ABSTRACT - UBIRubir.bolton.ac.uk/1118/1/Joyce Mue Dissertation FINAL… · Web viewan assessment of...

STUDENT NUMBER: 1409988 DATE OF SUBMISSION: 09 MAY 2016

AN ASSESSMENT OF RISK MANAGEMENT PRACTICES:A CASE OF EVANGELICAL ASSOCIATION OF MALAWI

BY

JOYCE MUE

SUBMITTED TO UNIVERSITY OF BOLTON IN PARTIAL

FULFILMENT OF THE REQUIREMENTS FOR THE AWARD OF

M.Sc. DEGREE IN PROJECT MANAGEMENT

Off campus Division

University of Bolton

09 MAY 2016


ABSTRACTToday, organisations operate in a more dynamic and uncertain environment

that exposes them to all kinds of risks, thus making risk an important aspect of

any entity strategy. Consequently risk management has begun a strategic tool

for development as well as for achieving organisational goals.

Despite numerous studies on risk management, currently, risk management is

still a business practice that is under studied in the developing countries and

more so in Faith Based Organisations. Hence, this study aimed to assess the

risk management practices in EAM.

The study adopted an interpretivist philosophy. A case study strategy and a

multiple data collection tools and sources were used (triangulation) to collect

data from twenty- five purposively selected key informants in EAM.

Content analysis was used to analyse the qualitative data collected. The

analysis focused mainly on the themes that emerged from the data namely;

value of risk management, potential risks, current risk management practices,

critical success factors for an effective risk management in EAM.

The findings reviewed inadequate funding, human resources, sustainability of

projects, and economic instability risks as the most significant risks in EAM. In

addition, it was observed that EAM has tried to put some measures to address

some of its risks especially on financial matters. However, there is neither

structured risk management process nor a wide-organisational risk

management approach. The study identified risk management policy,

appointment of risk manager, adequate resources allocation and capacity

building on risk management as the most critical success factors for an effective

risk management in EAM.

This study recommends EAM to adopt an enterprise-wide approach to risk that

ensures a more proactive, consistent and greater responsiveness to risk

management approach.

ii


Table of ContentsABSTRACT................................................................................................................................ ii

ACKNOWLEDGEMENT..........................................................................................................vi

ABBREVIATIONS AND ACRONYMS...................................................................................vii

LIST OF FIGURES.................................................................................................................viii

LIST OF TABLES....................................................................................................................viii

DEDICATION............................................................................................................................ix

CHAPTER 1: BACKGROUND AND INTRODUCTION.......................................................1

1.0 Introduction......................................................................................................................1

1.1 Background Information.................................................................................................1

1.2 An overview of Evangelical Association of Malawi (EAM).........................................2

1.3 Problem statement..........................................................................................................3

1.4 Significance of the study................................................................................................4

1.5 Aim and objectives of the research..............................................................................5

1.6 Research questions........................................................................................................5

1.7 Structure of the study.....................................................................................................5

1.8 Summary of chapter one................................................................................................6

CHAPTER 2: LITERATURE REVIEW...................................................................................7

2.0 Introduction......................................................................................................................7

2. 1 Definitions of Risk and Uncertainty..............................................................................7

2.2 Risk management practices..........................................................................................9

2.3 Traditional “silo” risk management approach............................................................10

2.4 Enterprise Risk Management (ERM)..........................................................................11

2.5 Enterprise Risk Management Frameworks...............................................................13

2.6. Enterprise Risk Management process......................................................................15

2.7 Tools and techniques for risk management..............................................................20

2.8 Common risks in organisations...................................................................................21

2.9. Critical success factors (CSFs) for effective risk management.............................22

2.10 Framework for benchmarking Risk management practices..................................25

2.11 Gap in Knowledge......................................................................................................25

2.12 Conceptual framework...............................................................................................26

2.13 Summary of chapter two............................................................................................27

iii


CHAPTER 3: RESEARCH DESIGN AND METHODOLOGY............................................29

3.0 Introduction....................................................................................................................29

3.1 Research Philosophy....................................................................................................29

3.2 Research Approach......................................................................................................31

3.3 Research strategy.........................................................................................................32

3.4 Time Horizon.................................................................................................................33

3.5 Data collection techniques...........................................................................................33

3.6 Determining the sample size.......................................................................................37

3.7 Sampling technique......................................................................................................37

3.8 Data analysis and interpretation.................................................................................38

3.9 Validity............................................................................................................................40

3.10 Reliability......................................................................................................................41

3.11 Ethical considerations................................................................................................41

3.12 Summary of chapter three.........................................................................................42

3.13 Conclusions.................................................................................................................43

CHAPTER 4 DATA COLLECTION, FINDINGS AND ANALYSIS.....................................44

4.0 Introduction....................................................................................................................44

4.1 General information......................................................................................................44

4.2. Potential risks in EAM.................................................................................................47

4.3 Findings on risk management practices in EAM.......................................................50

4.4 Findings on CFSs for risk management in EAM.......................................................54

4.5 Discussion of the research findings............................................................................56

4.6 Summary of Chapter four.............................................................................................65

4.7 Conclusions...................................................................................................................66

CHAPTER 5 CONCLUSIONS AND RECOMMENDATIONS............................................67

5.0 Introduction....................................................................................................................67

5. 1 Conclusion....................................................................................................................67

5.2 Recommendations........................................................................................................69

5.3 Limitations of this study................................................................................................71

5.4 Proposed future research............................................................................................71

References...............................................................................................................................73

Appendices...............................................................................................................................85

Appendix I Attributes of Risk Maturity Model (RMM) .....................................................85

iv


Appendix II: Interview guide for assessing risk management practices in EAM.........87

Appendix III: Information Sheet for the questionnaire...................................................89

Appendix IV Questionnaire for assessing risk management practices in EAM...........90

Appendix V Filled questionnaire from Respondent Number 23(R23)..........................93

Appendix VI An example of how responses from the questionnaires were combined for each question.................................................................................................................96

Appendix VII List of respondents.......................................................................................97

Appendix VIII An example of paraphrasing and grouping of the texts.........................98

v


ACKNOWLEDGEMENTFirst and foremost I thank the Almighty God for granting me strength,

understanding, speed and direction throughout the pursuit of this program.

My sincere gratitude also goes to my supervisors Myers Frans and Alex Chanza

for their time, input, counsel, support and credible contribution to the success of

this work.

I also appreciate the moral support and encouragement from my husband and

children.

Thanks to Evangelical Association of Malawi for allowing me to undertake this

study in their institution. Special thanks to all the respondents.

Finally I thank all my friends and colleagues who in one way or another

contributed to my successful completion of this dissertation.

vi


ABBREVIATIONS AND ACRONYMS AIRMC Association of the Information Resources Management College

APM Association of Project Management

COSO Committee of Sponsoring Organizations of the Treadway

Commission

EAM Evangelical Association of Malawi

DFID Department for International Development

EIU Economist Intelligence Unit

ERM Enterprise Risk Management

FBO Faith Based Organisation

HIV Human Immunodeficiency Virus

HM Her Majesty’s

IEC International Electro technical Commission

IMA Institute Management of Accountants

IRM Institute of Risk Management

ISO International Organisation for Standardization

M-o-R Management of Risk

NGOs Non-Governmental Organisations

PLCs Public Listed Companies

PMI Project Management Institute

PRAM Project Risk Analysis and Management

RM Risk Management

RMM Risk Maturity Model

RS Respondent

SWOT Strengths Weaknesses Opportunities and Threats

TRM Traditional Risk Management

UNECE United Nations Economic Commission for Europe

WDR World Development Report

vii


LIST OF FIGURES

Figure 2.1 COSO ERM framework matrix…………………………………...…………….14

Figure 2.2 Risk management process……………………………………………………...17

Figure 2.3 Conceptual framework for the proposed study………………….……………27

Figure 3.1 The research ‘onion’…………………………………………………………..…29

Figure 3.2 Summary of the research process ………………………………………….…37

Figure 4.1 Number of years the study respondents have been in EAM……………..…45

LIST OF TABLES

Table 2.1 Evolution of Traditional risk management…………………...….…………......10

Table 2.2 Generic risk management process……………………………………………..15

Table 2.3 Tools and Techniques for risk management process……..………………….20

Table 2.4 Common risks in Organisations………………………………….……………...21

Table 2.5 Critical success factors for a successful risk management……...…………...23

Table 4.1 Risks faced in EAM………………………….………………………….………...47

viii


DEDICATION I wish to dedicate this work to my husband, who through his encouragement I

was able to enrol for this course. His constant reminder and assurance that I

was more than able to complete this course gave me the much needed moral

and financial support to start and complete this course. He was always flexible

and understanding.

I therefore dedicate this work to him as my deep appreciation to him for that

entire he has been to me over this period.

ix


CHAPTER 1: BACKGROUND AND INTRODUCTION1.0 IntroductionThe purpose of this study was to assess risk management practices in

Evangelical Association of Malawi (EAM). As a result, this chapter presents

background information on risk management, an overview of EAM, research

problem statement, objectives and research questions, significance of the study

and the overall structure of this dissertation.

1.1 Background Information Organisations, irrespective of their size or business, are under increasing

pressure to improve their risk management practices (Woods, 2012;

Gupta ,2011). Many authors (Harvey, 2012; Gupta, 2011; Malik and Holt, 2013)

agree that though the concept of risk management is not a new phenomenon,

what is of concern is how to improve the process. Others (Cooper, 1999; Gupta,

2011; Schroeck, 2002; Woods, 2012; Wieczorek-Kosmala, 2014) indicate that,

the prime reason for this shift is the increased corporates collapse, financial

crash, technology growth and complex business environment among others.

These cannot be dealt with by a “silo” based risk management approach. Many

attribute the global financial crisis to poor risk management (Li and Wearing,

2012; Ismail et al., 2013) hence an effective risk management approach is

paramount for the success and competitive advantage of any organisation

(Hillson, 2012;Woods, 2012).

Despite the fact that many Enterprise Risk Management (ERM) frameworks

have been developed to aid organisations establish ERM program (Rosenthal,

2008; Woods, 2012) a good understanding of the importance of ERM is still

wanting. This is confirmed by Akotey and Abor (2013) study on insurance

companies that showed eight nine percent of those surveyed demonstrated

compliance to regulation and the need to avoid legal actions as the most

important reason for practicing risk management. As observed from literature

(Hassan and Ali, 2013; Malik and Holt, 2013), a number organisations have

1


grasped that ERM has the potential for enhancing competitive advantage.

However, other organisations are still unclear about ERM and as a result they

have not incorporated risk management in their operations.

As demonstrated by recurrent business and project failures, risk management

though still in practice fails to meet its objectives (Fadun, 2013). Hence, this

study seeks to bring to light the risk management practices in EAM, the gaps

and areas of improvement.

1.2 An overview of Evangelical Association of Malawi (EAM)EAM is a Faith Based Organisation (FBO) that exists to unite, mobilize and

empower Churches and Christian organisations for effective and efficient social

and spiritual transformation of the people in Malawi. EAM serves as the

umbrella body whose current membership is 108 organisations comprising fifty

eight Church denominations and fifty FBOs (EAM, 2008). The highest policy

and regulatory body is the General Assembly of all member church

denominations, FBOs and individuals. A board of trustees and a secretariat

management committee serves as the custodian of the vision, implementation

of its objectives and stewardship of its assets. The General Secretary, assisted

by finance and administration manager, program managers and regional

coordinators are accountable for the day to day operations of EAM.

EAM’s main objectives include:

a) Building the capacity of Church denominations and FBOs to participate

actively in national development and provision of social services

b) Promote coordination, networking, sharing of best practices and a common

voice by Churches on major national issues of concern.

c) Promote programs and initiatives committed to the holistic proclamation of

the gospel in the nation through word and deeds.

d) Promote peace and justice for all, cognisant that all are created equal.

2


In the current strategy, EAM’s main focus areas of development revolve around;

a) HIV/AIDS interventions

b) Food Security and livelihood

c) Advocacy, peace and justice

d) Leadership development

e) Education

f) Missions and discipleship,

g) Environment and climatic change.

h) Church and community mobilization (EAM,2008)

Besides the member church denominations and FBOs, EAM has several

partners who support and fund their programs. These include; National Aids

Commission ,Tear Fund United Kingdom, Norwegian Church AID, Geneva

Global and Department for International Development (DFID)(EAM,2008).

1.3 Problem statement As argued by Loghry and Veach (2009) and Hassan and Ali (2013), every

organisation faces a certain level of risk every day either due to natural

happenings, calamities, intentional or business decisions. The risks may lead to

gains or losses and that is why management of risk is crucial. In addition, as

stated by Harvey (2015), the rapid and evolution of technology, government

regulations and natural disasters are creating unforeseen emerging risks and

opportunities that have a chance of affecting any firm at some level.

As discussed earlier, EAM is a FBO involved in community development

activities with funding from a cross section of donors. Owning to an increased

donor accountability requirements prompted by the need to demonstrate value

for money (Brown and Moore, 2001; Yasmin et al., 2014), development

organisations such as EAM are faced with a great challenge to demonstrate

this. This demands for sound and robust risk management practices that can

guarantee effective identification and mitigation all risks that are faced by the

organisation.

3


According to EAM strategy (2013), EAM is faced with a number of challenges

that include; inadequate commitment of support members, inadequate technical

skills, overdependence on donors, poor documentation skills and as well as

weak monitoring and evaluation systems among others. Beside, EAM operates

in a country whose economy is very volatile with high inflation rates and political

instability all of which poses risks and uncertainties to EAM’s planning and

execution of their program activities (EAM, 2013).

Despite the many activities undertaken by EAM, there no structured risk

management approach. This coupled with a weak monitoring and evaluation

system would pose uncertainties that could hinder the achievement of their

objectives (EAM, 2013). As argued in the World Development Report (WDR)

(2014), mismanaged risks may have detrimental effects on lives, assets, trust,

and social stability and more so among the poor.

1.4 Significance of the studyFaith Based Organisations as argued by Clarke and Ware (2015) and

Hoffstaedter (2013) play an important role in social and economic development

and more so in Africa. Consequently, a proper risk management is an important

development tool for FBOs (WDR) (2014). To effectively manage risks that may

hinder a development agency from achieving its goals, it is crucial to shift from

unplanned and ad hoc risk responses to proactive integrated risk management

approach (WDR, 2014). The purpose of this study is therefore to reveal how

risks are effectively managed in EAM.

Therefore, the results will provide insights to EAM leadership on how to improve

on the current risk management practices. This could lead to increased chances

of success as an institution and enhancement of donor support.

In addition, research findings of this study will add to the body of knowledge on

risk management and more so for FBOs which have limited literature in this

4


subject. Finally, the study will provide more room for further studies on risk

management in other organisations.

1.5 Aim and objectives of the researchThe main purpose of the research was to assess the current risk management

practices in Evangelical Association of Malawi and as a result the following

objectives were formulated:-

a) To identify the potential risks in EAM

b) To establish the current risk management practices at EAM

c) To establish the critical success factors for an effective risk management

in EAM

d) To recommend an appropriate risk management framework in EAM.

1.6 Research questionsIn order to achieve the above mentioned objectives and in line with research

topic, the following questions that guided the study were developed:

a) What are the potential risks in EAM?

b) What are the current risk management practices in EAM?

c) What are the critical success factors for risk management in EAM?

d) What are the gaps in the risk management practices at EAM?

1.7 Structure of the study This section outlines the content of the different chapters and sections. The

dissertation is organized into five chapters.

Chapter one gives an overview of background information on risk management

and EAM, the research problem, the objectives of the research, significance of

the study and the overall structure of this dissertation. Chapter two critically

reviews the existing literature on risk management and relevant studies

undertaken in the context of this research and concludes by giving the

conceptual frame work of the study. Chapter three outlines the study

methodology frame work. The chapter discusses the research philosophy,

5


research approach, strategy, sampling techniques, sample size and procedures

for collection and analysis of data. Chapter four presents the results of the

study, an analysis and discussion of the results. Chapter five provides

conclusion and recommendations, limitations of the study as well as areas of

further research.

1.8 Summary of chapter oneAs discussed earlier, risk management process and practices are wanting and if

development organisations have to meet their objectives, risks have to be

effectively managed. Risk management is a powerful development tool hence

risk management need to be an integral part of any institution. Therefore the

need for an assessment of risk management practices in EAM.

Having provided the background information on risk management, the problem

statement, the research objectives and the rationale of the study; the following

chapter reviews relevant literature in line with risk management practices and

tries to identify the gap in knowledge.

6


CHAPTER 2: LITERATURE REVIEW

2.0 IntroductionThe purpose of this study was to assess the risk management practices at

Evangelical Association of Malawi hence this chapter endeavours to provide the

fundamental findings from literature and other studies on risk management

practices. The literature review critically looks into the definitions of risk,

uncertainty and risk management, traditional and integrated risk management

approaches, ERM process, tools and techniques for risk process, identifies the

potential risks and critical risk factors for a successful risk management. The

review further identifies the gaps in knowledge. The literature consulted was

mainly from books, academic journals and relevant reports.

2. 1 Definitions of Risk and UncertaintyToday, organisations operate in a more dynamic and uncertain environment

and as such they are exposed to all kinds of risks, thus making risk an important

aspect of any entity’s strategy.

Consequently, as argued by (Hillson, 2012), for risks to be managed well, there

must be a clear understanding of what risk is. This is evidenced by Hameeda

and Al-Ajmi (2012) study that established that, the risk management practices

were depended on the degree to which the managers had a vibrant

understanding of risk and risk management.

However, there exists confusion between the terms risk and uncertainty

resulting to the terms being used interchangeable though they differ from each

other (Hillson, 2012).

A number of authors (Hillson, 2012; Elahi, 2013; Maylor, 2013) have almost

similar views on uncertainty and defines uncertainty as the occurrence of an

event whose probability is unknown and in which people have no or limited

information. Still Hillson (2012) further considers risk as a subset of uncertainty

while alluding that all uncertainties are not necessarily risks.

7


A wide range of definitions of risk exist as observed from literature (Hillson,

2012; Woods, 2012; Maylor, 2013; Project Management Institute(PMI), 2013)

signifying a wide view on risk still exists. Despite of this, Hillson (2012)

maintains that a clear definition of risk is critical for an effective risk

management.

Hillson (2012,p.7), PMI (2013,p.310) and International Organisation for

Standardization (ISO) 73 guidelines have a similar opinion of risk as the

uncertainty whose occurrence affects the attainment of the organisational goals

either positively or negatively. Maylor (2013, p. 219) defines risk “as uncertainty

intrinsic in plans that can affect the prospects of achieving business”.

Schroeck (2002) and Gupta (2011), bears similar view on risk as possibility of

deviancy from the expected outcome. However Dinu (2014,p.157) broadens the

definition and defines risk “as the probability or threat of damage, injury,

liability, loss, or any other negative occurrence as result of external or internal

vulnerabilities, and that may be avoided through pre-emptive actions”. This

definition by Dinu (2014) closely resonates with the realities faced by many

organisations.

However, despite the varied definitions, all have similar opinion that risk has two

distinct features; that is uncertainty and consequences (Hillson and Murray-

Webster, 2004.)

Hillson (2012) and Woods (2012) suggest that since uncertainties are

unpredictable, there is need for holistic approach that does not only seek to

evade the risks but grasp the opportunities for the advancement of the

organisational objectives. This is supported by Gupta’s (2011) view on risk as

being the lifeblood of every organisation.

As stated by (Dinu, 2011; Bezzina et al., 2012; Hillson,2012), risk is inevitable in

any organisation and as result this research adopts risk as an uncertainty of a

consequence that has either positive or negative outcome that has to be

effectively managed for the success of the organisation.

8


2.2 Risk management practices As observed in the above section (2.1), just as there is no universal description

of risk, there is no universal definition of risk management. Hillson (2012) and

PMI (2013) have a similar approach to risk management to include all the

activities undertaken to manage risk including risk planning, identification,

analysis, responses planning, implementation, communication and review.

Noticeably, Elahi’s (2013) definition is not far from them as it describes risk

management as process that includes all the activities that an organisation does

to effectively manage the identified risks and all the efforts undertaken to make

the organisation more resilient to risks.

Dinu, (2014, p.157) define risk management “as the process of identification,

analysis and either acceptance or mitigation of uncertainty in any decision-

making”. In addition, Hillson (2012) emphasizes the need for the appropriate

policies, resources, organisational risk culture, management support and

infrastructure.

Several authors (Carey, 2001; Benta et al., 2011; Hillson, 2012; Bezzina et al.,

2014) suggest that, these practices should not be intended to eliminating risk

but effectively manage risks in a manner that enables the organisations to

achieve their goals. This is supported by Bezzina et al.(2014) study that

established that ineffective risk management practices contributed greatly to the

worldwide economic down turn. In addition Gupta (2011) study on Indian

companies also established that an effective risk management improved

organisational performance.

As evidenced from the above definitions, risk management is a systematic

process intended to manage risks. It comprises of identifying, analysing,

monitoring and controlling risks, reducing negative effects and enhancing the

opportunities. However, as observed by Wieczorek-Kosmala (2014), there are

two distinct approaches to risk management; traditional (“silo”) risk

management and an integrated systematic risk management. As a result, the

9


following section discusses the traditional risk management as well as the

integrated systematic risk management processes.

2.3 Traditional “silo” risk management approachSimona-Iulia, (2014) define Traditional Risk Management (TRM) as a

manager’s or administrative role in which that have to plan, organise, lead and

control the organisation’s activities. The TRM is aimed at minimising the

negative effects of accidental and business losses of that organisation at

realistic cost. Wieczorek-Kosmala (2014) has almost a similar view on a

traditional risk management as a process that aim to identify measures and

treat exposures to potential unintended losses. Study by Simona-Iulia (2014)

showed that the TRM has evolved over time as shown on table 2.1. In the ‘70s,

the focus was mainly on financial risk and accidental risk. In the ‘80s, market

risk was added but in the following years started to consider keys risks affecting

entities such as strategic risk, operational risk, financial risk, and accidental risk

(Simona-Iulia, 2014).

Table 2.1 Evolution of Traditional risk management (Adopted from: Simona-Iulia 2014, p.280)

The ‘70s The ‘80s The ‘90s

credit risk Market risk Strategic risk

Operational risk

Accidental risk Credit risk Financial risk

Accidental risk Accidental risk

As observed from literature (Simona-Iulia, 2014; Wieczorek-Kosmala, 2014),

TRM result to viewing risk from a negative perspective that is limiting and

ambiguous. This could lead to a bias approach to risk management while on the

contrary, risk may manifest itself as either negative or positive or both (Hillson,

2012; Fadun, 2013). As Cretu et al. (2011) argue biasness towards risk as a

bad thing forces business/organisations to miss great opportunities. Focusing

mainly on threats and losses as Fadun, (2013) and Simona-Iulia, (2014)

observe only few organisations view risks as potential opportunities. As

10


Wieczorek-Kosmala (2014) note, the risk responses in a TRM are directed

towards reducing the loss frequency or loss impact which is achieved either

through risk avoidance, risk prevention or risk repression and financial risk

control tools.

Both Lai and Lau (2012) and Dornberger et al., (2014) argue that “silo”

approach leads to closed thinking with some departments of the organisation

failing to share information thus making risk management function parallel to

other business functions.

Other studies by Abrams et al. (2007) and Jalal-Karim (2013) have evidenced

that a "silo" approach or a segmented risk approach is not a proficient method

for managing the innumerable types of risks/threats that are faced by

organisation. Hence, following section discusses an integrated risk

management approach.

2.4 Enterprise Risk Management (ERM)ERM is a global subject that has gained great interest (Jalal-Karim, 2013).

Different authors use numerous synonyms for ERM namely; integrated risk management (IRM), holistic risk management, global risk management and strategic risk management (Hoyt and Liebenberg, 2011; Simona–lulia,

2014). However this research uses ERM is for consistency.

Many definitions do exit for ERM;

COSO (2004) defines ERM as "a process, effected by an entity's board of

directors, management and other personnel, applied in strategy setting and

across the enterprise, designed to identify potential events that may affect

the entity, and manage risk to be within its risk appetite, to provide

reasonable assurance regarding the achievement of entity objectives"

(COSO, 2004, p.2)

According to Jalal-Karim, (2013) ERM is the process of identifying and

analysing risk from an integrated, organisation-wide approach.

11


As Carroll (2016) and Abrams et al. (2007) suggest, that ERM must be

comprehensive and entity-wide whose effectiveness is governed by strength

and grip of its practices and processes.

As noted by Abram et al. (2007) the various ERM definitions share critical aspects namely;

(i) Integrated-ERM that cover the all lines of business/operations.

(ii) Comprehensive-ERM that must include all types of risk.

(iii) Strategic-ERM that must be affiliated with overall business/organisational

strategy.

However, the ERM framework highlights two distinct elements of the risk

management process: corporate governance and internal control. The

corporate governance element focuses on the need to place the obligation of

risk management on the management board. The internal control includes

internal control aspects such as policies, responsibilities, and other aspects of

an organisation that support the risk management process (Wieczorek-

Kosmala, 2014).

As argued by Elahi (2013) and Woods (2012), one of the challenges in ensuring

a successful ERM strategy is making ERM an organisation wide issue. This is

confirmed by COSO (2010) study on executives leading risk management in

their organisations that found that only 28.2 % of 460 respondents had a

systematic risk management process while sixty percent had an informal and ad

hoc process. In addition Harvey (2015) study established that several

organisations especially small entities had not yet embraced ERM mainly due to

cost and difficulties involved in the process. Malik and Holt (2013) study found

people’s perception of risk, organisational risk culture and risk technology as

other factors affecting ERM adoption while Zhao et al. (2014) study found

insufficient resources (time, money, and people) as a significant limitation to

ERM.

12


However, the benefits of ERM over the “silo’’ type risk management approach

outweigh the challenges as evidenced by several authors (Carey, 2001; Hillson,

2012; Elahi, 2013; Fadun, 2013). For example, as demonstrated by Hillson

(2012), ERM allows integration of risk management at all levels, which is an

essential factor since there exist a hierarchy of objectives at all levels of an

organisation which may be affected by uncertainties. In addition, as stated by

Majdalawieh and Gammac (2005), a wide approach allows ERM to be

implemented in dynamic manner that ensures all barriers are eliminated with an

ultimate purpose of creating value. This is confirmed by Gupta’s (2011) study of

risk management in Indian companies established that companies with an

ineffective risk management had not mingled risk management practices into

the corporates strategy in addition to limited use of information technology. Ping

and Muthuveloo (2015) study still found that implementation of ERM influenced

firms’ performance. Waweru and Kisaka (2013) study further established that,

the level of ERM execution in the study companies had a positive correlation

with the value of the companies. Hence most companies viewed ERM

implementation as part of the business strategic plan other than a compliance

requirement.

On the contrary to this; McShane et al. (2011) study found no additional value

for firms with higher ERM rating as opposed to those firms with increased levels

of traditional risk management.

However, as evidenced, risks still need to be managed in a systematic process

and several frame works have been developed to aid organisations hence the

following section discusses some of those frameworks.

2.5 Enterprise Risk Management FrameworksSeveral international frameworks and standards have been developed to help

organisations evaluate, develop and improve their organisational ERM

capability (Malik and Holt, 2013) such include;

13


Committee of Sponsoring Organisations of the Treadway

Commission(COSO) (2004) ERM framework (COSO, 2004);

International Standards of Organisations (ISO) 31000:2009 (United

Nations Economic Commission for Europe (UNECE), 2014);

International Electro technical Commission (IEC)/ISO 27001:2005

(UNECE, 2014) ;

Protiviti Risk Model (Malik and Holt, 2013)

These standards provide common universal language and embody best

practice in risk management. Some standards deal with specific category of risk

or different steps of the risk management process (UNECE, 2014). Though

studies (COSO, 2004; Malik and Holt, 2013) show that ISO and COSO ERM

framework are the most widely used, this study briefly discusses COSO

framework.

The COSO ERM framework is provided in three-dimensional model to help

organisations understand enterprise risk as shown on figure 2.1

Figure 2.1 COSO ERM framework matrix (Adopted from COSO, 2004, p.5)

14


As shown on figure 2.1, the first dimension entails eight horizontal rows that

highlight eight risk components (internal environment, objective setting, event

identification, risk assessment, risk response, control activities information and

communications, monitoring). The second dimension presents the strategic

objectives of ERM namely strategic, Operations, Reporting and Compliance.

Lastly the third dimension denotes the organisational units namely entity,

division, business and subsidiary level (COSO, 2004).

The COSO framework networks the risk management process to the

organisational structure and strategic planning thus provides a clear direction on

ERM process (UNECE, 2014). Hence the following section discusses the main

risk management steps.

2.6. Enterprise Risk Management processAs stated by Smith et al. (2009) risk management process is a set of

procedures that an organisation establishes to provide guidelines in risk

management. Though the process depends on the type of operations (Harvey,

2012), it can be noted that the process has evolved over time as evidenced by

the varied steps from several authors shown on table 2.2. However COSO

(2004) asserts that an effective ERM ought to follow eight stages namely control

environment, objective setting, risk assessment, risk response, control activities,

information, communication and monitoring.

Table 2.2 Generic risk management process (Adopted from Hillson, 2012, p.29)

INFORMAL PROCESS STEP

FORMAL PROCESS STEP

APM Body of Knowledge; APM Project Risk Analysis and Management (PRAM) Guide

PMI PMBOK Chapter 11 Project Risk Management; PMI Practice Standard for Project Risk Management

AS/NZS 4360:2004 Risk Management [also ISO/DIS 31000 Risk Management – Principles and Guidelines]

Management of Risk (M_o_R)

IRM Risk Management Standard

BS31100:2008 Risk Management – Code of Practice

Getting started

Risk process

Initiate Plan risk management

Establishing the context

Identify context

organisation strategic

Risk context

15


initiation

objectives

Finding risks

Risk identification

Identify Identify risks

Risk identification

Identify risks

Risk identification risk description

Risk identification

Setting priorities

Qualitative risk assessmentQuantitative risk analysis

Assess Perform qualitative risk analysis perform quantitative risk analysis

Risk analysis risk evaluation

Assess Risk estimation risk evaluation

Risk assessment

Deciding what to do

Risk response planning

Plan responses

Plan risk responses

Risk treatment

Plan Risk treatment

Risk response

Taking action

Risk response implementation

Implement responses

- Implement

Telling others

Risk communication

- - Monitor & control risks

Communication and consultation

Communicate

Risk reporting

Risk reporting

Keeping up to date

Risk review

Manage process

Monitoring and review

Embed and review

Monitoring and review

Risk review

Capturing lessons

Post project review

-

Though as evidenced on table 2.2 that different authors offer a varied risk

management process; the dominant observation is that all seem to have a

similar approach. Hence this study discusses the key steps of the risk process

in the following sub sections as shown on figure 2.2.

16


Figure 2.2 Risk management process (Adapted from Woods, 2012)

2.6.1 Establishment of the contextThough many authors omit this step in their risk process as evidenced on table

2.1, it is very important to establish the context under which risk management is

undertaken. However, Hillson (2012) designate this step as the risk

management planning. The context comprises the objectives, the criteria,

measures of success or failure, and resources (Emblemsvåg, 2010) in addition

to culture and risk attitude (Woods, 2012). As Emblemsvåg (2010) argue

clarification of objectives and parameter is crucial as risks arise in pursuit of

objectives.

2.6.2 Risk identificationOnce the context is established the next step is risk identification. Tachankova

(2002) argue that risk identification is the most vital step. This is confirmed by

Hameeda and Al-Ajmi (2012) study that examined the risk management

practices of conventional and Islamic banks in Bahrain and established that an

efficient risk identification was a determining factor in risk management

practices. Tachankova, 2002 and Hillson (2012) agree that this has to involve

identification of hazard factors, risks exposure, sources of risks, perils, factors

affecting the organisational resources and the hindrances to achievement of the

17

Establish Context

Risk analysis

Assess and evaluate

Risk Treatment

Identification of risks

Communicate and consult Monitor and Review Context


firm’s objectives. Simona-Iulia (2014) further emphasis that every company

personnel must know risk Identification and understand the risk factor as

effective risk management reduces the negative impact on the organisation.

Theil and Ferguson (2003) and Dornberger et al. (2014) have a similar view on

risk identification as the most difficult step. Dornberger et al. (2014) study further

recognised that most problems of the RM process occurs during this step as it

is done by a team that has to identify all the risks, uncover all risks and learn the

techniques for risk identification. Contrary, Harvey (2012) found that many firms

fall short of this step by failing to focus on strategic risks but on hazards and

operational risks. As noted by many, risk identification is a continuous process

as other risks may appear later (Hillson, 2012; Dornberger et al., 2014).

However, Driscoll (2014) study found that only nineteen percent of

organisations studied had an effective ERM process that could identify risks not

encountered before.

2.6.3 Risk assessment and evaluationHarvey (2012), Hillson (2012) and UNECE (2012) agree that the risk

assessment and evaluation should involve evaluation and prioritization of the

identified risks in relation of their probability of occurrence and the

consequences. As Institute Management of Accountants (IMA) (2007) argue

after risk assessment organizations should also reflect on the residual risk. A

residual risk can be defined as the remaining risk after mitigation measures

have been put in place to address the initial identified risks (IMA, 2007).

2.6.4 Risk treatment The four main accepted strategies include risk retention, mitigation, avoidance

and transfer. In consideration to the business’s risk tolerances and risk appetite,

specific action plans are developed to address the identified risks

(Emblemsvåg, 2010; Hillson, 2012; Harvey, 2012). Benta et al. (2011) and

Hillson (2012) further argue that both threats and opportunities should be

addressed appropriately.

18


2.6.5 Risk monitoring, review and communication Bharathy and McShane (2014) argue that one way of ensuring that silo

mentality does not develop is to ensure effective communication within internal

and external stakeholders. Accordingly, the risk management process in ISO

approach added another step that deals with communication and consultation at

each stage (Wieczorek-Kosmala, 2014).

Fadun (2013) further claim that, regular review of risk exposures may prevent

risk management incremental failure. Nielson et al. (2005), Harvey (2012) and

Hillson (2012) agree on the need for regular risk monitoring and reporting to all

stakeholders for an effective RM. As Ismail et al. (2013) state, proper control

systems for managing and controlling the risks should be established and

regularly reviewed.

Harvey (2012) highlights continuous risk monitoring and communication as one

of the furthermost significant aspect in the risk process. This is supported by

Ping and Muthuveloo (2015) study that confirmed that monitoring by the board

of directors as one of the factors that significantly influenced the relationship

between risk management and the organisational performance. In addition,

Ismail et al. (2013) study established that the risk identifications and reporting

were crucial in ensuring the survival of the firm and the market value.

Harvey (2012) applauds the involvement of internal and external audits who

would give unbiased report to the executive.

For the success of every step of the risk process, appropriate tools and

techniques have to be used hence the following section briefly outline tools and

techniques.

19


2.7 Tools and techniques for risk managementThere are many available tools and techniques for risk management at every

step as shown on table 2.3. However it has been established that for

effectiveness of the tools, more than one tool/technique should be used in each

of the step (Hillson, 2012, IMA, 2007). In addition, the right people with the

appropriate skills and knowledge must be involved (Hillson, 2012). According to

IMA (2007) the end result of risk process is a risk language that is specific to the

organisation.

Table 2.3 Tools and techniques for risk management process (Adapted from Hillson, 2012: PMI, 2013)

Steps of risk management process

Appropriate tools and techniques

1. Understanding the context Analytic techniques, review meeting, expert judgment

2. Risk Identification Braining storming, interviews, workshops, review meetings, expert judgment, document reviews, information gathering techniques, checklist analysis, risk register, assumptions and constraint analysis, Delphi technique ,SWOT analysis

3. Risk analysis Qualitative Risk Analysis:-Risk probability and impact assessment, probability- impact matrix, risk categorization, expert judgment, Top Ten Risk Item TrackingQuantitative Risk Analysis:-Data gathering, decision tree analysis, sensitivity analysis ,quantitative risk analysis, modelling techniques, expert judgment

4. Risk assessment and evaluation

Risk reassessment ,risk audits, variance and trend analysis, technical performance measurement, review meetings

5. Risk treatment Strategies for threats, strategies for opportunities, contingent plans, response strategies, expert judgment

6. Risk monitoring and control Risk response audits, periodic risk reviews, earned value analysis, variance and trend analysis

7. Risk review and communication

Risk reports and communication, risk review workshops, review meetings

For risk to be managed they have to be identified hence the following section

discusses the key potential risks in many institutions.

20


2.8 Common risks in organisations Different frameworks (UNECE, 2014) categorise risk differently but this study

has grouped them into eight categories a stipulated on the table 2.4.

Table 2.4 Common risks in Organisations (Adapted from HM Treasury, 2009)

Risk category Main risky issues

Political Effects of change of government, change of national policies

Economic Economic stability to attract and retain competent personnel,

inflation rates and foreign exchange rates, effect on costs of

transnational transactions, effects of global economy

Socio cultural Socio cultural effects on delivery of services, effects of

demographic change

Technological Obsolete or current systems, cost of procuring and management

of technology

Legal/regulatory Legal/regulatory requirement or laws such as on safety or

employment terms

Environmental Effects of natural disasters such as floods, earthquake, drought,

climate change

Strategic All risks related to strategy, policies, reputation risk, management

of risk, leadership

Operational

risks

Threats that an organisation faces in managing day to day

operations related to human, service delivery, business

processes, technology, project continuity, customer’s

/stakeholders satisfaction, health and safety; reporting and

communication

Financial risks This includes frauds, inadequate or constrained funding, poor

budget management, donor dependency, donor fatigue

As cited in Ennis (2015) Deloitte's 2014 reputation risk survey, eighty seven

percent of the three hundred global executives surveyed regarded reputation

risk as the most significant risk that faced in their companies. The same report

also cites a 2012 World Economic Forum report that found that, on average,

more than twenty five percent of a company's market value is positively

correlated to its reputation (Ennis, 2015). This could be confirmed by Haron et

21


al. (2015) study Islamic banks in Murabaha that established that reputation risk

affected their stability and performance like any other institution. Contrary,

Gaudenzi et al. (2015) study reviewed that though reputational risk is

considered to be grave, in practice no particular attention had been paid to

address the specific reputation risk sources.

Operational risk is found to be indisputable and managing it is essential for the

effective overall management of an organisation (Schwartz-Gârliste, 2013). This

is supported by Dardac and Chiriac (2010) study that established that

operational risk as a significant source of loss especially to financial institutions.

Woods (2012) study viewed regulatory risk to be the most second significant

risk for most executives as failing to comply with set regulations could result to

huge penalties.

2.9. Critical success factors (CSFs) for effective risk managementCritical success factors (CSFs) are defined differently depending on the context.

Yaraghi et al. (2011) define CSFs from three perspectives notably:

(i) as the factors that have an effect on the inclination and willingness of a

firm to implementing Risk Management Systems(RMS);

(ii) as important factors in a firm that can significantly affect the success of

RMS design and implementation;

(iii) the factors that are significantly imperative to effectively run, maintain,

and administrate RMS after the closure of the project of RMS design and

implementation

Chileshe and Kiwasi (2014) view CSFs as requisite aspects which organisations

have to put in place in order to achieve their mission and objectives.

However, this study define CSFs as the crucial drivers of a successful risk

management practices without which as asserted by Hillson (2012)

effectiveness of the process is hindered.

22


A number of studies have identified different CSFs as shown on table 2.5.

Table 2.5 Critical success factors for a successful risk management

Authors Critical Success Factors

Campbell (2015) Leadership Governance

Rahma et al (2015) Leadership Training programme Use of technology Entrepreneurship orientation Accounting information

Chileshe and Kikwasi( 2014)

Management style Awareness of risk management process Teamwork and cooperation Cooperative culture Customer requirement Positive human dynamics

Carey (2001) Sound judgement Identification of issues Keep control and reputation Assessing the important risks Verifying judgement Embedding risk Change management Cultural challenges Remuneration issues Management not elimination

Hillson (2012) Process design Facilitation Resources Infrastructure Risk Culture Management support

Driscoll, 2014 Build a reliable and repeatable risk process Monitoring and regular reporting to the board and top

executives. Training the board and managers on common risk

language and concepts. Ensure the visibility of new or growing risks Creatively build a risk -intelligent culture. Demonstrating the potential financial impact of a

strategic risk. Ensuring strategic plans have plans that address

identified strategic risks. Leverage technology for uniformity, collaboration, and

risk correlation.

23


However this study discusses the following critical success factors deemed

necessary for successful risk management.

2.9.1 Management support As many (Hillson, 2012; Hung, 2012) agree risk management should be led

from the top for the success of the process. As Hillson (2012) suggest, the top

management support is evidenced by allocating adequate resources, appointing

a risk manager, using risk information in decision making and acknowledgement

and appreciation of risk takers.

2.9.2 Development of a risk policy A policy statement primarily asserts the management’s support to risk

management in addition to facilitating the risk management process and giving

authority to the risk manager (Hung, 2012).

2.9.3 Establishment of an appropriate structure and infrastructure A suitable structure that is applicable to the organisation and the context has to

be put in place as any successful risk management. The structure ensures a

risk strategy, roles, rules; guidelines and techniques are clearly stipulated

(AIRMIC, Alarm, IRM, 2010). Further, an appropriate infrastructure should be in

place to support the risk process. However, it will be determined by the level of

risk implementation and availability of resources. This could include buying of

software, tools and techniques, staff training, allocation of resources and so

forth (Hillson, 2012).

2.9.4 Organisational risk management culture Organisational risk management culture looks into the values, beliefs, views

and the understanding about risk, that are collectively shared by a group of

individuals in that particular organisation. Every entity should endeavour to be

risk aware and in a position to recognise the risk takers (Hillson, 2012). As

Hillson (2012) further argue, a mature organisation risk culture should be a

robust proactive risk management approach that is wide spread at all levels.

24


2.9.5 Effective facilitationHillson (2012) suggest the need for a skilful and knowledgeable facilitator that

has technical risk competences as well as people skills. This person may

assume different titles such as risk champion, risk manager among others

(Hillson, 2012).

2.9.6 Resilience BELOBROV (2014) recommend recognition of resilience as a crucial CFS for

improving risk management among business entities. This is because

organisations operate in complex environment characterised by economic crisis

and increased competition.

Organisations at some point may wish to assess their risk management

practices hence following section discuses briefly a framework that could be

used for such.

2.10 Framework for benchmarking Risk management practices As Hillson (1997) and Hopkinson (2011) agree organisations which desire to

improve or assess their risk management approach require a framework to

measure their current practices. Several empirical studies (Elmaallam and

Kriouile, 2012) have used a number of models to test the maturity of risk

management practices in different fields. Hillson (1997) developed a risk

maturity model (RMM) that has been adopted by others (Hopkinson, 2011). The

Hillson model matrix is designed to assess risk management capacity against

four levels with each with each attributes as shown on appendix I. These

attributes may help an organisation to develop risk management competences.

2.11 Gap in Knowledge Despite various studies on risk management and as observed by Khattab and

Hood (2015), risk management practice is still a business practice that is under-

researched in the developing countries. Furthermore studies that have

25


examined risk management practices globally have had limited focus on risk

management practices in FBOs. Based on the literature review, majority of

earlier studies on risk management have majored on finance sector and

insurance industry (Mersland, 2011; Singh, 2012; Zerai and Rani, 2012; Akotey

and Abor, 2013; Nar, 2014; Nikita, 2014). There is no prior research on risk

management practices in EAM hence this study is timely and the results will

provide insights on how to improve on the current risk management practices.

This will raise value of EAM among stakeholders and increase its chances for

success and competitive advantage. In addition the research will create an

opportunity to noticeably further knowledge in the area of risk management and

will provide more room for further studies on risk management in other

organisations.

2.12 Conceptual frameworkBased on the related literature discussed earlier, a conceptual framework for

this study was developed as shown figure 2.3. This study suggests independent

variables namely value of risk management, risk management practices,

enterprise risk management and risk management process while risk

management is the dependent variable.

26


Figure 2.3 Conceptual framework for the proposed study

2.13 Summary of chapter two As earlier discussed, risk and risk management have to be clearly understood

for any successful risk management. In order for an organisation to achieve its

goals, risk management should be integrated throughout all the aspects of the

organisation. Risk management process ought to be iterative and systematically

undertaken. All potential risks that would affect the achievement of the

organisational objectives have to be identified, analysed and appropriate risk

responses implemented and monitored continuously.

As the process of risk management is rather abstract, several risk management

standards, such as COSO, ISO 3100 have been developed. The guidelines

offered by these standards are broadly applicable in any organisation and

different context. However several prerequisite factors such as top leadership

27

Effective risk management

Risk management process

Enterprise/Integrated Risk Management

Risk Management practices

Value of risk management

Critical success factors

Risk management tools and techniques


support, risk culture, infrastructure has to put place for any successful risk

management. A risk maturity model could be used by any organisation to help

assess and improve on their current risk management practices.

Having reviewed the relevant literature the following chapter looks into the study

methodology.

28


CHAPTER 3: RESEARCH DESIGN AND METHODOLOGY3.0 Introduction The purpose of the study was to assess the risk management practices at

Evangelical Association of Malawi and as result this chapter describes the

research methodology in relation to the steps highlighted in the research ‘onion’

as shown on figure 3.1. It discusses in details the research philosophy, research

approach, research strategy; time Horizon, data collection and data analysis

techniques that have been used. A summary of the research process is shown

on figure 3.2. In addition, issues of validity, reliability and research ethics have

been tackled.

Figure 3.1 Research ‘Onion’ (Adopted from Saunders et al., 2015, p. 108)

3.1 Research Philosophy As stated by Saunders et al. (2015), a research philosophy represents a set of

beliefs and assumptions about the development of certain information in a

specific domain. Saunders et al. (2015) further state that, research philosophy

undertaken in any study shapes the choice of the research methodology,

strategy, data collection tools and the data analysis procedures. As observed

29


from the outer layer of the research ‘onion’ as shown on figure 3.1, there are

basically four research philosophies namely; positivism, realism, pragmatism

and interpretivism all of which hold varied assumptions as far as ontology,

epistemology and axiology is concerned (Saunders et al., 2015).

3.1.1 PositivismIn this philosophy researcher advocates that view of the nature of reality

(ontology) to be external, objective and independent of the study objects.

Furthermore, only observable phenomena can offer reliable data and facts and

research is undertaken in value free (objective) and results can be generalised.

The purpose of the research using positivism is to test theories and hypotheses

(Saunders et al., 2015).

3.1.2 RealismRealism philosophy unlike positivism advocates that the scientist’s

conceptualization is simply a way of knowing the reality. The researcher’s view

of the world is objective and free of human thoughts and beliefs or knowledge of

their existence (realist), but is interpreted through social conditioning. The

observable phenomenon can provide credible data and facts (Saunders et al.,

2015).

3.1.3 Pragmatism Pragmatism philosophy belief that the world view is external and multiple in

which the best is chosen to answer the research question(s). Either observable

phenomena or subjective meaning could provide credible data and facts chosen

to best enable answering of research question. Value plays a big role in data

interpretation (Saunders et al., 2015).

3.1.4 InterpretivismInterpretivism contrasts positivism in which it is believed that the world is

socially constructed and hence subjective. This Philosophy is concerned with

how social entities make sense of the world around them and focus more on the

30


details of the situation. The researcher interacts freely with the research objects

and as a result, the researcher is research bound (Bryman, 2008; Saunders et

al., 2015).

Guided by the purpose and the research questions of this study, an interpretivist

philosophy was adopted. This is because the researcher had to gather an in-

depth analysis of risk management practices in EAM. The research was value

bound as the researcher was part of the research (Crowther and Lancaster,

2012; Saunders et al., 2015). Additionally, the researcher had to seek to

understand and interpret the meanings the respondents attach to risk

management practices in EAM. The researcher considered reality of risk

management in EAM to be socially constructed, hence subjective. As such, the

success or failure of risk management depended on the perspectives of the

subjects understudy. The practices could be observed in diverse ways by

different people (Saunders et al., 2015). The researcher focused on making

sense or meanings from the data collected as opposed to positivist that focus

on facts (Gray, 2010). As far as ontology is concerned, the study is subjective

as the researcher holds that the social phenomena under study can be created

from the views and activities of those under study as opposed to objectivism in

which social entities exist independent of social actors (Saunders et al., 2015).

3.2 Research Approach There are basically two research approaches; deductive and inductive.

Deductive approach is a scientific research approach in which theories and

hypothesis (hypotheses) are first developed and then tested as opposed to an

inductive approach, in which data is first collected and theories developed

after data analysis (Fisher ,2011 ; Saunders at al., 2012).

The current study adopted an inductive approach. This approach was

appropriate for this study because the researcher was interested in

understanding the risk management practices in EAM and the context (Fisher,

2011; Saunders at al., 2012). As a result, the researcher formulated concepts

31


after analysis of the collected data (Saunders at al., 2012). In addition the

inductive approach provided some flexibility in determining the sample size,

data collection methods used and types of data collected (Crowther and

Lancaster, 2009). As noted in other studies (Leech and Onwuegbuzie, 2009;

Saunders et al., 2015) of this tradition, this study was not aimed at making

statistical generalizations but rather to obtain insights into risk management

practices in EAM and the context.

3.3 Research strategy There are several research strategies as shown on the research ‘onion’ figure

3.1. However, guided by the current research questions and objectives and the

philosophy adopted in this study, a case study strategy was found to be

appropriate.

A case study research strategy embroils a first-hand investigation of the study

phenomenon within its real life context in which multiple sources of evidence

can be used (Saunders et al., 2015).

Therefore, case study strategy in this study enabled a first-hand investigation of

risk management practices in EAM within its real life context contrasting

experiment strategy where the context is controlled (Saunders et al., 2015).

Moreover, case study strategy facilitated an in-depth analysis of the risk

management practices and offered some level of flexibility that is not possible

with other qualitative approaches such as grounded theory. The strategy

provided a chance to answer the how, why and what questions that was

necessary for the analysis of the risk management practices in EAM (Willing,

2008; Saunders et al., 2012). This is contrary to survey strategy that seeks to

answer who, what, where, how many, how much (Gray, 2010). The data

collected by the case study strategy is more wide-ranging as opposed to data

collected through other strategies such as survey (Saunders et al., 2015). Other

advantages included the possibility of collection of data from multiple sources

(triangulation) (Rowley, 2002; Saunders et al., 2012). As Whitley and Crawford

(2005) state, triangulation helps to check on validity by allowing cross-

comparison so that similarity and inconsistency can be assessed.

32


3.4 Time HorizonThis study employed cross-sectional design rather than longitudinal. This

implies that the study phenomenon (risk management) was studied at a precise

point of time that is from August 2015 to May 2016 as opposed to longitudinal

study that is carried out over a prolonged period of time (Saunders et al.,

2015).The cross-sectional design was due to time and resources constraint on

the side of the researcher. Moreover, there was no need for comparing risk

management practices over time as the study was aimed at establishing the

current practices in EAM.

3.5 Data collection techniques There exist two main sources of data that is primary data and secondary data.

Primary data is the fresh data that is collected for the purpose of the study

undertaken while secondary is that which already exists in books, reports,

organisational reports and so forth (Collins and Hussey, 2003).

There are various data collection techniques for collecting primary data such as

interviews, journals, observations and questionnaires (Zohrabi, 2013; Saunders

et al., 2015). Primary data collected in this study was qualitative in nature

because of the purpose of the study was to assess the risk management

practices in EAM. Secondary data relevant for this study was collected from

EAM documents, journals, reports and text books.

The study employed the following data collection techniques.

3.5.1. Document review Several EAM documents, reports, journals, books were reviewed as source of

secondary data. This helped to compare the collected/primary data with the

secondary data in addition to aiding triangulation of the research findings

(Kothari, 2008; Crowther and Lancaster, 2012; Saunders et al., 2015).

3.5.2 Face to face interviewsInterviews are extensively used for collecting qualitative data. This is mainly

because they help the researcher to get information directly from the

33


respondents in addition aiding the researcher to understand what and how

people perceive the world around them (Zohrabi, 2013). As Saunders et al.

(2015) suggest, interviews could be either structured, semi structured or

unstructured or in-depth interviews. Contrary to this, Zohrabi,(2013) categorise

interviews as informal conversation, interview guide approach, structured open-

ended or closed response interviews.

Owning to the interpretivist philosophy adopted and the purpose of the study in

addition to the exploratory nature of the study, a semi-structured and an in-

depth interview (interview guide approach) was found to be suitable. This

approach provided an opportunity to the researcher to enter the world of the

participants and gather in-depth information on risk management in EAM

relevant to the research questions and objectives (Pitney, 2009; Saunders et

al., 2015). The approach further gave the researcher a chance to compare and

contrast the collected data. Further, the process was organized, conversational,

flexible and enabled great amount of data to be collected (Zohrabi, 2013).

The in-depth and semi-structured interviews enabled the interviewees to

discuss freely their feelings and attitudes and provided an opportunity to gather

more information not previously considered (Lai and Lau, 2012). Other benefits

of the in-depth and semi-structured interviews included the ease to arrange

data, the flexibility in ordering and type of questions (open/probing/specific

questions) to ask the interviewees (Fisher, 2011; Saunders et al., 2015).

An interview guide was developed to aid the data collection process. The guide

had four sections as shown on Appendix II; each containing questions on risk

management aspects that were considered important in answering the research

questions. Section A covered the respondent’s profile while B, C, and D tackled

potential risks, the current risk management practices, and critical success

factors for an effective risk management in EAM respectively. The respondent

profile captured respondent’s current position, number of years they had worked

in EAM and their experience in risk management. The questions on the

34


interview guide facilitated an exploration into the key themes on risk

management practices that were deemed necessary to answer the research

questions and objectives (Broom, 2005; Bryman, 2008). Both open and closed

ended questions were used though the closed ended questions were followed

up with probes where necessary (Pitney, 2009).

The interview guide was pilot-tested in another organisation before the actual

data collection. This helped the researcher to refine the questions in addition to

familiarizing with the tool and gaining confidence (Bryman, 2009)

The one on one, face to face interviews were conducted in a convenient and

comfortable place where respondents had freedom to express themselves

without distraction. Each interview started with a brief introduction about the

research and its objectives. The respondents were assured of anonymity and

confidentiality (Saunders et al., 2015). Each interview took about thirty to forty

five minutes. A total of seven-teen respondents were interviewed face to face.

The researcher made notes as the interview was progressing. However, in a

few cases, audio recording was done concurrently with note taking in order to

provide a backup after permission to record was granted. Follow-up interviews

with some respondents was conducted to ensure what the researcher captured

was similar to what the respondents had said in order to check on validity

(Saunders et al., 2015). However, after all the scheduled interviews were

complete all the responses were put together for each question in which the

respondents’ identifies were concealed to ensure confidentiality and anonymity

of the respondents.

c.) Self- administrated Questionnaires Questionnaires can be either structured, unstructured or a mixture of both.

Despite the fact that structured questionnaires are more effectual because of

their easiness of analysis unlike the unstructured questionnaire, the researcher

chose to use unstructured self-administrated questionnaires. This was due to

the qualitative nature of the study in addition to the fact that the responses to

35


the questions in an unstructured questionnaire could truthfully reflect what the

respondent wanted to say (Zohrabi, 2013).

The researcher used questionnaires to gather data from seven respondents

who were neither available for a face to face or telephone interviews. The

questionnaires were emailed to respondents with the help of the EAM

management. The questionnaires were sent with an information sheet as shown

on Appendix III explaining the purpose of the study. The questions on the

questionnaire as shown appendix IV were carefully constructed with some

explanations provided on some questions in order to obtain adequate

responses. The respondents took about two weeks before responding and as

Saunders et al. (2015) argue, this allowed the interviewee ample time to reflect

on the questions before responding. The respondents sent the filled

questionnaires (an example shown on Appendix V) directly to the researcher.

The respondents gave the researcher freedom to call back for any clarification

to validate responses.

d. Telephone interview Although non-standardized interviews are best on face to face basis, one

respondent was interviewed on telephone (Saunders et al., 2015). This was due

to time and cost constraint on the side of the researcher owing to distance in

addition to the respondent’s unavailability. The interview took twenty two

minutes and the researcher took notes as the interview progressed.

36


Philosophy

Approach

Strategy

Time Horizon

Data collection Techniques

Figure 3.2 Summary of the research process (adapted from the Research process

onion (Saunders et al., 2015)

3.6 Determining the sample sizeThe study population was the whole population that comprised of seventy four

staff of EAM and ten members of the board of directors. Unlike in probability

sampling and Quota sampling where there are rules on how to determine the

sample size; for non-probability sampling the size depends on research

questions and objectives. Owing to the inductive approach taken and to the fact

that the concern was on the context in which risk management was happening

and in addition to Saunders et al. (2015) recommendation a small sample size

of twenty five was selected. The researcher viewed the validity and knowledge

gained from the data collected depended on the researcher’s ability and skills to

collect and analyse rather the sample size. The small sample size enabled the

researcher to select the most informative respondents across the entire

organisation.

3.7 Sampling techniqueThere exist two sampling techniques; probability sampling and non-probability

sampling. Through probability sampling, the probability of each respondent

being selected from the population is known and all have equal chance of being

37

Interpretivism

Inductive

Case study

Cross-sectional

Interviews, questionnaires, telephone interview, document

review


selected unlike the non-probability sampling, where the probability of the

respondents been selected from the population is unknown.

Owing to the research questions, research objectives and the research strategy

chosen in this study, non-probability sampling was found to be suitable. This is

because it provided an opportunity to select the desired key informant

respondents in EAM based on subjective judgment. In addition due that fact that

statistical inferences were not to be made from the sample and that the data did

not need to be collected from the entire population, non-probability sampling

was used (Saunders et al., 2015).

Purposive sampling technique enabled the researcher to seek an in-depth

analysis of risk management practices in EAM thus addressing the research

objectives and providing answers to the research questions (Bryman 2009;

Saunders et al., 2012).

A purposive sampling technique targeted the most informative respondents that

had the desired information. These were people that had worked for EAM for

more than one year. The researcher ensured a maximum variation of the

sample (heterogeneous) (Saunders et al., 2015) by selecting participants from

the board of directors (two members were selected), management (four people

seleceted), regional leadership, different departments (finance, administration,

monitoring and evaluation), projects and field staff. This included people drawn

from the three regions where EAM operates.

3.8 Data analysis and interpretationAs supported by Broom (2006) and Saunders et al. (2015) and the process of

data analysis began at the same time as the data collection process and

continued as the data collection progressed. This helped to shape the whole

data collection process while ensuring a high quality data was collected. This

sequential analysis as described by Broom (2006) accorded the researcher an

opportunity to refine questions as the data collection went on and at the same

38


time pursuing emerging issues. This helped the researcher to regroup the

already collected data into themes (Saunders et al., 2015).

After the completion of the data collection, the researcher put together all the

responses of each question from all the respondents. This was to ensure the

data was in a format that was easy to read and analyse in line with the themes

identified (Saunders et al., 2015). However, all the responses from

questionnaires were compiled separately as shown on the example on

Appendix VI. Each questionnaire or interview guide script and its respective

responses were given a unique identification to ensure confidentiality and

anonymity of the respondents’ identify as demonstrated on the list of

participants (Appendix VII). All the unstandardised data was cleaned and

summarised and grouped into themes that were linked to conceptual framework

of the study (figure 2.3) in order to seek to answer the research questions.

(Saunders et al. 2015).

Qualitative content analysis was used to analyse the collected qualitative data.

Content analysis as some (Elo and Kyngäs, 2008) indicate, could be used for

either qualitative or quantitative data; in an inductive or deductive approach. It is

a method of analysing written, verbal or graphic communication messages (Elo

and Kyngäs, 2008). Content analysis is a procedure of categorising the data for

the purpose of classification and summarisation as well as identifying concepts

and patterns (White and Marsh, 2006). As Gray (2010) state, it also involved

making interpretations about the collected data (text) in a systematic manner

while summarising similar phrases together and less relevant passages

eliminated.

In summary the content analysis involved the following steps:

(i) Compiling all the raw data

(ii) Condensing/Paraphrasing the data/text and eliminating what was

irrelevant as shown in example Appendix VIII

(iii) Grouping the data

(iv) Analysis and interpretation

39


Notably, though the study was qualitative, quantitative analysis was used to

analyse some of the respondents’ responses.

3.9 ValidityValidity focuses on establishing if the research findings are actually what they

appear to be (Saunders et al, 2015) or “the extent to which the research

describes, measures or explains what it aims to describe, measures or explain”

(Willing,2008. p.16).

In this study, the researcher ensured validity by the following:

3.9.1 A pilot testing A pilot testing of the interview guide was done in another organisation. This

helped to redefine the questions and ensure data collected was as expected

(Lancaster, 2007; Saunders et al., 2015).

3.9.2 Level of knowledge Prior to data collection, the researcher had adequate knowledge on

phenomenon under study namely risk management theories/concepts and as

well as EAM as an organisation (Gray, 2010; Saunders et al., 2015).

The organisation and the respondents were provided with the relevant

information before data collection to ensure credibility and confidence to the

respondents (Saunders, et al., 2015).

3.9.3 Triangulation As Riege, 2003 and Whitley and Crawford (2005) argue, in order to strengthen

and cross-compare the findings, multiple data collection methods were used

such interviews, questionnaires and document review.

3.9.4 Control of researcher biasTo avoid researcher’s bias as Zohrabi (2013) argue, the researcher tried to

remain as non-judgmental throughout the research process.

40


3.9.5 Respondent’s validationThe researcher was able verify some of the research findings to some

respondents in order to confirm and validate the content of what they had stated

during the interviews to ensure it was a true reflection of what they intended

(Willing, 2008; Zohrabi, 2013).

3.10 ReliabilityReliability refers to the consistency, dependency and replicability of the

research findings (Zohrabi, 2013) or the degree to which data collection

techniques or analysis processes produce consistent and reliable findings

(Saunders et al, 2015). As pointed out by Zohrabi (2013), obtaining the same

results is difficult in a narrative and subjective data unlike in quantitative data.

However the main focus of the researcher was not on having the same results

but to ensure that the data collection process, the findings and results were

consistent and dependable. As many (Riege 2003; Gary, 2010; Zohrabi, 2013)

recommend, dependability of the results was enhanced by use of multiple data

collection methods (triangulation) and comprehensive data recording in addition

to follow up interviews. In addition, variation of respondents and the time the

respondents had been in EAM was ensured as discussed section 3.7 and

Chapter 4.1.1.

3.11 Ethical considerations Research ethics could be stated as the standards of behaviour that guide

proper choices about the researcher’s behaviour and interactions others during

the researcher process (Saunders et al., 2015). In addition to adhering to the

Bolton university research ethnical guidelines the researcher observed the

following:

3.11.1 Informed consent The researcher ensured that the participants had full knowledge of the research

procedure before giving consent to participant. As Pitney (2009) and Saunders

41


et al. (2015) argue, participants were allowed to withdraw from participation

without fear of being victimized.

3.11.2 Privacy The researcher ensured confidentiality of the data collected and anonymity of

the respondents during data analysis and discussion of the results (Saunders et

al., 2015). All data collected was anonymous and stored securely in order to

protect both the respondent and the organisation. In reporting and

dissemination of the study findings the researcher ensured participants’

anonymity and confidentiality by concealing their identity (Saunders et al.,

2015).

3.11.3 Avoiding harm to respondents or the study organisation (EAM)Data collection and analysis in addition to reporting of the research finding were

handled in a manner that could not cause humiliation, embarrassment or pain to

the respondents or EAM (Saunders at al., 2015).

3.11.4 No deception As Gray (2010) and Saunders et al. (2015) state, the researcher maintained

objectivity by ensuring that the intended data was collected fully and recorded

accurately without deception.

3.12 Summary of chapter threeThis research adopted an interpretivist philosophy which as a result determined

the research approach, strategy and the data collection techniques utilized. An

inductive approach was used. A case study strategy helped to facilitate an in-

depth analysis of risk management practices in EAM. Semi-structured

interviews, un-structured questionnaires, telephone interviews and document

reviews were used to collect data on risk management practices in EAM.

Content analysis was used to analyse the data collected.

42


3.13 Conclusions Chapter three discussed in detail the research methodology undertaken in this

study. It looked at the research philosophy, approach, strategy, time horizon,

data collection techniques, sampling techniques, and data analysis and

interpretation aspects. The validity, reliability, ethical issues and research

limitations were discussed.

The next chapter looks at the research findings, analysis and discussions of the

results.

43


CHAPTER 4 DATA COLLECTION, FINDINGS AND ANALYSIS

4.0 IntroductionThe purpose of the study was to asses risk management practices in EAM with

the following objectives:

a) To identify the potential risks at Evangelical Association of Malawi

b) To establish the current risk management practices at Evangelical

Association of Malawi


at Evangelical Association of Malawi

d) To recommend a framework for suitable risk management practices at

Evangelical Association of Malawi

This chapter presents the results, analysis and discussions of the research

findings. The findings focus on the themes that emerged from the collected data

namely; potential risks identified, current risk management practices, critical

success factors for an effective risk management. The findings are in addition

collated and examined in comparison with other related studies and theories. As

recommended by many (Collins and Hussy, 2003; and Saunders et al; 2015), in

data that is qualitative in nature, text has been interspersed with verbatim

quotes from some of the respondents. This is aimed at helping readers share in

the researcher’s analysis in addition to giving the text validity and vibrancy

(Collins and Hussy, 2003).

4.1 General information4.1.1 Composition of the respondents Data was collected from twenty five key informants, seventeen of which were

interviewed on face to face basis, while seven filled questionnaires and one was

interviewed on telephone. All the respondents had worked in EAM for more than

a year with majority (twenty two respondents) having worked for more than two

years as shown on figure 4.1.

44


1 year to less than 2 years

2-5 years 6-10 years More than 10 years

0

2

4

6

8

10

12

Number of years in EAM

Number of years

Num

ber o

f res

pond

ents

Figure 4.1 Numbers of years the respondents have been in EAM

4.1.2 Experience on risk management From the responses, eighty four percent of the respondents had some working

knowledge on risk management. However, all the respondents interviewed

indicated that they were aware of some of the risks facing EAM such as

financial risks, donor dependency and staff retention risks. They were also

familiar with some risk mitigation measures currently in use in EAM mainly in

the finance management. However, three of the respondents indicated that risk

management was a new concept in Malawi among both the government and

Non-governmental organisations (NGOs) in Malawi as reflected in the following

quotes:-

“It is a new field in most of the Government and Non-Government

Organisations (NGOs). Hence critical to have expertise that involve planning

and handling of risk; get ready and plan on how to handle the risks”.

“There are very few, if any, especially Malawian NGOs that you can confidently

say have structures or systems for risk management, this is a new concept just

coming in and people are yet to grasp the concept”.

“I doubt if they are any organisations with a risk manager”.

45


4.1.3 Value of risk management in EAMThe researcher also wanted to know respondents’ perception on importance of

risk management in EAM. All respondents agreed that risk management was

crucial in this era of many uncertainties with majority indicating that EAM

needed to be more prepared handling uncertainties.

The following is a summary of responses from most of the respondents on the

value of an effective risk management to EAM:-

Ensure proper systems and procedures that would enable EAM to

achieve its goals and objectives

Enable implementation and achievement EAM activities on time

Improve on EAM trustworthy by both internal and external stakeholders.

Enhance cohesion between departments

Ensure risks are managed effectively

This would enhance quality and timely reporting of EAM activities

Lead to greater confidence and motivation among staff

Improve financial prudence and minimise financial losses

Improve on effectiveness and efficiency

Two other respondents added other views as evidenced by the following quotes

on value of risk management:- “It would help reduce the some of the challenges

EAM faces, address some challenges on time, be able to foresee and plan in

goodtime, promote team work, promote efficient and effective operation in

EAM”.

“Effective risk management would help EAM to be more organised in dealing

with issues in project implementation”

However, forty percent of the respondents felt that risk management had added

value to EAM to greater extent as captured in the following quotes:

‘‘Risk management has enabled EAM to effectively use the its resources and

reassure the stakeholders on how the resources are prudently used”.

“Foreign donors have confidence in EAM leading continued funding as the

minimum standards are met”.

46


“It has led to projects registering a lot of successes/achievements and desired

impacts to communities thereby helping the projects achieving their goals and

objectives”.

“It has resulted into attracting donor confidence especially in financial risk

management”.

“It has helped the organisation identify the gaps it has and find possible

solutions to the problems identified”

“It instils the spirit of preparedness for uncertainties”.

4.2. Potential risks in EAMWhen asked of the potential risks encountered in EAM and the measures that

had been taken to address them, most respondents indicated several risks that

have been grouped and shown on table 4.1.

Table 4.1 Risks faced in EAM

Risk Sources of risk Measures taken1. Inadequate

fundingMost of the funding for EAM is donor dependent and some cases donor driven projects, some of the donor funds are tied to projects that may not align with EAM’s core values ; Other costs for example administration may not be factored in some projects; fatigue of donors

Diversified donor support. In addition, there are mechanisms

to generate resources through establishing a teachers’ college, in the process of starting a microfinance facility, forming a commercial marketing agency for agricultural produce.

Introduction of strict budget controls such as operating within approved budget and abiding by donor requirement

Cost sharing introduced in some activities that are not fully funded

2. Staff turnover/ low competence

EAM is has a challenge of attracting and retaining qualified and competent staff force because of inability to provide competitive salaries. Consequently, EAM is faced with a challenge to attracting the requisite skills

Capacity building of staff Supporting further staff training

3. Sustainability of projects

Fixed funding period and in sometimes

Provided a platform for beneficiaries to participate and

47


Risk Sources of risk Measures takenprojects that are not fully aligned with EAM’s strategic priorities, staff attached to projects have to be laid off

own the projects Capacity building of beneficiaries,

close supervision, Revision of EAM’s constitution to

raise member contributions4. Financial

risksFrauds by EAM staff or the banks, poor financial record keeping, debts; Limited funds on administrative activities

Close supervision; Instituted internal audit, annual

external audit, employed an internal auditor

Have put in place prudent financial management and accounting systems;

Verification of records with their service providers; project officer are accountable for the funds under their projects

Close weekly monitoring of the banks statements and accounts

Instituted a computerized disbursement forms ;

Ensuring only finance officers handle money

Appropriate policies and guidelines in place

Disciplinary measures taken against implicated staff

Peg administrative activities on the respective projects

5 Economic instability at global and national level

High inflation rates; unstable foreign exchange rates ; high cost of products and services; Inability to retain qualified staff

Have no much control but where possible maintain EAM funds in foreign currency

6 Loss of organisational data and information coupled with poor intra-communication

Inadequate ICT skills, high cost of acquiring and installing ICT equipment. Limited sharing of information across the organisation

Daily backup of EAM information by use of an external hard drive

Developed EAM web site (www.evangelical association of Malawi)

Setting up a common saver

7 Political interference

Interference from political leaders, one respondent said: sometimes the government seeks to know the stand of the church through EAM especially on sensitive issues and if EAM

Strict adherence to the code of conduct ;

Proper orientation for all EAM personal, board members, stakeholders ; Ensure they remain objective; nonpartisan;

Sensitisation of political leaders on EAM activities

Good relationship with

48


Risk Sources of risk Measures takenspeaks in the favour of the Government the opposition may think EAM is on the Government side and the vice-versa ;Some political leaders not clear of EAM programs

Government ministries and stakeholders

8. Natural and environmental risks

Climate change, floods; prevailing hunger

Focus more on Irrigation projects Assessment of project impact on

the environment before commencement

9 Social Cultural risks

Some community cultural values, beliefs and practices affect EAM work including conflicts with other faiths, power structure between the beneficiaries/community members

“Ensure proper community entry by understanding and respecting the values and beliefs of the community”;

Incorporated communities of other faiths in EAM project activities

10 Governance risks

Formulation of inappropriate policies. Possible conflicts between the different EAM FBO members ; some gaps in some polices

Orientation of board members on governance for all

Close collaboration between the management and the board members

11 Legal/regulatory risks

Failure to meet Malawi Government’s legal requirements

Ensured adherence to the Government regulations

However others respondents mentioned other risks.

One respondent brought out the issue of competition risk among the owners

EAM and EAM secretariat as evidenced by the following quote:

…’’EAM is umbrella body and EAM secretariat does not own EAM but EAM is

owned by members (churches) who also have programs that tap their

resources from the same EAM donors such as Christian Aid, National Aid

Council hence creating competition. In addition the respondent said that ``some

members look to EAM secretariat for technical capacity building and moral

support hence some members wished that EAM was not implementing

programs”.

49


Two other respondents brought the ‘faith’ issue in EAM as a risk as noted from

the following quotes:

“The faith issue is also a risk because even though EAM is Faith Based

Organisation not all staff really holds to the faith hence that is still a risk to the

organisation”.

“Some people do not hold to the value of EAM and as a result, it impacts on its

reputation”.

Another respondent stated that limited mainstreaming gender in EAM was

also a risk by stating the following:

..“ Mainstreaming gender in EAM is a risk especially when trying to bring in

women in the top leadership as there are few qualified women in Malawi even

as noted in the 2012 Malawi National Household survey”. “This sometimes has

resulted to a compromise on competency”.

Operational risks also featured from three respondents as other risks faced in

EAM as supported by the following quotes:

“Unclear job descriptions results in a situation where officers do more than what

is expected”

“Most projects are managed at the secretariat and the regional offices are at the

receiving end. The risk in all this is that program delivery is affected hence

affecting quality of the end product”.

“in some aspects the organizational structure does not have a clear defined

boundary between the roles of the secretariat and that of its main organ”.

4.3 Findings on risk management practices in EAMThe findings on risk management practices in EAM have been summarised into

six themes:-

4.3.1 Risk management approach Only sixteen percent of respondents that indicated risks were proactively

managed in EAM. However, majority of respondents indicated that risks were in

50


most cases reactively managed except for financial risks. This is supported by

the following different respondent’s quotes:

“Risks are generally managed reactively”

“Risks are managed through both approaches but more generally reactively”.

“For EAM as an entity, only the finance department is proactive”.

“Risks are managed reactively; only disaster management that is proactive as

they have been trained in disaster management but only active during

emergencies like the floods”.

“Reactive as we addresses issues as they arise however on finance the

systems are well organised”.

“Risk approach is reactively because everything is done based on the situation

that has come out”.

“In EAM risks are managed both proactively and reactively. Proactively, risk-

based audits are done to ensure activity implementers are aware of the

common areas which attract audit quarries so that they avoid them. Secondly,

other risks that emerge during the implementation of activities are managed

reactively through adherence to standard operating procedures during

approvals and conducting post-activity audits”

However, one respondent attributed the reactive approach to risk management

to the absence of a structured risk management process in EAM. Others

attributed it to limited funding in addition to it being a top management matter as

stated in the following quote by one respondent “risk management is a decision

makers’ issue”.

4.3.2 Risk management processEighty four percent of the respondents felt that risks were not managed in a

structured manner as supported by some of the following respondents’ quotes:

“There is no known procedure”.

“No structured process but risks are tackled as they arise”.

“No official guidance on risk management”

51


“After risks are identified normally either management or concerned staff and

their line manager convene meeting to strategize on how to mitigate the risk

identified”.

4.3.2 How risks are identified in EAMAll the respondents indicated that most of the risks facing EAM are identified

during review meeting that are held mainly on quarterly basis with project team

and other stakeholders. Other occasions are during project development,

routine staff and management meetings, internal or external audits, and district

fora as well as from EAM reports. However, some respondents indicated that

some of these meetings or fora are not necessarily organised for risk

identification but for other normal routine operation issues. One respondent

indicated that sometimes risks are just identified to satisfy some donor

requirement as quoted below:-

“Sometimes we capture the risks as we develop the proposals just to meet the

donor requirement but now it’s the high time we looked into this issue”.

4.3.3 How risk management is integrated in all EAM activitiesAll the respondents indicated that each project or department tries to identify

and mitigate their specific risks. Though independently, each tries to integrate

risk management in their projects implementation. However, the researcher

found no evidence that there is an organisation-wide approach to risk

management in EAM apart from mainly the financial risk management aspects

that are shared across the organisation.

One respondent indicated that though risk management is new a concept, it

needs to be fully integrated as evidenced by the following quote:

“It a new area where we are looking at risk management as something that has

to be integrated into all programs and management systems”

52


4.3.4 Measures in place to reduce risks in EAMAll the respondents indicated that there are some measures that have been put

in place to mitigate most of risks as shown on table 4.1. However, majority

indicated that more measures focused on financial risk management than with

the other areas in EAM as evidenced by this quote: - “the management of risks

in the finance department is excellent”.

Two respondents attributed the focus to financial risk management to meeting

donor requirement as can be observed from the following quotes:

“Donors look for organisational reputation and financial capacity”.

“Donors assess EAM on annual basis and checks on all policies, risks and

quality”

Two other respondents indicated that mitigation measures against natural

disasters like floods have been put in place such as capacity building both for

staff and community members on preparedness, response and disaster

management. This is supported by the following quotes:

“Disaster management is active though when they are emergencies’’… “Some

staffs have been trained on disaster management”

4.3.5 Risk monitoring and reporting in EAMAll the respondents indicated that quarterly or monthly review meetings, staff

meeting, and internal audits are conducted to review progress and challenges

facing EAM’s project implementation. Reports are written and shared with the

management, board of directors and respective donors either quarterly, bi-

annually or as scheduled.

However, two respondents felt that risk monitoring was the role of the senior

management as evidenced by the following quotes:

“It is mainly senior management does the monitoring”

“Risk monitoring is a planned activity done by the finance team and the

outcome is incorporated into the normal management and reporting system to

their employees for action”.

53


4.3.6 Use of international risk management standards in EAMMajority of the respondents were not aware of the international risk

management standards and guidelines. Nonetheless, twenty four percent of the

respondents indicated that the finance department sometimes makes reference

to International Standards of Organisations (ISO), EAM and other international

financial management guidelines as they address and report on financial risks.

4.3.7 Effectiveness of risk management in EAMOnly thirty two percent of respondents indicated that generally risks were

effectively managed in EAM of which a few respondents said this could be

evidenced by the continued donor funding. However, there were contrary views

as evidenced by the following quotes:-

“Risks are not effectively managed because risk management practices only

focus on financial issues but risks that directly affect employees are not taken

seriously.

“Some identified risks are not addressed”

“Some areas need some improvement”.

“Risk assessment is done but not adequately hence risk thresholds are neither

clear nor known”

All the respondents indicated that risks related to financial aspects in EAM were

effectively handled and appropriate measures and policies were in place to

mitigate them as evidenced by the following quote from one respondent: “Risk

management at EAM is biased towards finance”. Nonetheless, one respondent

indicated that more could be done to address operational, human and natural

disasters risks more effectively.

4.4 Findings on CFSs for risk management in EAMTo determine the critical success factors for effective risk management in EAM,

the respondents were asked to state what needed to be done to make risk

management effective in EAM. The following is a summary of the responses

obtained from most of the respondents:

Development of a risk management policy

54


An appointment of a risk manager/desk officer to spearhead risk process

Capacity building of on risk management for all staff

More support from top leadership and the board in terms of resource

allocation and implementation of plans

Inculcate a strong risk management culture in EAM among staff,

management, board members and partners

An improvement on information technology and communication capacity

Addressing the human resources issues such health and safety,

remuneration and motivation.

Make use and comply with risk international standards

Enhance organisational reputational through publishing and strong

public relations

Strengthen governance and management capacity in policy and strategy

formulation

Broaden the funding resource base

Two respondents indicated that there was need to extend risk management

aspects to the EAM members as evidenced by the following quotes:-

“There is need to guide individual member churches on risk management as

well as train and prepare EAM staff on how to be accountable to the people we

serve in addition to being able to detect and identify the issues or expectations

of the beneficiaries ’’

“We need to build capacity on the churches”

To stress the need for a risk manager, one respondent said that “There is need

to hire an officer who has expertise in risk management to look after all risks

affecting the organisation”.

Having provided the research findings the following section provides a

discussion of the results.

55


4.5 Discussion of the research findingsThis section analyses and discusses the research findings with the aim of

answering the research questions and fulfilling the objectives of the study in

EAM. The discussions are around the themes that emerged from the data

collected namely, value of risk management, potential risks at EAM, risk

management practices and critical success factors.

4. 5.1 Value of risk managementAs shown from the results (section 4.1.3), all the respondents were aware of the

importance and value that an effective risk management has added or could

add to EAM as an entity. However as noted the level of risk awareness and

capacity to mitigate the identified risks is still inadequate and needs

enhancement as indicated by many respondents. Results show that EAM could

increase the organisational value by ensuring effective risk management. This

is evidenced by some who indicated that risk management would improve on

EAM trustworthy by both internal and external stakeholders. However, as noted

by Kubitscheck (2000), risk management could only be more valuable if

undertaken in a proactive approach.

4.5.2 Potential risks in EAMAs discussed in literature review in Chapter 2 of this study, it is evident that

organisations are faced with many risks. From the results, it is clear that

inadequate funding, human resource especially staff retention , sustainability of

projects, financial risks, economic instability, unfavourable environmental

factors, inadequate skills and knowledge, political interference, social -cultural

risks are all intrinsic in the day to day activities of EAM as shown on table 4.1.

Among all the identified risks by most respondents, inadequate funding tied to

donor dependence was cited by fifty six percent of respondents as the most

significant risk in EAM. This can be attributed to the fact that over ninety percent

of EAM’s activities are donor funded. This is a big risk factor that warrants

appropriate mitigation measures to be in place above what EAM management

has tried to institute as indicated on the results table 4.1. Otherwise, as two

56


respondents indicated, with the growing donor fatigue, dwindling external aid

globally and withdrawal of some donors in Malawi, EAM may not be able to

realize her objectives. This could be supported by an example given by one of

the respondent on what happened at one time when EAM had only one donor.

At that particular time, the donor froze their funding for seven months due to

misinformation by one of the EAM staff and the EAM secretariat had difficult

time sustaining staff and its operations. These circumstances forced EAM to

broaden its donor base.

It is evident donor dependency remains a significant risk as one respondent

quoted: “due to the recent corruption cases in the country in addition to

misappropriation of funds by other sister organisations, reliance on donors

funding remains unpredictable for EAM”.

The second most significant risk in EAM relates to human resources as

indicated by forty eight percent of the respondents. This is no surprise because

human resource is a source of risks in many organisations (TĂTĂRUŞANU,

2009). The issues of concern in EAM are related to the ability to attract and

retain staff with the requisite qualification in terms of skills and knowledge. As

argued by Collins (2011), to move an organisation from good to great

organisation requires having the right people first before a strategy. As Knowles

(2011) posit, for EAM to be an outstanding organisation, there is need to

identify, train and sustain staffs’ capabilities and knowledge. However, EAM’s

ability to attract and retain the right people is currently challenged by the current

level of funding that limits EAM from offering competitive salaries. As observed

(Table 4.1), EAM has already taken some measures to mitigate the human

resources risks such as staff training. However, as Schmidt et al. (2011) argue,

there is need for EAM to plan ahead of the current demand of personnel

because the competition for competent staff is greatly increasing. The

unfortunate aspect as mentioned by one respondent is that “EAM offers good

platform for capacity building and good exposure for its staff after which the

staff became more marketable hence retention becomes a challenge”. Aspects

of motivation, health and safety and security of staff that did not feature much

57


should also be included in the human resources risks and mitigated

appropriately.

Sustainability of projects after the end of funding was identified as the third most

significant risk in EAM. This is not different from study by Wabwoba and

Wakhungu (2013) that established sustainability as major challenge facing food

security projects studied. If this risk is not properly managed by EAM, the

objective of transforming social and economic lives of the target population may

not be realised in the long-term. Notably, one respondent indicated that the

aspect of sustainability of projects is sometimes overlooked in the project

strategy. Hence more needs to be done especially in the areas of strengthening

community ownership and capacity to manage these projects from the onset.

The economic instability owing to global as well as national economic instability

in Malawi was the fourth most significant risk in EAM. Most of EAM projects are

funded in Kwacha and as a result, when the Kwacha depreciates, as it has

been in the recent past, a number of these activities may not be completed as

planned. This would significantly impact on the reputation of EAM among peers,

target beneficiaries and donor community because donor funded projects have

agreed targets.

Although the EAM management felt that they had put in place adequate

measures, to mitigate financial risks, it still remains a major risk. This is because

finance related risks still remains a major threat in many organisations as one

respondent quoted “we have to ensure mitigation measures are in place

because there will always be some financial losses”.

There are other risks that were identified in this study as discussed in section

4.2. These should form part of an integrated ERM framework in EAM.

4.5.4 Risk management practices As earlier discussed in Chapter 2.2 of this study, risk management practices are

all the activities that involves identifying, analysing, risk treatment, monitoring

58


and controlling risks with an aim of reducing the negative impact and enhancing

the opportunities. On the contrary, risks are not handled in a systematic way in

EAM as observed from the results.

The current EAM risk management practices have some elements of a

traditional risk management that that puts more emphases on financial risks as

opposed to all business risks. This is evidenced by the strong internal audit

function. Furthermore, each department or project deals with their risks

independently. Consequently, internal auditing may need to be strengthened

and extended to manage all risks in EAM. The independent risk management

approach in EAM could create ineffectiveness due to of lack of coordination

between projects or departments (Hoyt and Liebenberg, 2011), in addition to

creation of communication barriers as indicated by some respondents.

An integrated risk management approach in EAM as established in Hoyt and

Liebenberg (2011) study may be helpful by ensuring integration of decision

making process across all EAM projects. This helps in maximisation of resource

utilisation and reduction in duplication of efforts. A systematic risk process could

ensure all EAM risks are properly managed.

The fact that EAM has no risk manager with expertise to spearhead an

organisational wide risk management may be a challenge for EAM to coordinate

and manage all the risks effectively. Notably, most respondents felt the internal

audit played the role of a risk manager. This is no different from other studies

(Castanheira et al., 2010) where audit played the role of risk manager. In a

different study by Driscoll (2014), it established that finance officers were taking

the responsibility of ERM in their organisations. However, as observed by

Abdullatif and Kawuq (2015) the role of an internal auditor in risk management

is limited only to compliance on financial matters while overlooking other risks.

As argued by Elahi (2013) this compliance driven risk management in EAM

cannot effectively manage all the risks.

59


From the results, risks are identified either during proposal development stage,

quarterly review meeting and internal audits or in district fora. There is therefore

no clarity on how risks are analysed and prioritized. In addition, there is no risk

register that should be showing the risk owner, actions taken to address the risk

and the status of the risk in the project cycle or emerging risks. As some

respondents indicated risks are basically captured as assumptions, challenges

or gaps. In addition each project separately reports on what challenges were

encountered and how they were addressed.

Moreover many respondents acknowledged that in today’s world, risk

management has become an important business process as a result of many

emerging issues and the volatile working conditions and unstable environments.

As a result, many respondents felt the need for a more proactive integrated risk

management approach as opposed a reactive approach. This agrees with

Botkin and Felton (2009) study that revealed the need for paradigm shift on how

risk management was handled in the troublesome times requiring organisations

have to move from traditional risk management to a more integrated risk

management system.

Integrated risk management practices in EAM would improve on decision

making process, organisation stability and problem solving. This is evidenced

by a study by Oehmen et al. (2014) that found a direct association between risk

management practices with decision making, program stability and problem

solving.

4.5.5 Critical success factors for risk management This section discusses the aspects that the respondents indicated were

necessary for effective risk management in EAM:-

4.5.5.1 Development of a risk management policy and strategy The respondents identified establishment of a risk management policy and

strategy as vital for EAM. This agrees with study by Pana and Simionescu

(2011) that identified the rational for establishment of risk department and a risk

60


strategy in organisation that endeavours to achieve. A well-structured policy

drives the risk agenda by providing guidelines that spells out what is expected

from different players, roles and responsibilities as far as risk management is

concerned. This agree with Yaraghi et al. (2011) study that found risk strategy

as key influential factor for risk management systems as it helps to shape

organisational culture, structure and resource allocation.

Prior studies have shown the importance of a risk policy. For example,

Majdalawieh and Gammack (2005) and Hung (2012) have a similar opinion that

an organisational risk policy demonstrates board’s commitment to risk

management and provides guidelines and authority to the risk manager. Addo

and Twun (2013) study revealed that sound risk management polices impacted

on the sustainability of micro financial institutions and facilitated their

complementary role in economic development. This is supported by Dionne

(2013) study that revealed that the failure of top management to support

independent risk management polices contributed to losses during the 2008

financial crises.

4.5.5.2 Staff training Respondents felt that staff training in various organisational aspects and project

management as well as on risk management was crucial. This is due to many

emerging issues challenging their delivery of their services hence the need to

be kept abreast with current skills and knowledge. As argued by Carey (2001),

for an organisation to effectively respond to changing conditions, staff capacity

building on risk management and involvement in early warning system is

paramount.

Some respondents indicated that training and orientation was critical for the

new employees. This is confirmed by Paula and Montana (2013) study that

established that precise policy awareness training at every organisation’s new

hire orientation program was one of the contributing factors to ensuring a

sustainable policy management for an effective risk management.

61


As argued by HM Treasury (2009), for staff to effectively handle risks, they need

to receive appropriate direction and training on the typical risks that their

organisation faces in relation to their work and the action to take in managing

those risks. In addition staff performance reviews should include assessment of

relevant risk management skills and identification of the gaps.

4.5.5.3 Risk management culture Most respondent indicated that there was no strong risk management culture

within EAM hence the need for embedding risk culture in EAM at all levels. As

noted from Malik and Holt (2013) study people’s awareness of risk and

organisational risk culture are contributing factors to ERM adoption.

A mature risk culture provides an environment where staff feels capable of

raising risk related issues and have confidence that their issues will be heard

and acted upon (HM treasury, 2009). Establishing a risk culture permits a

focused strategic planning by the management that promotes greater business

opportunities and potential improvement (Lai and Lau, 2012).

Hillson and Murray-Webster (2004) view an appropriate and mature risk culture

as a crucial CSF for an effective RM that is mostly lacking in many firms. As

argued by Dornberger et al. (2014), a risk-aware culture is indispensible as it

ensures that the risk process is institutionalised in the organisation. McConnell

(2012) study established that risk management culture was a pre-requisite for

improvement of RM after the 2008 global financial crisis while Driscoll (2014)

study established that risk-intelligent culture keeps decision-makers engaged in

the process. The importance of a risk management culture is supported by

Kimbrough and Componation (2009) study that found a strong correlation

between importance of risk culture and staff performance on risk management.

4.5.5.4 Appointment of a risk manager Respondents indicated that there was need for a person designated to

coordinate risk management activities in EAM. This agrees with study by Arya

(2012) that established the role of chief risk officer as critical in risk

62


management in any enterprise. Owing to the many projects undertaken by

EAM, a qualified risk manager with good facilitation skills is vital for an effective

risk management. A study by Daud et al., (2013) within Public Listed

Companies (PLCs) found that, a qualified Chief Risk officer (CRO) had stout

influence on the level of risk management adoption. Other studies Daud et al.

(2010) and Waweru and Kisaka (2013) established a significant relationship

between the presence of CRO and the level of risk management

implementation. It is important to note that the CRO can bear different titles

such as risk coordinator, risk manager, risk champion, or risk process facilitator

(Hillson, 2013). Dionne (2013) recommends the CRO to have decision making

powers as opposed to passive risk assessment and analysis.

4.5.5.5 Top leadership support and involvementIt was clear from majority of the respondents that organisational risk

management was top leadership function. This concur with HM Treasury (2009)

guideline that states that senior leaders of an organisation are supposed to

reinforce and sustain risk proficiency, while ensuring organisational resilience

and obligation to excellence.

As evidenced from the results, the top leadership has not provided all the

necessary support to risk management in EAM. As both Hillson (2012) and

Wieczorek-Kosmala (2014) argue, the commitment of top leadership in risk

management can be demonstrated by use of risk information in decision

making, appointment of a risk manager and allocation of resources.

Respondents felt that adequate resources were required to ensure an effective

risk management in EAM notwithstanding the budgetary constraints in EAM.

This view is supported by Zhao et al. (2014) study that found insufficient

resources as a significant limitation to ERM implementation in many

organisations.

Hung (2012) posits that effective risk management should begin from the top.

Campbell (2015) study established that leadership and governance were critical

success factors for risk management. This agrees with Rahman et al., (2013)

63


study that found high participation of boards in risk management considerably

increased the risk management process, leading to advanced risk management

practices in Islamic banks. As suggested by Dionne (2013), the use of risk

management information by the top leadership is crucial as they venture into

new investment opportunities.

4.5.5.6 Information Technology (IT)Adequate use of information technology was found to be a significant factor for

effective risk management in EAM. The organisation has developed as website

that enables publication of its operation and achievements. This website as

Njegomir and Ciric, (2011) argue, could also improve organisational reputation.

However, other respondent felt an intra-communication network could also

significantly support risk management by connecting all levels of management.

Respondents indicated that improved communication could enhance service

delivery. This is evidenced by Melville et al. (2004) study, which established IT

as a crucial factor to improving organisational performance. As noted by

Patterson, (2015) information technology could help EAM to perfectly link,

communicate and process organisation’s transactions with all their stakeholders

easily. This would enhance timely risk information which is critical for an

effective ERM program.

As observed from COSO ERM (COSO, 2004), risk framework information and

communication are vital framework aspects that also serve as feedback tools.

Patterson, (2015) argue that the use information technology enhances risk

management effectiveness though lacks in many organisations.

It is important for an organisation to maintain an inventory of all the

organisation’s risks either in simple well managed spread sheets, tables or

other sophisticated ERM software. A tool like a risk register could help to

capture, categorize, organize, track, and prioritize the organisation’s inventory

of risks (Hillson, 2012).

64


4.6 Summary of Chapter fourThe current study has established that most respondents are aware of the

important of risk management. From the study, it has also emerged that risk

management is still a new concept in Malawi. There is evidence that risk

management practices in EAM have to greater extend resulted into donor

confidence and reduction of financial losses. Moreover, a more effective risk

management in EAM has the potential to ensure all the potential risks are

effectively managed thus enabling EAM to achieve its goals and objectives.

EAM is faced with varied potential risks that include inadequate funding,

financial risks, human resource related, political interferences, and social

cultural issues among others. Several measures have been put in place to

mitigate a number of risks in EAM. Most of the risks in EAM are reactively

managed as opposed being proactive. There is neither a risk policy nor strategy

to guide in risk management in EAM.

The lack of adequate resources to support in risk management was also

evident. Most risks are captured and identified during proposal development,

review meeting, internal auditing routine staff meeting as well as from EAM

reports as opposed to a formal process of risk identification. There is no

organisation-wide approach to risk management in EAM except for the financial

risk management aspects. However each department or project tries to manage

their respective risks independently.

Most of the international risk management guides are new to most of the people

in EAM. Forty percent of the respondents indicated that more needs to be done

to address operational, human and natural disasters risks more effectively.

Several critical success factors have been found to be crucial for an effective

risk management practices in EAM. This include development of a risk

management policy, appointment of a risk manager, capacity building,

management support, adequate resource allocation as well as inculcating risk

management culture among others.

65


4.7 Conclusions Chapter four has presented in detail the research findings and an analysis and

discussions of the study results. The discussions focused on the themes that

emerged from the collected data namely; value of risk management, potential

risks, current risk management practices and the critical success factors for an

effective risk management in EAM.

The following chapter presents the conclusion of the study highlighting the

findings of the study in relation to the purpose and objectives of the study. In

addition, recommendations and limitations of the study and possible areas of

further research have been suggested.

66


CHAPTER 5 CONCLUSIONS AND RECOMMENDATIONS5.0 Introduction The purpose of the study was to assess the risk management practices at EAM

with the following objectives.

a) To identify the potential risks at Evangelical Association of Malawi

b) To establish the current risk management practices at Evangelical

Association of Malawi


at Evangelical Association of Malawi

d) To recommend a framework for suitable risk management practices at


This chapter presents the final conclusion of the study by answering the

research questions, providing recommendations, areas of further research and

limitations of the study.

5. 1 Conclusion Risk management is a business aspect that has been recognized as a crucial

contributor to the success or failure of any organisation (Hillson, 2012). As a

result, risk management practices must be embedded in every organisation’s

strategy to meet its culture and risk profile. In addition, risk management must

be integrated into all organisational decision making process in wider

organisational approach for added advantage.

However, for risks to be well managed there must be a clear understanding of

what risk is in addition to differentiating between risk and uncertainty. Since

uncertainties or risks are inherent in every organisation, a proactive integrated

approach to risk management is paramount. It is essential for organisations to

move from traditional risk management approaches into more formalised risk

management process.

67


An integrated risk management approach ensures all potential risks are

identified, assessed and prioritised, treated appropriately, monitored, controlled

and the process reviewed and continually improved. All these practices are

intended not just to eliminate risks but to successful manage risks in order for

the organisation to achieve its goal. Several international frameworks have

been developed to help organisations evaluate, develop and improve their

organisational enterprise risk management capacity (Malik and Holt, 2013). In

addition a model for assessing and improving risk management practices has

been developed (Hillson, 1997; Hopkinson, 2011).

For a successful risk management, the right policies, resources, organisational

risk culture, management support and infrastructure must be in place (Hillson,

2012). Literature review in this study still established that risk management

concept is still understudied especially in developing countries (Khattab, 2015)

in addition to FBOs. Earlier studies have been biased to towards financial

matters (Nar, 2014; Akotey and Abor, 2013; Nikita, 2014; Singh, 2012).

Without an earlier research into risk management practices in the EAM, this

study was vital in order to assess the risk management practices in EAM. It

further contributes to the body knowledge on risk management and in addition

to providing room for further research in this field.

A case study strategy was used to assess the risk management practices in

EAM in which several data collection methods were used to collect qualitative

data. The study established that most respondents are aware of the important

of risk management in EAM. Risk management practices in EAM have added to

donor confidence and reduction of financial losses. However a more effective

risk management in EAM has the potential to ensure all the potential risks are

effectively managed thus enabling EAM to achieve its goals and objectives.

From the study, EAM is faced with various potential risks that include

inadequate funding, sustainability of projects, financial risks, inadequate skills

and knowledge, political interferences, social cultural issues among others.

68


Several measures have been put in place to address most of the risks

experienced in EAM though biased to financial and disaster management risks.

Most of the risks in EAM are reactively managed as there is neither structured

risk management nor risk policy or strategy in addition to inadequate resources.

Most risks are captured and identified during proposal development, review

meeting, internal auditing routine staff meeting as well as from EAM reports.

There is no organisation-wide approach to risk management in EAM except for

the financial risk management aspects. However each department or project

tries to manage their respective risks independently. Most of the international

risk management guidelines are new to most of the people in EAM.

Several critical success factors have been found to be crucial for an effective

risk management practices in EAM that include development of a risk

management policy, an appointment of a risk manager, capacity building,

management support, adequate resources and risk management culture among

others.

Risk management practices in EAM needs to be improved hence the following

section provides recommendations for consideration by the management.

5.2 Recommendations As observed, EAM is an organisation with a wide coverage, many stakeholders

and projects. It is therefore faced with an array of risks that requires an effective

risk management approach. Consequently, in the light of the findings of this

study, the following recommendations have been given with the aim of

improving risk management in EAM:-

5.2.1. Adoption of an enterprise-wide approach to risk managementBased on the study findings, EAM should adopt an enterprise-wide approach to

risk management that enables an holistic approach to risk management. The

ISO and COSO risk management frame work would be of great help. EAM

should endeavour to inculcate a more proactive, consistent and greater

responsiveness risk management approach. The holistic approach should seek

69


not only to avoid the risks but seize the opportunities to advance the

organisations objectives.

5.2.2 Develop a structured risk management processEAM will need a more structured risk management process that guarantees an

effective understanding of the context in which EAM operates, proper risk

identification, analysis, prioritisation, monitoring and control of all risks. There

should be a continuous improvement of the process. For the success of the

process, appropriate tools and techniques should be used in addition building

the capacity of the staff and all EAM members (Churches and FBOs) on risk

management.

5.2.3 Creating long-term linkages for sustainable fundingDonor dependency was identified as one of the top risks in EAM. Being a FBO,

EAM could explore long-term linkages with other likeminded FBOs in the North

(America and Europe) for sustained and flexible funding in an effort to diversify

its funding base. EAM need to strengthen fundraising capacity among the

management and the board members by including this as their key performance

deliverables.

5.2.4 Establish and sustain a risk management culture EAM top leadership and the board should ensure a risk management culture is

developed and sustained across the entire organisation and with their partners.

This culture could be sustained by development of a system that recognises

and rewards risk takers among staff and partners. The use of risk information in

strategy formulation, proposal development and in decision making process is

recommended as a demonstration of EAM’s commitment to risk management.

5.2.5 Establishment of the appropriate risk management infrastructureThe lack of risk strategy, policy and a point person was pointed out as major

gap in EAM. Consequently, EAM should establish a risk strategy, policy and

appoint a risk manager. Additionally, the internal audit function should be

70


strengthened and extended in order to manage other risks. Regular staff

training on risk management is highly recommended for both new and old staff

to ensure all staffs have a common knowledge and language for risk.

Furthermore, staff should be exposed and trained on the appropriate tools and

techniques for the risk process. EAM could make use of risk maturity model to

improve and assess their risk management practices or benchmark with other

organisations.

Like in any other study, there were a number of limitations that faced this study

as discussed the section that follows.

5.3 Limitations of this study The study was based on a single case study and a small sample size hence

difficult to generalize the results. This was due to the fact the small sample was

ideal for in-depth case studies. Another limitation was limited research

discussions on qualitative analysis in addition to limited studies on risk

management on FBOs. As Crowther and Lancaster (2012) argue qualitative

data analysis methods are not well articulated and noted by Saunders et al

(2015) hence demanding in terms of time and skills. The study was also cross-

sectional hence the responses of the respondents were as per that particular

time hence subjective.

The current study has provided room for more research on risk management

practices in FBOs. The following section provides areas for further research.

5.4 Proposed future research Further studies may be needed to refine and verify these results with other

organisations within or from other geographical locations and with a large

sample size. A study on how donors and partners of EAM could contribute

positively or negatively on risk management practices may be essential. In

addition, owing to the current environment of poor governance and culture of

impunity especially in the public sector, a study on how these impacts on risk

management practices could be done. With a number of respondents in this

71


study indicating that risk management concept in new in Malawi, there is room

for more studies in other organisations and the public sector as a way of

triangulating the findings of this study. A study on the adoption rate of risk

management practices in Malawi in general may be necessary.

72


ReferencesAIRMIC, ALARM, IRM. (2010) A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000. [Online] Available from: https://www.google.com/?gws_rd=ssl#q=airmic+alarm+irm+2010 FINAL PDF/. [Accessed 07 August 2015].

Abdullatif, M. and Kawuq, S. (2015) The role of internal auditing in risk management: evidence from banks in Jordan. Journal of Economic and Administrative Sciences, [Online] 31(1), pp. 30-50. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 03 April 2016].

Abrams, C., J, v.K., Müller, S., Pfitzmann, B. and Ruschka-Taylor, S. (2007) Optimized enterprise risk management. IBM Systems Journal, [Online] 46(2), pp. 219-234.Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 24 March 2016].

Addo, C.K. and Twum, S.B. (2013) Sustainability of microfinance institutions in developing countries through sound credit risk management: evidence from business experience, purpose of loan, loan term, and profit maximization motive. Global Journal of Finance and Banking Issues, [Online]. 7 (7), pp. 9-18. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 20 January 2016].

Akotey, J.O. and Abor, J. (2013) Risk management in the Ghanaian insurance industry. Qualitative Research in Financial Markets, [Online] 5(1), pp. 26-42. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 17 September 2015].

Arya, P.B. (2012) Integrated Risk Management Practices. International Journal of Knowledge and Research in Management and E-Commerce, [Online] 2(2), pp. 8-12. Available from: http://bolton.summon.serialssolutions.com/search?/.[Accesed 19 April 2016].

BELOBROV, A. (2014) Resilience as a critical success factor of risk management. Risk in Contemporary Economy, [Online] 1 (1), pp. 325-330. Available from: http://bolton.summon.serialssolutions.com/search?/.[Accessed 01 May 2016].

Benta, D., Podean, I.M. and Mircean, C. (2011) On Best Practices for Risk Management in Complex Projects. Informatica Economica, [Online] 15 (2), pp. 142-152. Available from: http: //search.proquest.com.ezproxy.bolton.ac.uk/ . [20 September 2015].

Bezzina, F., Grima, S. and Mamo, J. (2014) Risk management practices adopted by financial firms in Malta. Managerial Finance, [Online] 40 (6), pp. 587-612. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 22 October 2015].

73

http://search.proquest.com.ezproxy.bolton.ac.uk/docview/887898231/8ED6D405D75F41A6PQ/1?accountid=9653

http://search.proquest.com.ezproxy.bolton.ac.uk/




https://www.google.com/?gws_rd=ssl#q=airmic+alarm+irm+2010


Bharathy, G.K. and McShane, M.K. (2014) Applying a Systems Model to Enterprise Risk Management. Engineering Management Journal, [Online] 26(4), pp. 38-46. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/docview/.[Accessed 24 March 2016].

Botkin, M. and Felton, K. (2009) Troublesome times demand more effective practices. Journal of healthcare risk management: the journal of the American Society for Healthcare Risk Management, [Online] 29(2) pp. 21. Available from: http://bolton.summon.serialssolutions.com/.[Accessed 27 April 2016].

Broom, A. (2005) Using qualitative interviews in CAM research: A guide to study design, data collection and data analysis. Complementary Therapies in Medicine, [Online] 13 (1), pp. 65-73.Availabale from: http://bolton.summon.serialssolutions.com/.[Accessed 07 April 2016].

Brown, L.D. and Moore, M.H. (2001) Accountability, Strategy, and International Nongovernmental Organisations. Non-profit and Voluntary Sector Quarterly, [Online] 30(3), pp. 569-587. Availabale from: http://nvs.sagepub.com.ezproxy.bolton.ac.uk/content/30/3/569/.[Accessed 28 March 2016].

Bryman, A. (2008) Social Research Methods. 3rd ed. New York: Oxford University press.

Campbell, K.A. (2015) Can Effective Risk Management Signal Virtue-Based Leadership? Journal of Business Ethics, [Online] 129 (1), pp. 115-130. Available from: http://dx.doi.org/10.1007/s10551-014-2129-4/. [Accessed [09 August 2015].

Carey, A. (2001) Effective risk management in financial institutions: The Turnbull approach. Balance Sheet, [Online]. 9 (3), pp. 24-27. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 22 October 2015].

Carroll, R. (2016) Identifying risks in the realm of enterprise risk management. Journal of healthcare risk management: the journal of the American Society for Healthcare Risk Management, [Online] 35(3), pp. 24. Available from: http://bolton.summon.serialssolutions.com/. [Accessed 24 March 2016].

Castanheira, N., Lúcia, L.R. and Russell, C. (2010) Factors associated with the adoption of risk-based internal auditing. Managerial Auditing Journal, [Online] 25(1), pp. 79-98. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 03 April 2016].

Chileshe, N. and Kikwasi, G.J. (2014) Critical success factors for implementation of risk assessment and management practices within the Tanzanian construction industry. Engineering, Construction and Architectural

74

http://bolton.summon.serialssolutions.com/


Management, [Online] 21(3) pp. 291-319. Available from: http://search.proquest.com/docview/1519212585?accountid=9653/. [Accessed 09 August 2015].

Clarke, M. and Ware, V. (2015) Understanding faith-based organizations: How FBOs are contrasted with NGOs in international development literature. Progress in Development Studies, [Online] 15(1), pp. 37-48.Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 14 April 2016].

Collis, J. and Hussey, R. (2003) Business Research. A practical guide for undergraduate students. 2nd ed. Hampshire: Palgrave Macmillan.

Collins, J. (2011) Good to Great. Why some companies make lead...and other do. United States of America: William Collins.

COSO (2004) Committee of Sponsoring Organizations of the Treadway Commission. Enterprise Risk Management — Integrated Framework, [Online] Available from: http:// www.coso.org/documents/coso_erm_executivesummary.pdf/. [Accessed 07 August 2015].

COSO (2010) Report on ERM: Current State of Enterprise Risk Oversight and Market Perceptions of COSO’s ERM Framework. [Online] Available from: http: www.coso.org/.../COSOSurveyReportFULL-Web-R6FINALforWEBPOS.com/. [Accessed 07 August 2015].

Cretu, O., Stewart, R. B. and Berends, T (. 2011) Risk Management for Design and Construction. [Online] Hoboken: John Wiley & Sons, Inc. Available from: http://www.myilibrary.com/. [Accessed 21 October 2015].

Crowther, D. and Lancaster, G. (2012) Research Methods. 2nd ed. [online]. Routledge. Available from :http://www.myilibrary.com?ID=366075/. [Accessed 16 May 2015].

Dardac, N. and Chiriac, P. (2010) The Management of Operational Risk Specific to Non-banking Financial Institutions in the Context of Actual Financial Crisis. Theoretical and Applied Economics, [Online] 4 (4), pp. 93-100. Available from: http://www.mylibrary.com/. [Accessed 20 January 2016].

Daud, W.N.W., Yazid, A.S. and Hussin, H.M.R. (2010) The Effect Of Chief Risk Officer (CRO) On Enterprise Risk Management (ERM) Practices: Evidence From Malaysia. The International Business & Economics Research Journal, [Online] 9 (11), pp. 55-64. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 14 January 2016].

75

http://www.myilibrary.com/.%20%5BAccessed

http://www.coso.org/documents/coso_erm_executivesummary.pdf

http://search.proquest.com/docview/1519212585?accountid=9653


Dinu, A. (2014) General concepts regarding risk appetite. Knowledge Horizons Economics, [Online] 6 (2), pp. 157-159. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 13 December 2015].

Dionne, G. (2013) Risk Management: History, Definition, and Critique. Risk Management and Insurance Review, [Online] 16 (2), pp. 147-166. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/docview/17?accountid=9653#/. [Accessed 22 October 2015].

Dornberger, K., Oberlehner, S. and ZadrazilM, N. (2014) Challenges in implementing enterprise risk management. ACRN Journal of Finance and Risk Perspectives, [Online] 3(3), pp.1 – 14.Available from: ISSN 2305-7394

Driscoll, M. (2014) Enterprise risk management: seven imperatives for process excellence. Corporate Finance Review, [Online] 19(3), pp. 13-19. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/docview//12?accountid=9653/. [Accessed 13 January 2016].

Elahi, E. (2013) Risk management: the next source of competitive advantage. Foresight: the Journal of Futures Studies, Strategic Thinking and Policy, [Online] 15(2), pp. 117-131. Available from: http://search.proquest.com/docview/.?accountid=9653/. [Accessed 27 July 2015].

Elmaallam, M. and Kriouile, A. (2012) A Model of Maturity for IS Risk Management Case Study. Computer and Information Science, [Online] 5(3), pp. 97-109. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/docview/1011569433?pq-origsite=summon/.[Accessed 17 March 2016].

Emblemsvåg, J. (2010) The augmented subjective risk management process. Management Decision, [Online] 48(2), pp. 248-259. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 17 March 2016].

Elo, S. and Kyngäs, H. (2008) The qualitative content analysis process. Journal of Advanced Nursing, [Online] 62 (1), pp. 107-115. Available from: http://onlinelibrary.wiley.com.ezproxy.bolton.ac.uk/. [Accessed 03 April 2016].

Ennis, T. (2015) Risk Management: Reputation Is Key. Professional safety, [Online] 60 (1), pp. 8. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 23 March 2016].

Evangelical Association of Malawi (EAM) (2008) Brief Profile

76



Evangelical Association of Malawi (EAM) (2013) 2014- 2018 strategy EAM national strategy. Actively Engaged In Effective Transformational Ministries Positively Changing Lives in Communities in Malawi

Fadun, O.S. (2013) Risk Management and Risk Management Failure: Lessons for Business Enterprises. International Journal of Academic Research in Business and Social Sciences, [Online] 3 (2), pp. 225-239. Available from: http://bolton.summon.serialssolutions.com/search.com/.[Accessed 23 February 2016].

Fisher, C. (2011) Researching and Writing a Dissertation. An essential guide to Business students. 3rd ed. [Online] Harlow: Pearson Education Limited. Available from: http://www.myilibrary.com/.[Accessed 18 May 2015].

Gaudenzi, B., Confente, I. and Christopher, M. (2015) Managing Reputational Risk: Insights from an European Survey. Corporate Reputation Review, [Online] 18 (4), pp. 248-260. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 23 March 2016].

Gray, D. (2010) Doing Research in the Real world. 2nd ed. London: Sage

Gupta, P. K. (2011). Risk management in Indian companies: EWRM concerns and issues. The Journal of Risk Finance, [Online] 12 (2), pp. 121-139. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 10 January 2016].

Hameeda, A.H. and Al-Ajmi, J. (2012) Risk management practices of conventional and Islamic banks in Bahrain. The Journal of Risk Finance, [Online] 13 (3), pp. 215-239. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 15 February 2016].

Haron, M.S., Ramli, R., Malek Marwan Yousef Injas and Injas, R.A. (2015) Reputation Risk and Its Impact on the Islamic Banks: Case of the Murabaha. International Journal of Economics and Financial Issues, [Online] 5 (4). Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 24 January 2016].

Harvey, G.E. (2012) The process of risk management: important steps to take. Petroleum Accounting and Financial Management Journal, [Online] 31(1), pp. 77-86. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 13 January 2016].

Harvey, G. (2015) Enterprise Risk Management: an update. Petroleum Accounting and Financial Management Journal, [Online] 34(3), pp. 10-19. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 27 March 2016].

77


http://www.myilibrary.com/


Hassan, A. and Ali, T.Y. (2013) Analysis of Risk Management Practices in Business Enterprises of Pakistan. Global Management Journal for Academic & Corporate Studies, [Online] 3 (1) pp. 45-61. Available from: http://search.proquest.com/docview/. [Accessed 14 September 2015].

Hillson D.A., (1997) The international of journal of project and business risk management. [Online] 1(2), pp.34-45 Available from: http://risk-doctor.com/pdf-files/rmm-mar97.pdf /. [Accessed 16 March 2016].

Hillson D. A. and Murray-Webster R. (2004) Understanding and managing risk attitude. Proceedings of 7th Annual Risk Conference, held in London, UK, 26 November 2004. Available from: https://www.kent.ac.uk/scarr/events/finalpapers/Hillson%20+%20Murray-Webster.pdf [Accessed 29 April 2016].

Hillson, D., (2012) Managing Risk in Projects. [Online] Farnham: Ashgate Publishing. Available from: http://www.myilibrary.com/. [Accessed 12 June 2015].

HM Treasury (2009) Risk Management assessment framework: A tool for departments. [Online].Available from: https://www.gov.uk/government/publications/green-book-supplementary-guidance-risk.com/.[Accessed 03 March 2016].

Hoffstaedter, G. (2013) Religion and development: Australian Faith-Based Development Organisations. International Journal of Religion and Society, [Online] 4 (1/2), pp. 113.Available from: http://trn.sagepub.com.ezproxy.bolton.ac.uk/content/29/1/1.full.pdf+html/.[Accessed 14 April 2016].

Hopkinson, M. (2011) The Project Risk Maturity Model: Measuring and Improving Risk Management capacity. [Online] Farnham: Gower publishing limited available from: https://books.google.mw/books.com/. [Accessed 16 March 2016].

Hoyt, R.E. and Liebenberg, A.P. (2011) The value of Enterprise Risk Management. Journal of Risk and Insurance, [Online] 78 (4), pp. 795-822.Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 02 April 2016].

Hung, H. (2012) A Framework for Corporate Risk Management Development. Journal of Accounting, Finance & Management Strategy, [Online] 7(1), pp. 69-87. Available from: http://search.proquest.com/docview/. [Accessed 07 August 2015].

78

https://www.gov.uk/government/publications/green-book-supplementary-guidance-risk

https://www.gov.uk/government/publications/green-book-supplementary-guidance-risk


Hyett, N., Kenny, A. and Dickson-Swift, V. 2014, Methodology or method? A critical review of qualitative case study reports", International Journal of Qualitative Studies on Health and Well-Being, vol. 9Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 19 September 2015].

Institute Management of Accountants (IMA) (2007). Enterprise Risk Management: Tools and Techniques for Effective Implementation [online] Available from: http://www.bing.com/search?/. [Accessed 03 May 2016].

Ismail, R., Rahman, R.A. and Ahmad, N. (2013) Risk Management Disclosure in Malaysian Islamic Financial Institutions: Pre- and Post-Financial Crisis. Journal of Applied Business Research, [Online] 29 (2), pp. 419. Available from: http://lib.myilibrary.com/. [Accessed 20 January 2016].

Jalal-Karim, A. (2013) Leveraging enterprise risk management (ERM) for boosting competitive business advantages in Bahrain. World Journal of Entrepreneurship, Management and Sustainable Development, [Online] 9(1), pp. 65-75. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 24 March 2016].

Khattab, A.A. and Hood, J. (2015) The Risk Management Process in Jordanian Public Shareholding Organisations. International Journal of Business and Management, [Online] 10 (8), pp. 151.Available from: http://bolton.summon.serialssolutions.com/search?/.[Accessed 20 January 2015].

Kimbrough, R.L. and Componation, P.J. (2009) The Relationship Between Organisational Culture and Enterprise Risk Management. Engineering Management Journal, [Online] 21(2), pp. 18-26. Available from: http://search.proquest.com/docview/208984533?accountid=9653 / [Accessed 07 August 2010].

Knowles, G. (2011) Quality Management. Downloaded free e-book. [Online]Available from: http://bookboon.com/en/textbooks/management-organisation/quality-management/. [Accessed 10 February 2015].

Kothari, C.R., (2008) Research Methodology.Methods and Techniques. 2nd ed. New Delhi: New Age International publishers

Kubitscheck, V. (2000) Risk management: Finding the value within.Balance Sheet, [Online] 8 (5), pp. 38-41. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 04 May 2016].

Lai I.K.W. and Lau H. C.W. (2012) A hybrid risk management model: A case study of the textile industry. Journal of Manufacturing Technology Management, [Online] 23 (5), pp. 665-680. Available from:

79

http://bookboon.com/en/textbooks/management-organisation/quality-management

http://bookboon.com/en/textbooks/management-organisation/quality-management


http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 20 September 2015].

Lancaster, G. (2007) Research Methods in Management. A concise introduction to Research in Management and Business, [Online] Oxford: Routledge. Available from: http://www.myilibrary.com/. [Accessed 9 June 2015].

Leech, N.L. and Onwuegbuzie, A.J. (2009) A typology of mixed methods research designs. Quality and Quantity, [Online] 43(2), pp. 265-275. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 25 January 2016].

Li, C. A., and Wearing, R. T. (2012). Risk management and non-executive directors in UK quoted banks and other financial institutions. International Journal of Disclosure and Governance, [Online] 9 (3), pp. 226-237. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 20 January 2016].

Loghry, J.D. and Veach, C.B. (2009) Enterprise Risk Assessments: Holistic approach provides companywide perspective. Professional safety, [Online] 54(2), pp. 31-35. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 25 January 2016].

Malik, S.A. and Holt, B. (2013) Factors that affect the adoption of Enterprise Risk Management (ERM) OR Insight, [Online] 26(4), pp. 253.Availabale from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 27 March 2016].

Maylor, H. (2013) Project management .4th ed. [Online] Harlow: Financial times Prentice hall. Available from: http://lib.myilibrary.com/.> [Accessed 15 May 2015].

McShane, M.K., Nair, A. and Rustambekov, E. (2011) Does Enterprise Risk Management Increase Firm Value? Journal of Accounting, Auditing & Finance, [Online] 26 (4), pp. 641-658. Available from: http://bolton.summon.serialssolutions.com/search?/.[Accessed 27 March 2016].

Melville, N., Kraemer, K. and Gurbaxani, V. (2004) Review: information technology and organisational performance: an integrative model of it business value1", MIS Quarterly, [Online] 28 (2), pp. 283-322.Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 04 April 2016]

Mersland, R. (2011) The governance of non-profit micro finance institutions: lessons from history. Journal of Management and Governance [online].15 (3), pp. 327-348. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Assessed 21 September 2015].

80


Nar, M., (2014) Credit Risk Management in the Financial Markets. Journal of Applied Finance and Banking [Online] 4 (4), pp.107-125. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 21 September 2015].

Nielson, N.L., Kleffner, A.E. and Lee, R.B. (2005) The evolution of the role of risk communication in effective risk management. Risk Management and Insurance Review, [Online] 8(2), pp. 279-289. Available from: http://www.emeraldinsight.com/. [Accessed 23 January 2016].

Nikita (2014) An analysis of performance of micro finance in India. International Journal of Management Research and Reviews, [Online] 4(7), pp. 715-721. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 21 September 2015].

Oehmen, J., Olechowski, A., Kenley, R. and Ben-Daya, M. (2014) Analysis of the effect of risk management practices on the performance of new product development programs. Technovation,[Online]34(8), pp. 441-453. Available from: http://bolton.summon.serialssolutions.com/.[Accessed 27 April 2016].

Paula, D., Krecicki, J. and Montana, G. (2013) The Importance of Sustainable Policy Management in Delivering an Effective Risk Program. The RMA Journal, [Online] 96 (1), pp. 64-67, 11. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [02 April 2016].

Pana, N. and Simionescu, L. (2011) The importance of risk management process in ensuring successful implementation of projects entrusted. Land Forces Academy Review,[Online] 16 (1), pp. 108-114. http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 28 April 2016].

Patterson, T. (2015) The Use of Information Technology in Risk Management [online] Available from: http://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/asec_whitepapers/risk_technology.pdf/. [Accessed 04 March 2016].

Ping, T.A. and Muthuveloo, R. (2015) The Impact of Enterprise Risk Management on Firm Performance: Evidence from Malaysia. Asian Social Science, [Online] 11 (22), pp. 149-159. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk. [Accessed 14 January 2016].

Pitney, W. A. (2009) Qualitative Research in Physical Activity and the Health Professions. [online]. Human Kinetics. Available from :< http://www.myilibrary.com?ID=295874> [Accessed 8 December 2015].

81

http://www.myilibrary.com/?ID=295874




Project Management Institute (2013) .A Guide to the Project Management Body of Knowledge (PMBOK® Guide) 5th ed. Boulevard: Project Management Institute, Inc.

Rahman, R.A., Noor, S.B. and Ismail, T. (2013) Governance and Risk Management: Empirical Evidence from Malaysia and Egypt. International Journal of Finance & Banking Studies, [Online] 2 (3), pp. 21-33. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 20 September 2015].

Riege, A.M. (2003) Validity and reliability tests in case study research: A literature review with "hands-on" applications for each research phase. Qualitative Market Research, [Online] 6(2), pp. 75-86. Available from: <http://search.proquest.com/docview/.accountid=9653/. [Accessed 2 July 2015].

Rosenthal, H. (2008) An applied approach to enterprise risk management - key areas of concern. Journal - Australian and New Zealand Institute of Insurance and Finance, [Online] 31 (3), pp. 16-21. Available from: http://search.proquest.com/docview/ . [Accessed 14 September 2015].

Saunders, M. N.K., Lewis, P. and Thornhill, A. (2015) Research Methods for Business Student.7th ed. [Online] Pearson Education Limited. Available from: http://www.myilibrary.com/. [19 November 2015].

Schmidt, C.E., Gerbershagen, M.U., Salehin, J., Weib, M., Schmidt, K., Wolff, F. and Wappler, F. (2011) From personnel administration to human resource management: Demographic risk management in hospital. Der Anaesthesist, [Online] 60 (6), pp. 50. Available from: http://www.myilibrary.com/. [Accessed 08 April 2016].

Schroeck, G (2002) Risk Management and Value Creation in Financial Institutions. [Online] Hoboken, N.J.: Wiley. Available from: http://www.myilibrary.com/. [Accessed 18 March 2016].

Schwartz-Gârliste, M. (2013) The Operational Risk Management in Banking - Evolution of Concepts and Principles, Basel II Challenges. Revista de Management Comparat International, [Online] 14(1), pp. 165-174. Available from: http://lib.myilibrary.com /. [Accessed 10 August 2015].

Simona-Iulia, C. (2014) Comparative study between Traditional and Enterprise Risk management -A theoretical approach. Annals of the University of Oradea: Economic Science, [Online] 23(1), pp. 276-282. Available from: http://bolton.summon.serialssolutions.com/search?/.[Accessed 27 March 2016].

Singh, S.R. (2012) Micro Finance Programmes in India - An overview. Anusandhanika, [Online] 4 (2), pp. 23-30. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.. [Accessed 21 September 2015].

82

http://search.proquest.com/docview/


Smith, N. J.; Merna, T.; Jobling, P., (2009) Managing Risk. [Online]. United Kingdom: Wiley-Blackwell. Available from :http://www.myilibrary.com?ID=74838/. [Accessed 9 August 2015].

Tachankova L. (2002) Risk identification. Basis stage in risk management .Environmental management and health, [Online] 13(3), pp.209-297. Available from: http://www.emeraldinsight.com/. [Accessed 13 August 2015].

TĂTĂRUŞANU, M. (2009) Human resource management risks in Tourism. Scientific Annals of the Alexandru Ioan Cuza University of Iasi: Economic Sciences Series, [Online]2009, pp. 388-394. Available from: http://bolton.summon.serialssolutions.com/search?>[Accessed 08 April 2016].

Theil, M. and Ferguson, W.L. (2003) Risk management as a process: An international perspective. Review of Business, [Online] 24(3), pp. 30-35. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 23 February 2016].

United Nations Economic Commission for Europe (UNECE) (2012) Risk Management in Regulatory Frameworks: Towards a better management of risk, [Online].Available from: http://www.preventionweb.net/english/professional/publications/com./.[Accessed on 23 March 2015].

Wabwoba, M.S.N. and Wakhungu, J.W. (2013) Factors affecting sustainability of community food security projects in Kiambu County, Kenya. Agriculture and Food Security, [Online] 2, pp. 9 .Available from: http://bolton.summon.serialssolutions.com/.[Accessed 05 April 2016].

Waweru, N. and Kisaka, E. (2013) The Effect of Enterprise Risk Management Implementation on the Value of Companies Listed on the Nairobi Stock Exchange. Journal of Applied Finance and Banking, [Online] 3(3), pp. 81-105. Available from: http://search.proquest.com/docview/1400458013?accountid=9653/. [Accessed 07 August 2015].

Wieczorek-Kosmala, M. (2014) Risk management practices from risk maturity models perspective. Journal for East European Management Studies, [Online] 19 (2), pp. 133-159. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/docview/. [Accessed 23 April 2016].

White, M.D. and Marsh, E.E. (2006) Content Analysis: A Flexible Methodology”, Library Trends, [Online] 55 (1), pp. 22-23, 27-34, 36-45.Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 07 April 2016].

83


Whitley, R. and Crawford, M. (2005) Qualitative Research in Psychiatry. Canadian Journal of Psychiatry, [Online] 50 (2), pp. 108-14. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 20 September 2015].

WILLIG ( 2008.) Introducing Qualitative Research In Psychology [oline]. Open University Press. Available from : http://www.myilibrary.com?ID=178561/. [19 November 2015].

Woods, M. (2012) Risk Management in Organisations: An Integrated Case Study Approach. [Online] London: Routledge. Available from: http://www.myilibrary.com/. [Accessed 12 June 2015].

World Development Report (WDR) (2014) Risk and Opportunity: Managing Risk for Development [Online] Available from: http://econ.worldbank.org/WBSITE/EXTERNAL/EXTDEC/EXTRESEARCH/EXTWDRS/EXTNWDR2013/0,,contentMDK:23459971~pagePK:8261309~piPK:8258028~theSitePK:8258025,00.html /. [Accessed 20 May 2015].

Yaraghi, N., Langhe, R.G., KTH, Skolan för teknikvetenskap (SCI) and Mekanik (2011) Critical success factors for risk management systems. Journal of Risk Research, [Online] 14, (5) pp. 551-581.Available from: http://www-tandfonline-com.ezproxy.bolton.ac.uk/. [Accessed 03 April 2016].

Zerai, B. and Rani, L. (2012) Technical efficiency and its determinants of micro finance institutions in Ethiopia: A stochastic frontier approach. African Journal of Accounting, Economics, Finance and Banking Research, [Online] 8(8), pp. 1-19. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/. [Accessed 23 April 2016].

Zhao, X., Hwang, B. and Pheng Low, S. (2014) Enterprise risk management implementation in construction firms. Management Decision, [Online] 52(5), pp. 814-833. Available from: http://bolton.summon.serialssolutions.com/search?/. [Accessed 27 March 2016].

Zohrabi, M. (2013) Mixed Method Research: Instruments, Validity, Reliability and Reporting Findings", Theory and Practice in Language Studies, vol. 3, no. 2, pp. 254-262. Available from: http://search.proquest.com.ezproxy.bolton.ac.uk/.[Accessed 23 April 23 April 2016].

84


Appendices

Appendix I Attributes of Risk Maturity Model (RMM) (Adapted from Hillson, 1997)

Leve1 -Naive Level 2- Novice Level 3- Normalized

Level 4: Natural

Definition Unaware of the need for risk management; Has no structure for dealing with uncertainty;Management processes are repetitive and reactive; little or no attempt to learn from past or prepare to for future

Experimenting risk management with a small group of people,No generic structured approach in place ,Aware of potential benefits of managing risk,Ineffective implementation,Not gaining the full benefits

management of risk built in routine business processes, risk management implemented in most of all projects, generic risk processes are formalized ,

risk aware culture,proactive approach to risk management, use of risk information to improve on businessemphasis on opportunity management

Culture No risk awarenessResistant to change Tendency to continue with existing processes

Risk process may be viewed as an additional overhead with varied benefitsRisk management only used on selected projects

Accepted risk management policy, benefits recognized an expected, prepared to commit resources in order to reap gains

Top-down risk commitment to risk management; proactive risk management encouraged and rewarded

Process No formal processes

No generic formal processes although some specific formal approaches may be in use Process effectiveness heavily depends on skills of in house built team and availability of

Generic processes applied to most projects, formal processes incorporated into quality systems ,active allocation of resources to risk budget at all levels, limited need

Risk based business processesRegular refresh and updating processesConstant feedback for improvement

85


external support

for external support

Experience

No understanding of risk processes or language

Limited to individual who may have little or no formal training

In house core of expertise, formally trained in basic skills, development of specific processes and tools

All staff risk aware; use of basic skill learning from experienceRegular external training to enhance skills

Application No structured application,No resources allocation,No risk tool

Inconsistent application,Variable availability of staff,Ad hoc collection of tools and methods

Routine and consistent application to all processes, committed resources, integrated set of tools and methods

Second nature- applied to all activities Risk based reporting and decision making; tools and methods used

86


Appendix II: Interview guide for assessing risk management practices in EAM

This is a research study being conducted in partial fulfilment of the requirement for the

award of Master in Project Management at Malawi Institute of Management in

collaboration with Bolton University. My study topic is An Assessment of risk

management practices at EAM.

The study objectives are:

e) To identify the potential risks at Evangelical Association of Malawi

f) To establish the current risk management practices at Evangelical Association

of Malawi

g) To establish the critical success factors for an effective risk management at


h) To recommend a framework for suitable risk management practices at


The interview guide has four sections; each containing questions on risk management

aspects that are considered important in achieving the study objectives. Section A

covers the respondent’s profile while B, C, and D tackles the current risk management

practices, potential risks and critical success factors for an effective risk management

at EAM respectively. Please note that is study is qualitative.

Respondents are assured of confidentiality and anonymity of the information they

provide. You are further assured that any information you provide is purely for

academic purposes

87


A. Respondent’s profile

1. What is your current position/Title at EAM?..........Section/Department …………?2. How long have you worked for EAM?

3. Do you have experience on risk management?

B. Potential risks at EAM

1. What risks is EAM faced with?

2. Of those mentioned risks which are the three significant in EAM? And why?

C. Risk management practices

1. Are risks in EAM managed proactively or reactively? Please explain

2. How are risks identified at EAM and by whom?

3. Outline briefly what steps you perform when dealing with risks at EAM?

4. What is done after risks have been identified? For example are they analysed,

how? Mitigation measures developed etc.)

5. Are the risk activities monitored? If yes who is involved? How often?

6. What control measures have been put in place to reduce risks?

7. Are there techniques and tools used by the organization in risk management

process? If any mention a few please.

8. Is risk management incorporated in all EAM activities/projects? For what reasons?

9. Is the risk management information shared out? If so, with whom and how often?

10. Is risk monitoring and reporting part of your normal management and reporting

system or is it reported differently? And why?

11. Are there any risk reviews that are done in EAM? And for what reasons?

12. Does EAM use any of the international risk management standards? If Yes which

ones?

1) What value has risk management brought or would bring to EAM?

D. Critical success factors for an effective risk management1. Do you think the EAM is managing risks effectively? Yes No?

2. What are the reasons for your answer in D(a)?

3. What need to be done to make risk management effective at EAM?

4. Or measures should be taken to ensure effective risk management?

5. Any suggestion to this study?

Thank you for sparing your time to answer the questions

88


Appendix III: Information Sheet for the questionnaireThis is a research study being conducted in partial fulfilment of the requirement for the

award of Master in Project Management at Malawi Institute of Management in

collaboration with Bolton University. My study topic is An Assessment of risk

management practices at EAM.

The study objectives are:

i) To identify the potential risks at Evangelical Association of Malawi

j) To establish the current risk management practices at Evangelical Association

of Malawi

k) To establish the critical success factors for effective risk management practices

in Evangelical Association of Malawi

l) To recommend a framework for suitable risk management practices at


The questionnaire has four sections; each containing questions on risk management

aspects that are considered important in achieving the study objectives. Section A

covers the respondent’s profile while B, C, and D tackles the current risk management

practices, potential risks and critical success factors for an effective risk management

at EAM respectively. Please note that is study is qualitative.

Respondents are assured of confidentiality and anonymity of the information they

provide. You are further assured that any information you provide is purely for

academic purposes

INSTRUCTION: Please fill in the details. Once you complete send it directly via my

email address: [email protected]

89


Appendix IV Questionnaire for assessing risk management practices in EAM

A. Respondent’s profile a) What is your current position/Title in EAM?................which Section ?.................

b) How long have you worked for EAM? …………………………………c) What experience do you have on risk management?

.............................................................................................................

B. Potential risks at EAM? 1. What risks does your organisation face? (These could be in form of hindrances to

achievement of your organisational objectives in operation, human, legal, strategy

policies, financial etc.)

…………………………………………………………………………………………………

……………………………………………………………………………………………….

2. Of all the risks you have mentioned above, which are three most significant risks in

your organisation? And why?

…………………………………………………………………………………………………

……………………………………………………………………………………………….

3. How do you keep track of your risks? E.g. keep a risk register? Who manages the

register?

…………………………………………………………………………………………………

How often is the risk register updated and by who?

…………………………………………………………………………………………………

C. Risk management practices 1. Are risks in EAM managed proactively or reactively? Please explain

…………………………………………………………………………………………………

2. How are risks identified at EAM and by whom? (E.g. in review meeting, audit

reports, management meetings, etc.)

…………………………………………………………………………………………………

……………………………..................................................………………………………

3. What value has risk management brought or would bring to EAM?

…………………………………………………………………………………………………

4. Outline briefly what steps you perform when dealing with risks at EAM?

…………………………………………………………………………………………………

90


5. Is risk management incorporated in all EAM activities/projects? For what reasons?

……………………………………………………………………………………………….

6. Are there techniques and tools used by the organization in risk management

process? If any mention a few please.

……………………………………………………………………………………………….

7. What is done after risks have been identified? For example are they analysed,

how? Mitigation measures developed etc.)

……………………………………………………………………………………………….

8. Are the risk activities monitored? If yes who is involved? How often?

………………………………………………………………………………………………

9. What control measures have been put in place to reduce risks?

……………………………………………………………………………………………….

10. Is the risk management information shared out? If so, with whom and how often?

………………………………………………………………………………………………

11. Is risk monitoring and reporting part of your normal management and reporting

system or is it reported differently? And why?

……………………………………………………………………………………………….

12. Are there any risk reviews that are done in EAM? And for what reasons?

………………………………………………………………………………………………

13. Does EAM use any of the international risk management standards? If Yes which

ones?

………………………………………………………………………………………………

D. Critical success factors for an effective risk management at EAM?1) Do you have a risk manager or somebody who is assigned the role of risk

management in EAM?

…………………………………………………………………………………………………

2) Do you think that risk management practices at EAM are effective? Yes No

3) What are the reasons for your answer in number 2 above?

…………………………………………………………………………………………………

………………………………………………………………………………………………..

4) In your opinion, what needs to be done in EAM to ensure effective risk

management practices?

91


…………………………………………………………………………………………………

………………………………………………………………………………………………

5) What do you think should be the role of the top leadership and the board members

in Risk Management?

………………………………………………………………………………………………..

6) In your opinion do you think that is enough effort or support in risk management in

EAM? Or what else could the do?

………………………………………………………………………………………………

7) How knowledgeable are the board members on risk management aspects?

……………………………………………………………………………………………….

8) How much time does the board spend on Risk Management oversight?

……………………………………………………………………………………………….

9) How often does the top leadership review the Risk Management reports? What

actions are taken?

……………………………………………………………………………………………….

10) Would you say there is a risk culture in EAM? How is it sustained?

………………………………………………………………………………………………

11) Are stakeholders involved in risk management? If yes at what level/ If No, why?

………………………………………………………………………………………………..

12) Are all EAM employees trained on risk management?

……………………………………………………………………………………………….

13) What infrastructure has been put in place to support risk management? e.g. A

policy, risk management frame work, incorporation of risk management in the EAM

strategy etc.

……………………………………………………………………………………………….

14) Do you set adequate time/resources for risk management?

………………………………………………………………………………………………

15) In your opinion, what key areas of risk management need to be developed/

improved in EAM?

…………………………………………………………………………………………

Thank you for sparing your time to complete the questionnaire.

92


Appendix V Filled questionnaire from Respondent Number 23(R23)

R23 Appendix I: A Questionnaire Date: 14 April 2016

A. Respondent’s profile

1) What is your current position/Title in EAM? Monitoring and Evaluation Program Coordinator

2) How long have you worked for EAM? 3 years…………………………………3) Do you have any experience on risk management? Yes............................

B. Potential risks at EAM? 1. What risks does your organisation face? (These could be in form of hindrances to achievement of your organisational objectives in operation, human, legal, strategy policies, financial etc.)Financial Risks, Operational Risks, Policy Risks, Human Resource Risk, ….2. Of all the risks you have mentioned above, which are three most significant risks in your organisation? And why?Financial Risks – When financial resources are entrusted to field staff, they are prone to misapplication and misappropriation.Operational Risks – Where the organizational structure does not have a clear defined boundary between the roles of the secretariat and that of its main organ (the EAM).Policy Risk – The EAM has a governance document (the policy) which has a gap on who it governs. One would not be clear on whether it covers only the staff under the secretariat or it does cover members of the main body (the EAM). This is a risk in the sense that some members of the organization may think that they are covered under the policy while they are not. The policy have some content gaps, for example it does not articulate clearly how staff are covered against accidents. Thirdly, the policy is not widely disseminated to the members of staff, except some parts of it, particularly those that are to do with finances.

3. How do you keep track of your risks? E.g. keep a risk register? Who manages the register?

The folder for risks is kept in the office of Finance and Administration.How often is the risk register updated and by who?The folder is updated every time an issue has been identified through an audit, field visit exercise, spot check and management meeting etc.

C. Risk management practices 1. Are risks in EAM managed proactively or reactively? Please explain

In EAM risks are managed through both, proactively and reactively. Proactively, Risk-Based Audits are done to ensure activity implementers are aware of the common areas which attract audit quarries so that they avoid them. Secondly, other risks that emerge during the implementation of activities are managed reactively through adherence to standard operation procedures during approvals, and conducting post-activity audits.

2. How are risks identified at EAM and by whom? (E.g. in review meeting, audit reports, management meetings, etc)

Brainstorming meetings, Audit reports, Approving Managers, Field Monitoring Visits, Management Meetings, Financial Reports

93


3. What value has risk management brought or would bring to EAM?Risk Management has enabled EAM to i) effectively use the resources, ii) be able to reassure the stakeholders on how the resources are prudently used iii) to achieve its planned activities without any surprises.

4. Outline briefly what steps you perform when dealing with risks at EAM? a. The first step that EAM does in Risk Management is to identify the risks that are

then put in a Risk Register.b. We then determine the probability of each one of the risks.c. We then determine the impact of each risk through an evaluation processd. For each risk, we propose a response.e. We then use the proposed responses to trace each of the risks, and document

the result of the tracing exercise.f. The results are communicated to Senior Management and then to all members

of EAM……5. Is risk management incorporated in all EAM activities/projects? For what

reasons?Risk Management is incorporated into about 70% of its activities/projects. There are some agricultural project activities that would require Risk-Based Insurance

6. Are there techniques and tools used by the organization in risk management process? If any mention a few please.i). Brainstorming Meetingsii). Use of Excel log.

7. What is done after risks have been identified? For example are they analysed, how? Mitigation measures developed etc) (Ref. to your Q4)

8. Are the risk activities monitored? If yes who is involved? How often?Risk activities are monitored by the following;i). The internal auditor - Continuouslyii) The Program Monitoring and Evaluation Officer - Continuouslyiii) The Program Managers- Continuouslyiv) The Project Managers – Continuouslyv) External Auditors – Annually or at the end of a project depending on the requirement of the various projects.

9. What control measures have been put in place to reduce risks?Project Staff are trained in Risk-Based Audit that equips them with knowledge about the possible risks……………………….

10. Is the risk management information shared out? If so, with whom and how often?Risk Management Information is shared to all EAM members of staff. Annual Retreats have been used for dissemination the information to staff. However, other fora like; monthly and quarterly management meetings, Senior Management Meetings, Audit feedback meetings have also been used.…………

11. Is risk monitoring and reporting part of your normal management and reporting system or is it reported differently? And why?Risk Monitoring has been part of the normal management and reporting system because it just part of the whole project management plan, as it encompasses aspects of the project scope, the cost (budget), time and quality.……………….

12. Are there any risk reviews that are done in EAM? And for what reasons?Risk Reviews are done in EAM, to assess which of the risks occur frequently, why they occur, coming up with revised responses to the risks, and observe if some new risks have come into play.…………

94


13. Does EAM use any of the international risk management standards? If Yes which ones?EAM Uses Some International Standard Operation Procedures, may be not all the ISOs…………………………………………………………………………………………

D. Critical success factors for an effective risk management at EAM?1. Do you have a risk manager or somebody who is assigned the role of risk

management in EAM?Yes, the Internal Auditor also does Risk Management………………………………

2. Do you think that risk management practices at EAM are effective? Yes/No What are the reasons for your answer in number 2 above?

It has helped the organization to use the resources prudently and enable it to achieve its planned deliverables, and in the process helped EAM in its effort of building strong relations with the various stakeholders.………………..

3. In your opinion, what needs to be done in EAM to ensure effective risk management practices?It must incorporate all the risks in its organizational policies………………………

4. What do you think should be the role of the top leadership and the board members in Risk Management?Senior Management Team must ensure that the risk management plan is on track and being updated periodically……………..

5. In your opinion do you think that is enough effort or support in risk management in EAM? Or what else could the do?There is enough support for risk management and that’s why the organization How knowledgeable are the board members on risk management aspects?The Board of Trustees are well versed with Risk Management issues…………….

6. How much time does the board spend on Risk Management oversight?It’s about one week per year

7. How often does the top leadership review the Risk Management reports? What actions are taken?The meet quarterly. It makes decisions based on the quarterly reports. It also draws a new risk management plan..

8. Would you say there is a risk culture in EAM? How is it sustained?Yes. It is sustained through valuing and adherence to the risk management plan. Risk Management Plan is considered as important as the other management plans within the organization………

9. Are stakeholders involved in risk management? If yes at what level/ If No, why?Stakeholders are involved in all the stages of risk manage………..

10. Are all EAM employees trained on risk management? They are trained in Risk-Based Management………………….

11. What infrastructure has been put in place to support risk management? e.g. A policy, risk management frame work, incorporation of risk management in the Vision fund strategy etc. Risk Management Framework

12. Do you set adequate time/resources for risk management?Enough time/resources are allocated to risk management…………

13. In your opinion, what key areas of risk management need to be developed/ improved in EAM?

EAM needs to incorporate Index Based Insurance for its field-based activities, so that in case of extreme disasters the risks are transferred to an insurer.

95


Appendix VI An example of how responses from the questionnaires were combined for each question.

Risk management practices 1. Are risks in EAM managed proactively or reactively? Please explain

R17 Of course both ways but more generally reactively.R20 Proactively – managers do not wait until an incident happen but a systematic routine follow ups.R18. Reactively because everything is done based on the situation that has come out.R19. Not surerR21 Risks are generally managed reactivelyR22 Basically managed reactivelyR23 In EAM risks are managed through both, proactively and reactively. Proactively, Risk-Based Audits are done to ensure activity implementers are aware of the common areas which attract audit quarries so that they avoid them. Secondly, other risks that emerge during the implementation of activities are managed reactively through adherence to standard operation procedures during approvals, and conducting post-activity audits.

2. How are risks identified at EAM and by whom? R17 Generally through Review meetings and AuditsR20 Through routine staff meetings, management meetings and audit reports…R18. Through audit reports; in review meetings; In management meetingsR19 Mostly the risks are identified during review meetings, and organisation capacity building workshops.R21 Sometimes in management meetings and sometimes in review meetingsR22 In management and staff meetings, periodic reports, financial controls, staff appraisals, audit reportsR23 Brainstorming meetings, Audit reports, Approving Managers, Field Monitoring Visits, Management Meetings, Financial Reports

3. What value has risk management brought or would bring to EAM?R17 Integrity, staff motivation, organisation trustworthy by both internal and external stakeholders and also financial prudenceR20 It instils the spirit of get prepared for uncertainties like staff resignation and answering audit queries.R18. It has ensured quality of work in different projects It has led to projects registering a lot of successes/achievements and desired

impacts to communities thereby helping the projects achieving their goals and objectives

-It has resulted into attracting donor confidence e.g. financial risk management It has encouraged employees to be patriotic, integrity and hard working in fear of

once the project has phased out and registers underperformance, donors will go and their employment contracts will not be renewed.

R19 It has helped the organisation identify the gaps it has and find possible solutions to the problems identified.R21 Greater confidence, motivation and financial prudenceR22 Effectiveness and efficiencyR23 Risk Management has enabled EAM to i) effectively use the resources, ii) be able to reassure the stakeholders on how the resources are prudently used iii) to achieve its planned activities without any surprises.

96


Appendix VII List of respondents

Respondent(Identification code)

Working years in EAM

Data collection tool used

Date of interview/return of questionnaire

R1 2 years Face to face interview 31/3/2016R2 12 years Face to face Interview 31/3/2016R3 1 year Face to face Interview 31/3/2016R4 2 Years Face to face Interview 31/3/2016R5 5 years Face to face Interview 31/3/2016R6 7 years Face to face Interview 30/3/2016R7 Over 20

yearsFace to face Interview 7/4/2016

R8 6 years Face to face Interview 8/4/2016R9 Over year Face to face Interview 8/4/2016R10 16 years Face to face Interview 10/4/2016R11 6 years Face to face Interview 10/4/2016R12 13 years Face to face Interview 13/4/2016R13 20 years Face to face Interview 13/4/2016R14 3 years Face to face Interview 15/4/2016R15 Over 10

yearsFace to face Interview 4/4/2016

R16 5 years Face to face Interview 5/4/2016R17 2 years and 9

monthsSelf-administered questionnaire

23/4/2016(Date of return)

R18 2 years and 3 months

Self-administered questionnaire


R19 6 years Self-administered questionnaire




R21 More than 1 year

Self-administered questionnaire






R24 2 years 4 months

Telephone interview 21/4/2016

R25 Over 10 years

Face to face interview 30/3/2016

Appendix VIII An example of paraphrasing and grouping of the texts

97


Question: What value has risk management brought or would bring to EAM?

Respondent Original text Paraphrasing Grouping the texts

RI It would ensure activities are done on the right time. It would also ensure cohesion between departments. Reports would be timelyAlso there would be quality reporting Requisition of items would be done on time

Activities done on timeEnsure cohesion between department Quality reportingRequisition on time

Activities will be done on time; Cohesion between departments; quality reporting; add value to implementation, risk management committee, proper risk management procedures, reduce challenges, address challenges on time, Promote effectiveness and efficiency

R2 Add value to implementation as challenges would be tackled

Add value to implementation

R4 Risk committee would be in place ;able to mitigate the risks; we would have proper procedures towards achieving our objectives

Risk management committee, Proper risk management procedures

R4 Build capacity build CapacityR7 Reduces losses in many

aspects; this is the way to go as EAM; this is donor requirement hence we are no option

Reduces losses , donor requirement

R12 It would reduce some challenges we face and address some of the challenges on time; address risk on time; be able to foresee and plan in good time; address risk in advance ;promote effective and efficiency operation development in EAM; promote team work; build capacity ;be visionary

Reduce challenges Address risk on timePromote effectiveness and efficiency TeamworkCapacity building

R17 It would ensure Integrity, staff motivation, organisation trustworthy by both internal and external stakeholders and also financial prudence

Integrity, staff motivation, trustworthy Financial produce.

98

ABSTRACT - UBIRubir.bolton.ac.uk/1118/1/Joyce Mue Dissertation FINAL… · Web viewan assessment of...

Documents

Transcript of ABSTRACT - UBIRubir.bolton.ac.uk/1118/1/Joyce Mue Dissertation FINAL… · Web viewan assessment of...