Not for compliance alone
Effective risk management is more than just compliance
Effective risk management is more than just compliance
Ask a director of a listed company why risk should be put firmly on the
boardroom agenda and you will receive a simple answer: ‘Because we have to.’
Both the combined code on corporate governance, and the Turnbull guidance
puts responsibility for ensuring effective risk management squarely on the
board’s shoulders.
But this answer overlooks the considerable benefits that a company can gain
from effective risk management. My experience as a former director of risk
management of a FTSE 100 company convinced me that it’s wrong to do risk
management for compliance reasons alone. You have to do it because it benefits
the business.
Risk management must be embedded within the overall context of business
strategy. In this way, you move the agenda from risk minimisation – stopping bad
things from happening – to risk optimisation – making good things happen. By
doing this, the risk management process drives improved performance and creates
shareholder value.
Increased globalisation, competition and rapid change mean that companies
actually need to take more risks if they are to create sustainable value.
Only by addressing the issue in a strategic way, using a disciplined and
systematic process at board level, will companies be able to improve their
chances of success.
But how can boards address risk management effectively? On the compliance
side, it is a matter of ensuring that systems are in place and their
effectiveness is reviewed regularly as advocated by Turnbull.
But what about the strategic risks which evidence has shown can account for
the greatest adverse impact on shareholder value when they go wrong? A recent
McKinsey survey of 1,000 directors worldwide showed that, while 75% wanted to
spend more time on strategy and risk, only 11% claimed to have complete
understanding of current risks and 8% had understanding of long-term risks.
Boards need tools and techniques to help them understand and manage strategic
risks. It goes without saying that the FD has a leading role to play in
implementing such tools.
What’s crucial, however, is that boards go beyond the compliance mentality of
risk which seeks to avoid downsides.
They must embrace the performance aspect of risk management that focuses on
the upsides and seize opportunities. Apart from anything else, it makes for a
much more interesting discussion.
Bill Connell is chairman of Professional Accountants in Business, part of
IFAC