Next Article in Journal
The Causal Nexus of Consumer and Business Confidence Indexes in Early Pandemic Period: Evidence from OECD Countries
Next Article in Special Issue
Impact of Improved Corporate Governance and Regulations on Earnings Management Practices—Analysis of 7 Industries from the Indian National Stock Exchange
Previous Article in Journal
Geographic Scope and Real Estate Firm Performance during the COVID-19 Pandemic
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JRFM
Volume 14
Issue 7
10.3390/jrfm14070310
jrfm-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

The Development of a Small and Medium-Sized Business Risk Management Intervention Tool

by
Niël Almero Krüger
1,* and
Natanya Meyer
2,*
1
Department of Business Management, College of Business and Economics, University of Johannesburg, Johannesburg 2092, Auckland Park, South Africa
2
SARChI Entrepreneurship Education, Department of Business Management, University of Johannesburg, Johannesburg 2092, Auckland Park, South Africa
*
Authors to whom correspondence should be addressed.
J. Risk Financial Manag. 2021, 14(7), 310; https://0-doi-org.brum.beds.ac.uk/10.3390/jrfm14070310
Submission received: 17 May 2021 / Revised: 10 June 2021 / Accepted: 19 June 2021 / Published: 7 July 2021
(This article belongs to the Special Issue Green Marketing, Green Finance and Sustainable Development)
Browse Figures
Versions Notes

Abstract

:
Risk is inevitable in business. For large companies, risk management is formalised and structured through compliance with industry standards. However, small and medium-sized businesses (SMEs) rarely have adequate resources to develop their own standards or conform to pre-established criteria. This results in an increased vulnerability to risk, which tends to undermine SMEs’ sustainability. The primary reasons for the low adoption rate of risk management are related to the tremendous initial difficulty in orientating the business concerning risk and the significant investment of the workforce in developing and implementing a structured managerial process. The objective of this paper is to produce a guided process tool for small and medium-sized businesses with which they can identify, evaluate, and appropriately address risks from an SME perspective. Moreover, this intervention would offer enhancements at no cost beyond the time of its implementation. In order to identify what constitutes holistic risk management, document analysis was applied, which utilised risk management standards, academic articles, books, and regulatory policy and strategy documentation. The identified elements were integrated with a tool that improves business owners’ capacity to position themselves in context with their daily risk management challenges.

1. Introduction

Risk, as per definition, is embodied in reducing a business’s assets values or forfeited business opportunities and originates from the functions performed in and the environment of a business (Aven and Renn 2009; Marx and de Swardt 2013; Šebestová and Sroka 2020). Moreover, the risk is present when the frequency, exposure, probability, or outcome of risk is unspecified as it relates to a possible risk event (Kaplan and Garrick 1981; Knief 1991; ISO 2018). SMEs do not have the equivalent motivation to comply with risk standards because the size of their operations rarely requires thorough compliance with standards similar to the expectations of larger companies. Additionally, many of the risks identified by these standards require immediate intervention by the business; however, these are often left unmanaged, placing the business in a vulnerable position (King and Lessidrenska 2009; Smit and Watkins 2012; Oláh et al. 2019a). Overall, the smaller the business, the less likely management will be aware of risk management standards or how to implement such protocols (Weissinger 2013) effectively. Krüger (2020) disclosed that SME owners have a conception of risk management; however, their knowledge is generally limited to crisis management when compared to best practice standards. Furthermore, of 332 South African SMEs, 70.3% showed that participants applied no risk management standards whatsoever (Krüger 2020). Conversely, it was discovered that instead of relying on well-structured and thorough standards such as those established by the International Organisation for Standardisation (ISO), the majority of SME owners relied on their personal experiences, as they lacked expertise concerning managerial complexity or the necessary resources to successfully manage risk (Le Roux 2016).
Since some SME owners rely on their own experience, in many cases, they perform multiple functions in the business unsystematically, resulting in risk responses being applied unevenly within the organisation (Matthews and Scott 1995; Meyer et al. 2017; Hopkin 2018). Due to their small size, lack of resources, tendency to manage complex activities independently, and limited risk management comprehension, numerous SMEs resort to risk avoidance. Thus, these SMEs may experience a loss of opportunities due to unstructured crisis management, which can exacerbate losses or risk transfer situations that strain liquidity (Barry et al. 2009; Gwangwava et al. 2014; Pop et al. 2014). As such, SMEs require a more simplistic entry point to sound risk management, which will expand risk awareness and provide appropriate strategies to affordably address risk within their particular business’ operating context (Le Roux 2016). The cost-effective aspect of risk management is especially significant for smaller businesses due to their liquidity and time constraints (Watson and Everett 1993; O’Gorman 2001; Watson 2009; Diedericks 2015; Oláh et al. 2019a). Additionally, in order to consider risk management holistically, it must be systematic, ongoing, assess the probability of risk events, approximate the potential severity of the outcome, and control all acknowledged risks (Tchankova 2002; Marx and de Swardt 2013; Verbano and Venturini 2013; Borocki et al. 2019).
The Small Business Risk Management Intervention Tool (SBRMIT) has been developed specifically for small and medium-sized businesses and addresses the principles and components of significant risk management standards. This management tool was constructed in a manner that serves as a basic, direct, and free guide to perform an initial risk assessment and guides every other aspect of risk management in its most fundamental form. The SBRMIT provides guidance for small businesses to identify risk utilising a questionnaire composed of simple questions that identify risks relevant to the business, even the identification of risks previously unknown. Additionally, this management tool provides guidance regarding evaluation and estimation so as to expand on identified risks, thus enhancing SMEs’ understanding while creating cost estimations for risks, thereby providing assistance in prioritising and clarifying various risks. The objective of this paper is to produce a guided process tool for small and medium-sized businesses with which they can identify, evaluate, and appropriately address risks from an SME perspective.

2. Literature Review

Enterprises are encouraged to adopt the most appropriate business strategies predicated on the highly dynamic and intense changes in the business ecosystem and the necessity to achieve and sustain a competitive position (Borocki et al. 2019). In utilising these strategies, the business places itself into varying positions that expose it to diverse risks. Overall, risk is intrinsically connected to business, since the ultimate frequency, exposure, probability, or outcome of a business initiative is unknown until ultimately realised (Knief 1991; Hopkin 2018). Moreover, a business will assume risks only if the expectations for a potentially profitable outcome is considered as being a viable option (Investment Management Consultants Association 2003; Marx and de Swardt 2013; Meyer et al. 2017). However, it is the experience of small business owners that often results in this consideration as opposed to them conducting a thorough examination of the risks that the business action could engender. Such decision-making activities may lead to a failure in managing critical risks or a combination of smaller risks, which could result in business failure. SMEs, which are considered the backbone of the world economy, are thus especially vulnerable (Šebestová and Sroka 2020). It should also be noted that the majority of SMEs exist as service (28.9%) or trade businesses (16.57%). When analysing the sample from Krüger (2020), the distribution of SMEs, according to the Standard Industrial Classification of all Economic Activities (StatsSA 2012), are as follows: Production (10.24%), Financial services (7.23%), Manufacturing (6.63%), Health and safety (5.42%), Education (5.12%), Transport and distribution, Construction (3.01%), Agriculture (3.01%), and Other (6.02%). SMEs are primarily involved in trading goods, providing services, or are involved with various other intangible products. This is of particular importance when considering the transitory nature from which SMEs may arise, especially when undertaken in response to unemployment. Due to the fact that most SMEs aggregate in retail, this sector must be protected in order to ensure sustainability amongst new SME entrants as well as established SMEs.
The most common risks SMEs experience are related to business risk, managerial risk, reputational risk, operational risk, moral risk, and legal risk (Krüger 2017). The primary risk focus of SMEs involves their business and operational risks (Krüger 2017). However, unlike large enterprises that can assign a team of qualified risk personnel to ensure that Enterprise-Wide Risk Management (ERM) is applied through comprehensive systems such as ISO 31000, SMEs mainly focus their hiring protocols towards staff that is capable of addressing their business or operational needs directly. At the same time, the higher cognitive and strategic business functions are conducted by the business owner or managers until there are sufficient resources available to outsource those tasks to professionals (Krüger 2020). If the aforementioned tasks impair operational or business functions, it results in a tendency to react to risk events as they occur instead of formulating a holistic approach to risk or proactively managing risks throughout the enterprise (Krüger 2017).
The conceptual landscape of SME failure is pervaded by challenges such as insolvency resulting from a lack of liquidity, inconsistent and declining performance, revenue shortfalls, limited growth, and liability-dominant balance sheets (Lussier 1996; Henderson 1999; April 2005; Cannon and Edmondson 2005; Probst and Raisch 2005; SEDA 2018). Moreover, SMEs tend to have poor managerial processes that prove insufficient in moderating and conducting their business activities, human resources, and technical industry-specific considerations (Ritchie and Richardson 2004). Additionally, poor management in small businesses has been posited to be the result of a lack of skills training, limited experience, and impaired financial and technical capacities, which often include a number of management decisions controlled by only a few managers or perhaps, in many cases, one individual (Scarborough and Zimmerer 2002; Gitman 2009). It also seems that small businesses struggle to fully apply management considerations in that they tend to plan their activities only in the short to medium term and rarely reposition themselves strategically, which increases vulnerability to external events (Honjo 2000). Growth management is another aspect with which SMEs struggle, especially since growth inevitably leads to increasing levels of business complexity, thus requiring further managerial development, which provides management with the appropriate expertise to cope with the increased operational complexity of the business (Coelho and McClure 2005). Moreover, growth management can be dramatically aided through developing a strong corporate culture that includes predefined stakeholder considerations. In turn, this will enhance business-wide awareness of where the distribution of growth is disproportionate concerning specific areas of the business (Zacharakis et al. 1999; Lussier and Pfeifer 2001; Meyer and Meyer 2017).
Although the challenges appear disaggregated, risk management can be utilised to effectively abate the intensity of losses and aid the business by proactively addressing the risk considerations that inhibit business growth. Risk management can serve to bridge these difficulties by providing a structured process by which to identify, evaluate, prioritise, and treat risk while incorporating strategic and technical considerations that evolve as the SME experiences growth and complexity (Smit and Watkins 2012; Gwangwava et al. 2014). By incorporating risk management strategies, SME resources can be utilised more efficiently and effectively, creating a reserve from which the business can draw to quickly address other vulnerabilities (Gwangwava et al. 2014). The ideal objective of risk management is to minimise excessive risks in the pursuit of more favourable outcomes, which are highly beneficial to established businesses and especially critical for SMEs, particularly in the first five years of their operation (Knight 2012; Hopkin 2018). However, SMEs do not have formal processes by which they identify, classify, or manage their risks; thus, they choose to address risks as they appear in practice (Krüger 2017). Consequently, this causes SMEs to focus on factors that are currently producing losses while neglecting other vulnerabilities until these, in turn, produce losses that quickly redirect the managerial focus (Smit and Watkins 2012). The primary impediment in applying risk management in SMEs continues to be the substantial initial investment of time and resources in establishing and implementing the risk management process in their business. Large businesses are driven towards risk standards as a matter of compliance, in which the required standards are designated and for which there is an assigned team to ensure implementation and integration within the business operations (King and Lessidrenska 2009; Smit and Watkins 2012; Oláh et al. 2019b). Small businesses are often unaware of these standards until an operational or business advantage is attached to the cost of compliance.
The asymmetrical distribution of resources and perceived relevance of risk management between small and large businesses create a distinct advantage for larger businesses. This advantage exists, even though there is a potential for small businesses to rapidly integrate and systematically develop their risk management procedures based on their more egalitarian and less bureaucratic business structures. In order to determine why risk management is deficient in small businesses relative to big businesses, an evaluation of the relationship between small business owners and risk management had to be conducted. Next, having determined the relationship between them, an intervention could be developed to supplement the weak points and, thereby, amplify survivability and loss reduction.

3. Materials and Methods

To accomplish the task of developing an intervention risk management tool, a document analysis was conducted to determine the main factors that should be included in the tool. Document analysis facilitated a critical examination of the content collected from trustworthy, respected, and reliable sources. Bowen (2009) referenced using document analysis since it allows for a systematic technique where various sources are studied and evaluated to extract significant and relative information regarding the research topic. Moreover, Corbin and Strauss (2008) proffered that this method can assist in developing a more systematic understanding of the topic under discussion. Document analysis is perceived as a social research method, with the rationale behind it as being the triangulation of information. It is unobtrusive; therefore, it eliminates possible bias from interactions with the sample audience. This method also promotes conceptual and contextual analysis (Huysamen 1994; Webb et al. 1999; Babbie 2001; Berryman 2019). Verifying findings and data from various sources can create a synergy amongst information, which could also reinforce the credibility of such findings (Bowen 2009). Using this particular methodology has numerous advantages—cost and time savings, easy access to documents, unbiased regarding human interaction—and such documents may be deemed reliable, accessible, and non-reactive, allowing for extensive examination (Bowen 2009). This study specifically made use of risk management standards, academic articles, books, and regulatory policy as well as strategy documentation. The primary standards were gathered from the International Organisation for Standardisation, The Committee of Sponsoring Organisation, and The South African Bureau of Standardisation. The academic articles and books were accessed through university library resources and Google Scholar. Policies and strategy documentation referenced in the study are those applicable to all businesses under South African law; however, the role of the latter was minimised to ensure international applicability. These documents were selected as they contributed significantly to the contents used to compile the SBRMIT. Moreover, these documents were considered to be credible, authentic, complete, and representative, while also allowing for the identification of the source material (Bowen 2009).

4. Results

Having identified that risk management has a positive and pervasive effect on all aspects of business management, the particularities that surround SMEs, and their characteristic challenges that they must face on a day-to-day basis, two studies were run by the author to confirm the particularities as they relate to South African SMEs.
Krüger (2017) concluded that SME owners loosely described employee risk, business risk, managerial risk, reputational risk, operational risk, moral and legal risk, and personal risk when queried about their risk concerns. However, these risks were merely addressed with regard to a practical operational capacity. Business risk was contextualised as the potential losses that could be experienced based primarily on a lack of sufficient business presence or availability in relation to the competitive dynamics within the marketplace. Despite SME owners’ concern with business risk, their awareness of business risk appeared to be unsophisticated in that their concerns only accounted for a very limited portion of what comprises business risk, which was generally reactionary in its application. SME owners do not appear to have a structured method to identify, classify, or manage their risks reactively and, thus, they tend to focus on risks that are obvious. Despite the need for liquidity growth in order to cope with economic downturns, SMEs generally remained risk-averse and preferred to raise capital themselves in a debt-free manner. Older and more established SMEs articulated a greater willingness to assume opportunity risk; however, ambiguity was present in the answers provided by SMEs when questioned on how they would finance this type of risk.
The primary risk focus of SME owners appeared to be related to their business and operational risks. Many of the risk references derived from the research conducted by Krüger (2020) can be categorised as being part of operational risk. Although this would be technically correct, it would forego an understanding of SME owners’ risk management perspective, as it would distance our structured approach to risk and its management to the more informal protocols pursued by most SME owners. SMEs become aware of risks based on their interaction with diverse environments, which represents a process that is organic and less meticulous than that which is applied in formal business strategies and risk frameworks. However, this exposes SMEs to risks in which they have no awareness or discernment. Thus, SMEs unfamiliarity with such risks creates a lack of knowledge regarding the possibility of failure and, therefore, contributes to their willingness to take risks.
As derived from the qualitative results of Krüger (2017) and the quantitative results of Krüger (2020), the theme of SME risk management systems addresses those actions taken by SMEs in an attempt to improve their business viability and reduce the risks they face on a continuous basis. All of the strategies can be categorised under one of six sub-classifications. These classifications are as follows: marketing; loss prevention; business strategies; staff development; financial strategies; and novel strategies applied by the individual SME. Marketing includes activities such as branding and advertising. Loss of prevention represents a broad classification that is related to preventative risk management and includes concepts such as maintenance or micromanagement. Business strategies consist of the collection of documentation and attempt to compete in relation to product or service quality. The strategies that the SMEs followed cannot be classified as a risk management system, since there is a sustained absence of a significant number of risk management principles. However, this theme provides insight into what is perceived as risk management by SME owners. In addition to the strategies outlined, the SME owners identified specific actions as their risk management strategy; however, this was based on personal judgement calls and personalised relations with their clientele. The closest to a risk management system that the SME owners developed was to conduct a quality check on work after completion, which can be classified as an operational risk management endeavour. A systematic, fundamental, and systemic risk awareness was not present beyond the knowledge that market events and the state of the economy as a whole could impact the interests of the SME. The risks identified were operational and unsystematic risks, in the strictest sense, but relating only to events and experiences previously encountered within the business. This left certain key aspects of specific operational and unsystematic risks completely untouched and unnoticed.
The approach of the SME owner was consistently confirmed to be reactionary and not precautionary. For example, the actions taken to minimise risks always occurred after a risk was already experienced. Therefore, risk management in the case of SMEs was thoroughly lacking in that the owners did not incorporate aspects involving strategic business orientation, did not account for vital success or failure conditions, and did not rate risks on a scale of effectuality nor differentiate between the scope of risks that were present within the business. Moreover, controls were resourced, and reactions were planned at the moment a risk occurred; thus, in the absence of a large cash flow reserve, such an occurrence could result in bankruptcy.
Risk reporting was also shown to rarely be in a written form and often not recorded; therefore, the details surrounding risks are soon forgotten. As a result, risk management continues to remain underdeveloped. In short, risk management in an SME has become fully dependant on the experience of the SME owner which is, in itself, a risk. Within the risk management model of an SME, it would be assumed that the SME owner would ensure the central processes or inventory needed to continue business in the event of a loss. However, many SMEs cannot always meet the cost of insurance due to their limited size and inability to adequately produce a source of income for the SME owner that justifies opportunity cost.

5. Discussion

Given the challenges faced by SMEs, the natural progression was to develop an easy to understand and affordable intervention to guide SMEs in assigning priority to risks and developing business strategies that align to the internal capabilities and external conditions as they relate to SMEs. The SBRMIT structures the risk management process to integrate risk feedback and reporting naturally with business processes. This creates a basis for any successive applicable standards to be integrated into the SME without requiring an overhaul with regard to their entire risk management system and, thus, it provides the business with the ability to rapidly respond to compliance requirements.
The small business risk management intervention tool (SBRMIT) is created with the intention of serving as an initial contact point with risk management, amplifying efforts already present to manage risks, as well as augmenting the approach that small and medium businesses use to incorporate fundamental risk principles, the processes associated with risk management, and related strategic concerns. The outline of the processes followed in this tool can be observed in the visual overview presented in Figure 1, which denotes the most important considerations. In addition, various challenges to SMEs’ risk management were identified by drawing from theoretical aspects and data garnered from several small and medium-sized business owners.
By establishing a clear comprehension of these businesses’ limitations and the requirements that need to be adhered to, an appropriate risk management system can be developed and put into place. Consequently, a middle ground can be developed that allows for the early adoption of risk management.
Through applying the fundamental principles of risk management, the strategic management tool, and the easy risk identification tool, businesses can adequately identify risks as well as the risk context in which it operates. This will enable businesses to orientate or adjust their operations to address relevant exposures to risk (Chicken 1996; Marx and de Swardt 2013). Risk identification is followed by risk assessment, which will, in turn, allow the business to identify treatment protocols, contingency concerns, and reporting requirements. Through the application of this tool, the risks and changes in risk exposure can be tracked and monitored to ascertain whether risk exposure is increasing or decreasing and whether the intervention measures are effective. Once these steps have been taken by the business, it should have managed any prior risks. The following section will discuss the eight steps in SBRMIT (Figure 1).
Step 1: Fundamental risk management principles. For risk management to be implemented in SMEs, its value must be apparent to the business owner (CICA 1995). To overcome this problem, the owner must be familiar with fundamental risk management principles. These include the following:
  • Maximising the shareholder’s value by protecting and creating value;
  • Comprehending the proportional risk management to risk exposure;
  • The business must be tailored to adequately address risks relevant to its activities;
  • The business must be structured to transparently and completely represent its entire risk exposure and managerial practices;
  • Risk management must be embedded within its business culture, operational protocols, and decision-making processes;
  • The risk management process must be iterative and proactive;
  • Be able to explicitly address uncertainty promptly;
  • Should be orientated to continuously develop the business utilising the latest, most reliable and relevant information; and lastly,
  • Be inclusive of current relevant societal and cultural sensitivities.
Based on these principles, the owner should be asked a variety of key questions, in conjunction with a discussion involving the processes and outcomes that the business will attain if the principles are incorporated. This step will allow the business to focus on risk management instead of risk avoidance. It will also steer the business towards a strategically integrated, iterative, proactive, timely, and relevant process that offers value maximisation and proportional risk aversion. This process will also be tailored as being fully risk inclusive, culturally encompassing, and operationally safe (COSO 2016; ISO 2018).
Step 2: Risk identification. Risk identification constitutes the second step within the tool and reveals the various risks to which the business is exposed. It is executed by searching for loss and gain scenarios relevant to the business context (Aven 2014). The identification process begins by first determining which political factors, technical indicators, performance standards, or opportunities for co-operation are relevant to the business (Borghesi and Audenzi 2013; Aven 2014). When identifying risk, it requires a thorough understanding of all the activities undertaken by the business entity and includes concerns such as technical standards and legal limitations (Chicken 1996; Aven 2014). A risk audit of the business aims to pinpoint risks pertinent to the business, its scope, and possible losses (Borghesi and Audenzi 2013).
Since risk exposures to various risk types differ among industries, the process of identifying risks can be challenging, especially when the goal is to do so comprehensively. For risk identification to be meaningful, it must address the risks associated with its industry and make the business aware of risks it had not previously identified as possible threats. Thus, this process can be divided into primary two stages: an exploratory stage where the business educates itself on possible risks it had not yet faced, and a developmental stage where it determines which identified risks take precedence. To aid small businesses in identifying these risks, a typography of risks was developed by Krüger (2020), who aggregated and discussed the diverse risks classified in theory over the past 80 years. Essentially, this offers a reflective tool that the business can utilise to analyse the full scale of preconceived risks from literature. To further simplify this overarching process, a tool called the easy risk identification checklist was developed that allows the small business owner to determine whether they face possible risk exposure. This is simply achieved by answering yes or no to a few questions, which then guides them to the location in the risk typography that educates and informs them regarding a particular the risk (Krüger 2020).
Once the overarching risks have been identified, these risks can be grouped into two major risk categories through their origin: external or internal. For the sake of discussion, the risks will be classified as either Type 1 or Type 2, respectively (illustrated in Figure 2). Type 1 risks are generated in an external risk environment. Consequently, Type 1 risks pose a threat to a business regardless of whether their internal risk management processes are conceptually flawless; a PESTLE analysis could aid the business greatly in this regard. Type 1 risks cannot be eliminated; however, the business can position itself in a way that minimises the risk and, thereby, decrease its possibility of failure. If this consideration is not explicitly supported during risk identification, it cannot be considered comprehensive. Type 2 risks constitute risks that the business can manage internally as they relate to the day-to-day operations of the business, and it is generally those risks with which the business occupies its time. Thus, it is highly likely that small businesses already have a firm grasp of their Type 2 risks.
Step 3: Strategic audit. As mentioned earlier, Type 1 risks cannot be eliminated, but an effort can be made to minimise risk exposure. This requires that a strategic audit be done. Strategic management divides a strategic audit into three parts: a strategy formulation step, a strategic implementation step, and a strategic evaluation step (David and David 2015). The complexity of a strategic audit should match the capacity of the business. To aid small businesses, it is suggested that a comprehensive SWOT analysis (strengths, weaknesses, opportunities, and threats), strategic position and action plan (SPACE) matrix analysis, the Boston Consulting Group matrix, the grand strategy matrix, and the quantitative strategic planning matrix or a variety of these be conducted (David and David 2015). Consequently, the strategic audit will allow the business to address these identified risks by creating pragmatic strategies to overcome them. It will also offer the business owner a clear picture of which risks they are not indemnified against or prepared for, meaning they are given the opportunity to overcome this hurdle.
As a matching tool, the SWOT matrix facilitates a means whereby one can produce four strategies that exist as a combination (a matching) of strengths (S), weaknesses (W), opportunities (O), and threats (T) that consolidate into strength–opportunity (SO), strength–threat (ST), weakness–opportunity (WO), and weakness–threat (WT) strategies. This is quite often the most difficult aspect of the strategic process, as it requires an in-depth understanding of the various business processes and is limited by the awareness that the business has garnered in the internal and external factor evaluation processes.
Step 4: Risk assessment. Risk analysis, evaluation, and estimation are cumulatively referred to as risk assessment (Verbano and Venturini 2013). Risk analysis investigates the cause and effect of risks and risk events and, subsequently, acts as a descriptor of risk in a business context (Aven 2014). Thus, risk analysis is an aspect that, under the process described above, is already addressed. Risk, once determined by analysis, is followed by risk evaluation, which involves a process of comparing analyses results with predefined reference levels or criteria (Tchankova 2002; Aven 2014). During this evaluation, the business can track its performance (determining a decline or increase of risks) and re-contextualise its position regarding its risks. Risks can be qualitatively, quantitatively, or jointly evaluated, having the potential to result in a gain or a loss (IRM 2002). Risk assessment involves a three-part process of analysis, evaluation, and estimation of risk. Risk analysis considers the cause and effect of risk events as it relates to the business. It further determines the details of how particular identified risks interact with each other in the business and the business itself. This is important when determining how risks flow from one to the other. It is at this point that the business should develop performance indicators. Risk analysis begins by determining the probability of a risk event occurring (Hopkin 2018). Once the probability of an event has been determined, loss estimations need to be established (Mulcahy 2010; Marx and de Swardt 2013; Valsamakis et al. 2013; Verbano and Venturini 2013). Loss estimations and the probability of an event occurring can be confirmed from historical data or through the estimations of the small business owners.
Evaluation is the process of comparing analysis results with predefined or historical reference levels. The performance indicators can be utilised in this step to compare the business’s current performance with historical values to ascertain whether the business is improving or worsening (Tchankova 2002; Aven 2014). Additionally, an evaluation can be performed by using a metric and then comparing historical performance records using that metric (Verbano and Venturini 2013). Once an evaluation has been completed, the business can ascertain how well their risks have been managed in the past. However, estimations need to be performed to determine which risks should be managed and the amount of resources required to be allocated to these risks.
Estimation is the process of determining the rand value of potential risk. To make a reasonable estimation of the possible overall losses, the probability that risk might occur and the possible loss attached to a risk event must be calculated. This is called a loss estimation and is utilised to generate a reference point for potential losses. In order to estimate potential losses, the first step is to calculate the average loss that can be experienced by the business. The average of historical losses can be used, since there will always be variations in the particularities of a risk event; however, the average normally tends to remain rather consistent (Krüger 2020). Knowing how much can be lost is only the first stage of estimation. The second part of the process involves establishing how likely the business is to suffer such losses. Determining the probability of a risk event can be accomplished by tracking historical occurrences to ascertain how often over a given period a particular risk event is likely to manifest itself. Once the probability and the loss figures are known, a probability adjusted average loss can be estimated over a period by multiplying the probability with the expected loss for a weighted loss estimate (Hopkin 2018). Analysis, evaluation, and estimation are important in this sense as well, as the business can be provided with a reasonable cost to cover that risk.
Step 5: Risk treatment. By Step 5, the small business should have completed its risk assessment. Next is the process of adequately addressing that risk by avoiding, reducing, transferring, or retaining it. While risk treatment is applied, the business must keep in mind the insights gleaned from the risk assessment; moreover, the risk treatment must fall within the resources of the business and the risk appetite of the stakeholders. To aid businesses in locating a middle ground where risks are in line with returns, certain strategies can be applied based on their particularities (Valsamakis et al. 2013). The strategies are as follows:
  • Where the probability of a risk event is low and the possible losses fall within the capacity of a business to absorb it, the risk is to be tolerated.
  • When the occurrence of a risk has a high probability, regardless of the possible losses, the risk is to be treated.
  • When a risk event has a low probability of occurring but has a large possible loss, the preferred strategy is a risk transfer.
  • When a risk event has a high probability and a high possible loss, it is in the best interest of the business to avoid it.
Step 6: Reaction planning. Reaction planning follows risk treatment as some risks cannot be avoided, reduced, transferred, or retained yet must still be managed. Reaction planning is the process of developing contingencies and establishing reserves for disaster recovery, pure risk, and to engage with potential business community alliances outside of the business’ immediate concerns (Hopkin 2018). Ultimately, reaction planning begins with identifying which risks and opportunities are outside the scope of business as compared to the internal risks. What follows is selecting the primary threats and opportunities and systematically assigning resources towards the selection.
Step 7: Risk reporting and communicating. Even though an outline has been presented about thorough risk intervention, it cannot be deemed a process, as it requires that it becomes frequent, iterative, and continuous. What separates reaction planning from a risk management system is how the information and experiences that have been gathered through the risk management process are incorporated and integrated into the managerial risk consciousness of a business (Hopkin 2018). Reporting constitutes a process of capturing relevant information by appropriate means and aggregating it for analysis. However, risk reporting will vary from industry to industry as per the complexity of their operations. Furthermore, communication is the process of ensuring that reported information is provided to the appropriate staff within the business to elicit a rapid response and ensure a reduction of losses (Valsamakis et al. 2013).
Step 8: Monitoring risk. Reporting and communicating deal with risks that are realised within a certain reporting period; however, it does not address other identified risks (Hopkin 2018). Hence, monitoring is required to ensure that all the risks identified and classified as pertinent to the business are observed and incorporated into cyclical reports. Additionally, monitoring forms part of a process that utilises indicators to determine whether risks are growing or subsiding. Moreover, monitoring links the last steps of the risk management process to the first (Borghesi and Audenzi 2013). By continuously monitoring risks, the more pertinent ones are emphasised, while those included out of emotional responses are brought in line with the real threat they pose. This is how a risk management system maintains itself and how it becomes integrated into the business.

6. Conclusions

The objective of this paper was to produce a guided process tool for small and medium-sized businesses with which they can identify, evaluate, and appropriately address risks from an SME perspective. The importance of this study is in its focus on SMEs and their needs. Although many standards exist, their application can be problematic for smaller businesses, and this impedes SME sustainability, as it leads to a misappropriation of resources and increased vulnerability to risk events. The advantages to the business are clear and as follows: The risk management of a business that applies this intervention would be guided only in regard to the essential components as a starting point and could thus be tailored to the scale, scope, and context of the business and thus be a comprehensive and representative of the business and industry in which it operates. The risk management of the business will be open for simplified customisation and improvement as it will be written in the language of the entity and not through a third-party consultant, permitting systematic and meaningful improvement over time that eases the administrative burden of risk management and allows it to scale with business growth. Consequently, as risk management is an integrated management function, business owners will also continue to improve their businesses’ strategic management and general management and aid the interdisciplinary synergetic reinforcement and business-specific contextualisation of management functions and activities. Since the intervention tool is based in best practice theory and principles, it serves as a basis to include other advanced management standards such as those of the South African Bureau of Standardisation that bases much of its work of ISO standardisation. The only disadvantage of this system to the SME is that it requires a bit of time to implement; however, this disadvantage is miniscule in comparison to larger standards. As such, the benefits to the business in applying the SBRMIT outweigh the initial and reduced cost of time to apply it. However, due to the effects of Covid-19, this model could not be tested in practice yet. Therefore, it is recommended that this tool be tested and be further developed and tailored to the various sectors in which the businesses operate. What remains now is that the SBRMIT be tested in practice and developed into a governmentally acknowledged standard. It should be noted that the contents presented in this paper are only a summary of the full tool, while more detailed information can be ascertained from Krüger’s (2020) study.

7. Study Limitations and Future Study Opportunities

The SBRMIT still only exists as a theoretical structure through which risk management can be applied to SMEs. Thus, it is essential that an additional study be run with a sample of SMEs to determine the efficacy and weak points of the SBRMIT on a practical level. To provide more consistency, this tool should be tested on real firms after which the authors should receive feedback from the representatives of such firms. Then, this feedback should be administered to a controlled sample of SMEs for further development, which would enable researchers to gather relative information regarding the various aspects necessary to ensure sound and effective risk management within SMEs. This section is not mandatory but may be added to the manuscript if the discussion is unusually long or complex.

Author Contributions

Conceptualisation, methodology, formal analysis, investigation, resources, data curation, writing—original draft preparation, and visualisation were conducted by N.A.K. Writing—review and editing; supervision, project administration, and funding acquisition, was conducted by N.M. All authors have read and agreed to the published version of the manuscript.

Funding

The APC was funded by the University of Johannesburg.

Institutional Review Board Statement

The study was conducted according to ethical guidelines and approved by the relevant Research Ethics Committee (clearance code: ECONIT-ACC-2015-005).

Informed Consent Statement

Informed consent was obtained from all subjects involved in the study.

Data Availability Statement

The data that support the findings in this article can be found in Krüger, N.A. 2020. A risk management tool for SMMEs: the case of Sedibeng District Municipality. PhD. North West University.

Conflicts of Interest

The authors declare no conflict of interest. The funders had no role in the design of the study; in the collection, analyses, or interpretation of data; in the writing of the manuscript, or in the decision to publish the results.

References

  1. April, Wilfred Isak. 2005. Critical Factors that Influence the Success and Failure of SMEs in Namibia in the Khoman Region. Master’s dissertation, University of Stellenbosch, Stellenbosch, South Africa. [Google Scholar]
  2. Aven, Terje. 2014. Foundational issues in risk assessment and risk management. Risk Analysis: An International Journal 32: 1647–56. [Google Scholar] [CrossRef]
  3. Aven, Terje, and Ortwin Renn. 2009. On risk defined as an event where the outcome is uncertain. Journal of Risk Research 12: 1–11. [Google Scholar] [CrossRef]
  4. Babbie, Earl. 2001. The Practice of Social Research, 9th ed. Belmont: Wadsworth Thomson Learning. [Google Scholar]
  5. Barry, Marie-Louise, Herman Steyn, and Alan Brent. 2009. The use of the focus group technique in management research: The example of renewable energy technology selection in Africa. Journal of Contemporary Management 6: 229–40. [Google Scholar]
  6. Berryman, Donna. 2019. Ontology, Epistemology, Methodology, and Methods: Information for Librarian Researchers. Medical Reference Services Quarterly 38: 271–79. [Google Scholar] [CrossRef]
  7. Borghesi, Antonio, and Gaudenzi Barbara Audenzi. 2013. Risk management: How to Assess, Transfer and Communicate Critical Risks. Milan: Springer. [Google Scholar]
  8. Borocki, Jelena, Mladen Radišić, Włodzimierz Sroka, Jolita Greblikaite, and Armenia Androniceanu. 2019. Methodology for strategic posture determination of SMEs. Inzinerine Ekonomika—Engineering Economics 30: 265–77. [Google Scholar] [CrossRef] [Green Version]
  9. Bowen, Glen. 2009. Document analysis as a qualitative research method. Qualitative Research Journal 9: 27–40. [Google Scholar] [CrossRef] [Green Version]
  10. Cannon, Mark, and Amy Edmondson. 2005. Failing to learn and learning to fail (intelligently): How great organisations put failure to work to innovate and improve. Long Range Planning 38: 299–319. [Google Scholar] [CrossRef]
  11. Chicken, John. 1996. Risk Handbook. New York: Cengage Learning Emea. [Google Scholar]
  12. Canadian Institute of Chartered Accountants (CICA). 1995. Guidance on Control. Toronto: Canadian Institute of Chartered Accountants. [Google Scholar]
  13. Coelho, Philip, and James McClure. 2005. Learning from failure. Mid-American Journal of Business 20: 238–63. [Google Scholar] [CrossRef]
  14. Corbin, Juliet, and Anselm Strauss. 2008. Basics of Qualitative Research, 3rd ed. Thousand Oaks: Sage. [Google Scholar]
  15. Committee of Sponsoring Organisations (COSO). 2016. Enterprise Risk Management: Aligning Risk with Strategy and Performance. London: Pricewaterhouse Coopers. [Google Scholar]
  16. David, Fred, and Forest David. 2015. Strategic Management Concepts and Cases, 15th ed. Harlow: Pearson Education Limited. [Google Scholar]
  17. Diedericks, Rita. 2015. Incubator Services that Small Service Organisations Require from a University Business Incubator. Ph.D. dissertation, North West University, Vanderbijlpark, South Africa. [Google Scholar]
  18. Gitman, Lwrence. 2009. Principle of Managerial Finance, 12th ed. New York: Pearson Hall. [Google Scholar]
  19. Gwangwava, Edson, Faitira Manuere, Gutu Kudakwashe, Chinoda Tough, and Frank Rangarirai. 2014. An assessment of risk management practices in SMEs in Zimbabwe: A review and synthesis. IOSR Journal of Humanities and Social Science 19: 06–14. [Google Scholar] [CrossRef]
  20. Henderson, Andrew. 1999. Firm strategy and age dependence: A contingent view of the liabilities of newness, adolescence, and obsolescence. Administrative Science Quarterly 44: 281–314. [Google Scholar] [CrossRef]
  21. Honjo, Yuji. 2000. Business failure of new firms: And empirical analysis using a multiplicative hazards model. International Journal of Industrial Organization 18: 557–74. [Google Scholar] [CrossRef]
  22. Hopkin, Paul. 2018. Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management, 5th ed. New York: Kogan Page Publishers. [Google Scholar]
  23. Huysamen, George. 1994. Methodology for the Social and Behavioural Sciences. Pretoria: Southern Book Publishers. [Google Scholar]
  24. Investment Management Consultants Association. 2003. The Handbook of Risk, 3rd ed. Hoboken: John Wiley & Sons. [Google Scholar]
  25. Institute of Risk Management (IRM). 2002. A Risk Management Standard. London: Institute of Risk Management. [Google Scholar]
  26. International Organisation for Standardization (ISO). 2018. Risk Management: ISO 31000. Geneva: International Organization for Standardization. [Google Scholar]
  27. Kaplan, Stanley, and John Garrick. 1981. On the quantitative definition of risk. Risk Analysis 1: 11–27. [Google Scholar] [CrossRef]
  28. King, Mervyn, and Teodorina Lessidrenska. 2009. Transient Caretakers: Making Life on Earth Sustainable. New York: Pan Macmillan. [Google Scholar]
  29. Knief, Ronald. 1991. Risk Management: Expanding Horizons in Nuclear Power and Other Industries, 1st ed. New York: Hemisphere Publishing Corporation. [Google Scholar]
  30. Knight, Kevin. 2012. ISO 31000:2009; ISO/IEC 31010 & ISO Guide 73:2009 International Standards for the Management of Risk. Paper presented at the ISO Project Committee 262—Risk Management, Nundah, Australia, February 17. [Google Scholar]
  31. Krüger, Niël Almero. 2017. Informal Risk Management Practices within SMMEs in the Vaal Region. Master’s dissertation, North West University, Vanderbijlpark, South Africa. [Google Scholar]
  32. Krüger, Niël Almero. 2020. A Risk Management Tool for SMMEs: The Case of Sedibeng District Municipality. Ph.D. dissertation, North West University, Vanderbijlpark, South Africa. [Google Scholar]
  33. Le Roux, Hermie. 2016. Development of an Enterprise Risk Management Implementation Model and Assessment Tool. Ph.D. dissertation, North West Unversity, Vanderbijlpark, South Africa. [Google Scholar]
  34. Lussier, Robert. 1996. A startup business success versus failure prediction model for the retail industry. The Mid-Atlantic Journal of Business 32: 79. [Google Scholar]
  35. Lussier, Robert, and Sanja Pfeifer. 2001. A cross-national prediction model for business success. Journal of Small Business Management 39: 228–239. [Google Scholar] [CrossRef]
  36. Marx, Johan, and Cecilia de Swardt. 2013. Financial Management in Southern Africa, 4th ed. Cape Town: Pearson. [Google Scholar]
  37. Matthews, Charles, and Susanne Scott. 1995. Uncertainty and planning in small and entrepreneurial firms: An empirical assessment. Journal of Small Business Management 33: 34–52. [Google Scholar]
  38. Meyer, Daniel Francois, and Natanya Meyer. 2017. Management of small and medium enterprise (SME) development: An analysis of stumbling blocks in a developing region. Polish Journal of Management Studes 16: 127–41. [Google Scholar] [CrossRef]
  39. Meyer, Natanya Daniel, Francois Meyer, and Sebastian Kot. 2017. The development of a process tool for improved risk management in local government. Quality—Access to Success 18: 425–29. [Google Scholar]
  40. Mulcahy, Rita. 2010. Rita Mulcahy’s Risk Management Tricks of the Trade for Project Managers+ PMI-RMP Exam Prep Guide, 2nd ed. Minnetonka: RMC Publications. [Google Scholar]
  41. O’Gorman, Colm. 2001. The sustainability of growth in small-and medium-sized enterprises. International Journal of Entrepreneurial Behavior & Research 7: 60–75. [Google Scholar] [CrossRef]
  42. Oláh, Judit, Zuzana Virglerová, József Popp, Jana Kliestikova, and Sándor Kovács. 2019a. The Assessment of Non-Financial Risk Sources of SMES in the V4 Countries and Serbia. Sustainability 11: 4806. [Google Scholar] [CrossRef] [Green Version]
  43. Oláh, Judie, Sandor Kovács, Zuzana Virglerova, Zoltan Lakner, Mária Mišanková, and Jozsef Popp. 2019b. Analysis and Comparison of Economic and Financial Risk Sources in SMEs of the Visegrad Group and Serbia. Sustainability 11: 1853. [Google Scholar] [CrossRef] [Green Version]
  44. Pop, Nicolae Al, Dan-Cristian Dabija Ana, and Maria Iorga. 2014. Ethical responsibility of neuromarketing companies in harnessing the market research- a global exploratory approach. Amfiteatru Economic Journal 16: 26–40. [Google Scholar] [CrossRef]
  45. Probst, Gilbert, and Sebastian Raisch. 2005. Organisational crisis: The logic of failure. The Academy of Management Executive 19: 90–105. [Google Scholar] [CrossRef]
  46. Ritchie, John, and Sue Richardson. 2004. Disclosing smaller business success and failure. The British Accounting Review 36: 233–50. [Google Scholar] [CrossRef]
  47. Scarborough, Norman, and Thomas Zimmerer. 2002. Essentials of Entrepreneurship and Small Business Management, 3rd ed. Upper Saddle River: Prentice Hall. [Google Scholar]
  48. Šebestová, Jarmila, and Włodzimierz Sroka. 2020. Sustainable development goals and SME decisions: The Czech Republic vs. Poland. Journal of Eastern European and Central Asian Research 7: 39–50. [Google Scholar] [CrossRef]
  49. Small Enterprise Development Agency (SEDA). 2018. SMME Quarterly Update 1st Quarter 2018. Pretoria: SEDA. [Google Scholar]
  50. Smit, Yolande, and John Watkins. 2012. A literature review of small and medium enterprises (SME) risk management practices in South Africa. African Journal of Business Management 6: 6324–30. [Google Scholar] [CrossRef]
  51. Statistics South Africa (StatsSA). 2012. Classifications Standard Industrial Classification of all Economic Activities (SIC), 7th ed. Report No. 09-90-02. Pretoria: Statistics South Africa. [Google Scholar]
  52. Tchankova, Lubka. 2002. Risk identification–basic stage in risk management. Environmental Management and Health 13: 290–97. [Google Scholar] [CrossRef]
  53. Valsamakis, Anthon, Gawie Du Toit, and Robert Vivian. 2013. Risk Management, 5th ed. Pretoria: Pearson Education. [Google Scholar]
  54. Verbano, Chiara, and Karen Venturini. 2013. Managing risks in SMEs: A literature review and research agenda. Journal of Technology Management & Innovation 8: 33–34. [Google Scholar] [CrossRef]
  55. Watson, Gavin Edward Halliday. 2009. A Situational Analysis of Entrepreneurship Mentors in South Africa. Master’s dissertation, UNISA, Pretoria, South Africa. [Google Scholar]
  56. Watson, John, and Jim Everett. 1993. Defining small business failure. International Small Business Journal 11: 35–48. [Google Scholar] [CrossRef]
  57. Webb, Eugene, Donald Campbell, Richard Schwartz, and Lee Sechrest. 1999. Unobtrusive Measures. New York: Sage Publications, vol. 2. [Google Scholar]
  58. Weissinger, Reinhard. 2013. Risk management: How ISO standards can help. ISO Focus+ 4: 19–21. [Google Scholar]
  59. Zacharakis, Andrew L., G. Dale Meyer, and Julio DeCastro. 1999. Differing perceptions of new venture failure: A matched exploratory study of venture capitalists and entreprenures. Journal of Small Business Management 37: 1–14. [Google Scholar]
Jrfm 14 00310 g001 550
Figure 1. Small Business Risk Management Intervention Tool (SBRMIT).
Figure 1. Small Business Risk Management Intervention Tool (SBRMIT).
Jrfm 14 00310 g001
Jrfm 14 00310 g002 550
Figure 2. Risk by origin. Source: Krüger (2020, p. 18).
Figure 2. Risk by origin. Source: Krüger (2020, p. 18).
Jrfm 14 00310 g002
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Krüger, N.A.; Meyer, N. The Development of a Small and Medium-Sized Business Risk Management Intervention Tool. J. Risk Financial Manag. 2021, 14, 310. https://0-doi-org.brum.beds.ac.uk/10.3390/jrfm14070310

AMA Style

Krüger NA, Meyer N. The Development of a Small and Medium-Sized Business Risk Management Intervention Tool. Journal of Risk and Financial Management. 2021; 14(7):310. https://0-doi-org.brum.beds.ac.uk/10.3390/jrfm14070310

Chicago/Turabian Style

Krüger, Niël Almero, and Natanya Meyer. 2021. "The Development of a Small and Medium-Sized Business Risk Management Intervention Tool" Journal of Risk and Financial Management 14, no. 7: 310. https://0-doi-org.brum.beds.ac.uk/10.3390/jrfm14070310

Article Metrics

Back to TopTop