Paradigms and approaches to manage risk
The past two years have been a watershed period for all enterprises in India as the country deals with new paradigms and approaches about how risk is managed. The Companies Act 2013 set new standards of corporate governance, accountability, internal control, and the need for greater compliance.
In addition, as data transcends physical boundaries with the advent of newer forms of business models, global interdependencies, and complex threats, there have been rapidly emerging vectors of risk across strategic, financial, operational, compliance, and technology. Indian enterprises will need to continue increasing its level of sophistication with a more robust enterprise risk posture to align themselves to deal with a much more complex and dynamic landscape.
Top Risk Considerations:
Strategic risk as an imperative- Risk management is no longer a set of competencies that lie within the bowels of an organization, within the narrow confines of a Risk Officer, or as a set of activities that are performed in an unstructured and unintegrated way. Management of key risks, particularly those with the potential of disrupting the achievement of an enterprise’s strategy or destroy enterprise value, will be managed more holistically using integrated approaches at the highest levels.
Enterprises will begin to evaluate whether they are adequately equipped to deal with risks that threaten its competitive positioning and impact the ability to maintain exceptional performance. In addition, Executives and boards will begin to ask themselves whether the old paradigm of paying disproportionate attention to high likelihood risks should be the essence of an enterprise risk strategy. Enterprises will also begin to recognize that crises will occur due to an adverse risk event and as such, whether they are adequately prepared to respond to the multitude of internal and external stakeholders. To this effect, enterprises will begin to undertake a thoughtful planning process to handle existing operations while minimizing impact as a crisis unfolds. Enterprises will truly need to understand the intricacies of how each seemingly disparate element of the enterprise inside and outside its walls intersect to form a complex network of risks and opportunities.
Cyber security, a boardroom issue – The extreme dependence on technology in a highly interconnected global environment, leaves all enterprises more susceptible Cyber risk. In addition, the increased adoption of social media, mobile technology, and cloud based platforms means that enterprises need to rethink traditional approaches to managing sophisticated Cyber threats.
Hackers from all corners of the globe relentlessly continue to exploit more attack vectors with greater sophistication and pervasiveness, often targeting the soft underbellies of enterprises. This will mean that securing proprietary information and other critical business assets is becoming exponentially more difficult. In 2015, there will be greater realization among enterprises to approach cyber risk differently, to be not only secure but also vigilant and resilient. Enterprises will need to create an integrated approach to cyber Risk that includes people, process, and technology so that they will be more secure, vigilant, and resilient.
Top Governance and Compliance Issues:Transitioning from corporate to conscious governance- Evaluating the performance of a board, committees and individual directors is a new concept for Indian boards. Some companies with international listings and progressive governance practices carried out such exercises, primarily self evaluation by board and committees of their performance. However, the stringent requirements around defining and disclosing evaluation parameters and methods of evaluation would put more rigour into such exercises.
Many boards will begin to define such evaluation frameworks leveraging leading practices of their international counterparts. Instituting or enhancing risk management programs and within the enterprise will be considered important steps in the process of truly having a unified governance and risk framework that is customized for the complexity of an enterprise.
Risk management, internal controls and compliance – The Companies Act, 2013 has brought significant rigour to increase the culture of compliance within Indian enterprises through increased requirements and accountability for risk management and internal controls.
The prescribed roles for audit committees and management and the need for risk management committees is expected to lead to an improvement in the quality of risk information generated and disclosed. Many public and private companies are expected to establish frameworks that serves this purpose and to provide assurances to the capital markets about the soundness of governance and internal controls.
Of significance, would be the establishment of an Internal Financial Controls (IFC) framework, with roles and accountabilities defined for the board, Audit Committee, statutory auditors and management. The need to adherence to these requirements will push Indian companies to adopt leading global internal controls frameworks to assure their boards of the adequacy as well as its effectiveness.
Increasing board accountability and diversity – One of the major thrust areas of the Companies Act, 2013 is enhancing accountability and promoting accountability and diversity in the boardrooms. 2015 will see increased revision of committee compositions and charters as Companies Act, 2013 has mandated constitution of various committees such as Audit, Nomination & Remuneration, Stakeholder Relations, and Corporate Social Responsibility (CSR).
2015 will indeed be one where executives of Indian enterprises and the Boards that oversee them will place more significant attention on corporate governance, compliance, and risk. The Company’s Act attempts to help enterprises increase their level of sophistication around its risk posture but only one set of steps needed to deal with the accelerated pace of change in business operating models and the increased threats faced by today’s networked enterprise. However, during this time of change and transformation, enterprises need to truly understand how to comply and govern better but do it more cost effectively and enable their businesses to deliver more value to their stakeholders.
The writer is Mr. Amry Junaideen, Senior Director Enterprise Risk Services, Deloitte India.