RISK is an inevitable part of doing business, and boards must consider risk in the preparation of their strategic plans. Board directors are expected to take prudential risk to build up their companies and, thus, increase shareholder wealth. Boards must therefore build an effective management framework as part of their corporate governance responsibilities.
Effective governance entails having a control environment that is conducive to effective operation of control activities, and risk should be identified and managed within the context of an enterprise-wide framework. Thus, the board should identify key risk areas and key performance indicators, and monitor these to ensure the effectiveness of internal control.
To ensure this, the board of directors are responsible for (1) ensuring that the strategic, operational and financial risks have been exposed; (2) ensuring that the necessary systems are in place to enable such risks to be monitored and managed effectively; (3) establishing that the company has put in place adequate reporting systems and operational and financial internal controls and their associated review functions; (4) ensuring that risk-management systems are operating effectively; and (5) ensuring that company policies comply with applicable laws and acts in accordance with the highest financial and
ethical standards.
Important risk-management strategies should include:
- Anticipating and identifying all potential risks;
- Identifying the significance of these risks according to likelihood and consequence;
- Identifying risks that could affect market position, cause financial setbacks, and/or result in prosecution;
- Setting up and ensuring execution of controls to manage the risks;
- Formulating and ensuring a contingency plan to mitigate disaster;
- Creating and reinforcing a positive culture to manage the risks;
- Establishing continuity management control arrangements;
- Regularly checking audit compliance with control arrangement;
- Regularly reviewing these arrangements as to completeness, relevance, adequacy and effectiveness; and
- Ensuring accurate and complete annual reports on risk-control measures to concerned offices.
While the board has full responsibility for risk oversight, it may delegate this to the Risk Management Committee (RMC) which is composed of the risk manager, the chief financial officer, the Compliance Officer and the company legal counsel. The RMC is responsible for developing, reviewing, approving and monitoring the risk-management strategies and exposure of the company in coordination with the board of directors. Its two most important qualities are independence and authority. The RMC and the Audit Committee report to the board, as also does the CEO and management. Overall, the board is responsible to the regulators.
Additionally, under the Code of Corporate Governance for Publicly Listed Companies issued by the Securities and Exchange Commission on November 22, 2016, subject to a company’s size, risk profile and complexity of operations, the board should establish a separate Board Risk Oversight Committee (BROC) that should be responsible for the oversight of the company’s Enterprise Risk Management System (ERM) to ensure its functionality and effectiveness.
BROC, which must have at least three members, the majority of whom must be independent directors, including the chairman, with at least one member who should have relevant and thorough knowledge and experience on risk and risk management, is generally required for conglomerates and companies with high-risk profile. The BROC must report to the board on a regular basis or as deemed necessary, the company’s material risk exposures, the actions taken to reduce the risks and recommends further action or plans as necessary. Note that the Board chairman may not chair the BROC.
In the end, it should be remembered that today a company is a complex enterprise engulfed by rapid technological change and fierce global competition. Thus, the board should ensure that its exposure to risk is assessed and monitored regularly in this ever-changing environment.
merci.suleik@gmail.com