Good Corporate Governance & Risk Management
(First of Two Parts)
Compiled by Andi Mohammad Hatta

Understanding Good Corporate Governance
Although the practice of Good Corporate Governance has been going on for a while now, the term of Good Corporate Governance (GCG) has been widely used since the 19th Century and is intensively promoted by several sponsoring organizations, such as COSO the Committee Of Sponsoring Organization (COSO), which has a mission to improve the quality of financial statements by focusing on Good Governance, Ethical Standards and Internal Control.

Consistent application of GCG in a corporation is believed to be one of the factors that protect its ongoing concerns.

GCG covers several points of recommendation to ensure a corporation is run on Good Governance principles. These are:

  1. The core principles of managing a corporation are: Transparency, Responsibility, and Accountability and Independence.
  1. The corporation structure should cover the segregation of roles among Shareholders, the Board of Directors (in single-board structures), and include Board of Commissioners (in dual-board structures), corporate committees, and corporate secretaries and auditors both external and internal.
  1. The corporation should have a strategic direction which covers the right vision and mission, and is supported by effective corporate and employee values, properly cascaded down to the lowest rung of the corporate organization.
  1. Proper execution in implementing the vision-mission and the corporate-employee core values through the following:
    1. A clear goal and direction;
    2. An effective performance management system;
    3. A penalty and reward system;
    4. Training, education, and development programs;
    5. Effective internal communication, and
    6. Senior management role modeling.
  1. The corporation should have a sound risk management system that covers the following:
    1. A risk management policy;
    2. A risk appetite on capital change impact on each identifiable risk;
    3. Adequacy of internal control;
    4. Establishment of risk-taking committees, and
    5. In banks, applications of Basel 2 Best Practices.

 

Risk Management, its Definition and Benefits
Risk Management is a part of GCG practice and is commonly used by banks in managing their business portfolio. However, risk management principles and practices can also be used to manage the risk of any corporation.

The core sponsor of risk management is the Basel Committee on Banking Supervision. This is a committee of banking supervisory authorities which was established by the central bank Governors of the Group of Ten Countries in 1975 (consisting of Belgium, Canada, France, Germany, Italy, Spain, Japan, Luxembourg, Sweden, Switzerland, the UK and the USA).

What is a risk?
It is a potential occurrence of an event that may incur losses arising from the business operations of an organization. Risk is managed through a methodology and series of procedures used to identify measures, monitor and control the risk.

Risk management should not be the avoidance of risk, because risk-taking activities are pursued for profit but do inevitably result in occasional losses. The aim of an effective risk management process is to ensure that the return received is adequate relative to the risk that is being taken.

How do the benefits of risk management translate into the business?
The advantage are manifold, and include improved profitability, a better-structured balance sheet, enhanced shareholder value, a good reputation in the market for being a well-managed  organization, better-trained staff (resulting in lower attrition rates) and improved corporate governance.

Value is maximized when management sets strategies and objectives to strike an optimal balance between growth-and-return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives. Risk management encompasses the following:

  • Aligning risk appetite and strategy—management considers the entity’s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks;
  • Linking growth, risk and returns—risk management provides a framework for making decisions that ensure business growth, and that the returns achieved are commensurate with the risks being taken. It assists the setting of risk limits and thereby guards against risk avoidance;
  • Improving risk exposure—risk management provides a process for identifying and deciding upon the risk responses from acceptance and sharing to reduction or avoidance;
  • Reducing operational surprises and losses—risk management helps organizations identify known potential adverse events, assess risks and establish appropriate responses, thereby reducing surprises and related costs and losses;
  • Managing risk—all organizations face multiple risks that affect different functions and operations. Risk management emphasizes the interrelated impact of risks and supports integrated solutions for managing them;
  • Exploiting opportunities—by considering the full range of potential events rather than just risks, risk management enables management to identify and take advantage of positive events and opportunities quickly and efficiently;
  • Rationalizing resources—risk management creates more robust risk information, which allows management to deploy resources more effectively thereby reducing overall capital requirement and improving capital allocations.

Risk Classifications
The Basel Committee on Banking Supervision further establishes criteria for risk classification as follows:

  1. Credit Risk: The risk that a counter party may not pay the amount owed when they fall due and/or may be unwilling to pay for any reason. This arises from loan extension, replacement of cost, and settlement under foreign exchange, interest rates and derivative products.
  1. Market Risk: The risk of loss due to changes in market prices. There are three major forms of market risks: price risk, liquidity risk and discontinuity or gap risk.
  1. Operational Risk: The risk of loss due to actions on or by people, processes, infrastructure, technology or similar factors which have an operational impact. This includes fraudulent activities.
  1. Legal Risk: The risk that a contract between parties is invalid and cannot be enforced.
  1. Reputation Risk: The risk that the reputation of an organization will be adversely affected. Reputation risks can occur as a result of a single event or incident.
  1. Strategic Risk: The risk that an organization adopts an inappropriate strategy which results in the organization incurring significant costs and failing to achieve business targets. This includes new strategies, such as expansion into a new geographic market, a new business segment, or a new product area.
  1. Compliance Risk: The risk of non-compliance with legal or regulatory requirements. Regulatory requirements can apply to the corporation’s country of incorporation and its country of operation. The corporation will need to ensure its operations are in compliance with both sets of regulations.

Summary
Nowadays Good Corporate Governance (GCG) has become a necessity of building ongoing-concern corporations, and a prudent risk management system is an embedded process.

The Basel Foundation of Capital Adequacy Ratio (Base I) has given the banking industry a different format compared to before 1975, thereby making gradual capital injection mandatory, along with the increase of bank size and risk. Basel initiatives (known as Basel II) move further to define and relate the impact of each identifiable risk directly into the of capital adequacy of a bank.

Today, risk management methodology is not only adopted in the banking industry but also to other industries. However, the challenge in application is in the utilization of the sophisticated and expensive technology required to do the right calculation and to assess the risk all time.