C APÍTULO VI: R EFERENTES

This section analyses and discusses the research findings with the aim of answering the research questions and fulfilling the objectives of the study in EAM. The discussions are around the themes that emerged from the data collected namely, value of risk management, potential risks at EAM, risk management practices and critical success factors.

4. 5.1 Value of risk management

As shown from the results (section 4.1.3), all the respondents were aware of the importance and value that an effective risk management has added or could add to EAM as an entity. However as noted the level of risk awareness and capacity to mitigate the identified risks is still inadequate and needs enhancement as indicated by many respondents. Results show that EAM could increase the organisational value by ensuring effective risk management. This is evidenced by some who indicated that risk management would improve on EAM trustworthy by both internal and external stakeholders. However, as noted by Kubitscheck (2000), risk management could only be more valuable if undertaken in a proactive approach.

4.5.2 Potential risks in EAM

As discussed in literature review in Chapter 2 of this study, it is evident that organisations are faced with many risks. From the results, it is clear that inadequate funding, human resource especially staff retention , sustainability of projects, financial risks, economic instability, unfavourable environmental factors, inadequate skills and knowledge, political interference, social -cultural risks are all intrinsic in the day to day activities of EAM as shown on table 4.1. Among all the identified risks by most respondents, inadequate funding tied to donor dependence was cited by fifty six percent of respondents as the most significant risk in EAM. This can be attributed to the fact that over ninety percent of EAM’s activities are donor funded. This is a big risk factor that warrants appropriate mitigation measures to be in place above what EAM management

respondents indicated, with the growing donor fatigue, dwindling external aid globally and withdrawal of some donors in Malawi, EAM may not be able to realize her objectives. This could be supported by an example given by one of the respondent on what happened at one time when EAM had only one donor. At that particular time, the donor froze their funding for seven months due to misinformation by one of the EAM staff and the EAM secretariat had difficult time sustaining staff and its operations. These circumstances forced EAM to broaden its donor base.

It is evident donor dependency remains a significant risk as one respondent quoted: “due to the recent corruption cases in the country in addition to misappropriation of funds by other sister organisations, reliance on donors funding remains unpredictable for EAM”.

The second most significant risk in EAM relates to human resources as indicated by forty eight percent of the respondents. This is no surprise because human resource is a source of risks in many organisations (TĂTĂRUŞANU, 2009). The issues of concern in EAM are related to the ability to attract and retain staff with the requisite qualification in terms of skills and knowledge. As argued by Collins (2011), to move an organisation from good to great organisation requires having the right people first before a strategy. As Knowles (2011) posit, for EAM to be an outstanding organisation, there is need to identify, train and sustain staffs’ capabilities and knowledge. However, EAM’s ability to attract and retain the right people is currently challenged by the current level of funding that limits EAM from offering competitive salaries. As observed (Table 4.1), EAM has already taken some measures to mitigate the human resources risks such as staff training. However, as Schmidt et al. (2011) argue, there is need for EAM to plan ahead of the current demand of personnel because the competition for competent staff is greatly increasing. The unfortunate aspect as mentioned by one respondent is that “EAM offers good platform for capacity building and good exposure for its staff after which the staff became more marketable hence retention becomes a challenge”. Aspects of motivation, health and safety and security of staff that did not feature much

should also be included in the human resources risks and mitigated appropriately.

Sustainability of projects after the end of funding was identified as the third most significant risk in EAM. This is not different from study by Wabwoba and Wakhungu (2013) that established sustainability as major challenge facing food security projects studied. If this risk is not properly managed by EAM, the objective of transforming social and economic lives of the target population may not be realised in the long-term. Notably, one respondent indicated that the aspect of sustainability of projects is sometimes overlooked in the project strategy. Hence more needs to be done especially in the areas of strengthening community ownership and capacity to manage these projects from the onset. The economic instability owing to global as well as national economic instability in Malawi was the fourth most significant risk in EAM. Most of EAM projects are funded in Kwacha and as a result, when the Kwacha depreciates, as it has been in the recent past, a number of these activities may not be completed as planned. This would significantly impact on the reputation of EAM among peers, target beneficiaries and donor community because donor funded projects have agreed targets.

Although the EAM management felt that they had put in place adequate measures, to mitigate financial risks, it still remains a major risk. This is because finance related risks still remains a major threat in many organisations as one respondent quoted “we have to ensure mitigation measures are in place because there will always be some financial losses”.

There are other risks that were identified in this study as discussed in section 4.2. These should form part of an integrated ERM framework in EAM.

4.5.4 Risk management practices

As earlier discussed in Chapter 2.2 of this study, risk management practices are all the activities that involves identifying, analysing, risk treatment, monitoring

and controlling risks with an aim of reducing the negative impact and enhancing the opportunities. On the contrary, risks are not handled in a systematic way in EAM as observed from the results.

The current EAM risk management practices have some elements of a traditional risk management that that puts more emphases on financial risks as opposed to all business risks. This is evidenced by the strong internal audit function. Furthermore, each department or project deals with their risks independently. Consequently, internal auditing may need to be strengthened and extended to manage all risks in EAM. The independent risk management approach in EAM could create ineffectiveness due to of lack of coordination between projects or departments (Hoyt and Liebenberg, 2011), in addition to creation of communication barriers as indicated by some respondents.

An integrated risk management approach in EAM as established in Hoyt and Liebenberg (2011) study may be helpful by ensuring integration of decision making process across all EAM projects. This helps in maximisation of resource utilisation and reduction in duplication of efforts. A systematic risk process could ensure all EAM risks are properly managed.

The fact that EAM has no risk manager with expertise to spearhead an organisational wide risk management may be a challenge for EAM to coordinate and manage all the risks effectively. Notably, most respondents felt the internal audit played the role of a risk manager. This is no different from other studies (Castanheira et al., 2010) where audit played the role of risk manager. In a different study by Driscoll (2014), it established that finance officers were taking the responsibility of ERM in their organisations. However, as observed by Abdullatif and Kawuq (2015) the role of an internal auditor in risk management is limited only to compliance on financial matters while overlooking other risks. As argued by Elahi (2013) this compliance driven risk management in EAM cannot effectively manage all the risks.

From the results, risks are identified either during proposal development stage, quarterly review meeting and internal audits or in district fora. There is therefore no clarity on how risks are analysed and prioritized. In addition, there is no risk register that should be showing the risk owner, actions taken to address the risk and the status of the risk in the project cycle or emerging risks. As some respondents indicated risks are basically captured as assumptions, challenges or gaps. In addition each project separately reports on what challenges were encountered and how they were addressed.

Moreover many respondents acknowledged that in today’s world, risk management has become an important business process as a result of many emerging issues and the volatile working conditions and unstable environments. As a result, many respondents felt the need for a more proactive integrated risk management approach as opposed a reactive approach. This agrees with Botkin and Felton (2009) study that revealed the need for paradigm shift on how risk management was handled in the troublesome times requiring organisations have to move from traditional risk management to a more integrated risk management system.

Integrated risk management practices in EAM would improve on decision making process, organisation stability and problem solving. This is evidenced by a study by Oehmen et al. (2014) that found a direct association between risk management practices with decision making, program stability and problem solving.

4.5.5 Critical success factors for risk management

This section discusses the aspects that the respondents indicated were necessary for effective risk management in EAM:-

4.5.5.1 Development of a risk management policy and strategy

The respondents identified establishment of a risk management policy and strategy as vital for EAM. This agrees with study by Pana and Simionescu

strategy in organisation that endeavours to achieve. A well-structured policy drives the risk agenda by providing guidelines that spells out what is expected from different players, roles and responsibilities as far as risk management is concerned. This agree with Yaraghi et al. (2011) study that found risk strategy as key influential factor for risk management systems as it helps to shape organisational culture, structure and resource allocation.

Prior studies have shown the importance of a risk policy. For example, Majdalawieh and Gammack (2005) and Hung (2012) have a similar opinion that an organisational risk policy demonstrates board’s commitment to risk management and provides guidelines and authority to the risk manager. Addo and Twun (2013) study revealed that sound risk management polices impacted on the sustainability of micro financial institutions and facilitated their complementary role in economic development. This is supported by Dionne (2013) study that revealed that the failure of top management to support independent risk management polices contributed to losses during the 2008 financial crises.

4.5.5.2 Staff training

Respondents felt that staff training in various organisational aspects and project management as well as on risk management was crucial. This is due to many emerging issues challenging their delivery of their services hence the need to be kept abreast with current skills and knowledge. As argued by Carey (2001), for an organisation to effectively respond to changing conditions, staff capacity building on risk management and involvement in early warning system is paramount.

Some respondents indicated that training and orientation was critical for the new employees. This is confirmed by Paula and Montana (2013) study that established that precise policy awareness training at every organisation’s new hire orientation program was one of the contributing factors to ensuring a sustainable policy management for an effective risk management.

As argued by HM Treasury (2009), for staff to effectively handle risks, they need to receive appropriate direction and training on the typical risks that their organisation faces in relation to their work and the action to take in managing those risks. In addition staff performance reviews should include assessment of relevant risk management skills and identification of the gaps.

4.5.5.3 Risk management culture

Most respondent indicated that there was no strong risk management culture within EAM hence the need for embedding risk culture in EAM at all levels. As noted from Malik and Holt (2013) study people’s awareness of risk and organisational risk culture are contributing factors to ERM adoption.

A mature risk culture provides an environment where staff feels capable of raising risk related issues and have confidence that their issues will be heard and acted upon (HM treasury, 2009). Establishing a risk culture permits a focused strategic planning by the management that promotes greater business opportunities and potential improvement (Lai and Lau, 2012).

Hillson and Murray-Webster (2004) view an appropriate and mature risk culture as a crucial CSF for an effective RM that is mostly lacking in many firms. As argued by Dornberger et al. (2014), a risk-aware culture is indispensible as it ensures that the risk process is institutionalised in the organisation. McConnell (2012) study established that risk management culture was a pre-requisite for improvement of RM after the 2008 global financial crisis while Driscoll (2014) study established that risk-intelligent culture keeps decision-makers engaged in the process. The importance of a risk management culture is supported by Kimbrough and Componation (2009) study that found a strong correlation between importance of risk culture and staff performance on risk management. 4.5.5.4 Appointment of a risk manager

Respondents indicated that there was need for a person designated to coordinate risk management activities in EAM. This agrees with study by Arya (2012) that established the role of chief risk officer as critical in risk

management in any enterprise. Owing to the many projects undertaken by EAM, a qualified risk manager with good facilitation skills is vital for an effective risk management. A study by Daud et al., (2013) within Public Listed Companies (PLCs) found that, a qualified Chief Risk officer (CRO) had stout influence on the level of risk management adoption. Other studies Daud et al. (2010) and Waweru and Kisaka (2013) established a significant relationship between the presence of CRO and the level of risk management implementation. It is important to note that the CRO can bear different titles such as risk coordinator, risk manager, risk champion, or risk process facilitator (Hillson, 2013). Dionne (2013) recommends the CRO to have decision making powers as opposed to passive risk assessment and analysis.

4.5.5.5 Top leadership support and involvement

It was clear from majority of the respondents that organisational risk management was top leadership function. This concur with HM Treasury (2009) guideline that states that senior leaders of an organisation are supposed to reinforce and sustain risk proficiency, while ensuring organisational resilience and obligation to excellence.

As evidenced from the results, the top leadership has not provided all the necessary support to risk management in EAM. As both Hillson (2012) and Wieczorek-Kosmala (2014) argue, the commitment of top leadership in risk management can be demonstrated by use of risk information in decision making, appointment of a risk manager and allocation of resources. Respondents felt that adequate resources were required to ensure an effective risk management in EAM notwithstanding the budgetary constraints in EAM. This view is supported by Zhao et al. (2014) study that found insufficient resources as a significant limitation to ERM implementation in many organisations.

Hung (2012) posits that effective risk management should begin from the top. Campbell (2015) study established that leadership and governance were critical success factors for risk management. This agrees with Rahman et al., (2013)

study that found high participation of boards in risk management considerably increased the risk management process, leading to advanced risk management practices in Islamic banks. As suggested by Dionne (2013), the use of risk management information by the top leadership is crucial as they venture into new investment opportunities.

4.5.5.6 Information Technology (IT)

Adequate use of information technology was found to be a significant factor for effective risk management in EAM. The organisation has developed as website that enables publication of its operation and achievements. This website as Njegomir and Ciric, (2011) argue, could also improve organisational reputation. However, other respondent felt an intra-communication network could also significantly support risk management by connecting all levels of management. Respondents indicated that improved communication could enhance service delivery. This is evidenced by Melville et al. (2004) study, which established IT as a crucial factor to improving organisational performance. As noted by Patterson, (2015) information technology could help EAM to perfectly link, communicate and process organisation’s transactions with all their stakeholders easily. This would enhance timely risk information which is critical for an effective ERM program.

As observed from COSO ERM (COSO, 2004), risk framework information and communication are vital framework aspects that also serve as feedback tools. Patterson, (2015) argue that the use information technology enhances risk management effectiveness though lacks in many organisations.

It is important for an organisation to maintain an inventory of all the organisation’s risks either in simple well managed spread sheets, tables or other sophisticated ERM software. A tool like a risk register could help to capture, categorize, organize, track, and prioritize the organisation’s inventory of risks (Hillson, 2012).