Leading the Way is a column written by PricewaterhouseCoopers professional staff. It appears in the Business section of the Bangkok Post twice each month. The column provides specialised advice to corporate decision-makers in Thailand on global and local business trends.
This article appeared in the April 17, 2007 issue of the Bangkok Post.
By Suppavut Varutbangkul and Parisa Phakdurong
Regulators around the world have been issuing new regulations, or amending existing ones, on corporate governance, financial reporting and transparency. These changes have been driven by a series of business scandals, including Enron, Parmalat, WorldCom, and others. In addition, the business environment has changed dramatically in light of 9/11, numerous unexpected natural disasters and terrorism, as well as the potential effects of global warming. Thailand has also seen its fair share of corporate scandals and government policy changes that have affected investor confidence.
The risk profiles of many organisations have changed significantly and will continue to change. Globally, regulators are requiring and encouraging organisations to improve their corporate governance (CG) and to implement effective enterprise risk management (ERM) frameworks, policies and procedures. Stock investors have also become more prudent and demanding, while analysts are more focused on how risks are managed than ever before.
Arguably, compliance with corporate governance and enterprise risk management regulations has become a key objective for many organisations, as they want to maintain a good public image. However, compliance with regulations does not guarantee the successful implementation of ERM throughout the organisation, including capturing the benefits of ERM.
To avoid failure in implementing an ERM framework, senior management needs to understand the value propositions, pitfalls, and also the key success factors for successful implementation.
Many ERM specialists consider the lack of a ''risk culture'' as the most important implementation pitfall. This is no surprise to us, as ERM is not a task that can be completed overnight. It requires senior management's buy-in and active participation in all related activities in order to send a clear message to all staff as to why ERM is important.
As it is natural for middle management and staff to focus on what senior management considers important, gradually all staff will learn the potential benefits and ERM will become the culture of the organisation.
However, senior management's buy-in and commitment can only be effective with the right drivers. As ERM is not a ''one size fits all'' solution, it is very difficult for regulators to come up with an assessment tool to determine the effectiveness and sustainability of an ERM programme. Therefore, compliance-focused companies may still get away with implementing ERM to meet only the minimum requirements. While such a tick-box approach may allow the organisation to enjoy the short-term benefits, such as initial risk awareness and the first corporate risk profile, the related drawbacks can be costly.
According to a Chinese proverb, ''distance tests a horse's strength''. Likewise, sustainability tests an ERM programme's success. Unless senior management truly believe in the benefits of ERM, their ''walk'' will not be consistent with their initial ''talk''.
As soon as this very true message is received by staff, it is highly likely that ERM will be conducted at the minimum, become more routine and meaningless, and eventually become a liability in itself. The routine ERM practice may continue until one day management is faced with an ''adverse surprise'' with no easy solution, for which no explanation can be found for the investors. At that point, the drawbacks of compliance-driven ERM will take a toll on the company's reputation and performance.
If ERM is implemented properly, it can be a very powerful management tool that will provide reasonable assurance of achieving the company's objectives. It may also help management reduce and deal with ''surprises''. However, another implementation pitfall is the failure to integrate ERM with business processes, including strategic and business planning, performance management, decision-making and project management.
The integration of ERM with these processes will contribute to its sustainability and ensure that ERM will truly provide value for the organisation, e.g. ERM will enable management to look from a different angle during the planning process. Strategic planning tends to focus on ''where we want to be and how to get there'', while ERM will look at ''what obstacles will prevent us from getting there are and how we can manage them?'' The more comprehensive business plans derived from this integration will provide both value and assurance of achieving company objectives.
Unlike compliance-focused ERM, understanding and utilising the ERM value proposition as the driver will not only provide immunity against failure, but also nutrients to enhance ERM sustainability. Therefore, the questions senior management should ask are not whether ERM is required by the regulators, or whether they should start implementing it, and how soon, but ''how do we make sure that our ERM implementation will truly add value to our organisation?''
