ESSAY- CORPORATE GOVERNANCE

Submitted by – Deepak Chaudhary

Submitted to - Prof. Avirup Bose/ Prof. Akansha Yadav

 RISK MANAGEMENT IN CORPORATE GOVERNANCE

Risk management is a systematic approach to identifying, analyzing, evaluating, and monitoring

risks in order to regulate and allocate financial resources to minimize the negative impact of
potential losses. An efficient corporate governance framework, both at the firm level and across
the entire economy, instills the required level of trust for the smooth operation of a market
economy.

Regularly evaluating the risk governance framework is crucial as firms encounter novel threats
on a daily basis. An effective approach is for the management to uphold a comprehensive
inventory of all risks that impact the entire organization, and thereafter allocate them to various
board committees. As an illustration, the compensation committee has the responsibility of
supervising human resources and compensation risks, whereas the audit committee is in charge
of handling financial risks. The board should take direct accountability and often review
strategy-related risks that have the potential to disrupt and significantly impact the company's
business strategy. Furthermore, it is imperative that committee charters accurately represent a
well-defined risk governance framework.

Role of Audit Committee

The primary responsibility of the audit committee is to oversee and manage risks within an
organization. Many corporations in industries other than financial services do not have a distinct
board risk committee. Therefore, any risks that are not assigned to a special committee are
typically handed over to the audit committee.The audit committee of a board may have the
additional responsibility of evaluating the risk management policies implemented by
management. However, boards should exercise caution to avoid overwhelming the committee
with excessive tasks.
Internal control is defined as an integral aspect of a process, rather than separate tasks, and
consists of five primary components: A control environment is essential for effective internal
control to exist. Risk identification: This marked the initial recognition of control as a genuine
response to risk, a concept that empowers individuals by enabling them to detect unnecessary
control methods. Control activities refer to the measures taken in reaction to hazards, which can
be categorized as either preventive or detective controls. Information and communication served
as the cohesive force that connected all aspects of the internal control process. Furthermore
Monitoring refers to the process of ensuring that the control activities, risk identification, and
control environment are comprehended at the highest level of the organization. The design of
each component of this model was intended to uphold three fundamental corporate goals:
ensuring business continuity, providing timely and accurate financial reporting, and ensuring
compliance with local laws and regulations.

Possible causes for the failure of risk management:

1. Absence of explicit goals

A key factor contributing to the failure of risk management is the lack of clearly defined
objectives. Without a comprehensive comprehension of an organization's objectives and the risks
it is mitigating, its endeavors can quickly become scattered and ineffectual.

2. Insufficient Evaluation of Potential Hazards

Insufficient evaluation of prospective hazards or the underestimating of their consequences

might result in unforeseen issues and the failure to acknowledge the severity of those dangers.
3. Neglecting the identification of emerging risks

Organizations must acknowledge the ever-changing and unpredictable nature of the

environment in which they function, where risks are always evolving and new threats can arise
over time. Remaining stagnant and disregarding swiftly rising dangers might result in failures.

4. Disregarding Stakeholder Feedback

Efficient risk management necessitates a cooperative endeavor that should encompass

contributions from all pertinent parties. Disregarding the perspectives and worries of important
stakeholders can result in gaps in your risk management plan.

5. Insufficiency of resources

Effective implementation of risk management strategies necessitates the allocation of resources,

including financial, human, and technological resources. Insufficient resources might impede an
organization's capacity to handle risks efficiently.

6. Inadequate or ineffective exchange of information

Lack of communication regarding risks and strategies inside the organization can lead to
confusion and misalignment.

7. Insufficient Instruction
Inadequate training of personnel may result in a lack of comprehension regarding their
responsibilities in risk management, hence giving rise to possible issues. They may overlook
significant hazards, fail to adhere to proper protocols, and render insufficient judgments.

8. Failure to monitor risks

Risk management is a continuous activity that requires regular and sustained attention.
Neglecting to consistently monitor and reevaluate risks can result in unexpected problems, as the
risks may change, become more important, or manifest in different ways, presenting serious
dangers to an organization's stability and prosperity.

9. Dependence Exclusively on Technology

Although technology can assist in risk management, it is crucial to acknowledge that it should
not be relied upon as the only solution. The utilization of human judgment and knowledge is
crucial for the interpretation of data and the formulation of well-informed judgments. According
to PwC, 54% of individuals who are investing in risk technology are also modifying their
workforce and procedures to optimize its efficacy in risk management.

10. Disregarding adherence to compliance and regulations

Failure to adhere to industry norms or regulatory requirements can lead to serious repercussions
that can have a substantial impact on enterprises. Failure to adhere to applicable regulations
exposes individuals or organizations to the potential consequences of financial penalties, legal
repercussions, and harm to their reputation.
11. Absence of endorsement from leadership

Commencing and maintaining a risk management endeavor can prove to be rather arduous in the
absence of complete endorsement or adequate instruction from senior executives. Securing
resources, gaining universal support, and ensuring the effectiveness of the effort becomes
challenging in the absence of their assistance.

12. Factors originating from outside sources

Organizations are frequently influenced by external variables, including global trends, natural
disasters, and other conditions that are outside of an organization's jurisdiction.

How can one overcome these failures?

In order to mitigate or surpass the typical shortcomings in risk management, businesses should
contemplate adopting the subsequent strategies: Establish unambiguous goals - Precisely
articulate risk management objectives, ensuring they are in harmony with the organization's
overarching mission and strategy. Conduct regular evaluations of prospective risks, taking into
account their probability and potential consequences, while also gathering information from
other sources. Remain watchful - Sustain an adaptable and current strategy for managing risks by
consistently observing your surroundings for developing dangers. Engage stakeholders - Include
all pertinent stakeholders in the risk management process and establish transparent
communication to get perspectives from all individuals involved and impacted. Allocate
resources - Ensure the provision of essential financial, human, and technological resources to
facilitate the implementation of efficient risk management practices. Improve communication -
Create unambiguous communication channels and processes for exchanging risk-related
information and cultivate an environment of transparent communication where all individuals
feel at ease reporting risks and concerns. Allocate resources to training - Offer extensive training
and education programs to employees to augment their comprehension of risk management.
Establish a methodical procedure to continuously monitor and assess hazards on a regular basis.
Achieve a harmonious integration of technology and human expertise - Utilize technology to
gather, analyze, and present data, while also ensuring that human judgment and expertise are
crucial in the decision-making process. Ensure regulatory compliance - Consistently assess and
revise your risk management strategies to conform to industry standards and legal mandates.
Designate a compliance specialist or group to oversee regulatory modifications and guarantee
compliance. Obtain firm backing from leaders - Involve high-level executives in the
implementation of risk management strategies and ensuring they actively support and advocate
for them within the organization's culture. Cultivate a mindset of flexibility and adaptability -
Construct risk management plans that possess the ability to adjust to evolving situations and
novel knowledge, and consistently evaluate and appraise strategies.

Enterprise risk management

An efficient risk management approach, also known as enterprise risk management (ERM),
allows for a comprehensive assessment of the hazards that your firm encounters. Developing a
proactive plan to identify and mitigate potential hazards is crucial to safeguarding your
organization. There are primarily three categories of risks- The first type of risk is credit risk,
which refers to the likelihood that a borrower or counterparty of a bank may not fulfill its
commitments as per the agreed terms. The second risk is Market Risk, which pertains to the
potential loss an institution may face due to fluctuations in market prices, specifically changes in
interest rates, foreign exchange rates, and equity and commodity prices. The other risk is
Operational Risk, which involves the possibility of loss arising from insufficient or unsuccessful
internal processes, personnel and systems, or external events.
The role of the board in risk management

Both legal principles and practical considerations consistently uphold the notion that the board
should not be involved in the real day-to-day management of risks. Directors should ensure that
the risk management policies and procedures established by senior executives and risk managers
align with the company's strategy and risk tolerance. They should also verify that these policies
and procedures are being followed correctly and take necessary actions to promote a company-
wide culture that encourages appropriate risk awareness, behaviors, and decision-making.
Additionally, directors should promptly address and manage risks that exceed the company's
predetermined risk tolerance. The board should possess a comprehensive understanding of the
nature and extent of the company's primary risks and should mandate the active involvement of
the CEO and senior executives in risk management. By fulfilling its oversight role, the board has
the power to communicate to both management and staff that a thorough risk management
approach is not a hindrance to conducting business, nor is it simply an additional component of a
company's compliance program. Instead, it is a crucial element of strategy, culture, and corporate
operations. The Companies Act, 2013 recognizes the need of risk management; yet, it might be
argued that the Act does not sufficiently address this issue. Like the UK's 'general director duties
model', the Act does not explicitly mandate a distinct risk management committee, nor does it
provide instructions to boards on how to efficiently supervise risk management. In contrast to the
United States model, India has limited shareholder litigation to hold directors accountable for
failures in risk oversight.67 The initial reference to risk management can be found in Section
134(3)(n) of the Act, specifically addressing the Board's Report. The provision states that
corporations must issue a statement outlining the creation and execution of a risk management
policy, which should include the identification of any potential risks that, in the Board's opinion,
could pose a threat to the company's survival. The SEBI Listing Regulations assign the
responsibility of formulating and supervising the risk management plan of the listed business to
the board of directors.The number is 71. In addition, specific companies are required to establish
a risk management committee consisting of members from the board of directors. Originally, the
Listing Regulations mandated that the top 100 listed businesses, selected based on their market
capitalisation, establish a board risk management committee.The number is 72. As mentioned
earlier, this criteria has been extended and there is a possibility that it may further expand. The
board plays a crucial role in overseeing risk management as mandated by the SEBI Listing
Regulations. According to Regulation 4(2)(f), one of the main responsibilities of the board of
directors is to assess and direct the firm's risk policy. The board is responsible for implementing
effective control systems, which encompass risk management, financial control, operational
control, and compliance. In 2017, the Securities and Exchange Board of India (SEBI) established
the 'Kotak Committee on Corporate Governance' with the objective of enhancing the level of
corporate governance in India.The number is 80. One of the recommendations made by the
Kotak Committee was to ensure that the risk management committee had explicit responsibilities
for cybersecurity.

When the risk management is not taken care of , the whole corporation collapses or suffers
losses. As we have seen in the case of Enron, Lehman Brothers ,J.P Morgan , Barclays Bank,
Royal bank of Scotland etc. The example of IL&FS crisis and management failure at ICICI bank
demonstrate the continuing risk management challenges facing Indian firms. .Therefore, there is
a need of Effective Risk Management in order to ward off any future financial or corporate
failure.

REFERENCES

1. OECD Principles on corporate governance

2.ICSI, 2013, Risk Management Committee- A step forward in risk management and corporate
governance, https://www.icsi.edu/media/webmodules/CSJ/November/13.pdf
3. Martin Lipton, Sabastian V. Niles, and Marshall L. Miller, 2018, Risk Management and
Board of directors.
4. Clemens Elgeti, Juliet Grabowski, 2023, Risk Management Failures, what corporate CFOs can
learn ,BCG Publications