To begin with, corporate governance was aimed at protecting the interest of non-controlling shareholders from the opportunistic behaviour of controlling shareholders and managers - but this has evolved over the years.
While protecting non-controlling shareholders' interests remains important, corporate governance is also about directing and monitoring the management in order to improve the chances of a company achieving the core purpose stipulated in its mission statement, helping it recover from crises and ensuring it continues to exist. Therefore, in a well-governed company, the management and the board focus on making the company resilient.
A company whose fundamentals are strong recovers quickly from crises. For example, Satyam Computers, now a part of Tech Mahindra, could bounce back strongly after the scam because of its strong fundamentals. Toyota Motor Corporation (Toyota) switched to its crisis mode on many occasions - for instance in 2009, sparked by unintended acceleration and supply-chain problems - but has also managed to bounce back.
The board of directors, or simply the board, should periodically review important sub-systems, such as supply-chain management, when the going is good in order to ensure that the fundamentals are strong. Financial and non-financial performance measures, which are used at the dashboard level, may not reveal weaknesses in sub-systems when the company is performing well.
Resilience is the capacity to anticipate and respond to changes to survive and also to evolve by seizing opportunities hidden in a crisis. Strong fundamentals may not be enough to make a company resilient.
Securities and Exchange Board of India requires every listed company to have a risk-management committee. A risk-management system cuts across the organisation. It identifies risks in achieving the entity's objectives and provides inputs to the management to develop strategic responses to avoid surprises.
Risks arise because information deficiency makes it difficult to understand the likelihood or impact of certain events.
COSO's integrated risk management framework, which is the most commonly used framework, requires an entity to decide its risk appetite (the level of risks that the entity is willing to accept), set objectives, identify (predict) events that might occur in future and risk achieving objectives, develop risk responses (avoid, share, reduce or accept), establish controls to mitigate risks that remain with the entity and to establish a robust information and communication system and a monitoring system.
The effectiveness of this framework depends on the ability of the entity to predict events and to assess their likelihood and impact. The current practice is to make predictions based on the past trends and information available in the internal and external environment. This practice delays identification of events not easily predictable. Therefore, it is not effective for managing risks and seizing opportunities arising from disruptions caused by mega trends.
Mega trends are demographic and social changes, climate change and resource scarcity, technological breakthrough, rapid urbanisation and shift in economic power from the West to the East. Companies should build the capability to detect possible disruptions from mega trends early. There is an urgent need to take the integrated risk management to the next level. It requires that the sustainability and risk-management functions develop a common language and work together. The board has to push for that integration.
Unfortunately, when the management achieves continuous success with the current strategy, it fails to detect the early signs of disruptions. Continuous success can make the management arrogant and take it to denial mode. The board has to play an important role in taking the management out of this quagmire.
Every board has to find its own ways to deal with this. One solution is that the board ensures diversity. A board with diversity of knowledge and skills is in a better position to understand possible disruptions.
However, a large board can be unwieldy. Ideally, the size of the board should not exceed 10. Therefore, the board may not have experts from all the fields. In order to bridge the knowledge gap, it should invite experts from different fields, periodically, to understand possible disruptions and how those might impact the business. The board may also form a shadow executive committee with young and talented executives. The committee will identify likely disruptions, evaluate current strategy and generate new ideas for the consideration of the board.
The shadow executive committee has the advantage that it does not own the strategy and therefore, it can review it objectively.
The board's new responsibility is to make a company resilient.
The writer is chairman, Riverside Management Academy Private Limited, and professor and head, School of Corporate Governance and Public Policy, Indian Institute of Corporate Affairs