Taking The Right Risks - PwC
FEATURETaking TheRight RisksRisk GovernanceDefinedBy Ng Siew Quan, Partner AndAlvin Chiang, Manager,Risk & Control SolutionsPricewaterhouseCoopers LLPIt’s All About Managing RisksYou may have realised that of late, the issue of dealing with risk and uncertaintyhas been a constant theme across many newspaper editorials worldwide. Inparticular, it is the inability to properly manage them that has led to sensationalheadlines being made.It’s never easy to navigate risks when you’re the one in the driver’s seat, but havingsound fundamentals definitely helps.Back To BasicsRecognising that good risk managementgoes hand-in-hand with good corporategovernance, the Corporate GovernanceCouncil1, in reviewing the SingaporeCode of Corporate Governance,introduced the concept of RiskGovernance as a key principle2 to theCode.The revised Code puts the mantle of RiskGovernance squarely on the shouldersof the Board. To provide further clarityand guidance, the Council subsequentlyreleased a supplement titled “RiskGovernance Guidance for ListedBoards”.Key information on risk governance isprovided in the guidance, including thefollowing areas:the company’s risk managementframework and policies The Board’s responsibilities in RiskGovernance vis-à-vis Management’s How the Board can carry out itsresponsibility of risk governance ofthe company Emphasis is placed on the notion thatrisk governance cannot be approachedfrom a “one-size-fits-all” angle, whichis aligned with ISO 31000’s principle3that risk management should betailored to fit the organisation. Factors which the Board shouldcollectively consider when overseeingIn essence, the document aims toprovide Directors with guidance on15
these salient questions4: What is Risk Governance? Who is responsible for RiskGovernance and implementation ofRisk Governance policies / measures? What constitutes a sound systemof risk management and internalcontrols? What goes into a risk managementpolicy? How can risk tolerance be determined? What does a risk management processlook like? What are some of the key InformationTechnology (“IT”) risks? How does the Board ensure that therisk management and internal controlssystem is adequate and effective? What should be disclosed in thecompany’s annual report with respectto risk management and internalcontrols?16The Concept of RiskGovernanceThe guidanceGovernance:statesthatRisk Is the architecture within which riskmanagement operates in a company Defines the way in which a companyundertakes risk management Provides guidance for sound andinformeddecision-makingandeffective allocation of resourcesSuccessful Risk Governance is thereforecontingent on how effectively the Boardand Management are able to worktogether in managing risks. Central tothis is the Enterprise Risk Management(ERM) framework, which articulatesand codifies how an organisationapproaches and manages risk.Defining Roles andResponsibilitiesThe guidance states that the role of theBoard in the governance of risk is inproviding oversight of the company’srisk management and internal controlssystem.Within the context of the company’sbusiness model and strategies, the BoardRecognising that good risk management goeshand-in-hand with good corporate governance,the Corporate Governance Council1, in reviewingthe Singapore Code of Corporate Governance,introduced the concept of Risk Governance as akey principle2 to the Code.
The revised Code puts the mantle of RiskGovernance squarely on the shoulders of theBoard. To provide further clarity and guidance,the Council subsequently released a supplementtitled “Risk Governance Guidance for ListedBoards”.should work with Management indetermining which risks to take, as wellas how much of it. It should then ensurethat Management has in place thenecessary safeguards in place to managethose risks. The Board’s oversightresponsibility also includes reviewingthe system periodically for adequacy andeffectiveness.If required, the Board may choose toestablish a separate Board Committee toassist it. It could also consider includingRisk Governance into the scope of theAudit Committee.The role of Management lies primarilyin the design and execution of the riskmanagement and internal controlssystem in accordance with the riskpolicies and direction set by the Board.It is also responsible for providing theBoard with the necessary informationwhen it comes to the monitoring andreporting of risks.To support the overall Enterprise RiskManagement initiatives, the companymay consider appointing a Chief RiskOfficer to provide executive oversightand co-ordination.Such a decision would depend on variousfactors, including the scale, diversity andcomplexity of the company’s operations.A Sound System Of RiskManagement And InternalControlsA sound system of risk managementand internal controls contributes tothe safeguarding of the company’sassets and consequently shareholders’investment5. At the same time, onemust also appreciate that it can onlyprovide reasonable (but not absolute)assurance.A thorough and regular evaluation of thenature and extent of risks to which thecompany is exposed can help contributeto the maintenance of a sound system ofrisk management and internal controls.This is where the Enterprise RiskManagement (ERM) framework comesin.Some principle ERM frameworks andstandards listed in the guidance include: AS/NZS ISO 31000:2009 RiskManagement – Principles andGuidelines CommitteeofSponsoringOrganisations (COSO) EnterpriseRisk Management – IntegratedFramework ISO 31000:2009 Risk Management– Guidelines on Principles andImplementation of Risk ManagementConceptually,ERMframeworksshould have in common the followingsix elements (as highlighted in theguidance): Risk Strategy and Policy: Theconsideration of risk as a companysets its strategic direction and policies Risk Process: How risk is identified,assessed and managed in day to dayactivities Risk Structure: The specific riskmanagementfunctionsandresponsibilities established to sustainthe focus on risk management Culture: The culture and behavioursthat need to be developed andsustained to support effective riskmanagement Risk Systems and Tools: The systemsand tools used to facilitate the riskmanagement process Assurance: How assurance is gainedover the effective operation of the riskmanagement frameworkSimple But Not SimplisticIt’s often said that that the devil lies in thedetails and same applies when it comesto rolling out an ERM framework. That’swhere the well-known adage “simplicityis the ultimate sophistication” comes inhandy.Operationalisation of the ERMframework is often cited as a keychallenge by practitioners, and manyfailures in this aspect can be attributed toorganisations committing the cardinalsin of over-designing the framework andprocesses such that no one understandshow it works apart from the designerhimself.While excessive complexity is a nono, the other extreme of must also beavoided. Over-simplification of risks forexample, may result in the treatment ofa symptom rather than the root cause.Hence, the challenge is in developing anERM framework that is simple enoughThe guidance states that the role of the Board inthe governance of risk is in providing oversightof the company’s risk management and internalcontrols system.17
Table 1: The ERM Maturity Framework/HYHO RI 0DWXULW\ )UDPHZRUN &RPPLWPHQW2ZQHUVKLS3URFHVVHV&RPPXQLFDWLRQ 7UDLQLQJ0HDVXUHPHQW 5 6XSSRUW2YHUVLJKW G KRF1R 6WUXFWXUHGDSSURDFK5LVN PDQDJHPHQW6HHPV DV XQQHFHVVDU\H[SHQVH1R LQWHUHVW LQ XVLQJ ULVN PDQDJHPHQW1R WUDFNLQJ RI5LVN PDQDJHPHQW1R IRUPDO ULVN PDQDJHPHQW WUDLQLQJ1R ULVN DVVHVVPHQW SHUIRUPHG1R 5 VXSSRUW1R VWDQGDUG UHSRUWLQJ,QLWLDO3ROLF\ SURFHVV GHILQHG5XOHV EDVHG DSSURDFK3DUWLDOO\ GHILQHG UROHV5LVN PDQDJHPHQW FKDPSLRQ GULYHV LPSOHPHQWDWLRQ 5LVN PDQDJHPHQW PDWHULDO FLUFXODWHG2QH RII UHTXLUHPHQWV DQQRXQFHG 1HZ VWDII WUDLQHG 0RQLWRUHG E\ H[FHSWLRQ 5HSHDWDEOH3UDFWLFDO JXLGDQFH SURYLGHG 3URDFWLYH DSSURDFK&OHDUO\ GHILQHG UROHV0DQDJHUV GULYH LPSOHPHQWDWLRQ&R RUGLQDWHG WUDLQLQJ SURYLGHG5HSHDW PHDVXUHPHQWV UHSRUWHG5LVN PDQDJHPHQW LQWHJUDWHG LQWR DOO WUDLQLQJ %XVLQHVV XQLWV PRQLWRU RZQ ULVNV0DQDJHG0DQDJHUV FRQILUP FRPSOLDQFH5LVN PDQDJHPHQW HPEHGGHG&HQWUH RI H[FHOOHQFH PRGHO%XVLQHVV XQLWV GULYH %XVLQHVV XQLWV LPSOHPHQWDWLRQGULYH WDLORUHG WUDLQLQJ5LVNV PHDVXUHG FRQVLVWHQWO\5LVN PDQDJHPHQW DELOLW\ LPSDFWV KLUH SURPRWH GHFLVLRQV6LQJOH YLHZ RI ULVN DFURVV RUJDQL]DWLRQ ([FHOOHQFH 5LVN PDQDJHPHQW FHQWUDO WR GHFLVLRQ PDNLQJ 5LVN PDQDJHPHQW XVHG IRU VWUDWHJLF DGYDQWDJH0DQDJHUV SXUVXH ULVN XQFRQVFLRXVO\%RDUG DQG &(2 GULYH ULVN DJHQGD5LVN PDQDJHPHQW VHDPOHVVO\ LQWHJUDWHG LQWR 5 %XVLQHVV GULYHQ ZLWK NH\ ULVN LQGLFDWRUV7UDLQLQJ IRFXVHV RQ 5LVN DGMXVWHG EHVW SUDFWLFHSHUIRUPDQFH PHDVXUHV XVHG 3ULFHZDWHUKRXVH&RRSHUV //3 5HSURGXFHG ZLWK SHUPLVVLRQ The role of Management lies primarily in thedesign and execution of the risk managementand internal controls system in accordance withthe risk policies and direction set by the Board. Itis also responsible for providing the Board withthe necessary information when it comes to themonitoring and reporting of risks.for everyone to understand, yet robustenough to deal with complex risks. Thebest frameworks often are those that aresimplest, both in design and execution.Risk management should not be “boltedon” your processes, but rather “built in”.Before embarking on an ERMprogramme, it would be useful toconsider the current condition ofyour organisation’s risk managementframework and practices vis-à-vis yourdesired state. Our maturity frameworkin Table 1 provides a useful reference forthis. The key to success lies in effectivechange management: understandingthat the journey to excellence has to beprogressive and cannot be rushed.18Connecting The dots:Linking Risk ManagementTo The BusinessThe other thing about risk managementis that it should never be standalone,isolated from the other businessprocesses. An effective risk managementframework includes the necessarylinkages to these processes and spells outthe relationship between them.For example, the articulation ofbusiness strategies should encompassthe development of plans to addressassociated risks, which in turn shoulddrive budget allocation. After all, thereis little sense in having risk managementplans without the necessary resources toexecute them.Ensuring An Adequate AndEffective Risk ManagementAnd Internal ControlsSystemThe Board should undertake an annualassessment for the purpose of making itspublic statement in the annual reporton the adequacy and effectiveness ofthe company’s risk management andinternal control systems.To ensure an adequate and effectiverisk management and internal controlssystem, the Board should first definethe process to be adopted for its reviewof the risk management and internalcontrols system. It should then lookinto what significant risks have beenidentified and consider how effectivelythey are being managed. Is there a needfor more monitoring and control forany particular risk? Are prompt actionstaken to remedy significant failings orweaknesses in the risk management andinternal control system?
The Board should undertake an annual assessmentfor the purpose of making its public statementin the annual report on the adequacy andeffectiveness of the company’s risk managementand internal control systems.What Goes Into The AnnualReportIn providing a commentary in its annualreport, the Board should summarise theprocess which it has applied in reviewingthe adequacy and effectiveness of thesystem of risk management and internalcontrols. In addition, the Board shouldcomment on whether the CEO and CFOhave provided the Board with assuranceon the integrity of the financial records/ statements, as well the effectiveness ofthe company’s risk management andinternal control systems.Taking Your ChancesEffective Risk Governance does notequate to being risk-adverse. As in thewords of the poet T.S. Eliot:“Only those who will risk going too farcan possibly find out how far one can go.”It is therefore being smart about therisks you take, being adaptable totheconstantly-changingbusinessenvironment. It is about buildingresilience, ensuring that there are failsafe mechanisms in place to cushionany unsuccessful gambits. These are thehallmarks of effective Risk Governance.It is always useful to keep this in mind:the pursuit of any opportunity is alwaysaccompanied by an element of risk.How effectively we deal with these risksultimately defines the extent of our success.Endnotes:1. The Corporate Governance Council was set up in February 2010 to review and update Singapore’s Code of Corporate Governance2. See Principle 11 of the Revised Code of Corporate Governance3. ISO 31000:2009 Risk management — Principles and guidelines4. Risk Governance Guidance for Listed Boards, Corporate Governance Council, 10 May 20125. Ibid.19
4. Risk Governance Guidance for Listed Boards, Corporate Governance Council, 10 May 2012 5. Ibid. What Goes Into The Annual Report In providing a commentary in its annual report, the Board should summarise the process which it has applied in reviewing the adequacy and e!ectiveness of the system of risk management and internal controls.
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
PWC Driving Licence In NSW it is compulsory for every person driving a PWC to hold a current PWC driving licence. There are two types of PWC driving licence: 1. PWC driving licence for those aged 16 years and over. 2. Young Adult PWC driving licence for people aged from 12 to less than 16 years. A Young Adult PWC driving licence
Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. Crawford M., Marsh D. The driving force : food in human evolution and the future.
