As the world changes, the nature of risks for businesses also has undergone a dramatic transformation. A Corporate Governance study spearheaded by former SEBI chief M. Damodaran points to the change in the nature of threat perception in Indian boardrooms.
It is a no-brainer that there is a vein of technology streaking across the bigger new-age worries that plague corporate decision-makers.
According to a study by Excellence Enablers, a corporate consulting group promoted by the ex-bureaucrat, the bigger risk factor as evaluated by Indian listed companies is cyber attacks – as evinced by the fact that a curiously high number of companies said their biggest threats stemmed from Financials, IT and operations.
Ninety-five companies out of those surveyed put the three at the top of their ‘worry list’. Not surprising, since the three devolve into a major worry of technical systems being breached for monetary reasons. In other words, a cyberattack.
This is also the first time that this high a number of listed firms put these worries as their biggest ‘priorities’. For example, while 95 companies said IT was a big worry, the numbers were around 84 in all three previous years.
Of course, while cyber fears dominate, financial risk can stretch beyond a malafide external interference. Financial worries, which topped the risk list, also include risks related to credit, liquidity, market, foreign exchange, commodity and costs.
Operational risks include those related to clients and supply chain while IT includes worries over (impending) AI. It also includes data privacy, technology and cyber.
Compared to these top three worries, other risks, including regulatory, ESG, worries over brand reputation, strategy related, etc. all show lesser numbers. In fact, it is also a sign of the changing times that while fears over the pandemic dominated a few years ago, it seems to have fallen down the ‘risk fear’ ladder. For example, while 36 listed corporates included Covid-19 as one of their worries in their company outlook three years ago, it has fallen to zero this year, showcasing absolute confidence that the fear and paranoia of the pandemic days are very definitely behind India Inc.
Even last year, two companies mentioned Covid in their reports while the number was four the year before. But now, it seems those dark days have been erased out of corporate consciousness.
Risk management is a process that companies need to take seriously, the report feels, noting that some companies made do with the bare minimum number of meetings as stipulated by SEBI.
“Risk mitigation should commence with a robust process of identification of risks, and an assessment of their impact and probability,” the report notes, while adding some other crucial risk factors, though perhaps not noted as high by companies as per the tabulation, yet deserve more attention. This includes lack of succession planning, absence of business continuity plan, inadequate HR/talent management, geopolitical risks, human rights, diversity and inclusion, business ethics and integrity, fraud, intellectual property rights (IPR), research & development (R&D), etc.
The survey, an annual feature by Excellence Enablers, is aimed at showing a mirror to Indian businesses on the need for higher standards in not just compliance, but in doing the right thing. As the study’s introduction notes, “good Corporate Governance is no more than doing the right things, at the right time, in the right manner, and for the right reasons, without having the lawmakers or the regulators laying down what requires to be done. Good governance practices by a handful of entities, who strike out on their own in the interest of stakeholders, have often resulted in laws and regulations on the same lines for other entities in a similar universe.”