Figure 6 shows that there was a decreasing trend in the disclosure of related party transactions (RPT). This does not augur well for raising the level of transparency to the stakeholders. Moving forward, there is an urgent need for more companies to reveal or raise their level of disclosures in risk management practices amid the greater uncertainties in the business environment.
IMPORTANCE OF HAVING ROBUST AND UPDATED RISK MANAGEMENT DISCLOSURES
Studies show that companies with well-established corporate risk management policy and practices achieve better performances compared to their peers that do not have them. With the Covid-19 outbreak, the spotlight is cast on the risk management practices of companies, and there are elevated concerns about the adequacy of such disclosures in the annual reports of publicly listed companies. As mentioned, the findings of the SGTI 2020 study revealed that the disclosures of risk management practices, according to various indicators, were disappointing.
This section seeks to explain why a robust risk management policy and programme is critical to the long-term survival of companies. It further elucidates why such disclosures in the public domain, particularly through the annual report, help to promote transparency to and instil confidence in the stakeholders; more importantly, it shows how both short-term and long-term strategies and solutions in risk management practices can improve shareholder value.
The Covid-19 pandemic has triggered some significant adverse effects, some of which will have long rippling effects into the future. Due to the stringent measures implemented by the Singapore government as well as many of the country’s trading partners in a bid to curb the spread of infection, companies in trade-dependent Singapore have experienced a “quadruple whammy”, namely, abrupt changes in consumer demand trends, disruption in global supply chains, employee absenteeism, and increasing financial distress for firms and households.
Robust and adequate disclosures in risk management practices by companies can provide assurance to shareholders that any huge impacts arising from black swan events on the stakeholders – including suppliers, business partners and customers – are being closely, duly and tactically considered and managed via relevant strategies. Such disclosures also demonstrate to stakeholders that companies are cognisant of the risks their businesses are confronted with, and that they are well prepared to respond swiftly and decisively to an unexpected crisis like Covid-19.
A risk management policy, which includes a business continuity plan, helps prepare companies to execute their strategies in times of urgent need. This is because it signals that the companies have identified their corporate risks and readied the mitigating strategies to manage or contain the risks. From the standpoint of investors, conveying such information in the annual reports reduces information asymmetry, which may enhance their investment decision making.
Additionally, such disclosures reveal a well-established risk management programme in publicly listed companies, with oversight by a board-level risk committee or a C-suite senior executive. The strong commitment to risk management assures investors that the business activities will be less impacted and the volatility of earnings will be better managed when uncertainties arise.
Companies with a risk management plan are certainly able to respond quicker to risk events like the Covid-19 crisis than those without one. As such, the problem of “quadruple whammy” can be alleviated and managed to a large degree.
ADAPTING RISK MANAGEMENT STRATEGIES FOR THE POST-COVID-19 ERA
What, then, can companies do to handle these new risks, as well as close the gaps revealed in the SGTI 2020 study? Companies should consider taking this opportunity to rethink their risk management strategies from the ground up, adapting not just their current strategies but revise how they understand, interpret and handle risks. The Wharton School of the University of Pennsylvania suggests five risk mitigation strategiesfor the current pandemic: (1) readiness assessments, (2) risk management plan, (3) business impact analysis, (4) policy management and (5) incident management.
(1) Completing readiness assessments
Readiness assessments allow a company to evaluate its business continuity programme against best practices standards; this will also reveal any existing gaps.
(2) Completing a risk management plan
It is critical that companies complete a risk management plan to identify and prioritise any new risks and gaps in their current controls. Frontline staff may be most suitably positioned to assess and explain how these risks and gaps impact their job tasks and responsibilities.
(3) Performing a business impact analysis
Once the risks have been identified, the company needs to understand the potential impact of these risks. A business impact analysis will point to the parts of the company that are the most critical to maintain operations continuity.
(4) Updating and communicating policy management
Uncertainty is the name of the game in this pandemic, with new information pouring in at any time. Thus, policies will need to be revisited by relevant departments, updated and communicated to staff. One such example would be the need to work remotely within a short period of time – this meant that processes had to be adapted on the fly.
(5) Embedding incident management plans
Appropriate incident management plans, including escalation and reporting mechanisms, need to be embedded within processes and across the company. This would allow the company to evaluate the effectiveness of any implemented mitigation and policy activities, along with identifying exceptions and weaknesses.
MOVING FORWARD
Aside from understanding and enhancing the depth and breadth of their risk management disclosures, and adopting some best practices in risk management to close any gaps, there are two other areas that companies should also take into account.
First, a study released in October 2020 by CGIO and ASEAN CSR Network showed that Singapore lagged behind Malaysia and Thailand in terms of corporate disclosures of business integrity practices. Malaysia-listed companies had the highest disclosure rate of 74%, Thailand was second at 71% while Singapore came in third at 64%. This lack of disclosure stands in stark contrast to Singapore’s reputation as one of the world’s least corrupt countries. To increase the transparency of how corporates are mitigating corruption risk, there should be more disclosures of such business integrity practices.
Second, another major development is that climate change, and correspondingly environmental sustainability, is making its way onto the agendas of many business leaders, such as Unilever CEO Alan Jope, and publications, ranging from Time to the Financial Times.
Climate change and environmental sustainability are becoming important items for corporate boards to consider, particularly in how they affect business strategy and performance. The impacts can range from financial to material and would affect multiple areas of a business. This has led to renewed calls for corporate governance models to be updated to meet emerging challenges; the Action Plan on Financing Sustainable Growth presented by the European Commission is one such response. Companies would do well to enhance their disclosures in this area.
CONCLUSION
Risk management is an ongoing process. However, the pandemic has exposed and exploited the numerous gaps and loopholes across risk management strategies the world over. The SGTI 2020 study revealed the extent of these gaps in Singapore-listed companies, underscoring the need to review risk management policies in a different way. Furthermore, the disconnect between Singapore’s reputation as one of the world’s least corrupt countries and the reality of business integrity disclosure practices needs to be addressed for Singapore to remain competitive. Climate change exacerbates the breadth of the issue, with business leaders and society at large calling for greater cooperation to reduce its potential impact. Risk management is not just a corporate matter – it is now an issue that everyone needs to think about.
Zecharias Chee is Senior Research Associate, Centre for Governance, Institutions and Organisations (CGIO), National University of Singapore (NUS); Professor Lawrence Loh is Director, CGIO and Associate Professor of Strategy and Policy, NUS Business School, NUS, and Nigel Hee is Manager, Insights & Publications, Institute of Singapore Chartered Accountants.
1 Big-cap companies are defined as companies with a market capitalisation of at least S$1 billion; mid-cap companies are defined as companies with a market capitalisation equal or greater than S$300 million but less than S$1 billion; small-cap companies are defined as companies with a market capitalisation of less than S$300 million.