With its vast natural resources, Odisha is ranked as a top investment destination of India, yet the State remains one of the most backward States of India along with other eastern States of Jharkhand, Bihar and Chhatisgarh. Such contradictory situation can be explained by number of causative factors including low levels of entrepreneurship, risk averse mind set and non-application of professional, managerial and financial practices. Odisha needs to encash the eminent position as a powerhouse of growth by exploiting her vast potential through development of industrial and infrastructural base for her all round development.
Risk management is emerging as critical factor for business sustainability. It is imperative for business enterprises to safeguard interests of shareholders and other stakeholders from impending risks threatening the operations of the enterprise. These groups are increasingly demanding assurance from the top management of the enterprise about riskmitigation plans to safeguard funds of shareholders and creditors.
Corporate strategy must factor effective risk management in decision making. Every decision is fraught with risks. It is particularly relevant in uncertain times. Risk and governance are seen as two sides of the coin. By addressing risks and availing opportunities, business enterprises protect and create value for business. There is need to adopt a risk-based approach in arriving at decisions. Regulators and financing agencies have increased their scrutiny of the risk management processes of companies.
The track record of corporate performance on risk management does not give enough confidence. In recent history the Asian Financial Crisis of 1996-97 and the global financial crisis of 2007-08 have been too costly for the global economy. Further, failures of global corporations like the World.com, Enron, Arthur Andersen and Lehman Brothers ,to name a few, have shaken the investor confidence. Such unfortunate events are also causing distress to society and public institutions. The collapse of high-profile banks, financial institutions and business enterprises triggered the unprecedented global financial crisis in 2008.It sent shock waves in all economies of the world. The shock pulled down the global stock markets which lost $ 32 trillion in value, equivalent to the combined gross domestic product of all the G7 countries in 2008.The stability of governments in some countries were threatened due to recession. The global economy is still reeling under the impact of the event and will take quite some time to fully recover from the adverse consequences of the catastrophe.
The global financial crisis caused extensive job loss due to massive layoffs, job cuts, and caused alarming rise in unemployment in all economies. Falling house prices, rise in interest rates , rising unemployment, and fall in consumer spending led to global recession. In the line of the famous quote of Winston Churchill it has been aptly commented that never in business history has so much been ruined for so many by so few. Castigating the irresponsible conduct of institutions Barak Obama stated:
“And while it is true that many Americans took on financial obligations that they knew or should have known they could not have afforded, millions of others were, frankly, duped .They were misled by deceptive terms and conditions, buried deep in fine print.”
There have been numerous failures in the Indian corporate scene .Scams and scandals in Indian companies have sent shock waves in the Indian capital market from time to time. Cases like Satyam fraud, Kingfisher, NSEL, 2G and Coalgate scams, Sahara and the chit fund scams point to the abject failure of corporate governance in Indian companies. Risks arising out of unchecked power of top management are causing concern. Loss due to unethical practices, misleading marketing, poor project management and failures due to technology are some of the risks which have been very costly for enterprises and their stakeholders. Great public sector corporations like HEC, HMT, ITI, FCI, HFC which built the industrial foundation of modern India sank to the bottom due to lack of timely action in managing risks to business. The wave of economic liberalization in India swept them off after their failure to modernize their technology and marketing strategy.
Significance of Risk Management
With the dawn of 21st century the challenges of risk to business have grown to unimaginable proportion. It is imperative for well-managed business to have successful risk management. Over time, businesses that cannot manage its key risks effectively with simply disappear. Warren Buffett made the wise statement, “Risk comes from not knowing what you’re doing” Peter Drucker (1970) commented that economic activity commits present resources to an uncertain future. Taking risk is essence of economic activity. History has shown that business yields greater economic performance only through greater risk taking.
Risk a fundamental part of any business activity .Governance of corporations itself is a risk .Risk and opportunity go hand in hand. Risk management is not aimed at eliminating all risks to the company, but to identify, access and manage the risks. Risk Management is a general management concern and requires an integrated interdisciplinary approach. Risk management involves a both common sense and knowledge of the business.
Risk Management & Corporate Governance
Oxford English dictionary defines risk as “a chance or possibility of danger, loss, injury or other adverse consequence”. ISO 31000 defines risk as “effect of uncertainty on objective”. An effect may be positive, negative or a deviation from the expected. Risk is also defined as “possibility of suffering damage or lossin the face of uncertainty about the outcome of actions or inactions, future events or circumstances.”
Institute of Internal Audit defines risk as the “uncertainty of an event occurring that could have an impact on the achievement of objectives.” Risk includes “any event or action that will adversely affect an organization ability to achieve its business objectives and execute its strategies successfully.” (Economist Intelligence Unit, 1995)
Risks to corporations can be grouped into internal (micro) risks due to factors which are financial, operational, technological or related to project ,business ethics ,health or safety .There may also be external ( macro ) risks due to factors which are economic ,environmental, legal, political in nature or related to market or social risk factors.
On the other hand ,risk management means “structural and disciplined approach that align strategy, processes, people, technology and knowledge with the purpose of evaluating and managing the uncertainties the enterprise faces as it creates value”. It also means “coordinated activities to direct and control an organization with regard to risk”(BS 31100 Risk Standard), and “process which aims to help organizations understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure” (Institute of Risk Management).
Risk management consists of identification, assessment, control and mitigation of risks and their adverse impact on enterprise.Business risks have been recognized as too crucial for sustainability. There can neither be ignored nor left to the attention of choices of subordinate managers .Top management of every business organization has accepted risk as one of the major agendas in governance. The current approach to risk management is to adopt an integrated, strategic, enterprise-wide risk management.
In view of its growing importance, codes of corporate governance and listing agreements are incorporating risk management in corporate decision making as an integral part of good governance.
Companies Act 2013: Compliance requirements
Indian Companies Act 2013 mandates specific requirements that a company needs to comply with. In addition, the board and audit committee have been vested with specific responsibilities in assessing the robustness of risk management policy, process and systems.
Section 134 (n): The board of directors report must include a statement indicating development and implementation of a risk management policy for the company including identification of elements of risk, if any, which in the opinion of the board may threaten the existence of the company;
Section 177: The audit committee shall act in accordance with the terms of reference specified in writing by the board, which shall, inter alia, include evaluation of internal financial controls & risk management systems;
Schedule IV: Independent directors should satisfy themselves that, systems of risk management are robust and defensible.
SEBI regulations governing the listing agreement make it mandatory for the Board to formulate the policy and structure of risk management in the company like:
- Reviewing and guiding corporate strategy, major plans of action, risk policy, annual budgets and business plans; setting performance objectives; monitoring implementation and corporate performance; and overseeing major capital expenditures, acquisitions and divestments.
- The company shall lay down procedures to inform Board members about the risk assessment and minimization procedures.
- The Board shall be responsible for framing, implementing and monitoring the risk management plan for the company.
- The company shall also constitute a Risk Management Committee. The Board shall define the roles and responsibilities of the Risk Management Committee and may delegate monitoring and reviewing of the risk management plan.
Emerging Dimensions of Enterprise Risk Management
Historically risk management has been taken up as isolated activities in an enterprise with a silo approach. Enterprise Risk Management (ERM) involves a paradigm shift in strategy of risk management .Instead of a compartmental approach in isolated and specialized segments of the corporation the new paradigm is aimed at enterprise-wide risk management. In the old paradigm risk management was fragmented, with departments managing risks independent of each other. Risk management was confined primarily to accounting, audit and safety departments .There was ad hoc risk management by managers who attended to risks as and when required for their limited spheres of activities. In the new paradigm the strategy is to adopt an integrated-risk management approach with Board oversight. The Board must spell out a policy in which everyone is associated in the task of risk management. Further risk management becomes a continuous process instead of remaining an ad hoc and occasional exercise by a few.
ERM includes the methods and processes used by enterprises to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, by identifying particular events or circumstances relevant to the organization’s objectives .The events may offer risks and opportunities .The ERM framework is to assess the risks in terms of likelihood and magnitude of impact so as to determine a response strategy and monitor progress of its implementation. The goal of enterprise risk management initiative is to create, protect and enhance shareholder value by managing uncertainties that could either negatively or positively influence achievement of the organization’s objectives.
Enterprise Risk Management (ERM) is a comprehensive and integrated framework for managing company-wide risk to maximize the company’s value. The strategy is to adopt an eenterprise wide risk management approach. Risks are identified, analyzed and integrated in a coordinated manner across the entire corporation. Entire enterprise and all the executives are involved in the process with capacity building.
Institute of Risk Management defines enterprise risk management as a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.
Risk Management in Practice
Businesses are being threatened by unprecedented uncertainties. Risk has become a fact of corporate life. The risks are both internal and external. Every Board has to analyze the complete situations and apply tools and methods in the process of decision making to improve their strategic initiatives in a highly competitive and unpredictable business environment.
Risk may impact long term corporate goals or short term objectives, shareholder value, shareholder expectations, core process and key functions. Risk assessment techniques include structural questionnaire and check lists, workshops and brain transforming, inspections and audits, and analysis of progress and operation of the enterprise to identify the critical components. Responses to risks may vary .The approach is to tolerate, treat, transfer or minimize risks as necessary and appropriate.
Risk matrix helps organizations to link likelihood and impact of each risk. All significant risks need to be first identified and then ranked on priority. Risk matrix (or heat map) is drawn by placing individual risks on a map by plotting risk likelihood (or probability) as horizontal against impact (or magnitude) as vertical. This will help the enterprise to decide whether risk is acceptable and within the risk appetite of the organization.
Risks may be classified as long, medium and short-term in the context of their impact. These can be considered in the relation to strategy, tactics and operations of the organizations respectively. Long term risks will impact for several years (say five years) after the event and relate to strategic decisions whereas medium term risks may occur sometime (say a year) after the decision in term. Short term risks have immediate impact like accidents, fire and theft. Risk appetite varies from enterprise to enterprise. Enterprise culture may be risk averse on one hand to risk aggressive on other.
Enterprise risk management has several advantages .Operations become more efficient by taking advance actions against disruptions. ERM approach brings out benefits to the organization. There are fewer disruptions to normal operations. It builds trust of society and other stakeholders and helps in compliance with legal and regulatory requirements. There is better alignment between corporate strategy and risk appetite of the enterprise. It leads to optimum allocation of resources. There is clarity of roles and responsibilities for managing risks. Risk oriented decisions to achieve objectives are likely to protect the company’s assets. Ultimately it leads to enhanced corporate governance and location of new business opportunities.
Significance of Risk Management for Backward economy
With its vast natural resources, Odisha is ranked as a top investment destination of India, yet the State remains one of the most backward States of India along with other eastern States of Jharkhand, Bihar and Chhatisgarh. A panel headed by Raghuram Rajan has recommended a new index of backwardness to determine which States need special assistance The new methodology ranks Odisha as India’s most backward State and Bihar as the second most backward .Such contradictory situation of poverty in plenty can be explained by number of causative factors including low levels of entrepreneurship, risk averse mind set and non-application of modern professional, managerial and financial practices.
Backwardness is caused inter alia by low levels capital formation, lack of innovation and low capacity and mindset to initiate new ventures and start ups. Capital infusion can be done by the government both central and state, particularly in areas of development of basic infrastructure like power, road and rail connectivity, removal of impediments for smooth traffic, simplification of procedures for ease of business. External capitals, both domestic and foreign, are required to augment the capital formation in the State. Investors need to be attracted and supported, so that their risks of business are minimized. Odisha needs to encash her eminent position as a powerhouse of growth by exploiting the vast potential through development of industrial and infrastructural base for all round development of the State.