Risk Management - An essential tool in
Corporate Governance
PRESENTATION TO MEMBERS OF ICSI
BY
S. Ravindranath
July 2011
RISK AND GOVERNANCE
Risk comes from not knowing what you are doing;
if you don’t understand, then don’t do it.
== Warren Buffet.
The governance framework is there to encourage the
efficient use of resources and equally to require
accountability for the stewardship of those
resources. The aim is to align as nearly as possible
the interests of individuals, corporations and
society.
= = Sir Adrian Cadbury, UK, Commission Report: Corporate
Governance 1992)
2
From the Turnbull Report – UK CG

A company’s objectives, its internal organisation and the
environment in which it operates are continually evolving
and, as is exposed. Since profits are, in part, the reward
for successful risk-taking in business, the risks it faces
are continually changing. A sound system of internal
control therefore depends on a thorough and regular
evaluation of the nature and extent of the risks to which
the company of internal control is to help manage and
control risk appropriately rather than to eliminate it.
3
What is Risk?






GRC – Governance, Risk and Compliance
Definition of Risk traces its origin historically to
Greek mythology -“ to run into danger”
A Greek Latin nautical origin too exists – Homer’s Odyssey –
Difficulty to avoid in the sea .
Incidentally the word “governance” also traces its origin to Greek
word “kubernao” and passed on to Latin – to steer.
Time immemorial enterprising people dared to venture and conquer.
No venture will succeed unless there is an overlay of risk.
But essential element of business is not only to make profits but also
steer clear of danger.
4
How is Risk taking to be handled ?




Can neither be passive, nor reckless and “run
into danger”
Risk taking as a way of life but manage it with
robust controls and systems
Fine balance between risk and reward
Let us not avoid risk but understand and
manage risk.
5
Examples of lack of governance




Enron, Orange County, Barings – all went bust
Nick Leeson and “The Rogue Trader”
Derivative Trading without knowledge and risk
management tools or governance
Citi Bank, Gurgaon affair
6
Risk Management and Governance




Risk and control mechanism without oversight and
governance – disaster
Risk Management in Indian Banks on the back of RBI
and BASEL regulations.
Risk factor in banking industry different from others Risk of Systemic Risk
Risks in Global Indian Companies includes currency risk,
commodity price risk and market risks
7
Risk and Governance in Companies




Are controls and governance different?
“Hands-off” approach of Boards
Role played by Company Secretaries and
Department Heads w.r.t. Compliance
Need for robust and transparent risk
management framework with proper monitoring
and control at a senior level with full disclosure
to the Board periodically
8
Greater role for Board and Audit Committee





Board of Directors – to understand the risks taken within the
accepted framework and tolerance levels
Be satisfied proper systems followed to manage risks.
Losses if any, will be acceptable and would be absorbed by the
company with their full knowledge.
Board should own the responsibility for the same.
Audit Committee of the Board, headed by outsider Director to
actively involve in examining adequacy of risk management policy,
internal control systems.
9
Risk Management in Companies






ERM or Enterprise Risk Management to be updated
Roles and responsibilities to be clearly defined
Board cannot micro manage, but should get abreast of risk profile
through proper system and communicate risk tolerance level to
senior management.
Micro risk management to be owned and managed by the executive
top management and the Departmental Heads
In some companies the internal as well as external auditors too play
significant role of risk management watchdog
Understanding of Outside Directors
10
McKinsey Survey Report April 2011



Board Directors are now spending time for:
Strategy – 23% of their time
Execution – 22%
Performance Mgmt – 18%
Business Risk Mgmt – 14%
Core Governance & Compliance – 14%
Talent Management – 10%
Respondents on boards in the financial sector indicate that directors’
knowledge is below average on industry dynamics (just 6 percent claim to
have complete understanding) but slightly above average on company risk
(17 percent).
Clearly seen where the focus is lacking. This may be global picture, but
there may not be much of change in Indian context.
11
Deloitte Touche Tohmatsu Survey 2010






Survey for IFAC [International Federation of Accountants] Professional
Accountants in Business [PAIB] - strengthen risk management and internal
control practices globally.
600 participants from around the world from diversified organisations.
More awareness of the benefits of implementing risk management and
internal control systems should be created,
Risk management and internal control systems should be better integrated
into organisations’ overall governance, strategy, and operations.
Risk management teams formulated policies and guidelines but those
responsible for control had their own set of guidelines which they followed.
Need for close interaction and integration is essential and help to
understand that both risk management and internal control are integral parts
of an effective governance system.
12
Another Deloitte Survey






131 financial institutions
90% of the financial institutions had proper risk governance model
and approach
In 75% of the institutions the Board of Directors approved risk
management policy and ERM framework.
86% of the institutions had CRO [Chief Risk Officer] or equivalent
post,
51% reported that Board of Directors conducts executive sessions
with CRO
Linkage between business operations and risk management should
continue to be assessed and nurtured.
13
SAS – Fortune 100 Group Survey of 300-odd financial
service executives



Only 33% believe that the principles of risk management in financial
services remain sound. Policy-makers can formulate an effective
response to the current economic crisis.
Only 40% of the respondents believe that “the importance of risk
management is widely understood throughout their company.”
Respondents wanted (a) “thorough overhaul” of their risk
governance and risk management policies and programs (b)
Improving data quality and availability (c) Strengthening risk
governance (d) Instituting a more comprehensive company
approach to risk management and (e) Integrating effective risk
governance and risk management policies throughout the business
(f) There should be transparency and more disclosures.
14
To sum up








Element of risk has to be taken.
Proper systems, controls and governance to understand, measure and
mitigate the risks.
Board to oversee implementation of risk strategy
Close co-ordination between the CS and CRO.
Close correlation among risk management, controls and governance.
External pressures in the form of market forces, shareholder scrutiny and
government intervention can play significant role
Incentives for investment in corporate governance
Need to strengthen corporate governance framework with regard to risk
management and make greater disclosures that will protect interests of all
the stakeholders.
15
Last word
Is Risk Management a tool in good
corporate governance or a good corporate
governance is essential through proper
controls over risk management?
16
Thank You
17