As Executive Director of Asian Pac Holdings Berhad (APHB), Dr Raymond Yu has his work cut out for him. He is responsible for managing the firm’s direction, strategies and growth – which, of course, just about covers everything that Main Board-listed company focuses on. APHB main business is property development and investment holdings, mall and carpark ownership and trading in building materials. As if all this is not enough, he has a portfolio of investment properties to take care of as well.
By his own admission, “Getting through every day is risk management. The future is uncertain, and we have to manage that uncertainty.” Being in the property development and investment business involves identifying all potential risks every step of the way, from planning to procurement, to execution and commissioning. Add to all this the necessity of managing the risks that are identified, and the magnitude of his position becomes clear: the job of an executive director is not just an onerous one; it is unenviable as well.
With so much on his plate – especially with projects in both East and West Malaysia – a full-fledged Risk Management Team would be a necessity but APHB, which has about 200 employees, does not have one. Instead, Dr Yu says, all managers and those in the levels above them are involved in the Risk Management Working Committee (RMWC), which in turn reports to the Audit & Risk Management Committee (ARMC) of the Board of Directors. And because all APHB’s departmental, sectional and regional heads are involved, the practice of risk management has permeated much of the firm, covering HR & Admin, Finance and Property Development, among other areas.
Perhaps what makes APHB stand out as an example of successful enterprise-wide application of risk management is that it has happened fairly recently. “I first came to know about ERM about three or four years ago, and started applying it three years ago,” Dr Yu said. “Initially, I had some reservations about it, particularly if it could be incorporated and embedded seamlessly into the working culture of the organisation. I was also hesitant at first because I didn’t want it be perceived as just an exercise in compliance.”
Despite committing wholly to ERM, there are still challenges, he admits, the main one being people-related. The following are some hard questions that elicited some very frank responses:
1) What are your greatest challenges with regards to ERM in your present position?
The greatest challenge is getting everyone in the organisation to carry out risk management consciously, especially when there are varying views and concept of risk management.
2) In your experience, what is the best way of getting “buy-in” from senior management?
The best way is to incorporate ERM during annual reviews or strategic meetings as it is one of the best-suited environments to discuss about risks and how to manage them.
3) What convinces non-executive levels to accept/adopt/apply ERM?
One of the best ways is to manage the risks simultaneously – or in tandem with – any project we undertake, no matter how big or small. ERM provides us a systematic methodology for that, although we are unconsciously doing risk management all the time, as we progress with the project.
4) What has been your best argument so far against silo mentality?
The human body requires the functioning of all its parts, no matter how big or small, and it needs to do this in a synchronised manner for optimum performance.
5) What kind of training do you recommend for particularly conservative/traditional Board members?
Showcases of real-life examples of failures where risk is not managed properly and how the failures could have been avoided if proper risk management was in place with working examples.
6) Based on your work experience, how long does it take for a viable risk culture to develop in a firm?
I think it would take about two or three years.
7) What are some of the factors that inhibit the development of such cultures?
One of the most prevalent is a misguided understanding of risk management, and the tendency to equate risk with danger, instead of seeing it as an opportunity. Also, the additional paperwork involved can be quite tedious, especially when it is not integrated into the work processes.
8) What common pitfalls should organisations be aware of, when implementing ERM?
Organisations should try not to view ERM as just another process implemented by “management.” This is usually true if most of those at managerial level do not fully understand what risk management is. Most people also associate risks with “danger” and hence are unable to accept the fact that even though the risk is a low-probability low-impact risk, there is still risk present, nevertheless.
9) In your opinion, what would an ideal environment be, for the development of a risk culture?
The ideal environment would require several key factors, such as very clear organisational objectives which are aligned so that every individual is heading in the same direction. The intention should be to have transparency in the management and decision-making processes at all levels so that every individual can easily understand the reasons.
10) Do you see the cultivation of risk culture gaining traction with Malaysian businesses?
Gradually, but at a very slow pace.
11) What are some of the barriers to quicker adoption of ERM in the Malaysian environment?
The main barrier is still the common misunderstanding about risk management and how it can actually contribute positively to an organisation’s development and growth.