2013 - November
ISCA-KPMG Risk Management Study: Need for Higher Quality Disclosure in Risk Governance
27 Nov 2013 Category: Media Releases
- Bigger firms, finance sector and GLCs have more developed risk management practices
- Greater clarity needed on risk governance role
- Low rates of disclosure regarding adequacy and effectiveness of risk management and internal control
Singapore, 27 November, 2013 – A study by the Institute of Singapore Chartered Accountants (ISCA) and KPMG in Singapore has found that there is a need to generate greater awareness on internal control and risk management. The study also encourages companies to provide greater quality disclosure on their risk governance practices.
Entitled “Towards better risk governance: a study of Singapore listed Companies 2013”, the ISCA-KPMG risk study looked at risk management disclosures of 250 listed companies in Singapore. It was conducted to assess the state of adoption of risk management practices by listed companies, especially in the light of the revised Code of Corporate Governance.
The study findings were shared with more than 250 board directors and senior C-suite executives at a forum this morning (27 November).
Greater Clarity Needed on Risk Governance Role
According to the study findings, the party responsible for risk governance differs across institutions.
Among the companies studied in the survey:
- Some 34 percent stated that their board is responsible for risk governance
- About 26 percent of companies pointed to management as being responsible
- About 19 percent of companies stated that Board Committees are responsible for risk governance.
Similarly, the board committee responsible for overseeing risk governance is not consistently disclosed. About 29 percent of the companies studied disclosed that they relied on their Audit Committee for risk governance, while 14 percent established a separate Board Risk Committee. Some 57 percent did not disclose this information.
Mr R. Dhinakaran, Vice-President of ISCA and Chairman of the ISCA Corporate Governance Committee, said: “Our joint study revealed that there are gaps regarding the substance and quality of the disclosures of the sampled companies’ risk management and internal control frameworks in their annual reports. It is important that companies adopt the best practices of risk governance not just from a compliance tick-the-box perspective but to promote their organisation’s long-term sustainability.”
Mr Irving Low, Head of Risk Consulting, KPMG in Singapore, said: “The findings suggest that more work is needed to clarify risk governance responsibilities of the board, board committee and management of the organisation.
“This is important to ensure that there is clear communication and greater transparency of risk, control and assurance information across the key ‘lines of defence’. In that way, boards can validate observations and conclusions to determine whether the overall framework is adequate and effective.”
Challenges in determining what and how much to disclose
Not surprisingly, compliance is higher when risk management is regulations-based, compared to when risk management is principles-based. While listed companies have complied with the mandatory SGX Listing Rule 1207(10), it is noted that some of them did not provide proper basis to explain how they concluded that there are adequate controls. Only 12 percent of companies complied with the revised Code of Corporate Governance.
Also, management support can be enhanced. Despite an increase in requirements regarding risk management and internal controls, resources at management level remain relatively unchanged. Only 12 percent of the companies sampled disclosed that they have a Management Risk Committee and only five percent have a dedicated Chief Risk Officer (CRO).
In addition, 85 percent of companies in the study are silent on whether there is a C-suite executive responsible for risk governance in their organisation.
Board Risk Committee Linked to Mature Risk Management Practices
The study found that the existence of a Board Risk Committee has been linked to more mature risk management practices.
Among companies with a Board Risk Committee, 34 percent have a CRO, compared to three percent for companies without a Board Risk Committee.
Some 69 percent of companies with a Board Risk Committee have an in-house Internal Audit function, compared with 27 percent for companies without a Board Risk Committee. Likewise, 71 percent of companies with a Board Risk Committee disclosed their risk management framework, compared with 40 percent of companies without a Board Risk Committee.
Said Mr Low: “Companies in complex and highly regulated industries typically have invested resources into establishing separate risk structures such as board risk committees and CROs to enable sufficient focus.
“Not all companies must adopt these same exact practices. However, they should take the time to clearly define key roles and responsibilities, resources required and the reporting requirements in terms of nature and frequency. Doing so will enable them to evaluate the adequacy and effectiveness of their risk management and internal control systems and satisfy disclosure obligations”.
Other Areas for Improvement
Given the revised Code of Corporate Governance 2012, the adoption rate of risk management practices by companies in the study has been encouraging. Specifically, the study found that the introduction of the SGX Listing Rule 1207(10) has raised standards for internal control systems.
Bigger companies, as well as those from the finance sector, and Government-Linked Companies (GLCs) have adopted and disclosed better developed risk management practices. These companies have higher compliance and adoption rates in at least seven out of 10 areas.
However, the study found that more can be done in terms of disclosures of board responsibility, assurance from the CEO or CFO, and whether there is a CRO appointed.
In addition, boards can improve the disclosureregarding their risk management and internal controls systems. Approximately half of small and mid-cap firms in the study did not state their risk management framework.
More work also needs to be done in the disclosure of the adoption of standards set by the Institute of Internal Auditors (IIA). While 94 percent of companies in the study have an Internal Audit function, only 39 percent disclosed that the IA function meets IIA standards.
Said Mr Dhinakaran: “Effective risk governance is an ongoing commitment and ISCA encourages companies and businesses to think seriously about how to adopt the best practices, including those in the revised Code of Corporate Governance. We hope that our joint study with KPMG will achieve its aim of helping our companies to look at risk governance in greater depth and, in the process, follow up with adopting the best practices.”
Said Mr Low, “Board members and C-Suite level executives should take stock of their existing board assurance framework to confirm whether it is adequate and effective in practice and adopt a substance over form approach to disclosures”.
About the study
The study looked at the risk management disclosures of the 250 listed firms in terms adequacy of internal controls, effectiveness of internal controls, adequacy of risk management systems and effectiveness of risk management systems. It also benchmarked companies according to 10 risk management best practices identified for analysis.
Of the 250 companies sampled, 76 percent are small-cap firms (market capitalization of less then S$300 million), 12 percent are mid-cap (S$300 million to less than S$ 1billion) and 12 percent are large-cap (S$1billion and above) firms. The sectors of the companies reviewed include manufacturing, services, real estate, commerce, transport/storage/communications and finance.
*Note: For event photos and the powerpoint slides, feel free to contact Betsy Tan.
Institute of Singapore Chartered Accountants
Tel: 6597 5608 / 9641 6920
KPMG in Singapore
LEOW SI WAN
Assistant Manager, Marketing & Communications
Tel: 65 6507 1541/9385 1200
About the Institute of Singapore Chartered Accountants
Formerly the Institute of Certified Public Accountants of Singapore, the Institute of Singapore Chartered Accountants (“ISCA”) is the national accountancy body of Singapore. Working with government and industry to develop the accounting profession, ISCA’s vision is to be a globally recognised professional accountancy body, bringing value to our members, the profession and wider community.
Possessing a Global Mindset, with Asian Insights, ISCA contributes to Singapore’s goal to be a global accountancy hub, by promoting and advocating for the interests of our members and the profession.
Established in 1963, ISCA shapes the accountancy landscape through its continual involvement in the profession’s development. Working in partnership with diverse stakeholders, including government agencies, global accounting organisations, professional bodies, employers, educators, and the public, we are dedicated to empowering our members to achieve their aspirations.
ISCA is a Designated Entity to confer the Chartered Accountant of Singapore – CA (Singapore) – designation, a prestigious title that is expected to come with global recognition and international portability. As the Administrator of the Singapore Qualification Programme (Singapore QP), ISCA aims to raise the profile of this post-university professional accountancy qualification programme, helping it to attain international recognition and promoting it as the educational pathway of choice for professional accountants.
There are currently over 27,000 ISCA members making their stride in businesses across industries in Singapore and around the world.
For more information, please visit www.isca.org.sg
About KPMG in Singapore
KPMG in Singapore is part of a global network of professional services firms providing Audit, Tax and Advisory services. Our website is located at kpmg.com.sg
The independent member firms of the KPMG network operate in 156 countries and have more than 152,000 professionals worldwide. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.