Juan-Pierré BRUWER Luyolo SIWANGAZA

Is the Control Environment a Basis for Customised Risk Management Initiatives in South African Small, Medium and Micro Enterprises?

Before the official recognition of Small, Medium and Micro Enterprises (SMMEs) in South Africa during the mid-1990s, these business entities have been key players in the stimulation of the national economy. Albeit their socio-economic value added, prior research shows that the sustainability of these business are among the worst in the world, since approximately 70% of South African SMMEs fail within their first three years of existence. This dispensation is often blamed on inter alia, their inadequate management of economic factors which, in turn, cultivates risks. Notwithstanding the fact that most South African SMMEs make use of customised risk management initiatives, previous research shows that these initiatives are not deemed as adequate and/or effective to mitigate risks. Since the manner in which risks are managed are strongly dependent on the attitude and awareness of its management surrounding internal control (control environment), this study focused on investigating whether the control environment was used as foundation to implement their customised risk management initiatives. Empirical research was conducted whereby primary quantitative data were collected from respondents through the deployment of a questionnaire, through means of non-probability sampling methods. The results showed that though the control environments of South African SMMEs were regarded as good, they were not used as foundation by South African SMMEs to implement their customised risk management initiatives.
Keywords
JEL Classification M42
Full Article

1. Introduction

Small, Medium and Micro Enterprises (SMMEs) were in operation in South Africa prior to the mid-1990s (Visagie, 1997), these business entities were only formally recognised by the national government, for the first time, through the publication of the Small Business Act No. 102 of 1996. In this Act, SMMEs (In South Africa, a SMME is generally classified in terms of its revenue, number of full-time employees employed and net-asset value, per industry) are defined as separate and distinct business entities (In South Africa, a SMME does not have to be formally registered in order to be regarded as a separate and distinct business entity.), together with its branches and/or subsidiaries that are owned and/or managed by one owner or more; situated in any sector and/or sub-sector of the national economy (South Africa, 1996).

Since the implementation of the latter Act, South African SMMEs have received a lot of attention from national government and have been dubbed as major economic drivers (Berry et al., 2002; Amra et al., 2013) as they play an important role in the fortification of the South African economy against economic stagnation (Fatoki and Odeyemi, 2010). The latter is specifically the case since these business entities are largely responsible for attaining three core socio-economic objectives, namely the: 1) the stimulation of the national economy, 2) the reduction of the unemployment rate, and 3) alleviating of poverty (Mabesele, 2009; Bruwer, 2010). The socio-economic value which South African SMMEs add to the national economy is substantiated by various research studies (Booyens, 2011; Swart, 2011; Ngary et al. 2014) where it was found that they are responsible for employing between 80% and 90% of the national workforce, while contributing between 30% and 50% to the Gross Domestic Product (GDP). As at 2013, the estimated GDP of South Africa was estimated at US$ 353.9 billion, while the national workforce size was estimated at 18.5 million citizens (Indexmundi, 2015). Hence, the analogy can be drawn that during the 2013 fiscal year, South African SMMEs were responsible for contributing at least US$ 106.2 billion towards the South African economy, while simultaneously providing employment opportunities to at least 14.8 million South African citizens.

Albeit the aforementioned, these business entities are believed to have one of the worst sustainability rates in the world (Fatoki, 2014; Wiese, 2014). This view is supported by Fatoki and Odeyemi (2010) who express the view that during the early-2010s, between 70% and 80% of South African SMMEs are believed to fail after being in operation for only three years. Moreover, Moloi (2013) and PCW (2015) share the view that South African SMME sustainability has not improved to a great extent since the early-2010s as, in more recent times, approximately 75% of South African SMMEs have to close their doors after being in operation for less than four years.

Previous research studies (Bruwer 2010; Siwangaza 2014; Kemp et al. 2015; Prinsloo et al. 2015; Ngubane et al. 2015; Hendricks et al. 2015) show that the weak South African SMME sustainability is adversely influenced by not appropriately managing economic factors; examples of these factors include, inter alia crime, extensive red-tape, high interest rates, high inflation rates, market uncertainties, limited access to financing, and skills shortages. Although economic factors are inevitable, they need to be managed appropriately in order to mitigate potential risks which, in turn, may adversely influence on the overall sustainability of a business (Reding et al. 2013). One manner in which economic factors (along with their risks) can be properly managed is through the implementation of a sound system of internal control (Bruwer et al., 2013; Siwangaza et al. 2014).

A system of internal control can be described as a formal process which is implemented by management in order to establish sound internal control, with the main intent to provide reasonable assurance surrounding the attainment of business objectives in the foreseeable future (COSO 2004; Reding et al. 2013; Bruwer and Coetzee 2016). Such a system comprises five elements, of which risk management and control environment are part of. In quintessence, the control environment serves as the foundation of any system of internal control (COSO 2013), and is regarded as the overall attitude of management regarding the internal control in their respective business entities (McNally, 2013). In a South African SMME dispensation, previous studies (Siwangaza, 2014; Bruwer, 2016) found that the internal control systems deployed by these business entities do not provide reasonable assurance surrounding the attainment of relevant business objectives, particularly since they are inadequate and/or ineffective in relation to the mitigation of risks. Hence, taking the above into account, it is highly probable that South African SMMEs may not have a sound control environment (as foundation) on which their customised risk management initiatives are built. Thus, for this study, using the aforementioned as basis, the main research objective was to empirically investigate whether the control environment of South African SMMEs was used as foundation for their implemented risk management initiatives.

For the remainder of this paper, discussion takes place under the following headings: 1) literature review, 2) research design, methodology and methods, 3) results and discussion, and 4) conclusion.

2. Literature Review

Under this section, relevant discussion is provided to place the main research objective in better theoretical perspective. The remainder of this section is expanded on under the following sub headings: 1) a brief overview of the South African economic landscape, 2) risk and risk management, 3) control environment.

2.1.A Brief Overview of the South African Economic Landscape

Notwithstanding the fact that economic factors have an adverse influence on the sustainability of South African SMMEs, these factors are further impacted by the economic landscape of the country. In layperson’s terms, the economic landscape of a country is a term used to describe the overall form and/or state of a particular country (Guilhoto et al. 2002). Although the economic landscape can be analysed in great depth through many economic indicators, only four economic indicators were used to provide a brief overview of the South African economic landscape:

- Nominal GDP: It is the market value of all the different kinds of products and services produced within a particular country over a specific period of time, specifically 12 months (Mankiw 2009). In a general sense the GDP is a measure of the economic ‘well-being’ of a country.

- Unemployment rate: This economic indicator depicts the percentage of the national workforce that is both willing and able to work, but who is without work and/or seeking work (Manyerere 2016).

- Population size: This is the estimated size of the country’s human inhabitants. In South Africa, the population size is determined through means of a comprehensive survey, called census (Statistics SA 2011).

- Inflation rate: A term that is usually expressed in percentage terms, which depicts the cost of living by measuring the price stability of goods and services (Ali et al. 2015).

In Table 1, relevant statistics are shown in relation to the aforementioned economic indicators for the 2014 and 2015 fiscal years, respectively.

Table 1. The economic indicators of the South African economic landscape

Economic indicators 2014 2015
Nominal GDP US$ 350.6 billion US$ 323.8 billion
Unemployment rate 25.5% 26.4%
Population size 54 million 54.4 million
Inflation rate 6.21% 4.5%

Sources: Trading Economics 2015; Statistics SA 2016

Stemming from the statistics in Table 1, the following three interpretations can be made: 1) it becomes apparent that the 2015 nominal GDP declined by 7.64% (US$ 26.8 billion) when compared to that of 2014. This decline may be interpreted in the sense that less South African citizens contributed to the stimulation of the national economy as a result of either increased unemployment, or decreased productivity, 2) the unemployment percentage increased by 0.9% from 2014 to 2015. Although this increase appears to be marginal, when it is viewed in relation to the estimated population size, which increased by 400 000 people from 2014 to 2015, clear tangent planes start to emerge that the number of unemployed South Africans increased to a great extent. This phenomenon justifies the previous inference made pertaining to the decline in the nominal GDP from 2014 to 2015, and 3) as the inflation rate was positive for both 2014 and 2015, evidence is provided that inflation increased year on year – meaning that the cost of living increased from one year to the next.

In core, stemming from the interpretations above, it appears that South Africa has a very exacting economic landscape. This is especially the case when taking into account that business entities, including SMMEs, need to operate in this economic environment in order to add socio-economic value to the South African economy. Hence it is of no surprise that the South African economic landscape has been described as a type of breeding ground for risks to realise in (Bruwer et al 2013).

2.2.Risks and Risk Management

In a global dispensation, business entities are confronted with a variety of risks that mostly threaten their attainment of their relevant objectives (Johnson and Johnson 2013; Coetzee et al. 2014). In layperson’s terms, a risk is an event that may or may not possibly occur; which may or may not influence the attainment of a business’ objectives in the foreseeable future, which can be positive or negative (COSO 2004). Even though most risks are inherent in nature (namely, those risks which are naturally part of a phenomenon or a circumstance) (Verbano and Venturini 2013) previous research studies (IIA 2012; Reding et al. 2013) show that risks, regardless of their nature, have unique influences on every business entity. The risks which business entities face can be categorised into four groups (Boubala 2010; Masama et al. 2012; Smit 2012; Deloitte and Touche 2012; Deloitte 2015; Coetzee et al. 2015), namely: 1) strategic risks (risks which impact on the vision and mission of a business), 2) operational risks (risks which impact on the operational tasks of a business), 3) reporting risks (risks which impact on financial and non-financial reporting tasks in a business), and 4) compliance risks (risks which impacts on the conformity to relevant rules, policies and regulations). When taking into account the girth of risks, justification is provided as to why risks need to be managed appropriately.

The management of risks (also known as risk management, which is encapsulated within a s system of internal control) is a structured and continuous process which is focused on the mitigation of all potential negative influences of risks (identification, assessment and treatment), across all levels of a business, as undertaken by management, with the main intent to provide reasonable assurance surrounding the attainment of relevant business objectives (COSO 2004; Jayathilake 2012; Reding et al. 2013; Sunjka and Emwanu 2015; Bruwer, 2016). The manner in which risks are managed depends largely on their likelihood of realising and the potential impact (IOD 2009) as risks can be avoided (high likelihood of realising and high impact), transferred (low likelihood of realising and high impact), reduced (high likelihood of realising and low impact), or tolerated (low likelihood of realising and low impact). Based on the COSO’s Enterprise Risk Management (ERM) Framework (see Figure 1), which is considered to be one of the most comprehensive risk management frameworks in the world (Institute of Management Accountants, 2014; Protiviti 2016), the function of “risk management” is built on the elements of “internal environment” (the overall attitude of management surrounding internal control) and “objective setting” (the actual objectives that are set by a business that should be achieved in the foreseeable future), and comprises of three legs, namely:1) event identification, 2) risk assessment, and 3) risk response (COSO 2004; Scannell et al. 2013; Reding et al. 2013; Almgren 2014; Coetzee et al. 2014; Coetzee et al. 2015). These three legs are expanded on below.

Figure 1. The COSO’s ERM Framework

Source: COSO (2004)

- Event identification: Pragmatically, risks can only be managed once they have been identified. Hence, risks need to be identified by taking into account both internal risk factors (risks inside a business which may stem from people, technology and/or the environment) and external risk factors (risks outside a business which may stem from the economy, nature and/or the political environment).

- Risk assessment: Once risks have been identified, they should be assessed both in terms of their potential likelihood of realising (frequency) and their potential impact should they realise.

- Risk responses: The outcome of the risk assessment will culminate into a selection of appropriate risk responses. Depending on the likelihood and impact of risks, they will be terminated, transferred, mitigated or tolerated.

Albeit the fact that the COSO’s ERM framework is comprehensive in its coverage as to how risks should be managed, research conducted by Smit and Watkins (2012) show that South African SMMEs are mainly concerned about managing selected risks, which include: fire hazards, safety hazards, security hazards, health hazards and quality hazards. In addition, based on previous research studies (Smit, 2012; Bruwer et al., 2013), it was found that management of South African SMMEs are largely ignorant about the actual risks which their business entities face on a daily basis as they prefer to make use of customised risk management initiatives (internal control activities). As risk management is built on the control environment of a business entity (see Figure 1), clear tangent planes emerge that since South African SMMEs operate in an exacting economic environment, while having difficulty to manage economic factors, along with risks, it may be the case that South African SMMEs have ill-developed control environments. This inference is greatly supported by Bruwer and Coetzee (2016) who found that the managerial conduct in South African SMMEs was flexible - the managerial conduct of management is synonymous with the control environment of a business (McNally, 2013).

2.3.Control Environment

As previously mentioned, the control environment is the foundation upon which any internal control system, including all risk management initiatives, is built (COSO 2004; COSO 2013). Based on previous research studies and policy documents (COSO 2004; COSO 2013; Reding et al. 2013; Siwangaza 2014; Coetzee et al. 2014; Bruwer and Van Den Berg 2015; Bruwer and Coetzee 2016) the control environment comprises five aspects, namely: 1) the philosophy and operating style of management, 2) the commitment of management towards integrity, ethical values, competency, responsibility and accountability, 3) the assignment of authority taking into account job levels and responsibilities, 4) the establishment of hierarchal structures and communication methods, and 5) the establishment of human capital policies and procedures.

The importance of a sound control environment is placed in perspective by previous research studies (IIA 2011; Jiang and Li 2010; Oseifuah and Gyeke, 2013) which found that business failures are strongly associated with ill-developed control environments. As such, it is of no surprise that the control environment is analogous to a keystone in an arch bridge; without this keystone, the arch bridge will simply cease to exist (IIA, 2011). Using this analogy as basis, it becomes apparent that the control environment will influence the overall functioning and effectiveness of any system of internal control – it sets the tone at the top; forms the basis of corporate governance (Jackson and Stent 2007; Jiang and Li 2010; IIA 2011; Oseifuah and Gyeke 2013; Reding et al. 2013). Corporate governance pertains to the balancing of interests of all stakeholders in a business in order to help achieve the objectives of a business entity. Notwithstanding the aforementioned, based on a research study conducted by Bruwer and Van Den Berg (2015), evidence was provided that the control environments of South African SMMEs were poor, which did not provide the relevant support to their risk management initiatives.

3. Research Design, Research Methodology and Research Methods

This research study was empirical in nature and constituted survey research. Moreover, this research study was quantitative in nature, falling within the positivistic research paradigm, which entailed the collection of primary data from respondents through means of questionnaires. The questionnaire comprised two multiple choice questions, three ratio questions, and 53 five-point Likert scale questions. The targeted population for this research study was South African SMME management and since the size of the population was unknown, non-probability sampling methods were deployed, particularly that of purposive sampling. A total of 50 respondents were approached and only 30 respondents responded positively. All approached respondents had to adhere to the following delineation criteria:

- Each respondent had to own/manage only one SMME

- Each respondent had to have a least 6 months’ managerial experience

- Each respondent had to be South African

- Each respondent had to be actively involved in their SMME

- The SMME of each respondent had to be classified as either a ‘micro enterprise’, ‘very small enterprise’, ‘small enterprise’ or ‘medium enterprise’ as per the National Small Business Act No. 102 of 1996.

- The SMME of each respondent had to employ between 1 and 50 employees.

- The SMME of each respondent had to be based in the retail industry.

- The SMME of each respondent had to be regarded as a sole trader.

- The SMME of each respondent had to be regarded as an informal trader (not formally registered).

- The SMME of each respondent had to be regarded as a non-franchised business entity.

- The SMME of each respondent had to physically operate from the Cape Town Central Business District, within the perimeter of Bree street, Strand street, Adderley street and Wale Street (see Figure 2)

- The SMME of each respondent had to have only one outlet (main business) and no branches or subsidiaries.

- The SMME of each respondent had to exist for at least 1 year.

- The SMME of each respondent had to operate between 08:00 and 16:00 every weekday, at least.

Figure 2. Geographical area where respondents were selected from

Source: Google (2016)

Relevant ethical considerations were also taken into account for this research study. All respondents were informed that information provided by them would strictly be treated with confidentially, and that they would remain anonymous as information provided would only be used for research purposes. Furthermore respondents were given full disclosure of the nature of the research study before participating and respondents were guaranteed being safeguarded from physical harm. Lastly, all respondents were informed that they may withdraw from the study at any time they should so wish without being discriminated against.

4. Results and Discussion

Throughout the remainder of this section, results and relevant discussion take place under the following sub-headings below: 1) demographical results, 2) risk management initiatives, and 3) control environment.

4.1.Demographical Results

Although all respondents adhered to the delineation criteria, respondents were asked to describe a few demographical aspects surrounding their relevant SMMEs, including their positions in their respective SMMEs.

When respondents were asked to describe their respective retail SMMEs, 53.33% were described as fast food businesses, 30.00% were described as convenience stores, and 16.67% were described as spaza shops. In addition, respondents were asked how long their respective SMMEs have been in existence. A summary of the results are shown in Table 2.

Table 2. Frequency distribution table of how long sampled SMMEs have been in existence

Value label Value Frequency Percent Valid Percent Cum Percent
Less than 1 year 0 3 10.00 10.00 10.00
1 Year 1 2 6.67 6.67 16.67
2 Years 2 3 10.00 10.00 26.67
3 Years 3 4 13.33 13.33 40.00
4 Years 4 3 10.00 10.00 50.00
5 Years 5 3 10.00 10.00 60.00
6 Years 6 3 10.00 10.00 70.00
7 Years 7 2 6.67 6.67 76.67
8 Years 8 1 3.33 3.33 80.00
10 Years 10 1 3.33 3.33 83.33
14 Years 14 1 3.33 3.33 86.67
15 Years 15 1 3.33 3.33 90.00
22 Years 22 1 3.33 3.33 93.33
32 Years 32 1 3.33 3.33 96.67
40 Years 40 1 3.33 3.33 100.00
Total: 30 100.0 100.0  

Stemming from the table above, the average number of years which sampled SMMEs was in existence for amounted to 7.33 years. As a result, the inference can be made that since these business entities existed for longer than 4 years, on average, it is probable that their sustainability was above average. This is quite a major feat as these business entities remain in operation by predominantly selling a mixture of necessity and/or non-necessity products on which marginal mark-ups are placed which, in turn, are regularly consumed by customers (Bruwer, 2016).

Respondents were asked about the position(s) which they held in their relevant SMMEs. A total of 23.33% of respondents were regarded as ‘owners’, 53.33% were regarded as ‘managers’ and 23.33% were regarded as ‘owners and managers’. When respondents were asked how long they have been in their respective positions, 73.33% indicated that they had at least 4 years’ experience with an average of 6.60 years’ experience recorded. Hence, the assumption can be made that with the average amount of experience of respondents in a managerial position, they may have had a fair amount of practical insight into the business world, especially when taking into account that their business entities have been in existence for an average of 7.33 years.

Lastly, respondents were asked how many employees they employed on a full-time basis. Stemming from the results, 63.33% of SMMEs employed between 1 and up to 5 employees, 33.34% of SMMEs employed between 6 and up to 10 employees and 3.33% of SMMEs employed between 11 and up to 50 employees; the average number of employees employed amounted to 5. When making use of the classification criteria of SMMEs as per the National Small Business Act No. 102 of 1996, the inference can be made that 63.33% of SMMEs were regarded as ‘micro enterprises’, 33.34% of SMMEs were ‘very small enterprises’, and 3.33% of SMMEs were ‘small enterprises’.

Taking all of the above into account, the average respondent can be described as a manager with 6.60 years’ experience, of a micro fast food business, that has been in existence for 7.33 years, which is responsible for employing 5 employees on a full-time basis.

4.2.Risk Management Initiatives

In order to understand the risk management initiatives which SMMEs used, respondents were asked to rate a few statements through means of a five point Likert scale (“1 = strongly disagree”, “2 = disagree”, “3 = neither agree nor disagree”, 4 = “agree”, and 5 = “strongly agree”). First, respondents had to rate an array of statements which started with the following sentence: ‘To mitigate risks in my SMME, the following is used ... ‘. A summary of the results are shown in Table 3. Based on the results, the top seven risk management initiatives which were used in SMMEs were found to be competent and trustworthy employees (x = 4.37), periodic cash counts (x = 4.30), periodic stock counts (x = 4.17), staff supervision (x = 4.07), physical security over assets (x = 3.77), periodic reconciliations (x = 3.63), and appropriate authorisation activities (x = 3.60). In turn, the worst two risk management initiatives used in SMMEs were that of regular routine backups (x = 2.90), and the physical checking of goods when they are received/sent (x = 2.90). In fundamental nature, the results point to the possibility that SMME management did not make extensive use of technology to operate their respective business entities and relied mostly on ‘hands on’ risk management initiatives that related to core operational activities (e.g. cash and inventory). This is supported by the average mean-scores for the remaining risk management initiatives (e.g. regular rotation of responsibilities, pre-numbered source documents, authorisation procedures for issuing goods, performance reviews), giving rise to the phenomenon that these business entities made use of customised risk management initiatives to combat risks.

Table 3. Frequency distribution table of respondents’ perceptions regarding risk management initiatives in SMMEs

Statement:
‘To mitigate risks in my SMME, the following is used ...’
Strongly disagree Disagree Neither agree nor disagree Agree Strongly agree Std dev Mean
Competent and trustworthy employees 0.00% 3.33% 10.00% 33.33% 53.33% 0.81 4.37
Periodic cash counts 3.33% 3.33% 6.67% 33.33% 53.33% 0.99 4.30
Periodic stock counts 3.33% 6.67% 6.67% 36.67% 46.67% 1.05 4.17
Staff supervision 3.33% 6.67% 13.33% 33.33% 43.33% 1.08 4.07
Physical security over assets 13.33% 6.67% 13.33% 23.33% 43.33% 1.43 3.77
Periodic reconciliations 13.33% 0.00% 23.33% 36.67% 26.67% 1.27 3.63
Appropriate authorisation activities 6.67% 10.00% 16.67% 50.00% 16.67% 1.10 3.60
Appropriate disciplinary procedures 13.33% 0.00% 33.33% 33.33% 20.00% 1.22 3.47
Regular rotation of responsibilities 10.00% 10.00% 30.00% 33.33% 16.67% 1.19 3.37
Pre-numbered source documents 16.67% 10.00% 23.33% 23.33% 26.67% 1.42 3.33
Authorisation procedures for issuing goods 16.67% 10.00% 26.67% 23.33% 23.33% 1.39 3.27
Performance reviews 13.33% 6.67% 30.00% 40.00% 10.00% 1.17 3.27
Analysing internal reports on a monthly basis 20.00% 3.33% 30.00% 26.67% 20.00% 1.38 3.23
CCTV cameras 30.00% 6.67% 6.67% 30.00% 26.67% 1.64 3.17
Electronic security (e.g. login passwords) 23.33% 10.00% 13.33% 33.33% 20.00% 1.49 3.17
One task is assigned to one person 23.33% 16.67% 10.00% 36.67% 13.33% 1.44 3.00
Computerised accounting information systems 30.00% 6.67% 20.00% 20.00% 23.33% 1.58 3.00
Regular routine backups 36.67% 10.00% 10.00% 13.33% 30.00% 1.73 2.90
Physical checking of goods when they are received/sent 23.33% 6.67% 43.33% 10.00% 16.67% 1.35 2.90

Albeit the aforementioned, in order to understand the effectiveness of the aforementioned risk management initiatives, respondents were asked how well these initiatives assisted SMMEs to mitigate risks. The average mean-score of respondents amounted to 3.46 which can be translated to a rating which rests between ‘average’ and ‘good’. When taking into account that SMMEs have been in operation for an average of 7.33 years, it is possible that their risk management initiatives may be effective. On the contrary, as respondents made use of risk management initiatives which cover only core operational activities, in a customised approach, their actual existence may be based on luck alone.

To shed more light on the adequacy and effectiveness of the control initiatives used by sampled SMMEs, respondents were asked to rate an array of statements on a five point Likert scale (1 = “very little”, 2 = “sometimes”, 3 = “often”, 4 = “almost always”, and 5 = “always”) which started with the following sentence: ‘Although my SMME has implemented control initiatives, the following risks still influence its sustainability ...’ A summary of the results are shown in Table 4. From the results, it appears that competition (x = 3.27) and price risks (x = 3.20) were the most prevalent risks which sampled SMMEs were still facing after the implementation of the relevant risk management initiatives. The latter gives rise to the possibility that the risk management initiatives of SMMEs were, in actual fact, adequate in order to mitigate potential risks. It should however be noted that responses were given by management, which may or may not have been biased.

4.3.Control Environment

In order to understand the foundation on which the risk management initiatives of SMMEs were built on, respondents were asked about the control environment of their SMMEs. This was done by asking respondents to rate statements on a five point Likert-scale (1 = “strongly disagree”, 2 = “disagree”, 3 = “neither agree nor disagree”, 4 = “agree”, and 5 = “strongly agree”), which started with the following statement ‘The following characteristics are evident in my SMME ...’. A summary of the results are shown in Table 5. Stemming from the results, justification is provided as to why the risk management initiatives may be as effective as it is. Taking into account that the control environment is the overall attitude of management towards internal control, the results provide evidence that SMMEs have a sound control environment on which their risk management initiatives were be built. This is particularly the case since the tested characteristics which were most evident in sampled SMMEs were that of transparency (x = 4.23), integrity (x = 4.00), compliance with laws and regulations (x = 4.00), moral values (x = 3.87), sound lines of authority (x = 3.87), accountability (x = 3.73), accountability (x = 3.73), responsibility (x = 3.73), and commitment to competency (x = 3.67). Most of these characteristics are strongly associated with that of good corporate governance.

In an attempt to ascertain whether the control environment of SMMEs had an influence on the effectiveness of risk management initiatives, as foundation, a regression analysis was performed. A summary of the results are shown in Table 6. Stemming from the results, no significant relationships were identified between the control environment of South African SMMEs and the effectiveness of their risk management initiatives. This may be as a result of two matters: 1) respondents may not have been entirely honest about the effectiveness of their SMMEs’ risk management initiatives, and 2) respondents may not have been entirely honest about the characteristics evident in their SMMEs – emanating to respondent bias.

Notwithstanding the latter, it was also tested whether the control environment of SMMEs had an influence on the actual implemented risk management initiatives, specifically those which they used (see Table 4); those that had a mean greater than 3.5. Multiple regression analyses were performed. The latter is summarised in Table 7. From the results, it appears that there were only two statistically significant relationships: 1) a positive relationship between accountability and the utilisation of periodic stock counts (β = 0.81) (p=0.004), and 2) a positive relationship between transparency and the utilisation of periodic stock counts (β = 0.56) (p=0.003). In quintessence, a statistically significant prediction can therefore be made that if transparency and accountability were evident in SMMEs, these business entities will make use of periodic stock counts. There existed no other significant relationships between the characteristics of the control environment of SMMEs and implemented risk management initiatives.

Table 4. Frequency distribution table of respondents’ perceptions regarding risks which influence their SMMEs

Statement:
‘Although my SMME has implemented control initiatives, the following risks still influence its sustainability ...’
Very little Sometimes Often Almost always Always Std dev Mean
Competition 13.33% 16.67% 20.00% 30.00% 20.00% 1.34 3.27
Price risks 6.67% 16.67% 40.00% 23.33% 13.33% 1.10 3.20
Reputational risks 23.33% 23.33% 23.33% 20.00% 10.00% 1.32 2.70
Cash flow risks 23.33% 20.00% 36.67% 16.67% 3.33% 1.14 2.57
Market risks 36.67% 13.33% 36.67% 6.67% 6.67% 1.24 2.33
Legal risks 53.33% 13.33% 23.33% 6.67% 3.33% 1.17 1.93
Potential damage to assets 63.33% 6.67% 16.67% 6.67% 6.67% 1.31 1.87
Political risks 63.33% 10.00% 16.67% 10.00% 0.00% 1.08 1.73
Potential theft of assets 13.33% 30.00% 30.00% 26.67% 0.00% 1.00 1.28
IT risks 53.33% 6.67% 23.33% 16.67% 0.00% 1.00 1.22
Credit risks 36.67% 20.00% 33.33% 10.00% 0.00% 1.00 1.05

Table 5. Frequency distribution table of respondents’ perceptions regarding characteristics of their SMMEs (control environment)

Statement:
‘The following characteristics are evident in my SMMEs...’
Strongly disagree Disagree Neither agree nor disagree Agree Strongly agree Std dev Mean
Transparency 3.33% 3.33% 10.00% 33.33% 50.00% 1.01 4.23
Integrity 6.67% 0.00% 23.33% 26.67% 43.33% 1.14 4
Compliance with laws and regulations 3.33% 3.33% 13.33% 50.00% 30.00% 0.95 4
Moral values 3.33% 13.33% 16.67% 26.67% 40.00% 1.2 3.87
Sound lines of authority 3.33% 6.67% 20.00% 40.00% 30.00% 1.04 3.87
Accountability 3.33% 10.00% 20.00% 43.33% 23.33% 1.05 3.73
Responsibility 6.67% 6.67% 23.33% 33.33% 30.00% 1.17 3.73
Commitment to competency 6.67% 3.33% 36.67% 23.33% 30.00% 1.15 3.67

Table 6. Summary of results for regression analysis

Dependent variables Effectiveness of Risk Management Initiatives
Independent variables R2 0.34
F 0.85
Sig. 0.000***
Integrity β -0.36
Sig. .392
Moral behaviour β -0.16
Sig. 0.735
Compliance with laws and regulations β 0.06
Sig. 0.888
Accountability β -0.09
Sig. 0.858
Sound lines of authority β -0.26
Sig. 0.633
Responsibility β -0.54
Sig. 0.124
Transparency β 0.05
Sig. 0.931
Commitment to competency β -0.21

Note: *** Significant at a 0.001 level

Table 7. Summary of results for multiple regression analysis

Dependent variables Competent and trustworthy employees Periodic cash counts Periodic stock counts Staff supervision Physical security over assets Periodic reconciliations Appropriate authorisation activities
Independent variables R2 0.35 0.71 0.89 0.56 0.66 0.56 0.63
F 1.39 2.61 9.88 1.2 2.04 1.2 1.76
Sig. 0.000* 0.000* 0.000* 0.000* 0.000* 0.000* 0.000*
Integrity β -0.01 -0.46 -0.53 -0.09 -0.77 0.09 -0.45
Sig. 0.977 0.154 0.014 0.806 0.029 0.805 0.192
Moral behaviour β 0.15 0.7 0.38 -0.08 0.75 -0.32 0.41
Sig. 0.722 0.073 0.126 0.858 0.071 0.472 0.322
Compliance with laws and regulations β -0.36 0.22 0.17 0.21 -0.5 0.14 -0.24
Sig. 0.334 0.497 0.409 0.568 0.148 0.701 0.493
Accountability β -0.18 0.18 0.81 0.48 0.89 0.15 0.41
Sig. 0.685 0.648 0.004* 0.294 0.041 0.736 0.339
Sound lines of authority β -0.27 -0.63 -0.047 -0.79 -0.3 0.14 -0.17
Sig. 0.528 0.101 0.061 0.081 0.444 0.753 0.682
Responsibility β 0.25 0.22 -0.21 -0.01 -0.01 -0.36 -0.14
Sig. 0.382 0.374 0.196 0.981 0.966 0.222 0.603
Transparency β 0.56 0.12 0.56 0.44 0.18 -0.32 0.52
Sig. 0.068 0.641 0.003* 0.156 0.511 0.29 0.073
Commitment to competency β 0.09 0.12 -0.18 0.22 0 0.25 0.11
Sig. 0.704 0.552 0.197 0.381 0.999 0.302 0.615

Note: * Significant at a 0.01 level

5. Discussion

5.1. Conclusion

From the literature reviewed it was evident that the control environment serves as foundation for any system of internal control, including all of its facets (of which risk management is one of). As management is ultimately charged with the responsibility to manage all risks in a business, it is imperative that all businesses should make use of appropriate initiatives to manage risks.

Based on the results and discussion above, it appears that South African SMMEs make use of customised risk management initiatives to manage selective risks in relation to their core operational aspects such as cash management and inventory management. Albeit the limiting scope of the customised risk management initiatives, their effectiveness were rated as between ‘average’ and ‘good’ by respondents. The latter was confirmed by the observation that the risks which still influence SMMEs were mainly related to competition and price risks. In order to determine the basis which was used to develop the customised risk management initiatives, respondents shared that the characteristics evident in their respective SMMEs pertained to that of good corporate governance.

Upon further testing, it was found that there existed no direct relationships between the individual characteristics of the control environment of SMMEs and the effectiveness of their risk management initiatives, and only two significant relationships between the characteristics of SMMEs’ control environments and their implemented risk management initiatives (out of the 56 tested relationships). The latter observation alludes to the possibility that respondents may not have been entirely honest about the effectiveness of their SMMEs’ risk management initiatives, and or the characteristics evident in their SMMEs. Therefore, from the research conducted, although the control environment of South African SMMEs appeared as good, the inferential statistics provide evidence that the customised risk management initiatives deployed by these business entities were not based thereon as foundation.

5.2. Limitations and Avenues for Further Research

Although responses were only received from SMME management, the information in this research study came directly from individuals who had decision-making authorities in their respective business entities. Nevertheless, the responses that were obtained may have been biased (as supported by the inferential statistics). In addition, despite the thorough delineation criteria utilised, only SMMEs that were physically operating in a small area (within the perimeter of Bree street, Strand street, Adderley street and Wale Street) was approached. This was mainly due to time constraints (the authors only had 2 weeks to collect data) and money constraints (the authors had no formal budget to expand on the research study).

With the above in mind, suggested avenues for further research include, but do not limit to qualitative research on the control environment and risk management initiatives deployed in South African SMMEs.

References
  1. Ali, T.M., Mahmood, M.T. and Bashir, T., 2015. Impact of Interest Rate, Inflation and Money Supply on Exchange Rate Volatility in Pakistan. World Applied Sciences Journal, 33(4), pp 620-630.
  2. Almgren, K., 2014. Implementing COSO ERM Framework to Mitigate Cloud Computing Business Challenges. International Journal of Business and Social Science. 5(9), pp 71-76.
  3. Amra, R., Hlatshwayo, A. and McMillan, L., 2013. SMME Employment in South Africa. Biennial Conference of the Economic Society of South Africa. Conference Proceedings. 25 - 27 September 2013.
  4. Berry, A., Von Blottnitz, M., Cassim, R, Kesper, A., Rajaratnam, B. and Van Seventer, D.E., 2002. The economics of SMMEs in South Africa. [online]. Available at: http://www.tips.org.za/files/506.pdf [Accessed 24/03/2014].
  5. Boubala, H.G.O., 2010. Risk Management of SMMEs. Degree of MTech: Internal Auditing. Cape Peninsula University of Technology.
  6. Bruwer, J-P., 2010. Sustainability of South African FMGC Retail businesses in the cape peninsula. Degree of Magister Technologiae: Internal Auditing, Faculty of Business, Cape Peninsula University of Technology.
  7. Bruwer, J.-P., 2016. The relationship(s) between the managerial conduct and the internal control activities in South African fast moving consumer goods SMMEs. Unpublished DTech (Internal Auditing) thesis, Cape Peninsula University of Technology, Cape Town, South Africa.
  8. Bruwer, J.-P., Masama, B., Mgidi, A., Myezo, M., Nqayi, P., Nzuza, N., Phangwa, M., Sibanyoni, S. and Va, N., 2013. The need for a customised risk management framework for small enterprises Southern African Accounting Association: Conference Proceedings. 26 June 2013.
  9. Bruwer, J.-P. and Coetzee, P., 2016. A literature review of the sustainability, the managerial conduct of management and the internal control systems evident in South African Small, Medium and Micro Enterprises. Problems and Perspectives in Management, 14(2), pp.190-200.
  10. Bruwer, J.-P. and Van Den Berg, A., 2015. The influence of the control environment on the sustainability of fast food Micro and Very Small Enterprises operating in the Northern suburbs. Journal of Leadership and Management Studies, 2(1), pp. 50-63.
  11. Coetzee, P., Du Bruyn, R., Fourie, H. and Plant, K., 2014. Internal Auditing: An introduction. Johannesburg: LexisNexis.
  12. Coetzee, P., Du Bruyn, R., Fourie, H. and Plant, K., 2015. Advanced Internal Audit Topics. Johannesburg: LexisNexis.
  13. COSO, 2004. Enterprise Risk Management – Integrated Framework Executive Summary. [online] Available at: http://www.coso.org/documents/coso_erm_executivesummary.pdf [Accessed on 14/04/2016].
  14. COSO, 2013. Internal Control - Integrated Framework Executive Summary. [online] Available at: http://www.coso.org/documents/990025p_executive_summary_final_may20_e.pdf [Accessed on 14/04/2016].
  15. Deloitte and Touche, 2012. Risk Assessment in Practice. [Online]. Available at: www.deloitte.com/content/dam/Deloitte/global/Documents/Governance-Risk-Compliance/dttl-grc-riskassessmentinpractice.pdf [Accessed on 15/04/2016].
  16. Deloitte, 2015. Compliance Risk Assessments the Third Ingredient in a World-Class Ethics and Compliance Program. [online] Available at: http://www.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-aers-compliance%20riskassessments-02192015.pdf [Accessed on 15/04/2016].
  17. Fatoki, O. and Odeyemi, A. 2010. Which New Small and Medium Enterprises in South Africa Have Access to Bank Credit. International Journal of Business and Management, 5(10), pp.128-136.
  18. Fatoki, O. 2014. Enhancing access of external finance for new micro enterprises in South Africa. Journal of Economics, 5(1), pp.1-6.
  19. Google. 2016. Cape Town CBD [online] Available at: maps.google.com [Accessed on 09/08/2016].
  20. Guilhoto, J.J.M., Marjotta-Maistro, M.C. and Hewings, G.J.D., 2002. Economic landscapes: what are they? An application to the Brazilian economy and to sugar cane complex. In Hewings, G.J.D., Somis, M. and Boyce, D.E. (eds). Trade, networks and hierarchies: modelling regional and interregional economies. Berlin: Springer, pp. 99-118.
  21. Hendricks, B., Hendricks, G., Johnson, R., Manuel, A., Maritz, R., Theron, L and Bruwer, J.P., 2015. The Influence of “Sin Tax” on the Economic Sustainability of Small, Medium and Micro Liquor Store Enterprises in the Northern Suburbs of the Cape Metropolis, South Africa. Journal of Economics, 6(2), pp.87-101.
  22. Indexmundi, 2015. South African Economy [online] Available at: http://www.indexmundi.com/south_africa/economy_profile.html [Accessed on 14/02/2015].
  23. IOD, 2009. King Code of Governance Principles for South Africa 2009. [online] Available at: https://c.ymcdn.com/sites/www.iodsa.co.za/resource/collection/94445006-4F18-4335-B7FB-7F5A8B23FB3F/King_III_Code_for_Governance_Principles_.pdf [Accessed on 12/ 04/ 2016].
  24. IIA, 2011. IPPF-Practice Guide Auditing the Control Environment [online] Available at: www.iia.nl/Sitefiles/IIA_leden/Auditing_the_Control_Environment[1].pdf [Accessed 12/04/2016].
  25. IIA, 2012. International Standards for the Professional Practice of Internal Auditing (Standards) [online] Available at: https://na.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdf [Accessed on 12/04/2016].
  26. Institute of Management Accountants, 2014. Enterprise Risk Management: Frameworks, Elements, and Integration. [online] Available at: www.imanet.org/docs/default-source/thought_leadership/governance_systems/erm_frameworks_elements_and_integration.pdf?sfvrsn=2 [Accessed on 23/05/2016].
  27. Jackson, R., Stent, W., 2007. Auditing Notes for South African Students. Durban: LexisNexis.
  28. Jayathilake, P.M.B.2012. Risk Management Practices in Small and Medium Enterprises: Evidence from Sri Lanka. International Journal of Multidisciplinary Research, 2(7), pp 226-234.
  29. Jiang, L. and Li, X. 2010. Discussions on the Improvement of the Internal Control in SMEs. International Journal of Business and Management, 5(9), pp 214-216.
  30. Johnson and Johnson, 2013. Framework for Enterprise Risk Management Framework [online] Available at: www.jnj.com/sites/default/files/pdf/JnJ_RiskMgmt_ERMFramework_guide_v16a.pdf [Accessed on 13/04/2016].
  31. Kemp, A., Bowman, A., Blom, B., Visser, C., Bergoer, D., Fullard, D., Moses, G., Brown, S.-L., Bornman, J. and Bruwer, J.-P., 2015. The usefulness of cash budgets in micro, very small and small retail enterprises operating in the Cape Metropolis. Expert Journal of Business and Management, 3(1), pp.1-12.
  32. Mabesele, L.A., 2009. The role of performance measures in the fast food franchisee industry to sustain positive growth: Cape Metro-pole South Africa. Master of Technology: Internal Auditing, Faculty of Business, Cape Peninsula University of Technology, Cape Town.
  33. Mankiw, N.G., 2009. Principles of Economics. 5th ed. New York: Cengage Learning Inc.
  34. Manyerere, D., 2016. Social Capital: A Neglected Resourec to create Viable and Sustainable Youth Economic Groups in Urban Tanzania. Journal of Education and Practice, 7(3), pp.136-146.
  35. Masama, B., Ndlovu, E., Mambwe, T., Rabohome, C., Chakabva, O., Fologang, B., Badze, T. and Bruwer J.-P., 2012. Enterprise risk management: A managing ‘partner’ for business success. African Journal of Business Management, 6(48), pp.11782-11786.
  36. McNally, J.S., 2013. The 2013 COSO framework and SOX compliance: one approach to an effective transition. [online] Available at:www.coso.org/documents/COSO%20McNallyTransition%20Article- Final%20COSO%20Version%20Proof_5-31-13.pdf [Accessed on 09/07/2013].
  37. Ngary, C., Smit, Y., Bruwer, J-P. and Ukpere, W.I., 2014. Financial performance measures and business objectives attainment in fast food SMMEs in the Cape metropolis: a preliminary liability and suitability analysis. Mediterranean Journal of Social Sciences, 5(20), pp.909-921.
  38. Ngubane, N., Mayekiso, S., Sikota, S., Fitshane, S., Matsotso, M and Bruwer, J.-P., 2015. Inventory Management Systems used by Manufacturing Small Medium and Micro Enterprises in Cape Town. Mediterranean Journal of Social Sciences, 6(1), pp. 382-390.
  39. Oseifuah, E. and Gyekye, B., 2013. Internal control in small and microenterprises in the Vhembe district, Limpopo province, South Africa. European Scientific Journal, 9(4), pp.241-251.
  40. PCW. 2015. Focus on South Africa’s emerging companies and entrepreneurial landscape 2015 Working together, moving forward Emerging companies and the ecosystem. [online] Available at: www.pwc.co.za/en/assets/pdf/emerging-companies-and-the-ecosystem.pdf [Accessed on 21/05/2016]
  41. Prinsloo, S., Walker, C., Botha, L., Bruwer, J-P. and Smit, Y., 2015. The Influence of Combined Assurance Initiatives on the Efficiency of Risk Management in Retail Small and Very Small Enterprises in Bellville, South Africa. Expert Journal of Business and Management, 3(2), pp.63-81. 
  42. Protiviti, 2016. Singapore Quick  Guide to the  COSO Enteprise Risk Management and Internal Control Frameworks. [online] Available at: www.protiviti.com/Singapore-en/Documents/SG-Quick-Guide-COSO-ERM-Internal-Control-Frameworks-2016Ed.pdf [Accessed on 18/04/2016].
  43. Reding, K.F, Sobel, P.J., Andersen, U.L., Head, M.J, Ramamoorti, S., Salamasick, M., Riddle, C., 2013. Internal Auditing: Assurance and Consulting. Florida: The Institute of Internal Auditors Research.
  44. Scannell, V.T., Curkovic, S., Wagner, B.J. and Vitek, M.J., 2013. Supply Chain Risk Management within the Context of COSO’s Enterprise Risk Management Framework. Journal of Business Administration Research, 2(1), pp 15-28.
  45. Siwangaza, L., 2014. The status of internal controls in fast moving consumer goods SMMEs in the Cape Peninsula. Degree MTech: Internal Auditing. Cape Peninsula University of Technology.
  46. Siwangaza, L., Smit, Y., Bruwer, J-P. and Ukpere, W. 2014. The Status of lnternal Controls in Fast Moving Consumer Goods Enterprises within the Cape Peninsula. Mediterranean Journal of Social Sciences, 5(10), pp. 163-175.
  47. Smit, Y. 2012. A structured approach to risk management for South African SMEs. Doctor of Technology: Internal Auditing, Faculty of Business, Cape Peninsula University of Technology.
  48. Smit, Y. and Watkins, J.A., 2012. A literature review of small and medium enterprises (SME) risk management practices in South Africa. African Journal of Business Management, 6(21), pp. 6324-6330.
  49. South Africa, 1996. Small Business Act No. 102 of 1996. Pretoria: Government Printers
  50. Sunjka, B.P. and Emwanu, B., 2015. Risk Management in Manufacturing SMEs in South Africa. International Association for Management of Technology. Conference Proceedings.
  51. Statistics SA, 2016. Statistical Publications [online] Available at: www.statssa.gov.za/?page_id=1859 [Accessed 23/05/2016].
  52. Statistics SA, 2011. Census 2011. [online] Available at: www.statssa.gov.za/?page_id=3839 [Accessed 24/05/2016].
  53. Swart, M. 2011. Small businesses are set to lead economic recovery. Professional Accountant (SAIPA), October–November, pp. 10-12.
  54. Trading Economies. 2015. South Africa [online] Available at: www.tradingeconomics.com/south-africa [Accessed on 14/02/2015].
  55. Verbano, C. and Venturini, K., 2013. Managing Risks in SMEs: A Literature Review and Research Agenda. Journal of Technology Management Technology and Innovation, 8(3), pp. 186-197.
  56. Visagie, J.C., 1997. SMMEs’ challenges in reconstructing South Africa. Management Decision, 35(9), pp.660-667.
  57. Wiese, J.S., 2014. Factors determining the sustainability of selected small and medium-sized enterprises. Unpublished MBA dissertation, North-West University, Potchefstroom, South Africa.

Article Rights and License
© 2016 The Authors. Published by Sprint Investify. ISSN 2359-7712. This article is licensed under a Creative Commons Attribution 4.0 International License. Creative Commons License
Corresponding Author
Juan-Pierré Bruwer, Cape Peninsula University of Technology, Cape Town, South Africa
Download PDF

Author(s)

Juan-Pierré BRUWER
Cape Peninsula University of Technology, South Africa

Luyolo SIWANGAZA
Cape Peninsula University of Technology, Cape Town, South Africa
Bitnami