The code is a practical playbook or a tool kit with best practices and guidelines around risk management. It covers two key aspects — key principles of risk management and implementation of risk management.
Ficci and Global Risk Management Institute (GRMI) collaborated to develop a ‘Model’ Risk Code for the Indian industry to guide businesses in effectively managing risks in all segments of the business.
The code is developed by a dedicated task force on risk under the chairmanship of former Sebi’s chief Damodaran. He is also the chairman of Excellence Enablers, a one-stop corporate governance advisory firm.
The code is intended for listed firms, public unlisted companies, private companies, startups, not-for-profit organisations, societies and trusts.
It is expected to help businesses in institutionalising risk management and risk mitigation systems.
Damodaran said the Indian industry should ensure that their board embed risk in their DNA.
According to him, the code should not be a tick-box exercise but the intention of the code is that corporate embraced it.
“I am not in a favour of any rules and regulations to drive companies towards this. The success of the code would be when companies take it not as a direction but more and more companies in their own understand this,” he said.
Expressing disappointment over the Companies Act 2013, the former Sebi chief said that CA 2013 does not specifically contain any provisions with respect to the constitution of a risk management committee.
Then Securities and Exchange Board of India (Sebi) had to come in that in 2017 and mandated that the top 500 listed companies in India have a risk management committee that monitors risks, he said.
Later, the regulator extended the requirement of constituting a risk management committee to the top 1,000 listed entities from 500.
In view of the COVID-19 pandemic, it was felt that proper risk management allows a company to function efficiently and facilitates its development.
The target audience of the risk code includes all those engaged in managing risk for their organisation, including the board, risk management committee, CEO, CRO and all those who are involved in an organisation’s business operations or can influence it.
Risk management is becoming an increasingly important component of business strategy with India Inc recognising its value in preventing significant failures as well as in ensuring the successful use of business opportunities to create sustainable shareholder value.
“Against the background of an evolving spectrum of risks, be it industry-specific risks, strategic ESG, operational, reporting, competition, people, reputational, compliance, physical security, data privacy or business continuity risks, there is a general consensus that being risk intelligent offers a competitive advantage to organisations,” as per the risk code.
Richard Rekhy, a board member of KPMG Dubai, believes that risk management should be driven at the top level and part of the mainstream strategy.