HOW COSO ERM AND SHIMODEL ALGORITHM CAN CONTRIBUTE TO THE DEVELOPMENT OF ENTERPRISE PERFORMANCE

Based on theoretical model (COSO ERM), I developed a tool that companies can use to correctly identify the risks they were exposed to, to prevent operational crises in due time, as there is no such a tool publicly available for companies to use. The objective was to offer a solution for all kind of organizations for the problem of correctly identifying and mitigating operational risk exposure, to consolidate their position and be able to prevent organizational crises. This is particularly important as it seems that a “permanentizing of crises” has occurred in the business environment. Compared to the other tools existing in the field of risk management, available to the public use, the mathematical algorithm is offering specific instructions for the managers to use, not just theoretical guidelines. Also, the tool offers a unique feature of being able to be applied for any kind of business organization, from any kind of business field, due to its capacity to adapt to the specificities of every enterprise. Meanwhile, while it seems to be very practical, it is based on a right theoretical framework, supported by the complexity theory.


Welcome to the SHIModel TOOL
SHIModel is a risk assessment tool, based of COSO ERM theory, developed to assess the exposure to risk for companies activating in any field and industry. The exposure to risk is determined by three important perspectives: general business wise, financial indicators and operational risks [1].
The overall assessment of the company, divided in these three assessment processes, will be done in the following steps: -Three list of yes/ no question will be applied.
-The answers to these questions will create the data base for the mathematical model.
The risk assessment under SHIModel approach refers measuring the organization's risks, determines if all the indicators are in compliance with the overall business strategy and is aware of measures to manage associated risks. As an example, to understand how the SHIModel works, I present below the procedure and results obtained on one company (Figure 1). The assessment's goal was to develop actions plans which should be adapted to the company's own needs [2].
The company analysed is a leading company that delivers premium services in the local automotive industry. The company is providing services in the following fields: Rent a car (Business Unit A), Operational leasing (Business Unit B) and Automotive second-hand cars retail (Business Unit C). In 2016 the company's equity was 5.5 MIL EURO, the turnover was about 15 MIL EURO, the profit € 620K EURO and the number of employees -74 persons.
The activity of the company is structured as showed in Figure 2.
The assessment was made, based on the year-end results of the company registered during 2014 -2016, using business result cub (BRC), financial result cub (FRC) and operational result cub (ORC) [3]. Business Results Cube revealed the overview of the business activity over the last three years, showing the evolution of each indicator assessed both, at entity level and at the level of each of the three activities of the company [4]: • The Equity registered a three-year increase; • The Overall Turnover registered a one-year increase at Entity level and Business Unit A level, three-year increase at Business Unit B level and two-year decrease at Business Unit C; • EBITDA registered a two-year increase at Entity level and Business Unit B level, three-year decrease at Business Unit A level and three-year increase at Business Unit C; • The Profit registered a two-year increase at Entity level, three-year decrease at Business Unit A level and three-year increase at Business Unit B level and Business Unit C; • The Sales registered a two-year increase at Entity level and Business Unit A level, three-year increase at Business Unit B level and two-year decrease at Business Unit C; • The Market Share registered a two-year increase at Entity level, Business Unit A level and Business Unit C level and three-year increase at Business Unit B.
In conclusion, the business situation is improving at all levels, in the past three years. The increasing in Equity of the company shows its healthy capacity of development, the enlargement of the business in a sustainable way based as well on the commitment of the shareholders. The decrease in Overall Turnover and Sales for Business Unit C, even though the profitability indicators are increasing, shows that the business strategy of the company changed for this business unit, favouring the profitability over turnover. The decreasing EBITDA and Profit indicator at Business Unit A level, even though the sales are increasing,

Journal of Social Sciences
June, 2021, Vol. 4 shows that the business strategy of the company changed for this business unit, favouring the turnover over profitability. The Financial Result Cub was applied only at Entity level. The analysis was made based on the year-end financial results of the company registered during 2014 -2016. Financial Results Cube applied, revealed the overview of the financial activity over the past three years, showing the evolution of each indicator assessed at entity level, as following: • Working Capital Ratio -registered a one-year increase; • Quick Ratio -registered a one-year increase; • Receivable Turnover -registered a one-year decrease; • Inventory Turnover -stagnated; • Debt-Ratio -registered a three-year increase; • Debt-to Equity Ratio -registered a three-year increase; • Gross Profit Margin -registered a three-year increase; • Net Profit Margin -registered a two-year increase; • Return on Assets (ROA) -registered a two-year increase; • Return on Equity (ROE) -registered a one-year decrease; • Accounts payable turnover -registered a two-year decrease; • Interest coverage -registered a one-year increase; • Debt coverage -registered a one-year increase; • Cash flow from operations -registered a one-year increase.
In conclusion, the financial situation is improving in the above-mentioned period. The increasing Working Capital and Quick Ratio show the good ability of the company to support its operations with liquidities. The increasing debt indicators (Debt-Ratio and Debtto Equity Ratio) show that the company supported its growth also through loans. In terms of profitability, the company in on a positive trend, which shows its capacity to produce money. Increasing ROA and ROE shows that the company is effectively converting the money it has to invest into net income. The capacity of the company to pay its due debts and the interest generated by these debts (Interest coverage and Debt coverage indicators) is also increasing. Last, but not least, Cash flow from operations, is a very important indicator and shows that the company has the ability to generate enough cash from its operations and to cover its current expenses, debts and taxes.
Overall conclusion of the financial analysis shows that the company is passing through a development process in all its areas of activity.
The Based on the answers provided by the company to the questions required by OKPC assessment, the following conclusions were drawn [2]: • Out of the total of 768 questions, with a total weight of 19,655 points, 60.32% were answered "Yes", weighting 11,856 points and 39.68% were answered "No", weighting 7,799 points; • Compliance area gained the least number of points, resulting a capacity to manage the risks of 38.34% -signalled in red colour; • The organizational level that summed up the least number of points, with a capacity to manage risks of 58.44% was the Business Unit/Division level -signalled in yellow colour; • The areas that gained the least number of points were Event Identification, with a capacity to manage risks of 43.3% and Risk Assessment, with a capacity to manage risks of 22.04% -both signalled in red colour.
The areas that summed up more points, but remained under the 60% threshold, were Internal environment, with a capacity to manage risks of 54.65% and Customer satisfaction, with a capacity to manage risks of 54.39% -both signalled in yellow colour. The company has an overall exposure to risk of 39.68%. Analysed from the perspective of crisis prevention, the company has a capacity to manage risks and prevent crises of 60.32%. The risk exposure is mainly concentrated on the Compliance level, Event identification (risk or opportunities) and Risk assessment. These levels are all below the threshold of 45%, which makes them highly exposed to operational risk, and they are all signalled in red colour. Compliance objective has a high exposure to risk, especially on the Business unit/Division level. Other areas that are exposed to risk are Internal environment and Customer satisfaction. These perspectives are in the medium range in terms of exposure to operational risk and they are signalled in yellow colour.
At the Business unit/Division level, risk assessment procedures poorly exist in the company's environment, although the practically response to risk is an area very well covered ( Figure 3). Based on the results, the action plan was elaborated: • Create and implement event identification procedures and regulations for event identification (ability to identify opportunities and threats) and risk assessment (ability to evaluate the risks) at business unit/division level; • Create and implement reporting tools for event identification and risk assessment at business unit/division level; • Create and implement risk assessment tools and techniques across the organization level of business units and divisions; • Create and implement monitoring procedures and tools to check if event identification and risk assessment are compliant with the defined procedures and regulations.
Internal environment and Customer satisfaction procedures and tools need to be improved. This means that for these areas, there are some control instruments in place, such as reporting and monitoring tools, but they need to be improved and strengthened in terms of making them mandatory through the internal regulation system and better monitored.
The Customer satisfaction level and Internal environment procedures define the values and policies followed in every action by the employees of the company. According to the algorithm's results, these levels must be improved in order to create a uniform image of the company in front of the customers, on the market and internally.
Second assessment -After eleven weeks, a second assessment was conducted, to determine how the situation of the company improved as a result of applying the action plan established by the algorithm (Figure 4). • The overall risk exposure reduced from 39.68% to 15.42%; • Compliance and Event identification areas went from red alert range of high exposure to green, stable range; • Risk assessment area went from red alert range of high exposure to yellow, moderate risk range; • Internal environment and Customer satisfaction areas went from yellow alert range of medium exposure to green, stable range; • Business unit/Division level went from yellow alert range of medium exposure to green, stable range. Due to the measures taken as a result of applying the algorithm in assessing the exposure to operational risk of the company, overall situation improved in terms of crisis prevention with more than 24%.

Post assessment analytic report 2016 -2018
At the second analysis, using the same SHIModel, the weak points if the organization were improved and the company was placed in a better position financial, business and management wise. The evolution of financial and business indicators was as follows, compared to the first analysis: • The Turnover increased by 17% in 2017 compared to 2016 and 24% in 2018 compared 2017 • The Profit of the company increased significantly especially in 2018 compared to 2017. • The increase of total debts is a normal trend considering the positive evolution of Turnover. However, the most important aspect to be mentioned in the fact that the debts -the costs did not increase with the same unit scale as the increase of Turnover, which means that the company learned how to increase their activity in an efficient way. • The decreasing trend in overdue payments indicator shows that the company manages better it's cash flow and manages to pay on time all debts. As an overview of how the company evolved during the process, at the first analysis using the Operational Key Point Status Cube, the company presented exposure at Compliance (objective level), Customer Satisfaction, Internal values, Event Identification and Risk Assessment (components level). After implementing measures proposed, at second analysis, the company improved and mitigate all the exposures to risk.
The purpose of the post assessment for 2016 -2018 was to verify the sustainability of the company after mitigating the exposures. According to the findings, it can be concluded that there is a significant link between reducing the exposure to risk of Compliance, Customer Satisfaction and Internal values -and the progress of company's business activity, financial and operational figures.
In retrospective, two years after the process, the company is stronger, functioning in a heathier environment, more profitable, with a better image in front of the customers -trust and quality wise -and more valuable from assets points if view.

Conclusions
Managers must pay more attention to operational aspects of company's activity [5]. Even though the business and financial situation of a company gives to the auditors the measure of the general health and stability of the business, this diagnostic is not enough for the overall analysis of a company [6]. A high operational risk can coexist with a healthy financial situation, or vice versa, a poor financial situation can exist even though the operational risk is low. This is possible because financial management and operational management are two different internal processes, inter-connected, but independent.
SHIModel measures the operational risk and based on the algorithm assessment, designs a specific action plan, that will contain exact instructions aiming to diminish the exposure to specific risks of the organization.
The process of identifying, assessing and mitigating potential threats must be part of the larger crisis management process, called crisis prevention [7,8]. Implemented within an organization as a continuous process, crisis prevention or risk management will diminish considerably the probability for the organization to face a crisis [9]. The exposure to crises will not decrease to zero, as there is always a certain percentage of risks that can never be completely eliminated, but the chances of avoiding a crisis and recovering after a crisis will be much higher when the organization is adopting a crisis prevention/risk management approach [10].
SHIModel is the link that builds the bridge and connects the two pillars of a "healthy" company: financial pillar and the operational one.