Financial Risk Management in SMEs: A New Conceptual Framework

During the past decades, several risk management models have been developed and implemented. Merely, suitable for large firms. Nowadays, there is still a lack of a comprehensive framework for small and medium-sized enterprises (SMEs). This paper proposes a new conceptual Financial Risk Management framework for SMEs. The framework consists of two dimensions: Risk Management Process and Organizational Structure. Both dimensions contain several components, each component includes one or more items. To calculate scores on different levels Principal Component Analysis (PCA) is used to calculate weighting factors. We add a disparity factor to adjust the final score for an imbalance between dimensions. The educational level of the risk manager is tested positively as a determinant for FRM as well as for the two dimensions. The proposed framework may help individual SMEs evaluate and approve its financial risk management.


Introduction
Serveas and Tamayo (2009) stated that 15% of all bankruptcies are due to inadequate management of financial risks, which, as a concentration of all business risks, determines its financial position and its future. Despite the research on the status of risk management of SMEs in several countries (Henschel, 2008;Henschel & Gao, 2011;Bodnar et al., 2011) the development of managing financial risks at SMEs is still in an early phase.
In theory, risk includes negative as well as positive occurrences. In practice, entrepreneurs are more affected by the threat of a poor outcome than by the spread of possible outcomes when making decisions. Probably, because the risk perspective is mainly based on corporate governance despite the intention to manage financial and operational risks (Lam, 2003) the focus of risk management lies in managing the negative effects. Positive effects are not treated as an important factor in risk (MacCrimmon & Wehrung, 1986;March & Shapira, 1987). A recent study by Offion et al. (2019) confirms this suggestion. Their study implies that at SMEs financial risk adversely affects the performance. At SMEs, which are more likely to be liquidated when they are in financial distress (Ozkan, 1996), the percentage of bankruptcies due to insufficient risk management practices is 18% (Graydon, 2014). So, for the continuity of SMEs Financial Risk Management is an extraordinarily important area (Fetisovová , 2012). SMEs should take the concept of risk management very seriously (Terungwa, 2011).
Unlike large firms, SMEs lack resources, knowledge, and a well-supported staff, to implement and use sophisticated risk management models (Matthews & Scott, 1995;Glaum, 2002;Watt, 2007;Lavia & Hiebl, 2015;Burgstaller & Wagner, 2015). Furthermore, SMEs lack the financial assistance and inability to access financial resources necessary to overcome cash flow problems (Hussain et al., 2010). A study by Belas e.a. (2018) show 75% of Czech SME entrepreneurs perceive the intense action of financial risk but at the same time, their ability to properly manage financial risks is not at an appropriate level. The approach for risk management for SMEs seems not to be developed sufficiently (Lima et al., 2020).
Large firms can appoint well-supported staff and sufficient resources, conditional to build, implement, and maintain risk management. Already since the 1970s, large firms implement diversifying strategies by acting in different markets with different products and services and use instruments to manage financial risks. During the 1980s commercial financial institutions developed a broad range of these instruments. At the same time firms started to consider how to manage risk using financial instruments effectively and efficiently (Dionne, 2013). Several scientists and practitioners proposed risk management definitions and models which were generated in large firms and specific sectors (Lima et al., 2020). Organizations like COSO, FERMA, and ISO developed risk management models to construct, describe, analyze, and evaluate internal risk management (Hillson, 1997;Monda & Giorgino, 2013). Yet, the use of these risk models, even when processes were sensible and sophisticated, are still poorly executed (Brunnermeier et al., 2009). Research by Gaudenzi and Borghesi (2006) showed that most risk management models, including ERM, appear to be fragmented instead of the promised holistic approach. Risk management practices of the majority of organizations can be described as weak and inadequate (Spedding & Rose, 2007). Moreover, in general, organizations lack an effective risk management process to incorporate risk-based thinking in strategies as well as in operations (Servaes & Tamayo, 2009). At SMEs, risk management is concentrated at the board's level and executed in a rudimentary way (Henschel, 2006). As a result of an entrepreneur's interpretation and the ability to manage the risks, SMEs put more effort in establishing networks, like strategic alliances, to manage the effects of negative external developments (Kim & Vonortas, 2014). In general, smaller firms put less effort into identifying, assessing, and monitoring risks (Brustbauer, 2016). Academic research should be aiming to construct models for SMEs to improve the risk management process (Falkner and Hiebl, 2015).
The purpose of this particular paper is to provide a stylized FRM framework specifically for SMEs which can be used to calculate Financial Risk Management scores at certain levels. Based on this primary objective, our proposed framework is developed to evaluate and improve financial risk management at individual SMES by measuring and comparing the scores at certain levels. Our framework consists of two dimensions, seven components, and 15 items. The next section presents the outcome of our study as we describe the concepts of financial risk and financial risk management as well as attempts for building a risk management framework. Section 3 describes the construction of our model. Data and relevant variables used for the construction of our framework are presented in section 4. We describe and discuss our empirical results in section 5. Finally, concluding section 6 contains the most important findings and recommendations.

Literature Review
Identifying and assessing external occurrences to mitigate the effects on its performance is the goal of risk management (Ekwere, 2016). Risk management is an evolving process that identifies the loss exposure faced by organizations based on which the most appropriate technique for addressing such exposures is selected (Smallman, 1996;Keizer et al., 2002;Rejda, 2011). Ishizaka et. al. (2013, similar to the ISO Risk Management Standard (Ciocoiu & Dobrea, 2010), note risk management should be a continuous and developing process embedded within the organizational strategy. Vaughan and Vaughan (2001), Culp (2002), Virdi (2005), and Blanc Alquier and Lagasse Tignol (2006) defined different consecutive steps in a pillar-viewed process. The process starts with an identification phase. External events that have an impact on the goals of the primary business are mapped. At SMEs, the link between risk management and business planning is not well developed (Henschel, 2006). The second step is to determine the exposure of the organization to the risks by measuring/analyzing the impact on business goals. Making and executing decisions in the treatment of the risk is the next step. The company can decide to avoid, reduce, transfer, or treat the risk. An evaluation of the decision is the final step of the process. This step contains the effect that the execution of the decision has on the objectives. Servaes andTamayo (2009), Henschel (2008), Henschel and Gao (2011) and, Monda and Giorgino (2013) mentioned embedding the process in the entire organization as conditional for an effective risk process. All key business managers impart the risk management process into the entire organization (Rejda, 2011). In those situations where tasks, responsibilities, and authorities are delegated to junior staff, risk culture has to be aligned with strategies and objectives that reflect the manager's risk appetite (COSO, 1992;Elahi, 2013). Gao et al. (2013) proposed a model that integrates communication, knowledge, relationship, and learning as important elements of building risk management capability. Rubino (2018) stated IT plays a crucial role in extracting appropriate information to managers. Furthermore, managers need to have enough financial education to be able to practice risk management efficiently to gain a competitive position in the market (Yang et al., 2018). Even though training staff by sharing good practices, is an effective method to develop and improve the required knowledge and skills of critical employees in the risk management process (Beasly et al, 2005;Zhang & Gao, 2012), learning programs are rarely formally offered (Sukumar et al., 2011;Gao et al., 2013).
In recent years several scholars mentioned a lack of a suitable model to score financial risk management at individual SMEs. Most risk management models are developed to study differences between organizations. Therefore, a description per risk management aspect was sufficient to categorize the individual organizations. Hence, determining factors are the size of the organization (Colquitt et al., 1999;Beasly et al., 2005;Virdi, 2005;Henschel, 2008;Brustbauer, 2016), the educational level of the risk manager (Colquitt et al., 1999;Bodnar et al., 2013;van den Boom, 2019), the presence of a risk manager (Beasly et al., 2005) and the degree of decentralization of risk management decisions (Van den Boom, 2019).
Quantitative scoring methods appropriate for risk managers to evaluate and improve risk management practices in literature are scarcely found. Kellermans and Eddleston (2004) applied principal component analysis to determine components, select variables, and to calculate weighting factors per variable. Principal component analysis is probably the most popular multivariate statistical technique that is used to obtain useful information from a large dataset by combining intercorrelated variables into components in a linear way (Abdi & Williams, 2010;Bro & Smilde, 2014). Besides determining the combination of variables in components, PCA also provides the weights needed to calculate the component as a weighted average that best explains the variation of the selected individual variables. Moreover, PCA selects and combines variables and determines the weighting factors which leads to a score that includes information of the underlying variables as much as possible.

Methodology
First, a conceptual model to determine a firms' financial risk management (FRM) is constructed. Following Monda and Giorgino (2013) FRM is defined as "a systematic and integrated approach to the management of the total of financial risks that a company faces". Our model (van den Boom, 2019) combines 2 dimensions, 7 components, and 15 items (see table 1). Each item is related to one question in our questionnaire. The number of answering categories per question is put in parentheses. All answering categories are on the ordinal scale.  (4) 4. Risk area exposure (3) 5. Risk management software (4) 6. Satisfaction software (4) C. Treatment 7. Risk attitude (3) 8. Learning programs (4) D. Evaluation 9. Process evaluation (3) 10. Risk area policies (5) 11. Reporting risk process (3) 12. Reporting outcome process (5) Organizational Structure E. Policies FRM 13. FRM policies firm's level (4) F. Sources FRM 14. Sources used (4) G. Targets FRM 15. FRM targets firm's level (5) Secondly, a questionnaire containing item related questions is composed and send out to Dutch SMEs. The answers were transformed into scores on a 1-5 scale. Besides questions related to FRM, questions about characteristics are also included. For an appropriate comparison of the risk management process between firms with different risk areas, adding one question of risk area is sufficient (Kogan & Nikonov, 2009 Calculating FRM Dimension scores "FRMp,x" and "FRM o,x" as weighted averages of selected components "C" requires weighting factors "W". For example "Wp,i,x" = weighting factor of process component I of organization X and "Cp,i,x" = score process component I of organization X. Component scores are calculated similarly using the scores of related items. Following Kellermans and Eddleston (2004), Abdi and Williams (2010), and Bro and Smilde (2014)we applied PCA to determine the weighting factors "W".
FRMp,x = ∑ (Wp,i * Cp,i,x) / ∑ (Wp,i) FRMo,x = ∑ (Wo,i * Co,i,x) / ∑ (Wo,i) This disparity factor explicitly shows that we appreciate cases with a score of (4 + 4) higher than a case with scores of (5+3). When, in a specific case, the scores of both dimensions are equal, the optimal position is reached shown by a Df equal to 1. The angle between both vectors in figure 1 presents the degree of imbalanced scores of the risk management process and the organizational structure. Moreover, a larger angle leads to a lower Df and thus to a lower FRM score.
Finally, we check the robustness of our model by comparing it to three alternative models.

Data and Summary Statistics
During the period 2013-2016 120 questionnaires were received. 97 cases were sufficient and included in our data set. Characteristics regarding the level, of education of the risk manager and the degree of decentralization as determinants on the level of financial risk management (van den Boom, 2019) are presented in Table 2. This table shows 34% of the participating firms have a risk manager who is educated at a Master's degree or higher. 52 (54%) out of 97 firms organize their financial risk management in a centralized manner. Credit risk 79% and liquidity risk of 47% are mentioned most often as the main significant risk areas. Note. C = Centralized; D = decentralized.

Results
The results of our study are presented in two parts. First, we build our proposed model by calculating the weighting factors. Second, the robustness of our proposed model is tested by comparing it to some alternatives. Lastly, we test our previous found factors (van den Boom, 2019) to be determinants for FRM at SMEs.  Descriptives by means (column 2), standard deviations (column 3), and correlations (columns 4-5) of dimensions, disparity, and FRM scores are presented in table 4. The risk process mean (6.54) is the weighted average of all firms' Risk process dimension scores. FRM scores are the weighted averages of the Risk process and Organizational structure scores multiplied with the calculated disparity factor (0.89). Df is calculated on a 0-1 scale following formula 4. The bold and shaded cells indicate significant correlations at a 1% level. Next, the positive correlation (0.679) between Process and Organization implies a strong relationship, also visible in the Df which meets 0.89.

The Proposed Framework
Next, 27% of all firms have a lower FRM score than the average minus standard deviation (3.378) and 22% of the scores exceed the average score plus the standard deviation (7.746). In addition to this spread, the standard deviation (2.184) implies applying our proposed model, where items are combined to single FRM scores, show a sufficient distribution of our data.

Robustness of Our Proposed Model
To check the robustness of the model a comparison of the scores of our model scores to alternative models is executed. As a first alternative, we omit the disparity factor. A second alternative calculates FRM scores when weighting factors are omitted. A third alternative calculated FRM scores directly as weighted averages of item scores. The fourth alternative also calculates FRM scores directly, but without weighting factors. When weighting factors are included PCA is used. Table 5 shows summary statistics of four alternative models and our proposed model, including means (column 2), standard deviations (column 3), and correlations (column 4-7). FRM direct unweighted is calculated as the unweighted average of the 15 item scores. FRM indirect unweighted is calculated similarly to our proposed model except for weighting factors. FRM direct weighted scores are calculated as the weighted average of all 15 questions. Alternative 4 is calculated in the same manner as our proposed model except for Df. All weighting factors are calculated using principal component analysis. Table 5 shows a relatively low average FRM score (5.56) of our proposed model is related to the addition of Df (mean Df = 0.89). We notice that our model shows the highest distribution by the standard deviation (2.184). Also, a strong correlation with the alternative models (>.933). We conclude the robustness of our model is sufficient. Moreover, we use our model to explore determinants for FRM at SMEs in the next section.

Determinants of Financial Risk Management
Following our previous study (van den Boom, 2019) we examine two possible determinants, the educational level of the risk manager and the degree of decentralization as possible determinants by using our scoring model. Also, we include size and number of subsidiaries as possible determinants control variables. The control variables are positively correlated with each other. Additionally, all VIFs are < 1.033 which implies non-multicollinearity and thus independent variables. Table 6 shows p-scores as the results of t-tests. We tested the equalities of standard deviations amongst the comparing groups using Levene's t-test. For none were tested positive, we select p-scores equal variances not assumed. Means are shown per group. Also, per group n is shown. Per variable, p-scores are shown on process, organization, disparity factor, and FRM. Bold p-scores meet the criterion of < 0.1. Table 6 confirms the relevance of the educational level at both dimensions as a total level. Noticeably, our study implies the number of subsidiaries is a determinant for organizational structure as well as for the total FRM score. Also, the degree of decentralization is strongly correlated to the risk management process.

Conclusions
In this study, we developed a suitable FRM model to measure the level of financial risk management and used to explore possible determinants. FRM contains two main themes, risk process and an organization to embed the risk process. We've abstracted 15 risk management items and calculated weighting factors linked to one of the dimensions. Scores on the level of components, dimensions, and the total FRM are calculated as weighted averages using PCA as a method to calculate the weighting factors. A disparity factor is added to calculate the final FRM score for adjustment for imbalanced effort a firm puts into managing the process and in embedding the process in the entire organization. A disparity factor of .89 implies a small difference in the effort SMEs put into process and organization. The scores of process, organization, and FRM show sufficient variances. By comparing our proposed model to alternatives by correlations (> .925) we found confirmation in the use of our model for our purpose.
The contribution to risk management literature of this article is two-folded. First, we construct a new model suitable for financial risk management for SMEs. SMEs can use this model to review and approve by pointing concrete steps in the process of developing and improving their risk management. Second, our study confirms the level of education of the financial risk manager to be a determinant for the FRM score. Especially, our study implies that highly educated risk managers pay more attention to the organizational structure. Also, SMEs that contain subsidiaries reach a higher score on the risk management process as well as on FRM total. Our study cannot confirm the degree of decentralization, found in our previous study, as a determinant for the FRM score. Hence, we found implications decentralized firms put more effort into the risk management process than in the organizational structure to embed the process.
The practical value of our proposed model lies in the application for the risk manager to examine and improve their FRM by the insights the scores give at the level of items, components, and dimensions.