J Manag Gov (2010) 14:17–36

DOI 10.1007/s10997-009-9089-6

Board structures and the establishment of a risk

management committee by Malaysian listed firms

Puan Yatim

Published online: 21 March 2009

Springer Science+Business Media, LLC. 2009

Abstract The purpose of this study is to examine the association between the
establishment of a risk management committee and board structures of Malaysian
listed firms. The study predicts that more independent, expert, and diligent boards
are likely to establish a stand-alone risk management committee. It employs a cross-
sectional analysis of 690 firms listed on the Bursa Malaysia for the financial year
ending in 2003. Multiple regression analysis is used to estimate the relationships
proposed in the hypotheses. The study finds a strong support for an association
between the establishment of a risk management committee and strong board
structures. Specifically, the result shows that firms with higher proportions of non-
executive directors on boards and firms that separate the positions of chief executive
officers and board chairs are likely to set up a stand-alone risk management com-
mittee. Firms with greater board expertise and board diligence are also likely to
establish a risk management committee. These findings suggest that stronger boards
demonstrate their commitment to and awareness of improved internal control
environment. Finally, the study also documents a positive and significant associa-
tion between firm size, complexity of a firm’s operations, and the use of Big Four
audit firms with the establishment of a risk management committee.

Keywords Corporate governance
Malaysian companies
Risk management

Boards of directors
Internal control

P. Yatim (&)
School of Business Management, Faculty of Economics and Business,
Universiti Kebangsaan Malaysia, 43600 Bangi Selangor, Malaysia
e-mail: puan@ukm.my

123
18 P. Yatim

1 Introduction

The concept of risk management has become central to corporate governance and is
linked to the idea of internal control. Consistent with a risk-based approach, a board
that puts in place firm-wide risk management system increases risk awareness within a
firm. This increase in awareness and knowledge allows the board for more sound
decision making and creates a positive impact on the governance structures and on
control environment of the firm. Auditors are likely to perceive boards of directors
that actively participate in risk management as more thorough when reviewing the
effectiveness of internal controls. This, in turn, reduces the likelihood that
uncontrolled business risks cause unexpected losses, reputational damage or strategic
setbacks. Further, firms that are proactive in risk management activities are not only
able to detect and prevent frauds but can also enhance their financial reporting quality.
Risk management has become more of a focus for committees of the board. The
audit, finance, or risk management committee of the board generally considers risk
management. Recent literature indicates that audit committees are becoming
increasingly involved in risk management but there are doubts about the robustness
of the challenge that audit committees can offer to risk management effectiveness. For
instance, Zaman (2001) suggests that it is unreasonable to expect audit committees to
perform more than high level reviews given their lack of expertise and time,
especially following the additional responsibilities imposed upon them by the various
code on corporate governance (e.g., Combined Code, FRC 2006, Malaysian Code on
Corporate Governance, Securities Commission 2007) and legislative reforms (e.g.,
Sarbane-Oxley Act (SOX) 2002).1 IIA (2004) emphasizes the separation of internal
audit from risk management process, but the requirement for internal auditors to
comment on the appropriateness of risk management leads internal auditors to new
territory. This implies a depth understanding of some internal audit function may not
possess (Fraser and Henry 2004).2 Therefore, the preceding discussion supports the
call for a stand-alone risk management function to help strengthen the internal control
system of a firm. Boards that establish a stand-alone committee that focuses solely on
the risk management function demonstrates their commitment to improving the
overall corporate governance structures of their firms.
Good corporate governance is evolving from command-and-control dictums to a
more proactive and continuous process that identifies, measures, and manages risk
across the firm. New requirements also place additional responsibilities on the board
of directors to implement strong internal control processes, which often include
firm-wide risk management and mitigation activities. This helps firms shift their

1
Turnbull Report (1999) suggests that responsibility for risk management could be delegated to the audit
committee and in many organizations internal audit reports directly to the audit committee on risk
management. However, if the expertise of both internal auditors and audit committee members lies in
financial matters, there is a possibility that only a limited range of risks will be addressed.
2
Malaysian companies without a stand-alone risk management committee report that the oversight of
their risk management and control activities is embedded in the internal audit functions (IAF) which
report to their audit committees on the state of their internal controls. A survey of 380 publicly listed
Malaysian firms by the Institute of Internal Auditors Malaysia also reveals that 58 percent of these firms
have their own internal audit function (IAF) (IIA Malaysia 2003).

123
Establishment of a risk management committee by Malaysian listed firms 19

corporate governance focus from legal and regulatory compliance to broader-based

business risks (Power 2000).
Heightened awareness of risk management is largely due to many recent
corporate disasters and unexpected business failures (Walker et al. 2002).
Consequently, these corporate collapses have alerted investors and corporate
governance reform advocates to the importance of sources of risk and uncertainty
and company directors, as a result, have been required to report their internal control
mechanisms. For instance, in 2004, the Committee of Sponsoring Organizations of
the Treadway Commission (COSO) (2004) issued its Enterprise Risk Manage-
ment—Integrated Framework that provides a model of the ERM (Enterprise Risk
Management) process and defines ERM as:
‘‘[A] process, effected by an entity’s board of directors, management and other
personnel, applied in strategy setting and across the enterprise, designed to
identify potential events that may affect the entity, and manage risk to be
within its risk appetite, to provide reasonable assurance regarding the
achievement of entity objectives.’’
The COSO (2004) framework views ERM as an ongoing, systematic process that
involves board and senior management understanding future events that can
strategically affect the organization. The primary emphasis is on managing risks
affecting the organization’s objectives, including those related to strategy,
operations, reporting, and compliance.
This study makes an important contribution to the risk management and corporate
governance literature. The study not only explores the factors associated with the
establishment of a risk management committee but it also provides insights into
corporate governance practices adopted by Malaysian listed firms. Further, the study is
undertaken in an institutional environment where firms are required to form an audit
committee and disclose internal control compliance. Finally, while firms are mandated
to set up an audit committee, no similar requirements are imposed concerning the
establishment of other board committees such as risk management committee.
The rest of this study is organized as follows. The next section briefly explains
the Malaysian corporate governance environment. This is followed by a section on
the theoretical background of the study and the development of the hypotheses. The
third section describes the research design. The results of the study are reported in
the fourth section while in the final section conclusions are drawn and the
implications of the study are discussed.

2 Malaysian corporate governance environment

Apart from implementation of the Malaysian Code on Corporate Governance in 2000,

the Bursa Malaysia’s Listing Requirements of 2001 also mandate public listed
companies to submit quarterly reports and state their corporate governance
compliance or non-compliance in their annual reports in accordance with the
recommendations set out in the Malaysian Code on Corporate Governance. The
revised Listing Requirements of 2001 also provide greater obligations for public listed

123
20 P. Yatim

companies to enhance Malaysia’s corporate governance regime. Specifically, the

amended Listing Requirements of 2001 outline requirements for financial reporting,
disclosure on corporate governance matters and continuing listing obligations. Other
than the audit committee which has been mandatory since 1993, the Malaysian Code
on Corporate Governance also recommends that the board of directors appoint
Remuneration and Nomination Committees. The establishment of other committees
such as a Risk Management Committee and a Corporate Governance Committee is
also recommended but these committees are less frequently set up by listed firms.
The Malaysian Code on Corporate Governance strongly recommends the
separation of responsibilities between the board chair and the CEO even though the
Bursa Malaysia Listing Requirements 2001 does not require the division of these
positions. The segregation of these positions is seen as a key characteristic of an
effective and an independent board. The Malaysian Code on Corporate Governance
also states as principle that the board of directors should maintain a sound system of
internal control. This led to the issuance by the exchange of ‘‘A Guidance on
Statement of Internal Control’’ in May 2000. This guideline explains the key areas
that directors must pay attention to before they make A Statement of Internal
Control in their companies’ annual reports. The guideline emphasizes the need for
proper risk management which is a critical element of a sound system of internal
control. In making the Internal Control Statement, a listed firm is required to address
issues related to internal controls as recommended by the Principle and Best
Practices in the Malaysian Code on Corporate Governance. This includes that the
board of directors should: (a) maintain a sound system of internal control to
safeguard shareholders’ investment and the firm’s assets, (b) identify principal risks
and ensure the implementation of appropriate system to manage risk, and (c) review
adequacy and the integrity of the firm’s internal control systems.
Despite the heightened awareness of risk management and interest in risk
management, little research has been conducted on the topic (Liebenberg and Hoyt
2003). This is especially true in accounting and corporate governance literature
(Beasley et al. 2005). One of the reasons for the lack of research is largely due to the
lack of meaningful data about risk management practices (Tufano 1996). The
paucity of research in the area of corporate governance and risk management, in
particular, in small economies such as in Malaysia, motivates this study to explore
factors that are likely to lead to the establishment of a risk management committee
as one of the board committees by boards of directors of Malaysian listed firms.

3 Theoretical background and research hypotheses

Consistent with the risk-based approach, a firm that establishes a risk management
committee as one of the board committees demonstrates a greater awareness of the
importance of risk management and control (The Committee of Sponsoring
Organizations of the Treadway Commission, The (COSO) 1992, 2004; Hermanson
2003; Selim and McNamee 1999). As monitoring by the board of directors is
heightened through a stringent risk management procedure, one can argue that the
financial reporting quality and risk management and mitigation programs of the firm

123
Establishment of a risk management committee by Malaysian listed firms 21

are greatly enhanced. Hence, in the context of good corporate governance practices,
this study examines the association between the establishment of a risk management
committee and board governance structures. Specifically, the study predicts that a
board that is more independent, expert, and diligent is likely to set up a stand-alone
risk management committee to oversee and control various risks faced by the firm.
Risk management involves the contribution of many actors at different levels of a
firm. Boards of directors and the CEO have the responsibility for setting strategic
direction of the firm and creating the environment for an effective risk management
system. Prior studies generally posits that board independence from management
provides, among other things, the most effective monitoring and control of firm
activities. Agency literature suggests that outside directors contribute expertise and
objectivity that minimize opportunistic behaviors and expropriation of firm
resources (Byrd and Hickman 1992; Fama and Jensen 1983a). Hence, a board of
directors with a higher proportion of outside directors is likely to provide superior
oversight of a firm’s risk management activities. In addition, outside directors may
seek to protect their reputations as experts in monitoring because the market for
directors is likely to alienate those associated with corporate financial scandals or
poor performance (Fama 1980; Fama and Jensen 1983; Gilson 1990). Therefore,
boards with a higher proportion of outside directors are likely to establish a risk
management committee to enhance their monitoring ability.3 The preceding
argument leads to the first hypothesis which tests the assertion that a more
independent board is likely to set up a risk management committee.
H1 The establishment of a risk management committee is positively associated
with the proportion of non-executive directors on boards.
A further independence issue relates to the ability of a board of directors to
monitor when the firm has different individuals holding the positions of the board
3
Director independence is perhaps the most debated corporate governance issue faced by today’s
corporation. While the study recognizes the importance of board independence, there exists no common
consensus as to the definition of ‘‘independence’’. Listed companies in Malaysia identify their directors in
terms of ‘‘executive’’, ‘‘non-executive’’, and ‘‘independent non-executive’’ directors, and disclose little
information regarding the affiliation of their directors to public. As a result, there exists lack of
consistency in interpreting the definition of independence as well as lack of disclosure of such
information by firms in their annual reports and in other forms of corporate governance communication
(Brennan and McDermott 2004). Studies examining the independence of directors have also found it
difficult to compare one firm’s definition of director independence to other firms. For example, previous
studies have avoided the word ‘‘independence’’ by using ‘‘outside directors’’ to describe directors who are
presumed to be independent from management (see for instance Hanrahan et al. 2001; Anderson et al.
2004; Ajinkya et al. 2005; Goodwin-Stewart and Kent 2006). It is only recently that various corporate
governance reports have added to the existing interpretation of what it means for a director to be
‘‘independent from management’’ (MICG 2001; Australian Stock Exchange, Corporate Governance
Council 2003; and the Higgs 2003). Notwithstanding the lack of consensus on the definition of outside or
independent directors, it is still the most ‘‘recommended’’ practice of good corporate governance that
companies should, in an effort to enhance the effectiveness of the board, constitute a board of directors
with a majority of outside directors. Having examined the profiles of directors disclosed in annual reports
of the sample firms used in the current study, I conclude that majority of these non-executive directors are
independent and non-executive directors. Following prior studies such as Anderson et al. (2004) and
Goodwin-Stewart and Kent (2006), the current study considers non-executive directors as independent
from senior management whose role is to provide an outsider’s contribution and oversight to the board of
directors.

123
22 P. Yatim

chair and the CEO. The literature and governance guidelines show that a board’s
ability to perform its governance role is weakened when the CEO is also the board
chair (Fama and Jensen 1983; Dechow et al. 1996; Brickley et al. 1994; Beasley et al.
2000; The Cadbury Committee Report 1992; The Malaysian Institute of Corporate
Governance (MICG) 2001).4 For this reason, this study predicts that firms that
separate the board chair and the CEO positions are likely to set up a risk management
committee to demonstrate the board of directors’ commitment to the awareness of
risk management. The preceding argument generates the following hypothesis:
H2 The establishment of a risk management committee is positively associated
with the separation of the board chair and the CEO positions.
Board expertise is important in assuring that the oversight role of the board of
directors is effectively discharged. Fama (1980) and Fama and Jensen (1983) argue
that directors who sit on boards of other companies have established their
reputational capital as expert decision makers and monitors. Recent studies have
specifically linked multiple directorships to higher debt ratings (Ashbaugh-Skaife
et al. 2006), and to lower accounting conservatism (Ahmed and Duellman 2007).
Consistent with other studies (see for instance Beasley 1996; Cotter et al. 1997;
Carcello et al. 2002), this study uses multiple directorships measured as the average
number of outside directorships held in other firms by non-executive directors as a
proxy for board expertise. Directors who hold other directorships in other firms are
more likely to lose from poor performance or opportunistic managerial behavior.5
Further, Gilson (1990) documents that directors who resign from, for example,
bankrupt firms hold approximately one-third fewer directorships three years after
their resignations. Therefore, it is expected that boards with greater board expertise
are likely to be more supportive of the establishment of a risk management
committee. Outside directors are more assured that their reputational capital is
somewhat secured as the board of directors is committed to strengthening the
4
The current study recognizes the issue surrounding the independence of board chair, as non-executive
board chairs do not necessarily constitute independence. In 1998, the Hampel Report alluded to this
situation by recommending that British boards name a senior independent director who could monitor the
nonexecutive chair. In drawing up the proposed Malaysian Code on Corporate Governance, the Finance
Committee on Corporate Governance viewed the Hampel Report (1998) as the most appropriate for
Malaysian listed firms (FCCG 1999). Consistent with the recommendation set out in the Hampel Report
(1998), the Malaysian Institute of Corporate Governance (MICG) (2001) also recommends that
Malaysian boards identify and name a senior independent non-executive director who could ride herd the
board chair. Consistent also with the existing literature and the disclosure requirement of a senior
independent non-executive director by Bursa Malaysia, this current study maintains that the separation of
the CEO and the board chair positions, regardless of whether the board chair is independent non-
executive director or not, is considered as a good corporate governance practice.
5
More recent literature questions the wisdom of directors holding too many board seats. Shivdasani
(1993); Shivdasani and Yermack (1999), and Jiraporn et al. (2008) argue that the benefits of outside
directorship levels could be non-linear, declining for the highest directorship levels as serving on numerous
boards can result in overstretched directors and ineffective oversights (Core et al. 1999). Consequently,
recent studies such as Jiraporn et al. (2008) consider the possibility of non-linear relationship between
multiple board directorships and board committee memberships. Empirical findings on the multiple
directorships are inconclusive. The current study does not test for the possibility of non-linear association
between multiple board directorships and the establishment of a risk management committee partly
because findings documented by prior studies thus far are somewhat mixed and inconclusive.

123
Establishment of a risk management committee by Malaysian listed firms 23

overall governance and control environment. The following hypothesis is therefore

tested:
H3 The establishment of a risk management committee is positively associated
with board expertise.
The diligence of the board may include factors such as the frequency of board
meetings and the behavior of individual board members surrounding board meetings
(e.g., meeting attendance, preparations before meetings, and participation during
meetings). While there are multiple components to diligence, prior studies (see for
example Carcello et al. 2002; Goodwin-Stewart and Kent 2006; Yatim et al. 2006)
have generally used the number of board meetings as proxy for the diligence
because other quantitative metrics of diligence are not publicly observable (DeZoort
et al. 2002). Such focus on board meetings is appropriate given that frequent board
meetings potentially allow for improved communication between directors and
internal control function (i.e., risk management committee) and enable the board of
directors to be more effective in their oversight. In addition, frequent board
meetings suggest a more active board (Raghunandan and Rama 2007).
The intensity of board activities is likely to contribute to the effectiveness of its
oversight function such as in matters concerning firm operations and investments.
Lipton and Lorsch (1992) and Byrne (1996) argue that boards that meet frequently are
more likely to perform their duties diligently and are beneficial to shareholders.
Similarly, Conger et al. (1998) and Vafeas (1999a, b) suggest that board meeting time
is an important resource in improving the effectiveness of a board. Therefore, a board
that demonstrates a greater diligence in discharging its oversight responsibilities is
likely to enhance the level of oversight of the risk management activities.6 As such, it
is expected that more diligent boards are likely to support the establishment of a risk
management committee. The discussion above leads to the following hypothesis:
H4 The establishment of a risk management committee is positively associated
with board diligence.

4 Data, variables, and empirical method

4.1 Data collection

The sample comprises the Bursa Malaysia non-financial public listed companies
whose annual reports are available in 2003.7 The firms in the sample are either listed
6
Although the number of board meetings does not directly measure quality, higher frequency of board
meetings indicates that boards are more active in their oversight role and are likely to internalize risk
management discussions in the boardroom, in particular, boards without risk management committees.
7
The concern of outdated data used in this study is understandably valid. Nevertheless, the data are
important and relevant to the context of the study. Irrespective of the period of the study used, little has
changed with respect to the corporate governance environment in Malaysia since the incorporation of the
Malaysian Code on Corporate Governance (MCCG) into the Listing Requirements of Bursa Malaysia in
2001. In addition to various existing mandated corporate governance disclosures, all listed firms are now
required to make a statement in their annual reports on the CSR activities undertaken during a financial

123
24 P. Yatim

on the Main Board or the Second Board of the Bursa Malaysia. The Main Board
companies have a minimum paid-up capital of Ringgit Malaysia (RM) 60 millions
while the Second Board companies are those that have a minimum paid-up capital
of RM40 millions. Both the financial and corporate data of these firms are obtained
from their annual reports. A total of 690 firms meet the selection criteria are
included in the study.

4.2 Variables

The study tests four hypotheses using a logistic regression model, with the
dependent variable coded as 1 if a firm has a stand alone risk management
committee, and 0 if otherwise. The hypothesized variables used in the study are
board independence, dual leadership, board expertise, and board diligence.8 Board
independence is measured as the percentage of non-executive directors on boards,
while dual leadership is a dummy variable coded as 1 if the positions of the board
chair and the CEO are separated and held by two different individuals, 0 if
otherwise. Board expertise is measured as the average number of outside
directorships held in other firms by non-executive directors. Finally, board diligence
is the number of meetings of full board held during the financial year.
The study also incorporates several control variables found by related literature
that may influence the likelihood of firms establishing a risk management
committee. It is expected that the establishment of a risk management committee
to be positively associated with firm size, complexity of a firm’s operations and
decentralized business segments, firm leverage, and the use of Big Four audit firms.
Wallace and Kreutsfeldt (1991) identify firm size as one of the firm characteristics
that could influence a firm’s decision to set up an internal control mechanism. Top
management is more likely to lose direct control of the firm’s operations and risk-
taking activities in large firms. Hence, firms listed on the Main Board of the Bursa
Malaysia are, therefore, more likely to set up a stand-alone risk management
committee. As a proxy for firm size, the study uses a dummy variable of 1 if a firm

Footnote 7 continued
year starting from financial year end 2008. I examined the most recent annual reports (i.e., financial years
of 2007 and 2008) and corporate governance disclosures of the sample firms used in this study. The board
variables employed in this study such as board independence, the separation of the CEO/board chair
positions, multiple directorships, and frequency of board meetings remain qualitatively and statistically
similar to those reported in 2003. The only noticeable change is the increase in the number of firms setting
up the risk management committee. The current study finds that 246 firms out of 690 firms have
established the committee as a stand-alone committee. There are 43 firms in the sample which previously
did not have a stand-alone risk management committee have recently established the committee.
8
A related board characteristic that has received some attention in board literature is board size. While
some researchers find that a large board has more expertise than a small one (Dalton et al. 1999), that it
tends to be more effective in monitoring accruals (Xie et al. 2003), and it leads to a lower cost of debt
(Anderson et al. 2004), others suggest that a small board is more effective in mitigating the agency costs
associated with a large board (Yermack 1996; Eisenberg et al. 1998; Hermalin and Weisbach 1998,
2003). Given the mixed empirical findings on board size, it is expected that the relation between board
size and the likelihood of firms establishing a risk management committee is indeterminate. Further,
Boone et al. (2007) suggest that board size vary across firms and change over time to accommodate the
specific growth, monitoring, and managerial characteristics of the firm.

123
Establishment of a risk management committee by Malaysian listed firms 25

is listed on the Main Board of Bursa Malaysia, and 0 if otherwise.9 In addition, the
complexity of a firm’s operations and decentralized business segments also may
require a more effective risk management mechanism so that boards of directors
benefit from clear and comparable details of risks that different divisions or business
units face (Boswell 2001). To control the effect of a firm’s complexity, the square
root of the number of subsidiaries is used. The effect of leverage is also controlled
in the analysis as the risks associated with a high level of leverage may require
firms to evaluate risks on a firm-wide basis. Firms with a high level of leverage are
likely to demonstrate their commitment to the existing debt holders and to their
future creditors that they have a better disclosure of their firms’ risk exposures
(Liebenberg and Hoyt 2003). Thus, the ratio of total debts to total assets is used to
control for the effect of leverage. The study also includes a dummy variable for
Big Four audit firms to control for differences in audit quality. The Big Four audit
firms may be more likely to ensure transparency and eliminate mistakes in a firm’s
financial statements because they have a greater reputation to uphold (Michaely
and Shaw 1995). It is also possible that firms committed to engaging high quality
auditors are also more likely to be committed to a holistic risk management
framework (Beasley et al. 2005). As a result, a firm whose auditor is one of the Big
Four audit firms is likely to set up a risk management committee to monitor
operations and internal control of the firm more effectively. Finally, industry
variations may influence firms to establish a risk management committee.
Anecdotal evidence suggests that certain industries are more likely to adopt a
holistic risk management approach than others. To control for industry variations,
ten industry dummy variables according to sectors classified by the Bursa Malaysia
are included in the model. The sectors are industrial products, consumer products,
technology, construction, trade and services, properties, plantations, hotel, mining,
and infrastructure companies.10

4.3 Research model

The following regression model is used to examine the association between the
establishment of a risk management committee and board and control variables. The
hypothesized and control variables are described in Table 1.

9
The natural log of total assets is also used as a measure of firm size.
10
This study excludes firms related to financial industries such as banks and insurance companies due to
their unique characteristics and different compliance and regulatory environment. Other studies such as
Beasley et al. (2005) include banks and insurance companies in their sample firms due to explicit calls
from industry regulators and leaders for more effective risk management. The study does not control the
impact of industry growth on the likelihood of firms adopting a holistic risk management framework. This
current study, however, recognizes that the adoption of enterprise risk management (ERM) is especially
important for managing risks caused by growth. Hovey (2000) suggests that firms with greater growth
opportunities face more uncertainty and enterprise risk management (ERM) not only helps control risks
associated with growth but also guides growth in the best direction based on the impact of various growth
opportunities on firm-wide risk. These growth firms, therefore, are likely to have greater incentives to set
up a holistic risk mitigation and management mechanism.

123
26 P. Yatim

Table 1 Description of explanatory variables

Variables Description

RMC A dummy variable of 1 if a firm sets up a risk management committee, 0 if otherwise

Firm size A dummy variable of 1 if a firm is listed on the Main Board of Bursa Malaysia, 0 if
otherwise; Firm size is also measured using the natural log of total assets
Complexity The squared root of number of subsidiaries
Leverage The ratio of total debts to total assets
Big four A dummy variable of 1 if a firm’s financial statements are audited by the Big Four
audit firms, 0 if otherwise
Industry A dummy variable of 1 if a firm is in industrial product sector, or in consumer product
dummies sector, or in construction sector, or in technology sector, or in trade and services
sector, or in property sector, or in plantations sector, or in hotel sector, or in
infrastructure companies sector, or in mining sector, or 0 if otherwise
Dual leadership A dummy variable of 1 if a firm has two different individuals hold the positions of a
board chair and a CEO/managing director, 0 if otherwise
Board The percentage of non-executive directors on boards
independence
Board expertise The average number of outside directorships held in other firms by non-executive
directors
Board diligence The number of board meetings held during the financial year

RMC ¼ b0 þ b1 Firm Size þ b2 Complexity þ b3 Leverage þ b4 BigFour

þ b5 IndustryDummies þ b6 Dual Leadership þ b7 Board Independence
þ b8 Board Expertise þ b9 Board Diligence þ e

5 Results

5.1 Descriptive statistics and correlations

Table 2 provides descriptive statistics for the variables used in the model and
Table 3 reports correlations.11 Panel B of Table 2 shows that only 246 firms (about
36 percent) in the sample establish a risk management committee.12 Panel B also
shows that 69 percent of the firms’ financial statements are audited by the Big Four
audit firms. The majority of firms in the sample (470 firms) are listed on the Main

11
The study performs a number of diagnostics on the results reported in Tables 2, 3, and 4 including
investigation of outliers for both control and board variables. The variables with univariate outliers
include firm size, leverage, firm’s complexity (subsidiaries), frequency of board meetings, and multiple
directorships. To test whether outliers alter the results, the outlying observations whose standardized z-
scores exceed ±3 are excluded and the model is re-run. The unreported results are qualitatively similar,
and quantitatively unchanged as those reported in the tables. The statistical package used calculates the
exact correlation regardless of whether the variables are dummy or continuous. Standard diagnostic tests
indicate that multicollinearity is not a serious problem.
12
As mentioned previously, there are 43 firms in the sample which previously did not have a stand-alone
risk management committee have recently established the committee.

123
 Table 2 Descriptive Statistics (N = 690)

Panel A: continuous variables

Variables Minimum Maximum Mean Standard deviation Median

Total assets (Ringgit Malaysia) 4,982,000 59,956,500,000 1,122,170,918.85 3,703,597,113.99 261,369,788.00

Total debts (Ringgit Malaysia) 261,000 44,882,800,000 612,833,303.13 2,717,158,818.21 103,302,101.00
Board independence 0.200 1.000 0.628 0.182 0.625
Board expertise 0.000 13.333 1.944 1.591 1.613
Board diligence 1 22 5.42 2.145 5.00
Number of subsidiaries 0 290 11.52 17.533 7.00

Panel B: dichotomous variables

Variables Yes % No %

Firms audited by big four auditors 477 69.1 213 30.9

Firms listed on main board 470 68.1 220 31.9
Firms separate board chair and CEO positions 580 84.1 110 15.9
Firms with risk management committee 246 35.7 444 64.3
Establishment of a risk management committee by Malaysian listed firms

This table provides summary statistics for the variables employed in the study. Total assets (RM) = Total assets in Ringgit Malaysia; Total debts (RM) = Total debts in
Ringgit Malaysia; Board independence = Percentage of non-executive directors on the board; Board Expertise = Average number of outside directorships held in other
firms by non-executive directors; Board diligence = Number of board meetings held during the financial year; Firms audited by Big Four Auditors = A dummy variable
of 1 if financial statements audited by Big Four audit firms, 0 if otherwise; Firms listed on Main Board = A dummy variable of 1 if a firm is listed on the Main Board of
Bursa Malaysia, 0 if otherwise; Firms with Separate Board Chair and CEO positions = A dummy variable of 1 if a firm’s Board Chair and its CEO are different
individuals, 0 if otherwise; Firms with Risk Management Committee = A dummy variable of 1 if a firm establishes a stand alone risk management committee, 0 if
otherwise
27

123
 28

123
Table 3 Correlation matrix for the variables used in the study (N = 690 firms)
Variables 1 2 3 4 5 6 7 8 9

1 Total assets 1.000 0.966** 0.351** 0.150** 0.098** 0.289** 0.135** 0.205** 0.301**
2 Total debts 1.000 0.251** 0.003 0.009 0.133** 0.108** 0.168** 0.264**
3 Complexity 1.000 -0.029 0.044 0.169** 0.043 0.188** 0.147**
4 Big four 1.000 -0.012 0.128** 0.172** 0.132** -0.013
5 Dual leadership 1.000 0.117** 0.155** 0.121** 0.005
6 Existence of RMC 1.000 0.147** 0.117** 0.121**
7 Board independence 1.000 0.160** 0.207**
8 Board expertise 1.000 0.064
9 Board diligence 1.000

** Correlation is significant at the 0.01 level (two-tailed)

This table provides correlation matrices among the variables used in the study namely total assets, total debts, firm’s complexity (subsidiaries), Big Four audit firms, dual
leadership, the existence of a risk management committee, board independence, board expertise, and board diligence. Total assets is the natural logarithm of total assets;
total debts is the ratio of book value of long-term debts to total assets; firm’s complexity (subsidiaries) is the square root of the number of subsidiaries; Big Four is a
dummy variable of 1 if a firm’s financial statements are audited by the Big Four audit firms, 0 if otherwise; dual leadership is a dummy variable of 1 if a firm separates the
position of the CEO and the board chair, 0 if otherwise; existence of RMC is a dummy variable of 1 if a firm establishes a stand-alone risk management committee, 0 if
otherwise; board independence is the percentage number of non-executive directors on boards; board expertise is the average number of outside directorships held by non-
executive directors; board diligence is the number of board meetings held during the financial year
P. Yatim
Establishment of a risk management committee by Malaysian listed firms 29

Board of Bursa Malaysia and about 84 percent of firms separate the board chair and
the CEO positions.
Panel A of Table 2 indicates that total assets of firms in the sample range from
RM4,982,000 to RM59,956,500,000 with a mean of RM1,222,170,918. The mean
number of subsidiaries is 11.52 ranging from 0 to 290. Panel A also shows that the
mean percentage of non-executive directors on the board is 63 percent. The average
number of outside directorships in other firms held by non-executive directors is
about 2 (minimum of 0, maximum of 13). Finally the average number of board
meetings is 5.42, ranging from 1 meeting to 22 meetings during the financial year of
2003.

5.2 Multivariate analysis

Table 4 reports the logistic regression model. This model shows factors that are
associated with a firm’s decision to set up a risk management committee. The model
is significant, with pseudo R-squares of 10 percent using Cox-Snell R-square and
13.7 percent using Nagelkerke R-square.13 The regression results in Table 4 indicate
that the establishment of a risk management committee is positively associated with
firm size (p value = 0.007), suggesting that firms listed on the Main Board of Bursa
Malaysia (i.e., large firms with their paid-up capital of RM60 millions or more) are
more likely to set up a stand-alone risk management committee.14 It is expected that
larger firms are more likely to adopt a more stringent and focused risk management
mechanism due to the need for a comprehensive risk management strategy. This
finding is consistent with findings previously documented by Colquitt et al. (1999)
and Goodwin-Stewart and Kent (2006). Colquitt et al. (1999) find that firm size is a
significant determinant in whether a firm uses integrated risk management tools.
While Goodwin-Stewart and Kent (2006) suggests that a large diversified firm is
more likely to rely on internal audit to ensure that the internal control system is
adequate.
There is also a significant positive association between the establishment of a risk
management committee and the complexity of a firm’s business operations (p
value = 0.006). The positive association suggests that larger firms and the
complexity of firm’s operations require greater monitoring from a risk management
committee which focuses primarily on identifying business risks and finds ways to
mitigate these risks (Selim and McNamee 1999; Spira 2003). The results also show
that there is no significant association between the establishment of a risk
management committee and leverage. Firms whose financial statements are audited
by the Big Four audit firms are likely to set up a risk management committee as
indicated by a positive and significant association between the two variables (p
value = 0.007). One interpretation of this finding is that Big Four audit firms
provide higher quality audits (DeAngelo 1981). Further, Dobuch and Simunic (1980

13
For the Hosmer-Lemeshow Goodness of Fit Test, a good fit is indicated by a significant value [0.05.
14
The unreported result also shows that there exists a positive and significant association between the
establishment of a risk management committee and the natural log of total assets (i.e., firm size)
(coefficient = 0.318; Wald statistic = 14.363; p value = 0.000).

123
30 P. Yatim

Table 4 Logistic regression results (dependent variable: the establishment of a risk management com-
mittee) (N = 690 firms)
Variables Expected signs Coefficients Wald statistics (p value)

Intercept ? -3.501 55.450 (0.000)

Firm size ? .543 7.174 (0.007)*
Complexity ? .146 7.476 (0.006)*
Leverage ? .009 .001 (0.982)
Big four ? .521 7.256 (0.007)*
Dual leadership ? .552 4.624 (0.032)*
Board independence ? .903 3.408 (0.065)*
Board expertise ? .158 8.745 (0.003)*
Board diligence ? .063 2.504 (0.114)*
Cox-Snell R2 (Nagelkerke R2) 0.100 (0.137)
Hosmer-Lemeshow v2 (p value) 4.748 (0.784)

Notes *: One-tailed test where direction is predicted, otherwise two-tailed. Firm Size = a dummy var-
iable of 1 if a firm is listed on the Main Board of Bursa Malaysia, 0 if otherwise; Complexity = square
root of the number of subsidiaries; Leverage = the ratio of book value of long-term debts to total assets;
Big Four = a dummy variable of 1 if a firm’s financial statements are audited by Big Four audit firms, 0 if
otherwise; Dual Leadership = a dummy variable of 1 if a firm separates the board chair and the CEO
positions, 0 if otherwise; Board Independence = the percentage of non-executive directors on boards;
Board Expertise = the average number of outside directorships held by non-executive directors; Board
Diligence = the number of board meetings held during the financial year

and 1982) suggest that credibility is associated with an auditor’s reputation or brand
name, based on the observed dominance of large audit firms in the market for
publicly held firm auditors. Because Big Four auditors have a greater reputation to
uphold, they may require firms to have a sound internal control system which
includes the establishment of a risk management committee. Alternatively, it is also
possible that firms engaging such high quality auditors are also more committed to
risk management. The unreported results also show that the establishment of a risk
management committee is not significantly related to all industry dummies.15
In the context of good corporate governance practices, firms that establish a
stand-alone risk management committee as one of board committees are likely to
have good internal corporate governance structures in place. Recall that Hypotheses
1 and 2 predict that more independent boards are likely to set up a risk management
committee. The results in Table 4 show that there is a significant positive
association between the establishment of a risk management committee and the
separation of the board chair and the CEO positions (p value = 0.016, one-tailed)
and percentage of non-executive directors on boards (p value = 0.033, one-tailed).
With regard to the association between the establishment of a risk management
committee and the separation of the board and the CEO positions, the finding of this
study is consistent with that of Goodwin-Stewart and Kent (2006). Unlike this study,
15
In order to have a parsimonious models and also due to their non-significant associations with the
likelihood of the establishment of a risk management committee, the industry dummy variables are
excluded and the model is re-run. The results remain qualitatively and statistically unchanged after
excluding the industry variables from the model.

123
Establishment of a risk management committee by Malaysian listed firms 31

they do not find a significant association between the existence of an internal audit
function and the percentage of non-executive directors on boards.16 This finding
suggests that boards of directors are becoming more involved in risk management
activities, and the board’s influence is related to adoption of risk management
framework (Kleffner et al. 2003). In addition, the findings also support the COSO
ERM framework (COSO 2004) which notes that the ‘‘internal environment is the
basis for all other components of enterprise risk management, providing discipline
and structure…An entity’s board of directors is a critical part of the internal
environment’’. This finding suggests that boards that are more independent
demonstrate a good corporate governance practice by establishing a risk management
committee. Further, by having a risk management committee, the oversight
responsibilities of the board are greatly enhanced because the board considers a
broader view of all aspects of good corporate governance practices. A proactive risk
management process reduces not only business and financial risks but also
reputational risks faced by outside directors. Therefore, Hypotheses 1 and 2, which
predict that a more independent board is likely to establish a risk management
committee, are supported.
Table 4 also indicates a significant positive association between the establish-
ment of a risk management committee and board expertise (p-value = 0.003) and
board diligence (p-value = 0.057, one-tailed), hence both Hypothesis 3 and 4 are
also supported. This finding suggests that non-executive directors who hold
directorships in other firms may have more to lose from poor performance and
corporate disasters (Gilson 1990), hence they protect their reputations as expert
monitors by supporting the establishment of a risk management committee. The
weaker significance of board meetings may be explained by the possibility that firms
without a risk management committee may internalize risk management discussions
in their boardrooms, thus, on average, they need to have more meetings.17 This view
supports the recent finding by Zhang et al. (2007) who report that audit committee
and board of a firm with internal control weaknesses hold additional meetings
presumably to deal with the firm’s internal control problems.
Overall, the results indicate that firm specific variables that are commonly
associated with risk management and internal control functions are positive and
significantly associated with the establishment of a risk management committee. Of
particular interest to the study are the board variables. Firms with more independent,
expert, and diligent boards are found to be more likely to set up a stand-alone risk
management committee.18 This demonstrates that risk management links neatly to
good corporate governance practices within a firm.

16
Goodwin-Stewart and Kent (2006) explore the voluntary use of internal audit by Australian listed
firms. This current study is somewhat different from that of Goodwin-Stewart and Kent (2006) in that it
considers internal control is an integrated part of risk management activities.
17
I appreciate the anonymous reviewer’s suggestion in articulating this argument.
18
The results are subject to a caveat and therefore should be cautiously interpreted. There is growing
evidence that corporate governance structures may be jointly determined partially by unobservable
variables such as past performance, risks, and the stage of business cycles (see for instance studies by
Hermalin and Weisbach 1998, 2003; Bhagat and Black 2002; and Adams and Ferreira 2007 for a
comprehensive discussion related to endogeneity problems and econometric approaches dealing with

123
32 P. Yatim

6 Conclusion

This study provides an initial attempt to explore the association between the
establishment of a risk management committee and board structures of Malaysian
listed firms. Hypotheses are developed based on the premise that boards that
establish a risk management committee demonstrate their commitment to strengthen
corporate governance and internal control environment of their firms. The study
finds that the establishment of a risk management committee is associated with
strong board structures. Specifically, the results show that firms with more
independent boards are likely to set up a risk management committee partly because
these outside directors seek to protect their reputations as expert monitors. Thus,
establishing a risk management committee demonstrates their commitment to and
awareness of improved internal control environment, hence minimizing financial,
operational and reputational risks. Further, firms with greater board expertise and
board diligence are also likely to set up a risk management committee. Directors
with multiple directorships are more supportive of monitoring the firm’s business
operations and risk-taking activities so that these directors are not exposed to the
possibility of the firm’s poor performance or corporate failures, thus safeguarding
their reputational capital. Finally, boards that meet more often are likely to enhance
level of oversight of risk management and mitigation programs. Hence, more
diligent boards are likely to support formal risk management programs which
include setting up a risk management committee to help strengthen control
environment within their firms.
While the study makes an important contribution to the corporate governance and
internal control debate, there are a number of limitations inherent in the study. First,
in addition to archival data, data gathered using survey methods are likely to provide
more meaningful insights to findings of the study. Second, audit committee
effectiveness is not considered in this study. Audit committee independence and
audit committee expertise are likely to contribute to a sound internal control system
and risk management process. Finally, this study employs cross-sectional data of the
financial year 2003. It is likely that the establishment of a risk management
committee by Malaysian listed firms has increased.19 Recent corporate governance
scandals have significantly increased expectations about the roles of corporate
governance participants including regulators and local and international investors.
Some of these expectations relate to calls for expanded risk management activities.
These limitations could be overcome in future research. Research methods such
as interviews and surveys may be complementary to the archival data method and
are likely to help explain why firms choose to set up a risk management committee.

Footnote 18 continued
them in corporate governance research). Studies that do not control for possible endogeneity are likely to
limit the validity of empirical testing of models. This current study, therefore, may suffer from endo-
geneity problems as it does not control for the extent to which endogeneity may be present in the model
the study employs. It is also important to note that the theory of corporate finance cannot yet offer a
comprehensive system of well-specified board design equations.
19
As noted previously, there are 43 firms which previously did not have a stand-alone risk management
committee in 2003 have recently established the committee.

123
Establishment of a risk management committee by Malaysian listed firms 33

The role of holistic risk management process and the changing paradigm of internal
auditing are relatively unexplored and there is a need for future research. Another
issue warranting further analysis is the status of a risk management committee
within the firm, the role of the committee plays in corporate governance and its
interaction with the audit committee and strategy development. Further, risk
management has become a managerial concern and the committee members are
mostly from management, thus its independence and objectives may be questioned.
Issues with respect to the internal control status and risk management processes may
be compromised by firm management and the board of directors may not get a clear
picture of management’s risk appetites and risk taking activities. Therefore, a future
study may examine the independence of the risk management committee and how
the board may have to step up to their oversight responsibilities to minimize
managerial manipulations. Finally, it appears from the findings of the current study
that good board structures are prerequisites for the establishment of a risk
management committee, suggesting that they are complementary. In contrast, firms
with high insider ownerships (i.e., closely held firms), for instance, may not set up a
risk management committee partly because managers are already well-motivated to
protect their own wealth and investment. In such cases, ownership structures and
risk management may act as substitute governance mechanisms. Future research,
therefore, should examine the association between types of ownerships and the
establishment of a risk management committee.

Acknowledgments I am grateful for useful comments of Nonna Martinov-Bennie, Takiah Mohd

Iskandar and other participants at the Fifth Asia Pacific Interdisciplinary Research in Accounting
(APIRA) Conference, Auckland, 2007, and at the 8th Annual Conference of Asian Academic Accounting
Association (AAAA), Yogyakarta, 2007. I also wish to thank two anonymous reviewers for many helpful
comments and suggestions. Financial assistance from School of Business Management, Universiti
Kebangsaan Malaysia is also gratefully acknowledged.

References

Adams, R. B., & Ferreira, D. (2007). A theory of friendly boards. Journal of Finance, 62(1), 217–250.
Ahmed, A. S., & Duellman, S. (2007). Accounting conservatism and board of director characteristics: An
empirical analysis. Journal of Accounting and Economics, 43(2–3), 411–437.
Ajinkya, B., Bhojraj, S., & Sengupta, P. (2005). The association between outside directors, institutional
investors and the properties of management earnings forecasts. Journal of Accounting Research,
43(3), 343–376.
Anderson, R. C., Mansi, S. A., & Reeb, D. M. (2004). Board characteristics accounting report integrity
and the cost of debt. Journal of Accounting and Economics, 37, 315–342.
Ashbaugh-Skaife, H., Collins, D. W., & LaFond, R. (2006). The effects of corporate governance on firms’
credit ratings. Journal of Accounting and Economics, 42, 203–243.
Australian Stock Exchange, Corporate Governance Council. (2003). Principles of good corporate
governance and best practice recommendations. Sydney: Australian Stock Exchange.
Beasley, M. S. (1996). An empirical analysis of the relation between the boards of director’s composition
and financial statement frauds. The Accounting Review, 71(4), 443–465.
Beasley, M. S., Carcello, J. V., Hermanson, D. R., & Lapides, P. D. (2000). Fraudulent financial
reporting: Consideration of industry traits and corporate governance mechanism. Accounting
Horizons, 14(4), 441–454.
Beasley, M. S., Clune, R., & Hermanson, D. R. (2005). Enterprise risk management: An empirical
analysis of factors associated with the extent of implementation. Journal of Accounting and Public
Policy, 24(6), 521–531.

123
34 P. Yatim

Bhagat, S., & Black, B. (2002). The non-correlation between board independence and long term firm
performance. Journal of Corporation Law, 27(2), 231–273.
Boone, A., Field, L., Karpoff, J., & Raheja, C. (2007). The determinants of corporate board size and
composition: An empirical analysis. Journal of Financial Economics, 85, 66–101.
Boswell, A. (2001). Building a risk management system (pp. 32–33). July: Internal Auditing and Business
Risk.
Brennan, N., & McDermott, M. (2004). Alternative perspectives on independence of directors. Corporate
Governance: An International Review, 12(3), 325–336.
Brickley, J. A., Coles, J. L., & Terry, R. L. (1994). Outside directors and the adoption of poison pills.
Journal of Financial Economics, 35(3), 371–390.
Bursa Malaysia. (2001). Kuala lumpur stock exchange (KLSE) listing requirements 2001. Malaysia:
KLSE.
Byrd, J. W., & Hickman, K. A. (1992). Do outside directors monitor managers? Evidence from tender
offer bids. Journal of Financial Economics, 32, 195–221.
Byrne, J. (1996). ‘And you thought CEOs were overpaid’. Business Week, August 26th, p. 34.
Cadbury Committee Report. (1992). Committee on the financial aspects of corporate governance.
London: Gee.
Carcello, J. V., Hermanson, D. R., Neal, T. L., & Riley, R. A., Jr. (2002). Board characteristics and audit
fees. Contemporary Accounting Research, 19, 365–384.
Colquitt, L. L., Hoyt, R. E., & Lee, R. B. (1999). Integrated risk management and the role of the risk
manager. Risk Management & Insurance Review, 2, 43–61.
Committee of Sponsoring Organizations of the Treadway Commission, The (COSO). (1992). Internal
control—integrated framework (COSO Report). Harborside, NJ: AICPA.
Committee of Sponsoring Organizations of the Treadway Commission, The (COSO). (2004). Enterprise
risk management—integrated framework. New York: COSO.
Conger, J. A., Finegold, D., & Lawler, E. E., I. I. I. (1998). Appraising boardroom performance. Harvard
Business Review, 76(1), 136–148.
Core, J. E., Holthausen, R. W., & Larcker, D. F. (1999). Corporate governance chief executive officer
compensation and firm performance. Journal of Financial Economics, 51, 371–406.
Cotter, J. F., Shivdasani, A., & Zenner, M. (1997). Do independent directors enhance target shareholder
wealth during tender offers? Journal of Financial Economics, 43, 195–218.
Dalton, D. R., Daily, C. M., Johnson, J. L., & Ellstrand, A. E. (1999). Number of directors and financial
performance: A meta-analysis. Academy of Management Journal, 42(6), 674–686.
DeAngelo, L. (1981). Auditor size and audit quality. Journal of Accounting and Economics, 3, 183–199.
Dechow, P. M., Sloan, R. G., & Sweeny, A. (1996). Causes and consequences of earnings manipulation:
an analysis of firms subject to enforcement actions by the SEC. Contemporary Accounting Research,
13, 1–36.
DeZoort, F. T., Hermanson, D. R., Archambeault, D. S., & Reed, S. A. (2002). Toward a theory of audit
committee effectiveness: A synthesis of the empirical audit committee literature, Working paper.
Alabama: The University of Alabama.
Dobuch, N., & Simunic, D. (1980). ‘‘The nature of competition in the auditing profession A descriptive ad
normative view’’. In Buckley, J. W., & Weston, J. F. (Eds). Regulation and the Accounting
Profession, Lifetime Learning Publications.
Eisenberg, T., Sundgren, S., & Wells, M. (1998). Larger board size and decreasing firm value in small
firms. Journal of Financial Economics, 48, 35–54.
Fama, E. F. (1980). Agency problems and the theory of the firm. Journal of Political Economy, 88, 288–
307.
Fama, E. F., & Jensen, M. C. (1983). Separation of ownership and control. Journal of Law and
Economics, 26(2), 301–326.
Finance Committee on Corporate Governance. (1999). Report on corporate governance. Malaysia:
Ministry of Finance.
Fraser, I. A. M., & Henry, W. M. (2004). Better off apart? (pp. 26–28). January: Internal Auditing and
Business Risk.
FRC. (2006). The combined code on corporate governance. London: Financial Reporting Council.
Gilson, S. C. (1990). Bankruptcy, boards, banks, and block-holders: Evidence on changes in corporate
ownership and control when firms default. Journal of Financial Economics, 27(2), 355–388.
Goodwin-Stewart, J., & Kent, P. (2006). The use of internal audit by Australian companies. Managerial
Auditing Journal, 21(1), 81–101.

123
Establishment of a risk management committee by Malaysian listed firms 35

Hampel Report. (1998). Committee on corporate governance—final report. London: Gee.

Hanrahan, P., Ramsay, I., & Stapledon, G. (2001). Commercial applications of company law (2nd ed.).
Sydney: CCH Australia.
Hermalin, B., & Weisbach, M. (1998). Endogenously chosen boards of directors and their monitoring of
the CEO. American Economic Review, 88, 96–118.
Hermalin, B., & Weisbach, M. (2003). Boards of directors as an endogenously determined institution: A
survey of the economic literature. Economic Policy Review, 9, 7–26.
Hermanson, D. R. (2003). What else in corporate governance should be changed? Internal Auditing,
18(1), 44–45.
Higgs, D. (2003). Review of the roles and the effectiveness of non-executive directors. London:
Department of Trade and Industry.
Hovey, J. (2000). Risky business. Industry Week, May, 15, 75–77.
IIA. (2004). The role of internal audit in enterprise-wide risk management, position statement. London:
Institute of Internal Auditors UK and Ireland.
Jiraporn, Davidson III, W. N., DaDalt, P., & Ning, Y. (2008). ‘‘Too busy to show up? An analysis of
directors’ absences’’, The Quarterly Review of Economics and Finance, Article in Press
(forthcoming).
Kleffner, A. E., Lee, R. B., & McGannon, B. (2003). The effect of corporate governance on the use of
enterprise risk management: evidence from Canada. Risk Management and Insurance Review, 6(1),
53–73.
Liebenberg, A., & Hoyt, R. (2003). The determinants of enterprise risk management: Evidence from the
appointment of chief risk officers. Risk Management and Insurance Review, 6(1), 37–52.
Lipton, M., & Lorsch, J. (1992). A modest proposal for improved corporate governance. Business Lawyer,
48, 59–77.
IIA Malaysia. (2003). 2002 survey on IAF of public listed companies in Malaysia. Kuala Lumpur: The
Institute of Internal Auditors Malaysia.
Malaysian Institute of Corporate Governance (MICG). (2001). The Malaysian code on corporate
governance (MCCG). Kuala Lumpur: Malaysian Law Journal Sdn Bhd.
Michaely, R., & Shaw, W. (1995). Does the choice of auditor convey quality in an initial public offering?
Financial Management, 24(4), 15–30.
Power, M. (2000). The audit society—second thoughts. International Journal of Auditing, 4(1), 111–119.
Raghunandan, K., & Rama, D. V. (2007). Determinants of audit committee diligence. Accounting
Horizons, 21(3), 265–279.
Sarbane-Oxley Act (SOX). (2002). Public Law No. 107–204. Washington, DC: GPO.
Securities Commission. (2007). The Malaysian code on corporate governance. Kuala Lumpur: Securities
Commission.
Selim, G., & McNamee, D. (1999). Risk management and internal auditing: What are the essential
building blocks for a successful paradigm change? Internal Journal of Auditing, 3(2), 147–155.
Shivdasani, A. (1993). Board composition ownership structure and hostile takeovers. Journal of
Accounting and Economics, 16, 167–198.
Shivdasani, A., & Yermack, D. (1999). CEO involvement in the selection of new board members: An
empirical analysis. Journal of Finance, 54, 1829–1853.
Spira, L. F. (2003). Risk management: The reinvention of internal control and the changing role of
internal audit. Accounting, Auditing & Accountability Journal, 16(4), 640–661.
Tufano, P. (1996). Who manages risk? An empirical examination of risk management practices in the
gold mining industry. Journal of Finance, 51(4), 1097–1137.
Turnbull Report. (1999). Internal control: Guidance for directors on the combined code. London:
Institute of Chartered Accountants in England and Wales.
Vafeas, N. (1999a). Board meeting frequency and firm performance. Journal of Financial Economics,
53(1), 113–142.
Vafeas, N. (1999b). The nature of board nominating committee and their role in corporate governance.
Journal of Business Finance & Accounting, 26(1–2), 199–225.
Walker, P. L., Shenkir, W. G., & Barton, T. L. (2002). Enterprise risk management: Putting it all
together. Altamonte Springs, FL: Institute of Internal Auditors Research Foundation.
Wallace, W. A., & Kreutsfeldt, R. W. (1991). Distinctive characteristics of entities with an internal audit
department and the association of the quality of such departments with errors. Contemporary
Accounting Research, 7(2), 485–512.

123
36 P. Yatim

Xie, B., Davidson, W. N., I. I. I., & DaDalt, P. J. (2003). Earnings management and corporate
governance: the role of the board and the audit committee. Journal of Corporate Finance, 9, 295–
316.
Yatim, P., Kent, P., & Clarkson, P. (2006). Governance structures, ethnicity, and audit fees of Malaysian
listed firms. Managerial Auditing Journal, 21(7), 757–782.
Yermack, D. (1996). Higher market valuation for companies with a small board of directors. Journal of
Financial Economics, 40(2), 185–211.
Zaman, M. (2001). Turnbull—generating undue expectations of the corporate governance role of audit
committees. Managerial Auditing Journal, 16(1), 5–9.
Zhang, Y., Zhou, J., & Zhou, N. (2007). Audit committee quality auditor independence and internal
control weaknesses. Journal of Accounting and Public Policy, 26, 300–327.

Author Biography

Puan Yatim is a Senior Lecturer at Universiti Kebangsaan Malaysia (National University of Malaysia).
Her teaching and research activities focus on corporate finance and corporate governance, audit com-
mittees, and internal control. She has co-authored several research articles in a number of related areas.
Her recent co-authored article appeared in Managerial Auditing Journal in 2006.

123
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.