Academy of Strategic Management Journal (Print ISSN: 1544-1458; Online ISSN: 1939-6104)

Research Article: 2018 Vol: 17 Issue: 4

Literature Review on the Effectiveness of Risk Management Systems on Financial Performance in a Public Setting

Wadesango Newman, University of Limpopo

Mhaka Charity, Midlands State University

Shava Faith, Midlands State University

Wadesango Ongayi, University of Limpopo


Public Setting, Risk Management, Financial Performance, Skills, Knowledge.

Background of the Study

The Parliamentary Accounting Committee (PAC) revealed that fraud cases had been prevalent in government departments including the Ministry of Higher and Tertiary Education, Science and Technology Development (MHTESTD). The Committee noted fraud cases through recurring audit findings such as funds embezzlement, dummy receipting, unauthorized and unsupported expenditure, flouting tender procedures, mismanagement of funds and management over rides by those charged with governance. The Auditor General (AG) of 2015 also reported that out of unsupported payments incurred were losses ranging from USD$ 3 million to USD$ 3.5 million. Innovation and Commercialization Fund (ICF) lost amount of USD$ 2.5 million owed to debtors through borrowings. However, National Education Training Fund lost USD$ 3.5 million to acquit Cadetship grants. AG’s report of 2015 observed that Ministry of Higher and Tertiary Education lost about USD$ 1.8 million to dummy receipting in polytechnics and teacher’s college. Analysis of AG report by ZIMCODD highlighted that inadequate risk based audit has negatively affected the financial performance of ministries as there is no audit committee for risk identification, assessment and monitoring in taking up risk management task thus IAF has been inefficient in accomplishing its audit plan, hence audit recurring perpetuated fraud activities.

Effects of Risk Management Systems of Financial Performance

Ping & Muthuveloo (2015) emphasized that survival of a firm can be determined by performance which is an indicator of profit or loss. They added that a firm’s performance can be improved by a strong risk management system such as Enterprise Risk Management System (ERMS) which create and add value to the success of business through reduction of uncertainties and customer satisfaction.

Fraud Risk Reduction

According to Ndwiga et al. (2012), reduction of risks is done through monitoring and controlling by means of standard setting of policies to ensure minimization of risks. Kiragu (2014) asserted that risk reduction practice positively affects financial performance of an organization through loss control, risk mitigation and risk transfer to insurance firms. They explained that risk reduction practices significantly improve the return on assets of the firm. Shahroudi et al. (2012) in support confirmed that reducing exposed risk increases the quality of service as well as the firm’s financial performance. They added that risk mitigation and financial performance has a positive relationship. Ernst & Young revealed that firms with a reputable risk reduction practices produce more revenue and their risk maturity linked with better return on assets and a positive significance on financial performance. A study by La & Choi (2012) proved that the effect of risk management has a positive significant relationship with the organizational performance. Wanjohi agreed that risk management has a significant positive correlation to the financial performance of an organization. Asemeit & Abuda concluded that a strong significant and positive relationship between financial performance of companies and risk management processes exists. However, the Auditor General (2015) report of the Ministry of Higher and Tertiary Education, Science and Technology Development depicts that lack of compliance in implementing a formal risk management structure causes a weaker link between performance and control systems in place.

There were some controversial findings by other scholars against the effects of risk management to financial performance. Mudaki et al. (2012) argued that rather than basing on risk management, organizations need enough capital to sustain its financial performance; therefore, firm’s capital has a positive relationship. However, La & Choi (2012) posited that there exists a weak relationship between risk management and a firm’s financial performance. They suggested that better performance can be affected mainly by board and management decisions than risk management. Retno & Denies (2012) argued that a company with better profits are engaged into smaller revenue generation with little efforts in risk management structures, hence a negative link between risk management and performance. However, Keisidou et al. (2013) found a negative and significant effect between risk management and return on equity, resulting in a weak relationship between the two.

Kiragu (2014) could not clearly assert on the effect of risk reduction on firm’s financial performance. He asserted that firms’ risk level should be strongly monitored and assessed to ensure improvement of performance. Bandara & Weerakoon (2012) posited that risk management is essential but the link between financial performance and risk management of firms is not clear.

Reviews of Auditor General (2014-2016) reflected that there are no corrective measures taken in the MHTESTD to reduce risks as the findings are still recurring. The PAC (2015) also supported that lack of risk reduction has been evidenced by the recurring of observations every year. However, according to Al-Matari et al. (2012), most of the empirical studies on the effects of risk management on performance had been done mostly in developed countries and in insurance companies in Kenya.

Customer Satisfaction

Paul et al. (2016) observed that organizational performance begins with supplying customers with distinct goods and services, attending to their queries consumer time saving. Keisidou et al. (2013) noted a positive and significant relationship between customer satisfaction and financial performance. Ghotbabadi et al. (2016) supported that the firm should make customers happy and keep faithfulness to them as this practice increase the firm’s performance. They added that reducing risks increases customer satisfaction and result in a positive correlation with firm’s performance. Al-Hersh & Saaty (2014) asserted that reduction in apparent risks result in good relationship with firm and customer and a customer has a tendency of maintaining relationship with service providers; hence a significant positive performance is attained by the firm. However, literature review by Mohammadi (2012) confirmed that reduction in inherent risks results in a positive relationship between the firm and customers’ satisfaction.

Segoro (2013) argued that it is the customer’s behavior and attitude that can cause a repetitive demand of goods or services not actually satisfaction by the firm. Yap et al. (2012) also argued that the firm’s performance results from the aspects of economics and convenience by the other firm’s branches. Segoro (2013) added that value of the firm is the major effect of the firm’s performance as value has a competitive advantage.

Some literature review indicated neutral responses. Keisidou et al. (2013) noted that the relationship for customer satisfaction and performance is complicated as performance may be either positive or negative. La & Choi (2012) indicated that both customer satisfaction and loyalty are not useful in firm performance as they have no lasting effects to the firm’s performance. Mohammadi (2012) showed that customer satisfaction has both positive and negative impact on the financial performance.

Value of the Firm

Waweru & Kisaka (2013) studied on the effects of implementing MS on value of the firm and observed that there exists a strong relationship between enterprise risk management and the value of a company as managing risks add value to the firm resulting from risk avoidance, mitigation, transferring and retention. Mohammadi (2012) supported that ERMS methods and techniques increase value to the organization and maximize shareholder and stakeholder values. Literature review by Retno (2012) evidenced that an overall risk based integrated system demands for a special level of overseeing of the company’s portfolio of risks which is associated with strategic organizational goals resulting in increased earnings to the firm value therefore a significant positive between ERMS, firm value and performance exists. Nugroho (2013) affirmed enterprise risk management system has a positive and significant influence upon both company value and performance. He added that financial performance has ability to facilitate ERMS implementation. Research results by notable scholars, Muthohirin support that a significant positive influence that exists between ERMS and performance has a capability of connecting company’s capital and value of firm. In support of the view, Bertinetti et al. (2013) agreed on the positive effect of ERMS to both value of firm and financial performance.

There are some critiques against the results of positive significance relationship between ERMS, value of firm and financial performance as proven by the other scholars. Augustina & Baroroh (2016) argued that implementation of ERMS is only restricted to fulfill the requirements of listed firms in developed countries; therefore, there is no significant relationship that influence the firm value as well as financial performance or profitability of unregistered companies. Retno (2012) posited that a relationship between ERMS and firm value does not exist for the company value can be influenced by its long term objective for the benefit of shareholders. In another review of study, Barclay (2013) observed that the return of assets is only determinant of company value and an increase in profitability shows the company’s ability to control its assets, as a result, profitability has positive impact and relationship than ERMS. Barclay (2013) argued that investors do not base their decisions on enterprise risk management due its complexity and it cannot be comparable between other firms, therefore no positive effect exists.

The PAC (2014) note that recurring of some audit risk associated findings is a clear indication of absence of risk reduction systems, hence negatively affects the organization’s performance. Augustina & Baroroh (2016) asserted that results of positive effects of RM has been studied in listed companies in developed countries, hence this objective focuses on evaluating the effects of RM on performance MHTESTD.

Vital Success Factors for Effective Risk Management System

Ahmed & Manab (2016) defined vital success factors as the limited elements or conditions that positively affect the successfulness and efficiency of an organization’s objectives. Implementation of Risk Management Systems in governments departments can be determined by effective implementation of success risks factor Barclay (2013). Empirical studies by him revealed that present frameworks for financial risk management in public entities in developing countries are ineffective to the extent of failing to identify and mitigate financial risks such as operational and credit risks. The study suggested adoption of vital success factors for successful implementation of Risk Management Processes.

Commitment of Management and Public Service Commission (PSC) Leaders

According to Corruption Watch (2012) commitment and support of managers and PSC leaders determines successful implementation of RMS in today’s public sector setting. “Effective commitment and support of managers and political leaders, appropriate review and remedial measures ensure that all financial risks are identified and managed,” added Corruption Watch (2013). Barclay (2013) supported the view by confirming that commitment and support influence management to be objective towards achieving the organizational goal of financial risk management. Chileshe & Yirenkyi-Fianko (2012) asserted that committed and supportive leadership influence effectiveness of RM processes through transparency and accountability in developing countries. Allwright (2013) echoed in support that if management is committed and supportive, they cannot rely on audit-based risk analysis as some of internal auditors are less competent and experienced.

Some literature review contradicts a factor of commitment by managers and leadership. Chileshe & Yirenkyi-Fianko (2012) identified communication as the vital success tool for implementing risk management in an organisation. They added that communication creates mutual understanding, team work, as enhancing objectivity among management. Chileshe & Yirenkyi-Fianko (2012) argued that management needs to be equipped with positive attitude and sensitiveness towards risk management. In another study Chileshe & Yirenki-Fianko (2012) contented that professional expertise has a great impact on adoption of RM processes. They asserted that incorporating a public private partnership could influence a successful implementation of risk management system in an organisation.

Chileshe & Yirenki-Fianko (2012) in another study asserted that there are no specific cut solutions in regards to best success factors in RM implementation.

Integration of Risks in Outsourcing

Literature review by Chartered Institute of Internal Auditors (CIIA) (2013) showed that coordination with outside organizations like private and non-governmental organizations as well as overall internal audit function can effectively edify the RM process through adopting skills on identifying and assessing risks to all levels of personnel. The Public Sector Audit Committee (2014) observed that integration of risks is a success factor that reduces nepotism, hence promoting effective administration and implementation of RM processes. In support of the view of integrating, the IIA (2013) added that discrimination as well as challenges in adopting financial risk processes is therefore outweighed.

Barclay (2013) argued in another review opposing the need for integration and outsourcing. He argued that the function of the existing internal audit has impact on the RM processes and its function is to mitigate and manage the financial risks in the public sector. He added that internal audit has a crucial and sufficient role of supporting leadership and board members of the public sector. In its research the IIA (2013) argued that limiting the function of internal audit by outsourcing and integration is weakening its objectivity of scrutinizing financial controls. SAGGPG (2013) suggested that a critical success factor lies on effectiveness of communication between management as managers need to share knowledge pertaining RMS implementation. Allwright (2012) revealed in another study that instead of integrating, legislation of financial risk management is a vital success factor for RM implementing. He argued that integration undermines the regulations of the government departments and effective compliance to laws brings about remedial measures to mitigate financial risks.

Chileshe & Yirenkyi-Fianko (2012) mentioned all the factors like commitment of management and PSC leaders, integration of risks in outsourcing and risk management structure as vital success factors in implementing RM processes. He emphasized that the factors involve risks identification, assessment, evaluation, treatment and monitoring resulting in improvement on financial performance and risk mitigation.

Risk Management Information System

Mohammad (2014) observed that a successful RM adoption needs to be accompanied by a compatible information system which enables organisation information. He emphasized that risk management backed up by an information system improves the performance of an organisation. Anorld confirmed the risk management system as success factor as it can improve the organization’s performance. A study by Hashim et al. (2012) revealed that integration of RMS with information technology has a strong relationship in improving the company performance. An examination by Al-Gharaibeh & Malkawi (2013) proved that implementing RM processes with information system can upgrade the performance of public entities.

Implementing management information system in organizations enhances risk management processes Altaany (2013).

A number of literature review discounted arguments against accepting risk management information system as better success factor in enhancing a sound RMS. Their arguments proved use of organizational innovation and or employing new ideas as a critical success factor in implementing risk management system. Dugguh & Diggi (2015) posited that sourcing new different ideas edify risk management hence improving the organization’s performance. Mbizi et al. (2013) asserted that innovation is the prime success factor that can sustains implementation of RMS for a better firm position. Literature review by Zumitzavan & Udchachone (2014) proposed that new ideas in the organisation can enable effective implementation therefore significantly affect organizational performance. Different reviews by Manab & Kassim (2012) argued that implementation and successfulness of risk management practices can be effected by adequate staff competence. Hohan et al. (2015) also discounted the factor use of information system and indicated that management skills are crucial factor in implementing risk management processes.

Analysis by Ahmed & Manab (2016) indicated that all factors can be successful when adopting risk management systems. They also agreed in their propositions that factors like management commitment, integrating risk management and information systems positively affect the organization’s financial position. The scholars could not come up with a specific distinct success factor. Dabari & Saidin (2015) agreed with other authors that ineffective RMS was a major indicator on poor financial performance but they were silent in suggestion to critical success factors. The IMF (2013)’s analysis cited non-existence of risk management as the main diver of the organization’s poor performance. Gates et al. (2012) were being impartial in identifying the critical success factors. They observed that most of organizations in developing countries are failing to implement risk management processes.

Review of AG reports by PAC (2014-2015) revealed that the MHTESTD is lacking some vital success factors such as commitment by management, modern information technology as well as integration with other private companies that has fully adopted the RMS. As a result, implementing strong RMS becomes difficult.

Management Skills, Knowledge and Capabilities to Implement Risk Processes

Effective and efficient risk management system needs the coordination of highly competent and professional risk managers. For the managers to be efficient, they need to demonstrate if they can undertake their duties and responsibilities effectively so they should go under scrutiny, Actuarial Association of Europe (AAA) (2016). AAA (2016) asserted that skills and capabilities required for risk management are essential and contribute to the success of organisation and the skills and capabilities include: communication skills, technical skills and assessment skills.

Communication Skills

Studies conducted by Berger & Meng (2014) revealed that communication is cornerstone of organization success as for it is a two-way process which need to be initiated, relayed with an expectation of feedback. He added that communication encompasses training of employees, motivating employees and resolving conflict and the management is required to be equipped with the skill of communication. Notable scholar, Watson (2012) asserted that organizations need to make investment for and ensure that risk managers acquire communication skills for fulfilling the goals and strategies for plan decisions. Berger & Meng (2014) supported the idea and added that is a major skill every leader should have for ensuring informed decision as interacting with stakeholders.

Stacks & Michaelson argued that risk managers need to be well furnished with knowledge and training for them to demonstrate to support staff on how work should be performed. They emphasized the need for knowledge and training for the purpose of evaluating the work at each stage. Zerfass et al. (2016) posited that it is not only communication required as a skill for managers but expertise for monitoring and evaluation of goals and risks associated with performance of the firm. Kiesenbauer & Zerfass (2015) argued that the basic success factor for managers is personal competence as most organizations underutilize communication skills. Literature review by Macnamara (2015) showed that management failed to apply communication skills hence; it became a challenge in achieving goals. Likely and Watson (2013) argued that several professionals often disregard the importance of communication skills to the success of the organisation. Volk (2016) posited that the of measuring and evaluating communication skills among managers is a considerable practice in developed countries like United States of America and not in developing countries

Zerfass et al. (2016) neutrally agreed that many risk managers are lacking required expertise for measuring and evaluating risks, although knowledge and communication skills affects the objective of an organisation. Watson (2012) argued that communication process in companies is not properly employed in organizations and the strategy for communication either affect or does not affect organizational goals.

Technical Skills

Chileshe & Yirenkyi-Fianko (2012) observed that the success of risk management process is achieved by the existence of a technically skilled manager. He added that a risk manager who is equipped with technical skills is capable of leading and directing the risk team as well as managing risks in difficult circumstances. Mironescu (2013) supported that a qualified and technically skilled manager can apply his knowledge and specified techniques like demonstrating the use of technology in programming risk management software, tracking and controlling exposed risks. He also explained the importance of technical skills as enabling accumulation of new skills such as monitoring, planning, evaluation and organizational skills.

Opran argued that a successful risk management process depends on a dedicated team, planned activities and good allocation of resources. They also posited that success of risk management implementation is determined by emotions, attitude of risk manager and perception by the team members rather than technical skills.

Knowledge and Training Skills

Noble et al. (2014) confirmed that risk managers should be strongly equipped with knowledge and training skills for the effective measurement and evaluation of risks. In support, Chileshe & Yirenkyi-Fianko (2012) asserted that knowledge enhances collaboration between risk managers and team members, hence, improves organizational performance. Feledi & Fenz agreed that knowledge can be shared from the manager to the risk team and across the organisation through training so it is significant for managers to be acquainted with knowledge in risk management. Kamhawi (2012) asserted that knowledge management and training are major influences of organizational performance, therefore management need to utilize and value knowledge effectively. Bosua & Venkitachalam (2013) supported the significance of knowledge. They observed knowledge as a vital resource for the success of an organisation. However, their study was mainly based on private firms in developed countries.

Opran argued that risk managers must have positive attitudes towards success of projects instead of attaining other skills. The study by Oluikpe (2012) revealed that knowledge is not worth for performance because it fades with time. Hislop (2013) posited that knowledge is rooted in someone so it cannot be separated from a person such that he can transfer to another firm with his knowledge; as a result knowledge is a personal asset. Olatokun & Nwafor (2012) argued that employees are not willing to share knowledge therefore lack of collaboration makes knowledge unnecessary to the organisation. Liao et al. (2012) in their study suggested organizational culture as a better factor that can make an organisation to success than knowledge. They asserted that culture can be shared than knowledge.

Literature review by Slipicevic & Masic (2012) revealed that both knowledge and communication skills are equally significant for risk management. Lee & Fink (2013) observed that both knowledge and training can strain or benefit performance of an organisation depending on the ways the companies utilize them.

After a comprehensive and critical evaluation of the effectiveness of risk management system on the financial performance in a public sector setting, there still exists a gap in public entities of developing countries like Zimbabwe. Yegon (2015) asserted that all empirical literature reviews by almost every notable scholar were focusing on the insurance firms, financial institutions and private construction companies of developed countries and some of which are listed on the stock exchange. This objective is focusing on management capabilities, knowledge and skills in implementing RMS in MHTESTD.

Controls Put In Place to Ensure Risk Guidelines Implementation

The Ministry of Higher and Tertiary, Science and Technology Development’s risk management is a risk-based internal auditing in which the audit function is stipulated in the Public Finance Act Chapter 2:19, (PFMA) Section 80 (1) to (5). In this section the audit function as a control tool is has a mandatory to monitor the overall ministry’s finance administration and accounting procedures. According to PFMA Chapter 22:19, Section 80 (2) (i) to (v), the audit function is to examine books of accounts, safeguard assets, recommend on findings made during audit exercise where necessary and to ensure internal controls in place are adequate as well as assessing the cost effectiveness of projects.

The Chartered Institute of Internal Auditors (IIA) (2014) defined risk audit based internal auditing as a system in which internal audit is being connected to a company’s overall framework of risk management system. IIA revealed that the internal audit is prescribed to give assurance on the risk processes to the risk board and it should ensure effectiveness and efficiency management of risks. Furthermore, the internal audit should report all its assessment of work to the management of the organisation and to the audit committee.

The risk based audit of the ministry under which the internal audit is undertaking is required to have an establishment of an audit committee which should consist of at least three independent non executives including the chairperson, PFMA (Chapter 22:19, Section 84). The Auditor General Report (2016) observed that the ministries are not fully complying with the requirements of the PFMA Chapter 22:19, Section 84 which define the function of an audit committee function in regards to risk management.

Risk Based Audit (RBA) and Financial Performance

Critiques arose against the effectiveness of risk based integrated systems as some scholars highly supported the adoption of risk based audit (RBA) as critical to the firm. Chileshe & Yirenkyi-Fianko (2012) argued that internal audit significantly affects the firm’s performance through accountability and transparency. Basing on the audit role in identifying risks, they agreed that RBA has can highly influence the organization’s performance therefore; a positive relationship between RBA and performance exists. Slipicevic & Masic (2012) confirmed on that RBA encompasses all aspects of RMS through accountability, transparency and responsiveness although it is not a modern and integrated system. Zerfass et al. (2017) conflicted on the effectiveness of an ERMS giving reasons that it cannot be afforded as it can be costing more and it can be easily afforded in developed countries. They justified their opinion basing on the perception of insurance firms in developing countries that RBA is associated with strong organizational performance. A study by COSO posited that effects of RBA can improve the firm’s performance through institution of internal control systems. Kiragu (2014) contributed in opposition of ERMS that RBA influence the economy by boosting investments and creation of business innovation and therefore positively affect the firm’s financial performance.

Empirical studies by Kinyua revealed that a risk management system that that can mitigate operational and financial risks should be comprised of all components of risk management such as risk identification, analysis, monitoring and assessment.

Summary of Key Findings

Effects of Risk Management System on Financial Performance

Research finding was that fraud risk reduction significantly and positively affects organizational performance due to minimized losses.

Non-existence of audit committee hindered complete adoption and application of risk management process within the ministry. The same observation had been raised in Auditor General (2015 to 2016) and had been noted as incompliance to the requirements of section 44 of the Public Finance Management Act Chapter 22:19 that ministries must appoint an audit committee in implementation of risk management system.

However, the ministry controls were observed as not adequate and reviewed periodically. This finding concurred with the AG report.

The Vital Success Factors that can Contribute to Effective Implementation of Risk Management in the Ministry

Findings from the study revealed that adoption of RM processes can be made easy by the vital success factors like; training key personnel, teamwork, commitment and support by management.

Management Skills, Knowledge and Capabilities to Implement RM Processes

The study found that risks were not effectively communicated to departments. Risk team lacks communication skills, have inadequate assessment.

Controls put in Place to Ensure Guidelines are Implemented

It was noted with concern that internal audit function was also serving as the risk management team with the absence of an audit committee. The system was inadequate; hence compliance to PFMA Chapter 22:19 section 84 was not done.


The effects of RM have been proven as significant and positive to the organizational performance through a reduction in the fraud risks, customer satisfaction and retention of customer loyalty. However, the research established that adoption and application of an effective risk management system is negatively affected by major barriers such as lack of trained personnel that results in knowledge gap, non-existence of audit committee and lack of management commitment and coordination. Vital success factors that can provide solution to the effective execution of risk management processes were studied through remarkable scholars. The research also studied the effects of implementing risk management on the organizational performance where such effects were observed as fraud reduction and customer satisfaction. The researcher believes that the recommendations from the study will assist management in establishing a formal risk management system.


Get the App