The changing paradigm of enterprise wide risk management

The following article is an initiative of KNAV India and is intended to create awareness among the readers.

Risk, rather erroneously at times, is thought to be a subjective thing. Shaped by the old adage of ‘no risk no gain’, we tend to look at the whole concept of risk with a certain amount of cautiousness. Ironically, this approach towards risk management is not merely an individualistic trait but is also visible in how companies and firms deal with risks. In fact, several organisations actively embrace risks as they are supposed to bring disruptions. Considering how good it is to be disruptive, risks can’t be that bad, can they?

Well, they are not all that bad, till you are hit by them like a Maglev train going at 300mph! Many businesses have lost stakeholder confidence or gone bust, just because they were unable to cope with risks. Risk in companies is like an inevitable force of nature that changes completely within its life span. This is the reason why risk management and mitigation is unavoidable. This is the calling card of EWRM, or what is known as Enterprise Wide Risk Management.

In discussion with Monish Gaurav Chatrath, Managing Partner of MGC & KNAV Global Risk Advisory LLP and a well-known expert on the topic of risk management.

“If you are seeking to strive for competitive advantage, then you also need to know how to retain the same once you have it. And in order to protect your market position, deciding whether or not to embrace a risk management culture, is not an option anymore,” states Monish Gaurav Chatrath, Managing Partner of MGC & KNAV Global Risk Advisory LLP.

The emergence of EWRM

The concept of EWRM propagates a much more accepting and open attitude towards risks. Companies are encouraged to look at risk from a new and improved perspective. Instead of being daunted and scared by risk, they should rather grade and manage it effectively. The objective of EWRM is simple – to formulate a holistic plan about the various threats (ranging from inconsequential to existential) and then to manage these threats in a way that they no longer pose a threat. Typically, organisations tend to view risks from a singular financial perspective. Anything that poses a threat to the top-line or bottom-line, needs to be tackled. EWRM on the other hand, goes much beyond the financial purview, encompassing within its ambit, almost all that can negatively impact your organisation.

According to Chatrath, “Before managing risks, we need to understand the essential difference between a threat, vulnerability and a risk. Not everything that threatens your company is a risk. The hazards need to be classified into threats, vulnerabilities and risks”.

For instance, attrition is a global phenomenon and a threat to almost all organisations and can not be labelled as a risk. But in case, there is a special vulnerability to your company, like it has on its rolls some very highly specialised workforce that are much in demand by the competition, then the two combine (threat and vulnerability) to create a risk (of the people being poached), which then needs to be managed. A threat is an event that could cause a risk, which cannot be completely eliminated and where the likelihood of occurrence can be reduced and/or impact can be mitigated. In contrast, a vulnerability is an error or weakness in the design, implementation or operation of a system that would create a condition, which would allow the threat to materialise, triggering a loss. A risk is the likelihood that a vulnerability will be exploited, or that a threat may become harmful.

According to Chatrath, “the classification of risks needs to be followed up by rating them up on a scale, after considering their relative importance to an organisation on a two-dimensional model of probability (of the occurrence) and vulnerability (to the organisation). Forward-looking organisations not only classify and mitigate/manage risks but also keep evaluating the changing polarisation of these on an ongoing basis.”
Recollecting the times, when he had returned to India in 1999, Chatrath recalls, “The only authoritative guidance to EWRM at that time was in the Naresh Chandra committee report, which was the main point of reference for corporate governance of the listed companies. But this had to change for the better.

This took place with clause 49 of the listing agreement undergoing a serious introspection and refinement through a series of careful considerations by various committees such as the Kumarmangalam Birla Committee, the Narayanamurthy Committee and the JJ Irani Committee.”

Having led over 150 EWRM projects for his corporate clients across a wide variety of industrial sectors over the past 27 years, Chatrath is extremely bullish about the ability of Indian companies to embrace EWRM and leverage on its benefits.

Source: moneycontrol

Read entire post grey

1 comment

  1. Dear Chatrath, thanks a lot for having shared withus your experience in EwRM. I believe that nowadays with the next version of ISO 31000 and the revamping of the COSO you would get much more support in setting-up EwRM in India for your clients. Of course these standards are not mandatory but any states should push for Risk Management status to be an integral part of any company’s mandatory disclosure in order to support stakeholder confidence. Best regards, Stephane Martin

Leave a comment

%d bloggers like this: