KeywordsLoss control loss control strategies Small Medium and Micro Enterprises (SMMEs)
JEL Classification M10
Full Article
1. Introduction
Small, Medium and Micro Enterprises (SMMEs) are regarded as the driving forces of many economies around the globe (Hill, 2001; Park, 2001; Wren and Storey, 2002) particularly due to the socio-economic value they add (Stokes and Wilson, 2010). This is no different in South Africa as these business entities are responsible for adding socio-economic value to the national economy by means of reducing unemployment and alleviating poverty (Chepurenko, 2010; Amra et al., 2013; Chimucheka, 2014). Albeit the aforementioned, previous studies (Kabiawu, 2013; Wiese, 2014) suggest that South African SMMEs have one of the worst sustainability rates in the world. This is particularly the case since 70% of these business entities have been reported to fail after being in existence for less than four years (Cant and Ligthelm, 2002; Van Eeden et al., 2003; Biyase, 2009).
Over the years probable reasons for the latter dispensation were researched (Wessels, 2000; Brink et al., 2003), where it was found that the sustainability of South African SMMEs is adversely impacted by actual loss events which stem from economic factors. Examples of these factors include, inter alia economic uncertainty, extensive red tape, high inflation rates, high taxation rates, high levels of crime, volatile exchange rates, volatile market conditions, weak service delivery , skills shortage, non-payment of customers, poor cash flow management and high overhead costs (Kunene, 2008; Statistics South Africa, 2014; SAICA, 2015).
From the above it becomes apparent that South African SMMEs should make use of sound internal control initiatives and sound risk management practices in order to mitigate and control risks, to provide reasonable assurance surrounding these business entities’ overall sustainability. According to two local studies conducted (Smit, 2012; Siwangaza, 2013) it was found that these business entities make use of customised internal control initiatives and customised risk management practices that are often regarded as inadequate and/or ineffective to provide reasonable assurance regarding the attainment of business objectives in the foreseeable future. Hence it is probable that the customised internal control initiatives and customised risk management practices used by South African SMMEs may be on the back-foot, as these features may unknowingly allow potential loss events to transform into actual loss events due to their reactive nature. In such cases, actual loss events should be managed to such an extent that it has an absolute minimum adverse impact on the attainment of objectives in the foreseeable future.
Using the above as a basis, for this research study a literature review was conducted with the main intent to highlight gaps in customised internal control initiatives and customised risk management practices in South African SMMEs by theoretically exploring their loss control and loss control strategies. Throughout the remainder of this paper, relevant discussion take place under the following sections: 1) research design, 2) literature review, 3) conceptualising loss control and loss control strategies, 4) conclusion, and 5) avenues for further research.
2. Research Design
For this study, non-empirical research was conducted, which fell within the intepretivistic research paradigm; constituting qualitative research. This study took the form of an exploratory literature review whereby secondary data were analysed with the main intent to conceptualise relevant terms and to identify gaps in customised internal control initiatives and customised risk management practices in South African SMMEs. In order to attain the latter, a total of 93 sources were consulted of which only 57 were used to attain the aforesaid (see Table 1). The reviewed literature is covered, in depth, in the next three sections below.
Table 1. Secondary data sources consulted for this research study
Source Type | Quantity |
Journal articles | 28 |
Professional webpages | 7 |
Books | 7 |
Theses | 7 |
Reports | 4 |
Conference papers | 4 |
TOTAL | 57 |
Source: Own Source
3. Literature Review
As previously mentioned, South African SMMEs add significant socio-economic value to the South African economy. The socio-economic value added by these entities are placed in perspective by previous studies (Fatoki and Odeyemi, 2010; Naidoo and Urban, 2010; Swart, 2011; Bruwer, 2016) which show that South African SMMEs provide employment opportunities to an estimated 80% of the national workforce, while simultaneously contributing at least 30% to the national Gross Domestic Product (GDP).
Notwithstanding the above, South African SMMEs are believed to have one of the worst sustainability rates in the world as up to 70% of these business entities fail after being in operation for four years (Wiese, 2014). In recent times studies show that the sustainability of South African SMMEs have not improved greatly over the years as an estimated 75% of these business entities are believed to close their doors after being in operation for only three years (Cant and Wiid, 2013; Moloi, 2013; Mutezo, 2013).
The sustainability of South African SMMEs is adversely influenced by an array of actual loss events, as spurred on by economic factors. This phenomenon is placed in better perspective when shedding light on the harsh South African economic environment. It quintessence, previous studies suggest that the South African economic environment serves as a perfect breeding ground for risks to realise in, making it very difficult for these business entities to remain in operation (Herrington and Kew, 2013; Bruwer, 2016). Although South African SMMEs face risks on a daily basis, most of these risks stem predominantly from the economic environment which has a direct negative influence on their overall sustainability (Steyn and Steyn, 2006; Cant and Wiid, 2013; Hart, 2014).
Despite the fact that risks should be properly mitigated by sound internal control initiatives and sound risk management practices, South African SMMEs make use of customised internal control initiatives and customised risk management practices which are not deemed as adequate and/or effective (see Section 1). Moreover, studies conducted by Gledon et al. (2016) and Rudman and Sahd (2016) suggest that the intrinsic nature of formal internal control initiatives and formal risk management practices are gradually changing from being proactive to being reactive due to, inter alia, the rapid advancements in technology and the man-made nature of internal control initiatives and risk management practices. Thus, risks may unknowingly realise and cause damage to the sustainability of South African SMMEs.
4. Conceptualising Loss Control and Loss Control Strategies
Throughout this section relevant discussion takes place to provide a platform to conceptualise the terminologies of “loss control” and “loss control strategies”. Following this, loss control and loss control strategies evident in a South African SMME dispensation are also discussed to provide an understanding of the gaps in customised internal control initiatives and customised risk management practices in South African SMMEs.
4.1. Understanding Risk (Potential Loss Events)
The concept of “risk” is commonly associated with uncertainty, mainly since events with unpredictable outcomes hold risks (Nissanke and Dammag, 2002). In a business dispensation, a risk is often described as an event which may or may not take place, which may or may not have a positive and/or negative influence on the attainment of business objectives (IIA, 2003; Spekman and Davis, 2004). In order to conceptualise this term within the ambit of this study, a non-exhaustive list of definitions for “risk” was covered (Valsamakis et al., 1999 cited by Ngholo, 2013; Andersen and Terp, 2006; Ritchie and Brindley, 2007; ISO, 2009; Wu and Olson, 2009; Soltanizadeh et al., 2010) from where it was viewed as an 1) uncertain event which, 2) may or may not happen which, 3) stems from inside or outside a business, which 4) can either have a positive or negative influence on the attainment of business objectives. Hence, using the aforementioned as a basis, and within the ambit of this study, risk was conceptualised as follows:
A risk is an internal or external uncertainty which may or may not happen, which will have an influence on the attainment of a business’ objectives in the foreseeable future, if it realises. This influence can either be positive or negative.
In commerce, risks are inevitable (Bowling et al., 2003) as they are apparent in all business-related activities (e.g. procurement, goods receipts, sales, etc.) and evident across various levels in a business (e.g. strategic level, reporting level, operational level, etc.). Among the many difference groupings of risks, they are commonly demarcated into three categories, namely that of: 1) pure risks, 2) incidental risks, and 3) inherent risks. These categories of risks are briefly discussed below (Valsamakis et al., 2000; Tchankova, 2002; DEAT, 2006; Fraser and Henry, 2007):
· Pure risks: These risks are non-speculative in nature, and their potential influence on the attainment of business objectives is negative. Such risks are attributed to specific events that can be insured against, and can only realise into actual loss events. Examples include identity theft, injuries on duty and natural disasters.
· Incidental risks: These risks can be either speculative and/or non-speculative in nature, and naturally stem from business-related activities and/or macro-economic factors. Albeit the latter, these risks do not directly influence the attainment of business objectives, but rather does so on an indirect basis. Examples include changes in productivity, changes in interest rates and changes in inflation rates.
· Inherent risks: These risks naturally form part of the business. In layperson’s terms, such risks can be either speculative and/or non-speculative in nature, stem from business-related activities and/or macro-economic factors, and directly influences the attainment of business objectives. Examples include overall compliance, product/service complexity and human error.
From a South African SMME perspective, these three categories of risks are often intertwined with one another, which make it difficult to mitigate and/or manage. This is particularly so since management of these business entities mix their personal objectives with that of their SMMEs’ objectives (Carlton, 1999). According to St-Pierre and Bahri (2006) all relevant risks in SMMEs should be adequately managed and/or mitigated, regardless of whether they have direct or indirect influenced on the attainment of business objectives. Notwithstanding the classification of risks above, risks can also be demarcated in the following four groups (Remenyi and Heafield, 1996; Smit, 2012:47-51; Bruwer et al., 2013; Sin and Ng, 2013):
· Strategic risks: These risks influence the attainment of a business’ vision and mission, and serves as the foundation to achieve its objectives. Examples include the loss of market share, the loss of competitive advantage and impairment to business reputation,.
· Operational risks: These risks have a direct influence on the effectiveness, economy and efficiency of operations in a business, as well as the attainment of relevant business objectives. Examples include the operational inefficiencies, supply chain interruptions, appointment of incompetent and/or untrustworthy personnel and inadequate and/or ineffective of internal control systems. A system of internal control is a structured process whereby reasonable assurance is provided to management surrounding the attainment of business objectives in the foreseeable future (COSO, 2013).
· Reporting risks: These risks have a direct influence on the integrity and reliability of information, be it financial or non-financial in nature, including that of relevant business objectives. Examples include inaccurate and/or incomplete internal management reporting, inaccurate and/or unreliable financial reporting and incorrect and/or incomplete reporting to external stakeholders.
· Compliance risks: These risks have a direct influence on how compliant a business is in relation to relevant legislation, rules, regulations, policies and procedures, as well as the actual attainment of business objectives. Examples include non-compliance with applicable laws and regulations, non-compliance with policies and procedures and non-conformance to established internal control protocols.
Stemming from the above, clear tangent planes emerge that South African SMMEs face a magnitude of risks on a daily basis. Albeit the latter, the South African economic environment also serves as a type of breeding ground for risks to cultivate in (Herrington and Kew, 2013; Bruwer, 2016). For this reason, South African SMMEs should mitigate and manage potential loss events through means of deploying sound risk management practices, while simultaneously controlling actual loss events to have an absolute minimum adverse influence on the attainment of business objectives. Based on research conducted by Gledon et al. (2016) and Rudman and Sahd (2016) however, this task may prove to be difficult as, over the years, many risks have become only manageable on a reactive basis mainly due to rapid advancements made in technology. Hence, it becomes probable that the risks which South African SMMEs face on a daily basis tend to become actual loss events long before these risks can be properly mitigated and managed through sound risk management practices and sound internal control initiatives.
4.2. Conceptualising Loss Control and Loss Control Strategies
Even though actual loss events can be controlled through corrective control activities (to some extent), there appears to be a gap in existing literature. Corrective control activities are those activities which should correct errors and reduce the impact of exposed weaknesses stemming from actual loss events, while simultaneously discontinuing such circumstances from causing additional damage to the overall sustainability of a business entity, as quickly as possible (COSO, 2008; ISH, 2008; Cendrowski and Mair, 2009). Since more and more risks are being managed and mitigated on a reactive basis, it is highly likely that businesses, including South African SMMEs, may not: 1) identify risks which transform into actual loss events, 2) prevent risks which transform into actual loss events, and/or 3) detect risks which transform into actual loss events. In other words, the possibility exists that these businesses may be unknowingly adversely influenced by actual unidentified loss events which are not being mitigated and/or managed at all. This is where loss control comes into play. Although no formal definition exists for the term “loss control”, it does however relate to the terms “internal control” and “risk management”. The formal definitions of these two terms are provided below:
· Internal control: It is a process, as implemented by management, designed to provide reasonable assurance regarding the achievement of objectives relating to the economy, effectiveness and efficiency of operations, the reliability of reporting information, and the compliance with applicable laws and regulations (McNally, 2013).
· Risk management: It is a process, as implemented by management, applied in a strategic setting and across a business entity, designed to identify potential events that may affect it, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of its objectives (COSO, 2004).
Though detailed, these two formal definitions do not take into account the actual loss events. At most, the formal definition of risk management (above) only takes into account risks (potential loss events). The views of scholars around the globe (Öztas and Ökmen, 2005; Woloch, 2006; Nilsen, 2007; Jannadi, 2008; Kwak and Smith, 2009; Lovejoy et al., 2010; Aven, 2011; Treasury Board of Canada, 2012; Langenhan et al., 2013; Wu et al., 2014) were compared to the formal definition of risk management as per the views of COSO (2004), from where it was found that risk management is: 1) an unspecific, yet systematic process which, 2) does not necessarily have to be implemented by management which, 3) relates to the manner in which risks are identified, analysed and treated, which 4) should keep the negative potential impact of risks at an absolute minimum in order to, 5) assist a business entity to become sustainable. In a business dispensation, the term “sustainability” encompasses the achievement of social responsibilities, environmental responsibilities and economic responsibilities (Husband and Mandal, 1999; Rodgers, 2010; Buys, 2012). Stemming from the above, the inference can be made that the views of scholars on risk management are similar to that of COSO (2004) in the sense that it is focused predominantly on the mitigation of risks (potential loss events), and not the controlling of actual loss events. Hence, using the above as foundation, the term “loss control” is conceptualised within the ambit of this study as follows:
It is a systematic process that entails the appropriate controlling of previously unidentified, non-prevented and/or undetected risks which transformed into actual loss events. This is done by rapidly identifying, analysing and treating such loss events to have an absolute minimum adverse influence on the overall sustainability of a business entity, and assist it to achieve its relevant objectives in the foreseeable future.
Building forth on the above, in order to identify actual loss events, a type of “radar” should be lodged. By doing so, actual loss events which adversely influence the attainment of strategic objectives, operational objectives, reporting objectives and/or compliance objectives should be “highlighted”. To do this however, each objective of a business should be known and thoroughly investigated in to: 1) determine whether any unidentified risks may have transformed into actual loss events, and 2) identify all unidentified risks which may adversely influence the attainment of business objectives in the foreseeable future. Following this, these actual loss events should be analysed (when did they start, what caused them to start, what damage have they caused, what are their potential impact, etc.) and treated accordingly (remove, share, mitigate, etc.) while newly identified potential loss events should be assessed and analysed to be properly mitigated and/or managed.
The manner in which loss control takes place in a business will be strongly influenced by management’s loss control strategy. Loss control is strongly associated with risk management (Lam, 2014). Such a strategy is formally defined by COSO (2004) as an all-compassing-process that takes into account relevant stakeholders in a business, including inter alia the business’ vision and mission, with the main intent to identify and manage potential loss events, within acceptable parameters (risk appetite), to provide reasonable assurance that relevant business objectives will be attained in the foreseeable future. Similarly to the previous terms, a loss control strategy can be interpreted subjectively in a commercial dispensation. The comparative views of scholars (Booker, 2005; Nguyen, 2007; Duong, 2009; Heyneke, 2010; IIA, 2012; Luper and Kwanum, 2012; Johnson and Johnson, 2013; Reding et al., 2013; Rais, 2014) on the aforementioned term show that a loss control strategy is: 1) a dedicated systematic and on-going process which, 2) is aligned with the strategy (vision and mission) of a business entity that, 3) entails the participation of different stakeholders across the relevant business entity which, 4) involves the identification and assessment of potential loss events along with the subsequent selection of appropriate response techniques that, 5) are aimed at reducing the likelihood of realisation and the potential severity of impact of these events to remain within acceptable levels while, 6) simultaneously providing reasonable assurance surrounding the attaining of business objectives in the foreseeable future. Hence, based on the above, and within the ambit of this study, the term “loss control” is conceptualised as follows:
It is a structured, coordinated and continuous approach to manage potential loss events, which is instituted by management, while taking into account all relevant stakeholders and the strategy of a business entity, with the main intent to manage these events to keep their likelihood of realisation and their potential impact at absolute minimum levels, to provide reasonable assurance surrounding the attainment of a business entity’s objectives in the foreseeable future.
Although loss control strategies mainly relate to tactics used to mitigate and manage risks, these tactics generally set the tone at the top for how actual loss events are controlled in a business – similar to the role of governance. Depending on the potential impact and frequency of loss events (both potential and/or actual), businesses can make use of four generic tactics to address them, namely: 1) avoidance tactics, 2) sharing tactics, 3) mitigation tactics, and/or 4) acceptance tactics (see Figure 1).
Figure 1. Four major tactics for loss control
Source: Bauer and Bushe (2003)
These tactics are briefly explained below (Boubala, 2010; Jayathilake, 2012; Masama et al., 2012; Bruwer et al., 2013; Scannell et al., 2013; Venturini and Verbano, 2013; Sunjka and Emwanu, 2015):
· Avoidance tactics: Such tactics are deployed to terminate loss events with high frequencies and high potential impacts. This is generally done where potential loss events have high frequencies of occurring and high potential impacts.
· Sharing tactics: Such tactics are deployed to transfer potential loss events with low frequencies of occurring and high potential impacts. Examples of such tactics include, but not limited to insurance and outsourcing.
· Mitigation tactics: Such tactics are deployed to control loss events with high frequencies of occurring and low potential impacts. Examples of such tactics include safeguarding of assets, segregation of duties, independent reviews, etc.
· Acceptance tactics: Such tactics are deployed to tolerate loss events with low frequencies of occurring and low potential impacts. In layperson’s terms, management takes no action in deploying such tactics as loss events are considered to be harmless.
4.3. Loss Control and Loss Control Strategies in South African SMMEs
According to previous studies (Smit, 2012; Siwangaza, 2013) South African SMMEs make use of customised internal control initiatives and customised risk management practices to mitigate and manage risks which, in turn, are regarded as inadequate and/or ineffective in relation to providing reasonable assurance surrounding the attainment of business objectives. This view is placed in perspective by more recent studies (Bruwer and Van Den Berg, 2015; Bruwer and Siwangaza, 2016) where it was found that these business entities mostly made use of internal control initiatives and risk management practices which were regarded as popular, just for the sake of having such initiatives and practices. Moreover, these customised initiatives and practices were found to have no positive influence on the overall sustainability of these business entities (Bruwer et al., 2013; Bruwer, 2016; Bruwer et al., 2017). Thus it is of no surprise that South African SMMEs make use of a mixture of loss control strategies to mitigate and manage risks, which mainly relate to avoidance tactics and sharing tactics (Boubala, 2010; Luper and Kwanum, 2012; Verbano and Venturini, 2013).
Using the above as a basis, when focus is placed on the loss control evident in South African SMMEs, it is highly probable that these business entities do not make use of loss control at all. Therefore the inference can be made that the customised internal control initiatives and customised risk management practices within South African SMMEs results in the transformation of risks (both identified and unidentified) to actual loss events which, in turn, are not mitigated and/or managed to a great extent.
5. Conclusion
Since South African SMMEs operate in a harsh economic environment, it becomes apparent that there is a dire need for these business entities to make use of sound internal control initiatives and sound risk management practices. Unfortunately the current internal control initiatives and risk management practices which are utilised by these business entities are deemed to be inadequate and/or ineffective – as supported by the dismal sustainability-rate of South African SMMEs. For this reason it is highly likely that both identified risks and unidentified risks may transform into actual loss events without it ever being identified, prevented and/or detected; actual unidentified loss events cause damage without being properly mitigated and/or managed.
6. Avenues for further research
Stemming from the research conducted, the following avenues for further research, inter alia, should be considered:
· The effectiveness of internal control initiatives in South African SMMEs compared to best practices (frameworks).
· The effectiveness of risk management practices in South African SMMEs compared to best practices (frameworks).
· The efficiency of internal control initiatives in South African SMMEs compared to best practices (frameworks).
· The efficiency of risk management practices in South African SMMEs compared to best practices (frameworks).
· The feasibility of developing a formal loss control framework for South African SMMEs.
· The feasibility of developing formal risk management practices for South African SMMEs.
· The feasibility of developing formal internal control initiatives for South African SMMEs.
· The applicability of objectives in South African SMMEs in relation to sustainability.
References
- Amra, R., Hlatshwayo, A. and McMillan, L., 2013. SMME Employment in South Africa. Biennial Conference of the Economic Society of South Africa. Conference Proceedings. 25 - 27 September 2013.
- Andersen, K. and Terp, A. 2006. Risk Management. In: Andersen, T.J. (ed.). Perspectives on Strategic Risk Management. Copenhagen, Denmark: Copenhagen Business School Press.
- Aven, T., 2011. On the new ISO guide on risk management terminology. Reliability Engineering and System Safety, 96(7), pp.719-726.
- Bauer, L. and Bushe, D., 2003. Designing Risk Management Strategies. 3rd Ed. Module 4. University of Alberta.
- Biyase, L., 2009. DTI to look at how crisis hurts small enterprises. The Star, April 23. [Online] Available from: http://www.highbeam.com/doc/1G1-198340345.html [Accessed on 31/12/16].
- Booker, F. 2005. Developing Effective Risk Management Strategies to Protect Your Organization. [Online]. Available from: https://www.soa.org/Library/Newsletters/Risk-Management-Newsletter/2005/July/rmn-2005-iss5-booker.aspx [Accessed on 02/01/2017].
- Boubala, H.G.O., 2010. Risk Management of SMMEs. Dissertation submitted for the fulfilment for a MTech: Internal Auditing. Cape Peninsula University of Technology.
- Bowling, D., Julien, F. and Rieger, L., 2003. Taking the Enterprise Risk Management Journey. Bank Accounting and Finance, 16(2), pp.16-22.
- Brink, A., Cant, M. and Ligthelm, A., 2003. Problems experienced by small business in South Africa. 16th Annual Conference of the Small Enterprise Association Australia and New Zealand (SEAANZ), Ballarat, Victoria, Australia, 28 September–1 October.
- Bruwer, J-P., Coetzee, P. and Meiring, J., 2017. The perceived adequacy and effectiveness of internal control activities in South African SMMEs. Working paper.
- Bruwer, J-P and Van Den Berg, A., 2015. The influence of the control environment on the sustainability of fast food Micro and Very Small Enterprises operating in the Northern suburbs. Journal of Leadership and Management Studies, 2(1), pp.50-63.
- Bruwer, J-P. and Siwangaza, L., 2016. Is the Control Environment a Basis for Customised Risk Management Initiatives in South African Small, Medium and Micro Enterprises?. Expert Journal of Business and Management, 4(2), pp.105-117.
- Bruwer, J-P., 2016. The relationship(s) between the managerial conduct and the internal control activities in South African fast moving consumer goods SMMEs. Unpublished DTech (Internal Auditing) thesis, Cape Peninsula University of Technology, Cape Town, South Africa.
- Bruwer, J-P., Masama, B., Mgidi, A., Myezo, M., Nqayi, P., Nzuza, N., Phangwa, M., Sibanyoni, S. and Va, N., 2013. The need for a customised risk management framework for small enterprises. Proceedings of the Southern African Accounting Association, Somerset West, South Africa, 26 –28 June, pp.999-1030.
- Cant, M. and Ligthelm, A., 2002. Small business problems in the South African context: a proactive entrepreneurial approach. 7th Asia-Pacific Decisions Science Institute Conference, Bangkok, Thailand, 24–27 July.
- Cant, M.C. and Wiid, J.A. 2013. Establishing the challenges affecting South African SMEs. International Business and Economics Research Journal, 12(6), pp.707-716.
- Carlton, T., 1999. Risk and capital management in non-financial companies. Risk and Capital management Conference Proceedings, Australian Prudential Regulation Authority. [Online]. Available from: http://www.apra.gov.au/RePEc/RePEcDocs/Archive/conference_papers1/risk_capmgt_non_financial_companies.pdf [Accessed 15/11/2016]
- Cendrowski, H. and Mair, W.C., 2009. Enterprise Risk Management and COSO: A Guide for Directors, Executives and Practitioners. New York: Wiley and Sons, Inc.
- Chepurenko, A. 2010. Small entrepreneurship and entrepreneurial activity of population in Russia in the context of the economic transformation. Historical Social Research, 35(2), pp.301-319.
- Chimucheka, T., 2014. Overview and performance of the SMMEs sector in South Africa. Mediterranean Journal of Social Sciences, 4(14) pp.783-795.
- COSO, 2004. Enterprise risk management – integrated framework: executive summary. [Online]. Available from: http://www.coso.org/documents/COSO_ERM_ExecutiveSummary.pdf [Accessed on 20/12/2016].
- COSO, 2008. Internal Control – Integrated Framework: Guidance on Monitoring Internal Control Systems [Online]. Available from: http://www.coso.org/documents/volumeii-guidance.pdf [Accessed on 15/10/2016].
- DEAT, 2006. Risk Management, Integrated Environmental Management Information Series 23. Pretoria. [Online]. Available from: http://www.deat.gov.za [Accessed on 10/11/2016].
- Duong, L., 2009. Influence Of Risk Management in Operations of Small-Medium Enterprises and Micro Companies: A Case Study for Viope Solutions Ltd. Master Thesis. Arcada University of Applied Sciences – Helsinki.
- Fatoki, O. and Odeyemi, A., 2010. Which new small and medium enterprises in South Africa have access to bank credit? International Journal of Business and Management, 5(10), pp.128-136.
- Fraser, I. and Henry, W., 2007. Embedding risk management: structures and approaches. Managerial Auditing Journal, 22(4) , pp.392-409.
- Gledon, I., Clarke, S.G. and Mckenna, E.F., 2016. Human Safety and Risk Management. New York: Taylor&Francis.
- Guilhoto, J.J.M., Marjotta-Maistro, M.C. and Hewings, G.J.D., 2002. Economic landscapes: what are they? An application to the Brazilian economy and to sugar cane complex. In Hewings, G.J.D., Somis, M. and Boyce, D.E. (eds). Trade, networks and hierarchies: modelling regional and interregional economies. Berlin: Springer, pp.99-118.
- Hart, C., 2014. The slow puncture in our economy. Sunday Independent, September 21. [Online]. Available from: http://www.iol.co.za/sundayindependent/the-slow-puncture-in-our-economy-1.1754000#.VcIm-vmqpBc [Accessed on 05/08/2015].
- Herrington, M. and Kew, J., 2013. Global entrepreneurship monitor – South African report. Development Unit for New Enterprise, Faculty of Commerce, UCT, Cape Town.
- Heyneke, P.E., 2010. Application of enterprise risk management models during new business development. Master of Business Administration at the Potchefstroom campus of the North-West University.
- Hill, H., 2001. Small and medium enterprises in Indonesia: old policy challenges for a new administration. Asian Survey, 41(2), pp.248-270.
- IIA, 2003. Auditing risk assessment and risk management processes. [Online]. Available from https://na.theiia.org/iiarf/Public%20Documents/Chapter%205%20Auditing%20Risk%20Assessment%20and%20Risk%20Management%20Processes.pdf [Accessed on 06/05/2015].
- IIA, 2012. International Standards For The Professional Practice of Internal Auditing (Standards). [Online]. Available from: https://na.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdf [Accessed on 12/ 04/ 2016]
- ISH, 2008. Types of Control [Online]. Available from: http://ishandbook.bsewall.com/risk/Assess/Risk/control_types.html [Accessed on 15/10/2016].
- ISO, 2009. ISO 31000 - Risk management [Online]. Available from: http://www.iso.org/iso/home/standards/iso31000.htm [Accessed on 19/12/2016].
- Jannadi, O.A., 2008. Risks associated with trenching works in Saudi Arabia. Building and Environment, 43(5), pp.776-781, May.
- Jayathilake, P.M.B. 2012. Risk Management Practices in Small and Medium Enteprises: Evidence from Sri Lanka. International Journal of Multidisciplinary Research, 2(7), pp.226-234.
- Johnson & Johnson, 2013. Framework for Enterprise Risk Management Framework. [Online] Available from: https://www.jnj.com/sites/default/files/pdf/JnJ_RiskMgmt_ERMFramework_guide_v16a.pdf [Accessed on 13/04/2016].
- Kabiawu, O.O., 2013. Designing a knowledge resource to address bounded rationality and satisficing for ICT decisions in small organisations. Dissertation. University of Cape Town, South Africa.
- Kunene, T.R., 2008. A critical analysis of entrepreneurial and business skills in SMEs in the textile and clothing industry in Johannesburg, South Africa. PhD thesis. University of Pretoria, South Africa.
- Kwak, Y.H. and Smith, B.M., 2009. Managing risks in mega defence acquisition projects: performance, policy, and opportunities. International Journal of Project Management, 27(8), pp.812-820.
- Lam, J., 2014. Enterprise Risk Management: From Incentives to Control. New Jersey: John Wiley & Sons.
- Langenhan, M.K., Leka, S. and Jain, A., 2013. Psychosocial risks: is risk management strategic enough in business and policy making? Safety and Health at Work, 4(2), pp.87-94.
- Lovejoy, K.G., Cross, P.I. and Tippett, P.S., 2010. Object-oriented method, system and medium for risk management by creating inter-dependency between objects, criteria and metrics – Patent US 7818249 B2. [Online]. Available from: https://www.google.com/patents/US7818249 [Accessed on 18/05/2015].
- Luper, I. and Kwanum, I.M., 2012. An Assessment of Risk Management of Small and Medium Scale Enterprises in Nigeria. Research Journal of Finance and Accounting, 3(5), pp.151-159.
- Masama, B., Ndlovu, E., Mambwe, T., Rabahome, C., Chakabva, O., Fologang, B., Badze, T. and Bruwer, J-P., 2012. Enterprise Risk Management: A Managing ‘Partner’ for Business Success. African Journal of Business Management, 6(48), pp.11782-11786.
- McNally, J.S., 2013. The 2013 COSO framework and SOX compliance: one approach to an effective transition. Strategic Finance, June. [Online]. Available from: http://www.coso.org/documents/COSO%20McNallyTransition%20Article-Final%20COSO%20Version%20Proof_5-31-13.pdf [Accessed on 01/12/2016].
- Moloi, N., 2013. The sustainability of construction small-medium enterprises (SMEs) in South Africa. MSc dissertation. University of Witwatersrand, Johannesburg, South Africa.
- Mutezo, A., 2013. Credit rationing and risk management for SMEs: the way forward for South Africa. Corporate Ownership and Control, 10(2), pp.153-163.
- Naidoo, R. and Urban, B., 2010. The relevance of operational skills towards business sustainability: a focus on SMME manufacturers in the Vaal Triangle region. Acta Commercii, 10(1), pp.234-248.
- Ngholo, N., 2013. The role of internal audit on risk management in local government authorities: The case study of Shinyanga Municipal council. Master of Science Thesis. Mzumbe University, Tanzania.
- Nguyen, N. C., 2007. Risk management strategies and decision support tools for dryland farmers in southwest Queensland, Australia. PhD Thesis. The University of Queensland, Gatton, Queensland, Australia.
- Nilsen, A.S., 2007. Municipal risk management: implications of the use of different risk tools. PhD thesis. University of Stavanger, Norway.
- Nissanke, N. and Dammag, H., 2002. Design for safety in Safecharts with risk ordering of states. Safety Science, 40(9), pp.753-763.
- Öztaş, A. and Ökmen, Ö., 2005. Judgmental risk analysis process development in construction projects. Building and Environment, 40(9), pp.1244-1254.
- Park, H.J., 2001. Small businesses in Korea, Japan and Taiwan. Asian Survey, 41(5), pp.846-864.
- Pepple, C.L., 2012. Foreign investment location screening using an investment index. Master of Agribusiness thesis. Kansas State University, Manhattan, KS, USA.
- Rais, H. 2014. Analysis of risk management strategies: A proposition for risk management model. XXIII Conférence Internationale de Management Stratégique. Conference Proceedings. 26 -28 May 2014.
- Reding, K.F, Sobel, P.J., Andersen, U.L., Head, M.J, Ramamoorti, S., Salamasick, M., Riddle, C., 2013. Internal Auditing: Assurance and Consulting. Florida: The Institute of Internal Auditors Research Foundation.
- Remenyi, D. and Heafield, A., 1996. Business process re-engineering: some aspects of how to evaluate and manage the risk exposure. International Journal of Project Management, 14(6), pp.349-357.
- Ritchie, B. and Brindley, C., 2007. Supply chain risk management and performance. A guiding framework for future development. International Journal of Operations and Production Management, 27(3), pp.303-322.
- Rudman, R. and Sahd, L.M., 2016. Mobile Technology Risk Management. The Journal of Applied Business Research, 32(4), pp.1079-1096.
- SAICA, 2015. SAICA history [Online]. Available from: https://www.saica.co.za/About/SAICAHistory/tabid/70/language/en-ZA/Default.aspx [01/06/2015].
- Scannell, V.T., Curkovic, S., Wagner, B.J. and Vitek, M.J., 2013. Supply Chain Risk Management within the Context of COSO’s Enterprise Risk Management Framework. Journal of Business Administration Research, 2(1), pp.15-28.
- Sin, I. and Ng, K., 2013. The evolving building blocks of enterprise resilience: ensnaring the interplays to take the helm. Journal of Applied Business and Management Studies, 4(2), pp.1-12.
- Siwangaza, L., 2013. The status of internal controls in fast moving consumer goods SMMEs in the Cape Peninsula. MTech thesis. Cape Peninsula University of Technology, Cape Town, South Africa.
- Smit, Y. 2012. A structured approach to risk management for South African SMEs. DTech thesis. Cape Peninsula University of Technology, Cape Town, South Africa.
- Soltanizadeh, S., Abdul, R., Siti, Z., Mottaghi, G. and Wan, I. 2010. Business strategy, enterprise risk management and organizational performance. Management Research Review, 39(9), pp.1016-1033.
- Spekman, R.E. and Davis, E.W. 2004. Risky business: expanding the discussion of risk and the extended enterprise. International Journal of Physical Distribution and Logistics Management, 34(5), pp.414-433.
- Statistics South Africa. 2014. Gross domestic product – third quarter 2014. [Online]. Available from: http://beta2.statssa.gov.za/publications/P0441/P04413rdQuarter2014.pdf [Accessed on 02/07/2015].
- Statistics South Africa. 2015. National and provincial labour market: Youth [Online]. Available from: http://www.statssa.gov.za/publications/P02114.2/P02114.22015.pdf [Accessed on 09/08/2016].
- Steyn, E. and Steyn, T.F.J. 2006. Managerial competencies among first-line newsroom managers at small to medium-sized mainstream media enterprises in South Africa. South African Journal of Economic and Management Sciences, 9(3), pp.322-340.
- Stokes, D. and Wilson, N. 2010. Small business management and entrepreneurship. 6th ed. Andover: Cengage Learning.
- St-Pierre, J. and Bahri, M. 2006. The use of the accounting beta as an overall risk indicator for unlisted companies. Journal of Small Business and Enterprise Development, 13(4), pp.546-561.
- Swart, M., 2011. Small businesses are set to lead economic recovery. Professional Accountant (SAIPA), pp.10-12, October–November.
- Sunjka, B.P. and Emwanu, B., 2015. Risk Management in Manufacturing SMEs in South Africa. International Association for Management of Technology. Conference Proceedings.
- Tchankova, L., 2002. Risk identification – basic stage in risk management. Environmental Management and Health, 13(3), pp.290-297.
- Trading Economics, 2014. South Africa: economic indicators. [Online]. Available from: http://www.tradingeconomics.com/south-africa/indicators [Accessed on 23/10/14].
- Treasury Board of Canada, 2012. Integrated risk management implementation guide. [Online]. Available from: http://www.tbs-sct.gc.ca/tbs-sct/rm-gr/guides/girm-ggir01-eng.asp [Accessed on 18/05/2015].
- Valsamakis, A.C., Vivian, R.W., and Du Toit, G.S., 1999. Risk Management, 2nd Edition. Sandton: Heinemann.
- Van Eeden, S., Viviers, S. and Venter, D., 2003. A comparative study of selected problems encountered by small businesses in the Nelson Mandela, Cape Town and Egoli metropoles. Management Dynamics, 12(3), pp.13-23.
- Wessels, W.J., 2000. Economics. 3rd ed. Hauppauge, New York: Barron’s.
- Wiese, J.S., 2014. Factors determining the sustainability of selected small and medium-sized enterprises. MBA dissertation. North-West University, Potchefstroom, South Africa.
- Woloch, B., 2006. New dynamic threats requires [sic] new thinking – “Moving beyond compliance”. Computer Law and Security Report, 22(2), pp.150-156.
- Wren, C. and Storey, D.J., 2002. Evaluating the effect of soft business support upon small firm performance. Oxford Economic Papers, 54(2), pp.334-365.
- Wu, D.D., Chen, S.H. and Olson, D.L., 2014. Business intelligence in risk management: some recent progress. Information Sciences, 256, pp.1-7.