Daily News Online

Wednesday, 19 January 2011






Marriage Proposals
Government Gazette

Risk management and enhancing capacity

Enterprise Governance Framework

Enterprise Governance
Corporate Governance le Conformance
Accountability Assurance
Business Governance le Performance
Value Creation Resource Utilization
(Source: Enterprise Governance - Getting the Balance Right: International
Federation of Accountants)

Risk and Opportunity Management Process

1. Identify Risks and Opportunities Sources of Risks Sources of Opportunity

2. Manage risks and opportunities
Assess and Alter risk appetite
Assess risks and Opportunities
Manage Risks Manage Opportunities
Share Risk Transfer Risk Reduce Risk
Monitor Innovation

3. Evaluate Risks and Opportunities

(Source: Management Accounting Guideline - Managing Opportunities and Risks Authoured by: Tamara Bekefi, Marc J Epstein and Kristi Yuthas Published by SMAC, AICPA and CIMA)

Strategic Scorecard
Strategic Position
Strategic Options
Strategic Implementation
Strategic Risks

(Source: Enterprise Governance ‘Getting the Balance Right: International Federation of Accountants)

CMA Sri Lanka presentation at the 52nd National Cost Convention organized by the Institute of Cost and Works Accountants of India in Chennai held from January 4 to 6, 2011

Since the spectacular collapse of the Barings Bank in 1995 there has been an ever growing interest in risk management. This has been fuelled by subsequent high profile corporate debacles, as well as natural and man-made disasters - 9/ 11, Enron, Worldcom, Ahold, Parmalet, the 2004 Tsunami, Hurricane Katrina, Northern Rock and Lehman Brothers, to name a few. Risk has been viewed, more and more, as something negative - a hazard, that need to be managed, if not avoided or eliminated altogether ; a value destroyer. Understandably, governments and regulators have reacted with stringent regulatory initiatives such as the Sarbanes - Oxley Act 2002, Basel 2 Accord, accounting standards, and numerous codes of corporate governance.

It is needless to say that hazardous risk - risks which have only a downside (examples : accidents, corporate fraud, human error, disasters) need to be managed rigourously, in order to preserve value and to ensure the sustainability of companies.

Otherwise, companies could lose money. However, it is important not to focus only on downside risks. Many risks, business risks in particular (examples: business acquisitions, new products, investments in technology, innovation) have an upside as well as a downside - a positive side as well as a negative one. It is the upside of risks, which provide opportunities for growth and profit. Whilst it is necessary to manage the downside of such risks, it is also vital that the upside should be exploited.

After all, risk-taking is the engine that drives business and propels growth, as suggested by the well-known adage Nothing ventured, nothing gained: Business enterprise is essentially about taking risks. Companies, which focus only on the downside of risks, could miss opportunities, which might have initially appeared too risky, and not properly analysed. Exploiting the upside of risks , i.e. opportunities, is at the centre of value creation process. One should be mindful of opportunities to create value,that could be hidden in risk.

In many instance, risk and opportunity are a duality ; they are like the two sides of a coin. Accordingly, a risk could present opportunities for innovation and competitive advantage, which in turn could lead to short - and long term growth and profitability.

In such instances, ‘risk management provide a window for ‘opportunity management’, which leads to ‘Risk and Opportunity Management’.

As explained above, focusing exclusively on the downside of risk could be harmful to the well-being of organizations. Several initiatives have been taken to remedy this situation. Two somewhat early responses are : (1) Enterprise Risk Management - Integrated Framework 2004 of the Committee of Organizations Sponsoring the Treadway Commission (COSO), and (2) Enterprise Governance - Getting the Balance Right, 2004, of the International Federation of Accountants (IFAC) and the Chartered Institute of Management Accountants (CIMA). Both initiatives are attempts to address risks in a broader and holistic manner, rather than viewing risk as a mere threat to be avoided.

Enterprise governance

They look at risk in the context of the organizations strategy, culture, and operations. Of these two initiatives, the Enterprise Governance approach and methodology has a distinct orientation toward addressing the much neglected value creating upside risks.

The early responses to corporate failures were mostly in the form of codes of corporate governance. These codes attempted to seek compliance with rules and regulations on issues such as board structures, Chairman and CEO, non - executive directors, executive remuneration, internal control, and oversight mechanisms ( examples : audit committees, remuneration committees).

They sought to bring about improved accountability and assurance. Whilst the philosophy of Enterprise Governance accepts the importance of corporate governance, it argues that good corporate governance on its own cannot ensure success: ‘Good corporate governance is a necessary, but not sufficient, foundation for success.’

Bad corporate governance can ruin a company, but cannot, on its own, ensure its success (Enterprise Governance - Getting the balance Right: (IFAC) It goes on to assert that companies must balance conformance with performance.

Enterprise Governance is defined as ‘the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the organization’s resources are used responsibly’ (Information and Systems Audit and Control Foundation, 2001).

There are two dimensions to Enterprise Governance, viz conformance and performance. Conformance is also called ‘Corporate Governance’, whilst performance is also called ‘Business Governance.’

The performance dimension focuses on strategy, value creation and resource utilization. It seeks to help the board to make strategic decisions; understand its risk appetite and key drivers of performance. Enterprise Governance philosophy recognizes that the performance dimension cannot be easily subjected to regime of standards and audit.

Hence, it seeks to develop a set of best practice tools and techniques in performance related areas such as ‘Enterprise Risk Management’, ‘Acquisition Process’ and ‘Board Performance’.

Unlike in the case of the conformance dimension, the performance dimension lacks a formal board oversight mechanism. Hence, the IFAC study on Enterprise Governance has proposed the ‘strategic scorecard’ to bridge this ‘Oversight Gap’.

The strategic scorecard is neither a detailed strategic plan nor a substitute for the Balanced Scorecard. It aims at helping the board of director ensure that all the aspects of the strategic process have been completed thoroughly. The strategic scorecard has four quadrants - Strategic Position, Strategic Options, Strategic Risks, and Strategic Implementations. Thus, risks , in the form of strategic risks, have been embedded in the performance dimension of enterprise governance , i.e. business governance..

Risk management and value creation

The need to proactively approach risk - taking, in order to take advantage of value creating opportunities, should not be underestimated. Intelligent risk-taking is essential in order to build value; it needs to be operationalized.

The management accounting guideline titled ‘Managing Opportunities and Risk’, jointly published by the Society of Management Accountants of Canada, the American Institute of Certified Public Accountants and the Chartered Institute of Management Accountants of the UK, provide a comprehensive and invaluable framework in this area.

The guideline expands the risk assessment model to include opportunities and innovation, and provides the needed tools and techniques to capture the positive side of risk, while rigourously managing its downside impact.

It asserts that ‘an organization may come to see that developing a greater capacity to identify and mitigate risk allows it to capture opportunities that the competition cannot.’

It goes on to state, ‘Effective risk management practices and tools are necessary for companies to seize opportunities and gain competitive advantage over companies that do not know of these practices and tools, or cannot effectively implement them’.

It encourages taking a portfolio view in regard to risks as managing some risks well create the opportunity to take risks in other areas. It also proposes techniques that organizations can use to alter risk appetites to capitalize on opportunities.

In addition to following the traditional risk management practices, the management accounting guideline ‘Managing Opportunities and Risks’ emphasizes the need to (1) Identify and manage opportunities, often related to innovation, and manage related risks, and (2) Identify and manage opportunities where others see only unmanageable risks. The risk and opportunity management process proposed by the guideline has the following three major phases:

1. Identify risks and opportunities
2. Manage risks and opportunities
3. Evaluate risks and opportunities

The identification of risks and opportunities draws attention to the following: (A) the sources of risk and opportunities, and (B) strategies for identifying risks and opportunities.

Some key sources of opportunity are (1) supply chain, (2) product and service offering, (3) processes, (4) technology, (5) new markets, (6) customers, (7) political, legal and social forces. The strategies recommended for identifying risks and opportunities are, (1) Learning from the past, (2) Developing Customer Sensitivity, (3) Learning from others, (4) Scanning, (5) Scenario Planning, (6)Seeing the market gaps and change the game, (7) Developing idealized design and competing in advance and (8) Developing market sensitivity.

The second phase - ‘managing risks and opportunities’, consists of the following four steps: (1) Assess and alter risk appetite, (2) Assess risks and opportunities, (3) Managing risks and (4) Managing opportunities. Assessing the risk appetite allows an organization to decide how best to respond to the opportunities and risks it has recognized.

Risk appetite is the risk exposure, or potential adverse impact from an event, that an organization is willing to accept without taking action. It is heavily influenced by the organization’s culture and changes over time. It should be quantified in monetary terms. Risk appetites should be defined and agreed upon at least annually; it should be proposed by the senior management and endorsed by the board of directors.

Once the risk appetite is assessed, the company should proceed to assess all major risks and opportunities against it. For this purpose, it is very important to quantify the risks and opportunities in monetary terms.

If a risk exposure exceed the risk appetite threshold (also called risk tolerance), measures could be taken to bring it back within the accepted level, so that the exposure is in line with the risk appetite.

In the alternative, the risk appetite itself could be altered. A low risk appetite could result in narrow assessment of risk, which could in turn result in the rejection of promising opportunities.

If the goal is to capture an opportunity, and the existing risk appetite is a hurdle, it might be desirable to alter the risk appetite.

This can be done by enhancing the capacity to accept more risk, thereby shifting the risk appetite threshold. The guideline ‘Managing Opportunities and Risks’ describes methods of altering risk appetites.

After assessing risks and opportunities, the company could reject them, or proceed to manage them. The final phase is the evaluation of risks and opportunities.

Role of the management accountant

Risk and opportunity management calls for expertise in areas such as strategy, management, finance, management, management information and control systems, and internal audit.

The management accountant is well placed to play a prominent role in risk and opportunity management as he or she is skilled in these disciplines. The management accountant could contribute in the following activities:

* Establishing guidelines and procedures for strategic planning around opportunities and risks

* Improving the identification, measurement, and management of risks and opportunities

* Preparing the evaluation of risks and opportunities

* Integrating the model with other functions such as strategy

* Training managers to make more effective evaluations of risks and opportunities

* Implementing processes to monitor and communicate business risks and opportunities.

The IFAC Exposure Draft - ‘How Professional Accountants in Business Drive Sustainable Organizational Success’ identifies eight drivers of sustainable organizations, the third driver being ‘Integrated Governance, Risk and Control’.

Further, the document identifies challenging roles for accountants as (1) ‘Value Creator’, (2) Value Enabler, (3) Value Preserver, and (4) ‘ Value Reporter’, the first two coming under ‘performance’, whilst the last two come under ‘conformance’.

The roles of the management accountant in the area of ‘Integrated Governance, Risk and Control’, as a value creator and a value enabler are:

(A) As Value Creator - facilitate an understanding of an organization’s appetite for risk and deliver aligned and effective governance, risk and control practices to achieve a balance between conforming with rules and regulations and driving sustainable organizational success.

(B) As Value Enabler - implement enterprise risk management and control as a strategic activity and as integral part of an organization’s governance system, as well as into all other decision - making processes in the organization.

Role of management accountancy bodies

Risk Management, as a professional discipline, is continuously expanding at a rapid pace. In view of the role that could be played by management accountants in this critical area, it is important for management accountancy bodies to foster the discipline in the following manner:

* Provide education and training of members and students

* Be a Thought Leader by undertaking research and development in risk management

* Create general awareness on the subject amongst the business community, the state, civil society, and other groups of stakeholders.

The Sri Lanka experience

The Sri Lankan economy has been an open economy since its liberalization in 1977. Accordingly, it has been vulnerable to the fluctuations in the global economy.

Sri Lanka too has had its share of high profile corporate collapses during the last decade.

These have been largely due to poor corporate governance.

During the past decade, there has been a growing awareness in risk management in Sri Lanka. Many public seminars and workshops have been conducted. The professional accountancy bodies have included risk management in their syllabi.

On the practical side, it is understood that several blue-chip companies - both national and multi-national, have formalized risk management systems in place. However, generally speaking, there is much room for improvement in this area both in the public and private sectors.

Hazard risks - risk which only have a downside, should be necessarily managed, if not eliminated altogether. That is essential in order to preserve value and ensure the sustainability of companies.

However, risk management should not stop there. From a value creation perspective, it is vital that risks with upsides as well as downsides are managed in order capitalize on opportunities.

Further, it should be realised that better risk management systems enable companies to take on more risks and thereby exploit opportunities. In other words, sound risk management systems enhance the capacity to build value.

Management accountants have a vital role to play in the process. Management accountancy bodies could contribute by supporting members, students, companies, and other stakeholders in the area of education, research and development in the area of risk and opportunity management.


Donate Now | defence.lk
LANKAPUVATH - National News Agency of Sri Lanka
Telecommunications Regulatory Commission of Sri Lanka (TRCSL)

| News | Editorial | Business | Features | Political | Security | Sport | World | Letters | Obituaries |

Produced by Lake House Copyright © 2011 The Associated Newspapers of Ceylon Ltd.

Comments and suggestions to : Web Editor