Chapter 4: Risk management

and corporate governance

 LEARNING OUTCOMES

• Explain the process of risk management

• Evaluate an organisation’s risk management programme
• Identify actions an organisation can implement to manage risks
• Explain the role of corporate governance with specific reference to
the King IV report
• Describe the relationship between strategy and corporate
governance
• Evaluate the stakeholder-inclusive approach with regard to corporate
governance
• Explain how the King IV report can assist in the risk management
process
 INTRODUCTION
Risk comes from not knowing what you are doing.
– Warren Buffet

• Rapid changes in an organisational environment lead to a

higher exposure to various types of risks than before.
• Aim of this chapter:
– First part – to explore organisational risk and the
management of risk.
– Second part – corporate governance and the application of
corporate governance on the risk management process.
– Third part – corporate governance and organisational
strategy.
 THE CONCEPT OF RISK
What is risk?
• In Latin, resicum, risicum, riscus.
• Originates from the Greek terms rhizikon and rhiza.
• The above terms are Greek navigation terms that mean “difficulty to
avoid at sea” (Sandoval, 2016).
• CIMA Official Terminology (2005):
– ‘Risk is a condition in which there exists a quantifiable dispersion
in the possible outcomes from any activity.’
• The International Federation of Accountants (1999) defines risk as:
– “Uncertain future events which could influence the achievement
of the organisation’s strategic, operational and financial
objectives.”
 THE CONCEPT OF RISK

What is risk?

• King IV Report:
– Risk is about the uncertainty of events as well as the likelihood
that such events will occur.
– Included in this definition of risk is the effect of the risk, both
positive and negative, on the achievement of the organisation’s
objectives.
 THE CONCEPT OF RISK
Types of risk
External risk
– Independent of the business as well as outside of the control of
the organisation.
– Caused by the industry environment as well as macro-
environmental risks, for example the overall economic climate.
– Implementation of internal controls will not necessarily reduce or
mitigate these risks.
Versus
Internal risk
– Inherent to the business environment that an organisation
creates itself.
– Can be reduced by internal controls implemented by the
organisation.
 THE CONCEPT OF RISK
Organisational risk is made up of the following five
main types of risk:

• Strategic risk
– External
– Organisation’s business plan becomes outdated

• Compliance risk
– External
– Organisation does not comply with all relevant laws and regulations

• Operational risk
– Internal
– Unexpected failure in an organisation’s day-to-day activities
 THE CONCEPT OF RISK

Organisational risk is made up of the following five main

types of risk:

• Financial risk
– Either internal or external
– Impacts the flow of money to and from the organisation
• Reputational risk
– External
– Risk that an organisation’s reputation might be damaged, which
could lead to a loss of customer goodwill, demoralised employees
and eventually great financial loss for the organisation
 THE CONCEPT OF RISK

Risk appetite and risk tolerance

Risk appetite
• The organisation’s tendency to take appropriate levels of risk.
• The amount and type of risk an organisation will be willing to take.
• Dependent on the organisation’s strategic objectives.
• Will be clearly stated in an organisation’s risk appetite statement in
the organisation’s Enterprise Risk Management (“ERM”) Framework.

Risk Tolerance
• The risk that the organisation can actually cope with.
• Includes the amount of potential loss that the organisation can
endure and still keep on functioning as it should.
 THE CONCEPT OF RISK

Identifying and assessing risk

• In order to identify the risks, the industry in which the organisation
operates in must be fully understood and analysed, and the different
types of risk must be kept in mind.
• It is not only important to identify the risk – the risk must also be
assessed.
• Whether this risk will be acceptable for the organisation, or the
extent of actions the organisation will take in reaction to the risk, will
depend on the organisation’s risk appetite.
THE RISK MANAGEMENT PROCESS
Figure 4.1 The risk management process (Textbook, page 74)
THE RISK MANAGEMENT PROCESS
Strategy in action 4.1 The
risk management process at
MTN
 EVALUATING THE ORGANISATION’S RISK
MANAGEMENT PROGRAMME

• The risk management process must be supported by sufficient policies,

procedures, processes and reporting mechanisms to enable the
organisation to effectively apply the process.
• An effective programme will enable the organisation to respond
effectively and timeously to any significant change in the environment.
• The policies and procedures must be consistent with the organisation’s
stated mission and objectives that form part of its strategy.
• The final measure of the effectiveness of an organisation’s risk
management programme lies in the effectiveness with which an
organisation’s risks can be managed.
 RESPONSE TOWARDS
ORGANISATIONAL RISK

The following methods can be applied to manage the risks

identified in the risk management process:
• Avoid
• Transfer
• Mitigate
• Diversify
• Accept
 CORPORATE GOVERNANCE

Defining corporate governance

• Corporate governance is defined in the King IV Report as:
– The exercise of ethical and effective leadership by the governing
body towards the achievement of ethical culture, good
performance, effective control and legitimacy as important
governance outcomes.
• Corporate governance is done in the triple context of the economic,
social and the physical environmental impacts – the so-called triple
bottom line.
 CORPORATE GOVERNANCE
Stakeholders
• Definition:
– All parties that are affected or that can be expected to be
affected by an organisation’s activities.

• Internal stakeholders:
– Parties that are directly affected by the activities of an
organisation.
– I.e. an organisation’s governing body, management, employees
and shareholders.

• External stakeholders:
– Parties that are indirectly affected by an organisation’s activities,
even though most of the time they have no directly noticeable
interest in an organisation.
– I.e. trade unions, creditors, government, customers.
 CORPORATE GOVERNANCE
Figure 4.2 Stakeholders and their governance role (Textbook, page 79)
 CORPORATE GOVERNANCE

The principal-agent problem

• Created by the split between the ownership and the management of
the business.
• Owners (shareholders) own the business, but as the business
continues to grow, they are less and less involved with the
management of the business.
• The management function is left primarily to managers who have no
ownership value in the business.
• Conflict develops between the organisation’s objectives and the
interests of the parties responsible for overseeing the assets of the
business.
 CORPORATE GOVERNANCE

Example of the principal-agent problem

• If a financial manager (agent) is paid an incentive based on the
bottom line of the entity, he/she has an incentive to overstate
profits in their own interest.
• This overstated profit means that the financial statements are not a
true reflection of the financial performance of the entity and will
not be in the best interest of the shareholder/owner (principal).
• This leads to a conflict in interest, since the manager will always
choose options that will increase the profits of an entity to his own
advantage regardless of whether this is in the best interest for the
entity as a whole.
 THE KING IV REPORT

• Launched on 1 November 2016.

• Effective for the financial years starting 1 April 2017.
• Primary audience is the governing body since any code of corporate
governance is concerned with the role and responsibilities of the
governing body, as well as how the governing body and
management should interact.
• The most important update to the King III Report is that the King IV
Report works on the principle of “apply AND explain” versus the
King III principle of “apply OR explain”.
 THE KING IV REPORT
Characteristics of good governance
• Seven primary characteristics of good governance - specified in the King
II Report - still important and applicable in the King IV Report:
– Discipline – commitment to acting appropriately and properly.
– Transparency – act in a way that is accessible and observable to all.
– Independence – acting independently, free of conflict of interest and
in the best interest of the organisation.
– Accountability – being held to account for specifically assigned
responsibilities.
– Responsibility – accepting the outcome and consequences of
actions.
– Fairness – ensuring that the rights of all stakeholders are equally met
and respected.
– Social responsibility – acting as a responsible, ethical citizen in all
aspects, including the environment, economy and community.
 THE KING IV REPORT

Principles of the King IV Report

• The King IV Report consists of 17 principles of good governance.
These principles build on and reinforce one another and they are
phrased in such a way that they are fundamental to good corporate
governance and hold true across all organisations.
 THE KING IV REPORT
Principles of the King IV Report
• The 17 principles are as follows:

• The governing body should lead ethically and effectively.

1

• The governing body should govern the ethics of the

organisation in a way that supports the establishment of
2 an ethical culture.

• The governing body should ensure that the organisation

is, and is seen to be, a responsible corporate citizen.
3
 THE KING IV REPORT
Principles of the King IV Report

• The governing body should appreciate that the

organisation’s core purpose, its risks and opportunities,
strategy, business model, performance and sustainable

4 development are all inseparable elements of the value

creation process.

• The governing body should ensure that reports issued by

the organisation, enable stakeholders to make informed
assessments of the organisation’s performance and its
5 short-, medium- and long-term prospects.
 THE KING IV REPORT
Principles of the King IV Report

• The governing body should serve as the focal point

and custodian of corporate governance in the

6 organisation.

• The governing body should comprise the appropriate

balance of knowledge, skills, experience, diversity and
independence for it to discharge its governance role
7 and responsibilities objectively and effectively.
 THE KING IV REPORT
Principles of the King IV Report

• The governing body should ensure that its arrangements

for delegation within its own structures promote
independent judgement, and assist with balance of
8 power and the effective discharge of its duties.

• The governing body should ensure that the evaluation of

its own performance and that of its committees, its chair
and its individual members, support continued
9 improvement in its performance and effectiveness.
 THE KING IV REPORT
Principles of the King IV Report

• The governing body should ensure that the

appointment of, and delegation to, management
contribute to role clarity and the effective exercise of
10 authority and responsibilities.

• The governing body should govern risk in a way that

supports the organisation in setting and achieving its
11 strategic objectives.
 THE KING IV REPORT
Principles of the King IV Report

• The governing body should govern technology and

information in a way that supports the organisation in
12 setting and achieving its strategic objectives.

• The governing body should govern compliance with

applicable laws and adopted, non-binding rules, codes
and standards in a way that support the organisation
13 being ethical and a good corporate citizen.
 THE KING IV REPORT
Principles of the King IV Report

• The governing body should ensure that the organisation

remunerates fairly, responsibly and transparently so as to
promote the achievement of strategic objectives and
14 positive outcomes in the short, medium and long term.

• The governing body should ensure that assurance services

and functions enable an effective control environment, and
that these support the integrity of information for internal
15 decision making and of the organisation’s external report.
 THE KING IV REPORT
Principles of the King IV Report

• In the execution of its governance role, the governing body

should adopt a stakeholder-inclusive approach that balances
the needs, interests and expectations of material

16 stakeholders in the best interest of the organisation over

time.

• The governing body of an institutional investor organisation

should ensure that responsible investment is practiced by
the organisation to promote good governance and the
17 creation of value by companies in which they invest.
 THE KING IV REPORT
Principles of the King IV Report
• The principles in Table 4.1 on page 81 in the textbook serve as a
guideline for an organisation.
• Certain key aspects of the role of the governing body can be
highlighted:
– Ethics – principles 1 and 2
– Responsible corporate citizen – principle 3
– Value creation and performance assessment – principle 4
– Composition and function of governing body – principles 6 – 10
– Different governing roles – principles 11 – 13
– Achieving strategic objectives – principle 14
– Effective control environment – principle 15
– Stakeholder inclusive process – principle 16
– Investments – principle 17
 THE KING IV REPORT
The governing body as per King IV
• The governing body is the party charged with the governance and
performance of an organisation.
• Principle 7:
– Governing body should comprise of an appropriate balance of knowledge,
skills, experience, diversity and independence for it to discharge its
governance role and responsibilities objectively and effectively.
– Should be composed out of an appropriate mix of executive, non-executive
and independent non-executive members.
– The majority of the members should however be non-executive members
with most of them (non-executive members) being independent.
– The minimum requirement is that the chief executive officer (CEO) of the
organisation and at least one other executive must form part of the
composition of the governing body.
– The chairperson of the governing body should be an independent non-
executive member.
 THE KING IV REPORT
Roles and responsibilities of the governing body as
specified in the King IV Report
Figure 4.3 Governing body’s roles and responsibilities (Textbook, page 90)
 THE KING IV REPORT

Governing body committees

• Principle 8:
– Clarifies the delegation arrangements of the role and
responsibilities of the governing body within its own structures.
– The King IV Report recommends the delegation of the governing
body’s responsibilities to committees within its structure – it
does not specify which committees should be established, only
that committees should be appropriate for the organisation.
– Each committee should at minimum have three members.
– The governing body should ensure that each committee in its
entirety has the necessary skills, knowledge, capacity and
experience to ensure that the committee is able to execute its
assigned duties effectively.
 THE KING IV REPORT

Governing body committees

• Principle 8:
– A few specific committees are mentioned in the report:
• Audit Committee
• Committee responsible for nominations of members of the
governing body
• Committee responsible for risk governance
• Committee responsible for remuneration
• Social and ethics committee
 STRATEGY AND CORPORATE
GOVERNANCE

The role of corporate governance during strategy

development
– Shift in the focus of objectives
• From having the primary goal to maximise shareholders’
wealth, to ensuring that an organisation acts as a responsible
corporate citizen.
• Sustainability and stakeholder inclusivity are interwoven into
every aspect of the strategic direction of an organisation.
 STRATEGY AND CORPORATE
GOVERNANCE
The role of corporate governance during strategy
development
– Stakeholder inclusive approach
• The needs of all stakeholders are taken into account when an
organisation sets its objectives.
• The increased focus on corporate governance, in the modern
organisational environment, causes organisations to broaden
their focus to include the needs of both internal and external
stakeholders.
• The strategic direction is aimed at taking the objectives of all
stakeholders into account, while effectively managing the
organisation’s relationships with its stakeholders.
 STRATEGY AND CORPORATE
GOVERNANCE
The role of corporate governance during strategy
development
– Stakeholder inclusive approach
• The governing body is responsible for managing stakeholder
relationships – includes the setting of appropriate strategies and
policies, including an appropriate communication plan.
• As part of the risk management process, management should
ensure that there is effective communication with all
stakeholders during each step of the process - includes
identifying risks and communicating risks to the relevant
stakeholders - this will ensure that stakeholders are actively
involved in the risk management process.
• Three activities are involved in managing stakeholders in
conjunction with an organisation’s risk management process.
 STRATEGY AND CORPORATE
GOVERNANCE
The role of corporate governance during strategy implementation
– The implementation of the business strategy
• Certain governance principles (in the King IV Report) must be
taken into account when the different approaches to achieve an
organisation’s objectives are considered.

The role of corporate governance during strategy control

– Strategic control
• Corporate governance will affect evaluation of the chosen
approach, based on whether the organisation’s objectives have
indeed been met, the chosen plan should still adhere to policies
and procedures set in place to ensure that an organisation
retains its corporate governance responsibility.
 KING IV REPORT AND THE RISK
MANAGEMENT PROCESS

• Principle 8:
– Recommends a committee responsible for risk governance.

• Principle 11:
– The governing body should govern risk in a way that supports the
organisation in setting and achieving its strategic objectives.
– Recommends that the governing body should set the direction for
how risks should be approached and addressed in the
organisation by determining the opportunities and risks that
should be considered when the organisation’s strategy is planned.
 KING IV REPORT AND THE RISK
MANAGEMENT PROCESS

• Risk management process as set out in the King IV Report

– Identify possible risks, determine their impact on the
organisation’s goals and then try and mitigate these risks
according to the risk appetite and the level of toleration of loss
of the organisation.
– The responsibility for determining the risk appetite and the
possible loss of the organisation is part of the governing body’s
responsibilities as set out in the King IV Report.
 SUMMARY

• This chapter deals with risk management and the King IV Report on
Corporate Governance.
• As a result of the ever-changing and challenging organisational
environment, organisations cannot develop a strategy if the
importance of risk management is not considered.
• The King IV Report on Corporate Governance addresses
fundamental principles of good financial, social and environmental
practices.
• The chapter concludes with explaining the role between strategy
and good corporate governance based on the King IV Report.