Acknowledgement

I, Prajeesh Prakash take this opportunity as an honor to thank and pay due respect to
everyone who has helped me in accomplishing this Research project.

I thank the institute for providing me with an opportunity to complete this Research
project. This platform will serve a course of knowledge, skills enhancement, and
experience for which I am extremely thankful.

I am grateful to all the mentors and active contributors who helped in collecting the
primary data and the completing the survey. My colleagues and seniors are warmly
acknowledged.
Executive summary:
The present research presents the process of risk management as one of the important tools in an
organization. The management strategies implemented are based on the type and structuring of
organization. The risk management strategies can influence the organization to identify the risk
components which can benefit in order to manage the economic standards. The present research
provides insight on the risk assessment to shape the priorities based on the structuring and
functioning of the organization.
The whole risk management in an organization are illustrated into three phases such as
identifying the risk, facilitating it and assorting with the priorities to shape and minimize the
identified risk factor. The risk factor is channelized in an organization process by managing the
available resources in the system and compiling the different strategies to suppress or minimize
the risk associated. In order to keep the growth of any organization, defining and assessing the
problems becomes the priority factor to ease the functioning. In current scenario, every
organization needs to come up with the risk management plans well before they could encounter
it. Once the management strategies are defined, there will be lot of scope for growing the
organization. This assortment of risk factors greatly influences the economy of any organization.
Hence, the present mini research focuses on the planning, implementation and execution of risk
factors in organization.
In addition, the implementation can be done in various ways. For instance, in a marketing
campaign project a number of implementations approaches for the risk management plan are
available to develop or maintain a competitive advantage. They include such methods as creating
barriers to market entry, establishing competitive pricing, damping, using new unique
technology, innovation, adjusting or reorganizing personnel management etc. Each of these
methods implies a very different set of tools for implementation. Hence the process of putting a
strategic plan of managing identified threats and exploiting opportunities into action is called the
implementation of the risk management plan. Such a process may take many forms – this
depends on the business culture of the performing organization, history of previous efforts,
available resources, number of individuals involved in the project, and other factors.

Objectives:

• To find out which risks a business face, find ways to quantify and measure those risks,
create methods to monitor risks and finally come up with treatment methods which
mitigate or eliminate risk we use risk managements. The overall objective to create a
business that is less susceptible to risks and therefore enhance the safety of investors in
the business.

• To enables project success as Employees can reduce the likelihood and severity of
potential project risks by identifying them early. If something does go wrong, there will
already be an action plan in place to handle it. This helps employees prepare for the
unexpected and maximize project outcomes.
 To Support Continuity of Organization as Risk management has an efficient role in long
term growth and survival of the business. Every business faces several risk and
unfortunate events during its life cycle. These unfortunates, if not treated timely, will
affect the organization capital and profit or even leads to its termination.
 To have Better Communication of Risk Within Organization as Risk management
develops better communication network between directors, managers and employees. It
helps in spreading all information regarding risk easily around the organization timely.
All people are able to interact with each other effectively and discuss about core solution
about this risk. This helps in better understanding of several threats and taking timely
action against them.
• To Reduce & Eliminate Harmful Threat as not all risks need to be critical in nature.
There are many small nature risks inherent in all processes which may make the process
unsafe or less productive. Risk management helps in identifying these more minor risks
as well. Once identified, they can be effectively dealt with to make the workplace safer
and more productive

• To Identify & Evaluate Risks as the idea of risk management is to identify the risks early
and try to control them as much as possible. Once the risks are identified, the
organization evaluates the potential of the risk to know how harmful it can be. This helps
in understanding the true nature of the risk and managing it in a better manner
Research methodology:

 Signification of the research - Risk management has perhaps never been more important
than it is now. The risks modern organizations face has grown more complex, fueled by
the rapid pace of globalization. New risks are constantly emerging, often related to and
generated by the now-pervasive use of digital technology. For a business, assessment and
management of risks is the best way to prepare for eventualities that may come in the
way of progress and growth. When a business evaluates its plan for handling potential
threats and then develops structures to address them, it improves its odds of becoming a
successful entity. In addition, progressive risk management ensures risks of a high
priority that are dealt as aggressively as possible. Moreover, the management will have
the necessary information that they can use to make informed decisions and ensure that
the business remains profitable.

• Implementation of a robust risk management plan will help an organization build policies
and procedures around avoiding potential threats and measures to minimize their impact
if it occurs.
• It is crucial for any business to know the nature and extent of risk it is prepared to take
the level of risk it can tolerate and communicate the same to its employees at all levels of
management. This enables limited control all over the organization.
 • The ability to understand risks enables the organization to make confident business
decisions.
• It protects the organization from the risk of unexpected events that can cause it a financial
and reputational loss.
• Planning and developing structures to address potential threats improves the odds of
becoming a successful organization.
Thus, the practice of risk intelligence and risk management is seen increasing in many industries.

• Scope of research:

• To understand the background of the organization and its risks (e.g., its core processes,
valuable assets, competitive areas etc.).
• To evaluate the Risk Management activities being undertaken so far.
• develop a structure for the Risk Management initiatives and controls (countermeasures,
security controls etc.) to follow.
• To clarify and gain common understanding of the organizational objectives

• To identify the environment in which these objectives are set.

• To specify the main scope and objectives for Risk Management, applicable restrictions or
specific conditions and the outcomes required
• To develop a set of criteria against which the risks will be measured
• To define a set of key elements for structuring the risk identification and assessment
process.

Limitations of risk management

Complex calculations: Risk management involves complex calculations in terms of

managing risks. Without the automatic tool, each and every calculation regarding

risks becomes difficult.

 Unmanaged losses: If the organization meddles with a loss, then that pay will be

delivered to the pay loss of the firm. Here, the organization is responsible for the loss

that happened due to improper schedule about risk management.

Depends on external entities: Managing risks depends on the external entities that

are modulated within the organization, usually depends on the external data. It

includes all the dependent information about the risks regarding other valid

resources. The transferable resources depend on the external entities that tend to

have data.

Sample design and research design –

Primary source – This study is based on both primary as well as secondary data. Primary data

has been collected by social network, individual experience, interview from them.

Secondary data – The secondary data have been collected from different articles and websites

such as www.goggle.com, www.wikipeida.com and others.

Literature Review on the Effectiveness of Risk Management System

Wadesango Newman, University of Limpopo

Mhaka Charity, Midlands State University

Shava Faith, Midlands State University

Wadesango Ongayi, University of Limpopo

Keywords

Public Setting, Risk Management, Financial Performance, Skills, Knowledge.

Background of the Study

The Parliamentary Accounting Committee (PAC) revealed that fraud cases had been

prevalent in government departments including the Ministry of Higher and Tertiary

Education, Science and Technology Development (MHTESTD). The Committee noted fraud

cases through recurring audit findings such as funds embezzlement, dummy receipting,

unauthorized and unsupported expenditure, flouting tender procedures, mismanagement of

funds and management overrides by those charged with governance. The Auditor General

(AG) of 2015 also reported that out of unsupported payments incurred were losses ranging

from USD$ 3 million to USD$ 3.5 million. Innovation and Commercialization Fund (ICF)

lost amount of USD$ 2.5 million owed to debtors through borrowings. However, National

Education Training Fund lost USD$ 3.5 million to acquit Cadetship grants. AG’s report of

2015 observed that Ministry of Higher and Tertiary Education lost about USD$ 1.8 million to

dummy receipting in polytechnics and teacher’s college. Analysis of AG report by

ZIMCODD highlighted that inadequate risk-based audit has negatively affected the financial

performance of ministries as there is no audit committee for risk identification, assessment

and monitoring in taking up risk management task thus IAF has been inefficient in

accomplishing its audit plan, hence audit recurring perpetuated fraud activities

Effects of Risk Management Systems of Financial Performance

Ping & Muthuveloo (2015) emphasized that survival of a firm can be determined by

performance which is an indicator of profit or loss. They added that a firm’s performance can

be improved by a strong risk management system such as Enterprise Risk Management

System (ERMS) which create and add value to the success of business through reduction of

uncertainties and customer satisfaction.

Fraud Risk Reduction

According to Ndwiga et al. (2012), reduction of risks is done through monitoring and

controlling by means of standard setting of policies to ensure minimization of risks. Kiragu

(2014) asserted that risk reduction practice positively affects financial performance of an

organization through loss control, risk mitigation and risk transfer to insurance firms. They

explained that risk reduction practices significantly improve the return on assets of the firm.

Shahroudi et al. (2012) in support confirmed that reducing exposed risk increases the quality

of service as well as the firm’s financial performance. They added that risk mitigation and

financial performance has a positive relationship. Ernst & Young revealed that firms with

reputable risk reduction practices produce more revenue and their risk maturity linked with

better return on assets and a positive significance on financial performance. A study by La &

Choi (2012) proved that the effect of risk management has a positive significant relationship

with the organizational performance. Wanjohi agreed that risk management has a significant

positive correlation to the financial performance of an organization. Asemeit & Abuda

concluded that a strong significant and positive relationship between financial performance

of companies and risk management processes exists. However, the Auditor General (2015)

report of the Ministry of Higher and Tertiary Education, Science and Technology
Development depicts that lack of compliance in implementing a formal risk management

structure causes a weaker link between performance and control systems in place.

There were some controversial findings by other scholars against the effects of risk

management to financial performance. Mudaki et al. (2012) argued that rather than basing on

risk management, organizations need enough capital to sustain its financial performance;

therefore, firm’s capital has a positive relationship. However, La & Choi (2012) posited that

there exists a weak relationship between risk management and a firm’s financial

performance. They suggested that better performance can be affected mainly by board and

management decisions than risk management. Retno & Denies (2012) argued that a company

with better profits are engaged into smaller revenue generation with little efforts in risk

management structures, hence a negative link between risk management and performance.

However, Keisidou et al. (2013) found a negative and significant effect between risk

management and return on equity, resulting in a weak relationship between the two.

Kiragu (2014) could not clearly assert on the effect of risk reduction on firm’s financial

performance. He asserted that firms’ risk level should be strongly monitored and assessed to

ensure improvement of performance. Bandara & Weerakoon (2012) posited that risk

management is essential but the link between financial performance and risk management of

firms is not clear.

Reviews of Auditor General (2014-2016) reflected that there are no corrective measures

taken in the MHTESTD to reduce risks as the findings are still recurring. The PAC (2015)
also supported that lack of risk reduction has been evidenced by the recurring of observations

every year. However, according to Al-Matari et al. (2012), most of the empirical studies on

the effects of risk management on performance had been done mostly in developed countries

and in insurance companies in Kenya.

Customer Satisfaction

Paul et al. (2016) observed that organizational performance begins with supplying customers

with distinct goods and services, attending to their queries consumer time saving. Keisidou et

al. (2013) noted a positive and significant relationship between customer satisfaction and

financial performance. Ghotbabadi et al. (2016) supported that the firm should make

customers happy and keep faithfulness to them as this practice increase the firm’s

performance. They added that reducing risks increases customer satisfaction and result in a

positive correlation with firm’s performance. Al-Hersh & Saaty (2014) asserted that

reduction in apparent risks result in good relationship with firm and customer and a customer

has a tendency of maintaining relationship with service providers; hence a significant

positive performance is attained by the firm. However, literature review by Mohammadi

(2012) confirmed that reduction in inherent risks results in a positive relationship between

the firm and customers’ satisfaction.

Segoro (2013) argued that it is the customer’s behavior and attitude that can cause a

repetitive demand of goods or services not actually satisfaction by the firm. Yap et al. (2012)

also argued that the firm’s performance results from the aspects of economics and

convenience by the other firm’s branches. Segoro (2013) added that value of the firm is the

major effect of the firm’s performance as value has a competitive advantage.

Some literature review indicated neutral responses. Keisidou et al. (2013) noted that the

relationship for customer satisfaction and performance is complicated as performance may be

either positive or negative. La & Choi (2012) indicated that both customer satisfaction and

loyalty are not useful in firm performance as they have no lasting effects to the firm’s

performance. Mohammadi (2012) showed that customer satisfaction has both positive and

negative impact on the financial performance.

Value of the Firm

Waweru & Kisaka (2013) studied on the effects of implementing MS on value of the firm

and observed that there exists a strong relationship between enterprise risk management and

the value of a company as managing risks add value to the firm resulting from risk

avoidance, mitigation, transferring and retention. Mohammadi (2012) supported that ERMS

methods and techniques increase value to the organization and maximize shareholder and

stakeholder values. Literature review by Retno (2012) evidenced that an overall risk based

integrated system demands for a special level of overseeing of the company’s portfolio of

risks which is associated with strategic organizational goals resulting in increased earnings to

the firm value therefore a significant positive between ERMS, firm value and performance

exists. Nugroho (2013) affirmed enterprise risk management system has a positive and

significant influence upon both company value and performance. He added that financial

performance has ability to facilitate ERMS implementation. Research results by notable

scholars, Muthohirin support that a significant positive influence that exists between ERMS

and performance has a capability of connecting company’s capital and value of firm. In
support of the view, Bertinetti et al. (2013) agreed on the positive effect of ERMS to both

value of firm and financial performance.

There are some critiques against the results of positive significance relationship between

ERMS, value of firm and financial performance as proven by the other scholars. Augustina &

Baroroh (2016) argued that implementation of ERMS is only restricted to fulfill the

requirements of listed firms in developed countries; therefore, there is no significant

relationship that influence the firm value as well as financial performance or profitability of

unregistered companies. Retno (2012) posited that a relationship between ERMS and firm

value does not exist for the company value can be influenced by its long-term objective for

the benefit of shareholders. In another review of study, Barclay (2013) observed that the

return of assets is only determinant of company value and an increase in profitability shows

the company’s ability to control its assets, as a result, profitability has positive impact and

relationship than ERMS. Barclay (2013) argued that investors do not base their decisions on

enterprise risk management due its complexity and it cannot be comparable between other

firms, therefore no positive effect exists.

The PAC (2014) note that recurring of some audit risk associated findings is a clear

indication of absence of risk reduction systems, hence negatively affects the organization’s

performance. Augustina & Baroroh (2016) asserted that results of positive effects of RM

have been studied in listed companies in developed countries, hence this objective focuses on

evaluating the effects of RM on performance MHTESTD.

Vital Success Factors for Effective Risk Management System

Ahmed & Manab (2016) defined vital success factors as the limited elements or conditions

that positively affect the successfulness and efficiency of an organization’s objectives.

Implementation of Risk Management Systems in governments departments can be

determined by effective implementation of success risks factor Barclay (2013). Empirical

studies by him revealed that present frameworks for financial risk management in public

entities in developing countries are ineffective to the extent of failing to identify and mitigate

financial risks such as operational and credit risks. The study suggested adoption of vital

success factors for successful implementation of Risk Management Processes.

Commitment of Management and Public Service Commission (PSC) Leaders

According to Corruption Watch (2012) commitment and support of managers and PSC

leaders determines successful implementation of RMS in today’s public sector setting.

“Effective commitment and support of managers and political leaders, appropriate review

and remedial measures ensure that all financial risks are identified and managed,” added

Corruption Watch (2013). Barclay (2013) supported the view by confirming that

commitment and support influence management to be objective towards achieving the

organizational goal of financial risk management. Chileshe & Yirenkyi-Fianko (2012)

asserted that committed and supportive leadership influence effectiveness of RM processes

through transparency and accountability in developing countries. Allwright (2013) echoed in

support that if management is committed and supportive, they cannot rely on audit-based risk

analysis as some of internal auditors are less competent and experienced.

Some literature review contradicts a factor of commitment by managers and leadership.

Chileshe & Yirenkyi-Fianko (2012) identified communication as the vital success tool for

implementing risk management in an organisation. They added that communication creates

mutual understanding, teamwork, as enhancing objectivity among management. Chileshe &

Yirenkyi-Fianko (2012) argued that management needs to be equipped with positive attitude

and sensitiveness towards risk management. In another study Chileshe & Yirenki-Fianko

(2012) contented that professional expertise has a great impact on adoption of RM processes.

They asserted that incorporating a public private partnership could influence a successful

implementation of risk management system in an organisation.

Chileshe & Yirenki-Fianko (2012) in another study asserted that there are no specific cut

solutions in regard to best success factors in RM implementation.

Integration of Risks in Outsourcing

Literature review by Chartered Institute of Internal Auditors (CIIA) (2013) showed that

coordination with outside organizations like private and non-governmental organizations as

well as overall internal audit function can effectively edify the RM process through adopting

skills on identifying and assessing risks to all levels of personnel. The Public Sector Audit

Committee (2014) observed that integration of risks is a success factor that reduces nepotism,

hence promoting effective administration and implementation of RM processes. In support of

the view of integrating, the IIA (2013) added that discrimination as well as challenges in

adopting financial risk processes is therefore outweighed.

Barclay (2013) argued in another review opposing the need for integration and outsourcing.

He argued that the function of the existing internal audit has impact on the RM processes and

its function is to mitigate and manage the financial risks in the public sector. He added that

internal audit has a crucial and sufficient role of supporting leadership and board members of

the public sector. In its research the IIA (2013) argued that limiting the function of internal

audit by outsourcing and integration is weakening its objectivity of scrutinizing financial

controls. SAGGPG (2013) suggested that a critical success factor lies on effectiveness of

communication between management as managers need to share knowledge pertaining RMS

implementation. Allwright (2012) revealed in another study that instead of integrating,

legislation of financial risk management is a vital success factor for RM implementing. He

argued that integration undermines the regulations of the government departments and

effective compliance to laws brings about remedial measures to mitigate financial risks.

Chileshe & Yirenkyi-Fianko (2012) mentioned all the factors like commitment of

management and PSC leaders, integration of risks in outsourcing and risk management

structure as vital success factors in implementing RM processes. He emphasized that the

factors involve risks identification, assessment, evaluation, treatment and monitoring

resulting in improvement on financial performance and risk mitigation.

Risk Management Information System

Mohammad (2014) observed that a successful RM adoption needs to be accompanied by a

compatible information system which enables organisation information. He emphasized that

risk management backed up by an information system improves the performance of an

organisation. Anorld confirmed the risk management system as success factor as it can

improve the organization’s performance. A study by Hashim et al. (2012) revealed that

integration of RMS with information technology has a strong relationship in improving the

company performance. An examination by Al-Gharaibeh & Malkawi (2013) proved that

implementing RM processes with information system can upgrade the performance of public

entities.

Implementing management information system in organizations enhances risk management

processes Altaany (2013).

A number of literature review discounted arguments against accepting risk management

information system as better success factor in enhancing a sound RMS. Their arguments

proved use of organizational innovation and or employing new ideas as a critical success

factor in implementing risk management system. Dugguh & Diggi (2015) posited that

sourcing new different ideas edify risk management hence improving the organization’s

performance. Mbizi et al. (2013) asserted that innovation is the prime success factor that can

sustains implementation of RMS for a better firm position. Literature review by Zumitzavan

& Udchachone (2014) proposed that new ideas in the organisation can enable effective
implementation therefore significantly affect organizational performance. Different reviews

by Manab & Kassim (2012) argued that implementation and successfulness of risk

management practices can be affected by adequate staff competence. Hohan et al. (2015) also

discounted the factor use of information system and indicated that management skills are

crucial factor in implementing risk management processes.

Analysis by Ahmed & Manab (2016) indicated that all factors can be successful when

adopting risk management systems. They also agreed in their propositions that factors like

management commitment, integrating risk management and information systems positively

affect the organization’s financial position. The scholars could not come up with a specific

distinct success factor. Dabari & Saidin (2015) agreed with other authors that ineffective

RMS was a major indicator on poor financial performance, but they were silent in suggestion

to critical success factors. The IMF (2013)’s analysis cited non-existence of risk management

as the main diver of the organization’s poor performance. Gates et al. (2012) were being

impartial in identifying the critical success factors. They observed that most of organizations

in developing countries are failing to implement risk management processes.

Review of AG reports by PAC (2014-2015) revealed that the MHTESTD is lacking some

vital success factors such as commitment by management, modern information technology as

well as integration with other private companies that has fully adopted the RMS. As a result,

implementing strong RMS becomes difficult

Management Skills, Knowledge and Capabilities to Implement Risk Processes

 Effective and efficient risk management system needs the coordination of highly competent

and professional risk managers. For the managers to be efficient, they need to demonstrate if

they can undertake their duties and responsibilities effectively so they should go under

scrutiny, Actuarial Association of Europe (AAA) (2016). AAA (2016) asserted that skills and

capabilities required for risk management are essential and contribute to the

successorganisation and the skills and capabilities include: communication skills, technical

skills and assessment skills.

Communication Skills

Studies conducted by Berger & Meng (2014) revealed that communication is cornerstone of

organization success as for it is a two-way process which need to be initiated, relayed with an

expectation of feedback. He added that communication encompasses training of employees,

motivating employees and resolving conflict and the management is required to be equipped

with the skill of communication. Notable scholar, Watson (2012) asserted that organizations

need to make investment for and ensure that risk managers acquire communication skills for

fulfilling the goals and strategies for plan decisions. Berger & Meng (2014) supported the idea

and added that is a major skill every leader should have for ensuring informed decision as

interacting with stakeholders.

Stacks & Michaelson argued that risk managers need to be well furnished with knowledge and

training for them to demonstrate to support staff on how work should be performed. They

emphasized the need for knowledge and training for the purpose of evaluating the work at each

stage. Zerfass et al. (2016) posited that it is not only communication required as a skill for

managers but expertise for monitoring and evaluation of goals and risks associated with
performance of the firm. Kiesenbauer & Zerfass (2015) argued that the basic success factor for

managers is personal competence as most organizations underutilize communication skills.

Literature review by Macnamara (2015) showed that management failed to apply communication

skills; hence, it became a challenge in achieving goals. Likely and Watson (2013) argued that

several professionals often disregard the importance of communication skills to the success of

the organisation. Volk (2016) posited that the of measuring and evaluating communication skills

among managers is a considerable practice in developed countries like United States of America

and not in developing countries

Zerfass et al. (2016) neutrally agreed that many risk managers are lacking required expertise for

measuring and evaluating risks, although knowledge and communication skills affects the

objective of an organisation. Watson (2012) argued that communication process in companies is

not properly employed in organizations and the strategy for communication either affect or does

not affect organizational goals.

Technical Skills

Chileshe & Yirenkyi-Fianko (2012) observed that the success of risk management process is

achieved by the existence of a technically skilled manager. He added that a risk manager who

is equipped with technical skills is capable of leading and directing the risk team as well as

managing risks in difficult circumstances. Mironescu (2013) supported that a qualified and

technically skilled mager can apply his knowledge and specified techniques like

demonstrating the use of technology in programming risk management software, tracking

and controlling exposed risks. He also explained the importance of technical skills as
enabling accumulation of new skills such as monitoring, planning, evaluation and

organizational skills.

Opran argued that a successful risk management process depends on a dedicated team,

planned activities and good allocation of resources. They also posited that success of risk

management implementation is determined by emotions, attitude of risk manager and

perception by the team members rather than technical skills.

Knowledge and Training Skills

Noble et al. (2014) confirmed that risk managers should be strongly equipped with

knowledge and training skills for the effective measurement and evaluation of risks. In

support, Chileshe & Yirenkyi-Fianko (2012) asserted that knowledge enhances collaboration

between risk managers and team members, hence, improves organizational performance.

Feledi & Fenz agreed that knowledge can be shared from the manager to the risk team and

across the organisation through training, so it is significant for managers to be acquainted

with knowledge in risk management. Kamhawi (2012) asserted that knowledge management

and training are major influences of organizational performance, therefore management need

to utilize and value knowledge effectively. Bosua & Venkitachalam (2013) supported the

significance of knowledge. They observed knowledge as a vital resource for the success of an

organisation. However, their study was mainly based on private firms in developed countries.
Opran argued that risk managers must have positive attitudes towards success of projects

instead of attaining other skills. The study by Oluikpe (2012) revealed that knowledge is not

worth for performance because it fades with time. Hislop (2013) posited that knowledge is

rooted in someone so it cannot be separated from a person such that he can transfer to

another firm with his knowledge; as a result, knowledge is a personal asset. Olatokun &

Nwafor (2012) argued that employees are not willing to share knowledge therefore lack

collaboration makes knowledge unnecessary to the organisation. Liao et al. (2012) in their

study suggested organizational culture as a better factor that can make an organisation to

success than knowledge. They asserted that culture can be shared than knowledge.

Literature review by Slipicevic & Masic (2012) revealed that both knowledge and

communication skills are equally significant for risk management. Lee & Fink (2013)

observed that both knowledge and training can strain or benefit performance of an

organisation depending on the ways the companies utilize them.

After a comprehensive and critical evaluation of the effectiveness of risk management system

on the financial performance in a public sector setting, there still exists a gap in public

entities of developing countries like Zimbabwe. Yegon (2015) asserted that all empirical

literature reviews by almost every notable scholar were focusing on the insurance firms,

financial institutions and private construction companies of developed countries and some of
which are listed on the stock exchange. This objective is focusing on management

capabilities, knowledge and skills in implementing RMS in MHTESTD.

Controls Put in Place to Ensure Risk Guidelines Implementation

The Ministry of Higher and Tertiary, Science and Technology Development’s risk

management is a risk-based internal auditing in which the audit function is stipulated in the

Public Finance Act Chapter 2:19, (PFMA) Section 80 (1) to (5). In this section the audit

function as a control tool is has a mandatory to monitor the overall ministry’s finance

administration and accounting procedures. According to PFMA Chapter 22:19, Section 80

(2) (i) to (v), the audit function is to examine books of accounts, safeguard assets,

recommend on findings made during audit exercise where necessary and to ensure internal

controls in place are adequate as well as assessing the cost effectiveness of projects.

The Chartered Institute of Internal Auditors (IIA) (2014) defined risk audit based internal

auditing as a system in which internal audit is being connected to a company’s overall

framework of risk management system. IIA revealed that the internal audit is prescribed to

give assurance on the risk processes to the risk board and it should ensure effectiveness and

efficiency management of risks. Furthermore, the internal audit should report all its

assessment of work to the management of the organisation and to the audit committee.
 The risk-based audit of the ministry under which the internal audit is undertaking is

requiredto have an establishment of an audit committee which should consist of at least three

independents nonexecutives including the chairperson, PFMA (Chapter 22:19, Section 84).

The Auditor General Report (2016) observed that the ministries are not fully complying with

the requirements of the PFMA Chapter 22:19, Section 84 which define the function of an

audit committee function in regard to risk management.

Risk Based Audit (RBA) and Financial Performance

Critiques arose against the effectiveness of risk based integrated systems as some scholars highly

supported the adoption of risk-based audit (RBA) as critical to the firm. Chileshe & Yirenkyi-

Fianko (2012) argued that internal audit significantly affects the firm’s performance through

accountability and transparency. Basing on the audit role in identifying risks, they agreed that

RBA has can highly influence the organization’s performance; therefore, a positive relationship

between RBA and performance exists. Slipicevic & Masic (2012) confirmed on that RBA

encompasses all aspects of RMS through accountability, transparency and responsiveness

although it is not a modern and integrated system. Zerfass et al. (2017) conflicted on the

effectiveness of an ERMS giving reasons that it cannot be afforded as it can be costing more, and

it can be easily afforded in developed countries. They justified their opinion basing on the

perception of insurance firms in developing countries that RBA is associated with strong

organizational performance. A study by COSO posited that effects of RBA can improve the

firm’s performance through institution of internal control systems. Kiragu (2014) contributed to

opposition of ERMS that RBA influence the economy by boosting investments and creation of

business innovation and therefore positively affect the firm’s financial performance.
Empirical studies by Kinyua revealed that a risk management system that that can mitigate

operational and financial risks should be comprised of all components of risk management

such as risk identification, analysis, monitoring and assessment.

Summary of Key Findings

Effects of Risk Management System on Financial Performance

Research finding was that fraud risk reduction significantly and positively affects

organizational performance due to minimized losses.

Non-existence of audit committee hindered complete adoption and application of risk

management process within the ministry. The same observation had been raised in Auditor

General (2015 to 2016) and had been noted as incompliance to the requirements of section 44

of the Public Finance Management Act Chapter 22:19 that ministries must appoint an audit

committee in implementation of risk management system.

However, the ministry controls were observed as not adequate and reviewed periodically.

This finding concurred with the AG report.

The Vital Success Factors that can Contribute to Effective Implementation of Risk

Management in the Ministry

Findings from the study revealed that adoption of RM processes can be made easy by the

vital success factors like, training key personnel, teamwork, commitment and support by

management.

Management Skills, Knowledge and Capabilities to Implement RM Processes

The study found that risks were not effectively communicated to departments. Risk team

lacks communication skills, have inadequate assessment.

Controls put in Place to Ensure Guidelines are Implemented

It was noted with concern that internal audit function was also serving as the risk

management team with the absence of an audit committee. The system was inadequate;

hence compliance to PFMA Chapter 22:19 section 84 was not done.

DATA ANALYSIS

It is time for businesses to shift from risk management to a risk enabled performance

management system to identify emerging risk trends.

The shift in approach from Enterprise Risk Management to Risk Enabled Performance

Management

Risk transformation

We help boards and CxOs build agile and risk-aware organizations that make better decisions

to achieve their strategic objectives.

Technology Risk

EY teams provide assessment and attestation services to help companies understand and

manage business risks related to technology in the Transformative Age.

Today, data availability is limitless, technology is getting smarter and sharper, and business

dynamics are more challenging than ever before. With this constantly increasing complexity

and speed of change, harnessing the power of an effective risk management process has

become imperative for the strategic and long-term success of an organization.

Traditional risk management approaches are based primarily on subjectivity and individual

perceptions, which may not be the optimal way of dealing with the emerging risk landscape.

Hence, the approach needs to evolve, rather transformed from risk management to risk

enabled performance management (REPM). With REPM, the focus shifts to mapping the

business drivers critical to achieving the objectives and helping business stakeholders

identify relevant emerging risk trends and metrices for its effective monitoring. The

effectiveness of this approach lies in granulating the business drivers into key strategies and

tasks, without losing focus on the macro perspective.

Embedding data analytics and other technologies across the risk management process
With the rise of new risks, the use of data analytics and other advanced technologies has

become more important than ever. Incorporating data analytics in risk management is key.

The risk management approach must embed these technologies across the entire risk

management process, starting from identification to assessment to mitigation to monitoring.

Each step of the process presents a great opportunity for leveraging the power of analytics.

Let’s look at the application across each of these stages:

Incorporating data analytics in risk management is key. The risk management approach must

embed these technologies across the entire risk management process, starting from

identification to assessment to mitigation to monitoring. Each step of the process presents a

great opportunity for leveraging the power of analytics. Risk analysis is a multi-step process

aimed at mitigating the impact of risks on business operations. Leaders from different

industries use risk analysis to ensure that all aspects of the business are protected from

potential threats. Performing regular risk analysis also minimizes the vulnerability of the

business to unexpected events.

To facilitate effective risk decisions, data must be turned into the right information and

delivered to the right people in an understandable format. This article focuses on developing

an effective data management framework for the analytical data used for regulatory and

business reporting.

Is there an effective data management framework for analytical data?

 This article focuses on developing an effective data management framework for the

analytical data used for regulatory and business reporting. As banks face increasing

regulatory scrutiny, risk managers and senior bankers must adapt their current practices.

Risk Data Quality Assessment When project managers use the risk data quality assessment

method, they utilize all the collected data for identified risks and find details about the risks

that could impact the project. This helps project managers and team members understand the

accuracy and quality of the risk based on the data collected.

Top Risk Management Tools & Techniques for Project Management

1. Brainstorming
2. Root Cause Analysis
3. SWOT Analysis
4. Risk Assessment Template for IT
5. Probability and Impact Matrix
6. Risk Data Quality Assessment
7. Variance and Trend Analysis
8. Reserve Analysis

These are some of the most widely used tools and techniques by project managers to ensure that
they implement risk management along with their Project Management strategies successfully.
This will help in protecting projects against the many risks they could face as well as other issues
and challenges.
1. Brainstorming

Before any project begins, the first step is to plan a strategy. For this, the team members conduct
brainstorming sessions with the project manager. This brainstorming session needs to include all
the risks that could impact the project’s completion and success.

The steps involved in this brainstorming process are:

 Reviewing all project documentation

 Overseeing all historic data and information about risks from previous projects that
are similar to the current one
 Reading over articles related to the risks involved
 Understanding all organizational process assets
 Any information available that will give insight into the issues that might occur while
the project is going on
The project manager can also get in touch with experts, team members, and other stakeholders
who might have experience with handling risk in similar projects.

2. Root Cause Analysis

This is a technique to help project members identify all the risks that are embedded in the project
itself. Conducting a root cause analysis shows the responsiveness of the team members in risk
management. It is normally used once a problem arises so that the project members can address
the root cause of the issue and resolve it instead of just treating its symptom. It answers questions
such as: What happened? Why did it happen? How? Once these questions are answered, it
becomes easier to develop a plan of action so that it does not happen again in the future.

3. SWOT Analysis

SWOT is an analysis to measure the strengths, weaknesses, opportunities, and threats to a

project. This tool can be used to identify risks as well. The first step is to start with the strengths
of the project. Then team members need to list out all the weaknesses and other aspects of the
project that could be improved. Here is where the risks of the project will surface. Opportunities
and threats can also be used to identify positive risks and negative risks respectively.

All findings need to be put on a grid to make analysis and cross-referencing easier.

4. Risk Assessment Template for IT

66% of financial institutions believe that collaboration between business operations, such as
projects, and risk management is a top priority when it comes to enterprise risk management.
There are some techniques that are used for other departments that can be used to manage risks
within a project as well.

A risk assessment template is usually made for IT processes in an organization, but it can be
implemented in any project in the company. This assessment gives a list of risks in an orderly
fashion. It is a space where all the risks can be collected in one place. This is helpful when it
comes to project execution and tracking risks that become crises.

The risk assessment template comes with figures and probabilities of any risk occurring, along
with the impact it will have on the project. This way the project manager and the team members
are fully aware of the potential harm of any risk and the likelihood of it occurring.

5. Probability and Impact Matrix

Project managers can also use the probability and impact matrix to help in prioritizing risks
based on the impact they will have. It helps with resource allocation for risk management. This
technique is a combination of the probability scores and impact scores of individual risks. After
all the calculations are over, the risks are ranked based on how serious they are. This technique
helps put the risk in context with the project and helps in creating plans for mitigating it.

6. Risk Data Quality Assessment

When project managers use the risk data quality assessment method, they utilize all the collected
data for identified risks and find details about the risks that could impact the project. This helps
project managers and team members understand the accuracy and quality of the risk based on the
data collected.

The data quality assessment is used to improve the project manager’s understanding of the risks
the project could face as well as collect all the information about the risk possible. By examining
these parameters, they can come up with an accurate assessment of the risk.

7. Variance and Trend Analysis

Just like other control processes in the project, it helps when project managers look for variances
that exist between the schedule of the project and cost and compare them with the actual results
to see if they are aligned or not. If the variances rise, uncertainty and risk also rise
simultaneously. This is a good way of monitoring risks while the project is underway. It becomes
easy to tackle problems if project members watch trends regularly to look for variances.

8. Reserve Analysis

While planning the budget for the project, contingency measures and some reserves should be in
place as a part of the budget. This is to keep a safeguard if risks occur while the project is
ongoing. These financial reserves are a backup that can be used to mitigate risks during the
project.

FINDIND AND SUGGESTION

Risk and Opportunity Management Plan
A risk management strategy should be defined during the project planning phase while drafting
the Project Management Plan. In fact, when launching the project, it is possible for the project
team to identify a large number of potential risks, depending on your risk culture.

The Project Management Plan (also called PMP, and not to be confused with the PMP
certification) consists of several parts, including the Risk Management Plan.

A Risk and Opportunity Management Plan, or ROMP, is a comprehensive description of the

processes in place to manage a project’s Risks and Opportunities (R&O). It includes the role of
the various project stakeholders, steering, and decision-making bodies; tools used; interfaces to
be considered; planned reporting; etc.

The ROMP should evolve throughout the life cycle of the project as it will be used as a reference
for the project. Newcomers to the project as well as existing team members can refer to it to
understand the operating model and raise questions they may have.

For the ROMP to be relevant, the project must first have:

  Clearly defined objectives,
 An identified master schedule, as well as
 A preliminary cost estimate for completion.
These elements will then make it possible to define the different levels of risk based on clear
criteria.

It is recommended to start the implementation of risk management by defining a risk matrix (or a
risk assessment matrix). This tool, defined in more detail below, allows risks and opportunities to
be assessed objectively and consistently. The impact criteria are then based on the objectives of
the project; the most common of which are cost, time, and quality.

Risk Matrix

The Risk Matrix must objectively define each criterion – probability of occurrence and severity
of impact – with differing levels. While we would typically define risk impact by high, medium
and low, we at MI-GSO | PCUBED actually recommend completing a quantitative risk analysis,
defining risk impact and occurrence with numerical levels.

By quantifying these otherwise qualitative attributes to risks and opportunities, organizations can
better place risks on the criticality scale and prioritize them. This also allows for more flexibility
in visualizing risks on your risk reporting dashboard, but we are getting ahead of ourselves here.
We’ll explain this more in the Risk Management Process.
 Risks & Opportunities Heat Map
For example: for the cost impact, it is common to use % of cost at completion; while for the
impact to the timeline or schedule, one would use the ability to achieve milestones to define the
different levels.

Regarding the probability of risks occurring, conventional percentages can be used such as 5%,
25%, 50% or 75%. Note: associating words with these probabilities will sometimes help
managers for whom a number alone may be too abstract. For example: 5% very unlikely vs. 25%
not to be ruled out, vs. 75% quite likely. Or even using numbers based on chance: 1 in 2 chances.

Note: Be Careful! Depending on the company, the rating meaning may vary either 1 represents
the least serious impact and probability, because it is very small; or 1 represents the most
important level so that it represents priority #1. So be vigilant and remember to refer to the
ROMP and the defined risk matrix to know what situation you are in!

A risk matrix can have several configurations:

 4 x 4: 4 levels of impact, 4 levels of probability. Ideal since there is no neutral position.

 4 x 5: 4 levels of impact, 5 levels of probability. It is sometimes useful to be able to have
a greater scale of probability and to be able to estimate 1 in 2 chances.
  5 x 5: 5 levels of impact, 5 levels of probability.

Impact and Probability Scales

Conclusion

The effects of RM have been proven as significant and positive to the organizational

performance through a reduction in the fraud risks, customer satisfaction and retention of

customer loyalty. However, the research established that adoption and application of an

effective risk management system is negatively affected by major barriers such as lack of

trained personnel that results in knowledge gap, non-existence of audit committee and lack of

management commitment and coordination. Vital success factors that can provide solution to

the effective execution of risk management processes were studied through remarkable

scholars. The research also studied the effects of implementing risk management on the

organizational performance where such effects were observed as fraud reduction and

customer satisfaction. The researcher believes that the recommendations from the study will

assist management in establishing a formal risk management system.

REFRENCE

Top 8 Risk Management Tools and Techniques in [2021] (invensislearning.com)

Role of data analytics in risk management (ey.com)

Enterprise Risk Management Planning and Implementation | Deloitte Switzerland | Risk

Advisory | Solutions

Literature Review on the Effectiveness of Risk Management Systems on Financial

Performance in a Public Setting (abacademies.org)

https://www.bing.com/ck/a?!

&&p=b08cb18b8967ace37bdbe72d8cbd77f7JmltdHM9MTY1NzA0MDI4NyZpZ3VpZD1k

MDRmNjEyOS1iNzE2LTQ4MmUtYTBkMS1mNmZiNTI1N2UxMmEmaW5zaWQ9NTM

5Ng&ptn=3&hsh=2&fclid=a43d4048-fc83-11ec-a1db-

dbb2f624d8a5&u=a1aHR0cHM6Ly93d3cuaW52ZW5zaXNsZWFybmluZy5jb20vYmxvZy9

yaXNrLW1hbmFnZW1lbnQtdG9vbHMtdGVjaG5pcXVlcy1pbi1wbS8jOn46dGV4dD1SaX

NrJTIwRGF0YSUyMFF1YWxpdHklMjBBc3Nlc3NtZW50JTIwV2hlbiUyMHByb2plY3Ql

MjBtYW5hZ2VycyUyMHVzZSxvZiUyMHRoZSUyMHJpc2slMjBiYXNlZCUyMG9uJTIw

dGhlJTIwZGF0YSUyMGNvbGxlY3RlZC4&ntb=1