Is risk management developing at a rate that reflects Asia’s growth?

Developing countries in the Asia-Pacific region will experience stable economic growth this year of 7.1% – largely unchanged from 2013 – according to the World Bank. Although this is down from the average rate of 8% between 2009 and 2013, APAC remains the fastest-growing region in the world.

However, the ‘land of opportunity’ for corporates is not without its hazards. As businesses expand into the region, the risks also grow. The question is whether risk management, as a practice and a profession, is developing at a rate that reflects the region’s overall market growth.

That question formed the basis of a panel debate on risk-management maturity at StrategicRISK Asia’s inaugural risk forum, held in Singapore in July.

The panel of five risk and insurance experts – Shuh Lin Tan, director of risk management, Asia, at InterContinental Hotels; Ron Chua, director, head of risk management at Banyan Tree Hotels and Resorts; Gordon Song (pictured), head of enterprise risk management and internal audit at Tigerair; Douglas Ure, leader of Marsh Risk Consulting in Asia; and Stephen Higginson, sales leader at Swiss Re Corporate Solutions in Asia-Pacific – challenged common perceptions that Asia’s risk maturity lags behind its Western counterparts in Europe and the US.

The panel agreed the risk appetite in the Asia-Pacific region is high, even if levels of sophistication vary from country to country.

Malaysia and Singapore, for example, have made some headway in developing risk management standards, while Indonesia and the Philippines have a considerable way to go.

The experts said Asia’s drive to improve the quality of its risk management is gathering pace as businesses become more global and large corporations develop their presence in the region.

The fact some of countries are beginning to establish themselves as essential business hubs has meant regulators are getting tough on business compliance, which is increasing the demand for robust risk management even more.

“Asia-Pacific’s risk awareness has improved markedly in recent years,” Song said, opening the discussion.

“Much of that development is down to regulatory pressures and a positive stock exchange driving the need for international best practice. The question we should be asking ourselves now is: ‘Are businesses truly embedding a healthy risk culture into their organisations?’”

Ure was quick to provide an answer, suggesting that some firms run the risk of responding to a more stringent regulatory environment by taking a tick-box approach.

“Regulation has been a big driver for enterprise risk management (ERM), and that is positive,” he said. “But the pressure to remain compliant can take organisations down a road of box-ticking and compliance-driven procedures that may not add value.

“Businesses need to strike a balance between meeting regulatory requirements and establishing the right risk management processes that actually make a real difference.”

Urgency to strengthen risk management

Chua steered the discussion towards natural catastrophes, suggesting that such disasters have heightened an urgency to strengthen risk management across the region. In the past decade, the region has been blighted by several deadly and economically damaging catastrophes: the Indian Ocean tsunami (2004), Cyclone Nargis (2008), the Tohoku earthquake (2011), the Thai floods (2011) and Supertyphoon Haiyan (2013), for example.

In 2011, a record 77% of global nat cat losses occurred in Asia-Pacific alone, according to the Asian Development Bank.

“The effect of such disasters on business was huge and has certainly led to greater risk awareness,” Chua said.

“Lessons have been learnt, businesses are taking risk management seriously in light of these catastrophes.

In this respect, risk management is stepping up the maturity index.”

Higginson then pointed to a significant business trend: that Asia’s industries are moving away from producing high-volume low-value, poor quality goods and services, to focusing on better quality products demanded by the growing middle class and those with new levels of disposable income, a key factor that will continue to encourage corporates to rethink and improve their risk management functions.

“Look at the white goods, motor vehicles, tyres, entertainment and hospitality industries: quality and reliability are paramount to their success.

“Ten to 20 years ago, China was producing a ‘lot of not very good’. Now, it is producing ‘less of much better’ and this trend is consistent across the region. This is an important move for many industries and has to be underpinned by a more robust risk management function.”

Measuring maturity

The panel then considered how risk maturity could be objectified and measured. A topical talking point for the profession in any region, the discussion took the form of five key factors, with each panellist offering their suggestions concerning areas that could be quantified to determine the level of risk maturity. These included reputation, board engagement, level of data analysis, quality of risk leadership and key performance indicators.

Underpinning all of these measures is financial performance and all panellists agreed that an advanced ERM function will safeguard and improve profit and revenue streams.

Tan started this debate, suggesting that, contrary to popular belief, brand quality – and the risks that can harm it – can be measured.

“It is difficult to quantify reputation, but there are various ways to measure elements that affect how a brand is perceived,” she said.

“From a risk perspective, creating a tool to measure reputation will help identify the factors that could cause damage and these elements can be measured and quantified to determine what needs to be done to manage those particular risks.

“Another area that will help build a better picture of a brand is conducting employee surveys to establish how employees perceive their company.

“This can be taken further, by asking customers what they think of a brand, as well as asking for its stakeholders’ and owners’ views. This information can then be used to make improvements, mitigate any emerging risks and ultimately use that to encourage the signing of deals, further investment, all of which can help generate revenue.”

Song offered another perspective, asking delegates to consider the quality of their risk discussions. He said risk managers should ask themselves three questions when assessing risk maturity in their organisation: Who is having conversations about risk and risk management? Where are these discussions taking place? With whom are these conversations being had?

Song said that a well-risk-managed business with a mature risk outlook will have an ERM function embedded throughout the business. It will be a key feature in every department, in every internal system and process, and this will be extended to outsourced partners.

“We must not,” he concluded, “have risk conversations in isolation.”

Ure followed by suggesting that risk maturity does not merely involve implementing risk processes and governance structures. He said a financial element can be measured.

“By looking at the cost benefits of your risk mitigation process, you can start to build a picture of how robust your approach is.”

Top-down engagement

Ure added that by proactively assessing data, risk managers can demonstrate the real value of their work.

“With tangible numbers, you can tell your board that decisions have been made because they reduce your cost of risk while safeguarding the business from potential financial loss. You could even demonstrate that certain decisions can give the company a competitive advantage.”

Higginson concluded the session by urging delegates to engage the board.

“The word ‘management’ in ‘risk management’ is crucial,” he said.

“Firstly, if businesses are to expect their workforce to buy into and practise risk management, employees need to see senior executives proactively thinking about risk. Leadership by example is always the most effective way to get the workforce to believe and to engage and this is definitely true in the management of risk.

“Second, board members have to be fully engaged and involved in the risk management commitment, because without their buy-in you are not going to get the capital expenditure required to continually invest in management of risk in a constantly evolving business environment.

“Third, businesses need to have a conduit to their shareholders too – the people who provide the money. It is essential to have a way of convincing them to see the value to their financial interest from investing in risk management. The board will be responsible for ensuring the message is delivered effectively and it can only do this if it is fully involved and has a complete understanding of the risk management approach.

The last session of the forum ended with all panellists agreeing that, with the region’s growth set to continue, the risk management profession will be central to ensuring that businesses maintain their positions on this upward curve.