CIMA knowledge fast forward
View(s):CIMA knowledge fast forward is a knowledge sharing initiative which strives to improve the conceptual clarity of the business community with regard to a core management/financial accounting or business related knowledge area, describing the concept, and explaining how it applies in practice.
Responding to risk
Effective risk management is becoming increasingly critical to the success if not survival of organisations across the globe. With a series of crises, whether global or local, political or ecological, hitting the average company, the ability to prepare for uncertainty is a key requirement.
‘Integrating risk into performance: reporting to the board of directors’, a CGMA report released recently, showed an increased general awareness by board members of the importance of considering risks in their decisions, especially in view of the economic crisis. In the local context, research conducted by CIMA Sri Lanka also highlights the importance of the risk management function; with one respondent stating that its scope ‘should cover the whole business and consider all stakeholders’.
The global study shows that what while risks were previously taken into account, what was done in a more implicit manner, has now received greater attention and been subjected to increased formalisation. In keeping with this trend, strategies suggested to improve Sri Lankan risk management practices include designing and establishing an integrated risk management strategy, philosophy and policy statement.
Integrated reporting
Respondents both locally and globally stressed the importance of combining performance and risk reporting, with concerns that specialised risk reporting may lead the company into a compliance trap, with the whole risk management turning into a ‘boxticking exercise’. Another concern to be addressed is the fact that performance assessments are undertaken at discrete time intervals and a successful risk management program needs continuous reporting.
Ensuring that integration of risk and performance reporting takes place is a significant challenge, handled differently by each entity. One respondent recommended that communication levels within teams are improved in order to improve knowledge and understanding about risk management procedures and increase the levels of contribution.
A Senior VP in an organisation studied stated, ‘To integrate the notion of risk into our planning and budgeting cycle, we request our country managers to present no more than ten slides during the annual budget presentations, but one of those slides has to explicitly focus on risk.’
One company shifted the way in which the information was presented to the board (eg, instead of information on ‘20 years of reserves’, the board of directors started to receive a report that ‘85% of earnings were protected by reserves that the company had for more than 20 years; and 2% of earnings were at risk in the property that the company owns’). This created a better insight into the company’s risk exposure for the board.
Financial vs. non-financial risk
An additional challenge is the quantification of financial and non-financial risks enterprise-wide. While a majority of respondents stated that the focus was primarily on financial risks, some expressed the need to evaluate non-financial risk and grade it by assessing its likelihood and severity.
Possible tools which can be used for risk assessment are decision trees or Monte Carlo simulation to calculate, the best, the worst and the ‘seemingly realistic’ scenario. From the board perspective, the scenario planning and budgeting approach gives a more solid input for further board discussions on potential strategy and risks, contributing to improved decision making.
Risk assessment framework (CGMA, 2012)
Risk management and strategy
The importance of risk management to the strategy process is another essential consideration, as findings show that there is a tendency to look at risk as potential opportunities as well as from a negative angle (as potential threats), with companies not only following compliance requirements, but also taking a holistic approach, where both the negative and the positive side of risk are taken into account in decision making, enhancing the quality and breadth of strategic decisions.
This is an area that still needs attention, as shown by a survey of 618 US executives that was conducted for the AICPA’s Business, Industry and Government team by North Carolina State University’s ERM Initiative, where it was found that almost half (49%) of the organisations surveyed fail to meaningfully consider existing risk exposures when evaluating new strategic initiatives. In addition, just 35% have ‘mostly’ or ‘extensively’ addressed their organisation’s tolerance for risks in their strategic planning.
The complexity of risk is increasing as well, underscoring the importance of enterprise-wide risk management. Sixty-two per cent of respondents of the AICPA survey said the volume and complexity of risks have increased ‘extensively’ or ‘mostly’ in the past five years.
More than two-thirds (68%) said they were caught off guard by an operational surprise ‘somewhat’ to ‘extensively’ in the past five years.
In one case-study organization, risk elements were integrated in the discussions and subsequent reports of the various internal cross-functional ad hoc committees and working groups.
This is accepted as a requirement in Sri Lanka too, with an individual surveyed stating that ‘risk management should be in all aspects of a business, such as marketing, production, delivery, human resources, IT, supplies and finance’.
For a closer look at the integration of performance and risk reporting, and to read more of the case studies, refer the report at www.cgma.org/Resources/Reports.
Follow @timesonlinelk
comments powered by Disqus