ENTERPRISE RISK MANAGEMENT PRACTICES AND ITS IMPACT ON FIRM PERFORMANCE: EVIDENCE FROM SRI LANKAN INSURANCE INDUSTRY RISK MANAGEMENT PRACTICES AND ITS IMPACT ON FIRM PERFORMANCE: EVIDENCE FROM SRI LANKAN INSURANCE INDUSTRY.”

: Enterprise risk management (ERM) has gained an increased attention among the corporate managers in the recent past as a strategic approach to managing risk. This study empirically verifies whether the adoption of ERM has an impact on firm performance and uses both primary and the secondary data relating to the insurance companies listed on the Colombo Stock Exchange. Return on equity (ROE) is used as a proxy to measure the firm performance and multivariate regression analysis is used to analyze data. The findings of this study suggest that there is a weak positive relationship between the adoption of ERM practice and the return on equity. Out of the eight ERM functions assessed, only ‘event identification’ and ‘control activities’ show a weak positive relationship with ROE. Other ERM functions indicate that there is a weak negative relationship with ROE. The findings of this study contradict with some scholars who find there is a significant positive relationship between adoption of ERM and firm performance. Owing to the contradictory nature of the findings, this study induces corporate managers to pay a close attention to the cost-benefits analysis when designing and implementing ERM system and not to heavily invest and extensively relied upon ERM as a vehicle for creating long-term shareholder value .


Introduction
Modern business environment is highly dynamic and rapidly changing than ever before. These dynamic characteristics of the global business environment are greatly attributable to many factors such as technological advancement, changing consumer expectations, environmental issues, intense regulatory and monitoring implications, economic crisis and uncertainties, high profile corporate scandals etc. This dynamic and turbulent global business arena exerts a big challenge for business firms when ensuring the achievement of their business objectives and long-term survival. In this context, every organization is compelled to paya close attention towards managing the risk of their business by many means. Enterprise risk management (ERM) has driven an increased attention by the corporate world in the presence of big corporate scandals and failures such as Enron (2002) and WorldCom (2004) and global economic crisis. These high-profile corporate scandals and failures which were driven by both internal and external factors such as weak internal controls, governance issues, intense competition, economic crisis, etc. paved the way for a need of a strong approach for managing risk face by business firms in a holistic way.
The traditional risk management is generally said to be a silo-based approach where organizations attempt to identify and manage risk on a case by case approach and treating and responding to risk factors in isolation. This could result lack of integration and communication of risk intelligence among the people across the organization. To the contrary, ERM is said to be a holistic and strategic approach to effectively managing the risk face by business firms that facilitate risk aligned decision making towards adding value to the firm. The concept of ERM emerged as a holistic and integrated approach which is generally expected to be an effective approach to managing the risk face by a business firm in a broad perspective. Cadbury report (1992) that emphasizes the management role of ensuring an effective internal control and risk management; Internal Control-Integrated Framework (1992) of Committee of Sponsoring Organization (COSO)of Treadway Commission that suggests an integrated framework for effective internal controls; Turnbull report (1999) that provides guidance on the adoption of a risk-based approach to establishing a system of internal control and reviewing its effectiveness; UK Combined Code on corporate governance (1999) that emphasizes the board must ensure that the system of internal control is effective in managing risks in the manner which it has approved; Sarbanes-Oxley Act of USA (2002) that emphasizes mandatory requirement for the board with respect to ensuring internal controls on financial reporting; COSO's Report on Enterprise Risk Management-Integrated Framework (2004) that provides a theoretical basis and thought leadership for holistic approach for ERM ; Standards and Poor's (2005) initiation to considering ERM adoption by firms for their credit rating purpose and International Organization for Standards ISO 31000 (2009) that provides principles and generic guidelines on risk management, among others, have contributed immensely towards developing the concept of ERM.
This holistic approach to ERM is said to be highly effective towards making risk informed decisions by the management and is expected to generate long-term shareholder value. According to Hoyt, Moore and Liebenberg (2008), unlike traditional risk management where individual risk categories are separately managed in risk 'silos,' ERM enables firms to manage a wide array of risks in an integrated, enterprise-wide fashion. Thus, the ERM is a process that helps firms to identify, assess and responds risk more effective and efficient way using a holistic approach that facilitate managers in making risk aligned decisions both at strategic and operational levels towards enhancing firm value. While the traditional approach of risk management primarily aims at mitigating or avoiding of adverse consequences of the threats arising from changing environment, ERM concerns about both upside and downside of the changing environment. Business organizations with an effective ERM implementation strategy can finetune their strategic lenses through the ERM binocular to foresee the future letting managers a wider room for being proactive rather than reactive and minimizing business surprises. This study examines as to whether the adoption of ERM practices has an impact on the performance of the insurance.

ERM Implications on Firm Performance
Prior researchers have greatly relied on dummy variables when assessing the level of adoption of ERM practices and its maturity. Literature on ERM shows that researchers widely relied on dummy variables in the absence of convenient and reliable approach for assessing firms' ERM implementation maturity level. According to Liebenberg and Hoyt, 2003;Beasley Clune and Hermanson, 2005; Pegachand Warr, 2011, the have presumed that the presence of certain indicator variables such as the presence of CRO, risk committee, internal audit committee and big four audit firms as a positive indicator of high adoption of ERM by business firms. Some researchers have empirically verified that the presence of the CRO, big four audit firm, audit committee, risk committee, institutional investor has a positive impact on the firm performance(Pegachand Warr, 2011; Bouaziz, 2012;Stanley, 2011;Mountiho, 2012 andNajjar, 2015). Nevertheless, there are some criticisms on this approach and some researchers question as to whether the indicator variables could assess the extent of ERM adoption by the business firms. In this context Hoyt Moore and Liebenberg (2008), suggest the researchers are required to find more robust models for assessing the extent of ERM implementation. According to Mondaand Giorgino (2003), no studies have been conducted yet to propose robust and rigorous models to evaluate the quality and the maturity level of ERM programs implemented by firms. In this context, this study uses real variables to assess the extent of adoption of ERM using the model suggested by COSO's ERM integrated framework, which is said to be the most popular and widely accepted ERM framework by the practitioners around the world. According to Beasley, Branson and Hancock (2010), in a survey conducted in 2010 with a participation of 460 respondents reveals 65 percent of the respondents were fairly-familiar or very familiar with the COSO's ERM Framework.

Sample and Data Collection
This study uses both primary and secondary data pertaining to ten publicly quoted insurance companies in Sri Lanka. Return on equity (ROE) is used as a proxy to firm performance and it is measured using the published financial information available in the annual reports. With respect to the assessment of the degree of adoption of the ERM practices suggested by the COSO's ERM integrated framework, primary data were gathered by distributing a closed-end questionnaire among personnel who are attached to the finance divisions in the head office and branches of the respective observing companies. The questionnaire requires the respondents to indicate on a 5point Likert scale the degree of agreement or disagreement with the given ERM related function as an indicator of the degree of adoption of the relevant ERM practice. 51 questionnaires were collected, of which nine questionnaires were removed due to incomplete and finally 42 questionnaires qualified for the study representing at least three respondents per observing firm.
This study empirically verifies to what extent each key ERM function of COSOs framework could influence the firm performance. According to the COSO's ERM framework, the internal environment (IE), objective setting (OS), even identification (EI), risk assessment (RA), risk response (RR), control activities (CA), information and communication (IC) and monitoring (M) are the key functions that ensure a broad range of ERM implementation. Researcher developed the survey questionnaire by considering the questionnaires adopted by Gates, Nicolas and Walk (2012); Njagi (2015), Altermmeyer (2004) in their surveys on ERM.

Conceptual Framework
Based on the literature on ERM, researcher developed following conceptual modal to execute this research.

Independent variables -Return on equity (ROE)
Return on equity (ROE) is used as a proxy to measure the firm performance which is measured by dividing the net profit available for equity participant by the closing equity value. Many researchers have used ROE as a proxy for the operating performance. (

Dependent Variables -ERM Functions
Eight independent variables are used to assess the degree of adoption of ERM practices by the observing firms.  [15] prerequisite for a successful implementation of an effective ERM system. According to COSOs ERM integrated framework, internal environment (IE) represents the tone of the organization, including the risk management philosophy and risk appetite. Many ERM frameworks recognizes that risk should be identified in relation to a firm's objectives (Gates, Nicalos and Walker, 2013). According to COSOs ERM integrated framework (2014), a firm's objectives (OS) should be aligned with company's risk appetite and tolerance levels. Events identification lets (EI) the organization to foresee the favorable and unfavorable internal and external forces affecting the achievements of the entity's objectives. These events would be exerting either a positive or a negative impact on the firm's performance. Events identification will minimize the risk of facing business surprises that would otherwise adversely affect the firm performance. Risk assessment (RA) involves considering the likelihood of occurring each event and its possible impact on the objectives. This helps the organization to determine a more appropriate and proactive approach to address a wider range of risk factors. Based on the risk assessment and in the light of the firm's risk tolerance and risk appetite, management should decide upon a suitable strategy to respond to each identified risk factors. The alternative options opt for managers in this regard are chosen amongst risk avoidance, risk acceptance, risk reduction and risk sharing. Control activities (CA) are the policies and procedures established by the management to ensure that risk responses are effectively implemented. According to a study made by Munene (2013), his results established a significant relationship between internal control system and financial performance. Control activities (CA) usually strengthen the firm's internal control functions so that it affects the efficiency and effectiveness of the operations. Effective information and communication (IC) channel of information is vital to achieve the intended benefits of a holistic and integrated risk management framework. This is a crucial feature which differentiates ERM from traditional silobased risk management approach. According to Eikenhout (2015) the improvement on the information of the organization's risk profile is another potential source of value created by ERM. Firm's ERM functions are required to monitor (M) to ensure as to whether the intended objectives of ERM are achieved. According to Wholey (2010), monitoring and evaluation is used by the government to increase transparency, strengthen accountability, and improve performance.

Regression Model and The Hypothesis Tested
The hypothesis and the regression model used by the researcher are given below

Existing Level
The descriptive statistics of the existing levels of the independent and dependent variables are provided in Table 1. According the descriptive data table, the minimum ROE is -7% and the maximum ROE reported is as high as 42%. As far as the independent variables are concerned a score of 5 were allocated to the highest ERM supportive internal environment, risk aligned objective setting, event identification, risk assessment, risk response, Control activities, information and communication and monitoring. Mean values of ERM supportive internal environment, risk align objective setting, risk assessment; control activities and monitoring were between 4 to 5. This brings into light that the ERM supportive internal environment, risk aligned objective setting, risk assessment, control activities and monitoring are higher level. Mean value of event identification, risk response, and information and communication were between 3.8 to 4, it mentions that event identification, risk response, and information and communication are moderately high level.

ERM Supportive Internal Environment (IE) Has A Positive Impact on Firm Performance
The Pearson correlation coefficient for IE is -.233 (see Table -2) implies there is a weak negative relationship between ERM supportive internal environment and firm performance. However, since the P value is 0.517, which is greater than cutoff value of 0.05, the researcher has no enough evidence to conclude that there is a relationship between the ERM supportive internal environment and firm performance. As far as the significance of the impact of internal environment on firm performance is concerned, the significance level of regression coefficients for the ERM supportive internal environment is 0.450 (see Table -3) i.e. P value is greater than 0.05. So, the researcher has not enough evidence to say that the ERM supportive internal environment has a significant impact on firm performance. This result is contradictory with prior researchers who confirm that ERM supportive internal environment has a significant positive effect on the firm performance. According to Liebenbegn and Hoyt 2003; Kinyua, et al. 2015 a strengthen ERM internal environment and adds value to the firm and there is a significant association between internal control environment and financial performance. Nevertheless, this result is consistent with Li et al. (2014) where their empirical study on enterprise risk management and firm value within China's insurance industry reveals that ERM functions has no significant impact on firm value.

Risk Aligned Objective Setting (OS) Has A Significant Impact on Firm Performance
Pearson correlation coefficient and its significant level of risk aligned objective setting is -0.286 and .423 respectively (see Table -2). This implies that there is weak negative, but, not a significant relationship between the OS and firm performance. As far as the possible impact of OS on the firm performance is concerned, the regression coefficient value is -.696 with the significance value of 0.320 (P value> 0.05) reveals that risk aligned objective setting has a weak negative, but, not significant impact on firm performance. So, this study has no enough evidence to say that risk align objective setting has a significant impact on firm performance. This result contradicts with the findings of some prior researchers, such as Liebenberg and Hoyt, (2003); Beasley, Clune and Hermanson (2005) and Pegachand Warr (2011), who confirm that the ERM implementation has a positive and significant impact on firm performance.

Event identification (EI) has a positive impact on ROE
The Pearson correlation coefficient of 0.381 and the significance value of 0.278 (P value > 0.05) reveal, there is weak positive, but, not a significant relationship between event identification and firm performance. As such, the researcher has no enough evidence to say that there is a relationship between event identification and firm performance. The regression coefficient value 0.347 and its corresponding p value of .452 (P value > 0.05), further reveal that event identification has a weak positive, but, not a significant impact on firm performance. This result contradicts with the findings of some of the prominent researchers in ERM such as Beasley, Pagachand Warr (2008) who assert that effective ERM implementation will let the organizations to foresee the risky events that results minimizing business surprises and volatility in return which contributes a firm towards improving the firm value. Nevertheless, the findings of this study are consistent with Kiprop and Tenai (2017), who found there is a positive relationship between risk identification and performance of financial institutions, but which was not significant.

Risk Assessment (RA) Has A Positive Impact on Firm Performance.
With respect the risk assessment and firm performance, the Pearson correlation coefficient value of -.298 (Table -2) with the significant value of 0.402 (P value>0.05) reveal, there is a negative, but, not a significant relationship between risk assessment and firm performance. The regression coefficient for the risk assessment, as shown in Table 3, reveals that risk assessment has a weak negative, but, not significant impact on firm performance. As such this study finds no enough evidence to say that risk assessment has a significant impact on firm performance. This result is contradictory with prior researchers. There is a theoretical expectation that risk assessment will minimize the risk of facing business surprises. According to Beasley, Pagachand Warr (2008) ERM Minimizing business surprises will minimize volatility in return will improve firm value. Further, according to Kiprop and Tenai, (2017) there is a positive relationship between risk identification and performance of financial institutions.

Conclusions
The regression analysis suggests that there is a weak negative, but, not a significant relationship between the adoption of certain ERM practices and the firm value. This study finds, out of the eight ERM functions of the COSOs ERM integrated framework, only the event identification, risk response, information & communication and monitoring of ERM functions could exert a positive impact on firm performance. Nevertheless, none of those impacts were significant. As far as the ERM supportive internal environment, risk aligned objective setting, risk assessment and control activities are concerned, there is a weak negative, but, not significant impact on the firm performance.
The findings of this study are contradictory with the results of the prior researches who confirm the theoretical expectation that ERM has a positive and significant impact on the firm performance. According to Liebenberg and Hoyt, 2003 Nevertheless, many of those researchers have greatly relied upon dummy variables when assessing the degree of ERM adoption by business firms. This approach has been criticized by some scholars claiming nominal variables cannot reliably measure the extent of ERM adoption by a firm. The findings of this study are consistent with some of the researchers such as Pagachand Warr, 2010; Tahir and Razali, 2011; Otieno, 2012; Gates, Nicolas and Walker, 2012. According to Pagachand Warr (2010) in their study on the effect of enterprise risk management on firm performance, the results fail to find support for the proposition that ERM is value creating. In this context, the findings of this study induce the management to pay close attention to the cost-benefits considerations when designing and implementing ERM practices and not heavily relied upon and extensively invest on ERM as a vehicle for creating value.
Enterprise risk management as an integrated and strategic approach to risk management. So, it may not be reasonable to expect to create value in the short run. While it preserves the existing value of the firm, it may require some time to yield long term benefits to the organization. As such, even if a firm has implemented an effective and sound ERM, it may not realize its intended benefits and value addition in the short run. Future researchers are advised to consider the status of the economic environment firms were exposed to. Those ERM adopters who do not create an incremental benefit during a stable state of an economy due to the incremental cost of ERM