Printed from BusinessInsurance.com

RISK UNDERMANAGED DOWN UNDER

Posted On: Apr. 20, 1997 12:00 AM CST

BRISBANE, Australia-Risk management is a technique "still relatively sparingly used and understood" in Australia, says John Boyd, principal corruption prevention officer with the Queensland Criminal Justice Commission, a government-established, independent unit that investigates white-collar crime.

Brian Crews, national president of the Assn. of Risk & Insurance Managers of Australasia, agreed that Australian company directors' knowledge of risk management is inadequate.Both spoke at a Queensland ARIMA Chapter one-day conference in Brisbane last month. Other speakers also agreed that a major challenge for risk managers is to convince their boards of the importance of and need for risk management.Mr. Boyd said three groups of people at board level threaten risk managers' attempts to encourage greater awareness of risk management:

""Corporate dinosaurs. . .directors whose tails are being eaten but the message hasn't yet reached their brains," display a "comfortable ignorance or a faith that nothing will go amiss."

""Dangerous enthusiasts" have a high commitment but low understanding. While they are committed to corporate governance, they do not see how risk management can be applied to ensure corporate governance principles are followed.

Those with high understanding but low commitment "could be larger than most people think," Mr. Boyd noted. They are skeptical and unenthused about "genuinely applying risk management to corporate governance."

The third group is likely to be those whose annual reports "include a convincingly written corporate governance section," yet follow it up with "little meaningful action or implementation."

Mr. Crews warned that if directors sign off on company annual reports indicating that they have risk management procedures in place when they do not, they are breaching the Australian Stock Exchange's guidelines for public companies and possibly the federal Corporations Law, which says directors must act honestly and do everything that's in the best interests of the company.

Directors at an organization that fails to implement a risk management program are failing to fulfill their legal responsibilities to manage the company's affairs in the best interests of the company, warned Mr. Crews.

"Managing a company effectively and exercising skill and due diligence in doing so, involve all the principles of risk management-identification, analysis, evaluation, treatment and monitoring of risk," he said.

Mr. Boyd said there must be incentives that encourage companies to be more risk-aware. In recent years, corporations have found it is profitable to be seen as "green and environmentally committed," as investors do not want to be involved with companies that may later face large cleanup liabilities and would rather invest in companies committed to addressing environmental risks.

"If similar profitability could be associated with companies genuinely striving for excellence in corporate governance, it would be another boost for applying risk management to corporate governance," he said.

Mr. Crews noted that a 1996 survey, conducted by the Sydney-based Australian Institute of Company Directors and accounting firm KPMG, showed 60% of companies do not have formal risk management policies (BI, Aug. 26, 1996).

Since July 1, 1996, the Australian Stock Exchange has required public companies to include a statement on corporate governance in annual reports.

Companies must provide a statement of the main corporate governance practices in place. In particular, they must include "the governing body's approach to identifying areas of significant business risk, and to putting arrangements in place to manage them." According to the speakers, that means not just buying insurance but making a commitment to risk management.

The ASX also seeks the entity's policy on establishing and maintaining appropriate ethical standards.

Mr. Crews said companies that have faced the courts over corporate governance issues, for example actions by the Australian Competition & Consumer Commission for breaches of the Trade Practices Act, have seen far wider ramifications of those breaches than just large fines and damage to their reputations.

"Share values, almost invariably, drop as the board loses focus on the company's goals while it fends off the litigation," he said, referring to Trade Practices Act litigation.

Mike Oswald, managing director, Brisbane-based Context Risk Management Pty. Ltd., a risk management consultant, told delegates that risk managers must show directors that risk management outcomes can be aligned to corporate bottom-line objectives.

"Board members are overworked; how do you get risk management objectives in front of them? Voluminous reports will get buried; the secret is to provide information that reflects the board's outcomes," he said. Defining risk in terms of cash flow means the board has a greater understanding of a risk's implications. "Risk management's not about risk, it's about management," he said.

Risk managers must assess risks against resources and "mitigate risks when your resources are inadequate to handle them," Mr. Oswald said.

He said an organization's risk context, that is, its appetite for risk, needs to be clearly communicated before the identification, analysis, assessment and treatment steps of the risk management process can be effective.