• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Brand Quest
• The New Manager
• BL Club
• Smartbuy
• Books

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth
• Events 2007

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

MR NEVILLE M. DUMASIA, HEAD OF GOVERNANCE, RISK AND COMPLIANCE SERVICES, KPMG.

Process and oversight to drive implementation of robust risk management procedures is the responsibility of the board, and a significant trend around the globe is of independent directors playing an active role in overseeing the risk management functions of corporations, says Mr Neville M. Dumasia, Head of Governance, Risk and Compliance Services, KPMG.

Currently, risk management procedures in Indian companies are generally being driven by the internal audit function or the legal and secretarial function, he observes, during the course of a recent email interaction with Business Line. “This would need to change as risk management is an integral part of the corporate governance initiatives which are driven at the board and senior management level.”

Another development that Mr Dumasia highlights is the appointment of ‘risk officers.’ A large number of corporations have realised that risk management is not a one-time task to be squeezed into existing roles and responsibilities of the management, he explains.

“These corporations are assigning risk management ownership to designated Chief Risk Officers (CROs).” For instance, From Score-keeper to Business Partner, a risks and controls survey conducted by KPMG International in association with the Economic Intelligence Unit, in November 2007, found that over 60 per cent of corporations had an independent risk function.

Excerpts from the interview, in which Mr Dumasia looks at risk management as a tool for good corporate governance.

Apart from the active role for independent directors in risk management oversight, and the designation of CROs, what other best practices do you find in this field?

Let me add at least five more to the list of current trends in corporations around the globe in relation to risk management.

Critical component of planning processes: Risk management is increasingly becoming a vital component in the planning and decision-making processes of corporations. Major planning events such as strategic planning, budgeting and forecasting and investment planning invariably involve a SWOT analysis.

Risk management results ideally x-ray the corporation on not only threats and weaknesses but even identify opportunities which can offer invaluable insights to these planning processes.

Better management through technology: Larger corporations are investing considerably in risk management technologies to better manage their risk management programmes. Typical, issues such as silo effects, lack of historical information, weak management action plan tracking, disjoint and outdated risk registers, etc., can be effectively dealt with, through deployment of a unified risk management platform.

Newer risk management tools such as dashboard technologies to report risk management activities and progressions, modelling event trees and scenarios, calculating aggregate risk measures and using interactive voting tools from a cross-functional audience are becoming more and more popular these days.

Broadening of risk management reach to a wider spectrum of risk taxonomies: Corporations are addressing a wider spectrum of risk taxonomies and are treading beyond the fundamental COSO angles. Myriad quantifiable and non-quantifiable risks such as market risks, price risks, credit risks, volumetric risks, business continuity risks, environmental risks, franchise risks, staffing risks, organisational risks, political risks, disruptive technologies risks, etc., are finding their way into risk registers, risk assessment and risk management documents. Further risks are reviewed at a portfolio level rather than at a silo or functional level.

Risk management linked with compensation: Risk management involves a high degree of commitment from various levels of management. An infallible way to drive risk management successfully through the organisation is by linking risk management with compensation. Development of measurable metrics such as risk management scorecards, tangible KRAs and linking the success ratio of risk management initiatives with performance and compensation is gathering interest in quite a few corporations.

Control self assessments (CSA) leveraged to build efficiency: Corporations are also demonstrating an inclination to CSA tools to build in efficiencies into the risk management programme.

Just like all innovative products go through a lifecycle, so does risk management. Risk management has to be nurtured by the C-level executives to make it a fungible model from which companies can gain.

As risk management’s practical applications evolve, leaders have learned that a risk management approach can help corporations derive tangible value from regulatory compliance efforts; link risk and strategy to drive business performance and enhance the organisation’s brand.

Haven’t we always lived with risk? So what has changed?

Business owners/promoters, historically, were managing their day-to-day business risks based on their own knowledge and, above all, gut feel. However, as businesses grew, product suites broadened and geographical footprints spread, owners experienced a diluted span of control. Modern business is dynamic, complex, challenging and provides many opportunities. Growth becomes inevitable in such an environment so one needs to manage this growth. Each opportunity comes with risks and understanding risks is instrumental for business.

Gradually, corporations felt the need to pre-empt business risks and integrate strategic planning, operations management, and internal control. Over the years, traditional informal risk management practices started giving way to formalised risk management processes and structures. The need was amplified by various corporate breakdowns and debacles.

Do we see Indian companies embracing risk management as a business need?

Arguably, India has been on the slower path in terms of embracing risk management as a business need. We are a still a long way compared to the risk management practices of matured economies but are catching up fast to remain relevant.

D. MURALI

More Stories on : Interview | Account Speak | Management

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Copyright © 2009, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line