Overnance, Usiness Thics, ISK Anagement and Nternal Ontrol: Presented By: Scott Jason P. Llanes, BA

AEC 117 - GOVERNANCE,
BUSINESS ETHICS,
RISK MANAGEMENT AND
INTERNAL CONTROL
Presented by:
SCOTT JASON P. LLANES, DBA
Lesson 1: Conceptual Framework of Corporate Governance
Corporate Governance is how a corporation is administered or controlled. It
is a set of processes, customs, policies, laws and instructions affecting the way
a corporation is directed, administered or controlled. The participants in the
process include employees, suppliers, partners, customers, government, and
professional organization regulators, and the communities in which the
organization has presence.
Corporate Governance is integral to the existence of the company. Corporate

Governance is needed to create a corporate culture of transparency,
accountability and disclosure.
Corporate Governance is concerned with holding the balance between
economic and social goals and between individual and communal goals. The
corporate governance framework is there to encourage the efficient use of
resources and equally to require accountability for the stewardship of those
resources. The aim is to align as nearly as possible the interests of individuals,
corporations and society.
Good accounting and auditing practices are highly effective as an instrument of
corporate governance.
In a business context, customers, investors, shareholders, employees, suppliers,
government agencies, communities and many others who have a ‘stake’ or
claim in some aspect of a company’s products, operations, markets, industry
and outcomes are known as stakeholders.
Stakeholders are characterized by their relationship to the company and their

needs, interests and concerns, which will be foremost in their minds at the
start of an engagement process. However, as the process unfolds they will soon
take a particular role with related tasks and responsibilities.
Lesson 2: Risk Management
Risk and reward go hand by hand. We have often heard the statement that
without risk there is no gain. Risk is inherent in the business. Different types of
risk exist in the business according to the nature of the business and they are
to be controlled and managed.
Risk Management is a continuous process of identifying, evaluating and

assessing the inherent and potential risk, adopting the methods for its
systematic reduction in order to sustainable business development.
Lesson 3. Ethics and Business
Ethics is a “Science of morals.” The new and emerging concepts in management
like corporate governance, business ethics and corporate sustainability are
some of the expressions through which this emerging ethical instinct in the
corporate world is trying to express and embody itself in the corporate life. In
this study we examine the concept of ethics and its importance for the
business, corporate governance and governance through inner conscience and
sustainability.
The objective is to enable one to understand the following:
- Inner Conscience and its Linkage to Governance
- The concept of business ethics
- Advantages of Ethics
WHAT IS CORPORATE GOVERNANCE?
Corporate Governance is “the conduct of business in accordance with shareholders’ desires, which
generally is to make as much money as possible, while conforming to the basic rules of the society
embodied in law and local customs.”
Noble Laureate Milton Friedman
Corporate or a Corporation is derived from the Latin term “corpus” which
means a “body”. Governance means administering the processes and systems
placed for satisfying stakeholder expectation.
The root of the word Governance is from ‘gubernate’, which means to steer.
When combined, Corporate Governance means a set of systems, procedures,
policies, practices, standards put in place by a corporate to ensure that
relationship with various stakeholders is maintained in transparent and honest
manner.
The phrase “corporate governance” describes “the framework of rules,
relationships, systems and processes within and by which authority is exercised
and controlled within corporations. It encompasses the mechanisms by which
companies, and those in control, are held to account.”
Corporate governance is the broad term used to describe the processes,

customs, policies, laws and institutions that direct the organizations and
corporations in the way they act or administer and control their operations. It
works to achieve the goal of the organization and manages the relationship
among the stakeholders including the board of directors and the shareholders.
Corporate governance means to steer an organization in the desired direction
by determining ways to take effective strategic decisions. It also deals with the
accountability of the individuals through a mechanism which reduces the
principal-agent problem in the organization.
Corporate Governance has a broad scope. It includes both social and
institutional aspects. Corporate Governance encourages a trustworthy, moral,
as well as ethical environment. In other words, the heart of corporate
governance is transparency, disclosure, accountability and integrity. It is to be
borne in mind that mere legislation does not ensure good governance. Good
governance flows from ethical business practices even when there is no
legislation.
Good corporate governance promotes investor confidence, which is crucial to
the ability of entities listed to compete for capital. Good corporate governance
is essential to develop added value to the stakeholders as it ensures
transparency which ensures strong and balanced economic development. This
also ensures that the interests of all shareholders (majority as well as minority
shareholders) are safeguarded. It ensures that all shareholders fully exercise
their rights and that the organization fully recognizes their rights.
Some of the salient advantages of Corporate Governance are stated hereunder:
❑ Good corporate governance ensures corporate success and economic
growth.
❑ Strong corporate governance maintains investors’ confidence, as a result of
which, company can raise capital efficiently and effectively.
❑ There is a positive impact on the share price.
❑ It provides proper inducement to the owners as well as managers to achieve
objectives that are in interests of the shareholders and the organization.
❑ Good corporate governance also minimizes wastages, corruption, risks and
mismanagement.
❑ It helps in brand formation and development.
❑ It ensures organization in managed in a manner that fits the best interests of
all.
(a) Corporate Performance
Improved governance structures and processes ensure quality decision-making,
encourage effective succession planning for senior management and enhance
the long-term prosperity of companies, independent of the type of company
and its sources of finance. This can be linked with improved corporate
performance- either in terms of share price or profitability.
(b) Enhanced Investor Trust
As individuals and institutions invest capital directly or through intermediary
funds, they look to see if well- governed corporate boards are there to protect
their interests. Investors who are provided with high levels of disclosure and
transparency such as relating to data on matters such as pay governance, pay
components, performance goals, and the rationale for pay decisions etc. are
likely to invest openly in those companies. On Apple’s investor relations site,
for example, the firm outlines its leadership and governance, including its
executive team, its board of directors and also the firm’s committee charters
and governance documents, such as bylaws, stock ownership guidelines etc.
(c) Better Access to Global Market
Good corporate governance systems attract investment from global investors, which subsequently leads to
greater efficiencies in the financial sector. The relation between corporate governance practices and the
increasing international character of investment is very important. International flows of capital enable
companies to access financing from a much larger pool of investors. In order to reap the full benefits of the
global capital market and attract long-term capital, corporate governance arrangements must be credible, well
understood across borders and should adhere to internationally accepted principles. On the other hand, even
if corporations do not rely primarily on foreign sources of capital, adherence to good corporate governance
practices helps improve the confidence of domestic investors, reduces the cost of capital, enables good
functioning of financial markets and ultimately leads to more stable sources of finance.
(d) Combating Corruption
Companies that are transparent, and have sound system that provide full
disclosure of accounting and auditing procedures, allow transparency in all
business transactions, provide environment where corruption would certainly
fade out. Corporate Governance enables a corporation to -compete more
efficiently and prevent fraud and malpractices within the organization.
(e) Easy Finance from Institutions
Several structural changes like increased role of financial intermediaries and institutional investors, size of the
enterprises, investment choices available to investors, increased competition, and increased risk exposure have
made monitoring the use of capital more complex thereby increasing the need of Good Corporate
Governance. Evidences indicate that well-governed companies receive higher market valuations. The credit
worthiness of a company can be trusted on the basis of corporate governance practiced in the company.
(f) Enhancing Enterprise Valuation

Improved management accountability and operational transparency fulfill investors’ expectations and
confidence on management and corporations, and in return, increase the value of corporations.
(g) Reduced Risk of Corporate Crisis and Scandals
Effective Corporate Governance ensures efficient risk mitigation system in place. A transparent and
accountable system makes the Board of a company aware of the majority of the mask risks involved in a*
particular strategy, thereby, placing various control systems in place to facilitate the monitoring of the related
issues.
(h) Accountability
Investor relations are essential part of good corporate governance. Investors directly/ indirectly entrust
management of the company to create enhanced value for their investment. The company is hence obliged to
make timely disclosures on regular basis to all its shareholders in order to maintain good investor relation.
Good Corporate Governance practices create the environment whereby Boards cannot ignore their
accountability to these stakeholders.
ELEMENTS / SCOPE OF GOOD CORPORATE GOVERNANCE
Some of the important elements of good corporate governance are discussed as under:
1. Role and powers of Board
Good governance is decisively the manifestation of personal beliefs and values which configure the
organizational values, beliefs and actions of its Board. The board is the primary direct stakeholder influencing
corporate governance.
Directors are elected by shareholders or appointed by other board members and are tasked with making
important decisions, such as corporate officer appointments, executive compensation and dividend policy. In
some instances, board obligations stretch beyond financial optimization, when shareholder resolutions call for
certain social or environmental concerns to be prioritized.
The Board as a main functionary is primary responsible to ensure value creation for its stakeholders. The
absence of clearly designated role and powers of Board weakens accountability mechanism and threatens the
achievement of organizational goals. Therefore, the foremost requirement of good governance is the clear
identification of powers, roles, responsibilities and accountability of the Board, CEO, and the Chairman of the
Board.The role of the Board should be clearly documented in a Board Charter.
2. Legislation
Clear and unambiguous legislation and regulations are fundamental to effective corporate governance.
Legislation that requires continuing legal interpretation or is difficult to interpret on a d.ay-to-day basis can be
subject to deliberate manipulation or inadvertent misinterpretation.
3. Management Environment
Management environment includes setting-up of clear objectives and appropriate ethical
framework, establishing due processes, providing for transparency and clear enunciation of
responsibility and accountability, implementing sound business planning, encouraging business
risk assessment, having right people and right skill for the jobs, establishing clear boundaries for
acceptable behavior, establishing performance evaluation measures and evaluating performance
and sufficiently recognizing individual and group contribution.
4. Board skills
To be able to undertake its functions efficiently and effectively, the Board must
possess the necessary blend of qualities, skills, knowledge and experience.
Each of the directors should make quality contribution.
A Board should have a mix of the following skills, knowledge and experience:
Operational or technical expertise, commitment to establish leadership;
Financial skills;
Legal skills; and
Knowledge of Government and regulatory requirement.
5. Board appointments
To ensure that the most competent people are appointed on the Board, the Board positions should be filled
through the process of extensive search. A well-defined and open procedure must be in place for
reappointments as well as for appointment of new directors. Appointment mechanism should satisfy all
statutory and administrative requirements. High on the priority should be an understanding of skill
requirements of the Board particularly at the time of making a choice for appointing a new director. All new
directors should be provided with a letter of appointment setting out in detail their duties and responsibilities.
The role of the board of directors was summarized by the King Report (a South African report on corporate
governance) as:
• to define the purpose of the company
• to define the values by which the company will perform its daily duties
• to identify the stakeholders relevant to the company
• to develop a strategy combining these factors
• to ensure implementation of this strategy.
6. Board induction and training
Directors must have a broad understanding of the area of operation of the company’s business,
corporate strategy and challenges being faced by the Board. Attendance at continuing education
and professional development programs is essential to ensure that directors remain abreast of all
developments, which are or may impact on their corporate governance and other related duties.
7. Board independence
Independent Board is essential for sound corporate governance. This goal may be achieved by
associating sufficient number of independent directors with the Board. Independence of directors
would ensure that there are no actual or perceived conflicts of interest. It also ensures that the
Board is effective in supervising and, where necessary, challenging the activities of management.
Accordingly, the majority of Board members should be independent of both the management
team and any commercial dealings with the company.
8. Board Meetings
Directors must devote sufficient time and give due attention to meet their obligations. Attending Board
meetings regularly and preparing thoroughly before entering the Boardroom increases the quality of
interaction at Board meetings. Board meetings are the forums for Board decision-making. These meetings
enable directors to discharge their responsibilities. The effectiveness of Board meetings is dependent on
carefully planned agendas and providing relevant papers and material to directors sufficiently prior to Board
meetings.
9. Code of Conduct
It is essential that the organization’s explicitly prescribed norms of ethical practices and code of conduct are
communicated to all stakeholders and are clearly understood and followed by each member of the
organization. Systems should be in place to periodically measure, evaluate and if possible recognize the
adherence to code of conduct.
10. Strategy setting
The objectives of the company must be clearly documented in a long-term
corporate strategy including an annual business plan together with achievable
and measurable performance targets and milestones.
11. Business and community obligations

Though basic activity of a business entity is inherently commercial yet it must
also take care of community’s obligations. Commercial objectives and
community service obligations should be clearly documented after approval by
the Board. The stakeholders must be informed about the proposed and
ongoing initiatives taken to meet the community obligations.
12. Financial and operational reporting
The Board requires comprehensive, regular, reliable, timely, correct and relevant information in a form and of a
quality that is appropriate to discharge its function of monitoring corporate performance. For this purpose,
clearly defined performance measures - financial and non-financial should be prescribed which would add to
the efficiency and effectiveness of the organization.
The reports and information provided by the management must be comprehensive but not so extensive and
detailed as to hamper comprehension of the key issues. The reports should be available to Board members
well in advance to allow informed decision-making. Reporting should include status report about the state of
implementation to facilitate the monitoring of the progress of all significant Board approved initiatives.
13. Monitoring the Board performance
The Board must monitor and evaluate its combined performance and also that of individual directors at
periodic intervals, using key performance indicators besides peer review. The Board should establish an
appropriate mechanism for reporting the results of Board’s performance evaluation results.
14. Audit Committees

The Audit Committee is inter alia responsible for liaison with the management; internal and statutory auditors,
reviewing the adequacy of internal control and compliance with significant policies and procedures, reporting
to the Board on the key issues. The quality of Audit Committee significantly contributes to the governance of
the company.
15. Risk Management
Risk is an important element of corporate functioning and governance. There
should be a clearly established process of identifying, analyzing and treating
risks, which could prevent the company from effectively achieving its objectives.
It also involves establishing a link between risk-return and resourcing priorities.
Appropriate control procedures in the form of a risk management plan must
be put in place to manage risk throughout the organization. The plan should
cover activities as diverse as review of operating performance, effective use of
information technology, contracting out and outsourcing.
ETHICS
and
BUSINESS
INTRODUCTION
Today, the corporate world as a whole is in the process of acquiring a moral
conscience. The new and emerging concepts in management like corporate
governance, business ethics and corporate sustainability are some of the
expressions through which this emerging ethical instinct in the corporate
world is trying to express and embody itself in the corporate life. In this study
we examine the concept of ethics and its importance for the business,
corporate governance and governance through inner conscience and
sustainability.
WHAT IS ETHICS
As per the Oxford Dictionary the meaning of ethics is a “system of moral
principles, rules and conduct.”. Ethics is a “Science of morals.” The word ethics
has emerged from Latin ‘Ethicus’ or in Greek ‘Ethicos’. The origin of these two
words is from ‘ethos’ meaning character. Character unlike behavior is an
intrinsic or basic factor which derives from inner most.
The term ‘ethics’ can commonly refer to the rules and principles that define
right and wrong conduct of individuals (Robbins, Bergman, Stagg and Coulter,
2003, p.150). Ethical Behavior is accepted as “right” or “good” in the context of
a governing moral code. Ethics can be viewed as a way of behaving that can be
prescribed and imposed by the work environment (Garcia-Zamor, 2003).
Ethics refers to well-founded standards of right and wrong that prescribe what
humans ought to do, usually in terms of rights, obligations, benefits to society,
fairness, or specific virtues.
Thus, ethics relates to the standards of conduct and moral judgements that
differentiate right from wrong. Ethics is not a natural science but a creation of
the human mind. For this reason, it is not absolute and is open to the influence
of time, place and situation.
BUSINESS ETHICS
Business ethics constitute the ethical/moral principles and challenges that arise
in a business environment. Some of the areas related with – and not limited to-
business ethics include the following:
1. Finance and Accounting: Creative accounting, Earnings management,
Financial analysis, Insider trading, Securities Fraud, Facilitation payment.
2. Human Resource Management: Executive compensation, Affirmative
action, Workplace surveillance, Whistle blowing, Occupational safety and health,
Indentures servitude, Union busting, Sexual Harassment, Employee raiding.
3. Sales and Marketing: Price fixing, price discrimination, green washing,
spamming, using addictive messages/images in advertising, Marketing to
children, False advertising, Negative campaigning.
Business Ethics is the application of ethical principles and methods of analysis

to business. Business ethics deals with the topic of study that has been given its
due importance in business, commerce and industry since last three decades.
ORGANIZATION STRUCTURE AND ETHICS
An organization’s structure is important to the study of business ethics. In a
centralized organization, decision- making authority is concentrated in the
hands of top-level managers, and very little authority is delegated to the lower
levels. Responsibility, both internal and external, rests with top management.
This structure is especially suited for organizations that make high-risk
decisions, and whose lower-level managers are not highly skilled in decision-
making. It is also suitable for organizations in which production processes are
routine and efficiency is of primary importance.
In a decentralized organization, decision-making authority is delegated as far
down the chain of command as possible. Such organizations have relatively few
formal rules, coordination and control are usually informal and personal. They
focus on increasing the flow of information. As a result, one of the main strengths
of decentralized organizations is their adaptability and early recognition of
external change. This provides greater flexibility to managers and they can
react quickly to changes in their ethical environment. Weakness of decentralized
organizations lies in the fact that they have difficulty in responding quickly to
changes in policy and procedures established by the top management. In addition,
independent profit centers within a decentralized organization may sometimes
deviate from organizational objectives.
Organizational structure touches on many issues related to ethics. Such as:
1. The alienation experienced by workers doing repetitive work
2. The feelings of oppression created by the exercise of authority
3. The responsibilities heaped on the shoulders of managers.
4. The power tactics employed by managers who are anxious to advance
their career ambitions.
5. Health problems created by unsafe working conditions.
6. The absence of due process for non-unionized employees.
Conflict of interest in business arises when an employee or manager of a
company is engaged in carrying out a task on behalf of the company and the
employee has private interest in the outcome of the task:
1. Possibly antagonistic to the best interests of the company
2. Substantial enough that it does or reasonably might affect.
3. The independent judgement of the company expects the employee to
exercise on its behalf.
FOUR FUNDAMENTAL ETHICAL PRINCIPLES
1. The Principle of Respect for autonomy

Autonomy is Latin for “self-rule” We have an obligation to respect the
autonomy of other persons, which is to respect the decisions made by
other people concerning their own lives. This is also called the principle of
human dignity. It gives us a negative duty not to interfere with the decisions of
competent adults, and a positive duty to empower others for whom we’re
responsible.
Corollary principles: honesty in our dealings with others & obligation to keep
promises.
2. The Principle of Beneficence
We have an obligation to bring about good in all our actions.
Corollary principle? We must take positive steps to prevent harm. However, adopting this corollary principle
frequently places us in direct conflict with respecting the autonomy of other persons.
3. The Principle of non-maleficence

(It is not “non-malfeasance,” which is a technical legal term, & it is not “non-malevolence,” which means that
one did not intend to harm.)
We have an obligation not to harm others: “First, do no harm. Corollary principle: Where harm cannot be
avoided, we are obligated to minimize the harm we do. Corollary principle: Don’t increase the risk of harm to
others. Corollary principle: It is wrong to waste resources that could be used for good.
Combining beneficence and non-maleficence: Each action must produce more good than harm.
4. The Principle of justice
We have an obligation to provide others with whatever they are owed or deserve. In public life, we have an
obligation to treat all people equally, fairly, and impartially.
Corollary principle: Impose no unfair burdens.
Combining beneficence and justice:We are obligated to work for the benefit of those who are unfairly treated.
ETHICAL DILEMMA
Dilemma is a situation that requires a choice between options that are or seem equally unfavorable or
mutually exclusive. By definition, an ethical dilemma involves the need to choose from among two or more
morally acceptable courses of action, when one choice prevents selecting the other; or, the need to choose
between equally unacceptable alternatives (Hamric, Spross, and Hanson, 2000).
A dilemma could be a right vs. wrong situation in which the right would be more difficult to pursue and wrong
would be more convenient. A right versus wrong dilemma is not so easy to resolve. It often involves an
apparent conflict between moral imperatives, in which to obey one would result in transgressing the other.
This is also called an ethical paradox.
An ethical dilemma involves a situation that makes a person question what is the ‘right’ or ‘wrong’ thing to do.
They make individuals think about their obligations, duties or responsibilities. These dilemmas can be highly
complex and difficult to resolve. Easier dilemmas involve a ‘right’ versus ‘wrong’ answer; whereas, complex
ethical dilemmas involve a decision between a right and another right choice. However, any dilemma needs to
be resolved.
The ethical dilemma consideration takes us into the grey zone of business and professional life, where things
are no longer black or white and where ethics has its vital role today. A dilemma is a situation that requires a
choice between equally balanced arguments or a predicament that seemingly defies a satisfactory solution.
STEPS TO RESOLVING ETHICAL DILEMMA
ADVANTAGES OF BUSINESS ETHICS
More and more companies have begun to recognize the relation between
business ethics and financial performance. Companies displaying a “clear
commitment to ethical conduct” consistently outperform those companies
that do not display an ethical conduct.
A company that adheres to ethical values and dedicatedly takes care of its
employees is rewarded with equally loyal and dedicated employees.
1. Attracting and retaining talent
People aspire to join organizations that have high ethical values. Such
companies are able to attract the best talent. The ethical climate matters a lot
to the employees. Ethical organizations create an environment that is
trustworthy, making employees willing to rely on company’s policies, ability to
take decisions and act on those decisions. In such a work environment,
employees can expect to be treated with respect, and will have consideration
for their colleagues and superiors as well. Thus, company’s policies cultivate
teamwork, promote productivity and support employee-growth.
Retaining talented people is as big a challenge for the company as getting them
in the first place. Work is a mean to an end for the employees and not an end
in itself. The relationship with their employer must be a win- win situation in
which their loyalty should not be taken for granted. Talented people will invest
their energy and talent only in organizations with values and beliefs that
matches their own. In order to achieve this equation, managers need to build
culture, compensation and benefit packages, and career paths that reflect and
foster certain shared values and beliefs.
2. Investor Loyalty
Investors are concerned about ethics, social responsibility and
reputation of the company in which they invest. Investors are
becoming more and more aware that an ethical climate provides
a foundation for efficiency, productivity and profits. Relationship
with any stakeholder, including investors, based on dependability,
trust and commitment results in sustained loyalty.
3. Customer satisfaction
Customer satisfaction is a vital factor of a successful business strategy. Repeated purchases/orders and an
enduring relationship with mutual respect is essential for the success of the company. The name of a company
should evoke trust and respect among customers for enduring success. This is achieved by a company only
when it adopts ethical practices. When a company with a belief in high ethical values is perceived as such, the
crisis or mishaps along the way is tolerated by the customers as minor aberrations. Such companies are also
guided by their ethics to survive a critical situation. Preferred values are identified and it is ensured that
organizational behavior is aligned to those values. An organization with a strong ethical environment places its
customers’ interests as foremost. Ethical conduct towards customers builds a strong competitive position for
the company. It promotes a strong public image too.
4. Regulators
Regulators eye companies functioning ethically as responsible citizens. The regulator need not always monitor
the functioning of the ethically sound company. Any organization that acts within the confines of business
ethics not only earns profit but also gains reputation publicly.
To summarize, companies that are responsive to employees’ needs have lower turnover in staff.
– Shareholders invest their money into a company and expect a certain level of return from that money
in the form of dividends and/or capital growth.
- Customers pay for goods, give their loyalty and enhance a company’s reputation in return for goods
or services that meet their needs.
- Employees provide their time, skills and energy in return for salary, bonus, career progression and
experience.
CORPORATE SOCIAL RESPONSIBILITY
(C S R )
and
SUSTAINABILITY
CORPORATE SOCIAL RESPONSIBILITY (CSR)
CSR is understood to be the way firms integrate social,
environmental and economic concerns into their values, culture,
decision making, strategy and operations in a transparent and
accountable manner and thereby establish better practices within
the firm, create wealth and improve society. CSR is also called
Corporate Citizenship or Corporate Responsibility.
The 1950s saw the start of the modern era of CSR when it was more commonly known as Social
Responsibility. In 1953, Howard Bowen published his book, “Social Responsibilities of the Businessman”, and is
largely credited with coining the phrase ‘corporate social responsibility’ and is perhaps the Father of modern
CSR. Bowen asked: “what responsibilities to society can business people be reasonably expected to assume?”
Bowen also provided a preliminary definition of CSR: “its refers to the obligations of businessmen to pursue
those policies, to make those decisions, or to follow those lines of action which are desirable in terms of the
objectives and values of our society“.
According to Business for Social Responsibility (BSR) “Corporate social responsibility is operating a business in
a manner which meets or excels the ethical, legal, commercial and public expectations that a society has from
the business.”
According to CSR Asia, a social enterprise, “CSR is a company’s commitment to operate in an economically,
socially and environmentally sustainable manner whilst balancing the interests of diverse stakeholders”
CSR is generally accepted as applying to firms wherever they operate in the domestic and global economy. The
way businesses engage/involve the shareholders, employees, customers, suppliers, Governments, non-
Governmental organizations, international organizations, and other stakeholders is usually a key feature of the
concept. While an organization’s compliance with laws and regulations on social, environmental and economic
objectives set the official level of CSR performance, it is often understood as involving the private sector
commitments and activities that extend beyond this foundation of compliance with laws.
According to the World Business Council for Sustainable
“Corporate Social Responsibility is
Development, 1999
the continuing commitment by business to behave
ethically and contribute to the economic
development while improving the quality of life of
the workforce and their families as well as of the
local community and the society at large.”
Essentially, Corporate Social Responsibility is an inter-disciplinary subject in
nature and encompasses in its
fold:
1. Social, economic, ethical and moral responsibility of companies and
managers,
2. Compliance with legal and voluntary requirements for business and
professional practice,
3. Challenges posed by needs of the economy and socially disadvantaged
groups, and
4. Management of corporate responsibility activities.
CSR is an important business strategy because, wherever possible, consumers
want to buy products from companies they trust; suppliers want to form
business partnerships with companies they can rely on; employees want to
work for companies they respect; and NGOs, increasingly, want to work
together with companies seeking feasible solutions and innovations in areas of
common concern. CSR is a tool in the hands of corporates to enhance the
market penetration of their products, enhance its relation with stakeholders.
CSR activities carried out by the enterprises affects all the stakeholders, thus
making good business sense, the reason being contribution to the bottom line.
WHY CSR AT ALL?
Business cannot exist in isolation; business cannot be oblivious to societal development. The social
responsibility
of business can be integrated into the business purpose so as to build a positive synergy between the two.
1. CSR creates a favorable public image, which attracts customers. Reputation or brand equity of the
products of a company which understands and demonstrates its social responsibilities is very high. Customers
trust the products of such a company and are willing to pay a premium on its products. Organizations that
perform well with regard to CSR can build reputation, while those that perform poorly can damage brand and
company value when exposed. Brand equity, is founded on values such as trust, credibility, reliability, quality and
consistency.
2. Corporate Social Responsibility (CSR) activities have its advantages. It
builds up a positive image encouraging social involvement of employees, which
in turn develops a sense of loyalty towards the organization, helping in
creating a dedicated workforce proud of its company. Employees like to
contribute to the cause of creating a better society. Employees become
champions of a company for which they are proud to work.
3. Society gains through better neighborhoods and employment
opportunities, while the organisation benefits from a better community, which
is the main source of its workforce and the consumer of its products.
4. Public needs have changed leading to changed expectations from
consumers. The industry/ business owes its very existence society and has to
respond to needs of the society.
5. The company’s social involvement discourages excessive regulation or
intervention from the Government or statutory bodies, and hence gives
greater freedom and flexibility in decision-making.
6. The internal activities of the organisation have an impact on the external
environment, since the society is an inter-dependent system.
7. A business organisation has a great deal of power and money, entrusted
upon it by the society and should be accompanied by an equal amount of
responsibility. In other words, there should be a balance between the authority
and responsibility.
8. The good public image secured by one organisation by their social
responsiveness encourages other organizations in the neighborhood or in the
professional group to adapt themselves to achieve their social responsiveness.
9. The atmosphere of social responsiveness encourages co-operative
attitude between groups of companies. One company can advise or solve
social problems that other organizations could not solve.
10. Companies can better address the grievances of its employees and
create employment opportunities for the unemployed.
11. A company with its “ear to the ground” through regular stakeholder
dialogue is in a better position to anticipate and respond to regulatory,
economic, social and environmental changes that may occur.
12. Financial institutions are increasingly incorporating social and
environmental criteria into their assessment of projects. When making
decisions about where to place their money, investors are looking for
indicators of effective CSR management.
13. In a number of jurisdictions, governments have expedited approval
processes for firms that have undertaken social and environmental activities
beyond those required by regulation.
FACTORS INFLUENCING CSR
Many factors and influences, including the following, have led to increasing attention being devoted to CSR:
→ Globalization – coupled with focus on cross-border trade, multinational enterprises and global supply
chains – is increasingly raising CSR concerns related to human resource management practices, environmental
protection, and health and safety, among other things.
→ Governments and intergovernmental bodies, such as the United Nations, the Organization for Economic
Co-operation and Development and the International Labor Organization have developed compacts,
declarations, guidelines, principles and other instruments that outline social norms for acceptable conduct.
→ Advances in communications technology, such as the Internet, cellular phones and personal digital assistants,
are making it easier to track corporate activities and disseminate information about them. Non-governmental
organizations now regularly draw attention through their websites to business practices they view as
problematic.
→ Consumers and investors are showing increasing interest in supporting responsible business practices and
are demanding more information on how companies are addressing risks and opportunities related to social
and environmental issues.
→ Numerous serious and high-profile breaches of corporate ethics have contributed to elevated public
mistrust of corporations and highlighted the need for improved corporate governance, transparency,
accountability and ethical standards.
→ Citizens in many countries are making it clear that corporations should meet standards of social and
environmental care, no matter where they operate.
→ There is increasing awareness of the limits of government legislative and regulatory initiatives to effectively
capture all the issues that corporate social responsibility addresses.
→ Businesses are recognizing that adopting an effective approach to CSR can reduce risk of business
disruptions, open up new opportunities, and enhance brand and company reputation.
TRIPLE BOTTOM LINE APPROACH OF CSR
Within the broader concept of corporate social responsibility, the concept of Triple Bottom Line (TBL) is
gaining significance and becoming popular amongst corporates. Coined in 1997 by John Ellington, noted
management consultant, the concept of TBL is based on the premise that business entities have more to do
than make just profits for the owners of the capital, only bottom line people understand. “People, Planet and
Profit” is used to succinctly describe the triple bottom lines. “People” (Human Capital) pertains to fair and
beneficial business practices toward labor and the community and region in which a corporation conducts its
business. “Planet” (Natural Capital) refers to sustainable environmental practices. It is the lasting economic
impact the organization has on its economic environment A TBL company endeavors to benefit the natural
order as much as possible or at the least do no harm and curtails environmental impact. “Profit” is the bottom
line shared by all commerce.
The need to apply the concept of TBL is caused due to –
(a) Increased consumer sensitivity to corporate social behavior
(b) Growing demands for transparency from shareholders/stakeholders
(c) Increased environmental regulation
(d) Legal costs of compliances and defaults
(e) Concerns over global warming
(f) Increased social awareness
(g) Awareness about and willingness for respecting human rights
(h) Media’s attention to social issues
(i) Growing corporate participation in social upliftment
CORPORATE CITIZENSHIP – BEYOND THE MANDATE OF LAW
Corporate citizenship is a commitment to improve community well-being

through voluntary business practices and contribution of corporate resources
leading to sustainable growth.
Corporate responsibility is achieved when a business adapts CSR well aligned

to its business goals and meets or exceeds, the ethical, legal, commercial and
public expectations that society has of business.
The term corporate citizenship implies the behaviour, which would maximize a
company’s positive impact and minimize the negative impact on its social and
physical environment. It means moving from supply driven to more demand led
strategies; keeping in mind the welfare of all stakeholders; more participatory
approaches to working with communities; balancing the economic cost and
`benefits with the social; and finally dealing with processes rather than
structures. The ultimate goal is to establish dynamic relationship between the
community, business and philanthropic activities so as to complement and
supplement each other.
Corporate citizenship is being adopted by more companies who have come to understand the importance of
the ethical treatment of stakeholders. As a good corporate citizen, the companies are required to focus on the
following key aspects:
1. Absolute Value Creation for the Society: Organisations should set their goal towards the creation of
absolute value for the society. Once it is ensured, a corporate never looks back and its sustainability in the
long run is built up.
2. Ethical Corporate Practices: In the short run, enterprise can gain through non-ethical practices.
However those cannot be sustained in the long run. Society denies accepting such products or services. For
example, in Drug and Pharmaceutical industry many products are today obsolete due their side effects which
such companies never disclosed to protect their sales volume. Only when they were banned by the WHO or
other authorities, they had to stop their production.
3. Worth of the Earth through Environmental Protection: Resources which are not ubiquitous and have
economic and social value should be preserved for a long- term use and be priced properly after considering
environmental and social costs. For example, a power plant should build up its cost model efficiently after
taking into account cost of its future raw material sourcing, R&D cost for alternate energy source, cost for
proper pollution control measures and so on.
4. Equitable Business Practices: Corporates should not indulge themselves in unfair means and should
create candid business practices, ensuring healthy competition and fair trade practices.
5. Corporate Social Responsibility: As a Corporate citizen, every corporate is duty bound to its society
wherein it operates and serves. Although there are no hard and fast rules, CSR activities need to be clubbed
and integrated into the business model of the company.
6. Innovate new technology/process/system to achieve eco-efficiency: Innovation is the key to success.
Risks and crisis can be eliminated through innovation. Learning and innovative enterprise gets a cutting edge
over others. These innovative processes bring sustainability if developments are aimed at satisfying human
needs, and ensure quality of life, while progressively reducing ecological impact and resource intensity to a level
at least in line with earth’s estimated carrying capacity.
7. Creating Market for All: Monopoly, unjustified subsidies, prices not reflecting real economic, social
environmental cost, etc. are hindrances to the sustainability of a business. Simultaneously, a corporate has to
build up its products and services in such a way so as to cater to all segments of customers/ consumers.
Customer confidence is the essence of corporate success.
8. Switching over from the Stakeholders Dialogue to holistic Partnership: A business enterprise can
advance its activities very positively if it makes all the stakeholders partner in its progress. It not only builds
confidence of its stakeholders, but also helps the management to steer the business under a very dynamic and
flexible system. This approach offers business, government and other stakeholders of the society to build up an
alliance to bring about common solutions to the common concerns faced by all.
9. Compliance of Statutes: Compliance of statutes, rules and regulations and standards set by various
bodies ensure clinical check up of a corporate and confers societal license upon it to the corporate to run and
operate its business in the society.
CORPORATE SUSTAINABILITY
Sustainability means meeting of the needs of the present without compromising the ability of future
generations to meet theirs. It has three main pillars: economic, environmental, and social. These three pillars
are informally referred to as people, planet and profits. These three Ps have its priority orders too. One should
take first take care of the PEOPLE and thereafter the PLANET. PROFIT is an economic activity and is much for
the survivial of the unit, but in the array of these three Ps, its priority should stand in last and not at the cost
of People and Planet.
Sustainability is based on a simple principle: Everything that we need for our survival and well-being depends,
either directly or indirectly, on our natural environment. Sustainability creates and maintains the conditions
under which humans and nature can exist in productive harmony that permits fulfilling the social, economic
and other requirements of the present and future generations.
Sustainability is important to make sure that we have and will continue to have the water, materials, and
resources to protect human health and our environment.
“Sustainability is an economic state where the demand placed upon the environment by people and commerce can be
met without reducing the capacity of the environment to provide for future generations. It can also be expressed in the
simple terms of an economic golden rule for the restorative economy; leave the world better than you found it, take no
more than you need, try not to harm life of environment, make amends if you do.” Paul Hawkin’s book – The Ecology
of Commerce
It is a business approach that creates long-term shareholder value by embracing opportunities and managing
risks deriving from economic, environmental and social developments. Corporate sustainability describes
business practices built around social and environmental considerations.
Corporate sustainability encompasses strategies and practices that aim to meet the needs of the stakeholders
today while seeking to protect, support and enhance the human and natural resources that will be the need of
the future. Corporate sustainability leaders achieve long-term shareholder value by gearing their strategies and
management to harness the market’s potential for sustainability products and services while at the same time
successfully reducing and avoiding sustainability costs and risks.
Thomas Dyllick and Kai Hockerts in ‘Beyond the Business Case for Corporate Sustainability’ define Corporate
Sustainability as, “meeting the needs of a firm’s direct and indirect stakeholders (such as shareholders,
employees, clients, pressure groups, and communities) without compromising its ability to meet the needs of
future stakeholders as well.”
Concern towards social, environmental and economic issues, i.e., covering all the segments of the stakeholders,
are now basic and fundamental issues which permit a corporate to operate in the long run sustainably.
Following key drivers need to be garnered to ensure sustainability:
Internal Capacity Building strength – In order to convert various risks into competitive advantages.
Social impact assessment – In order to become sensitive to various social factors, like changes in
culture and living habits.
Repositioning capability through development and innovation: Crystallization of all activities to ensure
consistent growth.
Corporate sustainability is a business approach creating shareholder value in the long run.
These may be derived by converting risks arising out of economic, environmental and social activities of a
corporate into business opportunities keeping in mind the principles of a sustainable development.
SUSTAINABLE DEVELOPMENT
Sustainable development is a broad concept that balances the need for
economic growth with environmental protection and social equity. It is a
process of change in which the exploitation of resources, the direction of
investments, the orientation of technological development, and institutional
change are all in harmony and enhance both current and future potential to
meet human needs and aspirations. Sustainable development is a broad
concept and it combines economics, social justice, environmental science and
management, business management, politics and law.
The goal of sustainable development is to maintain economic growth
without environment destruction. Exactly what is being sustained
(economic growth or the global ecosystem, or both) is currently at
the root of several debates, although many scholars argue that the
apparent reconciliation of economic growth and the environment is
simply a green sleight of hand that fails to address genuine
environmental problems.
In an attempt to address criticism of the vagueness in the definition of sustainable development, Karl-Henrik
Robert, founder of the environment organization The Natural Step, along with a group of 50 scientists sought
to obtain a consensus on sustainability and developed four ‘basic, non-negotiable system conditions for global
sustainability’.These include:
1. No systematic increase of substances from the earth’s crust in the ecosphere. This condition implies a
drastic reduction in the use of minerals, fossils fuels and non-renewable resources.
2. No systematic increase of substances produced by society in the ecosphere. This condition means
that substances cannot be produced faster that they are broken down and degraded biologically. Therefore, the
uses of non-biodegradable materials must be minimized.
3. No systematic diminishing of the physical basis for productivity and diversity of nature. This condition
requires preservation of biodiversity, non-environmentally damaging land use practices and use of renewable
resources.
4. Fair and efficient use of resources and social justice. This implies equitable access to an just
distribution
of resources.
Four fundamental Principle of Sustainable Development agreed by the world community are:
1. Principle of Intergenerational equity: need to preserve natural resources for the future generations.
2. Principle of sustainable use: use of natural resources in a prudent manner without or with minimum
tolerable impact on nature.
3. Principle of equitable use or intra-generational equity: Use of natural resources by any state /
country must take into account its impact on other states.
4. Principle of integration: Environmental aspects and impacts of socio-economic activities should be
integrated so that prudent use of natural resources is ensured.
This was reinforced at the United Nations Conference on
Environment and Development (UNCED) held in Rio de
Janeiro in 1992. It is now universally acknowledged that the
present generation has to ensure that the coming generations
have a world no worse than ours, rather hopefully better.
THE 2030 AGENDA FOR SUSTAINABLE DEVELOPMENT
The 2030 agenda for Sustainable Development is a plan of action for people,
planet and prosperity. It also seeks to strengthen universal peace in larger
freedom. The 17 Sustainable Development Goals and 169 targets demonstrate
the scale and ambition of this new universal Agenda. They seek to build on the
Millennium Development Goals and complete what these did not achieve. They
seek to realize the human rights of all and to achieve gender equality and the
empowerment of all women and girls. They are integrated and indivisible and
balance the three dimensions of sustainable development: the economic, social
and environmental. The Goals and targets will stimulate action over the next
fifteen years in areas of critical importance for humanity and the planet.
Sustainable Development Goals
1. Goal 1. End poverty in all its forms everywhere
2. Goal 2. End hunger, achieve food security and improved nutrition and promote sustainable agriculture
3. Goal 3. Ensure healthy lives and promote well-being for all at all ages
4. Goal 4. Ensure inclusive and equitable quality education and promote lifelong learning opportunities
for
all
5. Goal 5.Achieve gender equality and empower all women and girls
6. Goal 6. Ensure availability and sustainable management of water and sanitation for all
7. Goal 7. Ensure access to affordable, reliable, sustainable and modern energy for all
8. Goal 8. Promote sustained, inclusive and sustainable economic growth, full and productive
employment
and decent work for all
9. Goal 9. Build resilient infrastructure, promote inclusive and sustainable industrialization and foster
innovation
10. Goal 10. Reduce inequality within and among countries
11. Goal 11. Make cities and human settlements inclusive, safe, resilient and sustainable
12. Goal 12. Ensure sustainable consumption and production patterns
13. Goal 13.Take urgent action to combat climate change and its impacts*
14. Goal 14. Conserve and sustainably use the oceans, seas and marine resources for sustainable
development
15. Goal 15. Protect, restore and promote sustainable use of terrestrial ecosystems, sustainably manage
forests, combat desertification, and halt and reverse land degradation and halt biodiversity loss
16. Goal 16. Promote peaceful and inclusive societies for sustainable development, provide access to
justice for all and build effective, accountable and inclusive institutions at all levels
17. Goal 17. Strengthen the means of implementation and revitalize the global partnership for sustainable
development
RISK
MANAGEMENT
WHAT IS RISK?
The Oxford English Dictionary definition of risk is as follows: ‘a chance or

possibility of danger, loss, injury or other adverse consequences’ and the
definition of at risk is ‘exposed to danger’.
In this context, risk is used to signify negative consequences. However, taking a

risk can also result in a positive outcome. A third possibility is that risk is
related to uncertainty of outcome.
Risks are divided into three categories:
hazard (or pure) risks;
control (or uncertainty) risks;
opportunity (or speculative) risks

RISK IMPORTANCE
Operations will become more efficient because events
that can cause disruption will be identified in advance
and actions taken to reduce the likelihood of these
events occurring, reducing the damage caused by these
events and containing the cost of the events that can
cause disruption to normal efficient production
operations.
• Processes will be more effective, because
consideration will have been given to selection of the
processes and the risks involved in the alternatives
that may be available. Also, process changes that are
delivered by way of projects will be more effectively
and reliably delivered.
• Strategy will be more efficacious in that the risks
associated with different strategic options will be
fully analyzed and better strategic decisions will be
reached. Efficacious refers to the fact that the
strategy that will be developed will be fully capable
of delivering the required outcomes.
CATEGORIES OF DISRUPTION
DEFINITIONS OF RISK MANAGEMENT
Risk Management
- is a process that identifies loss exposures faced by an organization
and selects the most appropriate techniques for treating such
exposures
A loss exposure is any situation or circumstance in which a loss is
possible, regardless of whether a loss occurs
E.g., a plant that may be damaged by an earthquake, or an automobile
that may be damaged in a collision
OBJECTIVES OF RISK MANAGEMENT:
Risk management has objectives before and after a loss

occurs
Pre-loss objectives:
Prepare for potential losses in the most economical way
Reduce anxiety
Meet any legal obligations
Post-loss objectives:
Survival of the firm
Continue operating
Stability of earnings
Continued growth of the firm
Minimize the effects that a loss will have on other persons and
on society
RISK MANAGEMENT PROCESS
Kinds of Loss Exposures:
Property loss exposures

Liability loss exposures
Business income loss exposures
Human resources loss exposures
Crime loss exposures
Employee benefit loss exposures
Foreign loss exposures
Intangible property loss exposures
Failure to comply with government rules and regulations
Risk Managers have several sources of information to identify loss exposures:
Risk analysis questionnaires and checklists
Physical inspection
Flowcharts
Financial statements
Historical loss data
Industry trends and market changes can create new loss exposures.
e.g., exposure to acts of terrorism
MEASURE AND ANALYZE LOSS
EXPOSURES
• Estimate for each type of loss exposure:

• Loss frequency refers to the probable number of losses that may occur during some
time period
• Loss severity refers to the probable size of the losses that may occur
• Rank exposures by importance
• Loss severity is more important than loss frequency:
• The maximum possible loss is the worst loss that could happen to the firm during
its lifetime
• The probable maximum loss is the worst loss that is likely to happen
SELECT THE APPROPRIATE COMBINATION OF
TECHNIQUES FOR TREATING THE LOSS
EXPOSURES
• Risk control refers to techniques that reduce

the frequency and severity of losses
• Methods of risk control include:
• Avoidance
• Loss prevention
• Loss reduction
EXPOSURES
• Avoidance means a certain loss exposure is

never acquired or undertaken, or an existing
loss exposure is abandoned
• The chance of loss is reduced to zero
• It is not always possible, or practical, to avoid all
losses
EXPOSURES
• Loss prevention refers to measures that reduce

the frequency of a particular loss
• e.g., installing safety features on hazardous products
• Loss reduction refers to measures that reduce
the severity of a loss after it occurs
• e.g., installing an automatic sprinkler system
EXPOSURES
• Risk financing refers to techniques that provide for the payment of
losses after they occur.
• Methods of risk financing include:

• Retention
• Non-insurance Transfers
• Commercial Insurance
RISK FINANCING METHODS: RETENTION
• Retention means that the firm retains part or

all of the losses that can result from a given loss
• Retention is effectively used when:
• No other method of treatment is available
• The worst possible loss is not serious
• Losses are highly predictable
• The retention level is the dollar amount of losses

that the firm will retain
• A risk manager has several methods for paying retained

losses:
• Current net income: losses are treated as current expenses
• Unfunded reserve: losses are deducted from a bookkeeping
account
• Funded reserve: losses are deducted from a liquid fund
• Credit line: funds are borrowed to pay losses as they occur
• A captive insurer is an insurer owned by a parent firm for

the purpose of insuring the parent firm’s loss exposures
• A single-parent captive is owned by only one parent
• An association or group captive is an insurer owned by several

parents
• Reasons for forming a captive include:
• The parent firm may have difficulty obtaining insurance
• To take advantage of a favorable regulatory environment
• Costs may be lower than purchasing commercial insurance
• A captive insurer has easier access to a reinsurer
• A captive insurer can become a source of profit
• Premiums paid to a single parent (pure) captive are generally
not income-tax deductible.
• They may be tax deductible if:
• The transaction is a bona fide insurance transaction
• A brother-sister relationship exists
• The captive insurer writes a substantial amount of unrelated
business
• The insureds are not the same as the shareholders of the captive
• Premiums paid to a group captive are usually income-tax
deductible.
• Self-insurance, or self-funding is a special form of planned retention

by which part or all of a given loss exposure is retained by the firm
• A risk retention group (RRG) is a group captive that can write any
type of liability coverage except employers’ liability, workers
compensation, and personal lines
• They are exempt from many state insurance laws
Advantages Disadvantages
• Save on loss costs • Possible higher losses

• Save on expenses • Possible higher expenses
• Encourage loss prevention • Possible higher taxes
• Increase cash flow
RISK FINANCING METHODS:
NON-INSURANCE TRANSFERS
• A non-insurance transfer is a method other than insurance
by which a pure risk and its potential financial consequences
are transferred to another party
• Examples include: contracts, leases, hold-harmless agreements
RISK FINANCING METHODS:
NON-INSURANCE TRANSFERS
Disadvantages
Advantages
• Contract language may be ambiguous, so
transfer may fail
• Can transfer some losses that
are not insurable • If the other party fails to pay, firm is still
responsible for the loss
• Less expensive
• Insurers may not give credit for transfers
• Can transfer loss to someone
who is in a better position to
control losses
RISK FINANCING METHODS: INSURANCE
Insurance is appropriate for low-probability, high-severity loss

exposures
• The risk manager selects the coverages needed, and policy provisions
• A deductible is a specified amount subtracted from the loss payment
otherwise payable to the insured
• In an excess insurance policy, the insurer pays only if the actual loss exceeds
the amount a firm has decided to retain
• The risk manager selects the insurer, or insurers, to provide the coverages
• The risk manager negotiates the terms of the insurance contract
• A manuscript policy is a policy specially tailored for the firm
• The parties must agree on the contract provisions, endorsements,
forms, and premiums
• Information concerning insurance coverages must be disseminated to
others in the firm
• The risk manager must periodically review the insurance program
Disadvantages Advantages
• Premiums may be costly • Firm is indemnified for losses

• Negotiation of contracts takes
time and effort • Uncertainty is reduced
• The risk manager may become • Insurers can provide valuable
lax in exercising loss control risk management services
• Premiums are income-tax
deductible
EXHIBIT. RISK MANAGEMENT MATRIX
MARKET CONDITIONS AND THE SELECTION
OF RISK MANAGEMENT TECHNIQUES
• Risk managers may have to modify their choice of techniques

depending on market conditions in the insurance markets
• The insurance market experiences an underwriting cycle
• In a “hard” market, profitability is declining, underwriting standards are
tightened, premiums increase, and insurance is hard to obtain
• In a “soft” market, profitability is improving, standards are loosened, premiums
decline, and insurance become easier to obtain
IMPLEMENT AND MONITOR THE RISK
MANAGEMENT PROGRAM
• Implementation of a risk management program begins with a
risk management policy statement that:
• Outlines the firm’s objectives and policies
• Educates top-level executives
• Gives the risk manager greater authority
• Provides standards for judging the risk manager’s performance
• A risk management manual may be used to:

• Describe the risk management program
• Train new employees
IMPLEMENT AND MONITOR THE RISK
MANAGEMENT PROGRAM
• A successful risk management program requires active cooperation
from other departments in the firm
• The risk management program should be periodically reviewed and
evaluated to determine whether the objectives are being attained
• The risk manager should compare the costs and benefits of all risk
management activities
BENEFITS OF RISK MANAGEMENT
• Enables firm to attain its pre-loss and post-loss objectives more easily
• A risk management program can reduce a firm’s cost of risk
• Reduction in pure loss exposures allows a firm to enact an enterprise risk
management program to treat both pure and speculative loss exposures
• Society benefits because both direct and indirect losses are reduced
PERSONAL RISK MANAGEMENT
• Personal risk management refers to the

identification of pure risks faced by an individual or
family, and to the selection of the most appropriate
technique for treating such risks
• The same principles applied to corporate risk
management apply to personal risk management
WHAT IS THE RISK MANAGEMENT
PROCESS?
The Risk Management Process consists of a

series of steps that, when undertaken in
sequence, enable continual improvement in
decision-making.
128
Steps of the Risk Management
Process
Step 1. Communicate and consult.
Step 2. Establish the context.
Step 3. Identify the risks.
Step 4. Analyze the risks.
Step 5. Evaluate the risks.
Step 6. Treat the risks.
Step 7. Monitor and review.
129
130
STEP 1.COMMUNIC ATE AND CONSULT
-Communication and
consultation aims to identify
who should be involved in
assessment of risk (including
identification, analysis and
evaluation) and it should
engage those who will be
involved in the treatment,
monitoring and review of
risk.
131
-As such, communication and consultation will be reflected in each
step of the process described here.
-As an initial step, there are two main aspects that should be
identified in order to establish the requirements for the
remainder of the process.
-These are communication and consultation aimed at:

A- Eliciting risk information
B-Managing stakeholder perceptions for management of risk.
132
A- Eliciting risk information
-Communication and consultation may occur within the

organization or between the organization and its
stakeholders.
-It is very rare that only one person will hold all the information
needed to identify the risks to a business or even to an activity
or project.
-It therefore important to identify the range of stakeholders who

will assist in making this Information complete.
133
B-MANAGING STAKEHOLDER PERCEPTIONS FOR
MANAGEMENT OF RISK
134
TIPS FOR EFFECTIVE COMMUNIC ATION AND
CONSULTATION
• Determine at the outset whether a communication strategy and/or plan is

required;
• Determine the best method or media for communication and consultation;
• The significance or complexity of the issue or activity in question can be
used as a guide as to how much communication and consultation is
required: the more complex and significant to the organization, the more
detailed and comprehensive the requirement.
135
STEP 2. ESTABLISH THE CONTEXT
provides a five-step process to assist with
establishing the context within which
risk will be identified.
1-Establish the internal context
2-Establish the external context
3-Establish the risk management context
4- Develop risk criteria
5- Define the structure for risk analysis
136
1- Establish the internal context
-As previously discussed, risk is the chance of something happening that will
impact on objectives.
As such, the objectives and goals of a business, project or activity must first be
identified to ensure that all significant risks are understood.
This ensures that risk decisions always support the broader goals and
objectives of the business. This approach encourages long-term and
strategic thinking.
137
• In establishing the internal context, the business owner may
also ask themselves the following questions:
- Is there an internal culture that needs to be considered? For

example, are staff Resistant to change? Is there a professional culture
that might create unnecessary risks for the business?
- What staff groups are present?
- What capabilities does the business have in terms of people, systems,
processes, equipment and other resources?
138
2. ESTABLISH THE EXTERNAL CONTEXT
• This step defines the overall environment in which a business operates

and includes an understanding of the clients’ or customers’ perceptions of
the business. An analysis of these factors will identify the strengths,
weaknesses, opportunities and threats to the business in the external
environment.
139
• A business owner may ask the following questions when determining the external
context:
• What regulations and legislation must the business comply with?
• Are there any other requirements the business needs to comply with?
• What is the market within which the business operates? Who are the
competitors?
• Are there any social, cultural or political issues that need to be considered?
140
• Tips for establishing internal and external contexts
-Determine the significance of the activity in achieving the organization's goals

and objectives
- Define the operating environment
- Identify internal and external stakeholders and determine their involvement
in the risk management process.
141
3- ESTABLISH THE RISK MANAGEMENT CONTEXT
- Before beginning a risk identification exercise, it is important to define the

limits, objectives and scope of the activity or issue under examination.
- For example, in conducting a risk analysis for a new project, such as the
introduction of a new piece of equipment or a new product line, it is
important to clearly identify the parameters for this activity to ensure
that all significant risks are identified.
142
• Tips for establishing the risk management context
• Define the objectives of the activity, task or function
• Identify any legislation, regulations, policies, standards and operating
procedures that need to be complied with
• Decide on the depth of analysis required and allocate resources accordingly
• Decide what the output of the process will be, e.g. a risk assessment, job
safety analysis or a board presentation. The output will determine the most
appropriate structure and type of documentation.
143
4. Develop risk criteria
Risk criteria allow a business to clearly define unacceptable levels of risk.

Conversely, risk criteria may include the acceptable level of risk for a
specific activity or event. In this step the risk criteria may be broadly defined
and then further refined later in the risk management process.
144
Tips for developing risk criteria
• Decide or define the acceptable level of risk for each activity

• Determine what is unacceptable
• Clearly identify who is responsible for accepting risk and at what level.
145
5. DEFINE THE STRUCTURE FOR RISK ANALYSIS
• Isolate the categories of risk that you want to manage. This will provide
greater depth and accuracy in identifying significant risks.
• The chosen structure for risk analysis will depend upon the type of
activity or issue,
its complexity and the context of the risks.
146
STEP 3. IDENTIFY THE RISKS
• Risk cannot be managed unless it is

first identified. Once the context of the
business has been defined, the next
step is to utilize the information to
identify as many risks as possible.
147
• The aim of risk identification is to identify possible risks that may affect,
either negatively or positively, the objectives of the business and the activity
under analysis.Answering the following questions identifies the risk:
148
• There are two main ways to identify risk:
1- Identifying retrospective risks
Retrospective risks are those that have previously occurred, such as

incidents or accidents. Retrospective risk identification is often the most
common way to identify risk, and the easiest. It’s easier to believe
something if it has happened before. It is also easier to quantify its impact
and to see the damage it has caused.
149
• There are many sources of information about retrospective risk.These include:
• Hazard or incident logs or registers

• Audit reports
• Customer complaints
• Accreditation documents and reports
• Past staff or client surveys
• Newspapers or professional media, such as journals or websites.
150
2-Identifying prospective risks
• Prospective risks are often harder to identify. These are things that have not
yet happened, but might happen some time in the future.
• Identification should include all risks, whether or not they are currently
being managed. The rationale here is to record all significant risks and
monitor or review the effectiveness of their control.
151
• Methods for identifying prospective risks include:
• Brainstorming with staff or external stakeholders

• Researching the economic, political, legislative and operating environment
• Conducting interviews with relevant people and/or organizations
• Undertaking surveys of staff or clients to identify anticipated issues or
problems
• Flow charting a process
• Reviewing system design or preparing system analysis techniques.
152
TIPS FOR EFFECTIVE RISK IDENTIFIC ATION
• Select a risk identification methodology appropriate to the type of risk and

the nature of the activity
• Involve the right people in risk identification activities
• Take a life cycle approach to risk identification and determine how risks
change and evolve throughout this cycle.
153
STEP 4. ANALYZE THE RISKS
• During the risk identification step, a
business owner may have identified many
risks and it is often not possible to try to
address all those identified.
• The risk analysis step will assist in
determining which risks have a greater
consequence or impact than others.
154
What is risk analysis?
• Risk analysis involves combining the possible consequences, or impact, of an

event, with the likelihood of that event occurring. The result is a ‘level of
risk’. That is:
Risk = consequence x likelihood
155
Elements of risk analysis
The elements of risk analysis are as follows:
1. Identify existing strategies and controls that act to minimize negative risk
and enhance opportunities.
2. Determine the consequences of a negative
impact or an opportunity (these may be positive or negative).
3. Determine the likelihood of a negative consequence or an opportunity.
4. Estimate the level of risk by combining consequence and likelihood.
5. Consider and identify any uncertainties in the estimates.
156
Types of analysis
Three categories or types of analysis can be used to determine level of risk:
• Qualitative
• Semi-quantitative
• Quantitative.
- The most common type of risk analysis is the qualitative method. The type of
analysis chosen will be based upon the area of risk being analyzed.
157
Tips for effective risk analysis
Risk analysis is usually done in the context of existing controls – take the time
to identify them
• The risk analysis methodology selected should, where possible, be
comparable to the significance and complexity of the risk being analyzed, i.e.
the higher the potential consequence the more rigorous the methodology
• Risk analysis tools are designed to help rank or priorities risks. To do this
they must be designed for the specific context and the risk dimension under
analysis.
158
STEP 5. EVALUATE THE RISKS
• Risk evaluation involves comparing the level
of risk found during the analysis process with
previously established risk criteria, and
deciding whether these risks require
treatment.
• The result of a risk evaluation is a prioritized
list of risks that require further action.
• This step is about deciding whether risks are
acceptable or need treatment.
159
Risk acceptance
A risk may be accepted for the following reasons:
• The cost of treatment far exceeds the benefit, so that acceptance is the only
option (applies particularly to lower ranked risks)
• The level of the risk is so low that specific treatment is not appropriate with
available resources
• The opportunities presented outweigh the threats to such a degree that
the risks justified
• The risk is such that there is no treatment available, for example the risk
that the business may suffer storm damage.
160
STEP 6. TREAT THE RISKS
• Risk treatment is about considering options
for treating risks that were not considered
acceptable or tolerable at Step 5.
• Risk treatment involves identifying options

for treating or controlling risk, in order to
either reduce or eliminate negative
consequences, or to reduce the likelihood of
an adverse occurrence. Risk treatment
should also aim to enhance positive
outcomes.
161
Options for risk treatment:
this identifies the following options that may assist in the minimization of
negative risk or an increase in the impact of positive risk.
1- Avoid the risk
2- Change the likelihood of the occurrence
3- Change the consequences
4- Share the risk
5- Retain the risk
162
Tips for implementing risk treatments
• The key to managing risk is in implementing effective treatment options

• When implementing the risk treatment plan, ensure that adequate resources
are available, and define a timeframe, responsibilities and a method for
monitoring progress against the plan
• Physically check that the treatment implemented reduces the residual risk
level
• In order of priority, undertake remedial measures to reduce the risk.
163
STEP 7. MONITOR AND REVIEW
• Monitor and review is an essential and
integral step in the risk management
process.
• A business owner must monitor risks and
review the effectiveness of the treatment
plan, strategies and management system that
have been set up to effectively manage risk.
164
• Risks need to be monitored periodically to ensure changing circumstances
do not alter the risk priorities. Very few risks will remain static, therefore
the risk management process needs to be regularly repeated, so that new
risks are captured in the process and effectively managed.
• A risk management plan at a business level should be reviewed at least on
an annual basis. An effective way to ensure that this occurs is to combine
risk planning or risk review with annual business planning.
165
SUMMARY
OF RISK
MANAGE-MENT
STEPS
166
RISK ASSESSMENT
PRINCIPLES
LEGAL BACKGROUND
Management Regulations (1999) are the umbrella regulations

Require employer to:
• Identify hazards
• Assess risks
• Eliminate or control exposure to risks
• Write it down if significant
RISK ASSESSMENT – THE 5 STEPS
• What are the hazards?
• Who is doing what, where & when? (WWW)

AND
Who else might be affected by what is done?
• What is the degree of risk?
• What do we need to, or can we, do to control (eliminate/minimise)
exposure to the risk?
• How will we monitor the work/people?
What comes first?
Even before the 5 steps – one question:

What is it we have/want/would like to do?
We can call this: -
• The task
• The job to do
• The procedure
Everything can be covered in this way
Hazard and Risk
Hazard the potential to cause harm or damage
Risk the chance of that harm occurring

Calculated as -
potential severity of harm

(the consequence – or damage)
x
likelihood of event occurring
HAZARD IDENTIFICATION
• What will I be using/doing?

• How much do I know about what I am using/doing?
• What factors or properties could there be that affect the level of
hazard (not risk)?
• Do I really have to do the work/task at all?

• Can I substitute something less hazardous?
WHO IS AFFECTED BY THE WORK?
• Those who do the work

• Maturity
• Experience
• Health and immune status
• Medication
• Disability
• Pregnancy
• Others in the workplace
• Cleaning and maintenance staff
• Visitors
• External – including neighbors
Can we work out how high the risk is?
Consequence - severity
• What could go wrong?
• What is the worst that could happen?
Likelihood
• How often must it be done?
• How many people do it?
• Is everyone doing it competent and trained?
Where do our risks fit on the spectrum?
How likely?
How bad?
Evaluating the risk
1. Highly unlikely 1. Slight harm

2. Possibly 2. Injury affecting work
3. Quite likely 3. Serious injury
4. Very likely 4. Possible fatality
Risk Matrix
4 8 12 16
3 6 9 12
2 4 6 8
1 2 3 4
Risk Matrix
4 8 12 16
3 6 9 12
2 4 6 8
1 2 3 4
Risk Matrix – Does it work?
4 8 12 16
Tolerable Significant Unacceptable Unacceptable
3 6 9 12
Insignificant Tolerable Significant Unacceptable
2 4 6 8
Insignificant Tolerable Tolerable Significant
1 2 3 4
Insignificant Insignificant Insignificant Tolerable
Controlling the risk
Unacceptable – stop doing it until

improvements made
Significant - proceed with caution but
improvement high priority
Tolerable - OK to proceed but plan to
improve
Insignificant - Any improvements low priority
Controlling the risk
• Decide measures to be taken

• Implement them according to priority
• Confirm measures appropriate and
work
MONITORING AND REVIEW
Monitoring
• ‘Live’ nature of assessments
• Possible modification to procedures
Review
• Identifies changes to procedures
• Possible modification to assessment
INTERNAL
CONTROL
INTERNAL CONTROL: DEFINITION
- Is an interlocking set of activities that are layered onto

the normal operating procedures of an organization, with
the intent of safeguarding assets, minimizing errors, and
ensuring that operations are conducted in an approved
manner. Another way of looking at internal control is that
these activities are needed to mitigate the amount and
types of risk to which a firm is subjected. Controls are
also useful for consistently producing reliable financial
statements.
INTERNAL CONTROL: DEFINITION (CON TIN UATION )
Internal control comes at a price, which is that control

activities frequently slow down the natural process flow
of a business, which can reduce its overall efficiency.
Consequently, the development of a system of internal
control requires management to balance risk reduction
with efficiency. This process can sometimes result in
management accepting a certain amount of risk in order
to create a strategic profile that allows a company to
compete more effectively, even if it suffers occasional
losses because controls have been deliberately reduced.
INTERNAL CONTROL: DEFINITION (CON TIN UATION )
A system of internal controls tends to increase in

comprehensiveness as a firm increases in size. This is
needed, because the original founders do not have the
time to maintain complete oversight when there are
many employees and/or locations. Further, when a
company goes public, there are additional financial
control requirements that must be implemented,
especially if the firm's shares are to be listed for sale on
a stock exchange. Thus, the cost of controls tends to
increase with size.
INTERNAL CONTROL: TYPES
Internal control comes in many forms, which include the
following:
* A board of directors oversees the entire organization,

providing governance over the management team.
* Internal auditors routinely examine all processes,
looking for failings that can be corrected with either new
controls or tweaks of existing controls.
* Processes are altered so that more than one person is
involved in each one; this is done so that people can
cross-check each other, reducing fraud incidents and the
likelihood of errors.
INTERNAL CONTROL: TYPES
* Access to computer records is restricted, so that

information is only made available to those people who
need it to conduct specific tasks. Doing so reduces the
risk of information theft and the risk of asset theft
through the modification of ownership records.
* Assets are locked up when not in use, making it more
difficult to steal them.
A key concept is that even the most comprehensive
system of internal control will not entirely eliminate
the risk of fraud or error. There will always be a few
incidents, typically due to unforeseen circumstances
or an exceedingly determined effort by someone
who wants to commit fraud.
An effective system of internal control protects your
plan in two ways:
• By minimizing opportunities for unintentional errors or

intentional fraud that may harm the plan. Preventive
controls, which are designed to discourage errors or
fraud, help accomplish this objective.
• By discovering small errors before they become big
problems. Detective controls are designed to identify an
error or fraud after it has occurred.
Preventative vs. Detective Controls
• Internal controls are typically comprised of control

activities such as authorization, documentation,
reconciliation, security, and the separation of duties.
And they are broadly divided into preventative and
detective activities.
Preventive control activities aim to deter errors or
fraud from happening in the first place and include
thorough documentation and authorization practices.
And the separation of duties ensures that no single
individual is in a position to authorize, record, and be in
the custody of a financial transaction and the resulting
asset. Authorization of invoices and verification of
expenses are internal controls. In addition, preventative
internal controls include limiting physical access to
equipment, inventory, cash, and other assets.
Detective controls are backup procedures that
are designed to catch items or events that have
been missed by the first line of defense. Here,
the most important activity is reconciliation, used
to compare data sets, and corrective action is
taken upon material differences. Other detective
controls include external audits from accounting
firms and internal audits of assets such as
inventory
Disadvantages of Internal Controls
• Regardless of the policies and procedures

established by an organization, only reasonable
assurance may be provided that internal controls
are effective and financial information is correct. The
effectiveness of internal controls is limited by human
judgment. A business will often give high-level
personnel the ability to override internal controls for
operational efficiency reasons, and internal controls
can be circumvented through collusion.

Overnance, Usiness Thics, ISK Anagement and Nternal Ontrol: Presented By: Scott Jason P. Llanes, BA

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Overnance, Usiness Thics, ISK Anagement and Nternal Ontrol: Presented By: Scott Jason P. Llanes, BA

Uploaded by

Copyright:

Available Formats

AEC 117 - GOVERNANCE,

Corporate Governance is integral to the existence of the company. Corporate

Stakeholders are characterized by their relationship to the company and their

Risk Management is a continuous process of identifying, evaluating and

Corporate governance is the broad term used to describe the processes,

(f) Enhancing Enterprise Valuation

11. Business and community obligations

14. Audit Committees

Business Ethics is the application of ethical principles and methods of analysis

1. The Principle of Respect for autonomy

3. The Principle of non-maleficence

Corporate citizenship is a commitment to improve community well-being

Corporate responsibility is achieved when a business adapts CSR well aligned

The Oxford English Dictionary definition of risk is as follows: ‘a chance or

In this context, risk is used to signify negative consequences. However, taking a

hazard (or pure) risks;

control (or uncertainty) risks;

opportunity (or speculative) risks

Risk management has objectives before and after a loss

Property loss exposures

• Estimate for each type of loss exposure:

• Risk control refers to techniques that reduce

• Avoidance means a certain loss exposure is

• Loss prevention refers to measures that reduce

• Methods of risk financing include:

• Retention means that the firm retains part or

• The retention level is the dollar amount of losses

• A risk manager has several methods for paying retained

• A captive insurer is an insurer owned by a parent firm for

• A single-parent captive is owned by only one parent

• An association or group captive is an insurer owned by several

• Self-insurance, or self-funding is a special form of planned retention

• Save on loss costs • Possible higher losses

Insurance is appropriate for low-probability, high-severity loss

• Premiums may be costly • Firm is indemnified for losses

• Risk managers may have to modify their choice of techniques

• A risk management manual may be used to:

• Personal risk management refers to the

The Risk Management Process consists of a

-These are communication and consultation aimed at:

-Communication and consultation may occur within the

-It therefore important to identify the range of stakeholders who

• Determine at the outset whether a communication strategy and/or plan is

- Is there an internal culture that needs to be considered? For

• This step defines the overall environment in which a business operates

-Determine the significance of the activity in achieving the organization's goals

- Before beginning a risk identification exercise, it is important to define the

Risk criteria allow a business to clearly define unacceptable levels of risk.

• Decide or define the acceptable level of risk for each activity

• Risk cannot be managed unless it is

Retrospective risks are those that have previously occurred, such as

• Hazard or incident logs or registers

• Brainstorming with staff or external stakeholders

• Select a risk identification methodology appropriate to the type of risk and

• Risk analysis involves combining the possible consequences, or impact, of an

Risk = consequence x likelihood

A risk may be accepted for the following reasons:

• Risk treatment involves identifying options

• The key to managing risk is in implementing effective treatment options

Management Regulations (1999) are the umbrella regulations

• What are the hazards?

• Who is doing what, where & when? (WWW)

Even before the 5 steps – one question: