‘ ENTERPRISE RISK MANAGEMENT ’ ESSENTIAL FOR SURVIVAL AND SUSTAINABLE DEVELOPMENT OF MICRO , SMALL AND MEDIUM ENTERPRISES

The part that Micro, Small and Medium Enterprises (MSMEs) play, both in developed and developing countries, cannot be over emphasized and therefore their existence and survival is a matter of concern not only for the policy makers but also for the researchers. Large number of MSMEs die the same year that they are established. The current research was taken up to understand how MSMEs manage their risk and whether enterprise risk management is essential for survival and sustainable development of MSMEs. The objective of the research was to (1) understand the peculiar nature of the MSMEs which make them vulnerable, (2) explore the various risks confronted by MSMEs, (3) understand how the MSMEs manage their risk, (4) understand ‘Enterprise Risk Management’ and its components and (5) explore the relevance of ‘Enterprise Risk Management’ for the survival and sustainable development of MSMEs. The results show that MSMEs by virtue of their size, inadequate resources and restricted know-how generally confront wide-ranging risks. In MSMEs the management of risk is concentrated in the hands of the owner-managers and there are no systemic linkages between the planning and risk management. Therefore, this study stresses the need for integrating an effective enterprise risk management system with planning and administration within the MSMEs, to avoid fatal consequences. KEYWORD: risks, risk management, enterprise risk management, sustainable development JEL:D22,G32,L53, M13


Introduction
According to Luper and Kwanum (2012), Micro, Small and Medium Enterprises (MSMEs) constitute 99 per cent of all enterprise in Singapore, 95 per cent to 99 per cent of business entities in Organization for Economic Co-operation and Development (OECD) countries.In South Africa the rate is equally high with 90 per cent being MSMEs contributing 80 per cent of employment in the country.In India they contribute 8 percent of the national GDP, comprises 50 percent of total manufactured exports, 45 percent of people employed in Indian industries and 95 percent of all industrial units (Ravi, 2009).So it may be righty said that Micro, Small and Medium Enterprises (MSMEs) play significant role in industrialization, economic growth and sustainable development of an economy (Ariyo, 2005).According to CBN (2011) and Luper and Kwanum (2012), MSMEs are crucial to the growth of any economy, as they have potential for generation of employment, upgradation of local technology, promotion of entrepreneurship amongst indigenous people and forward assimilation with large-scale organizations.According to FSD (2007) and Azende (2012) MSMEs may look trivial or insignificant but they actually they lay down the foundation of an economically steady country.The plausible advantages which MSMEs renders to a country`s economy include: contribution in terms of production of goods and services, job creation with relatively small capital outlay, reduction in income disparities, development of skilled and semi-skilled labors and alleviation of poverty (Rogerson, 2001).They strengthen both forward and backward linkages amongst communally, financially and geologically diverse sectors of an economy, thereby integrating indigenous people in economic mainstream of the country and also create prospects to cultivate and nurture entrepreneurial and managerial skills within a country (FSD, 2007).As MSMEs are engine for economic growth (Kpelai, 2009), their survival and sustainability is crucial not only for them, but also for the growth and development of a nation as a whole (Ife, 2011).
Micro, Small and medium enterprises (MSMEs) operate in the same business environment as the large corporate houses, but without associated benefits like adequate capital and efficient manpower.They also confront growing competition and pressure fueled by de-regulation, liberalization, globalization and technological disruptions.Berry et.al., (2002); Laforet, Tann, (2006) stated that many micro, small and medium enterprises tend to flourish in difficult times due to closeness to their clienteles, openness to adapt change, malleability and agility, but several others become subject to external blows.Raghavan (2005) noted that MSMEs sectors usually have sole proprietorship and partnership lead by owner-managers.Schultz, (2001) said that MSME owner-managers need to be aware of potential risks, be conversant with risk identification and risk mitigation (Leopoulos et al., 2006), or else they can suffer catastrophic consequences.(Kirytopoulos et al., 2001;Banham, 2004) in their study found that MSMEs need to incorporate risk management into their day to day operations, to combat uncertainties in the business environment, safeguard desired yield and ensure survival and sustainability.

Objective of the Study
The current research was taken up to understand how Micro, Small and Medium Enterprises manage their risk and whether enterprise risk management is essential for survival and sustainable development of MSMEs.The objective of the research was to (1) understand the peculiar nature of the MSMEs which make them prone to risk, (2) explore the various elements of risk which are usually confronted by MSMEs, (3) understand how the MSMEs manage their risk, (4) understand 'Enterprise Risk Management' and its components and (5) explore the relevance of 'Enterprise Risk Management' the survival and sustainable development of MSMEs.

Peculiar Nature of MSME
Micro, Small and medium enterprises by virtue of their size and the mode of operation are subject to numerous risks.The various peculiarities of MSMEs enterprises, which makes them vulnerable are limited access to finance, inadequate capital, instability, no records lack of proper records, lack of technology, lack of entrepreneurial and management skills, small scale operations with low growth potential (Mwaniki, 2006).Raghavan (2005) pointed out that MSMEs, due to their insignificant size and inherent limitations, might not have sufficient wherewithal, to manage and control risks, which make them susceptible to enterprise risks.

Risks Specific to MSME
Like every organization MSMEs face several risks.Determining the components of risk in MSMEs is complex due to great heterogeneity and difficulty in separating business from owner / management (St-Pierre and Bahri, 2006).According to Institute of Charted Accountants (Alpa, et al. 2005) and Singapore Government (2012), the most pressing challenges faced by MSMEs were: high degree of employee turnover, shortage of skilled staff, IT risk, market changes and image impairment.Raghavan (2005) identified the key risks being faced by MSMEs as: business entity which results in absence of professional approach and excess reliance on one or two persons; lack of leverage on financial structure; intensive competition; insufficient profits; poor recovery of book debts; inability to cope with technological advancement, high employee turnover and shallow business understanding among MSMEs.Globally, MSMEs experience difficulty in securing finance because of the high level of risk and insufficient level of return associated with them (St-Pierre & Bahri, 2006; International trade centre, 2009).Risks towards MSMEs can also be classified on the basis of their sources like: risks posed by customers, risks posed by suppliers, risks posed by staff, etc., (CPA Australia, 2009).According to Cotner and Fletcher (2000), the overall risk of MSMEs is a by-product of 'financial risk' and 'business risk', with business risk comprising risk categories such as management risk (inadequate management knowledge, etc.), commercial risk (client risk and market risk) and technological risk (technology implementation, and R&D etc.).

Risk Management in MSMEs
Generally, MSMEs have been defined as high risk ventures with little or no structure for managing risks.According to Federation of European Risk Management Associations (2002) MSMEs were no different from other organizations, but their sizes made them vulnerable to risk, and they rarely have adequate resources to employ dedicated risk management professionals.Mwaniki (2006) in the study revealed MSMEs had weak risk assessment and management strategies in place.Often MSMEs had lack of business records, inadequate staff training, lack of relevant skills to for good decision making, inadequate capacities to manage risks.Ingirige et. al., (2008), observed that MSMEs specially suffered from poor planning, susceptibility to cash flow disturbances, lack of capital for recovery, unsuccessful interactions with national agencies, infrastructure problems, myopic mindset and organizational culture and access to technical know-how to tackle perceived exposure to risk.

Enterprise Risk Management
As businesses grows so does the risks.Thus, organizations need to adapt an integrated approach of risk management to mitigate risk.The concept of 'Enterprise Risk Management' was developed in the mid-1990s (David, O. & Desheng, W., 2008) to meet the requirement of business growth and risk management.Stephen, D. (2001) extracted the Casualty Actuarial Society definition of 'Enterprise Risk Management' as: The process through which business entities in different sectors can measure, govern, exploit, finance and monitor risks from all sources, in order to increase the value of shareholder stake in business.While traditional risk management considers risk as distinct threat, 'Enterprise Risk Management' views risks in the context of overall business strategy, and advocates to identify, measure, respond to and prevent or monitor risks and uncertainties.Traditionally risk management focuses on downsizing the possible losses from risk events, whereas 'Enterprise Risk Management' encourage management to identify risks with both the possibility of inherent gain and potential adverse impact (Investopedia, 2013).The two most well-known 'Enterprise Risk Management' frameworks include one by Casualty Actuarial Society (CAS) and the other by Committee of Sponsoring Organizations of the Treadway Commission (COSO).The Casualty Actuarial Society conceptualized 'Enterprise Risk Management' as a means to increase the value of an organization and the process of 'Enterprise Risk Management' was governed by the nature of risk: hazard risk, financial risk, operational risk and strategic risk (CAS, 2013).COSO`s 'Enterprise Risk Management' framework is much comprehensive in nature and comprises of eight interrelated components which need to be integrated in the management process to ensure effective and efficient use of resources, resulting in financial profit along with compliance of laws and regulations.

Components of 'Enterprise Risk Management'
As proposed by (COSO, 2004) the 'Enterprise Risk Management' consists of eight interrelated components which must be integrated with the management process.The interrelated elements are explained below:  Internal Environment: The internal environment comprises of the core philosophy of an enterprise, which influences the risk consciousness of its workforce and formulates the base for enterprise risk management.It incorporates discipline and code of conduct.Internal environment thus contains establishment's risk management beliefs; it`s risk appetite; responsibility of the board of directors; the integrity, ethical values, capability of its workforce; the way management allocates duties, authorities, responsibilities and nurtures its people.
 Objective Setting: Every organization faces a wide range of risks both from the internal and external sources, and therefore the establishment of clear objectives becomes a prerequisite to effective event identification, risk assessment, and risk response.The objectives need to be set at strategic level, encompassing the goals and objectives earmarked for operations, reporting, and compliance.Objectives should be brought in line with the organization`s risk appetite, which drives risk tolerance in the organization.
 Event Identification: Management needs to recognize possible events that, if occur, will affect the organization, and then conclude whether those events exemplify prospects or whether they might negatively affect the organization`s ability to effectively implement strategy and accomplish goals.Events with adverse impact epitomize risks, which necessitate management's assessment and response.
Events with positive impact epitomize opportunities, which management needs to channelize into its strategy and objective-setting procedures.
 Risk Assessment: Risk assessment helps an organization to contemplate the extent to which probable events will have an impact on accomplishment of goals.Management evaluates events from two viewpoints -probability of occurrence and the effect it will create.It normally uses a combination of qualitative and quantitative methods for evaluation.Risks are measured on both an in-built and a residual basis.The positive and negative impacts of potential events should be scrutinized, on individual aspects and on group, and also across the organization.
 Risk Response: After having evaluated the pertinent risks, management then determines how it will respond to it.Responses may consist of risk evasion, risk minimization, risk sharing, and risk acceptance.Before finalizing its response, management evaluates the consequences of the response in terms of: probability and impact, costs-benefits analysis, possibility of crafting residual risk.Management also tries to identify any opportunity that might be existing, and formulates an organization-wide, opinion of risk, to decide whether overall residual risk is within the organization`s risk appetite.
 Control Activities: Control activities include the guidelines and processes that make sure that management's risk responses are carried out effectively.Control activities take place all over the organization, at all levels and in all functions.They include a wide range of activities as varied as -approvals, sanctions, authentications, settlements, appraisals of operating performance, security of assets, and classification and allocation of duties and responsibilities.
 Information and Communication: Relevant information is recognized, seized, and transferred in a manner and timeframe that allows people to carry out their respective tasks.Information system procures data both from the internal and external sources, makes available necessary information for managing risks and making informed decisions.Effective communication occurs only when there is free flow of information from top to bottom, from bottom to top and across all departments.It is necessary that all personnel understand their own role in enterprise risk management, and also how their individual activity relates to the work of others.There should also be effective communication with external parties, such as clienteles, merchants, officials, and stockholders.
 Monitoring: Enterprise risk management can be accomplished through ongoing monitoring and evaluations.Ongoing monitoring usually transpires in the normal course of management activities.The scope and frequency of discrete evaluations is principally governed by the assessment of risks and the effectiveness of ongoing monitoring processes and techniques.Any shortcoming in the procedures must be reported to top management and the board of directors.