Abstract
Purpose
The purpose of this research was first to determine the competencies mandatory of risk managers, and second, to consider the implications of such competencies in determining modules appropriate for inclusion in any prospective undergraduate qualification with specialisation in risk management.
Design/methodology/approach
A qualitative research approach was followed, involving academics teaching risk management in a focus group and making use of interactive qualitative analysis (IQA).
Findings
The competencies identified were business management skills, financial knowledge, an understanding of the risk management process, governance and compliance, people management and technical skills. These will be explained in greater detail in the paper.
Research limitations/implications
The implications for teaching are that an undergraduate curriculum in risk management will have to combine majors such as business management, financial management, risk management, industrial psychology and communication. These majors need to be complemented by modules in governance and compliance management, as well as information and communication technology.
Practical implications
The implication for practice is that risk management professionals and members of the Institute of Risk Management of South Africa need to avail themselves to serve on an advisory board of academic departments offering risk management qualifications. Risk management is a developing science and requires inputs about research and the curriculation of qualifications.
Social implications
The implication for public policy is that the South African Qualifications Authority and the Council for Higher Education should reconsider their requirements for designators (specialised qualifications). The implications for research are that IQA provides clarity on the knowledge and skills required to develop a competency-based qualification in risk management. Further research should benchmark qualifications and propose a curriculum for a bachelor’s degree in risk management.
Originality/value
The use of IQA is a novel way of ensuring rigour and objectivity in arriving at a description of the required knowledge, skills, values and attributes of risk managers. This paper will assist in the compilation of a new curriculum for an undergraduate qualification in risk management; thus, ensuring such qualification will provide a competency-based qualification that will meet the needs of the profession.
Keywords
Citation
Marx, J. and de Swardt, C.J. (2023), "An interactive qualitative analysis of academics’ views of a competency-based undergraduate qualification in risk management", Qualitative Research in Financial Markets, Vol. 15 No. 3, pp. 471-494. https://doi.org/10.1108/QRFM-03-2022-0039
Publisher
:Emerald Publishing Limited
Copyright © 2022, Johan Marx and Cecilia Jacoba de Swardt.
License
Published by Emerald Publishing Limited. This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial & non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence may be seen at http://creativecommons.org/licences/by/4.0/legalcode
1. Introduction
“Organisations face a shortage of competent risk management professionals despite this function’s increasing importance” (Koh et al., 2015, 1).
The role of risk management is to enable the leadership of organisations to identify and analyse, as well as evaluate risks for modification using risk mitigation measures to a level where these will meet the risk criteria of organisations. Organisations of all types and sizes face internal and external factors and influences that make it uncertain whether and when they will achieve their objectives. The International Organisation for Standardization (ISO) (2018) recommends that organisations develop, implement and continuously improve a framework for integrating the risk management process into the policies, governance, culture, strategy planning, management and reporting of the organisation.
Effective risk management needs to be supported by three pillars, namely, competence, collaboration and independence (Hopkin, 2017, 12). The sustainability of an organisation is enhanced by incorporating risk identification and assessment during strategy planning, and by implementing risk mitigation measures using sound governance and compliance during strategy implementation.
The literature about management strategy emphasises competence as a critical organisational resource needed to gain a competitive advantage (Campbell and Sommers Luchs, 1997; Mitrani et al., 1992; Nadler and Tushman, 1999). During 2014, the President of the Institute of Risk Management South Africa (IRMSA), Sheralee Morland, indicated that risk qualifications should start at tertiary level, and that risk professionals would like to see universities and colleges taking the lead in developing more risk management courses. Morland acknowledged that the development of a defined career path for risk managers would not be an easy task, but the development of a recognised framework and guidance will be an excellent place to start in assisting risk managers to identify best practices (Booth, 2014, 1).
At the time of writing, the University of South Africa (Unisa) offered a postgraduate diploma in risk management but did not offer an undergraduate qualification specialising in risk management. Until 2011, Unisa used to provide a bachelor’s degree specialising in risk management. The BCom (risk management) was discontinued as a result of the requirements of the South African Qualifications Authority (SAQA) and the Higher Education Qualification Committee of the Council for Higher Education (CHE), namely, that at least 50% of the modules of a specialised qualification had to represent the field of specialisation. The implication for the Unisa BCom (risk management) degree was that at least 15 of the 30 modules had to be risk management modules. None of the other universities in South Africa offers a specialised degree in risk management, but they do offer some risk management modules as part of their undergraduate curricula. Unisa has to consider the possibility of reintroducing an undergraduate qualification specialising in risk management.
Given the above, research regarding the possibility of introducing an undergraduate qualification in risk management at Unisa is required. However, the CHE requires that qualifiers be used to indicate the specialisation of a qualification offered in South Africa. A qualification with a qualifier (specialisation) must consist of modules from the area of specialisation for at least 50% of the minimum credits of such degree; in other words, if the degree requires 360 credits, then at least 180 of the 360 credits must be from the area of specialisation (risk management, in the case of this article). Furthermore, 50% of the minimum credits at the exit level of the qualification must be in the field of the specialisation denoted by the qualifier (Council on Higher Education [CHE], 2013, 20). Alternatively, a combination of specialisations, such as risk management and insurance, may have to be used to achieve the said 50% requirement for the qualification to be regarded as a specialised qualification.
The university regularly performs a programme qualification mix (PQM) review, and conducts advisory board meetings per department to evaluate the qualifications offered for their relevance, contemporariness and acceptance by its stakeholders. One of the approaches to ensure the relevancy of the curriculum is to determine the competencies required of the graduates that would be produced. Such a market-orientated approach is not without criticism, and a debate exists in both Europe and the USA on whether public education is an enterprise for the public good in a democratic society or whether it should be the provider of competency-based education (based on outcomes). According to Cochran-Smith (2001, 50), a competency- or outcomes-based approach legitimises the dominance of “private goods” at the expense of the public good. The study on which this article is based, did not seek to resolve the debate; it acknowledged it but proceeded from a market-orientated approach because the envisaged qualification is a specialised, specific qualification as opposed to a broad, general academic qualification.
The research problem asked, firstly, which competencies risk managers should possess to become effective risk managers. Secondly, based on these competencies, the question was what the implications for a proposed specialised undergraduate qualification in risk management for the South African context are?
The study used interactive qualitative analysis (IQA) as a method because IQA aims to solve a research problem (following a pragmatist paradigm) and not to determine the direction and strength of the correlation coefficients between variables (as is normally done in the positivist paradigm using correlation or regression analysis). According to Shannon-Baker (2016, 322), pragmatism is characterised by an emphasis on communication and shared meaning making to create practical solutions to research problems.
IQA is a structured approach where the researcher acts as facilitator and gathers data from the participants (constituents) of a focus group, where the constituents have a shared, common understanding of the phenomenon and a similar background (Northcutt and McCoy, 2004, 47). Reality is thus socially constructed by the constituents because they generate and interpret their data, while the researcher is enabled to represent the data visually using rigorous and replicable rules. IQA was chosen as a design due to its rigour and ability to restrict the biases of the researcher. IQA effectively reduces issues of trustworthiness, dependability and conformability from which other methods in qualitative research suffer (Tabane, 2010).
By determining the perceived competencies required to be an effective risk manager, one will be able to determine some of the initial implications for a competency-based curriculum for an undergraduate qualification in risk management which could be researched further.
The remainder of the article is organised as follows. In Section 2, the literature review describes relevant research that has been done to date regarding risk management. In Section 3, the research methodology is explained. The findings of the focus group are summarised in Section 4. In Section 5, the competencies identified by the focus group are interpreted and linkages are made. Section 6 explains the issues and implications of the research.
2. Literature review
The purpose of this literature review is to describe the secondary research that was undertaken and to provide a justification for the current study. Searches were done using the following databases and search engines: Nexus, EbscoHost, ProQuest, Web of Science, Sabinet and Google Scholar. The literature review is structured to define competencies briefly; secondly, to focus on research findings relating to risk management competencies found in the literature; and thirdly, to consider the work done by professional bodies in terms of risk management competencies. The views of professional bodies have been taken into account because of the need to design a curriculum that would meet the expectations of professional bodies in risk management.
2.1 Competencies
According to Draganidis and Mentzas (2006, 52), the early Romans practised a form of competency profiling to determine the ideal attributes of a “good Roman soldier”. However, the seminal work about competency is ascribed to White (1959, cited in Delmarie de List and Winterton, 2005, 31) for introducing the term “competence” to describe personality characteristics associated with superior performance and motivation.
Risk managers and information officers have two roles in common, namely, they firstly have to rely on people for information collection, and secondly, they have to analyse, evaluate and report about information collected. McClelland (1973, cited in Dubois, 1993) found that competencies such as interpersonal sensitivity, cross-cultural positive relationships and management skills are associated with superior information officers in the United States Information Agency.
According to Le Deist and Winterton (2005, 39), a holistic typology of competence is useful in understanding the combination of knowledge, skills and social competences that are necessary for particular occupations, as indicated in Figure 1.
“Cognitive competence” refers to knowledge and understanding, while “meta competence” relates to the ability to learn and reflect, as well as the ability to cope with uncertainty. “Functional competence” refers to skills or “know-how”; in other words, things a person in a particular occupation should know or be able to demonstrate. “Social (behavioural) competence” relates to people skills, behaviours and attitudes of the individual, and may be defined as “the ability and willingness to cooperate, to interact with others responsibly and to behave in a group and relationally oriented way” (Le Deist and Winterton, 2005, 38).
Draganidis and Mentzas (2006, 53) reviewed 12 definitions of competency, and based on these, define competency as “a combination of tacit and explicit knowledge, behaviour and skills that gives someone the potential for effectiveness in task performance”.
Guerrero and De los Rios (2012, 9) consider professional competency a composite of personal attributes, knowledge, values, skills, abilities, actions and experience of the professional task undertaken. Since risk management is regarded as a profession (as witnessed by professional bodies such as the Risk and Insurance Management Society (RIMS) of the USA and the IRMSA, the view of competency offered by Guerrero and De los Ríos was regarded as the most relevant for this study. However, all the cited research has in common that competency is a combination of knowledge, values, skills, attributes, attitudes, behaviour and experience.
2.2 Risk management from the perspective of international bodies
According to the World Economic Forum (WEF) (2017), the following global risks have been identified and analysed, in terms of both impact and likelihood, as indicated in Figure 2 below.
For organisations to enhance their sustainability amidst the risks mentioned above, the following risk management approaches have been developed to date (see Table 1).
The ISO prepared the ISO 31000 standard and proposes that organisations manage risk by identifying it, analysing it and then evaluating whether the risk should be modified by risk treatment to satisfy their risk criteria (ISO31000:2018(E): V). During this process, there should be consultation and communication with stakeholders, and risk controls should be monitored and reviewed to ensure that no further treatment is required. The ISO (2018) further maintains that risk management can be applied to an entire organisation, its many areas and levels, at any time, as well as to specific functions, projects and activities. The ISO risk management process is illustrated in Figure 3 below.
Based on the ISO risk management process, one can derive that a risk manager should have competencies such as discernment (in identifying risks), analytical and decision-making abilities, communication and consultation skills, as well as vigilance (in monitoring and reviewing risks).
The RIMS developed a risk management professional core competency model using multiple focus groups, and validated these core competencies using a survey undertaken by an independent psychometric organisation. The various focus groups each consisted of six members and employees of RIMS (Fox, 2019).
The RIMS (2017) regard core competencies as those “fundamental for successfully performing as a risk management professional, irrespective of the level of experience or training”. The five core competencies identified by RIMS are business insight, integrity/ethics, communication, collaboration and consultation. As indicated in Figure 4, RIMS also identified attributes, such as organisational knowledge, business knowledge, risk management knowledge, technical skills and management skills as components of their competency model.
The RIMS model is comprehensive, and reflects attributes in addition to knowledge (organisational, business and risk management knowledge), values (such as ethics and integrity) and skills (management and technical skills). RIMS recognises that risk managers need to develop their competencies over time as they progress along their career paths and that their model serves as a guide, and not as a requirement for entry into the profession. Although the model is well grounded and comprehensive, a limitation from the perspective of the current study is that it does not provide explicit guidelines for curricula development by universities and that it may not necessarily be transferable to South Africa without some degree of customisation. A concern is how bias and power relations were managed during the focus groups. However, the validation by an independent psychometric organisation is a positive aspect of the RIMS competency model.
2.3 Research about risk management competencies
According to Vinay and Müller (2015), risk management as a discipline evolved since the 1970s as major events happened or new legislation was introduced, as illustrated in Figure 5 below.
As illustrated in Figure 5, the number and complexity of risks are on the increase. The implication is that the role of a contemporary risk manager is more challenging compared to that of the 1970s and that the competencies required are constantly changing and expanding.
Louisot (2003, 26-30) proposes four areas of competencies, namely, general management, the risk management process, leadership and communication, as well as sector-specific knowledge. Within each of these four areas of competencies, Louisot (2003) identifies sub-categories, as summarised in Table 2 below:
Ashby (2011, 330) conducted 20 semi-structured interviews with risk management executives of financial institutions in the UK and concluded that the attitudes and competencies of the management of financial institutions could have prevented the financial crisis of 2008. The managerial weaknesses were poor risk management communication, inappropriate organisational cultures, flawed compensation schemes, an over-reliance on mathematical models and metric-driven regulatory assessments, as well as competition and complexity. Sound risk reporting does not only require clear, meaningful communication of the right data to the right people (and not withholding any risk data due to internal politics) but also that management must have the ability to understand the data presented to them. The culture should encourage the virtues of prudence, conservatism, crisis avoidance and long-term steady financial results rather than short-termism, greed and herding (copying the strategies of other financial institutions) (Ashby, 2011, 334-339).
Koh et al. (2015) suggest a more integrated approach to the development of risk management competency by integrating three inter-related concepts, namely, competencies, dynamic competencies and the learning organisation. They identified operational risk indicators from Malaysian literature and re-affirmed these during interviews with ten leading chief risk officers of banks in Malaysia. These included keeping abreast of Basel accords and other regulatory matters, as well as international benchmarks, proactive self-development, induction, learning by developing own risk models and appointing staff members who have mathematical skills for the management of derivatives.
Leaver and Reader (2016) researched how non-technical skills influenced the management of risk and performance in trading environments. They found decision-making, leadership, situational awareness and teamwork to be important non-technical skills and determinants of risk management and performance.
According to Hopkin (2017, 325-333), risk management is increasingly seen as a profession, and a risk professional should have a range of both technical and people skills. The technical skills required are skills associated with planning a risk management strategy, implementing a risk management architecture, measuring risk management performance and learning from risk management experience. The people skills are communication, interpersonal relationships, analytical and management (including self-management) competencies. A risk professional should also have political skills and be able to influence, negotiate with and motivate others. Furthermore, the risk professional should have problem-solving and decision-making capabilities, as well as a sound knowledge of business and risk management.
In a study among risk management professionals, Marx and De Swardt (2020, 96) used IQA and found that managerial and risk management knowledge, people and technical skills, ethical values and attributes such as assertiveness and steadfastness are competencies required of risk managers. However, their study may be supplemented to obtain a more complete picture by repeating the study among risk management academics because they have influence over the curriculation and offering of qualifications in risk management.
In summary and based on the literature review above, the commonalities suggest a combination of knowledge, skills, values and attributes such as leadership and experience. Some also include the attitudes, behaviour and experience required to be an effective risk manager. Knowledge includes business, organisational and risk management knowledge, while skills, such as management and technical skills are needed. The main difference in the literature is that not all works consulted considered risk management from the perspective of academics teaching risk management. The literature may be summarised using the following concept map, indicated in Figure 6 below.
As is evident from the above, none of the literature considered the implications of the above for the design of an undergraduate qualification in risk management, and due to a lack of consensus, this pointed to the need for a study that addresses this topic.
3. Methodology
The research was approved by the Ethics Committee of the College of Economic and Management Sciences at Unisa. Participants were assured of their anonymity and safety. Their participation was done with their informed consent, and they could withdraw if they so wished without any consequences to them.
The study used IQA as a research design. IQA is interactive because the participants (also called the constituents) are allowed to work as a team during the focus group activity to generate, cluster and interpret their data in establishing a shared understanding of the phenomenon. IQA was appropriate for the current research from both an ontological and epistemological perspective.
From an ontological perspective, IQA presumes that knowledge and power are interdependent (Northcutt and McCoy, 2004, 16). In this regard, the IQA methodology requires the constituents of the focus group to be selected based on their knowledge and experience of the phenomenon under investigation. During the meeting of the focus group(s), the constituents both generate and interpret their own data, while the researcher or a facilitator facilitates the process (Bargate, 2014, 12). In the current study, any power, biases and prejudices of the researcher were eliminated by using a facilitator for each of the focus group(s), while the researcher acted as an observer only. In summary, in this type of research, the data is socially constructed using induction while the subjectivity of the researcher is constrained.
From an epistemological perspective, both induction and deduction are necessary for the investigation of meaning in IQA. The categories of meaning (called “affinities”) are defined and refined by the constituents. Once this has been done, the constituents deductively explore the relationship between affinities, especially the direction of each relationship. As a qualitative method, IQA overcomes the criticism raised about qualitative research because it eliminates any subjectivity of the researcher and requires rigour in analysing and presenting the results.
For the current study, the focus group consisted of seven academics involved in teaching risk management. The constituents were individuals with a common interest in and practical experience of teaching and research in the field of risk management, as well as their availability.
The profile of the participants is indicated in Table 3 below.
The focus group met on 14 February 2017. Once the focus group had settled down and mobile phones had been switched off, the facilitator assured constituents of their anonymity and safety, followed by an explanation of the process that would follow, as well as a warm-up exercise. Constituents were provided with 25 identical blank cards each and identical pens as part of protecting their privacy. Constituents who needed additional cards were provided with such. The constituents further received a well-formulated issue statement (Mampane and Bouwer, 2011).
Constituents were asked to do individual brainstorming about the issue during a period of silence and privacy for 10 min. The issue statement was: “Tell me which competencies a risk manager should have?” Silence had to be maintained during this nominal phase to avoid hierarchical influences and potential dominance by some constituents. This precaution also ensured the authenticity and individuality of thoughts.
Once this individual task was completed, constituents were requested to affix their cards to a wall, still maintaining silence. The facilitator then read the competency provided on each card and removed duplicate cards. The constituents could then commence with their group activity as they clustered the cards into meaningful groups on the wall. Each cluster was allocated an affinity name (theme) by the group and the inclusion/exclusion of cards in each of the respective affinities was debated until consensus was reached. Any missing competencies identified by the group were added to the appropriate affinity. The affinities were listed in alphabetical order for the purpose of each participant completing his/her detailed affinity relationship table (ART). The ART documented the reasoning of the members of the focus group, and enabled each participant to indicate independently whether any relationship between affinities existed and, if so, to indicate the direction of the relationship. In other words, individual construction of the ART’s was done.
Finally, each constituent was requested to consider individually and carefully to indicate the nature of the relationship between the affinities using a detailed ART. A detailed ART not only enabled constituents to indicate either the direction of any relationships between the affinities (by means of ← or →) or if no relationship existed (< >) but also to describe each relationship briefly or to use an IF THEN statement for each pair of affinities that had been decided on by the focus group. In the current study, the focus group identified the six affinities indicated in Table 4 below.
The outcome of an IQA study is a graphical representation called a systems influence diagram (SID). An interrelationship influence diagram (IRD) is prepared with all the affinities to indicate each relationship as indicated by the focus group. Deltas (Δ’s) are calculated based on the information in the IRD. Deltas with positive numbers are regarded as drivers in the SID, and deltas with negative numbers as outcomes. A driver is an affinity that is causing the phenomenon, and an outcome is an affinity that is the result of the cause-effect relationship. Once an IRD table is sorted in descending order of the Δ’s, a SID can be drawn.
The SID “is a visual representation of an entire system of influences and outcomes and is created by representing the information present in the IRD table as a system of affinities and relationships among them” (Northcutt and McCoy, 2004, 174).
A facilitator may conduct follow-up, semi-structured interviews with constituents to probe individual meanings of the affinities further. However, this is an optional step in the IQA process, which was not followed in this study because each of the constituents of the focus group developed clearly defined affinities using his/her detailed ART, which ensured no irregularities and paradoxes appeared in the ensuing SIDs.
Another procedure that may be used in IQA is the Pareto protocol. The Pareto protocol in IQA is used for two purposes, namely, to determine the optimal number of relationships to comprise the composite system and to help resolve ambiguous relationships. Northcutt and McCoy (2004, 160) maintain that the composite should account for maximum variation while minimising the number of relationships in the interest of parsimony. An alternative to the Pareto Protocol is to use a simple majority vote by members of the focus group to determine the direction of each relationship and where those options with a plurality of votes are included in the SID and those with very few or no votes are excluded from the SID. Since this study involved a focus group only, the Pareto Composite SID was used in the light of the higher level of detail provided by the technique.
4. Findings of the focus group
The data generated by the focus group are summarised in the below list and in Figures 7 and 8 (De Swardt, 2021).
Affinities identified and defined by the focus group consisting of academics:
Focus group: Academics
Six affinities
1. Business management skills
Managerial skills
Business development skills
Understand corporate structures
Understanding the organisation’s environment
Knowledge about organisation workings
Training management
Adaptable to change – move with the times
Change management
Project management
Business communication
Quality management
Business background
Strategic thinker
Strategic strategy
Business management
HR management
Manages stress effectively
Analytical skills
Analyser
Analytical
Pro-active
Prudence
Holistic view
Visionary
Futuristic
Management
2. Financial management knowledge
Budgeting
Probability theory
Financial accounting
Financial management
Financial background
Knowledge of the global economic and political environment
Forecasting
Knowledge of mathematical decision-making models
Econometrics
Numerical skills
Numerate skills
Knowledge of economic and political environment (domestic)
Statistics
3. Understanding corporate governance and compliance
Understand legislation
Relationship management
Work well with regulators
King IV
Focused on institution’s goals
Basic understanding of corporate law
Commercial law
Critical
Governance
Understanding corporate governance
Understanding compliance
Understanding the compliance requirement
Look for the positive in dealing with risk
Critical analyser
Critical thinker
4. People management skills
People skills
People management skills
Diplomacy
Respect
Understanding human behaviour
Care
Mature
Positive
Focus
Ethical
Integrity
Manages conflict effectively
Facilitator
Motivator
Negotiator
Mentor
Managing organisational culture
Trust
Loyalty
Creativity
5. Risk management process
Knowledge on risk aspects in an organisation
Understanding of different risks
Understand the risks faced by the organisation
Expert in ERM
Liability insurance
Polymath
ID future risks
Credit risk
Commercial insurance
Personal insurance
ART – alternative risk transfer techniques
Financial engineering
Market risk
Operational risk
Maintenance management
Security management
Project risk
Safety, health and environment
Supply chain risk
Reputational risk
Information and communication technology risk
6. Technical skills
Strong leadership skills
Leader
Leadership
Good leader
Team player
Writing skills
Strong research skills
Problem-solver
Problem-solving
Report writing skills
Report writing
Think outside the box
Computer skills
Computer literate
Systems skills
Systems knowledge
Organisational skills
Good communication skills
Ability to communicate
Communication
Presentation skills
The application of the Pareto protocol to the indications participants provided about the relationships between the affinities yielded the results indicated in Figure 7 below.
5. Interpretation and linkages
The IRD provided in Figure 8 below indicates that the focus group regarded knowledge (Number 2) and values (Number 4) as primary drivers; attributes (Number 1) as a secondary outcome and skills (Number 3) as a primary outcome (De Swardt, 2021).
Based on the delta values indicated in the Tabular IRD (Figure 8), the tentative SID assignments are indicated in Table 5 below.
The SID visually represents the information of the above-mentioned IRD and tentative SID in Figure 9 below.
Redundant links appear in Figure 9; in other words, there are links that may be removed without influencing the path from the driver to the outcome via intermediary affinities. The SID (Figure 9) and the difference between the greatest positive delta and the greatest negative delta (Figure 8) were used to identify redundant links. By removing the redundant links, an uncluttered version of the SID can be constructed, as illustrated in Figure 10 below.
The SID visually depicts that the focus group was of the opinion that business management skills are influenced by both technical skills and people management, while the combination of business management skills and financial knowledge influences the risk management process, which, in turn, influences governance and compliance as appropriate skills to manage risks effectively.
6. Implications
The current research problem was to determine which competencies are required for risk managers to be effective risk managers. The second problem, based on these competencies, was to determine what the implications are for a proposed undergraduate qualification in risk management in the South African context.
In addition to the literature review, the study used IQA by involving a focus group consisting of risk professionals to identify the competencies required of risk managers.
The implications of the findings are discussed in the following order, namely, firstly, considering the implications for practice and the RIMS competency model in particular; secondly, implications for teaching; thirdly, implications for public policy; and finally, implications for research.
6.1 Implications for practice
This study found that constituents of the focus group perceived that the following competencies are required of risk managers, namely, people management and technical skills, business management skills, financial knowledge, as well as an understanding of the risk management process, governance and compliance management. These competencies partially correspond with the competencies indicated in the RIMS professional core competency model, except that RIMS subdivides knowledge into three categories, namely, business, organizational and risk management knowledge. Similarly, RIMS distinguishes between management skills and technical skills. The attributes identified by the focus group of this study were similar to those identified by RIMS. However, the focus group emphasized governance and compliance management. Unlike RIMS, these were not perceived as one of the core competencies that risk managers need to be successful. RIMS could consider reviewing its core competencies by including governance and compliance. Core competencies may be replaced by core values, which are literally at the centre of all the competencies required. Such core values are enhanced by the RIMS code of ethics (2019) and significantly contribute to the professionalisation of risk management because most professions require that their professional members must practice in accordance with their professional code of conduct. RIMS could also consider providing guidelines to universities for those competencies that could be taught or learnt to be included in their curricula and to accredit universities who meet such requirements.
The implication for practice is also that risk management professionals and members of the IRMSA need to avail themselves to serve on the advisory boards of academic departments offering risk management qualifications. Risk management is a developing science and requires inputs about the curriculation of qualifications and further research.
One of the possible weaknesses of the model presented is that it overlooks the importance of foresight as a skill and knowledge of future studies and scenario planning. A key skill of a leader is the ability to develop a vision of the future by analysing trends and signals in arriving at plausible future scenarios.
6.2 Implications for teaching
As far as teaching is concerned, and in arriving at synthesis, the literature and the findings of the focus group point to the combination of business management and risk management as the majors for an undergraduate qualification in risk management. The implications for an undergraduate qualification in risk management are summarised in Table 6 below.
The focus group used for this study did not indicate two aspects covered by the RIMS competencies model, namely, knowledge of business models and stakeholder engagement, but as implied by the RIMS competencies model, these would have to be addressed in any curriculum in risk management. However, the focus group included governance and compliance management, which is not part of the RIMS competencies model.
6.3 Implications for public policy
The findings of this study also serve as a starting point for the reintroduction of a BCom (risk management) degree by Unisa. Despite the requirements of SAQA and the CHE, this study demonstrated that a specialised degree in risk management needs to be offered to meet the need expressed by IRMSA for professional risk managers in Southern Africa, and such a degree should ideally be curriculated based on the competencies identified in this article.
The implication for public policy is that SAQA and the CHE need to reconsider their rigid stance about the composition of specialised qualifications and rather set a range of 33%–50% for subjects from the field of specialisation that must be included in the curricula of specialised degrees. As indicated by this research, a combination of subjects from different disciplines is required to enhance the competencies and employability of risk management graduates.
6.4 Implications for research
In view of the above, SAQA and the CHE need to conduct research about curricula that could potentially be offered but which are being withheld due to their rigid stance about the percentage of a qualification that needs to be covered by the area of specialisation. Risk management and other competencies are in short supply in South Africa, yet unemployment and the appointment of foreigners remained a challenge at the time of the study. A scientific study needs to be done to assist in resolving these issues by relaxing the requirements for specialised qualifications and, in doing so, increasing the number of qualifications needed by the developing South African economy amid the fourth industrial revolution.
The unique contribution of the current research was the innovative use of IQA for data collection, the removal of subjectivity and the rigour in analysing and presenting the results. The results provide a starting point for a possible follow-up study using pragmatism and mixed methods for the design of a curriculum that will both meet the requirements of the professional body and provide graduates with the best possible combination of knowledge, attributes, values and skills needed by the risk management profession.
The implications for further research include that a comparative IQA study of the competencies of risk managers using academics from the field could be undertaken, as well as a study of the design, benchmarking and validation of a proposed curriculum for an undergraduate degree in risk management. The inclusion of futures studies and scenario planning in the development of risk managers with foresight for the identification and analysis of strategic risks also needs to be undertaken. The purpose of this study was not to compile a curriculum for a new BCom (risk management), and a comparison with the curricula of degrees offered in risk management would be valuable. However, this was beyond the scope of the current study.
IQA uses rigour and eliminates the bias of the researcher, and the one limitation of this research lies in the use of a focus group, which resulted in the findings not being generalisable as the case would have been with a representative sample used in the positivist paradigm and using appropriate statistical analysis. However, this study was exploratory and could serve as a valuable starting point for further research in this area to perform a comprehensive curriculum development.
By reintroducing a degree in risk management, Unisa could take the lead at tertiary level in developing an undergraduate risk management course and enhance its PQM. Should the CHE not approve it, Unisa needs to consider offering an Hons BCom degree with specialisation in risk management but limit the admission requirements to undergraduate degrees which adequately cover the knowledge and skills identified by this study. Reintroducing an undergraduate qualification or introducing an honours degree in risk management at Unisa could contribute significantly to the reduction of the shortage of competent risk managers in Southern Africa given the importance of this function in ensuring sustainable organisations in an increasingly complex environment.
Figures
Figure 1.
Typology of competence
Figure 2.
Impact and likelihood of global risks
Figure 3.
ISO risk management process
Figure 4.
RIMS risk management professional core competency model
Figure 5.
Evolution of risk management
Figure 6.
Concept map of risk management competencies identified by the literature
Figure 7.
Affinities in descending order of frequency with Pareto and power
Figure 8.
Group interrelationship influence diagram (IRD) tables
Figure 9.
Cluttered SID of the results of the focus group
Figure 10.
Uncluttered SID of the results of the focus group
Risk management approaches
| Risk management approach | Source |
|---|---|
| Enterprise risk management (ERM) | Committee of Sponsoring Organisations of the Treadway Commission (COSO) (2017) |
| Operational risk management | COSO (2017), Power (2003) and the Basel Committee on Bank Supervision (BCBS) (2017) |
| Credit risk management | BCBS (2017) |
| Market risk management | BCBS (2017) |
| Reputation risk management | Reputation Institute (2017) |
| Strategic risk management | Deloitte (2013) |
| Supply chain risk management | Schlegel and Trent (2014) |
| Project risk management | Project Management Institute (PMI) (2009) |
| Conduct risk management | BCBS (2017) |
| Liquidity risk management | BCBS (2017) |
| Information security risk management | ISO (2013) |
| Environmental risk management | Cranfield University (2017) |
| Compliance risk management | BCBS (2005) |
| Energy risk management | Burger, et al. (2014) |
| Flood risk management* | European Commission (EC) (2004) |
*There are also references to disaster risk management found in the literature
Areas of competency, according to Louisot (2003)
| Area of competency | Sub-categories |
|---|---|
| General management | Human resources |
| Technical resources/operations | |
| Information resources | |
| Business partners | |
| Financial resources | |
| The risk management process | Diagnostics and risk mapping |
| Risk treatment (risk control and risk financing) | |
| Auditing and monitoring results | |
| Leadership and communication | Leading and communicating with internal and external stakeholders |
| Sector-specific knowledge | Private sector entities (industrial/commercial/financial) |
| Public entities (national/provincial and local authorities) | |
| Health-care organisations (public and private) | |
| Not-for-profit organisations and non-governmental organisations (NGOs) |
Profile of the participants
| Participant | Highest qualification | Position | Level of teaching risk management |
|---|---|---|---|
| 1 | PhD | Professor | Undergraduate and postgraduate |
| 2 | PhD | Professor | Undergraduate and postgraduate |
| 3 | PhD | Professor | Undergraduate and postgraduate |
| 4 | M Com | Senior lecturer | Undergraduate and postgraduate |
| 5 | M Com | Senior lecturer | Undergraduate and postgraduate |
| 6 | M Com | Senior lecturer | Undergraduate |
| 7 | B Com (Hons) | Lecturer | Undergraduate |
Affinity relationship table (ART) of the focus group
| Affinity name | Possible relationships |
|---|---|
| 1. Business management skills | A → B (A influences B) A ← B (B influences A) A < > B (no relationship) |
| 2. Financial knowledge | |
| 3. Understanding corporate governance and compliance | |
| 4. People management skills | |
| 5. Risk management process | |
| 6. Technical skills |
Tentative SID assignments
| Affinity | Tentative SID assignments | |
|---|---|---|
| 6 | Technical skills | Primary driver |
| 4 | People management skills | Secondary driver |
| 1 | Business management skills | Secondary driver |
| 2 | Financial knowledge | Pivot |
| 5 | Risk management process | Secondary outcome |
| 3 | Governance and compliance understanding | Primary outcome |
Implications of competencies required of risk managers for an undergraduate qualification
| Competencies | Subjects that address the competency | Justification/source |
|---|---|---|
| Competency: Technical skills | ||
| Technical skills | • Managing complexity by using project management • Writing skills • Presentation skills |
• RIMS (2017) • Focus group |
| Competency: People management skills | ||
| People skills | • Industrial psychology • Communication • Sociology in the work context/Industrial sociology • Teamwork and collaboration |
• Hopkin (2017) • ISO (2018) • RIMS (2017) • Focus group |
| Competency: Business management | ||
| Business management knowledge | • Business management • Strategic management |
• Louisot (2003) • RIMS (2017) • Focus group |
| Competency: Financial Management | ||
| Financial management | • Financial accounting • Financial management • Forecasting • Budgeting • Numeracy • Statistics |
• Louisot (2003) • RIMS (2017) • Focus group |
| Competency: Risk management process | ||
| Risk management process | • Risk management, including: • Enterprise risk management • Operational risk management • Credit risk management • Financial (market) risk management • Environmental risk management • Information security risk management • Risk financing • Reputational risk management |
• Louisot (2003) • BCBS (2017) • WEF (2017) • Vinay and Müller (2015) • Reputation Institute (2017) • Focus group |
| Competency: Governance and compliance understanding | ||
| Governance | • Understanding legislation • King IV • Corporate law • Cooperation with regulators |
• Vinay and Müller (2015) • Focus group |
Source: Own composition
References
Ashby, S. (2011), “Risk management and the global banking crisis: lessons for insurance solvency regulation”, The Geneva Papers on Risk and Insurance – Issues and Practice, Vol. 36 No. 3, pp. 330-347, doi: 10.1057/gpp.2011.10.
Bargate, K. (2014), “Interactive qualitative analysis: a novel methodology for qualitative research”, Mediterranean Journal of Social Sciences, Vol. 5 No. 20, pp. 11-19, doi: 10.5901/mjss.2014.v5n20p11.
BCBS (Basel Committee on Bank Supervision) (2005), “Compliance and the compliance function in banks”, Bank of International Settlements, available at: www.bis.org/publ/bcbs113.pdf (accessed 23 November 2017).
BCBS (Basel Committee on Bank Supervision) (2017), “Risk committee publications”, Bank of International Settlements, available at: www.bis.org/list/bcbs/tid_50/index.htm (accessed 23 November 2017).
Booth, L. (2014), “African risk managers thirsty for qualifications”, Commercial Risk Africa, available at: www.commercialriskonline.com/risk-management-profession/commercial-risk-africa/ (accessed 12 March 2019).
Burger, M., Graeber, B. and Schindlmayr, G. (2014), Managing Energy Risk, Wiley, West Sussex.
Campbell, A. and Sommers Luchs, K.S. (1997), Core Competency-Based Strategy, Thomson, London.
Council on Higher Education (CHE) (2013), “The higher education qualifications Sub-framework (HEQSF)”, available at: www.che.ac.za/sites/default/files/publications/CHE%20-%20Higher%20Education%20Qualification%20Framework%20-%20EDITED%20171013.pdf (accessed 19 March 2018).
Cochran-Smith, M. (2001), “Constructing outcomes in teacher education: policy, practice and pitfalls”, Education Policy Analysis Archives, Vol. 9 No. 2, pp. 1-56, available at: http://epaa.asu.edu/ojs/article/view/340 (accessed 31 October 2017).
Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2017), “Enterprise risk management”, available at: www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf (accessed 23 November 2017).
Cranfield University (2017), “Environmental risk management MSc”, available at: www.cranfield.ac.uk/courses/taught/environmental-risk-management (accessed 23 November 2017).
De Swardt, C.J. (2021), “A qualitative study of the competencies that should be covered by a specialized undergraduate degree in risk management”, Unpublished masters dissertation”, MCom dissertation, Pretoria, Unisa.
Delmarie de List, F. and Winterton, J. (2005), “What is competence”, Human Resource Development International, Vol. 8 No. 1, pp. 27-46, doi: 10.1080/1367886042000338227.
Deloitte (2013), “Exploring strategic risk”, available at: www2.deloitte.com/us/en/pages/risk/articles/exploring-strategic-risk-survey-report.html (accessed 23 November 2017).
Draganidis, F. and Mentzas, G. (2006), “Competency-based management: a review of systems and approaches”, Information Management and Computer Security, Vol. 14 No. 1, pp. 51-64, doi: 10.1108/09685220610648373.
Dubois, D. (1993), Competency-Based Performance: A Strategy for Organizational Change, HRD Press, Boston, MA.
European Commission (EC) (2004), “The EU flood risk directive”, available at: http://ec.europa.eu/environment/water/flood_risk/flood_risk.htm (accessed 23 November 2017).
Fox, C. (2019), “Reply to your question regarding RIMS competencies”, e-mail to author, 1 February.
Guerrero, D. and De los Rios, I. (2012), “Professional competencies: a classification international models”, Repositorio Instituctional Pirhua, Barcelona, available at: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.836.9017&rep=rep1&type=pdf (accessed 19 March 2018).
Hopkin, P. (2017), Fundamentals of Risk Management: understanding, Evaluating and Implementing Effective Risk Management, 4th ed., Kogan Page, London.
International Organization for Standardization (ISO) (2013), “Information security risk management”, available at: www.iso27001security.com/html/27005.html (accessed 23 November 2017).
International Organization for Standardization (ISO) (2018), “A risk practitioners guide to ISO 31000: 2018”, available at: www.theirm.org/media/3513119/IRM-Report-ISO-31000-2018-v3.pdf (accessed 24 May 2019).
Koh, E.H.Y., Mohan, A.V. and Tan, K.H. (2015), “A more comprehensive approach to competency development: an exploratory study on the risk management function of banks”, Asian Journal of Business and Accounting, Vol. 8 No. 2, pp. 1-24.
Le Deist, F.D. and Winterton, J. (2005), “What is competence?”, Human Resource Development International, Vol. 8 No. 1, pp. 27-46.
Leaver, M. and Reader, T.W. (2016), “Non-technical skills for managing risk and performance in financial trading”, Journal of Risk Research, Vol. 19 No. 6, pp. 687-721, doi: 10.1080/13669877.2014.1003319.
Louisot, J.-P. (2003), “What makes an effective risk manager?”, Risk Management, Vol. 50 No. 6, pp. 26-30.
Mampane, R. and Bouwer, C. (2011), “The influence of township schools on the resilience of their learners”, South African Journal of Education, Vol. 31 No. 1, pp. 114-126.
Marx, J. and de Swardt, C.J. (2020), “Towards a competency-based undergraduate qualification in risk management”, Qualitative Research in Financial Markets, Vol. 12 No. 1, pp. 96-117.
Mitrani, A., Dalziel, M. and Fitt, D. (1992), Competency-Based Human Resource Management, Kogan Page, London.
Nadler, D.A. and Tushman, M. (1999), “The organisation of the future: strategic imperatives and core competencies for the 21st century”, Organizational Dynamics, Vol. 28 No. 1, pp. 45-58, doi: 10.1016/S0090-2616(00)80006-6.
Northcutt, N. and McCoy, D. (2004), Interactive Qualitative Analysis: A Systems Method for Qualitative Research, Sage, London.
Project Management Institute (PMI) (2009), “Practice standard for project risk management”, available at: http://marketplace.pmi.org/Pages/ProductDetail.aspx?GMProduct=00101169201 (accessed 23 November 2017).
Power, M. (2003), “The invention of operational risk management. Economic and social research council”, Discussion paper 16, London School of Economic and Political Science, available at: http://eprints.lse.ac.uk/21368/1/DP16.pdf (accessed 22 November 2017).
Reputation Institute (2017), “Reputation risk”, available at: www.reputationinstitute.com/reputation-risk.aspx (accessed 23 November 2017).
Risk and Insurance Management Society (RIMS) (2017), “RIMS risk management professional core competency model”, available at: www.rims.org/education/Pages/RiskManagerCoreCompetencyModel.aspx (accessed 6 November 2017).
Risk and Insurance Management Society (RIMS) (2019), “RIMS code of ethics”, available at: www.rims.org/certification/Pages/Code-of-Ethics.aspx (accessed 20 February 2019).
Schlegel, G.L. and Trent, R.J. (2014), Supply Chain Risk Management – an Emerging Discipline, CRC Press, Boca Raton, FL.
Shannon-Baker, P. (2016), “Making paradigms meaningful in mixed methods research”, Journal of Mixed Methods Research, Vol. 10 No. 4, pp. 319-334, doi: 10.1177/1558689815575861.
Tabane, R.J. (2010), “Integration and learners’ feelings of belonging in a desegregated former house of delegates school”, PhD thesis, University of Pretoria, available at: http://upetd.up.ac.za/thesis/available/etd-05012010-163911 (accessed 30 October 2017).
Vinay, K. and Müller, R. (2015), “Risk management at board level – a practical guide for board members”, available at: www.advocat.ch/fileadmin/user_upload/publikationen/roland_mueller/Risk_Management_2nd_ed._extract_Compliance.pdf (accessed 8 November 2017).
World Economic Forum (WEF) (2017), “The global risks report 2017”, available at: www.weforum.org/reports/the-global-risks-report-2017 (accessed 14 November 2017).
Further reading
Kalia, V. and Müller, R. (2007), “Risk management at the board level – a practical guide for board members”, available at: www.alexandria.unisg.ch/235619/ (accessed 10 November 2017).
Lin, N. (2015), Applied Business Analytics: Integrating Business Process, Big Data, and Advanced Analytics, Pearson, Hoboken, NJ.
University of Deusto (2017), “Approaches to teaching, learning, and assessments in competences based degree programmes”, available at: www.unideusto.org/tuningeu/teaching-learning-a-assessment.html (accessed 31 October 2017).