Disclosures and Risk Management

By ZECHARIAS CHEE, LAWRENCE LOH AND NIGEL HEE

TRENDS, GAPS AND BEST PRACTICES

The latest Singapore Governance and Transparency Index (SGTI) study, released in August 2020, showed that although Singapore-listed entities had improved overall, there are still many gaps that require urgent improvement, especially in the area of risk management disclosures.

These gaps are particularly stark in light of the ongoing Covid-19 pandemic.

The SGTI, by the Centre for Governance, Institutions and Organisations (CGIO), National University of Singapore, is an indicator of corporate governance practices and disclosures by Singapore-listed companies, business trusts and Real Estate Investment Trusts (REITs). It assesses entities on their corporate governance disclosures and practices, as well as the timeliness, accessibility and transparency of their financial results announcements.

In this article, we take a look at the findings of SGTI 2020, including recent trends in corporate governance and risk management disclosures, the importance of having robust and updated risk management disclosures, and best practices that may help close some of the identified gaps.

RECENT TRENDS

For the purpose of this article, we are focusing only on Singapore-listed companies excluding business trusts and REITs. The study covers a total of 577 Singapore-listed companies, with 181 companies on the Singapore Exchange being excluded for various reasons.

The SGTI’s “BREAD” framework has two components: the base score and the adjustment for bonuses and penalties (Figure 1). The base score for companies contains five sections: (1) board responsibilities [35 points]; (2) rights of shareholders [20 points]; (3) engagement of stakeholders [10 points]; (4) accountability and audit [10 points] and (5) disclosure and transparency [25 points]. The aggregate of bonuses and penalties is incorporated in the base score to arrive at the company’s SGTI total score. The maximum attainable score is 143 points.

Continuing its upward trend since 2011, SGTI 2020 reached an all-time high score of 67.9, registering the largest ever increase of 8.6 points from 59.3 in 2019 (Figure 2). Companies received more bonus points at 11.6 – a 35% increase from 8.6 in 2019 – and were given fewer penalties, which fell by 2.4 points to 8.4. This shows that companies made significant improvements in corporate governance practices and disclosures over the period.

Figure 3 shows the sectional scores. Overall, there were increases in the scores for three components: board responsibilities, rights of shareholders and engagement of stakeholders. There was a slight dip in accountability and audit from 76% in 2019 to 73% in 2020, while the scores for disclosure and transparency remained almost unchanged at 57% in 2020.

Figure 4 shows that all of the sectional scores were highest for big-cap companies, followed by mid-cap and small-cap companies in that order.¹ More importantly, the fall in the scores for disclosure and transparency appears to be very steep from big-cap companies to small-cap firms compared to the scores in most of the other sections.

As the ongoing Covid-19 pandemic has raised questions about the business continuity of companies, it is timely to examine risk management practices (which are subsumed under disclosure and transparency) in Singapore-listed companies so as to flag the areas of concern. Figure 5 shows that the proportion of companies making disclosures in key risks and risk management strategies has steadily declined from 33% in 2018 to 24% in 2020. Few companies, hovering around 5% of the assessed companies, disclosed their risk tolerance policy in their annual reports. Further to that, only about one in 10 companies linked risk management and remuneration. These trends highlight that many Singapore-listed companies were not making adequate risk management disclosures to inform their stakeholders and, on a more worrying note, some may not even have put in place risk management practices.

Figure 6 shows that there was a decreasing trend in the disclosure of related party transactions (RPT). This does not augur well for raising the level of transparency to the stakeholders. Moving forward, there is an urgent need for more companies to reveal or raise their level of disclosures in risk management practices amid the greater uncertainties in the business environment.

IMPORTANCE OF HAVING ROBUST AND UPDATED RISK MANAGEMENT DISCLOSURES

Studies show that companies with well-established corporate risk management policy and practices achieve better performances compared to their peers that do not have them. With the Covid-19 outbreak, the spotlight is cast on the risk management practices of companies, and there are elevated concerns about the adequacy of such disclosures in the annual reports of publicly listed companies. As mentioned, the findings of the SGTI 2020 study revealed that the disclosures of risk management practices, according to various indicators, were disappointing.

This section seeks to explain why a robust risk management policy and programme is critical to the long-term survival of companies. It further elucidates why such disclosures in the public domain, particularly through the annual report, help to promote transparency to and instil confidence in the stakeholders; more importantly, it shows how both short-term and long-term strategies and solutions in risk management practices can improve shareholder value.

The Covid-19 pandemic has triggered some significant adverse effects, some of which will have long rippling effects into the future. Due to the stringent measures implemented by the Singapore government as well as many of the country’s trading partners in a bid to curb the spread of infection, companies in trade-dependent Singapore have experienced a “quadruple whammy”, namely, abrupt changes in consumer demand trends, disruption in global supply chains, employee absenteeism, and increasing financial distress for firms and households.

Robust and adequate disclosures in risk management practices by companies can provide assurance to shareholders that any huge impacts arising from black swan events on the stakeholders – including suppliers, business partners and customers – are being closely, duly and tactically considered and managed via relevant strategies. Such disclosures also demonstrate to stakeholders that companies are cognisant of the risks their businesses are confronted with, and that they are well prepared to respond swiftly and decisively to an unexpected crisis like Covid-19.

A risk management policy, which includes a business continuity plan, helps prepare companies to execute their strategies in times of urgent need. This is because it signals that the companies have identified their corporate risks and readied the mitigating strategies to manage or contain the risks. From the standpoint of investors, conveying such information in the annual reports reduces information asymmetry, which may enhance their investment decision making.

Additionally, such disclosures reveal a well-established risk management programme in publicly listed companies, with oversight by a board-level risk committee or a C-suite senior executive. The strong commitment to risk management assures investors that the business activities will be less impacted and the volatility of earnings will be better managed when uncertainties arise.

Companies with a risk management plan are certainly able to respond quicker to risk events like the Covid-19 crisis than those without one. As such, the problem of “quadruple whammy” can be alleviated and managed to a large degree.

ADAPTING RISK MANAGEMENT STRATEGIES FOR THE POST-COVID-19 ERA

What, then, can companies do to handle these new risks, as well as close the gaps revealed in the SGTI 2020 study? Companies should consider taking this opportunity to rethink their risk management strategies from the ground up, adapting not just their current strategies but revise how they understand, interpret and handle risks. The Wharton School of the University of Pennsylvania suggests five risk mitigation strategiesfor the current pandemic: (1) readiness assessments, (2) risk management plan, (3) business impact analysis, (4) policy management and (5) incident management.

(1) Completing readiness assessments

Readiness assessments allow a company to evaluate its business continuity programme against best practices standards; this will also reveal any existing gaps.

(2) Completing a risk management plan

It is critical that companies complete a risk management plan to identify and prioritise any new risks and gaps in their current controls. Frontline staff may be most suitably positioned to assess and explain how these risks and gaps impact their job tasks and responsibilities.

(3) Performing a business impact analysis

Once the risks have been identified, the company needs to understand the potential impact of these risks. A business impact analysis will point to the parts of the company that are the most critical to maintain operations continuity.

(4) Updating and communicating policy management

Uncertainty is the name of the game in this pandemic, with new information pouring in at any time. Thus, policies will need to be revisited by relevant departments, updated and communicated to staff. One such example would be the need to work remotely within a short period of time – this meant that processes had to be adapted on the fly.

(5) Embedding incident management plans

Appropriate incident management plans, including escalation and reporting mechanisms, need to be embedded within processes and across the company. This would allow the company to evaluate the effectiveness of any implemented mitigation and policy activities, along with identifying exceptions and weaknesses.

MOVING FORWARD

Aside from understanding and enhancing the depth and breadth of their risk management disclosures, and adopting some best practices in risk management to close any gaps, there are two other areas that companies should also take into account.

First, a study released in October 2020 by CGIO and ASEAN CSR Network showed that Singapore lagged behind Malaysia and Thailand in terms of corporate disclosures of business integrity practices. Malaysia-listed companies had the highest disclosure rate of 74%, Thailand was second at 71% while Singapore came in third at 64%. This lack of disclosure stands in stark contrast to Singapore’s reputation as one of the world’s least corrupt countries. To increase the transparency of how corporates are mitigating corruption risk, there should be more disclosures of such business integrity practices.

Second, another major development is that climate change, and correspondingly environmental sustainability, is making its way onto the agendas of many business leaders, such as Unilever CEO Alan Jope, and publications, ranging from Time to the Financial Times.

Climate change and environmental sustainability are becoming important items for corporate boards to consider, particularly in how they affect business strategy and performance. The impacts can range from financial to material and would affect multiple areas of a business. This has led to renewed calls for corporate governance models to be updated to meet emerging challenges; the Action Plan on Financing Sustainable Growth presented by the European Commission is one such response. Companies would do well to enhance their disclosures in this area.

CONCLUSION

Risk management is an ongoing process. However, the pandemic has exposed and exploited the numerous gaps and loopholes across risk management strategies the world over. The SGTI 2020 study revealed the extent of these gaps in Singapore-listed companies, underscoring the need to review risk management policies in a different way. Furthermore, the disconnect between Singapore’s reputation as one of the world’s least corrupt countries and the reality of business integrity disclosure practices needs to be addressed for Singapore to remain competitive. Climate change exacerbates the breadth of the issue, with business leaders and society at large calling for greater cooperation to reduce its potential impact. Risk management is not just a corporate matter – it is now an issue that everyone needs to think about.

Zecharias Chee is Senior Research Associate, Centre for Governance, Institutions and Organisations (CGIO), National University of Singapore (NUS); Professor Lawrence Loh is Director, CGIO and Associate Professor of Strategy and Policy, NUS Business School, NUS, and Nigel Hee is Manager, Insights & Publications, Institute of Singapore Chartered Accountants.

¹ Big-cap companies are defined as companies with a market capitalisation of at least S$1 billion; mid-cap companies are defined as companies with a market capitalisation equal or greater than S$300 million but less than S$1 billion; small-cap companies are defined as companies with a market capitalisation of less than S$300 million.

This content was first published by ISCA Journal. The original content can be viewed by clicking here.