In today's highly volatile business environment, business is becoming increasingly risky. The result: Stakeholders and corporate regulators are piling on pressure and requirements for enterprise risk management (ERM) and internal control.
In Singapore, changes to the SGX Listing Rules (1207 (10)) and Principle 11 of the Code of Corporate Governance 2012 now make boards responsible for risk governance.
Among the many guidelines, the board has to comment on the adequacy and effectiveness of the company's risk management and internal control systems at least once a year.
Against the backdrop of this regulatory regime, many listed companies in Singapore have established frameworks for the periodic reporting with escalation of enterprise risks within their organisations.
Since 2012, when the guidelines were first introduced, corporations have slowly but surely changed their attitude towards risk management. While it was another compliance requirement, a 2013 survey by the Singapore Institute of Directors identified enterprise risk management as the highest priority item on the agenda of most boards.
Board members and C-level executives alike recognise that in today's business environment, with its accelerating speed of change, organisations that fail to anticipate and respond to internal and external risks could find themselves becoming irrelevant and end up losing their competititve edge.
In boardroom discussions, more are discussing how ERM processes can be better integrated with strategic planning in order to deliver more value for corporate decision making.
Below are 5 steps that companies could take to extend their enterprise risk assessment exercise into the realm of strategic planning: