In today’s highly competitive and volatile environment, risk is an integral part of every business. Occurrence of unanticipated risks and ad-hoc handling of events increase the impact of risks due to poorly planned / executed responses. While some elements like financial risk, exchange risk, health and safety have traditionally been assessed, other more important elements particularly strategy are often not covered. This piecemeal approach leaves the organisation exposed to significant uncovered risks. Proper risk management provides a mechanism for identifying risks which represent potential pitfalls. There is a need to adopt holistic approach to risk management. This is where Enterprise Risk Management aka ERM fits in.

ERM is the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization’s short and long-term value to its stakeholders.

As stated by the former SEBI Chairman Mr M Damodaran, “risk management should be in the day-to-day DNA of a company”.

FICCI and Global Risk Management Institute (GRMI) have collaborated to develop a ‘Model’ Risk Code for the Indian industry to guide businesses in effectively managing risks in all segments of the business. This code was released recently. It is like a toolkit covering risk management and its implementation.

SEBI mandates that the top 1000 companies listed must have risk management procedures. But it can be taken up by any company voluntarily.

As stated by Mr. M Damodaran, “The success of the risk code will be when people look at it, not as a direction or something that is mandated, but as the distilled wisdom of persons in corporate India and see how to apply that to their own corporate.”

However small or big the company may be, risk management should be equally important. The intention of release of this risk code is that the organizations should start realizing the importance of this process on their own and not wait for the regulators to make it mandatory.

As risks were always there with all the organizations. But the time has come that we deal with it strategically. The purpose of this toolkit is to ensure that the top management has an effective model to embed risk management into their DNA.

If we think of the risks faced by an organization in any industry, it can be broadly categorized as Financial, Operational, Strategic, Hazard and Reputational risks. Risk of the entire organization is not the simple sum of individual risk elements. Many of the risks are interdependent. Once the risks are identified, assessing how certain risks will impact the performance of key processes is important for risk prioritization. In this context, risks are prioritized in order of their severity. Following this, risk responses are selected based on an assessment of the potential for risk that has been identified. Results of this part of the process are typically reported to the key stakeholders. By reviewing the performance of risk management processes, organizations can determine how well the risk management program is working, including whether or not changes are needed.

The actuarial profession has a strong history of modelling and managing traditional risks such as mortality. By bringing these modelling techniques into an ERM framework, actuaries are able to apply their skills in a new area, and provide insights that may not be present from other disciplines. Actuaries can also apply their expertise in risk mitigation and identify ways to exploit risk opportunities for the betterment of the organization.

If we think from an organization’s perspective effective Risk Management can help in confidence building with the customers/ investors which can definitely boost up the brand – value. It has other business benefits as well. With a greater control on risks, capital can be used more efficiently. ERM can help to react faster to risk events, resulting in greater control over the outcome and reduce potential losses.

The beauty of Risk Management is that it is not industry-specific and can be applied to any industry as the risks are faced by all the industries. It is not a single checklist or a fixed set of steps; it is an ongoing process of collecting and assessing information from internal and external sources, across all parts of an organization. It is a culture which any organization can adopt and enhance its brand value.


Damodaran: Risk management should be in company’s DNA: former Sebi chief M Damodaran – The Economic Times (
Risk management must be driven by understanding of what is good for corporate: Ex-chairman Sebi | Business Insider India