Risk-readiness needs a rethink

Apr 20 2014, 23:50 IST
Comments 0
SummaryBoards must shed traditional oversight, adopt Enterprise Risk Management

With risks being multitudinous and ever-present, there is a growing sense that the business activities may include continued vulnerabilities that will manifest themselves in the next risk storm. The new Companies Act takes the business of risk seriously, while it looks at risk management not as a function but as a capability for improving decision-making and avoiding catastrophic risks.

According to the new Act, the board and audit committees have been vested with specific responsibilities of developing, implementing and assessing the robustness of risk management policy, processes and systems. Thus, the boards now carry an explicit mandate from stakeholders to oversee and, if necessary, lead the charge in having management identify and explain the most critical risks facing an enterprise and the actions being taken to address them.

As risk management becomes part of the strategy, requiring extensive board deliberation, proportion invested in risk management is expected to rise over the immediate future, suggesting that companies will not be relaxing their guard any time soon. Enterprise Risk Management (ERM), a capability to master and optimise risk management, is propagated as the vehicle for this transformation. Fundamental elements of the ERM framework—risk strategy, risk structure, risk portfolio, risk measuring and monitoring, risk optimising—create a powerful blend that aims to crystallise and optimise an organisation’s risk philosophy. These fundamental elements help create a risk portfolio and facilitate in embedding risk management as an integral part of an organisation’s culture; define a mechanism to monitor and measure risks and controls; create an opportunity to ‘view risks differently’—optimisation is an approach which recognises that risks are not hazards but can present opportunities to create value; and optimise its risk portfolio—an organisation manages risks in a way that balances its risk tolerance with its desire for improved performance.

Clearly, the new governance framework requires companies to understand what good risk management looks like today and how the boards can help foster the culture, communication and mindset to leverage the strategic value of risk management. However, clarity is lacking on how boards are responding to these expectations. Unlike other embedded responsibilities of boards and committees, such as the oversight of financial reporting and disclosure, there are no standards for risk oversight and few, if any, authoritative sources on which boards may rely. This implies that oversight has been somewhat passive and involves significant reliance on management.

Faced with growing legal and business responsibilities, the boards may like to consider the

Single Page Format
Ads by Google

More from Edit & Columns

Reader´s Comments
| Post a Comment
Please Wait while comments are loading...