Ramesh Pillai, Chairman of IERP’s Board of Governors, recently delivered a keynote presentation on Achieving Organisational Sustainability, Agility and Resilience Through Effective ERM at the two-day virtual Risk Forum jointly organised by the IERP® and Brunei Institute of Leadership & Islamic Finance (BILIF). The presentation gave a quick overview of several aspects of ERM, and how users should leverage on its principles to develop sustainability, agility and resilience in their organisations, in these uncertain and disruptive times.
Besides covering its dynamic interconnections with these organisational must-haves, Ramesh’s presentation also pointed out some business and sustainability initiatives, and how to integrate the ERM process with strategy. A proactive approach was required for the long term, he said, and involved optimising resources and reducing impacts. There was a need to think broadly while engaging partners and stakeholders. Businesses should consider value over profits, and take into account the points of view of all stakeholders.
Firms should have concrete plans that include a thorough understanding of their stakeholders’ needs and wants. This understanding should be extended throughout the organisation, so that everyone realises where, when and why value should be added. For example, issues like human rights and climate change are gaining traction among stakeholder groups; they should be of concern to the organisation as well. Stressing that all this goes beyond just business continuity management, he said it was more about taking the business to the next level as the world moves out of the pandemic phase.
“It’s also about how we should evolve from good practice to best practice,” he pointed out, adding that from the governance perspective, the proper policies needed to be set. He noted that central banks were becoming stricter, and there was still a great deal of uncertainty in the business environment, with the possibility of many countries reverting to lockdowns to stem the spread of infections. Despite the situation, opportunities could still arise but “If you don’t manage the risk, you cannot derive opportunities from it,” he cautioned.
Emphasising that good corporate governance and risk management ultimately the responsibility of the board, he acknowledged that organisations wanted to ensure that their businesses were run effectively and sustainably, bearing in mind the risk-reward trade-off, i.e., the higher the risk, the higher the reward. Risk management, he added, was not so much about the mathematics of risk, as the psychology of risk. “What we need to have as a constant in the organisation is core values,” he concluded. “Risk management needs to become part of the DNA of the organisation.”
The discussion which followed the keynote presentation, chaired by Ramesh, also saw presentations from Allan Sum, CRO, Bintai Kinden Corporation Berhad, and Maheran Nor Salfarina Salim, Head, Enterprise Risk & Governance, Petronas Refinery and Petrochemical Corp Sdn Bhd. Sharing his personal experiences, Allan said that when he started, his company did not have a comprehensive risk management strategy but training from the Institute of Enterprise Risk Practitioners helped develop it. Even so, he said, “It’s not easy to start Enterprise Risk Management from ground zero!”
One of the biggest benefits of ERM, he confirmed was improved decision-making when it came to making new investments and entering new markets. But he stressed that everyone needed to know the company’s mission and vision, and objectives and goals needed to be harmonised across the organisation. A major challenge was getting buy-in from all stakeholders; ERM is difficult to quantify in the short term. A lot also depends on the tone from the top, and ERM needs to go through a process; it will not happen overnight.
Advising the incorporation of risk thinking into everyday operations, he said that this could improve business operations at all levels but the organisation needed to be clear about what it wanted to extract from risk management as a strategic objective. With risk management, the organisation has better control over the unknown. It is not just another compliance programme, but it is everyone’s job. Ultimately, it will help everyone identify what is keeping them from achieving their objectives as they engage with their work.
As an oil & gas MNC, Petronas already has a risk framework that is applied organisation-wide, including in Petronas Chemical & Refinery Sdn Bhd, Maheran said. Agreeing with Allan that risk management starts with the tone from the top, and that commitment from management was key, she added that what the company wants to achieve has to be clearly defined so that the necessary processes can be put in place to manage risk. In this environment, communication is imperative and should be continuous between internal and external stakeholders.
Mindset was key, she said, particularly when transitioning from project level to business operations; this meant moving from an academic or theoretical approach to practical exercise – the real thing. The risk management model needs to be practical, and a balance has to be struck between lowest cost and maximum benefits, and which risks to prioritise. It also needed to be sustainable, she said, citing the use of solar panels as an example of risk and sustainability in operations, which could be applied to carbon trade-offs.
Both Allan and Maheran were in agreement on the need to have the right tone from the top where risk management was concerned. “Top management should walk the talk,” said Allan. “If management raises awareness of shortfalls, they should take notice.” Maheran added that it was important to also make the subject matter understandable and relatable. “No jargon! Don’t show them the Standards documents – nobody will understand!” she quipped, stressing that the board has multiple decisions to make. A snapshot of the plan, suggestions for mitigation and how to proceed, will be more effective.
Remarking that ERM was not just a paper exercise, Allan said that it could build a culture of openness in the organisation, but personal relationships with people at all levels was paramount (to its success). Queried on how to know if ERM was working, he said that quantifying it was difficult, but one indication would be its application to decision-making at all levels. Maheran urged users to ask the right questions and shape ERM conversations with their organisations. Using an established example, she said, “HSE conversations have been around for a long time. ERM conversations should be at this level too.”
