Quantitative Approach to The Implementation of Risk Management In Operating Activities of Romanian SMEs

Introduction

Small and Medium-sized Enterprises (SMEs) are essential for the growth of any economy, the advantages they offer consist of the contribution to the production of goods and services, the creation of jobs with relatively low capital, the reduction of income disparities, the formation of qualified and semi-skilled human resources and the reduction of poverty (Rogerson, 2001).

Currently, SMEs play an important role in the Romanian economy. They generate 52.7% of the total value added and 65.8% of the total employment, yet the percentage is lower than the EU averages of 56.4% and 66.6%. The average productivity of Romanian SMEs, calculated as an added value for each employed person, is about EUR 15.100, which is significantly lower than the EU average of about EUR 44.600. On the other hand, Romanian SMEs employ an average of 5.5 people, exceeding the EU average of 3.9 (European Commission, 2019).

The peculiarities of SMEs that make them vulnerable are limited access to finance, inadequate capital, instability, lack of appropriate records, lack of technology, lack of entrepreneurial and management skills, and small-scale operations with low growth potential (Mwaniki, 2006).

Like any other organization, SMEs face many risks, but their ability to treat them is lower compared to large firms (Agrawal, 2016). On the other hand, within SMEs, it is very difficult to differentiate between the role of the manager and the owner in terms of managing business risks. (St-Pierre & Bahri, 2006).

According to the Risk Management Guide for Small Businesses, the first and only guide issued regarding risk management in small organizations, by the Global Risk Alliance (GRA) and NSW Department of State and Regional Development, Small Business Development Division, the risks of small and medium-sized enterprises are: financial, organisational, compliance/legal, operational, commercial, security, strategic, equipment, reputation, service delivery, project, stakeholder management and technology (GRA, NSW, 2005).

The study aims to analyze the extent to which the decision-makers’ perception of the different benefits of risk management correlates with the implementation of risk management in operating activities. This type of operation was chosen due to the fact that, in general, risk management is frequently used in strategic decisions. The application of risk management at the level of operating activities denotes the fact that the company considers it as of high importance for the effective conduct of the activities.

Literature Review

The late 1990s is characterized by the publication of several books and articles on enterprise/integrated risk management and the emergence of specialized publications that included the word “risk” in titles (Power, 2004). However, until 2009, there was no accepted global framework or standard that could be used to establish or evaluate risk management activities (Frigo & Anderson, 2011). In 2009, the ISO 31000:2009 standard was issued, which brought more rigor in the areas of risk management implementation and boosted studies on the implementation of risk management in SMEs.

Simultaneously, the benefits of implementing risk management in an integrated approach within the organization were studied. The differentiation between the integrated approach of risk management and the traditional one is made in terms of design and effectiveness regarding the creation of value for the organization. While the integrated approach also focuses on opportunities to bring value to the entity, the generic risk management aims to eliminate the risks perceived as threats (Acharyya, 2013).

In the literature, the concept of enterprise risk management (ERM) is sometimes replaced by synonyms such as holistic risk management (HRM), integrated risk management (IRM), strategic risk management (SRM) or total risk management (TRM). Enterprise risk management (ERM) has emerged as a new approach to risk management that aims to manage, in an integrated manner, the risk portfolio that an organization is facing. In contrast to the traditional risk management approach, where individual risk categories are managed from the “in silo” perspective, ERM involves a holistic risk approach, enabling companies to take into account the correlations between all risk categories (Monda & Giorgino, 2013).

Louw & Com (2007) state, based on DeLoach’s study (2005, p. 3), that the ERM focus is on integrating risk management with existing management processes, on identifying future events that may have positive or negative effects and on evaluating the effectiveness of strategies to manage the organization’s exposure to possible events.

There are three ways in which ERM helps the organization to manage risks, so as to protect and increase the value of the company (Protiviti, 2006):

• Establishing a sustainable competitive advantage. ERM supports the transition of the organization from an “in silo” risk management to a strategic one, which concentrates on and applies the risk management process to all the sources of value of the entity.
• Optimizing the cost of risk management by aggregating risk acceptance and transfer decisions, eliminating the redundant activities and establishing the level of risk that the organization is willing to accept when running the business model.
• Managing support to improve business performance by reducing performance variability and exposure to losses through anticipating future events with major impacts, and developing responses regarding their management.

Institute of Internal Auditors (2009) defines ERM as a structured, solid and continuous process, carried out throughout the organization, in order to identify, evaluate, respond and report the opportunities and threats that have an impact on the achievement of the objectives. EY (2016) creates a scheme that includes the ERM features. This is shown in Figure 1.

ISO 31000 (2009) outlines the integrated risk management approach made up of interdependent components of ERM/IRM, which derive from the way the management administrates the organization and from the way the components are integrated in the management process.

Figure 1:ERM Features

Source: Adapted from EY (2016)

The implementation of integrated risk management is an exercise in management change. There will be people who embrace change and welcome it as an improvement for the company, and there will be people who consider change as unnecessary. When the need for implementation is exposed to management, the focus should be on the benefits granted to the organization. Few managers can dispute the benefits of risk management or if the performance of an entity is consistent with the volume of risks managed (Society of Actuaries, 2006). ERM can really reduce risk exposure, improve the decision making process and bring benefits on a large scale, but only if implemented correctly. ERM also allows organizations to become more entrepreneurial, because, once risk management is adequate, they will have the confidence and knowledge to carry out new activities (Howard, 2009). Figure 2 presents the benefits of implementing integrated risk management.

Figure 2: The benefits of implementing integrated risk management

Source: Adapted from Argyrou; Dr. Schanz Alms & Company (2015), Ciocoiu (2015), COSO (2017), PwC (2016), Standards of Sound Business and Financial Practices (2011)

In practice, implementing risk management has offered organizations various advantages as follows: reducing the total cost of risk out of turnover, from 2.7% in 2006 to 2.2% in 2010 (DLA Piper), reducing the exposure to risk with 85% for 51 analyzed projects (Nestle), and decreasing financial exposure to significant risks by 70% (Government Agency) (Howard, 2009).

The specialized literature is characterized by a small number of studies in which the issue of perceiving the benefits of implementing risk management is addressed. They are interpreted as either results obtained from the implementation of the risk management program, or as reasons for the companies to engage in the risk management program.

For example, a study conducted on the listed companies in Malaysia, evaluates, through exploratory factor analysis (EFA), not only the intensity and challenges of implementing risk management, but also its benefits such as: improving the clarity of the decision-making process throughout the organization, increasing the profitability of the company, increasing awareness of the risk among employees, improving communication with stakeholders/shareholders, and contributing significantly to the achievement of the strategic objectives of company (Lai, 2014). Also, Hoyt & Liebenberg (2011) have researched the advantages of ERM in the insurance field, using data for 117 companies listed on the US stock exchange, from 1998 to 2005, and found that there is a positive relationship between the implementation of risk management and the performance of firms.

Methodology of Research

The purpose of this paper is to identify if there is a significant correlation between the perception of the possible benefits obtained from the implementation of risk management and the integration of risk management into operating activities within the Romanian SMEs. The benefits category includes a number of elements drawn from previous studies of various authors from Romania and abroad (Ciocoiu, 2015; COSO, 2017; Lai, 2014; PwC, 2016).

The questionnaire was adopted as a means of collecting reliable and quantifiable data at a reasonable cost. The target population was composed of owners, managers, risk managers and project managers of the Romanian SMEs. From a total of 390 owners and managers who were invited to complete the questionnaire online, only 185 representatives of the Romanian SMEs participated, and 164 questionnaires were validated. The first part of the questionnaire contains three questions regarding the size of the organization, the age on the market and the level at which it operates, in the form of checklists. The second part has 7 questions addressing the extent to which the risk management is used in the operating activities of the company and the perception of its benefits as a factor underlying the implementation. The benefits listed in the questionnaire refer to: increasing profitability and revenues, increasing the efficiency of the decision-making process and the efficient use of resources, developing a culture of risk management in the company, aligning risk management to the company objectives, identifying and controlling a large number of risks at entity level, and increasing stakeholders’ satisfaction and involvement in the risk management process. The second part of the questionnaire used an interval rating scale measurement with three-point Likert-Scale.

To analyze the data, descriptive statistical methods such as averages and standard deviation, and inferential statistical methods such as linear regression, at the level of statistical significance of 0.01, were used. The following hypotheses will be tested in this study:

H1: There is a significant relationship between increasing profitability and revenues and the extent to which risk management is integrated within SMEs in Romania.

H2: There is a significant relationship between increasing the efficiency of the decision-making process and the efficient use of resources and the extent to which risk management is integrated within SMEs in Romania.

H3: There is a significant relationship between the development of a culture of risk management in the company and the extent to which risk management is integrated within the Romanian SMEs.

H4: There is a significant relationship between the alignment of the risk management with the objectives of the company and the extent to which risk management is integrated within the SMEs in Romania.

H5: There is a significant relationship between the identification and control of a greater number of risks at entity level and the extent to which risk management is integrated within the Romanian SMEs.

H6: There is a significant relationship between the increased satisfaction and involvement of stakeholders in the risk management process and the extent to which risk management is integrated within Romanian SMEs.

For each hypothesis, the null hypothesis H₀: The analysed variables are statisticaly independent (there is no association between the analysed variables) and the alternative hypothesis H_a: There is an association between the analysed variables were defined.

Results and Discussion

The results from the descriptive statistics as presented in Table 1 indicate an average of integrating risk management into the organization’s operating activities of 0.216 for the SMEs under consideration. It represents an average percentage (%) distribution of approximately 21%.

On the other hand; increasing profitability and revenues, increasing the efficiency of the decision-making process and the efficient use of resources, developing a culture of risk management, aligning risk management with company objectives, identifying and controlling a greater number of risks at the entity level and increasing stakeholders’ satisfaction and involvement in risk management have an average distribution value of 0.263, 0.257, 0.245, 0.238, 0.245 and 0.237, respectively for the sampled SMEs.

Table 1: Descriptive Statistics

Source: Own calculations

Conversely, the review of empirical results from the Pearson correlation analysis, presented in Table 2, regarding the relationship between the variable of risk management integration in the operating activities of the Romanian SMEs and the variables represented by increasing the efficiency of the decision-making process and the efficient allocation of resources, developing a culture of risk management in the company, aligning the risk management with the objectives of the company, and increasing the satisfaction and involvement of the stakeholders, shows that the correlations are positive at a probability level of 1% with the following correlation coefficients (r): 0.259, 0.198, 0.324 and 0.266, respectively.

In contrast, regarding the relationship between the integration of risk management in the operations of the analyzed SMEs and the increase of profitability and the identification and control of a greater number of risks at entity level, the correlations are insignificant, being higher than the 1% probability level established.

Table 2:  Pearson correlations for selected SMEs

Source: Own calculations

First, the multicollinearity test was performed before the analysis of the regression model, considering that this may affect the parameters of the regression model. Field (2009) suggests that a tolerance value of less than 0.1 indicates a serious multicollinearity problem between the independent variables, and a value of variance inflation factor (VIF) greater than 10 calls for concern. The regression model parameters in this study do not present problems of multicollinearity, considering that all tolerance values are greater than 0.10 and all VIF values are less than 10.

In Table 3, the results of the linear regression show that the correlation between the dependent variable, which is represented by the degree of risk management integration in the operating activities of the Romanian SMEs analyzed, and the predictors represented by the perception of the importance of the benefits of risk management implementation (6 variables – increasing the profitability and revenues, increasing the efficiency of the decision-making process and the efficient use of resources, developing a culture of risk management in the company, aligning the risk management with the company objectives, identifying and controlling a greater number of risks at entity level, and increasing stakeholders’ satisfaction and involvement in the risk management process) has a high value (0.479) and in the same direction.

Also, the results of the regression analysis for the selected SMEs, described in Table 3, show that R-Square, which is often referred to as the coefficient of determination of the variables, has a value of 0.230. R-Square indicates that the model is able to explain about 23% of the variability of the integration of risk management in the operating activities of the questioned SMEs. This means that approximately 77% of the variation of risk management integration within the sampled SMEs are accounted for by other factors not included in the model. This result is corroborated by the Adjusted R-Square of about 0.200, which is in essence the proportion of total variance that is explained by the model.

Table 3: Model summary

Source: Own calculations

Similarly, findings from the F-statistic test, as reflected in Table 3, have a p-value less than 0.01; this clearly suggests that the explanatory variables are significantly associated with the dependent variable, integrating risk management into the operating activities of organizations.

In Table 4, the results of the linear regression analysis show that the perceived importance of the benefits of risk management implementation influences the extent to which the risk management practices are integrated in the operating activities within the analyzed SMEs, at the level of statistical significance of 0.01 as follows: increasing profitability and revenues (t-statistics = -3.178; p-value = 0.002), aligning risk management with company objectives (t-statistics = 3.512; p-value = 0.001) identifying and controlling a greater number of risks at entity level (t-statistics = -2.713; p-value = 0.007) and increasing stakeholders’ satisfaction and involvement in the risk management process (t-statistics = 2.916; p-value = 0.004).

The association between aligning risk management with company objectives (beta coefficient = 0.476), increasing satisfaction and involving stakeholders in risk management (beta coefficient = 0.318) and integrating risk management into operating activities within SMEs is significant and positive, indicating that the greater the importance attached to these benefits of implementing risk management, the greater the extent to which risk management is incorporated. In contrast, the association between increasing profitability and revenues (beta coefficient = -0.307), identifying and controlling of a greater number of risks at entity level (beta coefficient = -0.347) and integrating of risk management within SMEs is significant and negative, indicating that the greater the importance attached to these benefits of the implementation of risk management, the less the extent to which risk management is integrated into the operating activities of the questioned Romanian SMEs.

Table 4:  Coefficients

Source: Own calculations

Table 5 shows the results of the above analysis, indicating the acceptance or rejection of the hypothesis.

Table 5:  The results of hyphothesis testing

Source: Own calculations

Conclusions

This study analyzed the connection between the perceived importance of the benefits of risk management implementation and the extent to which risk management practices are integrated in operating activities within SMEs in Romania.

The results indicate that the appreciation of the importance of increasing profitability and revenues as a possible benefit obtained from the implementation of risk management has a significant contribution to the degree of integration of risk management in Romanian SMEs. The study also shows that there is a significant negative relationship between identifying and controlling a greater number of risks at the entity level and the extent to which risk management is integrated. Contrary to the expectations, the nature of the relationship between the two variables is negative, that is, an increase in the risk management integration measure will lead to a decrease in the importance of increasing profitability and revenues. This result may be possible in the context of the difficulty of measuring the risk management performances in relation to the resources allocated and the complexity of the specific risk management process.

The research also indicates a positive association between the degree of using risk management practices and the importance of aligning risk management with the firm’s objectives and increasing stakeholders’ satisfaction and involvement. Therefore, a robust risk management approach provides relevant information to decision-makers, contributing to increasing the possibility of selecting an optimal strategy, and improving communication and stakeholders’ involvement, by regularly providing reports and taking into account their requirements in the risk management process.

An important limitation of this paper is the size of the sample, given the numerous SMEs operating in Romania. To address this limitation, the following research aims to increase the sample size.

Acknowledgement

This study is conducted within the doctoral studies of the Bucharest University of Economic Studies.

References

• Acharyya, M., & Mutenga, S. (2013). The benefits of implementing Enterprise Risk Management:evidence from the non-life insurance industry. 2013 Enterprise Risk Management Symposium, (pp. 1-21). Chicago.
• Agrawal, R. (2016). ‘Enterprise Risk Management’ Essential for Survival and Sustainable Development of Micro, Small and Medium. International Review 1(2), 117-123.
• Argyrou, M.; Dr. Schanz Alms & Company. (2015, Summer). Adopting Enterprise Risk Management (ERM) in high-growth insurance markets. Trust Re Perspectives. Retrieved April 4, 2020, from http://www.trustre.com/uploads/media_centre/articles/14._Adopting_ERM_in_high-growth_insurance_markets_.pdf.
• Ciocoiu, C. N. (2015). Implementation of an Integrated Risk Management Framework: A Multicriteria Approach for Romanian SMEs. In O. Nicolescu, C. Oprean, & M. A. Titu, Nicolescu O., Oprean, Titu M.A. (editors): The Best Romanian Management Studies 2013-2014 (pp. 85-102). Lambert Academic Publishing.
• (2017, June). Enterprise Risk Management Integrating with Strategy and Performance.
• European Commission. (2019). 2019 SBA Fact Sheet-Romania. Retrieved March 22, 2020, from https://ec.europa.eu/docsroom/documents/38662/attachments/24/translations/en/renditions/native.
• (2016). Enterprise Risk Management — an integrated approach towards effective and sustainable risk management. Retrieved March 4, 2020, from http://www.ey.com/Publication/vwLUAssets/EY-enterprise-risk-management/$FILE/EY-enterprise-risk-management.pdf.
• Field, A. (2009). Discovering Statistics Using SPSS (Vol. Thrid Edition). London: Sage Publications.
• Frigo, M. L., & Anderson, R. J. (2011). Strategic Risk Management: A foundation for improving enterprise risk management and governance. Journal of Corporate Accounting & Finance, Volume 22, Issue 3, 81-88.
• GRA, NSW. (2005). Risk Management Guide for Small Business. Retrieved March 2, 2020, from https://www.significanceinternational.com/Portals/0/Documents/2005-sme-risk-management-guide-global-risk-alliance-nsw-dsrd.pdf.
• Howard, P. (2009, March). Remaining buoyant. The Treasurer. Retrieved March 30, 2020, from http://www.treasurers.org/ACTmedia/Mar09TTRiskERM38-39.pdf.
• Hoyt, R. E., & Liebenberg, A. F. (2011). The Value of Enterprise Risk Management. Journal of Risk and Insurance 78(4), 795–822.
• Institute of Internal Auditors. (2009, January). THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT. Retrieved March 3, 2020, from https://na.theiia.org/standards-guidance/Public%20Documents/PP%20The%20Role%20of%20Internal%20Auditing%20in%20Enterprise%20Risk%20Management.pdf.
• ISO 31000:2009. (2009). Risk management- Principles and guidelines. International Organization for Standardization.
• Lai, F. W. (2014). Management Implementation Framework, Its Challenges Examining the Dimensions of Enterprise and Benefits: A Study on Malaysian Public Listed Companies Risk. Journal of Economics, Business and Management, 2(2), 81-86.
• Louw, A., & Com, B. (2007, November). THE DEVELOPMENT OF AN ENTERPRISE-WIDE RISK MANAGEMENT FRAMEWORK IN AN ORGANISATION – Mini-dissertation.
• Monda, B., & Giorgino, M. (2013). An ERM Maturity Model. SSRN Electronic Journal.
• Mwaniki, R. (2006). Supporting SMEs Development & the Role of Microfinance in Africa. Nairobi: INAFI Africa Trust.
• Power, M. (2004). The Risk Management of Everything. Rethinking the politics of. London: Demos.
• (2006). Enterprise Risk Management: Practical Implementation Advice. 1-3. Retrieved March 3, 2020, from https://www.protiviti.com/UK-en/insights/bulletinv2-i6.
• (2016). Staying ahead of the curve- Enterprise risk management. Retrieved March 5, 2020, from https://www.pwccn.com/en/risk-assurance/ra-enterprise-risk-management-oct2016.pdf.
• Rogerson, C. M. (2001). Growing the SMME Manufacturing Economy of South Africa:Evidence from Gauteng Province. Journal of Contemporary African Studies, 19(2), 267-291.
• Society of Actuaries. (2006, May). Enterprise Risk Management Specialty Guide. Retrieved February 14, 2020, from https://www.soa.org/library/professional-actuarial-specialty-guides/enterprise-risk-management/2005/august/spg0605erm.pdf.
• Standards of Sound Business and Financial Practices. (2011, September). ENTERPRISE RISK MANAGEMENT FRAMEWORK.
• St-Pierre, J., & Bahri, M. (2006). The Use of the Accounting Beta as an Overal Risk Indicator for Unlisted Companies. Journal of Small Business and Enterprise Development, 13(4), 546-561.