CHAPTER ONE

INTRODUCTION The study was an assessment of effective risk management and organisation performance. It was guided by three variables namely, risk management (independent variable) ,organisation performance(dependent variable) and Micro plus Macro factors as ( moderating variables).This chapter presents the background of the study, the statement of the problem, the general objectives ,specific objectives, research questions, research hypothesis, conceptual frame work, significance of the study ,justification of the study, scope of the study, operational definitions and assumptions BACKGROUND OF THE STUDY The nature of risk management and the challenges generated by its theory and practice have been in a state of evolution over the past ten years. This process of evolution has created a number of difficulties for those involved in the management of risk, who now increasingly find themselves lacking the necessary capabilities to cope with the nature of this change argues (Taleb, 2007) Risk taking is the very life blood of commerce, no risk, no rewards. Entrepreneurial risk is at the foundation of enterprise, without risk, there can be little prospect of profit or financial return. The trick is to understand the risks, assess the possible outcome and manage them effectively (Neil Cowan, 2009). Historical Background Risk management is not a modern invention. The Old Testament tells the story of the Egyptian Pharaoh who dreamed that the seven healthy cattle were devoured by seven sickly cattle and that seven healthy ears of corn were devoured by seven sickly ears of corn. Puzzled by the dream, Pharaoh called on Joseph to interpret it. According to Joseph, the dream foretold seven years of plenty followed by seven year of famine. Pharaoh bought and stored large quantities of corn (Froot and Scharfstien and Stein, 1994). Risk has been a universal concept that began when Eve convinced Adam to eat the apple, since then man has tried to predict uncertainty, or the unknown in his surrounding, from the tides and making use of the moon to predict rainy seasons by counting days. To manage this uncertainty, various means may be followed by accepting that there is always uncertainty present and that risk must be managed (Cowan,2009),he goes on to state that, Risk in one form or another has existed since the earliest form of the trade, barter trade, while Terry simister (2009) from the institute of risk management states that risk management was introduced during the 1950s in the U.S.A and in the UK in 1969.Borodzicz(2005) has that risk management and assessment indeed matured as a scientific venture by the mid twentieth

century, especially in engineering, Physics and Mathematical.

In the seventies, the business environment started to recognise the benefits of risk management, however adoption of risk management was mostly limited to financial organisations, non-financial organisations only started developing risk management practices in the nineties(Hunt 2001) Risk management in the eighties evolved from country risk to political risk, according to Hunt (2001) during the Iranian revolution and political instability world-wide, however in the eighties stability returned and the risk management practices were adopted. The importance of risk management began to grow and various organisations started offering assistance and advice in this regard. Risk management was considered a profession by 1986 argues (simister, 2000). The need to set standards for qualifications and grant designatory letters led to the institute of risk (IRM) opening doors in March of 1986. Hunt (2001) points out that at the beginning of the the nineties, risk management was synonymous with buying insurance and financial hedging schemes to minimize losses, yet today its a pivot to any organisations decision making as it enables stable, continuous business operations. Generally, the history of risk management evolved in three distinct stages: traditional risk management, business risk management and enterprise-wide risk management as Deloach (2000) reports. The first stage is concerned with managing selected financial and hazard vulnerabilities, generally managed by making use of financial instruments and internal control. Deloach points out that three principal defects of traditional risk management are fragmented responsibility of risk management, non-consideration of business risk portfolio and eventually risk management is not a product or transaction.

Theoretical Background One of the main concepts associated with risk that the probability that it is incurred states (Daniel Bernoulli 1700-1782). In mathematics handbooks, risk is defined as two variables: the frequency of the occurrence (probability) of the risk event, that is to say the number of times that it happens during a set period of time. Daniel further asserts that magnitude of the event, which is the set of consequences that can result if the event happens. Considering risk as part of managing an enterprise and knowing the difficulties in including it as an operationalization, it is worth highlighting that in all the literature definitions there are three , common dimensions (verbano and Turra, 2007): future event that could happen, or not, in an undefined moment. it could be caused by external or internal factors; probability range superior to 0% but inferior to 100% ( even if we have the certainty that there is a problem to solve); consequences of the future event must be unexpected and unforeseen. They could be positive (opportunities) or negative (damages). Furthermore , the events that can cause risk can be divided into(COSO,2004): External factors: Economic factors(capita l, credits, insolvability, liquidity, financial markets

,unemployment, competition, joint venture); Environmental factors(Pollution, energy, natural disasters ,sustainable); Political factors(law, public policy ,rules, political changes); Social factors( demographics, consumer behaviour, firm nationality ,privacy ,terrorism); and Technological factors9 interruption, e-commerce ,external data ,emerging technologies . COSO went on to dwell on internal factors like, Infrastructure( material resources potentiality, capital access, complexity); Human(human potentiality, fraud, health and safety);Process(sources, design, execution, suppliers); Technology( data integrity, data and systems availability, system choice, development, diffusion, maintenance).

Conceptual Background Deriving from the concept of risk some definitions of risk management have subsequently arisen such as: risk management is a methodological approach to continuous identification, analysis, control and monitoring of risky situations and events, by proactively using adequate process, methods and tools in order to balance the effort of managing event and the impact of these events"(lFRIMA,1994). "Risk management is the process of planning, organising, directing, and controlling resources to achieve given objectives when surprisingly good or bad events are possible"(Head L.G.,2009) Lyons and skit more (2002) in his paper(risk management) in Queensland engineering construction industry asserts risk management is higher in execution and planning stages rather than the conceptual and terminal stages.(British standard institute,1991) distinguishes between risk management as concept, referring to overall subject area concerned with hazard identification, risk analysis, risk criteria and risk acceptability. Risk is a daunting phenomenon in every organisation. All organisations face risk, but risk impact and probability of occurrence vary in every organisation depending on the effectiveness of its organisation risk strategy (Cowan, 2009). Contextual Background

A comprehensive body of knowledge on the management of risk is both sensitive to contextual contingencies and amendable to integrative efforts(Renn,2006) has emerged from the study of activities that involve the possibility of spectacular accidents, such as mining, fire fighting or space travel as well as activities that have the potential for major catastrophes. Scholars from many disciplines have devoted careful attention to depicting how organisations can identify, manage or communicate risk. Any array of risk regulation regimes as (Hood et al, (2001) states has been mapped, together with the national differences that exist between how public authorities behave to mitigate risk aversion and enjoy trust among the public (Lofstedt, 2005).Business leaders are invited to develop an understanding of the changing nature of risks in the global era (for example by Cleary and Malleret, 2008). For this purpose, there

exist numerous procedures to identify, analyse, evaluate and classify risks (see Renn (2006) for a synthesis), including of systematic risks (OECD, 2003). There also exist a range of managerial tools to decide whether and how to avoid, transfer, mitigate or accept risks, both general (For example reason, 1997) and industryspecific like the banking sector as pointed out by (Crouhy et al (2006).

Risk management is a strange activity argues (Anderson, 2006) that does not only consist in models, algorithms, checklists or programs. The cultural dimensions of risk(Douglas,1992) and its management have been repeatedly emphasised. (Boholm,20030 asserts that risk is acknowledged as a situation knowledge mode that actors can adopt or leave at will, depending on needs and circumstances, , while (Reith,2004) points out that risk management is to deal with the uncertainty of the future in quantitative manner. Man-made disasters (Turner and Pidgen, 1970, normal accidents (Perrow, 1994) or high reliability organisations (Roberts, 1990) are examples of risk management concepts that have entered standard managerial vocabulary. Today, the use of risk management is increasingly featured as a marker of good corporate governance (For example, Drew and Kendrick, 2005); this is true to the such an extend that some even consider that to ignore it has become in itself a source of risk for corporations (Power, 2007), societal institutions (Rothstein et al, 2006) or the ecological balance of post-industrial modernisation (Shrivastava, 1995). An unspoken assumption in much risk management research, however, is that risk management is best studied in organisations that are overtly exposed to significant risk, for example, because of their hazardous technology( Reason,1997) and the unexpectations they involve( Weick and Sutcliffe,2007). Or that it is best studied in companies (For example, Rogachev, 2008) or municipalities (Neil and Olsen, 2005) that use systematic and organisation-wide risk management approached. Risk management focus on the development and use of a well-designed plan, which identifies source of risk, likelihood of risk occurrence, consequences of realised risks and steps that can be taken to proactively manage the risks (Elisabeth Wright (2007)

Statement of the problem Risk management is adopted by many organisations to mitigate risk impact and probability of its occurrence. Wright (2007) asserts that effective risk management depends on established, meaningful metrics, with which to measure progress towards successful given dynamics of the internal and external operating environment. Though tremendous success was being achieved, risk management process has faced challenges that include but not limited to resistance to change , conflict of interest, accountability issues , resource constraints and also Micro(industrial competition) plus Macro (pestle factors).

Managing risks is one of the things that bosses are paid for, yet many companies still don't have any idea what it requires to undertake risk management stated the economist (2004).

Over the years, Shumuk manufacturing company has faced an uphill task to eliminate risk in its organisation, which was negatively impacting on its performance. The year 2008 saw the organisation take down ward plunge in its operations and performance. It registered low profitability and service levels, high staff turnover, sustainability issues, as a result of cut in its performance; Shumuk registered a percentage decline from 95% between 2000 -2007 to 38% in 2008. The study therefore attempted to bridge the knowledge gap by ascertaining the extent to which effective risk management can impact on organisation performance. General objective The main objective of the study was to examine how effective risk management impacts on organisation performance. Specific objectives To find out how risk analysis impacts on organisation performance. To examine how risk planning impacts on organisation performance To assess how risk tracking affects organisation performance To establish, the relationship between effective risk management and organisation performance. Research questions How does risk analysis impact on organisation performance? How does risk planning impact on organisation performance? To what extend doe risk tracking affect organisation performance? What intervening effect does the macro and micro factors have on the relationship between effective risk management and organisation performance. Research hypotheses The following hypotheses guided the study Risk analysis significantly impacts on organisation performance Risk planning significantly impacts on organisation performance Risk tracking significantly affects origination performance. Micro and Macro factors have significant intervening effect on the relationship between effective risk management and organisation performance. Significance of the study

The study findings would highlight the extent to which risk management impacts on organisation performance. The study showed improved risk problem areas and solutions arrived at, which would lead to management, hence enhanced organisation performance.

Scanty empirical evidence existed about the extent to which risk management impacts on organisation performance; this study was intended to fill this knowledge gap. Scope of the study The study was centred located in Nakawa Road next to Buganda organisation Operational ASSUMPTIONS OF THE on Shumuk manufacturing sector. The manufacturing plants are industrial area and the distribution centre is found along Nabugabo Bus Park. The study was also based on risk management and performance. definitions STUDY

Simister (2000) argues that after thirty years, there is still no clear understanding about what risk management actually means. While simister spoke mainly of risk management in the financial and insurance context, risk management is not limited to this point out Borodzicz (2005). Conceptual frame work

Conceptual framework showing the relationship, between risk management and organisation performance. Independent Variables Dependent Variables Risk Analysis Risk Profitability Identification service efficiency Risk impact and Staff motivation like hood occurrence Sustainability

Risk Planning Risk treatment Risk financing Risk contingency plan

Risk Tracking Risk monitoring Risk ownership Risk communication Intervening variables

Micro factors (industrial competition) Macro factors (Pestle)