Introduction
Corporate governance involves promoting corporate accountability, fairness and transparency. OECD (1999) defined corporate governance as “the system in which the business corporate is controlled; corporate governance structure specifies the distribution of rights and responsibilities among different participants in the corporation, including board managers, share holders and other stake holders” (OECD, 2005, p. 1).
Corporate governance defines the rules and procedures in reaching corporate decisions and affairs. This way, it lays down appropriate structures in which a company’s objectives are set, with clearly spelled out means of attaining the objectives (EIU, 2002).
Corporate governance has become the main-stream concern in most corporate board rooms and in many academic meetings. The events which have heightened discussions on corporate governance are the 1998 financial crisis in Brazil, Russia and Asia due to poor corporate behavior affecting the entire nation’s economies.
This was followed by the 2001 crisis due to corporate scandals in the U.S. and Europe. The private sector, being the major contributors in most nations’ economies and other development projects such as market liberalizations, has enhanced the need to attain good corporate governance.
This paper traces the importance of corporate governance and its dimension in risk management. It endeavors to highlight the role of corporate governance in defining the risks for public corporations.
Risk Management
A good corporate governance structure establishes the mechanisms to attain accountability between the executives and the shareholders so as to protect the interests of the various stakeholders. Various means of improving corporate governance described by Economist Intelligence Unit (EIU) (2002) include regularly meeting non-executives to examine their performance and establish areas they feel inadequately explored by the management.
Secondly, risk management should be focused on. Ill-judged management decisions on risk management are usually the roots of failure. They should also audit performance of the board and the non executives (EIU, 2002).
Risk management refers to the processes organizations address methodologically the potential events and consequences (threats) with the aim of achieving sustained benefits. No corporation is risk free. Risk management consists of 3 Rs namely returns, risks and ruins.
Risk management increases the probability of succeeding and reduces the uncertainty of an organization’s failure. The process should be continuously running throughout the organization’s strategy implementation.
A good risk management should be addressed methodologically covering the organization in the present and in the future. The management should be integrated with the organizational culture and policies. Risk management should translate the strategy into tactical and operational objectives, which assigns overall responsibility and those that support accountability, performance and efficiency (AIRMIC, 2002).
Effective Plan for Risk Management
Every organization requires a set of management programs and organizational frame work to identify and evaluate risks associated to the organization. This way, the firm will know the exact and effective policies and controls that can address the identified problem.
The management activities enable the firm to act on the risks throughout rather than managing the risks in an ad-hoc manner or only when the problem arises or is reported by the relevant authorities (ARCHIE, 2003).
Risk management process requires intensive planning and organization. It involves several phases as described below. Phases in risk management include identification of risks, risk assessment, risk control, minimization, transfer and retention.
For an organization to identify risks, it must be intimately knowledgeable concerning the markets it operates in, its legal and social environment. It is also important to identify the cultural environment as it dictates much in every corporation.
Identification should be done in such a way that all activities are identified and all risks pertaining to the activities are defined. Risks identified can be grouped as strategic such as political risks, sovereign and physical environment changes.
Operational risks are those associated with present running of the organization. Financial issues include those like availability of foreign exchange rates, creditors and debtors. Other risks are knowledge management risks and compliances (AIRMIC, 2002).
After the risks have been identified, risk description follows up. Description should cover nature of risks, scope of risk, stake holders, risk quantification, risk appetite, risk treatment and control mechanisms, potential action and strategies, and policies for development set by the organization.
Risk estimation is then carried out and classification of the risks done in the following manner: High for those likely to occur every year with more than 25% probability. Such risks are potentially indicated as of repetitive nature. Medium risks are those likely to occur in a decade. Such risks are difficult to control but can be indicated by the past occurrence. Low risks are those unlikely to occur and have not occurred as yet (AIRMIC, 2002).
After being identified, risks are analyzed. There exist various analysis methods. Risk analysis is mainly done to weigh the significance of the risk to the organization. The risks are then reported. Risk reporting and communication are mainly done to ensure that the management understands the significance facing the risks and the possible outcomes thus creating awareness.
Board managers should ensure that the risk-management procedures are operating effectively. Reports are also given to business units to make them aware of risks associated to their departments and outline the performance indicators which would enable the managers monitor the progress and be in a position to identify problems that require intervention. Reports at individual levels are directed to augment accountability for individual risks and to establish means on how the risk management response can be improved (AIRMIC, 2002).
Lastly is the risk treatment. This process involves the selecting and modifying of measures to be implemented to mitigate the risks. The treatment involves having internal controls, being compliant to the organizational culture, laws and regulations to ensure effective and efficient operations (AIRMIC, 2002).
Therefore, public firms are recommended to implement policies, which will analyze risks, establish their recommendation, strategize methods of treating those risks and monitor their effectiveness to sustain the firm’s performance.
In brief, the firms should establish criteria for identifying the risks by looking into the loss exposure and existing risk management, firm’s loss history to evaluate the exposures and the extent they have impacted the prospective firms. A corporation should also establish risk based auditors responsible for the inspection of key facilities and to gauge the extent the policies laid are put into practice (ABAG Plan Corporation, 2009).
Importance of Risk Management
Importance of risk is to evaluate unexpected occurrences. Regulators require organizations to determine those risks which might bring rise to such occurrences. It is said that when an organization understands its risks, it understands its opportunities.
On the other hand, if it does not know the risks in its environment, it cannot determine the extent of risks accepted. Not knowing the risks to accept implies that it does not know the risks to take. In turn, this implies that it does not know how to grow.
Understanding the risks prepares the organization to hold back when events hit it. This way, the firm controls the events and seizes opportunities. Risk management enables a company to understand the risks involved in the ongoing projects. In the same context, the company gets prepared to accept the risk and can take the necessary actions to manage the risks (Griffiths, 2006).
Risk management helps the firm to prioritize relevant issues enabling them to effectively use finite resources. Risk management also helps in reaching reasonable and sound conclusions when taking risks through evaluating possible outcomes; and in deciding the best strategies to deal with the risks.
Risk management process pulls together all the information from other relevant areas like vulnerability analysis and operations to have an overview of the business risks. It helps in identifying the levels of contingency plans in the event the risks become a reality. The often overlooked advantage of risk management is the common platform provided to the managers to communicate the differences between needs wants and resource requirements (ARCHIE, 2003).
Conclusion
Undoubtedly, risks threaten every organization’s objectives. Risk management process is an internal control system responsible for risks reduction to a level that is considerable by the organization to be safe. Management is responsible for monitoring of events and seizing of opportunities. It is also the role of the management to identify, assess and manage risks. Risk management is essential because it helps an organization to realize its objectives and missions.
References
ABAG Plan Corporation. (2009). Risk management Manual. Association of Bay Area Governments. Web.
AIRMIC. (2002). A risk management standard. AIRMIC, ALARM, IRM. Web.
ARCHIE, D. (2003). Security program management and risk. GIAC Security Essentials certification Practical assignment Version 1,4B. San Institute, CA: Prentice Hall.
EIU. (2002). Corporate governance the new strategic imperative. A white paper from the economist intelligence unit. KPMG International. Web.
Griffiths, D. (2006). Risk based internal auditing. Internal Audit. Web.
OECD. (2005). International Experts Meeting on Corporate Governance of Non-listed Companies. OECD. Web.