Next Article in Journal
CEO–Employee Pay Gap, Productivity and Value Creation
Previous Article in Journal
Legitimacy and Reciprocal Altruism in Donation-Based Crowdfunding: Evidence from India
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JRFM
Volume 14
Issue 5
10.3390/jrfm14050195
jrfm-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Risk Management Practices by South African Universities: An Annual Report Disclosure Analysis

by
Inga Sityata
,
Lise Botha
and
Job Dubihlela
*
Department of Internal Auditing & Financial Information Systems, Faculty of Business & Management Sciences, Cape Peninsula University of Technology, Cape Town 7441, South Africa
*
Author to whom correspondence should be addressed.
J. Risk Financial Manag. 2021, 14(5), 195; https://doi.org/10.3390/jrfm14050195
Submission received: 15 March 2021 / Revised: 22 March 2021 / Accepted: 26 March 2021 / Published: 26 April 2021
(This article belongs to the Section Risk)
Browse Figures
Versions Notes

Abstract

:
This paper assesses risk management practices at South African universities by analyzing the extent of risk management disclosure recommended by King IV and the level of risk governance maturity. This study was motivated by #Feesmustfall disruptions, which pointed to the lack of effective risk management, preparedness for volatility and increased scrutiny by stakeholders. A qualitative content analysis using a risk disclosure checklist was conducted on 18 annual reports and analyzed using an exploratory research design. The results revealed that over 80% of the sampled South African universities have disclosed most of their risk management practices, showing an improved disclosure due to King IV’s “apply and explain” philosophy as introduced in 2016. However, there were areas of improvement identified, such as: defining and approval of risk appetites and tolerance; development and implementation of business continuity plans; confirming the unpreparedness for volatility; annual revision of policies; and integration of risk management into the culture and daily activities of the university. This paper builds upon previous studies that highlighted a lack of detailed disclosures in South African organizations’ annual reports. This study also provides interesting insights into the impact of social events on organizational practices and supports the notion that legislative accounting practices should echo stakeholders and societal expectations.

1. Introduction

It was South Africa’s first black president Nelson Mandela, who expressed that “Education is the most powerful weapon which one can use to change the world” (Assar et al. 2010), a statement he strongly believed in as the newly elected democratic government embarked on a journey to transform the South African education system. Such an ambitious task was not easy given the inherent challenges of the past. Nonetheless, it was a transformational path needed for the greater good and future of the country, given the economic state at the time (Mncube 2013). Over the years, higher education institutes (HEIs) have become an important social institution that plays a vital role in the country’s prosperity (Nongxa 2010). According to Allais (2012), such prosperity is attained by producing a competent workforce that contributes to the country’s economic activities.
Therefore, it is in the best interest of the government, the private sector or external funders, the public and regulators for these institutions to strive and continue adding value to the economy and producing future leaders. However, with challenges, such as the high cost of education, increased competition due to globalization, internationalization of education, availability of e-learning, and the increasing demand for free higher education, the future of HEIs with their existing business model and strategic positioning is questionable and uncertain (Kevin 2010; Moloi 2016b; Botha 2019). These views are aligned with Rajab and Handley-Schachler (2009), who outlined that HEIs operate in a complex and rapidly changing environment due to the introduction of new technologies, globalization, and internal issues, such as ambiguous goals and ineffective leadership; thus, their future is questionable and uncertain.
Although the higher education sector has embarked on a transformation journey, in recent years, it has faced challenges, such as the shift in government funding enforcing universities to seek alternative funding from the private sector and international partners (Assar et al. 2010; Nongxa 2010; Allais 2012; Moloi 2014). Consequently, as more stakeholders became involved, scrutiny increased, along with demands that adequate operational information and regulations be tightened as these institutions were operating in a global landscape, attracting talent and students from all over the world. Thus, new risks emerged (Moloi 2014). According to Moloi (2015a), the shift in higher education funding resulted in fee increases to preserve the bottom line. The high cost of education and increased fees resulted in disruptions, such as #Feesmustfall protests and demand for free higher education (Mapheta 2016). These protests were accompanied by vandalism resulting in damages to property, financial loss and academic disruptions (Mapheta 2016). More importantly, the possibility of implementing free higher education has the potential to utterly change the HEIs’ business model and strategic objectives if they were to survive and be viable institutions (Moloi 2016a). Consequently, when these events are ineffectively managed, they can lead to South African universities not achieving their strategic and operational objectives and threatening their survival (McShane et al. 2011). Hence, risk management in the higher education sector has gained substantial attention as HEIs are under pressure from stakeholders, such as the government agencies, private sector, and regulators, to develop risk management strategies to manage the emerging operational difficulties (Moloi 2016d). Thus, in recent years, HEIs have been required by the Higher Education Act No. 101 of 1997 provide information on their operational activities and processes, including risk management for transparency and accountability of those entrusted with the responsibility to effectively manage these important institutions.
In the South African context, listed companies are required by the JSE listing requirements and the Companies Act No. 71 of 2008 to adopt the King IV report on corporate governance, including risk governance for effective risk management practices (JSE 2016; Moloi 2014, 2016c). The King IV report requires organizations to make disclosures on the corporate governance practices applied, which can either be voluntary or mandatory as per the regulatory requirements (IoD 2016). HEIs are not immune to the risks stemming from the external and internal operational environment as highlighted with the recent challenges, such as the high cost of education, increased competition due to globalization, internationalization of education, availability of e-learning and the increasing demand for free higher education (Kevin 2010; Moloi 2016e; Botha 2019). These challenges resulted in increased scrutiny by stakeholders and increased reporting requirements of their strategy to manage risks threatening their strategic and operational objectives. HEIs are required by the Higher Education Act No. 101 of 1997, the Reporting Guidelines and implementation manual to apply the King Code recommended practices and disclose to stakeholders their risk management activities for transparency and assure stakeholders of their sustainability, among other things (Moloi 2016e; IoD 2016; JSE 2016; DoE 2016).
The King IV report was issued in 2016, the same period HEIs were confronted with numerous protests and disruptions (Moloi 2016e; IoD 2016). The newly revised King IV report consists of outcome-based rules for good governance. The “apply and explain” philosophy was introduced as organizations are now required to apply the recommended practices and explain the application thereof through annual report disclosure statements. However, although King IV principles do not have legislative power, HEIs are required by the Department of Higher Education and Training to disclose the actual practices applied to govern risk as per reporting guidelines (IoD 2016).
Notable, although risk management disclosure is a well-studied phenomenon. The majority of studies explore the phenomenon outside the South Africa environment. Thus, generalizing the extent of disclosure in the South African context using their findings is questionable. Moreover, most risk management disclosure studies conducted in the South African setting explored the business sector rather than the education sector. Consequently, the applicability of their findings to the education sector is questionable as the context of risk management and governance varies from industry to industry based on stakeholder expectations, compliance requirements and operational environment. In addition, prior studies on risk management disclosures in the education sector were carried out before the issuance of King IV in 2016 and based on the previous King codes. Thus, the majority of these studies highlighted a lack of detailed disclosures on the actual risk management practices applied as the previous King versions applied the “apply or explain” rather than the “apply and explain” philosophy. Hence, organizations were not required to provide an explanation on the application of the recommended practices.
Given the importance of universities as a societal establishment, the introduction of King IV with the “apply and explain” philosophy, the gap identified in the literature, the recent challenges faced by HEIs resulting in increased scrutiny and demand for information by stakeholders. It is considered imperative that the risk management practices of South African universities, as reflected in their disclosures, be investigated as the question arise:
To what extent have South African universities applied and disclosed their risk management practices as per the King IV Code on Corporate Governance and the Higher Education Act No. 101 of 1997?
The following specific questions have arisen and remain unanswered:
  • What risk management practices could be adopted and applied by South African universities as recommended by King IV for effective risk management?
  • To what extent have South African universities applied, explain, and disclosed King IV’s risk management recommended practices?
  • What are the minimum risk governance statements that could be incorporated as a proxy for risk governance by South African universities?
  • How do South African universities govern risk and maturity thereof?
Thus, the study aims to fill the gap identified and address the above-mentioned questions.

2. Literature Review

2.1. Risk Management

Notably, all organizations are faced with risks due to external and internal factors outside the control of the organization (Masama 2017; Chakabva 2015; Scheuerman 2017). These risks need to be managed; thus, risk management approaches and frameworks have been developed over the years to provide a standardized approach to managing risk. Organizations were formed to develop risk management frameworks. There are several frameworks for enterprise risk management (ERM), such as the committee of sponsoring organizations commonly known as the COSO ERM integrated framework, the International Organization for Standardization known as ISO 31000 risk management framework and processes, Casualty Actuarial Society ERM framework, etc. (Andersen 2010; Kimbrough and Componation 2009). These frameworks have evolved over the years based on lessons learned from business failures and fraud. Based on prior studies, there are two commonly used approaches to manage uncertainty known as; Traditional risk management and enterprise risk management (ERM) (Hohenwarter 2014; Masama 2017; Chakabva 2015; Chakabva et al. 2020).

2.2. Risk Management in the Higher Education Sector

It has been established in the literature that all types of organizations are faced with risk stemming from strategic, operational, financial and compliance environments regardless of the economic sector (Kageyama 2014; Masama 2017). The education sector is not immune to disruptions stemming from both internal and external environments. Thus, risk management is a well-studied phenomenon in this sector as various studies concluded that HEIs have a complex risk profile as most of their risks originate within the universities due to aspects such as unpaid student loans, ineffective leadership, procurement practices, IT network integrity and student violence on campus (NACUBO 2009; Kageyama 2014). Previous studies further outlined that universities are faced with risks that are inherent to their operations, which are not faced by other types of organizations, such as observation of the quality of education, residential, infrastructure, attraction, and retention of students and collaboration with other institutions (McDaniel 2007; Kameel 2007; Wade 2011). Moreover, risks also stem from outside factors, such as competition, scrutiny from regulators, government agencies, e-learning, globalization and lack of funds to pursue strategic goals and remain competitive in the globalized environment (Wilson 2013; Chetty and Pather 2015; Moloi 2015b). According to Kageyama (2014), HEIs are resistant to change as for decades relied on the same operational model. Thus, vulnerable to disruptions, such as technological advancements, operational complexities, and globalization. Therefore, HEIs need to develop risk management strategies to manage uncertainty.
However, universities are often associated with a small city as they consist of different campuses, faculties with different heads and stakeholders, industry, and compliance requirements (Dubihlela and Ezeonwuka 2018). Thus, risk managers are challenged with the daunting task of identifying and treating complex risks throughout different campuses with different structures and procedures. Additionally, universities have a higher loss rate than industry sectors due to vandalism and lack of funds for strategic objectives. The cost of claims at universities for both financial and reputational damage can be significant due to their reliance on government subsidies, operational complexity, competitive operational environment with global players, and e-learning (Bubka and Smith 2015; Brewer and Walker 2010). Gurevitz (2009) further concluded that, although the enterprise risk management (ERM) concepts are useful for HEIs, they are frequently presented in a complicated manner and difficult to translate to the educational sector. According to NACUBO (2007), this is due to the lack of buy-in from management, clear role and objectives, lack of risk content and involvement of top management in an effective ERM program. Thus, according to Brewer and Walker (2010), universities increasingly recognize the significance of effective risk management. However, their focus has been on preventing risk from occurring and managing risk after the event, as few universities integrate risk within their quality assurance regime or strategic planning.
South Africa is home to some of the best universities in Africa, with a reputation for delivering quality in research and teaching. These universities attract students and talent from all over the globe and collaborate with international universities (Reygan 2016). Consequently, there is increasing attention and desire for South African HEIs to continue striving and producing top, skilled, competent workforce and future leaders as education has a role to play in the prosperity of the South African economy (Allais 2012). Nevertheless, in recent years South African universities have not been able to escape their fair share of challenges because of difficult operating conditions, regulatory pressure, competition due to globalization and e-learning and increasing funding uncertainties (Chetty and Pather 2015; Moloi 2016e). According to Kageyama (2014), HEIs are resistant to change as for decades relied on the same operational model. This has resulted in the recent disruptions as the new generation of students has different expectations, such as free higher education due to mass education of the previously disadvantaged races (Moloi 2016e). Thus, South African universities have been forced to change their long-term plans due to the rapid challenges and increased pressure to ensure sustainability (Moloi 2016e). Consequently, South African universities had to develop and implement response strategies to proactively manage these challenges. A significant component of this process is strengthening the ERM at universities to ensure uncertainties have been identified, assessed and strategic responses are developed to mitigate such uncertainty (Moloi 2016e).
From the above, it is deduced that HEIs have been confronted with challenges, such as lack of funding, vandalism, competition, e-learning and globalization, due to the complex and changing operational landscape, organizational culture and lack of effective leadership. In undertaking to manage risk and ensure sustainability, universities adopted risk management practices from the business sector. Universities are perceived as substantially different from other profit-generating entities and nonprofit organizations due to their strategic goals, social organization and operational complexities. Additionally, Abraham (2013) stated that many universities recognize that having an effective risk management process that is fully supported by the council increases the likelihood of achieving the university’s objectives. It also allows better allocation of resources and increases transparency in uncertain times as channels of information are within a systematic process. It can be said that risk management helps an HEI maintain its competitive edge, sustain its integrity, reputation and effectively manage risks (Rehman and Hashim 2018; Moloi 2016e; IoD 2016).

2.3. Risk Disclosures

Risk disclosure can take the form of mandatory and voluntary, with mandatory disclosure driven by regulations and compliance requirements (Moloi 2015c). In the education context, HEIs are required by the Higher Education Act No. 101 of 1997 to report on their performance and operations, including risk management practices (Moloi 2016b; RSA 1997). These disclosures are made using annual reports as the main platform to present corporate information to stakeholders outside the organization (IoD 2016). Moreover, stakeholders rely on the information contained in the disclosures to make informed decisions. Hence, the annual report is seen as a public document that allows the organization to decode information for the public to make informed decisions on the organization’s operational efficiency and sustainability (Adamu 2013a).
Both King III and King IV make recommendations for the board to comment on the integrated report on the system of risk governance. In addition, King IV requires the council to satisfy itself on the execution of its duties regarding risk management processes effectiveness and risk management practices. The annual report is used as the mode of disclosure and communication with external stakeholders. Furthermore, reporting activities by universities is administered by the Higher Education Act No. 101 of 1997 (RSA 1997) as guided by the King IV Report on corporate governance and implementation manual for annual reporting by HEIs issued by the Department of Higher Education and Training (DoE 2016; IoD 2016). The Higher Education Act provides little information on reporting requirements, such as the format and content to be disclosed in the annual report. However, reporting requirements for HEIs are covered by the implementation manual prescribed by the Department of Higher Education and Training for the regulation of annual reporting and acts as a supplementary guide for reporting (Act No. 101 of 1997). The implementation manual covers all areas of reporting ranging from financial reporting to non-financial information, and provides the format and content of required disclosures. The non-financial report is guided by King IV disclosure requirements on corporate governance. In the risk context, the implementation manual as per the Higher Education Act highlighted that the potential risk needs to be identified, and their anticipated impact on the institution should be assessed. In addition, the identified risk should be allocated to a department or risk owners to manage that risk and ensure that it is maintained in the risk register (Higher Education Act No. 101, 1997; Moloi 2015c). The Manual further highlighted that the scope of risk management within the institutions needs to be clearly defined, the individuals or committee responsible need to report at least annually on risk matters. The risk report prepared by the risk committee or chief risk officer should be included in the annual report and signed by the chair of the risk committee. Subsequently, these are consistent with the outlined frameworks, and the risk governance recommended practices as they outlined the importance of risk assessment, risk appetite, and risk governance structure through a risk committee (Act No. 101 of 1997; IoD 2016; COSO 2016; ISO 2009).
However, according to King IV (IoD 2016), the HEI’s council has the discretion to identify how King IV disclosures will be made, whether disclosures will be included in the annual report, social ethics reports, risk management report, sustainability report, online or printed reports. Thus, the governing body can choose to report on multiple platforms while avoiding duplication by simple cross-referencing. Disclosures should be updated at least once a year, formally approved by the governing body and made publicly accessible (IoD 2016).
Prior studies on risk reporting revealed that high-risk disclosures could improve transparency and confidence between the organization and stakeholders (Louw 2016; Adamu 2013b). This can be accomplished by providing stakeholders with adequate, accurate and timely information for decision-making. Thus, providing stakeholders with insufficient disclosure means management has more information than stakeholders, which is seen as dishonest as funders cannot make informed decisions. Therefore, it is in the best interest of the organization to meet stakeholders’ expectations and compliance requirements (Adamu 2013a; Louw 2016). These views are consistent with the requirements of King IV, as the King report promotes qualitative disclosure (IoD 2016).
Risk management procedures and disclosures are a widely studied phenomenon. Even so, most prior studies have explored the phenomena in the business sector due to factors, such as improved disclosures, mature overall corporate governance environment and JSE listing requirements (Adamu 2013b; Moloi 2015b; Louw 2016). Due to the recent challenges faced by South African universities, there has been substantial attention to universities and risk management specifically (Moloi 2015b). In the South African context, risk management and governance disclosures have been widely researched by Takiso Moloi in numerous studies starting from 2010. Moloi (2010) published a study directed at assessing the extent of corporate governance reporting by South African listed companies. The study assessed the 2006 annual reports of top 40 JSE listed companies for mandatory disclosures, and the results revealed that the majority of the sampled companies complied with the practices with the section of the external auditor and whistleblowing remaining the issue. Additionally, a study was published in 2011 to measure corporate governance practices by South African HEIs. This study confirmed the notion that the majority of the HEIs provided disclosure as per King II requirements. Yet, there was a lack of detailed disclosure on the application. Hence, there was room for betterment in the disclosure statements (Moloi et al. 2011).
Furthermore, a study was conducted by Moloi (2015b) to assess risk management of the top 20 listed companies in South African using King III and affirmed the previous findings, as it highlighted the lack of details on the actual practices applied. Moreover, a cross-sectoral comparison study of risk management was conducted to assess the disclosures and the outcomes demonstrated that JSE listed companies applied the King Code due to the listing requirements and shareholders with highly invested interest. The results revealed that the national government departments and HEIs have shortcomings and require much work with regards to the embedding of risk management in the key activities and organizational processes (Moloi 2016c).
A similar study by Ntim et al. (2013) explored, in the South African context, the extent of corporate governance and risk reporting disclosures before and after 2007/2008. It was concluded that risk disclosures are mostly non-financial and qualitative. In addition, there was a connection between corporate governance disclosures and board size, diversity and independence of the board. Perversely, there was a negative relationship between the extent of corporate governance and a dual board structure.
From the studies above, it is inferred that King III was used as the basis of measure through the “apply or explain” concept. Thus, detailed disclosure on the actual risk management practices was not required as long as the rule-based approach is complied with and a valid reason for non-compliance is provided to stakeholders (IoD 2009). In addition, prior studies revealed that risk management is mostly explored in the private sector, as these organizations have been exposed to corporate scandals and the global financial crisis (Masama 2017; Chakabva 2015; Pichulik 2016; Pickworth 2014; Moloi 2015a). The current most widely used risk management frameworks, COSO ERM and ISO 31,000, originate and were developed for/and by the private sector (COSO 2016; ISO 2009). Yet, there are fundamental differences in the operational environment, organizational settings, and strategic objectives in these types of organizations when compared to the higher education sector.
Various authors further outlined that most private companies, when compared with HEIs, have clear objectives, sufficient resources, and effective leaders with effective decision-making structures for implementation of business objectives (Mncube 2013; Chetty and Pather 2015). Consequently, risk management content and empirical studies are limited in the higher education sector, especially implementation as the best practices and implementation studies mostly explore the private sector (Brewer and Walker 2010; Moloi 2015a; Grobler and Horne 2017). Moreover, numerous studies confirmed the notion that risk management practices are relatively new in the higher education sector with limited empirical research (Ramirez and Christensen 2013; Grobler and Horne 2017; Andersen 2010; Moloi 2014, 2016d). The slow adoption of risk management by HEIs is largely ascribed to these institutions being known as a place of forming ideas and being resistant to change (Power 2007; Kezar and Meyer 2007). Ramirez and Christensen (2013) concluded that adopting risk management practices developed for profit-making organizations can be challenging to implement as the principles are vaguely translated due to limited risk management content in the educational sector. Thus, at times risk management practices are viewed with skepticism, and their applicability is questionable due to lack of content and operational differences. Moreover, HEIs often adopt risk management practices that are underdeveloped for their complex organizational setting with multiple campuses, faculties, and hierarchical decision structures (Moloi 2015b).
Lastly, South African studies conducted on risk management disclosure were carried out before the introduction of King IV in 2016 and based on previous King Codes (Moloi 2014; Barac and Moloi 2011; Ntim et al. 2013; Whyntie 2013; Hines et al. 2015). Hence multiple researchers highlighted a lack of detailed disclosures in annual reports on the actual risk management practices applied to govern risk. The highlighted lack of detailed disclosure is due to the previous King Codes, which were underpinned by the “Comply or Explain” requirement, as compliance and actual risk management practice disclosures were not required as long as the reason behind the non-application is provided to stakeholders (Moloi 2014; Wilkinson 2014; Barac and Moloi 2011).

2.4. Risk Governance Maturity

Risk management application differs from organization to organization as it requires time and resources for effective application as some organizations may not have the resources to apply risk management to their full extent (Wilkinson 2014). It is significant to note that governing risk does not follow an organizational life cycle approach where an organization initiates risk governance and after some time reaches good or mature governance. It is possible for a newly established organization with the right structures and systems in place to have mature risk governance, compared to an organization that has existed for years without building the right systems and structures. Therefore, risk management is subject to resource availability, commitment to good governance and not determined by organizational maturity (Rehman and Hashim 2018; Wilkinson and Plant 2012; Wilkinson 2014). Thus, organizations need to continuously assess their risk management maturity as such assessment will determine blind spots and areas of improvement in their systems of risk governance (Bhasin 2016). Consequently, in recent years there has been a demand for a framework that measures corporate governance in general and risk management to be specific (Wessels and Wilkinson 2016).
Several studies highlighted that risk maturity models consist of the following elements; (1) attributes—which refers to the qualities and characteristics, which can be associated with an organization’s risk management framework (Wilkinson and Plant 2012; Wilkinson 2014; Rehman and Hashim 2018). (2) modes of maturity—refers to the different layers of the organization’s risk governance maturity and gives a summary of the extent to which risk management framework has been implemented (Wilkinson and Plant 2012; Rehman and Hashim 2018). In addition, several studies outlined that risk maturity can be measured within a five-level approach with the levels of maturity known as nascent, emerging, integrated, predictive and advanced. These levels of maturity consist of minimum risk governance requirements for effective risk management; thus, organizations can adopt the minimum risk governance requirement and measure the extent of implementation within the five levels to identify areas of improvement (RIMS 2009; Coetzee et al. 2010; Rehman and Hashim 2018).
Figure 1 below illustrates the different modes of risk maturity and the minimum risk governance requirements within each level of maturity as guided by the risk governance attributes.
It can, therefore, be concluded that there is a need for a current study exploring risk management disclosures and risk governance maturity at HEIs in South Africa after the implementation of King IV.

2.5. Stakeholder and Legitimacy Theories and Disclosures

This section discusses theories relevant and considered for this study. Voluntary disclosures are motivated and driven by disclosure theories, such as stakeholder and legitimacy theory (Kiyanda 2014). According to the stakeholder theory, all organizations have a set of stakeholders, such as government agencies, society and investors. Therefore, they are accountable to all its stakeholders to disclose information that may be of interest to the different stakeholders (Kiyanda 2014). In the case of the educational sector, prior studies have highlighted increased scrutiny and demand for accountability and transparency by stakeholders as HEIs were faced with complex challenges threatening their objectives (Moloi 2015a). Thus, it is a moral obligation for management to provide stakeholders with adequate information on their operational activities and fulfill their social contract with society (Kiyanda 2014).
Contrary to the stakeholder theory, which focuses on the interest of stakeholders, the legitimacy theory focuses on the interest of the organization as disclosures are made to be accepted by society (Kiyanda 2014). These disclosures are widely used in social and environmental disclosure studies (De Villiers and Van Staden 2006; Kiyanda 2014). In the education sector, HEIs could be making disclosures on their operational activities and efforts to be accepted by the society they serve, as it has been discussed that HEIs are an important societal establishment. Accordingly, for this study, both stakeholder theory and legitimacy theory are viewed as applicable to this study.

3. Research Methodology

To address the research questions, the study was conducted in two phases:
Phase one: Prior studies, ERM framework, risk governance frameworks and King codes were reviewed to establish the risk management practices and the minimum governance requirements, acting as a proxy for risk governance.
Phase two: A checklist was developed using the King IV recommended practices and risk governance maturity framework based on prior studies. The checklist was deployed to conduct a qualitative content analysis of the annual reports of the sampled universities.
The study employed a qualitative content analysis method, using an exploratory research design. This approach was adopted and deemed relevant as the study aimed to explore the extent of risk management practices disclosure as recommended by King IV. As well as risk governance maturity thereof, using annual reports which are deemed official communication between organizations and external stakeholders and are qualitative in nature as King IV recommends a qualitative narrative on the application of the practices for effective risk management. A qualitative approach, therefore, allowed the researcher to comprehend the disclosure statements in the annual report. The annual reports were assessed to determine if they carried full disclosure, nondisclosure, or obscure disclosure while concurrently measuring risk governance maturity according to the disclosures made. A risk disclosure checklist was developed using the King IV reports’ 11 recommended practices for effective risk management and risk governance maturity framework. The risk disclosure checklist was employed for this study for several reasons: first, it is less expensive and allows the researcher to assess qualitatively without expensive software. Second, it allows the researcher to assess the completeness of content compared to a pre-defined set of disclosure statements.
The checklist was deployed as a data collection tool to conduct a content analysis on a total of 18 sampled annual reports, which were purposively selected within the traditional, comprehensive and university of technology categories in the South African education sector. This sample was split between two universities per category and analyzed over three years (2015–2017) for data triangulation and insights into trends over the years. The year 2015 was selected as the year of the trigger event #Feesmustfall, with 2016 as the year King IV was issued and lastly 2017 as an aftermath year to understand the risk management practice disclosures after an improved recommended practices and the introduction of “apply and explain” philosophy.
To ensure the adaptability of the results, the data analysis process was documented using excel, and the records are kept. When the content analysis was conducted, a formal approach was employed for replication and as follows:
Phase 1: getting accustomed to the annual risk reports section by conducting an in-depth reading of the report and highlight relevant disclosures.
Phase 2: the second phase consisted of a comprehensive reading of the report and answering the checklist governance statements. The disclosure statements were then recorded on the excel spreadsheet on the relevant King IV recommended practices nor minimum risk governance requirements.
Phase 3: evaluating completeness and accuracy by read-through across the years to confirm details. Once accuracy was confirmed, the data were then analyzed using excel and reported in aggregate.
Phase 4: results and visualization, comparison, insights, generating and comparison with literature to confirm or reject trends.

3.1. Assessed Annual Reports

Due to the lack of a comprehensive list of all HEIs, which are publicly funded and published their annual reports between 2015 and 2017, the time constraints of the study and the methods employed, which is labor-intensive as the researcher was required to comprehend the disclosure statements, two universities per category were selected, and three annual reports per university from 2015 to 2017 were analyzed. The sample size was deemed sufficient as all categories were presented evenly, and the researcher employed data triangulation. The reporting year was 2017, 2015, selected as the year #Feesmustfall, which is used as a trigger event started, and 2016 was selected as the year in which King IV was issued. Both 2015 and 2016 were used for comparison and trend analysis.
Table 1 below illustrates the number of annual reports assessed per category for the period under review.

3.2. Risk Management Practices Disclosures

The developed checklist was used to assess the extent of risk management practices disclosure by South African universities. To accomplish this, three categories of disclosures were created, namely, full disclosure, nondisclosure and obscure disclosure. The researcher then conducted a content analysis of the annual reports to assess if the risk management practice disclosure statement on the sampled university has full disclosures, nondisclosure, or obscure disclosures. Universities with full disclosure were marked as “yes”. Universities that did not make any disclosures on specific practices were marked as “no”, while universities that did not disclose in detail were marked as “obscure”. Lastly, all sampled universities with full disclosures were added together and presented as a percentage of “yes”, the same applied with “no” and “obscure”, respectively.

4. Results and Discussion

The checklist created comprised of two sections, namely, risk governance structure and risk management practices. The two sections consist of risk management practice disclosures as recommended by King IV for good governance.

4.1. King IV Recommended Practices

Explanation of practices evaluated as presented in result Table 2 and Table 3.
1.1The council should consider allocating the oversight role of risk governance to a dedicated committee or adding it to the responsibilities of another committee, such as the audit committee.
1.2If the audit and risk committees are separate, the Council should consider one or more members to be a member of both committees for more effective functioning.
1.3The committee for risk management should have executive and non-executive members, with the majority being non-executive members.
1.4The council should assume the responsibility to govern risk or through a dedicated committee by setting the direction for how risk should be approached and addressed in the university, including the following: the potential positives and negatives effects of the risk in the achievement of objectives.
1.5The council should treat risk as integral to the way it makes decisions and executes its duties.
1.6The council should approve policies that articulate and gives effects to its set direction on risk.
1.7The council should evaluate and agree on the nature and extent of risks that the organization is willing to take in pursuit of its strategic objectives, such as approving the universities’ risk appetite and risk tolerance.
1.8The council should delegate to management the responsibility to implement and execute effective risk management.
1.9The council should exercise ongoing oversight of risk management to ensure the following:
  • An assessment of risks and opportunities;
  • An assessment of opportunities presented by risks;
  • The design and implementation of appropriate risk responses;
  • The establishment and implementation of business continuity arrangement;
  • The integration and embedding of risk management in the business activities and culture of the university.
1.10The following should be disclosed concerning risk:
  • An overview of the arrangement for governing and managing risks;
  • Key areas of focus during the reporting period, including objectives, the key risk facing the University, as well as unexpected or unusual risk and risk taken outside the risk tolerance levels;
  • Actions were taken to monitor the effectiveness of risk management and how outcomes were addressed.
1.11The council should consider the need to receive periodic assurance on the effectiveness of risk management.

4.1.1. Risk Governance Structure

Presented in Table 2 is the risk governance structural section of the checklist, which assesses the extent of disclosures relating to the formation of the risk governance structure.
Concerning disclosures on the risk management structure, the results revealed that South African universities have disclosed information regarding their risk governance structure, as they have established risk governance structures, such as an audit—or a standalone committee, such as a risk management committee. As shown in Table 2, South African universities have applied and disclosed King IV’s risk management practices regarding their risk governance structure as applied and disclosed by over 80% of sampled universities in 2017. These universities have formed either a risk committee or audit committee. As well, on instances where the risk committee and the audit committee were separate, one member was part of both committees for effective performance. Additionally, almost 83% of the sampled university’s risk committee consisted of executive and non-executive members. According to Moloi (2015b), it does not seem like South African HEIs have embraced the idea of separate risk departments within their structures. Notably, they placed high reliance on the audit committee for risk management issues. Whyntie (2013) reasoned that having different board committees may create more layers of bureaucracy. Moreover, a study was conducted between 2003 and 2011 demonstrated that having a separate risk committee is associated with high audit fees (Hines et al. 2015). Therefore, some organization prefers an audit committee that handles both audit and risk management issues.
Nonetheless, some universities (17% of the sample) have not reformed their governance as recommended by King IV, which recommended that the audit or risk committee should be made up of both executive and non-executive members, with the majority being non-executive. These universities mentioned their risk governance committee members. However, they did not distinguish if they are executed (internal) or non-executive (external). Thus, the “obscure” disclosure.

4.1.2. Risk Management Practices

Presented in Table 3 and Figure 2 below are the results for Section two of the checklist known as risk management practices, which assess the extent of risk management practices disclosures by South African universities. All universities marked as fully disclosed were added together and presented as a percentage of “yes”. The same applied with “no” and “obscure”. Figure 2 provides insights on the trend using the comparison years.
Table 3 above summarizes risk management practice disclosures, using 2017 as the reporting year and two additional years for data comparison. To further comprehend these results, Figure 2 illustrates the disclosure trends over the years.
Regarding risk management practices disclosures, South African universities adopted, applied and explained King IV’s risk management practices as applied by more than 80% of the sampled universities. This improvement in the disclosure since prior studies can be ascribed to the King code issuance on corporate governance in South Africa, especially the King IV “apply and explain” philosophy as it promotes risk management and qualitative disclosures. Additionally, the increased detailed disclosures compensate for the limitations of previous King codes and the lack of detailed disclosures on the actual risk management practices applied as highlighted by prior studies, which were conducted before King IV was issued in 2016 (Moloi et al. 2011, 2014; Wilkinson 2014).
As shown in Table 3 above, principle 1.4 was disclosed by nearly 83% of sampled universities as the council assumed the responsibility to govern risk. Still, around 17% of sampled universities did not disclose information regarding the responsibility to govern risk. The same can be said regarding principle 1.5, as approximately 17% of sampled universities did not clearly outline that the council treats risk as integral to the way it makes decisions and executes its duties. This increased attention to managing risk is ascribed to the challenges faced by South African universities with the potential to entirely shift their operational objectives (Moloi 2015b).
Principle 1.6 relating to annual revision and approval of policies was disclosed by 66% of sampled universities, while 17% of sampled universities did not disclose whatsoever. The remaining 17% of sampled universities obscurely disclosed as they mentioned policies without outlining approval by the council. This could be due to the poor quality of disclosures and the lack of details on approval, even though practiced within the university. According to the COSO (2004), organizations should set the tone at the top by establishing a code of conduct, policies and training programs on risk and ethics. Thus, having up-to-date policies promotes an ethical environment. Moreover, the # Feesmustfall disruptions resulting in universities revising and updating their policies to enforce students to comply with institutional policies as the protest resulted in student arrests and court cases in 2016 and 2017 (Mapheta 2016). Similarly, contributing to the disclosure in 2016 and 2017 can be accredited to the maturity of risk governance adoption as per King IV and reporting requirement, which creates an ethical environment.
Regarding the definition and approval of risk appetite and tolerance level as outlined by principle 1.7, Only 50% of sampled universities had full disclosure, while the other 50% of the sampled did not make any disclosures. However, this could be due to the universities not yet adopted the recommended practices, as the preceding King codes did not have a principle or did not require an organization to define risk appetite and tolerance levels. Nevertheless, the importance of risk appetite cannot be ignored as the ERM framework, and King IV all recommend the definition of these levels so that risk can be taken within acceptable levels and monitored (PWC 2016; IoD 2016; COSO 2016; ISO 2009). Furthermore, these results are consistent with the study on annual report disclosures in the USA, Canada and Germany, which has discovered that qualitative risk disclosure is frequently compared to quantitatively and submit that organizations are struggling to quantify their risk exposure (Dobler et al. 2011).
Principle 1.8 recommends the council delegate the responsibility for the implementation of effective risk management. The results have shown that 83% of sampled universities did disclose, whereas around 17% of universities obscurely disclosed as the annual report only shown the responsibilities without outlining delegation to executive management. Relating to principle 1.9, which outlines ongoing oversights, nearly 33% of sampled universities obscurely disclosed this principle as it consisted of several recommendations. Consequently, about 67% of sampled universities partially applied and disclosed some of the requirements. Notable, the Obscure disclosure was due to factors such; the lack of business continuity plan arrangements for volatile operational environments, such as the #Feesmustfall. Integrating and embedding risk management practices within the culture and activities of the university. Moreover, even though disclosures on risk assessment were complete, assessment of opportunities presented by risk was also a challenge as it was not disclosed. Even so, according to Kageyama (2014), universities often associate with a small city as they consist of different campuses, faculties with different heads and stakeholders, industry and compliance requirements. Consequently, integrating and creating a risk culture can be challenging, especially for previously divided organizations due to their past.
Furthermore, King IV, through principle 1.10, recommends the annual reports to provide a risk governance overview. This requirement was disclosed by 100% of the sampled universities as they outlined the formation of the risk committee, conducted risk assessment workshops and monitored risk within established reporting structures for communication. Lastly, 100% of the sampled universities received periodic assurance on the effectiveness of their risk management processes as outlined by principle 1.11.
Although King IV was not yet issued in 2015, it is important to note that some principles were already being implemented by the sampled universities as King IV was an expansion and improvement of previous King codes. As shown in Figure 2, in 2015, 100% of sampled universities disclosed principle 1.4 compared to 100% and 83% of sampled universities in 2016 and 2017, respectively. In addition, 80% of sampled universities disclosed principle 1.5 compared to 83% in both 2016 and 2017. Relating to the approval revision and approval of policies as outlined by principle 1.6, the results revealed 60% disclosure by the sampled universities in 2015 and 83% in 2016. King IV was introduced, and #Feesmustfall started in 2015. Therefore, most universities in 2016 strengthened their policies and procedure, though the disclosure declined to 66% in 2017. Additionally, the years 2015 and 2016 displayed a higher nondisclosure relating to principle 1.7 as 80% and 83% of sampled universities did not make disclosures in the respective years. This is due to the requirements of developing and approving risk appetite and tolerance level only coming into existence in 2016. Therefore, most universities had not adopted compared to 2017, where it was only 50% nondisclosure.
Moreover, principle 1.8 revealed that about 80% of sampled universities disclosed in 2015 as compared to 100% in 2016 and 83% in 2017. At the same time, the year 2017 showed an obscure disclosure relating to principle 1.9 at 33% of sampled universities and 60% in 2015 and 83% in 2016 showed a correspondingly significant improvement ascribed to the adoption and application of King IV maturing.
Noteworthy, South African universities disclosed the recommended practices they adopted and applied as over 80% of sampled universities disclosed most of the recommended practices. This demonstrates compliance with the higher education act reporting guidelines and the Higher Education Act No. 101 of 1997 and King IV (RSA 1997; IoD 2016). However, there were still some challenges, such as disclosures on the annual revision and approval of policies by the council as it has shown a 67% disclosure by the sampled universities in 2017. According to Akyar (2014), for an ethical environment to exist, the board should frequently revise and approved policies and procedures to reflect on the actual practices and principles at the university. There was also a lack of disclosure on risk appetite and risk tolerance level, though it has improved when compared to previous years. Thus, far it still showed that 50% of sampled universities did not disclose. These results are an improvement from prior studies, but still consistent with the findings of Moloi (2015b) as asserted that the determination, monitoring of risk appetite and risk tolerance levels are of concern in South African universities as 95% of sampled universities were silent on these in their annual reports in 2014.
Lastly, approximately 33% of the sampled universities obscurely disclosed principle 1.9 as it consisted of a number of requirements. Notable, the lack of disclosure relating to the assessment of opportunities, business continuity arrangements, integrating risk management into daily activities and culture of the universities were the challenges, which were not disclosed. Arguably, this is due to some universities not yet have developed business continuity plans in 2015 and 2016. However, disruptions, such as #Feesmustfall, gave rise to disclosures, such as the risk of disruption and vandalism, which were of concern by the universities. Thus, some universities were considering developing business continuity and contingency arrangements. Hence, the increase to 50% of sampled universities in 2017. According to ContinuitySA (2018) strategic and future-oriented organization develops contingency plans to recover its operations under volatile conditions; thus, the lack of disclosure on business continuity plans confirms that South African universities were not prepared for events, such as #Feesmustfall as they have not yet developed their contingency plans for volatility.

4.2. Risk Governance Maturity

While risk management practice disclosures were being assessed concurrently, the risk governance maturity was assessed using a checklist, which comprised of risk governance maturity levels and the minimum risk governance requirements. The minimum requirements were assessed whether it has been incorporated and were presented as a percentage of “yes” and “no”. See Table 2 for detailed levels and requirements.
The results revealed that South African universities governed risk by applying the minimum risk governance requirements as recommended by risk management maturity frameworks and the King IV recommended practices. Moreover, it was observed that the sampled universities are mature beyond the Nascent and Emerging risk governance maturity levels. This was evidenced by over 80% of the sampled universities incorporating the majority of the minimum risk governance requirements as per integrated-level 3. This is attributed to some universities, which applied minimum requirements for predictive level 4 and advanced level 5. Similarly, for the integrated level, most of the minimum risk governance requirements are incorporated by over 80% of the sampled universities.
Notwithstanding, there were challenges, such as adopting risk appetite, which was incorporated by only 50% of the sampled universities. Moreover, there is a lack of sufficient information or disclosure, which resulted in 100% of sampled universities not incorporating key risk indicators and cost versus benefit analysis for all risk response strategies (Dubihlela and Ezeonwuka 2018). These challenges were also highlighted by Dobler et al. (2011). As discussed above, there is an increased qualitative disclosure with organizations struggling on quantitative disclosures because of a lack of quantification of risk exposure. Further confirmed by Moloi (2015b) as highlighted that the determination and monitoring of risk appetite and risk tolerance levels are of concern in the South African higher education sector as 95% of sampled universities were silent on the determination and approval of risk appetite and tolerance level at that time. One more lack of incorporation was about developing, executing, and testing business continuity plans as 50% of sampled universities did not have these plans in place. Even though they disclosed that they are considering developing contingency plans given the #Feesmustfall disruption. This lack of business continuity plan was also highlighted by Moloi (2015b) as asserted that most South African universities were not prepared for the #Feesmustfall disruptions as their risk management practices, such as business continuity plans and emergency plans, could not keep up with the student disruption. Thus, most universities found themselves not able to conduct final exams in 2015 as they could not recover their critical functions to operate under volatile conditions. Hence, Moloi (2016d) concluded that these universities were not prepared for events, such as #Feesmustfall, which utterly shifted their strategic objective, and some universities were unable to resume operation due to the disruptions and complete the academic year.
Risk appetite and tolerance levels were incorporated by 66% of sampled universities to govern risk. Resulting in unexpected and emerging risks not tracked by 50% of sampled universities. The lack of tracking on the unusual risk taken outside tolerance levels is attributed to the lack of risk appetite, tolerance levels and quantifications. Lastly, training on risk management was not conducted by 80% of sampled universities as per the annual report, and 67% of sampled universities were monitoring their risk management processes for effectiveness and received periodic assurance. According to Andersen and Terp (2006), risk training for risk awareness can assist an organization with integrating risk in the organization’s culture.
Therefore, it can be concluded that South African universities are at the integrated level of maturity but improving to predictive and advanced level of risk governance maturity (Table 4). This is because some universities have started applying minimum requirements in levels 4 and 5. Almost 67% of sampled universities were already linking risk with their strategic objective and vision. Moreover, 50% of sampled universities embedded risk management or looking at embedding it into strategic planning, capital allocation and decision-making. This is supported by Moloi (2014) highlighted that South African HEIs had demonstrated some better practices with regards to the day-to-day integration of risks to the university activities as well as embedding of risk management systems and practices by management to deliver on the council’s strategy as 68% of South Africa’s HEIs indicated that they practiced it.

5. Conclusions

The main aim of this paper was to assess the extent of risk management practice disclosures of South African universities and risk governance maturity thereof. The study used #Feesmustfall as a trigger event. This was also at the back of the introduction of King IV in 2016, which came with the “apply and explain” concept requiring organizations to disclose sufficient and relevant information for applied recommended practices. Furthermore, the study was motivated by the lack of research on risk management in the education sector in the South African context, to be specific. The results revealed that South African universities have mostly applied and explained their risk management practices and improved given King IV’s issuance. Hence, it can be concluded that the study filled the gap highlighted by prior studies as it contributes to the identified gap on risk management and risk governance empirical studies in the South African context and the higher education sector specifically. Thus, provides unique insights into the application and disclosure of risk management practices in the education sector and submits an understanding of the risk governance maturity in the South African context. That is unparalleled as the study used King IV, unlike prior studies that were either from other countries, the public or private sector or uses King codes and highlighting a lack of detailed disclosure due to the “apply or explain” philosophy. Lastly. The study provides an interesting view on the impact of social events, such as protests on risk management practices employed and further supports the notion of how legislative accounting practices echo stakeholder, societal expectations, and the potential to transform organizational practices.

5.1. Implications of the Study

The study further contributes to the body of risk management through theoretical implications as it provides new insights into the application and disclosures of risk management practices in the education sector to fill the identified gap. In addition, the study provides an understanding of risk governance arrangements and maturity by South African universities. The findings of the study are of significance to academics, which may replicate this exploratory study in other sectors to confirm the validity of the findings and methodologies using the developed checklist to set a foundation to assess King IV disclosures utilizing other methods that are quantitative and cover a larger sample size. Regarding practical implications, the findings of the study have implications to risk practitioners and policies. The findings of this study are significant in assisting risk practitioners and managers to better understand risk management requirements and disclosure perimeters within the higher education context. Furthermore, the study highlights the different approaches to assess risk governance maturity and the best practices to achieve continuous improving risk governance maturity. Therefore, practitioners can use the guidelines to assess their environment and completeness of risk disclosures in their annual reports.
Concerning policy implications, the findings could be significant to the Department of Education, as it governs reporting requirements through the reporting manuals and implementation for HEIs. The department can identify gaps in the disclosures and application of the risk management practices by revising its reporting guidelines and implementation manuals. Moreover, the challenges and gaps identified in the reporting practices can be addressed by imposing certain transparent requirements on disclosures in the annual reports as even though the universities use the same guidelines and manuals, they report differently and at the discretion of the specific institution. Additionally, even though King IV is the main framework for governance, including risk governance. There are shortcomings heightened as it only recommended practices to be applied for effective risk governance without providing for criteria to measure the maturity of the applied practices and assess the completeness of disclosures. Thus, the Institute of Directors Southern African can use the gaps frequently highlighted by researchers and this study to expand the scope to measure maturity as King Codes are the main framework for corporate governance and risk governance, to be specific. It is important to note that King Code is non-legislative and is based on principles and practices. Therefore, to promote good governance and sustainability, the principles should be integrated into the companies’ Act to enforce good governance principles, such as business continuity plans for sustainability.

5.2. Limitations of the Study

Although a detailed process was followed in designing the research methodology and performing the study to ensure adequate coverage and reduce potential limitations, however, the following limitations have been identified: First, the study employed content analysis using annual reports as published by the South African universities. Therefore, risk disclosure statements in the annual reports may not reflect the actual risk management practices applied as some information may not be disclosed due to their sensitivity and being of a strategic nature. Second, content analysis as a research method relies on the quality of the annual report; hence, risk management disclosure may be incomplete and overlook significant information resulting in the researcher not able to conclude on the extent of disclosure or maturity for the specific practices omitted. Third, the study uses King IV as a corporate governance framework that recommends the best practices for effective risk management. Although, King IV improved on King III’s “apply or explain” philosophy to proceed beyond a compliance “tick box” mindset to “apply and explain” philosophy, which is an outcome-based best practice. Still, King IV does not have the legislative powers to enforce adoption and disclosures, relying on regulatory bodies to enforce the recommended practices.
Fourthly, the study is delineated to South African universities and industry-specific. Therefore, its findings may not be generalizable to other sectors, privately funded HEIs, and other countries due to differences in legislation, strategic objectives and operating environment. Therefore, the findings may require further studies to be conclusive. Lastly, the time-frame or “constraints” of the study, the use of qualitative content analysis, which is known as labor or time-consuming resulting in data coding errors or personal biases and the use of a nonprobability, purposive sampling approach, which can result in the sample size becoming unrepresentative of the population. However, to address this, the researcher used data triangulation methods for consistency and comparison and ensured all South Africa university categories were represented evenly.

5.3. Future Research

The study highlighted some limitations and paved the way for the suggestion for potential future research:
  • The study only assesses the extent of disclosures by universities; a study can be conducted, including colleges and private universities, which are not publicly funded to establish if the same conclusion can be reached by applying the same methods;
  • The study was conducted using content analysis, which is labor-intensive, resulting in 18 annual reports being assessed for the period under review. A future study could be conducted using a questionnaire and collect primary data from the universities. One of the limitations of using annual reports is reliance on disclosure and working on the assumption that disclosure represents actual practices at university. Therefore, primary data collection will address such limitations;
  • This study used a qualitative approach; a study can be developed using a quantitative methodology to cover a larger population and sample.

Author Contributions

The material of this study was conducted with the intention of I.S. pursuance of his master’s degree in Internal Auditing, a co-supervised collaboration between J.D. (principal supervisor) and L.B. (co-supervisor. Both supervisors significantly contributed to the research conceptualization and further collaborated as supervisors. Their duties were to assist with the completion of the research project, conduct all reviews and guide the direction of the research project, the data analysis and overall academic write-up. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable as the study was conducted utilizing sourced data by way of content analysis.

Data Availability Statement

Data and reports for the public universities in South Africa is archived with the auditor general and publicly available. The data supporting reported data is presented in Table 1, Table 2, Table 3 and Table 4 as presented in the study.

Acknowledgments

Authors appreciate the Cape Peninsula University of Technology for the literary resources and the research opportunity provided. Dubihlela and Botha spared their time and support from demanding academic duties to offer guidance during this research study.

Conflicts of Interest

The authors would like to declare that there are no potentials conflict of interest, nor are there any personal circumstances or interests that may be perceived as inappropriately influencing the representation or interpretation of reported research results.

References

  1. Abraham, Janice. 2013. Risk Management: An Accountability Guide for University and College Boards, 1st ed. Washington, DC: Association of Governing Boards of Universities and Colleges and United Educators, p. 148. [Google Scholar]
  2. Adamu, Musa Uba. 2013a. Risk Reporting: A Study of Risk Disclosures in the Annual Reports of Listed Companies in Nigeria. Research Journal of Finance and Accounting 4: 140–47. [Google Scholar]
  3. Adamu, Musa Uba. 2013b. The Need for Corporate Risk Disclosure in the Nigerian Listed Companies Annual Reports. IOSR Journal of Economics and Finance 1: 15–21. [Google Scholar] [CrossRef]
  4. Association for Federal Enterprise Risk Management (AFERMS). 2018. Federal Enterprise Risk Management 2018 Survey Results, AFERM—Association for Federal Enterprise Risk Management. Available online: https://www.aferm.org/2018/10/26/erm-survey-results/ (accessed on 12 March 2019).
  5. Akyar, Isin. 2014. Corporate governance and risk management. Australian Journal of Accounting 31: 31–38. Available online: http://www.oecd.org/daf/ca/risk-management-corporate-governance.pdf (accessed on 5 September 2019).
  6. Allais, Stephanie. 2012. Will skills save us? Rethinking the relationships between vocational education, skills development policies, and social policy in South Africa. International Journal of Educational Development 32: 632–42. [Google Scholar] [CrossRef]
  7. Andersen, Torben Juul. 2010. Strategic Risk Management Practice, 1st ed. London: Cambridge University Press. [Google Scholar]
  8. Andersen, Karsten, and Anette Terp. 2006. Risk management. In Perspectives on Strategic Risk Management. Edited by Torben Juul Andersen. Copenhagen: Copenhagen Business School Press. [Google Scholar]
  9. Assar, Raid, Redouane El Amrani, and Richard Watson. 2010. ICT and Education: A Critical Role in Human and Social Development. Available online: https://www.semanticscholar.org/paper/ICT-and-education%3A-A-critical-role-in-human-and-Assar-Amrani (accessed on 20 June 2019).
  10. Barac, Karin, and Tankiso Moloi. 2011. Assessment of corporate governance reporting in the annual report of South African listed companies. South African Journal of Accountability and Auditing Research 10: 19–31. [Google Scholar]
  11. Bhasin, Madan Lal. 2016. Contribution of forensic accounting to corporate governance: An exploratory study of an Asian country. International Business Management 10: 479–92. [Google Scholar] [CrossRef]
  12. Botha, Lise. 2019. Relevant internal audit skills for the future: An evaluation of current curricula. Paper presented at International Conference on Business and Management Dynamics, Swakopmund, Namibia, September 2–4. [Google Scholar]
  13. Brewer, Gene, and Richard Walker. 2010. Explaining variation in perceptions of red tape: A professionalism-marketization model. Public Administration 88: 418–38. [Google Scholar] [CrossRef]
  14. Bubka, Mary Ann, and Heather Smith. 2015. Best Practices in Risk Management for Higher Education: Addressing the What If Scenarios. Technical Report, PMA Companies. Risk Management in Universities. Available online: https://www.researchgate.net/publication/321746840_Risk_Management_in_Universities (accessed on 30 March 2020).
  15. Chakabva, Oscar. 2015. The Effectiveness of Risk Management Practices of the Small, Medium, and Micro Enterprises (SMMEs) which Provide Microfinance in the Cape Metropole, South Africa. Cape Town: Cape Peninsula University of Technology. [Google Scholar]
  16. Chakabva, Oscar, Robertson K. Tengeh, and Jobo Dubihlela. 2020. A holistic assessment of the risks encountered by fast-moving consumer goods SMEs in South Africa. Entrepreneurship and Sustainability Issues 7: 33–21. [Google Scholar] [CrossRef]
  17. Chetty, Rajendra, and Sue Pather. 2015. Challenges in Higher Education in South Africa. In Telling Stories Differently. Engaging 21st Century Students through Digital Storytelling. Edited by Janet Condy. Stellenbosch: Sun Media, pp. 1–6. [Google Scholar]
  18. Coetzee, Philna, Barac Karin Erasmus, Lourens Fourie, Houdini Motubatse, Nebbel Plant, Kato Steyn, and Blanche Van Staden. 2010. iKUTU Research Report: The Current Status of and Demand for Internal Auditing in South African Listed Companies. Available online: www.up.ac.za/media/shared/Legacy/sitefiles/file/2013ikutureport.pdf (accessed on 27 October 2018).
  19. ContinuitySA. 2018. Business Continuity Challenges in the Public Sector and How to Overcome Them. Available online: https://www.continuitysa.com/business-continuity-challenges-in-the-public-sector-and-how-to-overcome-them/ (accessed on 2 August 2020).
  20. Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2004. Enterprise Risk Management—Integrated Framework. Executive Summary, September 2004. Committee of Sponsoring Organizations of the Treadway Commission. Available online: https://www.coso.org/Documents/COSO-ERM-Executive-Summary.pdf (accessed on 11 April 2018).
  21. Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2016. Enterprise Risk Management: Aligning Risk with Strategy and Performance. New York: Committee of Sponsoring Organizations of the Treadway Commissions (COSO). [Google Scholar]
  22. De Villiers, Charl, and Chris Jansen Van Staden. 2006. Can less environmental disclosure have a legitimising effect? Evidence from Africa. Accounting Organisations and Society 31: 763–81. [Google Scholar] [CrossRef]
  23. Dobler, Michael, Kaouthar Lajili, and Daniel Zeghal. 2011. Attributes of Corporate Risk Disclosure: An International Investigation in the Manufacturing Sector. Journal of International Accounting Research 10: 1–22. [Google Scholar] [CrossRef]
  24. Department of Education (DoE). 2016. Higher Education Act: Reporting and Implementation Guidelines for Public Higher Education Institutions; No. 301232, Notice 1002. Pretoria: Government Gazette, November 29.
  25. Dubihlela, Job, and Anthony Ezeonwuka. 2018. Compliance risks and business performance of selected South African retail stores: The case of emerging markets. Acta Universitatis Danubius Œconomica 14: 156–67. [Google Scholar]
  26. Grobler, Anton, and Andre Leonard Horne. 2017. Conceptualisation of an Ethical Risk Assessment for Higher Education Institutions. South African Journal of Higher Education 31: 154–71. Available online: http://search.ebscohost.com/login.aspx?direct=true&db=ehh&AN=123135709&site=ehost-live (accessed on 28 November 2019). [CrossRef] [Green Version]
  27. Gurevitz, Susan. 2009. Manageable risk. University Business 12: 39–42. [Google Scholar]
  28. Hines, Christopher, Adi Masli, Elaine G. Mauldin, and Gary F. Peters. 2015. Board risk committees and audit pricing. Auditing. A Journal of Practice & Theory 34: 59–84. [Google Scholar] [CrossRef]
  29. Hohenwarter, Ahren. 2014. Enterprise Risk Management vs. Traditional Risk Management—The Same … But Different. Available online: http://www.enterpriseriskmgt.com/boots-on-the-street-erm-vs-trm-the-same-but-different (accessed on 25 March 2019).
  30. Institute of Directors (IoD). 2009. King Report on Corporate Governance for South Africa. Johannesburg: Institute of Directors in Southern Africa, Available online: http://www.iodsa.co.za/?kingIII (accessed on 8 December 2018).
  31. Institute of Directors (IoD). 2016. King Report on Corporate Governance for South Africa. Johannesburg: Institute of Directors in Southern Africa. [Google Scholar]
  32. International Organization for Standardization(ISO). 2009. ISO 31000:2009: Risk Management—Principles and Guidelines. Available online: https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-1:v1:en (accessed on 3 December 2018).
  33. Johannesburg Stock Exchange (JSE). 2016. 20170320 March Quarterly Index Paper Review Market. Available online: https://www.jse.co.za/content/JSEIndexReviewItems/20151221%20December%20Quarterly%20Index%20Review%20Paper%20Market%20UPDATED.xlsx (accessed on 10 March 2018).
  34. Kageyama, Aiko. 2014. The Implementation Process of Enterprise Risk Management in Higher Education Institutions. International Review of Business 14: 61–80. [Google Scholar]
  35. Kameel, Abdul Halim. 2007. Developing a Formal and Integrated Risk Management Framework in the Higher Education Sector: A Case Study on the University of Nottingham. Available online: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.474.1692&rep=rep1&type=pdf (accessed on 25 March 2018).
  36. Kevin, O’Brien. 2010. Road to Equality in South African Education: A Qualitative Study. Master’s thesis, Dominican University of California, San Rafael, CA, USA; p. 115. [Google Scholar]
  37. Kezar, Edward, and John Watson Meyer. 2007. ‘The University in Europe and the World: Twentieth-Century Expansion’, Towards a Multiversity? Universities between Global Trends and National Traditions. Bielefeld: Transcript Verlag, pp. 97–102. [Google Scholar]
  38. Kimbrough, R. L., and Paul Componation. 2009. The Relationship between Organizational Culture and Enterprise Risk Management. Engineering Management Journal 21: 18–26. [Google Scholar] [CrossRef]
  39. Kiyanda, Patrick. 2014. Corporate Disclosure Quality—A Comparative Study of Botswana and South Africa. Master’s thesis, University of South Africa, Cape Town, South Africa. [Google Scholar]
  40. Louw, Marike. 2016. The Contribution of Risk Governance and Disclosure in Integrated Annual Reporting to Risk Management. Master’s thesis, Gordon Institute of Business Science, University of Pretoria, Pretoria, South Africa. [Google Scholar]
  41. Mapheta, Totseti. 2016. On the Frontline in a Battle Waged against Themselves. Sunday Times, October 16. [Google Scholar]
  42. Masama, Bruce. 2017. The Utilisation of Enterprise Risk Management in Fast-Food Small, Medium, and Micro-Enterprises Operating in the Cape Peninsula. Cape Town: Cape Peninsula University of Technology. [Google Scholar]
  43. McDaniel, Mark Anthony. 2007. Test and test feedback as learning sources. Contemporary Educational Psychology 16: 192–201. [Google Scholar] [CrossRef]
  44. McShane, Michael, Nair Anil, and Rustambekov Elzotbek. 2011. Does enterprise risk management increase firm value? Journal of Accounting, Auditing & Finance 26: 641–58. [Google Scholar]
  45. Mncube, Vusi. 2013. ‘Learners’ democratic involvement in school governing bodies in South Africa: Making the voice of the voiceless heard. SA Journal of Education 10: 1–24. [Google Scholar]
  46. Moloi, Tankiso. 2010. Assessment of Corporate Governance Reporting in the Annual Reports of South African Listed Companies. Available online: https://www.semanticscholar.org/paper/Assessment-of-corporate-governance-reporting-in-the-Barac-Moloi/576b3d0ffc93ef324f75245859565402c55a6656 (accessed on 30 December 2019).
  47. Moloi, Tankiso. 2014. Leading external and internal indicators of credit risk in the top South African banks. Risk Governance and Control: Financial Markets & Institutions 4: 51–65. [Google Scholar]
  48. Moloi, Tankiso. 2015a. A critical examination of risks disclosed by South African mining companies’ pre and posts Marikana event. Problems and Perspectives in Management 13: 167–75. [Google Scholar]
  49. Moloi, Tankiso. 2015b. Disclosure of risk management practices in the top 20 South Africa’s listed companies: An annual/integrated report disclosure analysis. Corporate Ownership and Control 2015: 928–35. [Google Scholar] [CrossRef] [Green Version]
  50. Moloi, Tankiso. 2015c. Critical analysis of audit committee reporting in national government departments: The case of South Africa. Central European Public Administration Review 13: 67–68. [Google Scholar] [CrossRef]
  51. Moloi, Tankiso. 2016a. Risk management practices in the South African public service. African Journal of Business and Economic Research 11: 17–43. [Google Scholar]
  52. Moloi, Tankiso. 2016b. Key mechanisms of risk management in South Africa’s National Government Departments: The Public Sector Risk Management Framework and the King III benchmark. International Public Administration Review 14: 37–52. [Google Scholar]
  53. Moloi, Tankiso. 2016c. A cross-sectoral comparison of risk management practices in South African organizations. Problems and Perspectives in Management 14: 99–106. [Google Scholar] [CrossRef] [Green Version]
  54. Moloi, Tankiso. 2016d. Exploring risks identified, managed and disclosed by South Africa’s Public Higher Education Institutions (HEIs). Journal of Accounting and Management 6: 55–70. [Google Scholar]
  55. Moloi, Tankiso. 2016e. Governance of risks in South Africa’s public higher education institutions (HEIs). Investment Management and Financial Innovations 13: 226–34. [Google Scholar] [CrossRef]
  56. Moloi, Tankiso, Marx Ben, and Barac Karen. 2011. Corporate governance practices at South African higher education institutions: An annual report disclosure analysis. Journal of Economic and Financial Sciences 4: 317–32. [Google Scholar]
  57. National Association of College and University Business Officers (NACUBO). 2007. Meeting the Challenges of Enterprise Risk Management in Higher Education. Available online: https://files.eric.ed.gov/fulltext/ED524480.pdf (accessed on 24 July 2018).
  58. National Association of College and University Business Officers (NACUBO) and the Association of Governing Boards of Universities and Colleges. 2009. Meeting the Challenges of Enterprise Risk Management in Higher Education. Available online: http://www.ucop.edu/enterprise-risk-management/_files/agb_nacubo_hied.pdf (accessed on 30 June 2018).
  59. Nongxa, Loyiso. 2010. An (engaged) response to Hall’s paper: ‘Community engagement in South African higher education’. In Community Engagement in South African Higher Education. Kagisano No. 6. Pretoria: Council on Higher Education. [Google Scholar]
  60. Ntim, Collins G., Sarah Lindop, and Dennis A. Thomas. 2013. Corporate Governance and Risk Reporting in South Africa: A Study of Corporate Risk Disclosures in the Pre- and Post-2007/2008 Global Financial Crisis Period. International Review of Financial Analysis 30: 363–83. Available online: https://www.researchgate.net/publication/259142437_Corporate_Governance_and_Risk_Reporting_in_South_Africa_A_study_of_corporate_risk_disclosures_in_the_pre-_and_post-20072008_global_financial_crisis_periods (accessed on 5 September 2019). [CrossRef]
  61. Pichulik, Marry. 2016. The Irony of Lonmin—An Award-Winning Sustainable Investment. Available online: http://www.dailymaverick.co.za/opinionista/2012-08-27-the-irony-of-lonmin-an-award-winning-sustainable-investment/#.V-ZArTV9CXd (accessed on 25 May 2019).
  62. Pickworth, Evan. 2014. Risk Management Systems Highlighted by African Bank Failure. Available online: http://www.bdlive.co.za/business/financial/2014/09/10/risk-management-systems-highlighted-by-African-bank-failure (accessed on 25 May 2019).
  63. Power, Michael. 2007. Organized Uncertainty. Designing a World of Risk Management. Oxford: Oxford University Press. [Google Scholar]
  64. Pricewaterhouse Coopers (PWC). 2016. Governance of Risk. Available online: https://www.pwc.co.za/en/assets/pdf/governance-of-risk.pdf (accessed on 25 October 2018).
  65. Rajab, Bassam, and Morrison Handley-Schachler. 2009. Corporate risk disclosure by UK firms: Trends and determinants. World Review of Entrepreneurship, Management and Sustainable Development 5: 224–43. [Google Scholar] [CrossRef] [Green Version]
  66. Ramirez, Francisco, and Tom Christensen. 2013. The formalization of the university: Rules, roots, and routes. Higher Education 65: 695–708. Available online: https://www.jstor.org/stable/23481592?seq=1#metadata_info_tab_contents (accessed on 12 April 2020).
  67. Rehman, Ali, and Fathyah Hashim. 2018. Corporate Governance Maturity and Its Related Measurement Framework. Paper presented at 5th International Conference on Accounting Studies (ICAS 2018), Penang, Malaysia, October 16–17. [Google Scholar]
  68. Reygan, F. 2016. Teaching About Sexual and Gender Diversity and Challenging Homophobia/Transphobia in the South African School System. In Sexual Orientation, Gender Identity, and Schooling: The Nexus of Research, Practice, and Policy. Edited by Stephen T. Russell and Stacey S. Horn. Oxford: Oxford University Press, p. 165. [Google Scholar]
  69. Risk and Insurance Management Society (RIMS). 2009. RIMS Risk Maturity Model (RMM) for Enterprise Risk Management. Available online: http://www.logicmanager.com/pdf/rims_rmm_executive_summary.pdf (accessed on 4 March 2019).
  70. RSA. 1997. Higher Education Act. Republic of South Africa (RSA). Constitution of the Republic of South Africa. [Google Scholar]
  71. Scheuerman, Suzan. 2017. Traditional Risk Management vs. Enterprise Risk Management: Which Approach Is the Best Choice for Your Company? Available online: https://www.mondaq.com/unitedstates/securities/636120/traditional-risk-management-vs-enterprise-risk-management-which-approach-is-the-best-choice-for-your-company (accessed on 14 July 2020).
  72. Wade, Jared. 2011. Safeguarding the Ivory Tower. Risk Management 30. Available online: http://www.rmmagazine.com/2010/09/01/safeguarding-the-ivory-tower (accessed on 2 November 2019).
  73. Wessels, Hendrik Marius, and Naomi Wilkinson. 2016. Assessing organisational governance maturity: A retail industry case study. Risk Governance and Control: Financial Markets & Institutions 6. Available online: https://virtusinterpress.org/ASSESSING-ORGANISATIONAL.html (accessed on 12 May 2020).
  74. Whyntie, Peter. 2013. Pros and Cons of a dedicated risk committee. Keeping Good Companies 65: 400–2. [Google Scholar]
  75. Wilkinson, Naomi. 2014. A Framework for Organizational Governance Maturity: An Internal Audit Perspective. Ph.D. Thesis, University of Pretoria, Pretoria, South Africa. Available online: https://repository.up.ac.za/bitstream/handle/2263/43563/Wilkinson_Framework_2014.pdf;sequence=4 (accessed on 18 March 2018).
  76. Wilkinson, Naomi, and Kato Plant. 2012. A framework for the development of an organisational governance maturity model: A tool for internal auditors. Southern African Journal of Accountability and Auditing Research 13: 19–31. [Google Scholar]
  77. Wilson, Richard. 2013. Managing Risk. Inside Higher Education. Available online: https://www.insidehighered.com/blogs/alma-mater/managing-risk (accessed on 15 January 2020).
Jrfm 14 00195 g001 550
Figure 1. Risk governance maturity requirements per level (Association for Federal Enterprise Risk Management (AFERMS) 2018).
Figure 1. Risk governance maturity requirements per level (Association for Federal Enterprise Risk Management (AFERMS) 2018).
Jrfm 14 00195 g001
Jrfm 14 00195 g002 550
Figure 2. Risk management practice disclosure.
Figure 2. Risk management practice disclosure.
Jrfm 14 00195 g002
Table
Table 1. Assessed annual reports by category.
Table 1. Assessed annual reports by category.
CategoriesNumber of Annual Reports Assessed
201520162017
Traditional universities222
Comprehensive universities222
Universities of technology222
Total666
Table
Table 2. Risk governance structure disclosures.
Table 2. Risk governance structure disclosures.
KING IV201720162015
FullNonObscureFullNonObscureFullNonObscure
1.1100%0%0%100%0%0%100%0%0%
1.2100%0%0%100%0%0%100%0%0%
1.383%0%17%100%0%0%100%0%0%
Table
Table 3. Risk management practices disclosures.
Table 3. Risk management practices disclosures.
KING IV201720162015
FullNonObscureFullNonObscureFullNonObscure
1.483%0%17%100%0%0%100%0%0%
1.583%17%0%83%17%0%80%0%20%
1.666%17%17%83%17%0%60%40%0%
1.750%50%0%33%67%0%20%80%0%
1.883%0%17%83%0%17%80%20%0%
1.967%0%33%17%0%83%40%0%60%
1.10100%0%0%67%0%33%100%0%0%
1.11100%0%0%100%0%0%100%0%0%
Table
Table 4. Risk governance maturity.
Table 4. Risk governance maturity.
Minimum Requirements Incorporation Years
201720162015
NOLevels of MaturityRisk Governance Minimum Requirement per LevelYesNoYesNoYesNo
5.1Level 5-AdvancedRisk are embedded strategic planning, capital allocation and in daily decision making100%0%50%50%20%80%
5.2Level 5-AdvancedKey risk indicators are established0%100%0%100%0%100%
5.3Level 5-AdvancedRisk are linked are linked to the strategic objectives67%33%67%33%40%60%
5.4Level 5-AdvancedRisk root causes analysis is conducted0%100%0%100%0%100%
5.5Level 5-AdvancedRisk management practices are monitored, and areas of improvement are identified, and improvement are implemented67%0%67%33%80%20%
5.6Level 5-AdvancedBusiness continuity is developed, tested and lesson learnt are recorded and improved for effectiveness.0%100%0%83%0%100%
4.1Level 4-PredictiveRisk management is embedded in the university as whole.50%50%67%33%20%80%
4.2Level 4-PredictiveSingle view of risk across the organization and risk management processes are institutionalized100%0%83%17%60%40%
4.3Level 4-PredictiveAll Business units drive implementation through risk owners/Risk Champions83%17%83%17%80%20%
4.4Level 4-PredictiveBusiness continuity is established and implemented, testing and exercises are conducted using recovery strategies.0%100%0%100%0%100%
4.5Level 4-PredictiveRisk are assessed and quantified periodically 100%83%17%83%0%100%
4.6Level 4-PredictiveUnexpected or unusual risk and risk taken outside the risk tolerance levels are identified and monitored50%50%0%100%20%80%
3.1Level 3- IntegratedThere is committee delegated with the responsibility to govern risk100%0%100%0%100%0%
3.2Level 3- IntegratedERM program is endorsed by the Council 0%100%0%100%0%100%
3.3Level 3- IntegratedRoles and responsibilities are well defined for accountability100%0%83%17%100%0%
3.4Level 3- IntegratedRisk Management is integral part of day to day activities83%17%83%17%80%20%
3.5Level 3- IntegratedTraining on risk management is conducted33%67%50%50%0%80%
3.6Level 3- IntegratedCouncil approved policies that articulates and gives effects to its set direction on risk83%17%83%17%60%40%
3.7Level 3- IntegratedRisk appetite and tolerance level are defined and approved by the Council 33%67%17%83%20%80%
3.8Level 3- IntegratedAn assessment of risks and opportunities are conducted67%33%67%33%20%80%
3.9Level 3- IntegratedAn assessment of opportunities presented by risks is conducted17%83%0%100%20%80%
3.1Level 3- IntegratedAppropriate risk responses are designed and implemented100% 100%0%100%0%
3.11Level 3- IntegratedCost vs. Benefit is considered for all risk response strategies0%100%0%100%0%100%
3.12Level 3- IntegratedBusiness Continuity is established and implemented33%67%0%100%0%100%
3.13Level 3- IntegratedRisk management is integrated in the business activities and culture of the university100%0%83%17%60%40%
3.14Level 3- IntegratedThere is a monitoring and assurance on risk management practices100%0%100%0%100%0%
3.15Level 3- IntegratedReporting on risk management take place100%0%67%33%100%0%
2.1Level 2- EmergingBasic ERM Processes are in place100%0%100%0%100%0%
2.2Level 2- EmergingThe Council has allocated oversight role for risk governance to Committee or risk practitioner100%0%100%0%100%0%
2.3Level 2- EmergingResources are made available for risk management100%0%100%0%100%0%
2.4Level 2- EmergingRisk are identified and assessed100%0%100%0%100%0%
2.5Level 2- EmergingThere is a business continuity Plan in place33%67%0%100%0%100%
1.1Level 1-NascentThere is no structure for risk management 0%100%0%100%0%100%
1.2Level 1-NascentThere is no commitment by management to ERM0%100%0%100%20%80%
1.3Level 1-NascentRisk are address as they come without anticipation of potential risks0%100%0%100%0%100%
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Sityata, I.; Botha, L.; Dubihlela, J. Risk Management Practices by South African Universities: An Annual Report Disclosure Analysis. J. Risk Financial Manag. 2021, 14, 195. https://doi.org/10.3390/jrfm14050195

AMA Style

Sityata I, Botha L, Dubihlela J. Risk Management Practices by South African Universities: An Annual Report Disclosure Analysis. Journal of Risk and Financial Management. 2021; 14(5):195. https://doi.org/10.3390/jrfm14050195

Chicago/Turabian Style

Sityata, Inga, Lise Botha, and Job Dubihlela. 2021. "Risk Management Practices by South African Universities: An Annual Report Disclosure Analysis" Journal of Risk and Financial Management 14, no. 5: 195. https://doi.org/10.3390/jrfm14050195

Article Metrics

Back to TopTop