Enterprise risk management: An important process for feasible profit and growth

This study is based on the importance of enterprise risk management systems in the organization. Enterprise risk management is a tool that helps organizations to identify those areas which possess potential risks and on how to mitigate those risks. The objective of this paper is to investigate the importance of the ERM system to the firms’ achievement of financial and economic goals. The study focused on four independent variables which are controlling risk, the role of the board of directors, the role of the management, and the size of the organization while the dependent variable is the performance of the firm. Using the quantitative approach, data were collected from 3 organizations namely KPMG Taseer Hadi, Deloitte Pakistan, and a bank known as Islamic Bank, the Bank Islami Private Limited. Purposive sampling was employed to take a 100-sample size from different departments. Key outcomes revealed that the controlling risk, the role of the board of directors, and the size of the organization significantly influenced the performance of the firms while there is no significant impact on the role of management on the firm’s performance. Based on these findings, it is highly recommended to implement the ERM system as it will help in achieving the long-term economic and financial goals of the corporation.


Introduction
ERM system is a definition of an underlying structure, which means that it is a rational process of finding and eliminating corporate risks. Risk should treat as the event or chance of getting a competitive advantage over other entities (American Society for Healthcare Risk Management, 2006). Enterprise Risk Management is becoming a new era in the contemporary business world. Risk has considered an important part of every business and managing it is a crucial part of the business for every entity. Globally the corporate world is changing at a rapid rate everyday new invention and innovation is taking place the old methods of doing business are replacing with new tactics and strategies. In this case, where the companies are facing competition with one another it is difficult to diversify the focus of the organization to all parts of the business operations that's why the organization is run by a huge number of individuals each of them has a certain role and responsibility in the firm.
Apart from running the company and implementing all the strategies and planning successfully, it has also become very important for the organizations to measure the risks relating to the implementation 120 of the strategies of the firm objectives. Sometimes the strategies failed to implement due to several factors in which one of them is failing to measure the risks involved in the business. Deloitte is a well-known audit firm; it observed that managing risk is becoming an important part of a business because of the complexity and nature of today's corporate environment (Kimbrough & Componation, 2009). As per the report of AESRM corporate world is changing day by day, the complexity of businesses has given a rise to the external stakeholders and nowadays it is observed that the value of the business has shifted from physical ownership to informative-based systems (Hamilton, 2005).
Organizations have initiated to developed different approaches to manage risk. Some of them have eliminated traditional approaches and have adopted new tactics. A decade ago people used to avoid share information of their department with the other departments in the same organization which makes an entity less efficient and effective but after the tragic incidents of bankruptcies and 2008 economic crises a new approach was integrated with the corporate world and that approach was named as Enterprise Risk Management ERM (Connair, 2013).
Moreover; because of the increasing pressures from government rules and community pressures, firms have acknowledged the importance of financial, non-financial, and environmental performance (Ilyas et al. 2020;Memon et al. 2020). With ERM, the emphasis is on looking for emergent method/s in reducing risk (Hopper, 2019). For example, ERM has become a very important ingredient for company performance and profitability in the financial institutions in Jordan although it still requires a high magnitude of researches have to be undertaken which is also true in Taiwan financial industry wherein the implementation of ERM resulted in 9.22% cost-effectiveness improvement and a rise in firms' revenues by 16.34% (Chen et al., 2020).

Research problem
Enterprise risk management system improves an organization's economic performance by measuring the risk regarding complex business strategies. Still many organizations avoid implementing this tool in their companies because of which they face difficulties in measuring risks. Nowadays to compete in the corporate world ERM has become a very important tool.

Research objectives
The main objective of this study is to assess the importance of ERM in company profitability and growth.
It seeks to address the following objectives: ➢ To evaluate the importance of ERM in today's business environment.

121
➢ To examine whether this tool helps in improving the economic performance of the organization.
➢ To gain an understanding of the risk management system.

Research questions
From the developed research objectives, the following questions were drawn: ➢ What is the importance of ERM in the today's corporate world?
➢ What makes ERM so useful in improving the financial performance of the organization?
➢ What are the different strategies and methods, which help in implementing the ERM system successfully in the organization?

Justification
The research aim is to evaluate the impact of the ERM system on achieving organizational economic goals and objectives. Every business possesses a risk to some extent it is very important for the firms to measure those expected risks and to develop some methods for mitigating those expected risks. It is very important to establish a unit that is responsible to measure or forecast the risks related to the strategies and planning of the firms. This study contributes positively to different stakeholders in various ways. Firstly, the outcome of the paper aids organizations and their management in evaluating how important is considering as variables of effective ERM the controlling of risk, the role of the board of directors, the management's role, and the size of the organization in achieving profitability and growth. Secondly, it helps organizations devise different ways and mechanisms on how to assess, evaluate, control, and manage the risk at the earliest point of time upon taking into consideration the predictors of ERM hypothesized in this study.
Finally, the result of this study can serve as input for wider and contextual studies not only in audit firms, banks, financial institutions, but even in non-financial institutions.

Limitations
A researcher from around the world has suggested that the implementation of effective ERM in the business can increase the performance of the organization. However, it is a difficult task to implement the system of ERM in the industry. Risk assessments carry different methods and instruments, which include historical studies, interviews, and previous assessments. Each of these methods provides its advantages 122 and disadvantages that should be subjected to further evaluation. Because of this, a careful study is needed to be analyzed in order to determine the appropriate judgment regarding the expected risks.

Literature review
The data used in this research was gathered from several sources. The purpose of this research is to determine the importance of risk management in the corporate world, to reduce chances of strategies failures and business operation failures the management along with the upper and lower management should identify risk factors. This will provide them a feasible and undisturbed platform for the growth of the company.

Controlling risk
Controlling risk is a difficult job. Organizations follow a prescribed way to minimize the chances of risk but still number of organizations encounters risk on daily basis. This risk can minimize by implementing an effective ERM system in the industry. An effective ERM significantly affects the firm performance (Malik et al., 2020, p.3). Similarly, implementing an enhanced ERM can contribute to high revenues and cost reduction when associated with the business model innovation (Rodríguez et al. 2020). Chen et al. (2020) also postulated that ERM enables companies to develop a business model that facilitates cost and risk reduction thus, promotes profitability and sustainability. Managing and controlling ERM favorably helps organizations prioritize its activities, commit its resources effectively, establish effective controls to minimize risks and threats and at the same time exploit its opportunities (West Yorkshire Combined Authority, 2020).
In the past employees used to mitigate risk by using traditional approaches one risk at a time but the world is changed due to the complexity of the business world it has become difficult to detect risk.
Controlling risk should go through official communication channels, every department in the organization should communicate with other departments if they found any risk in any business operation, they should directly communicate it with the concerned department on time for reducing the failure of business operations (Abbasi & Al-Mharmah, 2000). Enterprise Risk Management would be effective when it is used with due care while planning the goals and objectives of the firm, leading the operational activities along with encouraging the subordinates for performing their duties in an efficient way and by controlling the activities of the firm so that the potential financial risk could be minimized (Cassidy, 2005). According to some researchers project management tasks can be accomplished by taking into consideration some of the major steps which include preparation of the plans, arranging the platform for the people that will be 123 engaged in the project, critically staffing only the competent staff, observing the work done by the staff members, controlling their authorities so that they cannot misuse their powers, and by leading all the members engaged in the project (Neinaber and Bardnard, 2007).
Ten Six Consulting (2021) highlighted the trifold benefits of an effective ERM at the corporate level. The significance of professionally handling the enterprise risk management leads to the success of the business with emphasis on having a system or tool that identifies, analyzes, and takes active steps to risk management. The three benefits derived from ERM are: • Financial benefitsefficient implementation of ERM lowers operational costs, controls spending, effective management of corporate expenses, and maximizes potential profitability.
• Corporate governanceeffective ERM helps management better plan and evaluate all the significant risks that will be encountered and reduce the incurrence of uncertain and unforeseen issues. It also facilitates well-planned decisions particularly in determining where to invest and what projects to undertake.
• Brand reputationapplying strong risk management adds value to the shareholders and improves the perception of the brand especially in effectively managing and mitigating risk which in turn builds a strong brand reputation and customer satisfaction.
Furthermore, West Yorkshire Combined Authority (2020) stipulated that ERM has become an essential portion of desirable management and a major contributor to good governance of corporations.
Accordingly, management of risk effectively enhanced performance and financial management, annual corporate plans and processes, operational plans, demonstrate accountability and transparency, and supporting corporate plan delivery. However, the study of Rubino (2018) as cited in the recent research of Lopez (2021) titled "How Can Enterprise Risk Management Help in Evaluating the Operational Risks for a Telecommunications Company?" stressed that ERM frameworks have their limitations such as the lack of risk evaluation techniques, inadequate application with the processes related to identification of operational risks, and the deficiency in the evaluation and management of the risks. Hence, the most significant tasks for the firms are to increase their favorable outcomes on these inadequacies mentioned.

Role of board of directors
After the 2008 economic crisis, the ERM system became an essential tool for the business world. It helps the organizations to detect expected risks promptly. The adoption of the ERM system was encouraged by the upper management of the companies, which consist of the board of directors. They are the caretakers of the organizations on behalf of the shareholders it is their responsibility to take every measure against 124 those things that can affect the operations of the businesses (Kleffner et al., 2003). ERM is a process that upper management uses for one common task, which includes identifying the potential risk factors that may harm the organizational activities. This system not only identifies those risk factors but also helps in managing those factors so that they no longer harm the activities of the firm; it guides the management for mitigating the risk factor activities (Curtis & Carey, 2012).
Furthermore, many companies adopt the ERM system when they are encouraged by the board of directors so that the operational activities smoothly run (Kleffner et al, 2003). One of the main factors that entities should know is what goals and objectives the organization wants to accomplish. If the entity is not well, aware of what they want to achieve then it would be hard for them to accomplish those objectives. Therefore the firm must know its objectives because if they are well aware of the goals then they are likely to motivate themselves for achieving those objectives if any uncertainty occurs while achieving the goals they will do whatever it takes to mitigate those factors (American Society for Healthcare Risk Management, 2006). Firms which highly depends on their upper management is most likely to implement ERM system in their organization because reliance of the firm on board of directors means that their stake in the organization is more than other stakeholders that's why they are more concerned about the prosperity and growth of the organization (Beasley et al., 2005).

Role of the management
It has been observed that ERM system is impossible to implement without the support of the management of the organizations because they are the real agents of the company, they have the responsibility to operate the business they perform (Walker et al., 2002). Having the consent of the management regarding the implementation of the ERM system is a crucial part because when the management detects risk, they also try to find the reason for that particular risk which causes time delays in performing business activities (DeFrank & Ivancevich, 1998). Enterprise risk management should observe based on three perspectives, which are changing the role of the managers, changing the tactics of regulating their roles and responsibilities, creating backup plans (Lam, 2000). Every organization has the desired level of risk and actual level of risk to balance this fact the management should use various means and instruments, which helps them to adjust both levels of risk in an efficient way (Chance & Brooks, 2010). Enterprise risk management system helps the management to manage all the operational activities of the organization to achieve all economical and financial goals of the firm as well as to make strong corporate governance (Manab, Othman, & Kassim, 2012).

Size of the organization
As the size of the organization increases, the happening of uncertain events is also likely to happen. In large organizations, risk differs in size, extent, nature, and complexity. Therefore, the implementation of an efficient ERM system becomes important. Large organizations are more cautious to adopt the ERM system as compare with small organizations because large entities operate in a much more complicated and complex business environment (Colquitt et al., 1999). Those entities which possess a large size of operational activities are likely to face more financial risks because the higher the firm size is the high level of uncertainties that are likely to occur (Golshan and Rasid, 2012). Enterprise risk management helps the companies to overcome the potential risks the firm might face in the present or future (Hoyt & Liebenberg, 2009). The performance of the firm depends on its capital structure. The uncertainties threaten the operational activities of the firm. Logically big firms have backup plans for the uncertainties to protect themselves from the loss attached with the risk factors (Beasley et al., 2006).

Research methodology
Research methodology is a systematic way of collecting data and information for the sole purpose of evaluating the research topic (Haradhan, 2020). In this research positivism, the approach has been used as it depends on the already available knowledge and through the deductive approach. The Methodology comprises Research Design, Research Procedure, Sampling Plan, Theoretical framework, tools used for data analysis, and Software used for processing data.

Research design and approach
As the study's research design, the positivism paradigm along with deductive methodology has been used for the research process. Positivism is a study that cannot be applied to the study of the behavior of humans because of their nature's complexity and unreal quality of social experience (Cohen, Manion, and Morrison, 2010). It also includes quantitative research techniques along with descriptive evaluation techniques and methods for collecting data will be in the form of a questionnaire to achieve the objectives of the research topic.

126
Further, this research has been conducted with the available knowledge, which makes this research deductive approach-based research. This approach helped us in expanding our knowledge regarding the importance of ERM, how it improves the financial performance of the company. The process of research includes identifying, judging, testing, and establishing the concept of the researchers (Williams, 2013).

Research strategy
There are mainly two types of research strategies quantitative and qualitative. In our research, a quantitative strategy is used. Quantitative strategy is also known as the descriptive technique this type of strategy helps us in gathering information through a large number of respondents and based on the answers of the respondent's hypothesis are made which makes our research reliable (Saunders et al., 2009). A quantitative approach has been used for our research. The data was collected from the respondents and based on their answers a judgment is concluded. Participants have asked to fill the questionnaire, which includes some questions regarding enterprise risk management.

Sampling and sample size
Respondents were asked to carefully answer the questions based on their knowledge and thinking.

Method of data collection
The data has been collected using a questionnaire-based survey. A structured questionnaire has been prepared and those questions have been filled by our group members. Employees of three different 127 organizations were approached of which two of them are audit firms and the other one is a registered Islamic bank. All the participants are currently working in these three organizations.

Hypotheses
The hypothesis has been prepared based on the variables presented in the conceptual framework. The purpose of this research is to demonstrate a relationship between dependent and independent variables.

Findings and discussion
Enterprise risk management is a great tool for measuring risk. Every organization possesses some sort of risk, which stops the entity to accomplish its organizational goals. All most every organization encounter risk at some point in time, to mitigate those risk factors there is a need of a well-equipped system and ERM is one of them. This system allows the corporations to identify risk-possessing units it also gives an eye view to the management that how these identified risk factors could be minimized. ERM has become very useful tool as it turns out to be a great strength for the organizations. The bigger the organizations are the great it will find the need for ERM system.
The implementation of this system is a hard task some corporations relies on their management as they do not find this system useful, they consider it as a costly expensive that's why they avoid to implement it in their organizations. The implementation of ERM system lies with the board of director, as they possess the supreme authority in the organizations. Therefore, it is their duty to implement this useful system. Management also have a role in the implementation of ERM system because when the board members decides to implement this system, they direct the management of the organization for doing this task (i.e. implementing ERM system).

128
The data for this research work collected through survey questionnaire.

Demographics of respondents
The data was used to explore the thinking of the employees regarding the ERM system and the performance of the entity. The respondents were asked to give their views and knowledge regarding the importance of ERM in organizations. The below presented demographic characteristics of the respondents include their age, gender, level of education, and their work experiences.      The above table shows us the descriptive statistics of our research-based questionnaire. It includes mean, standard deviation, minimum and maximum values. In our research questionnaire, minimum value is 1, which is strongly agree, and maximum is 5, which means strongly disagree with our statements. The above chart shows us the consistency of the responses we get from our respondents as all most the respondents lies within the range of 1 to 3 (i.e. 1 means strongly agree, 2 means agree and 3  N 100 100 100 100 **. Correlation is significant at the 0.01 level (2-tailed).

Correlation matrix and hypothesis testing of significance
The above chart shows us the relationship of independent variables, which includes controlling risk, role of board of directors, role of management, and size of the organization. It shows us the strength of independent variables among each other. Controlling risk and size of the organization have 0.573, which means 57.3% relationship, and similar relationship lies with the dependent variables as well. The relationship between size of organization and controlling risk is 0.573 which is 57.3% as well as in the previous case. The above chart shows us the relationship of independent variable on dependent variable. Independent variables include controlling risk, role of the directors, role of the management, size of the organization and dependent variable is performance of the firm. The results of the matrix have 95% confidence interval and two tail approach used to see the positive or negative impact of the independent variables on dependent variables. The above table shows controlling risk having 0.000, role of directors 133 having 0.000, role of management having 0.237 and size of the organization having 0.000 significances.
All the variables except role of management has a positive relationship with performance of the firm while role of management possesses negative relationship with the performance of the firm. Controlling risk shows 65.5% relationship with performance of the firm while role of directors shows 64.6% relationship, role of management have a negative relationship with the performance of the firm which is -11.9% and size of the firm have 76.6% relationship with firm performance. Size of the firm have the most concerned percentage as compare with the other variables. Table 9 Alternative Hypothesis

Alternative Hypothesis
Accepted / Rejected Significant level (0.05 at two tailed) H1: Controlling the Employees in An Efficient Way Has A Significant Impact on The Firm Performance

134
H4: The size of the organizations has a positive relationship with the performance of the firm.
The hypothesis is accepted at 0.00 level of significance and 95% confidence interval as the value is less than the 0.05 at two tail tests.

Exploratory factor analysis (EFA)
The EFA analysis also called as exploratory factor analysis is used to determine the reductions in both data and dimension perspective. This analysis is usually based on the factor loading which shows multicollinearity between independent variables. In our case questionnaire was used as the method of data collection. We have conducted our research based on the four dimensions namely as controlling risk, role of directors, role of management, and size of the organization these variables were used to see the impact of these variables on the performance of the firm.

Multiple regression analysis and hypothesis testing
The linear regression model is used to determine the relationships of independent variables on the dependent variable. Whether there is a positive or negative relationship between the variables. The chart of model summary has a figure named as R which shows us the coefficient of determination to further explain the dependent variable. Two statistics namely as T and F are also presented below T shows us the individual significance of the variables while F shows us the significance of the model. We can see in the above chart that the T values of controlling risk and size of the organization are highest (i.e. greater than 1.96) which explains us that these two variables are highly predictable on the dependent variable.

137
H2: The role of board of directors in the organization has a positive relationship with the performance of the firm. The Hypothesis is rejected as our T-value is 1.198 which is less than 1.96 at 95% confidence Interval with 0.234 significance level.
H3: Management role and ways of performing work in the organization has a negative relationship with the performance of the firm. The Hypothesis is rejected as our T-value is -.113 which is less than 1.96 at 95% confidence Interval at 0.910 significance level.
H4: The size of the organizations has a positive relationship with the performance of the firm.
The Hypothesis is accepted as our T-value is 6.732 which is greater than 1.96 at 95% confidence Interval at 0.000 significance level.
The research was based on the importance of the ERM system in organizations for feasible growth and profitability for corporations. We have tested our variables one by one on the basis on which we have calculated the relationships and impact of our independent variables on the dependent variables.
We have four independent variables and one dependent variable.
The first independent variable is the controlling risk of the organization, the correlation analysis result is 0.000 which is less than 0.05 therefore we have accepted the hypothesis of controlling risk variable. The second variable is the role of the board of directors in the organization. As we have seen while studying the paperwork and by getting the responses of our respondents we can say that board members of the organizations play a vital role in the organization. They have a great impact on the decision-making system if they do not prefer the ERM system then it cannot be implemented in the organization (Coso, 2004).
Finally, the last variable is the size of the organization. The bigger the firm size is the more it is concerned about the potential risk factors. It is a hypothetical statement that organizations do not possess risk because every return is related to the risk attached to it. Without risk, there will be no return at all.
The hypothesis testing of this variable is accepted as it has the level of significance of 0.000 which is less than 0.05 based on which is accepted.

Conclusion and recommendations
The study was conducted to have an idea related to the importance of the ERM system in the organization.
ERM system helps the organization to substantially achieve its financial objectives without any interference from any part of the organization. Every risk to some extent is the responsibility of the management along with the board members to develop backup plans and protocols for every person working on the premises of the organization for the prosperity of the corporation. For this study we have taken 5 variables out of the 4 are independent and one is the dependent variable.

138
These variables are tested mutually and individually. We have conducted our research using a quantitative approach with the help of a questionnaire we have collected data. 100 questionnaires were filled from 3 organizations two of them were audit firms and one was an Islamic bank.

Implications of research
This research was conducted to get an overview of whether the ERM system is useful or not. Our study has shown us that the ERM system is very useful as it will enhance the productivity of the company, in the long run; it also provides opportunities to the stakeholders to overcome any sort of issue on time. It reduces the chances of uncertainties in the entity. This system is applied in almost every entity whether it is big or small for feasible growth and profitability it is highly recommended to implement the ERM system as it will help in achieving the long-term economic and financial goals of the corporation.

Recommendations
After studying and conducting this research work following points are recommended • ERM system helps in achieving long-run organizational goals more easily as it detects risk before it happens.
• ERM system identifies those areas which possess potential risk so that the management can take necessary steps to mitigate those risk factors.
• Implementation of ERM does not rely on the size of the entity, it is useful regardless of the size of the entity because sometimes our policies are failed and become unsuccessful not because of the idea but because of not identifying the risk associated with the implementation of those policies.

Areas of further research
Although this research was based on the importance of the ERM system within the organization. Our research only focuses on the above-mentioned variables we can further extend our areas of research to other variables as well, we can also further study the risk involved with those employees who implement this system, or those individuals who are responsible for handling this system.