Risk Disclosure and Performance of Malaysian Construction Public Listed Companies

. Due to regulatory reforms, corporate governance has evolved with Enterprise Risk Management become prominence since the 1990s. In Malaysia, Statement of Risk Management and Internal Control with Malaysian Corporate Code of Governance are regulatory compliance on risk management for the Public Listed Companies. Companies are required to make risk disclosures in their annual report based on Risk Management Framework, which indirectly provided insights for shareholders and investors to assess the company’s performance. This study aims to determine the extent of risk implementation based on Risk Management Framework and the effect on construction Public Listed Companies performance. The sample of this study consists of 227 construction Public Listed Companies in Malaysia Bourse from 2011, 2014, 2015, 2016 and 2017. Content analysis is conducted on the company’s annual reports for the five years based on Risk Management Framework components and financial ratios. The study revealed the presence of both guidelines had increased risk disclosure among construction Public Listed Companies but there was no significant improvement in their financial performance.


Introduction
Globalisation has changed the world to be more integrated and competitive, which in turn brings more complexities to the economic, social and political area [1][2][3]. The corporate governance reform that advocates the importance of managing risk [4,5] started in the 1990s after the financial crisis. Enterprise risk Management (ERM) has emerged as a new paradigm by taking a portfolio approach of risk management that aligns with the company's strategy. It contributes to good corporate governance by ensuring risk is taken into account in order to achieve the company's objectives [6,7].
Generally, companies do not publicly announce the adoption of ERM and rarely disclose details of their risk management programmes [8,9] In Malaysia, Statement of Risk Management and Internal Control (SRMIC) with Malaysian Corporate Code of Governance (MCCG) are regulatory compliance on risk management for Public Listed Companies (PLCs) [10][11][12]. These regulatory compliance are similar to ERM approach as the highest level of risk management linked to strategy for PLCs. Based on MCCG 2000, risk management is explicitly linked to the responsibilities of the Board. The latest MCCG revised 2017 and SRMIC 2012 also requires the Board to establish an effective risk management framework (RMF) [10]. The MCCG 2017 placed more emphasis on the role of the board of director, function of risk management committee as well as developing a holistic RMF.
It is the same for SRMIC whereby PLCs are required to develop RMF for the implementation. In addition, the Malaysia Bourse listing requirements in accordance to paragraph 15.26(b) require the Board to disclose the company's RMF in their annual report [11]. However, the extent of risk implementation based this RMF requirement s yet to be studied.
ERM also enables a company to stabilize earnings and improves capital efficiency to enhance its' value [13][14][15]. Risk is explicitly linked to the conduct of top management to improve the performance of company, which not only benefit the shareholders but also the economic growth [16]. In Malaysia context, the existing empirical research between ERM and performance also offered mixed results. The study by [17] showed ERM is negatively related to firm value for technology based industry.
[18] determined the changes in financial characteristics on non-financial PLCs adopting ERM after the implementation of MCCG 2000 and MCCG 2007. Their result showed MCCG 2000 benefited nonfinancial companies with the increase of companies' value. It is the opposite for MCCG 2007 as none of the companies' ratios shows sign of significant improvement or decline. However, the MCCG 2012 effect on PLCs performance is also yet to be studied.
Construction industry is considered dynamic, challenging and risky due to its nature of activities, environment and organisation [19,20]. PLCs are usually large size company with more complex operations with volatile earnings that are more likely to adopt ERM in their operations [21,22]. Naturally, construction PLCs are selected for this study because they face different types of risk with the increased projects' size, technology advancement and market competition [23,24]. Hence, they are likely implement ERM to manage risk holistically in strategic setting to ensure its survival and growth. The objectives of this study are to determine the extent of risk implementation based on RMF and the effect on construction PLCs performance. The following sections discuss the RMF and ERM influence on company's performance. It is followed by research methodology before proceeding with findings and discussions on this study. Lastly, this paper concludes with a summary and recommendation for future study.

Risk Management Framework
The successful of ERM implementation in a company depends on the effectiveness of the RMF [25]. In addition, the framework is the basis to embed risk management among employees in a company [25]. Based on IS031000:2009, the six components in the RMF are mandate and commitment; risk policy/risk appetite/tolerance; accountability; risk management integrated into organisation's processes; appropriate resources; communication and reporting mechanisms. Table 1 displays the comparison of RMF components between ISO: 31000, SRMIC and MCCG. As part of risk governance, SRMIC recommends the appointment of risk committee at board level and management committee at management level to focus on risk management. According to [4] [15], establishing a risk committee demonstrates the board commitment in managing risk. This concludes a better oversight of a firm's risk management activities. a * Corresponding author: cgcgwong@gmail.com The risk policy is established to demonstrate the rationale and commitment in managing risk. Meanwhile, risk appetite is the amount of risk that an organization is willing to take and is a strategic decision [25][26][27][28]. According to [29], the process of refining risk appetite statements is a useful basis to clearly define risk tolerance and a core set of risk metrics specific to organization.
Accountability is another important component of the RMF whereby people are responsible in managing risk, maintaining the framework [25]. Risk is owned by the ones closest to its occurrence [30,31] usually through bottom-up steps that build on existing functional capabilities [32]. Appropriate resources are located for risk management in terms of skills and competence; documented procedures and training [25]. Chief Risk Officer or equivalent position can assists in coordinating risk management activities with various departments [30,33]. In addition, an adequately resourced risk management unit/department can assist in embedding risk skills and knowledge across the organisation [34].
Another critical aspect of RMF is having the process to identify, evaluate and manage the significant risk. Training and awareness programs covering the risk knowledge that meet each individual needs are equally important [3,35]. Reporting relationships between top management and business units regarding organizationwide risks can help foster a better understanding of their risks [15,25]. When there is open discussions on responsiveness to risk issues in the organization especially in meeting, the Board can provide risk oversight and top management can make informed riskbased decisions [25] [36,37].

Influence on Company's Performance
Managing enterprise risks effectively under corporate governance is essential to preserve shareholder's interest in a company [15] [38,39]. ERM adoption also increases the company's value for Vietnamese PLCs [2]. The study by [22] also found that the level of ERM had a significant positive contribution to the value of the companies listed on the Nairobi Stock Exchange. The results also indicated companies that implement ERM were valued at 15.7% higher than those that have not implement ERM. Whereas, findings from [1] suggested that there was no significant relationship between firm value and ERM for 130 manufacturing companies in Turkey.
Meanwhile, [40] identified non-financial Italian companies listed on the Milan Stock Exchange with advanced levels of ERM implementation present higher performance, both in financial and market evaluation. [41] found there was no significant relationship between ERM implementation and financial performance among non-financial firms in Malaysia. This results also concurs with studies by [42,43] whereby there is no significant relationship between firm value and ERM.

Research Methodology
The data were obtained by examining annual reports of construction PLCS listed in the main market of Malaysia Bourse, which is similar to some studies on ERM implementation and effects on company's performance [40,44]. A comparative content analysis is conducted for this study because of the easy access to the annual reports from year 2011, 2014, 2015, 2016 and 2017. The year 2011 was selected as before RMF is introduced in SRMIC 2012 and MCCG 2012. Meanwhile, the year 2014, 2015, 2016 and 2017 are selected to allow the effect of RMF became more apparent after a few years of implementation. In other words, the benefits of ERM implementation could only be seen after one year or even a longer period [17]. Leverage, slack, opacity, Return of Asset (ROA) and Return of Equity (ROE) are financial ratio calculated for this study using information from annual reports.
The content analysis is based on keywords from RMF to verify that the PLCs are implementing ERM. The sentences that contain the key words were read to get a better sense of whether or not the ERM concept is actually being used. A disclosure index is constructed to measure the level of disclosure components based on RMF in this study. It calculates the ratio of items disclosed and the number of items applicable to each company. An un-weighted disclosure index was used for this study as it is assumed that each item disclosed is equally important. A dichotomous score is one if the information is discloses and zero if it is otherwise [45,46].

Keywords Selection based on Risk Management Framework
Based on the RMF components, keywords are identified as the evidence of ERM implementation in the construction PLCs. Table 2 shows the identified keywords from annual reports based on RMF components. ERM framework and RMF are the keywords to determine the existence of risk implementation. The existence of risk committee indicates the top management mandate and commitment on the ERM implementation. Risk management committee; risk committee; board risk management are some of the keywords on the existence of the committee.
The keyword such as 'responsible, responsibility and accountable' is indication of accountability whereby the Board, management and employees are responsible for the risk management process. Meanwhile, the risk management process integrated into organisation's processes is based on keyword integral or embedded. As for the process, the keywords are identifying, evaluating and managing the significant risks.
There also must be adequate resources including people, process and training contributed into managing risks. People are referring to skilled and qualified personnel in managing risk. Therefore risk manager; risk coordinator; risk management unit; risk management team; risk management department; risk management section and internal audit & risk department are considered part of this component.
Keywords such as risk awareness program; session and workshop are evidence of training conducted by PLCs to impart knowledge to their employees on risk management. Finally, communicating and reporting are important component in RMF. Meeting whether periodic, scheduled, informal, monthly, formal, weekly and regular management or committee meeting are part of keyword for communicating component. As for reporting components, the keyword is risk register, risk profile, risk report and risk assessment report.

Measurement of Company's Performance
Financial ratios are relationships between balances and calculations, which help organisations in managing their performance. Leverage, slack, opacity, ROA and ROE are some of the commonly used ratios in measuring firm's performance and value [1,2,17,22,38,39]. ROE is a measure of the percent returned for each dollar (or other monetary unit) invested by shareholders. ROE = Net Income / Book Equity Meanwhile, ROA measures the net income returned on each dollar of assets whereby higher ROA is desirable. ROA = Net Income / Average Total Assets. In addition, a low leverage would indicate there are sufficient assets to cover debt load. In this study, leverage is measured as total liabilities to assets. During cash shortage, slack provides a measure of a company's ability to continue its operating cash flows. Slack is measures of cash or marketable securities (highly liquid assets) against its total asset. Whereas, opacity is intangible that does not have a physical accounting value. Opacity is the ratio of intangibles to total assets.

Findings
Since PLCs is required to develop RMF by SRMIC and MCCG in 2012, there is an increase trend in risk disclosure from 32% in 2011, increased to 40% in 2014 and 43% in 2015. This is followed by 47% in 2016 and 53% in 2017. It is the same for ERM framework keyword with an increase to 26% in 2017 from 14% in 2011. Whereas the RMF keyword appeared consistently  Table 3 illustrates the results of the risk disclosure based on RMF. The number of construction PLCs with approved risk policy also increased from 9 in 2011 to 11  All PLCs had implemented risk management process in the five years. Meanwhile, construction PLCs conducting meeting related to risk management had increased from 57% in 2011 to 83% in 2017. It is a similar trend for risk documentation with increment from 24 construction PLCs in 2011 to 34 construction PLCs in 2017.
In term of the company's performance, the value of ROE and ROA are lower in 2014 to 2017 in comparison to 2011. Hence, construction PLCs has lower profit earnings after establishing RMF. The value of leverage is also getting lower from 2011 to 2017. Therefore, construction PLCs had sufficient assets to cover debt load. Lower leverage and slack meant construction PLCs had sufficient assets to cover debt load and managing risk consistently. Risk was managed consistently through slack value with construction PLCs investing in liabilities to increase the shareholder's value based on leverage.
The opacity value was highest in 2016, which indicated construction PLCs was holding more highly liquid assets. Construction PLCs were investing less in intangible assets to hold companies' value intact in 2011, 2014, 2015 and 2017. Table 4    Generally the value of leverage, slack, ROE and ROA are insignificant except for opacity. Construction PLCs also were investing less in intangible assets as higher opacity decrease shareholder wealth in 2014. Table 5 displays the T-test and p-value results for 2014 and 2015 in comparison to 2011. It is follow by Table 6, which illustrates the T-test and p-value results for 2016 and 2017.

Discussion
Since 2011, the number of construction PLCs having RMF have remained consistent because they are aware the importance of a structured approach in managing risk. Meanwhile, more construction PLCs has ERMF because they are exposed to ERM terminology. Both frameworks help the top management to develop an appropriate risk mitigation approach to address these risks in a manner that is consistent with the long term strategy and overall risk appetite [26] [41].
The numbers of construction PLCs establishing risk committee have increased from 2011 to 2017, which signify the commitment of top management in managing risk in their companies. Separate risk committee can have greater focus and capacity to fully review the organisation's risk policies and procedures [42].
The establishment of risk policy and risk appetite/tolerance among the construction PLCs also increased in the five years. More construction PLCs also had a well-defined organisational structure with clearly delineated lines of accountability, authority and responsibility to the Board, its committees and operating units. The structured process of identifying, evaluating and prioritising risks is practiced in all construction PLCs for the five years.
Although there is no requirement in SRMIC and MCCG, some construction PLCs appoint risk manager or establish risk management department/unit. Their reporting directly to the top management is an indication of ERM implementation [15,[43][44][45][46][47]. Risk committee held regular meetings to deliberate controls and document risk information.
In term of ROE and ROA, both profit earnings for 2014, 2015, 2016 and 2017 did not show much improvement. In fact, ROA showed a negative change in 2014. These results were similar to [48][49][50] whereby there is no significant relationship between firm value and ERM. The values for leverage and slack also were lower for 2014, 2015, 2016 and 2017. It is also a similar trend for opacity expect for 2016. Construction PLCs performance were lower in 2014, 2015, 2016 and 2017 in comparison to 2011. This could be due to external factors such as the slowdown in the worldwide economy and the instability of oil prices in these four years.

Conclusion
The study provided an overview on the level of risk disclosure and performance of construction PLCs after the revised SRMIC in 2012 and MCCG in 2017. The presence of both guidelines has increased risk disclosure among construction PLCs. This showed good governance practices and transparency among companies. It also serves as guidance for external stakeholders in evaluating the company's effectiveness handling business volatility. However, there is no significant improvement in the construction PLCs' performance. The sample covering five years period may not be sufficient to determine the performance of construction PLCs as the effect of ERM implementation may take a few years.
However, the results may provide valuable findings to construction PLCs and academicians. This study's findings would assist companies in improving compliance with regulations on ERM implementation. This includes developing relevant policies, capacity building for employees on ERM and allocation of resources to strengthen risk management functions.
As for top management, they can improve on risk practice in order to be more accountable to the shareholders. It is also associated to good corporate  The reliance of certain keywords based on RMF only revealed a certain extent of risk disclosure in annual reports by PLCs. However, it does not necessarily indicate the level of risk implementation. Therefore a qualitative and/or quantitative method can be applied to determine the stage or maturity of ERM implementation among PLCs in future research. In addition, researchers can examine the effects of ERM implementation on firm's performance in non-financial indicators.
Therefore, disclosing risk practices information through published reports or reliable database would only assist researchers in determining risk management implementation but also create risk awareness among shareholders and companies.