Page 1

OPERATIONAL RISK MANAGEMENT AND FINANCIAL PERFORMANCE OF SACCOs IN UGANDA: A CASE STUDY OF WAZALENDO SACCO

BY KANGUME K.K. ELIZABETH 2012/FEB/MBA/WKD/M1047

A DISSERTATION SUBMITTED TO THE SCHOOL OF BUSINESS ADMINISTRATION IN PARTIAL FULFILMENT OF THE REQUIREMENTS FOR THE AWARD OF THE DEGREE OF MASTER OF BUSINESS ADMINISTRATION (MANAGEMENT OPTION) OF NKUMBA UNIVERSITY

2015 1


DECLARATION

I, KANGUME KATE KICONCO ELIZABETH, declare that this study is my original work. Where the work of others has been incorporated, due acknowledgement has been made. This dissertation to the best of my knowledge has never been submitted for the award of an academic award in a University or other institution of higher learning.

Signature ………………………………….. Date ………………………………………. KANGUME KATE KICONCO ELIZABETH

1


APPROVAL

This is to certify that this study has been carried out under my supervision and has been submitted for examination with my approval.

Signature

……………………………… Date ………………………………. Fredrick Mambya Ngobo Supervisor

2


DEDICATION

This dissertation is dedicated to my dear Mother Enid Katungwa Kohairwe and my late grandparents Mr. and Mrs. Katungwa.

3


ACKNOWLEDGEMENT

Every work is certainly impossible to accomplish single handedly. It is therefore with heartfelt gratitude that I convey thanks to all of you-family, colleagues and friends. I will first of all thank the Lord Almighty who has been my rock. He has kept me alive, provided for me and given me the wisdom to complete this course. He deserves the glory. Special thanks to Uncle Onesmus Asiimwe, for the supportive spirit throughout the process of studying and writing this dissertation. Sincere gratitude to Rtd. Archbishop Henry Luke Orombi for the unfailing parental love. Thank you Daddy. Thanks to Uncle Robert and Aunt Doreen Rusoke for your support and generosity. You bless my soul. To Uncle Kagoro Asingura for the advise and research placements. Finally, I appreciate my supervisor, Mr. F. M Ngobo without whom this work would not have existed. Through your guidance, support and cooperation, you willingly guided me and corrected me. I thank you all, May God bless you abundantly.

4


TABLE OF CONTENTS

TITLE PAGE……………………………………………………………………………… ……………………….. DECLARATION..............................................................................................................................i APPROVAL.....................................................................................................................................ii DEDICATION................................................................................................................................iii ACKNOWLEDGEMENT..............................................................................................................iv LIST OF TABLES..........................................................................................................................vi LIST OF FIGURES.......................................................................................................................vii ACRONYMS...............................................................................................................................viii ABSTRACT...................................................................................................................................ix CHAPTER ONE............................................................................................................................1 1.0 Introduction................................................................................................................................1 1.1 Background to the study............................................................................................................1 1.2 Statement of the Problem.........................................................................................................13 1.3 Purpose of the study.................................................................................................................14 1.4 Objectives of the study............................................................................................................14 1.5 Research questions...................................................................................................................14 1.6 Hypotheses...............................................................................................................................15 1.7 Scope of the study....................................................................................................................15 1.8 Significance of the study.........................................................................................................15 CHAPTER TWO.........................................................................................................................17 STUDY LITERATURE...............................................................................................................17 2.1 Introduction.............................................................................................................................17 2.2 Literature Survey....................................................................................................................17 2.3 Literature review.....................................................................................................................20 2.4 Risk Management Controls Employed in SACCOs...............................................................22 2.5 How the approach to Operational Risk Management affects the members’ returns and the SACCO’s profitability............................................................................................................29 2.6 The extent to which appropriate management action has been taken to increase the amount of loans disbursed and manages liquidity risk/revenue growth in the SACCO........41 2.9 Conclusion...............................................................................................................................58 CHAPTER THREE.....................................................................................................................59 METHODOLOGY......................................................................................................................59 3.1. Introduction.............................................................................................................................59 3.2 Research Design.....................................................................................................................60 3.3 Study Population.....................................................................................................................60 3.3.2 Response rate........................................................................................................................60 3.3.3 SEX OF THE RESPONDENTS...........................................................................................61 3.3.4 AGE OF THE RESPONDENTS..........................................................................................63 3.3.5 EDUCATION LEVEL OF THE RESPONDENTS..............................................................64 3.3.6 POSITIONS OCCUPIED BY THE RESPONDENTS.........................................................65 5


3.3.7 Respondents according to job experience.............................................................................66 3.3.8 Distribution of respondents according to marital status.......................................................67 3.5 Data collection procedures......................................................................................................68 3.6 Data collection methods..........................................................................................................68 3.7 Data collection instruments.....................................................................................................69 3.8 Quality control of data collection Instruments........................................................................69 3.8.1 Content Validity....................................................................................................................69 3.8.2 Content Reliability................................................................................................................70 3.9 Limitations to the study...........................................................................................................70 3.10 Interviewing...........................................................................................................................71 3.11 Data processing......................................................................................................................71 3.12 Data analysis..........................................................................................................................71 CHAPTER FOUR.......................................................................................................................72 THE RISK CONTROL PRACTICES THAT ARE EMPLOYED BY WAZALENDO SACCO.........................................................................................................................................72 CHAPTER FIVE.........................................................................................................................89 HOW THE APPROACH TO OPERATIONAL RISK MANAGEMENT AFFECTS THE MEMBERS’ RETURNS AND THE SACCO’S PROFITABILITY.............................................................................................................89 CHAPTER SIX............................................................................................................................96 THE EXTENT TO WHICH APPROPRIATE MANAGEMENT ACTION BEEN TAKEN TO INCREASE THE AMOUNT OF LOANS DISBURSED AND MANAGE LIQUIDITY RISK/REVENUE GROWTH IN THE SACCO.................................................................96 CHAPTER SEVEN...................................................................................................................102 TOWARDS HARMONIZING OPERATIONAL RISK MANAGEMENT AND FINANCIAL PERFORMANCE IN WAZALENDO SACCO...............................................102 CHAPTER EIGHT....................................................................................................................116 SUMMARY, DISCUSSIONS CONCLUSIONS AND RECOMMENDATIONS.................116 8.1 Introduction...........................................................................................................................116 8.2 Summary of findings............................................................................................................116 8.2.2 How the approach to operational risk management affects the members’ returns and the SACCO’s profitability.......................................................................................................118 8.2.3 The extent to which appropriate management action been taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO......................118 8.3 Conclusions of findings........................................................................................................119 8.3.1 The risk management controls/practices employed by Wazalendo SACCO....................119 8.3.2 How the approach to operational risk management affects the members’ returns and the SACCO’s profitability.......................................................................................................120 6


8.3.3 The extent to which appropriate management action been taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO......................120 8.4 Recommendations............................................................................................................120 8.4.1 The risk management controls/practices employed by Wazalendo SACCO....................120 8.4.2 How the approach to operational risk management affects the members’ returns and the SACCO’s profitability.......................................................................................................121 8.4.3 The extent to which appropriate management action been taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO......................121 8.5 8.6

Contributions of the study...............................................................................................122 Areas of further research.................................................................................................122

7


LIST OF TABLES

8


LIST OF FIGURES

9


ACRONYMS

10


ABSTRACT The study examined the relationship between Operational Risk Management and Financial Performance of SACCOs in Uganda focusing on Wazalendo SACCO. The study was guided by the following objectives: to examine the risk management controls/practices employed by Wazalendo SACCO; to examine how Wazalendo SACCO’s approach to Operational Risk Management has affected the members’ returns and the SACCO’s profitability; and to establish the extent to which operational risk has affected loan flows and liquidity. The study utilized a case study research design involving both qualitative and quantitative research approaches. The study population comprised all employees within Wazalendo SACCO Head office who where a sample of 122 respondents were interviewed. The study found out that the risk management controls/practices employed by Wazalendo SACCO included leadership, planning and strategic alignment, monitoring, reporting and continuous improvement, training and performance appraisal, employee involvement, empowerment and communication. The SACCOs Approach to operational risk management had enabled the organization to meet its targets over three years and the members returns had improved as well as the loan to asset ratio reducing the SACCO’s Portfolio at Risk as well as improving its interest Cover Ratio. The study showed a positive relationship between operational risk management and financial performance implying that the more risk management is the better the financial performance of Wazalendo SACCO The study recommends that Wazalendo SACCO makes the management of operational risk an integral part of the strategic decision making process so that continuous monitoring should support risk management decisions to help maintain organizational risk tolerance at acceptable levels. The organization should also involve or consult employees in the implementation of the risk management exercise. This will make them feel part of the organization and will improve their motivation to manage operational risks

11


It is suggested that the organization should strive to improve on its debt ratio by employing an operational risk management framework that will focus on eliminating and leaving debts to acceptable levels.

12


CHAPTER ONE 1.0 INTRODUCTION

1.1

Background to the study

This study examined the relationship between Operational Risk Management and Financial Performance. It focused on Wazalendo SACCO as a case. Like every business; Wazalendo SACCO has strategic and operational objectives. It is an institutional SACCO whose objective is to facilitate members by providing easily accessible, flexible credit and savings services, through appropriate and sustainable mechanisms. The institutional assessment of the SACCO however, has revealed the existence of sufficient opportunities as well as challenges. These challenges take the form of risks which have the potential to disrupt the achievement of the SACCO’s strategic and operational objectives. That said, the environment within which Wazalendo SACCO operates is expected to remain generally stable and conducive for continued increase in demand for financial services in the medium to long term. It is therefore intentional to choose Wazalendo SACCO as a case since its volume of business is high in terms of membership and liquidity. It has an asset base over and above Uganda Shillings 148 Billion (Ayali, 2000). It is therefore important that every effort is made to manage risk appropriately to maximize potential opportunities and minimize the adverse effects. It is against this background that a study on Operational Risk Management and Financial Performance of the SACCO was conducted with the aim of engaging risk management practices to make better informed decisions and improve the probability of achieving its strategic and operational objectives. The study was motivated by the collapse of some financial institutions in the late 1990s and early 2000s. It was therefore appropriate for the researcher to establish the current operational risk management practices of WaSACCO and ascertain how these practices/approaches can be improved. Effective operational risk management practices (a comprehensive risk management framework) are extremely important from the viewpoint of ensuring the soundness and appropriateness of a financial institution’s business. According to Alijoyo (2004), risk exists as consequence of uncertainty and is present in all activities whatever the size or complexity and whatever the industry or business sector. It is 1


important to understand that risk is a broader concept than the traditional view of merely a threat. It also recognizes the risk of taking or not taking opportunities. It includes threats (damaging events) which could lead to failure to achieve objectives (Alijoyo, 2004). Opportunities (challenges) which if exploited could offer an improved way of achieving the desired objectives but which could potentially have negative impacts. Risk management on the other hand is considered to be fundamental to good management practice and a significant aspect of corporate governance. Risk management must be an integral part of an organization’s decision making and routine management, and must be incorporated within the strategic and operational planning process at all levels across the organization. Cheng (1998) points out that risk assessments are conducted on new ventures and activities, including projects, processes, systems and commercial activities to ensure that these are aligned with the organization’s objectives and goals. Any risks or opportunities arising from these assessments are identified, analysed and reported to the appropriate management level. The organization then maintains a strategic risk register. Risk Management involves adopting and applying a systematic process to identify, analyse, assess, control and monitor risk so that it is mitigated and maintained within an acceptable confine. Risk Management is a business tool and a part of “good management” and good planning processes (ibid). Operational risks emanate from human error, system failures and inadequate procedures and controls, technology failures, breaches in internal controls, fraud and unforeseen catastrophes. Operational risks have the effect of rendering the institution insolvent. Operational problems can result in unexpected losses (ibid). This is evident in the recent global corporate failures. Operational risks exist in all products and business activities and if not managed properly, operational risk can lead to: a) Financial/Monetary losses b) Misstatements of an institution risk profile c) Loss of reputation, which impacts the institution’s credibility and ability to transact. Financial Performance meant a subjective measure of how well a firm can use assets from its primary mode of business and generate revenues. This term is also used as a general measure of a firm's overall financial health over a given period of time, and can be used to compare similar 2


firms across the same industry or to compare industries or sectors in aggregation. There are many different ways to measure financial performance, but all measures should be taken in aggregation. Line items such as revenue from operations, operating income or cash flow from operations can be used, as well as total unit sales. Furthermore, the analyst or investor may wish to look deeper into the financial statements and seek out margin growth rates or any declining debt. When it comes to descriptive measures of financial position and performance, we look at it in terms of total assets, total liabilities, owners’ equity, gross revenues, total expenses and net company income. Ratios rather than absolute financial measures are often used for benchmarking. Ratios present financial information in the form of a relative relationship between two absolute measures of performance. This removes the influence that business size has on the measure, making ratios easier to compare and interpret than absolute measures. For example, liquidity can be measured by working capital (current assets minus current liabilities), but in order to know if the level of working capital is adequate, the size of the company must be known. Financial performance is measured in terms of; Profitability; Return on Assets (ROA); Return on Equity (ROE); Liquidity; Solvency; Revenue per full-Time Laborer (FTL); and Operating Expense Ratios. Financial performance entails, it entails statements of financial performance/statement of comprehensive income/ statement of financial position. It covers statements of cash flow and capital expenditure and funds sources. The relationship between risk management and financial performance creates a need for accountability and incentives in integrating risk and performance management. Companies have appeared to be split in their approach to oversight in managing risk and performance. While 51 percent of the executives surveyed by Pricewaterhouse Coopers’ 2008 Management Barometer, one person (most frequently the CFO) or group were found to be responsible for both risk management and performance management, 49 percent reported that oversight resides with a combination of executives. In some sectors, such as financial services and energy, chief risk officers are most often accountable for risk management and mitigation. But in many other industries, accountability for risk typically falls to the CFO, with input from the chief operating officer. A centralized, top-down approach to risk may work for some companies, but as recent events have shown, a more collaborative, integrated accountability structure that provides 3


appropriate incentives at every level of the organization may be better suited to managing risk alongside performance in an increasingly interconnected business world Savings and Credit Cooperative Organizations (SACCOs) are among the poorly understood entities in most countries that comprise the existing institutional base for financial intermediation (Cuevas and Fisher, 2006). These institutions’ are member owned whose core business is to encourage thrift and easy access to credit to their members. Members pull resources together in form of savings, and the SACCO uses the mobilized savings to extend small credit facilities to them (Were, 2009). They are user owned financial cooperatives that offer savings, credit and other financial services to their members (WOCCU report, 2005). Co-operatives, like other private sector enterprises, have not remained untouched by the recent corporate governance scandals (Shaw, 2006). SACCO governance is the system in which SACCOs are led, enabled and its leadership held accountable for the actions taken in a bid to manage the SACCOs in the interests of all members (Ssemwanga, 2009). According to the Rural SPEED report published in 2007 by Ssemwanga in 2009, a typical stylized organizational structure of a SACCO in Uganda consists of the Annual Shareholder Assembly which is the highest organ of the SACCO that elects volunteer officers to serve on the Board of Directors and the various committees as the member representatives. The Board adopts the fundamental policies of the SACCO and has them ratified by the Shareholder Assembly. The Executive Management develops proposals for the policies and important business decisions, refines them through consultation with the appropriate Board Committees, which endorse them for adoption by the full Board. Finally, the Executive Management is responsible for running the daily operations within the confines of the Board’s approved policies and procedures. SACCOs are user owned and managed organizations ranging in size from a handful to several thousand members, organized on the basis of the work place (among formal employees), markets (among vendors) or around a specific product in rural areas (Mutesasira et al., 1999). Each SACCO is governed by its members, who elect (from within the membership) unpaid volunteer officers and directors to determine the policies under which the SACCO operates. Voting is onemember-one-vote, regardless of the size of the member’s savings or loan balances (Goddard, McKillop, and Wilson, 2008). According to Branch and Baker (1998) member ownership and control is a key to credit unions. Credit unions have always been socially-minded and democratic financial institutions and traditionally savings-led. However, these very strengths could easily be 4


impediments to the effective governance that credit unions require to expand and compete in the financial market place. The liberalization of the financial sector by the Government of Uganda and Its policy of “prosperity for all” led to establishment of SACCOs (Mutesasira et al., 1999). Government has since adopted the strategy of supporting these SACCOs in a bid to bolster the level of savings mobilization and investment among the poorest of the poor. In Uganda, the SACCOs belong to Tier 4 in the Bank of Uganda (BoU) categorization of financial Institutions. Tier 4 Institutions share two key features: first, the BoU does not exercise prudential supervision over them, secondly, they are forbidden to mobilize deposits from the general public. They can accept only member savings (voluntary deposits and share capital). SACCOs fall under the Uganda Cooperatives Act 1992, which governs all cooperatives and which charges the Ministry of Trade, Tourism and Industry (MTTI) with maintaining a registry of cooperatives and overseeing their functioning and stability (CGAP report, 2005). According to Kyazze (2010) SACCOs operate under a generic cooperative law, shared with other cooperatives such as growers, marketing and consumers and hence their unique needs as financial institutions go unattended. Many SACCOs have fallen victim to poor management (CGAP report, 2006). Ssemwanga (2009) concurs with CGAP (2006) adding that in the past, management of many SACCOs in Uganda was so poor that most of them collapsed. When three microfinance institutions, known among the top twenty strong MFIs, collapsed in the recent past, the Microfinance industry in Uganda was shaken. All the three were leading market players in their regions of operation. One of the three was preparing to transform into a Micro Deposit-Taking Institution (MDI) having expanded operations in over 10 districts. The questions normally asked are: what went wrong? Could this situation have been avoided? The bottom line is that the institution owners and funders made huge financial losses, the industry’s reputation was injured and proposals were made to rethink the microfinance strategies and operations in the country. Wazalendo SACCO is a unique institutional SACCO in Uganda, bringing financial services directly to members of the Uganda Peoples Defence Forces (UPDF) and an existing outreach covering the whole country. The major goal of forming Wazalendo SACCO was and still remains to address the welfare of members. It is not driven by search for profit like most of the commercial financial institutions. Welfare of the combatants and their families has always been and is still the priority of UPDF Leadership. The vision is to become a self sustaining SACCO to 5


drive the development of its members in the country. The mission is to mobilize funds in order to provide affordable financial services to members and improve their welfare. The corporate objectives of Wazalendo SACCO are; a) To facilitate members by providing easily accessible, flexible credit and savings services, through appropriate and sustainable mechanisms. b) To develop entrepreneurial, managerial and leadership skills and promote a culture of saving and investment among the members by continuous sensitization and mobilization. c) To maintain a dynamic, innovative and high performing institution with qualified staff, offering the most appropriate and effective financial services. d) To enter into any Memorandum of Understanding, Agreement, ventures and arrangements with any Government Authority, Non Government Organizations, Commercial or development Banks, Credit and Saving Institutions, Company or Persons that advance and respect the Company’s mission and objects and undertake any networking activities that enhance provision of financial services to the members. Wazalendo is implementing a risk management frame work/programme which seeks to align business opportunities and the taking of risk exposure to the ever present financial challenges in achieving its mission and core objectives. Wazalendo therefore considers all types of risks it faces, strategic, operational, financial, reputational, and regulatory and compliance risks.

The

framework provides a comprehensive approach for the SACCO to adopt in identifying and managing risks, which if not realised could prevent the SACCO in effectively achieving its goals, objectives and strategies. This frame work covers: Strategic risk, operational risk, market risk, credit risk, and compliance and anti money laundering. This framework is aligned to regulatory requirements and cognisance has taken industry best practices. The framework is all aimed at the same end: a) Obtain information and analyse data so that uncertainty is turned into quantifiable risk. It is only with quantifiable risk that appropriate management action can be taken. This is illustrated in the figure below,

6


Figure 1. Quantifiable Uncertainty

Uncertainty

Quantifiable Risk

Management Action Competitive Advantage Source: Cheng (1998) b) To bring about welli.

managed businesses,

ii.

relevant returns

iii.

strong members value and to

iv.

Avoid any surprises.

Risk management is an integral part of all the business activities that shall be undertaken by the SACCO. It goes hand in hand with the strategy formulation and business planning process, definition of key performance indicators (KPIs) and performance management. The business strategy and objective setting stage shall be the starting point for the institution’s risk management activity. The key strategies for the SACCO are aimed at creating and preserving value through increasing branch out reach, improving financial performance, diversifying products, continuously improving the service delivery process, development of human resources and seamlessly integrating new businesses into the SACCO’s existing operations. The SACCO’s risk management process links risk to value as depicted in Figure 2 of the enterprise value map below,

7


This study focused on both areas per the Risk Management Framework. The implementation of this framework becomes increasingly important in order for the SACCO to adopt and meet risk management challenges in a structured way so it can continually align its priorities and objectives against a background of changing risk and uncertainty. Risk management requires that the business events originators and managers are best placed to manage the risks that arise from their activities and operations, and therefore every employee should be part of a consistent and knowledgeable risk culture within the organization. This implies that staff must be aware of the various bank risks, and should take ownership and responsibility for the risks generated in their areas of operation. This risk management framework encompasses the whole spectrum of risk management ranging from; Governance with roles and responsibilities of key role-players in the risk management process, reporting and monitoring responsibilities, and the scope of the risks. The purpose of the risk management frame work is to provide the mechanism for the overall risk management strategic direction of the SACCO. 1.2

Statement of the Problem

Wazalendo SACCO has registered numerous innovations which have modified its image beyond recognition. The modified environment with in which Wazalendo operates has presented opportunities as well as complex and variable risks which challenge the traditional approach to operational risk management. The situation has been exacerbated by technological advancement which has come with new arrays of risks. Due to these developments, operational risk has become more pronounced in the institution. Wazalendo faces operational risks associated with cash handling. They take the form of theft/misappropriation of cash which may be assisted by the suppression, falsification or destruction of accounting records, or where no initial records are created at all. Like most SACCOs in Uganda, Wazalendo has continued to register unsatisfactory financial performance as reflected from increasing loss ratios. Money is illegally transferred or diverted and this is normally achieved through making duplicate payments, paying the wrong people or by increasing the value of some payments at the expense of others. There is creation of / or unauthorized updates to accounting records to allow the unauthorized payment of funds. Wazalendo has for instance introduced ATM machines and Cards for those customers who are 8


outside the service centre of Bombo which operates only one cash counter (Wazalendo SACCO Management report to stakeholder on financial performance, 2014). ATM Cards and automated systems have posed a threat of fraud/ other irregularities from access to sensitive information/ misuse of information for private gain-fraud/ theft or sale of sensitive/ restricted documentation or information. This might be attributed to not properly applying techniques available for managing operational risks such as risk avoidance, loss financing and loss prevention and control. Inadequate use of such techniques could result to increased loss exposures affecting the members’ returns and the SACCO’s profitability, which finally leads to increases in loss ratios and poor financial performance. That said, the challenge therefore is for Wazalendo SACCO to develop and implement a robust system of identifying, measuring, monitoring and mitigating these risks. It is for this reason that this study was undertaken. 1.3

Purpose of the study

The study was to examine how operational risk management has affected the financial performance of Wazalendo SACCO. 1.4

Objectives of the study

These were; I.

To examine the risk management controls/practices employed by Wazalendo SACCO to enhance its financial performance.

II.

To examine how Wazalendo SACCO’s approach to Operational Risk Management has affected the members’ returns and the SACCO’s profitability.

III.

To establish the management action taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO.

9


1.5

Research Questions

The study was guided by the following research questions i.

What are the risk control practices that are employed by Wazalendo SACCO to enhance its financial performance?

ii.

How has Wazalendo SACCO’s approach to Operational Risk Management affected the members’ returns and the SACCO’s profitability?

iii.

What management actions are taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO?

1.6

Hypotheses.

These were; H0: Operational Risk Management has not significantly affected the financial performance of Wazalendo SACCO H1: Operational Risk Management has significantly affected the financial performance of Wazalendo SACCO 1.7

Scope of the study

From a subject perspective, the study concentrated on aspects of operational risk management and Wazalendo SACCO’s financial performance. In terms of Operational Risk Management, the study looked at Identification, Assessment, Mitigation and Monitoring. In terms of financial performance, the study looked at liquidity (revenue growth), profitability (performance ratios) and the gearing. This study looked at what has been happening in Wazalendo from 2011, 2012 and 2013. From a geographical perspective, One (1) SACCO with its respective Bombo branch was considered. Wazalendo SACCO has an asset base of 800 billion. It is also important to note that the risk management strategies employed by WaSACCO are centralized to its head offices in Bombo and coordinated in the respective branches. This is why the Bombo branch was selected. However, Wazalendo SACCO has many other branches located in areas such as Gulu, Nakasongola, Mbarara, Masindi, Moroto, Mubende, Jinja, Acholi-pii, Entebbe, Singo, Arua, Masaka, Kakiri, Muhooti, Kotido, Mbale. 10


1.8

Significance of the study

The findings of this study may enhance the efforts of government regulators in coming up with regulations that govern the operations of SACCOs. The study contributes to the achievement of the government’s policy of prosperity for all through sensitizing the rural poor on how to benefit from properly run SACCOs. The study facilitates better SACCO’s management by enhancing the knowledge of the board members in overseeing the management of the Institutions. SACCO members may be able to realize their roles in the operations of SACCOs and begin or continue to play their part. The study provides more knowledge to managers of SACCOs on the various risk management techniques in SACCO’s. This may result in a general improvement in performance and creditsustainability. The regulators of financial institutions for example Bank of Uganda and Uganda Capital Markets Authority may be able to get more insight into adequate operational risk management strategies used by various credit institutions in Uganda. Financiers of the selected SACCOs can use the study to advance their understanding of how the respective credit institutions do manage operational risks. SACCO members have been provided with adequate information on which strategies management has devised to manage operational risks. 1.9

Arrangement of the Dissertation

The study was organized into eight (8) chapters Chapter one The study was divided into eight main chapters. The first chapter covers the introduction and background to the study, statement of the problem, and objectives of the study, research questions, and significance of the study. 11


Chapter two This covers the study literature which included introduction, literature survey, literature review and conceptual frame work. Chapter three This contains introduction, research design, study population, sample size, sampling method, sampling technique used and gives reasons, data collection procedure, data collection instrument, validity and reliability of instrument, data processing, data analysis and limitation of the study. Chapter four This contains the findings on tax structure and revenue collection. Chapter five Here are findings on tax policy on revenue mobilization in the commission. Chapter six This contains the findings impact of tax laws on revenue collection in the commission Chapter seven This chapter is the summary all the findings of the whole chapters of this study Chapter eight This concludes and recommends basing on the research findings from the study for the consideration by the management of State Revenue Commission.

12


CHAPTER TWO STUDY LITERATURE 2.1 Introduction This chapter looks at literature survey and reviews the various literatures on risk management strategies. It specifically captures the generic risk management strategies and the SACCO’s financial performance from authentic sources. The purpose of literature survey is to explore what others have covered on the same problem, gaps left and how the current study has filled those gaps. The chapter also presents the conceptual framework that has been conceptualized in this study. 2.2 Literature Survey Okwee (2008) conducted a study on Corporate Governance and Financial Performance of SACCOs in Lango Sub region. The study used both the qualitative and quantitative research approaches. Data was collected through the use of a purposefully designed questionnaire and structured interviews which data was used to answer the research questions and hypothesised relationships. He described the principle of Chief Executive Officer (CEO) Duality. In this study, it was noted that the democratic election of the Board of Directors may result into inability to distinguish between the roles of decision making and decision monitoring, creating confusion in credit unions (Branch & Baker, 1998). Duality was deemed to occur when one individual holds the two most powerful posts of CEO and Board chairman (Wier & Laing, 2001). However, Okwee took a divergent opinion and asserted that the duality role enhances the effectiveness of the boards. He based his argument upon the stewardship theory (which was advanced by Blackburn, 1994 and Cole Man Osei, 2007) which states that the separation of roles is not vital, since many companies are well run with combined roles and have strong boards capable of providing adequate checks. He went on to assert that combining the two roles may enable the CEO to be able to shape the company to achieve stated objectives due to less interference. For the case of Wazalendo, the business members are the owners, financiers and users of the products. They use the deposits for private enterprises. Members of top management are allowed to purchase units of ownership and become staff as well. A question would arise: How can one hold shares in a company he or she works for and then replicates him or herself into serving others? In my opinion, there will not be 13


a safety valve to guard against misjudgement by the CEOs and other members of staff. Conflict of interest and agency costs will increase hence stifling performance. This loophole can further be justified by the assertions in the CGAP report (2005) where board members continue to exercise operational control even after professional managers have been appointed. The absence of clear and distinct roles for paid management and boards also brings about the duality problem. Kato (2009) noted that many SACCOs in Uganda had succumbed to the ‘founder syndrome’ and subsequently collapsed, after their founders took it upon themselves to run the institutions as they wished on the basis of having started them. Across the country, political leaders have been identified as the makers and breakers of the development of SACCOs. This is a true replica of the operations in Wazalendo SACCO. Alfred Okwee’s findings have been retested and included in the current study.

In the same study, Okwee (2008) has further alluded to the assertions of Branch and Baker (1998) which are to the effect that profitability is not the primary concern for SACCOs. However, the WOCCU report (2005) looked at profitability of SACCOs from a different perspective. It stated that SACCOs sought to generate profits in order to directly benefit the owners as they (members) serve as both the owners of the SACCO and the recipients of the SACCO’s services. Thus when SACCOs maximize their profits, it results in the form of lower interest rates on loans, lower service fees and higher dividends for the members. In line with the WOCCU report (2005), Bauer (2007) stated that SACCOs were financial cooperatives, organized to meet the needs of their members thus surpluses or profits were returned to members in the form of reinvestment in the SACCO, dividends to members, or lower interest rates on loan products. It should be noted that financial performance is normally measured basing on profitability which is expressed in performance ratios. The members’ deposits are employed as working capital and members normally expect a return on their investment. This assertion will also be tested in the current study. In another related study by Boss (2010) credit risk management and financial performance in financial institutions: A case study of Barclays Bank Uganda Ltd, the objectives of the study were to examine the credit risk management tools used by Barclays Bank Uganda, to examine the challenges of credit risk management at Barclays Bank of Uganda and to examine the relationship between credit risk and financial performance of financial institutions. Utilizing a 14


cross-sectional research design involving both qualitative and quantitative research approaches, primary data was collected from 80 respondents who included personal bankers, Leads generators, Branch managers and credit officer using questionnaires, while secondary data was obtained through reviewing literature from books, reports and published journals. A statistical package SPSS was used to process the raw data collected through the questionnaires. The study findings revealed that the bank had operational challenges that affected the effective working mechanism of credit policies and procedures that are available and often reviewed. Irregular dispensation allowances to some senior management staff were seen to be a big blow to the credit policies working structures which is a fundamental shortfall in the credit criteria. It was equally noted that customers do not want to disclose as much information to the bank and as such, moral hazard and adverse selection are bound to translate into credit risk. This study however looked at risk management and financial performance from the perspective of credit risk. However, the current study has focused primarily on operational risk management. Nzibonera (2005) in a similar study looked at risk management methods and financial performance of the Ugandan insurance sector. The specific objectives were to establish the application of risk management techniques of insurance companies in Uganda; to examine the financial performance of insurance companies in Uganda and to examine the relationship between applied risk management techniques and financial performance of insurance companies in Uganda. A cross sectional research design was used to establish the application of risk management techniques of insurance companies in Uganda and to examine the relationship between applied risk management techniques and financial performance. A total of 15 insurance companies were used with a sample size of 120 management supervisory officers selected basing on a sampling table designed by Krejcie & Morgan (1970). A close ended questionnaire was constructed to obtain data on risk management techniques where as data on financial performance was obtained from audited financial statements of insurance companies. The findings indicated a weak positive relationship between applied risk management techniques and financial performance in the insurance sector in Uganda. The researcher concluded that applied risk management techniques affect financial performance of the insurance companies in Uganda. The above study like the previous one looked at similar variables like this 15


study but did not address which risk management methods can be used to specifically eliminate operational risk management in SACCOs which the current study has done.

2.3 Literature review The theories that guided this study are the Basic Indicator Approach, the Standardized Approach and the Advanced Measurement Approaches (AMA). The Basic Indicator Approach and the Standardized Approach relate the amount of capital to the size of the bank, and size is measured by gross income. The AMA permitted the use of qualifying internal models to arrive at regulatory capital. The attractiveness of the AMA alternative is that it is generally believed that it resulted in lower capital than either the Basic Indicator Approach or the Standardized Approach. More importantly, even if the AMA initially required higher capital, as banks reduce their risk, the AMA resulted in lower capital. By contrast, there is no such opportunity under either the Basic Indicator Approach or the Standardized Approach. This has led to quite an interest in developing operational risk measurement and capital models. One might even say that there is now a proliferation of operational risk models, where none existed a few years ago. 2.3.1

Operational Risk

2.3.1.1 Definition of Operational Risk Definitions matter not just in providing agreed meanings for practitioners; they also delimit the jurisdiction of practices in the system of professional knowledge (Abbott, 1988), even functioning to constitute economic life in new ways (Tribe, 1978). So, the project of defining operational risk is more than a simple matter of labeling, and is a meeting point for different interests and ambitions. In its early manifestations, operational risk was simply a residual category for “other risks” not covered by market risk and credit risk. Hence, the re-diagnosis of some large losses as operational risk failures simultaneously challenged the low epistemic status of this residual and with it the related professional and regulatory order in the banking world. Throughout the 1990s on wards, relatively low status functionaries, such as internal auditors, begun to have a voice in the name of operational risk that they could not have dreamed of in the 1980s. From the mid-1990s, a project of positively defining and determining “operational risk” was coextensive with establishing new boundaries of knowledge and practice within financial

16


organizations. And yet, this was a project fraught with a single serious difficulty: operational risk is” extremely hard to define” (Goodhart, 2001). In March 1997, a joint survey by the British Bankers Association (BBA) and Coopers & Lybrand explored several definitions. Drawing on BBA, ISDA and RMA (1999), Basel 2 eventually defined operational risk as “the risk of direct or indirect loss resulting from adequate or failed internal processes, people and systems or from external events.”(Basel Committee on Banking Supervision, 2001a. para 6).This definition, which reflects a long process of discussion and debate, was clarified to exclude reputational and strategic risks, and focuses on causes of loss. The definition also reflects a negative view of risk as down side loss, rather than of simple variability of out come around an expected mean (Gigerenzer, 2202:26). Definitional options for operational risk are strategically significant: as the definition becomes broader and encompasses more potential sources of loss. Operational risk management moves beyond the ambit of any existing departmentally- based risk manager, and potentially involves greater organizational change and “lots of stepping on toes” (Jameson, 2001a). On the one hand, systems failures and payment errors can be laid at the door of those technical operatives responsible for these systems. On the other hand, the unauthorized trading and cover-ups which occurred at Daiwa and Barings in 1995 reflect a failure of senior management oversight. Indeed, this shows that the concept of operational risk varies in its significance for management hierarchies. Without doubt, Basel 2 is a project of repositioning the responsibility of senior management for managing different parts of the operational risk ‘jigsaw’. These senior management ownership issues are part of a broader climate, a ‘new risk management’ (Power, 2000) being expressed in terms of enterprise risk management (ERM) and merging the discourses of corporate governance and of banking supervision. The problem of defining operational risk for financial institutions lies at the very heart of these transformations. Much as operational risk management has been firmly established by Basel 2 as a component of banking management strategy, there is still controversy over its meaning and implementation. Operational risk in this study therefore was defined as the risk of direct or indirect loss resulting from adequate or failed internal processes, people and systems or from external events.

17


2.3.1.2 Management of Operational Risk Management of risk as a process involves four aspects that is, identification, assessment, monitoring and control/mitigation. The major components of this risk management process are assessment, mitigation and contingency planning. In the assessment phase, the likelihood of occurrence of risks is analysed together with its impact on a financial institution’s objectives and activities. The mitigation process then generates action plans to minimize risks. During the execution phase, the effectiveness of the mitigation plans is reviewed and the relevant adjustments are made accordingly. Contingency plans are then developed to remedy the consequences of failure should the risk mitigation plans become ineffective. This “Risk Management Framework/process” sets out the manner in which the SACCO’s Risk Management Policy is achieved. The SACCO’s risk management approach and process follows that outlined by the Australian Standard for Risk Management, AS/NZS 4360:1999.

The

surrounding framework for the development of risk management at this point within the SACCO is summarized in Figure …. Figure.2: The Risk Management Cycle/Process

M oni t o r in g M iti g a ti o n

R is k M ana Id e nm e ge ti fincta ti o n

A sse s sm en t Source: AS/NZS 4360:1999

18


(i)

Risk Identification and Assessment

SACCO institutions should identify and assess the operational risk inherent in all material products, activities, processes and systems. Furthermore, before new products, activities, processes and systems are introduced or undertaken, the operational risk inherent in them should be subjected to adequate assessment procedures. Risk identification is paramount for the subsequent development of a viable operational risk monitoring and control system. Effective risk identification considers both internal factors (such as the banking institution’s structure, the nature of activities, and quality of the SACCO’s human resources, organizational changes and employee turnover) and external factors (such as changes in the industry and technological advances) that could adversely affect the achievement of the SACCO’s objectives. In addition to identifying the most potentially adverse risks, financial institutions should assess their vulnerability to these risks. Effective risk assessment allows the financial institution to better understand its risk profile and most effectively target risk management resources. Amongst the possible tools used by financial institutions for identifying and assessing operational risk are: Self- or Risk Assessment: a financial institution assesses its operations and activities against a menu of potential operational risk vulnerabilities. This process is internally driven and often incorporates checklists and/or workshops to identify the strengths and weaknesses of the operational risk environment. Scorecards, for example, provide a means of translating qualitative assessments into quantitative metrics that give a relative ranking of different types of operational risk exposures. Some scores may relate to risks unique to a specific business line while others may rank risks that cut across business lines. Scores may address inherent risks, as well as the controls to mitigate them. In addition, scorecards may be used to allocate economic capital to business lines in relation to performance in managing and controlling various aspects of operational risk. Risk Mapping: in this process, various business units, organizational functions or process flows are mapped by risk type. This exercise can reveal areas of weakness and help prioritize subsequent management action. Risk Indicators: risk indicators are statistics and/or metrics, often financial, which can provide insight into a financial institution’s risk position. These indicators tend to be reviewed on a periodic basis (such as monthly or quarterly) to alert financial institutions of changes that may be 19


indicative of risk concerns. Such indicators may include the number of failed trades, staff turnover rates and the frequency and/or severity of errors and omissions. Threshold/ limits could be tied to these indicators such that when exceeded, could alert management on areas of potential problems. Measurement: Some institutions have begun to quantify their exposure to operational risk using a variety of approaches. For example, data on a financial institution’s historical loss experience could provide meaningful information for assessing its exposure to operational risk and developing a policy to mitigate/control the risk. An effective way of making good use of this information is to establish a framework for systematically tracking and recording the frequency, severity and other relevant information on individual loss events. Institutions may also combine internal loss data with external loss data (from other institutions), scenario analyses, and risk assessment factors. Risk identification and the contradictions of data collection

The category of operational risk is significant not merely as an assembly point for existing risk management practices, but also as a category of attention and visibility for risks/threats which are ignored by financial institutions, or made insufficiently explicit in management systems. From this point of view, operational risk is part of a broader shift in awareness about the importance of the completeness of risk identification for any risk management system, of getting issues onto the agenda of management thinking. However, a crucial phase in the realization of management practice is data collection. At this point, dangers become risks capable of being located in the logic of managerial decisions making (Luhmann, 1992) and in a business/ management model which supports routine data collection. The data collection debate is in essence a reformulation of the definitional discussion, and has similar strategic implications. What data are relevant to operational risk and its management? Historic losses for the organization? For the industry? At the heart of the operational risk debate is a discussion about the meaning of ‘expected losses. Are expected losses effectively covered by accounting provisions, leaving unexpected losses to be covered by the capital cushion? And what of sudden catastrophic events? Are they to be prevented by internal controls, or possibly transferred by insurance, or is there nothing to be done here but to mitigate via business continuity plans? As the Basel Committee recognizes, there is often a high degree of ambiguity inherent in the process of categorizing losses and costs (Basel Committee on Banking 20


Supervision, 2001a, para 8) and as Vaughan suggests, how organizations define and then ‘cleanse errors are part of its rituals of managing. In the case of Barings, internal control weaknesses could not be defined ex-ante as anomalous by the organization itself. In short, data for operational risk management is most needed where it is both thin and conceptually problematic that is for rare, high impact possibilities. It is also unclear how any data base for losses of these kinds is coupled to the internal control environment since serious operational risk events may not be linked to transactions in a clear way. It has been argued in Basel 2 that it is problematic to use historical loss data for calculating economic capital, if controls are always improved in the light of loss experiences. In addition, it is not always clear that loss data is valuable since it is often silent on causation. More critically, the probability measure component of capital calculation is not given based on frequency data, but can be influenced by management: Probability in these settings is space for social action and is behavioral (Waynne, 2003) or performative (Mackenzie, 2002) in form, rather than technical. Another behavioral dimension of the data collection issue relates to incentives. There can be disincentives to report relevant events if they are likely to increase the capital charge to the business unit. For example, while internal agents such as in house lawyers and human resource specialists may have no disincentive to report near misses (because they enhance their own role), operational departments may wish to hide these events, or translate them into credit and market risk issues. Equally, risks and losses may be reported and overstated as part of an argument to secure more resources. At its worst, data collection methods used ‘in order to limit the adverse effects of an event, may result in incentives which would increase the number of such events themselves’(Goodhart, 2001:12), making data collection a perverse form of ‘fatal remedy’ (Sieber, 1981,) for banks. The data collection problem has further consequences for the debate about the role of insurance. Insurance has been rendered inadequate. Some critics argue that Basel 2 overstates the applicability of the capital cushion philosophy, when insurance and internal process controls should do the job of risk management as well (Calomiris and Herring, 2002). Some banks argue that insurance is part of the overall risk management process and that the focus of capital adequacy should be on residual risks after insurance. However, while there is some allowance for insurance under Advanced Measurement Approaches (AMAs), supervisors are cautious for systemic risk reasons: operational risk management could be handed to an insurance market 21


which it considers to be under- capitalized. In addition, one large loss on an operational risk policy could eradicate the market for cover. But the deeper question is about the actuarial base for operational risk insurance given the problems of data definition and frequency discussed above (Goodhart, 2001). There may be no rational basis for correlating premiums and risk, and questions exist about the scope of policies and how claims might be paid. Indeed, insurance policies can have many peculiar features (deductibles, limits, etc) which make them difficult to value. Two ‘solution paths’ to the data collection problem have emerged, one more self-conscious than the other. The first path consists of solving the infrequency problem by pooling loss data across financial institutions to generate richer data bases. To this end, new pooling institutions have been created, such as British Bankers’ Association (BBA) operational risk database association in the UK, to share loss data with the aim of improving operational risk information at the industry level. The development of these databases to pool loss experiences encounters the persistent problem of confidentiality and proprietorial assets for life insurance businesses. But even if these approaches become established, they have the effect of making an internal approach to operational risk measurement de facto external, thereby blunting the risk-sensitivity to specific organizations, which is the whole purpose of the advanced approach. So pooling of loss data is one potentially self-contradictory ‘solution’ path. The other self conscious path follows from the extensive evidence that organizations tend to collect the data that that they can, given legacy information systems, rather than the data they need. There is some evidence in relation to operational risk, that banks are using databases for medium frequency, low to medium impact losses, partly because this is what can be done to make quantitative modeling possible. This is the point at which the tail of data collection may wag the dog of operational risk management, suggesting that organizations construct notions of error and its management which fit existing institutionalized patterns of information gathering, while other significant anomalies may go unnoticed(Vaughan, 2002). However, despite the myths of Barings and Daiwa type events, it is clear that the operational risk management agenda has focused bank attention on medium to high probability events with low individual impact, but which in aggregate may yield significant losses. Fines for mis-selling financial products, recent fines imposed on some US investment banks, and credit card fraud losses have also given the

22


operational risk management agenda a non-Barrings flavour, with a strong emphasis on legal liability risk and fraud prevention. The definition of error always takes an institutional form. For example, the entire capital charging structure underpinning Basel 2 is weighted towards the recognition of concrete ex-post events, direct losses and write downs. Anticipatory and preventive investments in internal controls are valued in so far as they impact on the future loss experience of the financial institution. Although, Basel 2 seeks to nurture experimentation in the operational risk area, practitioners in the 1990s and early 2000s have been uneasy about this deep logic in their thinking, an unease compounded by the ambivalent relation between existing accounting systems, designed for actual and expected losses at best, and the potentially broader scope of operational risk relevant loss events, to include unexpected losses and ‘near misses’. Data bases are also argued to be ‘shaky and fragile’ (Goodhart, 2001) not just because of these definitional ambiguities, but also because significant single event operational losses are rare. The capital charge for operational risk should, in theory, reflect the experience and risk profile of a bank but the Basel Committee in its early studies also admitted that the current state of knowledge and loss data was so poor that the internal measurement of operational risk is still in the dark. Appropriate data is absent for all but a handful of financial institutions, and financial industry standards for such data are still lacking (Cagan, 2001). As Basel Committee on Banking Supervision (1998b) report acknowledges, following a survey of practice in 30 financial institutions, large loss experiences are rare and adequate time series for operational losses and their causes do not yet exist. Hence there is, almost by definition, data poverty where it is most needed for heterogeneous catastrophic events and, except for a range of normal errors, for example transactions processing, firm-specific data is generally inadequate. In short, data for operational risk management is most needed where it is both thin and conceptually problematic, that is, for rare, high impact possibilities. It is also unclear how any database for losses of these kinds is coupled to the internal control environment since serious operational risk events may not be linked to transactions in a clear way. In addition, it is not always clear that loss data is valuable since it is often silent on causation.

23


(ii)

Quantification and Trust in Operational Risk Numbers

‘…….operational risk measurement is not the same as operational risk management. Quantifying those operational risks that lend themselves to quantification and neglecting the rest does not constitute best practice……..’(Cagan,2001). The rise of operational risk management reveals different’ forms of trust in numbers (Porter, 1994) for management purposes. There are varied aspirations to measure in the shadow of the benchmarks provided by the institutional legacy of credit risk and market risk modeling. Demands for robustness are conspicuous. Some commentators refer wistfully to the fact that there is no alternative to semi-quantitative methods (Wilson, 1995). Pressures for an ideal rational economic basis for capital charging exist even when so called softer approaches are used for practical reasons. The method of risk adjusted rate of return on capital (RAROC). Though not peculiar to the operational risk debate, is instructive. In light of the aforementioned, the story of operational risk is still unfolding. There is a need therefore to come up with a unified definition of what amounts to operational risk; in terms of definition, data-gathering and calculative strategies. These definitional struggles, data collection paradoxes and competing calculative ambitions are embedded in new intra-organizational politics, in which competition for buy-in, the allocation of responsibility and professional status are strategic stakes for internal agents, such as risk officers.

The organization risk management

is shown in figure 3 below: Figure 3. Organization risk management

“Risk Register” & Risk Treatment Action Plans

OBJECTIVES

Risk Assurance & Performance reports

Source: Wilson, 1995 24


The end result of risk management is to provide the institution’s executive with a regular profile report of the status of risks and risk controls across the organization, and an assessment/assurance report of its major risks.

(iii)

Risk Monitoring and MIS

Financial institutions should implement a process to regularly monitor operational risk profiles and material exposures to losses. There should be regular reporting of pertinent information to senior management and the Board of Directors that supports the proactive management of operational risk (Cagan,2001). An effective monitoring process is essential for adequately managing operational risk. Regular monitoring activities can offer the advantage of quickly detecting and correcting deficiencies in the policies, processes and procedures for managing operational risk. Promptly detecting and addressing these deficiencies can substantially reduce the potential frequency and/or severity of a loss event. In addition to monitoring operational loss events, financial institutions should identify appropriate indicators that provide early warning of an increased risk of future losses. Such indicators (often referred to as key risk indicators or early warning indicators) should be forward-looking and could reflect potential sources of operational risk such as rapid growth, the introduction of new products, employee turnover, transaction breaks, system downtime, and so on. When thresholds are directly linked to these indicators, an effective monitoring process can help identify key material risks in a transparent manner and enable the financial institution to act upon these risks appropriately. The frequency of monitoring should reflect the risks involved and the frequency and nature of changes in the operating environment. Monitoring should be an integrated part of a financial institution’s activities. The results of these monitoring activities should be included in regular management and board reports, as should compliance reviews performed by the internal audit and risk management functions. Senior management should receive regular reports from appropriate areas such as business units, group functions, the operational risk management office and internal audit. The operational risk reports should contain internal financial, operational, and compliance data, as well as external market information about events and conditions that are relevant to decision making. Cagan (2001) further notes that reports should be distributed to appropriate levels of management and to areas of the financial institution on which areas of concern may have an 25


impact and this should also provide continued support in improving in the skills and capabilities of the institution’s management and staff by the Board . Reports should fully reflect any identified problem areas and should motivate timely corrective action on outstanding issues. To ensure the usefulness and reliability of these risks and audit reports, management should regularly verify the timeliness, accuracy, and relevance of reporting systems and internal controls in general. Management may also use reports prepared by external sources (auditors, supervisors) to assess the usefulness and reliability of internal reports. Reports should be analysed with a view to improving existing risk management performance as well as developing new risk management policies, procedures and practices. In general, the board of directors should receive sufficient higher-level information to enable them to understand the overall operational risk profile and focus on the material and strategic implications for the business.

(iv)

Risk Control/Mitigation

According to Cagan (2001), financial institutions have policies, processes and procedures to control and/or mitigate material operational risks. Financial institutions should also periodically review their risk limitation and control strategies and should adjust their operational risk profile accordingly using appropriate strategies, in light of their overall risk appetite and profile. Control activities are designed to address the operational risks that have been identified. For all material operational risks that have been identified, the financial institution should decide whether to use appropriate procedures to control and/or mitigate the risks, or bear the risks. For those risks that cannot be controlled, the financial institution should decide whether to accept these risks, reduce the level of business activity involved, or withdraw from this activity completely. Depending on the scale and nature of the activity, financial institutions should understand the potential impact on their operations and their customers of any potential deficiencies in services provided by vendors and other third-party or intra-group service providers, including both operational breakdowns and the potential business failure or default of the external parties. The board and management should ensure that the expectations and obligations of each party are clearly defined, understood and enforceable. Vaughan (2002) shows that the extent of the external party’s liability and financial ability to compensate the financial institution for errors, negligence, and other operational failures should be explicitly considered as part of the risk assessment. Financial institutions should carry out an 26


initial due diligence test and monitor the activities of third party providers, especially those lacking experience of the financial industry’s regulated environment, and review this process (including re-evaluations of due diligence) on a regular basis. He further adds that Risk Intelligence sustenance and dependence on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner. In line with Vaughan, Cagan (2001) states that for critical activities, the financial institution may need to consider contingency plans, including the availability of alternative external parties and the costs and resources required to switch external parties, potentially on very short notice. Some significant operational risks have low probabilities but potentially very large financial impact. Moreover, not all risk events can be controlled (e.g., natural disasters). Risk mitigation tools or programmes can be used to reduce the exposure to, or frequency and/or severity of, such events. For example, insurance policies can be used to externalize the risk of “low frequency, high severity” losses which may occur as a result of events such as third-party claims resulting from errors and omissions, physical loss of securities, employee or third-party fraud, and natural disasters. However, risk mitigation tools should be viewed as complementary to, rather than a replacement for, thorough internal operational risk control. Having mechanisms in place to quickly recognize and rectify legitimate operational risk errors can greatly reduce exposures. Careful consideration also needs to be given to the extent to which risk mitigation tools such as insurance truly reduce risk, or transfer the risk to another business sector or area, or even create a new risk (e.g. legal or counterparty risk). Investments in appropriate processing technology and information technology security are also important for risk mitigation. However, financial institutions should be aware that increased automation could transform high-frequency, low-severity losses into low-frequency, high-severity losses. The latter may be associated with loss or extended disruption of services caused by internal factors or by factors beyond the financial institution’s immediate control (e.g., external events). Such problems may cause serious difficulties and could jeopardise an institution’s ability to conduct key business activities. Financial institutions should therefore establish disaster recovery and business continuity plans that address this risk. 2.3.1.2.1

Planning and strategic alignment

Stulz (2003) notes that planning and strategic alignment calls for alignment of risk with the business. In bleak times and fair, the success of a company depends greatly on how it translates 27


its strategy into management of the business. The recent crisis has demonstrated that in many financial institutions, risk management broke down not only at the operational level, but also critically, in strategy selection and business planning. Misunderstood portfolio concentrations, flawed funding models and poorly timed acquisitions were symptomatic of poor strategic risk management. She further adds that when it comes to taking strategic control, most financial institutions have taken firm control of the risk agenda, imposing and monitoring balance sheet limits, targeting risk weighted assets reductions and splitting core from noncore assets. However, this has largely been reactive and focussed on mitigating down side risk. As the world emerges from recession, there is a danger that financial institutions will continue to de-risk at the expense of exploiting the upside. The strategically nimble, that is, those that manage strategic risk successfully, will prevail. When it comes to aligning strategy, risk and the business, recognition of the strategic importance of risk presents a significant opportunity to improve the strategic alignment of risk with the business. Employees at different levels should be part of developing the plan which should be well communicated to the employees (ibid). Stulz (2003) further notes that many organizations have been found to have plans for Disaster Recovery and Business Continuity as these enable an organization to continue with its operations smoothly even if the inevitable happens The planning and strategic alignment concept covers; a) Strategy; b) Planning; c) Execution; and d) Reporting 2.3.1.2.2

Execution/Implementation

Having established a plan, the organization should execute it (Ehiich & lngram, 2001). There should be a risk management implementation plan whose primary objective is to facilitate the execution of risk management. The risk management implementation plan for the institution is prepared to give effect to the implementation of the Risk Management Policy and Strategy and sets out all the planned risk management activities. The implementation of an Operational Risk Management system should be done basing on the objectives, requirements, benefits and resources of the organization. 2.3.1.2.3

Monitoring, Reporting and Continuous Improvement

28


According to the NIST SP 800-137, continuous monitoring, reporting and improvement entail ongoing awareness of information security, vulnerabilities, and threats to facilitate risk-based decision making. Management of Operational Risk forms an integral part of the strategic decision making process (NIST SP 800-137). It involves ongoing assessment and analysis of the effectiveness of all security controls. It provides ongoing reporting on the security posture of information systems. Continuous monitoring supports risk management decisions to help maintain organizational risk tolerance at acceptable levels. Proper identification of Key Risk Indicators/early warning indicators prior to any evaluation are helpful in the determining of risk control (Dorfman, 1997). In this case, goals and targets can be defined as the key performance indicators and these are submitted in form of reports containing pertinent information to Senior Management and the Board of Directors that compliments the proactive management of operational risk. An audit can also be employed as a tool for standardizing the system and continuously improving it while strengthening the financial institution’s risk management process link.

ENTERPRISE RISKS

ENTERPRISE VALUE

Strategy Risks Revenue Growth

Credit Risks

Operational Risks

Risk Management

Operating Margin

Liquidity Risks Asset Efficiency Market Risks

Figure 4

Compliance and reputational SACCO’s risk risks

Expectations

management process link

Continuous Monitoring of Systems 29


When it comes to Continuous /Regular risk reporting, attention is given to Continuous Monitoring of Systems. Consideration is given to overall residual risk, broken down by inherited risk, accepted risk and risk to be mitigated.

Figure 5. Monitoring and Continuous Improvement Cycle

When it comes to continuous assessment, a system is continuously assessed according to the assessment frequency determined by its Risk Profile. Security controls with higher risk are assessed more frequently than controls associated with lower risk. Assessment results are incorporated into the system’s profile and reported to stakeholders based on system ownership and responsibility. Dorfman (1997) adds that the inclusion of Self- assessment checks for adherence to the Risk Management Policy was very important in that it guided decision making and the identification of areas for further assessment and intervention to reduce and manage risk. These documents can be shared with all those involved in the service user’s care if appropriate and should communicate the risks in a clear and comprehensive way. The security assessment process will be streamlined to reduce the Level of Effort (LOE) for system stakeholders.

2.3.1.2.4

Training and performance appraisal

According to Deming (1986), any functioning organization should have a Training Committee in place which should be tasked to prioritize the skills which are critical in terms of sustainable 30


growth and development such as Risk Management skills. Stulz (2003) adds that the same Committee should promote quality training for all, promote employability and sustainable livelihoods through skills development, and facilitate the acquisition of critical skills in order to penetrate the labour market and for self employment and exercise of quality assurance. This was also emphasised by Deming (1986). Demming further adds that in organizations faced with such extensive risks, there should be a Training Policy and Risk Management Compliance and Policy Manual in place not forgetting Annual Skills Development Plans for purposes of identifying and eliminating employment barriers which adversely affect people from designated groups, increase adversity in all occupational categories and levels, make reasonable accommodation to ensure that all groups enjoy equal opportunities and are equitably represented, retain and develop people from designated groups and implement training measures in terms of skill development. This leads to improved productivity, improved competitiveness and the development of the workers skills.

2.3.1.2.5

Employee involvement, empowerment and communication

Employee involvement, teams, and employee empowerment enable people to make decisions about their work. When you involve employees in decisions and use team building to foster relationships, you increase loyalty and foster engagement. Are you serious about building a successful work team? It can be tough and challenging because people bring everything about whom they are to the team. This includes opinions, knowledge, values, past work experiences, upbringing, education, prior team experiences, life and work goals, and skills in communication and team building. But teamwork and collaboration can be taught and developed. You can use all of these tips and ideas to build a successful work team. Need to understand what a team is? It's an interdependent group of employees who unite around a particular task or objective (Susan Heath Field, 2011). This therefore calls for collective participation in all risk management activities for purposes of registering achievements.

31


2.3.1.3

How the approach to Operational Risk Management affects the members’ returns and the SACCO’s profitability.

(i)

Risk modelling

Banks have been successfully managing operational risk from the start, and those that did not either dwindled into oblivion or were acquired (Alexander et al., 2004). The very survival of the remaining firms would argue that they have all the necessary skills and procedures for managing operational risk, without ever having measured it, let alone modeled it. So why should they do anything different? They must change because the environment in which banks operate has changed dramatically, and to remain fit banks must adapt to the new reality. Alijoyo ((2004), agrees with the above author but adds that the new environment is much more complex, in terms of product offerings, delivery channels and jurisdictions. New complexities are emerging in relationships with suppliers, employees, clients and regulators. Whereas a detailed road map (the policies, operating procedures and controls) was sufficient in the past, banks now need a telescope and compass to help them navigate in a rapidly shifting environment. Drawing on Cheng’s (1998) work, a model simply becomes a telescope with a compass. The only purpose of an operational risk model is to give business leaders a tool for making better operational decisions. This exclusive purpose should guide and constrain each decision along the model construction process. Cheng (1998) posits that focusing on the decisional output of the model also avoids introducing tangential elements, which may be mathematically rigorous but less managerially useful. Over the past few years, there has been a regulatory push to determine the amount of capital that is required to support operational risk and this affects the members’ returns and the SACCO’s profitability.

(ii)

Operational risk and reward

Cheng (1998) notes that operational Risk Modeling has matured over the years and to see how it has developed, and learn some lessons from the issues which have arisen in its development, it is instructive to look at the efforts of the financial services industry. Between the late 1990s and 2004, when the Revised Basel Accord was issued, the financial services industry experimented with a variety of modeling approaches for Operational Risk. The Basel Accord identified three broad approaches: 32


a) Internal Measurement Approach b) Loss distribution Approach c) Scorecard Approach Cheng (1998) further shows us that Modeling of Operational Risk can be used to determine the economic capital required to support the operational risks to which a firm is subject, as well as to calculate regulatory capital requirements. By calculating capital by business line and loss event type, modeling enables the capital to be allocated to business units easily and fairly and supports a risk adjusted return on capital approach to business management. In using mathematical models, care has to be taken to understand the limitations of both the input to and the output from the model. Alijoyo (2004) on the other hand points out that the purpose of the operational risk model is to provide management with a tool for making better decisions about the level of operational risk to take. At this point, some would argue that a model is not necessary to answer that question. They would say that the appropriate level of operational risk is zero and therefore should always be minimized given technical and human constraints. No model is required to do that. That is certainly one way to manage a bank, but it leaves too much value on the table. To extract that value, banks need to make the appropriate risk–reward trade-off for operational risk, as they are now accustomed to doing for credit and market risk. Alijoyo (2004) also notes that in some instances, such as payments systems, asset management, trading and other advisory businesses, a risk tolerance of zero would require the bank to shut down these businesses. For example, a bank may choose to implement so many controls around trading that it will be certain that rogue trading will not happen. In achieving this zero level of operational risk, the bank will have made it so prohibitory expensive to trade that it is no longer worthwhile. At present, most banks put in a level of controls that allows for some level of rogue trading risk, but most cannot tell if the level is acceptable or the amount of rogue trading risk that they are implicitly accepting. The same may be said of information security, identity theft, aggressive selling and a myriad of other operational risks. The fact is that most banks operate these businesses and therefore operate within certain implicit operational risk tolerances. Operational risk models make risk tolerances explicit and transparent. The models allow one to determine whether the risks are commensurate with the potential reward. After all, the bank should allocate 33


capital to support the risks that yield the most return for a given unit of risk, regardless of whether the risk is market, credit or operational. In the case of market and credit risk, the rewards are well understood. In the case of operational risk, they are perhaps not well understood. This is not surprising. The traditional approach to operational risk management has focused attention primarily on the risk. The reward comes in the form of either extra revenue from engaging in more operationally risky activities than otherwise, or from reduced costs from implementing a lower level of operational controls. These are real bottom-line issues that should interest any business executive, not only risk management. The point is, that with respect to operational risk, risk–reward trade-offs have been and are being made all the time, albeit implicitly and with no assurance of consistency. Operational risk modeling will make this trade-off explicit, transparent and consistent. How does one go about creating an operational risk model? Starting at the end of the modeling process and working backwards, from various conversations with business executives at several banks, six questions are distilled from their ideas of what they wanted to know about the operational risk within their business: (i). What are my biggest operational risks? (ii).What hits can I expect my profit and loss to take from my biggest operational risk? (iii). How bad can those hits get? (iv). How bad can those hits get under stress conditions? (v).How will changes to my business strategy or control environment affect those hits? (vi). How do my potential hits compare internally or externally?

Business managers want to understand the operational risks embedded in their business activities. In other words, operational risk exposures should be identified. Once the risks have been identified and understood, business managers want to know the financial impact of these risks. This means that reasonable estimates of the potential hits (charges) to the profit and loss statement should be provided as long as the targets of the business are met (Stulz, 2003). Those potential hits come in three types: expected, unexpected and stress hits. Besides, management is not only interested in what is but also interested in ‘what will be’. Businesses are constantly changing their strategies, product offering, distribution channels and operating environment. These changes thus change the business’s exposure to the operational risk and therefore the potential hits. If the operational risk model is to be of any use it should 34


supply answers to these questions. The model results should also allow for easy comparison between the operational risk profiles of similar businesses, and identify what contributes to the similarities and the differences. In addition to providing answers to these specific questions for each business line, the model must also allow for the results to be easily aggregated at each level of the organization. This is indeed a tall order. And if one attempted to build a model that provided answers to all these six questions and met all the above-specified conditions, it would take a long, long time to build the model and therefore a long, long time before any answers could be obtained. Common practice shows that it is better to build a working model that provides reasonable estimates for answers to some of the questions, and provides indications for some of the others. This gives immediate benefits and allows for continuous improvement and consequently the Improvement in the Loan to Asset Ratio over time. In so doing, as Heath Field (2011) notes, it is useful first to examine the operational risk management framework. (iii)

The integrated operational risk framework

Operational risk management, like credit and market risk management, goes through a well defined cycle, beginning with risk identification and followed by risk measurement, risk analysis and monitoring, obtaining sufficient capital and finally loss management. The framework embodies the practice of continuous improvement since, as was said earlier in the context of the operational risk model, not all steps can be achieved with the same degree of quality at the same time. But each step should be of sufficient quality to render the operational risk management process of use to the business management, sooner rather than later so that there is continuous improvement in the Loan to Asset Ratio (Heath Field, 2011). In the case of operational risk, risk identification usually begins with a rigorous self-assessment of the exposures, the control environment and risk metrics, referred to here as key risk drivers (KRDs). For example, in asset management, risk identification consists of identifying such risks as client claims arising from excessive account churning, the quality of the controls that are in place to reduce the likelihood that this happens and the related KRDs such as daily account turnover rates. Once the risks have been identified, the financial impact of these risks needs to be measured by which is meant the quantification of the expected and unexpected losses which are later harmonized to improve on the loan to asset ratio (Deming, 1986). Risk identification has to be done according to a well-defined and consistent classification of operational risk, otherwise similar risks within different business lines or at different times may 35


be identified differently and different risks may be identified as similar. The importance of a consistent and useful classification of operational risk is therefore of paramount importance. Although there is no unique way to classify things, there are many right ways and many wrong ways. So, too, with operational risk. Operational risks may be classified, for example, according to cause, according to the event giving rise to the loss, according to financial effect, according to who benefits, or according to who is harmed. Any consistent set of rules will do for ensuring that the classification scheme is coherent and self-consistent. However, since the interest in risk management goes beyond risk identification, and extends to the measurement of the financial impact of the risk, the classification of operational risk must, in addition to being coherent and self-consistent, be determined by the operational risk model itself. In other words, risks that have the same patterns of loss (i.e. financial impact) should be put into the same class. When dealing with the output of the model, the expected and unexpected losses cannot be measured directly. Instead, first the frequency with which an individual loss can happen and the severity (the actual financial loss suffered when the loss occurs) are measured and these can show reduction in the portfolio at risk (Heath Field, 2011). Since the frequency and severity tend to be stochastic what is generally measured are the frequency and severity parameters that define the respective distributions. The loss distribution is obtained by combining, through Monte Carlo simulation, the frequency and severity distributions. Once the loss distribution is so obtained, reasonable estimates of the expected loss and the unexpected loss can be determined. The remaining three important elements of the operational risk management framework are concerned with the actual management of the risk. Since what gets measured most often gets managed, the operational risk measurement model is of critical importance as can be inferred from the diagram below

36


Figure 6: Operational risk measurement model

Source: Heath field (2011) Internal Measurement Approach of Operational Risk Modeling (IMA) The IMA was first floated by the Basel Committee in early 2001. It was a deterministic approach based, to some extent, on the more advanced credit risk capital calculation and therefore provided a consistent methodology for advanced credit risk and operational risk calculations. The approach relied on a firm having a comprehensive and complete data base of losses experienced by it over a considerable number of years. Its core was based on the popular deterministic method of calculating the annual effect of risk occurring: the annual likelihood of the risk accruing multiplied by the value of the impact. Both the annual likelihood and the value of the impact are calculated using a loss database of a firm’s own losses. Basel Committee extended this approach by dividing impacts into seven loss event types and eight business lines giving a sub cell matrix. Additionally, each firm was required to identify an exposure indicator which related to the scale the firm’s activities in a particular business line. The regulator provided a factor which translated the firm’s activities in a particular business line. 37


The regulator was based on industry-wide data and would in effect take each expected loss and increase it, such that it became unexpected loss. Although this approach is easy to understand as it is deterministic, there are several significant demerits;a) The approach assumes that the firm continues to operate in the same way that it has done in recent years. There are also assumptions that the firm’s operational risk approach, appetite and methodology will remain constant in order to generate comparable data. b) Approach implies that past losses are a good indication of future requirements of operational risk capital. It is well known (and financial services regulators require firms to make the point in footnote to their advertising) that the part is no guide to the future. This is in part due to the ever changing external environment c)

Even if the firm has collected many losses, the quality of the data is still suspect unless there is a clear methodology for collecting losses which is consistently applied by the firm over a number of years.

(iv)

The Loss Distribution Approach (LDA)

This approach is similar to IMA, even though external losses could arguably also be used and a probabilistic methodology was directly applied. It was 1 st raised by the Basel Committee in September 2001. In this approach, the firm’s estimates, the likely distribution of operational risk losses over some future horizon for each loss event type/ business like combination, that is the 56- cell matrix. As distribution is estimated either by reference to an existing loss data base or derived through, for example, Monte Carlo stimulation, there is no need for a gamma factor. Indeed, the distributions could vary by cell as a specific distribution may be a particular loss event and business line combination.

This approach also neatly removes the IMA disadvantage of the assumption of the relationship between expected and unexpected losses, by deriving distributions directly from the data, from a combination of the data and simulations of the data or from prior knowledge, perhaps gained 38


through knowledge of experience of other firms. The demerits for the IMA are equally valid for the LDA.

(v)

The Score Card Approach

This is named after the balanced score card approach to management practiced by a number of large firms. It takes a more qualitative view of operational risk capital than IMA and LDA. It is intended to reflect improvements in the control environment which may reduce the frequency and / or the severity of the operational risk losses. A fundamental distinction between a score card approach and the two approaches above (based solely on loss data) is the inclusion of forward-looking data derived from discussions with business line staff and reviewed by a central risk function. A further difference using the score card approach is that the capital is calculated from a single VaR value taken at the required quantile from a single distribution created using the firm’s or the business unit’s entire data. This has the advantage that it does not sum VaRs. The merits to this approach include the following;a) If a firm acquires or disposes of a business or commences or ceases trading in a new product, an assessment of the risks( and the capital required) can be included immediately due to the forward-looking element of this approach. b) Forward-looking risk and control data can be used to compensate for lack of loss data. The demerits to this approach include the following;a) The major assumptions that business judgment is a good indicator of the future capital requirements of the firm; the events of 2007-9, particularly in the banking part of the financial services sector, show that this assumption is just as flawed as the assumption that the past is a good guide to the future. b) The quality of the forward looking data can vary widely depending on the extent of the line management commitment. Some management can be very willing to dedicate time and effort to determining a comprehensive set of risks and controls.

39


(vi)

Transactions processing risk

In this approach, transactions are run through a string of processes involving people, procedures and systems. The process string begins with a negotiation, such as a purchase or sale of securities in trading or taking a deposit in retail banking, and ends with the settlement. Added to this string are the processes and systems that make the negotiations possible, such as the telephone system in trading and the branch network in retail banking. After settlement, processes include such activities as generating and issuing statements to clients. This description of the processes and systems involved is by no means intended to be exhaustive, but only to make the point that there is a defined string of processes for initiating and completing a transaction. The string of processes is not perfect and is subject to failure, which will give rise to transaction errors such as wrong currency amount, buy versus sell, or delayed settlement. The string of processes will have a certain failure rate, which can be expressed as the number of failed transactions per 10, 000 processed. The failure rate may even depend on the type of transaction processed, but for simplicity assuming that all the transactions processed by a given string are the same.

As a first approximation, the number of failed transactions, and therefore the number of losses is directly proportional to the number of transactions processed. In other words, the number of transactions is a good exposure base for the frequency of losses. Likewise, it is reasonable to conclude that for each failed transaction, the size of the loss is proportional to the size of the transaction. This argues that the severity exposure should be the average size of the transactions. Note that the selected exposure base may be too costly to obtain, in which case a proxy is chosen. For example, the number of transactions may not be tracked and therefore the number of accounts can be used instead, with its corresponding average account size. In order to compare the evolution of losses over time, it is useful to measure the loss probability rather than the absolute number of losses. This is a good starting point, although refinements such as different loss probabilities for different types of transactions can be introduced later. Some would argue that the loss probability is proportional to the number of transaction processed since the greater the number of transactions, the greater the strain of the string of processes and therefore the greater the propensity for failure. This may very well be the case.

40


The relationship between an exposure measure and the number of losses is a great deal more complex than the linear or the proportional relationship. This (and other) refinements are valid and should be incorporated into the model. Yet they remain refinements and enhancements. It is better to begin with a linear approximation, develop a satisfactorily accurate model, start using the model and add those enhancements as usage demands. Repeating this process ensures continuous improvement, while having an adequate model each step of the way. Having introduced loss probabilities and exposure bases, the expected losses can now be compared across businesses and across time for the same business, without the comparison being distorted by different sizes of different businesses or by the change in size as the business grows. Knowing the expected losses is very important but not sufficient to manage operational risk. Risk is a measure of volatility around the expected loss. The bigger the volatility, the bigger the risk. In other words, a business with a much larger expected loss rate than another business may have a much lower risk, if the possible losses are confined to a narrow range around the expected losses. Credit card fraud and rogue trading offer specific examples of this. Credit card fraud unfortunately happens routinely, whereas trading fraud (rogue trading) fortunately happens rarely. The expected fraud loss rate for credit cards is therefore much higher than for trading. However, credit card losses tend to be at most five times the expected losses, whereas roguetrading losses can be hundreds of times the expected loss. 2.3.2

Financial PerformanceA financial institution’s financial performance is determined by

its profitability in terms of returns, efficiency and capital adequacy. Returns take the form of ratios such operating self sufficiency ratio, return of equity and return on capital employed. The loan portfolio ratios are also put under consideration and these include; delinquency to gross loan portfolio, loans to asset-asset base, interest cover ratio. Liquidity is also considered in terms of capacity ratio and savings to deposit ratio.

Loans to Assets= Loans/Total Assets. A Portfolio at Risk (PAR) is the proportion of a financial institution’s loan portfolio with one day missed payment to total loan outstanding at a given time. It is therefore advisable that a financial institution maintains low levels of its portfolio at risk. Maintenance of PAR at low levels is evidence of adequate of operational risk management. 41


PAR=Principal balance of loans with at least a one day missed payment Total principal loan balance An interest cover ratio measures the financial institution’s capacity to pay interest on its outstanding debts. When a financial institution’s interest cover ratio is low, its ability to meet its interest expenses comes in question. Any financial institution must therefore have high interest cover ratios.

Interest Cover= Earnings before interest and taxes (EBIT) Interest Paid

Return on Capital Employed is defined as a proportion of what is ploughed back after investing money that is, the amount generated after employing working capital. The generated amount can be in form of dividends and interest on savings. It is a measure of the return on an investment. Return on Capital Employed Ratio (ROCE) = Profit before interest charges and taxes Total Assets-Current Liabilities

Debt Ratio covers the amount of the financial institution’s capital requirements that is provided by lenders. For there to be good financial standing, there must be adequate operational risk management to reduce on the gearing. Debt ratio= Total debt (short and long term) Total assets Liquidity Liquidity is crucial for financial institutions because they are particularly vulnerable to unexpected and immediate payment demands. To stay in business, a SACCO must be able to pay out legitimate withdrawals and credit requests instantly (Bald, 2007). The AMT report (2008) 42


stated that often almost all SACCOs with highly volatile liquidity levels did not have adequate ways of managing liquidity. Deshpande (2006) observed that excess liquidity in financial institutions limited incentives to mobilize additional deposits especially poor people’s deposits, which tended to be perceived a priori as short term, unstable, and costly. At the institutional level, excess liquidity may be caused by a lack of suitable lending opportunities (real or perceived). According to the IMF Report (2001) SACCOs in Uganda often lent out both share capital and savings, leading to frequent liquidity management problems mainly because most members are generally net borrowers, thus seek to minimize their interest rate charges on loans – resulting in inadequate incentives to save and insufficient revenues to run the organization. This is coupled with the fact that demand for credit in SACCOs overweighs mobilization of savings (Kyazze 2010). Allen & Makhumbi (2009) agrees with the IMF report (2001) adding that managing liquidity and capital levels, while meeting the needs of members for finance, has been one of the major ongoing challenges for SACCOs in Africa. Some SACCOs have insufficient funds to lend making some members to wait for some time before they get money (Kiwalabye, 2008). This is another area of concern which will be explored and tested in this study.

2.3.3

Relationship between Operational risk and financial performance

The relationship between risk and return was described by Leaven (2002) using a line graph shown below. Expected Return Security Market Line

Risk Figure 7. Relationship between Operational risk and financial performance (Return)

43


The figure above describes the relationship between Operational risk and financial performance (Return). The relationship is linear in nature in that as risk increases, there is an increase in expected returns. According to ISO Standards Guide 73:2009 on Risk management – Vocabulary, risk can be defined as the combination of the probability of an event and its consequences. Therefore, risks may have positive or negative outcomes or can result in uncertainty. Therefore, it can be said that risks can be related to a loss (when it has a negative outcome), to an opportunity (when it has a positive outcome) or to an increase in the degree of uncertainty. In the case of the individual, the hope is that no loss will occur, so that the probability of a deviation from what is hoped for (which is the measure of risk) varies directly with the probability that a loss will occur. So, risk is measured in terms of the probability of an adverse deviation from what is hoped for. The graph indicates that when uncertainties increase, the investors increase their rate of return. This is so because when there is uncertainty, investors make alternative investments that is, they diversify. The Security Market Line is symbolic of the alternative investments made during times of uncertainty. Investors place alternative investments somewhere along the Security Market Line. It is advisable for financial institutions to set their risk- based capital requirements in line with the risks the financial institution faces and commensurate with the returns that equity holders demand. 2.3.4 Management action in increasing the amount of loans disbursed and managing liquidity risk/revenue in financial institutions

Identifying Sources of operational risk Stulz (2003) notes that through identifying sources of operational risks, organizations can increase the size of their operations based on the environment within which risk occurs which is a dynamic one. According to him, risk entails the areas stipulated below; People failures: It should be noted that internal preventive controls are always seen as a source of breakdown yet the true cause of operational loses is people failures. In situations where people lack adequate training and management skills and in situations where there is no segregation of duties, the preventive controls are bound to fail. Inadequate training is a serious setback, yet MFIs require multi-skilled staff, who are not only dedicated but are also able to handle new 44


pressures in microfinance. The uneven quality of management among MFIs is the greatest risk facing microfinance business today. As MFIs grow in size, their businesses become even more complex and the demand for professional management increases. The MFIs that lack management breadth remain higher-risk institutions, and are not likely to emerge as winners in an increasingly competitive environment. Concern about management quality is strongest among investors and regulators whose interventions in the sector depend on receiving the right information on the performance of each MFI. Many MFIs are dominated by managers with a lot of charisma, but with less management skills to steer growth in a professional manner. For instance, very few managers have succeeded in balancing the social and commercial objectives of their respective MFIs to ensure they grow and remain relevant to their clients. Unfortunately, the majority of MFIs are not investing enough in building management skills to match the demands of growth. Process risk (Inadequate or failed internal processes): Many financial institutions understand the importance of having attractive products for niche markets and a lot of innovation occurs at various levels on introducing new types of products and moving away from the “credit only� trend. However, some MFIs are losing clients, by failing to be more innovative. There is need for them to provide a more diverse product range without losing efficiency and increasing transaction costs. The challenge is whether the MFIs have the necessary resources to fund product development. It has for instance been noted that the Agricultural Loan Product- Crop production for example targets both small and large scale farmers and loan limits of three (3) million are too low for large scale commercial farmers. Farmers have considerably grown in number but the funding options remain the same pushing many into multiple borrowing. Systems risk: In the past decade, rapid innovations in the financial sector and the internationalization of financial flows have changed the face of banking almost beyond recognition. The changed environment in which financial institutions find themselves today presents major opportunities for banks but also entails complex and variable risks which challenge the traditional approach to bank risk management. The situation is exacerbated by technological advancement and deregulation which have come with new arrays of banking risks. Improvements in distribution channels are being driven by new technologies, like cash machines and mobile phone banking as well as by the microfinance sector’s mission to reach the financially disadvantaged. Both these drivers pose challenges which MFIs will be presented to 45


meet. The difficulties lie in the cost of investment, the speed of change, the regulatory environment and getting it right. Apart from the low education levels of the MFI clients, a particular challenge lies in getting distribution channels out to remote poor areas which need the service, but lack infrastructure to support modern branches and technology.

The growing

dependence of financial institutions on Information Technology systems is a key source of operational risk. It has come with data corruption problems, whether accidental or deliberate, cyber crime in form of hacking. 2.3.5

Regulatory matters

SACCOs in developing countries are typically constrained by the lack of autonomy from government interference, anachronistic legal frameworks, and lack of an appropriate regulatory framework as well as poor supervisory capacity of the entity responsible for supervising them. Legal frameworks often prevent the adoption of better corporate governance practices. Regulatory frameworks often lack the prudential regulations that are critical for regulating financial institutions, and supervisory agencies often lack the skills and the financial resources to effectively supervise CFIs (Nair, 2007). The CGAP report (2005) also cited lack of adequate participation in decision-making structures by members as another governance challenge facing credit unions in the developing world resulting in dominance of the co-operative by community elites who then use the funds to secure their own position. The more diverse and diffuse the members base is, the more risk there is that members stop identifying themselves with the credit unions, thereby more easily adopting a free-riding attitude, which may result in lower scrutiny and weaker corporate governance. In Uganda, the SACCOs belong to Tier 4 in the Bank of Uganda (BoU) categorization of financial Institutions. Tier 4 Institutions share two key features: first, the BoU does not exercise prudential regulation over them, secondly, they are not authorized to mobilize deposits from the general public. They can accept members’ savings only (voluntary deposits and share capital). SACCOs fall under the Uganda Cooperatives Act 1992, which governs all cooperatives and which charges the Ministry of Trade, Tourism and Industry (MTTI) with maintaining a registry of cooperatives and overseeing their functioning and stability (CGAP report, 2005). According to Kyazze (2010) SACCOs operate under a generic cooperative legal framework, shared with other cooperatives such as growers, marketing and consumers and hence their unique needs as financial institutions go unattended. It should therefore be noted that the lack of appropriate 46


regulatory structures for MFIs in many parts of the world is a threat to their healthy development. Inadequate regulatory structures restrict MFIs’ operating freedoms and create legal uncertainty, particularly by frustrating their transformation efforts or by forcing them to make changes against their will. Poor regulation is mainly attributed to incompetence, bureaucratic heavyhandedness and failure to keep up with a fast growing industry. The CGAP report (2005) generally put it that SACCOs have had a history of instability, often supervised by the same government agency that is responsible for all kinds of non-financial cooperatives, including agricultural and marketing. Such agencies do not have the financial skills and political independence needed to oversee financial intermediaries effectively. This is evidence of legal risk which is an integral part of operational risk. 2.3.6

Risk Management Controls Employed in SACCOs Leadership

“… You can’t control people through policies, procedures and policing. You can only do it through a strong risk management culture and absolute integrity in all leaders.”(Meredith, 2004). This observation is one of the thousands shared by the 300 C-suite executives, who participated in a series of candid discussions spearheaded by a group of Ivey faculty over the past year. Our basic purpose in bringing together these executives was to find out if better leadership could have made a difference in preventing the financial meltdown that led to the recent global economic crisis. The executives found out that good leadership could have and certainly did make a difference, especially with respect to risk management. Many of the business and public sector organizations which emerged unscathed from the meltdown did see the dangers looming on the horizon (Alijoyo, 2004). It was apparent that their people understood the potential impact and wider implications of these problems and took immediate steps to circumvent them. Essentially, these organizations have cultures attuned to potential risks with the ability to manage the dynamics effectively (ibid). By contrast, those who suffered the most during the crisis did not seem to anticipate the risks or problems ahead, especially those that could reverberate across markets and borders (Ehiich & lngram, 2001).

They further note that for instance, when people speak about the banks,

brokerage firms and investment companies which fared so poorly during the crisis, some of the 47


biggest questions revolve around risk. How could they not have known the risks? And if they did know, why didn’t they do something sooner? Were they too timid to tackle the problems, hoping they would just go away? Why didn’t they understand the ramifications of their actions? Could they not foresee how their decisions would inevitably ripple across companies and countries to affect others? Did they even care that investors could lose money? Based on experience, a former CEO and educator of business leaders connotes that the executives leading these organizations should have known about the risks. They should have acted and acted quickly. And they should have felt compelled to act, basically because it was both the right and the smart thing to do (Meredith, 2004). Meredith, 2004) further adds that policies and procedures are not enough. It is the leader’s responsibility to manage risk effectively. That said, a question arises: how do business leaders achieve effective risk management? Fundamentally, leaders have to do three simple things well the researcher believes will change the picture. First, they have to ask the right questions. Second, the best leaders have to consult with a mix of people, with different perspectives, backgrounds and knowledge to predict, assess and manage risk. They will then have to consult with others not only within their own immediate spheres of influence but in other industries and sectors. Good leaders must and will have to welcome different opinions and viewpoints. Because of this, they become aware of potential risks and have the ability to make more informed and inevitably wiser decisions. The research about the global financial meltdown showed that receptiveness to diverse viewpoints and opinions often defined the cultures of companies that survived the crisis and continue to thrive. Third, the most effective leaders during the global financial meltdown were people of good character. They had integrity, courage and compassion. They were careful, prudent and aware of their limitations. As such, they were sensitive about the risks of harming their shareholders through shaky investments. They made sure that any decision they made or any action taken by their firms would ultimately be good for their companies, their shareholders and their customers. Overall, they exhibited an unrelenting determination to contribute to the good of the organization they serve, the people who follow them and the communities in which they operate. By contrast, the worst failing exhibited by some leaders before, during and after the crisis, is that they just did not care about what might happen to other people. Some knew that their companies were building a deck of cards destined to collapse. They must have realized that people could 48


get hurt, and that some investors could lose their life savings. Nevertheless, it didn’t seem to matter. In summary, policies and procedures for predicting, evaluating and managing risk are important. But if leaders don’t ask the right questions, if they don’t seek out a diversity of opinions and perspectives, and if they don’t act with integrity, these rules won’t make any difference. And when that happens, the blame for the damaging consequences rests solely with leadership (The risks associated with governance do not only relate to their lack of skills and other competencies to provide effective leadership and exercise oversight over the MFIs, but also in some cases, Board members engage in practices that are extremely harmful to the organization which they are entrusted to protect. In Uganda, cases are accumulating, where Board members fraudulently share out MFI resources, and where they are actively involved in or collude with management to conceal such fraud through financial misinformation. In some MFIs, Board members are among the worst loan defaulters in the same MFIs. To protect themselves against governance risks, SACCOs should ensure that their Boards comprise the right mix of individuals who collectively represent the technical and personal skills and backgrounds needed by the institution. Figure 8.Conceptual framework for operational risk management & financial performance. Independent variables

Dependent variables Financial Performance

Operational Risk Management    

Identification of Risk Assessment of Risk Monitoring of Risk Mitigation of Risk

Revenue Growth(Increase in Interest Income) management of credit and liquidity risks)

External Factors/Intervening Variables   

Strategic targets Laws &Regulations Market Factors Suppliers

Sources; Ian Storkey, 2001.

49

 

Profitability in terms of returns(OSS, ROE,ROCE, OE, Asset efficiency, Operating Margin),Loan Portfolio(PAR, Delinquency to gross loan portfolio, Loans to assets-asset base, Interest Cover, Sales), Gearing Liquidity(Capacity ratio, Savings to deposit ratio)


As illustrated in figure 8, a direct cause- effect relationship between operational risk management and Wazalendo SACCO’s performance is intercepted by intervening variables. Financial Performance is a variable dependent on Operational Risk Management which is an independent variable. Key factors in adequate operational risk management include; Leadership and strategy alignment, system monitoring and continued improvement, and Training and Staff involvement in ORM. These are perceived to directly affect the institution’s Statement of Financial position i.e, the balance sheet and income statement/statement of comprehensive income. Major positions affected are the Loan to asset ratio, Portfolio at Risk, Interest Cover Ratio, Debt ratio and the Return on Equity.

2.7 Conclusion It is advisable for financial institutions to focus on risk and its management for purposes of counteracting the challenges of the rapid innovations which have emanated.

50


CHAPTER THREE METHODOLOGY 3.1. Introduction This chapter consists of the research design, study population, data collection methods, research instruments and ethical issues that are likely to arise during data collection and the analytical method adopted. Harrison and Herbohn, suggest steps that are of a forward and a backward linkage. This study was a cross sectional design coupled with both, qualitative and quantitative approaches. For survey and analysis of literature, qualitative analysis was used whereas, figures accruing out of records and personal opinion, quantitative analysis was used. The quantitative research methodology was more relevant for the study as it enabled the researcher to obtain relevant information from the sample group through questionnaires with closed and open-ended questions. According to Bless, Higson-Smith &Kagee (2007:44), quantitative research relies primarily upon measurement and uses various scales. Numbers form a coding system by which different cases and different variables may be compared. Systematic changes in scores were interpreted or given meaning in terms of the actual world that they represent. Numbers have the advantage of being exact. Another advantage of numbers is that they can be analysed using descriptive and inferential statistics (Bless et al, 2007:44-45).

Further approaches used in this research were a combination of the descriptive and analytical approaches. Firstly, the researcher described operational risk management and financial performance in Uganda. Secondly, these practices were analyzed using applicable legislation to establish compliance and also the contribution of operational risk management towards the performance of the financial institution. The quantitative approach using a suitably constructed questionnaire provided additional pertinent information for purposes of the empirical survey. The questionnaire was formulated by the researcher working under the close guidance of the supervisor.

51


3.2 Research Design The case design was chosen in preference to other research designs because it allows conducting in-depth, face-to-face interviews with key respondents within the study area (Kothari, 2006). The study employed both the qualitative and quantitative research approaches. The qualitative approach was used to describe variables that are not measurable in quantitative terms while the quantitative approach was used in testing the hypotheses using inferential statistical techniques like correlation and regression. 3.3 Study Population The study population comprised all employees within Wazalendo SACCO Head office and the composition of the population is shown in Table 3.1: Table 3.1 Composition of the study population Department

Number of employees

Finance and Administration

50

ICT

44

Risk and Compliance/ Assurance

18

Internal Audit

10

Total

122

Source: Human Resource Records, 2013 3.4

Data collection procedures

A supporting letter from the School of Business Administration was obtained explaining the objectives of the research. This was taken to the management of Wazalendo SACCO seeking for clearance to obtain the required data for purposes of this study. A letter of further introduction and acceptance from the Ministry of Defence Leadership was obtained. This created a free environment for each respondent to respond to the questionnaire without fear or bias. III.6

Data collection methods

Multiple data collection methods were used to collect the data and this is because no single method of data collection can guarantee 100 per cent accurate data (Mpaata, 2009).

52


The data collection methods involved the use of interviewing, observation and documentary review. A review of related literature involved reviewing any existing written data about Wazalendo SACCO; Risk Management and Financial Performance. This method aimed at strengthening the authenticity of the data collected. Research questionnaires were sent to the field two weeks before they are collected to allow the respondents enough time to exercise positive judgement. 3.6.1 Interviews This is person to person verbal communication where the interviewer asks the interviewee questions intended to elicit information. The purpose was to collect information that cannot be directly observed and to further capture the meaning beyond words that a questionnaire was not able to capture. Here the researcher engaged selected Wazalendo staff to face to face interviews and transcribed their responses, analyse their content in relation to the themes of the study because they were the ones that were carrying out activities that generated or created risk for Wazalendo and this was the best method to capture such information because it helped to clarify unclear questions (Amin, 2005) Interviewing provided qualitative data which backed up the quantitative data collected using questionnaire survey 3.6.2

Questionnaire survey

A questionnaire is simply a ‘tool’ for collecting and recording information about a particular issue of interest. It is mainly used to capture quantitative information about population. A selfadministered questionnaire (SAQ) was provided by the researcher to the identified and selected respondents, both the management and staff of Wazalendo SACCO and their contacts were taken by the researcher. The respondents were given a week within which to answer the questionnaires which were then collected by the researcher from the customercare assistant from Wazalendo SACCO.

3.6.3

Documentary Review

In the secondary analysis of qualitative data, good documentation cannot be underestimated as it provides necessary background and much needed context both of which make re-use a more worthwhile and systematic endeavor. Documentary review is the reviewing of already existing 53


documents according to Amin (2005). The researcher therefore employed this method to capture the general information on the operational risk management and financial performance of Wazalendo SACCO 3.7 Data collection instruments The data collection instruments comprised of the following: a self-administered questionnaire (SAQ), interview guide, Documentary review and observation checklist. 3.7.1

Self-administered questionnaire (SAQ)

A structured self-administered questionnaire was given to all the respondents containing questions keyed to probing into all the constructs of Operational Risk Management and Financial Performance at Wazalendo SACCO Ltd since the study was concerned with variables that cannot be directly observed such as views, perceptions and feelings of the respondents. 3.7.2

Interview Guide

The researcher formulated questions that were in line with the objectives of the study and these were posed to the respondents in a face to face interaction where the researcher asked the respondents and their responses were transcribed by the researcher. 3.7.3

Observation Checklist

A checklist of what was to be observed by the researcher was drawn up in relation to the intended observable actions and against this the researcher noted what was being carried out in Wazalendo SACCO 3.7.4

Documentary review

Documentary review consisted of reviewing a variety of existing sources such as Wazalendo SACCO’s published and unpublished documents, various publications, magazines and newspapers reports, historical documents and other sources of published information. 3.8 Quality control of data collection Instruments A pilot study was conducted to test both the questionnaire and interview guides which were prepared by the researcher. Validity and reliability are important concepts in the acceptability of the use of an instrument for research purposes. Validity refers to the appropriateness of the 54


instrument in collecting the data that is supposed to be collected while reliability refers to its consistency in measuring whatever it is intended to measure (Amin, 2005) 3.8.1

Content Validity

Sekaran (2003) suggests that content validity ensures that the measure includes an adequate and representative set of items that tap the concept. It is a function of how well the dimensions and elements of a concept have been defined. The data collection instruments were also discussed with the research supervisors and academic colleagues to ensure validity. The questionnaires were edited and coded and then entered into the computer. This was done to enable data to be well cleaned before analysis is done. As can be seen below, the formula for Content Validity Index (CVI) is: CVI = No. of items rated relevant Total no. of items As recommended by Amin (2005), for the instrument to be valid, the average index should be 0.7 or above and as can be seen. Therefore this made the instrument valid. Results of the Content validity index Variables

Content validity index

Number of items

Reduced risk of liquidity loss

0.7227

5

Amount of loans disbursement

0.831

5

Revenue growth

0.759

5

SACCO profitability

0.756

5

Source: Primary data (2015) 3.8.2

Content Reliability

The data collection tools designs were subjected to reliability or dependability test to determine the relationship between the variables. The reliability of the instrument was ascertained using the test-retest procedure. The researcher also examined the content of the interview questions to find out the reliability of the instrument. The researcher excluded irrelevant questions and changed words that were deemed difficult by the respondents, into much simpler terms. 55


3.9

Data processing

The data collected was processed for proper analysis. This involved cross checking the completed SAQs to check for any errors. This process involved editing the data, coding the data, entering the data into a computer and then summarizing the data. The editing process was required to ensure that the data is complete and as required. It also helped in eliminating inconsistencies or obvious errors due to arithmetical treatment or typing inaccuracies. 3.10

Data analysis

The summarized data was analysed so as to generate sense out of the data. The data was analysed using descriptive and inferential statistical techniques. Descriptive measures were used so as to be able to meaningfully describe the data with measures like measures of central tendency, and measures of variation. Inferential statistical techniques like correlation and regression analysis was used to establish key relationships and also in testing the hypotheses. 3.11

Ethical considerations in the study

The study put into consideration the following ethical concerns as it sought to achieve its main objectives; the study did not take the respondents un-confidentially; the study was carried out without compromise to plagiarism and any disrespect towards the respondents and the supervisor, also the study made use of all the procedures of research standards as established by Nkumba University and as the Supervisors advised

3.12

Limitations to the study

In undertaking the study, the research encountered some challenges which were however addressed in the study as:

(1) Supervision constraints Coming up with the research proposal was so difficult to due to the busy schedule of the supervisor however, the supervisor managed to squeeze time for the whole research process. 56


(2) Financial constraints The study was costly in terms of expenses and stagnation i.e. one position all the time without moving to the next chapters of the dissertation. But some relatives supported financially and this was also motivated by encouragement from new supervisor. The format of research was different from one supervisor to other and this had a negative impact on the researcher, however, the researcher managed to blend in with the requirements. Supervision delays were also one of the series of limitations experienced during this difficult time of research. However, the supervisor managed to put in extra time for supervision towards the deadline. (3) Reference text books It was difficult in finding the relevant books in the university library with which to use related to the selected topic for research study. However, the researcher visited Uganda Management institute library which had relevant textbooks for reference purposes.

57


CHAPTER FOUR THE RISK CONTROL PRACTICES THAT ARE EMPLOYED BY WAZALENDO SACCO 4.1

Introduction

In this chapter, the study introduces Wazalendo SACCO, the Characteristics of the respondents and then presents the findings in respect to objective number one of the study. 4.1.1

Response rate

This section presents the response rate according to the number of questionnaires distributed and according to the number of questionnaires returned. The response rate represented 66% of the total distributed questionnaires which provides valid and reliable inference which is internationally accepted since it is above 50% (Mugenda and Mugenda, 1990) Table 3.2

Response rate

Questionnaires

Frequency

Percentage

Number of

122

100

80

66

questionnaires distributed Number of questionnaires returned Source: Primary Data (2015)

4.2 Key information about Wazalendo

58


4.3 Characteristics of the respondents A total of 122 respondents were selected for the study. The researcher considered the sex, age, marital status, level of education and occupation of respective respondents. 4.3.1

Sex of the respondents

The researcher considered the sex of the respondents and in this regard 45 of the respondents were females while 51 were males. This is a good representative fraction since the ratio of males to females in the study was almost 1:1. The figures are displayed in the following table and pie chart. Table 4.2: Showing sex of the respondents Sex

Number of respondents

Percentage (%)

Females

38

47

Males

42

53

Total

80

100

Source: Primary Data, 2015 The above shows that the majority of the respondents sampled were males which was (53%) of the percentage total sampled. On the other hand, 47% of the respondents sampled were females of the total percentage of the respondents sampled. This is explains that WASACCO employs more females than males. They are females who are more trusted in financial issues and their resilience level to job challenges is higher than that of men. The male employees are involved in providing logistical and administrative support as well as field duties. High male numbers contribute high risk which affects the financial performance of the organization because they are not so susceptible to risk management controls and can therefore risk more compared to thier female counterparts thus increasing risks in the organization.. The above information was depicted in a pie chart below:

59


Figure ..........: Pie chart showing the sex distribution of the respondents Females

53%

Males

47%

Source: Primary Data 2015 4.3.2

Age of the respondents

As reflected in the table below the majority of the respondents are mature adults respondents with the intellect to provide the required relevant values and information for the study. 60


Table 4.3: Showing the age of the respondents Age 0-25 25-35 35-45 45-55 55 and above Total Source: Primary Data, 2015

Number of respondents 6 24 20 15 15 80

Percentage (%) 6 30 25 19 19 100

The majority of respondents were between the age of 25-45 (61%) compared to 39% which is 45 years and above. This is because when it comes to SACCO profitability and performance, the majority of the people concerned are the energetic youthful workers. Age was an important factor in risk management and SACCO profitability because people of the same age bracket often share similar or related ambitions and easily relate with each other. This is mostly through communication because they easily approach each other in case of issues to address. In addition, there is good cohesion among people in the same age group since their ambitions and aspirations are similar in most cases. The above information was depicted in a line graph shown below: Figure ...............Line Graph showing the age of the respondents 35 30 25 20 15 10 5 0 0-25

25-35

35-45

Source: Primary Data, 2015

61

45-55

55+


4.3.3

Education level of the respondents.

The researcher further considered the education level of the respondents in order to check their level of understanding and competences and the results are illustrated in the following table. Table 4.4: Showing the education level of the respondents Education level Number of respondents Primary level 3 Secondary level 10 Diploma level 28 Degree level 33 Post Graduate 6 Total 80 Source: Primary Data, 2015

Percentage (%) 2 13 35 41 8 100

From table 4.4 the largest percentage of the respondents were people who have attained post secondary education.35% of the respondents are educated to Diploma level, 41% are educated to Degree level while 13%are educated to secondary level, 8% to post graduate level, and 2% to primary level. From this analysis the post graduate are mainly in management, degree and diploma holders are in the implementation while secondary and primary are mainly in the support staff. The above findings were depicted in the bar graph below: Figure.............. Bar graph showing education level of respondents 45 40 35 30 25 20 15 10 5 0 Primary

Secondary

Diploma

Source: Primary Data, 2015

62

Degree

Post Graduate


4.3.4

Positions occupied by the respondents.

The respondents were occupying different positions in the agency. For purposes of Tabulation they are grouped as implementing staff, members, board members, SACCO Members and support staff as illustrated in the following table. Table 4.5: Showing the positions of the respondents Positions of the respondent Technical staff Board members SACCO members Support staff Total Source: Primary Data, 2015

Number of respondents 26 4 28 22 80

Percentage (%) 32 5.2 35 27.8 100

The findings in table 4.5 show that the positions occupied by the respondents were: 1 general manager, 5 management board members, 7 in the internal control function, 23 were Cashiers, 34 SACCO Members, and 26 support staff. Figure .... Pie chart showing the positions of the respondents Technical staf

Board memember

27%

Sacco members

Support staf

32%

5% 35%

Source: Primary Data, 2015 4.3.5

Respondents according to job experience

Respondents who participated in the study according to job experience are summarized in Table below 63


Table 4.6

Distribution of respondents according to job experience

Variables

Frequency

Percentage

Less than 1 year

17

22

2-5 years

42

52

5-10 years

5

6

Above 10 years

16

20

Total

80

100

Source: Primary Data (2015) Findings indicated that majority of the respondents had worked with the WASACCO for 2 years and above (52%), the respondents who had worked for less than a year were 22%, the respondents who had worked for 5-10 years were 06 %, the respondents who had worked for over 10 years were 20%. Since the majority had worked for 2 years and above at WASACCO implied that the SACCO has experienced staff who could properly handle the issues of risk management and boost profitability. Teamwork was more mentioned in the category of workers who had worked for 2-5 years. This also implied that the respondents had enough experience with the SACCO activities and were therefore able to draw from their wealth of experience to answer the questionnaire appropriately. The above findings also indicated that there is a high staff retention capacity since very few staff leave or transferred for other jobs annually at WASACCO. Job experience was responsible for risk management at the SACCO because people who have worked longer in a place easily identify with each other and with the values of the institution. It minimizes conflicts resulting from ambiguity in role performance or work values and mission. 4.3.6

Distribution of respondents according to marital status

This section presents the distribution of respondents according to gender. Table 4.7

Respondents according to marital status

Category Married

Frequency

Percentage

38

47 64


Single

34

Divorced

43

or 8

10

Separated Total

80

100

Source: Primary Data, 2015 The above table shows that the majority of the respondents 47% were married, 43% were single and 10% were divorced or separated. Married people seem to be more stable and tend to concentrate more on their jobs for financial support of their families. Single people in their hardworking stages also tend to concentrate on their jobs so that they can enhance their skills for better employment. They also tend to work hard as they use earning from their jobs to develop themselves. This indicates that the two categories (married and single) constituting the respondents are able to perform very well in the presence of effective communication, teamwork and good risk management practices The marital status of employees was found to be an important factor because people of the same status easily relate with each other, thus fostering good relations among employees which improves their performance and the performance of the SACCO in general. 4.4

Risk Management Controls employed in Wazalendo SACCO

Objective number one of the study was: to examine the risk management controls/practices that are employed by Wazalendo SACCO. Here the study focused on: Top Management commitment to the successful implementation of the Risk Management Program; tailoring of the SACCO’s Risk Management objectives to its strategic/business objectives; There is dissemination of Risk Management information across the entire organization; Management of Operational Risk forms an integral part of the strategic decision making process; and there is a Risk Management Compliance and Policy Manual in place. The results that emerged are shown in the Table below.

Table 4.8: Descriptive statements on Risk Management Controls employed in Wazalendo SACCO Statements on Risk Management Controls employed in Wazalendo SACCO Top Management is committed to the successful

Percentage (Frequency) SDA

DA

U

A

SA

2.5(2)

10.0 (8)

33.8(27 )

3.8(3)

50.0(40)

65

Mea n

Standard

3.43

.823

Deviatio n


implementation of the Risk Management Program (by providing adequate financial resources to promote Risk Management activities). The SACCO’s Risk Management objectives have been tailored to its strategic/business objectives.

71.3(57)

12.5(10 )

2.5(2)

5.0(4)

8.8(7)

1.64

1.193

There is dissemination of Risk Management information across the entire organization

6.2(5)

18.8(15 )

00(0)

15.0(12 )

60.0(48)

3.59

1.144

Management of Operational Risk forms an integral part of the strategic decision making process.

83.7(67)

13.8(11)

2.5(2)

00(0)

00(0)

1.64

1.193

There is a Risk Management Compliance and Policy Manual in place.

2.5(2)

10.0 (8)

33.8(27 )

3.8(3)

50.0(40)

3.43

.823

There is proper identification of Key Risk Indicators/early warning indicators prior to any evaluation.

71.3(57)

12.5(10 )

2.5(2)

5.0(4)

8.8(7 )

1.64

1.193

There is regular submission of reports containing pertinent information to Senior Management and the Board of Directors that compliments the proactive management of operational risk.

00(0)

00(0)

2.5(2)

80(64)

17.5(14)

1.19

.453

Risk management information systems are engaged to record, track

50.0(40)

10.0 (8)

33.8(27 )

3.8(3)

2.5(2)

3.43

.823

66


and monitor risk management activities. There is continuous reviewing and updating of Risk Management Plans

71.3(57)

12.5(10 )

2.5(2)

5.0(4)

8.8(7)

1.64

1.193

There are self assessment checks for adherence to the Risk Management Policy.

6.2(5)

18.8(15 )

00(0)

15.0(12 )

60.0(48)

3.59

1.144

The SACCO has a well designed Disaster Recovery and Business Continuity Plan

83.7(67)

13.8(11)

2.5(2)

00(0)

00(0)

1.19

.453

Employees and management are endowed with adequate Risk Management skills

71.3(57)

12.5(10 )

2.5(2)

5.0(4)

8.8(7)

1.64

1.193

There is continuous reception of appropriate training

6.2(5)

18.8(15 )

00(0)

15.0(12 )

60.0(48)

3.59

1.144

There is consultation and involvement of employees in the Risk Management implementation exercise

83.7(67)

13.8(11)

2.5(2)

00(0)

00(0)

1.19

.453

There is collective participation in all risk management activities for purposes of registering achievements.

6.2(5)

18.8(15 )

00(0)

15.0(12 )

60.0(48)

3.59

1.144

Source: Primary Data SDA= Strongly Disagree, DA= Disagree, U= Uncertain, A= Agree and SA= Strongly Agree. Table 4.8 shows the statements on Risk Management Controls employed in Wazalendo SACCO, the percentage responses, the mean and standard deviation. The disagreement side consists of both strongly disagree and disagree and agreement side consists of both the strongly agree and 67


agree. The mean values above 3.00 as revealed in the table above show that most respondents were in agreement with the Risk Management Controls employed in Wazalendo SACCO. The standard deviation results or values above 1.00 show differences in respondents` views, while values below 1.00 indicate commonalities of opinions. However as the case above, many respondents deviated from the main argument. This therefore prompted the researcher to look into the percentage analysis of each item. 4.4.1

Top Management is committed to successful implementation of the Risk Management Program

According to Nair (2007) there should be regular reporting of pertinent information to senior management and the board of directors that supports the proactive management of operational risk. An effective monitoring process is essential for adequately managing operational risk. Regular monitoring activities can offer the advantage of quickly detecting and correcting deficiencies in the policies, processes and procedures for managing operational risk. On Top Management commitment to successful implementation of the Risk Management Program, the majority of the respondents of 53.8% agreed, 12.5% disagreed and 33.8% were uncertain. This means that Top Management was committed to successful implementation of the Risk Management Program. These findings are in line with Nair (2007) that an effective monitoring process can help identify key material risks in a transparent manner and enable the financial institution to act upon these risks appropriately. The frequency of monitoring should reflect the risks involved and the frequency and nature of changes in the operating environment. Monitoring should be an integrated part of a financial institution’s activities. The results of these monitoring activities should be included in regular management and board reports, as should compliance reviews performed by the internal audit and risk management functions. Senior management should receive regular reports from appropriate areas such as business units, group functions, the operational risk management office and internal audit. The operational risk reports should contain internal financial, operational, and compliance data, as well as external market information about events and conditions that are relevant to decision making.

68


4.4.2

Tailoring of the SACCO’s Risk Management objectives to strategic/business objectives

According to Stulz (2003), Tailoring of the SACCO’s Risk Management objectives to strategic/business

objectives

will

involve

strategy selection

and

business

planning.

Misunderstood portfolio concentrations, flawed funding models and poorly timed acquisitions will imply poor strategic risk management. The respondents on tailoring of the SACCO’s Risk Management objectives to strategic/business objectives, 13.8% disagreed and 83.8% agreed and only 2.4% were uncertain. This means that on the whole, tailoring of the SACCO’s Risk Management objectives was aligned with its strategic/business objectives. This was further justified in an interview with two interviewees, who were cited as saying “ ... with risk management, the reality is that the business has to first focus on its strategic business objectives and these provide the basis for its risk management objectives....” Regarding whether the SACCO’s Risk Management objectives have been tailored to its strategic/business, the majority agreed that there are risk Management objectives tailored to its strategic/business objectives. Interviewees added that this is done in teams, where tasks are reviewed, and management guides teams at different levels. Peer reviews are carried out in terms of annual appraisals to assess SACCO’ performance. Whilst this is the commonly held view of strategic business alignment in relation to risk management, this calls for alignment of risk with the business. In bleak times and fair, the success of an organization depends greatly on how it translates its strategy into management of the business. When it comes to taking strategic control, most financial institutions have taken firm control of the risk agenda, imposing and monitoring balance sheet limits, targeting risk weighted assets reductions and splitting core from noncore assets. 4.4.3

There is dissemination of Risk Management information across the entire organization; Management of Operational Risk forms an integral part of the strategic decision making process; and there is a Risk Management Compliance and Policy Manual in place 69


NIST SP (800-137) notes that there should be dissemination of Risk Management information across the entire organization; Management of Operational Risk forms an integral part of the strategic decision making process; and there is a Risk Management Compliance and Policy Manual in place. The findings reveal that the majority respondents of 75% agreed and 25% disagreed. It can be concluded that on the whole there is dissemination of Risk Management information across Wazalendo SACCO; there is also management of Operational Risk which forms an integral part of the strategic decision making process; and there is a Risk Management Compliance and Policy Manual in place. The interviewees on dissemination of Risk Management information across the entire SACCO, agreed that the supervision of juniors helps to solve conflicts as they come up, thereby leading to improved financial performance. The Commandant who heads the SACCO at strategic management is the general supervisor and he ensures that his subordinates such as the General Manager, Branch managers and heads of departments such as legal, political, procurement, finance, records and intelligence equally conduct appropriate supervision. However, external assignments which require some officers to travel to fields and other distant areas for work assignments limit the amount of supervision conducted. And in such cases the responsible officers are required to produce accountability and report. This accounts for 21.9% of the respondents who reported that there is dissemination of Risk Management information across the entire organization. Heath Field (2011) agrees that there is need to ensure employee involvement, teams, and employee empowerment which enable people to make decisions about their work. When management involve employees in decisions and use team building to foster relationships, this helps to increase loyalty and foster engagement. If management is serious about building a successful work team, it can be tough and challenging because people bring everything about whom they are to the team. But in order to do this, management have to close their eyes and involve employees as a way of easily disseminating risk management information. Given the circumstances, business owners are then faced with making a decision about risk management and continuous alignment of the business’ strategic objectives. Once criteria have been set and the search conducted, the owner must make a choice. 70


4.4.4

Management of Operational Risk forms an integral part of the strategic decision making process

According to NIST SP 800-137, management of Operational Risk forms an integral part of the strategic decision making process in that there will be on going assessment and analysis of the effectiveness of all security controls that will provide reporting on the security posture of information systems. The findings on this revealed that the majority of the respondents 97.5% disagreed and 2.5% were uncertain that management of Operational Risk forms an integral part of the strategic decision making. The findings point out that Management of Operational Risk did not form an integral part of the strategic decision making process in Wazalendo SACCO. 4.4.5

There is a Risk Management Compliance and Policy Manual in place

Deming (1986) says that organizations faced with extensive risks, should have a Training Policy and Risk Management Compliance and Policy Manual in place for purposes of identifying and eliminating employment barriers which adversely affect people from designated groups, increase adversity in all occupational categories and levels, make reasonable accommodation to ensure that all groups enjoy equal opportunities and are equitably represented, retain and develop people from designated groups and implement training measures in terms of skill development. On this, the findings revealed that the majority of the respondents of 53.8% agreed followed by 12.5% who disagreed and 33.8% were uncertain. Having a Risk Management Compliance and Policy Manual in place leads to improved productivity, improved competitiveness and the development of the workers skills.

NIST SP 800-137 also notes that when it comes to Continuous /Regular risk reporting, Risk Management Compliance and Policy Manual provides an avenue where attention is given to Continuous Monitoring of Systems. Consideration is given to overall residual risk, broken down by inherited risk, accepted risk and risk to be mitigated. This presence of a risk Management Compliance and Policy Manual will enable the organization to remain competitive and risk free. Risk management compliance if enforced, is widely believed 71


to help business organizations with internal risk management, reduce attrition of the work force caused by risk averse operations� (Huang, 2000).

4.4.6

There is proper identification of Key Risk Indicators/early warning indicators prior to any evaluation

According to NIST SP 800-137, proper identification of Key Risk Indicators/early warning indicators prior to any evaluation can assist in risk control. This is supported by Dorfman (1997) who notes that goals and targets can be defined as the key risk areas and performance indicators can be developed to control risk. The findings revealed that proper identification of Key Risk Indicators/early warning indicators prior to any evaluation did not control risk in Wazalendo SACCO because only13.8% agreed and the majority 83.8% disagreed and only 2.5% were uncertain. This means that on the whole, there was no proper identification of Key Risk Indicators/early warning indicators prior to any evaluation. This was further justified by an interviewee who said that even if the organization had a risk management framework in place, there was no proper identification of key risk indicators probably that the rik management framework was not tailored to Ugandans. Thus, proper identification of Key Risk Indicators/early warning indicators prior to any evaluation is seen to enable the definition of goals and targets that can assist in risk control.

4.4.7

There is regular submission of reports containing pertinent information to Senior Management and the Board of Directors that compliments the proactive management of operational risk

Regular submission of reports containing pertinent information to Senior Management and the Board of Directors that compliments the proactive management of operational risk fits well with in the Monitoring, Reporting and Continuous Improvement (NIST SP 800-137). The findings 72


reveal that the majority respondents of 97.5% agreed and 2.5% were uncertain. It can be concluded that on the whole that in Wazalendo SACCO there was Regular submission of reports containing pertinent information to Senior Management and the Board of Directors that compliments the proactive management of operational risk. Additionally, Dorfman (1997) says that Regular submission of reports containing pertinent information to Senior Management and the Board of Directors that compliments the proactive management of operational risk will enable standardizing the system and continuously improving it. Regular financial stability assessment and the identification of macroprudential leading indicators signaling emerging risks to the SACCO are of major importance for supervisory authorities. The stability and efficiency of the risk management system ensures the optimal allocation of capital resources in an organization, and regulators therefore aim to prevent crises and their associated adverse feedback effects on the real performance of the SACCO 4.4.8

Risk management information systems are engaged to record, track and monitor risk management activities

Heath Field (2011) points out that a focus on Risk management information systems will enable the organization to be engaged in recording, tracking and monitoring risk management activities. The findings on this revealed that the majority of the respondents 60% disagreed, 33.8% were uncertain and 6.3% agreed that Risk management information systems were engaged to record, track and monitor risk management activities in Wazalendo SACCO. The findings are further reinforced by an interviewee who said that â€œâ€Śthe organization did not invest in any information systems to monitor risk because even at the Bombo ATM there was no CCTV system implying that the only system we rely on is the report from the transactions...â€? It can be concluded that Risk management information systems were not engaged by Wazalendo SACCO to record, track and monitor risk management activities.

73


4.4.9

There is continuous reviewing and updating of Risk Management Plans

Heath Field (2011) notes that without a continuous reviewing and updating of Risk Management Plans, the organization in the wake of technological improvements, faces more risk than ever before. It is therefore necessary to continue with the trend while fortifying the organization against new risks. The study findings indicate that 13.8% agreed and 83.8% disagreed and only 2.5% were uncertain that there is continuous reviewing and updating of Risk Management Plans. This means that on the whole, the SACCO did not regularly update its risk management plans Given the nature of the financial sector and continuous advancement in technology, financial institutions have to continuously update its risk management plans.

4.4.10 There are self assessment checks for adherence to the Risk Management Policy. Self- assessment checks for adherence to the Risk Management Policy Improve assessment, understanding and communication of risk and this ensures more effective risk management and therefore safer outcome for service users and staff. The findings reveal that the majority respondents of 75% agreed and 25% disagreed. It can be concluded that on the whole that Self- assessment checks for adherence to the Risk Management Policy were in place and that was to the existing risk management policy. According to the Dorfman (1997), these also guide decision making and the identification of areas for further assessment and intervention to reduce and manage risk. These documents can be shared with all those involved in the service user’s care if appropriate and should communicate the risks in a clear and comprehensive way.

4.4.11 The SACCO has a well designed Disaster Recovery and Business Continuity Plan Having a well designed Disaster Recovery and Business Continuity Plan enables an organization to continue with its operations smoothly even if the inevitable happens. According to Stulz

74


(2003) risk a multi-faceted and complex subject can appear daunting; but having a well designed Disaster Recovery and Business Continuity Plan enable an organization to continue operating. The findings on this revealed that the majority of the respondents 97.5% disagreed and 2.5% were uncertain that the SACCO has a well designed Disaster Recovery and Business Continuity Plan. These findings contradict Stulz (2003) who notes that a well designed Disaster Recovery and Business Continuity Plan will enable business continuity as well as offer insurance and assurance to stake holders of the organization in case of any disaster. If financial institutions are to minimize the risk of operation, it is therefore necessary to focus on having a well designed Disaster Recovery and Business Continuity Plan. 4.4.12 Employees and management are endowed with adequate Risk Management skills Deming (1986) points that adequate Risk Management skills are a result of training. Risk management skills refer to ability or proficiency to manage risk effectively. According to her, any functioning organization should have a Training Committee in place which should be tasked to prioritize the skills which are critical in terms of sustainable growth and development such as Risk Management skills The findings on this revealed that the majority of the respondents of 83.8% disagreed, 13.8% agreed and 2.5% were uncertain. Since the majority had disagreed, employees and management of Wazalendo SACCO were not endowed with adequate Risk Management skills. Those employees that are actively involved in the business were mostly dealing with money which is such a sensitive issue and therefore training in risk management was undertaken but according to the study findings, employees and management did not possess adequate risk management skills. It was therefore important that having employees and management with adequate risk management skills to explore a potentially rewarding but quite risky redefinition of their client base or the realignment of their current services to their present clients—changes they believe need to be at least considered if the SACCO is to have a reasonable chance of growing so that it can fulfill its current mission.

75


This will enable the organization to be vigilant in setting and monitoring risk limits; building, validating, stress testing and back-testing data and models; working with regulators to provide assurance that clients and stakeholders are being protected; and to assist the business units in looking at the next deal in light of the risks involved 4.4.13 There is continuous reception of appropriate training Deming (1986) also adds that there should be continuous reception of appropriate training because this enhances learning which will improve on the trainees’ uptake of skills. The findings on this indicate that the majority respondents of 75% agreed and 25% disagreed. It can be concluded that in Wazalendo SACCO there was continuous reception of appropriate training. This finding strengthens Deming’s conclusions that without skills, employees and management will be seen to be receptive to appropriate training which will increase learning thus create an atmosphere where the employees and management deem themselves to have adequate risk management skills. Stulz (2003) in line with Demming notes that promoting quality training for all through skills development facilitates the acquisition of appropriate and critical skills such as risk management skills. This is advantageous to the organization because with the acquisition of skills, it will achieve its objectives 4.4.14

There is consultation and involvement of employees in the Risk Management implementation exercise

Most programmes are good when implemented but when they are not then they do not serve the purpose. Consultation and involvement of employees in the Risk Management implementation exercise offers the company or business with a road map which can be used to reach its objectives. A business owner should consult with a number of resources to help create an effective risk management implementation exercise. Usually, over time, business owners develop relationships with trusted financial advisors, bankers, legal counsel, accountants, and colleagues. Additionally, the board of directors should play a strong role in creating and implementing the Risk Management exercise. However, it is dangerous to involve too many people. The result can be 76


too much noise and not enough action. It is most important to include people with different perspectives so the resulting plan reflects a comprehensive approach. (Ward, 2004). The findings on this revealed that the majority of the respondents 97.5% disagreed and 2.5% were uncertain that there is consultation and involvement of employees in the Risk Management implementation exercise. This implies that management did not involve employees in decision making about the risk management implementation exercise and this shows a low level of trust among the management and staff of the SACCO making it more risk prone.

4.4.15. There is collective participation in all risk management activities for purposes of registering achievements According to Heath Field (2011) when it comes to risk, the whole organization is concerned especially if the organization deals in finance related matters. Collective participation in all risk management activities for purposes of registering achievements is thus important in an organization’s strategy for operational risk control and mitigation. The findings on this indicate that the majority respondents of 75% agreed and 25% disagreed. It can be concluded that on the whole that Collective participation in all risk management activities for purposes of registering achievements was carried out in Wazalendo SACCO. Businesses with this kind of participation were more like to be sustainable compared to those without because those without failed to set up effective strategies to manage risk (Heath Field, 2011). 4.5

Correlation Results for Risk Management Controls and Financial performance

A Pearson correlation technique was run and results got were used to determine whether there is a relationship between Risk Management Controls and Financial performance. The Pearson correlation used revealed a strong statistically significant relationship between Risk Management Controls and Financial performance.. The study found out that the majority respondents unanimously agreed that the Risk Management Controls affected the process that ensured that the Financial performance continues and remains sustainable. Correlations

77


Table 4.9: Correlation Results for Risk Management Controls and Financial performance Risk Management Financial performance Controls Risk Management Controls

Financial performance

Pearson Correlation Sig. (2-tailed) N

1 80

Pearson Correlation Sig. (2-tailed) N

.722** .000 80

.722** .000 80 1 80

**. Correlation is significant at the 0.05 level (2-tailed). Source: SPSS Data Results from the correlation analysis presented in Table 4.10 above revealed; Pearson correlation (r .722**), sig value p > 0.05,(.000)at 95% confidence level, N=80.Results show a statistically significant relationship between Risk Management Controls and Financial performance. This meant that the relationship was significant between the two variables implying that the risk management controls that Wazalendo SACCO employed significantly affect its financial performance. Therefore, the alternative hypothesis that was earlier postulated is accepted (H1 accepted). 4.6 Regression results for Risk Management Controls and Financial performance A regression technique (model summary) was run to establish the percentage effect that risk management controls on financial performance and the results that emerged are presented in the Table 4.10.

78


Model Summary Table 4.10: Model Summary results for Risk Management Controls and Financial performance

Model R

R Square

Adjusted Square

1

.521

.517

.722a

R Std. Error of the Estimate .44297

a. Predictors: (Constant), risk Source: SPSS Data

The coefficient of determination (Adjusted R square) value is 0.517; this implied that risk management is explained only 52.1% of financial performance of Wazalendo SACCO. From all the results the alternate hypothesis earlier postulated, operational risk management significantly affects financial performance of Wazalendo SACCO.

79


CHAPTER FIVE HOW THE APPROACH TO OPERATIONAL RISK MANAGEMENT HAS AFFECTED THE MEMBERS’ RETURNS AND THE SACCO’S PROFITABILITY. 5.1

Introduction

This chapter presents the results in respect to objective two of the study on how the approach to operational risk management affects the members’ returns and the SACCO’s profitability.

5.2

Operational Risk Management Approach and members’ returns and SACCO’s profitability

The presentation focuses on: meeting targets for past three years; improvement in the Loan to Asset Ratio over the past three years; Risk Management’s reduction of the SACCO’s Portfolio at Risk; Improvement in Interest Cover Ratio as a result of adequate Risk Management; and improvement in Debt Ratio attributed to the effective Operational Risk Management mechanisms in place. The results that emerged are shown in the Table below. Table 5.1: Descriptive statements on how the approach to operational risk management affects the members’ returns and the SACCO’S profitability Statements on how the approach to operational SDA risk management affects the members’ returns and the SACCO’S profitability

Percentage Response (frequency)

DA

U

A

SA

We have met our targets for the past three years

5.0(4)

00(0)

3.8(3)

88.8(71)

2.4(2)

Mean

Standard Deviation

80

3.86

.670


There is an improvement in the Loan to Asset Ratio over the past three years

10(8)

2.4(2)

00(0)

11.3(9)

76.3(61)

1.51

1.079

Risk Management has greatly reduced the SACCO’s Portfolio At Risk

3.6(3)

00(0)

8.8(7)

28.8(23)

58.8(47)

1.58

.808

The Interest Cover Ratio has also been improved as a result of adequate Risk Management

36.3(29)

38.8(31) 12.5(10) 6.3(5)

6.3(5)

2.08

1.145

The Debt Ratio has also improved and this is attributed to the effective Operational Risk Management mechanisms in place

86.3(69)

00(0)

00(0)

1.27

.693

13.8(11)

00(0)

Source: Primary Data SDA= Strongly Disagree, DA= Disagree, U= Uncertain, SA= Strongly Agree, and A= Agree. Table 5.1 above shows the statements on how the approach to operational risk management affects the members’ returns and the SACCO’S profitability. The disagreement side consists of both strongly disagree and disagree and the agreement side consists both the strongly agree and agree. The mean values above 3.00 as revealed in the table above show that most respondents were in agreement on the approach to operational risk management and how it affects the members’ returns and the SACCO’S profitability. The standard deviation results or values above 81


1.00 show differences in respondents` views, while values below 1.00 indicate commonalities of opinions. However as the case above, many respondents deviated from the main argument. This therefore prompted the researcher to look into the percentage analysis of each item. 5.2.1

Meeting targets over three years

In order to reduce risks, strategic planning entails setting target and those that are to meet those targets. Diverting from those targets puts the organization in risk because the targets enable the organization meet its objectives. The study findings revealed that 92.6% of the respondents agreed that the organization had met its targets over three years and 7.4% disagreed. What was concluded is that the risk management framework has been one of the factors that had enabled the SACCO to meet its targets This is critical to the success of the business, and if the targets are not met then there is a problem which needs identification implying that not so much care has been taken in assessing the state of operations in the organization. Operational risks are known to exist in businesses and business managers need to understand the operational risks embedded in their business activities. Though operational risk exposures are identified, business managers get know the financial impact of these risks. This means that reasonable estimates of the potential hits (charges) to the profit and loss statement are provided as long as the targets of the business are met (Stulz, 2003). 5.2.2

Improvement in the Loan to Asset Ratio over the past three years

According to Demming (1998) improvement in the loan to asset ratio overtime implies a good risk management framework as most profits arising from operations will have been realized and risks minimized. The findings indicated that the majority 87.6% of the respondents were in agreement, 12.4% disagreed. What was concluded was that there had been an improvement in the loan to asset ratio in Wazalendo SACCO. This was further justified in an in-depth interview, one interviewee was quoted as saying “……..the SACCO has realized more assets increase in the last two years and its capital and assets are worth 800 billion…” There is therefore need for the SACCO to use the improvement in the loan to asset ratio as an indicator of growth as well as performance of its operational risk management framework. 82


Looking at the level of improvement in the loan to asset ratio will act as an indicator of its level of risk management (Heath Field, 2011, Deming, 1986). 5.2.3

Risk Management’s reduction of the SACCO’s Portfolio at Risk

Heath Field (2011); Deming (1986) also point out that if a portfolio’s Risk is reduced due to the risk management framework employed, then the risk management used is working. The findings revealed that 87.6% of the respondents agreed that the SACCO’s Portfolio at Risk had been reduced an implication that the risk management model and framework employed in Wazalendo SACCO was helping to eliminate operational risks resulting in reduced portfolio at risk. 5.2.4

Improvement in Interest Cover Ratio as a result of adequate Risk Management

Adequate Risk Management is every financial institution’s dream so that they have adequate cover for operations. Adequate risk management improves the loan to asset ratio as well as interest cover ratio. The findings on this reveal that 75.1% of the respondents disagreed on this. However 24.9% were uncertain, 12.6% agreed. The conclusions drawn were that in Wazalendo SACCO there was no improvement in Interest Cover Ratio. This implies that there was an area that the operational risk management framework employed by Wazalendo SACCO that was not properly looked at resulting in inadequate Risk Management However, as Heath Field (2011) suggests, improvement in the interest cover ratio alone does not imply adequate risk management but looking at the overall risk management plan with proper staff with risk management skills, risk management in operations can significantly improve as long as risks permitted are minimal. 5.2.5

Improvement in Debt Ratio attributed to the effective Operational Risk Management mechanisms in place

It has been correctly observed that when there are effective Operational Risk Management mechanisms in place, this improves Debt Ratio according to Demming (1998). The findings revealed that 86.3% disagreed and 13.8% were uncertain implying that the debt ratio had not improved. This meant that the SACCO was not meeting its capital requirements. 83


The reasons for this are attributable to the lack of focus on the operational risks within Wazalendo SACCO This was further justified by an interviewee who said sometimes the financial reports were made just to satisfy the stakeholders but what was really happening was behind the counters

Also during the study, respondents reported that the approach to Wazalendo SACCO’s operational risk management called for improvement and this was in the areas of skills provision or employment of Non- military personnel with skills to run the SACCO. Because sometimes orders were orders as in the army but with civilian personnel, the possibility of risk would probably be minimal. Heath Field ( 2011) shows that it is important to create a risk management plan that will focus on improving the debt ratio while accepting minimal risk. There is therefore need for Wazalendo SACCO to make its risk management mechanisms more effective so as to improve on its debt ratios so as to be of good financial standing with the ability to cover its capital requirements. 5.3

Correlation Results for approach to operational risk management and the SACCO’s profitability

A Pearson correlation technique was run and results got were used to determine whether there is a relationship between approach to operational risk management and the SACCO’s profitability. The Pearson correlation used revealed a strong statistically significant relationship between approach to operational risk management and the SACCO’s profitability. The study found out that the majority respondents unanimously agreed that the Wazalendo’s approach to operational risk management improved the SACCO’s profitability. The correlations are summarized in the table below:

84


Table 5.1: Correlation Results for approach to operational SACCO’s profitability approach to operational risk management approach to operational risk management Pearson Correlation 1 Sig. (2-tailed) N 80 The SACCO’s profitability Pearson Correlation .617** Sig. (2-tailed) .000 N 80

risk management and the The SACCO’s profitability

.617** .000 80 1 80

**. Correlation is significant at the 0.05 level (2-tailed). Source: SPSS Data Results from the correlation analysis presented in Table 5.2 above reveals; Pearson correlation (r .617**), sig value p > 0.05 (.000) at 95% confidence level, N=80.Results show a statistically significant relationship between approach to operational risk management and The SACCO’s profitability. This means that the relationship was significant between the two variables implying that the the approach to risk management that Wazalendo SACCO employed significantly affect it’s the SACCO’s profitability. Therefore, the alternative hypothesis that was earlier postulated is accepted (H1 accepted). 5.4 Regression results for approach to operational risk management and the SACCO’s profitability A regression technique (model summary) was run to establish the percentage effect that the approach Wazalendo SACCO used to manage its operational risk and its effects on the SACCO’s profitability, the result that emerged are presented in the Table 5.3.

85


Model Summary Table 5.2: Model Summary results for approach to operational risk management and the SACCO’s profitability Adjusted

R

Model R

R Square

Square

Std. Error of the Estimate

1

.380

.376

.44297

.617a

a. Predictors: (Constant), risk management Source: SPSS Data The coefficient of determination (Adjusted R square) value is 0.376; this implies that risk management is explained only 38% of the SACCO’s profitability and the remaining 62% was explained by other factors.

86


CHAPTER SIX MANAGEMENT ACTION TAKEN TO INCREASE THE AMOUNT OF LOANS DISBURSED AND MANAGE LIQUIDITY RISK/REVENUE GROWTH IN THE SACCO.

6.1

Introduction

This chapter presents the results in respect of objective number three of the study on the management action taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO. 6.2

Management action taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO

The presentation here focused on: The presence of periodic observation of the institution’s portfolio of risk exposures to detect and give timely warning of change; continued support in improving in the skills and capabilities of the institution’s management and staff by the Board; and Risk Intelligence sustenance and dependence on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner.. The results that emerged are shown in the Table below. Table 6.1: Descriptive statements on the extent to which appropriate management action been taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO. Statements on the extent to which appropriate management action been taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO. There is periodic observation of the

Percentage Response (frequency) SDA

DA

U

A

SA

26.3(21

3.8(3)

53.8(43

00(0)

16.3(13

87

Mean Standard Deviatio n

2.64

1.046


institution’s portfolio of risk exposures to detect and give timely warning of change There is continued support in improving in the skills and capabilities of the institution’s management and staff by the Board of WSACCO

)

)

00(0)

Risk Intelligence in 3.8(3) WSACCO is sustainable and depends on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner.

)

00(0)

88.8(71 )

11.2(9) 00(0)

26.3(21 )

2.5(2)

6.3(5)

61.3(49 )

3.23

3.40

0.636

1.063

Source: Primary Data SDA= Strongly Disagree, DA= Disagree, U= Uncertain, SA= Strongly Agree, and A= Agree.

6.2.1

The presence of periodic observation of the institution’s portfolio of risk exposures to detect and give timely warning of change

Periodic observation of the institution’s portfolio of risk exposures to detect and give timely warning of change is important as a risk management measure for a financial institution. According to Cagan (2001), the presence of periodic observation of the institution’s portfolio of risk exposures will enable the organization to guard itself against possible further risk. The findings of the study indicate that 30.1% of the respondents disagreed and 16.3% agreed that there is periodic observation of the institution’s portfolio of risk exposures to detect and give timely warning of change. However, 53.8% were uncertain. The findings imply the lack of

88


periodic observation of the institution’s portfolio of risk exposures to detect and give timely warning of change. This is a dangerous inability. This according to Cagan (2001) is a must do because even if financial institutions have policies, processes and procedures to control and/or mitigate material operational risks. Financial institutions should also periodically review their risk limitation and control strategies and should adjust their operational risk profile accordingly using appropriate strategies, in light of their overall risk appetite and profile. These Control activities will address the operational risks that have been identified. There is therefore need for Wazalendo SACCO to undertake periodic observation of its portfolio of risk exposures for all material operational risks that have been identified. The SACCO’s management will then decide whether to use appropriate procedures to control and/or mitigate the risks, or bear the risks. 6.2.2

Continued support in improving in the skills and capabilities of the institution’s management and staff by the Board

Continued support in improving in the skills and capabilities of the institution’s management and staff by the Board is in itself involvement of the staff in risk management thereby showing its importance and continued support for improved performance and in this case financial performance. The findings showed that the majority of the respondents 88.8% were uncertain and 11.2% disagreed. What can be concluded is that there was lack of continued support in improving in the skills and capabilities of the institution’s management and staff by the Board . Yet as Cagan (2001) notes continued support enables the the board of directors to receive sufficient higher-level information to enable them to understand the overall operational risk profile and focus on the material and strategic implications for the business Therefore Wazalendo SACCO’s Board of directors needs to provide continued support in improving in the skills and capabilities of the institution’s management and staff for improved performance and in this case financial performance.

89


6.3

Risk Intelligence sustenance depends on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner

Vaughan (2002) shows that the extent of the external party’s liability and financial ability to compensate the financial institution for errors, negligence, and other operational failures should be explicitly considered as part of the risk assessment. He further adds that Risk Intelligence sustenance depends on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner The field findings on this challenge indicate that the majority of the respondents 67.6% respondents agreed that Risk Intelligence sustenance depended on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner. However, 2.5% were uncertain, 30.1% disagreed. This implies that in carrying out operational risk management in Wazalendo SACCO, Risk Intelligence sustenance depended on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner was not carried out. The findings point out that financial institutions should carry out an initial due diligence test and monitor the activities of third party providers, especially those lacking experience of the financial industry’s regulated environment, and review this process (including re-evaluations of due diligence) on a regular basis.

6.3

Correlation Results for management action taken to increase loans disbursed and management of liquidity risk/revenue growth

A Pearson correlation technique was run and results got were used by the researcher to determine whether there is a relationship between appropriate management action and increase in loans disbursed and management of liquidity risk/revenue growth. The Pearson correlation used revealed a strong statistically significant relationship between appropriate management action and increase in loans disbursed and management of liquidity risk/revenue growth. The study found out that the majority respondents unanimously agreed that appropriate management action increased the amounts of loans disbursed and management of liquidity risk/revenue growth. The correlations are summarized in the table below: 90


Table 6.3: Correlation Results for management action taken to increase in loans disbursed and management of liquidity risk/revenue growth increase in loans management action disbursed and management of liquidity risk/revenue growth Management action

increase in loans disbursed and management of liquidity risk/revenue growth

Pearson Correlation

1

.796**

Sig. (2-tailed)

-

.000

N

80

80

Pearson Correlation

.796**

1

Sig. (2-tailed)

.000

-

N

80

80

**. Correlation is significant at the 0.05 level (2-tailed). Source: SPSS Data Results from the correlation analysis presented in Table 6.2 above reveals; Pearson correlation (r .796**), sig value p > 0.05,(.000)at 95% confidence level, N=80.Results show a statistically significant relationship between management action taken to increase loans disbursed and manage liquidity risk/revenue growth. This means that the relationship was significant between the two variables implying that the actions management had taken towards operational risk management in Wazalendo SACCO significantly increased the amount of loans disbursed and management of liquidity risk/revenue growth. 6.2

Regression results for appropriate management action and increase in loans disbursed and management of liquidity risk/revenue growth

A regression technique (model summary) was run to establish the percentage effect that management action had taken to increase on loans disbursed and manage liquidity risk/revenue growth , the result that emerged are presented in the Table below: 91


Model Summary Table 6.4: Model Summary results for management action taken to increase on loans disbursed and manage liquidity risk/revenue growth Adjusted

R

Model R

R Square

Square

Std. Error of the Estimate

1

.634

.629

.41236

.796a

a. Predictors: (Constant), manage Source: SPSS Data The coefficient of determination (Adjusted R square) value is 0.629; this implied that increase in loans disbursed and management of liquidity risk/revenue growth is explained by 63.4% of the use of appropriate management action and the remaining 36.6% was explained by other factors.

92


CHAPTER SEVEN TOWARDS HARMONIZING OPERATIONAL RISK MANAGEMENT AND FINANCIAL PERFORMANCE IN WAZALENDO SACCO 7.1

Introduction

This chapter discusses the various constructs of operational risk management and the extent to which each construct affects financial performance in Wazalendo SACCO. The findings in this chapter provide the basis for recommendations in this study. 7.2

Various constructs of operational Risk management and financial performance of Wazalendo SACCO.

These constructs are discussed below: 7.2.1

Top Management is committed to successful implementation of the Risk Management Program

This means that regular reporting of pertinent information to senior management and the board of directors that supports the proactive management of operational risk enable their commitment. These findings are in line with Nair (2007) that an effective monitoring process can help identify key material risks in a transparent manner and enable the financial institution to act upon these risks appropriately. From the above findings; the study showed that Top Management is committed to successful implementation of the Risk Management Program.

7.2.2

Tailoring of the SACCO’s Risk Management objectives to strategic/business

objectives According to Stulz (2003), misunderstood portfolio concentrations, flawed funding models and poorly timed acquisitions will imply poor strategic risk management. The findings indicated that the SACCO’s Risk Management objectives were aligned with its strategic/business objectives. Stulz notes that tailoring of an organization’s Risk Management objectives to strategic/business objectives will involve strategy selection and business planning.

93


The findings agree with Stulz (2003), who notes that in bleak times and fair such as the current times, the success of a company depends greatly on how it translates its strategy into management of the business. The findings point out if Wazalendo SACCO is to take strategic control, they have to make the most of it by taking firm control of the risk agenda, imposing and monitoring balance sheet limits, targeting risk weighted assets reductions and splitting core from noncore assets. This will put them in a strategic position to minimize the prospects of misunderstood portfolio concentrations, flawed funding models and poorly timed acquisitions.

7.2.3

There is dissemination of Risk Management information across the entire organization; Management of Operational Risk forms an integral part of the strategic decision making process; and there is a Risk Management Compliance and Policy Manual in place

According to the findings, Wazalendo SACCO disseminated Risk Management information across the organizations. the findings also indicated that in Wazalendo SACCO there was management of Operational Risk forming an integral part of the strategic decision making process; and there is a Risk Management Compliance and Policy Manual in place. The findings agree with NIST SP (800-137) notes that there should be dissemination of Risk Management information across the entire organization; Management of Operational Risk forms an integral part of the strategic decision making process; and there is a Risk Management Compliance and Policy Manual in place. The presence of risk management activities as well as the integration of operational risk management and the presence of a compliance manual did not translate in a risk free environment implying that if Wazalendo SACCO was to eliminate the prospect of noncompliance, the risk management framework should involve implementation and enforcement of risk management.

7.2.4

Management of Operational Risk forms an integral part of the strategic decision making process

94


The findings revealed that the management of operational risk did not form an integral part of the strategic decision making in Wazalendo SACCO. These findings contrast with the NIST SP 800137 which states that management of Operational Risk should form an integral part of the strategic decision making process so that there will always be an on going assessment and analysis of the effectiveness of all security controls. This will form a basis for reporting on the security posture of information systems. The SACCO should therefore make the management of operational risk management so that continuous monitoring should support risk management decisions to help maintain organizational risk tolerance at acceptable levels

7.2.5

There is a Risk Management Compliance and Policy Manual in place

Having a Risk Management Compliance and Policy Manual in place leads to improved productivity, improved competitiveness and the development of the workers skills. The study revealed that Wazalendo SACCO had a risk management compliance manual in place These findings support Deming (1986) who says that organizations faced with extensive risks, should have a Training Policy and Risk Management Compliance and Policy Manual in place. The findings were also in line with the NIST SP 800-137 also notes that when it comes to Continuous /Regular risk reporting, Risk Management Compliance and Policy Manual provides an avenue where attention is given to Continuous Monitoring of Systems. Consideration is given to overall residual risk, broken down by inherited risk, accepted risk and risk to be mitigated.

7.2.6

There is proper identification of Key Risk Indicators/early warning indicators prior to any evaluation

Lack of proper identification of key risk indicators is a dangerous state of affairs especially for financial institutions. The findings revealed that there was no proper identification of Key Risk Indicators/early warning indicators prior to any evaluation. It is also worse that even if the organization have that is not implemented, then no proper identification of key risk indicators can take place. The findings contrast with the NIST SP 800-137, which states that proper identification of Key Risk Indicators/early warning indicators prior to any evaluation can assist 95


in risk control. This is supported by Dorfman (1997) who notes that goals and targets can be defined as the key risk areas and performance indicators can be developed to control risk. The use of risk management frameworks developed abroad may also create an environment that is not implementable in the case of developing countries and this calls for carrying out proper identification of Key Risk Indicators/early warning indicators prior to any evaluation in Wazalendo SACCO to assist in risk control

7.2.7

There is regular submission of reports containing pertinent information to Senior Management and the Board of Directors that compliments the proactive management of operational risk

Regular submission of reports containing pertinent information to Senior Management and the Board of Directors compliments the proactive management of operational risk. The findings revealed that in Wazalendo SACCO there was Regular submission of reports containing pertinent information to Senior Management and the Board of Directors that compliments the proactive management of operational risk. The findings support earlier work by Dorfman (1997) who notes that regular submission of reports containing pertinent information to Senior Management and the Board of Directors that compliments the proactive management of operational risk will enable standardizing the system and continuously improving it. 7.2.8

Risk management information systems are engaged to record, track and monitor risk management activities

In the current information age, technology has provided platforms for better management of information. information systems have the ability to record, track and monitor various activities . The findings on this revealed that Risk management information systems were not engaged by Wazalendo SACCO to record, track and monitor risk management activities. The findings are in contrast to Heath Field (2011) who pointed out that a focus on Risk management information systems will enable the organization to be engaged in recording, tracking and monitoring risk management activities. 96


In order for this to occur, the implementation of Risk management information systems would enable Wazalendo SACCO to record, track and monitor risk management activities which would go a long way in reducing operational Risk. 7.2.9

There is continuous reviewing and updating of Risk Management Plans

The study findings revealed that on the whole, that the SACCO did not regularly update its risk management plans. The findings suggest that given the nature of the financial sector and continuous advancement in technology, this calls for Wazalendo SACCO to continuously update its risk management plans. These findings contrast with Susan Heath Field (2011) who notes that without a continuous reviewing and updating of Risk Management Plans, the organization in the wake of technological improvements, faces more risk than ever before. It is therefore necessary to continue with the trend while fortifying the organization against new risks 7.2.10 There are self assessment checks for adherence to the Risk Management Policy. Self assessment checks for adherence to risk management policy create individual awareness to risk management which if carried out by all individual in the organization translates into adherence to risk management and overall consciousness to operational risks. The findings revealed that Self- assessment checks for adherence to the Risk Management Policy were in place and that was to the existing risk management policy. The findings agree with Dorfman (1997) who notes that, they will also act as a guide decision making and the identification of areas for further assessment and intervention to reduce and manage risk. These documents can be shared with all those involved in the service user’s care if appropriate and should communicate the risks in a clear and comprehensive way.

7.2.11 The SACCO has a well designed Disaster Recovery and Business Continuity Plan According to Stulz (2003) risk a multi-faceted and complex subject can appear daunting; but having a well designed Disaster Recovery and Business Continuity Plan enable an organization to continue operating. The findings on this reveal that the SACCO did not have a well designed Disaster Recovery and Business Continuity Plan. These findings thus do not agree with Stulz (2003) who notes that a 97


well designed Disaster Recovery and Business Continuity Plan will enable business continuity as well as offer insurance and assurance to stake holders of the organization in case of any disaster. 7.2.12 Employees and management are endowed with adequate Risk Management skills The findings revealed that the employees and management of Wazalendo SACCO were not endowed with adequate Risk Management skills. The findings indicated the need for training because in the face of ever changing technology without updating of the SACCO’s risk management plans, training will update the employees’ ability or proficiency to manage risk effectively. The findings reinforce Deming’s (1986) conclusions that for any functioning organization there should be a Training Committee in place which can identify training needs of the organization and be in position to prioritize the skills which are critical in terms of sustainable growth and development and in the context of financial institutions training in areas as Risk Management skills 7.2.13 There is continuous reception of appropriate training The findings indicate that that there was continuous reception of appropriate training. This finding strengthens the above finding that Employees and management were not endowed with adequate Risk Management skills calls for continous update of risk management skills. The continued reception of appropriate training would definitely lead to uptake and maintenance of useful skills which would thus increase learning and create an atmosphere where the employees and management would have adequate risk management skills. The findings are in line with Deming (1986) and Stulz (2003) who point out that promoting quality training for all through skills development facilitates the acquisition of appropriate and critical skills such as risk management skills. Continuous reception of training will improve the performance of the employees within the organization because with the acquisition of skills, it will achieve its objectives

98


7.2.14 There is consultation and involvement of employees in the Risk Management implementation exercise Consultation and involvement of employees in the Risk Management implementation exercise offers the company or business a road map which can be used to reach its objectives. The findings reveal that there was no consultation and involvement of employees in the Risk Management implementation exercise. Involvement of staff in risk management implementation exercise would eliminate the perception that staff are not to be trusted and this would make them own the exercise which can go a long way in creating awareness on areas that the organization is more risk prone and probably bring out areas that may have been accidently left out but can be recognized by staff thereby improving the whole risk management process. This called for consultation and involvement of employees in the Risk Management implementation exercise within Wazalendo SACCO because this helps to create an effective risk management implementation exercise 7.2.15 There is collective participation in all risk management activities for purposes of registering achievements Collective participation in all risk management activities for purposes of registering achievements is important in an organization’s strategy for operational risk control and mitigation because when it comes to risk, the whole organization is concerned especially if the organization deals in finance related matters (Heath Field, 2011). The findings on this reveal There is collective participation in all risk management activities for purposes of registering achievements. It can be concluded that on the whole that Collective participation in all risk management activities for purposes of registering achievements was carried out in Wazalendo SACCO.

99


Businesses with this kind of participation were more like to be sustainable compared to those without because those without failed to set up effective strategies to manage risk. 7.2.16 Meeting targets over three years The study findings reveal that the organization had met its targets over three years and meeting targets was one of the objectives any organization. Failure to meet targets would imply a problem which needs identification implying that not so much care has been taken in assessing the state of operations in the organization. This therefore points out the need for monitoring set targets in order to identify potential pitfalls in company strategy. The findings agree with Deming (1986) who states that monitoring the performance of activities that have bench marks allows the company or organization to see how good or poor they are performing. Wazalendo had met some of the targets over the last three years but could do better if it entirely focused on all areas of risk management and implemented their strategies to manage risk. 7.2.17 Improvement in the Loan to Asset Ratio over the past three years

Maintaining low levels of loan to Asset ratio indicates evidence of adequate operational risk management. The findings indicate that the there was an improvement in the loan to asset ratio over the past three years. What was concluded was that Wazalendo SACCO carried out operational risk management which led to the Improvement in the Loan to Asset Ratio. The findings concur with Heath Field (2011); Deming (1986) who point out that proper operational risk management results in improvement of the loan to asset ratio. 7.2.18 Risk Management’s reduction of the SACCO’s Portfolio at Risk Heath Field (2011); Deming (1986) also point out that if a portfolio’s Risk is reduced due to the risk management framework employed. The findings reveal that Wazalendo SACCO had reduced its Portfolio at risk. This is an indication that the risk management framework employed in Wazalendo SACCO was working. 7.2.19 Improvement in Interest Cover Ratio as a result of adequate Risk Management The findings indicated that there had been little or no improvement in the Interest Cover Ratio in Wazalendo SACCO. The findings suggest that using the improvement in the Interest Cover Ratio as an indicator of growth as well as performance could be indicative of how the SACCO 100


manages its operational risk. The findings are in contrast to those of Heath Field (2011) and Deming (1986). Wazalendo SACCO therefore need to focus on its interest cover ratio as this will enable pay interest on its debts which if low will make the operations of the organization unprofitable and may lead to bankruptcy 7.2.20 Improvement in Debt Ratio attributed to the effective Operational Risk Management mechanisms in place The findings revealed that the SACCO’s Debt Ratio had not improved and this is probably attributable to the ineffectiveness of the Operational Risk Management mechanisms in place. The findings are in contrast to Deming (1998) who point out that with effective Operational Risk Management mechanisms in place, there is bound to be an improvement in the Debt ratio. Wazalendo SACCO therefore needs to look critically at improving its debt ratio which will enable it to meet its capital requirements. 7.2.21 The presence of periodic observation of the institution’s portfolio of risk exposures to detect and give timely warning of change The findings on the study indicated a dangerous inability by Wazalendo SACCO that is the lack of periodic observation of the institution’s portfolio of risk exposures to detect and give timely warning of change. This implies that the organization was not in position to guard itself against possible further risk Periodic observation of the institution’s portfolio of risk exposures to detect and give timely warning of change is important as a risk management measure for a financial institution. The findings contradict with Cagan (2001) who notes that the presence of periodic observation of the institution’s portfolio of risk exposures provide the organization with information to safeguard itself against future risk 7.2.22 Continued support in improving in the skills and capabilities of the institution’s management and staff by the Board

The findings revealed that there was lack of continued support in improving in the skills and capabilities of the Wazalendo’ management and staff by the Board. 101


Continued support in improving in the skills and capabilities of the institution’s management and staff by the Board is important to the organizations because as Cagan (2001) notes continued support enables the the board of directors to receive sufficient higher-level information to enable them to understand the overall operational risk profile and focus on the material and strategic implications for the business Therefore Wazalendo SACCO’s Board of directors should provide continued support in improving in the skills and capabilities of the institution’s management and staff for improved performance and in this case financial performance. 7.2.23 Risk Intelligence sustenance and dependence on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner

The field findings on this indicate that there was no Risk Intelligence sustenance and dependence on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner. Risk Intelligence sustenance and dependence on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner. These findings contradict findings by Vaughan (2002) who shows that the extent of the external party’s liability and financial ability to compensate the financial institution for errors, negligence, and other operational failures should be explicitly considered as part of the risk assessment. The findings point out that financial institutions should carry out an initial due diligence test and monitor the activities of third party providers, especially those lacking experience of the financial industry’s regulated environment, and review this process (including re-evaluations of due diligence) on a regular basis.

102


CHAPTER EIGHT SUMMARY, DISCUSSIONS CONCLUSION AND RECOMMENDATIONS 8.1

Introduction

This chapter presents a summary of the findings, conclusions and recommendations and areas for future research.

8.2

Summary of findings

The study examined the relationship between Operational Risk Management and Financial Performance. It focused on Wazalendo SACCO as a case. This study specifically examined the risk management controls/practices employed by Wazalendo SACCO; how Wazalendo SACCO’s approach to Operational Risk Management has affected the members’ returns and the SACCO’s profitability; and the management action taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO. The summary is based on the three objectives of the study as shown below:

8.2.1

The risk management controls/practices employed by Wazalendo SACCO.

The variable output on Risk Management Controls and Financial performance of (.722 **), (.000) at 95% confidence level, showed a statistically significant relationship between Risk Management Controls and Financial performance. From the descriptive statistics, it was further found out that on average most of the respondents were in agreement with the statements posed on Risk Management Controls and Financial performance. The mean values above 3.00 as revealed in the table 4.1 shows that most respondents were in agreement with the Risk Management Controls employed in Wazalendo SACCO. The standard deviation results or values above 1.00 show differences in respondents` views, while values below 1.00 indicate commonalities of opinions. The research findings when interpreted meant that the relationship was significantly in that the risk management controls employed by the SACCO greatly contributed to its financial performance. 103


Findings further revealed that there was top management commitment to successful implementation of the risk management programme. The Organization’s risk management objectives were tailored to its strategic/business objectives. Wazalendo SACCO disseminated risk management information across the entire organization. However, it did not form an integral part of the strategic decision making process which called for making the management of operational risk management an integral part of the strategic decision making process so that continuous monitoring should support risk management decisions to help maintain organizational risk tolerance at acceptable levels. The SACCO was found to have a Risk Management Compliance and Policy Manual in place. This led to improved productivity, improved competitiveness and the development of the workers skills in the organization. There was however lack of proper identification of Key Risk Indicators/early warning indicators prior to any evaluation which did not control risk in Wazalendo SACCO

Additionally, it was found that there was Regular submission of reports containing pertinent information to Senior Management and the Board of Directors that compliments the proactive management of operational risk although the SACCO had not yet engaged in Risk management information systems to record, track and monitor risk management activities which probably increased the levels of operational risks in the organization. The SACCO also lacked regular update of its risk management plans. Self- assessment checks for adherence to the Risk Management Policy were in place to the existing risk management policy though this was limited due to lack of a well designed Disaster Recovery and Business Continuity Plan an implication that if disaster struck, the organization would find it hard to recover. According to the findings however, adequate Risk Management skills of the employees and management of Wazalendo SACCO were found to be lacking but were usually receptive to appropriate training. However, the organization did not involve or consult in the implementation of the risk management exercise. The organization though, offered collective participation in all risk management activities for purposes of registering achievements.

104


8.2.2 How the approach to operational risk management affects the members’ returns and the SACCO’s profitability Descriptively, the statistics portrayed that the risk management framework had enabled the organization to meet its targets over three years, there was also an improvement in the loan to asset ratio, and the SACCO’s Portfolio at Risk had been reduced as well as Improvement in Interest Cover Ratio as a result of adequate Risk Management an implication that the risk management model and framework employed in Wazalendo SACCO was eliminating operational risks resulting in reduced portfolio at risk though the operational risk management mechanisms in place had not improved the debt ratio implying they were ineffective. The variable output on approach to operational risk management and The SACCO’s profitability of (.617**), (.000) at 95% confidence level, showed a statistically significant relationship between the approach to operational risk management and The SACCO’s profitability

8.2.3

The extent to which appropriate management action been taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO

The Underlying statements posed on the management action taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO indicated that there was no periodic observation of the institution’s portfolio of risk exposures to detect and give timely warning of change thus putting the organization at risk. There was also lack of continued support in improving in the skills and capabilities of the institution’s management and staff by the Board and also a lack of Risk Intelligence sustenance and dependence on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner. There was a statistically significant relationship between appropriate management action and increase in loans disbursed and management of liquidity risk/revenue growth. The variable output of (.796**), (.000) at 95% confidence level, showed a statistically significant relationship between the two variables.

105


8.3

Conclusions of findings

8.3.1

The risk management controls/practices employed by Wazalendo SACCO

The risk management controls/practices employed by Wazalendo SACCO include leadership and strategy alignment, monitoring and continuous improvement and training and staff involvement in risk management although staff are not involved in risk management implementation exercises.

8.3.2

How the approach to operational risk management affects the members’ returns and the SACCO’s profitability

The SACCO’s approach to operational risk management affected the members’ returns and the SACCO’s by enabling the organization to meet its targets over three years. This caused an improvement in the loan to asset ratio also reducing the SACCO’s Portfolio at Risk as well as improving its interest Cover Ratio. However, the operational risk management mechanisms in place had not improved the debt ratio implying they were ineffective. 8.3.3

The extent to which appropriate management action been taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO

The extent to which appropriate management action had been taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO was not appropriate

8.4 Recommendations Based on the findings and conclusions, the following are recommendations of the study;

106


8.4.1 The risk management controls/practices employed by Wazalendo SACCO 1. To improve on the risk management controls/practices employed by Wazalendo SACCO, the management should make operational risk management an integral part of the strategic decision making process so that continuous monitoring can support risk management decisions to help maintain organizational risk tolerance at acceptable levels. 2. The SACCO should undertake proper identification of Key Risk Indicators/early warning indicators prior through regular review of their risk management reports to evaluate the risks the SACCO is prone to. 3. The SACCO should also have regular updates of its risk management plans given the nature of the financial sector and continuous advancement in technology to reduce on its operational risk. 4. The SACCO should design a good Disaster Recovery and Business Continuity Plan which should include will go a long way in averting am major crisis in case of a disaster. 5. The SACCO should also involve or consult employees in the implementation of the risk management exercise through selecting them to be on the risk management implementation team. This will make them feel part of the organization and will improve their motivation to manage operational risks

8.4.2 How the approach to operational risk management affects the members’ returns and the SACCO’s profitability 1. It is suggested that the SACCO should strive to improve on its debt ration by employing an operational risk management framework that will focus on eliminating and leaving debts to acceptable levels

107


8.4.3

The management action taken to increase the amount of loans disbursed and manage liquidity risk/revenue growth in the SACCO

1.

The SACCO should undertake periodic observation of the institution’s portfolio of risk exposures through continuous systems auditing to detect and give timely warning of change in order to minimize operational at risk.

2.

The Board of directors should continue to support improvement of skills and capabilities of the institution’s management and staff through employment of training which will go a long way in reducing operational risk management

3.

The organization should provide Risk Intelligence sustenance through continuous monitoring and dependence on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner so as to improve on decision making in matters of operational risk management.

8.5

Contributions of the study

There is a strong belief by the researcher that this study has substantially contributed to the existing body of knowledge. At the time of conceptualization of this study there were no sufficient answers to the research objectives, however the researcher now has got confidence that all the answers to the objectives were answered sufficiently. It’s therefore paramount to assert that the study has been able to examine the relationship between Operational Risk Management and Financial Performance. The findings show that there is a relationship between operational risk management and financial performance. This relationship is significant in relation to the types of operational risk management controls employed.

8.6

Areas of further research

108


1. The findings of this study focused on examining the relationship between Operational Risk Management and Financial Performance in Wazalendo SACCO. Further research could consider the area of risk management training and financial performance of the SACCO. 2. This study was restricted to Wazalendo SACCO which is a small section of the Financial Sector as regards operational Risk Management. Though there is a degree of confidence with which conclusions can be drawn from the results. The focus was narrow, there is need to undertake studies of the same nature for the entire Financial Sector.

109


REFERENCES Adams RB, Mehran H (2005). Corporate Performance, Board Structure and its Determinants in the Banking Industry. Working Paper. EFA 2005 Moscow Meetings. Aghion PB (1992). An Incomplete contracts Approach to Financial Contracting. Review of Economic Studies 59: 473-94. Agrawal A, Knoeber CR (1996). Firm performance and mechanisms to control agency problems between managers and shareholders. Alexander. Carol and Sheedy (2004). The professional risk manager handbook A Comprehensive guide to current theory and best practice. PRMIA Publications, Wilmington Alijoyo. Antonius (2004). Focused enterprise risk management. Indonesia Jakarta Amihud Y, Lev B (1981). Risk reduction as a managerial motive for conglomerate mergers. Bell Journal of Economics, 12(2): 605-617. Arthur JB (1994).Effects of human resource systems on manufacturing performance and turnover. International Academy of Management Journal, 37: 670–687. Ashbaugh-Skaife H, Collins DW, LaFond R (2006). The Effects of Corporate Governance on firms’ Credit Ratings. Journal of Accounting and Economics, 42 (1-2): 2003-2043. Augustine (2012). Good practice in Corporate Governance: Transparency, trust and performance in microfinance industry. Business society 2012 51:659 Ayali. N. (2000). Using Commercial insurance to avoid project risk. A journal on International/Financial Law Review. 146 (1) 5 0-54. Bailey, KL) (1994). Methods of Social Research. 4th edition. New York Macmillan Inc. Ball R (2001). Infrastructure Requirements for an Economically System of Public Financial Reporting and Disclosure. Brookings- Wharton papers on Financial Services. Washington DC: Brookings Institution Press, 2001:127-83 Banerji K, Sambharya RD (1996). Vertical Kerietsu: An international market entry: The case of the Japanese automobile ancillary industry. Journal of International Business Studies, 27: 89-114. Batt R (2002).Managing customer services: Human resource practices, quit rates, and sales growth’, International Academy of Management Journal, 45:587-597. Bhagat S, Black BS (2000). Board Independence and Long-Term Firm Performance. Working Paper, University of Colorado. 110


Black BS, Jang H, Kim W (2006). Does Corporate Governance Predict Firm’s Market Value: Evidence from Korea. Journal of Law, Economics, and Organization, 22 (2), Fall. BREFI Group (2011) Improving Board Performance. Brown DL, Caylor MC (2009). Corporate Governance and Firm Operating Performance. Review of Quantitative Finance and Accounting, 32(2): 129–144. Bushman RM, Smith AJ (2003).Transparency, Financial Accounting Information, and Corporate Governance. FRBNY Economic Policy Review / April 2003 Casement A (2008). Ethical governance. British Journal of Psychotherapy, 24, 407-428. Centre for the Study of Financial Innovations. Microfinance Banana Skins Survey. London, UK Cetin AT (2010). The effects of human resource, marketing and manufacturing, performance on financial performance, Journal of Global Strategic Management | 07 | 2010, June Chalhoub MS (2009).Relations between Dimensions of Corporate Governance and Corporate Performance: An Empirical Study among Banks in the Lebanon. International Journal of Management, 26(3): 476 Chen J, Chen D, He P (2008). Corporate Governance, Control Type, and performance: The NewZealand Story. Corporate Ownership & Control, 5(2): 24-35 Cheng. H. R & Yahr. R (1998), Risk Management practices and accounting requirements. New York. Eric clearing house Chtourou SM., Courteau L (2001).Corporate Governance and Earnings Management. http://SSRN.com/abstract=275053, 5 January 2003. Coase R (1937). The Nature of the Firm.” Economica 4(386): 357-76. Coles JW, McWilliams VB, Sen N (2001). An examination of the relationship of governance mechanism to performance. Journal of Management, 27: 23 – 50 Cumming, John B. (1982). “Regulatory Monitoring of individual Health Insurance policy Experience. “Transactions. society of actuaries, Volume XXXIV, 6 17-640. Data analysis. College Entrance Examination Board. http//www.collegeboard.com. Dorfman, Marks (1997). Introduction to risk management an insurance 6th edition. Prentice hall. Ehiich, C. & lngram, D. (2001). Risk Management practices McMillan publishing house, Athens. http://www.brefigroup.co.uk/directors/corporate_governance.html Journal of Financial and Quantitative Analysis, 31: 377—397. Ahmad S, Schroeder RG (2003).The impact of human resource management practices on operational performance: recognizing country and industry differences. Journal of Operations Management, 21: 1943. 111


Lozier. E.. 1. & Stocker. R. W. (2004), Use of alternative risk financing techniques instead of Conventional insurance. The journal on insurance strategies; 33(2) 1-3. Data key communications Inc. Meredith, L. (2004), The Ultimate risk manager Boston: CUSP Communications Group Inc. Ndulu J, Riany A, Kabbucho K (2007). An Assessment of the Capacity Gaps in the work and Functions of Accountants and Auditors of Nicholson GJ, Kiel GC (2007). Can directors impact performance: A case based test of three theories of corporate governance. Corporate Governance: An International Review, 15: 585-608. OECD Principles of Corporate Governance (1999 updated in 2004). Olsen C, St. George DMM (2004). Cross-Sectional Study Design and Owen, G. (1995), Game Theory .3� edition Athens, Academic press. Piprek G (2007). Linking with Savings and Credit Cooperatives (SACCOs) to expand financial access in rural areas: a case study of CRDB Bank in Tanzania. http://www.ruralfinance.org/fileadmin/templates/rflc/documents/1188 984200805_CRDB_Tanzania.pdf Stulz. R (1996). Rethinking Risk Management. Journal applied Corporate Finance: 2. 8- 24 Stulz.Rene M. (2003), Risk management and derivatives. 2nd edition Mason Ohio Thomson Southwestern. Tufano. P. (1996), who manages risk? Journal of Finance ... 3. 1097-1137. Ugandan SACCOS. DFID Financial Sector deepening Project Uganda Final Report. Wold, H.. G. & Shriver. F.. R. (2004) Risk analysis techniques. Journal on disaster recovery: 7(3) 1-4.

112


Dear Respondent, I am a student of Nkumba University in the School of Business Administration undertaking a study titled� Operational Risk Management and Financial Performance of Wazalendo SACCO: A Case of Wazalendo SACCO. You have therefore been selected to participate in this study that seeks your opinion on the topic for academic purposes only. As a key stakeholder, your participation in this study is of paramount importance to its success. Please spare some of your precious time and complete the attached questionnaire. All instructions have been provided but in case you do not understand a particular item, you can always contact me for further explanation (+256(0)794095829). Be as honest as possible and for purposes of confidentiality, do not indicate your name anywhere on the questionnaire. Kindly ensure that you complete each section of the instrument Thank you. Yours truly, Kangume.K.K.Elizabeth

Student

113


SECTION A SELF ADMINISTERED QUESTIONNAIRE

Section A: Background Information

Please fill in the box the number corresponding to your answer or write in the space provided.

1. Sex

2. Age (Years):

1. Male

2. Female

1. 25 - 29 2. 30 - 39 3. 40 – 49 4. 50 - 59 5. Over 60

3. Marital Status:

1. Single 3. Divorced

2. Married 4. Widowed

4. Highest Level of education so far attained: 1. Certificate 2. Diploma

3. Bachelors Degree

5. PhD

4. Current Position: 5. Employment status: (i) Contract Staff

2. Permanent Staff

(ii) For others, please specify………………..

114

4. Masters Degree


6. Number of Years so far spent working at WAZALENDO SACCO You are requested to respond to each item in the subsequent sections using the Likert scale by ticking the appropriate option. 1= Strongly Disagree, SD; 2 = Disagree, D; 3 = Not Sure, N; 4 = Agree, A; and 5 = Strongly Agree, SA.

SN

B. SECTION B: Risk Management Controls employed in Wazalendo SACCO B1:Leadership and Strategy Alignment

1.

Top Management is committed to the successful implementation of the Risk Management Program (by providing adequate financial resources to promote Risk Management activities).

2.

The SACCO’s Risk Management objectives have been tailored to its strategic/business objectives.

3.

There is dissemination of Risk Management information across the entire organization

4.

Management of Operational Risk forms an integral part of the strategic decision making process.

5.

There is a Risk Management Compliance and Policy Manual in place.

B2: Operational Risk Management System Monitoring and Continuous Improvement 1.

There is proper identification of Key Risk Indicators/early warning indicators prior to any evaluation.

115

SD

D

N

A

SA


2.

There is regular submission of reports containing pertinent information to Senior Management and the Board of Directors that compliments the proactive management of operational risk.

3.

Risk management information systems are engaged to record, track and monitor risk management activities.

4.

There is continuous reviewing and updating of Risk Management Plans

5.

There are self assessment checks for adherence to the Risk Management Policy.

6.

The SACCO has a well designed Disaster Recovery and Business Continuity Plan

B3: Training and Staff involvement in ORM 1.

Employees and management are endowed with adequate Risk Management skills

2.

There is continuous reception of appropriate training

3.

There is consultation and involvement of employees in the Risk Management implementation exercise

4.

There is collective participation in all risk management activities for purposes of registering achievements.

C.SECTION C: Operational Risk Management and Returns to members/profitability of the SACCO 1.

We have met our targets for the past three years

2.

There is an improvement in the Loan to Asset Ratio over the past three years

3.

Risk Management has greatly reduced the SACCO’s Portfolio At Risk

4.

The Interest Cover Ratio has also been improved as a result of adequate Risk Management

5.

The Debt Ratio has also improved and this is attributed to the effective Operational Risk Management mechanisms in place

116


6.

Return on Equity has greatly improved D.SECTION D:Compliance with the Operational Risk Management Controls/Systems

1.

Risk Intelligence in WSACCO is sustainable and depends on the capability of people, processes, and systems to act in an integrated, coordinated and timely manner.

2.

There is continued support in improving in the skills and capabilities of the institution’s management and staff by the Board of WSACCO.

3.

There is periodic observation of the institution’s portfolio of risk exposures to detect and give timely warning of change.

117

Operational Risk Management & Financial Performance of Saccos in Uganda; Acase of Wazalendo Sacco  
Read more
Read more
Similar to
Popular now
Just for you