DECLARATION 
I, Masego Mercy Morima, declare that this dissertation is my original work and has never been 
submitted in any form for another degree at any university. Information derived from others has 
been acknowledged both in the text and the reference list. This dissertation shall not, under any 
circumstances, be presented to any other institution for an award of any degree. 
Masego Mercy Morima 
Date: 9~ ~ '2.-
LIBRARY 
MAFIKENG CAMPUS 
CALL NO.: 
2021 -02- 1 5 
ACC.NO.: 
/ NORTH-WEST UNIVERSITY 
i I Pa ge 
SUPERVISOR'S APPROVAL 
This dissertation has been examined and approved as meeting the requirements for the partial 
fulfilment of the degree of Master of Business Administration in Financial Management. 
Supervisor Date 
ii I Pa ge 
ACKNOWLEDGEMENTS 
I would like to express my sincere gratitude to the following people who assisted in the writing 
of this dissertation: my supervisor, Prof. S.M. Kapunda, for his guidance and supervision; my 
husband, Ndulamo Anthony Morima, for his moral support, and my son, Ndulamo Anthony 
Prasad Morima (Jr), who deserves thanks for his inspiration. 
This dissertation would not have been a success if it were not for the unwavering support of the 
Research Officer at the North-West University, Felicia Moruntshe. Special thanks also go to the 
respondents from the financial institutions in Botswana who devoted their time to providing the 
data required for research. I also thank Ms L. E Voigt who diligently edited this dissertation. 
Lastly I thank the class of 2010/2011 and the lecturers who gave me an unforgettable learning 
expenence. 
I NWU · 1 
LLJBRARY. 
iii I Pa ge 
ABSTRACT 
The aim of this study was to investigate the benefits and challenges of the implementation of 
Enterprise Risk Management (ERM) in the financial sector in Botswana given the financial and 
economic contagions and developments across the globe, and the risks experienced by the 
financial institutions. 
The study followed the quantitative method of research. Data was collected through 
questionnaires administered to 18 randomly selected financial institutions in Gaborone. 
Statistical software, Statistical Package for Social Sciences (SPSS) was used to facilitate analysis 
and discussion of the findings . 
The study revealed that more commercial banks exist than investment, development financial 
institutions and building societies combined. Furthermore, the majority of financial concerns 
surveyed have implemented an ERM process and/or function. All financial institutions surveyed 
have made significant progress in managing enterprise risk. The study also revealed that the 
benefits of ERM implementation were found to be greater than the cost of implementation. In 
terms of ERM challenges, the major findings were that ERM is an interesting exercise to 
implement as most of the very significant challenges are related more to the attitudes, behaviours 
and systems within the implementation process than to the organisation itself, save for human 
resource policies and practices which are the only organisational factors affecting ERM 
implementation. 
The following recommendations were made pertaining to the study: Bank of Botswana and such 
regulatory authorities as the Non-Bank Financial Institutions Regulatory Authority (NBFIRA) 
need to formulate an authoritative local ERM regulatory framework to govern the conduct of 
financial institutions in this regard. During post implementation review, policy makers should at 
least align the strategic objectives of their financial institutions with the objectives of the ERM 
functions. Appropriate evaluations must be made to adequately prescribe a cost-effective and 
value-adding ERM programme installation for financial institutions; and all organisational 
systems must be positioned to impact favourably on successful ERM implementation. 
iv I Page 
TABLE OF CONTENTS 
DECLARATION .. . ......... ..... . .. . ..... ... . ... .. . ........... . .. ... ... ... . ........... . ......... ........... . ....... .. .... .i 
SUPERVISOR'SAPPROVAL .. . . ........... . . ..... . . . . ... . ....... ......... .. . ... . . ....... ... . ... ....... .. .ii 
ACKNOWLEDGEMENTS ............. .. . ...... . .. .... . ......... .... . ..... ... . ... .. . .... . . ... .. .. . . ... ... .iii 
ABSTRACT . . . . ......... . .. .. . . . ... . .. . .. . .. .... .. . .... . ... . ............ .... .. . ... . .. . . . .. ...... .......... ... iv 
LIST OFTA BLES ... . . . . .......... .. . . .. ............. ... . .. . .. . ..... . . .. .. . . .. ........ . . . . . . ........ .. . .. . .. .ix 
LIST OF FIGURES ..... ................. . .... . . ......... . . . .. ........ . . .. .. ...... . . ... . ........ .. . .. ... . ... . x 
CHAPTER 1: INTRODUCTION 
1.1 BACKGROUND INFORMATION . ........ .. . .. . . . ........ . .... ....... . ... ......... ... . .... . .. . . ... 1 
1.2 STATEMENT OF THE PROBLEM ... . . .. . .. . .. . . . . .. .. . .. . .. . . .. .. .......... . .. ... . . . .. . ...... ..... 2 
1.3 THE RESEARCH OBJECTIVES ... . .. . .... .. .................... ... . ........ ...... . .......... ..... . .4 
1.4 THE RESEARCH QUESTIONS .......... . ..... . ...... . ... . . ....... . .... .. . . . .......... .. ... ......... .4 
1.5 THE SIGNIFICANCE OF THE STUDY .... . .. . . . ..... .... . ....... .. ... ... .. .......... .. ...... . .. .. .4 
1.6 ORGANISATION OF THE STUDY ....... . . .. .. . . . . ..... . .. . ......... .. .......... ... .. . . . . .. . ....... 5 
CHAPTER 2: AN OVERVIEW OF ENTERPRISE RISK MANAGEMENT IN FINANCIAL 
INSTITUTIONS 
2.1 INTRODUCTION ......................... . ................. . .. . .. . ...... .. . ...... . .... . . . ... . .. . ... .. ...6  
2.2 BACKGROUND OF ERM IN FINANCIAL INSTITUTIONS .......... . ..... .... .. .............. 6 
2.3 REASONS FOR ERM IMPLEMENTATION BY FINANCIAL INSTITUTIONS ....... . .... 8 
2.4 CHALLENGES IN ADOPTING ENTERPRISE RISK MANAGEMENT ......... . . ... .. . . 10 
2.5 THE IMPLEMENTATION OF ERM IN BOTSWANA .. .. . .. . . ............................ .. ... 10 
2.6 CONCLUSION ...... . ..... . . . ............................ . .................... . .. . ... .. ... . ... .. . . . . ... 11 
vJ Page 
CHAPTER 3: THE LITERATURE REVIEW 
3.1 INTRODUCTION .. . .......... . . ........ .... ......... ... . .......... .. . .. ...... . ... ..... ....... .. . .. .... . 12 
3.2 THEORETICAL LITERATURE REVIEW ..... . . . . .. ........... . .. ... ........ . ...... .... ...... .. . . 12 
3.2.1 The Concept of ERM: A Retrospective Approach ........ .......... . ......... ... ... . . . . ... ... .14 
3.2.2 The Overall Purpose of ERM ... . . ........... . ........... . .. ......... . ... .. . ... ...... ... . .. ...... .14 
3.2.3 The Importance of ERM ..... . . .. . ............. ..... . ......... .. . ...... .. ... . ..... .. ..... . . . .. . .... 15 
3.2.4 The ERM Model. . .. ..... ... ....... . ... .. .. ................... . .. . .. . .. . . . . ............ .. . . .... . .. . . 17 
3.3 EMPIRICAL EVIDENCE ... . ... .. . . ........... .. . .. .. ....... . ... . . .. ... ..... . ... .. . ... ... . .. .... .. .... 18 
3.3.1 Adoption and lrnplementation . ..... ...... .. . .. .... .... ... .... ....... .. ...................... .. . .. .... ..... . ... 19 
3.3.1 .1 Firm size ............ ..... . . . .. . .... . .............................. ...... ... . ................... 20 
3.3.1 .2 Firm complexity . . ........ . . . . . . . ..... .. .. .. . ........ . ..... . ... . .. . . . .... .... . . . . .. . .......... 20 
3.3.1 .3 Firm' s industries . . .. . .. . .. . . ... .. ......... .. ... ... . . ....... . .. . ... ... .. . .. ........ ... ... . . .. 20 
3.3.1.4 Country of Domicile for the Whole Firm as well as the Subsidiaries ........ .. ....... 20 
3.3.1.5 Presence of the Big Four Auditors . . . . .... .. ..... . . .. ......... . ............ .... ...... . . .. .. 21 
3 .3 .1.6 Independence of Board of Directors ......... . . .. ••  -i-- ·. . •N  WU:·: ·· 1·· · · · · · · · · · · 2 1 
3.3.2 The Benefits ofERM ........ ...... .... . . .... ............. . .. . ..~ .-8.RARY~.. ..... .... ...2 2 
3.3.3 The Challenges Associated with ERM ............................................................ 24 
3.4 CONCLUSION . . . ....... . . . .. . . ... .. . .. . . .... .. . ..... . . ......... . . . ........ . . . . . . . .. . ..... . . . . .. . .. . . ... 25 
CHAPTER 4: METHODOLOGY .. .. ..... . . .. . . . . .. . . . . .. .. . . ........... ... ... . . .. .. ... ....... ..... .. .... 25 
4.1 INTRODUCTION . ... . ................. . . ......................... . .. . .. .. . . . .. .. . .. . .. . ..... ...... ..... 26 
4.2 THE RESEARCH DESIGN . .. ............. . .. . . .......................... .. ... .. . ... ..... . . .. . ... .. .. 26 
4.3 THE SUBJECTS OF THE RESEARCH ............. . .. .... ... ......... . . . . ...... . ..... ...... . ..... .26 
4.4 SAMPLING TECHNIQUE ....... .. ..... .... . ... .... .. . .. .... . .. .. . .. . ... .. . ... .. ....... .. ........ . ... 28 
4.5 DATA COLLECTION . .. .... .......... . .. .. .. .... . .. . .. .. .. ..... .. ... .... .. .. .. .. ... ... . ... . ... ....... 29 
4.5.1 The questionnaire ........ .... .... . .. . .. ............ .. . . . ......... . ................................... 29 
vi I Page 
4.5.2 Questionnaire Construction and Design ................ ......................................... 29 
4.5.3 The Pilot Study . .... .. ......... ..... . ........... .............. ......... .. ... . ..... . . . . ... .. ..... .. ... 30 
4.5.4 Administration of Questionnaires .. ............ . .... . . .......... . .. ... . .... ...... . . ... . .. .. . .... 30 
4.5.5 Collection of questionnaires .......... . ............................................... .... . . . .. .. ..3 1 
4.5.6 Response Rate . . . .................................. . .. ........... ............. . .. ........... ..... .. ..3 1 
4. 6DATAANALYSIS ......... ...... ................................................................... .. 31 
4. 7 ETHICAL CONSIDERATIONS ...................................... . . . . . .. .. .. .. . ....... ......... . 32 
4.8 CONCLUSION ........ . ... ....... .... .. . .... .. ...................... .... . .............. ... . ... .. ........ 32 
CHAPTER 5: RESEARCH FINDINGS AND ITERPRETATION 
5.1 INTRODUCTION .. . ......................................................... . . .................... . .. ..3 3 
5.2 BACKGROUND TO FINDINGS ... .............................................................. .. .. 33 
5.2.1 Response Distribution ....... ....... . ......... . .. . ........... . . . ....... . ........ . .................. 33 
5.2.2 ERM Program in Place . .. . .............. . ......................... .. . .. ... . .................. .. ... 34 
5.3 MAIN FINDINGS ........................... ... ... .... ..... ... ....... ... .. ... ... ...... ... .......... .. ........ . .... 34 
5.3 .1 How long has the ERM process and/or function been in place? ...................................... 34 
5.3.2 Level of maturity of financial institutions ' ERM process and/or function .................. 34 
5.3.3 Extent of use of Frameworks for ERM Guidance .............................................. 36 
5.3.4 Risks managed within Financial Institutions' ERM frameworks ....................... .. ... .3 7 
5.3.5 Benefits of ERM Implementation .. . .. ..... ....................... . ............. ... . .... . .... . .... 38 
5.3.5.1 Value of ERM Program ....... . ...... .. . .. . ....... ..... .. . . ....... . .... . ....... .. ...... . .. .. 38 
5.3.5.2 Evaluation of the Benefits of ERM to Financial Institutions ..................... . . .. . . 39 
5.3.6 Challenges of ERM Implementation ........................................................... .41 
5.3.6.lVery Significant Challenges of ERM Implementation ...... . ... . ...... .... . ... . .. ... . .. .43 
5.3.6.2 Somewhat Significant Challenges of ERM Implementation ......... . .... .. .......... .44 
5.3.6.3 Effectiveness of risk management. ............ ............... . ... .. ... .... . .............. .44 
5 .4 RECOMMEND A TIO NS SUGGESTED BY RISK MANAGERS ............................. .4 7 
vii I Page 
CHAPTER 6: CONCLUSIONS POLICY IMPLICATIONS AND RECOMMENDATIONS 
6.1 CONCLUSION . . .. . . . . .. .. . ....... .. . . ....... . ........... . . ........ . ....... . .... . . .. ... . ... .. ...... . .. . . 48 
6.2 RECOMMENDATIONS TO FINANCIAL INSTITUTIONS AND POLICY MAKERS . . .. 51 
6.2.1 Data . ..... . .... .. . . . . .. . .. . ..... . .. .. .... .. . . . ... .... ... . ... . . . ............ . . . ..... .............. .. ....5 1 
6.2.2 Expectations ........................ . ... . ..... . ................. . ......... . ......... . . . .... . . .... . ... 51 
6.2.3 Cost and Benefits of ERM implementation .......... . .. . .. . ......... ... .. . .. ....... . .. . ....... . 51 
6.2.4 Systems .............................. . ......... . ................................... . ............ . .. .. 51 
6.3 LIMITA  TIO NS OF THE STUDY ..................... . .. . . . ... . . .. .............................. . .. ..5 1 
6.4 RECOMMEND A TION S FOR FURTHER RESEARCH .. ......... .. ...... . .. .. .................. 52 
7. REFERENCES .. .. . .............. . .. . .. . .. . . .. . .................. . .. . ...... .. . . . . ...... . ........... . ...... 53 
APPENDICES 
Appendix A: Permission Letter to do Research 
Appendix B: The Questionnaire 
Appendix C: The Pilot Study Report 
Appendix D: List of Respondents (Financial Institutions) 
Appendix E: The Editor' s Report 
viii I Page 
LIST OF TABLES 
Page 
Table 3.1 Comparative studies on ERM adoption among firms 18 
Table 3.2 Significant benefits reported by early adopters 23 
Table 3.3 Top challenges being faced by financial institutions to adapt ERM 24 
Table 4.1 Advantages and Disadvantages of a questionnaire 29 
Table 5.1 Response distribution 33 
Table 5.2 Existence of ERM process (Years) 34 
Table 5.3 Distribution of ERM maturity level 35 
Table 5.4 Risks managed within ERM framework 37 
Table 5.5 Benefits of ERM 40 
Table 5.6 Challenges of ERM implementation 42 
Table 5.7 Management of specified risks 45 
ix I Page 
LIST OF FIGURES 
Page 
Figure 3.1 The COSO ERM framework 17 
Figure 3.2 The risk contract between the board of directors and the management 21 
Figure 3.3 ERM adoption influencing factors 22 
Figure 5.1 Frameworks for ERM guidance 36 
Figure 5.2 ERM program value greater than its cost 39 
xi Page 
CHAPTER! 
INTRODUCTION 
1.1 BACKGROUND INFORMATION 
Enterprise Risk Management is a relatively new term that is quickly becoming viewed as the 
ultimate approach to risk management. Many scholars and managers define the concept ERM 
differently. Goshen and Rasid (2012) have stated that several textbooks and journals have 
discussed about "business risk management", "strategic risk management", "holistic risk 
management", "integrated risk management", "corporate risk management", and "enterprise-
wide risk management" and it has become clear that they are all in reference to ERM, which is 
the new substitute of traditional silo-based risk management. Although each of these terms has a 
slightly different focus, in part fostered by the risk elements that were of primary concern to 
organizations when each term first emerged, the general concepts are quite similar and that ERM 
has become a substitute of traditional silo-based risk management. 
NWU· J 
LIBRARY 
According to Watts (2008) ERM is an approach that categorises all risk across each business unit 
and geography and aggregated at the enterprise level to be treated holistically. This means that 
every facet of the entity is encompassed in the risk management process from identification of 
risk to risk review. Rouse (2010) also says that ERM is the process of planning, organising, 
leading, and controlling the activities of an organisation in order to minimise the effects of risk 
on an organisation's capital and earnings. She continues to say, ERM expands the process to 
include not just risks associated with accidental losses, but also financial, strategic, operational, 
and other risks. 
ERM expands the process to include not just risks associated with accidental losses, but also 
financial , strategic, operational, and other risks. Yazid, Hussin and Daud (2011) cites The 
Committee of Sponsoring Organisations of the Treadway Commission (COSO 2004) supporting 
this by stating that ERM is a process, effected by an entity' s board of directors, management and 
other personnel; applied in strategy settings and across the enterprise; designed to identify 
potential events that may affect the entity; manage risk to be within its risk appetite and provide 
ll Page 
reasonable assurance regarding the achievement of entity objectives. The COSO definition has 
been adopted for this study because of its clarity and linkage of the process to the roles of those 
who have to implement the programme. 
1.2 STATEMENT OF THE PROBLEM 
Financial institutions are faced with a large number of problems such as physical risk, interest 
rate risk, political risk and investment risk. The wrong approach in tackling those risks could 
create a severe financial impact on the companies (Flaherty, 2004, cited in and Yazid, Daud and 
Hussin, 2009). Risk management in the financial sector has come under severe scrutiny 
especially since the recent turbulence that has impacted the very existence of the financial sector 
as a viable industry. Recent years have seen heightened concern and focus on risk management, 
and the need for a robust framework to effectively identify, assess and manage risk has become 
increasingly clear (Flaherty, 2004 cited in Daud and Yazid, 2009). In attempting to manage risks, 
financial institutions across the world have been implementing ERM systems since the tum of 
the 19th century. 
ERM management has appeared as a new inspiration for managing the collection of risks that 
face an organisation. Beasley (2010) reports that the recent events in the financial markets, 
including the 2008 sub-prime meltdown, continues to highlight the need for improved risk 
oversight processes for enterprises of all types. In that crisis as stated by Paape and Spekle 
(2012) weaknesses in risk management practices became painfully visible, and companies are 
currently under significant pressure to strengthen their risk management systems and to take 
appropriate actions to improve stakeholder value protection. They continue to say that in the 
wake of these increasing expectations, the idea of ERM has gained substantial momentum as a 
potentially effective response to risk management challenges. This has also prompted researches 
that have widely recognised the critical role of ERM as a new paradigm for managing the 
portfolio of risks that face organisations. Hoyt and Liebenberg (2011) found out that in insurance 
companies, Tobin Qs (a standard proxy of firm value) when modeled as a function of ERM there 
is positive relation between firm value and use of ERM. The ERM premium indicated that it is 
statistically and economically significant. Before 2008 there were also researches from authors 
like Pagach and Warr (2007) as they used a hazard model and concluded that firms adopting 
21 Page 
ERM do so for reasons that are consistent with the hypothesised benefits of ERM. Altuntas, 
Berry - Stolple and Hoyt (2011) did a more recent research in Germany measuring the direct 
measurement of ERM adoption and implementation. One of their findings is that ERM adopted 
firms tend to have a higher Return on Assets (ROA) and have more liquid assets relative to total 
assets. They tend to be larger, more leveraged, and more likely to be affiliated with a group. 
These firms are more concentrated in their business, they have lower tax expenses and are lesser 
publicly owned. 
According to Goshen and Rasid (2012) while ERM is on the rise, not all organisations are 
adopting it. Little is known about why some organisations acknowledge ERM while others do 
not. They continue to add that, although ERM is known as an effective and useful tool for 
managing risk surrounding today' s firms, not all firms have adopted ERM yet; the reason being 
that there are barriers and challenges experienced in design and implementation of such a 
comprehensive approach. To date, most of the literature on ERM has focused on developed 
countries. Very little attention has been directed to this subject in developing countries, including 
Botswana. However, there is much evidence that although ERM is known as a tool to increase 
shareholders ' value, still not many financial institutions have adopted this new financial tool to 
manage risks evolving inside and outside the organisation and if they have, what lessons can be 
learnt from the implementation of ERM systems in financial institutions in Botswana 
There is strong evidence that full ERM implementation in financial institutions is often not 
completed in time and within budget and there are reports of complete ERM implementation 
failure as in the case of the American financial institutions that financed the ' sub-prime mortgage 
market that led to the global credit crunch of 2008 (Bob, 2011 ).Furthermore given market, credit 
and operational risk losses realised in 2008-2010, financial institutions across the world are no 
longer overcapitalised. Margins are significantly lower, asset write-downs (pro-visions or 
increase in reserves) are higher and the financial services sector has been hit by a wave of 
defaults across retail and corporate segments. Given the financial and economic contagions and 
developments across the globe, the pertinent question at the centre of this research is: What are 
the benefits and challenges faced by financial institutions through the implementation of ERM? 
3I Page 
The study aims, therefore, to investigate the benefits and challenges of the implementation of 
ERM in the financial sector in Botswana. 
1.3 THE RESEARCH OBJECTIVES 
The primary objective of the study is to investigate the benefits and challenges associated with 
the implementation of ERM in financial institutions in Botswana. The specific objectives that 
guide the study are: 
• To discover the number of financial institutions among the Botswana financial 
institutions those have ERM programmes. 
• To find out the types of risks that the financial institutions manage using the ERM 
programme. 
• To examine the benefits accruing to financial institutions through the implementation of 
ERM. 
• To examine the challenges faced by financial institutions in the implementation of ERM. 
• To put forward recommendations to financial institutions in order to improve their 
existing ERM processes. 
1.4 THE RESEARCH QUESTIONS 
1. How many financial institutions have ERM programmes? 
2. What are the types of risks that financial institutions manage using the ERM programme? 
3. What are the benefits of ERM in financial institutions? 
4. What are the challenges faced by the financial institutions when implementing ERM? 
5. How can the ERM processes be improved by financial institutions? 
1.5 THE SIGNIFICANCE OF THE STUDY 
This study could be beneficial to the various managers of financial institutions in Botswana by 
enabling them to appreciate the implementation of ERM systems in Botswana and how this fares 
locally and in comparison with global ERM standards. This study could also be significant in 
providing valuable information in order to streamline the implementation processes and serve as 
a future reference for researchers on the subject of implementing ERM systems in an income 
41 Page 
country such as Botswana. The research may be useful to inform the future development and 
implementation of ERM systems in financial institutions to support academic pursuit. 
1.6 ORGANISATION OF THE STUDY 
After the introduction, chapter 2 provides an overview of ERM in financial institutions, while 
chapter 3 provides a review of all literature dealing with the research problem. Chapter 4 
presents the research design and methodology, followed by empirical analysis in chapter 5. 
Conclusions, recommendations, and study limitations are presented in chapter 6. 
SI Page 
CHAPTER2 
AN OVERVIEW OF ENTERPRISE RISK MANAGEMENT IN FINANCIAL 
INSTITUTIONS 
2.1 INTRODUCTION 
In this chapter an overview of ERM is presented and the following are included in the 
discussion: the concept of ERM; the background of ERM in financial institutions; the reasons for 
ERM implementation by financial institutions; and challenges associated with implementing 
ERM. 
2.2 BACKGROUND OF ERM IN FINANCIAL INSTITUTIONS 
The prevailing definition of ERM adopted by most financial institutions is the one proposed by 
(COSO) in their 2004 ERM framework. It establishes key concepts, principles and techniques of 
ERM. However, the concept of ERM was arrived at by prior events that led to the development 
of responding to risk in financial sectors using a holistic approach. These events form the 
background of ERM in financial institutions. 
Risk management in the financial sector is in the limelight especially after the recent turbulence 
that has impacted the very existence of financial sectors as a viable industry. Simkins (2008) 
writes that the history of risk management in financial institutions originated in the early 1800s, 
during futures trading in the grain industry. The financial institutions especially banks recognised 
the significance of the role of risk management and adapted the same by creating a risk 
management function in their organisations. It is not only the banks but also the various 
government bodies that recognised the repercussions or impact of not managing risks effectively 
in financial institutions and accordingly enacted several regulations to control risks that might 
arise in financial businesses and operations. 
6I Page 
The risk function in financial institutions has evolved over a period of time and reached a stage 
when the need to have common criteria to measure and quantify enterprise risks so that a 
comparative analysis of the financial institutions could be performed and made available to 
stakeholders became a necessity. According to Vaidyula and Kavula (2012) this development led 
to the introduction of Basel Norms by the BIS Committee. The committee has guided all the 
financial institutions of the participating countries and the financial institutions governed by 
them to adapt and align their risk management practices to the norms over a period of time. The 
Basel norms are focused on the risks in operational, credit and market areas which in tum help 
the financial institutions to quantify the risks and standardise their risk management practices in 
the said areas. 
However, most of the financial institutions have regarded Basel norms as another mundane 
exercise of regulatory compliance instead of as a tool for effective risk management. Vaidyula 
and Kavula (2012) states that the situation that resulted was mainly on account of financial 
institutions being under the constant scrutiny of regulatory authorities and cornered with multiple 
numbers of regulations to be complied with. 
In other words, financial institutions in their efforts to comply with these multi-regulations 
realised that complying with all the mandatory regulations was too cumbersome because often 
the data and approach required to meet the different requirements were quite similar resulting in 
duplicated efforts and increased costs. In this way, these multi-regulations jeopardised the very 
essence of the regulations and of risk management itself. Moreover, given the depth and breadth 
and geographical spread of the financial business and operations, financial institutions realised 
that Basel norms were not comprehensive enough to establish a comprehensive risk management 
system which could help them to identify, mitigate risks across enterprise in all the areas and at 
the same time rationalise and mature their risk management practices across their enterprises. 
The above said factors led to a scenario in which financial institutions started looking beyond 
regulatory compliance and Basel norms for an enterprise-wide approach to cater for all risk 
requirements in a more cost-effective and efficient manner. Simkins (2008) relate that after the 
71 Page 
collapse of the Bretton Woods System in 1971 which had essentially fixed the relative value of 
major exchange rates to the American Dollar, the exchange rate volitability increased. A move to 
a floating exchange rate in the early 1980s created a substantial interest risk. Financial 
institutions identified and started adapting the Enterprise Risk Management Framework released 
by COSO (2004) as a framework to drive their initiatives in risk management beyond Basel 
norms and regulatory compliances. Vaidyula and Kavula (2012) indicate that COSO ERM 
framework has all the components required to help financial institutions stand a chance to derive 
business value while meeting compliance requirements. 
2.3 REASONS FOR ERM IMPLEMENTATION BY FINANCIAL INSTITUTIONS 
In outlining the Protiviti (2012) highlight that ERM provides a company with the process it 
needs to become more anticipatory and effective at evaluating, embracing and managing the 
uncertainties it faces as it creates sustainable value for stakeholders. It helps an organisation 
manage its risks to protect and enhance enterprise value in three ways. First, it helps to establish 
sustainable competitive advantage. Second, it optimises the cost of managing risk. Third, it 
helps management improve business performance. I NWU I 
.LIBRARY_ 
These contributions redefine the value proposition of risk management to a business (Beasley, et 
al., 2008; Calandro Jr & Lane, 2006, Gordon, Loeb & Tseng. , 2009; Kucuk Yilmaz, 2009; Lai 
and Samad, 2010; Woon, Azizan & Samad, 2011). Altuntas, Berry- Stolzle and Hoyt (2011) 
state that the ultimate goal of ERM is to move beyond meeting compliance standards but moving 
towards achieving real economic value. In addition to their argument Protiviti (2012) believes 
that there are six fundamental reasons for implementing ERM, each of the reasons serving to 
help evaluate risk management to strategic level. This indicates that when implementing ERM to 
ensure the success of a business the best way is to take a value dynamics approach. The six 
reasons are: 
1. The reduction of unacceptable performance variability 
2. Alignment and integration f varying views of risk management 
3. A build up of confidence of investment community and stakeholders 
4. Enhancement of corporate governance 
81 Page 
5. Successful response to a changing business environment 
6. Alignment to strategic and corporate culture 
Just as potential future events can affect the value of tangible physical and financial assets, so 
also can they affect the value of key intangible assets. This is the essence of what ERM 
contributes to the organisation: the elevation of risk management to a strategic level by 
broadening the application and focus of the risk management process to all sources of value, not 
just physical and financial ones. Beasley (2010) supports this in saying several key concepts are 
critical to successful ERM. First, ERM must be driven from the top of the organization, 
including involvement by the board. Second, ERM is meant to be value-adding, and thus risk 
analyses should be integrated with strategy planning. Third, the goal of ERM is not risk 
reduction. Rather, ERM is designed to increase the likelihood that risks are effectively managed 
by creating an enterprise-wide view of risks so that organizational objectives are more likely to 
be achieved for value preservation and enhancement. 
Enterprise risk management from 'avoiding and hedging bets' to a differentiating skill for 
protecting and enhancing enterprise value as management seeks to make the best bets in the 
pursuit of new opportunities for growth and returns. ERM invigorates opportunity-seeking 
behaviour by helping managers develop the confidence they truly need to understand the risks 
and have the capabilities within the organisation to manage those risks. Implementation of ERM 
usually takes a long time and managers want quick results as outlined by Kaplan and Mikes 
(2012) citing Kleffner, Lee, and McGannon, 2003). Therefore, it is important to offer managers 
tools that allow them to identify the most important risks quickly. 
In some cases, firms may be practising good risk management on an exposure-by-exposure basis, 
but they may not be paying close enough attention to aggregation of exposures across the entire 
organisation. Rapid growth can place considerable pressure on, among other areas, an 
organisation's management information systems; change-management controls; strategic 
planning; credit concentrations, and asset/liability management. An organisation must also 
understand how its various business components, some of which can be quite sophisticated and 
complex, dynamically interact as stated by Protiviti (2012). 
9I Page 
2.4 CHALLENGES IN ADOPTING ENTERPRISE RISK MANAGEMENT 
Enterprise risk management implementation needs to overcome multiple inherent challenges by 
means of strong support from top management; sufficient resource in terms of cost and trained 
professionals; expert knowledge in risk management and continued focus on the implementation 
without losing steam in the middle. Beasley (2010) For instance, integration of market risk 
management, credit risk management, liquidity risk management and operational risk with other 
'financial ' risks is a difficult step which requires significant effort, time and cost to improve the 
underlying data management. 
2.5 THE IMPLEMENTATION OF ERM IN BOTSWANA 
There is not one universally accepted formula of ERM that fits all institutions. Each institution 
has a unique mixture of people, customers, products, locations, economies, and capital. 
However, there is a common theme. The board and the institution management need to be able to 
identify, measure, monitor, and control risks encountered in their institution, both on a current 
basis and prospective basis. Risks come in many varieties, including: credit risk, compliance 
risk, liquidity risk, market risk, operational risk, model risk, capital risk, legal risk and 
reputational risk. One typical bank in Botswana that has already engaged in using ERM is the 
First National Bank of Botswana. 
The First National Bank of Botswana Limited (FNBB) Report (2011) defines its ERM as the 
risks that it covers outlined in the risk register. The bank has aligned its risk management 
structure in line with the Group's Business Performance and Risk Management Framework with 
the objective of ensuring a single view of risk across the bank. Under their risk management and 
internal controls, the FNBBL report (2011 ) states that the bank continued to focus on risk 
management and corporate governance in the business during the year under review. Four 
internal specialist committees report to the Main Risk Committee (an ERM committee), that then 
reports to the Board Risk Committee, that ultimately reports to the Board. The report has a risk 
register that encompasses all the risk profiles and the impact rating with the mitigation actions. 
lOI Page 
However, FNBB does not state the benefits or the challenges that it faces in the implementation 
of this ERM and this poses a gap that this research has to close during the actual data collection. 
The financial services industry continues to evolve to meet the challenges posed by emerging 
technologies and business processes; new financial instruments; the growing scale and scope of 
financial institutions, and changing regulatory frameworks. The Bank of Botswana, as the 
primary supervisor of all financial institutions, has been working with other regulators and 
financial institutions to improve the effectiveness and relevance of regulation and supervision in 
this changing environment. The Bank of Botswana has long emphasised the need for appropriate 
and strong internal controls in financial institutions and has taken a continuous-improvement 
approach to risk-focused examinations. For many years ERM, in the multiple world 
organisational units within an entity, has received increased scrutiny. In Botswana, however, as a 
regulatory body the Bank of Botswana that controls the financial institutions has not come to a 
developed point where it has established a local regulatory framework for ERM. Other banks 
only state their procedures and risks appetite like Bank Gaborone without explicitly deliberating 
on ERM. The Barclays Bank of Botswana also does not explicitly state that it engages in ERM 
but it has a risk profile risk register, and risk procedures. 
2.6 CONCLUSION 
Enterprise risk management is a process that that is used by enterprises to manage and monitor 
integrated risks. In the financial sector, the Enterprise Wide risk approach became imperative 
especially after the shortfalls in the Basel norms became apparent. However, the financial 
industry still experiences challenges associated with the implementation of ERM. It is also 
evident so far that in Botswana, research on ERM has not developed much. 
lll Page 
CHAPTER 3 
THE LITERATURE REVIEW 
3.1 INTRODUCTION 
This chapter presents the literature review in order to provide a theoretical framework for the 
adoption and implementation of ERM. It outlines the theory and practice that frames the study, 
and presents a broad literature review. 
3.2 THEORETICAL LITERATURE REVIEW 
3.2.1 The Concept of ERM: A Retrospective Approach 
Enterprise risk management emerged in the late 1980s as an extension of hazard risk 
management. Since its introduction, ERM has been used meaning different things. ERM is a 
broad and complex concept that reaches into every major area of an organisation. As such, it is 
not surprising that many definitions of ERM have been offered in the literature. Hoyt and 
Liebenberg (2011 ), who are often cited in the field of ERM, mention that ERM enables 
organisations to take advantage of a broad and integrated approach to risk management which is 
more aggressive and strategic unlike the silo-based risk management which is primarily a 
defensive method of managing risk. According Beasley Branson, and Hancook (2011) the 2004 
COSO framework defines ERM as a process, affected by an entity's board of directors, 
management and other personnel, applied in strategy settings and across the enterprise. It is also 
designed to identify potential events that may affect the entity, manage risk to be within its risk 
appetite and to provide reasonable assurance regarding the achievement of entity objective. 
The Hoyt, Moore and Liebenberg (2008), defines ERM as disciplines by which an organisation 
in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the 
purpose of increasing the organisation's short- and long-term value to its stakeholders. In support 
of all risks Beasley (2010) says that the traditional approach fails to recognize the reality that 
individual categories or "silos" of risks often interact with other silo. Beasley (2010) describes 
ERM as an integrated framework for managing credit risk, market risk, operational risk, 
economic capital, and risk transfer in order to maximise firm value. The argument of what 
12 I Page 
ERM entails as compared to individual risk approach is further described by Liebenberg & Hoyt 
(2011), mentioning that although individual risk management activities may reduce earnings 
volatility by reducing the probability of catastrophic losses, there are potential interdependencies 
between risks across activities that might go unnoticed in the traditional risk management model. 
ERM provides a structure that combines all risk management activities into one integrated 
framework that facilitates the identification of such interdependencies. Thus, although individual 
risk management activities can reduce earnings volatility from a specific source (hazard risk, 
interest rate risk, etc.), an ERM strategy aims to reduce volatility by preventing aggregation of 
risk across different sources. 
The idea of interdependence is supported by Alviunessen and Jankensgard (2009) pointing out 
that ERM is concerned about a holistic, company-wide approach in managing risks, and 
centralises the information according to the risk exposures. They use the term ' risk universe ', 
which is the risk that might impact on the future cash flow, profitability and continued existence 
of a company. In other words, risk universe is risk that could affect the entity of the 
company. If risk universe can be identified, the next step is to take an appropriate action 
such as a risk mapping process, accessing the likelihood and impact and curbing the risk 
based on the organisations ' objectives. 
Therefore, ERM can be defined as a systematically integrated and disciplined approach to 
managing risks within organisations to ensure that firms achieve their objectives of maximising 
and creating value for their stakeholders. Two key concepts must be highlighted according to the 
various definitions given above. The first key concept is the main role of ERM itself - it 
integrates and coordinates all types of risks across the entire organisation. It means that risks 
cannot be managed in a silo approach. All risks occurring in the entity must be combined and 
managed in an enterprise approach. 
The second key concept in ERM is that users must be able to identify any potential incidents that 
may affect the organisation and lead the organisation to knowing their risk-appetite. If the risk-
appetite is specifically known, any decision made by the organisation to curb risks may be 
Bl Page 
parallel with the firm 's objective (Beasley 2010) ERM is considered as a discipline and it is a 
process, ongoing and flowing through an entity. It is an orderly prescribed conduct or pattern of 
behaviour for an organisation. Full support and commitment of top management and every level 
of an organisation are required to ensure the effectiveness of ERM implementation. In support of 
management playing pivotal role on ERM implementation Beasley (2010) continues to say 
greater focus on the need to oversee emerging risk exposures is also attracting the attention of 
boards of directors as expectations for more effective oversight of risk management processes 
have become an important component of overall governance. Executives should be eager to 
make a commitment to ERM because they are ultimately responsible for protecting, creating and 
enhancing shareholders ' value. 
Based on the above definitions Alviunessen and Jankensgard (2009) citing the 2004 COSO 
framework summaries that ERM reflects certain fundamental concepts whereby it is: 
• "A process, ongoing and flowing through an entity; 
• Effected by people at every level of an organization; 
• Applied in strategy setting; 
• Applied across the enterprise, at every level and unit and includes taking an entity (level 
portfolio view of risk); 
• Designed to identify potential events that, if they occur, will affect the entity and to 
manage risk within its risk appetite; 
• Able to provide reasonable assurance to an entity" s management and board of directors; 
• Geared to achievement of objective in one or more separate but overlapping categories" 
3.2.2 The Overall Purpose of ERM 
The overall purpose of ERM is to achieve balance between the three key objectives of a financial 
institution. They are, first, optimisation of the risk-adjusted returns for investors; second, 
maintenance of the capital strength required to support financial institutions' businesses 
and future growth opportunities; and third, maintenance of capital and risk governance 
requirements of regulatory and rating agencies. Although a limited number of studies has 
been completed to determine the characteristics of ERM including Hoyt and Liebenberg 
(2011), Beasley (2010), no study has yet been initiated to link the performance of ERM with 
financial institution's financial and stock market performance. 
14 I Page 
3.2.3 The Importance of ERM 
ERM is important in many perspectives. There are three main reasons why financial institutions 
exercise ERM (KPMG International, 2006). These are the organisation's desire to reduce 
potential financial losses; the organisation's desire to improve business performance as a result 
of regulatory compliance requirements; and the organisation's desire to increase risk 
accountability. However, Pricewaterhouse Coopers ( 2008) posit that financial institutions are 
motivated to implement ERM for the following reasons: the users want to adopt good business 
practice; users are given a competitive advantage; corporate governance pressure; regulatory 
pressure and also investment community pressure. 
Enterprise risk management provides a financial institution with the process it needs to become 
more anticipatory and effective at evaluating, embracing and managing the uncertainties it faces 
as it creates sustainable value for stakeholders. It helps an organisation manage its risks to 
protect and enhance enterprise value in three ways. First, it helps to establish sustainable 
competitive advantage. Second, it optimises the cost of managing risk. Third, it helps 
management improve business performance (Protiviti 20 12). 
These contributions redefine the value proposition of risk management in a business. Employing 
a value dynamics approach proves the contribution of ERM to financial institutions and firms in 
general. Justas potential future events can affect the value of tangible physical and financial 
assets, so also can they affect the value of key intangible assets. This is the essence of what ERM 
contributes to the organisation: the elevation of risk management to a strategic level by 
broadening the application and focus of the risk management process to all sources of value, not 
just physical and financial ones. ERM transitions risk management from 'avoiding and hedging 
bets' to a differentiating skill for protecting and enhancing enterprise value as management seeks 
to make the best bets in the pursuit of new opportunities for growth and returns. ERM 
invigorates opportunity-seeking behaviour by helping managers develop confidence so that they 
truly understand the risks and have the capabilities at hand within the organisation to manage 
those risks. Dafikpaku (2011) summarises these returns: ERM, contributes to increase in the 
following: NWU- f 
• Greater transparency (Corporate Governance) IL IBRARY 
• Financial disclosures with more strict reporting and control requirement 
15 I Page 
• Security and technology issues 
• Business continuity and disaster preparedness 
• Focus from rating agencies 
• Regulatory compliance (laws and regulations) 
• Globalization in a continuously competitive environment 
• 
During the past few decades, the market valuation paradigm has shifted from a composition of 
predominantly tangible balance sheet assets to intangible assets such as knowledge capital, 
talent, brand and reputation. Traditional risk management methods protect only a fractional 
portion of a company' s market value. Whether protecting a company' s competitive positioning; 
alleviating pressure on product margins; retaining key talent; or maintaining compliance in a 
dynamic regulatory environment, ERM helps protect the integrity, viability and value of the 
organisation. Today's boards of directors and senior management have a fiduciary responsibility 
to stakeholders, and, therefore, are personally responsible for fostering and sustaining an 
effective risk management programme. 
Risks are inherent in all business transactions (Bob, 2011). Because it is important for business 
entities to manage their risks systematically and comprehensively, ERM advocates a coordinated 
effort to manage enterprise exposures. While ERM is on the rise, not all organisations know 
what benefits they derive from adopting it. They know about why they need to adopt ERM. 
Actual and perceived benefits may differ according to the nature of the business, the sector the 
business operates in, and the volatility of the business environment. To date, ost of the 
literature on ERM has focused on developed countries. Very little attention has been directed to 
this subject in developing countries, including Botswana. Studies of the management of risk by 
companies from developing countries, meanwhile, have also been scarce. There is not enough 
information about the ERM initiatives of power companies. However, ERM has appeared as a 
new inspiration for managing the collection of risks that face an organisation. 
16 I Page 
3.2.4The ERM Model 
Among the financial institutions banks across the world have identified and started adapting the 
Enterprise Risk Management framework released by COSO as a framework to drive their 
initiatives in risk management beyond basic norms and regulatory compliances. Vaidyula and 
Kavula (2012) write that the COSO ERM Framework has all the components required to help 
banks stand a chance to derive business value while meeting compliance requirements. This can 
also be adopted by other financial institutions. The ERM framework is structured around eight 
key components and four key objectives of business: namely, strategic operations, reporting, and 
compliance 
The components of the ERM framework are given below: 
Figure 3.1: The COSO ERM Framework 
Eatabll■h•• th• entity' • rl■k culture 
Seta the Enterprlae Rlak objective■ 
Enable■ Information axch■nge 
Evaluate■ affectlvena•• of the ERM Program--••■ 
Enterprise Risk Management enables organisations to deal pragmatically with uncertainty and 
associated risk and opportunity thus enhancing the brand value and profitability. ERM 
helps m identifying and selecting among alternative risk responses, risk avoidance, 
reduction, transfer, and acceptance. It helps ensure effective reporting and compliance with 
laws and regulations, and avoid damage to the entity' s reputation and 
associated consequences (Vaidyula and Kavula (2012).Despite all of the talk about ERM in the 
trade press, evidence indicates that it is still not widely practised and empirical evidence 
regarding the manner in which ERM implementation is mapped within the financial industry is 
lacking. For example, Yazid et al. (2008) find that ERM practices amongst companies were still 
17 I Page 
at an early stage. In the study, only about 30% of the companies involved had adopted ERM. 
Why is ERM not common in practice? Some reasons may include organisational structures that 
are not conducive to ERM; individuals who do not want to give up their specific responsibilities; 
a lack of understanding regarding how to implement ERM effectively and difficulties in 
measuring risks in an organisation Chase-Jenkins, Farr, and Lebens, 2010. Since ERM is a 
relatively recent activity and has yet to be fully implemented in most companies, there has been 
little academic research about its accomplishments and about the obstacles to further progress. In 
particular, very little has been published about corporate attempts to identify and manage 
corporate strategic risks while integrating them into a corporate-wide ERM framework (Gates, 
2006). 
3.3 EMPIRICAL EVIDENCE 
3.3.1 Adoption and Implementation 
As mentioned above, the heightened interest in ERM implementation among firms across the 
world has been clearly fuelled by some internal and external factors. To the researcher ' s 
knowledge only a few studies focus on the influencing factors of ERM adoption among firms . 
Table 3 .1 provides an overview of these studies. 
Table 3.1 Comparative studies on ERM adoption among firms 
Authors Tvpe Focus 
Liebenberg Quantitative study Determinants of ERM adoption including firm size, firm industry, 
& Hoyt including 26 firms in the earnings volatility, stock price volatility, average leverage, average 
(2003) us market-book value ratios, financial opacity, average institutional 
ownership, subsidiaries ' countries 
Beasley, et Quantitative study of Influential factors on extent of ERM adoption including presence 
al. (2005) 123 firm s in the US of CRO, independence of board of directors, management 
commitment, auditor firm type, firm size, firm ' s industry, firm ' s 
country 
Pagach & Quantitative study of Focuses on examining the characteristics of firms that hire chief 
Warr (2011) 13 8 firms in the US risk officers (CRO). These characteristics include 4 perspectives 
of financial , asset, and market perspectives 
Nil No existing quantitative n/a 
study in Botswana 
(Adapted from Chase-Jenkins, Farr, and Lebens, 20 l 0) 
18 I Page 
3.3.1.1 Firm size 
It is a logical argument that when an organisation' s size increases, the nature, timing and the 
extent of the events threatening it become different as well. Additionally, larger entities are able 
to dedicate greater resources to implementing ERM (Beasley 2010). Consistent with these 
rational theories, Hoyt and Liebenberg (2011 ), demonstrate that larger firms are more likely to 
implement integrated risk management concepts than smaller firms. Moreover, the study of 
Pagach & Warr (2007), who investigated the characteristics of firms that hire CROs, reveals that 
larger firms are more likely to adopt ERM practices as they have greater risk of financial distress 
and more volatile operating cash flows. In addition, Hoyt and Liebenberg (2011 ), note in their 
study of 26 firms with CFO positions in the US that firm size is an important factor when 
deciding to implement ERM. Gordon et al. (2009) in their study of 112 firms also reveal that 
ERM and firm performance are contingent upon the firm size. COSO (2004) also mentions the 
importance of firm size when a firm decides to implement ERM. Therefore, the above noted 
literature suggests that there is a positive, significant relationship between the size of the firm 
and ERM implementation. 
3.3.1.2 Firm complexity 
Firm complexity refers to the number of business segments within a firm (Doyle and Mc Vay, 
2007; Gordon, et al. , 2009). This means that a firm with a higher number of business segments is 
considered more complex. To be more precise, there are generally two types of complexity 
discussed in the literature. One form is industrial diversification, which indicates that a firm is 
operating in different related or unrelated industries. Another type of complexity is international 
diversification and refers to firms with geographic segments. Both industrial and international 
diversifications are positively related to engagement of ERM framework. The reason is that 
diversified firms normally face multifaceted risks (Hoyt and Liebenberg, 2011). Gordon (2009) 
and Pagach and Warr (2007) also posit that more complex firms are more likely to implement 
ERM concepts. Hence, the above-mentioned literature indicates that a positive relationship exists 
between a firm ' s complexity and ERM implementation. 
19 I Page 
3.3.1.3 Firm's industries 
Chase-Jenkins, Farr, & Lebens, (2010) write that some industries are more regulated than others. 
Firms operating in intensive-regulated industries are more likely to adopt ERM and are at the 
forefront of ERM implementation. Two examples of these regulated industries are financial 
firms and energy firms (Pagach and Warr, 2007). Moreover, industry competition acts as a 
fundamental concern for all organisations. On the one hand, in some industries, there are many 
firms providing the same services/products and therefore services/products of a firm ' s 
competitor are a substitute for the firm ' s services/products. This kind of industry is referred to as 
a competition-intensive industry and firms operating this way face substantial risk of not earning 
sustainable levels of profits. On the other hand, in some industries firms have monopolistic 
situations. In such a situation, firms face a relatively low risk of not earning a sustainable level of 
profits; as long as the demand for such a product/service exists, the firm will have sales and earn 
profits. Beasley, et al. (2008) in their study of the level of ERM adoption of 123 firms show that 
firms in financial and insurance industries deploy further-developed ERM. Consistent with this 
result, Hoyt and Liebenberg (2011) and Pagach & Warr (2011) affirm that firms in the financial 
services industry have long implemented ERM. Also, studies performed to identify the riskiest 
industries determine utilities, telecommunications, and oil and gas to be industries with the 
highest risk (Frantz, 2011 ). Therefore as the literature suggests, firms in financial institutions, 
insurance, utilities, and telecommunication industries are more likely to have adopted the ERM 
framework. 
3.3.1.4Country of domicile for the whole firm as well as the subsidiaries 
Different rules and regulations in different countries act as an external pressure for firms to adopt 
ERM concepts. As Beasley (2010) mention, ERM frameworks were invented in the United 
Kingdom, Australia, New Zealand, and South Africa before the emergence of 2004 COSO ERM 
framework. Moreover, PWC (2007) claim in their survey that 46% of Asia-Pacific CEOs 
strongly agree that ERM is a top priority compared with only 28% of their US counterparts. 
Additionally, Hoyt and Liebenberg (2011) indicate that firms based in the United Kingdom and 
Canada are more likely to adopt an ERM programme than firms headquartered in the US. Hence, 
20 I Page 
it can be concluded that firms headquartered or having subsidiaries in the United Kingdom, 
Canada, Australia, and New Zealand are more likely to implement ERM frameworks. 
3.3.1.5 Presence of the Big Four auditors 
In their study, Beasley and et al. (2008) claim, that the stage of ERM implementation is 
positively affected by the firm 's auditor type. They prove that if the firm ' s auditor is one of the 
Big Four (KPMG LLP, Ernst & Young LLP, PricewaterhouseCoopers LLP, and Deloitte Touche 
Tohmatsu Limited) the firm is more likely to have adopted a more-developed framework of 
ERM. Meanwhile, there is a positive relationship between disclosing a high level of risk 
management and audit fees which tend to be higher when the company uses one of the Big Four 
auditors (Knechel& Willekens, 2006). Therefore, the authors assume that engaging one of the 
Big Four auditors as the firm's auditor is positively related to ERM framework adoption. 
3.3.1.6 Independence of board of directors 
While today' s market situation guides organisations to embed some risk-taking framework, in 
many cases the board and the management do not have shared perspectives of risk, reward 
preferences, and trade-offs. In many organisations, the boards of directors which are the ultimate 
stewards of the company's capital are often unaware of their responsibility in developing a risk 
management strategy within the organisation (Chase-Jenkins, Farr, & Lebens, 2010). The board 
needs to provide direction for the firm's risk management. Management should realise that their 
responsibility differs from that of the board; management is accountable for developing 
strategies and business plans that are consistent with the board's risk-taking approach. Fig. 3.2 
presents the risk contract between the board of directors and management 
Figure 3.2 The risk contract between the board of directors and management 
Board of Directors Management 
I. Se agrees to overall risk I. Develops business strategy 
appetite and corporate risk 2. Sets financial targets 
tolerance 3. Determines overall (economic) 
2. Approves capital plan Risk contract capital 
3. Ensures appropriate corporate 4. Allocates capital 
governance 5. Manages business 
(Chase-Jenkins, Farr, & Lebens, 2010) 
21 I Page 
As the above figure suggests, the independence of the board of directors from the management 
team of an organisation is a crucial factor of ERM implementation throughout the firm. 
Consistently, the study of Beasley, et al. (2008) reveals that the independence of the board of 
directors positively affects the stage of ERM implementation among firms. Therefore, according 
to the aforementioned literature, the more independent the board of directors is, the more it 
appears that a firm adopts ERM. The framework of the dominant factors in ERM adoption is 
shaped in figure 3 .3 based on the review and interpretation of ERM adoption literature. 
Figure 3.3 ERM adoption influencing factors 
Firm size 
Firm complexity 
Industries ERM Adoption 
Countty of domicile 
Auditor type 
BOD independency 
(Chase-Jenkins, Farr, and Lebens, 2010) 
3.3.2 The Benefits of ERM 
Besides the studies on the adoption and implementation of ERM, some research has been 
conducted on the benefits of the programme. Culp et al . (2011 ) of the Accenture 2011 Global 
Risk Management Study, report that 80% of the respondents across the survey have an ERM 
programme or plan to have one in the next two years. The banking industry and other financial 
institutions services companies are far more likely than other industries to have in place an ERM 
programme. A more comprehensive integrated approach to risk can benefit companies in the 
management of credit portfolios and enhanced credit data risk management. The report indicates 
that the benefits of this integrated programme are that it can become a developed coordinated 
strategic approach to fight fraud and financial crime. Lam (2007) reports on Asian banks and 
outlines the empirical evidence of studies by the conference boards in which only 11 % of those 
who have implemented the ERM programme report significant benefits. A large percentage 
22 I Page 
(86%) cites better informed business decisions while 83% cite greater consensus on key risks, 
and 79% increased management accountability. The following table exhibits the tangible and 
significant benefits reported by early adopters. 
Table 3.2 Significant benefits reported by early ERM adopters 
Benefits Company Actual results 
Shareholder value Global Bank Outperformed S&P banks by 58% 
improvement 
Early warning of risk Investment Bank Global risk cut by 1/3 prior to Asian Crisis 
Loss reduction Asset Management Loss to revenue ratio declined by 30% 
Company 
Regulatory capital relief Commercial Bank $1 billion regulatory capital relief 
Insurance cost reduction Manufacturing 20-25% reduction in insurance premium 
Company 
(Culp et al., 2011 ) 
No research has reportedly been conducted in the Botswana financial sector environment on the 
benefits of the implementation of ERM. However, in other parts of the world, research done on 
insurance companies by Hoyt & Liebenberg (2010) concludes that: 
• Firms that engage in ERM have a more objective basis for resource allocation thus 
improving capital efficiency and return on equity. NWU 
LIBRARY 
• ERM enables complex firms to better infrastructures of their risk profiles and also serves 
as a signal of their commitment to risk management. 
• Focus of their rating agencies on ERM as part of their financial reviews suggests a 
potential value application to the existence of ERM programme insurers. 
• By integrating decision making across all risk classes firms are able to avoid duplication 
of risk management expenditure by exploiting natural hedges. 
• Interdependencies between risks across activities might not be noted m solo risk 
management of risk interdependencies. 
23 I Page 
3.3.3 The Challenges Associated with ERM 
Deloitte ERS report of 2012 highlights that while ERM has delivered significant value, there are 
challenges associated with implementing an effective ERM programme. Nearly three quarters 
(70%) of the respondents rated the top issue of integrating risk data as an extremely or significant 
challenge. Closely following this was 64%citing having appropriate skills. Having appropriate 
risk methodologies and metrics was also a key concern at 63%, coupled with developing, 
implementing or selecting the right risk technology systems at 61 %. 
More challenges are given by (Vaidyula and Kavula (2012). ERM as a process is a long and 
arduous journey. It ' s a never ending process and the risk convergence journey can be divided 
into three broad phases of coordination, alignment and integration. Not many ERM implementers 
are aware of this. In addition Rodriguez and Edwards (2009) ERM implementation requires 
information systems design. There are information systems for different risk processes; however, 
no advance has been found in creating a Knowledge Management System to manage risk, which 
means to organize people 's knowledge in order to be more effective and efficient in the Risk 
Management endeavors. There are several requirements in a risk management information 
system, and a wide spectrum of functional attributes are required in order to provide capacity and 
support to risk knowledge sharing among different areas. Vaidyula and Kavula (2012) 
summarises these challenges in the table below. 
Table 3.3 Top challenges faced by financial institutions in adapting ERM 
Improving efficiency Achieving greater efficiencies tn the risk and control processes, 
improving coordination, unifying and streamlining approaches 
Challenging regulatory Ever-changing regulatory demands, high degree of regulatory scrutiny, 
environment variation of regulations across jurisdictions, preparing to operational ise 
/ compliance with Basel II 
Keeping pace with Rapid business growth, competitive intensity, M&A activity, global expansion, incr 
business growth and easing product complexity, increasing customer expectations. 
complexity 
Attracting and retaining Shortage of good talent in competitive markets, especially in specialised 
talent areas or emerging geographies 
Managing change Dealing with people and organisational issues as new processes demand 
new methods of work 
Fear of compliance Fear of compliance failures despite best efforts, owing to human error 
failures and emerging or unanticipated events; identifying and preparing for future risks. 
risks 
24 I Page 
3.4 CONCLUSION 
Although ERM was initially introduced as a shareholder value-increasing tool, not all firms have 
understood its benefits. In fact costs and benefits of ERM are firm-specific (Beasley, et al. , 2008) 
and the same ERM framework of a specific firm cannot be prescribed to another. Benefits and 
challenges are identified in the various studies cited and in this study it is yet to be discovered 
from the Botswana financial institutions if they experience the same. This study is different from 
other studies in a sense that Botswana does not have much literature on the studies of ERM and 
there is no local regulatory framework for Botswana institutions. 
25 I Page 
CHAPTER4 
METHODOLOGY 
4.1 INTRODUCTION 
The purpose of this research was to investigate the benefits and challenges of ERM 
implementation in financial institutions in Botswana. This chapter outlines the methodological 
approach that guided this investigation. 
4.2 THE RESEARCH DESIGN 
The research design governs the overall configuration and organisation of the research activity. 
The research design determines the type of evidence that is collected and interpreted in order to 
provide acceptable answers to the research questions. De Vans (2001) says that the function of a 
research design is to ensure that evidence answers the initial question as ambiguously as possible 
.In this endeavour, some understanding of the philosophy of science is needed, so that one can 
recognise which methodological approach applies to the investigation in question. The suitability 
of the methodology ultimately stems from the research tradition of the discipline, and its 
scientific norms and principles, as much as from the research questions and problems to be 
addressed. Clearly, the whole area involves debates on underlying philosophies, schools, and 
concepts of epistemology, as well as on the categorisation of different research disciplines. 
In this study a quantitative approach was used. Quantitative research involves counting and 
measuring of events and performing a statistical analysis of a body of numerical data. The main 
concerns of the quantitative paradigm are that measurement is reliable, valid, and a clear of the 
prediction of cause (Harwell 2012). The researcher's own values, biases, and subjective 
preferences have no place in a quantitative approach. 
4.3 THE SUBJECTS OF THE RESEARCH 
The study is confined to Botswana financial institutions that are more inclined to banking. 
Hence, the universe of the study is financial institutions of Botswana. The analysis of the 
benefits and challenges associated with the implementation of ERM in the financial sector in 
26 I Page 
Botswana is conducted on commercial banks, investment banks, development financial 
institutions and building societies. 
The Botswana financial institutions in this research are divided into five maJor categories: 
namely, commercial banks, investment financial institutions, development financial institutions, 
building societies and bureau de changes (BOB, 2011). However, for the purpose of the required 
analysis all financial institutions except bureau de changes form the purview of this study. The 
bureau de changes were excluded from the study because they did not justify the data 
requirements as bureau de changes are simply forex conversion centres and apart from not 
meeting the definition of 'bank' have a basic risk management system in place which does not 
justify evaluation with financial institutions that do more than just foreign currency conversion. 
The financial institutions included in the study are categorised below: 
Commercial banks 
ABN AMRO Bank (Botswana) Limited 
ABN AMRO Bank (Botswana) Obu limited 
African Banking Corporation of Botswana Limited 
Bank of Baroda (BOTSWANA) Limited 
Bank Gaborone Limited 
Barclays Bank of Botswana Limited 
Capital Bank Limited 
First National Bank of Botswana Limited 
Stanbic Bank Botswana Limited 
Standard Chartered Bank Botswana Limited 
Investment banks 
Kingdom Bank Africa Limited 
Development financial institutions 
Botswana Savings Bank (BSB) 
Botswana Development Corporation (BDC) 
27 I Page 
Citizen Entrepreneurial Development Agency (CEDA) 
National Development Bank (NDB) 
Building society 
Botswana Building Society 
4.4SAMPLING TECHNIQUE 
Kitambara (2012) outline the main reasons for sampling as economy; timeliness; the large 
sample of many populations; the inaccessibility of some of a particular population, and for 
purposes of accuracy. The researcher used stratified sampling to obtain a sample of the 
respondents to be included in this study. Stratified random sampling is a technique which 
attempts to restrict the possible samples to those which are ' less extreme' by ensuring that all 
parts of the population are represented in the sample in order to increase the efficiency (that is, to 
decrease the error in the estimation). In stratified sampling the population of $n$ units is first 
divided into disjoint groups of nl , n2, .. ., nh, .. nl , units, respectively. These subgroups, called 
strata, together comprise the whole population, so that nl +n2+ ... nl=n from each stratum a 
sample, of pre-specified size and is drawn independently in different strata. Then the collection 
of these samples constitutes a stratified sample. If a simple random sample selection scheme is 
used in each stratum, then the corresponding sample is called a stratified random sample. 
Kitambara (2012) confirms that when conducting the survey and the target population shows 
subpopulations, it is highly recommended to use Stratified Random Sampling to design sample. 
The respondents involved in the study are all financial institutions of Botswana, that is, two risk 
managers per institution of the following striatum: commercial, investment, development and 
building society. I Nwu I 
1LIBRARY_ 
The research was conducted with a sample size of 18 financial institutions only. Respondents 
who qualified were risk or financial managers at the above financial institutions by virtue of 
holding the position at the time of the study and situated in Gaborone only. The size of the 
sample was sufficient for the purposes of a general pattern of behaviour which was discernible 
and representative of the entire city. 
28 I Page 
4.5 DATA COLLECTION 
4.5.1 The Questionnaire 
In this study, the researcher used a questionnaire to collect data. The research instrument was 
developed at the research proposal phase. The justification for the choice of this type of 
instrument lay in the fact that questionnaires achieve high response rates if properly 
administered. A questionnaire was administered to 18 institutions with 36 respondents. The 
advantage of using a questionnaire is that it can also be used to cover a wide geographical area 
and confidentiality is maintained since the questions are responded to in privacy. Questionnaires 
are also cheaper to use compared with other methods of data collection like face-to-face or 
telephone interviews. 
Table 4.1 Advantages and disadvantages of a questionnaire 
Advantages of a questionnaire Disadvantages of a questionnaire 
- Not costly to administer especially if the - Inability of the researcher to probe responses 
study IS conducted within the same 
geographical area 
- Collected data can easily be analysed - No personal contact and feedback 
- Respondents are free to express their - Body language IS not available to aid 
views if anonymity is guaranteed interpretation 
- Bias is not expected smce the same - Some people receive many questionnaires so 
questions are given to respondents they dislike completing them 
4. 5.2 Questionnaire Construction and Design 
The design of a questionnaire has a significant effect on the reliability and validity of the 
responses obtained and a number of steps were taken with this aspect in mind. The questionnaire 
was designed in a close cooperation with experts involved both in practice and research. The 
29 I Page 
questionnaire was divided into four sections. Section A contained seven questions that focused 
on ERM function and processes. Section B focused on the benefits of ERM. This section 
contained I 7 likert scale questions. 
The questionnaire further, in Section C elucidated responses concerning the challenges of ERM 
implementation. The final Section D contained the recommendations from respondents on 
improving ERM implementation in financial institutions in Botswana. The questionnaires 
contained various question forms which were aligned with the objectives and had their 
foundation in the literature review. This alignment facilitated justification to the primary 
findings . 
4.5.3 The Pilot Study 
In order to overcome shortcomings, the researcher ensured that a pilot study was conducted 
before the questionnaire was administered. Questionnaires were distributed to eligible personnel 
by hand. A letter from the researcher describing the study and instructions was included in the 
packet. Since the research design was quantitative, an exploratory research was conducted in the 
form of interviewing in order to provide clarification of the research problem, or to assist with 
the formulation of the questionnaire which was developed. The study began where the 
exploration left off. Pre-tested questionnaires with a covering letter from North-West University 
were distributed to two financial institutions in Gaborone only. This pilot study helped in 
ensuring validity and reliability of the instrument which in this case was the questionnaire. 
Golafshani (2008) states that validity refers to the extent to which a test measures exactly what 
needs to be measured while reliability is concerned with the accuracy and precision of a 
measurement procedure. 
4.5.4 Administration of Questionnaires 
A questionnaire was administered to 18 financial institutions constituting 36 respondents (risk 
managers of various financial institutions in Botswana under the categories of commercial, 
investment, development and building society). This quantitative data provided was analysed 
30 I Page 
statistically. The researcher personally administered the distribution and collection of the 
questionnaires. The survey was conducted at random through a well-structured and pre-tested 
questionnaire. A first appointment was made telephonically with the representative of the bank. 
On the appointment date, first an official letter that identified the researcher which also sought 
permission to conduct a study within the bank was handed over. Second, the objective of the 
study and details elucidating the manner in which the questionnaires were to be filled in were 
explained to the respondents. Last, the questionnaires were handed to the respondents with an 
appointment made for the return of filled-in questionnaires. This method guaranteed that the 
questionnaires were delivered to the intended recipients and therefore produced better quality 
and depth of data than with other methods of questionnaire administration. 
4.5.5 Collection of Questionnaires 
Questionnaires were handed to the respondents personally at their offices, after a telephonic 
follow-up with relevant respondents. The respondents who participated in the study cooperated 
and were willing to complete questionnaires within the agreed time frame. 
4.5.6 Response Rate 
Thirty-six questionnaires were sent to risk managers of various financial institutions in Botswana 
under specific bank categories such as commercial, investment, development and building 
society in Gaborone, that were identified in the Bank of Botswana directory of financial 
institutions operating in Botswana as at December 31 , 2011. However, one questionnaire was 
returned blank and considered unusable. The unusable survey was accompanied with a note 
attached which explained why the respondent had not been able to complete the survey. 
Therefore, 35 surveys were considered to be legitimate for this research. With 35 returned from a 
total of 36, the response rate was 97.22%. 
4. 6 DATA ANALYSIS 
Once the necessary data was collected, analysed and summarised in a readable and easily 
interpretable form. The Statistical Package for the Social Sciences (SPSS) was used to 
summarise the quantitative data where necessary. The questionnaire data was analysed 
31 I P a g e 
quantitatively by first coding it. Some parts of the questionnaire that the researcher used were 
pre-coded and only those ones that were not will be coded. The researcher first began analysing 
the scale data with descriptive statistics. The data was analysed using SPSS software. The 
measure of central tendency was employed; the mean and thereafter the standard deviations were 
calculated. Finally, the responses were combined to form two nominal categories of agreement 
or disagreement and this offered other analysis possibilities. 
4.7 ETHICAL CONSIDERATIONS 
Ethical research requires protecting the welfare and rights of research participants. Within this 
study, the researcher obtained voluntary and informed consent by providing the participants with 
information regarding the research project and the expectations that were placed on them if they 
participated. They were also assured that confidentiality would be maintained by disallowing any 
revealing or personal information in the feedback report provided at the conclusion of the study. 
Participants were awarded the option of withdrawing from the study if at any point they 
experienced or perceived harm from the research. 
4.8 CONCLUSION 
In this chapter, the research methodology and the choice of the research design were discussed 
including the research instrument that was administered to the pilot population and to the main 
target population. The researcher distributed and collected the questionnaires. Methods for 
ensuring validity and reliability were discussed as well as the data analysis pertaining to the 
study. Matters relating to conducting the research ethically were considered. The following 
chapter provides views of the analysis and discussion of the results obtained during the collection 
of the data. The approach taken in this chapter is to deal with the analysis of the quantitative 
analysis first, followed by discussion. 
32 I Page 
CHAPTERS 
RESEARCH FINDINGS AND INTERPRETATION 
5.1 INTRODUCTION 
This chapter focused on the research findings and interpretation of data collected. The research 
objectives involved establishing the number of financial institutions in Botswana that have ERM 
programmes; identifying the benefits and challenges faced by financial institutions stemming 
directly from implementing ERM programmes; and finally providing recommendations for 
improving the existing ERM processes in these financial institutions. These objectives were 
accomplished. The findings presented in this chapter demonstrate the potential for merging 
theory and practice. 
5.2 BACKGROUND TO FINDINGS 
5.2.1 Response Distribution 
The distribution of respondents by financial institution type shows that of the sample of 36risk 
managers working in financial institutions, a majority of the respondents (35), that is, 97.2% was 
an effective sample. The results of the distribution of the sample are shown in table 5 .1 below. 
Table 5.1 Response distribution 
Financial institution type N Percentage (%) 
Commercial banks 20 57.14 
Development financial institutions 6 17.14 
Building society 2 5.71 
Investment banks 2 5.71 
Others 5 14.3 
TOTAL 35 100 
The results indicate that there are more commercial banks in Botswana than other financial 
institutions. One can conclude that there are more commercial banks than other banks in 
Gaborone. 
33 I Page 
5.2.2 ERM Programme in Place 
To assess how many financial institutions have an ERM programme in place, the questionnaire 
was used and the results demonstrated that all the financial institutions that were part of the study 
had an ERM programme in place. 
5.3 MAIN FINDINGS 
5.3.1 How Long has the ERM Process and/or Function been in Place? 
Respondents were asked to state the length of time the ERM process and/or function had been in 
place in their financial institutions. The results of the survey are shown in table 6 below. 
Table 5.2 Existence of ERM process (years) 
Dimension Frequency Percentage (%) 
Less than 1 year 0 0 
Between 2 and 4 years 3 8.57 
More than 5 years 32 91.43 
TOTAL 35 100 
The results indicated that the majority (91.43%) of financial institutions surveyed had had an 
ERM process and/or function in place for more than five years, whereas only 8.5% of the 
sampled financial institutions had implemented an ERM process and/or function in between two 
and four years . One can, therefore, conclude that ERM is a critical issue in financial institutions 
and most financial institutions have made efforts to manage enterprise risk. The trend towards 
the adoption and implementation of ERM is also great in financial institutions in Gaborone. 
5.3.2 Level of Maturity of Financial Institutions' ERM Process and/or Function 
Table 5 .3 below shows the distribution of the maturity level of the ERM process and/or function 
of the financial institutions. 
34 I Page 
Table 5.3 Distribution of ERM maturity level 
Variable Frequency Percentage (%) 
Very immature 0 0 
Somewhat immature 0 0 
Between immature and mature 1 2.86 
Somewhat mature 1 2.86 
Very mature 33 94.28 
TOTAL 35 100 
The results of the sample reveal that regarding the distribution of ERM maturity levels of 
financial institutions, most financial concerns (94.28%) have a very mature ERM system in place 
and only two concerns surveyed had a somewhat mature and a between immature and mature 
ERM system. 
I NWU LIBRARY' 
An assessment of the ERM maturity level revealed that all the commercial banks were regardea 
as having very mature ERM systems. In comparison, this did not tally with the maturity level of 
two development financial institutions whose ERM maturity levels were between immature and 
mature and somewhat mature. The results for this could be attributed to the essentially 
developmental nature of these financial institutions. Their ERM systems although robust were 
not as complete and comprehensive as those of their commercial counterparts which by virtue of 
being commercial financial concerns required exceptionally mature ERM systems owing to the 
scope of their risk exposure. 
An assessment of the results of the survey for building societies, investment banks and other 
financial institutions also revealed that the level of maturity of their ERM processes was mature. 
One can conclude that the nature of the financial institution affects the level of maturity of its 
ERM process. Financial institutions which are skewed to commercial, investment, savings or 
micro lending have very mature ERM systems based on the need to preserve capital and 
minimise risks while developmental financial institutions may not necessarily be the same. 
35 I Page 
5.3.3 Extent of Use of Frameworks for ERM Guidance 
The survey instrument required respondents to indicate the extent to which their financial 
institutions employed common ERM frameworks used across the world for guidance in the 
development and maintenance of their processes and/or functions . Figure 5 .1 reveals the results. 
Figure 5.1 Frameworks for ERM guidance 
FIGURE 5.1 FRAMEWORK FOR ERM GUIDANCE 
40 ~--------------------
35 
30 
2S 
20 
lS 
.10 
s 
0 ■ % of u se 
Figure 5 .1 shows that six frameworks are mainly employed by financial institutions for ERM 
guidance, that is, COSO ERM framework, Turn Bull Guidance, South African Adopted, Base 
III, and Systemic Risk Initiatives. The following frameworks are used subsequently for ERM 
guidance, that is, ISO and a combination of ERM implementation efforts. Other frameworks 
which are less common are not as widely used as the first two groups of ERM frameworks by 
financial institutions in Gaborone. 
It is interesting to note that all financial institutions employ a combination of ERM frameworks 
to develop their specific entity-based ERM process and/or function. All frameworks used in this 
regard are international frameworks employed by other financial institutions across the globe. An 
interesting finding, however, is the existence of a local/Botswana ERM framework that provides 
guidance to Botswana financial institutions based on the fundamental risk structures emanating 
from the local economy. 
36 I Page 
5.3.4 Risks Managed within Financial Institutions' ERM Frameworks 
Table 5.4 shows a summary of the risks that are managed by financial institutions within their 
ERM frameworks. 
Table 5.4 Risks managed within ERM framework 
Variable Frequency 
Operational risk 35 
Credit risk 35 
Market risk 35 
Liquidity risk 35 
Vendor risk 35 
Privacy risk 35 
Reputation risk 35 
Business continuity/IT risk 35 
Security risk 35 
Regulatory/Compliance risk 35 
Budgeting/Financial risk 35 
Strategic risk 35 
Model risk 35 
Litigation risk 35 
Hazard/Insurance risk 35 
Geopolitical risk 35 
Other(Global Risk, e.g. 2009) 35 
Respondents were given a list of 17 categories of risk that affect financial institutions and were 
then expected to identify the risks that their ERM framework managed. The results were 
37 I Page 
surprising as all ERM frameworks with varying degrees of risk management, origin, scope and 
extent of application were similar throughout. 
Investment banks revealed from the research that global risks such as the 2009 economic 
recession were a vital uncertainty that their ERM frameworks attempted to manage over and 
above the listed categories of risk. In summation, it would appear that while no local ERM 
framework exists for Botswana, financial institutions have comprehensive ERM frameworks that 
manage a broad array of risks. 
5.3.5 Benefits of ERM Implementation 
5.3.5.1 Value of ERM programme 
The respondents who participated in the survey were required to state whether the value of the 
installed ERM programme was greater than its cost. The results indicated that the respondents 
believed that the value derived from their respective ERM programmes was greater than the cost 
of implementing the same programmes. Figure 6 reveals the results. 
The results of the value of installed ERM programmes is testament to the formidability of 
enterprise risk management as a comprehensive, cost-effective and value-adding risk 
management tool for all types of financial institutions such as commercial concerns, investment 
banks, development-based concerns and building societies. 
38 I Page 
Figure 5.2 ERM programme value greater than its cost 
f1GURI: 5.2~1PROGRAMMEGREATER THAN ITS COST 
40 ~---------------------
35 
30 
25 
20 
■ Frequency 
15 
10 
5 
0 +---
Yes No Difficult to Quantify 
5.3.5.2 Evaluation of the benefits of ERM to financial institutions 
The results of the sample regarding the evaluation of the benefits of ERM to financial institutions 
reveal that indeed ERM is beneficial to these financial concerns. Table 5.5 reveals a strong 
concurrence in respondents ' opinions concerning the benefits derived from the implementation 
of ERM. 
39 I Page 
Table 5.5 Benefits of ERM 
Variable/Benefit SD D N A SA TOTAL 
ERM resu lts in the effective identification, assessment - - 2 17 16 35 
and management of organisation-wide risk 
ERM improves firm performance - - 1 14 20 35 
ERM improves operations through the effective and - - 1 15 19 35 
efficient use of its resources 
ERM improves the reliab il ity ofreporting - - 1 27 7 35 
ERM improves bank strategy and high- level goals by - - - 15 20 35 
aligning with and supporting the mission 
ERM ensures compliance with applicable laws and - - - 26 9 35 
regulation 
ERM addresses critical bank issues such as growth, - - - 12 23 35 
return, consistency and value creation 
ERM results in decreased earnings volatility - - - 13 22 35 
ERM results in a decreased market to book ratio - - - 14 21 35 
ERM results in increased asset opacity - - - 11 24 35 
ERM increases the board's and senior management's - - - 10 25 35 
ability to oversee portfolio risks 
ERM helps reduce unacceptable performance variability - - - 9 26 35 
ERM helps align and integrate varying views of risk - - - 10 25 35 
management 
ERM helps build confidence of investment community - - - 12 23 35 
and stakeholders 
ERM helps enhance corporate governance - - - 10 25 35 
ERM helps to successfully respond to a changing - - - 20 15 35 
business environment 
ERM helps align strategy with corporate culture - - - 8 27 35 
It was interesting to note that 94% (33) of the respondents concurred that ERM results in the 
effective identification, assessment and management of organisation-wide risk, whereas only 
6%(2) of the respondents dissented by remaining neutral. The category of dissenters emerged 
from those who felt the maturity level of the ERM process was not mature/very mature. 
NWU· I 
LIBRARY_ 40 I Page 
' 
Based on the results, 97% (34) of the respondents affirmed that ERM improves performance. 
Similar results were observed regarding ERM improving operations through the effective and 
efficient use of financial institutions' resources and regarding ERM improving the reliability of 
reporting. The main reason attributed to the dissenters ' opinion was again owing to the level of 
maturity of the ERM implementation process and/or function. Based on the nature and scope the 
financial institution that is development financial institutions. Other financial institutions enjoyed 
full benefits from ERM programmes in particular owing to their commercial and objective 
nature. 
All respondents (100%) agreed that ERM improves bank strategy and high level goals by 
aligning with and supporting the mission. Similar results were observed regarding ERM ensuring 
compliance with applicable laws and regulations and ERM addressing critical financial 
institutions ' issues such as growth, consistency and value creation. 
Results from table 5.5 further reveal a high level of agreement (100%) concemmg ERM 
resulting in a decreased market to book ratio; ERM resulting in increased asset opacity; ERM 
increasing boards ' and senior management' s ability to oversee portfolio risks and in helping to 
reduce unacceptable performance variability. Similar results were observed as benefits accruing 
to financial institutions in the form of ERM helping to align views of risk management in 
financial institutions; ERM helping to build confidence of the investment community and 
shareholders; ERM helping to enhance corporate governance in financial institutions; ERM 
helping to successfully respond to a changing business environment and ERM helping to align 
strategy to corporate culture. 
5.3.6 Challenges Associated with ERM Implementation 
Respondents were required to indicate the significance of ten challenges faced by their 
organisations in implementing an ERM programme. The results of this distribution are shown in 
table 5.6 
41 I Page 
Table 5.6 Challenges associated with ERM implementation 
Variability Very significant Somewhat significant Insignificant 
N % N % N % 
Data 34 97.1 1 2.9 - -
Culture 25 71.4 10 28.6 - -
Tools 14 40 21 60 - -
HR policies 26 74.3 9 25.7 - -
&practices 
Risk methodology 25 71.4 10 28.6 - -
Organisational 14 40 21 60 - -
structure 
Cost of 27 77.1 8 22.9 - -
implementation 
Short-term 29 82.9 6 17.1 - -
perspectives of risk 
Long-term 30 85.7 5 14.3 - -
perspectives ofrisk 
Quantifiable 29 82.9 6 17.1 - -
financial benefits 
exceed the costs 
Based on the information m table 5.6 above, the challenges associated with ERM 
implementation by financial institutions can be divided into two sub-groups, that 1s, very 
significant challenges and somewhat significant challenges. 
42 I Page 
5.3.6.1 Very significant challenges associated with ERM implementation 
The highest challenge by percentage rating m the implementation of ERM by financial 
institutions is data. Nearly all (34 out of 35 respondents; 97.1 %) concurred. Second, long-term 
perspectives of risk held by the organisation and its risk managers as dictated by the financial 
institutions' ERM framework is regarded as a very significant challenge. This can be attributed 
to uncertainty in identifying and anticipating long-term risk behaviour and dynamics which 
although known to the financial institutions are extremely difficult to quantify and anticipate 
magnitudinally in a long-term horizon. 
The third challenge identified by respondents as very significant was (a) short-term perspectives 
of risk and (b) the quantifiable financial benefits exceeding the costs. In both cases, 29 of the 35 
respondents (82.9%) concurred. In the first instance, short-term perspectives of risk are a very 
significant challenge to financial institutions because these are based on defined risk categories 
within the institutions' risk framework and newer risk categories develop all the time. Therefore, 
identifying and anticipating the effect of this risk is a very significant challenge. In the second 
case, implementing ERM is not a guarantee that in all cases the quantifiable financial benefits 
will exceed the costs of the ERM exercise. The tangible results of the cost benefit assessment of 
ERM implementation is based on a number of controllable and uncontrollable variables which 
must be filtered through a well-developed and implemented ERM programme that meets the 
enterprise risk needs of the financial concern. 
That the cost of implementation of an ERM programme is the fifth significant challenge faced by 
financial institutions was accepted by 27 of the 35 (77.1 %) respondents. Table 5.9 shows that 
74.3% of the respondents identified human resource policies and practices as the sixth challenge 
faced by financial institutions in implementing ERM. Finally, the risk methodology and the 
organisational culture regarding risk were identified as the seventh significant challenge to the 
implementation of ERM by financial institutions. 
It can, therefore, be concluded that the most critical challenge faced by financial institutions 
stems from the structural design of the ERM framework pertaining to risk expectations in the 
43 I Page 
long and short-term, risk methodologies, HR policies and practices, that is, organisational 
systems for risk management, data and risk behaviour ( culture, cost implementation and 
expectations concerning the cost versus benefits of ERM). 
5.3.6.2 Somewhat significant challenges associated with ERM implementation 
In this category only two challenges associated with ERM implementation were identified. First, 
organisational structure and second, tools and supporting technology systems put in place before, 
during and after the implementation of ERM. More than half ( 60%) of the respondents 
concurred. The essential criteria governing these results are critical because implementation 
depends on organisational systems and structures which allow for the transmission of ERM 
policies and the operation of ERM protocols and contingencies. A rigid organisational structure 
has the potential to limit the effect of the implementation. Obsolete tools and supporting 
technologies can also hamper the realisation of full benefits of ERM in a financial institution. 
5.3.6.3 Effectiveness of risk management 
Respondents were required to indicate how effective they felt their organisations were in the 
management of 16 specified risks ( operational risk, credit risk, market risk, liquidity risk, vendor 
risk, pnvacy risk, reputation risk, business continuity/IT risk, security risk, 
regulatory/compliance risk, budget risk, strategic risk, model risk, litigation risk, hazard risk and 
geopolitical risk) and one unspecified risk (other). Table 5.7 below shows the distribution of the 
effectiveness of financial institutions in the management of specified risks and unspecified risks. 
44 I Page 
Table 5.7 Management of specified risks 
Variability Extremely Very Don't Very Extremely 
effective effective know ineffective ineffective 
N % N % N % N % N % 
Operational 14 40 21 60 - - - - - -
risk 
Credit risk 5 14 30 86 - - - - - -
Market risk 5 14 30 86 - - - - - -
Liquidity risk 15 43 19 57 1 3 - - - -
Vendor risk 7 20 21 80 - - - - - -
Privacy risk 9 26 26 74 - - - - - -
Reputation risk 4 11 29 89 - - - - - -
Business 14 40 21 60 - - - - - -
continuity/IT 
risk 
Security risk 6 17 25 83 - - - - - -
RegulatoryI  co 18 51 17 49 - - - - - -
mpliance risk 
Budgeting/ 20 57 15 54 - - - - - -
financial risk I N WU-
I ■- - -
Other 16 46 15 54 - - - - •o r1AH r-_ 
Strategic risk 5 14 29 86 - - - - - -
Model risk 6 17 29 83 - - - - - -
Litigation risk 7 20 28 80 - - - - - -
Hazard/ 9 26 24 74 - - - - - -
Insurance risk 
Geopolitical 4 11 29 89 - - - - - -
risk 
45 I Page 
Table 11 reveals that financial institutions still need to make strides in improving the proficiency 
with which specified risks are managed. Only two specified risks were regarded by respondents 
as being effectively managed, that is, budgeting/financial risk and regulatory/compliance risk. 
Just over half (51 %, 18) of the respondents surveyed felt that regulatory risk was being 
effectively managed while a marginal 57% (20) of the respondents identified budgeting/financial 
risk management as being extremely effectively managed by financial institutions. The low 
proportion of respondents is conclusive of the elusive nature of risk management and indicative 
of the need for improvement in the governing risk frameworks and management fundamentals 
which may cause uncertainty in business decisions and exogenous factors affecting financial 
institutions. 
A majority of respondents indicated that the effectiveness of the management of specified and 
unspecified risks by financial institutions was not yet exceptional. However, these institutions are 
very effective in their risk management mandate. Based on Table 10 above, the following risks 
were found to be very ' effectively managed' . 
1. Geopolitical risk 10. Hazard risk 
2. Reputation risk 11. Privacy risk 
3. Strategic risk 12. Operational risk 
4. Credit risk 13. Business continuity/IT risk 
5. Market risk 14. Liquidity risk 
6. Model risk 15. Other(u nspecified risk) 
7. Security risk 
8. Vendor risk 
9. Litigation risk 
46 I Page 
5.5 RECOMMENDATIONS BY RISK MANAGERS 
Risk managers made recommendations on how to improve the ERM process in financial 
institutions. The main recommendation put forward was the need for the development of a local 
enterprise risk management regulatory framework. 
47 I P a g e 
CHAPTER6 
CONCLUSIONS, POLICY IMPLICATIONS AND RECOMMENDATIONS 
6.lCONCLUSIONS 
This study examined the benefits and challenges associated with the implementation of ERM in 
financial institutions in Botswana. A thorough analysis of the benefits stemming from ERM 
implementation and the challenges faced by financial institutions was conducted to determine 
and achieve the research objectives. 
The study concludes that more commercial banks exist than investment, development financial 
institutions and building societies combined. Furthermore, the majority of financial concerns 
surveyed have implemented an ERM process and/or function. All financial institutions surveyed 
have made significant progress in managing enterprise risk. This scenario is proof that risk 
management is a critical business function requiring a formalised approach for the business 
success of financial institutions. 
The paper revealed that 94.28% of the respondents accepted that most of the financial 
institutions had a very mature ERM system in place with a few exceptions for development-
based financial institutions. Commercial, investment, building society and other financial 
institutions were considered to have a very mature ERM system in place. From these findings, 
one can conclude that the maturity level of the implemented ERM system depends primarily on 
the nature and scope of operations of the financial institutions. 
In general, it was found that a combination of ERM frameworks (international and regional) was 
employed by Botswana financial institutions for organisational ERM guidance. Frameworks 
such as COSO, Turn Bull, SA Based, Base III and Firm Systemic risk initiatives were among the 
main frameworks that governed ERM guidance in Botswana. This might mean that although the 
ERM guidance was world class, international and objective regarding international 
standardisation, limitations might emerge owing to the failure of a local ERM framework based 
on Botswana's economic financial and economic fundamentals specific to Botswana. 
48 I Page 
All the ERM frameworks with varying degrees of origin, scope, inflexion and risk management 
systems managed all 17 risk categories. The study revealed that operational risk, credit risk, 
market risk, liquidity risk, vendor risk, privacy risk, reputation risk, business continuity/IT risk, 
security risk, regulatory/compliance risk, budget risk, strategic risk, model risk, litigation risk, 
hazard risk and geopolitical risk were all managed within the financial institutions' ERM(hybrid) 
frameworks. 
The benefits of ERM implementation were found to be greater than the cost of implementation. 
It can thus be concluded that ERM is a value-based tool for improving the management of 
enterprise risks. In all cases (100%) it was found that in all categories of financial institutions, 
ERM contributed more value than cost which confirms as in the literature this is a value adding 
approach. 
The study concludes that the very significant challenges associated with ERM implementation 
are data(97.1% );long term perspectives of risk(85.7%);quantifiable financial benefits exceeding 
the costs(82.9%);short-term perspectives of risks(82.9%);costs of implementation(77.1 %);human 
resource policies and practices(74.3%); risk methodology(71.4%), and culture(71.4%). Tools and 
supporting technology systems (60%) and organisational structures (60%) were found to be 
somewhat significant challenges. This indicates that ERM is a challenging exercise to implement 
as most of the very significant challenges were related more to the attitudes, behaviours and 
systems within the implementation process than in the organisations themselves, save for human 
resource policies and practices which were the only organisational factors affecting ERM 
implementation. The frameworks of technology and organisation are relatively significant 
challenges meaning that their effect more or less limits the effectiveness of the implementation in 
their absence and thereby maximises the implementation aims when present. IL l:~iv j 
Financial institutions in Botswana were found, in general, to be very effective in the management · ~ 
of specified and unspecified risks. This means that considering the hybrid nature of their 
respective ERM frameworks , financial institutions were able very effectively to manage various 
risks such as operational risk, credit risk, market risk, liquidity risk, vendor risk, privacy risk, 
reputation risk, business continuity/IT risk, security risk, regulatory/compliance risk, budget risk, 
strategic risk, model risk, litigation risk, hazard/insurance risk, geopolitical risk and other 
49 I Page 
(unspecified) risks. Financial institutions were only able to be extremely effective in the 
management of budgeting/financial risk (57%) and regulatory/compliance risk (51 %). These 
results are clear as they explain the limitations of hybrid ERM frameworks adopted by local 
financial institutions in Botswana in the absence of a local home-grown ERM framework. 
Furthermore, the ERM systems employed need improvement in many key methodological areas 
in order to attain extreme effectiveness in the management of risk in financial institutions. 
Factors such as level of maturity of the ERM programme, the extent of the implementation and 
the revision of risk management protocols may also influence the extent of the effectiveness 
within which enterprise risk is managed. 
6.2 RECOMMENDATIONS TO FINANCIAL INSTITUTIONS AND POLICY MAKERS 
The study revealed that some financial institutions, that is, development financial institutions, 
had somewhat mature an~ a between immature and mature ERM systems. Post implementation 
review policy makers should at least align their financial institutions' strategic objectives with 
those of the objectives of the enterprise risk management functions. Furthermore, by 
updating/revising their ERM frameworks, risk methodologies, tools and technologies and risk 
protocols and observance mediums, maturity levels would increase without compromising the 
nature and scope of the financial institution. 
The study also revealed that all financial institutions adopt a hybrid ERM framework to govern 
ERM fundamentals. Bank of Botswana and such regulatory authorities as the Non-Bank 
Financial Institutions Regulatory Authority (NBFIRA) need to formulate an authoritative local 
ERM regulatory framework to govern the conduct of financial institutions in this regard. This is 
an area the government needs to address. 
50 I Page 
The study revealed major challenges faced by financial institutions in the implementation of 
ERM. 
6.2.1 Data 
Financial institutions should ensure appropriate systems are in place to guarantee data security, 
integrity, completeness and privacy. 
6.2.2 Expectations 
Risk managers should attempt to re-align their short- and long-term perspectives of risk with 
market fundamentals to take into account specified and unspecified risks in order to mitigate the 
impact of uncertainty. 
6.2.3 Cost and Benefits of ERM Implementation 
Appropriate evaluations must be made to adequately prescribe a cost-effective and value- adding 
ERM programme installation for financial institutions. It is vital that the costs of implementation 
do not obscure effective implementation of ERM. Further, ERM should not be implemented with 
the notion that the benefits will always outweigh the costs. Rigorous efforts in managing the 
entire process are vital for successful implementation of any ERM programme. Post 
implementation review is also vital for re-alignment and control purposes. 
6.2.4 Systems 
All organisational systems must be positioned to impact favourably on successful ERM 
implementation. This includes organisational structure, human resource policies and practices, 
risk methodologies, tools and organisational culture. 
6.3 LIMITATIONS OF THE STUDY 
As far as other studies are concerned, this research has shortcomings that could not be avoided. 
This study had only 35 respondents. The sample size could not be expanded as time and funds 
were too limited to follow up on questionnaires. The majority of respondents were in Gaborone 
51 I P a g e 
city whereas a host of companies in other parts of Botswana in the financial sector could have 
been surveyed to obtain a much more conclusive affirmation regarding ERM implementation. 
6.4 RECOMMENDATIONS FOR FURTHER RESEARCH 
Researchers have room to expand the observation and sample elements in order to have a wider 
coverage of observations and population inclusiveness. A quantifiable cost benefit analysis of 
ERM implementation was not conducted. Perhaps future researchers could continue to conduct a 
survey exploring the financial and non-financial costs and benefits associated with ERM 
implementation. Finally, it should be emphasised here that longitudinal studies over a long 
period of time such as ten years or more are much encouraged. A continuous study from time to 
time, perhaps once every two years, would help considerably in identifying the benefits and 
challenges associated with ERM implementation. 
52 I Page 
7. REFERENCES 
1. Altuntas M , Berry - Stolple T R and Hoyt R E (2011) Dynamic Determinants of 
Enterprise Risk Management Adoption in the Property- Liability Insurance Industry: 
Evidence from Germany 
2. Alviunessen, A. , &Jankensgard, H. (2009). Enterprise Risk Budgeting: Bringing Risk 
Management into the Financial Planning Process. Journal of Applied Finance, 19(1/2), 
178-190. 
3. Bank Gaborone (2011) The 2011 Annual Report. 
4. Bank of Botswana (2011) The 2011 Annual Report. 
5. Bank of Botswana Directory (2012) 
6. Barclays Bank of Botswana (2011 ) The 2011 Annual Report. 
7. Beasley M, (2010) Embracing emerging expectations for risk management leadership. 
The American Institute of Certified Public Accountants. 
8. Beasley M, Branson B, and Hancook B, (2011) Report on the current state of Enterprise 
Risk Management. 
9. Beasley, M. S. Pagach, D. and Warr, R, (2006) The Information Conveyed In Hiring 
Announcements of Senior Executives Overseeing Enterprise-Wide Risk Management 
Processes, Working Paper, North Carolina State University. 
10. Beasley, M.S., Pagach, D. and Warr, R. (2008) ' Information Conveyed In Hiring 
Announcements of Senior Executives Overseeing Enterprise-Wide Risk Management 
Processes. ' Journal of Accounting, Auditing and Finance 23 (3): 311-332 
11. Bob, N. (2011 ). Enterprise Risk Management in Banks. Fincrest Financial Press. 
Johannesburg 
53 I Page 
12. Calandra Jr, J. , & Lane, S. (2006) . 'An Introduction to the Enterprise Risk Scorecard: 
Measuring Business Excellence, 10 (3): 31-40. 
13. Chase-Jenkins, L., Farr, I. , & Lebens, J. (2010). Risk Appetite: The Foundation of 
Enterprise Risk Management. In T. Watson (Ed.) Thought Leadership Series: Towers 
Watson. 
14. COSO (2004) Enterprise Risk Management- Integrated Framework: Executive Summary 
15. Culp S, Thompson C, Nadal J & Kim F (2011) Accenture Enterprise Risk 
Mismanagement Industry Report Banking. 
16. Dafikpaku E. (2011) The Strategic Implications of Enterprise Risk Management 
Framework http: //www.ermsymposium.org/2011 /pdf/Dafikpaku.pdf Accessed 10 
October 2012 
17 . Daud, W & Y azid, Shukri A, (2009) A Conceptual Framework for the Adoption of 
Enterprise Risk Management in Government-Linked Companies. International Review of 
Business Research Papers 5 (5): 229-238 
18. Daud, W. N. W. D., Yazid, A. S. & Hussin, H. M. R. (2010) The Effect of Chief Risk 
Officer (CRO) On Enterprise Risk Management (ERM) Practices: Evidence from 
Malaysia. International Business & Economics Research Journal (IBER), 9. 
19. De Vans, D.A. (2001) Research Design in Social Sciences. London SAGE 
http:/ /www.esfagentschap.be/uploadedFilesN oor_  ESF_ promotoren/Zelfevaluatie_  ESFpr 
oject/De%20Vaus%20ch%201.pdf Accessed 10 September 2012 
20. Deloitte Report (2012) Enterprise Risk Mismanagement Survey Report 2012 Financial 
Services. 
21. Deloitte Touche Tohmatsu Limited (Talley, 2006) 
22. Doyle, J. , Ge, W., and Mc Vay, S. (2007). Determinants of weaknesses in internal control 
over financial reporting. Journal ofA ccounting and Economics, Vol 44(1-2), 193-223. 
54 I Page 
23. Frantz, M. (2011). How much Cash Is At Risk? Evidence from US Non-Financial Firms. 
24. Gates, S. (2006), ' Incorporating Strategic Risk into Enterprise Risk Management: A 
Survey of Current Corporate Practice' . Journal of Applied Corporate Finance, 2006. 
18(4): 80-91. 
25 . Gates, S. (2006), Incorporating Strategic Risk into Enterprise Risk Management: A 
Survey of Current Corporate Practice. Journal of Applied Corporate Finance, 2006. 
18(4): 80-91. 
26. Golafshani, N. (2008) Understanding Reliability and Validity in Qualitative Research. 
The Qualitative Report. 
27. Gordon, L. A. , Loeb, M. P. , & Tseng, C. Y. (2009). Enterprise Risk Management and 
Firm Performance: A Contingency Perspective. Journal of Accounting and Public Policy, 
28(4) 301-327 
28. Gordon, L.A. , Loeb, M. P. , & Tseng, C.Y. (2009) . 'Enterprise Risk Management and 
Firm Performance' : A Contingency Perspective. Journal of Accounting and Public 
Policy, 28(4): 301-327. 
29. Goshen M, and Rasid A (2012).What leads to firms to Enterprise Risk Management 
Adoption? International Conference on Economics , Business and Management Vol 29 
LACSIT Press Singapore 
30. Harwell (2012) Research Design in Qualitative / Quantitative / Mixed Methods 
http://www.sagepub.com/upm-data/41165_ 10.pdf Accessed 10 September 2012 
31. Hoyt R, Moore D L, and Liebenberg A. P. (2008). The value of Enterprise Risk 
Management: Evidence from the US Insurance Industry. 
32. Hoyt R. and Liebenberg A. P. (2011). The value of Enterprise Risk Management. Journal 
ofR isk and Insurance Vol 78 No 4 193-223. 
55 I Page 
33 . Hoyt, R.E., and Liebenberg, A.P. (2008. "The Value of Enterprise Risk Management: 
http://www.aria.org/meetings/2006papers/Hoyt_  Li ebenberg_E RM_0 7 0606.p df. Octa ber 
2012http://www.coso.org/documents/coso_erm_executivesummary.pdf Accessed 07 
September 
34. Kaplan, R. S. , and A. Mikes. 2012. Managing Risks: A New Framework. Harvard 
Business Review 90(6): 48-6. 
35. Kitambara M. J. A (2012) Comparison of Simple Random Sampling and Stratified 
RandomSamplinghttp: //www.statssa.gov.za/ycs/SpeakerPresentations/Acropolis2/Day3/S 
ession%20VIIIB _ Dr. %20Nazeem%20Mustapha/Kitambara. pdf Accessed 10 September 
2012 
36. Knechel, W. R. , & Willekens, M. (2006). The Role of Risk Management and Governance 
in Determining Audit Demand. Journal of Business Finance & Accounting, 33(9 10), 
1344-1367. 
37. KPMG International (2006) Enterprise Risk Mismanagement an Emerging Model for 
Build Shareholder Value. 
38. Kucuk Yilmaz, A. (2009) Airport Enterprise Risk Management. 1(1). 
39. Lai F. W. Azian A. Samad F. (2010), "A Theoretical Appraisal of Value Maximizing 
Enterprise Risk Management", International Journal of Accounting Information Science 
and Leadership, 3, (6): 23 -41. 
40. Lam J (2007) Enterprise Risk Mismanagement at Asian Banks: From Challenges to 
Strategies 
41. Nacco, B.W. and Stulz, R.M. (2006). Enterprise Risk Management: Theory and Practice. 
Journal of Applied Corporate Finance, 18(4): 8- 20 
42. O'Donnell E., (2005). Enterprise Risk Management: A System-Thinking Framework for 
the Event Identification Phase. International Journal of Accounting Information Systems, 
6 (2005): 177-195 
56 I Page 
43. Paape L. and Spekle R. F. (2012) The adoption and design of Enterprise Risk 
Management practice: An empirical study: European Accounting Review. 
44. Pagach, D. &Warr, R. (2011). The characteristics of firms that hire chief risk officers. 
Journal of Risk and Insurance. 
45 . Pagach, D. and Warr, R. (2007). An Empirical Investigation of the Characteristics of 
Firms Adopting Enterprise Risk Management. North Carolina State University Working 
paper. 
46. Pricewaterhouse Coopers (2008) Managing Risk: An Assessment of CEO Perspectives. 
New York: PwC. 
47. Protiviti Independent Risk Consulting (2012) A guide to Enterprise Risk Management: 
Frequently Asked Questions 
48 . Rouse M. (2010) Enterprise Risk Management Whatls.com 
http://searchcio.techtarget.com/definition/enterprise-risk-management Accessed 09 
October 2012 
49. Simkins B. (2008) Enterprise Risk Management: Current Initiatives and Issues Journal 
of Applied Finance Roundtable 
50. The First National Bank of Botswana Limited Report (2011) The2 011 Annual Report 
51. Vaidyula S.R. Kaval (2012) Enterprise Risk Management for Banks 
http://www. wipro .com/d ocuments/insights/whi tepaper/ enterprise risk management for 
banks.pdf Accessed 10 September 2012 
52. Woon, L.F. , Azizan, N. A. , & Samad, M. F. A. (2011). 'A Strategic Framework for Value 
Enhancing Enterprise Risk Management' . Journal of Global Business and Economics, 
2(1) : 23-48. 
57 I Page 
53. Yazid, A. S., Hussin, M. R. , & Razali, A. R. (2008). A Cross-Sectional Study on Foreign 
Exchange Risk Management by Malaysian Manufacturers. International Business 
Management Journal, 28-32. 
58 I Page 
APPENDIX A: PERMISSION LETTER TO DO RESEARCH 
!I YNUONRTl8HE SWITI YiAl l8"0"K"ON"E"·"BO PHIRIMA NOOROWES-UNIVERSITEIT MAFIKEHG CAMPUS 
Graduate School of Business and 
Government Leadership (GSB&GL) 
Private Bag x 2946, Mmabatho 
South Africa, 2735 
Tel: 018-389 2437 Fax: 018-389 2335 
Email: Graduateschool@nwu.ac.za 
18 September 2012 
TO WHOM IT MAY CONCERN 
Permission to conduct research- MS M M Morima-MBA student 
This letter serves to introduce MS M M Morima who is presently a registered student for 
Master in Business Administration (MBA) programme at the Graduate School of 
Business and Government Leadership of the North West University. She is conducting a 
research project on, "The Benefits and Challenges of Enterprise Risk Management 
(ERM) Implementation in Financial Institutions in Botswana" towards a partial 
fulfillment of her MBA programme. 
In this regard, your office is requested to afford her full co-operation to conduct this 
research. In particular, MS M M Morima requires permission to access information, data 
or even to distribute questionnaires. 
Your cooperation will be highly appreciated. 
Felicia Moruntshe 
Research Officer 
APPENDIXB: THE QUESTIONNAIRE 
QUESTIONNAIRE FOR ACADEMIC RESEARCH 
(in partial fulfilment oft he requirements of Master in Business Administration) 
By 
Masego Mercy Morima 
Cell phone: (+267)71565617 
Email: mercymorima@gmail.com 
The purpose of this questionnaire is to gather information to be used in addressing the topic: 
The Benefits and Challenges of Enterprise Risk Management (ERM) Implementation in 
Financial Institutions in Botswana 
Dear respondent 
Thank you for your anticipated cooperation in this research work. You are kindly reminded 
that the information that you provide will be solely used for academic research purposes for 
the partial fulfilment of the requirements of Master in Business Administration (MBA) at the 
North-West University. Your responses wi ll be treated with the utmost confidentiality. To 
enable an accurate assessment, it is important that all information requested in the 
questionnaire be provided by you as completely and accurately as possible. 
Thank you I f',I\NlJ I 
_LIBRARY_ 
QUESTIONNAIRE 
THE BENEFITS AND CHALLENGES OF ERM IMPLEMENTATION IN 
FINANCIAL INSTITUTIONS IN BOTSWANA 
Section A: ERM function and processes 
I. Please state your primary business 
Commercial Bank □ 
Investment Bank □ 
Development Financial Institution □ 
Building Society □ 
Other □ 
2. Do you have an ERM process and/or function in place? 
Dimension Tick 
Yes, both process and function 
Yes, process 
Yes, function 
No, but considering adoption in short term (one to three years) 
No, but considering adoption in short term (more than three years) 
No, and not considering 
3. If NO, What do you have in place to deal with enterprise risk in your organisation? 
4. IfYES, how long has the ERM process and/or function been in place? 
Less than I year D 
Between 2 and 4 years □ 
More than 5 years D 
5. What is the level of maturity of your organisation ' s ERM process? 
Very immature D 
Somewhat immature D 
Between immature and mature □ 
Somewhat mature □ 
Very mature □ 
6. Please indicate the extent to which framework(s) are used for ERM guidance. 
COSO's ERM framework D 
Other framework (please specify) D 
ISO □ 
Turnbull Guidance D 
South African adopted D 
Basel III D 
Systemic risk initiatives D 
Various implementation efforts 
(e.g. BOB ERM Regulations) □ 
No one framework D 
Don't know D 
Not applicable D 
7. What types of risk do you attempt to manage within your ERM framework? 
Dimension Tick Dimension Tick Dimension Tick 
Operational risk Reputation Strategic 
Credit risk Business continuity/IT Model risk 
Market risk Security Litigation 
Liquidity risk Regulatory/compliance Hazard or insurable 
risks 
Vendor Budgeting/Financial Geopolitical 
Privacy Other* 
Section B: Benefits of ERM Implementation 
8. Is the value of your ERM programme greater than its cost? 
Yes D No D Difficult to quantify D 
9. Please evaluate the benefits of enterprise risk management to your bank 
ERM Benefits Strongly Disagr Neutral Agree Strongly 
disagree ee agree 
a ERM results in the effective identification, 1 2 3 4 5 
assessment and management of organisation-wide 
risk 
b ERM improves firm's performance I 2 3 4 5 
C ERM improves operations through the effective 1 2 3 4 5 
and efficient use of its resources. 
d ERM improves the reliability of reporting 1 2 3 4 5 
e ERM improves bank strategy and high-level goals I 2 3 4 5 
by aligning with and supporting the mission 
f ERM ensures compliance with applicable laws 1 2 3 4 5 
and regulation 
g ERM addresses critical bank issues such as I 2 3 4 5 
growth, return, consistency and value creation 
h ERM results in decreased earnings volatility I 2 3 4 5 
I ERM results in a decreased market to book ratio 1 2 3 4 5 
J ERM results in increased asset opacity 1 2 3 4 5 
k ERM increases the board ' s and senior I 2 3 4 5 
management ' s ability to oversee portfolio risks 
1 ERM helps reduce unacceptable performance 1 2 3 4 5 
variability 
rr ERM helps align and integrate varying views of I 2 3 4 5 
risk management 
n ERM helps build confidence of investment 1 2 3 4 5 
community and stakeholders 
o ERM helps enhance corporate governance 1 2 3 4 5 
p ERM helps to successfully respond to a changing 1 2 3 4 5 
business environment 
C ERM helps align strategy to corporate culture 1 2 3 4 5 
Section C: Challenges associated with ERM implementation 
10. How significant are the fo llowing challenges to your organisation in implementing an 
ERM programme or equ ivalent? 
Dimension Very Somewhat Insignificant 
significant significant 
Data 
Culture 
Tools and supporting technology systems 
Human resources policies and practices 
Risk methodology 
Organisational structure 
Cost of implementation 
Short-term perspective of risks 
Long-term perspective of risks 
The quantifiable financial benefits exceed the costs 
11. How effective do you think your organisation is at managing the fo llowing risks? 
Dimension Extremely Very Don't Very Extremely 
effective effective know ineffective ineffective 
Operational risk 
Credit risk 
Market ri sk 
Liquidity risk 
Vendor 
Privacy 
Reputation 
Business continuity/IT 
Security 
Regulatory/ Comp Ii ance 
Budgeting/Financial 
Other(please specify) j """A 
Strategic r . _1wv, ,u 
Model risk LIHH rlDV 
Litigation -- • llr -
Hazard or insurable risks 
Geopolitical 
Section D: Improving the ERM process 
12. What can be done to improve the ERM process in financial institutions in Botswana? 
THANK YOU 
APPENDIXC: THE PILOT STUDY REPORT 
PILOT STUDY REPORT 
The questionnaires were administered to two banks. 
o Bank Gaborone 
o Barclays Bank 
Analysis of respondents 
• The respondents who filled in the questionnaires were risk managers. 
• The respondents understood the questions and had no problems answering the 
questionnaires. 
• The questions were found to be relevant to the research questions. 
• The respondents were willing to answer the questions. They responded to them within 
20 minutes. 
• The researcher did not rephrase any questions in the instrument. 
A pilot study was administered to two respondents who are risk managers at both banks.The 
researcher made sure that there were similarities to the target population to whom the final 
questionnaire would be administered. During the pilot study each question was discussed and 
analysed in order to check the readability and comprehensibility of the questionnaire. One 
questionnaire was used for all categories of respondents. 
A summary of the results and corresponding frequencies is given below. 
Please state your primary business 
Frequency Percent Valid percent K:umulative per cent 
Valid Commercial Bank 2 100.0 100.0 100.0 
Do you have an ERM process and/or function in place? 
Frequency Percent Valid per cent K::umu lative per cent 
Valid Yes, both process and ~ 100.0 100.0 100.0 
function 
If yes, how long has the ERM process and /or function been in place? 
Frequency Per cent Valid per cent K::umu lative per cent 
Valid Between 2 and 4 1 50.0 50.0 50.0 
years 
More than 5 years 1 50.0 50.0 100.0 
Total ~ 100.0 100.0 
What is the level of maturity of your organisation's ERM process? 
Frequency Per cent ~alid per cent Cumulative per cent 
Valid Very immature~ 100.0 100.0 100.0 
Framework used for ERM guidance 
Both respondents stated that they employed all listed frameworks for guidance, that is, COSO 
ERM Framework, ISO, Turnbull , SA adopted, Basel III, systemic risk initiatives and various 
implementation efforts. 
Risks managed: 
Both respondents indicated that they manage all the risks listed in the questionnaire. 
Benefits of ERM implementation 
Is the value of your ERM programme greater than its cost? 
Frequency Per cent Valid per cent Cumulative per cent 
Valid Yes 2 100.0 100.0 100.0 
ERM results in the effective identification, assessment and management of organisation-
wide risk 
Cumulative per 
Frequency Per cent Valid per cent cent 
Valid Agree 1 50.0 50.0 50.0 
Strongly agree 1 50.0 50.0 100.0 
Total Q 100.0 100.0 
ERM improves firm ' s performance 
!Frequency !Per cent Valid per cent K::umulative per cent 
[Valid Agree 1 50.0 50.0 50.0 
Strongly agree 1 50.0 50.0 100.0 
Total ~ 100.0 100.0 
ERM improves operations through the effective and efficient use of its resources 
Frequency Per cent Valid per cent Cumulative per cent 
Valid Agree 1 50.0 50.0 50.0 
Strongly agree 1 50.0 50.0 100.0 
Total 2 100.0 100.0 
ERM improves the reliability of reporting 
Frequency Per cent [Valid per cent Cumulative per cent 
[Valid Agree 2 100.0 100.0 100.0 
ERM improves bank strategy and high-level goals by aligning with and supporting the 
m1ss10n 
Frequency Per cent Valid per cent tumulative per cent 
Valid Strongly agree ~ 100.0 100.0 100.0 
ERM ensures compliance with applicable laws and regulations 
Frequency ~er cent Valid per cent tumulative per cent 
Valid Agree 1 50.0 50.0 50.0 
Strongly agree 1 50.0 50.0 100.0 
Total ~ 100.0 100.0 
ERM addresses critical bank issues such as growth, return, consistency and value 
creation 
!Frequency ~er cent Valid per cent tumulative per cent 
~alid Strongly agree ~ 100.0 100.0 100.0 
ERM results in decreased earnings volatility 
!Frequency ~er cent Valid per cent tumulative per cent 
Valid Agree 1 50.0 50.0 50.0 
Strongly agree 1 50.0 50.0 100.0 
Total ~ 100.0 100.0 
ERM results in decreased market to book ration 
!Frequency Per cent Valid per cent tumulative per cent 
~alid Strongly agree ~ 100.0 100.0 100.0 
ERM results in decreased market to book ratio 
Frequency Per cent Valid per cent tumulative per cent 
~alid Strongly agree ~ 100.0 100.0 100.0 
ERM increases the board ' s and senior management's ability to oversee portfolio 
risks 
Frequency Per cent Valid per cent Cumulative per cent 
~alid Strongly agree ~ 100.0 100.0 100.0 
ERM helps reduce unacceptable performance variability 
Frequency [Per cent Valid per cent K:umulative per cent 
Valid Agree 1 50.0 50.0 50.0 
Strongly agree 1 50.0 50.0 100.0 
Total ~ 100.0 100.0 
ERM helps align and integrate varying views of risk management 
Frequency Per cent Valid per cent Cumulative per cent 
!Valid Agree ~ 100.0 100.0 100.0 
ERM helps build confidence of investment community and stakeholders 
Frequency Per cent Valid per cent Cumulative per cent 
Valid Agree 1 50.0 50.0 50.0 
Strongly agree 1 50.0 50.0 100.0 
Total 2 100.0 100.0 
ERM helps enhance corporate governance 
Frequency Per cent Valid per cent Cumulative per cent 
Valid Agree 1 50.0 50.0 50.0 
Strongly 1 50.0 50.0 100.0 
Agree 
Total 2 100.0 100.0 
ERM helps to successfully respond to a changing business environment 
Frequency Per cent Valid per cent Cumulative per cent 
Valid Agree 1 50.0 50.0 50.0 
Strongly agree 1 50.0 50.0 100.0 
Total 2 100.0 100.0 
ERM helps align strategy with corporate culture 
!Frequency [Per cent Valid per cent tumulative per cent 
Valid Agree 1 50.0 50.0 50.0 
Strongly agree 1 50.0 50.0 100.0 
Total ~ 100.0 100.0 
How significant are the challenges to your organisation when implementing an ERM 
programme (data) 
Frequency Per cent ~alid per cent tumulative per cent 
Valid Very significant 1 50.0 50.0 50.0 
Somewhat 1 50.0 50.0 100.0 
significant 
Total 2 100.0 100.0 
How significant are the challenges to your organisation when implementing an ERM 
programme (culture) 
Frequency Per cent Valid per cent tumulative per cent 
Valid Very significant 1 50.0 50.0 50.0 
Somewhat 1 50.0 50.0 100.0 
significant 
Total 2 100.0 100.0 
How significant are the challenges to your organisation when implementing an ERM 
programme (tools and supporting technology systems) 
!Frequency Per cent Valid per cent tumulative per cent 
Valid Very significant 1 50.0 50.0 50.0 
Somewhat 1 50.0 50.0 100.0 
significant 
Total ~ 100.0 100.0 
How significant are the challenges to your organisation when implementing an ERM 
programme (human resources policies and practices) 
Frequency Per cent Valid per cent K::umulative per cent 
Valid Very significant 1 50.0 50.0 50.0 
Somewhat 1 50.0 50.0 100.0 
significant 
Total ~ 100.0 100.0 
How significant are the challenges to your organisation when implementing an ERM 
programme (risk methodology) 
!Frequency Per cent Valid per cent Cumulative per cent 
~alid Somewhat ~ 100.0 100.0 100.0 
significant 
How significant are the challenges to your organisation when implementing an 
programme ( organisational structure) 
Frequency Per cent Valid per cent !Cumulative per cent 
!Valid Very significant 1 50.0 50.0 50.0 
Somewhat 1 50.0 50.0 100.0 
significant 
Total ~ 100.0 100.0 
How significant are the challenges to your organisation when implementing an ERM 
programme ( cost of implementation) 
Frequency ~er cent Valid per cent tumulative per cent 
!Valid Very 2 100.0 100.0 100.0 
significant 
How significant are the challenges to your organisation when implementing an ERM 
programme (short-term perspective of risks) 
Frequency Per cent Valid per cent Cumulative per cent 
Valid Very 2 100.0 100.0 100.0 
significant 
How significant are the challenges to your organisation when implementing an ERM 
programme (long-term perspective of risks) 
Frequency Per cent Valid per cent Cumulative per cent 
Valid Very 2 100.0 100.0 100.0 
significant 
How significant are the challenges to your organisation when implementing an ERM 
programme (the quantifiable financ ial benefits exceed the costs) 
!cumulative per 
Frequency Per cent Valid per cen1 !cent 
!Valid Very significant 1 50.0 50.0 50.0 
Somewhat 1 50.0 50.0 100.0 
significant 
Total ~ 100.0 100.0 
How effective do you think your organisation is at managing (operational risk) 
Frequency Per cent !valid per cen1! Cumulative per cent 
Valid Very 2 100.0 100.0 100.0 
effective 
How effective do you th ink your organisation is at managing ( credit risk) 
!Frequency lPer cent Valid per cent K::umulative per cent 
Valid Very 2 100.0 100.0 100.0 
effective 
How effective do you think your organisation is at managing (market risk) 
Frequency Per cent Valid per cent Cumulative per cent 
!Valid Extremely 1 50.0 50.0 50.0 
effective 
Very effective 1 50.0 50.0 100.0 
Total 2 100.0 100.0 
How effective do you think your organisation is at managing (liquidity risk) 
Frequency Per cent IV al id per cent K::umulative per cent 
!Valid Extremely 1 50.0 50.0 50.0 
effective 
Very effective 1 50.0 50.0 100.0 
Total 2 100.0 100.0 
How effective do you think your organisation is at managing (vendor) 
Frequency Per cent Valid per cent K::umulative per cent 
!Valid Extremely 1 50.0 50.0 50.0 
effective 
Very effective 1 50.0 50.0 100.0 
Total 2 100.0 100.0 
How effective do you think your organisation is at managing (privacy) 
Frequency Per cent Valid per cent (:umulative per cent 
!Valid Extremely 2 100.0 100.0 100.0 
effective 
How effective do you think your organisation is at managing (reputation) 
Valid Per 
Frequency Per cent icent K::umu lative Per cent 
Valid Extremely 2 100.0 100.0 100.0 
effective 
How effective do you think your organisation is at managing (business continuity/ 
IT) 
Frequency Per cent Valid per cent Cumulative per cent 
Valid Extremely 2 100.0 100.0 100.0 
effective 
How effective do you think your organisation is at managing (security) 
Frequency Per cent Valid per cent (:umulative per cent 
Walid Extremely 1 50.0 50.0 50.0 
effective 
Very effective 1 50.0 50.0 100.0 
Total 2 100.0 100.0 
How effective do you think your organisation is at managing (regulatory) 
compliance) 
Frequency Per cent Valid per cent tumulative per cent 
Valid Extremely 1 50.0 50.0 50.0 
effective 
Very effective 1 50.0 50.0 100.0 
Total 2 100.0 100.0 
How effective do you think your organisation is at managing (budgeting/financial) 
Frequency Per cent !Valid per cent Cumulat ive per cent 
Valid Very 2 100.0 100.0 100.0 
effective 
How effective do you think your organisation is at managing (strategic) 
Frequency Per cent !Valid per cent Cumulative per cent 
Valid Very 2 100.0 100.0 100.0 
effective 
How effective do you think your organisation is at managing (model risk) 
Frequency Per cent IV alid per cent Cumulative per cent 
Valid Very 2 100.0 100.0 100.0 
effective 
How effective do you think your organisation is at managing (litigation) 
Frequency Per cent Valid per cent K:umulative per cent 
Valid Extremely 1 50.0 50.0 50.0 
effective 
Very effective 1 50.0 50.0 100.0 
Total 2 100.0 100.0 
How effective do you think your organisation is at managing (hazard or insurable 
risks) 
Frequency Per cent Valid per cent K::umulative per cent 
Valid Extremely 1 50.0 50.0 50.0 
effective 
Very effective 1 50.0 50.0 100.0 
Total 2 100.0 100.0 
How effective do you think your organisation is at managing (geopolitical) 
!Frequency Per cent Valid per cent Cumulative per cent 
Valid Extremely 1 50.0 50.0 50.0 
effective 
Very effective 1 50.0 50.0 100.0 
Total 2 100.0 100.0 
APPENDIX 0 : LIST OF RESPONDENTS (FINANCIAL INSTITUTIONS) 
LIST OF RESPONDENTS (FINANCIAL INSTITUTIONS) 
Financial Institution Sent Returned 
Commercial Banks 
1. Bank Gaborone X2 X2 
2. First National Bank X2 X2 
3. Bank ABC X2 X2 
4. Capital Bank X2 X2 
5. Barclays Bank X2 X2 
6. Standard Chartered Bank X2 X2 
7. Stanbic Bank X2 X2 
8. Botswana Savings Bank X2 X2 
9. Bank of Baroda X2 X2 
10. National Development X2 X2 
Bank(Commercial) 
Sub-total 20 20 
Development Financial Institutions 
11. National Development Bank X2 X2 
12. Botswana Development X2 X2 
Corporation 
13. Citizen Entrepreneurship X2 X2 
Development Agency 
Sub-total 6 6 
Building Societies 
14. Botswana Building Society X2 X2 
Sub-total 2 2 
Investment Banks 
15 . Kingdom Bank X2 X2 
Sub-total 2 2 
Others 
Biz Capital X2 2 
Botswana IFSC X2 2 
Letshego Financial Services X2 2(1 returned blank) 
Sub-total 6 6 
APPENDIX E: THE EDITOR'S DECLARATION 
EDITOR'S DECLARATION 
LYN VOIGT LITERARY SERVICES 
Lyn Voigt: B. Mus. (Eng Hons) [Wits] H. Dip. Ed. [JCE] 
PO Box 383 Tel/Fax: (011) 478 0634 35 El Prado 
Ridge Terrace Randpark Ridge 
2194 
EDITOR'S DECLARATION 
I, Lyn Voigt, confirm that I edited the dissertation: A mini dissertation submitted in partial 
fulfilment of the requirements for the degree of Master of Business Administration in 
Financial Management in the Graduate School of Business and Government Leadership. 
Mafikeng Campus, North-West University 
Written by MASEGO MORIMA 
LE Voigt 
Language practitioner 
Date: 10 November 2012