Over the years, the attention to the basic tenets of corporate governance has radically increased.
In response to the requirements of supporting business leaders in managing organizations and in protecting the various stakeholders towards the evolution of the political, economic and social environment, guide lines and reference models in the field of corporate governance have been issued.
Within this body of rules, risk management plays a main role. It relates directly to the recognition of the strategic connotations of corporate governance as the means to achieve business targets, according to the rights and expectations of stakeholders.
Since the mid-nineties onwards, the themes of risk management and corporate governance are strictly intertwined and almost coincident: the systematic management of risks has become a synonym of a "healthy" management of the business. At the same time, the techniques of risk analysis, historically associated with assessing financial risks, have been revised or replaced by methods that pervade the organization in depth. Along with the use of specific and complex control models (i.e. the experience of the Code of Conduct of the Italian Stock Exchange), responsibility for risk management is placed at the level of senior management. In some countries, such as Germany, Australia and New Zealand, these indications reached the level of compulsory requirements as national legislation asks all companies to have an operational risk management system.
From the above, the close link between corporate governance and risk management is absolutely clear. It has to be considered not only as an operational practice but rather as an essential component of decision making, based on the continuous development of definition systems and, therefore, of the top management responsibility.
The management of the company risk profile requires the knowledge of:
- the risk system affecting the enterprise;
- the nature and intensity of the different types of risks;
- the probability of occurrence of each risk and its expected impact;
- the mitigation strategies of the different types of risks.
To ensure that the approved, deliberated and planned risk management strategies are executed in an effective and efficient way, the company's top management shall periodically review and, if necessary, implement corrective and/or preventive action with regard to:
- reliability of existing systems for the identification and assessment of risks;
- effectiveness of internal control systems to monitor risks and their possible evolution.
Corporate governance is thus to be seen as the strategic platform on which the tactical and operational system of risk & control acts, i.e. the set of processes, tools and resources at all levels of the organization to ensure the achievement of corporate objectives. On these arguments, it is appropriate to consider that the application of a system based on the principles of risk & control governance allows the creation of a virtuous circle of performances that has a positive impact on the environment inside and outside the company, beyond regulatory requirements.
Management has the responsibility to plan, organize and direct initiatives to ensure the achievement of company goals, in terms of:
- definition of business and government targets;
- formulation of strategies to reach business and government targets;
- effective and efficient use of the resources of the organization;
- relevance and reliability of financial and operational reporting;
- protection of company assets;
- compliance with laws, regulations, contracts and corporate ethical standards;
- protection of ethical and social values.
The management acts through a regular review of its objectives, changes in processes according to changes in the internal and external environment, promoting and maintaining a business-oriented culture and a climate.
- 1120 reads
