Risk Management – Governance, Risk Management, Compliances and Ethics Important Questions

Question 1.
The risk evaluation process requires a mathematical approach and considerable data on the past losses. Comment
Answer:
The risk measurement process requires a mathematical approach and considerable data on the past losses. The data available from the concern itself may not be adequate enough to lend itself amenable to analytical exercise. Hence, it becomes necessary to resort to data on industry basis, at national and sometimes even at international level.

Risk evaluation includes the determination of the:

  • Probability or chances that losses will occur.
  • Impact the losses would have upon the financial affairs of the firm should they occur.
  • Ability to predict the losses that will actually occur during the budget period.

There are various statistical methods of quantifying risks. But the statistical methods are too technical and the risk manager then relies on his judgment. Risks are classified as modest, medium, severe etc. In either event, a ‘risk matrix’ can be prepared which essentially classifies the risks according to their frequency and severity.

Question 2.
What is Systematic Risk and Unsystematic Risk? Give examples.
Answer:
The concept of Systematic and Unsystematic risk may be explained as under:

Systematic Risk Unsystematic Risk
It is not fully uncontrollable by an organisation. It is usually controllable by an organisation.
It is not entirely predictable. It is reasonably predictable.
It is usually of a macro nature. It is normally micro in nature.
It usually affects a large number of organisations operating under a similar stream. If not managed it directly affects the individual organisation first.
It cannot be fully assessed and anticipated in advance in terms of timing and gravity. It can be usually assessed well in advance with reasonable efforts and risk mitigation can be planned with proper understanding and risk assessment techniques.
The example of such type of risks is Interest Rate Risk, Market Risk, Purchasing Power Risk. The examples of such risk are Compliance risk, Credit Risk, Operational Risk.

Question 3.
Liquidity and Solvency are altogether different. Do you agree? Discuss the types of liquidity risk.
Answer:
Solvency signifies the capability of the organization to pay its debt and dues. It represents the financial soundness of the organization. Whereas the liquidity risk arises due to mis-matches in the cash flow i.e. absence of adequate funds. Liquidity is altogether different from the word solvency. A firm may be in sound position as per the balance sheet, but if the current – assets are not in the form of cash or near cash assets, the firm may not make payment to the creditors which adversely affect the reputation of the firm.

Types of Liquidity Risk – The liquidity risk may be of two types, trading risk and funding risk:
a. Trading Risk : It may mean the absence of the liquidity or enough products or securities etc. to actually undertake buy and sell activities. e.g. in the context of securities trading inability to enter into derivative transactions with counter parties or make sales or purchase of securities.

b. Funding Risk : It refers to the inability to meet the obligations e.g. inability to manage funds by either borrowing or the sale of assets/ securities. It arises where the balance sheet of a firm contains illiquid financial assets which cannot be turned into cash within a very short time.

Therefore, it can be stated that Liquidity and Solvency are two different aspects.

Question 4.
What are the major financial risks which may adversely affect an organization?
Answer:
The risk which has some financial impact on the business entity is treated as financial risk. The major financial risks which may adversely affect an organisation are as follows:

1. Market Risk : This type of risk is associated with market ups and down. The market risks may be Absolute Risk (when it can be measured in rupee/currency term) and Relative Risk (relative to bench mark index). Hence the market risk may be defined as the risk to a firm due to the adverse changes in interest rates, currency rates, equity prices and commodity prices.

a. Interest Rate Risk : The financial assets which are connected with interest factors such as bonds/debentures, faces the interest rate risk. Interest rate risk adversely affects value of fixed income securities. Any increase in the interest reduces the price of bonds and debts instruments in debt market and vice versa.

b. Currency Risk : The volatility in the currency rates is called the currency risk. These risks affect the firms which have international operations of business and the quantum of the risk depends on the nature and extent of transactions with the external market.

c. Equity Risk : It means the depreciation in one’s investment due to the change in market index. Beta of a stock tells us the market risk of that stock and it is associated with the day do-day fluctuations in the market.

d. Commodity Risk : This type of risk is associated with the absolute changes in the price of the commodity. Since commodities are physical assets, hence the prices are changed on account of the demand and supply factor.

2. Credit Ris k: When a counter party is unable or unwilling to fulfil their contractual obligation, the credit risk arises. This type of risk is related to the probability of default and recovery date.

Question 5.
Discuss in brief the following; Risk management and corporate governance are inseparable.
Answer:
Risk management is the culmination of decision taken to improve corporate governance. Organizations that actively manage their risk have a better chance of achieving their objectives and preventing major problems happening. Thus, risk management and corporate governance are inseparable.

Question 6.
Whether Risk Management and Corporate Governance Principles have any relations? Explain.
Answer:
Risk management and corporate governance principles are strongly interrelated. An organization implements strategies in order to reach their goals. Each strategy hds related risks that must be managed in order to meet these goals.

Risk – Risk is an important element of corporate functioning and governance. There should be a clearly established process of identifying, analyzing and treating risks, which could prevent the company from effectively achieving its objectives.

The Board has the ultimate responsibility for identifying major risks to the organization, setting acceptable levels of risk and that appropriate risk management systems and procedure are in place to identify and manage risks. .

Risk governance – Good risk governance provides clearly defined accountability, authority, and communication/reporting mechanisms. The board shall have to identify the extent and type of risks it faces and the planning necessary to manage and mitigate the same for ensuring growth for the benefit of all the stakeholders.

Corporate governance – Corporate governance concerns the relationships among the management, board of directors, controlling shareholders, minority shareholders, and other stakeholders. Good corporate governance contributes to sustainable economic development by enhancing the performance of companies and increasing their access to foreign capital. Incorporating risk management in corporate governance of an organisation is very important.

OECD Principles of Corporate Governance – The sixth principle of OECD Principles of Corporate Governance deals with the responsibilities of the board with respect to Risk Management and provides-

The board should fulfil certain key functions, including reviewing and guiding corporate strategy, major plans of action, risk management policies and procedures, annual budgets and business plans; setting performance objectives; monitoring implementation and corporate performance; and overseeing major capital expenditures, acquisitions and divestitures.

Ensuring the integrity of the corporation’s accounting and financial reporting systems, including the independent audit, and that appropriate systems of control are in place, in particular, systems for risk management, financial and operational control, and compliance with the law and relevant standards.

Question 7.
Write short on the following; Importance of risk management in companies.
Answer:
“Risk Management” is a process which aims to assist organisations to identify, understand, evaluate and take action on their risks with a view to increasing the probability of their success and reducing the impact and likelihood of failure.

Importance of risk management:

  • Effective risk management gives comfort to shareholders, customers, employees, other stakeholders and society at large that a business is being effectively managed.
  • It helps the company or organisation confirm its compliance with corporate governance requirements. Risk management is relevant to all organisations large or small.
  • Effective risk management practices support accountability, performance measurement and reward and can enable efficiency at all levels through the organisation.

Effective Risk Management:
Risk management requires a detailed knowledge and understanding of the organization (both internal and external) and the processes involved in the business. To effectively manage risk, and seize the opportunity within every challenge, institutions must manage a variety of business dimensions.

In today’s world they must focus on maximizing digital capabilities, building ongoing expertise, driving fluid collaboration, developing top-notch analytics and fostering a risk culture that can withstand disruptive change. Better risk management techniques provide early warning signals so that the same may addressed in time. In traditional concept the natural calamities like fire, earthquake, flood, etc. were only treated as risk and keeping the safe guard equipments etc. were assumed to have mitigated the risk.

Question 8.
Briefly comment on the following statement; Well defined and implemented risk management polices has many potential advantages to an organization.
Answer:
The key advantages of having risk management are as under:

  • Risk Management in the long run always results in significant cost savings and prevents wastage of time and effort in firefighting. It develops robust contingency planning.
  • It can help plan and prepare for the opportunities that unravel during the course of a project or business.
  • Risk Management improves strategic and business planning. It reduces costs by limiting legal action or preventing breakages.
  • It establishes improved reliability among the stakeholders leading to an enhanced reputation.
    Sound Risk Management practices reassure key stakeholders through-out the organization.

Question 9.
What is risk? Discuss various phases of risk management cycle.
Answer:
‘Risk’ refers to the variations in the outcomes that could occur over a specified period in a given situation. If only one outcome is possible, the | variation and hence the risk is zero. If many outcomes are possible, the risk is not zero. The greater the variation, the greater the risk.

Risk may also be defined as the possibility that an event will occur and adversely affect the achievement of the company’s objective and goals. ‘Business risk’ is the threat that an event of action will adversely affect an organisation’s ability to achieve its business objective/targets. Business risk arises as much from the possibility that opportunities will not be realized as much from the fact that certain threats could well materialise and that errors could well be made.

The risk management cycle is an under:

  • Identification
  • Assesses
  • Evaluate the risk
  • Identify suitable responses to risk and select
  • Plan and resources
  • Implement, monitor and report

Question 10.
“Unit and unless risks are properly managed they may cause severe loss to the business.” In the context of this, discuss what steps you would like to take for the proper management of the risks of your business.
Answer:
Risks, if not managed properly may cause severe damage to the organisations and therefore almost all organisations develop sequential process to deal with risks.

The steps every business should take for the proper management of risk of business are as under:
1. Identification of risk: It is the first phase of the risk management process. The origin/source of the risk is identified.

2. Assessment of risk: After identifying the origin of the risk the second step is assessment of the risk. A business organisation faces various threats and vulnerabilities that may affect its operation or the fulfilment of its objectives. Therefore, the quantum and severity of risk involved is assessed.

3. Analysing and evaluating the risk: It is the third step where the risk is analysed and evaluated. The risk analysis involves thorough examination of the risk sources, its positive and negative consequences, the likelihood of the consequences that may occur and the factors that affect them and assessment of any existing controls or processes that tend to minimize negative risks or enhance positive risks.

4. Handling of risk: The ownership of risk should be allocated. The persons concerned when the risk arises, should document it and report it to the higher ups in order to have the early measures to get it minimized. Risk may be handled in the following ways:

  • Risk Avoidance
  • Risk Retention/absorption – it may be active or positive
  • Risk Reduction
  • Risk Transfer

5. Implementations of decision: The last step in the risk management process is the implementation of the decision. It is recommended to the Board or the organization to use various alternatives of tackling the risks. After getting it approved, initiate measures to implement it.

Question 11.
Risk management is a structured consistent and continuous process applied across the organization for the identification and assessment of risks control assessment and exposure monitoring. In the light of the statement discuss the risk management process and advantages of risk management.
Answer:
Risk management is a structured, consistent and continuous process, applied across the organisation for the identification and assessment of risks, control assessment and exposure monitoring.

Objectives of the Company’s risk management framework – The objectives of the Company’s risk management framework comprise the following:

  • To identify, assess, priorities and manage existing as well as new risks in a planned and coordinated manner.
  • To increase the effectiveness of internal and external reporting structure.
  • To develop a risk culture that encourages employees to identify risks and associated opportunities and
  • respond to them with appropriate actions

Advantages of Risk Management – Properly implemented risk management has many potential advantages to an organization in the form of:

  • Better informed decision making – for example in assessing new opportunities.
  • Less chance of major problems in new and ongoing activities.
  • Increased likelihood of achieving corporate objectives.

Question 12.
What are the different dimensions of identifying threats in Risk Analysis process? In a company there is a probability of increase of 40% cost of raw material from present level of ₹ 10 crores. What shall be risk value of cost of production?
Answer:
There are various stages in risk management process. After identification of the risk parameters, the second stage is of analyzing the risk which helps to identify and manage potential problems that could undermine key business initiatives or projects.

Risk Analysis – To carry out a Risk Analysis, first the possible threats are identified and then the likelihood that these threats will materialize is estimated. The analysis should be objective and should be industry specific.

The first step in Risk Analysis is to identify risks or threats both existing and possible which may pertain to:

  • Human : Illness, death, injury, or other loss of a key individual.
  • Operational : Disruption to supplies and operations, loss of access to essential assets, or failures in distribution.
  • Reputational : Loss of customer or employee confidence, or damage to market reputation.
  • Procedural : Failures of accountability, internal systems, or controls, or from fraud.
  • Project : Going over budget, taking too long on key tasks, or experiencing issues with product or service quality.
  • Financial : Business failure, stock market fluctuations, interest rate changes, or non-availability of funding.
  • Technical : Advances in technology, or from technical failure.
  • Natural : Weather, natural disasters, or disease. –
  • Political : Changes in tax, public opinion, government policy, or foreign influence.
  • Structural : Dangerous chemicals, poor lighting, falling boxes, or any situation where staff, products, or technology can be harmed.

There is a probability of increase of 40% of price rise in the raw material. If this happens, it will increase the cost of production in the next year. So, the risk value of the cost of the production can be derived by the following formula:
Risk valuer Probability of event x Cost of event By, putting the values
Risk value= 0.40 (Probability of event) x ₹ 10 Crores (Cost of event) = ₹ 4 Crores

Question 13.
Your company is running its corporate office in a rented business premises. The Landlord of the building has increased the rent of other companies and there are 80% chances of increase in the rent of the office occupied by your company within the next year. If this happens, it will cost your business an extra ₹ 5,00,000 over the next year. Calculate the risk value.
Answer:
The formula for calculating the Risk Value is:
Risk Value = Probability of Event x Cost of Event
By putting the values, we get:
0.80 (Probability of Event) x ₹ 500, 000 (Cost of Event) = ₹ 4,00,000 (Risk Value)

Question 14.
Point out the situations where the Risk Analysis may be useful.
Answer:
Risk management process comprises of five stages. After identification of the risk parameters, the second stage is of analyzing the risk which _ helps to identify and manage potential problems that could undermine g key business initiatives or projects.

Process of Risk Analysis:
To carry out a Risk Analysis, first the possible threats are identified and then estimate the likelihood that these threats will materialize. The analysis should be objective and should be industry specific. Within the industry, the scenario based analysis may be adopted taking into consideration of possible events that may occur and its alternative ways to achieve the given target.

Risk Analysis can be complex, as it requires to draw on detailed information such as project plans, financial data, security protocols, marketing forecasts and other relevant information. However, it is an essential planning tool, and one that could save time, money and reputations.

Risk analysis can be useful in many situations like:

  1. While planning projects, to help in anticipating and neutralizing possible problems.
  2. While deciding whether or not to move forward with a project.
  3. While improving safety and managing potential risks in the workplace.
  4. While preparing for events such as equipment or technology failure, theft, staff sickness, or natural disasters.
  5. While planning for changes in environment, such as new competitors coming into the market, or changes to government policy.

Question 15.
Companies are not entirely free to decide on how they shall handle their risks. Discuss this statement in the light of prescribed regulation of the SEBI (Listing Obligation & Disclosure Requirements) Regulations, 2015.
Answer:
Risk can be handled in the following ways:
1. Risk Avoidance: Risk Avoidance means to avoid taking or choosing of less risky business/project. For example one may avoid investing in stock market due to price volatility in stock prices and may prefer to invest in debt instruments.

2. Risk Retention /absorption: It is the handling the unavoidable risk internally and the firm bears /absorbs it due to the fact that either because insurance cannot be purchased of such type of risk or it may be of too expensive to cover the risk and much more cost-effective to handle the risk internally. Usually, retained risks occur with greater frequency, but have a lower severity. An insurance deductible is a common example of risk retention to save money, since a deductible is a limited risk that can save.

There are two types of retention methods for containing losses as under:

  • Active Risk Retention: Where the risk is retained as part of deliberate management strategy after conscious evaluation of possible losses and causes.
  • Passive Risk Retention: Where risk retention occurred through negligence. Such type of retaining risk is unknown or because the risk taker either does not know the risk or considers it a lesser risk than it actually is.

3. Risk Reduction: In many ways physical risk reduction is the best way of dealing with any risk situation and usually it is possible to take steps to reduce the probability of loss. It is done at the planning stage of any new project when considerable improvement can be achieved at little or no extra cost.

4. Risk Transfer: This refers to legal assignment of cost of certain potential losses to another. The insurance of ‘risks’ is to occupy an important place, as it deals with those risks that could be transferred to an organization that specialises in accepting them, at a price. Usually, there are 3 major means of loss transfer viz.,

  • By Tort
  • By contract other than insurance
  • By contract of insurance

Question 16.
“The rapidly growing global economy has created an expanding array of risks to be managed to ensure the viability and success of an enterprise” Discuss the statement enumerating classes of risk and the ways of risk handling.
Answer:
Risk may be summarized as hereunder:

  • Credit Risks
  • Industry and Services Risks
  • Legal Risks
  • Liquidity Risks
  • Disaster Risks
  • System Risks
  • Management and Operation Risks
  • Market Risks
  • Political Risks
  • Non compliance and related risks

Risk can be handled broadly in four ways:

  • Risk Avoidance
  • Risk Reduction
  • Risk Retention
  • Risk Transfer

Question 17.
What is risk retention? Distinguish between risk retention and risk transfer.
OR
Describe and differentiate risk reduction and risk retention.
Answer:
Risk reduction – Risk reduction means prevention of loss by taking steps to reduce the probability of loss. The ideal time to think of risk reduction measures is at the planning stage of any new project when considerable improvement can be achieved at little or no extra cost. It is the best way of dealing with any risk. Risk prevention should be evaluated in the same way as other investment projects as it will save a lot of cost and energy at a later stage.

Risk retention – “Risk retention” is the process of handling the unavoidable risk internally. The firm bears/absorbs the risk due to the fact that insurance of such a type of risk cannot be purchased or it may be too expensive to cover the risk and much more cost-effective to handle the risk internally.

Retained risks occur with greater frequency, but have a lower severity.

Methods of risk retention – There are two types of retention methods for containing losses as under:

Active Risk Retention : Where the risk is retained as part of deliberate management strategy after conscious evaluation of possible losses and causes.

Passive Risk Retention : Where risk retention occurred through negligence. Such type of retaining risk is unknown or because the risk taker either does not know the risk or considers it a lesser risk than it actually is.

Question 18.
Discuss in brief the following; Risk management.
Answer:
Risk is an important element of corporate functioning and governance. There should be a clearly established process of identifying, analyzing and treating risks, which could prevent the company from effectively achieving its objectives.

It also involves establishing a link between risk return and resourcing priorities. Appropriate control procedures in the form of a risk management plan must be put in place to manage risk throughout the organization. The plan should cover activities as diverse as review of operating performance, effective use of information technology, contracting out and outsourcing.

Question 19.
While conducting the Audit, Secretarial Auditor found that by forged signature, accountant had transferred huge amount in dummy account. There was a big financial scam in the organization. Reporting on fraud, Management has desired that a Risk Management Policy to detect and control the Fraud be prepared.
Being a Company Secretary, point out the major aspects to be included in Fraud Risk Management Policy.
Answer:
The management should be pro-active in fraud related matter. A fraud is usually not detected until and unless it is unearthed. A Fraud Risk Management Policy should be incorporated, aligned to its internal control and risk management. The Fraud Risk Management Policy will help to strengthen the existing anti-fraud controls by raising the awareness across the company and promote an open and transparent communication culture.

It would also promote zero tolerance to fraud/misconduct and encourage employees to report suspicious cases of fraud/misconduct. The policy would spread awareness amongst employees and educate them on risks faced by the company.

The major aspects to be included in Fraud Risk Management Policy are –
1. Defining fraud : This shall cover activities which the company would consider as fraudulent.

2. Defining Role & responsibilities : The policy may define the responsibilities of the officers who shall be involved in effective prevention, detection, monitoring & investigation of fraud. The company may also consider constituting a committee or operational structure that shall ensure an effective implementation of anti-fraud strategy of the company. This shall ensure effective investigation in fraud cases and prompt as well as accurate reporting of fraud cases to appropriate regulatory and law enforcement authorities.

3. Communication channel : Encourage employees to report suspicious cases of fraud/misconduct. Any person with knowledge of suspected or confirmed incident of fraud/misconduct must report the case immediately through effective and efficient communication channel or mechanism.

4. Disciplinary action: After due investigations disciplinary action against the fraudster may be considered as per the company’s policy.

5. Reviewing the policy: The employees should educate their team members on the importance of complying with Company’s policies & procedures and identifying/reporting of suspicious activity, where a situation arises. Based on the developments, the policy should be reviewed on periodical basis.

Question 20.
Write short note on the following; Fraud risk management.
Answer:
The fraud risk management policy will help to:

  • Strengthen the existing anti-fraud controls by raising the awareness across the company.
  • Promote an open and transparent communication culture.
  • Promote zero tolerance to fraud/misconduct.
  • Encourage employees to report suspicious cases of fraud/misconduct.
  • Spread awareness amongst employees and educate them on risks faced by the company.

Such a policy may include the following:

  • Defining fraud
  • Defining Role & responsibilities
  • Communication channel
  • Disciplinary action
  • Reviewing the policy

Question 21.
Write the relevant provisions of the Companies Act, 2013 relating to the reporting of fraud.
Answer:
Following are the provisions related to reporting of fraud under Companies Act, 2013:
Section 143(12) of the Companies Act, 2013 read with Rule 13 of the Companies (Audit and Auditors) Rules, 2014 provides that if an auditor of a company in the course of the performance of his duties as auditor, has reason to believe that an offence of fraud involving an amount of rupees one crore or above, is being or has been committed ‘ in the company by its officers or employees, the auditor shall report the matter to the Central Government.

Rule 13(2) of Companies (Audit and Auditors) Rules, 2014 provides that the auditor shall report the matter to the Central Government as under:
1. Reporting the matter to the Board/Audit Committee immediately but not later than two days of his knowledge of the fraud, seeking their reply or observations within 45 days.

2. On receipt of such reply or observations, the auditor shall for¬ward his report and the reply or observations of the Board/Audit Committee along with his comments to the Central Government within 15 days from the date of receipt of such reply or observations.

3. In case the auditor fails to get any reply or observations from the Board/Audit Committee within the stipulated period of 45 days, he shall forward his report to the Central Government along with a note containing the details of his report.

4. The report shall be sent to the Secretary, Ministry of Corporate Affairs in a sealed cover by Registered Post with Acknowledgement Due or by Speed Post followed by an e-mail in confirmation of the same.

5. The report shall be on the letter-head of the auditor containing postal address, email address and contact telephone number or mobile number and be signed by the auditor with his seal and shall indicate his Membership Number.

6. The report shall be in the form of a statement as specified in Form ADT-4.

Fraud value less than one crore – Rule 13(3) of Companies (Audit and Auditors) Rules, 2014 further states that in case of a fraud involving lesser than one crore rupees, the auditor shall report the matter to Audit Committee/Board immediately but not later than two days of his knowledge of the fraud and he shall report the matter specifying the nature of Fraud with description, approximate amount involved; and Parties involved and the same shall also be disclosed in the Board’s Report.

Penal Provisions – The person guilty of the offence shall be punishable with fine which shall not be less than one lakh rupees but which may extend to twenty-five lakh rupees.

Question 22.
Discuss briefly the following: Reputation risk
OR
Elucidate the following; Reputational risk management.
Answer:
The Reserve Bank of India in its Master Circular dated July 1, 2015 has defined the Reputation Risk as:
The risk arising from negative perception on the part of customers, counter parties, shareholders, investors, debt-holders, market analysts; other relevant parties or regulators that can adversely affect a bank’s ability to maintain existing, or establish new, business relationships and continued access to sources of funding.

For example: through the interbank or securitisation markets.
Reputational Risk Management- For managing the reputation risk, the following principles are worth noting:

  • Integration of risk while formulating business strategy.
  • Effective board oversight.
  • Image building through effective communication.
  • Promoting compliance culture to have good governance.
  • Persistently following up the Corporate Values.
  • Due care, interaction and feedback from the stakeholders.
  • Strong internal checks and control.
  • Peer review and evaluating the company’s performance.
  • Quality report/newsletter publication.
  • Cultural alignment.

Question 23.
You are the company secretary of Nodal Power Company Ltd your ® board of directors wants to understand its responsibilities for reviewing j the company’s policies on risk oversight and management in the light of SEBI (Listing Obligations & Disclosure Requirements) Regulations, 2015 and satisfy itself whether the management has developed and implemented a sound system of risk management and control.
Prepare board note discussing the responsibilities of the board on risk management and the relevant provisions on risk management under SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015.
Answer:
To,
The Board of Directors
Nodal Power Company Limited
Sub: Responsibility of Board of Directors on Risk Management
Dear Sir,
It is pertinent to note that following are the legal provisions of risk management under SEBI (LODR) Regulations 2015.
SEBI (LODR) Regulations, 2015 provides that company shall lay down procedures to inform Board members about the risk assessment and minimization procedures. The Board shall be responsible for framing, implementing and monitoring the risk management plan for the company.

The Risk Management Plan must include all elements of risks. The traditional elements of potential likelihood and potential consequences of an event must be combined with other factors like the timing of the risks, the correlation of the possibility of an event occurring with others, and the confidence in risk estimates.

Risk management policies should reflect the company’s risk profile and should clearly describe all elements of the risk management and internal control system and any internal audit function.

A company’s risk management policies should clearly describe the roles and accountabilities of the board, audit committee, or other appropriate board committee, management and any internal audit function.

A company should have identified Chief Risk Officer manned by an individual with the vision and the diplomatic skills to forge a new approach. He may be supported by “risk groups” to oversee the initial assessment work and to continue the work till it is completed.

Regulation 21 of SEBI (LODR) Regulations, 2015, requires that every listed company should have a Risk Management Committee.

Question 24.
A company secretary can play a significant role in ensuring that a sound enterprise risk management (ERM) which is effective throughout the company is in place explain.
OR
Briefly comment on the following; Role of company secretary in evaluating risk management efforts in the organization is significant.
OR
Discuss the role of company secretary in addressing risk management.
OR
Write a note on the following; Role of company secretary in ensuring risk management.
Answer:
The company secretaries are governance professionals whose role is to enforce a compliance framework to safeguard the integrity of the organization and to promote high standards of ethical behaviour. Following are their functions:

  • Advising on best practice in governance, risk management and compliance.
  • Championing the compliance framework to safeguard organizational integrity.
  • Promoting and acting as a ‘sounding board’ on standards of ethical and corporate behaviour.
  • Balancing the interests of the Board or governing body, management and other stakeholders.

In terms of Section 203(l)(ii) of Companies Act, 2013, a Company Secretary is a Key Managerial Person. Hence being a top level officer and board confidant, a Company Secretary can play a role in ensuring that a sound Enterprise wide Risk Management [ERM] which is effective throughout the company is in place.

Question 25.
Answer the following in brief; Write a note on ISO 31000.
Answer:
ISO 31000 published on the 13th of November, 2009, provides a standard j on the implementation of risk management. ISO 31000 seeks to provide a universally recognized paradigm for practitioners and companies employing i risk management processes. ISO 31000 contains 11 key principles that position risk management as a fundamental process in the success of the organization.

Governance Risk Management Compliances and Ethics Notes