risk management march 2011
DESCRIPTION
Australia's leading publication for risk management professionalsTRANSCRIPT
MOVING THE BUSINESS CASEFROM RISK MITIGATION TO VALUE CREATION
GREENRISK MANAGEMENT
www.riskmagazine.com.au
March 2011 Issue 83 PP255003/06868
SHAREHOLDERS RALLYThe new wave of class actions set to bite corporations
PLUGGED INTO THE MATRIXThe critical role of responsible managers
RETURN ON RISK INVESTMENTGet greater value from your spend
NAVIGATING THE ESG MINEFIELDAre you asking the right questions?
R M _ 8 3 . p g 0 0 1 . p d f P a g e 1 3 / 3 / 1 1 , 6 : 0 7 P M
R M _ 8 3 . p g 0 0 2 . p d f P a g e 2 2 / 3 / 1 1 , 1 1 : 5 8 A M
RISK March 2011 3
IN THIS ISSUE
10
16
18
ESG
ESTABLISHINGRETURN ON RISK INVESTMENT
SHAREHOLDERSSTARS ALIGN
REGULARS
From the editor 5News review 6News report 10Risk people 25
FEATURES AND REPORTS
ESG: 10Navigating the ESG risk minefieldCompanies could do a better job of providinginformation about environmental, social and governance(ESG) risks to investors, according to an expert in the area
Financial services: 12Would you stay plugged into the matrix?Responsible managers must be plugged into the risk andcompliance framework of their company for both their ownsake and the organisation's, writes Dr Ulysses Chioatto
The business case: 16Establishing return on risk investmentEffective risk management isn't about spending more,but rather about getting greater value from what is spent
Shareholder stars align: 18The class action attractionA number of factors have aligned to further encourageshareholder class actions, writes Angela Priestley, andcorporations should be concerned
COVER STORY
Corporate social responsibility: 20Green risk managementCorporate social responsibility, environmental issuesand risk management are increasingly intertwined.Craig Donaldson explores this trend and speaks with anumber of experts about the greening of risk management
NEXT MONTH Fraud has been on the rise following the GFC, and mostAustralian companies are playing catch-up. A recentstudy, for example, found that the average reported costof fraud doubled from $1.5 million in 2008 to $3 millionper organisation in 2010. Furthermore, only one third offrauds are actually being picked up. This feature willlook at the thorny issue of fraud, examine the commonschallenges for Australian companies, detail the role ofrisk management professionals in the process andexplore cutting edge tools, techniques and processesfor fraud detection.
R M _ 8 3 . p g 0 0 3 . p d f P a g e 3 3 / 3 / 1 1 , 6 : 4 8 P M
R M _ 8 3 . p g 0 0 4 . p d f P a g e 4 2 / 3 / 1 1 , 1 1 : 5 3 A M
RISK March 2011 5
FROM THE EDITOR
CAB MEMBER SINCE DECEMBER 2005
QUOTE OF THE MONTH
"After any significantnegative profitannouncement by alisted entity there isalmost an expecta-tion now that it willbe followed by apress release from aplaintiff law firm or alitigation funder,"Roger Forbes, partner, Mallesons (p18)
What’s your take on this quote? To have your say write to the [email protected] comments will be published in the April issue of Risk
ABOUTUSEditor: Sarah O’CarrollJournalist: Benjamin Nice Contributor: Craig DonaldsonDesigner: Ken McLarenPublisher: Fiona Marcar Design and Production Manager: Anthony Vandenberg Production Manager: Kirsten Wissel
Subscribe todayRisk Magazineis published monthly and is available by subscription. Please email:[email protected] All subscription payments should be sent to: Locked Bag 2333, Chatswood D/C, Chatswood, NSW 2067
Advertising enquiries: Marika Biro - (08) 8371 5800 [email protected]
Editorial enquiries: All mail for the editorial department should be sent to:Risk Magazine, Level 1 Tower 2, 475 Victoria AveChatswood, NSW 2067
Copyright is reserved throughout. No part of this publication may bereproduced without the express written permission of the publisher.Contributions are invited, but copies of all work should be kept as RiskMagazine can accept no responsibility for loss. Risk Magazine andLexisNexis are divisions of Reed International Books Australia Pty Limited,ACN 001 002 357 Level 1 Tower 2, 475 Victoria Ave, Chatswood, NSW 2067tel (02) 9422 2203 fax (02) 9422 2946 ISSN 1833-5209 Important PrivacyNotice You have both a right of access to the personal information we holdabout you and to ask us to correct if it is inaccurate or out of date. Pleasedirect any queries to: The Privacy Officer, LexisNexis Australia or email [email protected]. © 2009 Reed International Books Australia PtyLtd (ABN 70 001 002 357) trading as LexisNexis. LexisNexis and theKnowledge Burst logo are registered trademarks of Reed ElsevierProperties Inc., and used under license.
EDITOR’S NOTE
A daily scan of the financial press would leaveplenty of directors and risk managers alike on edge.
That’s because Australia, it seems, is beinginundated with class actions.
The evidence is in the headlines: if it’s notmounting talk of “closed” class actions such asthose surrounding Centro, engineering firmDowner EDI, Opes Prime or Storm Financial, it’sthe headlines regarding emerging matters suchas Babcock & Brown Power, Sigma Pharma-ceuticals and Nurfarm Limited.
And while there’s evidence to suggest thatAustralia has not actually experienced a rise inclass action numbers in recent years – such asthat provided by academic Vincent Morabito,who found that around 14 class actions havebeen filed with the Federal Court on a yearlybasis since the early 1990s – there’s still causefor concern from directors and risk managersabout just why class actions are garnering somuch attention these days.
They should also be concerned about thefuture, because a number of factors are aligning
for a spate of shareholder specific class actionsin Australia.
It’s the perform storm: litigation funders haveconsolidated their place in the market, tech-nology is easing the burden of organising andmanaging a class action, the regulators areramping up their level of scrutiny and marketvolatility is still present following the GFC.
Meanwhile, the media loves a good class ac-tion story. A negative profit announcement bya corporation is enough to spark a stream ofpress releases from plaintiff firms or litigationfunders calling for action and, consequently,generate headlines in the press.
Even if such publicity never materialises into anactual class action, the negative talk is enough tospark prosecution in the public court of law and hin-der reputation and the bottom line in the process.
Class actions are coming. They’ll predomi-nantly be shareholder specific as well as big,nasty and very very public.
It’s all enough to leave directors and riskmanagers awake at night. After all, you neverknow what the morning’s headlines may bring.
Class action fever to hit
Sarah O’carrollEditor
R M _ 8 3 . p g 0 0 5 . p d f P a g e 5 3 / 3 / 1 1 , 3 : 5 7 P M
6 RISK March 2011
NEWS REVIEW
The ATO’s recently released Taxation Ruling TR 2011/1, set-ting out its finalised transfer pricing view on business re-structuring by multinational enterprises, provides a roadmapto manage risk, according to Deloitte.
Business restructuring has been an area where many taxmanagers have struggled to provide a high level of assur-ance to their CFOs and boards around certainty of tax treat-ment or an assessment of risk more broadly, said Fiona Craig,Deloitte transfer pricing partner.
“There is always a positive for taxpayers when guidanceis provided in a difficult area. Certainty is a good thing,”said Craig.
“This guidance is welcomed and allows businesses to
continue to implement commercial strategies, such as re-organisations in their global market, with knowledge ofthe framework within which the ATO will review thearrangement.”
Years of public consultation preceded the publishing ofthe TR 2011/1, and Craig hoped that several restructuringcases involving large Australian corporations will progressfollowing the ATO’s ruling on the issue.
Marc Simpson, Deloitte transfer pricing account director,said that while the release of the Ruling is welcomed, the ATOposition on business restructures has similar contentious el-ements to other recent pronouncements on transfer pricing.
For the full story see www.riskmagazine.com.au
ATO ruling provides a roadmap to manage risk
Internal auditors must boost the rigour of their audits ofanti-money laundering compliance to successfully protecttheir organisations’reputations and progress the fight againstfinancial crime, according to the Institute of Internal Audi-tors, Australia (IIA).
“Internal auditors should be capable of performing acomprehensive, independent annual review of whethertheir company has a sound framework for managing itsmoney laundering and terrorist financing (AML/TF) risks,”said Joe Garbutt, IIA’s director policy.
“There’s definitely room for us to lift our game. It may betempting for some internal auditors to limit their reviewsto broad, high-level issues – like whether the companyhas an appropriate AML/TF policy.
“But a cursory desktop review is not enough. A trulyeffective review requires auditors to dig deeper – to rollup their sleeves, question the information they’re given andphysically investigate the nuts and bolts of systems and con-trols that manage AML/TF risk.”
Garbutt said that the AML legislation’s “know your cus-
tomer” rules, which require banks to perform a series ofchecks on a customer’s identity when opening a bank ac-count, were a good example of an area where there was nosubstitute for probing.
“Auditors should always look behind the stats. A com-pany may be reporting 99 per cent account opening accu-racy – but ask if those numbers sound too good to be true.A prudent auditor would comb through a sample of thoseaccounts and verify that all the requirements have in fact beensatisfied and indeed are evidenced by appropriate records.”
While technology was an excellent aid for AML com-pliance, particularly for monitoring and identifying un-
usual account activity, Garbutt said it was important forinternal auditors to check there were adequate systems andresources to investigate all irregularities. Otherwise, com-panies ran the risk of not meeting their obligations to re-port suspicious transactions to AUSTRAC, he warned.
“The bottom line is that internal auditors need to workhard to improve their knowledge of the complex AML/TFlaws and associated risk management measures in order tohave the confidence and skill to provide reliable assur-ance that the company’s regulatory and reputational ex-posures have been minimised.
“Money laundering may cost the Australian economyover $4 billion annually. Given the scale of the threat, it islikely that most major financial institutions will be used tolaunder the proceeds of crime.”
As dirty money comes from real crimes that impact com-munities, he said AML/TF laws should be seen as more thanjust a compliance exercise. “The laws help protect a com-pany’s reputation and enable them contribute to the fightagainst crime through a strong AML/TF program,”he said.
Many organisations could improve theirpractical implementation of Risk Manage-ment Standard AS/NZS ISO 31000:2009, ac-cording to an expert in the area.
There are three hallmarks of benchmarkrisk control processes and systems withinany organisation, said Rod Farrar, directorof Paladin Risk Management Services.
The most important hallmark of risk con-trol processes is that that they are actuallyimplemented and then continually moni-tored and reviewed for effectiveness.
“For this to occur each control needs tobe assigned an owner, it needs to be re-sourced,”said Farrar.
“It needs to have measurable and achiev-
able performance measures and that per-formance needs to be continually moni-tored. It has been my experience that theimplementation of controls is an area wheremany organisations could greatly improve.”
Another important element is that riskcontrols need to align with not only the strat-egy of the organisation, but also its ethicsand values, he said.
“Any risk control that diverts an organi-sation away from its ‘core business’or its corevalues may create greater downstream riskand potentially, result in more significantconsequences,”he said.
Farrar also said any control must offervalue for money to the organisation, in whicha cost-benefit analysis needs to be con-ducted to ascertain whether the cost of pre-
vention is greater than the cost of the cureshould the risk eventuate.
With greater emphasis on issues suchas technology, globalisation and uncer-tainty around issues such as climatechange, risk managers must continue toscan the environment to ensure that thecontrols that are being developed fortheir organisation will mitigate not onlycurrent risks but emerging risks as well,he added.
“It should be remembered, however, thatthe risk manager in many organisations maynot be the owner of particular risks and,therefore, their role will be to continuallyprovide advice to assist risk owners to de-termine the most effective control or mix ofcontrols to mitigate the risks for which theyare responsible,”said Farrar.
“It has been my experience that theimplementation of controls is an area wheremany organisations could greatly improve”
Rod Farrar, director, Paladin Risk Management Services
AML internal auditors urged to lift their game
Improvement in risk controls needed
R M _ 8 3 . p g 0 0 6 . p d f P a g e 6 3 / 3 / 1 1 , 6 : 2 6 P M
NEWS REVIEW
RISK March 2011 7
Financial services companies that excel in executing proj-ects, especially those that involve regulatory compliance,can gain a competitive edge by embracing opportunitiesunavailable to peers with a constrained appetite for risk, arecent study suggests.
In today’s environment, where markets are volatile,demand weak and regulatory scrutiny intense, no organi-sation has much room for error on new initiatives – andthose with mature project management practices areable to spot failure before it becomes too costly, and lever-age it to improve future performance.
The study, conducted by the Economist Intelligence Unitand sponsored by Oracle, found that financial services com-panies that identify failure early in the project developmentprocess and respond to problems as they arise can investin higher-risk initiatives without threatening their bottomlines or their reputations.
This proactive approach, which requires both a rig-orous project management practice and intrepid exec-utives willing to make difficult decisions, is unusual inthe industry.
Where it exists, it allows companies to mitigate projectrisks and use resources more effectively to propel growth,but in its absence, companies become more risk-averse, fo-
cusing on low-risk projects that merely protect assets andmeet regulatory requirements.
The study, Mitigating project portfolio risks in the fi-nancial services industry, also found that dismantling theculture of blame allows companies to accept failure and usetheir resources more effectively.
By encouraging team members to communicate con-cerns, publicly acknowledging those who identify prob-lems and showing over time that teams will not be pun-ished for failure, companies help their project teams focuson finding solutions and learn from mistakes.
Furthermore, managing must-do regulatory projects re-quires a balance between flexibility and adherence to process.
Because these initiatives cannot fail, some organisationspour an endless stream of resources into them when theyfounder. Mature project management organisations arebetter able to refocus scope and add or adjust resourcesas needed to keep their projects on track.
The study also found that executives must be held ac-countable for project failures. When the final responsibilityrests with them and their success is tied to the success oftheir projects, executives will deal with problems as theyarise in order to deliver the expected ROI.
Additionally, process is not sufficient in identifying signsof failure and finding solutions, so effective communica-tion is key.
In mature organisations, cross-departmental conversa-tions occur among stakeholders to identify concerns at everymilestone; this helps ensure that risks of failure are identi-fied and dealt with early in the process.
Many companies also fail to reassess risks through-out the project life cycle. Assessing risks in the plan-ning stage is a crucial factor of success, but ongoingprogress reporting, milestone review and risk assessmentare also essential.
Project risks open doors to new opportunities
R M _ 8 3 . p g 0 0 7 . p d f P a g e 7 3 / 3 / 1 1 , 5 : 1 4 P M
NEWS REVIEW
There is still a serious disconnect between risk managementand compliance in many organisations, according to the In-formation Systems Audit and Control Association (ISACA).
Many companies still don’t realise the two are linked,said Robert Stroud, ISACA’s international vice president.
“Risk management for instance offers us a huge op-portunity to both mitigate risk, which IT is typically verygood at, and also accept risk for business growth,”said Stroud.
“Now the reality is that if you make those decisions inisolation of your compliance requirements, you can end upmaking a decision to accept risk that’s inappropriate, or al-ternatively you could insert too many mitigating controlsthat stifle the business.”
Stroud said a balance is necessary and this will be par-ticularly important in 2011.
While most organisations have a relatively good un-derstanding of how to remove manual compliance controlsand automate the compliance process, he said enterpriserisk management is still a new art form outside of some in-dustries such as banking and finance and more organisa-tions need to understand how to leverage and progress en-terprise risk management.
“One of the things that I often see now is that organi-sations will go and put a series of risk management controlsin place, they’ll go and measure risk and they’ll understandit and then they’ll just go while … trying to put mitigating
controls in place,”he said.“You really need to be able to balance risk in every as-
pect of your business and you need to arm your staff witha capability for risk awareness and risk acceptance whereappropriate and also of course documenting it.”
Stroud, who spoke during a recent Information Securi-ty Media Group podcast, said businesses need to be ableto accept risk and use it for business advantage, and thenunderstand when a risk is unacceptable to the business andmitigate that control.
“So we need to move away from the perspective of avoid-ing risk at all cost to where risk can be a business value en-abler,”he said.
Bridging the risk management/compliance divide
Effective risk management practices only motivate peo-ple to have a proactive health, safety and environment(HSE) mindset when the results of the process providesimple, tangible results that make sense to the people in-volved in the process, according to Allan Wildbore, gen-eral manager of occupational health and safety for theSpotless Group.
“Simple, tangible results that make sense generallycome by involving a mix of the people involved in theactivity, management and specialist help,”he said.
There are a number of elements that will assist clari-ty of process, Wildbore said: describe the activity to be as-sessed and create boundaries within which the assess-ment will be conducted; identify the hazards presentbecause of the identified activity; identify and assess therisks presented by the hazards; and identify and agree
what the most effective mitigations are and how the ac-tivity can be done safely.
He also said to: carry out the identified mitigations, in-troducing the “safe” way of doing the activity and re-en-force the new or agreed safe way.
“By engaging the group you gain their buy in because
they have been part of creating the result. They have beenincluded and feel listened to,”he said.
Speaking ahead of the upcoming Safety in Action Con-ference in Melbourne, Wildbore said there are a numberof steps OHS professionals can take to achieve this.
He recommended keeping the process appropriate tothe working group and as simple as it can be, being clearabout the process and what is involved and that the group(and not the OHS professional) owns the delivery and out-comes, and gaining the endorsement and involvement ofa more senior manager than those directly involved in therisk assessment activity.
“Overly complicated risk assessment processes”is oneof the usual challenges in the process, and as such Wild-bore recommended simplifying the language.For full story see www.riskmagazine.com.au
There is an increased amount of anti-dis-crimination litigation around mentalhealth issues in the workplace, often be-cause line managers do not connectpromptly and early enough with HR, OHSand return-to-work coordinators in iden-tifying mental health issues in employees.
Joydeep Hor, managing principal ofemployment law firm People & CultureStrategies, said employers often leavethemselves exposed because they fail torecognise particular traits or behavioursthat are symptomatic of mental healthconditions, which subsequently resultsin a "level of inaction and certainly a lackof pro-activity in terms of dealing withthe matter".
A lot of employers also feel a senseof apprehension in asking questionsabout mental illness and "on that basisprobably proceed to manage the em-ployee in accordance with other prac-tices", he said.
"This also increases the exposure froma health and safety point of view to thatemployee and potentially others, andalso opens up a range of other conse-quences for themselves."
As a result of an increased level ofopenness and transparency around men-tal illness generally, Hor said more peo-ple are identifying conditions, impair-ments or disabilities which attract theprotection of anti-discrimination legis-lation, and in particular, the general pro-tections under the Fair Work Act.
As such, employers need to possessthe necessary commitment at the seniorleadership levels to understand that men-tal health issues in the workplace are notjust about an employer "being touchyfeely and warm and fuzzy, but it's aboutan employer managing its occupationalhealth and safety exposures", Hor said.
"There are various serious conse-quences for individual directors andthose involved in management or cor-porations who fail to take necessary stepsto address mental wellness, if you like, in
workplaces, in exactly the same way asthere are for physical occupational healthand safety breaches or identified risks,"he said.
Companies need to demonstratetheir commitment to these issues, saidHor, who added that they must also havethe necessary infrastructure in place forpeople to raise mental health matters aswell as an awareness among managersand leaders to understand the full scopeof what can and can't be done when itcomes to understanding medical infor-mation and backgrounds.
"You need to ensure that any stepstaken by way of discipline or terminationof employment fully comply with yourlegal obligations, and that you'vethought laterally about what the conse-quences of some of those decisionsmight be," he said.
8 RISK March 2011
More action needed on mental illness in the workplace
Using risk to power proactive HSE practices
R M _ 8 3 . p g 0 0 8 . p d f P a g e 8 3 / 3 / 1 1 , 6 : 2 8 P M
RISK March 2011 9
NEWS REVIEW
Women who feel they are undervalued atwork or encounter a poor working envi-ronment should “get out, and start their ownbusinesses”, according to Telstra Businessgroup managing director, Deena Shiff.
Speaking at an Executive Women Aus-tralia (EWA) presentation this week, Shiffgave a three point plan to women who feltdisgruntled in the corporate world. The firstwas to defend the rights of other women inthe workplace and the second was forwomen to value their own worth.
“Defend the rights of other women, firstand foremost, and then figure out your ownrights by doing that, work out your ownchoices, and speak up if your value is notbeing recognised at work,”she said.
Shiff’s third piece of advice to womenwho feel disgruntled at work was to seri-ously consider a start-up business of theirown. She showed this to be an attractive andviable option by highlighting the high num-ber of start-up businesses by women in WAcompared to other states. Because corpo-rate WA has the highest pay disparity be-
tween men and women this has a direct cor-relation with the amount of women who are“getting out there and doing it for them-selves”, she said.
The presentation, which focused on thetopic Will Gender Balance Boost the Bottom-Line, followed the EWA survey of 1,500 mem-bers, which revealed a gloomy outlook forwomen in senior executive roles. Forty-fourper cent of participants expect it to takemore than ten years for businesses to re-
verse the trend of decreasing numbers ofwomen in boardrooms.
The survey also found that over a quar-ter of the female respondents were not con-fident that they could progress into a sen-ior executive role, despite over 50 per centaspiring to make it to the top.
EWA executive director, Tara Cheesman
expressed her frustration that so many womenfelt disheartened by gender inequality at work,and explained the need for women and or-ganisations to make serious changes to theway that they approach the issue.
“What we are seeing is a large numberof ambitious, very capable women, with thetalent and the desire to contribute as sen-ior executives feeling like they are being re-strained and belittled by gender barriers,”she said. “Women won’t be satisfied to con-
tinue to sit on the corporate sidelines andsee the ‘boys club’remain the status quo.”
EWA members stated that the mostpopular means of achieving board equali-ty was to ensure ‘board commitment to de-livering diversity’. Meanwhile Kevin Lewis,chief compliance officer for ASX, told theaudience that they should “embrace op-
portunities, proactively career-plan, andcarefully choose boards”.
Lisa Hudson, chief executive and pub-lisher of Fairfax Magazines, told women thatthey should be confident and ambitious,and also enlist the help of men.
“Enlist the help of men, because at themoment men dominate. Without their helpwe can’t initiate change. Try to play men attheir own game. Men are very good self pro-moters, and women need to be just as con-fident,”she said.
Getting down to the question of “will gen-der balance boost the bottom-line?”, Hudsonexplained that although it is tough for fe-males, the workplace is becoming more flex-ible with gradual change coming into effect.
“Managers are starting to understandthat they alienate women at their peril,”shesaid. “Women, despite juggling all kinds ofdemands in a complex world, bring focus,organisation and a unique set of skills totheir roles, and that has been proven in nu-merous studies to bring big dollars to thebottom line.”
Get out and start your own business, women urged
“Embrace opportunities, proactively career-plan, and carefully choose boards”
– Kevin Lewis, chief compliance officer for ASX
R M _ 8 3 . p g 0 0 9 . p d f P a g e 9 3 / 3 / 1 1 , 5 : 1 5 P M
NEWS REPORT
10 RISK March 2011
Companies could do a better job of providinginformation about environmental, social andgovernance (ESG) risks to investors, accord-
ing to an expert in the area.While plenty of companies employ in-house sus-
tainability managers to report on ESG factors, JoshDowse, principal of Dowse CSP, said ESG risk dis-closure will only be as meaningful as the questionsthat are being asked of companies.
Such questions need to be asked in a direct and con-structive way – “what happened at this incident? Withwhat consequences for your employees/contracts/gov-ernment relations? How are you working on this issue?With whom? What progress have you made – not indollars spent, but in outcomes gained?” he said.
“ESG risk management is more about stakeholderengagement – learning what the issues are and deal-ing with them to both the company’s and others’ sat-isfaction – than it is about isolated metrics. Thecompanies want to eliminate risks as much as theinvestors want them to.”
Dowse, who has 20 years’ ESG-related work withcompanies including McKinsey & Company andMacquarie Group, said the most common ESG risks
depend on the business, its locale of operations andits customers.
“The mainstream ESG data providers offer you1200 plus factors to take into account,yet only a hand-ful would be likely to indicate significant risks,and thathandful will be different for each company,” he said.
“Will the investor know which ones? It is morelikely to be the patterns that matter – the responsesto the inevitable policy breaches, how stakeholdersare engaged on awkward ESG issues, whether met-rics are relative and meaningful or would be over-whelmed by non-ESG operating factors.”
On specific factors, he said it’s hard to ignore any-thing that affects employee engagement, with reten-tion numbers a decent starting metric to explore.
Dowse also said social media and brands are adynamic mix, and “anytime you need a very localised‘social license to operate’, it’s worth looking at howthat license is being secured.“I’ve seen an IT companygo into community asset management without fullyrecognising the risks and getting into more troublethan its investors expected.”
Energy, water and waste risks will continue to bemore complex as Dowse said food, tourism, lifestyle,
mining and the environment compete more andmore intensely for land.
“And climate change surely is beyond debate. Lis-ten to insurance companies rather than geologists,and think variation from the mean, not just the meantrend,” he said.
Dowse also noted that investors are getting morefamiliar with quantifying environmental exposures,looking at the tangible implications and costs thatmight flow from a breach, or a rise in energy orwater costs, and producing large reports detailingtheir calculations.
“Yet for most Australian-listed companies, morethan half their market value is attributable to theirintangibles – their people, brand, relationships andcapacity to innovate. They’re what deliver futureincome, and what might be most at risk from ESGfactors,” he said.
“Due diligence could look at how they’re beingprotected, and also whether major client relation-ships, revenue sources, capital assets, employee reten-tion and the like may be affected by ESG factors.”
Navigating environmental, social and governance risk
“Listen to insurance companies rather than geologists, and think variation from the
mean, not just the mean trend”Josh Dowse, principal, Dowse CSP
ESG RED FLAGS
Josh Dowse, principal of Dowse CSP, said the followingissues are an indication of the type of systemic weak-nesses that environmental, social and governance(ESG) due diligence may raise as red flags:• Lack of data• Absolute numbers without reference to a ratio that
offers a meaningful measure of relative year-on-yearperformance
• Trends without analysis• Policies and management systems proudly declared,
but with no reported incidents, and no operationalchanges when something is reported
• A lack of awareness or strategic planning on socialand environmental issues that clearly affect the com-pany’s supply chain
• ESG awareness held only at low levels of the organ-isation, or limited solely to the brand or corporateaffairs departments
• A lack of external engagement on any issue beyonddirect contracts and marketing
R M _ 8 3 . p g 0 1 0 . p d f P a g e 1 0 3 / 3 / 1 1 , 2 : 5 1 P M
R M _ 8 3 . p g 0 1 1 . p d f P a g e 1 1 2 / 3 / 1 1 , 1 2 : 3 5 P M
12 RISK March 2011
OPINION
Risk managers, in-house legal counsel, andcompliance managers in the financial serv-ices sector must keep the “chosen one”
(really two, at least) plugged into their firm’s riskand compliance matrix or framework. In otherwords the Responsible Managers nominated on anAustralian Financial Services License (AFSL) mustbe integrated into the financial services businessfor the sake of both the AFSL holder and theResponsible Manager. Like Neo in The Matrixmovies – Responsible Managers are the key to thefuture of concerned.
If Responsible Managers are plugged in theyoften try and disengage. That is because they’rebusiness minded and many think that the risk and
compliance “matrix” is either evil, not real or both– and being plugged in is to be strenuously avoidedas it’s full of robots interfering in your business andscaring you witless.
Since 2005 many risk and compliance managershave told me that awareness and understandingare the two ways of effectively plugging in yourResponsible Managers. Awareness of the obliga-tions involved and understanding how the risk andcompliance framework works.
Awareness by Responsible Managers, whetherthey are company directors or senior managers, oflegal and regulatory requirements is criticallyimportant and often overlooked in the overallmake-up of a framework. If Responsible Managers
R M _ 8 3 . p g 0 1 2 . p d f P a g e 1 2 3 / 3 / 1 1 , 3 : 2 9 P M
RISK March 2011 13
OPINION
don’t understand their legal and regulatory obligations,they won’t be able to recognise compliance risks andwon’t be able to supervise their staff adequately. Thisshould be put to Responsible Managers as the risk of“poor customer service”, losses or brand damage.
Furthermore Responsible Managers need to under-stand their business’s risk and compliance framework.Thiscan be put to them as “insurance”, in that having a properlystaffed and supervised risk and compliance function look-ing after compliance risks is key to their responsibilities –whether they’re a director or other officer.They must showthat they have exercised all due diligence to save them-selves from any civil or criminal action.However due to thelarge number of responsible managers it is not easy.Thereare over 15,000 across an industry which is the fourthlargest sector of the Australian economy and made up of:• corporate finance and wholesale banking
(the ‘deal makers’)• financial markets (the ‘traders’)• managed funds and superannuation
(the ‘asset managers’)• retail banking and private wealth management
(the financial advisors).It’s a diverse sector in the size and complexity of its
institutions, all with global reach, which means thereare competing and contrasting legal requirements onAustralian businesses which have head offices in thenorthern hemisphere or Asia. This leads to variedapproaches in building and maintaining risk and com-pliance frameworks, which keeps the regulator (ASIC)busy checking and enforcing standards and (secretly)confuses many Responsible Managers.
Responsible Managers must also understand riskmanagement. There are three common misconcep-tions about risk management in the sector. It’s often
mistaken for risk measurement. This is a problem; thecapacity to properly measure risk is necessary butinsufficient to ensure proper risk management.Another common misconception is that risk manage-ment is about risk reduction. In fact, it’s at least as muchabout return enhancement as it is about risk reduc-tion. The third misconception is that it’s often equatedwith risk diversification; mistaking it for risk diversi-fication is lethal (consider 2008, when sharp down-turns in almost all asset classes painfully highlightedthe limits of diversification as a technique).
For risk managers the choice is not about “takingthe blue pill and the story ends or the red pill and youstay in Wonderland”, but overcoming the reluctanceto be plugged into the risk and compliance matrixthrough culture. It leads to greater awareness andunderstanding of the risk and compliance frameworkboth for the Responsible Manager and the organisa-tion as a whole. It is clear and practical – corporationsshould have policies, which are monitored andenforced or be criminally liable for any breach by theiremployees. The Criminal Code applies to the Corpo-rations Act (not Chapter 7, financial services), wherethe Act has a wider scope for attributed criminal liabilityfor financial services.
In my opinion Responsible Managers should look atthe case of ASIC v Chemeq Ltd where Justice Frenchsaid that a corporate culture of compliance is not a riskaverse mentality but a kind of inbuilt mental check list,as a background to decision-making and requires training of Responsible Managers, including company direc-tors, especially refresher training, of their obligationson a regular basis.Dr Ulysses Chioatto is a lawyer and organisational consultant and
the facilitator of the Responsible Officers and Managers Forum
Awareness byResponsible Managers,
whether they arecompany directors orsenior managers, oflegal and regulatory
requirements iscritically important andoften overlooked in the
overall make-up of a framework
R M _ 8 3 . p g 0 1 3 . p d f P a g e 1 3 3 / 3 / 1 1 , 5 : 2 0 P M
14 RISK March 2011
An institution’s riskprofile can be defined by the sum total ofbusiness decisions taken every day byemployees throughoutthe organisation
In the wake of the global financial crisis,boards of direc-tors of financial services organisations globally are tak-ing a more active role in providing oversight of risk
management, including establishing the risk managementpolicy and framework and approving their institution’s riskappetite.
A recent research report found that roughly 90 per centof financial institutions had a defined risk governancemodel and approach, and 78 per cent reported that theirboard of directors had approved their risk managementpolicy or enterprise risk management (ERM) framework.
Furthermore,86 per cent of financial institutions had achief risk officer (CRO) or equivalent position – whichreports to the board level or to the CEO, or both, at 85 percent of firms.
The research report, which was conducted by Deloitte,also found that more institutions have adopted ERM pro-grams, as 79 per cent reported having an ERM programor equivalent in place or in progress,while roughly a quar-ter of firms reported that the greatest challenges in imple-menting an effective ERM program were integrating dataacross the organisation and cultural issues.
The report also found that at many institutions, riskmanagement programs are likely to include a growing spec-
trum of risk types, such as model risk, and to use moresophisticated techniques, such as stress tests.
“Risk technology and information systems may needto be upgraded to easily integrate risk data on a consistentbasis across different products, geographies, and counter-parties,” said the report, which surveyed chief risk officersfrom 131 financial institutions from around the world,withaggregate assets of more than US$17 trillion ($16.98 tril-lion)
“In the final analysis, an institution’s risk profile can bedefined by the sum total of business decisions taken everyday by employees throughout the organisation. The link-ages between business operations and effective risk man-agement should continue to be assessed and nurtured.”
In addition to a focus on risk management method-ologies and reporting, senior management may need tofurther develop a risk-aware culture throughout the organ-isation.
“One important consideration in this effort is the closeralignment of performance management and incentive com-pensation with risk considerations and accountability,”saidthe report,which found that more than a third of financialinstitutions had completely or substantially incorporatedrisk management considerations into their overall per-formance goals and compensation decisions.
“While we saw an uptick in risk-based compensationpractices, it was mostly at the senior management level,”said Edward Hida, global leader – risk & capital manage-ment for the Deloitte and editor of the report, Navigatingin a changed world.
NEWS REPORT
R M _ 8 3 . p g 0 1 4 . p d f P a g e 1 4 3 / 3 / 1 1 , 2 : 4 4 P M
RISK March 2011 15
“It is even more important that financial institutions takerisk management into account in performance evaluations andincentive compensation across the organisation. Because of allof the attention the issue has received around the globe – thereis considerable work to be done here.”
The report found that among senior management, 64 percent of institutions sought to balance their emphasis on short-term versus long-term incentives,57 per cent paid their incen-
tive in company stock, and about half (52 per cent) deferred payoutslinked to future performance.
However, less than a third of institutions (31 per cent) matched thetiming of payouts to senior executives to the term of the risks involved,and 26 per cent had instituted “clawback”provisions.Additionally, fourout of five institutions (82 per cent) reported that they required that aportion of the annual incentive be tied to overall corporate results.
The report also found that, globally, institutions were far along inBasel II implementation,
with 70 per cent or more having fully or mostly completed imple-mentation in the areas of external agency ratings (for the standardisedapproach), calculation and reporting, internal audit review, and gov-ernance and controls.
Roughly one-third of executives expected that the Basel II rule revi-sions announced in July 2009 would have significant impacts on theirstrategy in such areas as entering new geographical markets, chang-ing their business model, or conducting mergers and acquisitions.
“During the last few years,risk management assumptions and meth-ods have been challenged as never before,and will be facing even morerigorous requirements in the future,” said Hida, who noted that regu-lators have numerous risk-focused efforts on the horizon includingBasel III and other systemic risk initiatives.
“As a result, many institutions have – and are – strengtheningtheir risk management governance models, and there is likely to bea continued focus on enhancing risk management data and ana-lytics capabilities. This is a very busy time for risk managers atfinancial institutions.”
STEPS TO BETTER RISK GOVERNANCE
Deloitte’s recent report, Navigating in a changed world, revealed that financialservices institutions globally had taken a number of steps in response to concernsregarding risk governance:
63% Improved board risk reporting information62% Increased management risk committee
reporting information55% Enhanced risk limits48% Updated risk appetite statement48% Reviewed management risk committee structure41% Developed risk dashboard report39% Held more frequent management risk
committee meetings38% Updated management risk committee charters35% Expanded CRO responsibilities33% Established CRO position30% Reviewed board risk committee structure
R M _ 8 3 . p g 0 1 5 . p d f P a g e 1 5 3 / 3 / 1 1 , 2 : 4 5 P M
16 RISK March 2011
Establishing return on risk
investment
For years, companies have invested heavily ingovernance,risk management and compliance(GRC), increasing the size, magnitude and
reach of their GRC functions and activities. But inthe aftermath of the most severe economic crisis in ageneration, they are acutely conscious of the need todemonstrate sound risk management,according to arecent report.
Companies believe that their reputations,customerloyalty and even their credit rating and access to cap-ital depend on it,and some reports suggest that finan-cial institutions alone will spend up to US$100 billion($99 billion) globally on mitigating risk in 2010-2011.
The report,The multi-billion dollar black hole, con-ducted by Ernst & Young, said as the trend towardsmassive expenditure in GRC continues, many com-panies fail to grasp that their GRC investment,unlessproperly focused,“is potentially being poured into ablack hole and will not deliver the value investors andother key stakeholders demand”.
It found that of most concern are the views heldby external stakeholders– regulators, investors, ana-lysts, academics and journalists – who have becomea critical interest group in the post-crisis environ-ment. “External stakeholders are more dissatisfiedwith the quality of GRC than companies’ own oper-ational management and business leaders,” said thereport, which indicated a compelling need for allcountries, irrespective of maturity, to enhance theirGRC capabilities.
Those that attempt to bridge gaps with increasedexpenditure on governance,risk and compliance oftenend up with uncoordinated GRC initiatives that arebolted together, and the report found that much ofthis spending is a knee-jerk reaction rather than aconsidered one – leading to a haphazard approach,disconnected from the wider business strategy,as wellas duplication, overlaps and gaps in risk coverage.
In 2009, for example,an Ernst & Young-sponsoredresearch survey by the Economic Intelligence Unitfound that 73 per cent of respondents had seven ormore risk functions and 67 per cent had overlappingcoverage in two or more risk functions, while 50 percent reported gaps in coverage between risk functionsand a further 62 per cent believed they can get betterrisk coverage for less spend.
Regardless of pressures and appetite for change,the report said companies need to recognise thatreinvention cannot be achieved with incrementalimprovements.“Without a well thought-out strat-egy, they will chip away at the exterior of a func-tion that is not working effectively. Consequently,good investment risks slipping away because com-panies do not take a holistic view of enterprise riskand cannot deliver the value expected of them,”said the report.
Successful organisations begin by identifyingthe sources of existing GRC expenditure, and theymeasure and assess where risk management spend
THE BUSINESS CASE
Effective risk managementisn’t about spending more,
but rather about gettinggreater value from
what is spent
R M _ 8 3 . p g 0 1 6 . p d f P a g e 1 6 3 / 3 / 1 1 , 2 : 4 9 P M
RISK March 2011 17
is currently targeted and pinpoint uncoordinated, overlycomplex or overlapping activities. “Spend from low-value risk management activities, which may be rou-tine and deliver comfort but are not business critical,needs to be redirected to other higher-risk priorities,”said the report.
Martin Studer,managing partner for business risk serv-ices (Europe, Middle East, India and Africa) at Ernst &Young, said organisations need to start by setting out abusiness case,as they would for any other change program.They should define their unique value and performanceobjectives and address the expectations of regulators,investors and other stakeholders, he said.
“The business case must be about value, cost and riskassurance enhancement. It should describe how the organ-isation wants to govern these activities.The company alsoneeds to have a clear and shared view, from the boardthrough to executive management and business unit level,that determines risk appetite and risk tolerances (theamount of risk the company is prepared to accept to drivea certain effect in the market),”said Struder, who said thatfor a program like this to work, risk functions need to beembedded into the business under an accepted businessprocess owner.
The last phase is to define how the risk functions willengage with the business to realise the shared vision for
value generation.“Spending on resources and governanceis necessary, of course, to overhaul performance enable-ment processes and extract greater value,” he said.“How-ever,compared with the sums already spent – estimated tobe several billion dollars worldwide – refocusing existinginvestment to tackle the most significant risks, rather thanthose that merely offer a degree of comfort, will add tooverall business value.”
THE BUSINESS CASE
Spend from low-valuerisk management
activities, which may be routine and deliver
comfort but are notbusiness critical, needs
to be redirected to otherhigher-risk priorities
THE VALUE OF RISK MANAGEMENT
An Ernst & Young survey of 137 global institutional investorsfound that 82 per cent will pay a premium for companiesthat demonstrate successful risk management, while 61 percent will not invest where there is evidence of poor risk man-agement and 41 per cent would withdraw investment wherethere is a perceived lack of appropriate risk management.
Furthermore, an Aon survey found that 79 per cent oforganisations with mature risk management systems areeither moderately or very successful at protecting andenhancing shareholder value, while a Marsh survey foundthat companies with strategic risk management policies aretwice as likely as traditional companies to believe that theirenterprise risk management systems help to navigate thefinancial crisis.
Source: The multi-billion dollar black hole, Ernst & Young
R M _ 8 3 . p g 0 1 7 . p d f P a g e 1 7 3 / 3 / 1 1 , 2 : 5 1 P M
18 RISK March 2011
FEATURE
The recent news that litigation funder IMF Australia is pitchingto fund a shareholder claim against engineering firm DownerEDI is the latest in a line of possible and initiated shareholder
class actions to emerge over the last 12 months.Like other organisations to face such action,Downer EDI has made
the headlines. Reporting on numerous shareholders up against themight of a major engineering firm makes for some classic story-tellingand, it seems,Australians are keen to follow such affairs.
More than ever, the actions of corporations are being scrutinised -by the regulators, the shareholders, the public and the media.And withthe true extent of the GFC’s fallout yet to hit, a number of litigationfunders now on the scene and the take-up of technology easing theburden of organising and funding a class action, the Australian busi-ness environment is ripe for a wave of shareholder class actions.
The numbers are upNeedless to say, such news of shareholder class actions is also leavingthe directors of Australian boards on edge.According to the Directions2011 report, released by Mallesons Stephen Jaques last month, 34 percent of the 300 directors surveyed indicated they have been involvedin an organisation that has given attention to class action issues in theprevious 12 month period.
In fact, as Mallesons partner Roger Forbes notes, directors areincreasingly finding that shareholder class actions are almost to beexpected. “After any significant negative profit announcement by alisted entity there is almost an expectation now that it will be followedby a press release from a plaintiff law firm or a litigation funder,”he says.
But despite such expectations and the concerns of directors, there’slittle evidence to suggest that we’ve seen a rise in shareholder classactions in recent years. A recent study by Vince Morabito, a professorat Monash University, found that although specific shareholder classactions now constitute a slightly greater proportion of total class actionsthan in the 1990s, the Federal Court of Australia has not been inundated
with such claims.He says his research has found around 14 class actionshave been filed every 12 months since 1992.
Still, Blake Dawson partner John Emmerig does not believe Mora-bito’s figures will help directors rest any easier at night.
He says the shareholder class action numbers of the past are notan indication of what’s to come in the future, and the stars are align-ing to see Australia emerge as a hotbed of class action activity.
It starts,notes Emmerig,with the fact that Australians are amongstthe most active global participants in the stock market.
“Take shareholder participation, then the fact we have the mostdemanding continuous disclosure laws, the most liberal class actionregime and combine it with the precedent factor: that is that it has beendone [before], results were obtained for the plaintiff groups and so thenext faction follows more easily,” Emmerig says.
A ‘perfect storm’Emmerig is not alone in suggesting the current environment might beripe for a wave of shareholder class actions. At the ACLA NationalConference in late 2010, Middletons partner David Hope describedwhat he believes is the “perfect storm” facing corporations.
Hope pointed to his own range of influencing factors that are leav-ing corporations more exposed to class actions, such as recent legisla-tive changes, market volatility and the decreasing costs of class actionsgenerally - especially via technology and the arrival of litigation funders.
But it’s the fallout from the GFC and the uncertainty still facing themarket which is likely to have the most dramatic impact in the future.
The class actionattraction
A number of factors have aligned to further encourageshareholder class actions, writesAngela Priestley, and corporationsshould be concerned
R M _ 8 3 . p g 0 1 8 . p d f P a g e 1 8 3 / 3 / 1 1 , 1 : 5 2 P M
RISK March 2011 19
FEATURE
“The fact is there’s more public scrutiny on compa-nies generally [following the GFC],” said Hope at thetime. “There have been changes to the legislation withrespect to enforcement of listing rules of misleading anddeceptive conduct.”
Dawna Wright, a partner at McGrathNicol, points tomarket volatility as being central to encouraging share-holder class actions. “The more volatile the market, themore difficult it is to keep up with continuous disclosurerules,” she says. “And most of the regulators have been saying they’re ramping up their level of scrutiny.When you combine those two things plus the impact oflitigation funders, those three things together can have aserious impact.”
Since their input was first legislated in 2006, litigationfunders have been able to share a number of significantclass action success stories. While they faced a hiccup in2009, when the Federal Court found that such funderswere akin to a managed investment scheme and thereforesubject to regulation by ASIC, the introduction of tempo-rary class orders has since made life for funders a little eas-ier (a permanent exemption from managed investmentscheme requirements is expected to be formulated in 2011,according to Mallesons).
Morabito notes that, up to March 2009 (his studyperiod),class actions by litigation funders have seen a 100per cent settlement rate. “That seems to suggest that liti-gation funders do a very good job,” he says.
With returns of between 20 and 45 per cent of the set-tlement (according to IMF), litigation funding makes fora healthy investment too – and ultimately contributes toan environment that could encourage more shareholderclass actions in the future.
Faster, cheaper, simpler Technology is another factor that could contribute to awave of shareholder class actions in Australia. The abilityto email communications, to swiftly establish websiteschasing potential plaintiffs, to use social networking toextend reach and use electronic filing and databases totrack members of the class is greatly reducing the burdenof plaintiff firms in preparing a class action.
Technology is also a significant enabler in raising thenumber of plaintiffs now getting involved in class actions- especially across more general class actions, such as therecent bank fees class action led by Maurice Blackburn,IMF and Financial Redress in which 27,000 Australiansagreed to participate.
But when more specifically examining shareholder classactions,partners contacted by Lawyers Weekly (Risk Man-agement’s sister publication) indicate that the number ofplaintiffs now attracted to such class actions could actuallybe on the decrease,with funders and lawyers instead choos-ing to target the high-end investors, rather than the ‘mumand dads’.
“There is a lot more activity in directly approachinglarge institutional shareholders,” says Forbes. “For everythousand shareholders, it’s much more worthwhile to signa few large intuitional shareholders.”
Emmerig points to some recent examples to note sucha change. “When the GIO shareholder class action wassettled in 2003 there were 20-plus thousand investors inthe class who shared approximately $100 million,” hesays. “When Multiplex settled last year, it was still $100million dollars but only around 100 shareholders whoshared in the fund.”
And these days, Forbes believes large institutionalplayers are also more likely to be involved.
“Five years ago they may have been horrified to be alarge institutional shareholder with a brand name beingpart of a class action organised by a law firm. But nowthey look at those things sensibly and rationally,and makea decision as to whether they’ll sign up to the action orsimply vote with their feet and sell their shares.”
A change of mindset With more media attention, increased regulator scrutiny,fallout from the GFC and technology on board, Emmerignotes one final ingredient he believes will encourage agreater number of shareholder class actions in the future:a changed mode of thinking.
“Class actions have moved from being one-offs, to beingthe mainstream.People are more willing to participate andmore willing to initiate.”
For corporations, all these factors are pointing towarda risky future ahead. And the uncertainty of shareholderclass actions can only add to the woes of board directors.
To date, no shareholder class action has reached judg-ment, thus it’s difficult to ascertain just how a court wouldtreat such a matter, especially in proving causation anddetermining how loss can be calculated. Meanwhile, thecourts have been resistant to revealing information todefendants regarding just who is involved in the class,meaning claims have been difficult to quantify and settle.
But, according to Forbes, that may soon change, espe-cially given the small concessions made recently in Cen-tro’s current class action,which permitted Centro to obtainsome information about the class.
“The court is becoming, it seems, a little less inclinedto accept the proposition that members of the classshouldn’t be disturbed.”
Even with such favourable outcomes for defendants,the potential reputation and market risks a shareholderclass action can bring will continue to keep plenty of direc-tors awake at night. Just the very mention of a class actioncan immediately affect a share price, while the ‘trial bymedia’ mentality that such action can provoke is almostimpossible for an organisation to defend.
Downer EDI may be the latest corporation to face thespotlight of a litigation funder but it won’t be the last. In themeantime, company directors will continue to keep theiractions in check - and keep an eye on the media headlinesto read of the latest proposed class action.
“The director network is tight,” says Forbes. “Theywould all be well aware that every time they engage inprofit announcements or something else that may involvesome obligation of continuous disclosure that [the threatof the class action] is in the background.”
The shareholder class action numbers
of the past are not an indication of what’sto come in the future,
and the stars arealigning to see Australia
emerge as a hotbed ofclass action activity
R M _ 8 3 . p g 0 1 9 . p d f P a g e 1 9 3 / 3 / 1 1 , 1 : 5 3 P M
20 RISK March 2011
COVER STORY
Greenrisk
management
R M _ 8 3 . p g 0 2 0 . p d f P a g e 2 0 3 / 3 / 1 1 , 2 : 2 5 P M
RISK March 2011 21
COVER STORY
T he business case for corporate social responsi-bility (CSR) is now widely accepted among Aus-tralian organisations, which are increasingly
seeing it as a strategic opportunity for creating newvalue and not just a tactic for risk mitigation, accordingto a recent Australian report.
It found that organisations are reporting increas-ingly strong links between CSR capabilities and posi-tive organisational performance, while reducingenvironmental impact and building an understandingof CSR are considered the most important issues forCSR managers.
However, the report, The State of CSR in Australia,conducted by The Australian Centre for CorporateSocial Responsibility (ACCSR), also found Australianorganisations need to move beyond a focus on risk min-imisation and regulatory compliance if they are to suc-cessfully leverage their CSR strategies for the purposesof competitive advantage.
Suzanne Benn, a professor at Macquarie University’sGraduate School of the Environment and director ofThe Australian Research Institute for Environment andSustainability, believes there is a shift to integrating sus-tainability and CSR across all aspects of a business.“Soit’s become less of a specific function and more of anintegrated function within organisations. It’s been incor-porated into reporting guidelines and it’s been incor-porated into supply chain guidelines, so there has beena shift away from having a CSR manager who just looks
after relations with the community to more of an inte-grated understanding across organisations,” she says.
At the same time, there is a greater differentiationbeing made between social and environmental aspects,according to Benn.“The environmental area is increas-ingly technical, so that requires a different academicbackground with a different set of responsibilities tothose working in social welfare areas,” she says.
Environmental considerationsEnvironmental issues are high on the radar of mostorganisations, according to Leeora Black, founder andmanaging director of ACCSR. “People are working onunderstanding and managing their greenhouse gasemissions and water usage and they are focused onreducing the environmental impact of their workingspaces, their offices and buildings and so on,” she says.
Environmental considerations vary from industry toindustry,Black explains.“With both financial services andmining, their priority issue is going to be on managing reg-ulatory impacts (according to The State of CSR in Australiareport). But for mining their second top priority is envi-ronmental management and this is a direct pathway forthem to risk management, whereas managing regulatoryimpacts for financial services is going to be more aboutreducing conflict with activist groups.”
One of the more obvious looming environmentalissues for Australian companies is the proposed carbontax, which is driving companies to consider environ-mental issues, according to Suzanne Young, associateprofessor and director of corporate responsibility andglobal citizenship at the La Trobe Graduate School ofManagement.“I still don’t think they’re grappling withthe whole issue of climate change necessarily; it’s stillbeing driven by legislation and the threat maybe ofincreased taxes across certain sectors,” she says.
“But I don’t think companies are really seeing thatclimate change and the associated risks are really impact-ing in a lot of sectors. While the mining sector andrelated industries might be more active here, in mostother sectors it’s still based on a push by legislation.”
Benn agrees that trying to second guess what thegovernment is going to do about a carbon tax is a bigissue. “It’s kind of a risk management issue, with com-panies moving ahead before they really know what gov-ernment is going to do,” she says.
Corporate social responsibility, environmentalissues and risk management are increasinglyintertwined. Craig Donaldson explores thistrend and speaks with a number of expertsabout the greening of risk management
“To be effective in managing social andenvironmental impacts and opportunities, you need a much higher degree of internalcoordination and cooperation”Leeora Black, managing director, The Australian Centre for Corporate Social Responsibility
R M _ 8 3 . p g 0 2 1 . p d f P a g e 2 1 3 / 3 / 1 1 , 2 : 2 7 P M
COVER STORY
22 RISK March 2011
Internal sustainability, corporate governance and risk management There is a huge variation in how well sus-tainability, corporate governance and riskmanagement professionals work together,according to Adrian King, climate changeand sustainability partner at KPMG.
The better companies use sustainabilityprofessionals to work with risk, board com-mittees and management to integrate sus-tainability practices throughout the company,he says, however, other companies oftenemploy sustainability professionals just to pro-duce annual sustainability reporting who havelittle contact with the rest of the company.
“The key to improvement in this area isincreased internal communication and betterengagement between the different profes-sionals within a company. Initial meetings to
understand each others’goals, roles and chal-lenges can often quickly lead to identifyingopportunities to support each other and thesetting up of both formal and informal com-munication and information sharing chan-nels,” he says.
Black also says there is a lot of variation inhow well companies perform in this area. “Iwould say that more can be done and moreneeds to be done,” says Black, who adds thatThe State of CSR in Australia report found thatone of the top outcomes from CSR is reduc-ing risk.
“Now that suggests to me that there isbetter coordination going on inside com-panies but obviously it’s not enough. I alsothink that in the medium-term, the intensefocus on risk management benefits of CSRis going to give way to a greater focus oninnovation in CSR. So what looks like bestpractice in risk management today will bebusiness as usual tomorrow, and the newfrontier for excellence in CSR and sustain-ability will be more focused on innovation,”says Black.
Benn agrees that internal sustainability,corporate governance and risk managementprofessionals could have a lot more awarenessof each other’s issues. An interesting trend istowards having multi-skilled individuals inthese roles, and Benn says it’s increasinglycommon to see sustainability managers withdiverse qualifications.
“I see integrated multidisciplinarypostgraduate courses emerging. Studentsmay have a science, finance or engineeringbackground, so with another postgradu-ate qualification that brings together riskmanagement with sustainable develop-ment and change management, for exam-ple, you’re getting multi-skilled people inthose positions. I think this will make abig difference in terms of breaking downsilos, because you have people who will beable to talk the language of other silos,”she says.
The role of risk managementRisk management professionals play keyroles in developing and implementing sus-tainability practices, according to King. Theyare involved in identifying the sustainabil-ity risks as well as developing policies andprocedures to manage these risks, and hesays they are also often involved in the mon-itoring of these policies and proceduresthrough the likes of internal audits.
He says risk management professionalsneed to identify, as much as possible, oppor-tunities to extend existing risk managementprocesses to sustainability risks. Existing riskmanagement processes are often mature andwell established and he says they shouldinclude all sustainability issues rather than acompany inventing separate processes to man-age sustainability-related risks.
“While sustainability professionals can pro-vide valuable information over the sustain-ability risks and responses, risk managementprofessionals often have the practical experi-ence and proven processes already in place tofacilitate the management of sustainabilityrisks within their company.”
Young also says risk management profes-sionals have a large role to play.“I think it’s veryimportant for them to be engaged and think-ing of strategic risk rather than just operationalor financial risk.A lot of risk professionals havetraditionally been more focused on safety,gov-ernance or finance.So risk professionals reallydo need to engage more at the strategic leveland the long-term planning level,” she says.
“There’s a place for sustainability and risk,and they like to act quite closely together. Ithink risk professionals maybe need to engagewith sustainability more than what they do
EMBEDDING SUSTAINABILITY IN RISK MANAGEMENT
Many CEOs are placing sustainability as a central pillar in their corporatestrategies, but are stopping short of embedding measurement systemsand processes in the business framework, for example in reporting andrisk management, according to a recent research report. With financialand non-financial performance becoming interconnected, this shortfallleaves companies exposed.
Conducted by the Economist Intelligence Unit, the research took inmore than 280 senior executives – three-quarters of whom are respon-sible for their firms’strategy and business development – mostly in Asia-Pacific, Western Europe, and North America. Despite the risingimportance of environmental, social and governance (ESG) factors incorporate strategy, the research report found senior executives do notappear fully committed to embedding sustainability in risk manage-ment, with just 22 per cent saying that ESG elements are a fundamen-tal part of their risk management systems. This compares with 35 per centwho say they include selected elements of their ESG goals in their riskmanagement activities, while only 22 per cent who do not include ESGpractices in their risk management systems expect to do so in the futureand around 14 per cent have no plans to introduce ESG criteria intotheir risk management practices – “a stance that may leave them finan-cially exposed, as sustainability and profitability become ever moreintertwined”, according to the report.
Among companies for whom environmental sustainability is a focus,it found that 32 per cent incorporate such issues into risk management,while the corresponding figure for social sustainability is 19 per cent and28 per cent for governance. “It appears, then, that environmental sus-tainability is more likely to be integrated into risk management than areother elements of sustainability,” the report concluded.
“There has been a shift away from having a CSRmanager who just looks after relations with the community to more of an integrated understanding across organisations”- Suzanne Benn, director, The Australian Research Institute for Environment and Sustainability
R M _ 8 3 . p g 0 2 2 . p d f P a g e 2 2 3 / 3 / 1 1 , 2 : 3 2 P M
RISK March 2011 23
at the moment. In some sectors it is quite strong, likein mining and finance,but there’s definitely an oppor-tunity.”
Benn agrees that risk management professionalshave “a very big role” because the space that compa-nies see sustainability and corporate social responsi-bility in is largely about risk management. However,she says risk professionals need to understand the lan-guage, discipline and key concepts of sustainability, inorder to understand the associated risks.
“Many corporate responsibility issues are long-term,so it can be difficult to work these considerations intothe business model that risk management specialists areneeded for really,” says Benn.
“You have to communicate to senior managers thatit’s not just about short-term.One of the big criticisms,in terms of how companies have gone about (or notgone about) trying to implement sustainability, is thatthey are at the beck and call of institutional investorswho may have very short-term considerations.”
Black says it’s fundamentally important just to “talkto your internal sustainability manager.Stay connectedwith the sustainability agenda in your organisation andwork collaboratively at every opportunity with the sus-tainability professionals in your organisations. That’srule number one, two, three, four and five.”
COVER STORY
A COMMON BLOCK
One of the biggest obstacles that companies face is indriving broad-based understanding of the CSR and sus-tainability agenda right throughout the organisation,according to Leeora Black, founder and managing direc-tor of the Australian Centre for Corporate Social Respon-sibility and an honorary visitor to the La Trobe UniversityGraduate School of Management.
“The reason for is, as a management discipline, thefocus on corporate responsibility and sustainability is prob-ably the most multidisciplinary, cross-functional man-agement function we’ve ever yet seen in the developmentof modern business management methods,”she asserts.
“To be effective in managing social and environ-mental impacts and opportunities, you need a muchhigher degree of internal coordination and cooperationthan for many other types of organisational tasks whichcan be managed more vertically and hierarchically.”Most organisations are built on silos with verticalaccountability lines, whereas Black says success in thisarea requires a lot more horizontal coordination forsuccess – which is a challenge to the way most largemodern companies are actually structured.
“Risk professionals maybe need to engage with sustainability more than what they do at the moment”Suzanne Young, director, corporate responsibility and global citizenship, La Trobe Graduate School of Management
R M _ 8 3 . p g 0 2 3 . p d f P a g e 2 3 3 / 3 / 1 1 , 2 : 3 3 P M
Organisations often take for granted that dur-ing a major pandemic, government at all lev-els – national, state and local – will
automatically ‘take charge’ and resolve all their majorproblems. We believe this is a very dangerous and mis-guided assumption that could lead to serious problemsfor the organisations concerned.
Recently, we asked the executive team of a major Syd-ney-based government agency what they thought aboutour concerns – expecting strong disagreement. Instead,they all absolutely agreed and cited specific examples oflack of support they had encountered during what was,after all, the recent fairly mild ‘swine flu’ pandemic. Otherorganisations have experienced much the same.
This is not meant to degrade the process that govern-ments follow in a pandemic/epidemic or their desire toassist as best they can. It’s simply recognition of the factthat the Government often cannot do very much, espe-cially when their own resources are depleted, as would bethe case should a major crisis occur.
A serious pandemic – similar in scope and immensityto earlier ones we have experienced where thousands oflives have been lost worldwide – would see closure ofschools and childcare centres, travel bans, warnings not tomeet with other people unless absolutely necessary, up to60 per cent absentee rates over a period of up to 18 months,and a huge amount of social and personal trauma – withincreased rates of crime and fewer police.
All organisations would be affected including theGovernment. So just when their assistance is most
needed by the community they themselves will be attheir most vulnerable with depleted staff resources andservice dislocation.
How can anyone believe, amongst all this high leveldrama that they can simply wait for the Government to fixeverything?
Will the Government provide additional staffing to sup-port organisations whose own staff have elected not tocome to work or are too sick to do so?
Will the Government provide additional staffing to thesuppliers of those organisations who depend on service/product deliveries from affected countries or even locally?
Will the Government provide funding to pay thewages of staff who decide not to attend work throughfear of infection or simply because they can’t get theredue to lack of transport or because there is no-one tolook after their children?
Will the Government provide additional services suchas health monitoring or trauma counselling to organisa-tions when their first priority must surely be to assist thosein need of immediate medical attention or 24/7 care – andall this with reduced numbers of doctors,nurses and othermedical staff?
The answers to all the above,and many other questions,must surely be ‘no’.
Clearly, organisations need to take responsibility fortheir own staffing issues and for business continuity as awhole in the event of a pandemic. It should not simply beleft to Government.
– Cliff Reece, principal, Crisis Risk Management
To what extentshould we rely on theGovernment during amajor pandemic?
Organisations need totake responsibility fortheir own staffing issuesand for businesscontinuity as a whole inthe event of a pandemic
Pandemic planning:Government support
24 RISK March 2011
CRISIS MANAGEMENT
R M _ 8 3 . p g 0 2 4 . p d f P a g e 2 4 3 / 3 / 1 1 , 1 : 2 2 P M
RISK March 2011 25
Compliance and Risk roles – Australia
taylorroot.com.au
THE SR GROUP . BREWER MORRIS . CARTER MURRAY . FRAZER JONES . PARKER WELLS . SR SEARCH . TAYLOR ROOT LONDON . DUBAI . HONG KONG . SINGAPORE . SYDNEY . MELBOURNE
Compliance Manager - RE SydneyWell respected Australian financial services organisation that prides itself on the retention of its clients through excellent service and outstanding technical knowledge. You will provide expert advice on matters relating to the corps act and ASX listing rules. Key attributes are the ability to confidently liaise with seniorexecutives as well as the regulators. $110,000
Compliance & Risk Manager SydneyEmerging fund manager. The position will be an excellent opportunity to develop a compliance and risk framework. We are seeking 5+ years of work experience with a preference for a funds managementbackground. Small team environment so the ability to be self motivated and to take initiative is essential. $130,000
Compliance Manager MelbourneWell known financial services group with adiverse portfolio are currently looking for a seniorcompliance professional to manage its function.This role will initially cover the monitoring andsupervision of the compliance infrastructureacross the group. Working with seniormanagement this role will offer a broad range ofwork and strong career prospects. $140,000
To discuss Compliance and Risk roles, please contact Amanda Atherton in Sydney on +61 (0)2 9236 9000, Neil Williams in Melbourne on +61 (0)3 8610 8400 or email [email protected] or [email protected]
RISK PEOPLE
How and why did you getinto risk?By accident – I was the head of compli-
ance at MBF and before that at IAG for its
wealth management business opera-
tions. As nobody had specific responsi-
bility (or ownership) for risk management
I was asked to look after it.
What is your current role,and how did it come about?Head of group risk and compliance, Bupa
Australia. I joined IAG (formally NRMA
Insurance) back in 1995 as head of com-
pliance for its wealth management and
life insurance operations. Then in 2005,
IAG decided to sell this business to MBF
who in turn merged with Bupa in 2008
and – here I am. Basically I have been
doing exactly the same but for three dif-
ferent companies, but over time the busi-
ness operations have grown significantly
as has the complexity of businesses.
What is your career ambition? I actually love what I am currently doing
in risk and compliance and believe that
nearly every business operation revolves
around these two functions – that is
every decision involves taking educat-
ed risk and idealistically every activity
should be fully compliant with each law,
regulation code or rule. I have now also
been a director for the Australian Com-
pliance Institute for about seven years
and immensely enjoy the responsibili-
ties associated with being a director. As
such, my long term ambition is to move
away from a business management role
and move more towards taking on a
range of directorships.
What do you get up to inyour spare time? I love golf, watching rugby league (too
old now to be participating) and wine.
Now that my children are old enough
to take themselves to sport and I have
finished (well nearly) building our lat-
est home (if you ever finish building),
I have returned to playing golf. In fact,
when I was younger I had the choice
of becoming a professional golfer or
completing an accountancy degree
and I chose the latter. In those days
there was not as much money in golf,
apart from the elite, that there is today.
If I had to make that decision now, I
may make a different decision: risk ver-
sus return, sounds a lot like “risk man-
agement”!
What has been your careerhighlight to date? There have been a number, but I guess
it would be my first directorship as it
helped take my career to another level
and I learnt a lot about managing a
business.
What do you think it takes tosucceed in risk? An open mind and never stop asking
‘why?’.
What advice would you giveto graduates considering acareer in risk? Just do it. I see governance, risk and com-
pliance as the new frontier – it is here to
stay and will only get bigger and more
important. Just ask the regulators and
law makers.
How do you see the profes-sion developing and whatdo you think it will look likein five to ten years time? See above. The GFC will result in a
greater management and board focus
on risk, governance and demonstrated
compliance.
I see governance, risk and compliance asthe new frontier
Risk people : Robert EmeryHead of group risk and compliance, Bupa Australia
R M _ 8 3 . p g 0 2 5 . p d f P a g e 2 5 3 / 3 / 1 1 , 1 : 5 5 P M
INTERNATIONAL
26 RISK March 2010
A company in the UK has become the firstto be convicted under the UK CorporateManslaughter and Corporate Homicide Act2007, which introduced the new offenceof corporate manslaughter where thegross negligence of a company’s seniormanagement results in death.
The company, Cotswold Geotechni-cal Holdings, was found guilty after anemployee, Alexander Wright, 27, waskilled after being buried in a deep soiltrench collapse.
In September 2008, Wright was leftworking alone in the 3.5 metre-deep trenchon a development plot to finish-up whenthe company director left for the day.
However, the two people who ownedthe plot decided to stay at the site asthey knew Wright was working alone inthe trench.
About 15 minutes later they heard amuffled noise and then a shout for help. De-spite the plot owners’best efforts to rescue
him, Wright died of traumatic asphyxiation.The prosecution’s case was that
Wright was working in a dangeroustrench because Cotswold GeotechnicalHoldings’ systems had failed to take allreasonably practicable steps to protecthim from working in that way.
In convicting the company, the juryfound that their system of work in diggingtrial pits was wholly and unnecessarilydangerous.
The company ignored well-recog-nised industry guidance that prohibitedentry into excavations more than 1.2 me-tres deep, requiring junior employees toenter into and work in unsupported trialpits, typically from 2 to 3.5 metres deep.
Wright was working in just such a pitwhen he died, and while CotswoldGeotechnical Holdings denied killinghim, the company was fined £385,000($617,674) and ordered to pay the fine
over a 10 year period.Commenting on the case, law firm
Norton Rose said that historically, con-victions of large companies formanslaughter have failed due to the dif-ficulty in identifying the “directing mind”of a company, that is, an individual in amanagerial role who caused the death.
“The Act attempts to address this la-cuna by considering the actions of a com-pany’s senior management collectively,”said the firm in a news update on the case.
“The prosecution was able to demon-strate to the jury that the behaviour ofCotswold Geotechnical Holdings and itsmanagement fell far below that whichcould reasonably be expected,” said Nor-ton Rose, which also noted that the fineimposed on the company was far largerthan the average fine for a work-relateddeath (usually around £100,000 ($160,434))and “is no doubt a signal that larger finescan now be expected”.
First corporate manslaughter conviction in UK
RISK BUSINESS DIRECTORY
www.riskmanagementmagazine.com.au/Directory/Compliance-Risk-Software
R M _ 8 3 . p g 0 2 6 . p d f P a g e 2 6 3 / 3 / 1 1 , 5 : 0 4 P M
R M _ 8 3 . p g 0 2 7 . p d f P a g e 2 7 2 / 3 / 1 1 , 1 : 0 1 P M
R M _ 8 3 . p g 0 2 8 . p d f P a g e 2 8 2 / 3 / 1 1 , 1 2 : 3 0 P M