Listed companies have “started getting down to the business” of establishing or improving their risk management system following changes to the Hong Kong stock exchange’s Corporate Governance Code.
The code became effective on January 1 and it is aimed at better managing risk. Listed firms have adopted the latest changes to the code with varying degrees of enthusiasm, say two experts.
“Listed companies have started getting down to business to establish or improve their risk management system, including adopting a systematic risk management framework, and setting up an organised structure to support the change initiative, for example, appointing a risk management committee or department,” says Eugene Ha, deputy managing partner at Grant Thornton.
One key change has been the requirement for an internal audit function which needs to be explained to shareholders. “So, a company can no longer be wishy-washy about how they run the company – everything of this nature has to be disclosed,” says Patrick Lo, partner of Risk Advisory Services at RSM
“The trend is towards a tightening in the supervision of listed companies and increased imposition of obligations, and towards greater disclosure so that the general public is aware of what the company is doing.”
The Hong Kong Exchanges and Clearing’s (HKEX) aim is towards more emphasis on maintaining a sound corporate governance structure regardless of the size of the company.
“Some smaller issuers with limited resources choose to either co-source or seek technical support from professional accounting firms, which could be a flexible and cost-saving approach to obtain the specialised skills within a short period of time,” Ha says. Variations in the size, complexity and business operations of listed companies has been one of the reasons for the lack of a prescribed model.
“[Businesses] adopt a practice that suits their needs and resources level. For example, companies with a larger market capitalisation, or [those in] more sophisticated industries such as financial institutions, would be more proactive in their response to the change of the Corporate Governance Code and choose to provide higher levels of transparency and disclosure with an aim to enhance their corporate image. Many of these companies would have their own in-house risk management and internal audit functions,” Ha says.
Smaller companies are more inclined to outsource to external service providers too, Lo says. “Smaller companies usually have limited resources and their businesses and operations are not very complex, and it might not be justified to have full team of internal audit and risk management functions set up in the company. Engaging [an] external service provider to help the company to meet the minimum governance and reporting requirement is common among smaller companies.”
Despite having been implemented for only the past eight months, changes are already being noted. “Some companies have started early adoption to provide greater level of disclosure on risk management, for example, framework, process and frequency of review. Risk factors are more widely discussed; some companies even provide descriptions [of] remediation measures to boost investors’ confidence,” Ha says.
“Real changes are being undertaken to manage risks, improve operational efficiency, protect the environment and contribute to the community.”