RECOMMENDATIONS - The effectiveness of risk management practices of small, medium and micro ent

The weaknesses (taken from paragraph 5.3.3 of Chapter Five) identified by this research are summarised below in order to ascertain the solutions to the research problem:

 A risk management plan exists; however, the majority of respondents who were owners of the microfinance SMMEs (owner-managed) indicated that a risk management plan does not exist in their business.

 A risk management framework is not developed or adopted.  A risk strategy is not developed and implemented.

 Risk management process is regularly monitored, reported and kept up to date in microfinance SMMEs that employ independent managers while in owner-managed is not.

5.4.1 Recommendation on a risk management plan

This research concludes that most of microfinance SMMEs that do not employ managers (owner-managed) do not have a risk plan. Therefore, these lenders are recommended to prepare and document a risk plan that contains the risk identification process, risk quantification process and the risk response strategy. Figure 5.1 can serve as a guideline for developing a risk management plan.

85 Operational objectives Risk management Risk identification Risk quantification Risk response Action planning Control activities

Figure 5.1: A guideline for developing a risk management plan.

Operational objectives: The business objectives and the risk management should be aligned to the business’s vision and mission, and formulated by the management

Risk identification: Management should identify internal and external events resulting from the business actions and decisions that have a potential impact on the achievement of the business’s objectives, and the execution of the strategies. In this regard, microfinance SMMEs can gather information from a potential borrower like sources of income, any legal action taken against the client before and the need for that loan. Such information may help to identify risk that may be imposed to the business by serving certain clients. The techniques that can be used to gather information for identifying risks may include having an interview with the borrower, sending a questionnaire to the borrower and gathering information about the borrower through credit bureau.

Risk quantification: This involves determining the potential impact of the risk factors. Thus, identified risks should be ranked according to their impact on the business in order to determine risks that can be discarded and the risks that require management attention.

Figure 2.3 in Chapter Two under paragraph 2.9.3 shows an example of a risk assessment matrix that can be used to quantify risks.

Risk response: Based on the risk quantification process, events should be prioritised along with the determination of risk responses such as risk elimination, risk mitigation, risk transfer or risk acceptance.

Action planning: Action plans must be formulated and implemented in line with each risk response. Responsibility must also be enforced through the appointment of risk owners.

Control activities: Control actions must be developed and implemented for the sound functioning of risk management. Such controls may include segregation of duties, setting limits on cash signature requirements and physical controls.

5.4.2 Recommendation on a risk management framework

Miccolis et al., 2001:xxviii express the view that ERM can serve as a useful management tool regardless of the business type though in small businesses it might be less structured. As such, the researcher recommends microfinance SMMEs leaders to adopt widely recognised frameworks like the COSO ERM. This framework was explained in detail in paragraph 2.10.1 of Chapter Two. Since most of the microfinance SMMEs leaders lack managerial skills and knowledge, the researcher further recommends them to employ the services of external experts when implementing such risk management frameworks.

5.4.3 Recommendation on development and implementation of a risk strategy

Microfinance SMMEs are recommended to formally articulate a strategy to manage risks i.e. to prevent the risk from occurring or minimise the effect should the risk occurs. In other words, the risk strategy answers the question that “how will identified risks be treated”. Principle management strategies addressing risks may include acceptance, avoidance, mitigation and transfer. The strategy chosen has to be economical, suitable and feasible. The risk strategy should cover the following:

 A plan of action to improve the business’s risk management process.  Commitment to prevention of fraud and corruption.

 Users’ guidelines.

5.4.4 Recommendation on risk management process to be regularly monitored reported and kept up to date

This research noted that a majority of microfinance SMMEs that do not employ managers (owner-managed) do not regularly monitor, report and keep up to date the risk management process. Therefore, these entities are recommended to frequently check the risk management plan to see if it is achieving intended results that is ensuring effective risk management. This may involve testing and evaluating risk management policies and procedures through internal audits. The internal audit activity should evaluate operations and helps assess whether procedures and controls are effective in mitigating risk. The audit findings may make recommendations on how to reinforce effective risk management. This allows necessary adjustments to be made to operational workflows, policies and procedures to reduce the potential for risks.

In document The effectiveness of risk management practices of small, medium and micro enterprises (SMMEs) which provide microfinance in the Cape Metropole, South Africa (Page 99-102)