SAKET MEHRA is a Partner at Grant Thornton India LLP
Over the years, companies across the globe have understood the need and importance of an effective Enterprise Risk Management (ERM) function, especially after catastrophic events such as the Dotcom bust, subprime mortgage crisis, European sovereign debt crisis to the latest Chinese stock market crash. However, the nature of risks continues to change and evolve with the passage of time.
In 2015, geopolitical risks, social risks, vendor risks, regulatory compliance risks and cyber security risks were the major ones that kept the CXOs on guard. From Europe's mass refugee crisis to economic slowdowns in emerging markets, from ever rising numbers of terrorist's attacks and cyber-attacks to water shortages, risks have been making headlines over the last few years.
Over the years, both external and internal risk events such as business interruptions, market and technology developments – volatility or stagnation, cyber incidents, natural disasters, changes in legislations and regulations, employee frauds, etc. have led to enterprises realign and re-strategise their business models. Managing these risks requires organisations to build more robust and mature risk management framework, stronger controls, better risk cautioning mechanism and smoother processes for risk analysis and mitigation.
THE EVOLVING REGULATORY FRAMEWORK AND CHALLENGES
As a step towards bringing transparency and sustainability of doing business, the Companies Act, 2013 provides for a major overhaul in the corporate governance norms for all companies registered in India. The requirements under the Companies Act, 2013 and the rules notified thereunder are applicable to every company or a class of companies (both listed and unlisted) as may be provided therein. For example, while listed companies already maintained internal audit departments (as per requirement of Clause 41 of the Listing Agreement), the Companies Act, 2013 has extended the coverage to unlisted public companies and private companies meeting specified criteria. The Act also requires the Audit Committee or Board to formulate the scope, functioning, periodicity and methodology for conducting internal audit.
Under the revised regulatory environment, responsibility and liability of Directors have also been elevated to an unprecedented level. For example, section 134 (5) requires the directors of a listed entity to state in the Director's Responsibility Statement about the adequacy and effectiveness of internal financial controls. The term internal financial controls has been further explained to include policies and procedures, safeguarding of assets, prevention and detection of frauds, accuracy and completeness of accounting records, and timely preparation of reliable financial information. The auditors are also required to provide their opinion on internal financial controls as part of their reporting requirements under section 143 of the said Act. The Act also requires the Directors to comment upon the compliance with the provisions of applicable laws and regulations.
Further, section 134(3) (n) requires a statement indicating development and implementation of a risk management policy for the company including identification therein of the risk elements, if any, which in the opinion of the Board may threaten the existence of the company.
In light of the above regulatory amendments, it is evident that the continued focus on taking an enterprise view of risks will challenge organisations to break down barriers and promote greater information, transparency and collaboration. Functions and processes that do not consider the broader risk environment of the organisation are subject to increased scrutiny by regulators, auditors and key stakeholders.
Another major challenge in establishing good governance norms is around multinationals not paying their fair share of tax and taking advantage of the arbitrage opportunities afforded by outmoded principles of international taxation. As an effort to enhance transparency, G20 countries and Organisation for Economic Co-operation and Development (OECD) joined hands in order to tackle Base Erosion and Profit Shifting (BEPS) and close gaps in international taxation. OECD came out with detailed reports on 15 point Action Plan to revamp international taxation. BEPS Action Item 13, in particular, aims to transform the way in which related entities transact with each other requiring them to reconsider the transfer pricing documentation and reporting to the tax authorities through country-by-country reporting (CbCR) (applicable to companies beyond a certain threshold) and suggesting a three tier documentation structure: master file, local file and CbCR.
AUTOMOBILE SEGMENT IS NOT ISOLATED!
Governance standards play a significant role in an entity's perception value and enterprise value. Uncertainties in today's environment present both risk and opportunities to erode or enhance value. However, the challenge for the management is to determine how much uncertainty to accept as it strives to grow stakeholder's value. In recent past, fuel economy test procedures and methods by major players have resulted in huge penalties, dip in share price, tarnishing the brand image and impacting the overall enterprise value.
Regulatory requirements continue to increase the expectation of risk and capital management. The enhanced techniques require deep technical skills in market, liquidity, credit and counterparty, and operational risk management coupled with compliance, finance and treasury expertise. Traditionally, these verticals have operated in silos and now must be closely coordinated to report and act in a consolidated, enterprise-wide view. Business models, structures and change in target goals requires an ERM framework that is robust yet adaptable; incorporating and responding to mergers, acquisitions, and changes in management teams, business structure, products, services and distribution channels.
Companies Act, 2013 aims to improve the governance standards, establish accountability on auditors and management, protect shareholders rights and bring transparency in financial reporting and disclosures. The 2013 Act has been developed with a view to enhance self-regulation and encourage corporate democracy. The act aligns itself to the need of reducing the number of government approvals required for ease of doing business in India. The act requires companies to adopt good governance norms by embedding a control culture, which flows from the top and forces entities to revisit their risk mitigation strategies in light of global warning on corruption and malpractices.
WHAT SHOULD BE DONE?
Thus, it is imperative to have an ERM policy and framework to identify these new and emerging risks and also devise an effective mitigation strategy for effective and efficient management of risks. Such a risk management framework needs to be supported by a risk management structure, defining the entity's alignment of the risk management function to its vision and mission statement. The framework should also include the risk appetite of the entity, risk rating criteria, evaluation and prioritisation criteria, roles and responsibilities and a formal reporting structure to the Board of Directors. As part of the framework, an emerging risks log should be created to enable decisions around which risks should be mitigated on a priority, which risks can be transformed into opportunities and which risks needs to be avoided completely.
Good governance practices can provide an answer and influence the ways in which companies are able to attract capital and increase their valuation. Focused corporate governance issues in emerging markets can improve access to globally present financing sources. Investors need to feel secure in the process that their rights are being properly protected by controlling owners and the management. They also need to know if the company has set up minimum governance standards to reduce the risk in case the controlling group abuses their rights. Good governance, by its nature, demands effective system of internal control.
The business environment is changing. This includes changes in customer preferences, technology and environmental norms. This has forced all components of the automobile industry value chain to re-assess the impact of such changes and include adoption of a formal risk management framework as part of their overall governance structure. The Board of Directors would also play a significant role in discharging their duties towards developing and maintaining an effective governance framework.
The entire industry needs to collaborate and devise mitigation strategies to protect and safeguard the interests of all stakeholders.