Determinants of Enterprise Risk Management (ERM): A Proposed Framework for Malaysian Public Listed Companies

Enterprise Risk Management (ERM) has become an important subject of increasing interest among businesses and industries throughout the world. Along the same note, ERM is considered a critical management practice for companies to mitigate risks effectively. The main objective of this paper is to propose a conceptual framework for determinants of companies in Malaysia that implement ERM. From the review of various literatures available in this particular area of interest, several factors are found to be the main determinants of companies that implement ERM. Such factors are the presence of chief risk officer, leverage, profitability, international diversification, majority shareholder, size and turnover.


Introduction
Many companies in Asian countries suffered immensely during the financial crisis in 1997. The crisis resulted in currency devaluation throughout the region (Yazid, 2001). As a result, many companies involved in international trade and businesses were greatly impacted and subsequently suffered huge foreign exchange losses. One example in Malaysia was Tenaga Nasional Bhd (TNB), the main energy provider in Malaysia which actually suffered a staggering loss of RM2.47 billion. Another company, Telekom Malaysia ™, a telecommunications provider experienced translation losses of RM158 billion (Yazid, 2001).
The collapse of Enron in 2001 shocked many investors, professionals and even academicians. It is believed that the manipulation of financial derivatives and the use of creative accounting were the prime causes of loss. In addition, the total lack of management controls vis a vis risk management and internal controls resulted in the eventual collapse of Enron.
In short, these companies were found to have suffered huge financial losses due to an apparent lack of proper risk management mechanisms (IMF Report, 1998). Before the financial crisis, companies in Malaysia appeared complacent in managing risks. Much of the related literature suggests that financial risks could be reduced if companies properly managed their risks. In this context, the role of risk management or more specifically ERM could be used to effectively reduce or minimize a companies' operational risks (Yazid and Muda, 2005;Manab et al 2007).
Nevertheless, the main aim of this particular paper is to come up with a conceptual framework for determinants of companies that implement ERM. Based on this primary objective, this paper attempts to answer a specific research question which is what the determining factors are for companies that implement ERM.
The paper is structured as follows: First, a brief summary on the concept of ERM. Second, the thorough review of literature on determinants of ERM and hypothesis development. Third, the proposed framework is developed and finally the conclusion.

Enterprise Risk Management
ERM is clearly different from Traditional Risk Management (TRM). With respect to TRM, risks are being treated and managed in 'silos' whereas ERM integrates or aggregates all types of risks faced by the companies concerned. For instance, Lam (2000) defined ERM as "an integrated framework for managing credit risk, market risk, operational risk, economic capital, and risk transfer in order to maximize firm value" while Makomaski (2008) suggested that ERM is "a decision-making discipline that addresses variation in company goals." On the other hand, Alviunessen and Jankensgard (2009) argued that ERM is actually concerned with a holistic, company-wide approach in managing risks, and importantly, have centralized all the information obtained in accordance to their potential risk exposures. Both of them put forward the term "Risk Universe" which suggests the risks that might have an impact on the future cash flow, profitability and continued existence of a company. In other words, risk universe includes all risks that could affect a company. If risk universe can be identified, the next step is to take appropriate action such as risk mapping process, access the likelihood and impact, and curb the risk based on the organizations' objectives.
Therefore, based on the previous definitions, there are two (2) key points that need to be highlighted. First, is the main role of ERM itself which essentially integrates and coordinates all types of risk across the entire company. It simply means that risks cannot be managed in a 'silo' or 'stovepipe' approach (Beasley & Frigo, 2007). Importantly, all the potential risk exposures faced by a company must be treated and managed in an enterprise-wide approach. Second, with the adoption and application of ERM, companies could possibly identify all the potential incidents that may directly or indirectly affect the company and ultimately know very well their risk-appetite. If the risk-appetite is specifically known, any decision made by the company to curb risks may be in parallel with the firm's objective (Walker, Shenkir and Barton, 2006).

Determinants of ERM Implementation
Based on the previous literature, this study identifies seven (7) variables that are closely related to ERM. They include the following: Chief Risk Officer (CRO), leverage, profitability, international diversification, institutional ownership, size, and turnover. All variables are explained as below: Lam (2000) postulated that ERM should consist of seven (7) components which include corporate governance, line management, portfolio management, risk transfer, risk analytics, data and technology resources and stakeholder management. Lam also introduced a new risk officer role entitled "Chief Risk Officer" (CRO) who is responsible for developing an integrated approach in managing risks. Furthermore, Lam (2000) suggested that the roles of CRO are as follows: 

Chief Risk Officer
To establish an integrated risk management framework for all aspects of risk across the organization.  To develop the risk management policies which include the quantification of management risk appetite through specific risk limits.  To implement a set of risk metrics and reports, including losses and incidents, key risk exposures and early warning indicators.  To allocate the economic capital to business activities based on risk while at the same time optimizing the company's risk portfolio through business activities and risk-transfer strategies.  To improve the company's risk management readiness through communication and training programs, risk-based performance measurement and incentives, and other change management programs.  To develop the analytical, systems and data-management capabilities to support the entire risk management program implemented.
In addition, companies need to have the right tools and framework for the successful implementation of ERM. One of these tools is to appoint a CRO. As suggested by Lee (2000), the roles of CRO include the following:  To create a risk-aware and risk-consciousness culture on the whole.  To develop a "Centre of Excellence for Risk Management Expertise" for the main purpose of managing risks, which are staffed by highly competent and highly valued individual risk managers.  To create an efficient approach for financing risks.  To communicate with all stakeholders concerned and be an advisor to other executives and managers. Lam and Kawamoto (1997) suggested that the CRO plays a major role in determining the ERM program. They strongly suggested that companies should consider appointing the CRO to manage all the potential risks such as business risk, operational risk, credit risk, market risk and organizational risk. In this respect, the CRO usually works together with his or her supporting team, namely the Risk Management Committee (RMC). Liebenberg and Hoyt (2003) argued that if companies fail to hire a CRO, it does not mean the companies do not practice ERM. Other parties such as the chief financial officer or chief executive officer could be the 'de facto' position of the CRO just mentioned. However, in their study, the CRO is one of the factors that encourage the companies to engage themselves in ERM. This is further supported by Kleffner, Lee, McGannon (2003) and Yazid et.al (2011) who show the existence of a CRO influences eventual ERM implementation. In addition, from a study conducted by Beasley, Clune and Hermanson (2005) which focused on the factors associated with companies implementing ERM, they found that the appointment of a CRO had a significant impact on companies to implement ERM. Hence, this study hypothesises that, H1: There is a positive relationship between the appointment of CRO and ERM implementation

Leverage
In respect to finance, leverage refers to borrowing, and it reflects on the capital structure of a company (Keown, Martin & Petty, 2010). A company might use 60 percent of bonds and 40 percent of stocks as a basis of capital structure or any other ratio. When a company uses leverage, it has to borrow from other institutions to finance the purchase of assets or operations. Leverage can also be created from other equally important financial instruments namely, options and futures.
Leverage is acceptable and useful for the purpose of a company's future growth. However, the company could bear financial distress and risk of bankruptcy if too much borrowing activity occurs. Higher leverage means that the company could face a higher chance of suffering from financial distress. The situation could become worse during a period of economic downturn. Therefore, a company with leverage has to manage the risk of going bankrupt or continue to be in a state of financial difficulty. In other words, the use of leverage would encourage companies to engage in ERM.
A study by Pagach and Warr (2007) revealed four (4) main characteristics of companies that implement ERM. One of the characteristics is leverage and it shows that companies with higher leverage would be more involved in ERM. In addition, Liebenberg and Hoyt (2003) showed that a company with high leverage is more likely to appoint a CRO and the eventual appointment of the CRO means that the company itself would be directly involved in ERM. Hence, this study hypothesises that, H2: There is a positive relationship between leverage and ERM implementation

Profitability
One of the main objectives for any company is to enhance the overall shareholders' value. This can only be done if the company generates more profit for each financial year. Without gaining profit, a business could not survive in the long term. A company could not expand its business, or improve the quality of its products through research and development. Therefore, this scenario would have a direct effect on the shareholders' return.
It must be emphasized that profitability measures are important to companies because such measures provide the clear indication of the companies' ability to generate income and positive returns to company shareholders. When a company shows a good return, instead of distributing to shareholders, the company could enhance the existing operations whilst at the same time becoming involved in research and development, as well as adopting the ERM program.
Essentially, a company requires adequate resources in order to successfully implement ERM. Resources refer to staff and more importantly, the required funding to finance all the ERM activities. Thus, a mandate from the Board of Directors or Chief Executive Officer is extremely important to ensure the successful implementation of ERM (Decker and Galer, 2010). These arguments suggest that companies with more profits are more likely to be involved in ERM. This was shown by Liebenberg and Hoyt (2003) who suggested that one of the determinants for company involvement in ERM is profitability. Hence, this study hypothesises that, H3: There is a positive relationship between profitability and ERM implementation

International Diversification
As argued by Lam (2003), diversification is "the concept of lowering the total risk of an enterprise by spreading risk among many distinct projects: the total risk produced by a collection of diverse risk is less than the sum of those risks considered in isolation." The purpose of international diversification is to reduce risks such as economic risks or political risks which could be associated with investments in a single country. A company is said to be diversifying internationally if it varies business operations among several countries. Importantly, internationally diversified companies reduce unsystematic risks by varying the types of return. For instance, for a company that is involved in several countries, they will benefit when the home currency appreciates. However, this also involves risks. For example, when a foreign government's policy changes. This implies that if a company diversifies into five (5) countries, it has to face at least five (5) unexpected risks relating to government policies.
A company that is internationally diversified could face different risks from various countries, this will increase the chance for companies to bear huge risks. In this respect, Yazid (2001) argued that highly diversified companies are more likely to be involved in ERM.
A company which has diversified its business in other countries needs to get accurate information from his or her representatives from the different parts of the world in order to analyse and mitigate risks. These problems are ineffective when mitigated in a 'silo'. All risk exposures can be mitigated systematically using the ERM integrated approach. For this particular reason, Liebenberg (2006, 2008) suggested that companies which are internationally diversified are positively related to ERM. Hence, this study hypothesises that, H4: There is a positive relationship between international diversification and ERM implementation

Majority Shareholder
According to Thomsen and Pedersen (2000), ownership has at least two (2) dimensions. First, is the identity and concentration of ownership and secondly, the legal status of the contract which regulates the ownership. They postulated that shared ownership is divided into two (2) categories namely, the minority ownership (which is less than 50 percent) and majority ownership (which is more than 50 percent).
In addition, dispersed ownership is the same as minority ownership where the largest owner holds less than 20 percent of the total shares. Government ownership is defined as a local or national government owned-majority shares in a company (Pedersen and Thomsen, 1997).
It must therefore be mentioned that majority shareholders could also influence the company's decisions. In this context, the decision to implement ERM as an integrated approach could also come directly from a company's board of directors. The standard for risk management best practices requires that the decision to implement ERM come from the top management itself (Yazid, Hussin, Razali, 2009).
In this regard, Pagach and Warr (2007) suggested that firms with greater institutional ownership may have greater pressure to install related control that is associated with ERM. For example, the management of a company could establish the ERM program smoothly if they have at least 51 percent of various shareholders who support the establishment of such a program. Furthermore, Desender and Lafuente (2009) put forward that having the presence of at least one large shareholder is perhaps one way to improve the overall quality of risk management. Hence, this study hypothesises that, H5: There is a positive relationship between majority shareholders and ERM implementation

Size
The size of a company is normally reflected in it assets. Assets represent the economic resources for companies. Assets can be divided into two (2) categories namely, tangible (such as buildings, inventories and equipment) and intangible (such as copyrights, franchises and trademarks). Companies need to ensure that all assets could be managed effectively because assets are extremely useful in supporting related activities that could possibly provide overall benefits to both the companies concerned and their shareholders; either over short-term or long-term periods.
For instance, to support the ERM program, a company might use software such as SAS or CITICUS. The software is useful for the purpose of measuring and effectively managing risks for the company on the whole. To buy this software would definitely require great cost and therefore, only large companies have enough resources to do so contributing to the effective implementation of ERM.
In a study by Beasley, Clune and Hermanson (2005) which focused on the factors associated with the implementation of ERM, it was found that company size is one of the contributing factors. On the same note, Yazid (2008) showed that larger multinationals were more likely to be involved in risk management. Furthermore, Hoyt and Liebenberg (2006) revealed that size is one of the key factors that determine the company's involvement in ERM. The importance of having enough assets to support an ERM program was also stressed in studies conducted by Pagach and Warr (2007) and Yazid et.al (2008). In addition, most of the studies provide evidence that larger companies are more likely to engage themselves in ERM activities. Hence, this study hypothesises that, H6: There is a positive relationship between size and ERM implementation

Turnover
In terms of finance, turnover is a ratio to show how often an asset is replaced which indicates the business activities. Keown et.al, (2008) referred turnover as annual sales. For companies, turnover is the amount of business it conducts within a cycle period. In most common practices, it can be derived from the firm's accounts receivable and the firm's inventory turnover. High turnover (referring to inventory turnover) translates into the companies having good business and good management as well.
A study by Benston (2006) suggested that generating sales is a key factor for companies to succeed in business. If companies are able to generate more sales, the companies could expand their business operations, hire more staff, buy additional software and equipment, and also support more programs including ERM. Therefore, it can be suggested that annual turnover is one of the key factors for companies to be involved in ERM programs (Kleffner, Lee and McGannon 2003;Yazid, 2001). This is because companies with a higher turnover would have enough funds to support the ERM program. Thus, companies with high turnover have more tendencies to practice ERM. Hence, this study hypothesises that, H7: There is a positive relationship between turnover and ERM implementation

Proposed Framework
Based on the pertinent literature discussed earlier, a conceptual framework for the determinant of ERM has been developed (see Figure 1.). This study suggests that several factors such as the appointment of a CRO, leverage, international diversification, majority shareholders, size and turnover are considered important factors that motivate companies to engage in ERM. The proposed framework for this study is presented in Figure 1.
(Insert Figure 1. here) From the above, the condition of ERM practices among public listed companies suggests that: There are positive relationships between variables such as CRO, leverage, profitability, international diversification, majority shareholder, size and turnover with ERM engagement.
Hence, this conceptual paper seeks to test the proposed framework of ERM practices in the context of Malaysian public listed companies. It is worthwhile to conduct an empirical study to examine whether companies that practice ERM are actually influenced by the factors as discussed in the proposed framework.

Conclusion
Much of the literature suggests that ERM contributes to the overall value of a company/organization. This in turn, illustrates the importance of ERM to businesses and industries worldwide. From the thorough review of related literature in this particular area of interest, there are seven (7) factors that could possibly influence any company/organization to eventually implement ERM. The factors include the appointment of a CRO, leverage, profitability, international diversification, majority shareholders, size and turnover. Further study is therefore needed to examine whether all of these factors contribute significantly to ERM implementation within the company/organization concerned.