ENTERPRISE RISK MANAGEMENT IN KOSOVO ’ S BANKING SECTOR

Today risk management plays a vital role in business. Each firm, whether big or small, makes an effort to manage risk more effectively. Risk management is very important in the financial system, especially in banks. Billions of Euros are spent each year on the financial reporting of banks. Banks should implement effective solutions in risk management to mitigate their risks. Great financial debate that originated in the 1990s is reportedly linked to errors that occurred in the banking sector due to poor risk management. It should be noted that today technology plays a key role in risk management and it has already had a positive effect on the financial industry. Analysis of risk and its management has become significant in the Kosovo economy since the post-war period. The nature of the banking business is threatened by risks because more financial products are becoming complicated. The main role of banks is intermediation between those who have resources and those seeking them. Banks face various risks at the corporate level, such as operational, liquidity, legal, credit, and market risks; thus, these risks should be converted into a composite measure. This research aims to determine practices and effects of risk management in the banking sector. Relevant data were collected from banks through questionnaires and telephone interviews; analysis has been conducted using statistical tools. This study will engage both the quantitative and qualitative methods of data analysis. Dependent variables will be separated from independent variables, and regression analysis will be used to analyse the quantitative data.


INTRODUCTION
The concept of risk includes various financial and managerial aspects.It is used to refer to different agents and different events.Whenever it is used, the word risk concerns related to financial issues or can be used as a technical term that is difficult to define precisely.Indeed, the word risk means the uncertainty that comes from different sources that impact directly or indirectly the nature of a business.When a business functions, it faces operational risk, for example, when British Petroleum decided to go to the Gulf of Mexico, the company did not anticipate that its routine exploration activity for oil would result in the biggest environmental catastrophe in the United States of America.This event also took some lives in an explosion and caused a great amount of oil having leaked into the ocean despite many attempts to stop it.
Financial systems worldwide have a fundamental effect on the growth and development of the economy, especially in mediating between units in surplus and in deficit.Effectiveness and efficiency in performing these roles depend on the level of development of the financial system.To ensure viability, the financial sector should be controlled by the government and its bodies.
The stage of development and efficiency of the financial system varies depending on the time and state.The more sophisticated and developed financial systems tend to be associated with mature economies, while less developed financial systems appear in emerging economies.The financial system, as a process, adapts to changes in the real economy.Moreover, as a part of this process, banks are affected by the performance of their three main functions: − To transform short-term deposits held by households into liquid resources generated by firms; − Monitor debtors towards depositors; − Facilitate transactions between agents providing free services.Recently, the banking sector is strengthening the rules and will set limits on the granting of loans.At the same time, banks are increasing their internal controls, especially in strengthening the management of credit risk.Bad loans negatively affect economic development and lead to deterioration in the efficiency of the banking system.

Nature of Risk
Genesis of the term risk comes from the Latin and Arabic, Risicum and risk, respectively (Kedar, 1970), and according to the definition the Oxford English Dictionary, risk is the possibility of financial loss.Thus, risk is the probability of changes in results.
According to the ARMIC, Alarm, IRM (2010), risk is an effect on uncertainty of objectives of an event.Edwards (2004) and Jorion and Khoury (1995) defined risk as unsustainable results.Pike and Neale (2003) provided a justification that results can be assessed for risk and assigned probabilities but not for probabilities and outcomes that may have uncertainty.According to Allayannis, G., U. Lei, and D. Miller. (2005), risk can be measured mathematically and statistically to find the standard deviation of the cash flow of a firm, although it can be measured in simple terms by assigning probability figures of less than 1 for the possibility of the occurrence of an event.
Risk brings unforeseen results (Edwards, 2004).Risk exists when we make a decision and are not sure about the outcome.Risk occurs in all existing businesses taking risky actions and being charged with managerial responsibilities to maximise their profit.Financial institutions face special types of risks because financial products are becoming more complex and, at the same time, financial institutions have closer links with risk management, given the challenges to changes in the financial markets because of innovations of products, high speed of transactions, new technologies and the increased level of regulatory requirements.The value of _____________________________________________________________________________ 2017 / 5 40 products and instruments in the financial world is unstable.Variables can move up or down and can cause loss or profit due to financial indices and variables in financial markets (Jorion & Khoury, 1995).Other risks can happen when we extend the award of loans by banking institutions (Jorion, 2009), which indicates that it is a risky business.

Risk Management by Financial Institutions
Banks and financial institutions face financial and non-financial risks (Jorion, 2009).Financial risks are losses that occur if there is an error in the financial markets due to movement in the exchange rate and loan interest (Jorion, 2009), whereas operational risks, legal risks, and so on are non-financial risks.
The role of the banking sector in each economy is very important because it provides financial resources for economic development from those who save money to those who require financial resources.This role becomes even more important in emerging economies, such as Kosovo, where borrowers have limited access to capital markets.Barth et al. (2004) stated that when institutions work, economic growth occurs, while when banks malfunction, this delays economic growth and intensifies poverty.
The core business of banks is to attract funding and invest these resources.Banks must manage risk to maintain their boundaries and fulfil their role in the economy.When banks take extreme risks, they may soon fail and go bankrupt.Risk is the probability of a negative uncertain event (Van Gestel & Baesens, 2008).Banking risk is associated with the potential loss of financial products (Bessis, 2003) that deal with different risk factors that must be understood, identified, measured, and managed.
The Basel Committee on Banking Supervision (2006) has identified four main sources of risk with regard to risk management.− Credit risk; − Market risk; − Liquidity risk; − Operational risk.
In credit risk, borrowers face uncertainty that exists in the possibility of failing to meet the obligations that have been agreed upon with the bank (Fatemi & Fooladi, 2006).For most banks, this is the main source of risk.On the other hand, if the bank credit is not sufficient, it may result in substantial loss of profit (Glantz, 2003).For many banks, lending to people and organisations is a significant risk that is noticeable in the risk category.Banks face also other types of risks including acceptance of international transactions, trade financing, foreign exchange transactions, bonds, and equity options.Management associated with credit risk requires thorough analysis to arrive at a solution to this problem.Exposure to credit risk is a danger, and management should learn from past experience and develop techniques to avoid this type of risk (Basel Committee on Banking Supervision, 2006).Thus, credit risk is the risk that a borrower is not able to fulfil the obligation to redeem the debt (Van Gestel & Baesens, 2009), which can be manifested in several ways: − When the borrower is unable to repay the obligation on time; and − When the borrower refuses to perform any obligation due to fraud or conflict of laws.Market risk is the risk that relates to financial products, instruments, and assets that are traded on financial markets (Edwards, 2004).These are exposed to market risk due to the movement of prices and the indices of these instruments.Change of these indicators constitutes a potential threat to the banking business.Banks that compete in the market with instruments such as debt, equity, money exchange, goods, and various derivatives are exposed to the risk of loss due to price change positions.In market risk, two types of risks exist: systematic and unsystematic risks.Systemic risks relate to the movement of prices of all products in general, and unsystematic risks focus on changing the price of a specific product.
There are several types of market risks; this diversity exists because of the difference in prices of the same products in different markets.The most common types of risk are interest rate risk, exchange rate risk, currency risk, and capital risk.It should be emphasised that the risk of interest rates is more important for banks and financial institutions that provide loans to their clients.

Liquidity Risk
Banks are obliged to fulfil their obligations.When liquidity becomes insufficient, liquidity risk occurs (Saiful, 2005).A bank faces liquidity risk when it is in financial difficulty and when it fails to finance its assets and perform its obligations.

Operational Risk
Operational risk is the risk that relates to the conduct of daily duties and tasks of the enterprise.All operational risks include internal operating procedures, control systems, information technology system, organisational structure, accounting systems, training and quality of staff members.Mismanagement of these can heavily affect the business and result in significant financial losses.
Operational risk is the risk of loss of a business from staff that fail due to not following these procedures (Edwards, 2004).These losses can arise from fraud, waste, errors, and inefficiencies in the banking system.

BANKING SYSTEM IN KOSOVO
After the war with Serbia in 1999, Kosovo implemented considerable economic transformations from a centralised economy into a market economy.At present, Kosovo has a new and dynamic economy.The banking sector in Kosovo is evaluated among the sectors with the best performance in the economy.Loans and deposits are growing, while the rate of financial services is being increasingly advanced.The Central Bank plays the leading role and has the authority to license, supervise, and regulate financial institutions in Kosovo.

Baltic Journal of Real Estate Economics and Construction Management
_____________________________________________________________________________ 2017 / 5 42 The banking sector in Kosovo consists of 10 commercial banks.These banks provide various services for their clients including loans, guarantees, current accounts, savings accounts, time deposits, transfers in the country and abroad as well as services for storing items of value (CBK Financial Supervision, 2015).
The banking sector, which represents the bulk of the financial sector, is characterised by an increase in financial intermediation (Ministry of Foreign Affairs, 2015).The main source of deposits continues to be households, dominated, in terms of maturity, by short-term deposits (Ministry of Foreign Affairs, 2015).
The Central Bank of Kosovo continues to be dedicated to ensuring financial stability in the country, which represents the main target of the law (Central Bank of the Republic of Kosovo, 2014).
The Central Bank of Kosovo, like all the banks of other countries, functions in accordance with the Basel II framework (Feiguine & Nikitina 2008) that was standardised from 1 January 2008.The Basel II framework determines the minimum level of capital requirement that is required to be created by banks to maintain the funds of depositors and investments in their value.As a form of legislation, Basel II directs banks to consider the risks that they face and develop capacity for their risk management.Banks are obliged to submit their annual accounts in accordance with International Financial Standards (IFRS) and accounting standards.

Organisational Structure of Risk Management through Kosovo Banks
Kosovo commercial banks have adopted the organisational structure of risk management by KPMG, as it better fits the business environment to mitigate potential risks.Risk management committees that exist in banks determine the policies of risk management and then make recommendations to the board of directors.As a result, strategic objectives of banks for risk management are set by the board of directors who determine the limits and suitable methods related to risk actions.A robust system for management is based on reporting of adequate processes for internal monitoring and includes appropriate procedures for granting and setting deadlines.Risk assessment, monitoring, and control functions are connected to each other to meet the objectives.

Challenges Banks Face Regarding Risk Management
With the development of technology, consumers are entering the market with rising expectations, and this has increased the efforts of banks and financial institutions to adapt to those changes.Economic globalisation is developing rapidly, giving space to national and international players operating in the financial area, especially in banking.If banks have not managed to improve their delivery mechanisms with the best customer service, they are exposed to environmental risk (Raghavan, 2003).
It is almost impossible to decrease risk without the help of key players in this industry, and this paper focuses on a company that has been chosen as an object of a case study and can help us understand the topic of risk management.In Table 1, the time challenges the bank faces are described regarding the adaption of ERM for business.

Table 1. Challenges and procedures of banking institutions in the adoption
of ERM are described by Vaidyula & Kavala (2011) as shown below: Improving efficiency Achieving greater efficiencies in risk and control processes, improving coordination, and unifying and streamlining approaches.

Challenging the regulatory environment
Ever-changing regulatory demands, high degree of regulatory scrutiny, variation of regulations across jurisdictions, preparing to operationalize, and compliance with Basel II.

Keeping pace with business growth and complexity
Rapid business growth, competitive intensity, M&A activity, global expansion, increasing product complexity, and increasing customer expectations.

Attracting and retaining talent
Shortage of good talent in competitive markets, especially in specialised areas or emerging geographies.

Managing change
Dealing with people and organisational issues as new processes demand new methods of work.

Fear of compliance failures and emerging risks
Fear of compliance failures despite best efforts due to human error or unanticipated events and identifying and preparing for future risks.

Baltic Journal of Real Estate Economics and Construction Management
_____________________________________________________________________________ 2017 / 5

44
The implementation of ERM is a great challenge, and all aspects should be supported and directed by senior managers.Risk management is a process that never ends, and the phases of risk management can be divided into coordination, alignment, and integration.Good implementation of the ERM provides us with better control of the business and helps reduce costs, also increases public and stakeholder confidence in banking actions (Vaidyula & Kavala, 2011).The phase of risk management process cannot be successful if high-level managers do not interfere because of the complexity of the ERM processes.

Procedures and Steps that Should be Included in the Management of Banking Risk
There are adequate procedures for effective risk management.The question raised is which techniques and guides are set for diverse types of risk and what is the effect of each.Should there be adequate procedures for effective risk management?What techniques are established methods for diverse types of risk, and what is the effect of each risk?Banks should conduct large-scale research on risk management and not spend a lot on the ERM system (Santomero, 1996).There are four steps to be involved in banking risk management: Implementation of standards and reports -For risk management in banks, the first step that should be included is the establishment of standards and financial reporting.These are connected to each other because they represent the backbone of any risk management system.Standards related to risk assessment and risk control enable understanding of the nature of the risk portfolios and enable the stakeholders to see what actions should be taken to reduce the risk.Financial reporting should be standardised because it presents the ranking of quality assessment so that investors take further steps for investment.
Rules, borders, and positions to be taken -The second method for monitoring internal control of risk management are rules, set positions and limits, and aspects that involve minimum standards.Thus, every person who is in a set position must have a clear understanding of limitations.This is important for lenders, traders, and portfolio managers who must operate within the rules and boundaries set by the company to avoid risk.
Investments and strategies -Third, strategies are described in the instructions regarding which conditions and commitments should be allocated to the market.This method also defines the guidelines of the above mentioned investment-related risks.
Simulation schemes -During risk management, contracts are given to managers to stimulate the control of expenditures and to manage the financial situation of the institution.These incentive contracts require accurate assessment of positions and internal control.

RESEARCH METHODOLOGY
Research is the core of practice for the detection of proven achievements, tested and trusted in response to questions of interpretation between the systematic collections and processing of data.Research methodology is a procedure in which the researcher conducts a research project or gathers information about research topics, irrespective of its nature (Turabian, 2013).
This research adapts the qualitative and quantitative methodology.Quantitative data are processed by statistical methods.Results are shown using numbers and tables (Emory, 1991).The qualitative method is a technique of data collection that is supported by the description and explanation of qualitative data through the use of concepts (Saunders, 2000).
The primary data used in this research are collected from the commercial banks in Kosovo through a questionnaire.The questionnaire in this survey consists of 15 questions; using this questionnaire, we will discover the significance of risk management in banks.The questionnaire includes closed and open questions rated on a Likert scale to examine to what extent participants agree or disagree with the given statements to avoid misunderstandings.This form of the questionnaire can easily be transferred into a numerical design, which is suitable for statistical analysis.
Mean and standard deviation -Mean describes the central data position.The statistical mean is a discrete random variable in all its conditions (Patton, 1980).The standard deviation is useful to compare datasets with the same meaning but in a different range (Ryan, 1999).The mean is used with the standard deviation and describes the central position of data, whereas the standard deviation is a distribution measure of probability of a variable case, a population, or a group.Based on the administrative risk results, the mean is 4.2 and the standard deviation is 1.7, which adds a special importance for services because the administrative risk is high.The analysis of risk liquidity shows that the average is 5 because banks have receivable assets and therefore face very high risk.Analysis of the lending section provides a mean of 4.5.Respondents stated that banks verify customers before lending money to them because it is one of the key points of banking risk.Analysis of the importance of risk management policies (mean is 4.3) shows that banks pay attention to risk management policies and, through these policies, have achieved success in preventing losses and increasing financial performance.The analysis of the importance of crediting policies shows a mean of 3.6, which indicates that there is policy enforcement because of increased level of bad loans in financial institutions.The analysis of internal control has a mean of 4.1, which shows high internal control starting from the administration all the way to the head office.The analysis of performance of risk management shows a mean of 2.4, which indicates that employees have not achieved the desired level of performance, whereas the analysis of the importance of training shows that banks do not provide regular training for their employees; they pay less attention to this issue.

Percentage of Respondents
The questionnaire was sent out to 40 managers and employees in commercial banks in Kosovo.Only 79% of them responded.This shows that banks have a high degree of interest in analysis during the lending process.In turn, this indicates that borrowers pay their obligations on time.On the other hand, 21% of the respondents indicated that bank tariffs are very high because of high interest rates.This makes those who borrow unable to pay their loans on time.

Regression Analysis
The earliest form of regression was the method of least squares, which was published by Legendre in 1805 (Legendre & Adrien-Marie 1805)) and Gauss in 1809 (Stigler, 1981) 47 moindres carrés.However, Gauss claimed that he had known about the method since 1795.Regression analysis is a technique for modelling and analysing numerical data containing a dependable variable (response variable) and one or more independent variables (explanatory variables).The dependent variable in the regression equation is modelled as a function of the independent variables, corresponding parameters (constants), and an error term.The error term is treated as a random variable (Fuller, 1987).It represents the unexplained variation in the dependent variable (Hamel & Dufur, 1993).The factors are evaluated to give the best fit of the data.Most usually, the best fit is analysed using the least squares method, but other criteria can also be used (Hamel & Dufur, 1993).Regression can also be used for prediction (including forecasting of time-series data), inference, hypothesis testing, and modelling of casual relationships.In linear regression, the model specification is that the dependent variable yi is a linear combination of the parameters (but need not be linear in the independent variables (Fisher, 1922) For example, in simple linear regression for modelling N data points, there is one independent variable: xi, and two parameters, β0 and β1: Based on the response, we see that the maximum loan that a financial institution or a person could take depends on the source of their revenues.Kosovo commercial banks, apart from individual and business loans, also provide mortgage loans and overdraft salary.Analysis of the credit limit shows regression on the risky assets of banks with the value of 1.723 using t-statistics.Analysis of the profitability of credit shows regression of −0.613.It did not show any relevance on the level of profitability.For the analysis of credit control, based on the results, the regression of 3.105 shows a higher degree of credit control and that risk management in banks is very important.
From the table, the regression of the question shows the effect of risk management.The effect of risk management is the dependent variable, while the net profit level, risk management and credit control, and the importance of risky assets are the independent variables.The reasons we use three questions is to test the effect of risk management on the performance of banks and financial institutions.Interviews were also done to verify the effect of risk management and that the staff that fill out the survey all have knowledge of the questions.The qualifications of the members of staff include PhD, masters, undergraduate, and diploma holders.

CONCLUSION
Risk management is a necessity for financial institutions to survive and thrive in the long term.Financial institutions should ascribe critical importance to a tight system of control when providing loans.Banks have a stable cultural system of risk management.During the study, issues that relate to credit risk management and internal control techniques were treated in practical as well as in conceptual terms.
From the presented and analysed data, risk management is one of the most important operational aspects of banking and financial institutions.It should be noted that the findings show that banks that have huge profits have an advanced risk management system in place.Based on this, they also gain public support and trust of clients as a result.Risk management at the banks covers the following activities: internal control, credit control, market control, and investment analysis.
The following recommendations for banks in Kosovo are made to improve banking efficiency: − First, banks need to be aware of assessments of loan requests and try to get as much information of value to assess the general effectiveness of the department.− Second, banks must have an efficient control mechanism in granting loans and must be equipped with reliable information about customers requesting loans.It should be noted that the banks do not need to make decision on granting the loan based on one or more pieces of client information that they provide, rather, the information should be gathered on a broader level to determine correctly the required decision.− Third, the staff should undergo training and should also attend seminars to keep up with the current global trends.− Last, banks should focus more on credit control, since it is the main aspect of banking risk management, and banks must continue to give it great consideration, as the main profits come from crediting activities.

Table 2 .
Mean and standard deviation [table made by authors]

Table 3 .
Questionnaires with regard to borrowing [table made by authors]

Analysis of internal control
-Analysis of the data from this table shows that 80 % of the respondents indicate that banks have internal control systems in place, which are fully in compliance with bank regulations.

Table 4 .
Analysis of internal and external control [table made by authors] . The term least squares comes from Legendre's vocabulary,

Table 5 .
Importance of risk in assets management [table and calculations made by authors]