International Journal of Business Continuity and Risk Management (19 papers in press)
A Framework for IS/IT Disaster Recovery Planning
by Rafi Ashrafi
Abstract: As organizations increasingly rely on data, information, and technology, they are exposed to various disasters such as power outages, natural disasters, fraud, terrorist attacks and viruses. These disasters may cause disruption to the organizations services and may have an impact on business (Karim, 2011). As a result, Information Systems/ (IS)/Information Technology (IT) Disaster Recovery Planning (DRP) has received considerable attention among the practitioners and researchers during the past two decades (Lewis, 2003, Nelson 2006). Literature shows that there is a lack of suitable frameworks for IT DRP (Kelly 2012; Baham, Hirschheim, Calderon, Kisekka, 2017). To fill this gap, this study identifies a set of 10 Critical Success Factors (CSFs) from previous research, defines the effectiveness of IT DRP, and proposes a framework for IS/IT DRP. The framework establishes a relationship between CSFs and DRP effectiveness. This study will help organizations in adopting a suitable framework and improving their disaster recovery efforts in order to be more effective in dealing with IS/IT disasters.
Keywords: Information Technology; Information Systems; Disaster Recovery Planning; Framework; Critical Success Factors.
Engagement Risk Management Instrument for the Zimbabwean Audit Firms
by Varaidzo Denhere, Tankiso Moloi
Abstract: Following reputational damage caused amongst other things by engaging high risk clients and a general lack of engagement risk guidelines for audit firms in Zimbabwe, this study aimed at developing an ERMI to be considered for utilisation by Zimbabwean audit firms. The proposed ERMI will guide audit partners and chief risk officers in assessing engagement risk for potential clients before accepting or rejecting them for an audit engagement. A Delphi process was employed to a panel of engagement risk experts, namely audit partners and chief risk officers. At the time of data collection, there were twenty registered audit firms in Zimbabwe. In line with the requirement of the Delphi Technique which requires that a variety of rounds is held with experts, these firms were divided into two samples. In the first phase, which included ten audit firms, interviews were conducted with six firms where both the audit partners and chief risk officers were interviewed. This process yielded twelve responses. In the second phase, there were eight firms that responded, again both the audit partners and chief risk officers, yielding sixteen responses. This study has identified engagement risk factors that should be assessed before client acceptance in the Zimbabwean context. It has further provided the ERMI which could be considered and adopted by Zimbabwean firms when they make a decision whether to accept or reject a potential client. It is envisaged that this instrument, will be pivotal in the reduction of reputational risk associated with litigation that follows when the auditee fails. Other countries could adopt the approach utilised to get to the ERMI for country specific ERMIs. It is envisaged that the proposed ERMI could assist in reducing the risk of engaging potentially risky clients which has potential to damage the reputation of an audit firm or result in the audit firm being litigated against. As such, there are two primary beneficiaries of the ERMI, namely; the small and medium audit enterprises as well as large audit firms. Small and medium audit enterprises with no resources to conduct a thorough engagement risk with potential clients could adopt the proposed ERMI and build this into their processes. This would assist them to identify engagement risk factors that should be assessed before they make a decision. In this regard, a decision whether to accept or reject a potential client would have been informed by an objective process. Should larger audit firms have no engagement risk processes in place, the process explained for the small and medium audit enterprises could be adopted. If a large audit firm has the engagement risk processes in place, this could be enhanced by applying the proposed ERMI as an additional objective screening instrument embedded in the firms processes to make a determination on whether to accept or reject a potential client. This study contributes new knowledge in the form of engagement risk factors and an engagement risk management instrument envisaged to provide guidance towards client acceptance or rejection.
Keywords: Engagement Risk Instrument; Engagement Risk Factors; Client acceptance; Business Continuity; Risk Management.
An Empirical Assessment of Information Security Best Practices and Information Technology Disaster Recovery Readiness in Ghanaian Micro-Finance Sector
by Paul Danquah, Stephen Bekoe, Victor Gordon
Abstract: Fundamental to the smooth operation of any organization in the financial sector is the need to have its information secured. This research set out to critically assess information security best practices and Information Technology (IT) disaster recovery readiness in Ghanaian Micro-Finance Sector. The criteria used as the basis for assessment are the existence of documented policies, the existence of designated personnel and the usage of internationally recognized benchmarks for information security best practices. The criteria used for IT disaster recovery readiness were the existence of documented IT disaster recovery plans, evidence of IT disaster recovery plan's implementation and the existence and evidence of best practices of IT disaster recovery readiness. The research approach was a mixed-method where the data collection, data analysis and interpretation of the evidence was purposefully done with triangulation. A summarized analysis of the data gathered indicates that a generally poor information security practice exists within the microfinance industry in Ghana. IT disaster recovery readiness is however relatively better with regular backups being a prominent feature. In view of the foundational theory of protection motivation theory, it is suggested that future research delves into the reason for the observed phenomena.
Keywords: Information Technology; Disaster Recovery; Micro-Finance; Ghana.
Dynamic and Adaptive Resilience of Small Businesses after the 2015 Nepal Earthquake
by Ali Asgary, Sushan Pradhan, JiaYan Wang
Abstract: This study examines small business resilience following the 2015 Nepal earthquake using data collected through a questionnaire nearly 2 years after the earthquake. The findings show that most sampled businesses were not equipped with inherent and built-in resilience because majority of them did not have risk management and business continuity plans. However, findings confirm that majority of the sampled businesses resumed operations reasonably quick and most of them made a full recovered within two years after the disaster demonstrating high adaptive and dynamic resilience. While significant correlation between the earthquake impacts and the dynamic resilience was not observed, financial factors, particularly business use of their savings and family support showed highest correlations with dynamic resilience and recovery. Findings also reveal that small businesses in a developing country such as Nepal can become sufficiently resilient if they are provided with the resources and support to enhance their static and inherent resilience.
Keywords: Nepal Earthquake; Business resilience; dynamic resilience; business continuity; risk management.
Modelling for default risk in companies: Evidences from Jordan
by Abdullah Aldaas
Abstract: Financial data provides some indication of impending failure and distress in a company. This research is focused on studying default and failures in Jordanian companies based on internal financial information of the firms. The study uses financial ratios of 50 companies from manufacturing and services sector, including 40 running and 10 failed companies, for the time period 2015-2017. The methodology includes qualitative analysis, factor analysis and logistic regression to analyze and interpret defaults and failures in selected firms. One of the significant finding of the research is that sales, equity capital and Return on Equity are good predictors of defaults and distress in companies.
Keywords: firm default; logistic regression; Jordan; failed companies; financial distress.
Adoption of Cloud Computing in Business Continuity Management for Container Terminal Operations in South Africa
by Nixon Muganda Ochara, Felix Kutame, Armstrong Kadyamatimba
Abstract: This study responds to recent calls for improving pre- and post-disaster business continuity by investigating cloud computing adoption factors relevant to the modernization of port operations. A Fit-Viability Model (FVM) is used as the analytical framework for the study. An interpretive, qualitative methodology, employing the use of a case study of the ports in South Africa was adopted. The interview data collected was analyzed thematically and the findings revealed several insights: the first is that a digitalized BCM architecture fits the cloud computing model. Secondly, the cloud computing model is a viable model that can contribute to managing complex and differentiated organizations. For such complex organizations, viability can be realized by harnessing collective intelligence (CI) for more effective BCM. Lastly, to realize digitally-enabled BCM and harness the power of CI, there is a need for a rethinking of strategy towards the adoption of an Intelliport strategy or smart BCM for ports.
Keywords: Business Continuity; Disaster Recovery; Cloud Computing; Fourth Industrial Revolution; Business Continuity Management; Digital Transformation.
Examining the transition of natural disaster management for climate change
by Kyong-Jin Park, Bong-Woo Lee, Kyoo-Man Ha
Abstract: Climate change has started to fearfully impact the living organisms on the planet, whether or not it sounds believable. This article aims to study the transitions in climate-related disasters to mitigate the related risks. To this end, qualitative content analysis has been used as the key methodology. The paper cross-examines three periods of climate change (before climate change, the 1st half of climate change, and the 2nd half of climate change) in conjunction with three levels of natural disaster management (international level, national level, and local level). Following this elaboration, the paper suggests three theoretical phases along which disaster management is structured: provincialism-oriented management (19511990), patriotism-oriented management (19912040), and survivalism-oriented management (20412100). While the ignorance of negative climate change is culpable, all stakeholders in the field need to address international cooperation, sustainability, education, and training for survival of the fittest.
Keywords: climate-related disasters; provincialism; patriotism; survivalism; ignorance.
EXPLORING THE IMPACT OF CORPORATE SOCIAL RESPONSIBILITY AND HUMAN RESOURCE ACCOUNTING ON A SOCIO-ECONOMIC ENVIRONMENT
by Oluwatoyin Esther Akinbowale, Heinz Eckart Klingelhöfer, Mulatu Fekadu Zerihun
Abstract: Corporate Social Responsibility (CSR) and Human Resource Accounting (HRA) are concepts that facilitate an improved socio-economic environment. An active corporate social responsibility can promote the reputation of an organisation alongside with other significant benefits such as improvement in the management of human resources, effective risk mitigation and management measures, robust customer relationship with sound innovations. In respect of the aforementioned, this study seeks to explore some significant impact of corporate social responsibility and human resource accounting on the socio-economic environment. It uses a linear programming approach to expound the relationship that exist between the variables under consideration and to explain the possible outcome of the integration of CSR and HRA in relation to their impact on the socio-economic environment. The study finds that CSR and HRA have common features: cost and assets. HRA strictly recognises the cost of human assets like employee training to meet environmental, technological, and socio-economic current demands. Based on the findings of this study, the integrated view of HRA and CSR is recommended. Depending on the organisation
Keywords: Corporate Social Responsibility (CSR); Human Resource Accounting (HRA); Linear Programming; Socio-economic Environment; Social Cost.
THE INVESTIGATION ON THE IMPACT OF DOWNSIDE RISK ON FINANCIAL DISTRESS
by Rusmawati Ismail, Rohani Md-Rus, Kamarun Nisham Taufil Mohd.
Abstract: This study investigates if semi-variance could be used to predict financial distress experienced by companies on Bursa Malaysia. A panel data set of 12,906 firm-year observations from 2004 to 2017 is used. Logistic regression is employed to test the hypothesis that risk could predict the occurrence of financial distress after controlling for leverage, profitability and liquidity. Meanwhile, financial distress is measured by using two approaches: negative shareholders equity and shareholders equity of less than 25% of issued and paid-up capital. The result indicates that downside risk is positively significant in explaining financial distress under both approaches. The study has significant insights for investors, creditors and other interested parties where they can use semi-variance or downside risk in forecasting financial distress. By employing effective risk assessment techniques firms can avoid financial distress and can attract potential investors for their firms.
Keywords: Bursa Malaysia; downside risk; financial distress; logistic regression; leverage; profitability.
Identification and Evaluation of Risks in Supply Chain of Milk (A Case Study)
by Abdollah Shahraki, Mohammad Ghorbani, Ahmadreza Asgharpour Masouleh
Abstract: The purpose of present research was to identify and analyze the potential risks in the milk supply chain network by using the Failure Mode, Effects and Critically Analysis approach during 2016 until 2018. The criteria of severity, the probability of occurrence and the severity of the diagnosis were used to assess these risks. The research findings showed that the most important risks belong to sub-systems of ranchers and then milk processing factories. Main risks were prioritized and addressed that needed to focus and employing different risk management strategies to improve the performance of the chain. Government policies fluctuations related to producers was determined as the most important negative risks of the whole chain. Potential impacts of main risks have been identified in the form of impact on costs, quality, and production. Seasonal fluctuations in supply and demand, the elimination of production subsidies, the ineffectiveness of the pricing, the dependence of production on subsidized government was the potential causes of the main risks in the studied chain.
Keywords: Milk supply chain; Risk Management; Failure Mode; Effects and Critically Analysis (FMECA).
The feasibility of implementing the Committee of Sponsoring Organisations of the Treadway Commission (COSO) Enterprise Risk Management framework in South African Small, Medium and Micro enterprises: A literature review
by Bruce Masama, Juan-Pierre Bruwer, Leon Gwaka
Abstract: The socio-economic contributions of Small, Medium and Micro Enterprises (SMMEs) have proved that they are capable of rejuvenating economies. Hence, governments around the globe have placed their focus on the development and promotion of SMMEs. Unfortunately, in South Africa, SMMEs have one of the highest failure rates in the world and the lack of properly developed risk management skills, is among the main reasons for the latter dispensation. Over the years, an array of formal Enterprise Risk Management (ERM) frameworks have been developed, all with the intent to enhance risk management processes however, research suggests that South African SMMEs neglect the implementation of ERM frameworks, including that of the COSO ERM framework. Considering that the COSO ERM framework is among the most popular ERM frameworks in the world, the primary objective of this study was to ascertain whether this frameworks 2017 revised version is feasible for South African SMMEs to implement, notwithstanding the limited risk management skills evident in the country. Non-empirical research was conducted, taking on the form of an exploratory literature review, which took on a qualitative research methodology. A total of 405 literature sources were identified of which only 99 were included and analysed based on a predefined inclusion and exclusion criteria. From the research conducted, it appears that the implementation of the 2017 revised COSO ERM framework is feasible for implementation by South African SMMEs, at least in a theoretical dispensation.
Keywords: Risk management; SMMEs; enterprise risk management; ERM; ERM frameworks; South Africa; COSO ERM framework.
Emerging Risks and Business Preparedness in the Multifaceted Risk Landscape: Evidence from Malaysian Publicly Listed Companies
by NAZLIATUL ANIZA ABDUL AZIZ, NORLIDA ABDUL MANAB
Abstract: The recent outbreak of novel coronavirus (Covid-19) has been recognised as one of the black swan event that poses challenges and global stress. Given the potentially devastating implications of novel coronavirus as a significant emerging risk, many companies have eventually experienced substantial losses that could threaten their survival. Hence, this study adopts triangulation approach to identify the emerging risks that are of greatest concern and commonly used techniques to address such risks among the publicly listed companies in Malaysia. The quantitative findings show that four key areas of emerging risks which are economic risk, environmental, risk, social risk and geopolitical risk are prioritised by the risk managers in their organisation. While, the qualitative findings indicate that strategic planning, key risk indicators (KRIs), business continuity plan and risk maps are commonly used methods to address emerging risks. Theoretically, the findings contribute to an understanding of the emerging risks and the techniques used to better assess the emerging risks present in the multifaceted risk landscape.
Keywords: "Emerging risks; triangulation; publicly listed companies; multifaceted risk landscape; Malaysia".
Antecedents and Consequences of Internal Crisis Communication (ICC) in Malaysian High-risk Industry: A Framework and Agenda for Future Research
by Bahtiar Mohamad, Adamu Abbas Adamu, Haslina Halim
Abstract: In crisis management research, internal crisis communication (ICC) has been identified to be a new area of study. In fact, extant literature has indicated a lack of theoretical development on the dimensions of ICC. This paper aims to make provision accordingly for conceptual clarity on ICC in order to unfold its underlying antecedents and consequences from the employees perspectives in Malaysia high-risk industry through a proposed conceptual framework. Although, it is consolidated that important roles are being played by ICC in strategic management planning as there exists high relevance of managing positive relationship significantly between multiple stakeholders and corporate survival. Following a critical and comprehensive review of multidisciplinary literature using conceptual approach, a model is finally developed. Four antecedents are identified from the outcomes of this study: safety culture, supportive environment, social media perceived usefulness and management commitment. A potential positive relationship is highlighted between ICC, perceived organizational support and affective commitment.
Keywords: Internal crisis communication; safety culture; supportive environment; management commitment; social media perceived usefulness; perceived organizational support: employee’s crisis perception; affective commitment; high risk industry.
Risk and Risk Management: a historical review and research agenda
by Sankalp Naik, Ch. V.V.S.N.V. Prasad
Abstract: This paper aims to compile and improve the current understanding of risk, risk management, risk lexicon, and enterprise risk management (ERM) and summarize theoretical and empirical research regarding the relationship between risk management and firm value by summarizing over a hundred publications from the domain of risk understanding, typology of risk, the evolution of risk management and enterprise risk management. This literature review suggests that better risk management should lead to better risk-taking and not just risk reduction and finds strong theoretical and empirical evidence that risk management leads to improved firm valuations and performance while reducing cash flow uncertainty and return volatility. The literature review validates the positive relationship between risk management and firm value. Firms with sound risk management practices experience higher valuations and lower costs of financial distress. Evidence suggests that ERM has significant potential for wealth creation and cost mitigation.
Keywords: risk; risk management; risk lexicon; enterprise risk management; firm value; COVID19.
Criticality prioritization of risk factors in the Indian manufacturing industries using TOPSIS
by Vinod G. Surange, Sanjay U. Bokade
Abstract: This article aims to identify the Critical Risk Factors (CRFs) in the Indian manufacturing sector and prioritize them based on their severity. The article further provides the roadmap for effective risk management. Findings from the articles published in peer-reviewed international journals, coupled with the actual industrial scenario, are presented in this paper. This article applies The Technique for Order Preference by Similarity to the Ideal Solution (TOPSIS), one of the key Multi-Criteria Decision Making (MCDM) techniques. Primary data was obtained by consulting fourteen Industry Experts (IEs) from reputed industries. CRFs are ranked in the order of their criticality based on the input received. This article presents TOPSIS demonstration using R software. The article uncovers the ten CRFs in the manufacturing sector. The ranking tool, with consideration of six selected criteria, derived "Supplier-related risks," "Design-related risks," as the foremost risk factors, whereas "Scope change risk," "Safety-related risk," obtained a lesser rank.
Keywords: Manufacturing; Critical Risk Factors (CRFs); TOPSIS; MCDM; R Software.
Predicting Enterprise Risk Management Adoption Among Manufacturing Firms in Suzhou, China
by Shuqian Lu, Ai Ping Teoh
Abstract: The main objective of this study was to ascertain the determinants of Enterprise Risk Management (ERM) adoption for manufacturing firms in Suzhou, China. Supported by the agency theory and resource dependence theory, eight determinants of ERM adoption were identified from extant literature and tested in this study. Since ERM adoption was treated as a dichotomous variable, the effect of the eight independent variables on ERM adoption was analysed by using the Binomial Logistic Regression using the SPSS Statistical Software. Secondary data was obtained from the China Stock Database, annual reports and official websites of 108 manufacturing firms in Suzhou, China. This study recognised Chief Risk Officer, Institutional Ownership, Turnover, Size, International Diversification and Profitability as significant predictors whereas Leverage and Cash Ratio shown no impact on ERM adoption. This study provides policy makers with important guidelines on ERM adoption and contributes towards the development of the Chinese manufacturing market.
Keywords: Enterprise Risk Management; Adoption; China; Manufacturing; Binomial Logistic Regression.
Quality function deployment-based framework for the resilient supply chain
by Ajeet Kumar Yadav, Cherian Samuel
Abstract: The concept of the resilient supply chain has appeared to be one of the essential tools to survive, compete and grow during disturbances and uncertainties. During the current pandemic and the Suez Canal blockage, this concept has once again proven its utility. In this research work, we explore the resilient supply chains concept, capabilities, and practices. And also, an attempt is made to quantify the resilient performance of an Indian manufacturing organization. For this research, a quality function deployment integrated with the weighted sum method approach is used. This research brings about new insights into the concept of risk management through the resilient supply chain. Also, it suggests the portfolios of the resilient practices that enable the organizations to be prepared and recover from the major disruptions.
Keywords: Supply chain risk; Resilient supply chain; COVID-19; House of the resilient supply chain; Resilient practices; Resilient performance.
A robust framework on each disaster management issue: A comparative perspective
by Jang-Oh Kim, Kyong-Jin Park, Kyoo-Man Ha
Abstract: Despite the existence of many evaluation techniques in the field of disaster management, no systematic study has evaluated if a robust frame is available on each disaster management issue. This paper compares how the United States, Indonesia, and Korea have used a robust frame on each disaster management issue. The analysis focuses on three comparative factors: stakeholders, resources, and strategies. Qualitative comparative analysis as a methodology plays a role in drawing a similarity and three differences among the U.S. diverse national frames, the Indonesian frequent disaster frames, and the Korean limited regional frames. The study finds that the three nations have similarly tried to address robust frames, but the extent of the three comparative factors has been very different. A robust framework can be transferrable and generalized to apply to every nature of disaster.
Keywords: emergency management; resources; the U.S.; Indonesia; Korea.
A brief review of literature on issues and challenges of business continuity management for Small and Medium-sized Enterprises in developing countries
by Mbaulo Musumali, Abubaker Qutieshat
Abstract: The purpose of this work is to review and critically analyze existing literature on issues and challenges hindering business continuity management from being widely implemented by Small and Medium-sized Enterprises (SMEs) in developing countries. An electronic search was conducted in Google Scholar, Springer, and ScienceDirect databases using selected keywords to identify all papers published in English from 2012 to 2020. Evaluation of fit for review conducted to shortlist appropriate articles to use. The findings of this review established that despite the gradual increase of publications on business continuity in SMEs, there is still inadequate research interest from the body of research evidenced by few researched papers published on this topic. This work also found that SMEs in developing countries were characterized by low implementation of Business Continuity Management due to low prioritization, limitation of resources, knowledge, and capacity. This work is the only identified recent review of literature on Business Continuity Management for SMEs with a wider context covering developing countries in general and conducted within the last nine years.
Keywords: Business Continuity Management; Small and Medium-sized Enterprises; SMEs; developing countries; Thailand; Sub-Saharan Africa.