Boards and Risk Agility
@ the IERP® Global Conference, October 2022
Presenting some trends which have been observed in the current environment, Dato’ Megat Iskandar Shah, Partner at E&Y, said that traditionally, the primary objective of any corporation was to maximise shareholder value. While short-term profitability was still important today, and could still drive share prices, the focus was shifting to long-term value, in particular the purpose of the organisation. “But we are seeing a lot of momentum right now that those two factors are not the primary measures,” he said. “There is a lot of momentum building on long-term value; there are various stakeholders in place, and they are focusing on changes.”
It is imperative that organisations find new ways of managing risk. Based on research, many trends have recently emerged that point to a complete overhaul of business approaches for companies that want to remain sustainable and competitive. Many are indeed putting effort into different ways of doing things, indicating that they recognise the shifting dynamics of the market place, and what varied stakeholder groups are voicing. Disruption and uncertainty are not new phenomena; the Covid-19 pandemic just brought them more sharply into focus. Indeed, businesses have been growing in complexity over the years, necessitating different approaches and strategies.
There is more competition for capital and more consumers with more diverse preferences to appease. Firms also must deal with rising employee mobility, the need for workplace flexibility and changing expectations while grappling with difficulties of retaining talent amid growing skills gaps. Rapidly-evolving regulatory requirements are demanding attention as well, as regulators try to keep up with the technology which is pushing businesses into hitherto uncharted areas at an unprecedented rate. In tandem, risks, too, are evolving. These can contribute to uncertainty, and hold back sustainability efforts.
Climate change and its related risks, changing demographics and decreasing stakeholder trust are just some of the many factors which are likely to affect businesses in the immediate future. Boards and management need to identify all these within their respective contexts, and put in mitigative measures, going forward. In a concrete step to address these issues, some companies have started putting out purpose statements, Megat said. “Short-term profitability is still an important measure but there is a lot of momentum building on long-term value,” he said. “Purpose statements bring in different values – from people and society – rather than a vision or mission statement.”
Quoting statistics from a recent survey, he said that 87% of people across society agreed that stakeholders, not shareholders, had the most significant impact on the share price and market capitalisation of the company. CEOs, too, tended to agree that changes needed to be made focusing on stakeholders’ response, moving to long-term purpose rather than short-term profit maximisation. But this is difficult to translate into action. What strategies need to be formulated, and how should companies move towards being risk-agile, if they want to move forward? And how will the role of risk managers be affected or enhanced by these dynamics?
Environmental and technology risks are the top two risks CROs should be looking out for, Megat advised. Risk managers can respond by increasing attention paid to credit risk, cybersecurity risk and climate change risk. “Cybersecurity…is something that has to be considered,” he said. “Many organisations are looking at cybersecurity, but climate risk is still number one.” From the Board/CRO perspective, he acknowledged the need to move beyond traditional risk indicators. “Have you considered a cybersecurity or climate change risk indicator?” he said. “This comes back to the theme of being risk agile from the board and management perspective. Relook the risk universe.”
Close monitoring of ESG is necessary, for regulatory requirements but organisations may not have the experience to determine how to manage emerging risks, and forge a way forward. It has become necessary to revisit and make changes to current risk models. Companies need to obtain better insights into what is driving new risks, and what changes should be applied to risk models to tighten controls, testing and monitoring, to make these more effective. He acknowledged, however, that firms may not have the talent necessary to do this, particularly with the changes in international regulations, and the enhancements to cybersecurity which were now gaining traction.
“Boards are generally more concerned about the transition of organisations to a more digital strategy, moving forward,” he said. “A lot of boards and CEOs want to move to long-term value but don’t know how.” Key attention areas include overseeing strategy, enterprise management and more stringent oversight of digital transformation. Assessing the composition of the board and its effectiveness also requires attention. On risk management, he said that research shows 88% of respondents anticipated the acceleration of transformation by senior management. “There is continuous iteration and improvement,” he said. “We don’t just invest a few million (in systems), then stop. There’s continuous improvement, going forward.”
He cautioned that there was more to going digital then just setting a budget for it. Complex legacy systems may pose challenges, as could the very wide – sometimes overwhelming – range of options now available. “Which technology platform to choose? Sometimes the platform you choose could quickly become obsolete,” he pointed out. There were other challenges to consider as well, such as low returns on investment. “A lot of IT does not have a direct impact on sales or share price,” he said. “If the projection of returns on investment does not consider the bigger picture, there may be reluctance to invest, going forward.”
From the ‘people’ perspective, resistance to change may stop the digital transformation or reduce the budget for it. Additionally, coordination among business units may be difficult. “Business still needs to run, earn revenue and expand,” he said. “Some businesses are so busy trying to build up sales that they get disturbed by the project managers’ efforts to digitise. This affects the business and is a key challenge.” Lack of clear vision from leadership and lack of ownership is yet another factor; having the right advice and tone from the top in terms of the digital way forward is crucial. It may also be difficult to integrate collaborators, incubators and accelerators.
With the extensive changes in technology, having the right oversight and people who are qualified to oversee, is an organisational imperative. Moving more concertedly into the area of risk management and governance, a large percentage of boards surveyed believe that risk and compliance need to find a better balance between risk and roles. “The key messages here are that balance needs to be shifted a bit, and balance needs to move to better risk management,” he said. Amid the myriad lessons that prior crises have taught industry, is that despite the majority of companies focusing on just trying to survive, there are opportunities as well.
“From a risk management perspective, financial institutions are looking for improvements in several areas including stress test scenario models, technology, risk reporting, portfolio management, tabletop exercises, testing and monitoring, non-financial or ESG risks, and enhancements to other responses,” he said. “We need to enhance corporate governance, of course. When there is disruption, focus on finding opportunity…don’t just make ESG statements, convert these to appropriate ESG perspectives. Understand management’s expanding responsibilities. On board effectiveness and changing dynamics, make sure the right topics are covered, not just share prices, but emerging risk also.”