RISK ORGANIZATIONS CORPORATE GOVERNANCE MODEL CORPORATE GOVERNANCE Corporate

RISK & ORGANIZATIONS CORPORATE GOVERNANCE MODEL

CORPORATE GOVERNANCE Corporate governance covers a very wide range of topics, and risk management is an integral part of the successful corporate governance of every organization. Most countries in the world place corporate governance requirements on organizations. These requirements are particularly strong in relation to companies quoted on stock exchanges, organizations that are registered charities and government departments, agencies and authorities. For instance, companies listed on the London Stock Exchange have to be guided by the Combined Code on Corporate Governance published by the Financial Reporting Council.

PURPOSE The purpose of corporate governance is to facilitate accountability and responsibility for efficient and effective performance and ethical behavior. It should protect executives and employees in undertaking the work they are required to do. Finally, it should ensure stake-holder cofidence in the ability of the organization to identify and achieve outcomes that its stakeholders. value

APPROACHES There are two main approaches to the enforcement of corporate governance standards. Some countries treat corporate governance requirements as comply or explain. In other words, the organization should comply with the requirements or explain why it was not appropriate, necessary or feasible to comply. If appropriate, an organization could explain that an alternative approach was taken to achieve the same result. In these countries, the requirements may be regarded as one means of achieving good practice, but equally effective alternative arrangements are also acceptable.

LSE CORPORATE GOVERNANCE FRAMEWORK The London Stock Exchange (LSE) has produced guidance on corporate governance and the focus of that guidance is on the effectiveness of the board. In the view of LSE, corporate governance is about the effective management of the organization and the appropriate responsibilities and the role of the senior managers and board members within the organization. Figure provides a summary representation of the London Stock Exchange governance framework. Governance activities are centered on the board of the organization and the LSE guidance refers to these boards as supervisory and managerial boards. The corporate governance framework has two main components. These components are: 1) the responsibilities, obligations and rewards of board members, and 2) the fullfillment of stakeholder expectations, rights, participation and dialogue. The importance of board member responsibilities, obligations and rewards are emphasized and include arrangements for: determining membership of the board; accountability of board members;

STAKEHOLDER EXPECTATIONS Range of stakeholders Organizations will have a wide range of stakeholders, some of whom may indeed be unwanted as far as the organization is concerned. For example, if a distribution company wishes to build an extension to its depot, local residents may want to object to it. The local residents are stakeholders in the operation of the company, even though the owner of the company may not wish to acknowledge that fact. ISO Guide 73 dense a stakeholder as a person or group concerned with, affected by, or perceiving themselves to be affected by an organization. There will be a wide range of stakeholders in a typical sports club and these will include the following: supporters; players; staff; sponsors; suppliers.

Data for shareholders General A clear statement of strategy and vision Corporate people and principal market Financial data Annual report and financial statements Archived financial information for the past three years Corporate governance and CSR Information related to compliance with Combined Code Information on the company CSR policies Shareholder information Shareholder analysis by size and constituent Information on directors share dealings Relevant news Access to all news releases and presentations Developments that might affect the share value

STAKEHOLDERS AND STRATEGY It has been clearly established and demonstrated by research that incorrect risk management decisions related to strategy can destroy more value for an organization than incorrect risk management decisions associated with the operations or projects undertaken by the organization. Strategic processes, therefore, need to be the most robust processes in the organization, and indeed this will be required by major stakeholder groups. Such stakeholders include financiers and other shareholders who are interested in the long-term success of the organization. Strategic core processes for a sports club may include the building of a new stadium. This would be a significant investment that will require substantial support from financiers. In order to secure support, the club will need to be aware of the expectations of the financiers and ensure that the plans for the new stadium and the financial arrangements that will be put in place fulfill the necessary stakeholder expectations. The construction phase of acquiring a new stadium will be a significant project for the club, with a different range of stakeholders to consider.

STAKEHOLDERS AND TACTICS Tactical stakeholders of an organization may be very different from those who are concerned with the organizations operations. If the tactics of an organization involve improvements to products, investment in new production techniques, response to technological changes or other developments that require a project, then finance is likely to be required. This means that financial bodies are likely to be key stakeholders in projects and similar tactical changes. Other stakeholders in projects may include building contractors and providers of other specialist professional support, such as architects. The importance of employees in the implementation of tactics should not be underestimated. Staff will also have an interest in operational issues and be major stakeholders in the organizations operations. If changes to work practices or product features are to be successfully incorporated into the operations of the organization, then the support of staff is vitally important and good communication with them is essential.

ANALYSIS OF THE BUSINESS MODEL Simplified business model In order to place risk management within the context of business operations, it is necessary to consider a simplified business model. Figure sets out the basic elements of a business model in simple terms. The first stage for an organization is to decide the strategy that it is seeking to deliver. The strategic aims will be determined by considering the mission statement of the organization, the corporate objectives and the stakeholder expectations. The organization should establish a strategy that is capable of delivering the mission statement of the organization. In other words, the strategy of the organization needs to be efficacious.

CORE BUSINESS PROCESSES There are three basic types of core process as set out. These are processes designed, implemented and managed to ensure the following: Development and delivery of strategy; Management of tactics, projects and enhancements; Continuity and monitoring of routine operations.

Efficacious strategy Effective processes Efficient operations Reporting performance

PROJECT RISK MANAGEMENT Introduction Projects will be undertaken by organizations for a number of reasons. When alterations to strategy are being planned, a project or series of projects (programme of work) will often be necessary in order to implement the revised strategy. Also, improvements to operational processes will require changes that will be implemented by undertaking a project.

There will be uncertainties within any project related to events, conditions and circumstances. The requirements of project risk management are to identify the events that could give rise to uncertainty and respond to the event appropriately. The style of risk management most relevant to project risk management is control management As well as managing the risks and uncertainties in a project, the project manager should also be looking for opportunities that may arise when certain developments within the project are more favourable than expected. Project risk management should take account of these positive developments and ensure that the structure for managing risks in projects is sufficiently flexible for the opportunities to be recognized and benefits obtained.

For example, Consider a project of building a new road where one of the bridges can be completed well ahead of schedule because of favourable ground conditions. There may be an opportunity to build the benefit of this early completion into the future project plan, so that this gain is not lost in the overall timescale for delivery of the final completed project.

Development of project risk management Project risk management is a type of control management. Projects relate to the delivery of a finite, specific or tactical product such as new: construction; products; IT systems; technology; markets.

Uncertainty in projects In order to manage uncertainty in projects, organizations have a range of possible actions they can take. An organization can decide to adopt one of the following. Accept the risk or uncertainty. Adapt processes and procedures. Adopt contingency plans and responses. Avoid the risk or uncertainty.

PROJECT LIFE CYCLE Successful management of a project of this type will require the following: Make risk management part of the project. Identify risks early in the project. Communicate about risks. Consider both threats and opportunities. Clarify ownership issues. Prioritize risks. Analyse risks. Plan and implement risk responses. Register project risks. Track risks and associated tasks.

Opportunity in projects Projects are undertaken because they represent an opportunity to be embraced or a challenge that needs to be overcome. Often a number of projects will need to be undertaken at the same time. A collection of projects of this sort is referred to as a programme. Good project planning requires arrangements to overcome unexpected events or circum-stances. This is often referred to as contingency in the budget or timescale. Contingency may be for additional time to complete a task, or additional costs that may arise to ensure that the final project deliverable operates to the required specification. As the project develops, any perceived difficulties will need to be addressed and opportunities to reduce the impact these difficulties explored.

Project risk analysis and management Project Risk Analysis and Management is a process that enables the analysis and management of the risks associated with a project Properly undertaken it will increase the likelihood of successful completion of a project to cost, time and performance objectives Risks for which there is ample data can be assessed statistically. However, no two projects are the same. Often things go wrong for reasons unique to a particular project, industry or working environment Dealing with risks in projects is therefore different from situations where there is sufficient data to adopt an actuarial approach Because projects involve a technical, engineering, innovative or strategic content, a systematic process is preferable to an intuitive approach Project Risk Analysis and Management (PRAM) has been developed to meet this requirement