The Role of the Board of Directors in the Implementation of Enterprise Risk Management in Malaysian Private Higher Educational Institutions

Unconsciously, all human activities have the potential to be exposed to uncertainties. These uncertainties are risks that could interrupt business growth and, consequently, influence better performance achievement. These risks can be overcome with the implementation of Enterprise Risk Management (ERM) within organisations. In Malaysia, few private higher educational institutions (PHEIs) were in trouble due to many causes such as management, finance and marketing. Concerning these issues, this study aims to develop a conceptual framework of ERM drivers and their impact on the performance of Malaysian PHEIs. The questionnaires were distributed to 510 respondents and 217 were returned. Results indicated that both internal factors and size and types of institutions were related to performance in the particular institutions, and the external factor showed a negative relationship with performance. It was also found that all drivers were moderated by the Board of Directors (BODs) and performances. It was suggested for future research to use multiple methods to avoid any possibility of common method bias and to enhance the findings to be generalised, which can prevent overestimating the structural model. At present, research in ERM is well established, but it is still in its infancy for educational institutions.


Introduction
Enterprise Risk Management (ERM) is about enhancing the process by which risks are taken.It became a serious issue in the 1990s because organisations have started suffering spectacular losses often from risks, they never should have taken in the first place.Many companies throughout the world faced big losses in the 1990s.For instance, Orange County (1994) lost US$1.7 billion, Barings Bank (1995) lost US$1.5 billion, Daiwa Bank (1995) lost US$1.1 billion and Sumitomo Corp (June 1996) lost US$1.8 billion (Holton, 1996).Hence, organisations need to be intelligent enough to manage their risks to not only grasp the benefits but also to survive in business (Mohammed & Knapkova, 2016).
To be specific, in 2017, Malaysia was the sixth (after Myanmar, Cambodia, Vietnam, Indonesia, and the Philippines) fastest-growing economy by Gross Domestic Product (GDP) among Southeast Asian countries and 45th in the world with 4.5% GDP growth (International Monetary Fund, 2017).However, as a developing country, Malaysia also had a bad history of financial crisis.Due to poor risk management during the financial crisis in 1997, several major Malaysian corporations were severely affected.Bank Negara Malaysia (1999) reported that the financial crisis had caused more than RM45 billion in reductions in their total assets (Soltanizadeh et al., 2014).Although the global financial crisis of 2008 has created awareness of the importance of risk management, evidence shows that the practice of ERM among Malaysian firms is still limited (Wan Daud et al., 2010;Yusuwan et al., 2009).This is caused by poor regulatory forces for compulsory adoption stated in The Malaysian Code on Corporate Governance (MCCG).The MCCG only recommends ERM adoption by firms listed on the Bursa Malaysia (Lai & Samad, 2011).

Background
Concerning private higher education institutions (PHEIs) in Malaysia, there are many such cases reported as having problems and risk of being terminated by the government.For instance, the Allianze University College of Medical Sciences (AUCMS) in Penang was terminated at the end of 2014 and hardly affected all students and staff.In the same year, Al-Bukhari International University in Kedah declared its closure.Masterskill Education Group Berhad, the owner of ASIA Metropolitan University saw its share price drop from RM4.24 in August 2010 to as low as RM0.30 in May 2014 and RM0.68 in April 2015.Meanwhile, the Wawasan Open University in Penang reported a cumulative deficit of RM87.96 million in 2013 while UNITAR also informed a financial stress in its Companies Commission of Malaysia (SSM) filing for 2013 and sold its building assets in 2014.Finally, Perdana University proclaimed an end to its affiliation with Johns Hopkins University due to alleged non-payment of fees.In addition, 46 per cent of all private higher education institutions made losses after taxation in 2013 (Lim & Williams, 2015).These cases give the impression that the PHEIs are in trouble and need some kind of solution to solve the problem.
For a growing number of losses among these institutions especially private colleges (decreased from 500 in the year 2007 to 406 in the year 2015), the researcher believed that these institutions need to have a systematic management approach so that they can manage the institutions generally and perhaps manage risk specifically.The implementation of ERM is the best approach so that they can reduce or minimise the risk within institutions.However, the adoption of ERM would fail if the process and knowledge of ERM are not disseminated among members.So, there is a need for another component which is the Board of Directors (BODs) to make sure ERM is successfully adopted within institutions.
Each institution is led by the BODs.And of course, as board members, they are required to have some knowledge about ERM.The rationale for having this kind of knowledge is it might reduce uncertainty within institutions.Besides that, sensing and responding to risks in an institution is very much dependent on corporate intellectual capital and all levels of employees are responsible for giving their insight towards potential risks (Neef, 2005).Additionally, cooperation from all members within an institution and support from the BODs would bring the success of ERM adoption.To ensure ERM is implemented, it needs powerful efforts from BODs and everybody in the institution.The implementation of ERM by BODs is believed to enable managing risks properly.
After reviewing Malaysian private education institution issues and ERM as a general concept, understanding the basic impact of ERM and having a clear picture of ERM, the researcher seeks to investigate the impact of ERM on performance, especially the performance of PHEIs.Thus, it is crucial to develop a conceptual framework of ERM drivers and the impact of ERM on performance.In addition, this framework includes BODs as moderators.

Literature Review and Hypotheses Development
Historically, in the 1950s, risk management was first established by a group of advanced insurance professors.Later, in the 1960s, the field was officially named with its principles developed and guidelines established.Robert I. Mehr and Bob Hedges (1965) were widely admired as the fathers of risk management.According to their article titled "Risk Management and the Business Enterprise", the objective of risk management is to maximise the productivity and efficiency of the enterprise.This was the first article related to risk management published in 1963.Since this traditional risk management allows the institutions to defer risk management to the individual units most affected by the risks, this approach does not look at the overall risk profile of the institution and its risk effects on achieving the institution's strategic objectives.
Along with time and technology, organisations have started to realise the importance of managing risk in a proper way.Hence, the need to efficiently identify and respond to risks resulted in the adoption of comprehensive risk management Woon et al (2011) known as ERM.Since the mid-1990s, ERM has been developed as a concept and management function within businesses Dickinson (2001) and expressed as a managerial focus (Wu & Olson, 2010).According to Lam (2000), ERM is fast becoming the greatest practice standard since the old method in dealing with risks that have not generated effective outcomes.ERM is different from the traditional silo-based approach because ERM considers risk management at an enterprise-wide level and risks are managed holistically (Maruhun et al., 2018).
In Malaysia, there are no rules stating that each organisation is mandatory to implement ERM.The Malaysian Code on Corporate Governance (MCCG) only recommends ERM adoption by firms listed on the Bursa Malaysia Lai & Samad (2011) and evidence shows that the practice of ERM among Malaysian firms is still limited (Wan Daud et al., 2010;Yusuwan et al., 2009).
However, nowadays, the number of organisations implementing ERM is increasing year by year in Malaysia.Currently, many sectors implement ERM such as infrastructure, hotel and technology sectors Soltanizadeh et al (2014), PHEIs Ahmad et al (2016), healthcare sector Levett et al (2017), and it was mandatory for all financial organisations as stated in Basel III.Looking at this evolution, it seems that the implementation of ERM is accepted by organisations and, personally, the researcher believes that all organisations will, one day, fully implement ERM.ERM is the term for an overall risk management method for business risks.ERM can be defined in many ways and several authors have come up with definitions of ERM.For instance, the Committee of Sponsoring Organisation of the Treadway Commission, an organisation formed to improve financial reporting in the U.S. Wu & Olson (2010), defines ERM as "a process, affected by entity's board of directors and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of the entity objectives" (COSO, 2004).In addition, it could be a process that covers the entire areas in organisations, involves all levels of management exposed to risks and affects the aimed goals.
Meanwhile, according to the Casualty Actuarial Society (CAS), ERM can be defined as "the process by which organisations in all industries assess, control, exploit, finance and monitor risks from all sources to increase the organisation's short-and long-term value to its stakeholders" (Stephen, 2001).By implementing ERM, the stakeholders will get benefits as well and the performance of organisations will increase.
According to Bainbridge, (2010), ERM is the process by which the companies' BODs and executives define the firm's strategies and objectives as "to strike an optimal balance between growth and return-goals and related risks".Both parties are responsible for setting up strategies and goals and expect the uncertainties that might arise within the organisation.Mohammed and Knapkova (2016) defined ERM as a systematic and practical method that tries to understand, measure, assess and manage the entire risks confronted by the organisation.Hence, this led to the adoption of effective risk management to control uncertainties.

Private Higher Educational Institutions in Malaysia
The expansion of PHEIs is accompanied by a diversification of educational institutions and programs of study.Over the years, PHEIs have evolved different modes of ownership, some of which are profit-oriented enterprises while others are non-profit.Profit-making institutions were set up by individual proprietors, private companies, consortia of companies, public-listed companies and government corporations.On the other hand, non-profit educational institutions were set up by foundations, philanthropic organisations and through community financing.Besides the differences in the mode of ownership, the PHEIs also differ in their market focus.Some of them offer a wide range of programs in various fields of studies from pre-university to post-graduate level, while others specialise in specific areas such as medical fields, art and design, language, music, information technology and so on.The strategy of the latter group is to carve a niche market for themselves instead of competing on the same turf with the other colleges.It is through institutional differentiation that the PHEIs can become more responsive to a changing labour market need.
As in other countries, the survival of PHEIs depends on their ability to experiment and innovate with different kinds of programs of study so that they can offer more choices to their customers.The programs offered by PHEIs in Malaysia can be broadly categorized into three groups, namely (i) internal programs, (ii) transnational programs, and (iii) programs leading to qualifications awarded by external bodies.The transnational education programs are the ones that are very popular among the students and draw a lot of interest among scholars of higher education.The transnational programs include twinning programs, credit transfer programs, external degree programs and distance learning programs.
Nowadays, the new trend in the higher education sector in Malaysia is corporatised whereby both public and private educational institutions are encouraged to be involved in enterprise and corporate cultures.This trend is reflected in the corporatization of Australian and Singaporean universities called "entrepreneurial universities" and "autonomous universities" in Indonesia and Thailand.Instead of producing and transmitting knowledge as a social good, the PHEIs are emphasizing the production of knowledge as a marketable good and a saleable commodity.It can be seen that PHEIs in Malaysia are adopting a commercial approach to higher education.
According to Gates and Hexter (2005), many firms that have adopted ERM offer extra support to the opinion that ERM will increase the firm's performance and reputation.By adopting systematic and consistent approaches in handling all of the risks opposing an organisation, ERM is supposed to lessen a firm's overall risk of failure, thus, improving its performance and, in turn, the value of the organisation.An ERM system, which is a subset of an organisation management control system, is proposed to recognise and handle future unclear events that may badly affect the firm's performance.In addition, Dafikpaku (2011) stresses that ERM was planned to decrease risks inherent to the minimal stage for the pledge to the realisation of the estimated outcomes.
Indeed, there is a rising encouragement for the general argument that organisations will increase their performance by adopting ERM programs (Gordon et al., 2009).They conducted a study on factors affecting a firm regarding five items: (1) environmental uncertainties; (2) industry competition; (3) firm size; (4) firm complexity; and (5) board of directors' monitoring.The study focused on 112 samples of U.S. firms that reveal their ERM adoption and the findings confirmed that these five factors affect firms' performances.
ERM could be used to attain firms' aims as recommended by Wan Daud and Yazid (2009) as ERM is a new holistic method in handling corporate risks.Organisations that have implemented an ERM method have experienced significant and tangible benefits containing a rise in financial value, a decrease in losses, and general enhancements in the management of overall risks.ERM can add value through opportunities that are identified through risk management.This is the idea that ERM not only helps manage the negative aspects of risks but also allows the company to identify and, therefore, increase the positive outcomes from risks (Shaw, 2008).Stephen (2001) studied the differences between hazard and financial aspects of ERM and concluded that risks coming from hazards will impact financial losses for organisations.He suggested that each organisation could prevent any expected hazard to reduce risks occurred that led to financial or other physical losses.He added that effective risk management would help the organisation to manage risks properly.Pagach and Warr (2010) studied the effect of the implementation of ERM principles on firms' long-term performance by examining how financial and marketing change around the time of ERM adoption.They found that some firms that adopted ERM experienced an increase in earnings and finances.A year later, Pagach and Warr (2011) consistently mentioned that better performance resulted from the ERM employed.Previously, Pagach and Warr (2007) also did a study among 138 financial firms and found that firms implementing ERM are doing so for some causes that are consistent with similar performance.
In the real world, Folks (2001) noted that ERM assures improvement of future operations while enhancing the management's ability to handle business competently.Heneghan (2008) agrees that adopting the ERM system would give an advantage in the enhancements within governance, strategy and performance.Heneghan (2008) also added that the adoption of ERM will increase the performance in management, marketing and finance.This is supported by Protiviti (2010) who concluded that ERM can enhance the reputation of an organisation in many aspects such as management, market and finances.Thus, this research will include performance based on Heneghan (2008) and Protiviti (2010) which are management, financial and marketing.
Based on the brief discussion above, it can be concluded that ERM impacts firm performance in many areas such as management, finance and marketing.Therefore, this study took these three performances as dependent variables as they always look important and get the most attention from previous authors.Thus, they are also seen as indicators to measure the performance of particular firms, especially in the educational sector, as intended by this research.

Drivers of ERM
Since the 1990s when it was first introduced, studies on ERM have become popular among researchers.A majority of previous studies revealed a significant relationship between ERM drivers and their impact on performance (Kaya, 2017;Hoyt & Leibenberg, 2008;Gates & Hexter, 2005;Dafikpaku, 2011;Gordon et al., 2009;Wan Daud & Yazid, 2009;Shaw, 2008;Stephen, 2001;Pagach & Warr, 2007, 2010, 2011;Folks, 2001;Heneghan, 2008;Protiviti, 2010).In contrast, Razali et al (2011) suggested that there is no significant relationship between some of these drivers to ERM practices.Previous studies focused on many aspects such as the factors and impact of ERM.For instance, Dickinson (2001) listed many factors that drive ERM implementation.This study reported that there are two main components of drivers, which are external and internal factors.Some external factors are related to those in the marketplace in which a firm competes such as players in new markets, changing consumer tastes or new product growths.Other external factors arise from a broader context.For example, changes in the economy, capital and financial market conditions and also political, legal, technological, demographic and other environments.Another set of factors arises from within the firm itself or internal factors.These are human mistakes, fraud, system disappointment and the distraction of production.
For internal factors, Dickinson (2001) agreed that there is a significant positive relationship between ERM adoption and performance.This becomes one of the threats for organisations to implement ERM effectively.Thus, the author proposes that H1: Internal factor for ERM driver is positively significant with its impact on performance.
Meanwhile, Dionne and Triki (2005) conducted a study to evaluate the importance of education among BODs and the influence of size in banking organisations from 36 firms.Generally, they found that education is very essential for BODs, particularly, financial education.In other words, the BODs are considered an important part of a corporate governance system where they play a central role and are viewed as a primary means for shareholders to exercise control over top management.On the other hand, they realise that the size of a firm influences the performance of particular organisations.Thus, they reported that as the firm size increases, it becomes more difficult to sustain impressive performance.On the other hand, larger firms can have a higher performance because they benefit from greater diversification and economies of scale as well as cheaper sources of funds.Besides that, Beasley et al., (2007) were interested in studying whether size and types of institution are relatively correlated to ERM implementation.Finally, they found that firms with ERM programs are more likely to have a larger size, and are operating in the banking, education or insurance sectors.Accordingly, the author proposes that H2: Size and types of institutions for ERM drivers are positively significant with their impact on performance.
In addition, Hoyt and Liebenberg (2008) believed that pressures from external stakeholders are regarded as an important driving force behind the adoption of ERM programs.Regulatory force is likely to have a similar effect on all rivals within a given industry while investor forces may vary depending on the relative impact of different investor groups for each business.Organisations are relatively more important than individual investors and capable of exerting better pressure for the implementation of an ERM system.So, businesses with a higher proportion of shared ownership will be more likely to participate in ERM.In this research, the external factor consisted of two elements which were law and regulation compliance and external auditors.According to Hoyt and Liebenberg (2008), regulators were focusing on all aspects of risk during examinations for particular situations.Accordingly, the author proposes that H3: External factor for ERM driver is positively significant with its impact on performance.
Based on the brief discussion above, the researcher concluded that there are three main drivers of ERM namely internal factors, size and types of institution and external factors.In this research, those drivers again were tested as independent variables.In this research, three dimensions of internal factors were identified which were the Chief Risk Officer (CRO), the influence of the top management and training and education.Also, two dimensions of external factors had been identified which were law and regulation and external auditors.

Relationship between ERM and BODs on performance
The BODs have an important role in the management of any organisation.Concerning ERM, COSO (2004) described ERM as a process affected by an entity's BODs, management and other personnel, applied in strategy setting and across the enterprise and designed to identify potential events that may affect the entity and manage risks within its risk appetite and provide reasonable assurance regarding the achievement of the entity's objectives (Shaw, 2008).This quote clearly shows the involvement of personnel such as the BODs and others in managing risks that might arise within organisations.With proper management and supported by a trained workforce, organisations can perform better and reduce their internal risks.
BODs have various and important roles (Mooney, 2004).The BODs and other managers play vital roles in defining the overall risk management approach of the firm.They recognized that part of their responsibilities is to manage risk and afford guidance and direction on how the firm is managing risk (Lipsky, 2010).Since the introduction of ERM, it is ultimately the responsibility of BODs (Fraser, 2010) to receive and review the risk principles, ERM policy and framework, and risk profiles and participate in risk workshops.Werner (2010) said that ERM helps the BODs to perform their oversight role providing a focused and coordinated view that allows the board to confirm that their actions are assisting adequate risk coverage.In addition, Williams (2010) agreed that BODs in the company are positive about ERM and they started to understand risks and ask more questions.These views indicated that the role of BODs is important to implement ERM within organisations and, finally, give impact on performance.In addition, ERM is also a process by which the BODs and executives of a corporation define the firms' strategies and objectives so as "to strike an optimal balance between growth and return goals and related risks" (Stephen, 2001).The BODs have vital accountability for the enterprise risks of firms.The BODs are accountable for ensuring that the firm has developed applicable risk management programs and overseeing management adoption of such programs.
The roles of BODs are defined clearly by Stephen (2001) who said that the board's role in risk management is to ensure that the firm has put an effective risk management program with processes into place "for identifying, assessing and managing all types of risks, such as operational risk and market risk".He also added that the board's role includes "making sure that all the appropriate policies, methodologies and infrastructure are in place".In addition, it is generally not the CEO that decides to implement ERM.Indeed, it is the BODs that usually lead this initiative (Lam, 2001).The BODs are responsible for deciding on the adoption of the ERM program in such organisations.They need to have knowledge and exposure to ERM before implementing it in the organisation.In this study, the researcher describes BODs as moderator factors that are believed to have a significant relationship between the driver and the impact of ERM on performance.Wan Daud (2011) agrees that there is a significant positive relationship between the levels of ERM implementation in the PLCs in Malaysia to the quality of BODs.
According to resource dependency theory, BODs bring information and expertise to the institution, create channels of communication with the institution's important extent constituents, obtain commitments of support from outsiders and work to create legitimacy for the institutions in its external environment (Pfeffer & Salancik, 1978).Thus, this theory views BODs as ' insiders, business experts, support specialists and community influential (Hillman et al., 2000).As a main role in an institution, BODs' decisions would affect an institution's performance.Therefore, the researcher proposes that H4: The Board of Directors has a significant effect as a moderator between the internal factors for drivers and the impact of ERM on performance.H5: The Board of Directors has a significant effect as a moderator between the size and types of institutions for drivers and the impact of ERM on performance.H6: The Board of Directors has a significant effect as a moderator between external factors for drivers and the impact of ERM on performance.
Figure 1 illustrates the relationships of the hypotheses H4, H5 and H6 and those between the ERM drivers and the impact of ERM on performance with BODs as a moderator.

Research Methodology
To assess the relationship between the drivers of ERM adoption, the role of BODs and its impact on performance, the process of data analysis begins after the data had been collected.To conduct preliminary data analysis inclusive of frequencies, means, standard deviations and, in general, preliminary information about the sample descriptive statistics, SPSS version 22.0 was used.This information will provide a big picture of the collected data and representativeness of the sample.In the next phase, Partial Least Square-Structural Equation Modelling (PLS-SEM) will be used to examine the research model presented in the second chapter.Moreover, PLS does not demand for normality of the data distribution and also does not require any particular minimum sample size (Hair et al., 2014).
Based on the sampling, 217 respondents were selected.After the data were obtained through questionnaires answered by the respondents, the data would be keyed into the software for analysis.For this study, the data were analysed using frequency analysis, reliability analysis, means analysis, correlation coefficient analysis and regression analysis.Results obtained from these tests were utilised to identify the relationship between drivers to ERM adoption, the role of BODs and the impact of ERM on performance.

Sample
Table 1 illustrates the category of PHEIs in Malaysia.The population of PHEIs in Malaysia could be categorised into four including private universities, university colleges, foreign universities campuses and colleges.It also showed the population size based on their category.The majority of PHEIs were from colleges with 406 respondents, while the private universities with 61 (41+20) respondents, university colleges with 34 (28+6) respondents, followed by foreign universities campuses with 9 (8+1) respondents.Thus, sampling is important to determine adequate respondents from the total number of the target population which should be adequate to warrant generalisation of the population (Field, 2009).The suggested sample size is at least 150 and not exceeding 500, which is adequate for SEM (Hair, 2010).Consistent with the above suggestions, the minimum number of respondents targeted in this study was set at 217 (5% error) for SEM.

Result Respondents' general descriptive statistics
Based on the results, 114 respondents (55.3 per cent) were male and 92 respondents (44.7 per cent) were female.The majority of them were aged between 41 -50 years old.Most of them were from the Malay ethnicity (75.7 per cent) and held Masters Degree (61.7 per cent).In terms of position, the majority (62.1 per cent) of them were from the other categories such as Deputy Director, Registrar, Academic Director, Dean, Deputy Vice-Chancellor, Head of Department, Executive and Senior Manager.These positions were obtained from a question where the respondents wrote in the space provided.Meanwhile, 45.6 per cent served the institution between one to five years.Of all the institutions which participated in this study, most of them (58.7 per cent) had been established for more than 16 years.In terms of ownership, 68.9 per cent belong to Bumiputeras.With regards to the ERM questions, most of them (59.7 per cent) knew a particular item, gained knowledge from reading (72.3 per cent) and basically, most of the institutions were partially practising ERM (33.5 per cent).

PLS Results
The researcher employed the PLS-SEM analysis technique using the SmartPLS 3.2.1 software Ringle et al (2015) to analyse the research model.Following Anderson and Gerbing, (1988)'s recommended two-stage analytical procedure, the researcher tested the measurement model (validity and reliability of the measures) and examined the structural model (testing the hypothesised relationships).A bootstrapping method was used to test the significance of the path coefficients and the loadings (Hair et al., 2014).In summary, the researcher overviewed the summary of the whole findings about the hypotheses as stated in the previous section.Table 2 presented the findings based on the structural model (H1 -H3) and Table 3 presented the analysis of moderating effect (H4 -H6), using the PLS-SEM algorithm in SmartPLS3.2.1 software.

Discussion and Conclusion
The research partially supported the five (5) hypotheses of ERM that would be decided for adoption in the institutions.Findings in this area included adopting ERM to improve performance in areas such as management, finance and marketing.The research indicated that both internal factors and size and type of institutions would impact ERM on these performances.These were in line with the research by previous researchers (Kaya, 2017;Hoyt & Leibenberg, 2008;Gates & Hexter, 2005;Dafikpaku, 2011;Gordon et al., 2009;Wan Daud & Yazid, 2009;Shaw, 2008;Stephen, 2001;Pagach & Warr, 2007, 2010, 2011;Folks, 2001;Heneghan, 2008;Protiviti, 2010).However, the relationship between the external factor and the impact of ERM on performance was negative.
In the private sector, PHEIs in Malaysia are free to decide whether to adopt ERM or not.It is not an offence because there are no rules and regulations which state that private sectors are bound by these regulations.However, the BODs play an important role in deciding the best way to manage risks in their institutions.In brief, PHEIs considering ERM will likely go through a similar process of identifying ERM as a new business practice to be adopted at the institution.If this decision is favourable, the PHEIs will then go through the process of designing the ERM program, introducing and utilising ERM, and integrating ERM so that it becomes an accepted practice in the institution.Encouragement and motivation from the BODs seem important to make sure this dream comes true.

Relationship
In conclusion, this research adds to existing research on ERM, especially addressing the PHEIs in Malaysia.PHEIs face increasing pressure to manage complex and often ambiguous risks associated with operating in an environment influenced by changing technologies, demands from multiple stakeholders, and the effects of globalisation.However, as March and Simon (1993) stated, to act, HEIs need "simplified models that capture the main features of a problem without capturing all its complexity".ERM, Paape and Spekle (2011) stated that by choosing to adopt ERM, organisations face very open-ended design problems, with little concrete guidance at the operational and instrumental levels.Indeed, the research findings strongly recommend that PHEIs in Malaysia should adopt ERM in their institutions because this program would help the PHEIs to reduce risks.As suggested by Al-Tabbaa et al., (2022), all organisations especially non-profit organizations must be proactive, innovative and risktaking.Therefore, PHEIs also must prepare themselves to face and solve risks with the best solution, known as the ERM program.

Theoretical and Contextual Contribution of the Study
The research contributes to the theoretical understanding of ERM by focusing on its implementation within the unique context of private higher educational institutions in Malaysia.This can enrich the existing literature on ERM, which may be more prevalent in corporate settings.Besides that, this research is investigating the role of the Board of Directors in ERM implementation which will help bridge the gap between corporate governance and risk management literature.Understanding how boards contribute to the effective implementation of ERM can provide theoretical insights into the integration of governance structures with risk management practices.On the other part, the research can explore how the Board of Directors considers the interests of various stakeholders in the higher education sector and how this influences decision-making regarding ERM.This theoretical lens can enhance their understanding of the interconnected relationships between the board, institution, and stakeholders in managing risks.
In the contextual contribution, the research focuses on the Malaysian context, addressing the specific challenges and opportunities faced by private higher educational institutions.This ensures that the findings are directly applicable to the unique regulatory, cultural, and institutional context of Malaysia.In addition, studying the role of the Board of Directors in ERM implementation, research can provide valuable insights for policymakers in the Malaysian higher education sector.Recommendations and findings may influence the development of policies that promote effective risk management practices tailored to the needs of private institutions.Furthermore, institutions can benefit from practical insights derived from the research.Understanding how boards contribute to ERM implementation can offer practical guidance to private higher educational institutions in Malaysia, helping them develop and refine their risk management strategies.Moreover, the study contributes to the enhancement of organizational resilience in higher education.By identifying the role of boards in ERM, institutions can proactively address risks, adapt to changes, and navigate uncertainties, ultimately contributing to their long-term sustainability.Finally, while focused on Malaysia, the research may have broader implications for private higher educational institutions globally.Comparative analyses with ERM practices in other countries can highlight universal principles as well as context-specific considerations.
In summary, the research not only advances theoretical understanding within the realms of ERM and governance but also provides practical insights with direct relevance to the Malaysian private higher education sector.The findings can inform policies, guide institutional practices, and contribute to the overall enhancement of risk management strategies in higher education.

Table 1
Numbers of PHEIs according to category

Table 2
Results of the structural model analysis (hypotheses testing)