Beruflich Dokumente
Kultur Dokumente
risk management
Risk Consulting
March 2017
KPMG.com/in
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Foreword
Businesses today are jostling for space Although the Companies Act 2013 created a
and operating in a dynamic and constantly strong framework for risk management, it is
evolving, highly competitive environment. now incumbent on India Inc. to work on the
Heightened dependence on rapidly evolving ‘tone at the top’ and embed the culture of risk
technology, integration and access to global management across their organisations to be
markets have exposed organisations to a able to sustain the shocks of uncertainty.
plethora of risks, even as they pursue growth
This white paper is an attempt to offer
at a blistering pace.
insights into the leading trends and best
In the backdrop of regulatory, compliance practices in risk management. We believe
risks, market disruption, environment, that there are also learnings for India Inc. that
health, safety and even obsolescence of will help them weather the risks on their
business models, there is an urgent need growth trajectory and pave the way for them
for companies to alter their mindsets. The to take off to newer heights.
shift in mindset should be in the approach to
risk management from a largely compliance
and operations perspective, to a risk-based
strategy and decision making perspective.
Globally, risk management is evolving and
taking centre stage in how companies run
their businesses. While Indian companies
are also moving in that direction, they need
to quicken their pace, especially when it
comes to incorporating risk management into
business strategy and growth.
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved
1 Emerging trends in risk management
A prime example of business model disruption, is the age Source: 2016 Global CEO Outlook, KPMG International
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Emerging trends in risk management 2
Companies need to take a critical look at their risk portfolio of such analysis, shifts the focus of the question from being
and ensure that they have identified those risks and merely, ‘Does this acquisition fulfil our immediate strategic
vulnerabilities that could threaten the organisation’s overall growth ambition?’ to more importantly, ‘Does the impact
business strategy. They need to deploy future-focussed on our business model make sense in the context of our
risk assessment to reassess that strategy in the light of changing competitive/industry risk environments and the
internal and external emerging risks. For example, if an social and geopolitical context?’
organisation is planning to buy another company, approaching
Further, with the pace of change, risk management can’t be a
the transaction with not just a ‘growth lens’ but also an
one-time effort. It has to be a way of life in this VUCA world.
‘enterprise risk lens’ is vital. Viewing the risk from the prism
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved
3 Emerging trends in risk management
Source: KPMG in India, primary research data analysis Source: KPMG in India, primary research data analysis
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Emerging trends in risk management 4
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved
5 Emerging trends in risk management
Automotive
01. “Indian Agriculture Industry: an overview”, IBEF, http://www.ibef.org/industry/agriculture-india.aspx, 28 03. Society of Indian Automobile Manufacturers (SIAM), 28 February 2017
February 2017 04. “Budget 2017-18: Impact On The Indian Automotive Industry”, NDTV, http://auto.ndtv.com/news/budget-
02. “Fourth Bi-monthly Monetary Policy Statement, 2016-17 Resolution of the Monetary Policy Committee 2017-18-impact-on-the-indian-automotive-industry-1655086, 28 February 2017
(MPC), Reserve Bank of India”, RBI, https://www.rbi.org.in/scripts/BS_PressReleaseDisplay.
aspx?prid=38224, 28 February 2017
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Emerging trends in risk management 6
Capital projects and infrastructure intellectual capital with several global IT firms setting up their
innovation centres in India.6
Infrastructure sector is a major growth driver for the Indian
economy. While the sector gets some support from the
Top risks
government’s focus on development, most big players in
the industry are burdened with leveraged balance sheets
and slow moving or stalled projects. Uncertainty in land Automation is expected to be a game changer
acquisition, delays in approvals and problems with long term for companies all over the world in the next few
funding are a few challenges that constrain recovery in the Automation years. The Indian IT services industry is poised
sector5. The infrastructure sector is expected to remain to lose 6.4 lakh ‘low-skilled’ jobs7 as a result of
largely sluggish in the coming year as it remains weighed this massive transformation.
down by poorly performing assets.
IT/ ITeS
05. “Indian Construction and Infrastructure Sector”, ICRA, http://www.icra.in/Files/ticker/SH-2015-Q2-1- 07. IT sector to lose 6.4 lakh “low-skilled” jobs to automation by 2021: HfS Research”, Economic Times,
ICRA-Construction.pdf, 28 February 2017 http://economictimes.indiatimes.com/industry/jobs/it-sector-to-lose-6-4-lakh-low-skilled-jobs-to-
06. “IT & ITeS Industry in India”, IBEF, http://www.ibef.org/industry/information-technology-india.aspx, 28 automation-by-2021-hfs-research/articleshow/53052040.cms, 28 February, 2017
February, 2017 08. “IT sector to lose 6.4 lakh “low-skilled” jobs to automation by 2021: HfS Research”, Economic Times,
http://economictimes.indiatimes.com/industry/jobs/it-sector-to-lose-6-4-lakh-low-skilled-jobs-to-
automation-by-2021-hfs-research/articleshow/53052040.cms, 28 February, 2017
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved
7 Emerging trends in risk management
09. “Global Metals and Mining Outlook”, KPMG, https://home.kpmg.com/content/dam/kpmg/xx/ 12. “India’s ailing pharmaceutical industry needs a cure”, TheNational, http://www.thenational.ae/business/
pdf/2016/08/kpmg-metals-mining-outlook-2016.pdf, 28 February, 2017 economy/indias-ailing-pharmaceutical-industry-needs-a-cure, 28 February, 2017
10. “Metals and Mining Sector”, The Money Roller, http://themoneyroller.com/2016/05/10/metals-mining- 13. “Indian Pharma Industry: SWOT Analysis”, LinkedIn, https://www.linkedin.com/pulse/indian-pharma-
sector/, 28 February, 2017 industry-swot-analysis-sean-palanna, 28 February, 2017
11. “ Pharmaceuticals, sector overview”, Investindia, http://www.investindia.gov.in/pharmaceuticals-
sector/,28 February, 2017
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Emerging trends in risk management 8
Retail
14. “Centre lays out time-bound plan for listing of Central PSUs”, Indian Express, http://indianexpress. 16. “Analysing customer behaviour in retail”, Business Standard, http://www.business-standard.com/
com/article/business/business-others/centre-lays-out-time-bound-plan-for-listing-of-central- article/management/analysing-customer-behaviour-in-retail-113092200710_1.html, 28 February,
psus-4530749/, 28 February, 2017 2017
15. “Retail Industry in India”, IBEF, http://www.ibef.org/industry/retail-india.aspx, 28 February, 2017
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved
9 Emerging trends in risk management
17. “Supply chain risk management in India – practical insights” Research Gate, https://www.researchgate.net/ 20. “An overview of Indian telecom industry in 2016 and outlook for 2017” Economic Times, http://telecom.
publication/282394507_Supply_chain_risk_management_in_India_-_practical_insights, 28 February, 2017 economictimes.indiatimes.com/tele-talk/an-overview-of-indian-telecom-industry-in-2016-and-outlook-
18. “India’s Supply Chain Is Improving, But Still Has a Long Way to Go”, Supplychainbrain, http://www. for-2017/2035, 28 February, 2017
supplychainbrain.com/content/world-regions/asia-pacific/single-article-page/article/indias-supply-chain-is- 21. “ Reliance Jio free services resulted in 20 per cent revenue loss to telecom industry: Report” Economic
improving-but-still-has-a-long-way-to-go/, 28 February, 2017 Times, http://economictimes.indiatimes.com/news/company/corporate-trends/reliance-jio-free-services-
19. “Telecom Sector in India” IBEF, http://www.ibef.org/industry/telecommunications.aspx, 28 February, 2017 resulted-in-20-revenue-loss-to-telecom-industry-report/articleshow/57195140.cms, 28 February, 2017
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Emerging trends in risk management 10
FMCG
Top risks
22. “Top 6 Risks and Opportunities of Consumer Goods Companies” KPMG, https://assets.kpmg.com/content/ 24. “Top 6 Risks and Opportunities of Consumer Goods Companies”, Green World Investor, http://www.
dam/kpmg/pdf/2015/09/FICCI-Massmerize.pdf, 28 February, 2017 greenworldinvestor.com/2012/12/18/top-6-risks-and-opportunities-of-consumer-goods-companies/, 28
23. “Consumer Markets”, KPMG, https://home.kpmg.com/in/en/home/industries/consumer-markets.html, 28 February, 2017
February, 2017
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved
11 Emerging trends in risk management
Compliance requirements
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Emerging trends in risk management 12
Risk
governance
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved
13 Emerging trends in risk management
Effective risk management requires a consistent approach to model outlined in Figure 02, ERM approaches can be plotted
mature itself over a period of time. ERM practices adopted by along a ‘maturity continuum’ to understand the current
companies need to be continuously evaluated using various maturity of the ERM function as well as the journey towards
maturity models, as well as benchmarking against global attaining the next level of maturity.
standards and industry best practices. As per the maturity
Annual risk assessment Established risk assessment Risks are identified on a continuous
Risk Assessment with limited analysis, cadence, methodologies and tools basis, with real time escalation,
and Measurement interpretation and and systematic approach to analysis leveraging use of data, risk metrics,
reporting and reporting and employee inputs
Business risk reporting Regular and robust risk reporting Single comprehensive view of risk
Risk Reporting is ad hoc and designed to the Board, Audit Committee and on a real-time basis across all risk
and Insights primarily to support senior management, including on classes to all internal and external
external requirements emerging risks stakeholders
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Emerging trends in risk management 14
–– Companies are adopting risk-based strategy • Enhancing risk governance: To keep pace with the
formulation wherein opportunities are harnessed changing risk environment, boards are focussing, first
from market disruptions, including the inherent risks and foremost, on the quality of risk information they are
involved with their impact, probability of occurrence receiving. Directors continue to express concern that the
as well as adding a third dimension – velocity of change quality, including the quantity, of information they receive
–– Risk appetites are defined at corporate level in line with may hinder their oversight. As per the KPMG Global
the company’s strategic growth priorities, current risk Pulse Survey, 61 per cent of respondents expressed
profile and the total risks absorbed so far the desire for improvement in risk related information
flowing to the board.
–– Key Risk Indicators (KRIs) are defined for top business
Key Performance Indicators (KPIs) to act as an alert –– Boards are seeking a wider variety of sources to help
mechanism for approaching risks and any breach in risk minimise ‘asymmetric information risk’ – the over-
thresholds reliance on a single source of information (i.e. from
management) – including analysts, investors and outside
–– Risk appetites along with KRIs are further cascaded experts
down to business units using the Balanced Score Card
approach to keep their relevant business risks under –– Changing the Board’s committee structure and
defined tolerance levels reallocating risk oversight responsibilities to balance
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved
15 Emerging trends in risk management
committee workloads are also being considered. For sufficient. Risk awareness and risk appetite are two such
example, an IT sub-committee to look into the cyber instruments, which are deployed to drive risk culture
security related risks, which an audit and risk committee within the organisation. Risk awareness ensures that
would have looked into in the past, or a dedicated risk issues and perspectives are actively and effectively
regulatory compliance sub-committee, for companies incorporated in decision making, and this is achieved by
operating in a heavily regulated environment such as the setting the right ‘tone at the top’ by the board itself.
financial sector
–– Risk appetite provides an overarching framework for
–– Forming a standalone Risk Management Committee companies to further the cause of risk management in a
(RMC) independent of audit committee to avoid any more objective manner
conflict of interest as risk management processes are
–– The board is ultimately responsible for overseeing
subject to internal audit procedures
the definition of risk appetite and the corresponding
–– Designating CRO with direct reporting lines to RMC to organisational culture. Board members need to have
avoid any conflict of nterest with executive management. a clear understanding of the desired culture and
The CRO may have a dotted line reporting to CEO measurement approach
–– Internal audit and other lines of defence are integrated –– The risk management function is responsible for
well to provide a holistic view of risks faced and managed ensuring that risk culture is embedded well in the overall
by the company. organisational culture and also appropriate systems are
implemented to drive the desired risk culture.
• Creating a risk resilient culture: Embedding risk
culture in the DNA of the organisation is a prerequisite –– Internal audit should define an audit methodology
for a successful and effective risk management to measure the appropriateness, adequacy and
programme. Most organisations utilise their entity effectiveness of the risk and control environment.
level instruments to direct the desired behaviour and
risk culture in the organisation. However, that is not
Cultural drivers
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Emerging trends in risk management 16
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved
17 Emerging trends in risk management
Key takeaways
Our primary research has revealed perceptions of the • As far as strategic alignment of risk management is
risk being faced by Indian companies across sectors, and concerned, most companies claim to have aligned their
has provided deeper insights into how effective the risk risk management with business priorities and growth
management practices are on the ground and how leaders objectives. However, the true potential of strategic
are marking the way. alignment with risk is still to be realised. Market leaders
are seen taking adequate steps in that direction by
• Expectations from risk management are outpacing
forming joint strategy and risk committees, and by
ERM capabilities. Improvement in the maturity of risk
putting risk management discussions on the Board
management programmes is expected to equip the
agenda
organisations in addressing the entire risk spectrum in a
cohesive manner • Risk ‘early warning systems’ are implemented by market
leaders to track ‘signals of change’ which are disruptive
• Risk governance for many is still in the hands of
in nature. Contributing back strategy and planning team
executive committee members, which leads to divided
to drive the risk-based strategy agenda
attention as well as conflict of interest, especially when
their own function is in the line of fire owing to any • Risk appetite is another area of improvement for
serious risk incident companies climbing the risk maturity curve. Some
organisations still view it solely as a line not to cross,
• Adopters of risk management are positively responding
whereas leading organisations have successfully
to the call of ‘integrated assurance’, aligning all three line
implemented it, pushing the risk limits further in search
of defence in the company such as business units, risk
of greater rewards
management and the audit committee
• Companies Act 2013 has greatly contributed to enhanced
• Some companies still consider operational and
awareness about risk management by clearly delineating
profitability risks among the top five risks. However,
the responsibilities for Board members including
market leaders are proactively evaluating emerging risks
independent directors. It is up to the Boards now to be
such as business model disruptions, cyber security,
proactive and lead from the front on risk matters, not just
social media threats to brand and reputation, advent of
for value protection but also value creation by considering
robotics, artificial intelligence and cognitive computing,
the risk-based strategy approach.
etc.
Conclusion
The world has changed in the last decade. From an While businesses and entrepreneurship cannot be fostered in
explosion of information, technological revolutions, digital an environment of fear and trepidation, organisations can also
transformations to the rise and fall of large business no longer afford to be flippant or dismissive about the new
institutions, the global economic meltdown, regulatory realities that they are operating in.
tightening, all only outpaced by the evolution of newer and
Companies that make informed choices and exercise
more ominous forms of risk.
discretion, with appropriate risk mitigation mechanisms, are
As the dust begins to settle, there is a new awareness with the ones that will be ready to take on new challenges head-on
which businesses globally are treading the path of growth. and are the ones likely to eventually succeed.
One where risks are taken mindfully after careful calibration,
where they can be either converted into opportunity, or
mitigated before they can cause any permanent damage.
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Emerging trends in risk management 18
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved
Acknowledgments
KPMG India Team:
Mritunjay Kapur
Pankaj Arora
Suangna Singh
Abhishek Tiwari
Sameer Hattangadi
Rukmani Vishwanath
Sachin Vichivora
Priscilla Sundar
Ajay Nainy
Aman Sharma
Iqra Bhat
Jatin Rishi
Kanika Sachdeva
Meeta Gulati
Vivek Malekar
Rishabh Rane
Rasesh Gajjar
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved
KPMG in India contacts:
Nitin Atroley
Partner and Head
Sales and Markets
T: +91 124 307 4887
E: nitinatroley@kpmg.com
Mritunjay Kapur
Partner and Head
Risk Consulting
T: +91 124 307 4797
E: mritunjay@kpmg.com
Pankaj Arora
Partner
Governance, Risk and Compliance Services
Risk Consulting
T: +91 124 307 4796
E: pankaja@kpmg.com
KPMG.com/in
Follow us on:
kpmg.com/in/socialmedia
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely
information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without
appropriate professional advice after a thorough examination of the particular situation.
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss
entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International.