Risk Management And Corporate Governance - OECD
Corporate GovernanceRisk Managementand Corporate Governance
Corporate GovernanceRisk Managementand Corporate GovernanceVolume 2011/Number of issue, Year of editionAuthor (affiliation or title), EditorTaglineGroupe de travail/Programme (ligne avec top à 220 mm)
This work is published on the responsibility of the Secretary-General of the OECD. Theopinions expressed and arguments employed herein do not necessarily reflect the officialviews of the OECD or of the governments of its member countries.This document and any map included herein are without prejudice to the status of orsovereignty over any territory, to the delimitation of international frontiers and boundariesand to the name of any territory, city or area.Please cite this publication as:OECD (2014), Risk Management and Corporate Governance, Corporate Governance, OECD -enISBN 978-92-64-20862-9 (print)ISBN 978-92-64-20863-6 (PDF)ISBN (HTML)Series: Corporate GovernanceISSN 2077-6527 (print)ISSN 2077-6535 (online)The statistical data for Israel are supplied by and under the responsibility of the relevant Israeli authorities. The useof such data by the OECD is without prejudice to the status of the Golan Heights, East Jerusalem and Israelisettlements in the West Bank under the terms of international law.Photo credits: Cover .Corrigenda to OECD publications may be found on line at: www.oecd.org/about/publishing/corrigenda.htm. OECD 2014You can copy, download or print OECD content for your own use, and you can include excerpts from OECD publications, databases andmultimedia products in your own documents, presentations, blogs, websites and teaching materials, provided that suitableacknowledgment of the source and copyright owner is given. All requests for public or commercial use and translation rights should besubmitted to rights@oecd.org. Requests for permission to photocopy portions of this material for public or commercial use shall beaddressed directly to the Copyright Clearance Center (CCC) at info@copyright.com or the Centre français d'exploitation du droit de copie(CFC) at contact@cfcopies.com.
FOREWORDForewordThis report presents the results of the OECD’s sixth peer review based on the OECD Principles ofCorporate Governance. The report reviews the corporate governance framework and practicesrelating to corporate risk management. It covers 27 jurisdictions.The report is based in part on a questionnaire that was sent to all participating jurisdictions inDecember 2012. In a second stage, the corporate governance framework and practices relating tocorporate risk management in three jurisdictions (Norway, Singapore and Switzerland) werereviewed in more detail based upon a more focused set of questions and visits by the OECDSecretariat. The purpose of these case studies is to highlight national practices that may be ofprincipal importance and particularly useful as a reference. The report was prepared by Winfrid Blaschke,Daniel Blume, Hans Christiansen and Akira Nozaki, and was conducted in co-operation with theOECD Working Party on State Ownership and Privatisation Practices (WP SOPP).The OECD corporate governance peer review process is designed to facilitate effective implementationof the OECD Principles and to assist market participants, regulators and policy makers. It is carriedout through an exchange of experiences and expertise that provides participants with an overview ofexisting practices and approaches and an opportunity to identify good practices that can stimulateand guide improvements. The reviews are also forward looking, so as to help identify key marketpractices and policy developments that may undermine the quality of corporate governance. Thereview process is open to OECD and non-OECD jurisdictions alike.RISK MANAGEMENT AND CORPORATE GOVERNANCE OECD 20143
TABLE OF CONTENTSTable of contentsExecutive summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7Chapter 1. Risk management governance framework and practicesin 27 jurisdictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.1. Background to the review. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.2. Scope of the review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.3. The perspective of the OECD Principles and Guidelines . . . . . . . . . . . . . . . . . . .1.4. Corporate governance and the financial crisis . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5. Risk management practices in listed companies . . . . . . . . . . . . . . . . . . . . . . . . .1.6. Risk management practices in state-owned enterprises . . . . . . . . . . . . . . . . . .9101011121320Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2627Chapter 2. Norway: The corporate governance framework and practicesrelating to risk management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Risk management standards and codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .The role of Norwegian boards of directors and board-level committees . . . . .Risk management policies and structures in Norwegian companies . . . . . . . .External assessments of the risk management framework . . . . . . . . . . . . . . . .Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31323337384245Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4647Chapter 3. Singapore: The corporate governance framework and practicesrelating to risk management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.2. Risk management standards and codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.3. The role of the board of directors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.4. Structure and organisation of the risk management system . . . . . . . . . . . . . . .3.5. Risk management policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.6. Independent assessment of the risk governance framework . . . . . . . . . . . . . . .3.7. The role of shareholders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.8. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .495051535659616364Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6468Chapter 4. Switzerland: The corporate governance framework and practicesrelating to risk management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71722.1.2.2.2.3.2.4.2.5.2.6.RISK MANAGEMENT AND CORPORATE GOVERNANCE OECD 20145
TABLE OF CONTENTS4.2.4.3.4.4.4.5.4.6.Risk management standards and codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .The role of Swiss boards of directors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Risk management policies and structures in Swiss companies. . . . . . . . . . . . .External assessments of the risk management framework . . . . . . . . . . . . . . . .Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7475788083Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8385Annex A. Financial stability Board: Sound risk governance practices . . . . . . . . . . . . . .87Tables1.1. Risk governance requirements/recommendations for listed companies . . . . .1.2. Risk governance requirements/recommendations for non-listed SOEs . . . . . .3.1. Singapore – Key measures of updating corporate governance framework . . . Companies with a committee with explicit reference to risk (2010) . . . . . . . . .Singapore – Market capitalisation (% of GDP) . . . . . . . . . . . . . . . . . . . . . . . . . . . .Singapore – Composition of the SGX listed companies (July 2013). . . . . . . . . . .Singapore – Overview of the regulatory framework for risk management . . . .Singapore – Key risk factors identified by listed companies and Temasek . . . .Composition of Swiss equity indices (mid-2013). . . . . . . . . . . . . . . . . . . . . . . . . .Follow OECD Publications on:http://twitter.com/OECD ://www.oecd.org/oecddirect/RISK MANAGEMENT AND CORPORATE GOVERNANCE OECD 2014
Risk Management and Corporate Governance OECD 2014Executive summaryThis report reviews the corporate governance framework and practices relating tocorporate risk management in 27 of the jurisdictions that participate in the OECDCorporate Governance Committee. Against the background of the OECD Principles ofCorporate Governance, it describes how various jurisdictions have chosen to implement thePrinciples relating to risk management.The report analyses the corporate governance framework and practices relating tocorporate risk management, in the private sector and in state-owned enterprises (SOEs). Itis based upon a general survey of participating jurisdictions, complemented by threecountry studies illustrative of different aspects of risk management and corporategovernance (Norway, Singapore and Switzerland).The review finds that, while risk-taking is a fundamental driving force in business andentrepreneurship, the cost of risk management failures is still often underestimated, bothexternally and internally, including the cost in terms of management time needed torectify the situation. Corporate governance should therefore ensure that risks areunderstood, managed, and, when appropriate, communicated.Following the financial crisis, many companies have started to pay more attention torisk management. This is, however, seldom reflected in changes to formal procedures,except in the financial sector and in companies that have suffered serious riskmanagement failure in the recent past. It appears that most companies consider that riskmanagement should remain the responsibility of line managers.Responding to public and/or shareholder pressures, some company boards, especiallyin widely-held companies, have started to review their incentive structures, includingthrough the reduction of potential incentives for excessive risk-taking, notably stockoptions for top executives. Listed company boards need to be provided with incentivestructures that appropriately reward business success, as well as awareness andmanagement of risk.Existing risk governance standards for listed companies still focus largely on internalcontrol and audit functions, and primarily financial risk, rather than on (ex ante) identificationand comprehensive management of risk. Corporate governance standards should placesufficient emphasis on ex ante identification of risks. Attention should be paid to bothfinancial and non-financial risks, and risk management should encompass both strategicand operational risks.Currently, risk governance standards tend to be very high-level, limiting their practicalusefulness, and/or focus largely on financial institutions. There is scope to make riskgovernance standards more operational, without narrowing their flexibility to apply themto different companies and situations. Experiences from the financial sector can be7
EXECUTIVE SUMMARYvaluable, even if not necessarily transferable to the non-financial sector. Outsourcing- andsupplier-related risks, for example, deserve attention in both the financial and the nonfinancial sector.It is not always clear that boards place sufficient emphasis on potentially “catastrophic”risks, even if these do not appear very likely to materialise. More guidance may be providedon managing the risks that deserve particular attention, such as risks that will potentiallyhave large negative impacts on investors, stakeholders, taxpayers, or the environment.Boards should be aware of the shortcomings of risk management models that rely onquestionable probability assumptions.SOEs should follow similar risk governance practices as listed enterprises, but this isoften not formalised in implementable regulation. Deviations from listed companystandards should be duly motivated, and not just be the result of lack of applicability ofcorporate governance codes. Sometimes, SOEs are subject to separate risk managementoversight through sectoral regulators, whole-of-government risk management systems, orgovernment audit institutions. Risk oversight at sub-federal level SOEs tends to be lessdeveloped and more uneven than at the federal level.SOE board practices differ, with some countries considering risk as an issue for thewhole board, others tasking the board audit committee with the work, and still othersestablishing risk committees. As in the private sector, these choices are often affected byfactors such as size and sectors the SOE is operating in. Whichever structure is selected,effective oversight needs to be assured. Some countries mandate external auditors toreview risk governance in SOEs.For SOEs a crucial balance needs to be struck between controlling risk through directaction from the ownership function and through delegation to the board of directors. Somecountries curtail SOE risk taking through top-down rules on activities and liabilities, whileothers place a high degree of reliance on boards and board committees. The state shouldensure that, as part of the nomination process, the boards of directors have sufficientexpertise to understand the risks incurred by the SOE. Without intervening in the day-today management of SOEs, the relevant ownership function should use all the opportunitiesit has, both in formulating strategic directives, and in its regular ownership dialogues, toensure that the SOEs have proper risk management frameworks in place.8RISK MANAGEMENT AND CORPORATE GOVERNANCE OECD 2014
Risk Management and Corporate Governance OECD 2014Chapter 1Risk management governanceframework and practicesin 27 jurisdictionsThis report presents the results of the OECD’s sixth peer review based on the OECDPrinciples of Corporate Governance. The report reviews the corporate governanceframework and practices relating to corporate risk management in the private sectorand in state-owned enterprises.Chapter 1 of the report summarises the corporate governance framework and practicesrelating to corporate risk management in 27 of the jurisdictions that participate in theOECD Corporate Governance Committee. It is based upon a questionnaire that was sentto all participating jurisdictions in December 2012, discussions in the OECD CorporateGovernance Committee in April and November 2013, as well as conclusions from thethree in-depth studies of the corporate governance framework and practices relating tocorporate risk management in Norway, Singapore and Switzerland contained inChapters 2-4.The statistical data for Israel are supplied by and under the responsibility of the relevant Israeli authorities. The use of such data by the OECD is without prejudice to the status of the Golan Heights, EastJerusalem and Israeli settlements in the West Bank under the terms of international law.9
1.RISK MANAGEMENT GOVERNANCE FRAMEWORK AND PRACTICES IN 27 JURISDICTIONS1.1. Background to the reviewRisk management failures at major corporations have captured the headlines for manyyears, primarily in the financial sector, but in other sectors as well, and have not always beenthe result of shortcomings in financial risk-taking. Environmental catastrophes such as DeepWater Horizon or Fukushima come to mind (or, less recently, Bhopal and Seveso), as well asaccounting fraud (e.g. Olympus, Enron, WorldCom, Satyam, Parmalat), or foreign bribery(e.g. Siemens) cases, to name just a few from the non-financial sector. Often these failureswere (at least) facilitated by corporate governance failures, where boards did not fullyappreciate the risks that the companies were taking (if they were not engaging in recklessrisk-taking themselves), and/or deficient risk management systems.The importance of an effective risk governance framework was underlined in theCommittee’s report from 2009 on The Corporate Governance Lessons from the Financial Crisis.The present review complements the Committee’s 2009/10 reviews with a survey ofmember and partner jurisdictions participating in the Corporate Governance Committee,with a view toward drawing lessons about the adequacy of existing corporate governanceprinciples, guidelines, and practices in this area.Risk governance has also been addressed in the Committee’s thematic reviewsfollowing the financial crisis, notably in the review on board practices, where theCommittee examined incentives influencing corporate risk-taking, notably with regard tocompensation practices (OECD, 2011). The issue has also been dealt with by the OECD’sAsian and Latin American Corporate Governance Roundtables. The Financial StabilityBoard (FSB), in its recently issued Thematic Review on Risk Governance, called on the OECD toreview its principles for governance, taking into consideration the sound risk governancepractices listed in the FSB report and reproduced in Annex A to this report (FinancialStability Board, 2013).The present review covers 22 OECD member countries, together with Argentina;Hong Kong, China; India; Lithuania and Singapore. A general overview of risk governancepractices in all participating jurisdictions is provided. A more detailed review of threejurisdictions (Norway, Singapore and Switzerland) was carried out in order to highlighteither particular aspects of the risk governance framework, or country specificcircumstances that may influence the choice of approach.1.2. Scope of the reviewThe review addresses the issue of risk management from the perspective of corporategovernance (“risk governance”) based upon the relevant OECD Principles of CorporateGovernance (hereafter “the Principles”). In order to avoid, as much as possible, overlap withsimilar reviews conducted by other organisations such as the recently completed thematicpeer review of risk governance by the Financial Stability Board and the 2010 Principles forEnhancing Corporate Governance of the Basel Committee on Banking Supervision (in bothof which the OECD Secretariat actively participated), this review focuses on risk10RISK MANAGEMENT AND CORPORATE GOVERNANCE OECD 2014
1.RISK MANAGEMENT GOVERNANCE FRAMEWORK AND PRACTICES IN 27 J
Corporate Governance Risk Management and Corporate Governance Volume 2011/Number of issue,Year of edition Author (affiliation or title), Editor Tagline Groupe de travail/Programme (ligne avec top à 220 mm)
Corporate Governance, Management vs. Ownership, Majority vs Minority, Corporate Governance codes in major jurisdictions, Sarbanes Oxley Act, US Securities and Exchange Commission; OECD Principles of Corporate Governance; Developments in India, Corporate Governance in Indian Ethos, Corporate Governance – Contemporary Developments. 2.
corporate governance and risk management within . their organisations and as representatives elsewhere. 6. To encourage the development of corporate governance and risk management best practice for entities beyond companies. 7. To promote the development of sector-specific guidance on corporate governance and risk . management. 8.
Corporate Governance What is Corporate Governance? There are many definitions. The CBN Code of Corporate Governance defines it as follows: Corporate governance refers to the processes and structures by which the business and affairs of an institution are directed and managed. In order to improve
The corporate governance of Ajinomoto Co., Inc. is described below. I. Basic Views on Corporate Governance, Capital Structure, Corporate Profile and Other Basic Information 1. Basic Views Our basic philosophy concerning corporate governance is set out in "Chapter 2: Basic Approach" of the Ajinomoto Principle on Corporate Governance.
The Board is committed to maintaining high standards of corporate governance by overseeing a sound and effective governance framework for the management and conduct of Computershare’s business. This corporate governance statement sets out a description of Computershare’s main corporate governance practices.
The status of corporate governance of this company is as follows. I. Basic views on corporate governance, capital structure, corporate profile, and other basic information . 1. Basic views . This company has as its management objective becoming a company that broadly contributes to society, including related parties of shareholders, customers,
80Report of the Remuneration Committee In compliance with the Financial Reporting Council's UK Corporate Governance Code, the company has prepared the Corporate Governance Report that follows. www.iairgroup.com57 Strategic report Corporate governance Financial statements Additional information Chairman's introduction to corporate governance
Corporate Governance Statement 1 FY20 corporate governance highlights 2 Corporate governance framework 3 Our vision, purpose, strategy and values 4 Our Board of Directors 6 Roles and responsibilities 7 Board composition and succession 10 Board committees 13 Shareholders and reporting 15 Risk management 16 Diversity and inclusion 19
