There has been some decline following recent large-scale negative events, such as 9/11 and the failure of Enron, WorldCom, Parmalat and others.
The industry is still experiencing high prices and shortage of capacity for some types of insurance. Some of the blue chip insurers and reinsurers have suffered unprecedented credit rating downgrades.
But there have also been several positive advances, notably in the field of risk management.
Risk used to be handled by companies on a departmental basis. Internal audit looked after financial risks, treasury looked after treasury risks, business units looked after project risks, and someone else was designated to take responsibility for the insurance programme for hazard and liability risks.
In the past few years companies have taken much more of an enterprise view of risk.
Risk has always been centre stage in industries such as banking. Only recently has an enterprise risk view been adopted by companies operating in other sectors such as manufacturing, mining and government.
"Risk management is the term applied to a logical and systematic method of identifying, analysing, assessing, treating, monitoring and communicating risks associated with any activity, function or process in a way that will enable organisations to minimise losses and maximise opportunities" AS/NZS 4360:1999., pp.2,6.
Sound risk management is an essential component of good corporate governance. It is not coincidental that there is an increased profile in recent years between corporate governance and risk management. The spate of both private and public sector failures lay testimony to lack of direction, executive action, supervision and accountability, and ethical structures.
The role that good risk management plays includes putting control activities in place to manage risks/returns throughout the organisation by developing plans which cover activities as diverse as:
- operating performance
- contestability
- performance management
- human resource management
- contracting out
- financial issues
Risk is a strategic issue. Organisational approaches to risk management, which are documented in most organisational or agency planning documents, need to be aligned to strategic objectives, corporate governance arrangements, and integrated into business planning and reporting cycles. This approach aims to provide the appropriate assurance to shareholders, Government and other stakeholders that the organisation or agency has a formal, systematic and pro-active approach to the identification, management and monitoring of risk.
This process will assist in strengthening the corporate governance arrangements and support directly business improvement initiatives.
Risk management is one of the most significant tools of corporate governance. The role of risk management within a corporate governance framework is to be aware of corporate regulatory legislation and ensure that internal compliance systems are implemented to comply with external regulation. Following the corporate excesses and collapses of the past years, corporate risks are increasingly being externally identified and controlled.
However, this does not remove the need for internal control mechanisms. What it requires is conformity and compliance with externally identified risks. Corporate risk is no longer subjectively determined.
The risks that face a company have always been significant and of wide scope.
What we are now seeing is legislative responses to inadequate management of those risks. Although preventative remedies (injunctions) are available in some circumstances, the legislation largely deals with the consequences of bad management and aims to guide decision-makers in their choices. Courts remain reluctant to interfere with business judgements of corporations but will not hesitate to impose liability where decisions have been made negligently or recklessly, that is, without due diligence.
Risk management should ensure that externally imposed corporate governance controls are complied with. It also should be aware of the increasing concerns regarding consumer protection. One of the main purposes of a compliance (risk management) program is to prevent breaches of the law.
When a court is considering liability or deciding on penalties to impose it will consider the preventative action taken by the organization. Internal policies and procedures must not only be implemented but also constantly monitored for their effectiveness, regularly assessed and reviewed upon the introduction of new governance regulations or failure.
|
