Creating stakeholder or shareholder value and increasing business resilience is the ultimate aim of value of any corporation and the most common goal of any risk management initiative. Risk is becoming increasingly important as the global environment and pace of change increases - business risks have grown in number, complexity, likelihood, impact and consequence in recent years and this has increased uncertainty for every organisation.

The responsibilities and duties of a director are complex and recent research by the Institute of Directors (IoD) has concluded the key purpose of a board is to "ensure the company's prosperity by collectively directing the company's affairs while meeting the appropriate interests of the shareholders and relevant stakeholders".

The drive towards a more systematic management of risk and associated corporate governance standards makes sense. Since risk is unavoidable and businesses can only prosper through risk-taking, a sound framework of internal control for risks and opportunities will empower directors who have to take calculated risks with a view to maximising value for the owners of the company.

An effective board is involved in the following primary tasks:

  • establishing vision, mission and values
  • setting strategy and structure
  • delegating to management as appropriate
  • exercising accountability to shareholders and being responsible to stakeholders

    To undertake these tasks well, a director should look inside the company to examine the organisation's components, risks, opportunities and issues and outside to examine opportunities and exposures to the business from the global competitive environment.

    It is also vital directors understand the issues affecting business risks that may impact on the company's ability to achieve its objectives. While board members have done this in the past, structured framework providing them with better decision-making material will increase their confidence in their decisions. This is emphasised in the combined code, where directors are expected to implement a sound system of internal controls and to report on this in annual reports.

    Such internal controls are likely to include the development or adoption of formal systems to identify and monitor risks and mechanisms for avoiding, managing or mitigating them and good practice recommends that directors consider the results and information provided by these processes on a regular basis. Strategic leadership by directors involves the identification of issues and opportunities. Directors need as much timely and accurate information as possible to enable them to make informed judgments concerning the trade-off between opportunities in risk that is an essential part of their responsibilities.

    One of the major challenges all boards face involves getting a balance between the desire for the company to be entrepreneurial and keeping the business under prudent control. All recent publications in the field of corporate governance and controls are agreed on the necessity for the board to consider risk. For example, the Commonwealth Associa-tion of Corporate Governance (CACG) states "the board should identify key risk areas and key performance indicators of the business enterprise and monitor these factors".

    And, in 1997, the Audit Commission said:
    "It is important authorities have arrangements in place for reviewing both the nature and severity of risks... Such a review should not just be to `obvious tangible' risks such as arson, vandalism and other damage to property. Risk management should be an integral part of an authority's overall management arrangements."

    So risk assessment should involve regular and systematic consideration of:

  • the likelihood of present and future opportunities, threats and risk occurring within the external environment
  • the likelihood of current and future strengths, weaknesses and risks occurring within the internal company environment
  • the harm to the business resulting from the event occurring
  • processes, mechanisms, tasks or activities to tolerate, transfer or treat the risk.

    It is likely the successful approach will also be across the entire group, organisation and departments, as well as inter-disciplinary.

    Effective risk management can lead to better focus on business priorities, strengthened planning processes and the means to help management identify opportunities.

    The IoD also suggests that risk management can have a significant impact upon: company reputation, balance sheet valuation, cash flow and profit levels, liability exposure, less management time spent on fire fighting and less personnel exposure, in particular related to intellectual capital and skill dependency.

    The future is likely to see many changes in risk management and corporate governance. These may include a more international view of corporate governance requirements, the incorporation of sound corporate governance standards into standard tender responses, an increase in the acceptance of quantification of the total risk to an organisation, voluntary codes, a wider acceptance of professional standards and codes of conduct and, ultimately, a greater use and acceptance of internal and external benchmarking.

    It is important to remember that, under the General Insurance Standards Council (GISC) Commercial Code, members will take into consideration the responsibilities and perspectives of directors of both his company and that of his customers.

    Question 1
    Which of the following is the most appropriate?

    In order to best undertake their boardroom duties, members of the board should:
    A Eliminate risk
    B Report risk and exposure
    C Manage risk correctly
    D Demonstrate regulatory and legislative compliance
    E Monitor risk

    Question 2
    Which of the following is the exception?

    Examples of increased uncertainty within the business environment include:
    A Increasing merger and acquisition activity
    B Hardening of insurance markets
    C Deregulation of markets
    D Globalisation of business activities
    E The Twin Towers disaster

    Question 3
    Which of the following is the exception?

    Factors associated with the complexity of operations and working methods include:
    A Increased industrial concentration and scale of operations
    B De-layering and cost-cutting
    C Increased compliance and reporting requirements
    D Teleworking and home working
    E The introduction of new technology

    Question 4
    Which of the following is the exception?

    GISC consultation documents for self governance include the following:
    A That the governance structure of the GISC is a key factor in ensuring an effective regulatory regime to monitor and enforce standards in all areas of general insurance exists
    B That the following committees are envisaged: scrutiny, remuneration, audit and finance, due diligence, membership
    C That the governance standards should encompass all matters relevant to the fair treatment of customers
    D That a sound system of internal control is recommended for all members.

    How to use CPD
    This free Insurance Times reader service is intended to help you improve your skills and understanding from the comfort of your office or home. All you have to do is read the text and answer the multiple-choice questions. The answers will appear in next week's issue.

    Why CPD is important
    The Financial Services National Training Organisation (FSNTO)'s mission is to improve the quality and skills of the workforce as a fundamental requirement for the sustainable competitiveness of the industry. We fully support the practice of continuing professional development (CPD) as a major contributor to achieving this aim. Many people across the sector are required to undertake CPD by virtue of the work they do or the professional body to which they belong, but everyone can benefit from continuing to develop their knowledge and skills.

    Reference notes

  • GISC Corporate Governance documents
  • ICAEW: Internal Control. Guidance for Directors on the Combined Code
  • ICAEW: Nigel Turbull 1999. Internal Control: Guidance for Directors on the Combined Code
  • London Stock Exchange: 1998. The Combined Code: Principles of Good Governance and Code of Best Practice
  • Institute of Directors: 2001. Standards for the Board: Improving the effectiveness of your board
  • Canadian Treasury: KPMG/PMN Best Practices in Risk Management documents
  • This week's CPD unit is the first in a series on risk management which will build on each other to give the participant a good overall understanding of the complexities of Total Risk Management. The series is contributed by

    Carole Edrich, who is the principal of KAI Corporation (Risk). She can be reached at

  • Topics