Risk Compliance has Business Values and not just Legal Compliance

By Jaydip Gupta, Chief Risk Officer, NIIT


Jaydip Gupta, Chief Risk Officer, NIIT

Today’s buzzword that has come up with the recent amendments in Companies Act and with the inclusion of ICFR (Internal Control and Financial Reporting). I wonder why a law is required to increase awareness among the corporate leaders. Do you not use to evaluate the risk of taking any business decision before? Do you think an external consultant can take that responsibilities of yours? Ask it to yourself and then evaluate the roles and responsibilities of a consultant.

I feel the challenge that we have is in our mind, all we seek is compliance which is a drive done by support function heads like CFO, CRO, CTO etc. and not by the business leaders in the organization. The picture that is depicted is persecution on non-compliance. Off late I had gone through some presentations of the leading consultancy firms pitching to extend professional support, the presentation key emphasis were on the extremity of liability on the management in case of non-compliance. I disagree to this approach.

To me, Risk evaluation is a key management skill hence the drive must be that of value addition to the business. Why do we think this amendment is coming in? According to me, the intent is to curb the nature of non-calculative business approach by entities, to protect the interest of all the stakeholders i.e the Shareholders, Employees, Customers and Vendors. If my believe is what you agree, then do you not think the drive must be that of inculcating a behaviour of entity wise risk evaluation to be driven by the business group in support of the Finance Audit or other org functions.

All the consultant who wants to drive in the risk management must start the discussion with the business leaders jointly with CFO, CRO, and emphasis how this will add value to the success of the business. The aspect that need to be emphasised is its future looking evaluation and not just post-mortem of past activities or meeting to the statutory auditor’s requirements.

Where should risk management evaluation start? I believe it is from the Budget. Each entity decides key initiatives for the immediate year, in  short term and long term. These drives the future growth and values, however, they are subject to inherent risk of failure. There are frame works, guidance note, and white paper recommending the process of identifying the risk of failure. I think here the consultants can play the best role in supporting the business in identifying what can go wrong. Though not full proof I am sure in this process the management will find a lot more values than just a legal aspect to be ticked. This is where an enterprise can drive a shift in the culture and change in the process.

I personally have worked long time in US and other European countries. Sharing my experience about how to drive risk management within the organization. The purpose is to identify the important goals and targets of the organization, which can be launch of a new product or identify a new market or inorganic growth or increase customer satisfaction or increase delivery efficiency or a combined initiative. After a brainstorm at various level once the focus areas are identified they are termed as Wildly Important Goals. All ideas and Goals are important, however, one that is must do are Wildly Important Goals or WIGS. The purpose is to focus the energy and time and resources in a planned manner.

Risk identification is the next step where the purpose was to identify and tabulate all possible External and Internal risk that can influence followed by mitigation plan which includes process control. Will you agree that such an exercise will drive both business and support function together?

My honest intent is to take this change in our law as an opportunity to drive an awareness within my organization, which will mature the system to handle risk in an informed basis. I am sure this will result in compliance to the legal requirements and the statutory auditors will partner in the process. As an organization surely without saying process improvement is a constant endeavour irrespective of any change in laws so I think here too directing the limited resources we will drive assurance and fraud control in key influence areas. This too with achieving controls will increase efficiency and improve delivery.

I may have stressed on the point by now too much. In short I will say Consultants have an important role to play jointly with the entities, however, the focus must be towards adding value to the business objectives and not appear as one more burden of compliance. If we drive it right we will drive a great value for all.

Current Issue