2), pp. 279-289. Available from: http://www.emeraldinsight.com/. [Accessed 23 January 2016].
Nikita (2014) An analysis of performance of micro finance in India. International Journal of Management Research and Reviews, [Online] 4(7), pp. 715-721. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 21 September 2015].
Oehmen, J., Olechowski, A., Kenley, R. and Ben-Daya, M. (2014) Analysis of the effect of risk management practices on the performance of new product development programs. Technovation,[Online]34(8), pp. 441-453. Available from: http://bolton.summon.serialssolutions.com/.[Accessed 27 April 2016].
Paula, D., Krecicki, J. and Montana, G. (2013) The Importance of Sustainable Policy Management in Delivering an Effective Risk Program. The RMA Journal, [Online] 96 (1), pp. 64-67, 11. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [02 April 2016].
Pana, N. and Simionescu, L. (2011) The importance of risk management process in ensuring successful implementation of projects entrusted. Land Forces Academy Review,[Online] 16 (1), pp. 108-114. http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 28 April 2016].
Patterson, T. (2015) The Use of Information Technology in Risk Management [online] Available from: http://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/asec_whitepapers/risk_technology.pdf/. [Accessed 04 March 2016].
Ping, T.A. and Muthuveloo, R. (2015) The Impact of Enterprise Risk Management on Firm Performance: Evidence from Malaysia. Asian Social Science, [Online] 11 (22), pp. 149-159. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk. [Accessed 14 January 2016].
Pitney, W. A. (2009) Qualitative Research in Physical Activity and the Health Professions. [online]. Human Kinetics. Available from :< http://www.myilibrary.com?ID=295874> [Accessed 8 December 2015].
81
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Project Management Institute (2013) .A Guide to the Project Management Body of Knowledge (PMBOK® Guide) 5th ed. Boulevard: Project Management Institute, Inc.
Rahman, R.A., Noor, S.B. and Ismail, T. (2013) Governance and Risk Management: Empirical Evidence from Malaysia and Egypt. International Journal of Finance & Banking Studies, [Online] 2 (3), pp. 21-33. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 20 September 2015].
Riege, A.M. (2003) Validity and reliability tests in case study research: A literature review with "hands-on" applications for each research phase. Qualitative Market Research, [Online] 6(2), pp. 75-86. Available from: <http://search.proquest.com/docview/.accountid=9653/. [Accessed 2 July 2015].
Rosenthal, H. (2008) An applied approach to enterprise risk management - key areas of concern. Journal - Australian and New Zealand Institute of Insurance and Finance, [Online] 31 (3), pp. 16-21. Available from: http://search.proquest.com/docview/ . [Accessed 14 September 2015].
Saunders, M. N.K., Lewis, P. and Thornhill, A. (2015) Research Methods for Business Student.7th ed. [Online] Pearson Education Limited. Available from: http://www.myilibrary.com/. [19 November 2015].
Schmidt, C.E., Gerbershagen, M.U., Salehin, J., Weib, M., Schmidt, K., Wolff, F. and Wappler, F. (2011) From personnel administration to human resource management: Demographic risk management in hospital. Der Anaesthesist, [Online] 60 (6), pp. 50. Available from: http://www.myilibrary.com/. [Accessed 08 April 2016].
Schroeck, G (2002) Risk Management and Value Creation in Financial Institutions. [Online] Hoboken, N.J.: Wiley. Available from: http://www.myilibrary.com/. [Accessed 18 March 2016].
Schwartz-Gârliste, M. (2013) The Operational Risk Management in Banking - Evolution of Concepts and Principles, Basel II Challenges. Revista de Management Comparat International, [Online] 14(1), pp. 165-174. Available from: http://lib.myilibrary.com /. [Accessed 10 August 2015].
Simona-Iulia, C. (2014) Comparative study between Traditional and Enterprise Risk management -A theoretical approach. Annals of the University of Oradea: Economic Science, [Online] 23(1), pp. 276-282. Available from: http://bolton.summon.serialssolutions.com/search?/.[Accessed 27 March 2016].
Singh, S.R. (2012) Micro Finance Programmes in India - An overview. Anusandhanika, [Online] 4 (2), pp. 23-30. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.. [Accessed 21 September 2015].
82
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Smith, N. J.; Merna, T.; Jobling, P., (2009) Managing Risk. [Online]. United Kingdom: Wiley-Blackwell. Available from :http://www.myilibrary.com?ID=74838/. [Accessed 9 August 2015].
Tachankova L. (2002) Risk identification. Basis stage in risk management .Environmental management and health, [Online] 13(3), pp.209-297. Available from: http://www.emeraldinsight.com/. [Accessed 13 August 2015].
TĂTĂRUŞANU, M. (2009) Human resource management risks in Tourism. Scientific Annals of the Alexandru Ioan Cuza University of Iasi: Economic Sciences Series, [Online]2009, pp. 388-394. Available from: http://bolton.summon.serialssolutions.com/search?>[Accessed 08 April 2016].
Theil, M. and Ferguson, W.L. (2003) Risk management as a process: An international perspective. Review of Business, [Online] 24(3), pp. 30-35. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 23 February 2016].
United Nations Economic Commission for Europe (UNECE) (2012) Risk Management in Regulatory Frameworks: Towards a better management of risk, [Online].Available from: http://www.preventionweb.net/english/professional/publications/com./.[Accessed on 23 March 2015].
Wabwoba, M.S.N. and Wakhungu, J.W. (2013) Factors affecting sustainability of community food security projects in Kiambu County, Kenya. Agriculture and Food Security, [Online] 2, pp. 9 .Available from: http://bolton.summon.serialssolutions.com/.[Accessed 05 April 2016].
Waweru, N. and Kisaka, E. (2013) The Effect of Enterprise Risk Management Implementation on the Value of Companies Listed on the Nairobi Stock Exchange. Journal of Applied Finance and Banking, [Online] 3(3), pp. 81-105. Available from: http://search.proquest.com/docview/1400458013?accountid=9653/. [Accessed 07 August 2015].
Wieczorek-Kosmala, M. (2014) Risk management practices from risk maturity models perspective. Journal for East European Management Studies, [Online] 19 (2), pp. 133-159. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/docview/. [Accessed 23 April 2016].
White, M.D. and Marsh, E.E. (2006) Content Analysis: A Flexible Methodology”, Library Trends, [Online] 55 (1), pp. 22-23, 27-34, 36-45.Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 07 April 2016].
83
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Whitley, R. and Crawford, M. (2005) Qualitative Research in Psychiatry. Canadian Journal of Psychiatry, [Online] 50 (2), pp. 108-14. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 20 September 2015].
WILLIG ( 2008.) Introducing Qualitative Research In Psychology [oline]. Open University Press. Available from : http://www.myilibrary.com?ID=178561/. [19 November 2015].
Woods, M. (2012) Risk Management in Organisations: An Integrated Case Study Approach. [Online] London: Routledge. Available from: http://www.myilibrary.com/. [Accessed 12 June 2015].
World Development Report (WDR) (2014) Risk and Opportunity: Managing Risk for Development [Online] Available from: http://econ.worldbank.org/WBSITE/EXTERNAL/EXTDEC/EXTRESEARCH/EXTWDRS/EXTNWDR2013/0,,contentMDK:23459971~pagePK:8261309~piPK:8258028~theSitePK:8258025,00.html /. [Accessed 20 May 2015].
Yaraghi, N., Langhe, R.G., KTH, Skolan för teknikvetenskap (SCI) and Mekanik (2011) Critical success factors for risk management systems. Journal of Risk Research, [Online] 14, (5) pp. 551-581.Available from: http://www-tandfonline-com.ezproxy.bolton.ac.uk/. [Accessed 03 April 2016].
Zerai, B. and Rani, L. (2012) Technical efficiency and its determinants of micro finance institutions in Ethiopia: A stochastic frontier approach. African Journal of Accounting, Economics, Finance and Banking Research, [Online] 8(8), pp. 1-19. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 23 April 2016].
Zhao, X., Hwang, B. and Pheng Low, S. (2014) Enterprise risk management implementation in construction firms. Management Decision, [Online] 52(5), pp. 814-833. Available from: http://bolton.summon.serialssolutions.com/search?/. [Accessed 27 March 2016].
Zohrabi, M. (2013) Mixed Method Research: Instruments, Validity, Reliability and Reporting Findings", Theory and Practice in Language Studies, vol. 3, no. 2, pp. 254-262. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 23 April 23 April 2016].
84
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Appendices
Appendix I Attributes of Risk Maturity Model (RMM) (Adapted from Hillson, 1997)
Leve1 -Naive Level 2- Novice Level 3- Normalized
Level 4: Natural
Definition Unaware of the need for risk management; Has no structure for dealing with uncertainty;Management processes are repetitive and reactive; little or no attempt to learn from past or prepare to for future
Experimenting risk management with a small group of people,No generic structured approach in place ,Aware of potential benefits of managing risk,Ineffective implementation,Not gaining the full benefits
management of risk built in routine business processes, risk management implemented in most of all projects, generic risk processes are formalized ,
risk aware culture,proactive approach to risk management, use of risk information to improve on businessemphasis on opportunity management
Culture No risk awarenessResistant to change Tendency to continue with existing processes
Risk process may be viewed as an additional overhead with varied benefitsRisk management only used on selected projects
Accepted risk management policy, benefits recognized an expected, prepared to commit resources in order to reap gains
Top-down risk commitment to risk management; proactive risk management encouraged and rewarded
Process No formal processes
No generic formal processes although some specific formal approaches may be in use Process effectiveness heavily depends on skills of in house built team and availability of
Generic processes applied to most projects, formal processes incorporated into quality systems ,active allocation of resources to risk budget at all levels, limited need
Risk based business processesRegular refresh and updating processesConstant feedback for improvement
85
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
external support
for external support
Experience
No understanding of risk processes or language
Limited to individual who may have little or no formal training
In house core of expertise, formally trained in basic skills, development of specific processes and tools
All staff risk aware; use of basic skill learning from experienceRegular external training to enhance skills
Application No structured application,No resources allocation,No risk tool
Inconsistent application,Variable availability of staff,Ad hoc collection of tools and methods
Routine and consistent application to all processes, committed resources, integrated set of tools and methods
Second nature- applied to all activities Risk based reporting and decision making; tools and methods used
86
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Appendix II: Interview guide for assessing risk management practices in EAM
This is a research study being conducted in partial fulfilment of the requirement for the
award of Master in Project Management at Malawi Institute of Management in
collaboration with Bolton University. My study topic is An Assessment of risk
management practices at EAM.
The study objectives are:
e) To identify the potential risks at Evangelical Association of Malawi
f) To establish the current risk management practices at Evangelical Association
of Malawi
g) To establish the critical success factors for an effective risk management at
Evangelical Association of Malawi
h) To recommend a framework for suitable risk management practices at
Evangelical Association of Malawi
The interview guide has four sections; each containing questions on risk management
aspects that are considered important in achieving the study objectives. Section A
covers the respondent’s profile while B, C, and D tackles the current risk management
practices, potential risks and critical success factors for an effective risk management
at EAM respectively. Please note that is study is qualitative.
Respondents are assured of confidentiality and anonymity of the information they
provide. You are further assured that any information you provide is purely for
academic purposes
87
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
A. Respondent’s profile
1. What is your current position/Title at EAM?..........Section/Department …………?2. How long have you worked for EAM?
3. Do you have experience on risk management?
B. Potential risks at EAM
1. What risks is EAM faced with?
2. Of those mentioned risks which are the three significant in EAM? And why?
C. Risk management practices
1. Are risks in EAM managed proactively or reactively? Please explain
2. How are risks identified at EAM and by whom?
3. Outline briefly what steps you perform when dealing with risks at EAM?
4. What is done after risks have been identified? For example are they analysed,
how? Mitigation measures developed etc.)
5. Are the risk activities monitored? If yes who is involved? How often?
6. What control measures have been put in place to reduce risks?
7. Are there techniques and tools used by the organization in risk management
process? If any mention a few please.
8. Is risk management incorporated in all EAM activities/projects? For what reasons?
9. Is the risk management information shared out? If so, with whom and how often?
10. Is risk monitoring and reporting part of your normal management and reporting
system or is it reported differently? And why?
11. Are there any risk reviews that are done in EAM? And for what reasons?
12. Does EAM use any of the international risk management standards? If Yes which
ones?
1) What value has risk management brought or would bring to EAM?
D. Critical success factors for an effective risk management1. Do you think the EAM is managing risks effectively? Yes No?
2. What are the reasons for your answer in D(a)?
3. What need to be done to make risk management effective at EAM?
4. Or measures should be taken to ensure effective risk management?
5. Any suggestion to this study?
Thank you for sparing your time to answer the questions
88
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Appendix III: Information Sheet for the questionnaireThis is a research study being conducted in partial fulfilment of the requirement for the
award of Master in Project Management at Malawi Institute of Management in
collaboration with Bolton University. My study topic is An Assessment of risk
management practices at EAM.
The study objectives are:
i) To identify the potential risks at Evangelical Association of Malawi
j) To establish the current risk management practices at Evangelical Association
of Malawi
k) To establish the critical success factors for effective risk management practices
in Evangelical Association of Malawi
l) To recommend a framework for suitable risk management practices at
Evangelical Association of Malawi
The questionnaire has four sections; each containing questions on risk management
aspects that are considered important in achieving the study objectives. Section A
covers the respondent’s profile while B, C, and D tackles the current risk management
practices, potential risks and critical success factors for an effective risk management
at EAM respectively. Please note that is study is qualitative.
Respondents are assured of confidentiality and anonymity of the information they
provide. You are further assured that any information you provide is purely for
academic purposes
INSTRUCTION: Please fill in the details. Once you complete send it directly via my
email address: muejoyce@yahoo.com
89
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Appendix IV Questionnaire for assessing risk management practices in EAM
A. Respondent’s profile a) What is your current position/Title in EAM?................which Section ?.................
b) How long have you worked for EAM? …………………………………c) What experience do you have on risk management?
.............................................................................................................
B. Potential risks at EAM? 1. What risks does your organisation face? (These could be in form of hindrances to
achievement of your organisational objectives in operation, human, legal, strategy
policies, financial etc.)
…………………………………………………………………………………………………
……………………………………………………………………………………………….
2. Of all the risks you have mentioned above, which are three most significant risks in
your organisation? And why?
…………………………………………………………………………………………………
……………………………………………………………………………………………….
3. How do you keep track of your risks? E.g. keep a risk register? Who manages the
register?
…………………………………………………………………………………………………
How often is the risk register updated and by who?
…………………………………………………………………………………………………
C. Risk management practices 1. Are risks in EAM managed proactively or reactively? Please explain
…………………………………………………………………………………………………
2. How are risks identified at EAM and by whom? (E.g. in review meeting, audit
reports, management meetings, etc.)
…………………………………………………………………………………………………
……………………………..................................................………………………………
3. What value has risk management brought or would bring to EAM?
…………………………………………………………………………………………………
4. Outline briefly what steps you perform when dealing with risks at EAM?
…………………………………………………………………………………………………
90
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
5. Is risk management incorporated in all EAM activities/projects? For what reasons?
……………………………………………………………………………………………….
6. Are there techniques and tools used by the organization in risk management
process? If any mention a few please.
……………………………………………………………………………………………….
7. What is done after risks have been identified? For example are they analysed,
how? Mitigation measures developed etc.)
……………………………………………………………………………………………….
8. Are the risk activities monitored? If yes who is involved? How often?
………………………………………………………………………………………………
9. What control measures have been put in place to reduce risks?
……………………………………………………………………………………………….
10. Is the risk management information shared out? If so, with whom and how often?
………………………………………………………………………………………………
11. Is risk monitoring and reporting part of your normal management and reporting
system or is it reported differently? And why?
……………………………………………………………………………………………….
12. Are there any risk reviews that are done in EAM? And for what reasons?
………………………………………………………………………………………………
13. Does EAM use any of the international risk management standards? If Yes which
ones?
………………………………………………………………………………………………
D. Critical success factors for an effective risk management at EAM?1) Do you have a risk manager or somebody who is assigned the role of risk
management in EAM?
…………………………………………………………………………………………………
2) Do you think that risk management practices at EAM are effective? Yes No
3) What are the reasons for your answer in number 2 above?
…………………………………………………………………………………………………
………………………………………………………………………………………………..
4) In your opinion, what needs to be done in EAM to ensure effective risk
management practices?
91
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
…………………………………………………………………………………………………
………………………………………………………………………………………………
5) What do you think should be the role of the top leadership and the board members
in Risk Management?
………………………………………………………………………………………………..
6) In your opinion do you think that is enough effort or support in risk management in
EAM? Or what else could the do?
………………………………………………………………………………………………
7) How knowledgeable are the board members on risk management aspects?
……………………………………………………………………………………………….
8) How much time does the board spend on Risk Management oversight?
……………………………………………………………………………………………….
9) How often does the top leadership review the Risk Management reports? What
actions are taken?
……………………………………………………………………………………………….
10) Would you say there is a risk culture in EAM? How is it sustained?
………………………………………………………………………………………………
11) Are stakeholders involved in risk management? If yes at what level/ If No, why?
………………………………………………………………………………………………..
12) Are all EAM employees trained on risk management?
……………………………………………………………………………………………….
13) What infrastructure has been put in place to support risk management? e.g. A
policy, risk management frame work, incorporation of risk management in the EAM
strategy etc.
……………………………………………………………………………………………….
14) Do you set adequate time/resources for risk management?
………………………………………………………………………………………………
15) In your opinion, what key areas of risk management need to be developed/
improved in EAM?
…………………………………………………………………………………………
Thank you for sparing your time to complete the questionnaire.
92
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Appendix V Filled questionnaire from Respondent Number 23(R23)
R23 Appendix I: A Questionnaire Date: 14 April 2016
A. Respondent’s profile
1) What is your current position/Title in EAM? Monitoring and Evaluation Program Coordinator
2) How long have you worked for EAM? 3 years…………………………………3) Do you have any experience on risk management? Yes............................
B. Potential risks at EAM? 1. What risks does your organisation face? (These could be in form of hindrances to achievement of your organisational objectives in operation, human, legal, strategy policies, financial etc.)Financial Risks, Operational Risks, Policy Risks, Human Resource Risk, ….2. Of all the risks you have mentioned above, which are three most significant risks in your organisation? And why?Financial Risks – When financial resources are entrusted to field staff, they are prone to misapplication and misappropriation.Operational Risks – Where the organizational structure does not have a clear defined boundary between the roles of the secretariat and that of its main organ (the EAM).Policy Risk – The EAM has a governance document (the policy) which has a gap on who it governs. One would not be clear on whether it covers only the staff under the secretariat or it does cover members of the main body (the EAM). This is a risk in the sense that some members of the organization may think that they are covered under the policy while they are not. The policy have some content gaps, for example it does not articulate clearly how staff are covered against accidents. Thirdly, the policy is not widely disseminated to the members of staff, except some parts of it, particularly those that are to do with finances.
3. How do you keep track of your risks? E.g. keep a risk register? Who manages the register?
The folder for risks is kept in the office of Finance and Administration.How often is the risk register updated and by who?The folder is updated every time an issue has been identified through an audit, field visit exercise, spot check and management meeting etc.
C. Risk management practices 1. Are risks in EAM managed proactively or reactively? Please explain
In EAM risks are managed through both, proactively and reactively. Proactively, Risk-Based Audits are done to ensure activity implementers are aware of the common areas which attract audit quarries so that they avoid them. Secondly, other risks that emerge during the implementation of activities are managed reactively through adherence to standard operation procedures during approvals, and conducting post-activity audits.
2. How are risks identified at EAM and by whom? (E.g. in review meeting, audit reports, management meetings, etc)
Brainstorming meetings, Audit reports, Approving Managers, Field Monitoring Visits, Management Meetings, Financial Reports
93
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
3. What value has risk management brought or would bring to EAM?Risk Management has enabled EAM to i) effectively use the resources, ii) be able to reassure the stakeholders on how the resources are prudently used iii) to achieve its planned activities without any surprises.
4. Outline briefly what steps you perform when dealing with risks at EAM? a. The first step that EAM does in Risk Management is to identify the risks that are
then put in a Risk Register.b. We then determine the probability of each one of the risks.c. We then determine the impact of each risk through an evaluation processd. For each risk, we propose a response.e. We then use the proposed responses to trace each of the risks, and document
the result of the tracing exercise.f. The results are communicated to Senior Management and then to all members
of EAM……5. Is risk management incorporated in all EAM activities/projects? For what
reasons?Risk Management is incorporated into about 70% of its activities/projects. There are some agricultural project activities that would require Risk-Based Insurance
6. Are there techniques and tools used by the organization in risk management process? If any mention a few please.i). Brainstorming Meetingsii). Use of Excel log.
7. What is done after risks have been identified? For example are they analysed, how? Mitigation measures developed etc) (Ref. to your Q4)
8. Are the risk activities monitored? If yes who is involved? How often?Risk activities are monitored by the following;i). The internal auditor - Continuouslyii) The Program Monitoring and Evaluation Officer - Continuouslyiii) The Program Managers- Continuouslyiv) The Project Managers – Continuouslyv) External Auditors – Annually or at the end of a project depending on the requirement of the various projects.
9. What control measures have been put in place to reduce risks?Project Staff are trained in Risk-Based Audit that equips them with knowledge about the possible risks……………………….
10. Is the risk management information shared out? If so, with whom and how often?Risk Management Information is shared to all EAM members of staff. Annual Retreats have been used for dissemination the information to staff. However, other fora like; monthly and quarterly management meetings, Senior Management Meetings, Audit feedback meetings have also been used.…………
11. Is risk monitoring and reporting part of your normal management and reporting system or is it reported differently? And why?Risk Monitoring has been part of the normal management and reporting system because it just part of the whole project management plan, as it encompasses aspects of the project scope, the cost (budget), time and quality.……………….
12. Are there any risk reviews that are done in EAM? And for what reasons?Risk Reviews are done in EAM, to assess which of the risks occur frequently, why they occur, coming up with revised responses to the risks, and observe if some new risks have come into play.…………
94
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
13. Does EAM use any of the international risk management standards? If Yes which ones?EAM Uses Some International Standard Operation Procedures, may be not all the ISOs…………………………………………………………………………………………
D. Critical success factors for an effective risk management at EAM?1. Do you have a risk manager or somebody who is assigned the role of risk
management in EAM?Yes, the Internal Auditor also does Risk Management………………………………
2. Do you think that risk management practices at EAM are effective? Yes/No What are the reasons for your answer in number 2 above?
It has helped the organization to use the resources prudently and enable it to achieve its planned deliverables, and in the process helped EAM in its effort of building strong relations with the various stakeholders.………………..
3. In your opinion, what needs to be done in EAM to ensure effective risk management practices?It must incorporate all the risks in its organizational policies………………………
4. What do you think should be the role of the top leadership and the board members in Risk Management?Senior Management Team must ensure that the risk management plan is on track and being updated periodically……………..
5. In your opinion do you think that is enough effort or support in risk management in EAM? Or what else could the do?There is enough support for risk management and that’s why the organization How knowledgeable are the board members on risk management aspects?The Board of Trustees are well versed with Risk Management issues…………….
6. How much time does the board spend on Risk Management oversight?It’s about one week per year
7. How often does the top leadership review the Risk Management reports? What actions are taken?The meet quarterly. It makes decisions based on the quarterly reports. It also draws a new risk management plan..
8. Would you say there is a risk culture in EAM? How is it sustained?Yes. It is sustained through valuing and adherence to the risk management plan. Risk Management Plan is considered as important as the other management plans within the organization………
9. Are stakeholders involved in risk management? If yes at what level/ If No, why?Stakeholders are involved in all the stages of risk manage………..
10. Are all EAM employees trained on risk management? They are trained in Risk-Based Management………………….
11. What infrastructure has been put in place to support risk management? e.g. A policy, risk management frame work, incorporation of risk management in the Vision fund strategy etc. Risk Management Framework
12. Do you set adequate time/resources for risk management?Enough time/resources are allocated to risk management…………
13. In your opinion, what key areas of risk management need to be developed/ improved in EAM?
EAM needs to incorporate Index Based Insurance for its field-based activities, so that in case of extreme disasters the risks are transferred to an insurer.
95
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Appendix VI An example of how responses from the questionnaires were combined for each question.
Risk management practices 1. Are risks in EAM managed proactively or reactively? Please explain
R17 Of course both ways but more generally reactively.R20 Proactively – managers do not wait until an incident happen but a systematic routine follow ups.R18. Reactively because everything is done based on the situation that has come out.R19. Not surerR21 Risks are generally managed reactivelyR22 Basically managed reactivelyR23 In EAM risks are managed through both, proactively and reactively. Proactively, Risk-Based Audits are done to ensure activity implementers are aware of the common areas which attract audit quarries so that they avoid them. Secondly, other risks that emerge during the implementation of activities are managed reactively through adherence to standard operation procedures during approvals, and conducting post-activity audits.
2. How are risks identified at EAM and by whom? R17 Generally through Review meetings and AuditsR20 Through routine staff meetings, management meetings and audit reports…R18. Through audit reports; in review meetings; In management meetingsR19 Mostly the risks are identified during review meetings, and organisation capacity building workshops.R21 Sometimes in management meetings and sometimes in review meetingsR22 In management and staff meetings, periodic reports, financial controls, staff appraisals, audit reportsR23 Brainstorming meetings, Audit reports, Approving Managers, Field Monitoring Visits, Management Meetings, Financial Reports
3. What value has risk management brought or would bring to EAM?R17 Integrity, staff motivation, organisation trustworthy by both internal and external stakeholders and also financial prudenceR20 It instils the spirit of get prepared for uncertainties like staff resignation and answering audit queries.R18. It has ensured quality of work in different projects It has led to projects registering a lot of successes/achievements and desired
impacts to communities thereby helping the projects achieving their goals and objectives
-It has resulted into attracting donor confidence e.g. financial risk management It has encouraged employees to be patriotic, integrity and hard working in fear of
once the project has phased out and registers underperformance, donors will go and their employment contracts will not be renewed.
R19 It has helped the organisation identify the gaps it has and find possible solutions to the problems identified.R21 Greater confidence, motivation and financial prudenceR22 Effectiveness and efficiencyR23 Risk Management has enabled EAM to i) effectively use the resources, ii) be able to reassure the stakeholders on how the resources are prudently used iii) to achieve its planned activities without any surprises.
96
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Appendix VII List of respondents
Respondent(Identification code)
Working years in EAM
Data collection tool used
Date of interview/return of questionnaire
R1 2 years Face to face interview 31/3/2016R2 12 years Face to face Interview 31/3/2016R3 1 year Face to face Interview 31/3/2016R4 2 Years Face to face Interview 31/3/2016R5 5 years Face to face Interview 31/3/2016R6 7 years Face to face Interview 30/3/2016R7 Over 20
yearsFace to face Interview 7/4/2016
R8 6 years Face to face Interview 8/4/2016R9 Over year Face to face Interview 8/4/2016R10 16 years Face to face Interview 10/4/2016R11 6 years Face to face Interview 10/4/2016R12 13 years Face to face Interview 13/4/2016R13 20 years Face to face Interview 13/4/2016R14 3 years Face to face Interview 15/4/2016R15 Over 10
yearsFace to face Interview 4/4/2016
R16 5 years Face to face Interview 5/4/2016R17 2 years and 9
monthsSelf-administered questionnaire
23/4/2016(Date of return)
R18 2 years and 3 months
Self-administered questionnaire
20/4/2016(Date of return)
R19 6 years Self-administered questionnaire
14/4/2016(Date of return)
R20 5 years Self-administered questionnaire
13/4/2016(Date of return)
R21 More than 1 year
Self-administered questionnaire
2/4/2016(Date of return)
R22 7 years Self-administered questionnaire
10/4/2016(Date of return)
R23 3 years Self-administered questionnaire
19/4/2016(Date of return)
R24 2 years 4 months
Telephone interview 21/4/2016
R25 Over 10 years
Face to face interview 30/3/2016
Appendix VIII An example of paraphrasing and grouping of the texts
97
STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016
Question: What value has risk management brought or would bring to EAM?
Respondent Original text Paraphrasing Grouping the texts
RI It would ensure activities are done on the right time. It would also ensure cohesion between departments. Reports would be timelyAlso there would be quality reporting Requisition of items would be done on time
Activities done on timeEnsure cohesion between department Quality reportingRequisition on time
Activities will be done on time; Cohesion between departments; quality reporting; add value to implementation, risk management committee, proper risk management procedures, reduce challenges, address challenges on time, Promote effectiveness and efficiency
R2 Add value to implementation as challenges would be tackled
Add value to implementation
R4 Risk committee would be in place ;able to mitigate the risks; we would have proper procedures towards achieving our objectives
Risk management committee, Proper risk management procedures
R4 Build capacity build CapacityR7 Reduces losses in many
aspects; this is the way to go as EAM; this is donor requirement hence we are no option
Reduces losses , donor requirement
R12 It would reduce some challenges we face and address some of the challenges on time; address risk on time; be able to foresee and plan in good time; address risk in advance ;promote effective and efficiency operation development in EAM; promote team work; build capacity ;be visionary
Reduce challenges Address risk on timePromote effectiveness and efficiency TeamworkCapacity building
R17 It would ensure Integrity, staff motivation, organisation trustworthy by both internal and external stakeholders and also financial prudence
Integrity, staff motivation, trustworthy Financial produce.
98