The Effect of Operational Risk Management on Microfinance Service Providers’ Performance in Thailand: The Mediating Effect of Corporate Governance

Operational risk is one of the commonest types of risk faced by banks and financial institutions. Organizations are investing a lot on the practices to mitigate the negative outcomes of operational risks. In line with this, current study focuses on the effect of operational risk management on the performance of Saving and credit cooperative microfinance (SACCM) in Thailand. Based on the agency theory and system theory, this study has proposed a conceptual model to examine operational risk as a critical factor on the performance of microfinance cooperative service providers. A comprehensive research methodology is designed based on the context of the study. The proposed respondents of this research are managers and senior officers particularly in the risk and operations departments in saving and credit cooperative microfinance in Thailand. The results from this studied have shown that people risk and internal process risk were significantly and positively related to corporate governance and impact on performance of SACCM. The data used for this study are limited and applicable to SACCM in Thailand. The study findings may relate to financial and non-financial firms, managers, researchers, financial analysts, governments, accountants and stakeholders. Also, present research will give new insight to the researchers and will help them to consider the proposed model to implement and generalize in different settings.


Introduction
The financial system plays a significant role in increasing the capital resources, investment as well as consumption. Microfinance was introduced to solve the financing problem faced by poor and low-income groups which include access to financial services to develop skills and pursued business ideas. Nevertheless, the financial institutions like microfinance service providers (MSPs) have faced increasing operational risk such as fraud, system failure and abuse of operational procedure and guidelines (Delija, 2015;Kamukama et al., 2010;Mago et al., 2013;Ngari, 2017;Njuguna et al., 2017;Rozzani et al., 2016;Siminyu et al., 2017). Microfinance is an important topic for research of economic development. This is due to the impact of microfinance on a nation's economic development. Certainly, building a strong foundation from the grassroots will stabilise and sustain economic development by promoting financial services throughout the various subsectors of the economy (Hudon & Seibel, 2007;Littlefield et al., 2003;Nagarajan & Meyer, 2005). Operational risk is one of the commonest types of risk faced by banks and financial institutions. It is a major focus of regulation and research due to its impact on the financial sector and the greater economy (Bodur, 2012). It is not linked directly with a financial institution's portfolios like credit, trading, investment, but refers to its processes, operations, people, systems and technology (Mazánková & Němec, 2008). The practice of risk management is one of the tools financial institutions use to attempt to control operational risk (Girling, 2013). Risk management is the process of identifying, eliminating or mitigating, and monitoring and controlling risks within an institution's operations, procedures, structure, and environment (Stoney, 2007). Operational risk management is specifically intended to address operational risks such as lending practices that could affect the performance of the financial institution (Girling, 2013). Krawiec (2009) reports that the financial failure in banks have occurred due to unidentified risks within the financial institutions. Leading examples of operational risk failures in financial institutions include Barings (1995) which lost 1.6 billion USD from rogue trading in Singapore leading to the failure of the entire bank (Ross, 1997;Sheaffer, Richardson, & Rosenblatt, 1998;Stonham, 1996). Kidder Peabody (1994), and 1996, Daiwa Bank (1995, and Société Générale (2008) collectively lost US$7 billion due to lax internal controls and one trader (Magnusson et al., 2010). Likewise, French Bank Société Générale revealed they they lost some $7 billion in fraudulent trades. At the time, it was history's biggest financial scandal (Bodur, 2012). In Thailand, operational risk has cost many institutions, firms, individuals and financial institutions their fortune, which have had adverse consequences for the Thai economy. For instance, Table 1.2 shows that the cost of operational risk to many organisations include microfinance service providers in Thailand. In Thailand, the majority of studies on the operational risk management concentrate on commercial banks. For instance, (Maglin, 2010;Setsungnoen & Aungsumalin, 2005;Wongtrakularee & Iamratanakul, 2016). Maglin (2010) compared the operational risk management on commercial banks in Thailand. Wongtrakularee & Iamratanakul (2016) studied the critical factors that adversely affect the financial institution's operational risk management and the financial risk of saving and credit cooperative microfinance (Setsungnoen & Aungsumalin, 2005). Saving and credit cooperative microfinance (SACCM) have a wide outreach in most parts of Thailand. They are member driven and democratically organised. They have developed and become a tool for mobilising and increasing savings to become a sustainable part of Thailand's financial development. However, the SACCM operate under non-prudential regulations. Also, they offer limited financial services, inadequate liquidity, and a lack of effective and efficient operational management (Asian Development Bank, 2013a). Currently, investigating the relationship between operational risk management and SACCM performance is of the utmost importance as such relationships affect performance through multiple types of risks. The study will focus on internal risk, and anything outside the sector will not form part of this study. The respondents include managers and senior officers in the risk and operations departments in saving and credit cooperative microfinance in Thailand. The data used for this study are limited and applicable to SACCM in Thailand. The study findings may relate to financial and non-financial firms, managers, researchers, financial analysts, governments, accountants and stakeholders. Fundamentally, this study aims to contribute to knowledge about saving and credit cooperative microfinance service providers in Thailand. The study will also investigate corporate governance and how this influences the practice of operational risk management and mediate the relationship between operational risk and SACCM performance. In the next section, the relevant literature on operational risk management and SCAAM performance is reviewed and hypotheses are proposed. Then in section three, a framework is presented that links the various constructs to SCAAM performance. Towards the end, section four discusses the academic and the managerial implications of this study followed by section five wherein the authors present the conclusions and the limitations of the study.

Literature Review
Microfinance began in the 1970s by extending small loans or microcredit to the poorest groups at the grassroots level. It has since grown into an industry and provides financial services to millions of people globally (CSFI, 2011). Approximately 150 million people have access to formal financial institutions including saving and credit cooperative microfinance which make-up a fraction of the main stream financial institutions. Its reported that those who lack access to formal financial services are about 2.7 billion people in the world (Naeem et al., 2014). Microfinance is defined as microloan (microcredit) or small loans offered to poor or lowincome groups. It also offers other financial products and services including deposits, insurance and fund transfers (Zuru et al., 2017). Microfinance has been defined by many scholars, professional bodies and financial regulators. For instance, the Thailand Fiscal Policy Office (FPO) defines microfinance as a system of financial services for the low-income groups who do lack access to the financial services of commercial banks. Microfinance began in the 1970s by extending small loans or microcredit to the poorest groups at the grassroots level. It has since grown into an industry and provides financial services to millions of people globally (CSFI, 2011). Approximately 150 million people have access to formal financial institutions including saving and credit cooperative microfinance which make-up a fraction of the main stream financial institutions. Its reported that those who lack access to formal financial services are about 2.7 billion people in the world (Naeem et al., 2014). Microfinance are established to extend credit to poor and low-income groups who lack access to commercial banks (Ledgerwood et al., 2013). It has a strong social focus. However, providing credit to the poor and low-income groups can be a costly to the business which may conflict with the financial performance of the microfinance firm (Cull et al., 2007). Therefore, donors provide financial support to these institutions so that they focus on their dual objectives. Commercialisation, technological change and increased in competition, have caused these subsidised cooperative microfinance to shift their focus to financial sustainability (Hermes et al., 2011). Micro finance is categorize in to two sub categories. Islamic micro-finance and conventional micro finance. Islamic microfinance represents "the confluence of two rapidly growing sectors: microfinance and Islamic finance" (El-Zoghbi & Tarazi, 2013). It is a system characterised primarily by the prohibition of fixed interest (riba) meaning that Islamic microfinance should operate under the Islamic jurisdiction on the basis of profit-loss sharing (PLS) (Rahim & Rahman, 2007). Whereas, conventional microfinance is interest-based and there is no profit and loss sharing. Conventional microfinance can give cash to their customers as financing and charge interest as commission. Islamic microfinance, on the other hand, engages in Islamic financial mechanisms based on profit-loss sharing schemes instead of using loans that charge interest. While women are the mainly the focus of conventional microfinance, promoters of Islamic microfinance argue that Islamic microfinance should extend their services to the entire family (Abdelkader & Salem, 2013). Cooperative microfinance in Thailand provide urban members with access to capital for productive purposes and a secured financial service for deposit of savings. They seek to improve the security and livelihood of their members by providing employment opportunities and improving members' income (Patrawart & Sriurai, 2016). As of 2017, it was estimated that the 6,597 active cooperative microfinance provided employment of about 11 people/cooperatives with over 75,155 permanent employees across the country. In 2016 Cooperative Promotion Department reported that there were 410 agricultural cooperative microfinances having smoked Para rubber. 115 having animal husbandry and In 2008, 167 agricultural cooperative microfinance having rice mills employment of permanent staff in the Cooperative Auditing Department (CAD) and the Cooperative Promotion Department (CPD) were 1,218 and 6,886 persons respectively (Thuvachote, 2011). Notwithstanding, in 2013 Klongchan Credit Union Cooperative (here after KCUC) suffered deep financial troubles caused by its former chairman who was charged with embezzlement in the case of the Dhammakaya temple which was accused of money laundering and receiving stolen assets ("Cooperative billions were sent abroad," 2015). Moreover, the former chairman and his conspirator used the cooperative microfinance to operate a pyramid scheme by convincing about 80 cooperative MSPs to deposit money with KCUC by offering a 10% dividend rate which exceeds the 7% rate allowed by the law. It collected deposits from more than 80 cooperative microfinance including Chulalongkorn University Saving, Rajavithi Saving and Credit, Royal Thai Police Saving and Credit, Pathum Thani Saving and Credit, etc. which amounted to a total of THB 8 billion (Tangkhieo, 2018).

Microfinance Performance
Performance involves features that show changes in physical size or volumes of activities. It shows the organisation ability to succeed. An increase in physical facilities, employment, productivity and profitability indicates positive performance (Marjory et al., 2013). The performance of microfinance can be measured using the tools that measure the performance of traditional banks. However, microfinance value their social impact while the commercial banks focus predominantly on financial performance (Weiss & Montgomery, 2005). Both social and financial measures are necessary for assessing microfinance business (Cull et al., 2007). The saving and credit cooperative microfinance faces unique challenges in achieving a double bottom line of covering its costs of operating (sustainability), and providing financial services to the poor (outreach) (Hartarska, 2005). Furthermore, Gutiérrez-Nieto & Serrano-Cinca (2007) emphasise that Microfinance have a specific double bottom line in their output. First, Microfinance are assessed by financial and social indicators. Second is calculated from the output variables 'volume of loans' and 'number of outstanding loans'.

Social Performance
In recent years, there has been significant discussion concerning the introduction of social performance criteria for measuring MFI performance since traditionally the success of MFIs has often been measured using only financial measurements (Thrikawala, Locke, & Reddy, 2013). The additional criteria have encouraged MFIs to improve their understanding of the simultaneous pursuit of financial and social performance, a "double bottom line", in tradeoffs between economic and social return on investment (Zeller, Lapenu, & Greeley, 2003). The social performance of MFIs measures the level of their dedication to fulfilling their social mission (Bédécarrats, Baur, & Lapenu, 2012). The social performance of an organisation comprises the relationship of the organisation with its customers and other stakeholders. For instance, increases in productivity and the changes in quality of life and welfare among members and non-members due to the activities of an organisation (Zeller, Greeley, et al., 2003). Efforts to extend microfinance services to the people who are underserved by financial institutions are classified as outreach (Lafourcade et al., 2005).
Outreach is one of the important dimensions in the critical triangle that MFIs need to reach. Most of current literature on measurements of MFIs utilize the profitability of MFI activities and few uses social performance. Outreach, however, is a multifaceted concept that must be measured according to various dimensions (Meyer, 2002;Navajas, Schreiner, Meyer, Gonzalez-Vega, & Rodriguez-Meza, 1998). Navajas et al. (1998) highlighted the six aspects for measuring MFI outreach, stating that "outreach is the social value of the output of a microfinance organization in terms of depth, worth to users, cost to users, breadth, length, and scope." In addition, Babandi (2011) outreach can also be defined as the ability of an MFI to provide high-quality financial services to a large number of clients. The indicators of outreach performance include changes in the number of clients, the percentage of female clients, total value of assets, amount of savings on deposits, value of outstanding loan portfolio, average savings deposits size, average credit size and number of branches. Outreach refers to reaching out to the poor and is measured by the number of poor being served at a given point in time (Rosenberg, 2009). The two most usual aspects of outreach in the literature are its depth and breadth (Agarwal & Sinha, 2010). In simple terms, most scholars describe outreach as the number of borrowers or clients served by MFIs (Cull, Demirgüç-kunt, et al., 2007;Hartarska, 2004;Hartarska & Mersland, 2012;Kereta, 2007;Khachatryan et al., 2017;Mersland & Strøm, 2009). This means that those who had no previous access to formal financial services are now served by an MFI. These people are the poor who lack the collateral to obtain loans from the formal financial sector (Thrikawala et al., 2013). Another important factor in evaluating MFI outreach is the variety of financial services or quantity of types of contracts offered, referred to as the scope of the outreach (Navajas et al., 2000). This highlights the demand of the poor for financial instruments and indicates how their welfare has improved through efficient and secure savings, insurance, remittance transfers and other services that are provided in addition to loans (Meyer, 2002). Outreach can be measured in terms of breadth number of clients served and volume of services (i.e., total savings on deposit and total outstanding portfolio) or depth the socioeconomic level of clients that MFIs reach (Lafourcade et al., 2005). Depth of outreach refers to the poverty level of the clients served, while breadth of outreach refers to the scale of operations of an MFI. Expanding outreach is an ultimate goal of almost all MFIs, but rapid expansion sometimes proves to be unsustainable. The most common indicators recommended to measure outreach are average loan balance per borrower (ALB) and number of active borrowers (NAB), representing the social performance and the depth and breadth of outreach (Lafourcade et al., 2005;Rosenberg, 2009).

Financial Performance
According to Copestake (2007) financial performance is defined as the degree to which the cost of providing services to the clients is directly paid for by clients. In most literature, SACCM' profitability is commonly termed as a function of external and internal determinants. Muriu (2016) pointed out that the determinants of SACCM' profitability could be divided into two namely external and internal determinants; the external determinants are beyond the management control and internal determinants are within the management control Previous studies carried out in the area assumes that SACCM provide banking services and are highly dependent upon the theory of financial performance in retail banking (Ofeh & Jeanne, 2017). Financial performance is measured in relations of overall profitability, these include revenues, and operational costs, operational self-sufficiency (OSS), and return on assets (ROA) (Mersland & Strøm, 2009). To measure SACCM performance, the literature depend commonly on accounting measures such as return on equity (ROE) and return on assets (ROA) ratios. Profitability reveals the performance of an enterprise financially. Many items have been used by previous researchers in measuring the profitability of an organisation. Thus includes return on equity (ROE), overall profitability, and return on assets (ROA) are normally the parameters used in measuring profitability (Schneider et al., 2003). Organisational growth means different things to different institutes. Many parameters are used by the company in measuring its growth (Roberts, 2004). Mostly organisations measure their growth in terms of net profit, revenue, and other financial data. McKelvie & Wiklund (2010) asserted that a firm's growth might be defined as an outcome or process. The findings also concur with Mboya & Ndu (2015) who note that microfinance in Kenya have experienced an increase in capital base. The findings imply that the microfinance service have grown by increasing in capital base. The growth in capital base could have been as a result of attempting to comply with regulatory requirements on capital adequacy. The growth could also be attributed to the enterprise risk management strategies employed by SACCM. Muriu (2016), using a panel data of 210 microfinance firms, revealed that there significant positive association between capital adequacy and microfinance profitability. "This was depicted by the relatively high assets ratio to equity across the specifications. The debt to equity ratio is calculated by dividing total liability by total equity. Total debt includes everything the SACCM owes to others, including deposits, borrowings, account payable and other liability accounts. The debt to equity ratio is the simplest and best-known measure of capital adequacy because it measures the overall leverage of the SACCM (Mersland & Strøm, 2008)".

Operational Risk Management
Every financial institution is faced with operational risk (OR) regardless of size, location and age from largest banks in the world, local banks and saving and credit cooperative microfinance. This can be seen from Baring (1995), Enron (2001) A broad definition of operational risk in financial institutions is "The risk of loss resulting from inadequate of the failed internal process, people and system or from external events" published by the Basel Committee on Banking Supervision (BCBS). Deloitte (2017) reported that financial institutions face operational risks from employee conduct, internal process and technology risks which are constituted as organisations embrace new technological evolution such as robotics, and artificial intelligence (AI). With the growth of e-commerce, highly automated technology and large volume service, the potential of operational risk management has increased (Buchelt & Unteregger, 2003;Li, 2003). The core organisational practice of concern in this study is operational risk management. In general, risk reflects conditions where outcomes are uncertain and where the consequences may be high (Aven & Renn, 2009). In this perspective on risk, the role of risk management is to identify, eliminate or mitigate, monitor and control risks that could affect the institution's operations (Girling, 2013;Stoney, 2007). There are several critiques that can be made of the paradigm of risk management as it applies to financial operations. The most obvious critique is that even when regulated and applied accurately, risk management has not been effective at preventing systemic failures like the 2007 financial crisis. A further critique is that risk management provides an illusion of total control, which has led to over-adoption of the practice in areas where it is not necessarily appropriate (Power, 2004). Thus, the concept of risk management is not necessarily an unproblematic concept. Regardless, it is a commonly used practice and therefore worth considering here. Operational risk management (ORM) refers to the cyclic process of implementation of risk controls, risk decision-making and risk assessment which result in avoidance of risk, mitigation, or acceptance of risk (Rifaut & Feltus, 2006). ORM sees as the risk of operational failure as a result of information, internal processes, technology, people, and the infrastructure supporting business activities" (Vinella & Jin., 2005). Many authors define the management of operational risk as a decision-making tool to help in detecting operational risks and to decide the best action to be taken for any given situation. Financial institutions began to recognize operational risk arising from their organizational operations from the 1990s (Janakiraman, 2008). ORM has been receiving attention from professional, researchers, managers, management, and regulators to effectively assess, measure, and alleviate its negative effects on their organisation for almost three decades. Managing these risks requires a streamlined operating processes, employee integrity, appropriate information technology systems, and combination of an effective internal control framework, (Njuguna et al., 2017).

People Risk
People risk refers to the risk that arise as a result of inability to meet with business requirements due to fraud, motivational issues, and improper human resource management policies (Shimpi, 2002). This risks related to human resources includes inadequate staff skills and training, workers' compensation, procedures, and industrial actions. Also, "physical expansion of organisation, mergers, acquisition and other growth activities of the organisation expose the organisation to higher risks including people risks" (Mendoza et al., 2005). The consequences of people-related risk include employer's liability, key person loss, employee theft and dishonesty and costly mistakes that may be due to poor training. Strong, dynamic, highly committed employees must be entrepreneurial enough to execute the business plan profitably; otherwise, the SACCM will be at the risk of loss. The team must have a achievable, realistic and clear strategic vision of the business' future growth with the risk that are related to it and be familiar with sound management techniques (Daniel et al., 2016). A study by Kibet & Sile (2017) revealed that staff competence was positively and significantly related with and implementation of credit scoring guidelines which guarantees repayment. Mitrani et al (1992) mention the need for competency and predict that organisations of the future will be built around people. Samreen, Zaidi, and Sarwar (2013) found that efficient employees assessed the credit worthiness of individual borrowers with 100% accuracy rate and can recognised the low risk and high-risk loan applications before default. It was reported by Rozzani, Mohamed, and Syed Yusuf (2017) that one of the sources of operational risk comes from staff negligence in evaluating applications for microfinance products. Another risk associated with people is fraud. This can be seen from the report of Njuguna et al (2017) which revealed the institution is extremely open to operational risk mainly caused by fraud and robbery. This can be checked by having a strong internal control. Njuguna et al. (2017) investigated whether better implementation of internal sound controls revealed that showed that firms with weak internal controls have lower market value.

Internal Process Risk
Internal process risk refers to the effective oversight of business activities at all operating levels of an institution, with clearly defined its internal reporting, operational procedures and other responsibilities for all staff (Bank Negara Malaysia, 2016). Njuguna et al. (2017) revealed the existence of sound procedures and policies to manage operational risk may have influenced the growth of SACCM. It was also likely that those SACCM with effective policies and procedure to manage the operational risks may have experienced more growth than those that do not. Njuguna et al. (2017) advocated for robust policies and procedures to manage the operational risks of financial institutions. The adherence to financial operations procedures forms part of the operational risk management strategy. Also, the adherence to operational procedures in the financial operations significantly influences the growth of SACCM (Njuguna et al., 2017). Okunbor & Obaretin (2010) studied credit practices in rural saving and credit cooperative microfinance in Nigeria. They found that financial processes are major contributors of operation risk in the banking institution. Over the last decade, large bank losses originated from appearances of threats, weaknesses in the operational procedures and processes in the system which cause substantial operational loss as observed in Nigeria's SACCM. Similarly, the collapse of Barings Bank where lack of internal audit and control, inadequate segregation of duties, and insider trader were cited as the source of fraudulent transactions leading to massive financial losses (Krawiec, 2009). A study on information risk in five sectors in the Nigerian Stock exchange revealed that the non-information technology risk; the inappropriate procedures and processes of activities contributed immensely to the bank's operation risk. A sample of 140 respondents from 10 companies using the simple regression model and descriptive statistics for data analysis showed that the application of operational risk management practices by quoted companies in Nigeria is effective in curbing fraudulent processes (Okunbor & Obaretin, 2010). Pandey (2010) revealed internal control and audit in SACCM should cover the review of transactions regularly to ensure their accuracy, procurement and operational procedure, financial management. Financial controls reviewed for compliance and completeness with statutory standards. Adherence to organisational procedures and policies at the operational level are the main areas of review.

Technology Risk
Technology risk is increased due to the high capital intensity and long technology development periods as more conservative incumbents are less prone to investing in new technology through mergers and acquisitions (M&A). IT operational risk refers to threats that arise as a result of inadequate IT assets, theft, improper modification which may lead to the destruction of an organization (Straub & Welke, 1998). "Information as a priceless product and a basic input to progress and development has become a critical resource. Information and knowledge are replacing capital and energy as primary wealth-creating assets (Raykov & Marcoulides, 2012)". SACCM need an effective information systems to support and convey information to different users. "Such information systems would include technology that supports decision-making, provides an effective interface between users and computer technology and provides information for managers on the day-to-day operations of the enterprise" (Bayaga & Flowerday, 2016). Information is needed for various purposes and serves as an invaluable commodity or product and is, moreover, a highly important aspect of decision-making in all levels of management in an organisation (Stoney, 2007).The ability of SACCM to realise their goals, therefore, depends on how well the organisation understands, evaluates synthesises, interprets, and acquires information and how its channels of information support organisational processes (Bayaga & Flowerday, 2016). Thus, the operational definition of this study includes the inadequate risk management of people, internal process and technology risk.

ORM and SACCM Performance
Some authors revealed that operational risk management on human capital is significant in predicting SACCM' performance (Adekunle, 2011;Engström & Mckelvie, 2017;Kamukama et al., 2010;Mago et al., 2013). Daniel et al (2016) find that when credit officers treating loan agreements as enforceable contracts with regular customer feedback, they can avoid bad loans, have higher levels of loan recovery and record better performance. Njuguna et al (2017a) state that when SACCM manage operational risks effectively and report the existence of positive relationship between SACCM' growth in Kenya and operational risk management. While Siminyu et al. (2017) argue that management of SACCM in Kenya should adopt sound operational risk management by providing the necessary knowledge through training and promotion of risk management among their staff. Adekunle (2011), Ngari (2017) and Rotich et al. (2015) found that internal processes are significant in determining financial performance of SACCM. According to Okiro and Ndungu (2013), internet banking improves a bank's performance through increased efficiency and productivity. Harelimana (2017) and Romdhane (2013) found that IT significantly affects the financial sustainability, profitability, financial efficiency and productivity of SACCM. Bayaga and Flowerday (2016) encourage managers of SACCM to identify, analyse and manage IT operations efficiently for improved performance. Nevertheless, despite heightened interest in operational risk management and SACCM performance, to date, limited research has been done on operational risk management and performance of SACCM. Table 2.2 summarizes previous studies on the relationship between operational risk management and SACCM' performance. These authors have found various operational risk influences on SACCM performance, based on Moosa's (2007) typology of operational risks. One commonly identified risk cluster is people risks, including financial literacy, training, and other factors (Adekunle, 2011;Daniel et al., 2016;Engström & Mckelvie, 2017;Kamukama et al., 2010;Rotich et al., 2015). These studies addressed human capital factors of both workers and customers, although there was relatively little discussion of problems such as internal fraud. There were also internal process risk factors identified, including poor lending practices and loose lending criteria among others (Daniel et al., 2016;Delija, 2015;Ngari, 2017;Njuguna et al., 2017;Rozzani et al., 2017;Siminyu et al., 2017).These studies have shown that when procedures and processes are followed, they can be effective, but they also showed that banks often struggle with internal processes and may not achieve strong results because of this. Finally, technological risk was also shown to be a significant concern for microfinance organization and one that could not be ignored because of its potentially significant negative effects and lack of IT resources and knowledge (Bayaga & Flowerday, 2016;Beccalli, 2007;Harelimana, 2017;Njuguna et al., 2017;Okiro & Ndungu, 2013). A number of these studies have shown that microfinance institutions may struggle with operational risk management because of poor training and lack of effective personnel, even though when operational risk management is used it can be highly effective (Daniel et al., 2016;Delija, 2015;Mago et al., 2013;Ofeh & Jeanne, 2017). In a few cases, the authors also identified some best practices that can be helpful for microfinance services firms from these perspectives (Bayaga & Flowerday, 2016;Delija, 2015;Ngari, 2017;Okiro & Ndungu, 2013). Mayer (2000) defines corporate governance (CG) as the sum of the information, structures and processes used for overseeing and directing the management of an organisation. Better corporate governance is supposed to lead to a better financial performance by ensuring better decision-making and preventing the expropriation of controlling shareholders (Manini & Abdillahi, 2015). The banking sector cannot ignore the importance of corporate governance. Better corporate governance necessitates the separation of ownership from management. Manini & Abdillahi (2015) reported that financial providers with efficient governance mechanisms record improved financial performance. Corporate governance is the alignment of the decisions of managers with the interests of the owners of a corporation (Denis, 2001). The Organisation for Economic Cooperation and Development (OECD) sees CG as "a set of relationships between a company's management, its board, its shareholders, and other stakeholders" (OECD, 2004). OECD further states that "Good CG should provide proper incentives for the board and management to pursue objectives that are in the interests of the company and its shareholders and should facilitate effective monitoring". Similarly, the International Finance Corporation (IFC) defines CG as "the structures and processes for the direction and control companies by which companies are directed and controlled" (IFC, 2010). However, CG is more than emphasising correct decision-making processes, implementation and monitoring, and includes an examination of the financial and social roles played by the institution (Tormo & Vañó, 2008). CG facilitates efficient management with a focus on sustainability. According to Tricker & Tricker (2015), CG focuses on relationships within the organisation such as the auditors, regulators, board, shareholders, managers, and other legitimate stakeholders. The literature on SACCM finds that their success of the SACCM depends on the degree to which members wield their ownership rights and the effectiveness of the legal framework in safeguarding ownership rights (Schmidt, 2017). Several scholars have associated the performance of microfinance with corporate governance (Hartarska, 2005;Mallin, 2013;Mersland & Strøm, 2007. Mallin (2013) posits that CG is critical to firm efficiency. It entails the use of adequate controls to safeguard assets, ensure a balance of influence and healthy relationships with all stakeholders, and that the firm operates with transparency and accountability (Okoye & Siwale, 2017).

Theoretical framework Development
This study develops a comprehensive theoretical framework based on agency theory and system theory. Agency theory according to Eisenhardt (1989) explains "how to organise best relationships in which one party determines the work while another party does the work. In this relationship, the principal hires an agent to do the work, or to perform a task the principal is unable or unwilling to do. For example, in corporations, the principals are the shareholders of a company, delegating the agent to perform tasks on their behalf such as the management of the company". Whereas theory can be defined as a "working hypothesis, the main function of which is to provide a theoretical model for explaining, predicting, and controlling phenomenon" (Bertalanffy, 1968). The systems theory argues that a system consists of subsystems or many components which must function together for the whole plan or system to work (Mugenda & Mugenda, 2003). "This implies that if one of the sub-system fails, the whole system is put in jeopardy". For example, this means that for a SACCM to operate effectively, it should have the prerequisite full capacity to operate and develop strategies to deal with all risks. Agency theory is deductive in its methodology whereby the theorists take self-interested opportunism as a given (Heath, 2009). The theory "feel no need to explore the attitudes, conduct and relationships that create board effectiveness. Instead, they have busied themselves with exploring the effectiveness of the various mechanisms designed to make executive self-interest serve shareholder interests. To date, such studies have proved entirely equivocal in terms of the relationship between good governance and firm performance" (Brown & Caylor, 2006). The theories are applied in this study since it implies that operational risk can reduce if people and internal process risks are regulated by the institutions. Research has shown that there is a relationship between good governance and firm performance (Roberts, 2005). Furthermore, the relationship to corporate governance the theory suggests that shareholders are creating incentives that align the interests of the professional executive and monitor executive conduct to prevent any transgression of the owner interests. System theory is significant in explaining operational risks management. If the organisational structure of SACCM does not facilitate good technology and communication, then the departmental conflict may arise. According to Straub and Welke (1998), technology risk is any threat that leads to the , theft or inadequate IT assets, , destruction, and improper modification. The consequences of poor technology communication may be reflected in the performance of the overall SACCM. According to Abdelkader and Salem (2013), this is important to formulate an organisation culture that will facilitate proper communication between employees, management, suppliers and customers. Managing the information system is an important tool to facilitate effective communication. For instance, SACCM may use a management information system and technology to store, prepare and manage confidential customer information and business managerial decision-making. Chung, Chen, Chang, and Chou (2006) view that in the context of cybercrime and money laundering (ML), a security breach or a hardware or software compromise of financial systems. Even in the highest-recorded financial fine levied against HSBC, the bank settled for $1.9 billion when accused of laundering money for Mexican drug cartels. While ML is related to cybercrime, fraud, and risk where the bank failed to implement systems compliant with regulatory antimoney laundering provisions (Goldstein, Chernobai, & Benaroch, 2011). Therefore, this study measures the impact of technology risk on the performance of SACCM integrated with system theory and agency theory. Engström and Mckelvie (2017) state that human capital is an important predictor of financial performance. However, employee commitment must be entrepreneurial enough to execute the business plan profitably if not the SACCM will be at the risk of operational loss (Daniel et al., 2016). Kibet & Sile (2017) reveal that staff competence is positively and significantly related with the implementation of credit scoring guidelines, which will guarantee repayment. Based on the argument above, this study proposes P1:

People Risk and Performance of SACCM in Thailand
There is a relationship between people risk and performance of SACCM in Thailand.

Internal Process Risk and Performance of SACCM in Thailand
Several studies state the relationship between internal process risk and performance of SACCM. For example, SACCM in Kenya should ensure adoption and implementation of sound operational risk management by overcome inadequate knowledge among the implementing managers by providing the necessary knowledge through training and promotion of risk management among their staff (Siminyu et al., 2017). Njuguna et al. (2017a) reveal the existence of sound policies and procedures to manage operational risk may have influenced the growth of SACCM. In addition, the adherence to operational procedures in financial operations significantly influenced the growth of SACCM. Moreover, segregation of duties, vouching, authorisation and approval of transactions and internal audit functions affect financial performance significantly (Ngari, 2017). Therefore, based on the above discussion, the study proposes: P2: There is a relationship between internal process risk and performance of SACCM in Thailand.

Hypothesis Development of Technology Risk and Performance of SACCM in Thailand
Several studies reported different findings on the relationship between technology risk and performance of SACCM. According to Harelimana (2017), IT affects the financial sustainability and profitability, financial efficiency and productivity of SACCM. Romdhane (2013) reveals that IT significantly affects the cost efficiency of Tunisian banks. Okiro and Ndungu (2013) show that the adoption of internet banking has enhanced performance of the banking industry due to increased efficiency, and productivity. However, Rozzani et al. (2016) reveal that not only clients are satisfied with the loan disbursement process through a mobile solution. But also, the difficulties in using the mobile banking pose a major threat to its success with the repayment process. Thus, based on the above argument, this study proposes: P3: There is a relationship between technology risk and performance of SACCM in Thailand.

Mediating Role of Corporate Governance between Operational Risk Management and Performance of SACCM in Thailand
The literature reports different findings on the relationship between corporate governance and performance of SACCM. A more diverse board of directors facilitates the board monitoring function (Wang & Hsu, 2013). The study of leadership found that leadership behaviour has a significantly influence on the performance of SACCM (Walela & Okwemba, 2015). Mwanja et al. (2014) states that corporate governance had a significant positive effect on performance of SACCM. Board composition is an important determinant of its effectiveness and the performance of an organisation (Neema & Olomi, 2012). Hartarska (2005) reveals that more independent boards are more effective. While Arora and Sharma (2016) reported a negative relationship between board independence and firm performance as board independence is a new phenomenon in developing countries. Corporate governance has not been tested as a mediator among operational risk management towards the performance of SACCM in the context of SACCM in Thailand. After looking into these arguments, there is a lack of literature investigating the mediating effect of corporate governance over operational risk management on the performance of SACCM in Thailand. Hence, we propose: P4: Corporate governance will mediate the relationship among people risk, internal process risk, technology risk towards the performance of SACCM in Thailand.

Proposed SACCM Performance Framework
This study presents four hypotheses derived from literature in the domain of SACCM Performance, further to which a framework is now proposed. In this framework, which is shown in Figure 1, SACMM is the dependent variable, Corporate Governance is the mediator and the independent variable is Operation Risk Management (ORM).
Operation risk management have three dimensions people risk internal process risk and technology risk are the reflective constructs whereas the SACCM performance is a formative construct have two dimensions financial performance of cooperative micro finance and social performance. However corporate governance will act as mediator between operation risk management and SACCM performance.

Implications
Fundamentally, this study aims to contribute to knowledge about saving and credit cooperative microfinance service providers in Thailand. The study will investigate corporate governance and how this influences the practice of operational risk management, and what links there are between these institutional characteristics. The cooperative MSPs can benefit from the information in this study to evaluate operational risk management practices as well as improve ORM process and procedures to prevent any operational loss in future. Through improvement of ORM handling it could performance of cooperative microfinance in this sector, especially on the association between operational risk management and microfinance service providers performance. The findings will assist policymakers by facilitating the formulation of policies regarding operational risk management in SACCM in Thailand. It also promotes an effective risk culture by enforcing the implementation of operational risk management on microfinance for the creation of measures and prevention against possible threats of financial distress in the economy. This research will provide important information to practitioners by understanding the value of operational risk management in improving SACCM' performance. Lastly, this study will benefit academics and professionals of microfinance to uundertake further research on operation risk management and SACCM Performance, including its possible antecedents and consequences, and determine a clear definition of the concept. Also this study will validate the relationships between the research variables, which have been shown, in the present study, to be influential for organizations in their decisions on operation risk management strategies.

Conclusion
This paper presents a conceptual framework of SACCM, demonstrating the relationships between people risk internal process risk and technology risk and SACCM Performance. Microfinance is an important topic for research of economic development. However, there is a scarcity of research-based literature on SACCM performance and operational risk management in the context of Thailand to be used by managers and policymakers. Agency theory and system theory proposed a comprehensive model in this study based on a rigorous literature review and will help solve the pressing problem of financial risks due to identified and unidentified problems. Furthermore, empirical studies on the proposed framework of SACCM performance need to be carried out to ascertain its validity. The managerial implications as proposed in the study will help the managers and the policy makers to minimise the risk by implementing result oriented strategies. The study found that people risk and internal process risk showed significant and positive relationship towards corporate governance. Furthermore, corporate governance as a mediator in relationship between people risk and internal process risk with performance of SACCM. Moreover, the future research should look beyond the banking/financial institutions and consider other sectors, such as the insurance sector, small-scale enterprises, manufacturing, healthcare, fintech and educational sector.