Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

CHAPTER 27
Establishing ERM Systems in Emerging Countries

DEMIR YENER, PhD

Senior Finance and Governance Advisor, Deloitte Consulting, LLP.

INTRODUCTION

The purpose of this chapter is to discuss enterprise risk management (ERM) in the context of corporate governance in emerging market corporations. There is a growing interest in improving corporate governance practices in emerging markets following the 1997–1998 financial crises in the Far East and Russia. With the contagion effects of the crisis in many other emerging markets, there was a realization that corporate governance practices had to be improved along with the financial sector infrastructure. This was the genesis for establishing a globally appealing set of principles or rules of good corporate governance.

Upon the initiation of international donors and G7 countries, the Financial Stability Forum was convened. The Principles of Corporate Governance were developed by the Organization for Economic Cooperation and Development (OECD) in 1999¹ and were later revised in 2004. During this period, other standards of business conduct were also introduced to provide guidance in a number of critical areas of global cooperation for business and finance among nations. Many emerging countries have since adopted the OECD principles and developed their own corporate governance codes.

Improving corporate governance is understood to improve the chances of accessing the various sources of finance. In most emerging market countries, the crucial pillars of transparency and disclosure are still considered off-limits due to concerns about business confidentiality. Effective regulatory enforcement has finally forced many exchange-listed firms to become more transparent thanks to improved disclosure requirements. Disclosure has helped make material and timely corporate information available to the investors. While this availability has helped to provide greater information about the firms’ business prospects, it has also educated boards to help them improve their supervision of management actions.

Since the early 2000s, most listed companies in emerging countries have become more aware of the need to improve corporate governance practices, thereby helping to resolve the perceived risks related to firms. Improving corporate governance across the board in an emerging country setting will translate into improving shareholder value, by providing more assurance to investors of a better rate of return on their investment. This is especially true of the privately held small- and medium-sized enterprise companies, as it helps them gain better access to the sources of financing.

In the following sections, we offer a discussion of enterprise risk management by emerging market firms. We take a holistic approach to enterprise risk management as prescribed in the COSO definition.² Refer to the Appendix for a summary of the COSO approach to ERM.

ENTERPRISE RISK MANAGEMENT AND ITS BENEFITS IN EMERGING MARKETS

Enterprise risk management can be defined as the intelligent use of risk to promote business opportunities and gain competitive advantages for the firm. In this context, ERM encompasses a holistic culture, processes, and tools used throughout the firm to identify strategic opportunities and reduce uncertainty for a firm. ERM allows the comprehensive view of risk from both operational and strategic perspectives. It is a process that supports the reduction of uncertainty and promotes the exploitation of opportunities.

ERM is important for all successful companies managing the random and often interrelated types of risks that a business encounters during its existence. ERM offers companies strategically more effective risk management at “potentially lower” costs. From time to time, there are major events in finance that affect many stockholders and related stakeholders in many parts of the world. A well-known example is the demise of the Barings Group in the 1990s, a large British investment management company that lost many billions due to unscrupulous futures trading by a trader named Nick Leeson, who took unhedged positions without proper risk oversight. There are many other examples. Currently, the financial sector troubles and the economic meltdown have magnified the effects of excessive leverage that firms had accumulated in anticipation of high returns in a growth environment. Unfortunately, many firms grossly neglected the downside of the risks they had exposed themselves to, without much protection.

For example, many Asian exporting corporations have borrowed heavily from their domestic or international banks in anticipation that their foreign exchange earnings will continue for a foreseeable period of time. Unfortunately, the global economic meltdown has negatively affected their revenues, and therefore their ability to service their debts. The final outcome is still uncertain at this time. The current period is that of a crisis management mode and involves crisis risk management.

There are many benefits to ERM if applied properly. The key is that the firm must adopt ERM as a holistic process, and the firm should be involved in ERM at all levels from the board all the way down to the business units. ERM requires that management be responsible for the implementation of the policies, while the board monitors and provides guidance to the CEO. In the ongoing globalization process, and with the pressures to become more transparent, the financial services industry, along with utility companies and the airline industry, have increasingly adopted these practices.

Let’s consider the airline industry in emerging markets: IATA, the International Air Travel Association, reports that civil aviation markets in Poland, China, Czech Republic, Qatar, and Turkey, will have a steady growth rate of 5 percent to 8 percent per year in terms of passenger and cargo volume through the first decade of this century. Given this expected growth in the aviation sector, a recent survey conducted among the 14 Turkish Airline companies reports that survey respondents generally agree that by developing an ERM policy, the airlines could implement a structured and disciplined approach in risk management. Respondents further understand that ERM aligns the organization’s strategies, processes, technology, and knowledge with the purpose of improving its ability to develop a strategy and manage more effectively.³

The survey results, however, do not support the hypothesis that Turkish airline managements are interested in risk management as a holistic concept and want to implement ERM in their organizations. The findings suggest that while there is an increasing awareness of nonoperational risks (e.g., security, safety, and financial risk management), companies are just beginning to move toward an enterprise-wide view of risk. At the present time, the study finds that the airline managements still see risk management very narrowly, which is quite different from what ERM concepts require. The airlines perceive risk and ERM within the narrow framework of their corporate culture and management style and there is no uniformity in these risk perceptions. Airline executives care most about the security, safety and financial risks that they face, which may vary according to each company’s market niche. We think that even this much awareness is a major step forward in an emerging country. However, more needs to be done to establish ERM techniques among the Turkish Airline companies. The very recent crash of a Turkish Airlines passenger jet in Amsterdam, the Netherlands, ought to be a wake-up call.⁴

In a recent study conducted by Ernst and Young to explore risk management in emerging markets, about 900 companies were surveyed regarding the leading risk management practices in Brazil, Russia, India, China, and Turkey as well as in 12 developed market countries.⁵ The main finding of the study is that establishing a risk culture, improving communications, and aligning organizational structure and risk management processes can ultimately set a strong foundation for better risk management. See Box 27.1 for key findings.

ERM also involves understanding the risk in dealing with companies that are not transparent. A recent example from India may be cited here: In early January 2009, Satyam Computer Services, one of India’s biggest software and services companies, revealed some alarming truths. The company’s founder and chairman, B. Ramalinga Raju, confessed to a $1.47 billion fraud on its balance sheet, which he and his brother, Satyam’s managing director, had disguised from the company’s board, senior managers, and auditors for several years. As the business opportunities for Satyam grew, this fraud went mostly unnoticed by the shareholders of the company. As the markets began to contract, the deficit had to be covered, and thus, the scandal broke. This is a problem of abuse of shareholder trust.

Box 27.1 Example: ERM at Indian Companies

Because of globalization and the international growth of Indian companies, it is now more critical than ever that Indian firms pay attention to the most recent global developments regarding risk management elsewhere. Among the key findings and trends now emerging in India with regard to Enterprise Risk Management (ERM) are the following:⁶

Strategic risks have not typically been considered in the early stages of building ERM at Indian companies.
Most of the risks continue to be managed in silos, whether in business units or in functions. This approach does not take advantage of the holistic approach that ERM can bring to risks that cross businesses.
Other than financial institutions, few Indian companies have developed sophisticated risk metrics. Even at financial institutions, risks are usually managed and monitored by class of risk such as credit or market risk, rather than holistically across the institution.
Much of the focus on ERM in Indian companies to date has been on the downside risk, not the opportunity side of the equation. ERM may bring the necessary cultural change to identify opportunities and their associated risks and rewards.
ERM has created greater transparency both internally and externally at those companies that have embraced it. Communication within the company has improved by adding a new perspective on risk and sharing risk information. Communication with shareholders and other external stakeholders has also improved through more thorough disclosure.
The value proposition for ERM is not yet evident for most Indian companies since most companies and boards that have begun ERM are doing so more as a compliance exercise than a strategic one.
Evolving legal standards make it prudent for business organizations operating in the Indian financial market to strengthen their ERM processes.

The risks in Satyam case are due to bad management decisions, and fraudulent action on the part of the chairman. Good corporate governance practices strongly discourage the chairman from also holding the role of the CEO. This is a common practice in all emerging market countries. Due to the power these two roles provide, management responsibility and accountability suffer along with transparency, oftentimes leading to potentially disastrous results. The risk to the investors is large in a thinly capitalized emerging market.⁷ See Box 27.2.

Box 27.2 Findings of Survey on Risk Management in Emerging Markets

According to a survey conducted by Ernst and Young, the key “risk management lessons” taken from executives’ experience across emerging and developed markets reveal the following findings:

The main goal in emerging markets is growth. Companies have moved on from the traditional view that the primary objective of investment in emerging markets is cost saving.
Risk priorities differ by location. Developed markets focus on political, operational, and supply chain risk. Emerging markets are more likely to focus on market, competitive, and pricing risk.
There is a consensus that boards are not giving enough attention to risk in these markets. Only 41% of developed market companies have a risk strategy for emerging markets.
Opinion differs on risk communication. While 71% of emerging market subsidiaries feel they provide sufficiently regular and robust information on risk, only 44% of the parent companies would say the same.
Opinion also differs on internal audit. Developed market companies have less confidence in the quality of the internal audit testing of their subsidiaries than the emerging market subsidiaries themselves do.

Source: Ernst & Young. “Risk Management in Emerging Markets,” 2007.

Evolution of Risk Management in Emerging Markets

Recent debacles such as misunderstanding the forces of globalization, frequent product recalls, fraudulent securities trading and accounting practices, major shifts in financial and commodity markets, or the failure of monetary and regulatory responses to financial crises, and the contagion effects of financial crises, have led to many lessons learned about the systemic risk inherent in the global marketplace.

International cooperation has tried to find solutions to the global implications of the financial crises. Further exacerbating the problems are the increasingly complex environmental or business changes that were not effectively recognized by management and which have underscored the need for enterprise risk management at the corporate level.

Risk management evolved as a result of a combination of issues. Box 27.3 provides a brief description of the risks that any business must consider in conducting its business. The items presented here are a select sample of the typical issues that may be raised when managing risk in a holistic manner.

Box 27.3 Types of Risk

The total risk of a firm consists of a combination of risk factors as depicted in the following.

Strategic risks group includes external and internal factor risks. The external factors essentially refer to the likelihood that industry, economy, legal, and regulatory changes and competitors will cause the breakdown of operations or variability in the firm’s earnings. The internal factor risks relate to the likelihood that the firm’s reputation, strategic focus, patent, and trademark types of company-specific factors will cause variability in the revenues or net earnings of the firm.
Operational risks are the cause-effect related pressures on the revenues and net earnings of the firm resulting from the supply-chain discontinuities, customer satisfaction, cycle time, and manufacturing processes (process risks); while others may be caused by environment, regulations, policy and procedures, and litigations (compliance risks); and yet others may be caused by factors such as human resources, employee turnover, performance incentives, and training factors (people risk).
Finance risks group includes the variability in earnings due to interest rate fluctuations, foreign exchange risks, and access to capital (treasury risks); while other factors include the capacity, collateral, concentration of debt, default risk related to credit (credit risks); and other pressures on the financing policies of the firm due to commodity prices, duration (trading risk).
Information risks group includes issues that put pressure on the financial and investment policies of the firm due to accounting standards, budgeting, financial reporting, taxation, and regulatory reporting requirements (financial risks); while others such as pricing, performance measurement and employee safety (operational risks) risk; and, risks due to technological innovations such as information access, business sustainability, availability and infrastructure risks (technological risks) that may cause fluctuations in the earnings of the firm.

Source: Adapted from Robert Moeller. (2007) COSO Enterprise Risk Management: Understanding the New Integrated ERM Framework. Hoboken, NJ: John Wiley & Sons.

As globalization in world trade progressed during the last two decades, many emerging countries experienced the collapse of their financial systems. Excessive operating or financial risks undertaken by the corporate sectors were generally identified as the main culprit leading to the serious financial and economic meltdowns. Further, the inability of the international financial institutions to intervene in a timely fashion in order to help the countries’ central banks and financial regulatory bodies to prevent this from happening has sent shock waves across the global landscape.

For instance, in a systemic crisis, such as the one the world markets face at this time, the large shocks to foreign exchange and interest rates, and a general economic slowdown cause the corporate and financial sectors to experience a number of defaults and difficulties to service their debt obligations on time. During these periods, nonperforming loans and the inability to service debt will increase sharply, causing the securities markets to decline precipitously. This situation is often accompanied by generally depressed asset prices, such as in equity and real estate prices. In emerging countries with chronic financial distress and other structural problems that reach large proportions, a systemic crisis may have different implications. Exhibit 27.1 presents some key variables for a sample of systemic crisis countries during the 1990s.⁸

The lessons learned from this experience were that globalization can have overreaching implications on all countries, and that financial sectors must be better regulated under internationally accepted principles. When a systemic crisis occurs, the future of an individual corporation, and its course of actions to deal with crisis management, will depend on the actions of many other corporations and financial institutions, and the general economic outlook. This is in essence a part of the risk management policies of the firm. The financial and the corporate sectors are almost always closely related and they will both need restructuring in this case. Corporate liquidity and solvency will be of the utmost importance. Governments will be expected to play a significant role in these circumstances, even though the final arbiters are the corporations themselves.

Exhibit 27.1 Patterns of Systemic Banking Crises

Country	Crisis year	Fiscal cost (% of GDP)	Peak NPL (% of loans)	Real GDP growth	Change in exchange rate	Peak in real interest rates	Decline in real asset prices
Finland	1992	11.0	13	−4.6%	−5.5%	14.3%	−34.6%
Indonesia	1998	50.0	65–75	−15.4%	−57.5%	3.3%	−78.5%
Korea	1998	37.0	30–40	−10.6%	−28.8%	21.6%	−45.9%
Malaysia	1998	16.4	25–35	−12.7%	−13.9%	5.3%	−79.9%
Mexico	1995	19.3	29.8	−6.2%	−39.8%	24.7%	−53.3%
Philippines	1998	0.5	20	−0.8%	−13.0%	6.3%	−67.2%
Sweden	1992	4.0	18	−3.3%	+1.0%	79.2%	−6.8%
Thailand	1998	32.8	33	−5.4%	−13.7%	17.2%	−77.4%

Source: Claessens, Stijn, Daniela Klingebiel and Luc Leaven. (2001). “Financial Restructuring in Banking and Corporate Sector Crises: What Policies to Pursue?” NBER Working Paper W8386. www.nber.org./papers/w8386.

As a result of the financial crises of the 1990s, the leading nations convened various task forces to develop new ground rules to be set as guiding principles for operating financial markets in all countries. Some of these rules include the OECD Principles of Corporate Governance, IOSCO Principles of Securities Markets Regulations, International Accounting and Auditing standards, and a list of others.⁹

Financial Crises and Remedies

Most of the financial sector problems that caused the financial crisis of 1997–1998 were related to the excessive lending on the one hand, and excessive borrowing by the private sector firms on the other hand in emerging nations. One factor causing the financial crisis was the excessive exposure to international currencies that changed drastically, thus causing the firms with excessive exposures to those risks to collapse due to an inability to service their debts.

The causes of the financial crisis of 2008 were somewhat different and these will be discussed for a long time as there was a combination of factors that contributed to the crisis. The market participants, by and large, sought higher yields in a low-interest rate, low inflation rate environment, without adequate appreciation of the risks and failed to exercise proper due diligence. Box 27.4 lists the emerging sets of standards in market conduct. More detail is available in Box 27.5.

One major failure was that the policy makers and the regulatory institutions did not adequately address critical market issues as they were unfolding and they did not adequately appreciate the risks building up in the financial markets. Many financial companies’ boards also failed to appreciate risks they were facing until the firms ran out of liquidity and faced bankruptcy. Now the issue of government bailout is a part of the solution. However, at the core, the solution lies in the board rooms to control the “infectious greed” of CEOs from taking over the whole institution due to the short-term profit motives.¹⁰

Box 27.5 The 12 Key Standards for Sound Financial Systems

The 12 standard areas highlighted here have been designated by the Financial Stability Forum as key for sound financial systems and deserving of priority implementation depending on country circumstances. While the key standards vary in terms of their degree of international endorsement, they are broadly accepted as representing minimum requirements for good practice. Some of the key standards are relevant for more than one policy area, for example, sections of the Code of Good Practices on Transparency in Monetary and Financial Policies have relevance for aspects of payment and settlement as well as financial regulation and supervision.

Policy Area	Title of the Standards	Implementer
Macroeconomic Policy and Data Transparency
Monetary and financial policy transparency	Code of Good Practices on Transparency in Monetary and Financial Policies	IMF
Fiscal policy transparency	Code of Good Practices on Fiscal Transparency	IMF
Data dissemination	Special Data Dissemination Standard/	IMF
Data dissemination	General Data Dissemination System^*
Institutional and Market Infrastructure
Insolvency	Guidelines on Insolvency Regimes^**	World Bank
Corporate governance	Principles of Corporate Governance	OECD
Accounting	International Accounting Standards (IAS)	IASB
Auditing	International Standards on Auditing (ISA)	IFAC
Payment and settlement	Core Principles for Systemically Important Payment Systems	CPSS/CPSS/IOSCO
Payment and settlement	Recommendations for Securities Settlement Systems	CPSS/CPSS/IOSCO
Market integrity	The Forty Recommendations of the Financial Action Task Force/	FATF
Market integrity	9 Special Recommendations Against Terrorist Financing	FATF
Financial Regulation and Supervision
Banking supervision	Core Principles for Effective Banking Supervision	BCBS
Securities regulation	Objectives and Principles of Securities Regulation	IOSCO
Insurance supervision	Insurance Core Principles	IAIS

*Economies with access to international capital markets are encouraged to subscribe to the more stringent SDDS and all other economies are encouraged to adopt the GDDS.

**The World Bank is coordinating a broad-based effort to develop a set of principles and guidelines on insolvency regimes. The United Nations Commission on International Trade Law (UNCITRAL), which adopted the Model Law on Cross-Border Insolvency in 1997, will help facilitate implementation.

Source: http://www.financialstabilityboard.org/cos/key_standards.htm.

Boxes 27.5 and 27.6 summarize some of the Financial Stability Forum recommendations made to the G7 ministers and central bank governors for enhancing the resilience of markets and financial institutions in reaction to the ongoing crises. The recommended actions are in five major areas, as shown in Box 27.6: (1) strengthening prudential oversight of capital; liquidity and risk management; (2) enhancing transparency and valuation; (3) changes in the role and uses of credit ratings; (4) strengthening the authorities’ responsiveness to risks; and, (5) robust arrangements for dealing with stress in the financial system. These are all policy recommendations to deal with crises—in other words, risk management.

It is unclear as to what extent any of these recommendations were heeded since they were issued. Given the date of the report in April 2008, they came very close to predicting the financial crisis and warned the world of the dangers.

Globalization, liberalization of trade and financial markets, privatization, and the development of new financial market trading patterns have had a profound impact on the ways in which private enterprises conduct their investment and business decisions. New standards of doing business, and convergence in global financial and trading regulations have made doing business a lot more competitive. While opening up the venues for competitiveness, this has also caused vulnerabilities for the firms.

Box 27.6 Enhancing Market and Institutional Resilience

On April 11, 2008, the Financial Stability Forum (FSF) presented to the G7 finance ministers and central bank governors a report making recommendations for enhancing the resilience of markets and financial institutions. The recommended actions are in five areas:

Strengthened prudential oversight of capital, liquidity and risk management.
Enhancing transparency and valuation.
Changes in the role and uses of credit ratings.
Strengthening the authorities’ responsiveness to risks.
Robust arrangements for dealing with stress in the financial system.

Public sector and private sector initiatives are underway in these areas. The FSF will facilitate coordination of these initiatives and oversee their timely implementation, thus preserving the advantages of integrated global financial markets and a level playing field across countries.

The interim report by the FSF’s Working Group on Market and Institutional Resilience, setting out policy directions, was issued in February 2008. The preliminary report by the Working Group, setting out its work plan, was issued in October 2007, a copy of which can be obtained from the web site below.

Source: Financial Stability Forum, www.fsforum.org/.

Even though these new measures were introduced around the turn of the new millennium to protect the global business environment from new crises, there will always be factors in free market economies that will cause distress and crises from time to time. These issues have made enterprise risk management all the more crucial for the long-term competitiveness and survival of any business.

The Rationale for Effective Risk Management in Emerging Markets

ERM is now more important than ever at all levels. Recognizing this, firms need to manage risk and consider the following six areas:¹¹ (1) tax considerations, (2) stakeholder considerations, (3) conflict of interest between shareholders and management, (4) management compensation, (5) financing and investment policy, and (6) dividend policy. Effective risk management requires an optimal combination of these considerations in order to keep the interests of the shareholders as a priority. In an emerging country environment, erratic dividend policies, an unbridled fast pace of growth, under capitalization, and riskier market environments have caused most companies to look at risk management as an approach too alien for their needs. In addition, many emerging market firms experience tough market pressures and corruption, which increases the cost of doing business. Weak accounting procedures have also had a large impact on the lack of transparency and inability of the firms to price their goods and services properly against competition.

Management compensation is not a major issue, even though good professional managers are hard to find. When they are recruited, they enjoy company perks more than large cash salaries or bonuses. One main reason is that controlling family ownership and the lack of understanding of global competitive forces has caused these firms not to pay too much attention to the need for paying competitive salaries.

Most firms have a small float in the stock markets, that is, between 5 percent and 30 percent, and this minimizes the perceived need of a satisfactory ERM approach in order to satisfy stakeholders. (Note: This will be discussed later in Exhibit 27.2.)

The Responsibility of the Board in Risk Management and Extensions to Emerging Markets

Boards of directors strengthen the corporate governance of a company when they first set a risk management policy that will address the risks that the company may face; second, understand and execute their oversight role, including understanding the company’s risk profile and determine a risk/return profile for the firm; and last, approve the business strategy of the company, including approval of the overall risk tolerances and risk management procedures.

The duty of the board is to act on behalf of the shareholders by devising strategies in order to protect shareholders’ investment in the firm from the overall risk exposures faced by the firm. Even if management may sometimes act on its own behalf, effective ERM should help protect the interests of the shareholders by aligning the interests of management with those of the shareholders. Box 27.7 provides a set of questions from a board perspective regarding the risks a company faces and its risk management processes.

The crucial issue has to do with the strategic management of a company. When the firm is first established and subsequently at various intervals, it determines a vision, a mission statement, and a set of objectives and targets to achieve the mission objectives. Targeted activities must pay attention to the overall risks faced by the firm.

Whether the firm is generating sufficient value for the given level of risks it has taken is a difficult question. Academic studies have shown that risk management can increase the market value of the firm, lower the cost of equity, and lower the volatility of earnings.

In their recent study, Smithson and Simkins conclude that interest rate, exchange rate, and commodity price risks are reflected in stock price movements. They find that the stock returns of financial firms are clearly sensitive to interest rate changes. In addition, they note that the corporate use of derivatives to hedge interest rate and currency exposures appears to be associated with lower sensitivity of stock returns to interest rate and FX changes.¹² The findings of this study reinforce the preceding arguments of how the U.S. financial firms have both benefited during the growth periods, then encountered extreme consequences during market downturns.

Box 27.7 How Risk Aware Is Your Board?

Questions Directors Should Ask!

Is the board taking on the appropriate risks?
Are the risks taken closely related to the strategies, objectives and performance measures of the firm?
How relevant are the risks?
Is there a competitive advantage for the firm as a result of these risks?
Will the risks taken create value for the shareholders?
How closely does the board understand that risk taking is a part of business?
Are the risks taken well understood by each board member?
Will the risks defined in the risk appetite determination relevant to the overall level of risk?
Is the organizational risk appetite swell defined?
Has the risk appetite been properly quantified in aggregate and per occurrence?
How does our firm adequately manage the risks taken?
Is our risk management process coordinated and consistent across the entire enterprise?
How is the risk defined in our organization?
Are there any gaps and/or overlaps in our risk coverage?
Is the risk management process cost-effective?

In terms of risk management, the board must follow a structural approach in bringing its policies down to the level of business units.¹³ The important thing for the board is that it ought to have a firm philosophy toward all types of risks the firm may face in its sector. The board members must understand the financial instruments the company uses or owns, especially the derivatives that the firm may use to hedge some risks, like currency, interest rates, and so on.

One important building block of an effective ERM program is to identify who formulates the firm’s guidelines and policies on the use of financial instruments. Another question is whether or not the board has approved these policies. The board must determine the best way to foster a risk management culture throughout the firm. Once determined, the board must ensure the integrity of the risk management system.

Another important question is whether there is separation of duties between those who generate financial risks and those who manage and control these financial risks. The types of instruments to be used must be evaluated, their risks must be calculable, a value assessment approach must be in place, and policies on how these are entered into company records and monitored must be determined. Last, shareholders must be kept abreast of the risks that they could reasonably expect from their investment in the firm. This is a process that is holistic, because it affects all units and all levels of the firm.

125 — **Exhibit 27.2** Comparative Review of Risk Management Applications Using COSO Model in Select Emerging Countries

126 — **Exhibit 27.2** Comparative Review of Risk Management Applications Using COSO Model in Select Emerging Countries

Boards are increasingly more active in risk management. In general, emerging market corporate boards have increased their attention to risk matters especially since the financial crises have eroded much of the shareholders’ capital and the firms had to take quite some time to readjust their capital base to regain the values lost. Although the interest in risk management is genuine, and most boards in emerging countries are paying more attention to risk than the other areas, there still is a lack of adequate understanding of how to best manage the risks. For instance, most companies in India and China manage risk in silos, and at department levels, rather than at the holistic level.

Boards in emerging markets are slowly realizing that it is within their duties to discuss market potential and expanding the firm. In addition, boards may need to consider forming risk advisory committees, or getting more directly involved in assessing market risks.¹⁴

Once the board has defined the level of loss it is prepared to tolerate across its businesses, in addition to the policy level deliberations, it must define the “risk appetite” of the firm. Other countries’ regulatory agencies provide guidance to companies that wish to incorporate ERM into their Board practices.¹⁵

Regulatory pressures from such international bodies as the Basel Committee on Banking Supervision and a greater focus on corporate governance have been a stimulus for many changes in the financial industry—one of these has been the recognition of the need to articulate risk appetite more clearly. These factors have led the firms to determine a proactive risk culture for the firms. Box 27.8 summarizes the risk appetite determination approach used in Egypt, Jordan, Ukraine, and Russia. On the face of it, this may seem easy to do. After all, is it not simply a combination of an institution’s desired credit rating, regulatory capital structure, and the relevant solvency needs that set the ability of the institution to withstand shocks and therefore represent its risk appetite?

For some smaller firms this approach may well be enough, but for others risk appetite is a more complicated affair at the heart of risk management strategy and indeed the business strategy.

Risk, Reward, and Risk Appetite in Emerging Markets

Finance theory defines the relationship between risk and reward such that for a given level of expected risk, a certain level of return is expected from an investment. In a business scenario, returns from various investments by different business units in the firm may be different. For some of the business units, the returns could be lower despite the higher expected risks.

It is also important to look at other aspects of risk. For example, it is essential to discuss risk in the context of a company’s desired levels of return and growth. At the corporate level in a publicly traded company, this might involve a targeted Total Shareholder Return (TSR). Many companies set targets for these and publicize them—usually in terms of outperforming a peer group. If we turn this around and look at it from the risk perspective, it could be interpreted that management wishes to outperform its peers in assuming risk! We have yet to see a company in emerging markets set risk-adjusted TSR targets.

Many risk management failures have been caused by focusing on profits without clearly defining risk levels. Many times management makes the mistake of focusing on satisfying the risk appetite of one group of stakeholders without giving sufficient weight to the appetites of others.

In the Ernst & Young survey on risk management in emerging markets, it was determined that for most emerging country businesses, market risk or the competitive environment are the sources of most risks.¹⁶ Other risks reported were: currency risk (when they operate in international markets), political risk, regulations, and the workforce issue.

The risk appetite of a firm is largely affected by the corporate culture. Perceptions, behavior, business unit activities, and the risk management approach must all converge for successful ERM. One of the more interesting internal challenges in financial services organizations, which often tend to be risk averse and conservative, is to ensure that business unit management is assuming sufficient risk. Commercial banks in emerging markets must rise to this challenge as they strive to find new growth opportunities. Incumbent management teams, who are often very good at maintaining the status quo, find they need new skills to tune up the engine and go faster.

Without a change in risk appetite, many companies may find themselves underperforming in terms of returns. Culture, strategy, and competitive position all influence risk appetite. Different firms will have different tolerances for different risk types. Furthermore, within a firm, appetite may differ between business units. A bank’s appetite for credit risk in consumer lending might be quite different to its appetite for market risk in its investment banking operation. Management’s appetite for risk will differ in a start-up operation in a new market compared to maintaining an established business in a mature market—and so on. With ERM, all of these elements will eventually need to be aligned with the corporate appetite and tolerances. A major benefit of defining risk appetite is that it forces the debate and helps ensure that risks are managed explicitly. To change behavior in relation to risk, interventions through additional training or changing personnel may be needed, but in most organizations the tone set by senior management tends to have by far the greatest impact.

OBSERVATIONS OF ERM PRACTICES IN EMERGING COUNTRIES

In Exhibit 27.2, we summarize our comparative observations of the ERM practices in Egypt, Jordan, Mongolia, Serbia, Turkey, and Ukraine based on the COSO outline. These summary points represent our years of observation made relative to the development of effective corporate governance practices in a larger population of 30 countries since 1995. Our overall conclusion on this issue is that ERM is still considered a new phenomenon in the format provided by COSO and applied by the regulatory bodies in these respective countries.

Although everyone agrees that it is time to improve on risk management, it is difficult to launch an effective ERM practice without the guidance and support of boards of directors in emerging markets. This is mainly due to the lack of technical knowledge at the top levels, even though there are capacity and skills deficiencies at all levels to establish an ERM program. We think that there will eventually be an improved capacity developed to fully practice ERM programs; however, emerging market regulatory bodies need to issue guidance and direction in order for this to be effective.

Regulators must play a guidance role if the overall corporate governance effectiveness is to be enhanced. Full compliance with all corporate governance regulations will certainly help many companies to gain better access to finance, to improve internal management capabilities, improve board effectiveness, and make the firms more competitive in the global arena.

CONCLUSION

New corporate governance codes have become the driving force for organizations to implement enterprise risk management. An ERM framework has been provided through COSO in 2004. ERM is a process that begins with the definition of a risk appetite for the firm. Firms must manage risks in order to ensure shareholders a return on their investment leading to value creation.

Risk management is a continuous process, involving the board, management, and all individual employees at all business unit levels. ERM must achieve a broad “buy-in” at all levels in the firm to succeed. The benefits of ERM are yet to be proven, however, evidence suggests that ERM is closely correlated with increased shareholder value in many cases. The needs and focus of ERM varies between sectors. Not all risks should or can be intensively quantified and overly sophisticated solutions should be avoided.

In the select emerging countries that were observed for this purpose, ERM is still an evolving topic of concern. In all of the emerging countries in our sample, we looked at the leading listed companies’ ERM applications. These countries include Egypt, Jordan, Mongolia, Serbia, Turkey, and Ukraine. In most countries, none of the objectives of enterprise risk management are fully practiced.

In terms of the strategic objectives, where the firm’s high-level goals are aligned with and support the mission of an enterprise, few organizations have accomplished this objective in full. Second, in terms of the operational objective of ERM, where the firm utilizes its resources efficiently and effectively, our observations in the six countries have found that the lack of resources has been a major obstacle in most cases. Third, for the reporting objective, where the firm’s reporting practices are reliable, relevant, timely, and replicable, the inadequacy of the accounting practices has been a major cause for concern in developing a fully effective ERM. Finally, in terms of the compliance objective, where the enterprise risk management framework is in compliance with applicable laws and regulations, despite the proliferation of legal and regulatory frameworks to enhance corporate governance through a number of ways including the risk management, we observe major weaknesses in full compliance.

At this time, corporate governance codes and regulations, and banking sector regulations have not been fully implemented in most banks or in listed corporations to the fullest degree to reach the desired objectives. It is most likely that in time many of these weaknesses and obstacles will be overcome and ERM will be fully practiced.

Our final observation is that the ERM concept is still a new concept and is likely to take a while to get the emerging country firms to reach the desirable level of risk management practices for sound business reasons rather than as a new responsibility that needs to be practiced because of the law.

APPENDIX: COSO APPROACH TO ENTERPRISE RISK MANAGEMENT

In the current global financial and product market environment, emerging country companies must generally undertake greater risks than companies from better established economies in order to gain market share. We argue that these firms are generally more risk prone in many aspects. We discuss these in the order defined by the COSO approach to risk management.

The goal of enterprise development projects undertaken by international financial institutions is to improve the business environment for increased investment and access to finance, thus focused on the creation of safety, stability and transparency. Safety and stability in the financial markets are of paramount importance for the foundation of any viable financial system, so that trust and confidence of market participants can be built in the system. In developing the system, appropriate institutions and legal and regulatory frameworks are built to ensure the integrity and sustainability of the financial system with the global markets.

ERM entails the efforts of risk management at the corporate level in a holistic manner. The COSO approach looks at enterprise risk management at four levels:

Strategic—whereby the firm’s high level goals are aligned with and support the mission of an enterprise.
Operations—whereby the firm utilizes its resources efficiently and effectively.
Reporting—whereby the firm’s reporting practices are reliable, relevant, timely, and replicable.
Compliance—whereby the enterprise risk management framework helps ensure compliance with applicable laws and regulations.

We think it is important to briefly review the COSO’s approach to enterprise risk management, which encompasses the following:¹⁷

Aligning risk appetite and strategy—The firm’s risk appetite is determined in assessing strategic investments, then objectives are set and methodologies to manage those perceived risks are developed.
Enhancing risk response decisions—Managing risk allows the firm to determine and develop alternatives in responding to the risks, such as avoiding, reducing, sharing, or accepting the perceived risks.
Reducing operational surprises and losses—By reducing operational surprises and potential for losses, firms gain enhanced capability to identify potential events. The firm determines its responses to risks that help reduce the surprises to be encountered in time, and help determine approaches in dealing with the associated costs of these surprises that may lead to unexpected losses.
Identifying and managing multiple and cross-enterprise risks—Every company will one way or another face risks that affect different parts of the organization. Risk management thus will facilitate the effective responses to these unexpected events and reduce the interrelated impact of unexpected, multiple risks on the firm.
Seizing opportunities—Management is proactive in taking advantage of opportunities that may present themselves as a result of considering the possibilities.
Improving deployment of capital—By collecting reliable risk information the firm is enabled to make effective use of the investment opportunities that are available in the financial markets, and make optimal allocation of capital that it is able to obtain.

The above COSO framework will provide guidance in reviewing the practices employed by emerging markets companies in this chapter.

NOTES

REFERENCES

Cassidy, John. 2008. Anatomy of a meltdown: Ben Bernanke and the financial crisis. New Yorker. December 1.

Claessens, Stijn, Daniela Klingebiel, and Luc Leaven. 2001. Financial restructuring in banking and corporate sector crises: What policies to pursue? NBER Working Paper W8386. www.nber.org./papers/w8386.

COSO, Enterprise risk management—Integrated framework. 2004. COSO (Committee of Sponsoring Organizations of the Treadway Commission), September. www.coso.org/.

Ernst & Young. 2007. Risk management in emerging markets: A survey. www.Ey.com.

Financial Stability Forum, www.fsforum.org/.

Hexter, Ellen, Matteo Tonello, and Sumon Bhaumik. 2008. Assessing the climate for enterprise risk management in India. Research Report. E-0016–08-RR.

Kaen, Fred R. 2004. Risk management, corporate governance and the public corporation. Unpublished note. University of New Hampshire, International Private Enterprise Center.

Kucukyilmaz, Aysegul, and Guven Sevil. 2006. Enterprise risk management perceptions in airlines of Turkey. Anatolia University, Faculty of Civil Aviation. Eskisehir, Turkey.

Meulbroek, Lisa K. 2002. Integrated risk management for the firm: A senior manager’s guide. Working Paper. Harvard Business School, Boston, MA.

Moeller, Robert R. 2007. COSO enterprise risk management: Understanding the new integrated ERM framework. Hoboken, NJ: John Wiley & Sons.

The G-20 summit proceedings on the financial markets. 2008. New York Times. November 16.

Nocco, Brian W., and Stulz, Rene M. 2006. Enterprise risk management: Theory and practice. Available at SSRN: http://ssrn.com/abstract=921402.

OECD. 2004. OECD Principles of Corporate Governance.

Smithson, Charles, and Betty J. Simkins. 2005. Does risk management add value? A survey of the evidence. Lead article, Journal of Applied Corporate Finance vol. 17, no. 3, 8–17.

ABOUT THE AUTHOR

Demir Yener, PhD is a financial economist and has held various responsibilities as a professor of finance, educator, trainer, and senior financial and private sector consultant on international economic development projects, including capital markets development, corporate governance, entrepreneurship, and executive development in over 30 emerging market countries, such as Russia, Ukraine, Central Asian Republics, Caucasus, Poland, Hungary, former Yugoslavia, Western Africa, the Middle East, South Korea, Thailand, Mongolia, and other East Asian nations on behalf of the World Bank and USAID. He currently works as senior corporate governance and finance advisor at Deloitte Consulting. He has designed, developed and managed technical assistance projects in private sector development, enterprise restructuring, financial sector reform, capital markets, nonbank financial institutions development, and corporate governance with a strong emphasis on executive training and development, and has worked with policy makers, high-level government officials, academics, and business leaders. He also held the academic position of professor of finance at Babson College, and taught as visiting professor at various institutions, including Harvard University, Bocconi University (Italy), Maastricht School of Management and Utrecht Business School (Netherlands), the American University (France), Sabanci University (Turkey), and Cairo University, Faculty of Commerce (Egypt).

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.