Immaculate risk assessment is essential to judge how much risk to avoid, share, transfer, mitigate or retain. That decision comes straight from the top. Risk management, thus, is a corporate governance function.
By Arup Chatterjee
Risk management is crucial for companies looking to enhance good corporate governance for all stakeholders. With an objective system of monitoring and reporting in place, a board of directors can effectively oversee short- and long-term business prospects and the health of their respective organisations.
These issues have been brought to the fore as the large scale catastrophes like the coronavirus pandemic enhance shareholders’ expectations of corporate boards. These boards are responsible for overseeing and monitoring the company's operational viability, legal compliance, and financial performance.
Some risks, like fraud and regulatory violations, are internal to an organization and can be prevented. But events like natural catastrophes, cyberattacks, market downturns, political and social unrest, and epidemics are external risks. They are unavoidable but can be foreseeable. As such, they can be managed.
Therefore, companies must take a broad perspective of existing and emerging risks to increase their resilience and ensure business continuity during a crisis. They must identify and evaluate potential risks at every stage of the business cycle, from the origin of a threat through its ultimate consequences, including communicating to all stakeholders. And in this, assessment is essential for deciding whether and how to avoid, share, transfer, mitigate, or retain risk.
Here are 10 actions that boards can take to improve risk governance are:
1. Review the company's business continuity and disaster recovery plan
The board must review business continuity management to ensure regular business operations continue during a disaster and whether modifications are necessary. In doing so, it must address issues such as employee availability, service delivery, (raw) material procurement, conversion to finished goods, availability of logistics, the functionality of information technology systems, cybersecurity, communication protocols, and legal/regulatory compliance. The robustness of a company's disaster recovery plan will determine how quickly it can resume mission-critical functions following an unplanned incident.
2. Enhance scrutiny of the assessments of risk exposures by the management
When evaluating potential disruptions, companies need to identify issues relating to force majeure, triggers for defaults, and termination of contract terms. They must also look at whether management is appropriate in considering the impact of risk on key customers, suppliers, financing sources, and service providers. They should assess the company's insurance coverage and verify the steps to take to preserve potential claims. The company must also explore the ability to access any emergency government funds or other assistance.
3. Oversee the development of robust risk assessment and mitigation policies and contingency plans
This assessment should feed into business continuity and disaster recovery plans under their oversight. Management should have clear instructions regarding the board's expectations for addressing material risks impacting operations and business relationships.
4. Assess financial condition and capital structure
The board should subject the companies to a rigorous assessment of their financial condition and capital structure. A stress-test should accompany this exercise to evaluate its ability to manage liquidity as well as employee, creditor, and shareholder expectations and obligations. One specific item to consider is whether to suspend the company's ordinary dividend and pay reductions to preserve cash.
5. Recommend the establishment of special committees
A board should stay well-informed to be effective. Special committees can help in regularly liaising with management to review risks and evaluate responses. They can also prevent adverse impacts on operations. Directors should be privy to timely information and business intelligence.
6. Make disclosures relating to the ability of the corporate entity to continue as a going concern
Companies are required to report the effects on their financial statements, and disclosure requirements largely depend on materiality. Sometimes, the outbreak of large-scale catastrophes corresponds with the deadline for the financial-year to prepare and file annual reports. Even though many companies still do not have material information, any failure to disclose this risk factor would make the financial statements misleading. Boards must ensure that the companies make a level of reasonable disclosure that may impact the financial statements for periods after the balance sheet date. The potential issues for consideration while drafting the disclosures may include regulatory relief, location closures, supply chain interruptions, production delays, and workforce changes. Other items include the risk of loss on significant contracts, loss of customers, potential future impairments of assets, and declines in market value.
7. Integrate complaint handling with the risk management framework
Complaint handling means monitoring, analysing, and evaluating risks both inside and outside the organisation. The receipt of accurate information via complaints is critical to understand whether risks are within tolerable levels. By helping to identify new hazards and determine the root cause of a failure, complaints provide critical insights to the board for making risk-based decisions.
8. Embed environmental, social, and corporate governance considerations into the “corporate DNA”
Natural and man-made hazards have widened social imbalances in Asia and the Pacific—underscoring the importance of managing environmental and social risks. These are material risks that can affect business operations and threaten reputational damage, lost opportunity costs, and lost productivity. Companies must adhere to environmental, social, and corporate governance principles to deliver new jobs and businesses through a clean green transition.
9. Embrace corporate social responsibility as a component of corporate strategy
Developing corporate social responsibility policies and programs are not only about good business strategy but also about viewing the relationship with communities, producers, and consumers as symbiotic and mutually beneficial. Corporate social responsibility is a good corporate governance practice, as it allows companies to better engage with many of their stakeholders, including investors and consumers. Entities that give back to their societies voluntarily by caring for the environment and resources can better recover from a business downturn because of the associations developed within the community.
10. Building more organizational resilience through sustainable corporate governance
Besides assisting the management in responding to emerging challenges, the board should not lose sight of strategic issues to best position businesses for the future. These issues may include cultivating new alliances, developing innovation and technology, growing through acquisitions or disposing of non-core assets or businesses, and exploring lower-cost financing structures. The focus will likely shift from short-term profit maximization towards building more resilience into the organization. The use of environmental, social, and corporate governance metrics will achieve higher currency in helping drive the transition to more sustainable economic frameworks. This adjustment will have far-reaching implications for capital structures, supply chains, growth strategies, stakeholder engagement, board composition, and risk drivers.
(The author is a financial sector policy and regulatory expert with a multilateral bank . The views expressed are personal)