Risk Management has been in Malaysia for over 15 years and yet it is still considered a new element of the Corporate Governance in the Malaysian companies. Why do I say this? it is evident on most Annual Reports and statutory submissions.
You will see the same statement of Risk Management meetings and the usual risk management effort of REDUCING the number of risk...and the occasional one or two risk management exercises.
Reducing your NUMBER of risks are not exactly a good sign. For me, I would say, you are either have more resource to cater for the short comings you previously have, or you have changed the way you operate, being more efficient or effective perhaps, or you are just trying to tell me that less risk is better. Actually less risk tells me spot on that you are hiding something and only showing the good stuffs.
Is showing everything good, considered good? not really. I would further look at your financial standing to verify some facts on this. If there is a significant indicator that you are doing well, perhaps I might believe you.
Risk is not something that you can just solve like you solve a jigsaw puzzle. It is a form of continuous activities of an extremely vigorous thought process and constantly on top of things especially if you want to be a pioneer in new innovation or technology. Simply saying, managing risk is by making the unknown become known. That way, you are better prepared and in a better position to make decisions. That is all there is to it. However, being a top management executive, you may need someone such as a risk manager or chief risk officer CRO, to help you make the necessary risk assessment exercise, strategies and identification.
Its not easy for you to do it on your own for the whole company and at the same time manage the company. But I am not saying it cannot be done. Simply, you will be working long hours because it would require a lot of research, news reading and analysis, be it qualitative or quantitative.
Some may claimed that they have 10 years of Risk Management Practice but how mature they are in their risk management exercise or assessment would need to have a third-party verification to be certain.
Why do I say this? because I have seen or met with these people and sadly it's not as what it seems. Some do have an excellent system but may be weak in other areas such as analytical in terms of strategic thinking or strategic risk identification. So having 10 years may mean that it was only on the operational risk level. But could be totally not related or connected to the strategic level of risk management.
Thus, dots are not connected and t's are not crossed. Perhaps not all the right places. This is very sad indeed as it does not amount to an excellent corporate governance, instead is it at the stage of operational maturity only.
I was hoping that in 10 years, at least I would have been able to learn something new from this company, however, having to learn the part of operational risk all over again may not be a good exercise right now.
No comments:
Post a Comment