An interactive qualitative analysis of academics ’ views of a competency-based undergraduate quali ﬁ cation in risk management

Purpose – The purpose of this research was ﬁ rst to determine the competencies mandatory of risk managers, and second, to consider the implications of such competencies in determining modules appropriate forinclusion in anyprospective undergraduatequali ﬁ cation withspecialisationin risk management. Design/methodology/approach – A qualitative research approach was followed, involving academics teachingrisk managementin a focusgroupandmaking useof interactive qualitative analysis (IQA). Findings – The competencies identi ﬁ ed were business management skills, ﬁ nancial knowledge, an understanding of the risk management process, governance and compliance, people management and technicalskills.These will be explainedingreater detailin thepaper. Research limitations/implications – The implications for teaching are that an undergraduate curriculum in risk management will have to combine majors such as business management, ﬁ nancial management, risk management, industrial psychology and communication. These majors need to be complemented by modules in governance and compliance management, as well as information and communication technology. Practical implications – The implication for practice is that risk management professionals and members of the Institute of Risk Management of South Africa need to avail themselves to serve on an advisory board of academic departments offering risk management quali ﬁ cations. Risk management is a developing science andrequires inputs about researchandthecurriculationof quali ﬁ cations. Social implications – The implication for public policy is that the South African Quali ﬁ cations Authority and the Council for Higher Education should reconsider their requirements for designators (specialised quali ﬁ cations). The implications for research are that IQA provides clarity on the knowledge and skills required to develop a competency-based quali ﬁ cation in risk management. Further research should benchmarkquali ﬁ cations andpropose a curriculum for a bachelor ’ s degreeinrisk management. Originality/value – The use of IQA is a novel way of ensuring rigour and objectivity

1. Introduction "Organisations face a shortage of competent risk management professionals despite this function's increasing importance" (Koh et al., 2015, 1).
The role of risk management is to enable the leadership of organisations to identify and analyse, as well as evaluate risks for modification using risk mitigation measures to a level where these will meet the risk criteria of organisations.Organisations of all types and sizes face internal and external factors and influences that make it uncertain whether and when they will achieve their objectives.The International Organisation for Standardization (ISO) (2018) recommends that organisations develop, implement and continuously improve a framework for integrating the risk management process into the policies, governance, culture, strategy planning, management and reporting of the organisation.
Effective risk management needs to be supported by three pillars, namely, competence, collaboration and independence (Hopkin, 2017, 12).The sustainability of an organisation is enhanced by incorporating risk identification and assessment during strategy planning, and by implementing risk mitigation measures using sound governance and compliance during strategy implementation.
The literature about management strategy emphasises competence as a critical organisational resource needed to gain a competitive advantage (Campbell and Sommers Luchs, 1997;Mitrani et al., 1992;Nadler and Tushman, 1999).During 2014, the President of the Institute of Risk Management South Africa (IRMSA), Sheralee Morland, indicated that risk qualifications should start at tertiary level, and that risk professionals would like to see universities and colleges taking the lead in developing more risk management courses.Morland acknowledged that the development of a defined career path for risk managers would not be an easy task, but the development of a recognised framework and guidance will be an excellent place to start in assisting risk managers to identify best practices (Booth, 2014, 1).
At the time of writing, the University of South Africa (Unisa) offered a postgraduate diploma in risk management but did not offer an undergraduate qualification specialising in risk management.Until 2011, Unisa used to provide a bachelor's degree specialising in risk management.The BCom (risk management) was discontinued as a result of the requirements of the South African Qualifications Authority (SAQA) and the Higher Education Qualification Committee of the Council for Higher Education (CHE), namely, that at least 50% of the modules of a specialised qualification had to represent the field of specialisation.The implication for the Unisa BCom (risk management) degree was that at least 15 of the 30 modules had to be risk management modules.None of the other universities in South Africa offers a specialised degree in risk management, but they do offer some risk management modules as part of their undergraduate curricula.Unisa has to consider the possibility of reintroducing an undergraduate qualification specialising in risk management.
Given the above, research regarding the possibility of introducing an undergraduate qualification in risk management at Unisa is required.However, the CHE requires that qualifiers be used to indicate the specialisation of a qualification offered in South Africa.

QRFM 15,3
A qualification with a qualifier (specialisation) must consist of modules from the area of specialisation for at least 50% of the minimum credits of such degree; in other words, if the degree requires 360 credits, then at least 180 of the 360 credits must be from the area of specialisation (risk management, in the case of this article).Furthermore, 50% of the minimum credits at the exit level of the qualification must be in the field of the specialisation denoted by the qualifier (Council on Higher Education [CHE], 2013, 20).Alternatively, a combination of specialisations, such as risk management and insurance, may have to be used to achieve the said 50% requirement for the qualification to be regarded as a specialised qualification.
The university regularly performs a programme qualification mix (PQM) review, and conducts advisory board meetings per department to evaluate the qualifications offered for their relevance, contemporariness and acceptance by its stakeholders.One of the approaches to ensure the relevancy of the curriculum is to determine the competencies required of the graduates that would be produced.Such a market-orientated approach is not without criticism, and a debate exists in both Europe and the USA on whether public education is an enterprise for the public good in a democratic society or whether it should be the provider of competency-based education (based on outcomes).According to Cochran-Smith (2001, 50), a competency-or outcomes-based approach legitimises the dominance of "private goods" at the expense of the public good.The study on which this article is based, did not seek to resolve the debate; it acknowledged it but proceeded from a market-orientated approach because the envisaged qualification is a specialised, specific qualification as opposed to a broad, general academic qualification.
The research problem asked, firstly, which competencies risk managers should possess to become effective risk managers.Secondly, based on these competencies, the question was what the implications for a proposed specialised undergraduate qualification in risk management for the South African context are?
The study used interactive qualitative analysis (IQA) as a method because IQA aims to solve a research problem (following a pragmatist paradigm) and not to determine the direction and strength of the correlation coefficients between variables (as is normally done in the positivist paradigm using correlation or regression analysis).According to Shannon-Baker (2016, 322), pragmatism is characterised by an emphasis on communication and shared meaning making to create practical solutions to research problems.
IQA is a structured approach where the researcher acts as facilitator and gathers data from the participants (constituents) of a focus group, where the constituents have a shared, common understanding of the phenomenon and a similar background (Northcutt and McCoy, 2004, 47).Reality is thus socially constructed by the constituents because they generate and interpret their data, while the researcher is enabled to represent the data visually using rigorous and replicable rules.IQA was chosen as a design due to its rigour and ability to restrict the biases of the researcher.IQA effectively reduces issues of trustworthiness, dependability and conformability from which other methods in qualitative research suffer (Tabane, 2010).
By determining the perceived competencies required to be an effective risk manager, one will be able to determine some of the initial implications for a competency-based curriculum for an undergraduate qualification in risk management which could be researched further.
The remainder of the article is organised as follows.In Section 2, the literature review describes relevant research that has been done to date regarding risk management.In Section 3, the research methodology is explained.The findings of the focus group are summarised in Section 4. In Section 5, the competencies identified by the focus group are Qualification in risk management interpreted and linkages are made.Section 6 explains the issues and implications of the research.

Literature review
The purpose of this literature review is to describe the secondary research that was undertaken and to provide a justification for the current study.Searches were done using the following databases and search engines: Nexus, EbscoHost, ProQuest, Web of Science, Sabinet and Google Scholar.The literature review is structured to define competencies briefly; secondly, to focus on research findings relating to risk management competencies found in the literature; and thirdly, to consider the work done by professional bodies in terms of risk management competencies.The views of professional bodies have been taken into account because of the need to design a curriculum that would meet the expectations of professional bodies in risk management.

Competencies
According to Draganidis and Mentzas (2006, 52), the early Romans practised a form of competency profiling to determine the ideal attributes of a "good Roman soldier".However, the seminal work about competency is ascribed to White (1959, cited in Delmarie de List and Winterton, 2005, 31) for introducing the term "competence" to describe personality characteristics associated with superior performance and motivation.
Risk managers and information officers have two roles in common, namely, they firstly have to rely on people for information collection, and secondly, they have to analyse, evaluate and report about information collected.McClelland (1973, cited in Dubois, 1993) found that competencies such as interpersonal sensitivity, cross-cultural positive relationships and management skills are associated with superior information officers in the United States Information Agency.
According to Le Deist and Winterton (2005, 39), a holistic typology of competence is useful in understanding the combination of knowledge, skills and social competences that are necessary for particular occupations, as indicated in Figure 1.
"Cognitive competence" refers to knowledge and understanding, while "meta competence" relates to the ability to learn and reflect, as well as the ability to cope with uncertainty."Functional competence" refers to skills or "know-how"; in other words, things a person in a particular occupation should know or be able to demonstrate."Social (behavioural) competence" relates to people skills, behaviours and attitudes of the individual, and may be defined as "the ability and willingness to cooperate, to interact with others responsibly and to behave in a group and relationally oriented way" (Le Deist and Winterton, 2005, 38).Draganidis and Mentzas (2006, 53) reviewed 12 definitions of competency, and based on these, define competency as "a combination of tacit and explicit knowledge, behaviour and skills that gives someone the potential for effectiveness in task performance".Guerrero and De los Rios (2012, 9) consider professional competency a composite of personal attributes, knowledge, values, skills, abilities, actions and experience of the professional task undertaken.Since risk management is regarded as a profession (as witnessed by professional bodies such as the Risk and Insurance Management Society (RIMS) of the USA and the IRMSA, the view of competency offered by Guerrero and De los Ríos was regarded as the most relevant for this study.However, all the cited research has in common that competency is a combination of knowledge, values, skills, attributes, attitudes, behaviour and experience.

Risk management from the perspective of international bodies
According to the World Economic Forum (WEF) (2017), the following global risks have been identified and analysed, in terms of both impact and likelihood, as indicated in Figure 2 below.
For organisations to enhance their sustainability amidst the risks mentioned above, the following risk management approaches have been developed to date (see Table 1).
The ISO prepared the ISO 31000 standard and proposes that organisations manage risk by identifying it, analysing it and then evaluating whether the risk should be modified by risk treatment to satisfy their risk criteria (ISO31000:2018(E): V).During this process, there should be consultation and communication with stakeholders, and risk controls should be monitored and reviewed to ensure that no further treatment is required.The ISO (2018)

Qualification in risk management
further maintains that risk management can be applied to an entire organisation, its many areas and levels, at any time, as well as to specific functions, projects and activities.The ISO risk management process is illustrated in Figure 3 below.
Based on the ISO risk management process, one can derive that a risk manager should have competencies such as discernment (in identifying risks), analytical and decisionmaking abilities, communication and consultation skills, as well as vigilance (in monitoring and reviewing risks).
The RIMS developed a risk management professional core competency model using multiple focus groups, and validated these core competencies using a survey undertaken by Note: *There are also references to disaster risk management found in the literature an independent psychometric organisation.The various focus groups each consisted of six members and employees of RIMS (Fox, 2019).
The RIMS (2017) regard core competencies as those "fundamental for successfully performing as a risk management professional, irrespective of the level of experience or training".The five core competencies identified by RIMS are business insight, integrity/ ethics, communication, collaboration and consultation.As indicated in Figure 4, RIMS also identified attributes, such as organisational knowledge, business knowledge, risk management knowledge, technical skills and management skills as components of their competency model.
The RIMS model is comprehensive, and reflects attributes in addition to knowledge (organisational, business and risk management knowledge), values (such as ethics and integrity) and skills (management and technical skills).RIMS recognises that risk managers need to develop their competencies over time as they progress along their career paths and that their model serves as a guide, and not as a requirement for entry into the profession.Although the model is well grounded and comprehensive, a limitation from the perspective of the current study is that it does not provide explicit guidelines for curricula development by universities and that it may not necessarily be transferable to South Africa without some degree of customisation.A concern is how bias and power relations were managed during the focus groups.However, the validation by an independent psychometric organisation is a positive aspect of the RIMS competency model.

Research about risk management competencies
According to Vinay and Müller (2015), risk management as a discipline evolved since the 1970s as major events happened or new legislation was introduced, as illustrated in Figure 5 below.
As illustrated in Figure 5, the number and complexity of risks are on the increase.The implication is that the role of a contemporary risk manager is more challenging compared to that of the 1970s and that the competencies required are constantly changing and expanding.Louisot (2003, 26-30) proposes four areas of competencies, namely, general management, the risk management process, leadership and communication, as well as sector-specific knowledge.Within each of these four areas of competencies, Louisot (2003) identifies subcategories, as summarised in Table 2 below: Ashby (2011, 330) conducted 20 semi-structured interviews with risk management executives of financial institutions in the UK and concluded that the attitudes and competencies of the management of financial institutions could have prevented the financial crisis of 2008.The managerial weaknesses were poor risk management communication, inappropriate organisational cultures, flawed compensation schemes, an over-reliance on mathematical models and metric-driven regulatory assessments, as well as competition and complexity.Sound risk reporting does not only require clear, meaningful communication of the right data to the right people (and not withholding any risk data due to internal politics) but also that management must have the ability to understand the data presented to them.The culture should encourage the virtues of prudence, conservatism, crisis avoidance and long-term steady financial results rather than short-termism, greed and herding (copying the strategies of other financial institutions) (Ashby, 2011, 334-339).Koh et al. (2015) suggest a more integrated approach to the development of risk management competency by integrating three inter-related concepts, namely, competencies, QRFM 15,3 dynamic competencies and the learning organisation.They identified operational risk indicators from Malaysian literature and re-affirmed these during interviews with ten leading chief risk officers of banks in Malaysia.These included keeping abreast of Basel accords and other regulatory matters, as well as international benchmarks, proactive selfdevelopment, induction, learning by developing own risk models and appointing staff members who have mathematical skills for the management of derivatives.Leaver and Reader (2016) researched how non-technical skills influenced the management of risk and performance in trading environments.They found decisionmaking, leadership, situational awareness and teamwork to be important non-technical skills and determinants of risk management and performance.
According to Hopkin (2017, 325-333), risk management is increasingly seen as a profession, and a risk professional should have a range of both technical and people skills.The technical skills required are skills associated with planning a risk management strategy, implementing a risk management architecture, measuring risk management performance and learning from risk management experience.The people skills are communication, interpersonal relationships, analytical and management (including selfmanagement) competencies.A risk professional should also have political skills and be able to influence, negotiate with and motivate others.Furthermore, the risk professional should have problem-solving and decision-making capabilities, as well as a sound knowledge of business and risk management.
In a study among risk management professionals, Marx and De Swardt (2020, 96) used IQA and found that managerial and risk management knowledge, people and technical skills, ethical values and attributes such as assertiveness and steadfastness are competencies required of risk managers.However, their study may be supplemented to obtain a more complete picture by repeating the study among risk management academics because they have influence over the curriculation and offering of qualifications in risk management.
In summary and based on the literature review above, the commonalities suggest a combination of knowledge, skills, values and attributes such as leadership and experience.Some also include the attitudes, behaviour and experience required to be an effective risk manager.Knowledge includes business, organisational and risk management knowledge, while skills, such as management and technical skills are needed.The main difference in the literature is that not all works consulted considered risk management from the perspective Qualification in risk management of academics teaching risk management.The literature may be summarised using the following concept map, indicated in Figure 6 below.
As is evident from the above, none of the literature considered the implications of the above for the design of an undergraduate qualification in risk management, and due to a lack of consensus, this pointed to the need for a study that addresses this topic.

Methodology
The research was approved by the Ethics Committee of the College of Economic and Management Sciences at Unisa.Participants were assured of their anonymity and safety.Their participation was done with their informed consent, and they could withdraw if they so wished without any consequences to them.
The study used IQA as a research design.IQA is interactive because the participants (also called the constituents) are allowed to work as a team during the focus group activity to generate, cluster and interpret their data in establishing a shared understanding of the phenomenon.IQA was appropriate for the current research from both an ontological and epistemological perspective.
From an ontological perspective, IQA presumes that knowledge and power are interdependent (Northcutt and McCoy, 2004, 16).In this regard, the IQA methodology requires the constituents of the focus group to be selected based on their knowledge and experience of the phenomenon under investigation.During the meeting of the focus group(s), the constituents both generate and interpret their own data, while the researcher or a facilitator facilitates the process (Bargate, 2014, 12).In the current study, any power, biases and prejudices of the researcher were eliminated by using a facilitator for each of the focus group(s), while the researcher acted as an observer only.In summary, in this type of research, the data is socially constructed using induction while the subjectivity of the researcher is constrained.
From an epistemological perspective, both induction and deduction are necessary for the investigation of meaning in IQA.The categories of meaning (called "affinities") are defined and refined by the constituents.Once this has been done, the constituents deductively explore the relationship between affinities, especially the direction of each relationship.As a qualitative method, IQA overcomes the criticism raised about qualitative research because it For the current study, the focus group consisted of seven academics involved in teaching risk management.The constituents were individuals with a common interest in and practical experience of teaching and research in the field of risk management, as well as their availability.
The profile of the participants is indicated in Table 3 below.The focus group met on 14 February 2017.Once the focus group had settled down and mobile phones had been switched off, the facilitator assured constituents of their anonymity and safety, followed by an explanation of the process that would follow, as well as a warmup exercise.Constituents were provided with 25 identical blank cards each and identical pens as part of protecting their privacy.Constituents who needed additional cards were provided with such.The constituents further received a well-formulated issue statement (Mampane and Bouwer, 2011).
Constituents were asked to do individual brainstorming about the issue during a period of silence and privacy for 10 min.The issue statement was: "Tell me which competencies a risk manager should have?"Silence had to be maintained during this nominal phase to avoid hierarchical influences and potential dominance by some constituents.This precaution also ensured the authenticity and individuality of thoughts.
Once this individual task was completed, constituents were requested to affix their cards to a wall, still maintaining silence.The facilitator then read the competency provided on each card and removed duplicate cards.The constituents could then commence with their group activity as they clustered the cards into meaningful groups on the wall.Each cluster was allocated an affinity name (theme) by the group and the inclusion/exclusion of cards in each of the respective affinities was debated until consensus was reached.Any missing competencies identified by the group were added to the appropriate affinity.The affinities were listed in alphabetical order for the purpose of each participant completing his/her detailed affinity relationship table (ART).The ART documented the reasoning of the members of the focus group, and enabled each participant to indicate independently whether any relationship between affinities existed and, if so, to indicate the direction of the relationship.In other words, individual construction of the ART's was done.
Finally, each constituent was requested to consider individually and carefully to indicate the nature of the relationship between the affinities using a detailed ART.A detailed ART not only enabled constituents to indicate either the direction of any relationships between the affinities (by means of / or !) or if no relationship existed (< >) but also to describe each relationship briefly or to use an IF THEN statement for each pair of affinities that had been decided on by the focus group.In the current study, the focus group identified the six affinities indicated in Table 4 below.

Qualification in risk management
The outcome of an IQA study is a graphical representation called a systems influence diagram (SID).An interrelationship influence diagram (IRD) is prepared with all the affinities to indicate each relationship as indicated by the focus group.Deltas (D's) are calculated based on the information in the IRD.Deltas with positive numbers are regarded as drivers in the SID, and deltas with negative numbers as outcomes.A driver is an affinity that is causing the phenomenon, and an outcome is an affinity that is the result of the causeeffect relationship.Once an IRD table is sorted in descending order of the D's, a SID can be drawn.
The SID "is a visual representation of an entire system of influences and outcomes and is created by representing the information present in the IRD table as a system of affinities and relationships among them" (Northcutt and McCoy, 2004, 174).
A facilitator may conduct follow-up, semi-structured interviews with constituents to probe individual meanings of the affinities further.However, this is an optional step in the IQA process, which was not followed in this study because each of the constituents of the focus group developed clearly defined affinities using his/her detailed ART, which ensured no irregularities and paradoxes appeared in the ensuing SIDs.
Another procedure that may be used in IQA is the Pareto protocol.The Pareto protocol in IQA is used for two purposes, namely, to determine the optimal number of relationships to comprise the composite system and to help resolve ambiguous relationships.Northcutt and McCoy (2004, 160) maintain that the composite should account for maximum variation while minimising the number of relationships in the interest of parsimony.An alternative to the Pareto Protocol is to use a simple majority vote by members of the focus group to determine the direction of each relationship and where those options with a plurality of votes are included in the SID and those with very few or no votes are excluded from the SID.Since this study involved a focus group only, the Pareto Composite SID was used in the light of the higher level of detail provided by the technique.

Findings of the focus group
The data generated by the focus group are summarised in the below list and in Figures 7  and 8 Tabular IRD in descending order of Δ QRFM 15,3 combination of business management skills and financial knowledge influences the risk management process, which, in turn, influences governance and compliance as appropriate skills to manage risks effectively.

Implications
The current research problem was to determine which competencies are required for risk managers to be effective risk managers.The second problem, based on these competencies, was to determine what the implications are for a proposed undergraduate qualification in risk management in the South African context.
In addition to the literature review, the study used IQA by involving a focus group consisting of risk professionals to identify the competencies required of risk managers.The implications of the findings are discussed in the following order, namely, firstly, considering the implications for practice and the RIMS competency model in particular; secondly, implications for teaching; thirdly, implications for public policy; and finally, implications for research.
Implications for practice This study found that constituents of the focus group perceived that the following competencies are required of risk managers, namely, people management and technical skills, business management skills, financial knowledge, as well as an understanding of the risk management process, governance and compliance management.These competencies partially correspond with the competencies indicated in the RIMS professional core competency model, except that RIMS subdivides knowledge into three categories, namely, business, organizational and risk management knowledge.Similarly, RIMS distinguishes between management skills and technical skills.The attributes identified by the focus group of this study were similar to those identified by RIMS.However, the focus group emphasized governance and compliance management.Unlike RIMS, these were not perceived as one of the core competencies that risk managers need to be successful.RIMS could consider reviewing its core competencies by including governance and compliance.Core competencies may be replaced by core values, which are literally at the centre of all the competencies required.Such core values are enhanced by the RIMS code of ethics ( 2019) and significantly contribute to the professionalisation of risk management because most professions require that their professional members must practice in accordance with their professional code of conduct.RIMS could also consider providing guidelines to universities for those competencies that could be taught or learnt to be included in their curricula and to accredit universities who meet such requirements.
The implication for practice is also that risk management professionals and members of the IRMSA need to avail themselves to serve on the advisory boards of academic departments offering risk management qualifications.Risk management is a developing science and requires inputs about the curriculation of qualifications and further research.
One of the possible weaknesses of the model presented is that it overlooks the importance of foresight as a skill and knowledge of future studies and scenario planning.A key skill of a leader is the ability to develop a vision of the future by analysing trends and signals in arriving at plausible future scenarios.

Implications for teaching
As far as teaching is concerned, and in arriving at synthesis, the literature and the findings of the focus group point to the combination of business management and risk management as the majors for an undergraduate qualification in risk management.The implications for an undergraduate qualification in risk management are summarised in Table 6 below.
The focus group used for this study did not indicate two aspects covered by the RIMS competencies model, namely, knowledge of business models and stakeholder engagement, but as implied by the RIMS competencies model, these would have to be addressed in any curriculum in risk management.However, the focus group included governance and compliance management, which is not part of the RIMS competencies model.

Implications for public policy
The findings of this study also serve as a starting point for the reintroduction of a BCom (risk management) degree by Unisa.Despite the requirements of SAQA and the CHE, this study demonstrated that a specialised degree in risk management needs to be offered to meet the need Qualification in risk management

Implications for research
In view of the above, SAQA and the CHE need to conduct research about curricula that could potentially be offered but which are being withheld due to their rigid stance about the percentage of a that needs to be covered by the area of specialisation.Risk management and other competencies are in short supply in South Africa, yet unemployment and the appointment of foreigners remained a challenge at the time of the study.A scientific study needs to be done to assist in resolving these issues by relaxing the requirements for specialised qualifications and, in doing so, increasing the number of qualifications needed by the developing South African economy amid the fourth industrial revolution.
The unique contribution of the current research was the innovative use of IQA for data collection, the removal of subjectivity and the rigour in analysing and presenting the results.The results provide a starting point for a possible follow-up study using pragmatism and mixed methods for the design of a curriculum that will both meet the requirements of the professional body and provide graduates with the best possible combination of knowledge, attributes, values and skills needed by the risk management profession.
The implications for further research include that a comparative IQA study of the competencies of risk managers using academics from the field could be undertaken, as well as a study of the design, benchmarking and validation of a proposed curriculum for an undergraduate degree in risk management.The inclusion of futures studies and scenario planning in the development of risk managers with foresight for the identification and analysis of strategic risks also needs to be undertaken.The purpose of this study was not to compile a curriculum for a new BCom (risk management), and a comparison with the curricula of degrees offered in risk management would be valuable.However, this was beyond the scope of the current study.
IQA uses rigour and eliminates the bias of the researcher, and the one limitation of this research lies in the use of a focus group, which resulted in the findings not being generalisable as the case would have been with a representative sample used in the positivist paradigm and using appropriate statistical analysis.However, this study was exploratory and could serve as a valuable starting point for further research in this area to perform a comprehensive curriculum development.
By reintroducing a degree in risk management, Unisa could take the lead at tertiary level in developing an undergraduate risk management course and enhance its PQM.Should the CHE not approve it, Unisa needs to consider offering an Hons BCom degree with specialisation in risk management but limit the admission requirements to undergraduate degrees which adequately cover the knowledge and skills identified by this study.Reintroducing an undergraduate qualification or introducing an honours degree in risk management at Unisa could contribute significantly to the reduction of the shortage of competent risk managers in Southern Africa given the importance of this function in ensuring sustainable organisations in an increasingly complex environment.
Figure 1.Typology of competence Figure 3. ISO risk management process Figure 4. RIMS risk management professional core competency model Figure 6.Concept map of risk management competencies identified by the literature

Figure 9 .
Figure 9. Cluttered SID of the results of the focus group

Table 1 .
Risk management approaches

Table 2 .
Areas Public entities (national/provincial and local authorities) Health-care organisations (public and private) Not-for-profit organisations and non-governmental organisations (NGOs)

Table 3 .
Profile of the participants