This article has been written by Apeksha Choubey pursuing a Diploma in International Contract Negotiation, Drafting and Enforcement and has been edited by Shashwat Kaushik.

This article has been published by Sneha Mahawar.​​ 

Introduction  

The company secretary plays a crucial role in a company; he/she performs duties of legal compliance and indirectly contributes to the company’s success. The company secretary identifies and evaluates the affairs and business of the company in such a way as to ensure that all legal and regulatory requirements prescribed by law are met. He also contributes to the risk management process of the company which is directly related to corporate governance, and he works closely with the risk management team to provide risk-related updates to all concerned parties. In this article, we will explore how the company secretary contributes to the risk management of the company. First, we will understand what risk management is and how it is related to good corporate governance, and, in the second part of this article, the company secretary’s role in it.

What is meant by risk management

Risk management refers to the process of identifying, assessing, and controlling potential risks that could impact a company’s operation and existence. There are different types of risks in any business such as financial risk, operations risk, market risk, legal risk, environmental risk, etc. Both external and internal factors affect the risks and their magnitude. These different risks may result in financial losses, legal issues, cyber security threats, supply chain disruptions, and market imbalances for a company. With the help of an effective risk management process, a company can mitigate or minimise these risks, monitor them on a continuous basis and accordingly apply risk strategies as necessary.

In large companies, the Board of Directors is mainly responsible for framing and implementing risk management policy and they can further delegate this work to committees known as Risk Management Committee (RMC).

What is meant by corporate governance

Risk management and corporate governance are two important concepts that are closely interrelated in every business. Various financial crises and scams all over the world induced the concept of “Corporate Governance.” The term corporate governance refers to the system of rules, practices, and processes that govern how a company is operated and controlled in a systematic manner. It involves the relationships between a company’s management, its board of directors, shareholders, investors, employees, creditors, suppliers, and other related parties. Good corporate governance ensures that a company operates in a transparent, better, and more ethical manner and makes sure that the interests of all parties are taken into account.

Risk management and its relation with corporate governance

The relationship between risk management and corporate governance is important because effective risk management is a key element of good corporate governance. By identifying and assessing the potential risks, companies can protect their stakeholders and other related parties to ensure they operate and manage in a responsible and sustainable manner. Additionally, strong corporate governance creates risk awareness and accountability within a company, which can further enhance its risk management capabilities.

The Risk Management Committee (RMC) should develop a strong risk management policy post-discussion with all members and stakeholders and contribute towards sustainable corporate governance. RMC formulates a detailed risk management policy, develops a risk methodology and process, and sets up controls to check that the process is working fine.

Risk management process

The risk management process broadly includes the following steps:

• Deciding objectives: The first step is to decide the objectives for the risk management process. The goals of the risk process should be aligned with the aims of the company. The objectives are critical for setting up an effective risk management process.
• Risk management plan: It is a formal plan made by the Risk Management Committee (RMC) in which goals, roles & responsibilities of team members, risk strategies to be adopted, method of assessment, review and feedback methods are documented.
• Risk identification: It includes identifying potential risks that could impact a company’s operation and existence. In this step, past events and incidents are considered and data collation is performed to analyse the current situation. Here, different types of risks have been identified on internal and external factors such as market, finance, regulatory, legal, operations, creditors, counterparties,  interest rate, employees, assets, competitors,  environmental issues, inflation, liquidity, cyber security & information technology and so on.
• Risk assessment: Risk assessment is the process in which the probability and magnitude of each risk is identified. This is done with the help of risk assessment tools and techniques to analyse risk impact on the company. Risk assessment is performed on both qualitative and quantitative factors for each risk identified in the above step.
• Risk mitigation: It involved different risk strategies and their implementation. There are different ways of risk mitigation such as risk avoidance, risk transfer, risk reduction and risk acceptance. A company adopts all these strategies for each of the risks identified. Each risk strategy has its significance and can be deployed in a single mode or in combination with other strategies to eliminate or minimise risk and its impact in a company.
• Risk monitoring and feedback: Ongoing monitoring is critical for the success of every risk management process in a company, which involves audits, reviews of risk strategies, and tracking as per objectives. It also includes immediate reporting of deviations from plans to take appropriate action to control them on time without disturbing the entire plan. Continuous feedback is the key component in this process.

Company Secretary’s role in risk management

In this section, the role of a company secretary is explained in the risk management process. The company secretary contributes to an effective risk management process in the following ways:

1. Legal and regulatory guidance: As we all know that the company secretary is responsible for ensuring that the company complies with all applicable laws, regulations, and policies. In the risk management process, he keeps up-to-date information of legal and regulatory changes and in this way helps the management of the company to identify and manage legal and compliance risks, which is considered very critical from the perspective of survival of the company and maintaining good corporate governance.

2. Disclosure: Every company is required to disclose material risks in its financial statements in a financial year. The company secretary ensures the material risks disclosure should be accurate and fair in the financial records of the company.

3. Maintain records and documentation: The company secretary acts as a guard to maintain accurate records and documentation as prescribed in applicable laws such as minutes of board meetings, resolutions, risk management plans, risk strategies and other required documents. This helps the company to demonstrate compliance with legal and regulatory requirements and also provides a record of decisions and actions taken in response to risks. The company secretary is required to record all risks identified, assessments done and mitigation strategies planned for each risk in the risk register. The board further approves these risk registers of directors in the meeting.

4. Coordinating risk management efforts: The company secretary also coordinates the risk management process by working with various departments and stakeholders to identify and evaluate risks, and by ensuring that risk management strategies are implemented effectively and document the risk monitoring results and action implemented. The company secretary is also responsible for conducting risk review meetings with the risk management team at periodic intervals and documenting the details of each meeting.

5. Communication: The company secretary is also responsible for supporting the board of directors in carrying out its duties and responsibilities, including oversight of risk management, and conducting stakeholders meetings to review and provide inputs on risk and mitigation plans. Additionally, he provides regular reports to the board with respect to the risk management team working and ensuring that the board is kept informed of any significant risks or issues. He also provides timely and ready information to the board to take any immediate decisions or respond to any emergency situation. He also communicates with other stakeholders to make them aware of risk management updates.

Risks associated with businesses

There are several types of risks associated; some of them have been mentioned below for your convenience:

• Complying with the  changing laws and policies;
• Coping with the changing political competitive environment;
• Protecting the assets of the company;
• Safety of insider information of the company; and
• Frauds and scams;

Conclusion

Overall, the company secretary plays a prominent role in ensuring that the company has an effective risk management framework in place, is working as per the objectives set and that risks are identified, evaluated, managed, and monitored in a timely and effective manner. He contributes to the entire risk management process, from planning to ultimate monitoring. He assists the Risk Management Committee (RMC) in creating a culture of risk awareness in the company through proper communication of all risk-related issues and decisions to the entire company on a periodic basis and maintaining essential documents.

In the current situation, corporate governance, environmental issues, and legal compliance are very important aspects to which any company should give first priority, as the survival of the company largely depends on these aspects only. The risk management team should develop an effective risk management plan considering all these important aspects and report its activities and plan of action to the board of directors with the help of the company secretary only. Bad corporate governance, environmental risks, and legal risks need to be considered while assessing risks. The company secretary is solely responsible for ensuring that the company has complied with all applicable laws and regulations, he has to prepare and maintain proper records as evidence that the company is keeping records as prescribed in the law, and he further furnishes all information requested by the government on behalf of the company.

References

• Role of Company Secretaries in Risk Management (taxguru.in)
• A Lesson in Risk Management | 7 Steps to Properly Managing Project Risk – Litcom
• https://www.chartsec.co.za/documents/latestNews/EnterpriseRiskArticleMay2010.pdf
• https://datatrained.com/dt-finance/what-is-company-secretary/
• https://www.slideshare.net/ICSAevents/risk-management-and-the-company-secretary 

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/lawyerscommunity

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.