The global economic meltdown in 2008 made it imperative for corporate sectors across the world to acknowledge the fact that we can no longer afford to be passive observers. Furthermore, the fast-paced and unremitting transformation of corporate environment raised the need for experts capable of mapping the future (two to five years) – identify and decipher risks, formulate a matrix of risk management, risk mitigation and risk avoidance.
To have an effective Corporate Governance framework, it is no longer sufficient for boards to relegate risk management as a supplement to the oversight of the Audit Committee (AC). Pragmatic boards shall construe risk management as one of the fundamental enabling processes within the broader framework of strategy. Boards must design a risk management policy and risk management framework by forming Risk Management Committees (RMCs).
The risk management framework should envisage the scale and scope of risk arising out of macro- and micro-socio-politico-economic factors. These factors help in determining and managing the impact and influence of a business, specific to a certain part of geography, to have in other parts of the planet. For instance, the political and social imbalance in Middle East and North Africa (MENA) coupled by their impact on the production of oil affected the global economy.
Another factor for consideration should be ‘regulatory risk impact’; the amends in regulatory stance might leave the current organizational design, business model and even the strategic approach redundant. For instance, between 2008- 2013, Indian life insurance industry witnessed a massive impact on growth and profitability due to unfettered regulatory risk. Moreover, any act of non-compliance can invoke regulatory cognizance, thereby eroding the financial and reputational standing of the company. Case in point, recently, the Ministry of Corporate Affairs (MCA) ordered a penal action against 196 erring companies for not shelling out funds for CSR activities in FY 2014-2015.
With the help of RMC, the possible risk can be detailed into the following categories:
Environment Risks: Macro and Micro
– Economic
– Socio
– Political
– Industry-specific
Business Risks
– Strategy
– Operations (including financial)
– Systems and Processes
Regulatory Risks
Once the categories are detailed, all the risk must be graded into major and minor risks and their possible impact should be assessed. Following which, measures to avoid, mitigate and manage risks must be designed, along with the monitoring plan by the RMC. It should include the schedule of various forums amongst different levels in the hierarchical structures within the organisation, and what kind of information, data and analysis were discussed in those forums.
At the beginning of every quarter, the board should get a comprehensive feedback from RMC on how the risk management process is functioning and suggest changes in approaches if required. Moreover, at the end of every financial year, the board must judge the risk management of the company by taking a reverse journey and look into the financials – to assess their successes and failures – and determine whether the enterprise value has been maintained, enhanced or reduced. This exercise will help in mapping and re-engineering the journey next year.
In conclusion, the ability to visualise future business environment and to choose and implement the best alternative strategy is the core of risk management. It should be observed as an evidence of value preservation and creation process rather than a mere regulatory obligation.
Author: Ananya Singh
Disclaimer: THE STATEMENTS HEREIN REPRESENT THE CURRENT OPINION AND BELIEFS OF THE AUTHOR ONLY AND NOT THE ASSOCIATION OF INDEPENDENT DIRECTORS OF INDIA (AIDI). UNDER NO CIRCUMSTANCES SHOULD ANYTHING IN THIS POST BE CONSTRUED AS INVESTMENT, LEGAL, TAX, REGULATORY, FINANCIAL, ACCOUNTING OR OTHER ADVICE.