Ten years on from the desperate environment that saw the Sarbanes-Oxley legislation in the US, risk management is the new panacea to prevent corporate failure. Like regulators around the globe the ASX Corporate Governance Council has dressed itself in the ubiquitous LBD of risk without much thought about what it means.
The third edition of the ASX Corporate Governance Principles and Recommendations shows that in terms of corporate governance and regulation Australia, too, has a low risk appetite.
Overall, the third edition represents an evolution (not revolution) of the rules and it brings few ‘new’ changes (see box). Importantly, it maintains the ‘if not, why not’ approach to disclosure in previous editions.
In Australia the Commonwealth Government largely resisted calls for legislation and the ASX reluctantly emerged as a regulator of governance matters. Then, many believed that a change in governance principles would be the answer to future catastrophes.
From a global perspective, ten years on, the OECD still believes that governance is the key. Now, of course as Gail Pearson says, “risk is fashionable” and as the ‘new black’ it means just about whatever you want it to mean. It should be primarily focused on operational risks like inadequate systems, management failure, fraud, compliance, accounting and business strategy. Although when it comes to black we’ve also hopefully learned something about Black Swans and unknown unknowns.
Initially risk management was concerned with a narrow, insurance based view but it has now moved to a holistic, all risk encompassing view, commonly termed ‘Enterprise Risk Management’. In that context it means a process applied in strategy and across the enterprise, designed to identify events that may affect the entity and manage risks to be within its risk appetite, to provide assurance regarding the achievement of its objectives. Combined with internal controls we now have a ‘risk culture’ and loads of reporting to go with it. Can these systems even deal with low probability and high magnitude risks?
Staying with the fashion, the OECD’s recent report reviews the corporate governance framework and risk management practices in 27 jurisdictions and identifies failures as varied as Deep Water Horizon, Fukushima, Bhopal and Seveso, Olympus, Enron, WorldCom, Satyam, Parmalat or the Siemens foreign bribery scandals as being facilitated by corporate governance failures, where boards either did not appreciate the risks involved or had deficient risk management systems.
The new Principles and Recommendations are unthinkingly besotted with our post GFC focus on risk. For example, recommendation 7.4 provides that an ASX listed entity should disclose whether it has any material exposure to economic, environmental and social sustainability risks and, if so, how it manages those risks. Previously, companies were required to disclose only financial risks.
The OECD believes the cost of risk management failures is often underestimated. It believes corporate governance should ensure both financial and non-financial risks are understood, managed and, when appropriate, communicated. This is consistent with the recent APRA focus on risk.
Is this a case of “action bias”? As many authors have noticed it takes unusual courage for a regulator to stand up and say something must not be done, because often something makes the problem worse.
While generally shareholders are risk averse, some shareholders may want to invest in more risky corporates. As Stephen Bainbridge recognises, the basic corporate law principle of limited liability is designed to insulate shareholders from the downside risks of corporate activity. Because shareholders thus do not put their personal assets at jeopardy, other than the amount initially invested, they effectively externalise some portion of the business’ total risk exposure to creditors.
Is risk the magic bullet? As Desender has acknowledged, risk management is a relatively recent construct. It seems fashion is now demanding we use corporate governance standards and risk management to ensure corporate compliance with a range of activities from accounting misfeasance to foreign corrupt practices and everything in between!
It might be a noble ambition but is it realistic or appropriate? Have we adopted the new fashion just because it’s fashionable? We ought to remember that no less an arbiter of fashion than Coco Chanel said that: “Fashion is made to become unfashionable.”
The content of this publication is for reference purposes only. It is current at the date of publication. This content does not constitute legal advice and should not be relied upon as such. Legal advice about your specific circumstances should always be obtained before taking any action based on this publication.