Financial Risk Management in Dutch SMEs: An Empirical Analysis

Financial Risk Management plays an important role in safeguarding the con-tinuity of enterprises. This paper analyzes current financial risk management (FRM) practices applied by Dutch Small and Medium-sized Enterprises (SMEs). In particular, the methods used by SMEs to manage credit risks, exchange rate risks, liquidity risks and interest rate risks. Data of 97 Dutch SMEs, gathered in the period 2013-2017, show SMEs focus on risk process rather than setting up an organizational structure to embed the process. However, the attention firms pay on process is positively correlated to organizational structure. Where SMEs, within the risk management process, appear to have a correlated equal focus on risk identification, measurement and evaluation, mitigating risks seems to be treated more separately. Finally, the analysis of possible determinants shows that the level of financial risk management in Dutch SMEs is determined by two variables: the level of education of the risk manager and the degree of decentralization.


Introduction
In many developed economies, Small and Medium-sized Enterprises (SMEs) are important contributors to the business environment (Ayyagari et al., 2007;Burgstaller & Wagner, 2015). In The Netherlands, SMEs contribute 63% to Gross Value Added (GVA) and employ 67% of the labor force in 2012. Already, in this decade nearly 4200 Dutch SMEs went bankrupt. Figure 1 shows the number of defaults among small companies, 10 -50 employees, and midsized companies, 50 -250 employees. Businesses are facing increasing challenges because of the growing variety of markets and products required to meet their customers' needs (Thun et al., 2011). Business risks appear in different forms and increase over time. Managing these risks becomes of more importance. Where SMEs are less able to reduce risks strategically, i.e. increasing the variety of markets, products and suppliers, managing financial risks becomes of more importance to avoid the ensuing financial distress which increases the probability of default. Default risks chiefly manifest themselves during periods when SMEs encounter difficulties meeting their short-term liabilities. Liquidity problems occur when, for instance, creditors pay their debt later than expected or creditors do not pay at all. In addition, when products are sold in non-euros, the received amount in euros can be less than expected due to decreased exchange rates. For solving short-term liquidity problems SMEs are highly dependent on loans from banks (Altman et al., 2010;Norden, 2015). It is imperative for SMEs to invest in sound financial risk management which can allow a firm to continue to raise capital (Rochette, 2009).
The introduction of Basel II (1999) and III (2010) reinforced this inextricable link between a firm's ability to manage financial risks on the one hand and funding on the other.
Serveas & Tamayo (2009) concluded inadequate management of financial risks is the main cause of 15% of all bankruptcies. A Graydon survey in 2014 on firmed that 18% of bankruptcies of SMEs are due to insufficient risk management practices, such as failing administration and credit control. A literature review by Verbano & Venturini (2013) noted potential insolvency is due to the fact that SMEs lack resources to develop instruments to assess the financial soundness of their businesses. The lack of resources and well-supported staff needed for sound risk management are also mentioned by Lavia & Hiebl (2014) and Burgstaller & Wagner (2015) probably because SMEs cannot afford to rededicate resources due to their constraints (Marcelino-Sadaba et al., 2014). Falkner & Hiebl (2015) concluded a sufficient risk management process is important and further empirical research is required on risk identification, risk analysis, strategy implementation and control as part of the risk management process at SMEs. Still, in 2019, family firms, which the majority of SMEs are, show a lower adoption of risk management, especially in family firms where there is a family CEO (Hiebl et al., 2019). To the best of our knowledge, no re-Journal of Financial Risk Management search on financial risk management in Dutch SMEs has been carried out to this date.
The purpose of this paper is to provide insight into the manner in which Dutch SMEs manage financial risks. We provide a framework to characterize FRM activities which can help researchers. Our systematical approach may also be useful for practitioners to assess and improve their FRM. We use a stylized model to describe FRM activities consisting of two risk management dimensions: risk management process and organizational structure. The risk management process consists of four components: risk identification, measurement, treatment and evaluation. Analysis of our data show that within the risk management process there is a strong correlation between risk identification, measurement and evaluation, with the exception of risk treatment. We also describe activities within the organizational structure dimension and their relation to the process activities. An additional two factors, the level of education of the risk manager and the degree of decentralization, contribute to the difference in levels of financial risk management employed by Dutch SMEs.
The remainder of this paper is organized as follows. Section 2 discusses the literature review relating to financial risks and financial risk management (FRM).
The methodology on which the study is based is presented in Section 3. Section 4 describes the data used to analyze current practices. We describe and discuss the status of Dutch SMEs in relation to the FRM aspects in Section 5. Finally, section 6 summarizes the findings and recommendations.

Literature Review
Financial risk management as assessing and overcoming the potential risks from a long-term strategic perspective, contributes to the firms' value (Culp, 2002;Meulbroek, 2002;Jin et al., 2006;Rochette, 2009;Pérez-Gonzalez et al., 2013;Farrell and Gallagher, 2015). Keizer et al. (2002) define risk management as the process of creating value by using financial techniques and methodologies to manage exposure to risk. This suggests that risk management is a process that identifies the loss exposure faced by organizations on the basis of which the most appropriate technique for addressing such exposures is selected (Rejda, 2011).
According to Vaughan & Vaughan (2001) risk management starts with the identification of external events that have an impact on the achievement of primary business objectives. Measuring/analyzing this impact is the next step necessary in making a rational decision on how to control the risk. This may involve the decision for the company either to avoid, reduce, transfer or treat the risk by the company itself. Therefore, the third step is to decide and execute the decision.
For instance, by instructing employees when the execution of risk management actions is decentralized. The process ends with an evaluation of the decision in terms of the effect of risks on achieving companies' goals. This final step includes aspects relating to efficiency, the costs of risk treatment and the effect on companies' risk goals. Journal of Financial Risk Management

Beauchamp-Akatova & Curran (2013), similar to the ISO Risk Management
Standard (Ciocoiu & Dobrea, 2010), note risk management should be a continuous and developing process embedded within the organizational strategy. Risk evaluation should be an integral part of all decisions. According to Rejda (2013), the risk management process is institutionalized when all key business managers, taking part in the risk management process and assuming ownership of risks, impart the risk management process to the entire organization through staff training. In addition to a well-structured organization, a strong and consistent risk culture is required to embed the risk management process (Elahi, 2013).
In those cases where management delegates responsibilities and authorities of each of the previous mentioned actions to more junior staff, it is important to ensure that the risk behavior is aligned with the managers' risk appetite. Moreover, risk awareness of employees and an internal risk culture should be aligned with strategies and objectives (COSO, 1992). Spreading out risk ownership throughout the entire company, and at the same time improving risk awareness, knowledge and skills (Nocco & Stulz, 2006;Servaes & Tamayo, 2009) may be mostly informal in SMEs (Gao et al., 2013). Sukumar et al. (2011) confirmed formal learning programs and continuous education to employees are rarely offered (Sukumar et al., 2011).
Results of an empirical research on German SMEs (Henschel, 2006) show that the handling of risks is strongly concentrated on owner-managers and that risk management is carried out in a rather rudimentary way. In most firms the link between risk management and business planning is not well developed. Servaes & Tamayo (2009) show that in many cases risk-based thinking is not incorporated into every-day business activities and corporate strategies. Defining objectives for the risk management function, measuring and evaluating risk management itself, should be the next step towards a more effective risk management process. Kim & Vonortas (2014) investigated aspects of risk management in young small enterprises. They conclude that firms across all types of sectors use internal risk mitigation strategies to manage technology risks and operational risks. Financial risk is managed by tapping informal and formal networks such as strategic alliances. Brustbauer (2016) confirms that compared to larger firms, smaller firms generally put less effort in identifying, assessing and monitoring risks. This may be the result of an entrepreneur's personal interpretation and the ability to manage the risks.
Previous research shows that size is an indicator for the level of risk management applied (Alexander, 1949;Colquitt et al., 1999;Henschel, 2008;Beasley, 2005;Virdi, 2005;Brustbauer, 2016). Various studies have moreover identified a number of external factorsas distinguishing factors: type of industry (Beaver, 1966, Beasley, 2005Henschel, 2008 andBodnar, 2013), high growth business (Virdi, 2005), external accountant and regulations (Beasley, 2005) and the volatility of financial performance (Hoyt & Liebenberg, 2008). Other studies introduced internal factors. Dickinson (2001), Beasley (2005, Henschel & Gao (2011) argue that internal factors, such as a manager's personal risk aversion, determine Journal of Financial Risk Management the level of risk management applied. Beasley (2005) found the presence of a corporate risk officer as a possible determinant. Colquitt et al. (1999) and Bodnar (2013) found background and training of the risk manager to be determining factors. To the best of our knowledge the factors pertaining to the level of education of the risk manager, the number of subsidiaries and the degree of decentralization have not yet been discussed or tested as determinants for the level of financial risk management applied at SMEs. In this research these three new variables as well as the size factor are included as possible determinants.

Methodology
To explore management of financial risks, a framework tailored for SMEs needs to be developed. Also, this framework needs to be helpful in assessing determinant factors. In line with Monda & Giorgino (2013) we define financial risk management (FRM) as a systematic and integrated approach to the management of short-term financial risks that a company faces. Our model embodies two dimensions: a well-defined risk management process and an organizational structure necessary to implement and maintain the process. Figure 2 shows our proposed stylized financial risk management model.
The risk management process dimension is defined as a step-by-step approach following Vaughan & Vaughan (2001). The risk management process includes four components: risk identification, measurement, treatment and evaluation.
The first step is the identification of risk areas. Next for each risk area the exposure to risk is measured. Then, decisions can be made and executed at predetermined levels throughout the firm. The process ends by evaluating the outcome in terms of efficiency, costs of the instruments used, and effectiveness as the achievement of the objectives in terms of exposure. This step also includes an evaluation of the total process and reporting to the risk management or the board. Each component comprises several items.
The second dimension, organizational structure, also comprises four components. Financial risk policies, sources used for developing policies, financial risk targets and the allocation of FRM responsibilities effectively support the process in achieving the firms' overall strategy and objectives. COSO (1992) uses the terms strategies and objectives for resp. policies and targets. Evaluation and reporting of the outcomes of the process (COSO, 1992) are included in responsibilities. Here too, each component comprises several items.    (5) Ordinal 2) Prioritizing risk areas (5)   Four questions (size, number of subsidiaries, level of education and degree of decentralization) served as possible determinants for FRM activities, one question to categorize firms by type of industry. Since we also asked firms to score process items related to their main financial risk area, one final question related to the most important financial risk area ended the questionnaire. Then, independent enterprises complying with The Commission of the European Communities' (2003) criteria regarding size (10 -249 FTEs) were approached to take part in this study. These firms were asked to answer the process questions from the point of the most important risk area. After screening the quality of the questionnaires received during the period 2013-2016, 97 cases were selected. Independent of the type of risk the answers of process related questions can be compared for one risk management standard should be sufficient to manage all types of risks (Kogan & Nikonov, 2009).
Considering the ordinal scale items, FRM at Dutch SMEs is described per risk dimension and per component in terms of frequencies, means and standard deviations. The correlations between risk dimensions and components are analyzed using Pearson's correlation. The correlation between items using Spearman's rho. For testing the possible determinants firms are divided into different categories. T-tests on means of dimensions and items were run per category.

Data and Summary Statistics
For Dutch SMEs publicly available data are scarce or non-existent. A survey method is an appropriate method for collecting relevant data collection (Kellermanns & Eddleston, 2004). Our empirical study was carried out using data of 97 Dutch SMEs which participated in the survey and sufficiently completed the questionnaire. The selected companies are classified by primary activities: Trade/Service/Logistics (n = 37), Engineering (35), Construction (13), IT (7) and Auditing/Training/Consulting (5). Characteristics as regards level of education of the risk manager, size, degree of decentralization and number of subsidiaries are presented in Table 2 and Table 3.
We expect larger firms to be able to afford more highly educated staff. Using Henschel's categorization, 34% (33/97) of our data relates to small firms ("10 ≤ 50 FTE"; Henschel: 14%), 56% (54/97) to medium sized firms ("51 ≤ 150 FTE" and "151 ≤ 250 FTE"; 82%) and 10% (10/97) to large firms (">250"; 4%). Table  2 shows that 44% of the firms have staff with a level of education exceeding a bachelor's degree. Although the level of education increases with size (in 42% -44% -50% have a level higher than a bachelor's degree), the differences are very small. Regression analysis confirms a possible positive, although not significant correlation(r = 0.095; p = 0.356). Journal of Financial Risk Management  This table presents the degree of decentralization related to number of (international) subsidiaries. 52 (54%) out of 97 firms organize their financial risk management in a centralized manner. 59% (23/39) of firms without subsidiaries organize their risk management as expected, namely in a centralized manner. The cell "Total" in the column "Proportion as expected" contains a percentage which is calculated using the bold numbers, as follows: [23 (no -centralized) + 29 (yes -decentralized)]/97.
Firms with subsidiaries are expected to manage financial risk in a decentralized manner (Table 3). A firm's degree of centralization is categorized as "Centralized" when tasks, responsibilities and authorities with respect to FRM are solely allocated to senior management (54% = 52/97). We expect firms with subsidiaries to be inclined to decentralize tasks, responsibilities and authorities, and firms without subsidiaries to apply a centralized approach. Table 3 shows that in 54% ((23 + 29)/97) of all cases risks are controlled at the expected level. In both groups the majority meet our expectation (59% and 50% respectively). This is confirmed through correlation analysis (r = 0.110, p = 0.283).
Unreported results show that firms with a higher number of subsidiaries employ a larger labor force (r = 0.110, p = 0.035). In addition, firms that approach risk management in a more decentralized manner tend to have more highly educated risk managers (r = 0.2281, p = 0.024). Table 4 presents the main risk areas reported by the firms in question as the most or second most important by type of industry. Credit risk 79% (77/98) and liquidity risk 47% (46/98) are mentioned as the most significant risk areas 2 . 50% (19/38) of all SMEs with their core business in trade/services/logistics mentioned a different risk area as the most or second important. 12 of these SMEs refer to 2 In the period 2008-2013, in the Netherlands approximately 25% of all defaulted SMEs was caused by late or none payments of their clients. The growing attention in the last 50 years for developing sophisticated rating models for financial and non-financial institutions, and the presence of all kinds of instruments to deal with debtor's risk, i.e. factoring, support our outcome. Journal of Financial Risk Management  (Henschel, 2008), 5% of our data refers to Auditing/consulting/training (Henschel: 11%), 13% to Construction (31%), 36% to Engineering (35%), 7% to IT (11%) and 38% to Trade/services/logistics (12%). In these two largest types of industries the percentages of credit and liquidity risks are 46% and 20% respectively (engineering), and 20% and 11% respectively (trade/services/logistics).
the risk of inventory, which is understandable considering the fact that in such firms inventory forms a considerable part of current assets. The credit risk aspect mainly comes into play when shorter time horizons are taken into consideration. Unreported data show that firms with subsidiaries appear to define their risk areas on the basis of a longer time horizon.

Results
This section describes the most important outcomes of our study. We have two objectives: 1) to describe the current financial risk management activities applied by Dutch SMEs and 2) to test the variables (education level of the risk managerdegree of decentralization -size by number of FTEs -number of subsidiaries) as determinants for the level of financial risk management at Dutch SMEs.
In the first subsection we report FRM activities at SMEs. Basic statistics and correlations per dimension, per component as well as per item are discussed. Next, frequencies of the allocation of responsibilities per possible determinant are reported. Last, we analyze whether our selected variables are possible determinants for FRM activities using t-test per component and per item. Interesting results are mentioned in the comments.

Financial Risk Management Activities at SMEs
In this subsection activities are described at component level. Noticeable results of correlation analysis between components within the process dimension as well as with components within the organizational structure dimension are included. We define a firm as an underperformer when the firms' component score is below the average score.  The component "Mean" in Table 5 implies SMEs put more effort in managing the process (all means > 3.15) than in the organizational structure (all means < 3.04). Even so, analysis shows firms put effort in both dimensions simultaneously (r = 0.684; p = 0.000), exacerbated by a 81% (17/21) significance rate at component level. Table 5 demonstrates a strong correlation between identification, measurement and evaluation, which implies that within dimension "process" SMEs manage treatment separately. However, in the group of underperformers on identification (n = 46) we note 59% (27/46) of these firms also underperform in treatment. In addition, nearly 75% of the underperformers on measurement also underperform in treatment. So, we adjust our former implication: the components identification, measurement and evaluation are strongly correlated within the total group, treatment is correlated to the other components only in the group underperformers.    3 don't prioritize before taking further action and 13 firms prioritize using past experiences. Of these firms only 5 prioritize from a strategic perspective. Our data shows a minority of SMEs identifies and prioritizes risk areas from a long-term perspective. Looking into Measurement, no consistent behavior related to the items targets and exposure is noticeable. Analysis of unreported data reveals that 19 firms calculate exposure per transaction as well as periodically. Of which nearly half use targets transposed from policies. Next, 23 firms do not use any software to calculate their exposures, 30 firms use Excel or the current accounting software, 39 use both and only 5 use specialized risk management software. Yet, 9 firms that don't use any software are satisfied by doing so and more than half of the firms that use sophisticated software are not satisfied. Firms which are using an accounting program in combination with Excel are mostly satisfied (60/69).

Financial Risk Management Dimensions and Components
In terms of Treatment, Table 6 shows a strong positive correlation between the items Risk attitude and Optimizing risk behavior (r = 0.406, p = 0.000). Of the 43 firms mentioned to be satisfied with the risk attitude of its staff, 51% noted to have a suitable learning program. Conversely, 13% of the firms which are not satisfied with the risk attitude mentioned to have a sufficient learning program. Probably, upgrading learning programs already resulted in a sufficient Journal of Financial Risk Management risk attitude. Especially at firms where lower staff makes decisions it is important that risk attitude at this level is aligned with the risk attitude of the board. Our data shows that of the firms that manage financial risks in a decentralized manner, 49% (22/45) of the management is satisfied with the risk attitude of lower staff. At firms that manage financial risks in a centralized manner we note 40%. Next, at SMEs where responsibilities are more delegated to lower staff, we expect, besides an appropriate risk attitude, a learning program for optimizing risk attitude is present. Remarkably, our data does not confirm this expectation: 39% (9/23) of the unsatisfied decentralized firms state to take actions.
On Evaluation, our data shows 57 firms evaluate periodically vs 29 firms which evaluate per large or failed transaction. The results of the risk actions can be judged qualitatively by consistency with policies of the specific risk area. 42 firms that evaluate periodically (n = 57) also use risk area policies. 79% of the firms that operate without policies per risk area (38) evaluate the actions taken, of which 23 indicate that they already are developing policies, or are planning to do so. In addition, 24% of the firms that mention to evaluate risk management activities at operating level, do not report the outcome nor the quality of the process to management. However, correlation analysis shows that firms that report the outcome also report on the quality of the process (r = 0.617, p = 0.000).
As far as Organization is concerned, policies and targets are strong correlated (r = 0.755, p = 0.000). We note 48% (47/97) of all firms lack risk policies at firm level, 10 of these use quantitative and/or qualitative targets to instruct and monitor. 18 firms set FRM policies in line with the overall firm policies. At the same time, future developments of the market position is also included.
Firms operating in a more decentralize dmanner are expected to use financial risk policies as a base for instructions to lower decision making staff. However, our data do not confirm this expectation: half of the firms which mentioned integrated risk policies are centrally organized. Table 6 also shows that nearly all organization items correlate positively and significantly with process items.
Which implies the effort firms put in a proper organizational structure is aligned with a well-executed risk process.

Allocating FRM Responsibilities at SMEs
Once risk information is available at the top of the organization it is up to the board to manage the risks and allocate responsibilities hierarchically downwards (Simon, 2002). Table 7 presents percentages of allocations of the responsibilities for reporting the risk process, the implementation of FRM, executing FRM and evaluating FRM.
At first, we note two general remarks. First, the positive significant correlations between the four responsibilities indicate an aligned allocation of the FRM responsibilities within individual SMEs. Second, firms organizing FRM centrally appear to allocate responsibilities on higher levels, which is an indication of sufficient quality of our data.  Table 7 shows that 26% (25/97) of the firms lacking treatment instructions, 17% (17/97) use detailed instructions to apply risk instruments, 28% (27/97) have instructions how to follow mandatory steps for selecting the proper instruments and 29% (28/97) manages the risk process by outcomes. Firms which locate responsibilities at lower organizational levels, are expected to use a set of well-considered treatment instructions. Our data confirms this expectation by a negative correlation (p = 0.011) between the level of detailed instructions and responsibilities for execution. For example, our data shows that 65% of the firms where responsibilities for executing FRM are located at unit level (n = 23), instructions are related to selecting instruments (detail) or following certain steps (process). A shift to instructions on outcomes is noticeable where finance staff is responsible. Table 8 shows the outcome of our t-tests on possible determinants for FRM activities on the level of components. The following variables are tested: size, number of subsidiaries, level of education and degree of decentralization. The selection of variables as determinants of the level of FRM is based on the result of the t-test on the mean scores per component. The results are checked by a t-test on item level. We consider our data to be sufficient based on the variability of item scores (standard deviations > 1.16 on a 1 -5 scale), an average absolute correlation (r = 0.256) and the rate of significant correlations between all items (63% = 66/105). 4 These percentages are independent of the mentioned most important risk area.  The analysis on item level confirms the outcome of our analysis on component level: as Table 9 shows, higher educated risk managers pay more attention to every FRM item. Firms with higher educated staff reach significant scores on 5 items, of which 2 items are related to organizational structure. This confirms our previous findings that the level of education is a determinant of FRM at SMEs. Next, data of Measurement (3 items) and Evaluation (2 items) imply that firms that organize FRM in a more decentralized manner, pay more attention to manage financial risks.

Conclusion
In this research, financial risk comprises of credit risk, liquidity risk, exchange rates risk and interest rates risk. We define Financial Risk Management as a systematic and integrated approach to manage short term financial risks. FRM embodies two dimensions: a well-defined process and an organizational structure necessary to implement and maintain the process. We follow  Vaughan & Vaughan (2001) and identify four components within the risk process dimension. Furthermore, organizational structure also consists of four dimensions. Each component contains several items. Based on this theoretical model, we draw up a questionnaire. 97 Dutch firms were selected in our database. Most of them mention credit risk as their highest priority.
Within the risk management process dimension, we found 3 components to be strongly correlated with each other. Our analysis implies that firms manage aspects of the component "Treatment" separately from the other process components.
Although firms' scores on the Organization components are lower than on the Process components, we notice significant and positive correlations between Organization and Process. Probably firms manage financial risks from a broad perspective.
Our study confirms one of the previously identified determinants: the level of education of the financial risk manager. We notice that firms with highly educated risk managers pay more attention to the organizational structure. In addition, we found the level of decentralization as an extra determinant for the level of FRM. Moreover, decentralized firms put more effort in measuring risks and evaluating treatment compared to firms that centralize their risk management. Our study can't confirm size and number of subsidiaries as determinants of fi-Journal of Financial Risk Management nancial risk management at SMEs.
Our empirical study is meant as an exploratory research to describe and analyze FRM activities within Dutch SMEs. Following previous research, we studied generic firm characteristics as possible determinants of the level of FRM. Rationally speaking, firms which are exposed to high risks are expected to manage these risks more professionally. Therefore, we suggest further research to ad risk profile as a possible determinant for the level of FRM within SMEs.

Conflicts of Interest
The author declares no conflicts of interest regarding the publication of this paper.