This article has been written by Satish Kumar Yadav pursuing an Executive Certificate Course in Corporate Governance for Directors and CXOs from Skill Arbitrage.

This article has been edited and published by Shashwat Kaushik.

Introduction

Physical risk management Leaders are fascinated with the possibility as to how professionals in their domain can effectively contribute towards corporate governance. Thus, for the benefit of these leaders, various aspects of risk management and corporate governance have been  researched. It would be an immense surprise to them how deeply the two subjects, though separate, are intertwined towards the common goals of wellbeing of the people, processes, & businesses as a whole. These two processes are interlinked, as if you perform one role, you effectively end up performing the other role. Corporate governance cannot be successful without proper risk management, and managing all the risks that your company is exposed to automatically leads to good corporate governance.

Download Now

Corporate governance

Corporate governance refers to the systems and processes through which corporations are directed and controlled. It involves the relationship among different participants in determining the direction and performance of corporations, including shareholders, the board of directors, management, and other stakeholders. The main objective of corporate governance is to ensure that corporations operate in a fair, transparent, and accountable manner while also maximising shareholder value and protecting the interests of all stakeholders.

Key elements of corporate governance include:

  1. Shareholders: Shareholders are the owners of the corporation and have the ultimate say in how it is run. They elect the board of directors and have the right to vote on important matters such as mergers and acquisitions.
  2. Board of directors: The board of directors is responsible for overseeing the corporation’s management and ensuring that it is operating in the best interests of shareholders. The board is composed of independent directors who are not affiliated with the corporation’s management.
  3. Management: Management is responsible for the day-to-day operations of the corporation. The CEO is the head of management and reports to the board of directors.
  4. Other stakeholders: Other stakeholders in corporate governance include employees, customers, suppliers, creditors, and the community. These stakeholders have a vested interest in the corporation’s success and can influence its decision-making.

Effective corporate governance is essential for the long-term success of corporations. It helps to reduce risk, improve decision-making, and attract investment. It also promotes transparency and accountability, which are important for maintaining public trust in corporations.

Corporate governance is a complex and evolving field. As corporations become more global and interconnected, the challenges of corporate governance increase. However, the principles of good corporate governance remain the same: fairness, transparency, and accountability.

Key principles of corporate governance

  • Transparency and accountability: Companies should be transparent about their operations and financial performance. They should also be accountable to their shareholders and other stakeholders for their decisions and actions.
  • Board independence: The board of directors should be independent of management and should have the authority to oversee the company’s operations and make decisions in the best interests of the company.
  • Shareholder rights: Shareholders should have the right to vote on important matters affecting the company, such as mergers and acquisitions, and to elect the board of directors.
  • Stakeholder engagement: Companies should engage with their stakeholders, such as employees, customers, and suppliers, to understand their concerns and needs.
  • Risk management: Companies should have a comprehensive risk management framework in place to identify, assess, and mitigate risks that could harm the company.
  • Sustainability: Companies should consider the environmental and social impact of their operations and should strive to operate in a sustainable manner.

Benefits of good corporate governance

Good corporate governance can lead to a number of benefits for companies, including:

  • Increased investor confidence.
  • Improved access to capital.
  • Reduced risk of financial distress.
  • Enhanced reputation.
  • Improved employee morale.
  • Increased long-term profitability.

Understanding risk and risk management

To put it across simply, Risk is possibility of something going wrong in the interest of stakeholders. In terms of individuals, it could be possibility of a person meeting with an accident whilst on the road, losing his capital invested in mutual funds or shares or incurring damages to his property due to natural calamities. Each one of us is averse to such risk, and each one of us does  have plans to mitigate these risks. Similarly, in Business analogy, we need to identify what may hinder the business from progressing in a particular direction towards achieving its next goals or survival itself. A business may lose its relevance due to stiff competition in the market. It may incur heavy losses due to a wrong strategy adopted. A business may lose its brand image due to an accident in one of its factories. A business may incur heavy financial loss due to theft, pilferage and integrity & ethics issues of its employees. These are the risks which need to be recognised by the organisation in its day-to-day functioning.

Importance of risk management

Protection against Financial Losses: Risk management can identify and analyse a potential theft/loss, thereby safeguarding the company from financial losses.

Safeguarding Reputation: Corporate scams in the past have led companies on the way to downfall and disappear from the market. Risk management, which identifies such risks well in advance, can save the company from such embarrassment and permanent loss of identity/existence.

Facilitating growth, profitability, and seizing new opportunities: Once well protected all around, the company grows to its full potential, enhancing profitability and having an edge over its competitors.

Safer workplace: Physical risk management makes the workplace a safer place and provides a pleasant work experience to all its employees, enabling performance enhancement and profitability.

Business resilience: Businesses themselves become resilient and develop the capability to protect themselves better in case of natural and artificial adversity. For example, in the case of COVID-19, many companies survived, and many became extinct.

Types of risk which a business is exposed to

Operational risk: Incidents like theft, pilferage, accidents, and security and safety incidents can be combined as physical risks to a business. Physical risks can also be in the form of natural calamities causing damages to the infrastructure of the business, such as factories, buildings, etc. Generally, businesses do go for insurance to compensate for such risk. Risks arising out of data breaches, employees’ dishonesty, and process failure form part of operational risk.

Financial risk: Financial risk can be caused by poor business strategy, stiff competition in the market, poor product development, low efficiency of the system and process or low motivation level of the employees.

Compliance risk: Non-compliance to the legal framework by the company may cause penalties by the government & regulators.

Reputational risk: Unethical practices and not adhering to societal obligations and norms may lead the business to lose its brand image and loss of reputation, which finally culminates in business loss.

Strategic risk: This refers to the risk that arises when a business fails to adhere to its planned strategy, leading to the loss of its ability to survive in the market. A business may produce a low-cost product; however, if some other company pitches the cost below its cost and draws better responses from the customers, the first company loses its competitive edge.

Risk management strategy

Physical risk management strategy

The strategies adopted to manage various types of risks may be different, but the essence and the intended impact remain the same to safeguard the processes, people, and businesses from adverse effects of the probable risks. Physical risk professionals practice elimination as first strategy to manage risks to people, processes or business. It would be prudent to see how such risks are thoroughly managed using the Hierarchy of Risk Control. Elimination may not always be possible; in that case, we need to look for an alternate process with softer risk; the process is known as substitution. The balance risk is managed by engineering control, which means redesigning the machinery or the processes, followed by administrative control, which is nothing but providing adequate warnings and training to people so that they do not get into the trap of known risk. The last one obviously protects individuals using the ‘Personal Protective Equipment’, also known as PPE. Thus the hierarchy of control would be as under:

Elimination of risk/hazard, as it’s called in safety parlance: The most effective way to mitigate risk is to remove the hazard totally and safeguard people & processes.

Substitution: Most of the time, elimination may not be possible. In that case, we need to do the second best thing, which is to substitute the existing hazard/risk with a lighter one. For example, in a manufacturing industry, using harmful chemicals for the production process may be replaced with a less harmful chemical.

Engineering control: When substitution is not possible, we have to modify our process or redesign machinery, such as installing machine guards to ensure the safety of the operators.

Administrative control: These are the controls implemented through a set of policies, procedures, awareness, training, and guidelines. These controls should be communicated through suitable means on a regular basis to ensure that they are followed to avoid any undue risk.

Personal protective equipment: As the last means of protection, Personal Protective Equipment (PPE) such as helmets, safety goggles, ear plugs, and respiratory masks are used to defend the operator from the prevalent hazards in the workplace. However, this protection should not be used as a primary means of protection against the risk.

Holistic business risk management

However, holistic business risk management may require broader, appropriate, and fuller efforts from all domains of the business. ISO 31000 is the universal standard that provides guidelines for the management of all risks.

Risk management strategy includes:

Identification of risk: This requires systematically identifying all types of risks, including physical, financial, statutory compliances, reputational, operational, political, strategic, or any other specific risk to which the company may be exposed.

Analysis of risk of its nature and characteristics: This risk then needs to be analysed based on its likelihood of occurrence and severity of impact, which then provides inputs for prioritising management efforts to mitigate the risk.

Risk evaluation: The evaluation of risk is done to work out the treatment plan against the risk acceptance criteria. This enables management to decide whether to accept the risk and treat it after weighing other factors such as financial and consumption of other resources such as manpower, material, etc

Selecting the most appropriate risk treatment option: Based on risk evaluation, the risk treatment plan is selected, such as risk avoidance (elimination), risk sharing or transfer, something like insurance or outsourcing the process, and risk acceptance based on the risk tolerance level of the organisation.

Designing a risk treatment plan: Once the risk treatment option is finalised, it’s time to design a detailed risk treatment plan with all the finer details.

Monitoring the effectiveness of the risk treatment plan and providing feedback for improvement: Monitoring the effectiveness of the plan is the most critical part of the risk management cycle, as we may go wrong. A corrective course correction is essentially required to maintain the PDCA cycle of management (Plan, Do, Check, and Act).

Recording and communicating risk information with all stakeholders: Once risk has been managed, there would also be some sort of residual risk, which needs to be communicated to all stakeholders so that they are aware of the risk in the process or system and take personal preventive actions.

Understanding corporate governance

Corporate governance is the set of rules that guide companies to deal with their business through transparency, accountability, and ethical practices that are in the interest of all its stakeholders as well as for the growth of the company. The foundational principle of corporate governance serves the four Ps, namely, people, purpose, process, and performance of the company. In India, the Ministry of Corporate Affairs (MCA) and the Securities Exchange Board of India (SEBI) are responsible for ensuring the governance of the companies listed on the Stock Exchange. While management is responsible for the day-to-day functioning of the company, it’s through various committees that the fair practices of corporate governance are induced in the system. All such provisions of Governance are specified in the Companies Act 2013. These committees are:

Audit committee: This committee is vital in evaluating the internal processes and controls of the organisation. It also reports on the statutory compliances of the organisation and protects it from violating government regulations and safeguards it from penalties. The findings of these audits also give an indication of the robustness of the internal processes.

Risk management committee: This committee identifies and analyses the various types of risks that an organisation is exposed to. It plans strategies to mitigate risk and safeguards the organisation from unnecessary harm, making the company robust, resilient, and future ready.

Nomination and remuneration committee: The major task of this committee is to retain talent by fair remuneration for the success of the company. It also identifies talented employees for leadership roles and offers fair remuneration to ensure a succession plan of leadership and align the interests of all stakeholders.

Stakeholders relationship committee: This committee addresses the concerns & grievances of all stakeholders, including shareholders, customers, employees, suppliers, and management. It has to work towards amicable solutions to all issues and garner trust and loyalty, all of which are crucial for the company’s success.

Corporate social responsibility committee: Each company, according to government regulations, is bound to contribute a certain share of its profits towards the well-being of society. This initiative, if done sincerely, brings a lot of intangible benefits to the company in the form of goodwill and reputational enhancement. Thus, the role of the committee is paramount in ensuring that the company adheres to the policy on corporate social responsibility and gains the trust of society, thereby all its stakeholders.

Need for corporate governance

Enhanced confidence of stakeholders: A company that has robust corporate governance is bound to do well and enhance the confidence of all its stakeholders.

Risk mitigation: Good corporate governance ensures that all risks arising out of day-to-day operations are brought to the management’s attention as audit observations and corrective actions are taken well in time to avoid any financial losses to the company.

Profitability: If a company avoids losses due to good corporate governance, it automatically converts into profitability. A company well administered all around is better fit to perform in the market and compete with its competitors.

Customers & employees satisfaction: Defined processes and procedures enable customers and employees to do their best in the interest of the company.

Protection of reputation and against probable scams: Good corporate governance aims to forewarn the board well in advance of the impending scam. This helps the organisation safeguard its reputation.

Globalisation of the company: Today, in the age of globalisation, each company aspires to go global in its business operations. A tightly governed company is better placed to adapt to global standards and survive.

Intertwining of risk management and corporate governance

Risk management is nicely embedded in Corporate Governance. It is one of the critical aspects of good governance. Corporate governance, which is a set of rules, practices, and processes, guides the company to operate ethically and transparently in order to protect the organisation from liabilities, penalties, financial losses, and loss of reputation in the best interest of all its stakeholders. Risk management is one important tool that helps the company achieve these purposes of corporate governance.

Conclusion

Risk management is an essential component of corporate governance. It provides the tools and methodologies needed to protect the organisation from various risks, ensuring that it operates efficiently, ethically, and in alignment with stakeholder interests. By integrating risk management into the broader corporate governance framework, companies can enhance their resilience, reputation, and long-term success.

Frequently asked questions

How does risk management help protect a business from financial losses?

By identifying potential financial threats arising out of operational inefficiencies, market volatility, or strategic mistakes as part of the risk management process and implementing measures to counter them, companies can maintain financial stability.

What all liabilities can be kept away from the organisation using risk management?

Legal and regulatory liabilities can be proactively addressed by ensuring compliance with laws of the land. Both risk management processes as well as corporate governance provide enough opportunities to identify these gaps in the system.

What aspect of corporate governance helps in safeguarding the reputation of the organisation?

The reputation of an organisation can be tarnished by scams, scandals, unethical behaviour, or operational failures. The Risk Management Committee, which is one of the committees for good corporate governance, plays an important role in aligning decision making with ethical standards and societal expectations.

How does risk management enhance strategic decision-making in corporate governance?

As discussed earlier, risk management provides a structured approach to identify and mitigate risks that could impact strategic objectives. By integrating this process into the planning stage, companies can make informed decisions, ensuring long-term success and sustainability.

How can organisations induce a culture of accountability?

Corporate Governance with a robust Risk Management approach can render benefits to the corporate in inducing a culture of accountability as all stakeholders are held responsible against a set of rules, process and compliance requirement of corporate governance which is regularly validated through Audit Committee.

References

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here