AEC 117 - GOVERNANCE,
RISK MANAGEMENT AND
SCOTT JASON P. LLANES, DBA
Lesson 1: Conceptual Framework of Corporate Governance
Corporate Governance is how a corporation is administered or
controlled. It is a set of processes, customs, policies, laws and
instructions affecting the way a corporation is directed, administered
or controlled. The participants in the process include employees,
suppliers, partners, customers, government, and professional
organization regulators, and the communities in which the
organization has presence.
Corporate Governance is integral to the existence of the company.
Corporate Governance is needed to create a corporate culture of
transparency, accountability and disclosure.
Corporate Governance is concerned with holding the balance
between economic and social goals and between individual and
communal goals. The corporate governance framework is there to
encourage the efficient use of resources and equally to require
accountability for the stewardship of those resources. The aim is to
align as nearly as possible the interests of individuals, corporations
Good accounting and auditing practices are highly effective as an
instrument of corporate governance.
In a business context, customers, investors, shareholders,
employees, suppliers, government agencies, communities and many
others who have a ‘stake’ or claim in some aspect of a company’s
products, operations, markets, industry and outcomes are known as
Stakeholders are characterized by their relationship to the company
and their needs, interests and concerns, which will be foremost in
their minds at the start of an engagement process. However, as the
process unfolds they will soon take a particular role with related tasks
Lesson 2: Risk Management
Risk and reward go hand by hand. We have often heard the
statement that without risk there is no gain. Risk is inherent in the
business. Different types of risk exist in the business according to the
nature of the business and they are to be controlled and managed.
Risk Management is a continuous process of identifying, evaluating
and assessing the inherent and potential risk, adopting the methods
for its systematic reduction in order to sustainable business
Lesson 3. Ethics and Business
Ethics is a “Science of morals.” The new and emerging concepts in
management like corporate governance, business ethics and
corporate sustainability are some of the expressions through which
this emerging ethical instinct in the corporate world is trying to
express and embody itself in the corporate life. In this study we
examine the concept of ethics and its importance for the business,
corporate governance and governance through inner conscience and
The objective is to enable one to understand the following:
- Inner Conscience and its Linkage to Governance
- The concept of business ethics
- Advantages of Ethics
WHAT IS CORPORATE GOVERNANCE?
Corporate Governance is “the conduct of business in accordance with
shareholders’ desires, which generally is to make as much money as
possible, while conforming to the basic rules of the society embodied in
law and local customs.”
Noble Laureate Milton Friedman
Corporate or a Corporation is derived from the Latin term “corpus”
which means a “body”. Governance means administering the
processes and systems placed for satisfying stakeholder expectation.
The root of the word Governance is from ‘gubernate’, which means to
steer. When combined, Corporate Governance means a set of
systems, procedures, policies, practices, standards put in place by a
corporate to ensure that relationship with various stakeholders is
maintained in transparent and honest manner.
The phrase “corporate governance” describes “the framework of
rules, relationships, systems and processes within and by which
authority is exercised and controlled within corporations. It
encompasses the mechanisms by which companies, and those in
control, are held to account.”
Corporate governance is the broad term used to describe the
processes, customs, policies, laws and institutions that direct the
organizations and corporations in the way they act or administer and
control their operations. It works to achieve the goal of the
organization and manages the relationship among the stakeholders
including the board of directors and the shareholders.
Corporate governance means to steer an organization in the desired
direction by determining ways to take effective strategic decisions. It
also deals with the accountability of the individuals through a
mechanism which reduces the principal-agent problem in the
Corporate Governance has a broad scope. It includes both social and
institutional aspects. Corporate Governance encourages a
trustworthy, moral, as well as ethical environment. In other words,
the heart of corporate governance is transparency, disclosure,
accountability and integrity. It is to be borne in mind that mere
legislation does not ensure good governance. Good governance
flows from ethical business practices even when there is no
Good corporate governance promotes investor confidence, which is
crucial to the ability of entities listed to compete for capital. Good
corporate governance is essential to develop added value to the
stakeholders as it ensures transparency which ensures strong and
balanced economic development. This also ensures that the interests
of all shareholders (majority as well as minority shareholders) are
safeguarded. It ensures that all shareholders fully exercise their
rights and that the organization fully recognizes their rights.
Some of the salient advantages of Corporate Governance are stated hereunder:
❑ Good corporate governance ensures corporate success and economic
❑ Strong corporate governance maintains investors’ confidence, as a result
of which, company can raise capital efficiently and effectively.
❑ There is a positive impact on the share price.
❑ It provides proper inducement to the owners as well as managers to
achieve objectives that are in interests of the shareholders and the
❑ Good corporate governance also minimizes wastages, corruption, risks
❑ It helps in brand formation and development.
❑ It ensures organization in managed in a manner that fits the best interests
(a) Corporate Performance
Improved governance structures and processes ensure quality
decision-making, encourage effective succession planning for senior
management and enhance the long-term prosperity of companies,
independent of the type of company and its sources of finance. This
can be linked with improved corporate performance- either in terms
of share price or profitability.
(b) Enhanced Investor Trust
As individuals and institutions invest capital directly or through
intermediary funds, they look to see if well- governed corporate
boards are there to protect their interests. Investors who are
provided with high levels of disclosure and transparency such as
relating to data on matters such as pay governance, pay components,
performance goals, and the rationale for pay decisions etc. are likely
to invest openly in those companies. On Apple’s investor relations
site, for example, the firm outlines its leadership and governance,
including its executive team, its board of directors and also the firm’s
committee charters and governance documents, such as bylaws,
stock ownership guidelines etc.
(c) Better Access to Global Market
Good corporate governance systems attract investment from global investors,
which subsequently leads to greater efficiencies in the financial sector. The
relation between corporate governance practices and the increasing
international character of investment is very important. International flows of
capital enable companies to access financing from a much larger pool of
investors. In order to reap the full benefits of the global capital market and
attract long-term capital, corporate governance arrangements must be credible,
well understood across borders and should adhere to internationally accepted
principles. On the other hand, even if corporations do not rely primarily on
foreign sources of capital, adherence to good corporate governance practices
helps improve the confidence of domestic investors, reduces the cost of capital,
enables good functioning of financial markets and ultimately leads to more
stable sources of finance.
(d) Combating Corruption
Companies that are transparent, and have sound system that provide
full disclosure of accounting and auditing procedures, allow
transparency in all business transactions, provide environment
where corruption would certainly fade out. Corporate Governance
enables a corporation to -compete more efficiently and prevent fraud
and malpractices within the organization.
(e) Easy Finance from Institutions
Several structural changes like increased role of financial intermediaries and
institutional investors, size of the enterprises, investment choices available to
investors, increased competition, and increased risk exposure have made
monitoring the use of capital more complex thereby increasing the need of Good
Corporate Governance. Evidences indicate that well-governed companies
receive higher market valuations. The credit worthiness of a company can be
trusted on the basis of corporate governance practiced in the company.
(f) Enhancing Enterprise Valuation
Improved management accountability and operational transparency fulfill
investors’ expectations and confidence on management and corporations, and in
return, increase the value of corporations.
(g) Reduced Risk of Corporate Crisis and Scandals
Effective Corporate Governance ensures efficient risk mitigation system in
place. A transparent and accountable system makes the Board of a company
aware of the majority of the mask risks involved in a* particular strategy,
thereby, placing various control systems in place to facilitate the monitoring of
the related issues.
Investor relations are essential part of good corporate governance. Investors
directly/ indirectly entrust management of the company to create enhanced
value for their investment. The company is hence obliged to make timely
disclosures on regular basis to all its shareholders in order to maintain good
investor relation. Good Corporate Governance practices create the environment
whereby Boards cannot ignore their accountability to these stakeholders.
ELEMENTS / SCOPE OF GOOD CORPORATE GOVERNANCE
Some of the important elements of good corporate governance are discussed as
1. Role and powers of Board
Good governance is decisively the manifestation of personal beliefs and values
which configure the organizational values, beliefs and actions of its Board. The
board is the primary direct stakeholder influencing corporate governance.
Directors are elected by shareholders or appointed by other board members
and are tasked with making important decisions, such as corporate officer
appointments, executive compensation and dividend policy. In some instances,
board obligations stretch beyond financial optimization, when shareholder
resolutions call for certain social or environmental concerns to be prioritized.
The Board as a main functionary is primary responsible to ensure value creation
for its stakeholders. The absence of clearly designated role and powers of Board
weakens accountability mechanism and threatens the achievement of
organizational goals. Therefore, the foremost requirement of good governance is
the clear identification of powers, roles, responsibilities and accountability of the
Board, CEO, and the Chairman of the Board. The role of the Board should be
clearly documented in a Board Charter.
Clear and unambiguous legislation and regulations are fundamental to effective
corporate governance. Legislation that requires continuing legal interpretation
or is difficult to interpret on a d.ay-to-day basis can be subject to deliberate
manipulation or inadvertent misinterpretation.
3. Management Environment
Management environment includes setting-up of clear objectives and
appropriate ethical framework, establishing due processes,
providing for transparency and clear enunciation of responsibility
and accountability, implementing sound business planning,
encouraging business risk assessment, having right people and right
skill for the jobs, establishing clear boundaries for acceptable
behavior, establishing performance evaluation measures and
evaluating performance and sufficiently recognizing individual and
4. Board skills
To be able to undertake its functions efficiently and effectively, the
Board must possess the necessary blend of qualities, skills,
knowledge and experience. Each of the directors should make
A Board should have a mix of the following skills, knowledge and
Operational or technical expertise, commitment to establish leadership;
Legal skills; and
Knowledge of Government and regulatory requirement.
5. Board appointments
To ensure that the most competent people are appointed on the Board, the Board
positions should be filled through the process of extensive search. A well-defined and
open procedure must be in place for reappointments as well as for appointment of new
directors. Appointment mechanism should satisfy all statutory and administrative
requirements. High on the priority should be an understanding of skill requirements of
the Board particularly at the time of making a choice for appointing a new director. All
new directors should be provided with a letter of appointment setting out in detail their
duties and responsibilities.
The role of the board of directors was summarized by the King Report (a South African
report on corporate governance) as:
• to define the purpose of the company
• to define the values by which the company will perform its daily duties
• to identify the stakeholders relevant to the company
• to develop a strategy combining these factors
• to ensure implementation of this strategy.
6. Board induction and training
Directors must have a broad understanding of the area of operation of the company’s
business, corporate strategy and challenges being faced by the Board. Attendance at
continuing education and professional development programs is essential to ensure
that directors remain abreast of all developments, which are or may impact on their
corporate governance and other related duties.
7. Board independence
Independent Board is essential for sound corporate governance. This goal may be
achieved by associating sufficient number of independent directors with the Board.
Independence of directors would ensure that there are no actual or perceived
conflicts of interest. It also ensures that the Board is effective in supervising and,
where necessary, challenging the activities of management. Accordingly, the majority
of Board members should be independent of both the management team and any
commercial dealings with the company.
8. Board Meetings
Directors must devote sufficient time and give due attention to meet their obligations.
Attending Board meetings regularly and preparing thoroughly before entering the
Boardroom increases the quality of interaction at Board meetings. Board meetings are
the forums for Board decision-making. These meetings enable directors to discharge
their responsibilities. The effectiveness of Board meetings is dependent on carefully
planned agendas and providing relevant papers and material to directors sufficiently
prior to Board meetings.
9. Code of Conduct
It is essential that the organization’s explicitly prescribed norms of ethical practices and
code of conduct are communicated to all stakeholders and are clearly understood and
followed by each member of the organization. Systems should be in place to
periodically measure, evaluate and if possible recognize the adherence to code of
10. Strategy setting
The objectives of the company must be clearly documented in a long-term
corporate strategy including an annual business plan together with
achievable and measurable performance targets and milestones.
11. Business and community obligations
Though basic activity of a business entity is inherently commercial yet it
must also take care of community’s obligations. Commercial objectives
and community service obligations should be clearly documented after
approval by the Board. The stakeholders must be informed about the
proposed and ongoing initiatives taken to meet the community
12. Financial and operational reporting
The Board requires comprehensive, regular, reliable, timely, correct and
relevant information in a form and of a quality that is appropriate to discharge its
function of monitoring corporate performance. For this purpose, clearly defined
performance measures - financial and non-financial should be prescribed which
would add to the efficiency and effectiveness of the organization.
The reports and information provided by the management must be
comprehensive but not so extensive and detailed as to hamper comprehension
of the key issues. The reports should be available to Board members well in
advance to allow informed decision-making. Reporting should include status
report about the state of implementation to facilitate the monitoring of the
progress of all significant Board approved initiatives.
13. Monitoring the Board performance
The Board must monitor and evaluate its combined performance and also that of
individual directors at periodic intervals, using key performance indicators
besides peer review. The Board should establish an appropriate mechanism for
reporting the results of Board’s performance evaluation results.
14. Audit Committees
The Audit Committee is inter alia responsible for liaison with the management;
internal and statutory auditors, reviewing the adequacy of internal control and
compliance with significant policies and procedures, reporting to the Board on
the key issues. The quality of Audit Committee significantly contributes to the
governance of the company.
15. Risk Management
Risk is an important element of corporate functioning and
governance. There should be a clearly established process of
identifying, analyzing and treating risks, which could prevent the
company from effectively achieving its objectives. It also involves
establishing a link between risk-return and resourcing priorities.
Appropriate control procedures in the form of a risk management
plan must be put in place to manage risk throughout the organization.
The plan should cover activities as diverse as review of operating
performance, effective use of information technology, contracting out
Today, the corporate world as a whole is in the process of acquiring a
moral conscience. The new and emerging concepts in management
like corporate governance, business ethics and corporate
sustainability are some of the expressions through which this
emerging ethical instinct in the corporate world is trying to express
and embody itself in the corporate life. In this study we examine the
concept of ethics and its importance for the business, corporate
governance and governance through inner conscience and
WHAT IS ETHICS
As per the Oxford Dictionary the meaning of ethics is a “system of moral
principles, rules and conduct.”. Ethics is a “Science of morals.” The word
ethics has emerged from Latin ‘Ethicus’ or in Greek ‘Ethicos’. The origin of
these two words is from ‘ethos’ meaning character. Character unlike
behavior is an intrinsic or basic factor which derives from inner most.
The term ‘ethics’ can commonly refer to the rules and principles that
define right and wrong conduct of individuals (Robbins, Bergman, Stagg
and Coulter, 2003, p.150). Ethical Behavior is accepted as “right” or
“good” in the context of a governing moral code. Ethics can be viewed as
a way of behaving that can be prescribed and imposed by the work
environment (Garcia-Zamor, 2003).
Ethics refers to well-founded standards of right and wrong that
prescribe what humans ought to do, usually in terms of rights,
obligations, benefits to society, fairness, or specific virtues.
Thus, ethics relates to the standards of conduct and moral
judgements that differentiate right from wrong. Ethics is not a natural
science but a creation of the human mind. For this reason, it is not
absolute and is open to the influence of time, place and situation.
Business ethics constitute the ethical/moral principles and challenges
that arise in a business environment. Some of the areas related with –
and not limited to- business ethics include the following:
1. Finance and Accounting: Creative accounting, Earnings
management, Financial analysis, Insider trading, Securities Fraud,
2. Human Resource Management: Executive compensation,
Affirmative action, Workplace surveillance, Whistle blowing,
Occupational safety and health, Indentures servitude, Union busting,
Sexual Harassment, Employee raiding.
3. Sales and Marketing: Price fixing, price discrimination, green
washing, spamming, using addictive messages/images in
advertising, Marketing to children, False advertising, Negative
Business Ethics is the application of ethical principles and methods of
analysis to business. Business ethics deals with the topic of study that
has been given its due importance in business, commerce and
industry since last three decades.
ORGANIZATION STRUCTURE AND ETHICS
An organization’s structure is important to the study of business
ethics. In a centralized organization, decision- making authority is
concentrated in the hands of top-level managers, and very little
authority is delegated to the lower levels. Responsibility, both
internal and external, rests with top management. This structure is
especially suited for organizations that make high-risk decisions, and
whose lower-level managers are not highly skilled in decision-
making. It is also suitable for organizations in which production
processes are routine and efficiency is of primary importance.
In a decentralized organization, decision-making authority is delegated
as far down the chain of command as possible. Such organizations have
relatively few formal rules, coordination and control are usually
informal and personal. They focus on increasing the flow of information.
As a result, one of the main strengths of decentralized organizations is
their adaptability and early recognition of external change. This
provides greater flexibility to managers and they can react quickly to
changes in their ethical environment. Weakness of decentralized
organizations lies in the fact that they have difficulty in responding
quickly to changes in policy and procedures established by the top
management. In addition, independent profit centers within a
decentralized organization may sometimes deviate from organizational
Organizational structure touches on many issues related to ethics.
1. The alienation experienced by workers doing repetitive work
2. The feelings of oppression created by the exercise of authority
3. The responsibilities heaped on the shoulders of managers.
4. The power tactics employed by managers who are anxious to
advance their career ambitions.
5. Health problems created by unsafe working conditions.
6. The absence of due process for non-unionized employees.
Conflict of interest in business arises when an employee or manager
of a company is engaged in carrying out a task on behalf of the
company and the employee has private interest in the outcome of the
1. Possibly antagonistic to the best interests of the company
2. Substantial enough that it does or reasonably might affect.
3. The independent judgement of the company expects the
employee to exercise on its behalf.
FOUR FUNDAMENTAL ETHICAL PRINCIPLES
1. The Principle of Respect for autonomy
Autonomy is Latin for “self-rule” We have an obligation to respect the
autonomy of other persons, which is to respect the decisions made
by other people concerning their own lives. This is also called the
principle of human dignity. It gives us a negative duty not to interfere
with the decisions of competent adults, and a positive duty to
empower others for whom we’re responsible.
Corollary principles: honesty in our dealings with others & obligation
to keep promises.
2. The Principle of Beneficence
We have an obligation to bring about good in all our actions.
Corollary principle? We must take positive steps to prevent harm. However, adopting
this corollary principle frequently places us in direct conflict with respecting the
autonomy of other persons.
3. The Principle of non-maleficence
(It is not “non-malfeasance,” which is a technical legal term, & it is not “non-
malevolence,” which means that one did not intend to harm.)
We have an obligation not to harm others: “First, do no harm. Corollary principle:
Where harm cannot be avoided, we are obligated to minimize the harm we do.
Corollary principle: Don’t increase the risk of harm to others. Corollary principle: It is
wrong to waste resources that could be used for good.
Combining beneficence and non-maleficence: Each action must produce more good
4. The Principle of justice
We have an obligation to provide others with whatever they are owed or
deserve. In public life, we have an obligation to treat all people equally, fairly,
Corollary principle: Impose no unfair burdens.
Combining beneficence and justice: We are obligated to work for the benefit of
those who are unfairly treated.
Dilemma is a situation that requires a choice between options that are or seem
equally unfavorable or mutually exclusive. By definition, an ethical dilemma
involves the need to choose from among two or more morally acceptable
courses of action, when one choice prevents selecting the other; or, the need to
choose between equally unacceptable alternatives (Hamric, Spross, and Hanson,
A dilemma could be a right vs. wrong situation in which the right would be more
difficult to pursue and wrong would be more convenient. A right versus wrong
dilemma is not so easy to resolve. It often involves an apparent conflict between
moral imperatives, in which to obey one would result in transgressing the other.
This is also called an ethical paradox.
An ethical dilemma involves a situation that makes a person question what is the
‘right’ or ‘wrong’ thing to do. They make individuals think about their
obligations, duties or responsibilities. These dilemmas can be highly complex
and difficult to resolve. Easier dilemmas involve a ‘right’ versus ‘wrong’ answer;
whereas, complex ethical dilemmas involve a decision between a right and
another right choice. However, any dilemma needs to be resolved.
The ethical dilemma consideration takes us into the grey zone of business and
professional life, where things are no longer black or white and where ethics has
its vital role today. A dilemma is a situation that requires a choice between
equally balanced arguments or a predicament that seemingly defies a
ADVANTAGES OF BUSINESS ETHICS
More and more companies have begun to recognize the relation
between business ethics and financial performance. Companies
displaying a “clear commitment to ethical conduct” consistently
outperform those companies that do not display an ethical conduct.
A company that adheres to ethical values and dedicatedly takes care
of its employees is rewarded with equally loyal and dedicated
1. Attracting and retaining talent
People aspire to join organizations that have high ethical values. Such
companies are able to attract the best talent. The ethical climate
matters a lot to the employees. Ethical organizations create an
environment that is trustworthy, making employees willing to rely
on company’s policies, ability to take decisions and act on those
decisions. In such a work environment, employees can expect to be
treated with respect, and will have consideration for their colleagues
and superiors as well. Thus, company’s policies cultivate teamwork,
promote productivity and support employee-growth.
Retaining talented people is as big a challenge for the company as
getting them in the first place. Work is a mean to an end for the
employees and not an end in itself. The relationship with their
employer must be a win- win situation in which their loyalty should
not be taken for granted. Talented people will invest their energy
and talent only in organizations with values and beliefs that matches
their own. In order to achieve this equation, managers need to build
culture, compensation and benefit packages, and career paths that
reflect and foster certain shared values and beliefs.
2. Investor Loyalty
Investors are concerned about ethics, social
responsibility and reputation of the company in which
they invest. Investors are becoming more and more
aware that an ethical climate provides a foundation for
efficiency, productivity and profits. Relationship with
any stakeholder, including investors, based on
dependability, trust and commitment results in sustained
3. Customer satisfaction
Customer satisfaction is a vital factor of a successful business strategy. Repeated
purchases/orders and an enduring relationship with mutual respect is essential
for the success of the company. The name of a company should evoke trust and
respect among customers for enduring success. This is achieved by a company
only when it adopts ethical practices. When a company with a belief in high
ethical values is perceived as such, the crisis or mishaps along the way is
tolerated by the customers as minor aberrations. Such companies are also
guided by their ethics to survive a critical situation. Preferred values are
identified and it is ensured that organizational behavior is aligned to those
values. An organization with a strong ethical environment places its customers’
interests as foremost. Ethical conduct towards customers builds a strong
competitive position for the company. It promotes a strong public image too.
Regulators eye companies functioning ethically as responsible citizens. The
regulator need not always monitor the functioning of the ethically sound
company. Any organization that acts within the confines of business ethics not
only earns profit but also gains reputation publicly.
To summarize, companies that are responsive to employees’ needs have lower
turnover in staff.
– Shareholders invest their money into a company and expect a certain
level of return from that money in the form of dividends and/or capital growth.
- Customers pay for goods, give their loyalty and enhance a company’s
reputation in return for goods or services that meet their needs.
- Employees provide their time, skills and energy in return for salary,
bonus, career progression and experience.
CORPORATE SOCIAL RESPONSIBILITY (CSR)
CSR is understood to be the way firms integrate social,
environmental and economic concerns into their values,
culture, decision making, strategy and operations in a
transparent and accountable manner and thereby establish
better practices within the firm, create wealth and improve
society. CSR is also called Corporate Citizenship or
The 1950s saw the start of the modern era of CSR when it was more commonly
known as Social Responsibility. In 1953, Howard Bowen published his book,
“Social Responsibilities of the Businessman”, and is largely credited with coining
the phrase ‘corporate social responsibility’ and is perhaps the Father of modern
CSR. Bowen asked: “what responsibilities to society can business people be
reasonably expected to assume?” Bowen also provided a preliminary definition
of CSR: “its refers to the obligations of businessmen to pursue those policies, to
make those decisions, or to follow those lines of action which are desirable in
terms of the objectives and values of our society“.
According to Business for Social Responsibility (BSR) “Corporate social
responsibility is operating a business in a manner which meets or excels the
ethical, legal, commercial and public expectations that a society has from the
According to CSR Asia, a social enterprise, “CSR is a company’s commitment to
operate in an economically, socially and environmentally sustainable manner
whilst balancing the interests of diverse stakeholders”
CSR is generally accepted as applying to firms wherever they operate in the
domestic and global economy. The way businesses engage/involve the
shareholders, employees, customers, suppliers, Governments, non-
Governmental organizations, international organizations, and other stakeholders
is usually a key feature of the concept. While an organization’s compliance with
laws and regulations on social, environmental and economic objectives set the
official level of CSR performance, it is often understood as involving the private
sector commitments and activities that extend beyond this foundation of
compliance with laws.
According to the World Business Council for Sustainable
Development, 1999 “Corporate Social
Responsibility is the continuing commitment
by business to behave ethically and
contribute to the economic development
while improving the quality of life of the
workforce and their families as well as of the
local community and the society at large.”
Essentially, Corporate Social Responsibility is an inter-disciplinary
subject in nature and encompasses in its
1. Social, economic, ethical and moral responsibility of companies
2. Compliance with legal and voluntary requirements for business
and professional practice,
3. Challenges posed by needs of the economy and socially
disadvantaged groups, and
4. Management of corporate responsibility activities.
CSR is an important business strategy because, wherever possible,
consumers want to buy products from companies they trust; suppliers
want to form business partnerships with companies they can rely on;
employees want to work for companies they respect; and NGOs,
increasingly, want to work together with companies seeking feasible
solutions and innovations in areas of common concern. CSR is a tool
in the hands of corporates to enhance the market penetration of their
products, enhance its relation with stakeholders. CSR activities
carried out by the enterprises affects all the stakeholders, thus
making good business sense, the reason being contribution to the
WHY CSR AT ALL?
Business cannot exist in isolation; business cannot be oblivious to societal
development. The social responsibility
of business can be integrated into the business purpose so as to build a positive
synergy between the two.
1. CSR creates a favorable public image, which attracts customers.
Reputation or brand equity of the products of a company which understands and
demonstrates its social responsibilities is very high. Customers trust the products
of such a company and are willing to pay a premium on its products.
Organizations that perform well with regard to CSR can build reputation, while
those that perform poorly can damage brand and company value when exposed.
Brand equity, is founded on values such as trust, credibility, reliability, quality
2. Corporate Social Responsibility (CSR) activities have its advantages.
It builds up a positive image encouraging social involvement of
employees, which in turn develops a sense of loyalty towards the
organization, helping in creating a dedicated workforce proud of its
company. Employees like to contribute to the cause of creating a better
society. Employees become champions of a company for which they are
proud to work.
3. Society gains through better neighborhoods and employment
opportunities, while the organisation benefits from a better community,
which is the main source of its workforce and the consumer of its products.
4. Public needs have changed leading to changed expectations from
consumers. The industry/ business owes its very existence society and has
to respond to needs of the society.
5. The company’s social involvement discourages excessive
regulation or intervention from the Government or statutory bodies,
and hence gives greater freedom and flexibility in decision-making.
6. The internal activities of the organisation have an impact on the
external environment, since the society is an inter-dependent system.
7. A business organisation has a great deal of power and money,
entrusted upon it by the society and should be accompanied by an
equal amount of responsibility. In other words, there should be a
balance between the authority and responsibility.
8. The good public image secured by one organisation by their
social responsiveness encourages other organizations in the
neighborhood or in the professional group to adapt themselves to
achieve their social responsiveness.
9. The atmosphere of social responsiveness encourages co-
operative attitude between groups of companies. One company can
advise or solve social problems that other organizations could not
10. Companies can better address the grievances of its employees
and create employment opportunities for the unemployed.
11. A company with its “ear to the ground” through regular
stakeholder dialogue is in a better position to anticipate and respond
to regulatory, economic, social and environmental changes that may
12. Financial institutions are increasingly incorporating social and
environmental criteria into their assessment of projects. When
making decisions about where to place their money, investors are
looking for indicators of effective CSR management.
13. In a number of jurisdictions, governments have expedited
approval processes for firms that have undertaken social and
environmental activities beyond those required by regulation.
FACTORS INFLUENCING CSR
Many factors and influences, including the following, have led to increasing attention
being devoted to CSR:
→ Globalization – coupled with focus on cross-border trade, multinational enterprises
and global supply chains – is increasingly raising CSR concerns related to human
resource management practices, environmental protection, and health and safety,
among other things.
→ Governments and intergovernmental bodies, such as the United Nations, the
Organization for Economic Co-operation and Development and the International Labor
Organization have developed compacts, declarations, guidelines, principles and other
instruments that outline social norms for acceptable conduct.
→ Advances in communications technology, such as the Internet, cellular phones and
personal digital assistants, are making it easier to track corporate activities and
disseminate information about them. Non-governmental organizations now regularly
draw attention through their websites to business practices they view as problematic.
→ Consumers and investors are showing increasing interest in supporting responsible
business practices and are demanding more information on how companies are
addressing risks and opportunities related to social and environmental issues.
→ Numerous serious and high-profile breaches of corporate ethics have contributed to
elevated public mistrust of corporations and highlighted the need for improved
corporate governance, transparency, accountability and ethical standards.
→ Citizens in many countries are making it clear that corporations should meet
standards of social and environmental care, no matter where they operate.
→ There is increasing awareness of the limits of government legislative and regulatory
initiatives to effectively capture all the issues that corporate social responsibility
→ Businesses are recognizing that adopting an effective approach to CSR can reduce
risk of business disruptions, open up new opportunities, and enhance brand and
TRIPLE BOTTOM LINE APPROACH OF CSR
Within the broader concept of corporate social responsibility, the concept of
Triple Bottom Line (TBL) is gaining significance and becoming popular amongst
corporates. Coined in 1997 by John Ellington, noted management consultant, the
concept of TBL is based on the premise that business entities have more to do
than make just profits for the owners of the capital, only bottom line people
understand. “People, Planet and Profit” is used to succinctly describe the triple
bottom lines. “People” (Human Capital) pertains to fair and beneficial business
practices toward labor and the community and region in which a corporation
conducts its business. “Planet” (Natural Capital) refers to sustainable
environmental practices. It is the lasting economic impact the organization has
on its economic environment A TBL company endeavors to benefit the natural
order as much as possible or at the least do no harm and curtails environmental
impact. “Profit” is the bottom line shared by all commerce.
The need to apply the concept of TBL is caused due to –
(a) Increased consumer sensitivity to corporate social behavior
(b) Growing demands for transparency from shareholders/stakeholders
(c) Increased environmental regulation
(d) Legal costs of compliances and defaults
(e) Concerns over global warming
(f) Increased social awareness
(g) Awareness about and willingness for respecting human rights
(h) Media’s attention to social issues
(i) Growing corporate participation in social upliftment
CORPORATE CITIZENSHIP – BEYOND THE MANDATE OF LAW
Corporate citizenship is a commitment to improve community well-
being through voluntary business practices and contribution of
corporate resources leading to sustainable growth.
Corporate responsibility is achieved when a business adapts CSR
well aligned to its business goals and meets or exceeds, the ethical,
legal, commercial and public expectations that society has of
The term corporate citizenship implies the behaviour, which would
maximize a company’s positive impact and minimize the negative
impact on its social and physical environment. It means moving from
supply driven to more demand led strategies; keeping in mind the
welfare of all stakeholders; more participatory approaches to
working with communities; balancing the economic cost and
`benefits with the social; and finally dealing with processes rather
than structures. The ultimate goal is to establish dynamic relationship
between the community, business and philanthropic activities so as
to complement and supplement each other.
Corporate citizenship is being adopted by more companies who have come to
understand the importance of the ethical treatment of stakeholders. As a good
corporate citizen, the companies are required to focus on the following key
1. Absolute Value Creation for the Society: Organisations should set their
goal towards the creation of absolute value for the society. Once it is ensured, a
corporate never looks back and its sustainability in the long run is built up.
2. Ethical Corporate Practices: In the short run, enterprise can gain through
non-ethical practices. However those cannot be sustained in the long run. Society
denies accepting such products or services. For example, in Drug and
Pharmaceutical industry many products are today obsolete due their side effects
which such companies never disclosed to protect their sales volume. Only when
they were banned by the WHO or other authorities, they had to stop their
3. Worth of the Earth through Environmental Protection: Resources which are
not ubiquitous and have economic and social value should be preserved for a
long- term use and be priced properly after considering environmental and
social costs. For example, a power plant should build up its cost model efficiently
after taking into account cost of its future raw material sourcing, R&D cost for
alternate energy source, cost for proper pollution control measures and so on.
4. Equitable Business Practices: Corporates should not indulge themselves in
unfair means and should create candid business practices, ensuring healthy
competition and fair trade practices.
5. Corporate Social Responsibility: As a Corporate citizen, every corporate is
duty bound to its society wherein it operates and serves. Although there are no
hard and fast rules, CSR activities need to be clubbed and integrated into the
business model of the company.
6. Innovate new technology/process/system to achieve eco-efficiency:
Innovation is the key to success. Risks and crisis can be eliminated through
innovation. Learning and innovative enterprise gets a cutting edge over others.
These innovative processes bring sustainability if developments are aimed at
satisfying human needs, and ensure quality of life, while progressively reducing
ecological impact and resource intensity to a level at least in line with earth’s
estimated carrying capacity.
7. Creating Market for All: Monopoly, unjustified subsidies, prices not
reflecting real economic, social environmental cost, etc. are hindrances to the
sustainability of a business. Simultaneously, a corporate has to build up its
products and services in such a way so as to cater to all segments of customers/
consumers. Customer confidence is the essence of corporate success.
8. Switching over from the Stakeholders Dialogue to holistic Partnership: A
business enterprise can advance its activities very positively if it makes all the
stakeholders partner in its progress. It not only builds confidence of its
stakeholders, but also helps the management to steer the business under a very
dynamic and flexible system. This approach offers business, government and
other stakeholders of the society to build up an alliance to bring about common
solutions to the common concerns faced by all.
9. Compliance of Statutes: Compliance of statutes, rules and regulations and
standards set by various bodies ensure clinical check up of a corporate and
confers societal license upon it to the corporate to run and operate its business in
Sustainability means meeting of the needs of the present without compromising
the ability of future generations to meet theirs. It has three main pillars:
economic, environmental, and social. These three pillars are informally referred
to as people, planet and profits. These three Ps have its priority orders too. One
should take first take care of the PEOPLE and thereafter the PLANET. PROFIT is
an economic activity and is much for the survivial of the unit, but in the array of
these three Ps, its priority should stand in last and not at the cost of People and
Sustainability is based on a simple principle: Everything that we need for our
survival and well-being depends, either directly or indirectly, on our natural
environment. Sustainability creates and maintains the conditions under which
humans and nature can exist in productive harmony that permits fulfilling the
social, economic and other requirements of the present and future generations.
Sustainability is important to make sure that we have and will continue to have
the water, materials, and resources to protect human health and our
“Sustainability is an economic state where the demand placed upon the
environment by people and commerce can be met without reducing the capacity of
the environment to provide for future generations. It can also be expressed in the
simple terms of an economic golden rule for the restorative economy; leave the
world better than you found it, take no more than you need, try not to harm life of
environment, make amends if you do.” Paul Hawkin’s book – The Ecology of
It is a business approach that creates long-term shareholder value by embracing
opportunities and managing risks deriving from economic, environmental and social
developments. Corporate sustainability describes business practices built around social
and environmental considerations.
Corporate sustainability encompasses strategies and practices that aim to meet the
needs of the stakeholders today while seeking to protect, support and enhance the
human and natural resources that will be the need of the future. Corporate sustainability
leaders achieve long-term shareholder value by gearing their strategies and
management to harness the market’s potential for sustainability products and services
while at the same time successfully reducing and avoiding sustainability costs and risks.
Thomas Dyllick and Kai Hockerts in ‘Beyond the Business Case for Corporate
Sustainability’ define Corporate Sustainability as, “meeting the needs of a firm’s direct
and indirect stakeholders (such as shareholders, employees, clients, pressure groups,
and communities) without compromising its ability to meet the needs of future
stakeholders as well.”
Concern towards social, environmental and economic issues, i.e., covering all the segments of
the stakeholders, are now basic and fundamental issues which permit a corporate to operate in
the long run sustainably. Following key drivers need to be garnered to ensure sustainability:
Internal Capacity Building strength – In order to convert various risks into competitive
Social impact assessment – In order to become sensitive to various social factors, like
culture and living habits.
Repositioning capability through development and innovation: Crystallization of all
activities to ensure
Corporate sustainability is a business approach creating shareholder value in the long
These may be derived by converting risks arising out of economic, environmental and social
activities of a corporate into business opportunities keeping in mind the principles of a
Sustainable development is a broad concept that balances the need
for economic growth with environmental protection and social equity.
It is a process of change in which the exploitation of resources, the
direction of investments, the orientation of technological
development, and institutional change are all in harmony and
enhance both current and future potential to meet human needs and
aspirations. Sustainable development is a broad concept and it
combines economics, social justice, environmental science and
management, business management, politics and law.
The goal of sustainable development is to maintain economic
growth without environment destruction. Exactly what is
being sustained (economic growth or the global ecosystem,
or both) is currently at the root of several debates, although
many scholars argue that the apparent reconciliation of
economic growth and the environment is simply a green
sleight of hand that fails to address genuine environmental
In an attempt to address criticism of the vagueness in the definition of sustainable
development, Karl-Henrik Robert, founder of the environment organization The
Natural Step, along with a group of 50 scientists sought to obtain a consensus on
sustainability and developed four ‘basic, non-negotiable system conditions for
global sustainability’. These include:
1. No systematic increase of substances from the earth’s crust in the
ecosphere. This condition implies a drastic reduction in the use of minerals,
fossils fuels and non-renewable resources.
2. No systematic increase of substances produced by society in the
ecosphere. This condition means that substances cannot be produced faster that
they are broken down and degraded biologically. Therefore, the uses of non-
biodegradable materials must be minimized.
3. No systematic diminishing of the physical basis for productivity and
diversity of nature. This condition requires preservation of biodiversity, non-
environmentally damaging land use practices and use of renewable resources.
4. Fair and efficient use of resources and social justice. This implies
equitable access to an just distribution
Four fundamental Principle of Sustainable Development agreed by the world
1. Principle of Intergenerational equity: need to preserve natural resources
for the future generations.
2. Principle of sustainable use: use of natural resources in a prudent manner
without or with minimum tolerable impact on nature.
3. Principle of equitable use or intra-generational equity: Use of natural
resources by any state /
country must take into account its impact on other states.
4. Principle of integration: Environmental aspects and impacts of socio-
economic activities should be
integrated so that prudent use of natural resources is ensured.
This was reinforced at the United Nations Conference
on Environment and Development (UNCED) held in
Rio de Janeiro in 1992. It is now universally
acknowledged that the present generation has to
ensure that the coming generations have a world no
worse than ours, rather hopefully better.
THE 2030 AGENDA FOR SUSTAINABLE DEVELOPMENT
The 2030 agenda for Sustainable Development is a plan of action for
people, planet and prosperity. It also seeks to strengthen universal
peace in larger freedom. The 17 Sustainable Development Goals and
169 targets demonstrate the scale and ambition of this new universal
Agenda. They seek to build on the Millennium Development Goals
and complete what these did not achieve. They seek to realize the
human rights of all and to achieve gender equality and the
empowerment of all women and girls. They are integrated and
indivisible and balance the three dimensions of sustainable
development: the economic, social and environmental. The Goals
and targets will stimulate action over the next fifteen years in areas of
critical importance for humanity and the planet.
Sustainable Development Goals
1. Goal 1. End poverty in all its forms everywhere
2. Goal 2. End hunger, achieve food security and improved nutrition and
promote sustainable agriculture
3. Goal 3. Ensure healthy lives and promote well-being for all at all ages
4. Goal 4. Ensure inclusive and equitable quality education and promote
lifelong learning opportunities for
5. Goal 5. Achieve gender equality and empower all women and girls
6. Goal 6. Ensure availability and sustainable management of water and
sanitation for all
7. Goal 7. Ensure access to affordable, reliable, sustainable and modern
energy for all
8. Goal 8. Promote sustained, inclusive and sustainable economic growth,
full and productive employment
and decent work for all
9. Goal 9. Build resilient infrastructure, promote inclusive and sustainable
industrialization and foster
10. Goal 10. Reduce inequality within and among countries
11. Goal 11. Make cities and human settlements inclusive, safe, resilient and
12. Goal 12. Ensure sustainable consumption and production patterns
13. Goal 13. Take urgent action to combat climate change and its impacts*
14. Goal 14. Conserve and sustainably use the oceans, seas and marine
resources for sustainable development
15. Goal 15. Protect, restore and promote sustainable use of terrestrial
ecosystems, sustainably manage forests, combat desertification, and halt and
reverse land degradation and halt biodiversity loss
16. Goal 16. Promote peaceful and inclusive societies for sustainable
development, provide access to justice for all and build effective, accountable
and inclusive institutions at all levels
17. Goal 17. Strengthen the means of implementation and revitalize the global
partnership for sustainable development
WHAT IS RISK?
The Oxford English Dictionary definition of risk is as follows: ‘a
chance or possibility of danger, loss, injury or other adverse
consequences’ and the definition of at risk is ‘exposed to danger’.
In this context, risk is used to signify negative consequences.
However, taking a risk can also result in a positive outcome. A third
possibility is that risk is related to uncertainty of outcome.
Risks are divided into three categories:
hazard (or pure) risks;
control (or uncertainty) risks;
opportunity (or speculative) risks
Operations will become more efficient because
events that can cause disruption will be identified
in advance and actions taken to reduce the
likelihood of these events occurring, reducing the
damage caused by these events and containing
the cost of the events that can cause disruption to
normal efficient production operations.
• Processes will be more effective, because
consideration will have been given to selection
of the processes and the risks involved in the
alternatives that may be available. Also,
process changes that are delivered by way of
projects will be more effectively and reliably
• Strategy will be more efficacious in that the
risks associated with different strategic
options will be fully analyzed and better
strategic decisions will be reached.
Efficacious refers to the fact that the strategy
that will be developed will be fully capable of
delivering the required outcomes.
- is a process that identifies loss exposures faced by an
organization and selects the most appropriate techniques for
treating such exposures
A loss exposure is any situation or circumstance in which a
loss is possible, regardless of whether a loss occurs
E.g., a plant that may be damaged by an earthquake, or an
automobile that may be damaged in a collision
OBJECTIVES OF RISK MANAGEMENT:
Risk management has objectives before and
after a loss occurs
Prepare for potential losses in the most economical
Meet any legal obligations
Survival of the firm
Stability of earnings
Continued growth of the firm
Minimize the effects that a loss will have on other
persons and on society
Kinds of Loss Exposures:
Property loss exposures
Liability loss exposures
Business income loss exposures
Human resources loss exposures
Crime loss exposures
Employee benefit loss exposures
Foreign loss exposures
Intangible property loss exposures
Failure to comply with government rules and regulations
Risk Managers have several sources of information to identify loss
Risk analysis questionnaires and checklists
Historical loss data
Industry trends and market changes can create new loss exposures.
e.g., exposure to acts of terrorism
MEASURE AND ANALYZE LOSS EXPOSURES
• Estimate for each type of loss exposure:
• Loss frequency refers to the probable number of losses that may occur during some time
• Loss severity refers to the probable size of the losses that may occur
• Rank exposures by importance
• Loss severity is more important than loss frequency:
• The maximum possible loss is the worst loss that could happen to the firm during its
• The probable maximum loss is the worst loss that is likely to happen
SELECT THE APPROPRIATE COMBINATION OF TECHNIQUES
FOR TREATING THE LOSS EXPOSURES
• Risk control refers to techniques that reduce the
frequency and severity of losses
• Methods of risk control include:
• Loss prevention
• Loss reduction
SELECT THE APPROPRIATE COMBINATION OF TECHNIQUES
FOR TREATING THE LOSS EXPOSURES
• Avoidance means a certain loss exposure is never
acquired or undertaken, or an existing loss exposure
• The chance of loss is reduced to zero
• It is not always possible, or practical, to avoid all losses
SELECT THE APPROPRIATE COMBINATION OF TECHNIQUES
FOR TREATING THE LOSS EXPOSURES
• Loss prevention refers to measures that reduce the
frequency of a particular loss
• e.g., installing safety features on hazardous products
• Loss reduction refers to measures that reduce the
severity of a loss after it occurs
• e.g., installing an automatic sprinkler system
SELECT THE APPROPRIATE COMBINATION OF TECHNIQUES
FOR TREATING THE LOSS EXPOSURES
• Risk financing refers to techniques that provide for the
payment of losses after they occur.
• Methods of risk financing include:
• Non-insurance Transfers
• Commercial Insurance
RISK FINANCING METHODS: RETENTION
• Retention means that the firm retains part or all of the
losses that can result from a given loss
• Retention is effectively used when:
• No other method of treatment is available
• The worst possible loss is not serious
• Losses are highly predictable
• The retention level is the dollar amount of losses that the
firm will retain
RISK FINANCING METHODS: RETENTION
• A risk manager has several methods for paying retained
• Current net income: losses are treated as current expenses
• Unfunded reserve: losses are deducted from a bookkeeping
• Funded reserve: losses are deducted from a liquid fund
• Credit line: funds are borrowed to pay losses as they occur
RISK FINANCING METHODS: RETENTION
• A captive insurer is an insurer owned by a parent
firm for the purpose of insuring the parent firm’s loss
• A single-parent captive is owned by only one parent
• An association or group captive is an insurer owned by
RISK FINANCING METHODS: RETENTION
• Reasons for forming a captive include:
• The parent firm may have difficulty obtaining insurance
• To take advantage of a favorable regulatory environment
• Costs may be lower than purchasing commercial
• A captive insurer has easier access to a reinsurer
• A captive insurer can become a source of profit
RISK FINANCING METHODS: RETENTION
• Premiums paid to a single parent (pure) captive are
generally not income-tax deductible.
• They may be tax deductible if:
• The transaction is a bona fide insurance transaction
• A brother-sister relationship exists
• The captive insurer writes a substantial amount of
• The insureds are not the same as the shareholders of the
• Premiums paid to a group captive are usually
RISK FINANCING METHODS: RETENTION
• Self-insurance, or self-funding is a special form of planned
retention by which part or all of a given loss exposure is
retained by the firm
• A risk retention group (RRG) is a group captive that can write
any type of liability coverage except employers’ liability,
workers compensation, and personal lines
• They are exempt from many state insurance laws
RISK FINANCING METHODS: RETENTION
• Save on loss costs
• Save on expenses
• Encourage loss prevention
• Increase cash flow
• Possible higher losses
• Possible higher expenses
• Possible higher taxes
RISK FINANCING METHODS:
• A non-insurance transfer is a method other than
insurance by which a pure risk and its potential
financial consequences are transferred to another
• Examples include: contracts, leases, hold-harmless
RISK FINANCING METHODS:
• Can transfer some losses that are
• Less expensive
• Can transfer loss to someone who is
in a better position to control losses
• Contract language may be
ambiguous, so transfer may fail
• If the other party fails to pay, firm is
still responsible for the loss
• Insurers may not give credit for
RISK FINANCING METHODS: INSURANCE
Insurance is appropriate for low-probability, high-severity loss
• The risk manager selects the coverages needed, and policy provisions
• A deductible is a specified amount subtracted from the loss payment
otherwise payable to the insured
• In an excess insurance policy, the insurer pays only if the actual loss
exceeds the amount a firm has decided to retain
• The risk manager selects the insurer, or insurers, to provide the
RISK FINANCING METHODS: INSURANCE
• The risk manager negotiates the terms of the insurance
• A manuscript policy is a policy specially tailored for the firm
• The parties must agree on the contract provisions,
endorsements, forms, and premiums
• Information concerning insurance coverages must be
disseminated to others in the firm
• The risk manager must periodically review the insurance
RISK FINANCING METHODS: INSURANCE
• Premiums may be costly
• Negotiation of contracts takes
time and effort
• The risk manager may
become lax in exercising loss
• Firm is indemnified for losses
• Uncertainty is reduced
• Insurers can provide valuable
risk management services
• Premiums are income-tax
MARKET CONDITIONS AND THE SELECTION
OF RISK MANAGEMENT TECHNIQUES
• Risk managers may have to modify their choice of techniques
depending on market conditions in the insurance markets
• The insurance market experiences an underwriting cycle
• In a “hard” market, profitability is declining, underwriting
standards are tightened, premiums increase, and insurance is hard
• In a “soft” market, profitability is improving, standards are
loosened, premiums decline, and insurance become easier to
IMPLEMENT AND MONITOR THE RISK
• Implementation of a risk management program
begins with a risk management policy statement that:
• Outlines the firm’s objectives and policies
• Educates top-level executives
• Gives the risk manager greater authority
• Provides standards for judging the risk manager’s
• A risk management manual may be used to:
• Describe the risk management program
• Train new employees
IMPLEMENT AND MONITOR THE RISK
• A successful risk management program requires active
cooperation from other departments in the firm
• The risk management program should be periodically
reviewed and evaluated to determine whether the objectives
are being attained
• The risk manager should compare the costs and benefits of all risk
BENEFITS OF RISK MANAGEMENT
• Enables firm to attain its pre-loss and post-loss objectives more easily
• A risk management program can reduce a firm’s cost of risk
• Reduction in pure loss exposures allows a firm to enact an enterprise
risk management program to treat both pure and speculative loss
• Society benefits because both direct and indirect losses are reduced
PERSONAL RISK MANAGEMENT
• Personal risk management refers to the identification of pure
risks faced by an individual or family, and to the selection of
the most appropriate technique for treating such risks
• The same principles applied to corporate risk management
apply to personal risk management
WHAT IS THE RISK
The Risk Management Process consists of a
series of steps that, when undertaken in
sequence, enable continual improvement
Steps of the Risk Management
Step 1. Communicate and consult.
Step 2. Establish the context.
Step 3. Identify the risks.
Step 4. Analyze the risks.
Step 5. Evaluate the risks.
Step 6. Treat the risks.
Step 7. Monitor and review.
STEP 1.COMMUNICATE AND
consultation aims to
identify who should be
involved in assessment of
and evaluation) and it
should engage those who
will be involved in the
and review of risk.
-As such, communication and consultation will be reflected
in each step of the process described here.
-As an initial step, there are two main aspects that should
be identified in order to establish the requirements for
the remainder of the process.
-These are communication and consultation aimed at:
A- Eliciting risk information
B-Managing stakeholder perceptions for management of
A- Eliciting risk information
-Communication and consultation may occur within the
organization or between the organization and its
-It is very rare that only one person will hold all the
information needed to identify the risks to a business or
even to an activity or project.
-It therefore important to identify the range of stakeholders
who will assist in making this Information complete.
TIPS FOR EFFECTIVE
COMMUNICATION AND CONSULTATION
• Determine at the outset whether a communication strategy and/or
plan is required;
• Determine the best method or media for communication and
• The significance or complexity of the issue or activity in question
can be used as a guide as to how much communication and
consultation is required: the more complex and significant to the
organization, the more detailed and comprehensive the
STEP 2. ESTABLISH THE
provides a five-step process to assist
with establishing the context within
which risk will be identified.
1-Establish the internal context
2-Establish the external context
3-Establish the risk management
4- Develop risk criteria
5- Define the structure for risk analysis
1- Establish the internal context
-As previously discussed, risk is the chance of something happening
that will impact on objectives.
As such, the objectives and goals of a business, project or activity
must first be identified to ensure that all significant risks are
This ensures that risk decisions always support the broader goals and
objectives of the business. This approach encourages long-term
and strategic thinking.
• In establishing the internal context, the business owner
may also ask themselves the following questions:
- Is there an internal culture that needs to be considered? For
example, are staff Resistant to change? Is there a
professional culture that might create unnecessary risks for
- What staff groups are present?
- What capabilities does the business have in terms of people,
systems, processes, equipment and other resources?
2. ESTABLISH THE EXTERNAL CONTEXT
• This step defines the overall environment in which a business
operates and includes an understanding of the clients’ or
customers’ perceptions of the business. An analysis of these
factors will identify the strengths, weaknesses, opportunities and
threats to the business in the external environment.
• A business owner may ask the following questions when
determining the external context:
• What regulations and legislation must the business comply with?
• Are there any other requirements the business needs to comply
• What is the market within which the business operates? Who are
• Are there any social, cultural or political issues that need to be
• Tips for establishing internal and external contexts
-Determine the significance of the activity in achieving the
organization's goals and objectives
- Define the operating environment
- Identify internal and external stakeholders and determine their
involvement in the risk management process.
3- ESTABLISH THE RISK MANAGEMENT CONTEXT
- Before beginning a risk identification exercise, it is important to
define the limits, objectives and scope of the activity or issue
- For example, in conducting a risk analysis for a new project, such
as the introduction of a new piece of equipment or a new product
line, it is important to clearly identify the parameters for this
activity to ensure that all significant risks are identified.
• Tips for establishing the risk management context
• Define the objectives of the activity, task or function
• Identify any legislation, regulations, policies, standards and
operating procedures that need to be complied with
• Decide on the depth of analysis required and allocate resources
• Decide what the output of the process will be, e.g. a risk
assessment, job safety analysis or a board presentation. The output
will determine the most appropriate structure and type of
4. Develop risk criteria
Risk criteria allow a business to clearly define unacceptable
levels of risk. Conversely, risk criteria may include the acceptable
level of risk for a specific activity or event. In this step the risk
criteria may be broadly defined and then further refined later in
the risk management process.
Tips for developing risk criteria
• Decide or define the acceptable level of risk for each activity
• Determine what is unacceptable
• Clearly identify who is responsible for accepting risk and at what
5. DEFINE THE STRUCTURE FOR RISK ANALYSIS
• Isolate the categories of risk that you want to manage. This will
provide greater depth and accuracy in identifying significant
• The chosen structure for risk analysis will depend upon the
type of activity or issue,
its complexity and the context of the risks.
STEP 3. IDENTIFY THE RISKS
• Risk cannot be managed unless it
is first identified. Once the context
of the business has been defined,
the next step is to utilize the
information to identify as many
risks as possible.
• The aim of risk identification is to identify possible risks that may
affect, either negatively or positively, the objectives of the
business and the activity under analysis. Answering the following
questions identifies the risk:
• There are two main ways to identify risk:
1- Identifying retrospective risks
Retrospective risks are those that have previously occurred, such
as incidents or accidents. Retrospective risk identification is often
the most common way to identify risk, and the easiest. It’s easier
to believe something if it has happened before. It is also easier to
quantify its impact and to see the damage it has caused.
• There are many sources of information about retrospective risk.
• Hazard or incident logs or registers
• Audit reports
• Customer complaints
• Accreditation documents and reports
• Past staff or client surveys
• Newspapers or professional media, such as journals or websites.
2-Identifying prospective risks
• Prospective risks are often harder to identify. These are things that
have not yet happened, but might happen some time in the future.
• Identification should include all risks, whether or not they are
currently being managed. The rationale here is to record all
significant risks and monitor or review the effectiveness of their
• Methods for identifying prospective risks include:
• Brainstorming with staff or external stakeholders
• Researching the economic, political, legislative and operating
• Conducting interviews with relevant people and/or organizations
• Undertaking surveys of staff or clients to identify anticipated issues
• Flow charting a process
• Reviewing system design or preparing system analysis
TIPS FOR EFFECTIVE RISK IDENTIFICATION
• Select a risk identification methodology appropriate to the type of
risk and the nature of the activity
• Involve the right people in risk identification activities
• Take a life cycle approach to risk identification and determine how
risks change and evolve throughout this cycle.
STEP 4. ANALYZE THE RISKS
• During the risk identification step, a
business owner may have identified
many risks and it is often not possible
to try to address all those identified.
• The risk analysis step will assist in
determining which risks have a
greater consequence or impact than
What is risk analysis?
• Risk analysis involves combining the possible consequences, or
impact, of an event, with the likelihood of that event occurring. The
result is a ‘level of risk’. That is:
Risk = consequence x likelihood
Elements of risk analysis
The elements of risk analysis are as follows:
1. Identify existing strategies and controls that act to minimize
negative risk and enhance opportunities.
2. Determine the consequences of a negative
impact or an opportunity (these may be positive or negative).
3. Determine the likelihood of a negative consequence or an
4. Estimate the level of risk by combining consequence and
5. Consider and identify any uncertainties in the estimates.
Types of analysis
Three categories or types of analysis can be used to determine level
- The most common type of risk analysis is the qualitative method.
The type of analysis chosen will be based upon the area of risk
Tips for effective risk analysis
Risk analysis is usually done in the context of existing controls – take
the time to identify them
• The risk analysis methodology selected should, where possible, be
comparable to the significance and complexity of the risk being
analyzed, i.e. the higher the potential consequence the more
rigorous the methodology
• Risk analysis tools are designed to help rank or priorities risks. To
do this they must be designed for the specific context and the risk
dimension under analysis.
STEP 5. EVALUATE THE RISKS
• Risk evaluation involves comparing the
level of risk found during the analysis
process with previously established
risk criteria, and deciding whether
these risks require treatment.
• The result of a risk evaluation is a
prioritized list of risks that require
• This step is about deciding whether
risks are acceptable or need treatment.
A risk may be accepted for the following reasons:
• The cost of treatment far exceeds the benefit, so that acceptance is
the only option (applies particularly to lower ranked risks)
• The level of the risk is so low that specific treatment is not
appropriate with available resources
• The opportunities presented outweigh the threats to such a
degree that the risks justified
• The risk is such that there is no treatment available, for example
the risk that the business may suffer storm damage.
STEP 6. TREAT THE RISKS
• Risk treatment is about considering
options for treating risks that were not
considered acceptable or tolerable at
• Risk treatment involves identifying
options for treating or controlling risk,
in order to either reduce or eliminate
negative consequences, or to reduce
the likelihood of an adverse
occurrence. Risk treatment should also
aim to enhance positive outcomes.
Options for risk treatment:
this identifies the following options that may assist in the
minimization of negative risk or an increase in the impact of positive
1- Avoid the risk
2- Change the likelihood of the occurrence
3- Change the consequences
4- Share the risk
5- Retain the risk
Tips for implementing risk treatments
• The key to managing risk is in implementing effective treatment
• When implementing the risk treatment plan, ensure that adequate
resources are available, and define a timeframe, responsibilities
and a method for monitoring progress against the plan
• Physically check that the treatment implemented reduces the
residual risk level
• In order of priority, undertake remedial measures to reduce the
STEP 7. MONITOR AND REVIEW
• Monitor and review is an essential and
integral step in the risk management
• A business owner must monitor risks
and review the effectiveness of the
treatment plan, strategies and
management system that have been
set up to effectively manage risk.
• Risks need to be monitored periodically to ensure changing
circumstances do not alter the risk priorities. Very few risks will
remain static, therefore the risk management process needs to be
regularly repeated, so that new risks are captured in the process
and effectively managed.
• A risk management plan at a business level should be reviewed at
least on an annual basis. An effective way to ensure that this occurs
is to combine risk planning or risk review with annual business
Management Regulations (1999) are the umbrella
Require employer to:
• Identify hazards
• Assess risks
• Eliminate or control exposure to risks
• Write it down if significant
RISK ASSESSMENT – THE 5 STEPS
• What are the hazards?
• Who is doing what, where & when? (WWW)
Who else might be affected by what is done?
• What is the degree of risk?
• What do we need to, or can we, do to control (eliminate/minimise)
exposure to the risk?
• How will we monitor the work/people?
What comes first?
Even before the 5 steps – one question:
What is it we have/want/would like to do?
We can call this: -
• The task
• The job to do
• The procedure
Everything can be covered in this way
Hazard and Risk
Hazard the potential to cause harm or damage
Risk the chance of that harm occurring
Calculated as -
potential severity of harm
(the consequence – or damage)
likelihood of event occurring
• What will I be using/doing?
• How much do I know about what I am using/doing?
• What factors or properties could there be that affect the level
of hazard (not risk)?
• Do I really have to do the work/task at all?
• Can I substitute something less hazardous?
WHO IS AFFECTED BY THE WORK?
• Those who do the work
• Health and immune status
• Others in the workplace
• Cleaning and maintenance staff
• External – including neighbors
Can we work out how high the risk is?
• What could go wrong?
• What is the worst that could happen?
Consequence - severity
• How often must it be done?
• How many people do it?
• Is everyone doing it competent and trained?
Controlling the risk
Unacceptable – stop doing it until
Significant - proceed with caution but
improvement high priority
Tolerable - OK to proceed but plan to
Insignificant - Any improvements low
Controlling the risk
• Decide measures to be taken
• Implement them according to priority
• Confirm measures appropriate and
MONITORING AND REVIEW
• ‘Live’ nature of assessments
• Possible modification to procedures
• Identifies changes to procedures
• Possible modification to assessment
INTERNAL CONTROL: DEFINITION
- Is an interlocking set of activities that are layered onto
the normal operating procedures of an organization, with
the intent of safeguarding assets, minimizing errors, and
ensuring that operations are conducted in an approved
manner. Another way of looking at internal control is that
these activities are needed to mitigate the amount and
types of risk to which a firm is subjected. Controls are
also useful for consistently producing reliable financial
INTERNAL CONTROL: DEFINITION (CONTINUATION)
Internal control comes at a price, which is that control
activities frequently slow down the natural process flow
of a business, which can reduce its overall efficiency.
Consequently, the development of a system of internal
control requires management to balance risk reduction
with efficiency. This process can sometimes result in
management accepting a certain amount of risk in order
to create a strategic profile that allows a company to
compete more effectively, even if it suffers occasional
losses because controls have been deliberately reduced.
INTERNAL CONTROL: DEFINITION (CONTINUATION)
A system of internal controls tends to increase in
comprehensiveness as a firm increases in size. This is
needed, because the original founders do not have the
time to maintain complete oversight when there are
many employees and/or locations. Further, when a
company goes public, there are additional financial
control requirements that must be implemented,
especially if the firm's shares are to be listed for sale on
a stock exchange. Thus, the cost of controls tends to
increase with size.
INTERNAL CONTROL: TYPES
Internal control comes in many forms, which include the
* A board of directors oversees the entire organization,
providing governance over the management team.
* Internal auditors routinely examine all processes,
looking for failings that can be corrected with either new
controls or tweaks of existing controls.
* Processes are altered so that more than one person is
involved in each one; this is done so that people can
cross-check each other, reducing fraud incidents and the
likelihood of errors.
INTERNAL CONTROL: TYPES
* Access to computer records is restricted, so that
information is only made available to those people who
need it to conduct specific tasks. Doing so reduces the
risk of information theft and the risk of asset theft
through the modification of ownership records.
* Assets are locked up when not in use, making it more
difficult to steal them.
A key concept is that even the most comprehensive
system of internal control will not entirely eliminate
the risk of fraud or error. There will always be a few
incidents, typically due to unforeseen circumstances
or an exceedingly determined effort by someone
who wants to commit fraud.
An effective system of internal control protects your
plan in two ways:
• By minimizing opportunities for unintentional errors or
intentional fraud that may harm the plan. Preventive
controls, which are designed to discourage errors or
fraud, help accomplish this objective.
• By discovering small errors before they become big
problems. Detective controls are designed to identify an
error or fraud after it has occurred.
Preventative vs. Detective Controls
• Internal controls are typically comprised of control
activities such as authorization, documentation,
reconciliation, security, and the separation of duties.
And they are broadly divided into preventative and
Preventive control activities aim to deter errors or
fraud from happening in the first place and include
thorough documentation and authorization practices.
And the separation of duties ensures that no single
individual is in a position to authorize, record, and be in
the custody of a financial transaction and the resulting
asset. Authorization of invoices and verification of
expenses are internal controls. In addition, preventative
internal controls include limiting physical access to
equipment, inventory, cash, and other assets.
Detective controls are backup procedures that
are designed to catch items or events that have
been missed by the first line of defense. Here,
the most important activity is reconciliation, used
to compare data sets, and corrective action is
taken upon material differences. Other detective
controls include external audits from accounting
firms and internal audits of assets such as
Disadvantages of Internal Controls
• Regardless of the policies and procedures
established by an organization, only reasonable
assurance may be provided that internal controls
are effective and financial information is correct. The
effectiveness of internal controls is limited by human
judgment. A business will often give high-level
personnel the ability to override internal controls for
operational efficiency reasons, and internal controls
can be circumvented through collusion.