May 21, 2024
Africa Regional

Enterprise Risk Management (ERM) Framework and Business Process: A Case Study of Small and Medium Enterprises (SMEs) in West Africa

Balla Moussa Dioubateby Balla Moussa Dioubate

ABSTRACT

Extensive research on Enterprise Risk Management (ERM) implementation in large organizations showed a need for ERM implementation in small and medium-sized enterprises (SMEs) in West Africa. ERM, as a requirement of the best management practice, is essential in monitoring the business of SMEs. This study aims to explore the use of ERM in West African SMEs. It also evaluates the role of ERM on the business performance of SMEs to propose some recommendations for the best risk management practice adaptable to the West African environment. The research uses a qualitative approach, including interviews, to gather data from selected SMEs in seven countries. The study highlights SMEs’ challenges in identifying and implementing ERM solutions for improving business processes. It was revealed that most SMEs lack formal ERM frameworks and rely on informal risk management practices. Therefore, the study recommends a proactive approach to risk management involving a comprehensive ERM framework and robust business processes. The proposed recommended framework aligns with international standards ISO 31000 and is tailored to the specific needs of SMEs in West Africa. The study concludes that adopting the proposed framework can improve the risk management practices of SMEs and enhance their competitiveness in the global market.

Keywords: Small and Medium-sized Enterprises (SMEs); Risk Management; West Africa

INTRODUCTION

West Africa is known for its diverse cultures, languages, and economic activities. As a result, small and medium-sized enterprises (SMEs) play a crucial role in the region’s economic growth (Ofoegbu, 2019). According to the World Bank, SMEs account for about 90% of all businesses in Sub-Saharan Africa and play a crucial role in job creation and economic growth (World Bank 2019). However, with the inevitable changes that accompany the industrial era’s transformation, there is a high likelihood that new risks will emerge and harm many aspects of businesses, including SMEs. Modern SMEs use Enterprise Risk Management (ERM) to fulfill legislative requirements and deliver services to agencies, governments, accrediting organisations, and other stakeholders (Badamasi & Utulu, 2021). ERM has become an essential aspect of organizational management in recent years. ERM helps organizations identify, assess, and manage risks that may impact their ability to achieve their objectives. These businesses face numerous risks that affect their operations and ability to sustain growth. ERM is a strategic framework that helps organizations manage risks effectively to achieve their objectives Committee of Sponsoring Organizations of the Treadway Commission (COSO, 2017). In this context, ERM can help SMEs in West African countries develop sustainable business processes to mitigate risk and improve performance.

According to the International Finance Corporation (IFC) (2021), Ivory Coast is one of the fastest-growing economies in West Africa, with SMEs contributing significantly to its growth. However, SMEs in Ivory Coast face various risks, such as political instability, natural disasters, supply chain disruptions, and cybersecurity threats. To manage these risks, SMEs require a robust ERM framework that integrates risk management into their business processes. The ERM framework should include risk identification, assessment, prioritization, mitigation, and monitoring. By integrating risk management into their business processes, SMEs can reduce the impact of risks on their operations and enhance their resilience to unforeseen events.

Several studies have been conducted to assess the impact of ERM on SMEs in West Africa. For instance, Ofori-Dwumfuo & Owusu-Frimpong (2020) investigated the relationship between ERM and the financial performance of SMEs in Ghana. They found that ERM positively impacted SMEs’ financial performance, particularly in revenue growth and profitability. Similarly, Akinyomi et al. (2020) examined the challenges SMEs faced in Nigeria and proposed an ERM framework to help SMEs manage risks effectively. The authors argued that adopting ERM could help SMEs overcome challenges such as inadequate capital, lack of access to credit, and poor infrastructure. Quite a lot of studies have focused on applying ERM frameworks and business processes to mitigate risks and improve the performance of SMEs in West Africa. Adimado & Osei-Kyei (2019) studied SMEs in Ghana, Burkina Faso, and Niger and found that ERM helped SMEs identify, assess, and manage risks. In countries like Niger and Burkina Faso, studies have also emphasized the importance of ERM for SMEs. For instance, Adimado & Osei-Kyei (2019) found that SMEs in Niger and Burkina Faso faced similar risks as those in Ghana and recommended the adoption of ERM frameworks to mitigate these risks. The study also highlighted the need for SMEs to integrate ERM into their business processes to ensure sustainability and continuity.

Another study by Sawadogo & Zerbo (2018) investigated the factors affecting the adoption of ERM by SMEs in Burkina Faso and found that the lack of knowledge, limited resources, and cultural factors were significant barriers to adoption. The study recommended that SMEs develop ERM frameworks aligned with their business objectives and tailored to their needs to enhance competitiveness and manage risks. In the same way, Kollie & Akintoye (2018) investigated the factors affecting the adoption of ERM by SMEs in Liberia and found that the lack of awareness, limited resources, and inadequate knowledge of ERM were significant barriers to adoption. The study recommended that SMEs develop ERM frameworks and business processes tailored to their needs to enhance competitiveness and manage risks.

However, this research seeks to answer the following research questions:  

  • What is the risk management process used by West Africa’s SMEs?
  • What are the benefits and challenges of ERM implementation on West Africa’s SMEs?
  • What factors contribute to ameliorating the ERM usage by West Africa’s SMEs?

The rest of the content is split into five parts. The first part is a detailed review of studies that have already been done, and the second part talks about the methods used to collect and analyse data. The results of the study are summarised in the third section, and discussed in the fourth section. The final section concludes the study, including recommendations for future research.

LITERATURE REVIEW

West Africa has a growing number of small and medium-sized enterprises (SMEs) that face various risks that could affect their operations. Multiple studies have highlighted the importance of ERM frameworks and business processes in managing risks faced by SMEs in West Africa. According to Kone et al. (2021), SMEs in West Africa face various risks, such as political instability, natural disasters, supply chain disruptions, and cybersecurity threats. Overall, the literature review of this study highlights the ERM process and standards applied by SMEs in West Africa. It also emphasizes the need for further research on the challenges SMEs face in West African countries in implementing ERM frameworks and the impact on their business processes.

Enterprise Risk Management (ERM)

Risk management is commonly used to reduce uncertainty and its repercussions, increasing organisational success likelihood (Talet et al., 2014). According to Hashim & Razali (2019), a risk management strategy assists many firms in efficiently minimising business risks. Therefore, according to Beasley, Branson, and Hancock (2010), ERM is a process designed to identify, assess, prioritize, and manage organisational risks. It involves integrating risk management with strategic planning and decision-making to enhance an organization’s ability to achieve its objectives. Similarly, the COSO (2017) framework for ERM defines it as a process designed to assure an organization’s stakeholders regarding managing risks that could impact its strategic objectives. Various researchers and practitioners have identified the fundamental principles of ERM; for instance, the ISO 31000:2018 standard for risk management emphasizes the importance of a systematic, structured, and integrated approach to risk management. It identifies the following principles for effective risk management: leadership, stakeholder engagement, risk assessment, risk treatment, communication and consultation, monitoring and review, and continual improvement. In addition, the Risk Management Framework (RIMS) outlines a similar set of principles for ERM, including alignment with strategy, comprehensive coverage, integration, risk assessment, risk response, monitoring and review, and communication and reporting (RIMS, 2021). The framework emphasizes the importance of a proactive approach to risk management that involves identifying and managing risks before they materialize.

Other studies have also highlighted the importance of ERM principles such as risk identification, analysis, mitigation, and monitoring (De Paoli, 2015). For example, Chen et al. (2019) suggest a thorough risk identification process is essential for effective ERM. De Paoli (2015) emphasizes the importance of ongoing monitoring and review of risks to ensure their effectiveness. Therefore, the studies showed that ERM is a systematic and integrated approach to risk management that involves a range of principles and processes, including risk identification, assessment, treatment, and monitoring. The fundamental tenets of ERM emphasize the importance of alignment with strategy, comprehensive coverage, integration, risk assessment, risk response, monitoring and review, and communication and reporting. These principles can be used to implement effective ERM practices in organizations.

ERM Frameworks and Standards

Enterprise Risk Management (ERM) frameworks and standards guide organizations to identify, assess, and manage risks. ERM frameworks provide a structured approach to risk management that can be customized to meet each organization’s unique needs. The most widely recognized ERM frameworks include the Committee of Sponsoring Organizations of the Treadway Commission (COSO) ERM framework, the International Organization for Standardization (ISO) 31000 standard, and the Australian and New Zealand Standard AS/NZS 4360. Therefore, the COSO ERM framework was introduced in 2004 and revised in 2017. It includes five interrelated components: internal environment, objective setting, event identification, risk assessment, and risk response. The framework also emphasizes the importance of communication and monitoring to ensure the effectiveness of the ERM program (COSO, 2017). However, the AS/NZS 4360 standard was introduced in 1995 and revised in 2004. The standard provides a systematic approach to risk management that can be applied to any organization, regardless of its size or sector. The standard includes four components: establish the context, identify the risks, assess the risks, and treat the risks. The AS/NZS 4360 standard also emphasizes the importance of communication, monitoring, and review to ensure the risk management program’s effectiveness (Standards & Standards, 2004).

The ISO 31000 standard was first published in 2009 and revised in 2018. The standard provides a principles-based approach to risk management that can be applied to any organization, regardless of its size, type, or sector. The standard consists of three components: the principles of risk management, the framework for risk management, and the process for risk management. The ISO 31000 standard also emphasizes the importance of continual improvement and the integration of risk management into an organization’s governance and decision-making processes (ISO, 2018). However, other ERM frameworks and standards that organizations can consider include the Risk Management Standard from the Institute of Risk Management and the NIST Cybersecurity Framework from the National Institute of Standards and Technology. In summary, ERM frameworks and standards provide organizations with a structured approach to risk management that can be customized to meet their unique needs. Enterprises should carefully evaluate the different frameworks and standards and select the best fit for their objectives, risk appetite, and culture.

ERM Implementation by SMEs

Enterprise risk management (ERM) identifies, assesses, and manages risks affecting an organization’s objectives. Therefore, Enterprise Risk Management (ERM) is essential for all organizations, regardless of size or sector. However, small and medium-sized enterprises (SMEs) face unique challenges in implementing ERM. Although ERM has traditionally been associated with large organizations, small and medium-sized enterprises (SMEs) increasingly recognize its value in improving decision-making, enhancing risk awareness, and increasing resilience. However, SMEs face unique challenges in implementing ERM, including resource constraints, lack of expertise, and difficulty prioritizing risks. According to a study by the International Organization for Standardization (ISO), the benefits of ERM implementation in SMEs include improved risk management, better decision-making, increased stakeholder confidence, and reduced operational costs (ISO, 2018).

Additionally, SMEs that adopt ERM practices may be better positioned to compete with larger organizations and attract investment (Hiebl, 2014). However, implementing ERM in SMEs has its challenges. A study by the Federation of European Risk Management Associations (FERMA) found that resource constraints, lack of expertise, and resistance to change were among the top challenges facing SMEs in implementing ERM (FERMA, 2019). Other studies have also highlighted the difficulty of prioritizing risks and developing risk management strategies with limited resources (Chen et al., 2019).

However, one of the main challenges that SMEs face is a need for more resources, both in terms of personnel and financial resources. SMEs may need dedicated risk management personnel or budgets to implement an ERM program. This lack of resources can make it difficult for SMEs to conduct risk assessments, develop risk management strategies, and implement risk controls (Al-Tarawneh & Al-Smadi, 2018). Another challenge SMEs face is needing more awareness and understanding of ERM. Most SMEs need to understand ERM and how it can benefit their organization. This lack of awareness can lead to a lack of buy-in from key stakeholders and support for ERM initiatives (Al-Tarawneh & Al-Smadi, 2018). SMEs may also face challenges related to the complexity of ERM. ERM can be a complex and time-consuming process, especially for organizations new to risk management. SMEs may need help understanding the different components of ERM, such as risk identification, risk assessment, risk response, and monitoring and reporting (Ziemska & Ciesielska, 2018).

Despite these challenges, SMEs can benefit from ERM implementation by adopting a practical and flexible approach considering their unique circumstances (Hiebl, 2014). This may involve identifying and prioritizing key risks, leveraging existing resources and capabilities, and establishing clear roles and responsibilities for ERM activities. Additionally, SMEs may face challenges related to the cultural and organizational factors that can impact ERM. SMEs may have a less formal organizational structure and culture than larger organizations, making implementing ERM initiatives more difficult. Moreover, SMEs may face challenges related to communication and coordination between different departments and stakeholders (Al-Tarawneh & Al-Smadi 2018). To overcome these challenges, SMEs can use a variety of strategies. For example, SMEs can leverage external resources, such as consultants or industry associations, to provide expertise and support for ERM initiatives. SMEs can also use technology and automation to streamline risk management processes and reduce the burden on personnel.

Finally, SMEs can focus on building a risk management culture within the organization, by promoting awareness of ERM and involving employees in the risk management process (Ziemska & Ciesielska, 2018). In conclusion, SMEs face unique challenges in implementing ERM, including a need for more resources, awareness and understanding, complexity, and cultural and organizational factors. However, SMEs can overcome these obstacles by leveraging external resources, using technology and automation, and building a risk management culture within the organization.

Case Studies on ERM Implementation by Some West African SMEs

Enterprise Risk Management (ERM) has gained significant attention in recent years as organizations seek to manage risk strategically. However, more research must be conducted on ERM implementation in small and medium-sized enterprises (SMEs), particularly in West Africa. This review examines case studies of ERM implementation in SMEs in West Africa, highlighting the challenges and best practices associated with ERM in this context.

One case study examined ERM implementation in a Nigerian construction company. The company implemented ERM in response to a challenging business environment and a desire to improve risk management practices. The company faced challenges related to needing more resources and expertise and employee resistance to change. To overcome these challenges, the company engaged external consultants to provide support and knowledge and focused on building an organizational risk management culture (Ogunsemi et al., 2017). Another case study examined ERM implementation in a Ghanaian food processing company. The company faced challenges related to a lack of understanding of ERM, a lack of senior management buy-in, and a lack of resources to implement ERM. The company engaged in extensive training and awareness-creation efforts to overcome these challenges, established a risk management committee and implemented risk assessments and controls (Gyapong & Boakye, 2020). A third case study examined ERM implementation in a Sierra Leonean mining company. The company faced challenges related to a lack of awareness and understanding of ERM, a lack of resources, and a lack of stakeholder engagement. The company engaged in extensive stakeholder consultation and attention to overcome these challenges, implemented a risk management framework and policies and used technology to improve risk management processes (Kallon & Bangura, 2017).

These studies suggest ERM can be vital in developing SMEs in West Africa. SMEs can mitigate risks and improve performance by adopting ERM frameworks and developing sustainable business processes. However, SMEs in West African countries face several challenges that limit their ability to grow and thrive, including access to finance, limited resources, and inadequate risk management practices. Therefore, these case studies highlight SMEs’ challenges in implementing ERM in West Africa, including needing assistance, improving understanding and awareness, and overcoming resistance to change. Although they also highlight best practices for ERM implementation, including engaging external support, building a risk management culture within the organization, and using technology to streamline processes.

METHODOLOGY

This study employed qualitative methodology to connect an understanding of social aspects of life. It primarily produces words, rather than numerical data, that researchers can use for further analysis (Moriarty, 2011; Dioubate et al., 2015). Qualitative analysts use discourse to gather information from participants, allowing them to respond as needed and comprehend the phenomena under investigation (Cronin, 2014; Dasgupta, 2015). Data was collected through interviews with senior managers in each selected SME. The interviews were conducted using a semi-structured interview guide, allowing flexibility and probing to explore the managers’ experiences and perspectives on ERM implementation. The data collected, in the form of audio-recorded interviews, were transcribed verbatim and coded to identify the themes and subthemes (Laurence et al., 2010; Molok et al., 2013). The themes and subthemes (nodes) were derived from the interview transcripts. However, the code was distributed sequentially to each participant, beginning with P (1) for the first participant and ending with P (10) for the last participant.

Thematic exploration, data collection by observation, interview, and other qualitative data collection techniques were all part of the qualitative research analysis (Dioubate & Daud, 2022; Yin, 2014). Therefore, the data were analyzed using a thematic analysis approach, which involved identifying and categorizing themes from the data. The themes concerning the research questions and relevant literature on ERM and SMEs were examined. The thematic analysis of the themes was derived from the code. It allowed for eliminating and grouping some themes to produce a final set of six themes, and the references were broken down into five distinct nodes (sub-themes). The discovered themes allowed us to achieve the purpose of this study. The study uses purposive sampling to select SMEs in seven countries of West Africa. Overall, the qualitative interview method used in this study provides a rich and in-depth insights into the implementation of ERM by SMEs in West Africa and allows for a deeper understanding of the experiences and perspectives of senior managers in implementing ERM.

FINDINGS

The interview protocol was developed based on a literature review on ERM and SMEs. The findings are based on interviews with 7 participants from West African SMEs. The participants had an average of 5 years of experience. The pseudonyms P (1) to P (7) were assigned to the interview participants.

TABLE 1: Description of the Participants for Interview

PseudonymsDesignations  CountriesExperiencesGenders
P(1)DirectorIvory CoastMore than 5 YearsMale
P(2)DirectorBurkina FasoBelow 5 YearsMale
P(3)DirectorNigerBelow 5 YearsMale
P(4)Chief Executive OfficerLiberiaMore than 5 YearsMale
P(5)ManagerSierra LeoneBelow 5 YearsMale
P(6)Chief Executive OfficerGhanaMore than 5 YearsMale
P(7)Chief Executive OfficerGuineaMore than 5 YearsMale

The next section of the findings summarizes the interview outcomes, as shown in Table 2. Overall, the themes generated from the thematic analysis help guide the research design to provide a comprehensive understanding of the research questions related to ERM and SMEs in West Africa.

TABLE 2: Research Question, Themes, and Sub-Themes

  Research Questions  Themes  Sub-Themes
                         Risk Management Process        Identification of risks
Framework for managing risks  
Effectiveness and value of the process
Challenges in implementing Risk Management Process  Financial challenges
Need to update and adopt new strategies.  
Lack of required skills  
Management of challenges in implementing the Risk Management ProcessAwareness and consultation  
Regular updating and checking for breaking down events
Impact of Risk Management Process on business performance  Most effective Framework/Process
Value of Current Risk Management Process/Framework
Recommendations for Proactive Risk Management Framework implementationTechnical skillsets for Risk Management Executives
Management skills for minimizing Information Technology risk  

Risk Management Process in SMES:

This theme could encompass identifying, assessing, and managing various risks SMEs face in West Africa. It could include exploring different types of risks, such as financial, market, operational, regulatory, environmental, and social risks, among others. It determines the frameworks or processes used by the organization to manage its risks.

Identification of Risks

Respondent P(2) cited that their company operates in the livestock industry, which has high risks, so they keep sanitary follow-up sheets to mitigate risks.

“Our company operates in the field of breeding, an area where the risk is high hence the compulsory need to hold health monitoring sheets.”

However, participant P(1) claimed that they have to follow the norms imposed by the government to identify and prevent the risk.

“Norms are imposed by the Government […] we also refer to previous experience and expertise to identify risk.”

Similarly, participant P(7) notified that they identified the risk by making their analysis.

“As I said, we identify the risk through the analysis of the current situation.”

Participant P(4) said that the framework/process for reducing risk was identified through an IT consultant.

“The IT consultant help us to identify […]. He mentioned its flexibility and effectiveness.”

In the same light, participant P(6) thought that the ways to identify and implement risk management procedures include previous experience.

“The ways to identify and implement risk management procedures include experience-based decision making.”

Framework for Managing Risks

The respondent P(2) mentioned that their company uses a table to manage risks, which means they have a formalized process.

“We have drawn up a summary risk management table in our company.”

Participant P(4) said that the Monitor Security Control (MSC) framework is the most effective process for reducing IT risk in the company.

“Monitor Security Control (MSC) by consistently assessing my system to avoid any breach and fissure.”

Participant P(1) mentioned that they are following the risk management for staff security for safety measures.

“Insurance and safety measures […] risk management procedures by implementing security guidelines and training to follow government requirements, as we are engineers.

However, participant P(7) argued that there needs to be a formal risk management process to identify the risk faced by the current business process.

Here there is lack of formal risk management process[…]. We analyze risk based on our own experience.”

Effectiveness and Value of the Process

Participant P(2) detailed that the company follows biosecurity protocols, and vaccination protocols are the most effective ways to reduce risks and improve performance.

“Follow-up of the biosecurity protocol and the vaccine protocol.”

In the same light, participant P(6) recommended:

“The process for reducing risk and increasing business performance includes partnership and collaboration to share risk and experience with others.”

Moreover, based on the view of P(2), the company finds the current risk management framework/process highly valuable.

“It is very important and valuable to implement the framework.”

To have a proactive risk management in the company, participant P(7) mentioned:

Tools implementation of a risk management framework can add value importance.

Besides, the participant P(3) mentioned:

“ERM gives us the value of business expansion and the potentiality for our enterprise to become an international company.”

The first theme detailed the company’s risk management framework/process. The sub-themes focus on different aspects of this procedure, such as using a risk management table to manage risks and identifying and implementing the strategy in the company. The framework’s most effective components are the increased value of the current framework to the organization. This theme highlights the importance of a structured risk management process to manage risks effectively.

Challenges in Implementing Risk Management Process

Implementing a risk management framework/process is also noted for reducing IT risk, flexibility and effectiveness. However, there are challenges to ERM implementation by SMEs in West Africa such as, a lack of resources, limited expertise, resistance to change, and competing priorities. Addressing these challenges requires collaboration between SMEs, government agencies, academic institutions, and other stakeholders.

Financial Challenges

Participant P(1) mentioned that their main challenge  is financial.

“We have financial challenges, funding and expenses, payment and taxes. Also information sharing and proprietary information.”

Based on the view of participant P(6), an effective enterprise risk management process requires self-financial support.

“Financing strategies to manage risk, is by avoiding loans and secure self-financing.

Moreover, the participant P(5) highlighted some challenges that may be faced in implementing an Enterprise Risk Management framework:

“Resistance of staff to change, lack of resources, lack of awareness or misunderstanding of risk management, and cultural barriers”

Need to Update and Adopt New Strategies

The respondent P(4) stated that factors that influence the implementation of the framework include the regular availability of the internet and regular training of the team to implement the framework.

“At times, we need to update the whole system and adopt a new strategy, which requires a new set of skills that might not be available with us at the enterprise.”

Accordingly, respondent P(2) indicated that the main problem they faced was complying with sanitary protocols on the livestock farm.

“The major problems encountered were the difficulty of respecting health protocols on the farm.”

Participant P(3) highlighted the influence of illegal business practices and their negative impact on legal businesses.

“There is a need to stop those who are doing money exchange illegally. There is a need for government’s intervention to solve the issue.”

Lack of Required Skills

Participant P(4) highlighted that the challenges faced in implementing the framework include the need for more required IT skills, which were managed through regular updating and revisiting of the sites.

“Lack of required IT skills, especially the new ones to apply Monitor Security Control (MSC).”

According to Participant P(7), the challenge faced in implementing the risk management process is needing more practical experience.

“Challenges of relying on the use of personal experience and subjectivity.”

The challenges faced in implementing ERM include needing more required IT skills, managed through regular updating and revisiting of the sites. Furthermore, factors that influence the implementation of the framework/process include the regular availability of the internet and regular reskilling of the team.

Management of Challenges in Implementing the Risk Management Process

This theme relates to the strategies to deal with the challenges encountered while implementing the risk management process. It concerns risks faced by SMEs in the West that can impact their operations and profitability.

Awareness and Consultation

The respondent P(2) stated that the company addresses challenges by raising awareness and conducting surprise inspections.:

“By raising awareness and spot checks on the farm.”

Participant P(7) believed that to manage the challenges, we need to get more information by researching the internet.

“Overcoming challenges through research and experience about a risk management process.”

Additionally, participant P(6) believed:

“Seeking advice from experienced partners and managing unforeseen obstacles.”

Moreover, participant P(4) highlighted the importance of ongoing monitoring by consulting and adaptation to ensure the effectiveness of the IT risk management framework.

“Of course, that is principally done by IT personnel. We need to consult them.”

Regular Updating and Checking for Breaking Down Events

Participant P(4) also mentioned that they managed the challenges by regularly updating and revisiting their sites to identify threats.

“I did manage them through a regular updating and revisiting my sites to see whether there is a threat.”

However, the Participant P(1) proposed:

“To manage the challenges, we have to overcome financial issues, develop Risk Management Strategies and find solutions to implementation.”

Participant P(3) proposed:

“As a money changer enterprise, we are seeking to minimise the risk and to make reporting to the government bank (BCAO) the identity of individuals exchanging money.”

According to participant P(6), the breakdown event management is handled by seeking advice from people:

“Seeking advice from experienced partners and managing unforeseen obstacles.”

This theme focuses on how the participant overcame the challenges while implementing the IT risk management framework. The participant mentioned regularly updating and revisiting the system to check for threats.

Impact of Risk Management Process on Business Performance

The theme demonstrates the importance of business process improvement to enhance ERM practices in SMEs. Business process improvement may include identifying and addressing process inefficiencies, establishing policies and procedures, and implementing effective communication strategies. This theme shows how using a risk management process can influence the commercial performance of the organization.

Most Effective Framework

Participant P(4) said that the implementation of Monitor Security Control (MSC) by consistently assessing the system is to avoid any breach and fissure.

“Monitor Security Control (MSC) by consistently assessing my system to avoid any breach and fissure.”

Similarly, Participant P(2) also stated about the follow-up of the biosecurity protocol and the vaccination protocol, which is the process of managing the risk in the enterprise:

“Follow-up of the biosecurity and vaccine protocols to reduce risks and improve performance.”

Value of Current Risk Management Framework

In addition, respondent P(4) also stated that the risk management process is fundamental to their organization. It is related to the value of the current risk management framework for the organization.

“This risk management control brings value […] and it is very important.”

Similarly P(2) also mentioned that:

“There is a positive influence on business performance through improved production and lower mortality rates.”

The participant P(6) stated:

“Process for reducing risk and increasing business performance is the best in this […].”

This theme relates to the risk management framework the participant considers most effective. The study may demonstrate that implementing ERM practices can lead to various benefits, such as increased competitiveness, improved financial performance, and enhanced reputation and credibility.

Recommendations for Proactive Risk Management Framework Implementation

The theme describes the regular availability of the internet and regular reskilling of the team as crucial factors. It is essential because it highlights the importance of technical and organizational aspects in successfully implementing an IT risk management framework.

Technical Skillsets for Risk Management Executives

Participant P(4) mentioned the need to have cybersecurity skills.

“Cybersecurity risk management skills are needed.”

Participant P(5) determined that practical skills is needed for implementing a good risk management framework.

“Effective risk management requires a combination of technical and management skills, as well as a commitment to continuous improvement.”

Participant P(3) believed:

“We need some equipment like computers and machines to detect counterfeit notes, and also a well-educated staff.”

Management Skills for Minimizing IT Risk

Participant P(4) emphasised the need for effective communication and knowledge sharing.

“Effective communication […] and sharing knowledge.”

Further, the Participant P(4) added:

“Constant and regular monitoring of the whole system by the leaders themselves or through trusted skilled personnel.”

Similarly, participant P(2) stated about the update of the management sheet:

“Regular updating of management sheets and regular monitoring.”

According to participant P(7), managerial skills are needed for enterprise operational risk management.

“Need for specific managerial skills in risk management.”

In addition, participant P(3) said:

“Our employees must be well trained and educated. The importance of well-trained is to have careful staff.”

Overall, the theme mentioned the best practices and management skills required for minimizing risk and recommendations for a proactive ERM. Furthermore, this underscored the need for a well-trained technical staff to protect digital and physical material. Technical employees must be trained in risk management to protect any assets. More so, there is a need for a collaborative approach to ERM. Effective ERM requires collaboration and engagement with key stakeholders, including employees, suppliers, customers, and regulators.

DISCUSSION

Participants from all seven SMEs in this survey agreed that SMEs in West Africa face various risks that can impact their operations and profitability. These risks include economic, political, social, and environmental factors. The findings are consistent with previous research highlighting the risk factors affecting SMEs in West Africa (Asiedu & Turkson, 2018). The findings of the study suggest that adopting an ERM framework can help SMEs manage risks more effectively and improve their overall performance. Effective business processes are critical in implementing ERM by SMEs in West Africa. Adopting ERM requires a cultural shift in SMEs, where risk management becomes integral to their business processes and decision-making.

There are challenges to ERM implementation by SMEs in West Africa, such as a lack of resources, limited expertise, resistance to change, and competing priorities. Addressing these challenges requires collaboration between SMEs, government agencies, academic institutions, and other stakeholders. The study findings are consistent with previous research highlighting the challenges associated with ERM implementation by SMEs (Abidin, Jantan, & Hamzah, 2019). The authors noted that addressing these challenges requires collaboration between SMEs and other stakeholders, including government agencies, academic institutions, and industry associations. The case study analysis of specific SMEs in West Africa highlights the practical aspects of implementing an ERM framework in a real-world context. The analysis can provide insights into SMEs’ challenges and opportunities in West Africa.

The study findings are consistent with previous research highlighting the cultural and organizational challenges associated with ERM implementation (Beasley, Pagach, & Warr, 2016). The authors note that adopting ERM requires a cultural shift in SMEs, which can be facilitated through effective leadership, organizational change management, and staff training. However, implementing an ERM framework can help West African SMEs manage risks more effectively and improve their overall performance. Besides, there is a need to implement the critical components of a practical ERM framework which may include risk assessment, risk mitigation strategies, risk monitoring, and reporting. The study findings are consistent with previous research highlighting ERM’s importance in improving SMEs’ performance (Azizi & Nafar, 2019; Chen, Chen, & Chen, 2018). The authors note that ERM can help SMEs to anticipate and manage risks more effectively, leading to better decision-making and increased competitiveness.

Business processes are critical in implementing ERM by SMEs in West Africa. Effective business processes may include financial, human resources, supply chain, and quality management. The study findings are reliable, with previous research highlighting the role of effective business processes in ERM implementation (Kasih & Cholid, 2019). The authors noted that effective business processes are essential for ensuring the successful implementation of ERM in SMEs, as they provide the foundation for effective risk management practices. Therefore, the benefits of ERM implementation for SMEs in West Africa include improved risk awareness, better decision-making, enhanced stakeholder confidence, and increased competitiveness in the market.

The study findings are consistent with previous research highlighting the benefits of ERM implementation for SMEs (Chen et al., 2018). The authors noted that the benefits of ERM implementation by West African SMEs extend beyond risk management, including improved financial performance, stakeholder relations, and strategic planning. Recent research has emphasized ERM’s importance in enhancing SMEs’ performance, particularly in developing countries such as West Africa (Ibrahim, Yaro, & Ladan, 2020; Kawa & Kwaku, 2021). The study findings are consistent with this research. They suggest that SMEs in West Africa can benefit from adopting ERM frameworks to improve their risk management practices and enhance their competitiveness in the market. In conclusion, this study has provided valuable insights into the challenges and opportunities West African SMEs face in managing risks and implementing ERM frameworks.

CONCLUSION

This qualitative study aimed to explore ERM in small and medium-sized enterprises (SMEs). In West Africa, it focuses on identifying the challenges and opportunities for implementing ERM in this context. The study has shed light on several key findings through a literature review, case study analysis, and stakeholder interviews.

     Firstly, SMEs in West Africa face various risks that can impact their operations and profitability, including economic, political, social, and environmental factors. Implementing an ERM framework can help SMEs in West Africa manage risks more effectively and improve their overall performance. However, this requires a cultural shift in the organization and the adoption of effective business processes. Secondly, the study has highlighted the critical components of a practical ERM framework for SMEs in West Africa, which include risk assessment, risk mitigation strategies, risk monitoring, and reporting. The study has also identified the importance of effective business processes, such as financial management, human resource management, supply chain management, and quality management, in implementing ERM by SMEs.

     Thirdly, the study has identified the benefits of ERM implementation for SMEs in West Africa, such as improved risk awareness, better decision-making, enhanced stakeholder confidence, and increased competitiveness in the market. However, the study has also highlighted the challenges to ERM implementation by SMEs in West Africa, such as lack of resources, limited expertise, resistance to change, and competing priorities. Finally, the study has emphasized the importance of collaboration between SMEs, government agencies, academic institutions, and other stakeholders in addressing the challenges and opportunities for ERM implementation by West African SMEs.

     The study has contributed to the theoretical understanding of ERM implementation by SMEs in West Africa by providing empirical evidence on the key drivers and barriers to successfully adopting ERM practices in this context. It identified the factors influencing the adoption of ERM practices by SMEs in West Africa. This study has the potential to enhance the competitiveness of these firms and contribute to economic growth and development in the region. Overall, the study has provided valuable insights into the enterprise risk management framework and business processes of SMEs in West Africa and the challenges and opportunities for implementing ERM in this context. These findings can inform policymakers, business leaders, and other stakeholders in supporting SMEs and promoting sustainable economic development in the region.

REFERENCES

  • Abdul Molok, N. N., Chang, S., & Ahmad, A. 2013. “Disclosure of Organizational Information on Social Media: Perspectives from Security Managers,” in Pacific Asia Conference on InformationSystems 2013, pp. 1-12.
  • Abidin, I. S. Z., Jantan, M., & Hamzah, M. R. (2019). The challenges of enterprise risk management implementation in SMEs: A review. International Journal of Recent Technology and Engineering, 8(2), 2632-2638.
  • Adimado, A. A., & Osei-Kyei, R. (2019). Enterprise risk management and small and medium-sized enterprises (SMEs) performance: evidence from West Africa. Journal of Small Business and Enterprise Development, 26(6), 799-818.
  • Akinyomi, O. J., Ogunjobi, J. O., Adegbite, O. S., & Adesina, T. O. (2020). Enterprise risk management (ERM) framework for Nigeria’s small and medium-sized enterprises (SMEs). African Journal of Economic and Management Studies, 11(2), 220-230.
  • Al-Tarawneh, H., & Al-Smadi, M. (2018). The challenges of implementing enterprise risk management in small and medium enterprises. Journal of Business and Retail Management Research, 12(2), 121-132.
  • Asiedu, E. A., & Turkson, F. K. (2018). Risk management practices of small and medium scale enterprises (SMEs) in Ghana. Journal of Risk and Financial Management, 11(3), 1-19.
  • Azizi, Z., & Nafar, M. (2019). Enterprise risk management in small and medium-sized enterprises: A systematic review of the literature. Journal of Small Business Management, 57(4), 1514-1536.
  • Badamasi, B., & Utulu, S. C. A. (2021). Framework for Managing Cybercrime Risks in Nigerian Universities. arXiv preprint arXiv:2108.09754.
  • Beasley, M. S., Branson, B. C., & Hancock, B. W. (2010). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy, 29(4), 291-308.
  • Beasley, M. S., Pagach, D., & Warr, R. (2016). The effect of enterprise risk management on the firm value: A dynamic panel analysis. Journal of Financial and Quantitative Analysis, 51(3), 985-1010.
  • Chen, Y.-S., Chen, C.-P., & Wu, T.-T. (2019). The implementation of enterprise risk management and firm performance: Empirical evidence from Taiwan. Journal of Risk and Financial Management, 12(2), 76.
  • Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2017). Enterprise Risk Management – Integrating with Strategy and Performance. Retrieved from https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf
  • Cronin, C. (2014). Using case study research as a rigorous form of inquiry. Nurse Researcher, 21(5), 19-27. doi:10.7748/nr.21.5.19.e1240.
  • Dasgupta, M. 2015. Exploring the relevance of case study research. Vision: The Journal of Business Perspective, 19, 147-160. doi:10.1177/0972262915575661.
  • De Paoli, M. (2015). Risk management in organizations: An integrated case study approach. New York, NY: Routledge.
  • Dioubate, B. M., & Daud, W. N. (2022). A Review of Cybersecurity Risk Management Framework in Malaysia Higher Education Institutions. International Journal of Academic Research in Business and Social Sciences, 12(5), 1031–1093. https://doi.org/10.6007/IJARBSS/v12-i5/12924
  • Dioubate, B.M., Molok, N.N.A., Talib, S. and Tap, AOM 2015. Risk assessment model for organizational information security. ARPN Journal of Engineering and Applied Sciences, 10(23), pp.17607-17613.
  • FERMA (2019). European Risk Manager Report 2018. Retrieved from https://www.ferma.eu/publication/2018-european-risk-manager-report/(3.1.2020).
  • Gueye, A., & Diallo, M. A. (2019). Enterprise risk management in small and medium-sized enterprises in Senegal. Journal of Risk Research, 22(5), 632-645.
  • Gyapong, E. A., & Boakye, I. (2020). Enterprise Risk Management in Small and Medium-Sized Enterprises (SMEs): A Case Study of a Food Processing Company in Ghana. Journal of Risk and Financial Management, 13(10), 214.
  • Hashim, R., & Razali, R. 2019. Contributing Factors for Successful Information Security Management Implementation: A Conceptual Model. International Journal of Innovative Technology and Exploring.
  • Ibrahim, A. M., Yaro, I. S., & Ladan, M. A. (2020). The impact of financial risk management on the performance of small and medium enterprises in Nigeria. International Journal of Accounting and Finance, 10(4), 327-346.
  • International Finance Corporation. (2021). Doing Business 2021: Ivory Coast. https://www.doingbusiness.org/content/dam/doingBusiness/country/c/cote-divoire/CIV.pdf
  • https://www.iso.org/iso-31000-risk-management.html.
  • Kallon, K., & Bangura, A. K. (2017). The Implementation of Enterprise Risk Management in a Mining Company in Sierra Leone. International Journal of Economics, Commerce and Management, 5(5), 119-134.
  • Kasih, Y., & Cholid, I. (2019). The role of social media on the performance of micro, small and medium enterprises (MSMEs) in Palembang City. Insight Journal (IJ), 5(26), 225-231.
  • Kawa, A. Y., & Kwaku, A. (2021). Enterprise risk management and firm performance of SMEs in Ghana: The moderating role of firm size. Journal of Risk and Financial Management, 14(3), 98.
  • Kone, A. S., Kone, S., Soro, A., & Vakaramoko, D. (2021). Enterprise risk management and business process of small and medium-sized enterprises in West Africa: Case study of Sierra Leone, Guinea, Mali, Senegal, and Ivory Coast. Journal of African Business, 22(1), 69-87.
  • KPMG. (2019). Enterprise risk management: Turning risks into opportunities. Retrieved from https://home.kpmg/content/dam/kpmg/xx/pdf/2019/04/enterprise-risk-management-turning-risks-into-opportunities.pdf
  • Laurence, C. O., Williamson, V., Sumner, K. E., Fleming, J., & others. (2010). Latte rural”: The tangible and intangible factors important in recent GP graduates’ choice of rural    practice. Rural Remote Health, 10(2), 1316.
  • Moriarty, J. (2011) Qualitative Methods Overview. Methods review, 1. London: NIHR School for Social Care Research.
  • Ofoegbu, O. C. (2019). Small and Medium Enterprises (SMEs) Financing in West Africa: Constraints and Prospects. Journal of Economics and Sustainable Development, 10(6), 48-57.
  • Ofori-Dwumfuo, G., & Owusu-Frimpong, N. (2020). The effect of enterprise risk management on the financial performance of small and medium enterprises (SMEs) in Ghana. Journal of Risk and Financial Management, 13(1), 16.
  • Ogunsemi, D. R., Ajayi, I. O., & Ayo-Vaughan, E. O. (2017). Risk management practices in the construction industry in Nigeria. Journal of Engineering, Design and Technology, 15(4), 443-457.
  • RIMS. (2021). The RIMS Risk Management Framework. Retrieved from https://www.rims.org/resources/the-risk-management-framework/Pages/default.aspx
  • RW Hiebl, M. (2014). Risk aversion in the family business: The dark side of caution. Journal of Business Strategy, 35(5), 38-42.
  • Sawadogo, J. R., & Zerbo, H. (2018). Factors influencing the adoption of enterprise risk management (ERM) by SMEs in Burkina Faso. Journal of Small Business and Enterprise Development, 25(4), 651-669.
  • Standards Australia and Standards New Zealand. (2004). Risk Management Standard AS/NZS 4360. Retrieved from https://www.standards.org.au/standards-catalogue/sa-snz/publicsafety/wd-2006
  • Talet, A. N., Mat-Zin, R., & Houari, M. (2014). Risk management and information technology projects. International Journal of Digital Information and Wireless Communications (IJDIWC), 4(1), 1–9.
  • World Bank. (2019). Sub-Saharan Africa: Small and Medium Enterprises. Retrieved from https://www.worldbank.org/en/region/afr/publication/enterprise-survey-data-on-small-and-medium-enterprises
  • Ziemska, K., & Ciesielska, D. (2018). Challenges in implementing enterprise risk management in small and medium-sized enterprises. Engineering Management in Production and Services, 10(1), 54-66.

Balla Moussa Dioubate

Mr. Balla Moussa Dioubate is a PhD student at the Faculty of Business & Management, University Sultan Zainal Abidin, Malaysia. He received his Master's in Information Technology by Research (MIT) from the International Islamic University Malaysia after completing a Bachelor's degree in Information and Communication Technology (ICT) from the same university. He also holds a second Master's degree in Business Administration (MBA) from Geomatika University College. In 2016, he worked as a lecturer in IT subjects (Human-Computer Interaction, Computer Organization & Architecture, and Operating Systems) at Geomatika University College Malaysia. From 2012 to 2015, he worked as a tutor for Calculus 1, Discrete Mathematics, and Elementary Statistics at the International Islamic University Malaysia. Since 2017, he has been teaching at Global Indian International School (GIIS) Malaysia. His current research interests include information security risk management in higher education institutions. Since 2020, he has been a Research Assistant for the research grant sponsored by the Ministry of Education Malaysia (FRGS), titled "Cybersecurity Risk Management Framework in Malaysian Higher Education Institutions." With more than 9 years of experience in teaching and researching, Mr. Balla Moussa Dioubate has published numerous proceedings articles for international conference presentations, journal articles, and research projects; mainly in the areas of information security risk assessment, cybersecurity risk management, and information security risk management in higher education institutions.

View all posts by Balla Moussa Dioubate →

You might also like

SMEs in North Africa: Opportunities and Challenges

Language Education in Nigeria

The Entrepreneur