Risk Governance and Risk Oversight Function - Essay Example

? Essay: RISK MANAGEMENT of the Risk Risk can be defined as the uncertain effect of any activity or event with respect to something that is valued by human. Sometimes risk is followed by opportunities. Systemic risks are surrounded in a larger framework of financial, societal and economic effects and are intersecting between the economic, technological, societal developments and the natural events. It accompanies policy driven actions. Systemic risk is not restricted to the national borders. They are not able to be managed through the events of a single sector (J. Vaughan & T. Vaughan, 2012). They need healthy approach to governance to be managed adequately. The systemic risk governance requires unity between the countries and enclosure within the process of industry, government, academia and the civil society. Governance is defined as the processes, traditions, actions and institutions by which the authority exercises and takes decision which is then implemented (Aven & Vinnem, 2007). Risk Governance The term risk governance can be defined as the assessment, identification, management and communication of the risks in a board framework. It comprise of “actors, rules, conventions, processes and mechanisms and is concerned with how relevant risk information is collected, analyzed and communicated, and how management decisions are taken”. It uses the main beliefs of the good governance that includes effectiveness, transparency, efficiency, strategic focus, accountability, equity, sustainability and fairness. It deals with the rule of law and also need to chose the solution which will be legally and politically feasible along with publicly and ethically acceptable. Risk is always accompanied by changes. It is an important and permanent part of every life. The urge and the capacity to accept the challenge of the risk is very crucial for the achievement of the economic development and the introduction of the new technologies. Sometimes risk is accompanied by potential opportunities and benefits in the emerging technological sector (Graham & Rogers, 2002). Good risk governance aims at minimizing the following: 1) The unfair distribution of benefits and risk between the countries, social groups and the organisations. 2) By modifying the approaches for assessment and management of the same risk. 3) By emphasising extensive focus on the high profile risks it can be eliminated but the lower profile risk are also looked upon. 4) By managing the risk tradeoffs. 5) Failure in understanding the secondary effects and the linkages between the issues 6) The cost is reduced in case of inefficient regulations. 7) The decisions that are taken for inappropriate account of the public perception. 8) Decisions are taken for not losing the trust of the public. Risk oversight function The main challenge of managing the risk lies in the benefit that the society will receive from change and by minimising the ill consequences of the risk which is associated with the change. (Confusing sentence, reframe) The main aim of the Board of Risk Governance of every company is to oversight the risk that the company is going to face or faced already confronted with. The main risk oversight functions are the following: 1) The boards are worried regarding the strategic long term risk: Over sighting risk is an important duty of the boards. The boards pay serious attention to many facets of the issues that includes a wide range of risks that the companies confront and the various enterprise risk management (ERM) systems. But the members underline the fact that it is crucial for the boards to concentrate on the risks which affects the strategy of the company, leveraging talent of the directors. It is also needed to help the senior management for identifying, analyzing and responding to those risks. The challenges that are posed to the very existence of a company are the big risk of the disruptive technologies and the new business models. The new business models which emerge suddenly pose threat to the existence of the companies. The members of the board have accepted the fact that exposing the company to the risk is the inherent aspect of the business (Jin & Jorion, 2006). The role of the board in over sighting the risk The main role of board is to make sure that the company is alert of the big risks that it is going to face. Boards put pressure on the management of the company to recognize and address the risk that involves in seeking for a number of opinions. The board makes sure that the people in the company are aware of the changes that are taking place in the business model of the company and also the changes that have come from the day to day management. Boards also have the responsibility of identifying the risk and find out the tactics, which can be adopted by the management of the company to eliminate the risk. The members of the board have the notion that the directors of the company are not always perfect to take the right decision, so they should always explore out of the box, to get the exact result from the analysis. The board identifies the role of the directors to listen to people of the company. The board elaborates that the person who does not abide by the rules and regulations of the company should be dealt critically. Few companies are using the board to make strategic decisions regarding the risk assessment. The board is given the responsibility to investigate about the risk and make report regarding the risk factors and the strategies to overcome them. 2) All the directors of the board should also engage in over sighting the risk: Many surveys have identified that high percentage of companies (eg. 38% to more than 50%: depending on the sector) undertakes the responsibility of risk oversight. The responsibility is on the board. The full board takes the lead sometimes and is fully engaged in the responsibility. In the pre-meeting conversations, the board takes the full responsibility to understand the risk that the company is encountering. Role of the committees Few specific committees are responsible for few important roles in the risk oversight even if the whole board is responsible for the duty. The committees play a crucial role in the board and also take the lead in explaining the risk assessment (Klimczak, 2005). The committees that are presented by the boards are as follows: The audit committee: The New York Stock Exchange has identified that the audit committee is formed to discuss the policies regarding the risk management and the risk assessment of the company. The audit committee is responsible for seeing that the ERM process is operating well and the process is implemented in the areas where the company is faced with risks. The risk committee: The risk committees are the most recognized committee in the financial services companies but are rare in the industry since several companies cannot afford to put up the committee and ensure its operation. The Conference Board survey showed that 24% of the financial services companies are assigned the responsibility for risk over sighting to the risk committee. Few than 5% of the manufacturing and non–financial services companies do so have the risk committee. The board has given suggestion in the pre-meeting that it is necessary to have this kind of committee in the company and also have the skilled board so that the need for the solution of the risk is customized. The percentage of the responsibility that is given to this committee is 28% to 40%, which is totally dependent on the sector (Judge, 2006). Other board committees: The board often recognizes the fact that few risks, which arise, can be handled by the other committees only. There are few committees, which are set up to look after the industry specific risks. The compensation risk evaluation is handled by the compensation committee. The Information Technology risk is handled by the Information technology committee for the assessment. The nomination and the governance of the committee play an important role. The work of the committee is understood by everyone before the decision is taken to the board. When the risk oversight is assigned to a number of committees then the board makes sure that the activities are coordinated between them properly. The audit committee plays the role of risk management and supervises how the board deals with the particular risk The approach described by the risk committee is that it conducts a survey of all the committees to review the different activities which are covered. Overlapping of membership does occur between the risk committee and the audit committee and thus it helps in coordination. Disclosure of risk by the board It is important to disclose the risk management techniques and the oversight of risk is to the regulators, public and the shareholders. The audit committee plays an important role in the risk oversight, so the committee should be managed properly. The shareholders also want to assess the risk allocation that is done by the board (Jalilvand & Malliaris, 2013). The federal securities laws have directed the companies to ensure the disclosure of the risk factors. The Securities and Exchange Commission (SEC) have issued supervision on the specific risks areas such change in climate or regarding the cyber security. Proxy disclosure is also issued to enhance the effect of issuance of the SEC rules in the late 2009. It includes the additional disclosures of overseeing risk. It also comprises of information regarding the delegation of authority among the committees and the board and leadership structure that the board will follow, which supports in over sighting of the risk management. The members of the committee suggested that the disclosures should be transparent, which are formed in accordance with the over sighting of risk. The competitors should not be aware of the disclosure of the companies and thus the regulation should be stringent. The members also gave suggestion of submitting a draft of the disclosure first so as to avoid the eventuality of mistakes. The disclosures can serve as the camouflage to avoid the competitors knowing about the company information. Origin and development of the Risk Governance Theory From the beginning of the 18th century to the middle of the 20th century, the risk assessment was of primary concern for the insurance, health and banking sector. By the end of 1970’s the activities of risk management, which are driven by the risk management executives were critically responding to the changes that are taking place in the economic system and they planned for the cost of risk contingency plans. During the period of 1980’s, the organisations were also concerned about the continuity of the business planning and the effect of the natural disasters on the operation of the business. The focus on the risk management thus shifted to minimisation the corporate risk through the implementation of the disaster recovering plans. The rise of public concern and the awareness about risk have created pressure on the organisation to demonstrate the effective risk management strategies and policies. Thus, the various rules and strategies are established to fight the ill performance risk in the operation of the organisation. Various risk management standards are established by the international institutions and the professional bodies. The origin of the Risk Governance Theory came into practice when the organisation felt the need of managing different types of risk. At every level in the organisation, from the corporate level to the project level, people are encountered with different types of risk such as the financial, strategic, commercial, operational, technological, environmental and social. Thus, the management feels the need of managing this risk effectively, so that working of the organisation is not affected negatively. The management have to concentrate on this risk so as to achieve their mission and objectives that are initially set by them. Thus, risk governance has become an important area to concentrate in the management. The effective benefits of risk management in the organisation are as follows: 1) The decisions about the future are strengthened. 2) Improvement in planning that is initially made by the management. 3) Improving the communication plans. 4) Improvement in the allocation of resources. 5) The continuous improvement is promoted. 6) The reputation of the organisation is enhanced and also protected. 7) Competitive advantage is achieved. The following are the theories of risk governance: Financial Approach Theory Financial economics theory of the risk management was the most creative theoretical model and theoretical extension to the empirical research. This theory is built upon the classical theory of Modigliani Miller paradigm. The model was later modified to take the risk management area into consideration. The approach demanded that hedging directs to lower volatility of the cash flow and thus there is lower volatility of the firm’s value. Foundation for the corporate risk management was presumed from irrelevant conditions and thus included higher debt capacity, lower cost of bankruptcy, progressive tax rates and securing the internal financial information and the comparative advantages in generation of information. The result of hedging is important for the firm and that should be higher in premium (Frenkel& Hommel, 2010) Agency theory Agency theory elaborates the analysis of firm for including the separation of the managerial motivation and control of ownership. The risk management agencies have felt the influence of managerial attitudes towards risk hedging and risk taking. The theory concentrates on the probable mismatch of interest between the management, shareholders and debt holders due to asymmetries in distribution of earning. The asymmetries have occurred in the distribution because the firm has taken too much risk or has not engaged in positive net values of the project. The theory indicated that the defined hedging policies have a big influence on the value of the firm (Roeser, 2012). The modified hypothesis has associated with the financing structure and has given similar predictions to the financial theories. Motivation factors of management of the organization and the implementation of the corporate risk management within the organization is investigated in few researches which indicated negative effect on the theory. Positive effects were found in few researches where the predictions are correct. Hypothesis of the financial policy are tested in researches of the financial theory of risk governance. The result of the study showed similar predictions between the two theories i.e. financial theory and the agency theory (Machlup, 2007). Stakeholders Theory Stakeholder theory is developed initially by Freeman who regarded it as the managerial instrument that evolves into a theory of firm with a high descriptive potential. Stakeholder theory mainly concentrates on equilibrium of the interests of the stakeholders. Thus, the interest plays as the main determinant of the corporate policies. The positive contribution to the risk management is the additional benefit of the implicit contracts theory that are made for applying to the other contracts that includes financing and sales. In few industries, especially the technological companies, the consumer trust the company because of the type of services they provide to the consumers and they promise to give them in future. This adds value to the company. The implicit claims are highly sensitive for the expected costs of the financial distress and bankruptcy. The practices for risk management lead to decrease in the expected costs and in return increases the value of the company. Thus, it can be said that the stakeholder theory provide a new approach into the probable foundation of the risk management. The effect of the theory has not been tested directly till now, but the investigations showed indirect evidences for the theory to be true to the distress hypothesis. Limitations of the Theory Risk management processes if prioritised can ensure that an organisation will start its project in time and complete as scheduled. The limitation the theory is that the works of the management are suspended till the risk management process is completed. The difference between the risk and uncertainty is to be kept in mind. If the risk management is not proper and not prioritised then ample time can be wasted in dealing with the risk of loses that can occur. “Spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably. Unlikely events do occur but if the risk is unlikely enough to occur it may be better to simply retain the risk and deal with the result if the loss does in fact occur” (MacCrimmon & Wehrung, 2009). The qualitative risk management theories lack consistency and are subjective in nature. ISO 31000’s Approach to Risk Governance ISO 31000 is defined as the family of standards which relates to the management of risk that is codified by the International Organization for Standardization. The main purpose of ISO 31000 is to make generic guidelines and principles on the risk management. ISO 31000 search for universally recognized models for the companies and the practitioners for employing the risk management processes and replace the countless existing methodologies, standards and paradigms that has differed between the industries, regions and the subject matters. The ISO 31000 family includes the following: 1) ISO 31000:2009 – The principles and guidelines on implementation 2) ISO/IEC 31010 - The risk assessment techniques 3) ISO Guide 73 – Vocabulary. ISO 31000 has been published as a standard in 2009. It formed a standard on the implementation of the risk management. A harmonised and revised ISO/IEC Guide 73 was issued at the same time in 2009. The main aim of ISO 31000 is to be adaptable and applicable for the private, public, community enterprise, group, and association or individual. The scope of ISO 31000 is the family of risk management standards which are formed for particular industries, management systems, group to provide with best structure and supervision to all the operations that are concerned with the risk management. Scope of ISO 31000 ISO 31000 gives the generic rules for designing, implementation of the risk management processes within an organisation. The approach is used for formalizing the risk management exercises that facilitate greater acceptance by the companies who necessitate for a better risk management standard for themselves. It accommodates multiple silo-centric systems of management (Mayers & Smith, 2007). The scope of the approach to the risk governance is to let all the management, strategic, and operational tasks of organization throughout functions, projects and processes to be in line with the common set of objectives for the risk management. ISO 31000 included the board stakeholder group which are as follows: 1) Stakeholders at executive level. 2) The appointment holders of the risk management group. 3) Risk analysts and the management officers. 4) Project managers and the line mangers. 5) Internal auditors 6) Independent practitioners. ISO 31000 Framework approach ISO 31000 has been accepted as the replacement to existing standards on the risk management. Implementation The aim of ISO 31000 is to apply within the existing management systems for formalising and improving the risk management. In the implementation of ISO 31000, attention is given to the assimilation of risk management processes to develop a new theory from the old one and address them as the new standards. The Harmonisation programmes of ISO 31000 have concentrated on the following: 1) The transferring of accountability gaps in the enterprise risk management. 2) The objectives of the governance frameworks are aligned with the ISO 31000. 3) Embed the management system of reporting. 4) Creation of uniform risk criteria and the evaluation of the metrics (Crowther & Sefi, 2010). Implications The implications for the adaptation of the new standard is concerned with the re-engineering of the existing management practices for conforming the communication, documentation and socialisation of new risk management operating theories that are opposed to the wholesale orientation of the management practice throughout the organisation. Some aspects of the top management responsibility, implementation of the strategic policy and the effective governance framework will require more deliberation by the organisations to have reduced methodologies for the risk management (Daelen & Elst, 2010). Some of the domains that especially concerns with the security of the risk management and the corporate social responsibility may use primitive risk management processes that needs more materialistic changes. These changes are regarding the expressed policy for the risk management and for the formalisation of the process of risk ownership, structuring the process of the framework and accepting the improvement programmes (Steinberg, 2011). Management of Risk ISO 31000 provides with a list in order of preference on how to deal with risk: a) Avoidance of risk by deciding for not to continue or start with activity that will give rise to risk. b) Acceptance of the risk for pursuing an opportunity. c) Removal of the source of the risk. d) Change of the likelihood. e) Change of the consequences. f) Retention of the risk by the informed decision (Mayers & Smith, 2007). Recommendations The following are the recommendations for the proper implementation of the risk governance: 1) It is important to find out the risk management parameters. 2) Establishment of the external and internal context of the organization. 3) Establishment of the risk criteria of the organisation is to be done. 4) Preparing the risk treatment plans to eliminate the risks. References Aven, T., & Vinnem, J. (2007). Risk management. Berlin: Springer. Crowther, D., & Sefi, S. ( 2010). Corporate governance and risk management. New Jersey: John Wiley & Sons. Daelen, M., & Elst, C. (2010). Risk management and corporate governance. Cheltenham: Edward Elgar Publishing Limited. Frenkel, M., & Hommel, U. (2010). Risk management. Berlin: Springer. Graham, J. R., & Rogers, D. A. (2002). Do firms hedge in response to tax Incentives. The Journal of Finance, 62(2), pp. 815-839. Jalilvand, A., & Malliaris, T. ( 2013). Risk management and corporate governance. New York: Routledge. Jin, Y., Jorion, P. (2006). Firm value and hedging: Evidence from US Oil and gas producers. The Journal of Finance, 61(2), pp. 893-919. Judge, A. (2006). Why and how UK firms hedge. European Journal of Finance, 12(3), pp. 407-441. Klimczak, K. M. (2005). Corporate risk management from stakeholders' perspective. TRANS, 5, pp. 371-380 MacCrimmon, K. R., & Wehrung, D. A. (2009). Characteristics of risk taking executives. Management Science, 36(4), pp. 422-435. Machlup, F. (2007). Theories of the firm: Marginality, behavioral, managerial. American Economic Review, 58(1), pp.1-33. Mayers, D., & Smith, C. W. (2007). Corporate Insurance and the Underinvestment Problem. The Journal of Risk and Insurance, 54(1), pp. 45-54. Roeser, S., (2012). Handbook of risk theory: Epistemology, decision theory, ethics and social implications of risk. Berlin: Springer. Steinberg, R., (2011). Governance, risk management and compliances. New Jersey: John Wiley & Sons. Vaughan, J., & Vaughan, T. (2012). Fundamentals of risk and insurance. New Jersey: John Wiley & Sons. Read More