<div>A recent Ernst & Young global survey showed that 75 per cent of the companies with a turnover of $500 million and more across 24 industry sectors find strong risk management essential for their long-term growth. Talking to <strong>BW's Joe C Mathew,</strong> <strong>Randal J Miller, Global Risk Leader, Advisory Services, Ernst & Young Global Ltd</strong> and <strong>Ram Sarvepalli, Chief Operating Officer, Advisory Services, Ernst & Young Pvt Ltd</strong>, explain why the risk management mechanisms have become the key to the growth plans of companies. The rule is applicable not just for the big players, but is also relevant to smaller enterprises, they argue.<br /><br /><em>Excerpts:</em><br /><br /><strong>What do you think of the ongoing inquires of German Adidas into the financial accounts of its Indian subsidiary Reebok India or the US-based Walmart’s probe into the alleged bribery issues within Bharti-Walmart? Do you think adequate risk management practices could have avoided this?</strong><br /><strong>Sarvepalli: </strong>We would not like to make any company specific comments. The larger issue here is that whether you are an Indian company or a global company, when you are present across geographies, you would like to have an easy structure and low cost of doing business. But you should also understand the country specific risks and be prepared to manage it. For a multinational company wanting to operate in 10–15 Indian states, there are a plethora of local legislations to be followed and local approvals and compliances to be taken. Therefore, having a framework and a structure (for risk management) helps you address it in a simplistic manner at one level, but also tells you what all things that you can or cannot do.<br /><br /><strong>What’s the advantage of the system if it cannot prevent risks?</strong><br /><strong>Sarvepall</strong>i: Risk assessment helps you do businesses ethically. It will also help the company deal with risks, if something arises. An issue doesn’t mean that there is something wrong. In eight out of 10 cases, it only proves someone did not understand (the ethical compliance structure) very well. In some other cases, they might have failed to translate them into action. So a good (risk management) framework helps you do business in a consistent way over a long period.<br /><br /><strong>Miller</strong>: Companies that have strong risk assessment systems and processes around its management could perform better. In order to try and validate this point of view, we did a recent global study with 500 companies in a variety of industries (including 50 Indian firms). We looked at over 2,000 sets of reports and found that our point of view was true in terms of data. The companies that did have strong, robust, working risk management systems performed 20 per cent better in terms of bottom line than the others that didn’t have the system. We also found that institutional investors will pay a premium for those companies that had strong set of risk management functions.<br /><br />So companies that have a strong set of controls have an advantage from an operational perspective, and also value creation perspective. That applies for small companies and larger entities.<br /><br /><strong>How does it help small entities given the cost involved?</strong><br /><strong>Miller:</strong> The reporting requirements of small and big firms are almost similar. But, reputational risk say around a scandal or inappropriate payment, could be more harmful for a small enterprise one such incident can directly bring down a small enterprise very quickly. For a larger company, the outcome may be the same, but it may have more resources to manage that. So from my perspective, globally, risk is equally important across the spectrum of business size. It’s just the degree of formality that differs. <br /><br /><strong>What do you offer as part of your risk advisory services?</strong><br /><strong>Sarvepalli:</strong> These are directly linked to the client’s situation. We spend a lot of time helping our clients develop processes and systems that are focused on the risks that are there in their businesses. The idea is to make sure that there is a good, prioritised, set of identified risks. Though, one of the big lessons I learned is that those processes and systems are only as good as the people who are following it. Thus, people should develop a mindset within their hearts and minds, have risk assessment as part of their performance, and there should be accountability from the lowest ends of the business to the top. It helps avoid blowups in the system.<br /> <br /><strong>Miller:</strong> We are spending a fair amount of time helping our clients on compliance review around risks to make sure they avoid big issues. We are also helping our clients to tie their risk management framework together, and to help them add some business value using those risk management systems. It could be cost reduction ideas, or market entry strategies etc<br /> </div><div><strong>How is it important from a strictly India perspective?</strong></div><table width="200" cellspacing="8" cellpadding="8" border="0" align="right"><tbody><tr><td><img width="200" height="200" src="/image/image_gallery?uuid=23ad82a8-62d2-49ed-9c23-fc04b68145f1&groupId=36166&t=1360004408860" alt="" /></td></tr><tr><td><strong><span style="color: rgb(128, 128, 128);">Ram Sarvepalli, COO, Advisory Services, Ernst & Young Pvt Ltd</span></strong></td></tr></tbody></table><div><strong>Sarvepalli:</strong> It’s (important) at three levels. One, if you are a listed company, you are mandated by the listing agreement that you cannot list without a risk management system in place. Two, if you want to expand rapidly, and are seeking money, people do ask for this, especially private equity or institutional investors. Increasingly, banks are also taking a look at how companies are balancing their risks. And third, it is needed for people who have built their reputation in one line of business and want to expand to a new line of business, as because of their expansion, they are not only entering a new terrain of unknown risks, but also inviting a reputational risk over the existing ones. If an incident were to happen in one company, it will impact the brand as a whole. Therefore they have to be careful about it.<br /><br /><strong>What are the risks that you foresee at global level?</strong></div><div><br /><strong>Miller: </strong>With social media and cloud (international business environment) all is changing… We have a series of processes that we refresh every year to identify the top 10 risks. We can have a general top 10, it can be tailored by sector. The top three or four are similar across sectors. Geopolitical risks are also there. Environmental risks are almost universally in top 5. Taking these risks and actually twisting them country by country to put in a strategy to win is what risk management does. Since we have been in developing markets for a long time, our advice is not how to enter these markets, but how to win in these markets, how to balance risks and put a winning strategy. That’s where we spend a lot of time.<br /> </div><table width="200" cellspacing="8" cellpadding="8" border="0" align="left"><tbody><tr><td><span style="font-size: larger;"><strong><span style="color: rgb(0, 0, 255);">"If you make a mistake in the US or China, it’s in the news the next morning in India or vice versa"</span></strong></span></td></tr></tbody></table><div><strong>How important, from a revenue perspective, is risk advisory business for E&Y?</strong><br /><strong>Miller:</strong> Our risk practices are very significant parts of our business. Of the 30,000 to 40,000 people we have hired globally in our advisory practices, around 15,000 are specifically looking at risk advisory practices. So it’s huge. Our functional and IT risk practice together generates $2.5 billion (in terms of annual revenues). We are investing very heavily in our risk practices. In India, we are the market leaders with substantial revenue growth.<br /><br /><strong>Sarvepalli</strong>: We have roughly 1,800 people in our risk practice (vertical) here (India). Telecom, technology, government and financial services, automobile and consumer products are all important segments that are undergoing big changes in terms of stability, prices, market, technology…and hence newer areas of risk management. Similarly, we are very strong in the media / entertainment segment. In an environment that we have today, people are paying much (attention) on compliance and less on expansion. When the growth will be accelerated, it (the focus) will shift again to expansion.<br /><br /><strong>What is the primary requirement of Indian companies?</strong><br /><strong>Sarvepalli:</strong> In the last two or three years, we have been working with a lot of Indian companies that are going overseas. People are going to Africa, or companies are acquiring firms in Latin America. We help them manage the risks from those markets. Similarly, we do a lot of work around compliance for technology companies. A technology company must be dealing with visa regimes of 30–40 companies. How do they manage all those compliances sitting out of India? We have been helping companies do that for big IT majors. If there is a pharmaceutical company, you have to manage the risk of delivering the same quality of medicines globally as different standards for different markets no longer apply.<br /><br /><strong>How long will be such assignments?</strong><br /><strong>Sarvepalli:</strong> It will vary depending on the type of assignment. In many cases, we would love to start the lifecycle of the relationship looking at the risks, then finding a risk management strategy, helping them in implementing those strategies, either by themselves or through outsoucing. So relationship can go from short term of six months to 12 months to build the risk management strategy or a multi-year or long term strategy, relationship where 3 years will be the base.<br /><br /><strong>What do Indian companies prefer?</strong><br /><strong>Sarvepalli</strong>: India is in stage 2. Lot of people are engaged in creating a framework. Maybe people thought they will do it once in two-three years. But the time cycle is shortening and they do it more often. Another major reason is that everything is more global today. If I make a mistake in the US or in China, it’s in the news the next morning in India or vice versa. So I can no longer manage each territory separately, as someone makes an assumption that the thing works well or doesn’t work well is universally acceptable. I think that is one big trigger for lot of companies to take a much differentiated approach to this business.<br /><br /><br /><br /> </div>