Relationship of Risk Management and Corporate Governance: Research Proposal


1.0: Problem Statement

Corporate governance is one of the most important facets that determine the success or failure of any organisation. It involves a set of procedures, practices and policies that affect the way an organisation is controlled (Rosen: 2008). It also takes into account the relationship that exists between the various stakeholders in the organisation. These stakeholders share the vision and goals of the organisation. Corporate governance tries to bring these stakeholders together to ensure that their activities are coordinated and are aimed at the common goals of the corporation. The stakeholders include the shareholders, the employees, the administration and other players without the company, for example clients and suppliers.

There are several processes that are involved in corporate governance. These are monitoring and evaluation, strategic planning and others. One of the most important facets of corporate governance is risk management. It is important to note that organizations today operate within an environment that is wrought with risks and other hurdles that have to be overcome if the organisation is to succeed. The risks that the organisation is exposed to include: financial, natural disaster, security threats among others.

Risk management involves the process of identifying, assessing and prioritising of risks that the organisation is faced with. This is then followed by an organised and planned application of resources at the disposal of the organisation to address this threat. The aim is to avert, control, monitor and mitigate the effects of the risk that has been identified. There are various risk management models at the disposal of the corporation. They include, but not limited to: Project Management Institute, International Organisation for Standardisation (ISO) and others (Matthias & Glasgowl: 2009).


Relationship of Risk Management and Corporate Governance: Research Proposal

This research proposal is going to address the nature of the relationship that does exist between risk management and corporate governance. The researcher will be guided by the following research question:

What is the nature of the relationship of risk management as it applies in corporate governance?

1.1: Background

As indicated earlier in the paper, every organisation is exposed to risk, in one form or the other. These risks might affect the ability of the organisation to attain its goals and aspirations. The effects of the risks on the organisation are multifaceted: there are positive and negative consequences to the firm. Negative impacts may involve loss of revenue, loss of clients and other effects that derail the goals set by the organisation.

However, there are also positive outcomes when the firm is exposed to risk (Turnbull: 2009). It should be noted that risks are an integral part of the business’ success. If the organisation does not take a risk, then it is very unlikely that they will ever move forward (Turnbull: 2009). Every business venture is a risk; it is a gamble that the organisation is taking.

As a result of this, it becomes very important for the management of the firm to come up with procedures that ensure that the firm exploits the positive attributes of the risk while at the same time managing effectively the negative attributes (Turnbull: 2009). Basically, what the management is involved with is the identification and assessment of the risks that the organisation faces as it is run on a day to day basis. They very well realise that some of the risks have to be exploited in order for the organisation to attain their objectives (Matthias & Glasgowl: 2009).


Relationship of Risk Management and Corporate Governance: Research Proposal

1.2: Research Justifications

Mamousee (2008) is of the view that there are many studies that are been conducted at any given time within any given field. This been the case, it is then very important for any researcher, before embarking on the task of conducting his research, to first justify why his research is relevant to the field. Generally, what is the value that the field will get from this particular research and why should it be supported?

It is a fact beyond doubt that we are living in a risk society today. The twenty first century especially has seen the degree of risk in the society increase (Rosen: 2008). There have been rise in insecurity as terrorism takes root; financial insecurity is also rampant with the collapse of major world markets; change in climatic conditions puts the business at risk of natural calamities like hurricanes and floods (Matthias & Glasgowl: 2009). But the presence of risks does not mean that businesses will cease to operate. But what it means is that they have to operate but with a lot of caution. They have to take into account the fact that they are surrounded by risk factors which if not well managed, may lead to the complete failure of the business (Drennan: 2008).

In this light, the importance of this research cannot be downplayed. The findings of this research will be especially important to the policy makers in helping them realise the relationship that does exist between risk management and corporate governance. The research will not only identify the connection between risk management and corporate governance, but further, the nature of this connection will be highlighted. The findings will make the policy makers decide whether to incorporate risk management in their running of the firm or to ignore it all together.

It cannot be denied that risk management is intertwined with day to day running of the organisation. Most of the management activities revolve around avoiding risks, controlling risks and mitigating the effects of the same. Security risk is especially significant to the organisation. Without physical security, the core business of the organisation will be derailed. That is why managers have to plan for the provision of measures to manage security risks in the


Relationship of Risk Management and Corporate Governance: Research Proposal

organisation. The research findings will highlight this importance.

1.3: Scope and Limitations of the Research

Security and risk management is a very wide and diverse field. This means that it is impractical to carry out a research on the whole field of security and risk management. As such, the researcher will limit the scope of this research to enable him concentrate and focus on a particular issue of particular importance to the field. This issue is the management of security risks in the organisation.

The research will limit itself to the issue of risk management in corporate governance. There are several other issues that are involved in corporate governance. They include monitoring and evaluation, strategic planning and others. But this research will not address them; rather, it will limit itself to risk management as one tool and process of corporate governance.

Also, risk management is another multifaceted issue. Some of the aspects of risk management include financial risk management, legal liability, malpractice and others. But this study will be limited to security risk. This is the vulnerability of the organisation to security threats like terrorism, burglary, and sabotage.

1.4: Objectives of the Research

The researcher will be guided by one major objective throughout the research. There will also be other specific objectives that will guide the researcher in addressing the major one. It is by addressing the specific objectives that the researcher will in effect be addressing the major one.


Relationship of Risk Management and Corporate Governance: Research Proposal

1.4.1: Major Objective

The major objective of the research will be to address the nature of the relationship between risk management as it applies to corporate governance.

1.4.2: Specific Objectives

In addressing the above objective, the researcher will address the following:

i. What are the effects of risk management to corporate governance?

ii. How can corporate governors increase the success of their work and their organisation through risk management?

iii. What are the major challenges that face corporate governors in incorporating risk management on their work?


Hampel (2007) opines that any research should be grounded in theory. There are many theories that exist in any given field of research. It is the duty of the researcher to identify which theories best addresses his research. As earlier indicated, there are many studies that been conducted


Relationship of Risk Management and Corporate Governance: Research Proposal

at any given time. All of these researches should be original and different from each other (Charkham: 2009). Theoretical framework is what connects these divergent studies.

This research will be grounded on routine activities theory.

2.1: Routine Activities Theory

This theory was proposed by two criminologists in America in the late 1970s (Fagan: 2007). They were Lawrence Cohen and Marcus Felson, as they tried to address the crime that was on the rise in this country. There was an upsurge of criminal activities between 1947 and 1974 in America (Hampel: 2007). This development was confusing to many scholars because at the same time, there was a growth in economic well being of the citizenry. It was hard to understand how crime could be on the rise in a well to do society. Traditionally, crime has been associated with poverty, and an improvement in economic welfare of the country would have meant that crime would have declined. But this was not to be. It seemed that as the economy grew, crime also rose on the same direction.

This is the background that created an impetus for these scholars. They sought to address this discrepancy. In explaining this development, they based their theory on the earlier one of rational choice (Cowan, Garrord & Harbottle: 2007). They argued that people tended to make decisions that were rational. These rational decisions were aimed at benefiting the individual, with as little harm to them as possible. A criminal will make a rational decision to commit a crime given that the criminal activity will benefit him more than it will make him lose. As such, any act that was deemed by the actor as likely to negatively affect them was avoided. While that which was likely to benefit them was favoured. If a criminal is of the view that the benefits that he will accrue from a criminal activity far much outweigh the costs (for example criminal liability), he will engage in it. However, if he feels that the costs associated with the act are far more than the benefits, he will not engage in it.

2.1. a: Relevance of this Theory to the Research


Relationship of Risk Management and Corporate Governance: Research Proposal

Despite the fact that the world has experienced a rapid economic growth in the twenty first century, crime has also been on the rise (Rosen: 2008). This is a fact that business executives have to put into consideration. Also, despite the fact that a business continues to post profits and other signs of success, the risk factors that it has to face are not minimised at all. If anything, the risks seem to increase as the success of the business increases (Boyd: 2008).

This theory will be very important in informing the researcher why when the business environment seems to improve economically, there seems to be a rise in the rate of security threats that the company has to contend with. This theory will inform the policy makers in the corporate world that their vulnerability to security threats does not diminish with their continued growth; rather, it seems to increase.

2.1. b: Features of Routine Activities Theory

The central feature of this theory is the three elements that should be present for a predatory crime to occur (Cowan et al: 2007). This is what Charkham (2009) refers to as the crime triangle. It is also known as problem analysis triangle. Cohen and Felson opined that for any form of crime to occur, the three attributes must take place within the same time frame and space (Fagan: 2007). The three conditions are as set out below:

i. Suitable Target

The scholars were of the view that for a crime to occur, it’s not just a target that has to be present, but rather, a suitable target (Charkham: 2009). There are three chief categories of target: person, object or place.


Relationship of Risk Management and Corporate Governance: Research Proposal

The theorists used two acronyms to qualify a suitable target:

VIVA- The target has to have Value either to the criminals or to the victim (Cowan et al: 2007). It should also possess Inertia, meaning that it should have a potential for destruction. It should also be Visible and Accessible to the criminals.

CRAVED: As much as the target must be visible, it should also be Concealable, Removable, Available, Valuable, Enjoyable and Disposable (Hampel: 2007). This means that the criminals should find it possible to derive some satisfaction from committing the act on the target while at the same time they should find it valuable.

ii. Absence of a Capable Guardian

A guardian is a person or object that should effectively deter a criminal act. For a crime to occur, this guardian has to be absent (Fagan: 2007). The guardian, as indicated, can be a person or an object. Whichever the case, the guardian described here has some features of a human element (Charkham: 2009). The physical presence of the person could deter the criminal. Also, the guardian could be absent physically but his presence can be felt. For example, a CCTV can act in that capacity. It has a human aura because it is manned at the other end by a security agent.

iii. Likely Offenders

A target might be suitable and a capable guardian absent. These are two of the three conditions that have to be present for a crime to take place. However, if there is no one to commit the crime, it will never be carried out (Hampel: 2007). This is why the third condition to be met for a


Relationship of Risk Management and Corporate Governance: Research Proposal

crime to occur is the presence of a potential and likely offender.

This theory looks at crime from an offender’s perspective. This is because it is the offender who identifies the presence of the two initial conditions, before he meets the third condition by turning himself into a likely offender (Fagan: 2007). It can then be said that this third condition is the most crucial of them all. By assessing the presence of the other two conditions, the offender determines whether the crime will be committed or not.


Methodology is another very important facet of a research. It is in this section that the researcher puts down the steps that he proposes to follow when conducting the envisaged research (Scharfstein: 2008).

3.1: Target Population

This research will take the form of a survey. The target population for this survey will be risk managers in small and medium sized enterprises.

3.2: Sample Population

Due to the sheer number of the target population, it will be difficult for the researcher to survey each and every one of the potential respondents (Jensen: 2009). To circumvent this challenge and for the survey to take place, the researcher will have to come up with a sample population


Relationship of Risk Management and Corporate Governance: Research Proposal

that is representative of the whole population (Scharfstein: 2008). It is the attributes of this sample population that will be used to generalise those of the whole target population.

In this research, sample population will be risk managers from ten firms in the city. The reason why these firms were chosen was because they are located in the city, one of the most potential areas for security risks (Turnbull, 2009). Most of the business crimes that occur around the country are reported in urban centres (Matthias & Glasgowl: 2009). They include break-ins and infiltration by rival businesses. These firms are also relatively successful. This is indicated by their financial performance. The researcher will seek to find out how integrating security risk management measures have affected or will affect this success.

3.3: Sample Size

Still, it will be difficult for the researcher to survey each and every one of the potential respondents. He will have to come up with a number of respondents that will be manageable for research purposes (Graffham: 2008).

In this research, the researcher will come up with a sample population of fifty respondents (N=50). This is a number that is manageable by the researcher. This is given the amount of resources that he has at his disposal. A number more than fifty would have required more time, more manpower and more finances.

The number is representative because it will be composed of five managers from each of the firms picked for the survey. There will also be twenty five females and twenty five males. This is to make sure that the findings are not in any way affected by gender bias. Other background criteria like the age of the respondents, their ethnic background and such factors will also be considered. The sample will be representative of all these factions.


Relationship of Risk Management and Corporate Governance: Research Proposal

3.4: Sampling Procedure

The researcher proposes to use stratified sampling to pick the respondents and firms that will be involved in this research. Here, the researcher will take the target population, stratify it using a predetermined criterion, then pick his samples from those strata (Mamousee: 2008).

For the firms, the target population will be those that are situated in the city. These will be stratified into those that have managers specifically assigned the duty of risk management and those that don’t have. The researcher will then pick those with risk managers and pick ten from them. To make sure that the firms are representatives of the target population, the researcher will pick firms from all parts of the city, rather than firms on one side of the city.

3.5: Unit of Observation

The unit of observation will be the risk managers’ involvement in incorporating risk management into corporate governance of their firms. This is because the researcher will be seeking to find out how this incorporation has affected the governance of the organisations.

3.6: Unit of Analysis

The unit of analysis for this research will be the nature of the relationship of risk management as it applies to corporate governance. The relevance of this unit of analysis is that security issues do affect the success or failure of any organisation.

3.7: Procedure for Data Collection

This proposal is for a survey research. This form of survey involves a researcher administering a standardised questionnaire to the respondents (Scharfstein: 2008). There are two broad categories of survey. These are questionnaires and interviews (Jensen: 2009).

The researcher will conduct a questionnaire survey in this case. Respondents will be required to fill out a standardised questionnaire. The questionnaire will contain twenty open ended


Relationship of Risk Management and Corporate Governance: Research Proposal

questions. The reason why the researcher picked questionnaire as the form of data collection rather than interview is that in a questionnaire, the respondent is assured of confidentiality. Security is a very sensitive issue in any organisation. Information regarding this issue is considered to be the firm’s secret weapon to survive in the murky waters of competition and burglary. As such, the respondents will be uncomfortable answering face-to –face questions as they will fear that their privacy will be violated.

3.8: Data Presentation and Analysis

The data will be analysed in simple statistics. It will be expressed in terms of percentages, fractions and ratios. This is to make it easier for consumption by the targeted audience.

The data will be presented in form of tables, graphs and charts. This is because these presentation tools are simple and at the same time clear. They can be understood by a layman.

3.9: Resources Required

The success of this research lies with the resources that will be availed to the researcher. Some of these resources include the following:

i. Training of research assistants.

ii. Funds to purchase stationeries and meet other expenses of the research.

iii. Mode of transport from one point to the other, both for the researcher and his


iv. Data processing machines, for example computers.

v. An office where the researcher will be based during the course of the research.


Relationship of Risk Management and Corporate Governance: Research Proposal


4.1: Ethical Concerns

One of the major ethical concerns is how the data will be used. There is risk of the information that will be collected from the research been accessed by competitors of the firms under study. These competitors may use the information to hurt the firms under study. To avert this, the researcher will make sure that no information is accessed by third parties who are unauthorised. This will be achieved by keeping the filled out questionnaires under lock and key.

4.2: Access to Information

There is likelihood of respondents, both firms and the individuals, refusing to participate in the study due to privacy concerns. They will be concerned that the information that will be gathered might be used against them. The researcher will deal with this by assuring the respondents of the confidential nature of the information. No names, either of the firm or the respondent, will appear on any of the questionnaires. Also the filled questionnaires will be kept under lock and key.

4.3: Logistical Challenges

The challenge of funding for the research is something that the researcher will have to address. Funds are needed to hire the research assistants, to cater for transport and other logistical matters.

The researcher will deal with this challenge by looking for financiers. He will apply for a grant from the local security firms or from the university.



Relationship of Risk Management and Corporate Governance: Research Proposal

Security is one of the major risks that face many organisations today. It is as a result of this that many organisations have found it mandatory to incorporate risk management as part and parcel of their corporate management. This is given the fact that risks, and especially security ones, pose a great danger in attainment of the firm’s goals and aspirations.

This research will be conducted to analyse the nature of the relationship of risk management as it applies to corporate governance. The researcher will confine himself to the management of security risks in these firms. The findings of the research will be very helpful in informing the stakeholders on how risk management of their security can be used to further the goals of their organisation.


Boyd, SW 2008, Managing Security Threats in a Risk Society, Cambridge: Cambridge University Press, 546.

Charkham, NV 2009, Organisational Strategic Management: Security Management Procedures,

Winchester: Country Publishers, 26-28.

Cowan, GE Garrord, SQ & Harbottle, VE 2007, Routine Activities Theory: Theory and


Manchester: Nubian Book House, 274.

Drennan, FL 2008, Strategic Risk Management, Oxford: Oxford University Press, 178-189.

Fagan, HJ 2007, How can Risk Managers Succeed in this Risky Business? Journal of International Security Agents, 34(3), 13-14.

Graffham, WN 2008, Qualitative Research Methods, 2nd Ed, Long Beach: Cengen Books, 490.

Hampel, YA 2007, Theories in security management, Cambridge: Cambridge University Press, 298.


Relationship of Risk Management and Corporate Governance: Research Proposal

Jensen, SL 2009, Research Methodologies, New Jersey: Prentice-Hall, 284-286.

Mamousee, BY 2008, Research in Security Management, London: London Book House, 387.

Matthias, RX & Glasgowl, CA 2009, Security Threats in Developed World is Affecting the

Success of Businesses Negatively, Times Magazine, July 2009, 37.

Rosen, HG 2008, Strategic Management in 21st Century, 3rd Ed, London: Derawere Books, 345-247.

Scharfstein, DZ 2008, Sociological Research Methods, 3rd Ed, New  York: McGraw-Hill, 28-29.

Turnbull, UA 2009, Management Challenges in Developed Nations, Durban: Reicho Books, 290-298.