Mitigating   Business Risk in Manufacturing SMEs:  A nexus between informal and formal business risk management: A case of Bulawayo, Zimbabwe

Mitigating Business Risk in Manufacturing SMEs:  A nexus between informal and formal business risk management: A case of Bulawayo, Zimbabwe

Dr Jason Mwanza & Nothando Tshuma 
University of Zambia

ABSTRACT

Risk management in SMEs is now a growing area of interest. This study sought to empirically bring a nexus between informal risk management and formal risk management by profiling the mitigation strategies used by manufacturing SMEs in Bulawayo. A descriptive survey design based on a hermeneutic phenomenological approach was used. Data was collected using interviews. Strategies used include diversification ,memorandums of understanding, networks ,collaborations,cashflow management ,working with same suppliers or local suppliers, returning to the source of raw material, continuously innovating ,trading in the informal foreign exchange markets ,offering incentives to employees, reinvesting profits, bulk buying, conforming to general business regulations, enhancing workmanship, delivering quality products, niche marketing, bulk buying, keeping extra stock, maintenance of machines  amongst other strategies. The study concluded that the risk management done by SMEs is entrenched in the way they make decisions. It is ingrained in experience, insights and gut feeling. The study also concludes that the decision making process though done informally mimics the formal risk management process thereby showing a nexus between SME informal risk management and formal risk management. Mitigation strategies used were concluded to broadly fall under risk reduction, risk transfer, risk avoidance and risk acceptance which are strategies in formal risk management. Risk reduction was the dominant strategy used by Manufacturing SMEs.Convergence of formal and informal risk management was also validated using the eight actions suggested by Lazarus Falkner in his theory of coping as well as the New Perspectives Theory. To bridge the gap between the informal and formal this study recommends a framework. The framework suggests formation of a Risk Management Incubator organization that will work with grass root SMEs. This institution will start off at the decision making point and understand it from the SME level then work to bring them into a more structured way of decision making in running their businesses. It will systematically work with a team of experts to demystify formal risk management and articulate it at elementary grass root SME level through awareness programs, closely working with SMEs until they are ready to formalize risk management. This hand in glove method will ensure that SMEs are moved to a systematic way of doing risk management.

KEYWORDS: Risk Management, Small to Medium Enterprises, Business Risk

INTRODUCTION

Business risk in  SMEs  has now become an issue of great concern to economists, researchers and business practitioners given the economic meltdown that has hit Zimbabwe since 2013.Research has generally shown that when this occurs SMEs tend to employ informal risk management techniques (Albertin (2017) ;Beliskanja and Veliekiene, 2015) They do not seem to have systematic formal  risk management practices in place (Islam and Tedford,2012; Naude and Chiweshe,2017).Research on risk management is still evolving (Lima ,Crema &Ventura 2020). Research in Zimbabwe shows several gaps as there are few studies that have been done in the area of business risk management amongst SMEs in general. A case in point are two studies done in Zimbabwe where it was concluded that 90% of SMEs do not have risk management strategies in place [Gwangwava et al (2014); Zivanai et al (2014). On closer inspection these studies which claim that SMEs do not have any formal risk management practices were generalized to very large populations or just from a few case studies whose findings were generalized to blanket all SMEs in different sectors of the economy. Furthermore, they did not profile how SMEs currently manage business risk. It would be prudent to develop a business risk typology which shows how SMEs deal with different levels of risk. Using the preliminary new perspectives theory by Crovini and and Chiara (2017) and Lazarus Falkner Theory of Coping, this study seeks to bring a nexus between the so called informal business risk management used by SMEs and formal business risk management to bridge the gap towards more effective business risk mitigation in SMEs. If this study is not done national funds will continue to be wasted on SMEs that are bound to fail anyway.

Business Risk

Toma and Alexa (2012) defined risk as the possibility of not making the expected gains due to circumstances beyond the control of the owner. This risk is inherent in every aspect of business regardless of type thus the caption “business risk” by some authors whereas some just define the same variable as just risk (Duckert, 2010). These authors emphasize the need to further define risk in a relevant manner in relation to the field a business operates in. Whereas holistically risk is just a listing of possible threats that could impact a firm, possibly a reduction in income, being rendered helpless in as far as achieving set goals or profits is concerned by an occurrence not anticipated (Lima et al ,2020,Jaroslav 2014).

Business Risk management

Business Risk management is a methodical or logical procedure /practice aimed at evaluating and countering business risk to maximize the recognition of prospects (Toma; Alexa 2012, Quabtan et al (2021). Inconsistency in terms of business earnings can be alleviated through systematic risk management (Sweeting ,2010) which would help the firm to continue operations long into the future. They also point out that it is imperative to understand that assumption of more risk comes with more profit. Risk management ,though fairly new and having come into focus in the last two decades allows for a synchronized and planned structure when analyzing risk(Nocco and Stulz,2006; Pagach and Warr 2011).A large body of literature has concentrated on the management of risk in big companies(Kim and Vornotas ,2014) however it has become clear that this concept of risk management should be given more focus in small businesses that can easily fold up due to uncertainty.Negash and Gray (2008) and Qubtan et al (2020) affirm that risk management is a structured approach that provides useful information  for the business in as far as risk is concerned. Lu (2018) believes that risk management allows for combining Business intelligence as well as financial and non-financial indicators which makes it a more robust approach in as far as dealing with unpredictable events is concerned.

According to Toma and Alexa (2012) risk cannot be avoided in doing business thus appropriate precautionary techniques of risk management must be used. Heschel (2009), Brustbauer (2016), Verbano and Venturi (2013), and many other authors define risk through the stages or processes that it entails. They deduce risk management as a process that involves categorising/classifying or simply recognising the threats that the firm is exposed to. Once that is done the risks in question must be broken down to understand their nature and the extent of loss or reward they could bring by doing the relevant   calculations. This helps the firm to ascertain the level of risk that they can take depending on their objectives as well as their coffers. Suitable approaches are then taken to deal with risks deemed to be intolerable. Ultimately all these authors believe these processes should be superintended or checked consistently so that the system is developed for the better as conditions and the firm itself evolve over time (Di Serio, de Oliveira and Schuch ,2011)

Head (2009) emphasises that regardless of the business outcomes being positive or negative, risk management is a multi-faceted concept that involves forecasting, consolidating, guiding, administrating and monitoring company coffers to ensure set goals are attained. The International Organisation for Standardisation (ISO 31000,2009) points out that systematic risk management ensures business continuity through being an integral function of making decisions. Consequently, risk management should ascertain the risks, the instigating occurrences, appraise the risks, deduce the effects thereof, device systems to manage the risks. This could be done through putting controls. However, Baker (2011) emphasises that the definite way of doing   risk management on the ground must be focused by the standards and main objectives of the firm.

Risk management minimises the risk of folding up by improving business returns since it is a proactive management approach (Psarska et al ,2019). Generally, risk emanates from purely unknown circumstances relating to the external environment the firm operates in as well as risk resulting from inadequate information structures within the firm (Chlodnicka &Zimon,2020). Accordingly, risk management offers an association between the internal and external environment of the firm. In essence it becomes the major factor in determining whether the firm’s position in the market is of cutting edge, its productivity as well as its viability (D’Onza ,2008). Earlier writers like Skipper and Kwon (2007) show that risk management reduces business instability making getting funding cheaper as the firm is viewed as low risk by financiers. Viewed from this aspect risk management is expected to reduce the number of companies that go broke and close shop. Possibly this benefit would enlarge the credit and capital markets which promotes private enterprise and increases trade with other countries auguring well for forex inflows.

Plourd (2009) believes that claiming the existence of a risk strategy is not enough by itself to handle the multi-pronged issues faced by firms. In the face of credit crisis risk, inconsistent product prices, bigger government debt, escalating unemployment and diminishing customer expenditure firms need to vigorously employ risk management practises. Risk management used in this way helps a firm to maximise the opportunities that usually lie hidden in the risks (Belas et al ,2018). It should be noted that managers must be conversant with the range of risks across the whole organisation (Strategic, operational, financial and compliance risks).

FORMAL BUSINESS RISK MANAGEMENT

Risk management is an innovative practice that involves recognizing, assessing and alleviating the effect of the risk event (Lima et al,2020). Risk management can be formal, with distinct work procedures. They are various business risk management set out by authorities. This includes International Risk Management Standard ISO 31000 :2009 appended to ISO31000:2009; Committee of Sponsoring Organisations Framework on risk management (COSO); Standard Bank risk management guidelines for Small enterprises, CPA –Risk management guidelines for small enterprises and British Standards 1000.

ISO31000:2009

According to Purdy (2010) quoted in Mansor (2017) there were many versions of the risk management process to be followed before the International Body of standardisation intervened in 2009.They crafted ISO 31000:2009 to achieve consistency and reliability in the management of any risk that would be faced by firms. This international standard for risk management is a framework that is structured to meet the needs of any organisation (Lalonde and Olivier ,2012; Baker 2011). This was later abridged to ISO31000:2018 with top management accountable for managing risk and oversight bodies accountable for overseeing risk management. The figure below shows the risk management process as guided by the standard.

Figure 2.1 The Risk Management Process

Source: ISO 31000:2018

 At the onset of the risk management process every firm must ensure that they fully grasp the external environment and the core culture within the organisation. The data gathered from determining the background setting of the firm is used to come up with or identify the pertinent threats likely to be faced by the firm. In most cases the identification of risk screens the risks and drops those that are considered insignificant or minor from rigorous analyses. This leaves the major significant risks to be quantified and analysed for possible outcomes   using decision trees, fault trees, Failure Mode and Effect Analysis as well as Hazard and Operability studies.

The process of analysing the risk requires carefully looking into the cause of the risk. Various techniques are used to approximate the risk, that is, hazard matrices, risk graphs and risk matrices. Complex risks usually use costly quantitative techniques whereas simpler risks use qualitative and semi quantitative methods. This stage involves the comparison of risks with formerly known and permitted hazard or risk benchmarks. If the risk to be secured is more than the allowable risk benchmark it means the risk requires further control procedures to be instigated. The firm has to inevitably deal with the risk. There is need to come up with affordable alternatives to treat the risk in question. This lies in the domain of avoiding the risk, reducing the risk, transferring the risk, and retaining the risk. Furthermore, risks are always evolving by nature hence they need to be observed constantly in a strategic manner. The risk management system must be overhauled by checking the organisation itself, proficiencies and success of the system in totality. Finally, the risk management procedure, aims, components, conclusions and required actions must be plainly communicated.

COSO Framework of Risk Management

The Committee of Sponsoring organisations of the tread way organisation (COSO) provides direction on risk management. They point out five key areas to business risk management. These include the control environment, Risk assessment, Control activities, Risk assessment, Control activities as well as information and communication. In a later development COSO introduced the three levels of defence so that risks could be monitored and reviewed from three levels. Management controls and internal controls of the SME are at the first level. The different business departments make up the second line of defence. The last line of defence would then be internal audit. Internal audit is a separate and a standalone department which will then provide an independent review of the business operations. Audit can also advise the SME to ensure efficiency in controls. However, the three levels of defence need business risk to be clearly identified in the business.

It is important to note that the other risk documents also give guidelines centering on the elements of risk management discussed above. 

INFORMAL BUSINESS RISK MANAGEMENT

Informal business risk management is generally rooted on intuitive decision making with no defined processes. Herschel (2010) believes that the risk process is embedded within the decisions made by the small firm even though it might be informal or not understood and recognized by the SME themselves. In essence these authors believe that risk management in SMEs is entrenched in everyday organisational dealings (Poba Nzou). Kikwali (2011) asserted that guidelines and standards for risk management set by authorities [1]  make implementation of risk management by SMEs more difficult as the guidelines are more prescriptive than engaging. Hence in most cases SMEs hardly ever use the documents. A groundbreaking theoretical study by Crovini and Chiara (2017) indicated that despite the existence of several studies showing the importance of implementing structured risk management, SMEs still did not practice it in their businesses as shown by their total disregard. What differs between them and their larger counterparts is that they do not clearly document that they are actually managing risk. Tauron (2014) found that small business managers tend to use instinct, experience and personal conclusions to deal with risk. A typical scenario is whereby these SMEs maintain close personal contact with customers to allay risk by getting more business from these customers. However, the criteria of selecting these customers remains ambiguous which could expose the SME.

Given the arguments in literature that SMEs do not manage business risk (Thun et al 2012; Hiebl,2013) this study sought to profile the strategies that SMEs use in managing business risk to prove empirically that they really have a form of business risk management whilst establishing a nexus between formal and informal business risk management.

PRIMARY OBJECTIVE

The main aim of the study was premised on the problem with a view to develop a framework that can bring a nexus between informal and formal business risk management , so as to enhance mitigation strategies used by manufacturing SMEs to manage business risk based on verbal accounts [2].(Pragmatic ontology rooted in pragmatic logic).

LITERATURE REVIEW        

Risk Mitigation is more concerned with taking actions that eradicate or reduce loss from occurrence of harmful events (Cambridge Oxford Dictionary; Franch et al ,2015). It involves   preparing and coming up with techniques and possibilities to decrease loss in as far as business objectives are concerned. Mitigation strategies are the actions put into place to deal with issues and outcomes of those issues regarding a project. Risk mitigation is a plan to get ready for and minimize the effects of threats on business continuity (Luketevich,2021). Risk mitigation strategies are created to eradicate, diminish, and regulate the influence of recognized hazards inherent to a particular activity.

According to Drennan and McConnell (2014) firms basically have options in terms of how they manage risk. Knight (2005) in an earlier writing validated this opinion and points out four strategies, that is, risk avoidance, risk reduction, risk transfer and risk retention. Bekefi et al (2008) and Franch et al (2015) concurs with this view adding on that risk management is about gains from opportunities also. These methods can still be broadly categorised in terms of their aim which is either risk control or risk financing (Longeneck et al (2010). Risk control measures tend to minimize the risks of the firm. Approaches that reduce risk through loss prevention and control efforts include risk avoidance.

Risk avoidance means the firm would refuse to accept any exposure  to loss arising from a particular activity  implying that there would be no risk management measures that could reduce the risk below the limit considered acceptable by the organisation(Hoffmann,2009).Basically ,risk avoidance is used when the magnitude of the risk is  considered to be  extreme  that it does not  warrant forking out resources to  mitigate the difficulty, for example, a company may decide to disengage from  certain commercial undertakings  to circumvent any  risks they might be exposed to. This could be achieved by restraining funding in some ventures or rejecting the urge to build offices or shops in prospective hostile localities (Luktevich,2021). However, risk reduction or prevention strategy would ensure that it limits the likelihood of occurrence of a loss event and its impact to the firm.

 Risk Control measures may involve physical measures, changes in management systems, human resources strategies and risk financing alternatives. Habegger (2008) states that not all risks can be eliminated hence a zero risk approach would require a total control of the future developments of the organisation which is practically impossible. He emphasises that eliminating all risks may not be desirable, as risks often incorporate an undetected opportunity and to take risks may be an important driver of innovation, economic growth and social progress. Ellegard (2008) proved that SMEs use defensive risk management strategy through elimination. This is usually done through knowledge protection, local sourcing, practising fairness and loyalty. Eliminating the risk totally could mean terminating a certain feature of the product or service which always gives the firm problems. Additionally, the firm could change their approach in the delivery of the service totally (Cienfugos ,2013).

Risk financing focuses on guaranteeing the availability of funds to meet those losses that could occur (Cormican ,2014). This includes retention and transfer strategies. Retention strategies aim at maintaining of the risk within the company especially for negligible risks. In some cases, it is considered because the adoption of real measures to reduce would be unaffordable. Hence a fund is set aside to meet the expected loss or deviation.

Risk transfer on the other hand would be related to the transfer of a risk to a subject that would provide support in exchange of a premium. Risk transfer would imply in that sense, a contractual arrangement or the subcontracting of certain activities. The typical application of this strategy is the subscription of insurance against certain risks (Holl and Mohammad-Zadeh 1984). Besides insurance Luktevich (2021) believes that this strategy encompasses distributing risks amongst various parties, in line with their capability to safeguard against the threat. He further alludes to an example of a faulty merchandise which has some amount of third party materials. In this case the manufacturer of the goods would handover liability for a certain portion of the risk because of this. However, they are strategies that sit in between the two approaches (retention and transfer), approach that considers the sharing of risks discovered with other organisations, through the establishment of a suitable agreement (e.g. private and public) partnerships.

Signing a contract reduces risk because it integrates passages on allocation and diffusion of potential losses (Svenson 2000; Mbiki and Song (2016) concur that insurance is a strategy that can be used to manage risk. However, they showed that in most developing countries it is hardly used by small businesses as compared to their counterparts in the developed world. A study by Cioccio and Michael (2007)  in Australia found that Insurance was by far and wide the most used strategy by Australian SMEs.However Smit and Watkins (2012) found that a small insignificant number of SMEs used insurance in South Africa  validating the  findings of Mbiki and Song(2016).Luper and Kwatum (2012) also showed that a majority of SMES do not cover their companies against risks in Nigeria despite the fact that insurance would assist SMEs to scientifically look at risks in an professional manner. It is imperative to realise that a crucial element in the choice of a risk strategy is for the company to discover or recognize all forms of risk that they can be exposed to and take the best risk strategy. The majority of SMEs have been found to choose from a diverse base of suppliers to reduce risk. In most cases contracts are drawn with suppliers to guarantee smooth supply and a certain calibre or quality of material needed. Ellergard (2008) cited in Mbiki (2016) business managers preferred dealing with local suppliers as a way of avoiding currency, political, foreign exchange risk as well as socio cultural risks. Another strategy used by French and Canadian SMEs was working with suppliers that they were familiar and comfortable with in as far as values and approach towards business was concerned. In essence SMEs used suppliers who were likeminded (Poba-Nzou 2011).

In a study on manufacturing SMEs Beliskanja (2017) found that most small firms used modest gadgets to manage risk. In some instances they just follow security directives, putting  on security gear by employees ,safety equipment like fire extinguishers, fire protection overhead sprinklers and simple insurance .In as far as techniques to handle risk are concerned their study highlighted that risk avoidance was hardly ever used in manufacturing SMEs .If at any point a risky decision had to be taken there was no avoidance, the firm just stepped in and did what needed to be done to get hold of the opportunities presented. It was also noted that small firms did not give much relevance to risk as compared to their large counterparts despite the fact that risks are evolving daily.  They find the whole process tedious and assume it to be costly as well as time consuming. In the study the majority of SMEs could not afford a fire extinguisher but had contracts with security firms in order to reduce property risk.

It was also noted that some SMEs keep funds in bank deposits as a risk retention strategy. Others would would set aside a certain percentage of their yearly sales in the event of a problem besieging them. The risk transfer strategy in the form of insurance was mostly used by manufacturing firms in woodworking, furniture, plastic products and pharmaceutical companies. However, most SME owners were found to be taking out insurance on their private properties and other things at the expense of business risk. In essence the major reasons to taking an insurance policy for manufacturing SMEs was triggered by friends, a colleague’s tragic experience, requirements from financial institutions, media on accidents, disasters and other threats taking place in their environment. In, most cases SMEs do not trust insurance schemes. Manufacturing SMEs did not value the service of risk consultants and Auditors who could help them deal with business risk as they believe these consultants are expensive. They preferred advice from relatives and friends’ experiences.

Watkins and Smith (2012) in their study of small firms in South Africa found that most SME owners focused their risk actions on loss control. They preferred dealing with fire, safety, security, health and quality assurance. It was noted in the study that these loss control activities were usually given to other managers or the owner themselves who were already overloaded resulting in inefficiency since not enough time was given to the risk function. It was found that SME owners were not well versed with risk reduction techniques, that is, risk elimination, reduction, transfer and acceptance. Entrepreneurs preferred avoiding risk rather than putting in place risk control measures.

Chopra and Sodhi (2004) in Ellegard (2009) pointed out that every risk plan meant to alleviate threats must be suited to the problem at hand. They recommended that small companies need to build reserves in terms of stocks, volume and monies. Holding reserves for parts or inventories meant continuous production would be done without any stoppages even when poor quality components had entered the factory. Multisourcing is another strategy used to manage risk. Son (2018) suggests lead time reduction and recovery planning systems as a way to manage disruptions in the supply chain. Knowledge gained from outsourcing can help improve business practises of the firm. However, Elockson (2017) points out that outsourcing reduces the innovation capabilities of the firm due to loss of control in terms of outsourced activities . Elockson (2017) also asserts that if firms follow the risk management process they can effectively deal with risks.

Tauron (2014) found that small business managers tend to use instinct, experience and personal conclusions to deal with risk. A typical scenario is whereby these SMEs maintain close personal contact with customers to allay risk by getting more business from these customers. However, the criteria of selecting these customers remains ambiguous which could expose the SME. Mbiki and Song (2016) in a study of Nigerian SMEs assert that collaboration can be used to manage risk by SMES. Networks can be formed with other organisations using formal arrangements such as strategic alliances (Elockson,2018), marketing promotions, Research and developments agreements, technical cooperation agreements, licensing agreements and subcontracting. This enables firms to get resources that they would otherwise not be able to gather on their own. As small firms collaborate essential information on the credibility and credit worthiness of customers becomes easily available reducing risky scenarios for the firm. In a study done by Kim and Vornotas (2014) on technology based SMEs networking was found to assist firms to deal with commercial, financial and technological risk. SMEs also kept their customers close so as to get more business from them as well as their associates. Another strategy used was sharing information with competitors as it helped have legit information on the creditworthiness of future customers (Hiebl and Falkner ,2014).

Mbiki and Song (2016) also highlighted that diversification of business by engaging in a variety of businesses counteracted risk. The diversification strategy ensures that the small firm is not vested in only one business activity to avoid insolvency if the venture fails. However, diversification only works if the owner managers know the combinations of businesses to be involved in. In their study of Cameroonian manufacturing SMEs Mbiki and Song found that diversification and cooperation were the most used mitigation strategies. If SMEs perceived that cooperation will give them a better edge in the market they engaged more with other companies.

They also found that most small business owners were risk averse but tended to be overoptimistic when new prospects came, hence instead of anticipating risk in advance they ended up dealing with it as and when it came increasing the cost of doing business. Mansor et al (2016) posits that there is need for small companies to pay close attention to the needs of their customers as a way to manage risk.  Inventory control is a mitigation strategy which can reduce risk in a financial crisis (Trkman and McComack ,2009; Blome and Schoenherr,2011). However other authors augured that inventory control might not work if there is no financial crisis (Tomlin ,2006; Aven 2016). Besides in an environment where disturbances are rare large inventories would require continuous transportation without stoppage. Behzadi et al (2017) isolates robustness and flexibility or resilience as good strategies to manage risk. Kilubi (2016) asserts that firms must use reactive strategies for internal risks and proactive strategies for external risks.

The findings from a study on Automotive SMEs in Germany showed that keeping additional stocks, having extra capacity in production and warehouses was used to mitigate issues in production and deliveries.

A study done by Ellegard in 2008 cited in Hiebl and Falkner (2014) revealed that some SMEs enter into agreements with specific suppliers so as to have some form of power over the behaviours of these suppliers. This ensures constant supplies to the small firm since default attracts fees and fines on the part of the suppliers.Poba-Nzou (2011)  found that to avoid currency risks, political risks, risks arising from customer tastes and preferences changing or differing ,SMEs preferred dealing with local suppliers .Poba –Nzou (2011) results were in line with those of Ellegard (2008) as SMEs in the study chose to only work with suppliers that they were well acquainted with and those who shared their goals and objectives.

An earlier study by Gilmore, Carson and O’Donnel (2004) found that SMEs avoided dependence on bank loans to avoid being overdrawn and being indebted. They were also reluctant to increase the size of their businesses once they achieved a certain stage. This caused then to discontinue unprofitable profits rather quickly before they could incur too much losses. The major strategies used were keeping key employees, networking, managerial competencies especially experiential knowledge.

An empirical study by Allen (2016) on SMEs in the KYA Sand Industrial area used a model by Andersen and Schroder 2010 wherein a full range of corporate exposures was identified, the risk factors as well as possible responses. Figure 2.2 below shows the risk factors visavi the exposure

METHODOLOGY

A descriptive survey was used. Thirty interviews were targeted which is the upper limit recommended by researchers for interviews (Creswell,2003 and Boddy,2005). In essence stratified purposeful sampling was used (statistically non representative stratified sampling since it was based on targeted interviews) This was done to garner views from the different types of SMEs. The sections that follow document the verbal accounts by SMEs from their points of view without any bias or change in the statements. The researcher however, allows for reflexivity to allow her personal interpretation of these lived experiences.

The findings are informed by a hermeneutic phenomenological approach. The phenomenological approach to research emerges as a response to the radicalism of what is objectifiable.  The researcher opted to employ it as it is based on the study of life experiences, regarding an event, from the subject’s perspective. This approach is based on the analysis and presentation of the most complex aspects of human life, of what is beyond the quantifiable aspects. According to Husserl (1998^[3]), it is a paradigm that tries to explain the nature of the things, the essence and the veracity of the phenomena. The aim of its application in this study is to understand the complexity of the lived experiences which one is in the SME lifeworld. This understanding is in turn aimed at raising awareness and finding the meanings surrounding the phenomenon and in this case business risk and business risk mitigation.

The researcher uses three sources of evidence to interpret and describe the findings. The sources are the narratives of the respondents in the first person’s account, the researcher’s observations and the researcher’s reflections and the relevant literature where it is appropriate. The factors necessitating the use of this approach stems from the indeterminacy of the participants’ views alone. This refers to the fact that a specific theme or code can be described using different subthemes or categories using the expressions rendered. The same can therefore be represented using an almost indefinite number of expressions. Inevitably, even an elaborate reliance on the researcher  using her accounts or the participants accounts cannot capture all relevant details (Blair, 2006^[4]; Kitchenham & Charters, 2007^[5]) may miss an interpretation or construction of the phenomenon under inquiry that could be found by using the three in combination.

The data in this section is presented in two ways based on the Gioia approach and the vignette approach. A Brief of these two approaches is presented below.

 The Gioia Approach

The Gioia approach has characteristics that include a findings section that is set out according to levels of theoretical coding associated with a particular understanding of the grounded theory approach (Strauss & Corbin, 1998^[6]; Gioia et al., 2013^[7]). This approach tends to use tables and figures to illustrate phenomena and articles in this category commonly include a figure (i.e., the Gioia chart). This is composed of boxes and arrows to show first, second and third order codes that are derived from analysis of the qualitative data. First order codes are closest to the data, and aggregated to develop second order codes, that are again aggregated to a more theoretical level in the development of third order codes.

The structure of the findings section closely follows the codes in the Gioia chart; authors use the first, second and third order codes as building blocks for the text which is arranged in a list-like format. The emphasis is very much on ‘showing’ snippets of data to illustrate the contents within a code. In many cases, the relationships between codes are discussed in a following section that includes a model or diagram. The logic underlying this approach seems to be one of providing the pieces of puzzle and then assembling it (what has been deemed a move from photographs to movie (Gehman et al., 2017:3^[8])

The Vignettes Approach

The use of vignettes privileges a more narrative-based mode of presenting findings. A vignette is an evocative description or an account of a short event or episode. In articles where authors use vignettes as the key mechanism for showing their findings, the findings section is usually organized around a master theme with different sub-sections showcasing multiple aspects of the overarching theme or idea. To emphasize this, some scholars re-label the findings section according to the theme they are exploring in the paper (e.g. Anteby & Molnar, 2012^[9]). Thus, this approach foregrounds the interconnections among categories and gives space to show the findings in ways that capture more richness in an easily-readable and credible way. This approach thus addresse credies thbility criterion for qualitative research that is similar to the concept of internal validity.

Following the interviews with SME proprietors and managers, risk mitigation was seen as a central part of some SMEs that participated in this study as part of strategic risk business management. SMEs in Bulawayo have their own to methods to address business risks associated with their business ventures.

FINDINGS

With reference to research objective, “To understand from the point of view manufacturing SME business actors in Bulawayo how they go about mitigating business risk in order to survive” the findings are as follows 

 Figure 4.1 Vignette of Political and economic instability

Economic risk

This refers to changes within the economy that lead to losses in sales, revenue, or profits.

This process is shown in the vignettes below (see Figure 4.2).

Figure 4.2: Vignette of Economic Risk

Compliance Risk

 In every industry, they are laws and regulations that govern business processes. For instance, The Occupational Safety and Health Administration (OSHA) regulates how companies operate to protect their workers’ health and safety. On the other hand, the Environmental Management Agency (EMA) makes sure organisations that companies follow standards to lessen undesirable effects on the environment. Failure to comply results in fines, penalties or company closures. It is important for firms to appraise their risk compliance and be abreast with new regulations so that operations run smoothly.

This process is shown in the vignettes below (see Figure 4.3). 

Figure4.3: Vignette of compliance risk

Reputational Risk

In order for a company to attract and keep customers they must build a good reputation. This takes a lot of work. Nevertheless, one unhappy customer, failure of a product, poor service or a lawsuit can damage the image of the organisation. The presence of social media has intensified the risk of reputation loss as customers can just post their views for everyone to see. It is important for a firm to continuously address customer concerns and be up to date with their views and opinions. Customers appreciate firms who value their comments. They also appreciate firms who act on the valuable information given via comments as well as complaints.

Figure4.4: Vignette of Reputation risk

Operational Risk

These are people risks, that is, errors made by people can result in operational failure. Basically operational risks include risks that occur due to internal activities involving people, processes and systems (Global Association of Risk Professionals, 2011). Workers supervising tasks can make methodological errors, resulting in process malfunction. This error would cost the business more time and money.

This process is shown in the vignettes below (see Figure 4.5).

Figure 4.5: Vignette of operational risk

Competitive Risk

This entails the probability of remaining behind the competition once a company is at the top of its game in its industry. There is the tendency for a firm to relax at the top instead of growing its business model to gain more competitive edge. If a company fails to adjust their products/services as well as their methods to entice and maintain customers, they will fall behind competitors.

This process is shown in the vignettes below (see Figure 4.6).

Figure 4.6: Vignette of Competitive Risk

Speculative or dynamic risk

Speculative risk where both profit and loss are possible were the most spoken about. This process is shown in the vignettes below (see Figure 4.7).

Figure4.7: Vignette of speculative/dynamic risk

Pure or static risk

Risks that just culminate into loss when they occur.

Figure 4.8: Vignette of Safety and health risks

Financial Risk

This is the risk that affects the cash streams of the company. This includes a variety of risks related to financing, for example, liquidity risk, funding risk, interest rate risk, investment risk, pricing risk and credit risk (Barcia, n. d). It is noteworthy that for SMEs in this study funding came from their own personal savings, family and friends. What they construed as financial risk was the risk of not getting access to capital for expansion, risk that their cash streams would be affected by internal and external factors leaving them without enough money for their business.

This process is shown in the vignettes below (see Figure 4.9).

Figure 4.9 Vignette of Financial risk

Supply risk

The probability that they can be disturbances in production due to supply problems.

Figure 4.10: Vignette of supply risk

Security and fraud risk

This is the loss that comes about due to the possibility of fraud or theft. Fraud and theft could occur due to poor systems, dishonest employees or lack of secure premises.

Security and fraud risk

Figure 4.11: Vignette of fraud and security Risk

FOUR AVENUES TO ADDRESS RISK

The study will show four avenues to address business risk that emerged from the interviews. There is a hierarchy of avenues that is employed. This begins with an initial consideration of risk avoidance then proceeds to three additional which are Risk reduction, Risk Transfer/ Spreading and Risk acceptance. Ideally, these avenues are employed in concert with one another as part of a comprehensive strategy. Generally, a comprehensive asset protection strategy is expected to incorporate a well-thought-out combination of all or most of these avenues to consider whether the risks envisaged or experienced by an SME ought to be deterred, denied, delayed or detected.

Risk avoidance

This approach asks if the risk should be avoided. If the Risk Analysis by an SME discovers high or extreme risks that cannot be easily mitigated, avoiding the risk (and the project) may be the best option. The math for this decision is straightforward if the loss expectancy of the business is higher than the return on investment, risk avoidance was considered to be the best course.

Below is a vignette of a business risk.

Figure 4.12 Vignette of Risk Avoidance

In figure 4.12 the SME was exposed to supply risk, compliance risk and reputation risk if they entered into the contract. The level of risk was catastrophic so the SME avoided the risk. This basically means they deterred the risk.

Risk transfer or Risk Spread

This is the act of transferring or spreading the risk to another party or entity. Typically, risk can be transferred to an insurance company through paying a premium. Considering the variety of methods that can be used in loss prevention, insurance should be the last line of defence. Businesses sometimes lease equipment instead of buying it to protect against obsolescence. Whilst insurance is not generally regarded as a part of the traditional security function, it is considered a fundamental element of an SMEs risk management strategy. This study found that most SMEs do not use insurance as it costly for them. Besides they are some things that they believe can never happen to them (fire, natural hazards), thus the negative attitude about insurance. The common methods used by SMEs was through the use of networks and memorandums of understanding. In this way they would transfer a part of the risk to their associations. In other instances, risk is transferred to vendors, suppliers in the form of clauses in contracts or formal agreements.

Risk spreading avoids putting ones’ eggs in one basket. The best example of this is distributing a company’s assets in different locations. If a company keeps all of its stock in one single warehouse the probability of loss would be 100% if a theft, flood or any other danger occurs. On the other hand, if the stock is stored in three different places then the probability of loss would be 33.33% of the total stock.

Below here shows a vignette of a business risk.  

Figure 4.13: Vignette of Risk spreading

It is clear that through multisourcing MR Y is now spreading the risk. In the previous instance his risk was transferred through alliances in his networks. They managed to resolve a funding risk, operational risk, reputation risk and supply risk.

Risk reduction^[10]

This risk measure seeks to reduce the risk to assets. Thus activities that lessen the exposure in the risk equation are carried out (whilst risk spreading and risk avoidance minimise the impact of a loss event). The most common measures are the enforcement of policies, employee education and awareness.

Figure 4.14 below shows a vignette of a business risk.

Figure 4.14: Vignette of Risk reduction

In the vignette above political, economic, health and safety risks are reduced.

Risk acceptance

When all risk avoidance, risk transfer and risk reduction have been effected there is some risk that remains since practically difficult to eradicate all risk. (except as discussed under risk avoidance). This risk is named: residual risk”. SMEs used this strategy when they had accepted the probable magnitude of a particular risk. In that case the SME decides to do nothing, to avoid, limit, or transfer the risk. Acceptance is typically associated with very low cost when it comes to managing the risk. However, after a disruptive event it is very costly.

Figure 4.15 below gives a vignette of a business risk

Figure 4.15: Vignette of Risk Acceptance

It was assumed based on interview findings above that there could be a monotonic relationship between degree of business risk and the expected level of mitigation. A monotonic relationship is a relationship that does one of the following: (1) as the value of one variable increases, so does the value of the other variable, or (2) as the value of one variable increases, the other variable value decreases. However, it may happen also that there could be no monotonic relationship as overlaps are possible as presented by respondents. In figure 4.16 below, the researcher shows possible monotonic relationships between degree of risk and the expected level of mitigation.

 Figure 4.16: Relationship between degree of risk and exacted level of mitigation

Notwithstanding the paired risks and mitigations as shown in figure 4.16, the researcher saw an overlap   that shows  a reflection of the multifaceted nature of entrepreneurial risk mitigation strategies in  organizational, and phenomenological reality (Blau, 1996; Frost, 1996; Tashakkori and Teddlie, 1998 ^[11][12]) that distorts, or even obscures the descriptions of the quadrants as there are possible overlaps  or crossings as summarized in Figure 4.17 below. Crossing postulates interdependent relationships between risk and mitigation strategies by emphasizing inter typological contrasts and connections.

Figure 4.17 Risk Mitigation Overlaps

Based on the narrations above the researcher desired to understand whether SMEs had any guidelines or risk documents that they employed in business risk management.

None of the SMEs were using Risk management documents or guidelines. Participants explained that they do not have the time to go through guidelines trying to understand documents when they had a lot of work to do. One respondent said, “Isikhathi yimali. Ukubalana lezinto ezibhalwe ngesilungu esingazwakaliyo yikudlalisa isikhathi kimi. Ingathi khona lokuwadinga lawo maphepha yinto engingeke ngizihluphe ngayo ngoba akungisizi lutho”, meaning that, “Time is money. Reading documents written in English is hard to understand is a waste of time and I would not even bother to read because it does not help me in any way”. Another respondent stated, “izvi ukazvitevera unokonewa kuwana chikafu chevana”, meaning, “if you follow these things you will not find food for your children.”

A bitter respondent said, “As SMEs we are looked down upon. People just go and do things for us without our knowledge or views, then expect us to follow it and implement on the ground. That is so unfair. Is there anyone who even considers the little that we are doing.” There seemed to be a general consensus amongst the Participants that whatever document on risk management would be too cumbersome for them, just like any other thing they had seen before meant to be done by SMEs without their buy in. They pointed out that risk is part and parcel of business and they meet it every day. One female entrepreneur had the audacity to say, “It’s not the document or supposed formalities that runs the business but the person”. Therefore, they should look at us individually by writing things that we understand, that are relevant and address where we are”.

An owner from the metal work industry supported this view, “We are tired of documents written on our behalf without us informing the writers of the document. Give us something local. Better yet why not walk with us in the journey towards proper risk management by being practical in relation to our sectors and background situations rather than prescribing. What applies in other countries might not exactly apply to our context here”.

There seemed to be overall frustration concerning using the so called risk management documents because some of the Participants did not understand what it was all about.

There are some participants that are not even aware that such documents are there to assist them to manage risk and were totally clueless. A respondent from the woodwork industry said, “Asi chi ichocho.Tsanangurai nekuti andifunge kuti ndakambochiona.” Meaning, “What is that? Explain because I don’t think I have seen it before”.

He was not the only one in this category as the researcher had to take time to explain further and showcase some of the documents. Once explained Participants had this to say, “Hongu asi atimbozviite nendzira iyoyo asi tongokiyakiya zvedu kana tichikwanisa.” Meaning, “I understand but we do not do it that way but we somehow have a way of going around or maneuvering the risks once we encounter them”.

Some Participants pointed out the following, “Kune zvimmwe wo togara toziva kuti zvingangoitika ndosaka tichigara takagadzirisa.Asi zvimwe nguva toziva yedu tisina ndzira dzacho drekudzivirira.” Meaning, “They are some risks that we always know will happen so we prepare in advance. However, they are some that we know will hit us but we do not have a way to prevent them.

Overall there is lack of understanding of these documents, a need for someone to go through the process with them for a certain period to get them on the proper road as per the guidelines and a basic need for the risk management guidelines to be more practical in the context of SME situations. However, there seemed to be general agreement amongst SMEs that even though they were not using these documents there were managing risks effectively using their own strategies if it was within their control.

Experience seemed to be the predominant risk management advocated by most SMEs.They believed that their vast experience in their businesses has made them aware of every typical threat that could likely affect them at any given point. One had this to say, “inini zvangu pabusiness ndinogona. Apana chandinokoniwa nekuti apana chandisina kumboona ndikachikunda mashure uko. Ndotoziva zvese zvihnu zvinogona kuuya, andisati ndamboshamisika kunze kwe COVID chete” meaning “Personally in business management I can say I am good. There is no risk that I cannot sufficiently deal with because I have met it at some point in my experience in business and dealt with i.e. basically know all things that can come at me. I have not been taken by surprise by anything except for COVID.

DISCUSSION OF FINDINGS

The mitigation strategies used by Manufacturing SMEs as gleaned from their accounts broadly fall under risk reduction, risk acceptance, risk transfer and risk avoidance. They might not be aware of the risk terminology but they are practicing them in their managing of risks.

In depth interviews revealed that the commonly used strategy was risk reduction. Most SMEs engaged strategies that lessened their exposure by reducing the risk. In this case the major activities revolved around preventing or limiting the likelihood of occurrence of a loss event and its impact on the firm (Mbiki and Song,2016). Noteworthy is the fact that although there was much employee education and awareness concerning health and safety in the workplace, there was no holistic education and awareness on the various types of risk that the organisation could be exposed to. Findings validate those of Smit and Watkins (2012) who found SMEs in South Africa just preferred dealing with fire, safety, security, health and quality assurance. As a way of reducing currency risk Manufacturing prefer using the USD (United States Dollar) and other stable currencies. If they receive the local currency form people, they immediately change it into foreign currency. This is similar to findings by Mahapa (2016) where South African SMEs were using spot rates to manage foreign currency risks. Networks were used as a risk reduction strategy. These helped SMEs get resources and assistance they would not get on their own. This validates the findings of Gilmore et al (2004); Mbiki and Song (2016) who found SMEs leverage on their networks as a way of managing risk. Findings also mimic those of Kim and Vornotas (2014); Elockson (2018) who found that strategic alliances enable firms to get resources that they would otherwise be unable to get on their own. Particularly they were of the view that collaborations helped firms get important information on the credibility and creditworthiness of customers which reduces risky situations.

Diversification strategy was used by a number of SMEs to manage Economic risk. They explained that when business was bad on one side it would be good in their other ventures neutralizing the effect from the portfolio that had made losses. This is line with the theory formulated by Markowitz (1959) that entrepreneurs need to diversify or spread their investments to avoid losses. True to his words they are some SMEs who were just vested solely concentrated in their original business ventures which spelled trouble if a catastrophe hit. These findings also concur with the study done by Mbiki and Song (2016) on SMEs in Cameroon which showed that diversification was mostly used to counteract risk.

Compliance was a major challenge for SMEs especially when it came to special permits. In order to prevent their operations being closed down they bribed their way through. These findings validate those of Nyamwanza et al (2014) who found that SMEs in Zimbabwe had high compliance wherein council regulations were concerned, however when it came to other regulations they evaded compliance by bribing or temporarily closing their businesses during a compliance onslaught. Furthermore, study findings revealed that SMEs thoroughly think about and follow their gut where risky business decisions are concerned basing on what they would have gone through before. This is in line with the findings of Tauron (2014) and Gilmore et al (2004). SMEs clearly enunciated that they calculate the profits expected from their personal ventures. This is akin to decision trees though they do not formally draw anything down. There is a strong similarity to that which is detailed in the theory of opportunistic entrepreneurship by Cressy (1991). An optimum decision rule is crafted for the entrepreneur based on the likelihood which enhances anticipated profits whilst reducing risk. SMEs in this study always had extra stock. This reduced the risk of losing customers. This is similar to findings by (Mansor et al ,2016) who found that SMEs managed risk by consistently looking at and being up to date with customers’ needs and preferences which made them control inventory in a satisfactory manner by stocking in abundance that which is needed.

Risk transfer is a strategy which also emerged from the SME accounts. In this case, SMES would transfer the risk to a third party. Risk transfer /spreading in most cases was done through the payment of subscriptions in their associations and alliance groups. The use of memorandums of understanding made them able to transfer part of the risk to their associations. Some actually got bailed out of difficult situations virtue of their associations stepping in to assist. Generally, insurance is the most common way of risk transfer. It emerged from the interviews that SMEs did not usually take the insurance route as it was costly for them. This concurs with findings by Beliskanja (2017) where the majority of business owners were found to be taking insurance on their private properties at the expense of business risk. It is also the same with findings of Luper and Kwatum (2012) in Nigeria, the findings by Mbiki and Song in Cameroon as well Watkins and Smit (2012) in South Africa. However, these findings differ from those of Cioccio and Michael (2007) who found that Australian SMEs used insurance widely as a risk strategy. This means in generality African SMEs do not take insurance as their counterparts from the developing world because there is a firm belief that it is too costly. Additionally, none of the SMEs had a fund setup for a rainy day or losses incurred when doing business. This also deviates from findings by Cormican ,2014) who advocated that SMEs should have available funds to cater for losses.

Manufacturing SMEs also used risk avoidance as a strategy by avoiding speculative deals.  It was revealed that some SMEs have a minimum benchmark beyond which risks should not escalate. These strategies are   akin to risk avoidance wherein the firm refuses to accept any exposure to loss from an activity by having no risk management measure that could reduce the risk below the limit considered acceptable by the firm as stated by Hoffman (2009). Respondents in the study revealed that risk avoidance was used when SMEs perceived the risks to be very high or extreme, to the extent that the best course of action was aborting the project as losses would be unbearable for them. This is in line with findings by Gilmore et al (2004) where SMEs discontinued the idea once it became clear that it would not be profitable.

SMEs have learnt and accepted that people out there will copy their products. This is a form of risk acceptance. Hence to mitigate the risk they innovate to create a product that is so unique which gives them a competitive advantage. innovation was a key strategy used to eliminate risk because fly by night business and employees who leave cannot steal their creativity. It seems they protect their knowledge. In essence they use defensive risk management through eliminating the risks as posed by Ellegard (2008).

Findings from interviews revealed that none of the SMEs use risk management guidelines to mitigate risk. This is similar to findings by Zhoghi (2017) where most Turkish SMEs were not using guidelines to implement risk management in their organisations. There were various reasons for this in this study, there were some SMEs who are totally ignorant that such documents exist in the first place. However, there is a group that is quite aware but they do not understand the documents. Primarily they do not have the time to go through these documents and they also question the practicality of the documents to their context. There was a general feeling that these so called documents tended to tell them what to do instead of asking them for their input. This is similar to findings by Kikwali (2011) who asserted that guidelines and standards set by authorities are more prescriptive than engaging.

It is clear that what SME owners are doing mirrors what an all-inclusive formal risk management plan would incorporate.

CONCLUSIONS

The study concludes that risk management in SMEs is being done by experience. SMEs tend to use instinct, experience and personal conclusions. There is no systematic method followed but risk is dealt with as and when it comes. It is clear even from this research that SMEs do not follow any documented procedure of risk management. However, it must be acknowledged that there is a form of risk management taking place. The study has shown that the mitigation strategies used by SMEs actually fall   under the formal business risk management strategies of   risk reduction, risk avoidance, risk acceptance and risk acceptance. SMEs are using these strategies albeit informally. There is indeed a nexus between formal business risk management and informal business risk management. The Manufacturing SMEs approach is subtler because it is embroiled in the way that decisions are made and in their everyday dealings based on circumstances the firm finds itself in. We detail these differences below in order to solidify the cohesion between formal and informal business risk management.

 Theoretical implications of this research based on SME accounts

This research filled the gap by looking at how SMEs manage risk from their various accounts. It is the first preliminary research that has been done on manufacturing SMEs in Zimbabwe. It is clear from the findings that SMEs believe that they are performing risk management in their own way suited to their circumstances. There is however a contradiction with extent literature which declares that SMEs are not doing risk management because it is not structured and formal as prescribed by COSO, International organization for Standardization (ISO) 31000:2018 and other practical guides for SMEs on how to implement risk management.

 Earlier research has shown that as small businesses find their footing in the market, the owners become less careless in taking risks as their perceptions of certain situations changes over time. Their experiential knowledge enables them to look at threatening situations with caution and wisdom. This allows them to make informed decisions because business situations are critically evaluated with managers being aware of the need to manage and minimize risk. To bring a nexus between the standards and the experiential knowledge detailed here we adopt the conceptual idea of the New perspective to Risk Management theory where they posited that it is important to analyse the way decisions are made. This view is being taken as SMEs in this study emphasized that they thoroughly think their decisions through and make any necessary calculations of expected gains. This thoroughness was exhibited in their detailed accounts of strategies used.

According to Guo (2008) cited in Crovini and Chiara (2017) decision making entails selecting the best alternative so as to attain firm objectives and goals. Primarily the DECIDE model is similar to the risk management process. Figure 4.18 shows the DECIDE model.

Figure 4.18: Risk management and decision making model comparison (Adapted from Crovini and Chiara, New Perspectives in managing risk, 2017)

Crovini and Chiara (2017) show that in both models the setting of objectives is the first stage. Thereafter managers should look at the possible alternative to make and ascertain activities that could cause risks. Thirdly, a choice is made with applicable actions done to react to the risk. Finally, evaluating and monitoring the solution is done in both processes. It is vital to appraise the decision and actions executed and to scrutinize what could go amiss or wrong. This averts, lessens and helps to overcome potential adverse consequences. Feedback gives data interconnected to the decision or risk reaction. Even if undesirable results are obtained managers can investigate whether the decision or control activities gave the intended results. The key in these processes is information and communication. They concluded that implementation of risk management in SMEs is done informally. This implied that it is rooted in decision making which is important in setting and achieving goals. According to them, if knowledge, risk appetite and awareness of how decisions should be made is enhanced it would be the beginning of developing risk consciousness which could be translated into a sound risk approach in SMEs. In this study findings prove that indeed risk management was being done informally centered on decision making.

This study has further implications looking at the psychological domain. A deeper look at the strategies used by SMEs to manage risk brings us back to the eight functions used for active coping by Lazarus Falkman cited in Chowdhury (2020). They are applied in this way;

We can glean from the accounts of SMEs that they use self-control in response to threats especially when looking at the way they used their gut feeling in business decisions. This shows that they do not impulsively make decisions but they weigh their options. It is clear from the accounts of SMEs that they face their challenges head on and do whatever is necessary to handle the risk facing them at the time so that they do not lose out. The third function mentioned is social support. In this study SME owners detailed how they have networked and collaborated with others to ensure survival as a way of accessing resources that they would otherwise not be able to garner on their own.

Chowdhury (2020) points out that Falkman believes that a fourth function in active coping is whereby emotional distancing is practiced. Herein the problem is regarded as being so insignificant that it does not warrant distress so as to avoid being moved by the problem instead of logical thinking. When most SMEs were hit by COVID 19 regulations instigated by national lockdowns they refused to let it permeate their actions by just staying and doing nothing at home. However, they treated the issue like a small thing by trying all means to get to their respective workplaces or simply working at home when they could. Escape and avoidance   involves pretending the situation does not exist. A case in point is when the use of forex was banned. SMEs continued as if the ban did not exist by continuing to take forex. Later on even though they could see people were struggling to get forex and cash they still insisted on wanting cash and forex to the detriment of business. One of the topmost strategies detailed in this chapter earlier that was used by SMEs is avoidance which confirms Falkmans theory (1984).

Radical acceptance is a strategy wherein the SME or individual has radical acceptance so they can adapt to threat easily. SMEs in this study used risk acceptance as a strategy. Positive reappraisal involves the SMEs trying to find the answer in the struggle and grow from it. SME owners in this study showed their versatility by adapting to the requirements of their business environment. Strategic problem solving whereby a solution is implemented with focused strategies to get over the threat was the eighth function. We have evidence of this from the detailed accounts of SMEs of how they dealt with various threats that they were exposed to.

Following ideas from Falkmans theory this study proves that just like the risk management process SMEs do identify the threats that they are exposed to. They assess the risk by looking at how it is affecting them overall in terms of profitability. This assessment is based on the experience they have from various situations which makes them familiar with the issue being dealt with. Thereafter they respond to the risk by implementing mitigation strategies. As shown in this study if a measure failed to bring in the sought after result they would evaluate and come up with other measures to solve the problem. This is akin to the evaluation and monitoring shown in the formal risk management structures.

Taking the theories discussed above it is the conclusion of this study that SMEs practice risk management informally through decision making. This is irrevocably evident in the strategies they use to mitigate the risks. This study confirms empirically the theoretical paper by Crovini and Chiara (2017) as well as Lazarus Falkman’s theory on coping. It is clear that the informal risk management done by the SMEs is not as sophisticated but it does exactly mimic the formal risk management as shown in this study.

There is need for practioners to start looking at risk management from the perspective of the SMEs. Experts must come in to help develop robust decision making in SMEs. It is crucial to get the SME owners on board first by improving awareness, accountability and sensitivity to risks. This would encourage SME owners to document their procedures and systems. This would make their risk management more formal. However, in order for them to start using the risk documents there should be serious awareness programs and campaigns. We detail how this can be made possible in the framework below;

Framework to Bridge the gap between informal and formal risk management

Figure 4.19 Framework to bridge gap between informal and formal risk management

Source: Author

*SMEAZ-Small and Medium Enterprises of Zimbabwe         *MSMEs-Ministry of Small and Medium Enterprises

Explanation of framework

The research noted that SMEs are not using any risk documents but they have a form of risk management that they carry out informally through decision making. The institutions that work with SMEs like SMEAZ, MSMEs do not seem to have the capacity to get SMEs on board because these guidelines are not really mandatory.

The framework suggests the creation of a Risk Management Incubation Center (RIC) which will focus on risk management in SMEs at grass root level.  It would be run with the help of a team of voluntary experts, that is, risk consultants or managers, business managers (process), bankers, venture capitalists, marketers, accounting and information technology professionals. This means SMEs would get all the necessary help it takes to run their business in the center.

This institution would be a risk incubator for SMEs until they have mastered how to engage risk management in a procedural manner in their businesses. It would be a center that would foster risk awareness amongst SMEs with the aim of teaching them to plan and outline their risk management. They could make flyers with basic information, broadcasts, online, Facebook, WhatsApp twitter etc. educating SMEs. It’s not just about education it’s about SMEs coming in voluntarily and being part and parcel of the change with their ideas and inputs being factored into the process. Workshops and meetings would be facilitated by the center to raise awareness. Primarily this institution would work best if it had agents who could be attached directly to work with a few SMEs one at a time until results are achieved. Once that pilot of few SMEs is done the majority by hearsay would come in freely making it easy to do the meetings and seminars from a central point or through online programs. At best this institution could set up temporary hubs at SME business sites.

The Risk management incubation center (RIC) will thoroughly focus its attention on enhancing strategic decision making process in SMEs. This would enhance their knowledge and get them to appreciate their own companies risk appetite. It is important for the SME owners to fully appreciate and acknowledge the benefits of formalized risk management in order to get them to implement it on the ground. Once they are sold out on the vision, mission and values of the RIC it is believed they will move towards more structured decision making. Once this is fulfilled then the first stage towards formalization of risk management can be done albeit partly. At this stage there must be effective communication between the SMEs and the RIC through reports or feedback on challenges and breakthrough areas. The RIC must actively evaluate and continuously monitor SMEs so that any challenges are dealt with summarily. Once programs have been evaluated and monitored checks must be done to assess whether the SME/s in particular now have documented procedures and systems in place. Once the RIC is confident about the systems and general performance of an SME in as far as dealing with risk is concerned, that SME is moved to the final stage where systems are perfected and risk management is fully formalized. An incentive could be given at this stage by introducing them to banks and venture capitalists who would award them loans at favorable rates due to their risk systems. SMEs want things that work, once word spreads of the benefits of inculcating sound risk management the majority will want to come through RIC. Once formalized the RIC will still continue to evaluate and monitor the risk management systems of the SMEs fostering accountability and transparency

The RIC will also work with SME bodies like SMEAZ, MSME and SME associations so that they spread awareness of risk and uptake through these existing institutions. This will enable them to touch SMEs who might not come through the RIC itself. These bodies will also emphasize structured decision making and foster risk awareness and embed the formal risk culture in SMEs.It is vital to point out that SMEs views, opinions and other concerns should be taken into account so that that they feel they are part of the process in the journey towards structured risk management. To this end all risk documents and all awareness documents, be it flyers or anything related to risk should be interpreted in the local languages and broken down in a manner that is easy to understand by SMEs. SMEs who graduate into stable and growing enterprises will them be taken into the team of experts in the RIC and their testimonials used to motivate others to join the program. The researcher believes that if this is successfully done at grass root level the result will be dynamic with SMEs surpassing expectations and growing into sustainable ventures.

RECOMMENDATIONS

There seems to be a generic culture amongst the SMEs of not documenting their business activities and procedures. Circumstances are dealt with as they are met. Ideally, to have a sustainable enterprise it is important to have adequate systems and controls that foster growth. Hence, the owners must have a blueprint of the practices of the firm and other important information governing the operations of the business, so that the business runs without disturbance in the event of demise or ill health of the owner. They must understand that no matter how successful one is they can make blunder at times, so planning and outlining the risks and risk management steps prior is important. Decision making should become more structured.  The absence of documented procedures and systems means those that take over may not be able to replicate the success of their predecessors in managing risks.

SMEs have accepted that copying of products is prevalent and they seem fine with employees who leave to do their own thing even if they are coping their innovations. To protect their innovations SMEs must consider registering brands, designs, patents and copyrights. It is obvious form the study that they are forever training employees as there is high turnover of key employees. Ideally, every business wants to retain key employees as it is augurs well for profitability and growth of the business. Continuously training employees is costly and time consuming. Besides, always having new people exposes the firm to reputation risk. New people may not be so abreast with the culture, norms and ethics of the company. To lure key employees to stay owners should offer to share profits, give incentives that promote employee welfare. In this way they feel they are part of the achievements attained by the firm. SMEs should have a culture of rotating workers so that they are all abreast with all areas of the business. This will avoid crisis when key employees leave.

Currently, most of the SMEs are unaware of the formal risk guidelines and they seem wary to use them. However, it would be prudent for them to take keen interest in these documents because one of the reasons that financial institutions do not advance loans to them is that they are high risk entities. The business world does not acknowledge their way of doing risk management. It is important for SMEs to work on their profiles by inculcating these risk guidelines into their risk plans. This would improve their eligibility for funding instead of solely relying on personal finances. Instead of living from hand to mouth they could start banking consistently so that they develop good relationships with bankers, strategically positioning them to get loans.

Currently they are a lot of guidelines that detail how SMEs ought to practice Risk Management. However, SMEs are not using them. This research recommends that practitioners go back to the drawing board by starting at the SME or grass root level as detailed by the framework in order to get a buy in from SMEs. It would be prudent for guidelines to be revised with input from SMEs. In this way they will not feel like these guidelines are being shoved at them as they are part of the process. Aggressive awareness campaigns should be done to spread information about these guidelines in order to have many small businesses come on board.

Suggestions for further Research

This research showed that there is a convergence of formal business risk management and the informal business risk management done by SMEs.It empirically proved that SMEs are actually practicing business risk management that mimics the formal business risk management but their way is not documented or procedural. The formation of the Risk Management Incubator could be instrumental towards more effective risk management in SMEs. The suggested framework still remains to be proved in terms of its efficacy wherein SMEs are concerned.

REFERENCES

1. Albertin, C., Y. (2017). Supply Chain Risk Management: Understanding and facing the main risks on the chain; Bachelor thesis in Logistics Engineering.
2. Allen, B.P., (2016) Operational Risk Management in SME’s based in Kya Sands Industrial Area.Masters Dissertation
3. Andersen, T.J. & Schroder, P.W., 2010. Strategic risk management practice: How to deal effectively with major corporate exposures. Cambridge: Cambridge University Press.
4. Aven, T. (2016) Risk Assessment and Risk Management: Review of Recent Advance son Their Foundation. European Journal of Operational Research, 253, 1-13.https://doi.org/10.1016/j.ejor.2015.12.023.
5. Baker, Neil. “Managing the complexity of risk: the ISO 31000 framework aims to provide a foundation for effective risk management within the organization.” Internal Auditor, vol. 68, no. 2, Apr. 2011, pp.
6. Behzadi, G., O’Sullivan, M.J., Olsen, T.L. and Zhang, A. (2017) Agribusiness Supply Chain Risk Management: A Review of Quantitative Decision Models. Omega, 79,21-42.
7. Bekefi T., Epstein M.J., Yuthas K. E., (2008), Creating growth, using opportunity risk Risk Management effectively, Journal of Accounting, June, pp72-78.
8. Belas, J., Smrcka, L., Gavurova, B., & Dvorsky, J. (2018). The impact of social and economic factors in the credit risk management of sme. Technological and Economic Development of Economy, 24(3), 1215–1230. doi:10.3846/tede.2018.1968
9. Beliskanja L, Velickiene M. (2015) Business risk management features and problems in small to medium sized trading and manufacturing enterprises, European Scientific journal, June 2015/special edition, Volume 2 ISSN 1857-7881
10. Block, J., Sandner, P. and Spiegel, F. (2015). How do risk attitudes differ within the group of entrepreneurs? The role of motivation and procedural utility, Journal of Small Business Management, 53(1), 183–206.
11. Blome, C., & Schoenherr, T. (2011). Supply Chain Risk Management in Financial Crises: A Multiple Case-Study Approach. International Journal of Production Economics, 134, 43-57. https://doi.org/10.1016/j.ijpe.2011.01.002
12. Boddy D. (2005) Management: An introduction. Financial Times Prentice hall 2005-727 sayfa
13. Brustbauer, J. (2016). Enterprise risk management in SMEs: Towards a structural model., International Small Business Journal, 34(1), 70-85
14. Carson, M. (2013), Adapting in tough times: The growing resilience of UK SMEs. Zurich: Economist Intelligence Unit, available at: http://insider.zurich.co.uk/wp-content/uploads/2013/06/Adapting-in-Tough-Times-The-Growing-Resilience-of-UK-SMEs.pdf.
15. Chłodnicka, H., & Zimon, G. (2020). Bankruptcu risk assessment measures of polish SMEs. WSEAS Transactions on Business and Economics, 17, 14–20. https://doi.org/10.37394/23207.2020.17.3
16. Chopra, S. and Sodhi, M.S. (2004), “Managing risk to avoid supply-chain breakdown”, Sloan Management Review, Fall, pp. 53-61.
17. Cienfuegos Ignacio, (2012). “Decision Theory and Risk Management in Public Organizations: A Literature Review”. Revista de Gestión Pública. Vol. 1, N°1. pp.101-126
18. Cioccio, L. and Michael, E.J. (2007), “Hazard or disaster: tourism management for the inevitable in Northeast Victoria”, Tourism Management, Vol. 28 No. 1, pp. 1-11.
19. Cormican, K. (2014). Integrated Enterprise Risk Management: From Process to Best Practice. Modern Economy,5, 401-413. http://doi.org/10.4236/me.2014.54039
20. Corvellec, H. (2009). The practice of risk management: Silence is not absence. Risk Management, 285-304.
21. COSO (Committee of Sponsoring Organizations of theTreadway Commission), (2004). Enterprise Risk Management- Integrated Framework,Vol. 2. http://www.coso.org/erm-integratedframework.htm [Last accessed June 18, 2013]
22. Creswell, J.W. (2003). Research design: Qualitative, quantitative, and mixed methods approaches. (2nd ed.)Thousand Oaks: Sage.
23. Crovini J., (2017) New perspectives in managing risks in SMEs,https://iris.unito.it/bitstream/2318/1648063/1/paper.pdf
24. de Araújo Lima, P. F., Crema, M., & Verbano, C. (2020). Risk management in SMEs: A systematic literature review and future directions. European Management Journal, 38(1), 78-94. doi: 10.1016/j.emj.2019.06.005
25. DI SERIO, L.C., de Oliveira, L.H., Siegert Schuch, L.M., (2011).Organizational Risk Management: A Study Case in Companiesthat Have Won the Brazilian Quatity Award Prize. Journalof Technology Management & Innovation, 6(2), 230-243.
26. D’Onza, G. (2008). Il sistema di controllo interno nella prospettiva del risk management. Giuffrè, Milano
27. Drennan, L.T., McConnell, A., &. (2014). Risk and Crisis Management in the Public Sector (2nd ed.). Routledge. https://doi.org/10.4324/9781315816456
28. Duckert,G., H.(2010) Practical enterprise risk management. A Business Process Approach. John Wiley & Sons, Inc., Hoboken, NewJersey;
29. Ellegaard, C. (2008), “Supply risk management in a small company perspective”, Supply Chain Management: An International Journal, Vol. 13 No. 6, pp. 25-434.
30. Elock Son, C. (2018) Supply Chain Risk Management: A Review of Thirteen Years of Research. American Journal of Industrial and Business Management, 8, 2294-2320. doi: 4236/ajibm.2018.812154.
31. Elockson, C. (2017) Le management des risques de la supply chain et la performance des entreprises agro-industrielles. Doctoral Dissertation, Artois.
32. Falkner, E. M., & Hiebl, M. R. Risk management in SMEs: a systematic review of available evidence. The Journal of Risk Finance, 16(2), 122-144 (2015).
33. ,Kennet,R.S.,Susi,A.,Galanis,N.,Glott,R.,&Mancinelli,F.(2015,September).Community data for OSS adoption of risk management.https://doi.org/10.1016/B978-0-12-411519-4.00014-8.
34. Gilmore, A., Carson, D. and O ‘Donnell, A. (2004), “Small business owner-managers and their attitude to risk”, Marketing Intelligence & Planning, Vol. 22 No. 3, pp. 349-360
35. Global Association of Risk Professional 2011.
36. Gwangwava, F., Manuere, F., Gutu K., Chinoda T., Rangarirai (2014), Risk Management Practices of SMEs in Zimbabwe (2014), IOSR Journal of Humanities and Social Science (IOSR-JHSS) Volume 19, Issue 8, Ver. VI (Aug. 2014), PP 06-14 e-ISSN: 2279-0837, p-ISSN: 2279-0845.
37. HEAD, L.G. (2009). Risk Management – Why and How. InternationalRisk Management Institute, Dallas, Texas.
38. HENSCHEL, T. (2009). Implementing a Holistic Risk Managementin Small and Medium Sized Enterprises (SMEs). EdinburghNapier University School of Accounting, Economics & Statistics, UK. http://sbaer.uca.edu/research/icsb/2009/paper173.pdf
39. Henschel, T. (2010). ErfolgreichesRisikomanagementimMittelstand, Erich Schmidt, Berlin.
40. Hiebl, M.R.W. (2013), “Risk aversion in family firms: what do we really know?”,The Journal ofRisk Finance, Vol. 14 No. 1, pp. 49-70.
41. Hofmann, M. A. (2009). Interest in enterprise risk management is growing. Business Insurance, 43(18), 14-16.
42. Hollman, K.W. and Mohammad-Zadeh, S. (1984), “Risk management in small business”, Journal of Small Business Management, Vol. 22 No. 1, pp. 7-55.
43. Islam, Ariful; Tedford, Des (2012): Risk determinants of small and medium sized Manufacturing enterprises (SMEs): An exploratory study in New Zealand, Journal of Industrial Engineering International, ISSN 2251-712X, Springer, Heidelberg, Vol. 8, pp. 1-http://dx.doi.org/10.1186/2251-712X-8-12
44. ISO – International Organisation of Standardisation (2009). ISO 31000, Principles and generic guidelines on risk management. http://www.iso.org [Last accessed May 31, 2016]
45. ISO – International Organisation of Standardisation (2016). ISO 31000: Risk management – A practical guide for SMEs. http://www.iso.org [Last accessed May 31, 2016]
46. ISO 31000, Principles and generic guidelines on risk management.http://www.iso.org
47. 2002. Risk management vocabulary. ISO/IEC Guide 73. Geneva: ISO.
48. Jaroslav B., Jiri M., Premysl B. and Roman H. (2014), Business risk and the level of entrepreneurial optimism among SMEs in Czech and Slovak Republic, Journal of competitiveness, Volume 16, issue 2 pp30-41, June 2014, ISSN1804-171X Journal of Risk Research, Vol. 12, N°1, pp. 1-11.
49. Kilubi, I. (2016) The Strategies of Supply Chain Risk Management—A Synthesis and Classification. International Journal of Logistics Research and Applications, 19,604-629. https://doi.org/10.1080/13675567.2016.1150440
50. Kim Y. J., Vonortas N. S., (2014). Managing risk in the formative years: Evidence from young enterprises in Europe, Technovation, Volume 34, Issue 8, August 2014, Pages 454-465
51. Knight F. (2006). Risk, Uncertainty and Profit. Dover Publications. 448pp. ISBN-13: 978-0486447759
52. Lalonde, C., & Boiral, O. (2012). Managing risks through ISO 31000: A critical analysis. Risk Management, 14(4), 272–300. http://www.jstor.org/stable/23351513
53. Lima, P. F. D., Crema, M., & Verbano, C. (2020). Risk management in SMEs: A systematic literature review and future directions. European Management Journal, 38(1), 78–94. doi:10.1016/j.emj.2019.06.005
54. Longenecker, J.G., Petty, J.W., Palich, L.E., Moore, C.W., 2010. Small Business Management: Launching and Growing Entrepreneurial Ventures, 15th ed. South-Western.
55. LU,K.(2018) .Risk Management in SMEs with financial and non financial indicators using business intelligence methods.Journal of Intergrated Economy and Dociety Diversity,Creativity and Technology;pp 405-418.
56. Luktevich (2021) computer weekly .com ,What is risk management and why is it important? https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjdsI6Js87zAhUqQkEAHZQsB4YQFnoECAIQAQ&url=https%3A%2F%2Fsearchdisasterrecovery.techtarget.com%2Fdefinition%2Frisk-mitigation&usg=AOvVaw3y4e2VKXjDLs6xPGaQCbf3
57. Luper, I., & Kwanum, I. M. (2012). Capital structure and firm performance: Evidence from manufacturing companies in Nigeria. Research Journal of Finance and Accounting, 3(5), 151-158.
58. Mahapa R (2016) Management of foreign exchange risks exposure by SMEs in South Africa A research report to the Gordon Institute of Business Science, University of Pretoria, in partial fulfilment of the requirement for the degree of Master of Business Administration.
59. Mansor, B. N. (2017) Management of Risk by Small and Medium Enterprises (SMEs), Graduate School of Business Administration and Computer Science, Aichi Institute of Technology, Doctoral Dissertation
60. Markowitz, H.M. (1959) Portfolio Selection: Efficient Diversification of Investments. John Wiley & Sons, New York.
61. Mbiki, M., Song, Y. (2016). Managing risks through mitigation strategies. Evidence from Cameroonian Small and Medium Enterprises.School of Management, Wuhan University of Technology
62. Mlambo, C., (2017) From an industrial powerhouse to a nation of vendors: Over Two Decades of Economic Decline and Deindustrialization in Zimbabwe 1990–2015, journal of developing societies (33) (1) pg 99-125
63. Naude, M.J., Chiweshe, J. (2016). A proposed operational risk management framework for small and medium enterprises.
64. Negash S., Gray P. (2008) Business Intelligence. In: Handbook on Decision Support Systems 2. International Handbooks Information System. Springer, Berlin, Heidelberg 23.
65. Nocco B.W., Stulz R.M., (2006), Enterprise risk management: Theory and Practice,Journal of Applied Corporate Finance, Vol. 18, Number 4, Fall 2006.24.
66. Nyamwanza T., Mavhiki S., Mapetere D., Nyamwanza L., (2014) An analysis of SMEs attitudes and practices towards tax compliance in Zimbabwe. SAGE Open July-September 2014:1-6 DOI:10.1177/2158244014542776.
67. Poba-Nzaou, P. and Raymond, L. (2011), “Managing ERP system risk in SMEs: a multiple case study”, Journal of Information Technology, Vol. 26 No. 3, pp. 170-192.
68. Plourd K (2009). Rethinking risk, CFO.January:66-69.
69. Psarska, M., Vochozka, M., & Machova, V. (2019). Performance management in small and medium-sized manufacturing enterprises operating in automotive in the context of futurechanges and challenges in SR. AD ALTA: Journal of Interdisciplinary Research, 9(2),281–287
70. Purdy, G. (2010), ISO31000:2009, Setting a new Standard of Risk Management, Journal of Risk Analysis 30(6):881-6.
71. Qubtan A., Redha T., GAN, P. (2020) Risk, Challenges and Opportunities: Insinghts form Small and Medium Enterprises in Oman. European Journal of Economic and Financial Research, [S.l.], v. 4, n. 2, July 2020.
72. Qubtan A., Redha T., GAN, P., Salwa F.A., Jalil N., A. (2021) Practical risk management approaches amongst small and medium enterprises, TEM Journal, Volume 10, Issue 2, pp996-1004.
73. Skipper, Harold D. and Kwon, Jean W. Risk Management and Insurance: Perspectives in a Global Economy. USA, UK, Australia: BlackwellPublishing, 2007.
74. Stark, A., McConnell, A., & Drennan, L.T. (2014). Risk and Crisis Management in the Public Sector (2nd ed.). Routledge. https://doi.org/10.4324/9781315816456
75. Sweeting P. (2010) Financial Enterprise Risk Management, Cambridge University Press
76. Taroun, A., 2014. Towards a better modelling and assessment of construction risk: insights from a literature review. Int. J. Proj. Manag. 32, 101–115.
77. Thun, J.H., Drüke, M. and Hoenig, D. (2011), “Managing uncertainty – an empirical analysis of supply chain risk management in small and medium-sized enterprises”, InternationalJournal of Production Research, Vol. 49 No. 18, pp. 5511-5525.
78. Toma V . & Alexa I .V.,(2012) Different Categories of Business RiskAnnals of “Dunarea de Jos” University of Galati Fascicle I. Economics and Applied Informatics Years XVIII – no2/2012 ISSN 1584-0409.http://business.gov.in/growing_business/business_risks.php;
79. Tomlin B. (2006) On the value of Mitigation and Contingency Strategies for managing supply chain disruption risks. Management Sciences 52(5) :639-657.
80. Trkman, P. and McCormack, K. (2009) Supply Chain Risk in Turbulent Environments—A Conceptual Model for Managing Supply Chain Network Risk. International Journal of ProductionEconomics,119,247-258.https://doi.org/10.1016/j.ijpe.2009.03.002
81. Verbano, C., and Venturini, K. (2013). Managing risks in SMEs: A Literature Review and Research Agenda. Journal of Technology Management & Innovation, 8(3), 186-197
82. Watkins, J. A, &Smith Y, (2012) A literature review of small and medium enterprises (SME) risk management practices in South Africa African Journal of Business Management Vol. 6(21), pp. 6324-6330, 30 May, 2012
83. Zivanai O, Manyani O., Chirise V., Chari F., Nyakurimwa C., (2014) An assessment of Record-Keeping as an Aid to Risk Management of SMEs in Bindura (2009-2013) The International Journal of Business & Management (ISSN 2321 – 8916), Volume 2, pg. 191-pg205
84. Zhoghi F.S. (2017) Risk Management Practises of SMEs: An Empirical study on Turkish SMEs, International Journal of Trade, Economics and Finance, Volume 8, No 2, Pg123-127.

Foot Notes

[1] Corporate governance codes for unlisted companies –OECD 2006, EcoDa (2010), OECD (2015); International organisation for standardisation ISO 31000:2009;2016 ISO practical guide on how to execute risk management, British standards (BS)1000,2008; CPA-Risk management guide for small to medium business, COSO Risk management framework and Standard Bank guidelines for Small businesses.

[2] Particularly what is of interest is that the previous studies are moot about what they call informal risk techniques used by SMEs which they do not seem to acknowledge in the formal domain. It is these informal risks techniques that will form part of mitigation strategies being approaches used by SMEs to manage risk in their own way- ideal localized approaches.

[3] Husserl, E. (1998). Invitación a la fenomenología. Barcelona: Paidós.

[4] Blair, David. 2006. Wittgenstein, language and information. Back to the rough ground!

Dordrecht: Springer

[5] Kitchenham, Barbara, and Stuart Charters. 2007. Guidelines for performing systematic

literature reviews in software engineering. http://www.dur.ac.uk/ebse/resources/

guidelines/Systematic-reviews-5-8.pdf

[6] Strauss, A., & Corbin, J. (1998). Basics of qualitative research: Procedures and techniques for developing grounded theory. Thousand Oaks, CA: Sage.

[7] Gioia, D. A., Corley, K. G., & Hamilton, A. L. (2013). Seeking qualitative rigor in inductive

research: Notes on the Gioia methodology. Organizational Research Methods, 16(1), 15-31.

[8] Gehman, J., Glaser, V. L., Eisenhardt, K. M., Gioia, D., Langley, A., & Corley, K. G. (2017).

Finding theory–method fit: A comparison of three qualitative approaches to theory building. Journal of Management Inquiry, 1056492617706029.

[9] Anteby, M., & Molnar, V. (2012). Collective memory meets organizational identity: Remembering to forget in a firm’s rhetorical history. Academy of Management Journal, 55(3), 515-540.

[10] James F. Broder, Eugene Tucker, 2012Mitigation and Preparedness.Risk Analysis and the Security Survey (Fourth Edition),

[11] Tashakkori A, Teddlie C. (1998). Mixed Methodology: Combining Qualitative and Quantitative Approaches. London: Sage.

[12] Blau J. Organizations as overlapping jurisdictions: Restoring reason in organizational accounts. Administrative Science Quarterly 1996;41(1):172-179.

Frost P. (1996). Crossroads. Organization Science. (2):190.