ACCA holds CEOs Breakfast Meeting on risk and reward for current businesses

With the global economy climbing out of their downturn, it is timely to examine what needs to be done to prevent the recurrence of the problems that have been seen in recent years. In such a context, the challenge for responsible businesses is to find ways to ensure that the rewards it seeks are supported by sensible management of the risks that confront it.

The Association of Chartered Certified Accountants (ACCA) and Echelon, recently conducted a CEOs Breakfast Meeting on this topic, urging the business world to focus on and give more attention to this issue. Based on their new report, ‘Risk and Reward – Tempering the Pursuit of Profit,’ the discussion looked at where the financial system went wrong prior to the financial crisis and discussed how companies should approach the many risks they face, with particular emphasis on the crucial issue of reputational risk management.

Taking part in the discussion was keynote speaker Dilshan Rodrigo from Hatton National Bank PLC, who is a veteran on this subject. He said: “Companies are struggling to strike a balance between taking on too much risk to meet the ambitious demands of their shareholders, and violating their ethical principles and integrity – the two conflicting components that sparked off the recent financial crisis. Many firms have set up risk management departments to shape the direction of their investment plans.”

He also explained that today’s organisations should try to govern/control its risk taking and may find that applying limits is useful in doing that. “However, just setting limits makes no impact unless you have an effective way of getting people to act within them. Therefore ‘risk appetite’ in this sense is not a matter of personal preference but the important considerations which should be objective factors such as the organisation’s reserves, flexibility, and management skills, the returns available, the needs of stakeholders, and the actual risks involved. Personality should not play a part.”

Rodrigo added: “For risk management to gain sufficient attention in an organisation, it must be led and supported by the most senior levels. Risk management should be the role of senior management, elevating the authority of risk management and allowing this risk focus to filter through the organisation to build a pervasive risk culture. The board should also exercise appropriate oversight of risk; this is often accomplished through an audit or risk committee. These individuals should have the tools and information to understand the company’s risk appetite and positions and there should be channels of communication to ensure risk information is passed to the appropriate individuals so that they are aware of the main risks facing the company and their potential impact.”

Rodrigo further affirmed: “Risk can never be eliminated from business and it would be wrong for regulators or governments to think they can do so. Risk created opportunities and should be managed, not removed. Therefore companies should strike a careful balance between centralisation and decentralisation of risk. There should be a central, independent risk function to set risk appetite, implement and monitor controls, provide oversight of a firm’s risk position, and aggregate risk information. There should also be risk management embedded in regional or business units so each profit centre takes ownership of its own risks and so that a risk culture is instilled throughout the organisation. Companies should consider the extent to which risk management is seen as a support function and ensure risks are identified and aggregated centrally.”

He concluded by saying: “Risk management systems should be adaptive rather than static. Assumptions about risk should be questioned and updated, feeding observations from the real world back into the system on a regular basis. This enables risk management to correct inherent weaknesses and recognise and respond to changing business conditions. By regularly monitoring changes, a company can adjust their overall risk appetite and risk limits for individual lines of businesses appropriately. Companies should consider how frequently the company reviews and updates its assumptions about the risk environment and how that information is communicated to senior management.”

A panel discussion followed, that consisted of well known personalities from the industry that included Suren Rajakarier – Partner KPMG, Surana Fernando – Director Supervision – Securities and Exchange Commission of Sri Lanka (SEC), Mukhlis Ismail, Assistant Vice President Head of Group Business Process Review – John Keells Group, and Adrian Perera, Chief Executive Officer – RAM Ratings (Lanka) Ltd. The panel discussion was moderated by Shamindra Kulamannage, Editor-in-Chief of Echelon.

Ismail touched on many areas pertaining to the topic that consisted of his own experiences in successfully managing risk in his organisation; Rajakarier explained on issues relating to how auditors are pursued, whilst Fernando pointed out on managing the resistance to change.

The discussion ended with the conclusion that an organisation must consider its risk appetite and should decide on which goals or operational tactics to pursue, whilst at the same time consider to what extent the risks should be accepted that mirror stakeholders’ objectives.

The panel was of the opinion that those in governance roles should explicitly understand risk appetite when defining and pursuing objectives, formulating strategy, and allocating resources. The board should also consider risk appetite when it approves management actions, especially budgets, strategic plans, and new products, services, or markets.