Risk Oversight process in Business

[Yakub02]

 the risk oversight process begins with the board.

The board is responsible for deciding the company’s risk strategy and business model, and it should understand and agree the level of risk that goes with this.

It should then have oversight of the implementation by management of a strategic and operational risk management system.

 management has the responsibility for developing and implementing the company’s strategic and routine operational risk management system, within the strategy set by the board and subject to board oversight.

 shareholders have responsibility for assessing the effectiveness of the board in overseeing risk. Investors are not themselves responsible for the oversight of risk in the company.

The ICGN Guidelines provide guidance on processes for the oversight of corporate risk by the board and within the company, for investor responsibility and for disclosures by a company on its risk management oversight processes.

Shareholders need information about risk in order to fulfil their responsibility. IFRS 7 Financial Instruments:

Disclosure requires companies to make disclosure in respect of specified financial risks including, credit risk, liquidity risk and market risk.

These disclosures could be included in the financial statements or incorporated as part of the risk report (in which case they are still subject to audit even though presented outside the financial statements). These are only part of the risks that a company faces. A risk report should be broader in scope than just the financial risk.

 

[Yakub02]

Key performance indicators Many companies might include key performance indicators in the annual report, perhaps, as part of the financial highlights.


Companies can choose to include whatever they like but ideally, the information reported would be on true KPIs, that is to say, those used by management in running the business.

There are no standard versions of many KPIs so best practice would dictate that the company should define how they are calculated. Best practice would also require that the KPIs should be supported by narrative commentary. KPIs might include both financial (e.g. ROCE, gross profit margin etc.) and non financial (e.g. growth in market share, quality scores etc.).

Trends Many companies include tables or diagrams in the annual reports to indicate performance in key areas over time. Such information might include revenue, operating profit, profit after tax, eps and share price, typically over a five or ten year period.



Some companies also include non-financial information, for example, the number of employees

 

[Yakub02]

Historically, companies have considered themselves responsible to their shareholders by generating dividends and capital growth on their investment.

More recently, companies have been criticised for striving to maximise profits at the expense of social and environmental concerns, for example, by such means as underpaying their workforce or by abusing their power over their smaller suppliers to negotiate prices and terms.

There is now a widely-accepted view that companies should be answerable to a wider range of ‘stakeholders’ who are taking an increasing interest in their activities.

They are interested in the good and bad aspects of a company’s operations – its products and services, its impact on the environment and local communities and how it treats and develops its workforce.

Many large companies now accept (possibly for commercial reasons) that their responsibilities extend beyond their shareholders to other stakeholders – their employees, the government, the local community and society in general.

 

[Yakub02]

Initiatives include sourcing goods from deprived countries at fair prices, campaigns to promote re-cycling of materials, job-sharing and flexi-time working to improve working opportunities and conditions for employees. In some aspects of reporting and disclosures, many large quoted companies publish an annual corporate social responsibility report. This may be given a different name, such as a social and environmental report or a sustainability report, and is usually published as a separate document from the annual report and accounts, but at the same time.

Corporate social responsibility (CSR) is a term for the responsibility that a company should have towards society and the environment in which it operates. CSR has been defined in various ways:  It is ‘a concept whereby companies integrate social and environmental concerns in their business operations and their interaction with their stakeholders on a voluntary basis.