Publication Year
Article Type

Corporate Governance and Risk Management: An Indian Perspective

Literature Review

Citation Download PDF

International Journal of Management Science and Business Administration
Volume 1, Issue 9, August 2015, Pages 33 – 39

Corporate Governance and Risk Management: An Indian Perspective

DOI: 10.18775/ijmsba.1849-5664-5419.2014.19.1003
URL: dx.doi.org/10.18775/ijmsba.1849-5664-5419.2014.19.1003

¹Sharukh Tara, ²Sorab Sadri

¹Bharti Vidyappeth Institute of Management Studies and Research, Navi, Mumbai, India
²School of Business and Commerce, Manipal University, Jaipur, India

Abstract: Companies need funds to finance their activities and as a result, there has been a need for accountability to protect the interests of those providing the funding. Companies are also managed by directors who act as agents of the shareholders. Under pressure to maximize wealth they are prone to excessive risk, reckless conduct or in extreme cases, blatant manipulation of accounting figures. The call for increased accountability grows louder every time there is a crisis in public confidence. Whether this is the stock market crash of 1929, for example, or the more recent high-profile collapses of a number of large firms such as Barings Bank, Enron Corporation and WorldCom, the resulting uncertainty has led to renewed interest in corporate governance practices. It is not only as a means of directing and controlling corporations but as a means of mitigating corporate risk. This paper bases on over a decade’s research attempts to shed some light on this topic based on the Indian experience. Paper tries to bring out the fact that there is a significant relationship between corporate governance and the management of risk and that corporate governance is one of the main means by which a company can manage risk.

Keywords: Corporate Governance, Risk Management, Accountability, Funding, India

Corporate Governance and Risk Management An Indian Perspective

1. Introduction

In the highest tradition of social science research, we have to define our position, so, a brief description of what risk and corporate governance are is a good start. Risk management is the identification, assessment and prioritization of risks. Risk is defined in ISO 31000 as the effect of uncertainty on objectives (whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. The key issues in risk management are strategies which typically include transferring the risk to another party, avoiding the risk, reducing the negative effect or probability of the risk, or even accepting some or all of the potential or actual consequences of a particular risk. The Financial Reporting Council (FRC, 2008) Combined Code sets out the purpose of Corporate Governance as follows: “Good corporate governance should contribute to better company performance by helping a board discharge its duties in the best interests of shareholders; if it is ignored, the consequence may well be vulnerability or poor performance. Good governance should facilitate efficient, effective and entrepreneurial management that can deliver shareholder value over the longer term.” This view is underpinned by the preamble to “the OECD’s Principles of Corporate Governance”, which sets out clearly the importance of corporate governance in the following statement: “The presence of an effective corporate governance system, within an individual company and across an economy as a whole, helps to provide a degree of confidence that is necessary for the proper functioning of a market economy. As a result, the cost of capital gets lower and firms are encouraged to use resources more efficiently, thereby underpinning growth” (OECD, 2004).

Companies have long known that good governance generates investor goodwill and confidence. Now there is even more reason for them to improve their corporate governance practices. Numerous studies recently emanating from academic circles show that good corporate governance increases valuations and boosts the bottom line. Theoretical models by La Porta et.al, (2002) and Shleifer and Wolfenzon (2002) predict that investors pay more when they recognize that. With better legal protection, more of the firm’s profits would come back to investors as interest or dividends; there won’t any chance for the entrepreneur who controls the firm to expropriate the profit. Second, good corporate governance may reduce the expected return on equity to the extent that it reduces shareholders’ monitoring and auditing costs. Ultimately, this should also lead to a higher firm valuation. The study by Gompers et.al, (2003) also drew a strong correlation between corporate governance and financial valuations. The study found the valuation of companies in the democracy portfolio as measured by Tobin’s Q – the ratio of market value to book value of assets – to be 56 percent higher than those in the dictatorship portfolio.

It is quite apparent from the above that an important aspect of corporate governance is the fact that corporate governance determines the financial health of an organization and has an important bearing on investors’ perception of risk. Good corporate governance means lower risk and poor corporate governance means higher risk; this has an immediate reflection in the cost of capital and shareholder value. In the financial system, corporate governance is one of the key factors that determine the health of the system and its ability to survive economic shocks (Bollard, 2003). The health of the financial system much depends on the underlying soundness of its individual components and the connections between them – such as the banks, the non-bank financial institutions and the payment systems (Pedro et.al, 1998). In turn, their soundness largely depends on their capacity to identify, measure, monitor and control their risks. The Kumar Mangalam Birla Committee on Corporate Governance appointed by SEBI has also highlighted this aspect when its stated in the report stating that “strong corporate governance is thus indispensable to resilient and vibrant capital markets and is an important instrument of investor protection. It is the blood that fills the veins of transparent corporate disclosure and high-quality accounting practices. It is the muscle that moves a viable and accessible financial reporting structure. Without financial reporting premised on sound, honest numbers, capital markets will collapse upon themselves”.

According to the mandatory recommendations of the committee, an audit committee should meet at least thrice a year. The Committee’s view is that the need for having an audit committee grows from the recognition of the audit committee’s position in the larger mosaic of the governance process, as it relates to the oversight of financial reporting. One of the main purposes of appointing an audit committee was the control and monitoring of financial risk. The most important functions of the audit committee were to;

  • Oversee the company’s financial reporting process and the disclosure its financial information to ensure that the financial statement is correct, sufficient and credible;
  • Review the adequacy of internal audit function, including the structure of the internal audit department, staffing and seniority, reporting structure, coverage and frequency of internal audit;
  • Review the company’s financial and risk management policies;
  • Look into the reasons for substantial defaults in the payments to the depositors, debenture holders, shareholders (in case of non-payment of declared dividends) and creditors;

The importance of corporate governance in risk management is amply supported by the reasoning of the Kumar Mangalam Birla – member of the Committee on Corporate Governance to implement corporate governance in India. Risk Management is thus an integral component of corporate governance and good management. There is a growing realization that corporate governance has an impact on enterprise risk management. Several large companies and financial institutions worldwide no longer exist or have been taken over precisely because they neglected the basic rules of risk management and control. Some common risk management problems in relation to corporate governance that appeared in many financial institutions before and during the crisis according to the OECD (2009) was because:

  • Risks were frequently not linked to strategy which is a key issue to ensuring that risk management has a focus on the business context;
  • Risk definitions are often poorly expressed. Better risk definitions (context, event, consequence) are contrary to a lot of current thinking in risk management which has shorten risk descriptions to the smallest number of words possible;
  • Organizations weren’t always in a position to develop intelligent responses to risks;
  • Boards didn’t take stakeholders and guardians into account in detailing responses to risk;
  • Important parts of the value chain were outsourced to others.

Corporate governance malpractices and risk management failures has also been touted as a conducive factor of the current economic crisis. When a company fails due to lax risk management, the consequences can be dire from reputation risk, job losses, company collapse, etc., to erosion of total shareholder wealth.

2. Methodology

The main methodology in this paper is a case study of two big companies of recent history which declared bankrupt and closed because of bad corporate governance and risk management. Through our investigation to the biggest frauds of a near past, we learn some important lessons regarding important relationship of good corporate governance and risk management.

3. Discussion

3.1 The Enron Debacle

We have chosen the case of Enron, because it was one of the global leading power, energy and utilities companies employing around 20,000 staff before bankruptcy in December 2001. It was “A” rated and one of Fortune’s Top 100 companies working in America in 2000. Creative accountant Chairman Ken Lay, CEO Jeff Skilling and CFO Andrew Fastow placed liabilities in shell companies not showing in books. Fraudulent deals also led to demise of Arthur Andersen and partly led to break of Sarbanes Oxley Act of 2002 (Public Company Accounting and Investor Protection Act) – Corporate Governance rules – brought responsibility of directors and criminal penalties etc.

The failure of Enron was nothing but failure of corporate governance. Enron insiders including three current audit committee members sold 17.3 million worthy shares for $1.1 billion to an unsuspecting public while issued financial statements were later revealed to be pure fake. The CEO had the audacity to make the following comment: “We believe that the information we have made available addresses a number of the concerns that have been raised by our shareholders and the SEC about these matters. We will continue our efforts to respond to investor requests for information about our operational and financial condition so they can evaluate, appreciate and appropriately value the strength of our core businesses”.Governance experts say the audit committee’s lack of independence made it less inclined to question management. The Enron debacle led to the enactment of Sarbanes Oxley the most stringent corporate governance regulation on disclosure.

3.2 The Satyam Debacle

The fraud committed by Ramalinga Raju in Satyam computers is the biggest corporate fraud in India and it is also a case of failure of corporate governance. On 24th June 1987, Satyam Computer Services Ltd (popularly known as Satyam) was incorporated by the two brothers, B Rama Raju and B Ramalinga Raju1, as a private limited company with just 20 employees for providing software development and consultancy services to large corporations (the company got converted into public in 1991). During the year 1996, company promoted three more subsidiaries including Satyam Renaissance Consulting Ltd, Satyam Enterprise Solutions Pvt. Ltd., and Satyam Infoway Pvt. Ltd. In 1997, Satyam Computer Services Ltd was selected by the Switzerland-based World Economic Forum and World Link Magazine as one of India’s most remarkable and rapidly growing entrepreneurial companies. Satyam Infoway (Sify), a wholly owned subsidiary of Satyam Computer Services Ltd, was the first Indian Internet Company listed on NASDAQ. Mr. B. Ramalinga Raju, Chairman of Satyam, was awarded the IT Man of the Year 2000 by Dataquest. In 2001, Satyam became world’s first ISO 9001:2000 company certified by BVQI. In 2003, Satyam started providing IT services to World Bank and signed up a long term contract with it. In 2005, Satyam was ranked 3rd in Corporate Governance Survey by Global Institutional Investors.

Suddenly in January 7, 2009, B. Ramalinga Raju announced confession of over Rupees 7800 crore financial fraud and he resigned as chairman of Satyam. His emotionally charged four and half page letter of startling revelations shook the entire corporate world when he admitted of cooking the account and inflating the figure by Rupees 5040 crores. He committed this fraud and tried to hush it up by an abortive bid to purchase Maytas Infra, a company created by him and run by his son Teja Raju. A week after Satyam founder B Ramalinga Raju’s scandalous confession, Satyam’s auditors Price Waterhouse finally admitted that its audit report was wrong as it was based on wrong financial statements provided by Satyam’s management. On January 22, 2009, Satyam’s CFO Srinivas Vadlamani confessed to having inflated the number of employees by 10,000. He told CID officials interrogating him that this helped in drawing around Rs 20 crore per month from the related but fictitious salary accounts. Satyam had inflated the revenue of the company by infusing false and fictitious sales invoices and shown the amount received and deposited as fixed deposits in various scheduled banks.

According to the Institute of Directors, the following corporate governance norms were flouted leading to the collapse of Satyam.

  • Satyam’s unethical work culture – its corporate culture; bribery, corruption and exchange of favors within and outside the company appear to have occurred frequently;
  • Both CEO and CFO have been charged putting self-interests ahead of the company’s interests;
  • The internal control appear not to have detected the fraudulent activities for an extended period of time;
  • A case of false books and bogus accounting;
  • The Satyam Board was composed of “Chairman-friendly” directors who failed to question management’s strategy. The Board ignored or failed to act on critical information related to financial wrongdoings;
  • The Satyam episode has brought out the failure of the present corporate governance structure that hinges on the independent directors;
  • Questionable role of audit committee.

A company’s system of internal control reflects its control environment and should be capable of responding quickly to evolving risks to the business arising from factors within the company and to changes in the business environment. Internal controls are the core of a company’s corporate governance practice and the main means of controlling, offsetting and mitigating most types of risk, specially, those associated with reckless and fraudulent financial decisions. This is highlighted by the Cadbury Report in 1992 which states that “having a Code such as ours been in existence in the past. We believe that a number of the recent examples of unexpected company failures and cases of fraud would have received attention earlier.”

Compliance is separate from corporate governance. Corporate governance emphasizes the use of systemic methods for monitoring the performance of a company on an ongoing basis. In contradistinction, compliance is viewed as a continuous obligation to achieve some defined ends, namely, certifying the identified regulatory requirements, legal specifications, industry standards or company commitments. For example, the board of directors and senior management must make compliance and accountability matters so that management must map out the company’s future by seeing that daily decisions and actions steer in the right direction and compliance is simply a part of the overall corporate governance process. In some jurisdictions such as the UK, companies are obliged to include in their annual report a statement as to whether or not the company has complied throughout the accounting period. Recently, the new NYSE (New York Stock Exchange) rules for corporate governance require the audit committee to discuss and review the firm’s risk assessment and hedging strategies. They also put additional requirements for the composition and the financial knowledge of the directors sitting on the board and on the audit committee.

Basic Corporate governance guidelines which oversee risk management are;

  • Reporting: The reports from management to the board should, in relation to the areas covered by them, provide a balanced assessment of the significant risks and the effectiveness of the system of internal control in managing those risks. Any significant control failings or weaknesses identified should be discussed in the reports, including the impact that they have had, or may have, on the company and the actions being taken to rectify them;
  • Roles and responsibilities: All employees have some responsibility for internal control as part of their accountability for achieving objectives. They, collectively, should have the necessary knowledge, skills, information, and authority to establish, operate and monitor the system of internal control.

OECD has compiled risk management guidelines after assessing the following three codes:

  1. The Corporate Governance Standards set out in the NYSE Listed Company Manual;
  2. The Combined Code produced by the Financial Reporting Council;
  3. The Corporate Governance Code for listed Companies produced by the Associations Française des Entreprises Privées (AFEP) and Mouvement des Entreprises de France (MEDEF).

The guidelines are as follows:

  • Independent or non-executive directors: all three codes envisage either a majority of non-executive directors or a balance of non-executive and executive directors. This is no longer a controversial issue. Each code either has material in it, or there is supporting material prepared by others that provides clarity on the meaning of independent;
  • Executive sessions: all three of the codes envisage a need for non-executive directors to meet alone without the presence of executive directors, normally with access to such managers in the organization as they require.
  • Nominations Committee: all three codes require nomination committees for the appointment of new directors. The main purpose is to ensure that there is a transparent appointment process which is not under the control of management alone, and to ensure that the right balance of skills and experience is brought to the board table. In practice, the search for new directors is often outsourced to headhunters with the consequence that the appearance of transparency is somewhat reduced by the typical reluctance of headhunters to consider shortlisting anyone who has not previously undertaken a given role. Consequently, this can significantly reduce one of the objectives of the Higgs review in the UK which was specifically to encourage drawing potential board candidates from a broader population than hitherto;
  • Compensation Committee: there is a requirement in each code for a compensation or remuneration committee. These are principally designed to deal with the remuneration of directors, especially, executive directors. In the case of the United States, this includes the CEO and Executive Officers. Given the experience of the Financial Crisis, there is a good argument to be made that the scope of the remuneration committees should be increased to oversee the broad principles underpinning remuneration of senior managers throughout the organization, especially, where there is a high contingency of conditional remuneration (bonuses) which has significant potential to influence the nature of risk-taking in the organization.;
  • Audit Committee: each code requires an audit committee of the board. There are similar requirements for the skills and expertise, although they have varying forces of law behind;
  • Internal Audit: all corporations are required to have internal audit under the NYSE code, to consider the need for internal audit on an annual basis under the Combined Code and Audit Committees, to oversee internal audit under the French Code;
  • Evaluation of board and committees: all codes envisage the need for boards to conduct some form of evaluation of the boards and their committees. The Combined Code also requires an evaluation of individual board member performance;
  • Shareholder approval of equity compensation plans: all of the codes require boards to approve equity compensation plans for director and, in the case of the NYSE code, for Executive Officers;
  • Code of Business Conduct and Ethics: each company must develop and publish an appropriate Code of Business Conduct and Ethics. This is not explicitly required in either the Combined Code or the French Code. This absence may be explained by a presumption of high levels of business conduct and ethics. Revelations in the British and French press suggest that this presumption might be inappropriate. Accordingly, this type of provision should be incorporated in the codes where it is lacking;
  • Certification: both the Combined Code and the French Code require companies to either comply or explain why they are not complying with their respective codes. The NYSE Code requires directors to certify that they are complying. Certification has an implication of a stronger requirement to comply with the provisions of Corporate Governance. Policy makers should consider whether boards in the UK and France have now had long enough to consider the benefits (to society at large) of good corporate governance and, therefore, they should be required to certify compliance rather than simply explain why corporate governance is not relevant to them;
  • Public Reprimand Letter: The NYSE Code is the only code that envisages the use of reprimand letters. Non-compliance in the UK and France is essentially an area to be dealt with by investors. Policy makers should consider whether there is a role for naming and shaming companies that do not comply with the requirements of the Combined Code or French Code of Corporate Governance.

Clause 49 of the listing agreement also incorporates most of the above guidelines. A strong Corporate Governance frame work can mitigate risk if it includes the following:

Identify the risk inherent in achieving goals and objectives:

  • Establish risk appetite across the entire risk spectrum;
  • Establish and communicate risk management frameworks.


  • Build accurate and consistence risk assessment;
  • Establish and implement measurement reporting standards/methodologies;
  • Build a risk profile.


  • Establish key control processes, practices, and reporting requirements;
  • Monitor the effectiveness of control;
  • Ensure all the exposures are adequately identified, measured and managed in accordance with board approved frameworks;
  • Provide early warning signals;
  • Ensure risk management practices are adequate and appropriate for managing the risks.


  • Report areas of stress where crystallization of risks is imminent;
  • Present remedial actions to reduce and/or mitigate such risks;
  • Report on sensitive and key risk indicators;
  • Communicate with relevant parties.

Manage and Challenge:

  • Review and challenge all aspects of the company’s risk profile;
  • Advise on optimizing and improving the company’s risk profile;
  • Reviewing and challenge risk management practices.

4. Conclusion

To conclude, corporate governance is an integral part of the risk management of any company and should be stringently adapted as it will lead to increase in shareholder wealth, increase in investor confidence and reduced cost of capital along with other benefits such as better brand equity, greater employee morale and greater confidence of creditors.



Comments are closed.