E-ISSN:2583-1747

Research Article

Risk Management

Management Journal for Advanced Research

2022 Volume 2 Number 2 April
Publisherwww.singhpublication.com

Decision-Making Risk Management in Indian Industries

Dushyant Gupta1*
DOI:10.54741/mjar.2.2.5

1* Dushyant Gupta, Parttime Lecturer, School of Management Studies, University of Hyderabad, Hyderabad, Andhra Pradesh, India.

Indian corporations' risk management practises are examined in this study. Enterprise-wide risk management (ERM) implementation can be broken down into three broad categories: enabling factors in the organisation, ERM practises, and ERM effects. In literature, each of the elements has been discussed in detail; however, it is desirable to link the elements in a more complete manner. More than a dozen ERM practises and enabling factors were surveyed from a sample of 106 senior executives in this study. Three main components can be used to explain ERM practises: the Risk Management Structure, the Risk Records, and the Risk Activities. Statistical tests reveal that public and private sector practises differ. Executives in the service sector had a clear advantage over their counterparts in the non-service sector when it came to risk management practises. It is hypothesised that each component has a number of enablers, such as management information systems (MIS) and enterprise resource planning (ERP). Enabling factors for ERM implementation should be bolstered, and practises from the service sector and public or private sector enterprises should be adopted to ensure success, according to a new study.

Keywords: enterprise risk management, public and private sector, comparison

Corresponding Author How to Cite this Article To Browse
Dushyant Gupta, Parttime Lecturer, School of Management Studies, University of Hyderabad, Hyderabad, Andhra Pradesh, India.
Email: 		Dushyant Gupta, Decision-Making Risk Management in Indian Industries. Manag. J. Adv. Res.. 2022;2(2):22-27.
Available From
https://mjar.singhpublication.com/index.php/ojs/article/view/17

Manuscript Received Review Round 1 Review Round 2 Review Round 3 Accepted
2022-03-30 2022-04-11 2022-04-26
Conflict of Interest Funding Ethical Approval Plagiarism X-checker Note
None Nil Yes 10.22

© 2022by Dushyant Guptaand Published by Singh Publication. This is an Open Access article licensed under a Creative Commons Attribution 4.0 International License https://creativecommons.org/licenses/by/4.0/ unported [CC BY 4.0].

Manag. J. Adv. Res. 2022;2(2)22
Dushyant G. Decision-Making Risk Management

Introduction

To put it another way, a risk is a future event whose outcome is unknown at the time of its definition. Risks can bring both positive and negative outcomes to a business, and the magnitudes of these outcomes can range from small to enormous. One can find a list of 10 commonly used definitions in a treatise by Aven and Renn (2009). Since the 19th century, academic literature has discussed risk in the context of commerce, economics, and law. For nearly a century, people's and money's aversion to risk has been well documented. Fama's classic works on risk and financial returns helped to popularise the link between risk and financial returns in business research in the second half of the 20th century. On the front of decision-making, it was also recognised early on that successful businesses require an analytical evaluation of their dangers. Even in the 1960s, Greene (1969) advocated for finding the right mix of opportunity and stability.

In the last 25 years, our understanding of business risks has grown tremendously. A number of academics and consultants have advocated for business risk management, which includes alternatives like integrated risk management (Miller 1992), a holistic approach to enterprise-wide risks (Palmer 1999), using analytics to predict the future (Duckert 2010), and seeing risks as integral to [corporate] governance (Frigo 2011). It has become increasingly common for companies to use the Committee of Sponsoring Organizations' COSO/ERM framework for risk management. Many publications are available to today's business managers, supplying them with up-to-date information on the risks their companies face and the various ways they can manage those risks. BMI Research publishes an India Country Research Report every quarter; the Reserve Bank of India releases a Financial Stability Report every quarter, with a perceptual survey of systemic risks to the economy every six months; and the Federation of Indian Chambers of Commerce and Industries conducts an annual India Risk Survey in conjunction with a knowledge partner. Annual reports of publicly traded companies, particularly those filed under the Indian Companies Act of 2013, include analyses of the specific risks faced by the companies themselves, in addition to information about the broader economic risks. There has been an increase in the use of risk as measured by Ngram Viewer, a Google Books tool that calculates the probability of 'risk' being found within its collection.

mjar_17_01.PNG
Chart 1: Ngram indicating the growing usage of „risk‟ in English literature (source: https://books.google.com/ngrams/graph?content=risk&smoothing=5)

There is a pressing need for both theoretical and empirical research in order to better understand risks. Risk management practises vary from industry to industry. For example, the banking, financial services and insurance industries have well-defined practises for each type of risk. These practises have either developed over time as industry norms, or they have been established by the sector's governing body. A number of high-risk industries, including oil exploration, technology, and e-commerce, have developed their own proprietary risk assessment and measurement tools. A gut feeling and situation- specific practises are used in other industries to manage risk instead of formulaic risk management. Instead of relying on computational models, managers in these organisations frequently rely on qualitative judgments. Organizational risk management relies heavily on the contributions of executives and board members, as well as external auditors. Managers in any role in an organisation are expected to be aware of the risks and have plans in place to deal with them. The process of risk management merits a closer look in light of the organization's wide spread use of risk management. Managers could benefit from a better understanding of this process, based on experiences from a wide range of organisations and industries.

Conceptual Framework

A conceptual framework for this study was developed through interactions with risk management practitioners and their insights into the process of risk management. ERM's framework is broken down into three main components:

Enabling factors; ERM practises; and ERM's impact. The framework has been discussed in the literature, but there is still room to work on connecting the various components. The core of risk management is determining how to reduce the exposure to risk. When an organization's risk appetite is greater than its risk exposure, it can take on more risky projects.


Manag. J. Adv. Res. 2022;2(2)23
Dushyant G. Decision-Making Risk Management

In situations where the risk appetite is lower than the risk incidence, managers have the option of either accepting or transferring the risk. Traditional risk management or enterprise-wide risk management (ERM) can be used to accomplish both of these goals. ERM takes a portfolio view of all the risks that the organisation faces, as opposed to the siloed approach of traditional risk management. An ERM framework finalised in 2004 by the Committee of Sponsoring Organizations (COSO) views audit, legal, corporate governance, investor relations, Treasury, and finance as interdependent business functions. It provides a central repository for risk information, risk assessments, risk metrics, corporate development and strategic planning, risk reporting and a uniform approach to the organisation. In contrast to traditional risk management, ERM considers all risks, including hazard, financial, and strategic risks, in a coordinated manner.

Companies can take on more strategic business risk - and better take advantage of opportunities in their core business- by reducing non-core exposures, according to Nocco and Stulz (2006) in their concept paper. This means that the company can take strategic and business risks in its core areas because of the ability to find an economic hedge for non-core activities. By right sizing risks, you can reduce your need for additional funds in the event of a financial crisis, which means you'll need a greater amount of cash in reserve to deal with it. According to credit ratings, VaR or earnings volatility, the amount of buffer needed will vary depending on the target probability of default or financial distress. ERM gives businesses a leg up in the long run by allowing them to consistently measure and manage risk.

Duckert (2010), Utter (2006), Frigo (2011), KPMG (2001) and Nocco (2006) are examples of ERM implementation that are worth mentioning. Table 1 summarises these ERM implementation characteristics. On how these features are put into practise in Indian organisations, Gupta (2011) conducted research. Several studies have shown that ERM implementation is largely dependent on a number of organisational factors. Economic Risk Management (ERM) in insurance industry may be affected by factors such as financial leverage, firm size, and business complexity, according to McShane et al (2011). Standard and Poor's ERM rating is influenced by size of company, according to their findings. The level of organisational risk is studied by Palmer and Wiseman (1999) using variables such as size of organisation,

Table 1 : Essential aspects of ERM implementation

1Organization‟s risk appetite is well defined.
2Risk language: Risks have been identified, classified and measured.
3Risk mitigation is planned for significant risks if risk incidence is greater than risk
APPETITE.
4Risk appetite, risk language and risk mitigation plan have been communicated across the
organization. Special trainings have been conducted in this regard.
5A control structure is in place for ERM. Ultimate reporting happens to a board level
COMMITTEE.
6Chief Risk Officer has been appointed.
7Risk related certification has been obtained.

the generosity or munificence with which it spends its money, the managerial attitude toward the organisation, and other characteristics. According to FICCI's India Risk Survey 2015, companies from different sectors face different risks. Hyman (2006) emphasised the energy sector's unique set of risks, while Krishna Kumar (2004) focused on the dangers posed by infrastructure and the differences between sectors. There are seven stages to Ganguly et al. (2011) theory that service sector firms as well as the technology industry face disruptive innovation. It's clear that Shi (2007) is particularly concerned with the challenges of the service sector in general and BPO in particular, while Balaji (2013) focuses on telecom. Despite the fact that Venkatesha et al (2015) discussed supply chain risks in the retail sector, Bhattacharyya (2013) emphasised that the Fast Moving Consumer Goods sector is subject to business risks that are being mitigated through the use of ERM. There are well-established methods of internal audit, system of assessment, mitigation plans and delivery that companies use to maintain a healthy leverage ratio, forward contracts to keep indirect costs in check and standards such as the Occupational Health & Safety at Work Act (OHSAS). There has been some debate about whether or not ERM is industry-specific and whether or not it is dependent on a company's culture to work. As shown in Table 2, the factors that make ERM possible are listed, along with the ERM practises and any effects they may have. The following paragraph focuses on the effects of ERM, which are discussed in the last column. The company may be able to increase shareholder wealth if risk management practises are properly implemented. For 82 insurance companies, McShane et al (2011) found a positive correlation between ERM practises and firm value. Effective risk management and organisational performance have been linked by Indian managers according to Gupta (2011). Nocco (2006), Green 1969, Shi 2007 and Eccles (2007) have all hypothesised that risk management can have a positive impact on the stability of corporate earnings, efficiency of operations, and reputation.


Manag. J. Adv. Res. 2022;2(2)24
Dushyant G. Decision-Making Risk Management

Many other factors, such as employee confidence and operating margins are also discussed in the literature. The methods used to manage risk differ from one organisation to the next, as well as from one industry to the next. The majority of previous research has focused on the differences between sectors. Industry practises refer to management methods used in a particular industry that are remarkably similar from one company to the next. Industry-wide adoption of best practises is the result of lateral movement of skilled people and management professionals. One industry sector's management practises may be vastly different from another's. Because of the wide range of differences between industries, we can learn more about the underlying causes of those differences.

The study's research question is whether or not the previously discussed enabling factors apply to India. The purpose of this study is to determine whether or not there is a difference in risk management practises, and to speculate on possible explanatory factors. As a result, the following hypotheses have been developed.

DATA CHARACTERISTICS AND PERCENTAGE ANALYSIS

Risk management is influenced by factors such as the size of an organisation, its industry sector, the presence of management systems, and its leverage. In the current perceptual study, practitioners from various industries and echelonsinvestigate what motivates ground level risk management practises. Individual managers are therefore the focus of this research. The seniority and role of an individual manager are not dependent on the characteristics of the organisation.

Hypothesis 1's independent variables can be observed tacitly. On the other hand, good management practises require input from senior executives who are familiar with the organization's management practises. According to Hypothesis 2, a questionnaire was designed to collect data on five maturity variables and all seven aspects of ERM. A total of 59 questions were included in the survey, with 14 of those questions focusing on the demographics of respondents and their organisations. Open-ended questions were used to gather data on the qualitative aspects of risks faced by an organisation. 24 closed-ended questions and 8 open-ended questions were used in the questionnaire to measure the hypothesised variables in this study. A binomial scale or Likert scale was used depending on the practise that was being studied.

The maturity of management practises was measured using a Likert scale for all the variables except for internal audits. On a dichotomous scale, the variables assessing risk management practises were checked simply for the presence of such practises. This was done in light of the fact that risk management practises have only recently become popular in many organisations following the passing of the Companies Act of 2013, and managers may not have yet noticed their efficacy. Cronbach's Alpha values of 0.54, 0.85, and 0.89 were found in a scale reliability test. According to Peterson, the reliability coefficient of 0.5 to0.7 is acceptable for basic or preliminary research (1994). If any question was removed, there was no improvement in internal consistency.

The data for the study was gathered from 106 respondents who had business or professional relationships with the researchers. Senior executives from 36 companies with managerial positions ranging from Deputy Manager to Managing Director or Chief Executive Officer are the participants in this study.

Table 2: Age of the respondents

Age301-356-401-456-501-5555
Frequenc
Y		871583

Price fluctuations in raw materials and finished goods affect the agriculture-based industries sector. Another significant area of risk for the industry is a shift in government policy or regulations. As a result of the industry's high level of regulation, it is particularly vulnerable to the effects of monetary policy shifts and other changes. It's only natural to see technology and information security as major threats to the industry in the age of electronic transactions. One of the major risks in the fields of energy, manufacturing, and mining is safety.

Because of their large and unionised workforces, the energy and mining industries also experience industrial unrest. Other dangers that mining faces include those caused by Mother Nature, Fire, and Theft. Technology and Information Security are major threats to the service sector. Attrition is a major risk in every industry, but it's especially problematic in industries like agriculture, banking, and finance, as well as manufacturing and service industries. The first graph shows the average risk score, the number of responses, the mean rank, the mode rank, and the median rank. When computing the average risk score, which is shown exclusively in the following chart, the number of responses and the ranking given by each response are both taken into account.


Manag. J. Adv. Res. 2022;2(2)25
Dushyant G. Decision-Making Risk Management

An increase in the average risk score indicates that a particular risk is more important to the respondents. This is calculated by subtracting the risk rank from 12. Many experts agree that price fluctuations (in agriculture and manufacturing), technological advances (in the financial services sector, particularly in banking), as well as policy or regulation alterations (in utilities, financial services, and manufacturing) represent some of the greatest threats. According to the average risk score, 2-3 risks stand out strongly and the other risks are relatively less important in some sectors, such as agriculture or utilities; whereas it is difficult to identify the top risk from all possible risks in other sectors, such as oil and gas or banking and financial services.

Is there a variation in the way organisations manage risk when the dangers they face are different for each sector? Using 14 dichotomous questions and four open-ended questions, the presence of risk management practises was determined. To begin, we examine the sample's responses to questions about the use of risk management techniques. In terms of reporting, risk management policy, the appointment of a Chief Risk Officer (CRO), and risk identification, risk reporting is the most common practise. As evidenced by the low response rate, Indian industry has yet to adopt risk management practises such as delegation of risk-related authority, risk mitigation training, and risk budgeting.

As a result of these responses, we can conclude that the establishment of a risk reporting channel, the creation of an ERM policy, and the appointment of a CRO are among the first steps an enterprise takes when implementing ERM.

Table 3: Summary of ERM practices (all responses)

Sr. NoERM PracticeYesNo
1.Reporting risk events to top management in a format67.6%26.4%
2.Corporate Risk Management Policy62.3%32.1%
3.Chief Risk Officer appointed62.3%34.0%
4.Process for risk identification and classification62.1%32.5%
5.Risk mitigation plans prepared61.3%32.7%
6.Organization chart for ERM activities58.7%35.8%
7.Database (knowledge bank) of risk events56.9%35.0%
8.Risk register56.6%34.9%
9.Risk appetite is known to the respondent53.5%39.4%
† For these questions, apart from “Yes” and “No”, a third option “Not Sure” was given to the respondents, which was
chosen by 33% and 40% respondents respectively.  

Principal Components Analysis

In terms of Cronbach's Alpha, all 14 of the variables listed in Table 2 above measure the same underlying construct: ERM practises. A smaller number of variables should suffice to explain the underlying construct. The dataset was subjected to principal components extraction using SPSS 20 in order to identify the most critical variables. The Kaiser-Meyer-Olkin Measure results in a sample size of 0.853. These results are statistically significant because they pass the "sphericity" test. Varimax factor rotation was used to identify three most important components that account for more than 66% of variation in correlations.

Table 4: Principal Components of risk management practices

Component123
Suggested NameStructure for Risk
Management		Record keeping of
Risk Management		Activities of Risk
Management
Variance Explained30.6 %18.9 %15.7 %
Risk management policy.866
Organization chart for ERM.824
Chief Risk Officer appointment.788
Risk identification and classification.678
Risk measurement.626
Risk management plans.539.516
Risk owners.495.417
Risk register.474
Database of past risk events.853
Risk reporting to top management.795
Training on risk management plans.883

Structure for risk management, record keeping for risk management, and risk management activities are three components that can be identified based on the relative importance given to each of the various variables. Managers can better carry out risk management activities with the help of a pre-existing structure. Each of these elements received a score greater than 0.7, including a statement of corporate risk management policy, a risk-related activities organisation chart, and the appointment of a CRO. Records of Risk Management include reporting risks to top management, keeping a database of lessons learned, and, to a lesser extent, identifying and classifying risks and putting them in a risk register (the second component). In the third component of risk management, training on risk management plans, preparation of risk management plans, and theidentification of risk owners are all part of the activities of risk management. A positive weight for every variable means that it has a positive effect on the components.


Manag. J. Adv. Res. 2022;2(2)26
Dushyant G. Decision-Making Risk Management

There is a standard normal distribution for the components, with a mean of 0.0 and a standard deviation of 1.0.

FINDINGS AND INFERENCES FOR PRACTITIONERS

The practises of Indian managers in risk management can be better understood through the examination of primary data gathered from a diverse group. When it comes to COSO ERM, Indian organisations show a wide range of adoption, indicating that the journey for ERM adoption in Indian organisations is just getting started. A similar finding from Gupta (2011) found that only 6% of organisations had finished implementing ERM to its fullest extent. ERM policy formulation, appointment of a CRO, risk identification, and preparation of risk mitigation plans appear to be the most popular practises for risk management at this point in time.

Using principal components analysis on the gathered data, three orthogonal groups of risk management practises can be extracted. Structure for risk management, risk management records, and risk management activities are all part of risk management. A company's ERM practises can be gauged by these three components, with minimal data loss. Public sector organisations have a better risk management structure than private sector organisations, while private sector organisations excel in risk management activities. More sophisticated practises are evident in all three components of the service sector, particularly in Structure and Record keeping. There is no correlation between the size of an organisation and its risk management practises, as expected. Practiced managers can compare their risk management methods with those used in the service, public, and private sectors.

Risk management practises were found to be influenced by organisational maturity. To a lesser extent, corporate planning and review appear to influence risk management record keeping. A culture of competition and performance, as well as boldness, reducing uncertainty avoidance, and increasing the frequency of performance monitoring are all good ways to improve risk management record keeping. The presence of internal audits is likely to have an impact on Structure for Risk Management, among other things. Possibly, the findings of the internal audit prompt the top management to implement formal risk management, whose first step is to establish a framework for doing so.

The structure is only marginally affected by the presence of MIS and ERP.Finally, TQM and Six Sigma, as well as MIS and ERP, have an impact on risk management activities. From this, one can deduce that these two dimensions of organisational maturity provide a platform for the execution of ground-level activities, such as risk mitigation plans, risk owners identification and risk mitigation plans training. A quality management system didn't appear to enable or inhibit risk management practises.

Conclusion

Many ERM practises differ between industries and between organisations of varying maturity, based on the responses of 106 senior executives from 36 companies. When compared to private sector organisations, public sector organisations have a clearly defined risk management structure. When it comes to risk management, service sector organisations are more methodical than those in the non-service sector. Prima facie, the ERM practises used are unaffected by the size of the organisation as measured by market capital.

References

1. Venkatesha, V.G., Snehal Rathib, & Sriyans Patwab. (2015). Analysis on supply chain risks in Indian apparel retail chains and proposal of risk prioritization model using Interpretive structural modeling. Journal of Retailing and Consumer Services, 26, 153–167.
2. Shi, (2007). Today‟s solution and tomorrow‟s problem: The business process outsourcing risk management puzzle. California Management Review, 49(3), 27-44.
3. Palmer, T. B. and Wiseman, & R. M. (1999), Decoupling risk taking from income stream uncertainty: A holistic model of risk. Strategic Management Journal, 20, 1037-1062.
4. Peterson R. A. (1994). A meta-analysis of cronbach's coefficient alpha. Journal of Consumer Research, 21(2), 381- 391.


Manag. J. Adv. Res. 2022;2(2)27