Effective management of risk within the industry has improved slightly over the past 12 months, according to the third annual Shipping Risk Survey from international accountant and shipping adviser Moore Stephens. But shipping still needs to up its game in terms of managing its exposure to risk, which is increasing and changing in nature, not least in terms of the threat posed by cyber security, Moore Stephens says.
Survey respondents rated the extent to which enterprise and business risk management is contributing to the success of their organization at an average 6.8 out of a possible score of 10, compared to 6.6 last time. Charterers returned the highest rating (8.8) in this regard, followed by owners (6.9) and ship managers (6.8). Brokers returned the lowest rating at 6.3. Geographically, Europe (7) was ahead of Asia (6.6), but it was the Middle East which returned the highest figure, at 7.8.
Overall, respondents rated the extent to which enterprise and business risk was being managed effectively by their organizations at 7.1 out of 10, up from the rating of 7 recorded last time and indeed in the inaugural survey in August 2015. Charterers (8.8) expressed the highest level of confidence in this regard, followed by owners (7.3) and managers (6.9). In the previous survey, charterers recorded the lowest rating (6.5) of the main respondent types.
Demand trends were deemed by the greatest number of respondents to pose the highest level of risk, closely followed by competition and the cost and availability of finance. Demand trends were thought to pose the highest level of risk for owners, charterers and brokers, while for managers it was competition that topped the list.
Geographically, demand trends were the number one concern in Europe, Asia and the Middle East, while respondents in Latin America and North America identified competition as posing the highest level of risk.
Respondents to the survey felt that the level of risk posed by most of the factors which impacted their business would remain largely unchanged over the next 12 months, with the exception of ballast water management legislation, cyber security, geopolitics, operating costs and other changes to laws and regulations, which were all perceived to have the potential for increased risk.
Overall, 69 percent of respondents (unchanged from last time) felt that the senior managers in their organizations had a high degree of involvement in enterprise and business risk management. Meanwhile, 22 percent (up from 20 percent previously) said that senior management’s involvement was limited to “periodic interest if risks materialize”, while 7 percent (down from 10 percent last time) noted that senior management “acknowledged but had a limited involvement in” enterprise / risk management. Just 2 percent (marginally up on the 2016 figure) said that senior management had no involvement whatsoever.
Overall, 30 percent of respondents (compared to 35 percent in the previous survey) confirmed that such risk was managed by means of discussion without formal documentation, while 45 percent noted that risk was documented by the use of spreadsheets or written reports, compared to 41 percent previously. Internally developed software was employed by 10 percent of respondents (17 percent last time) to manage and document risk, while 14 percent used third-party software, as opposed to just 5 percent at the time of the previous survey.
On a scale of 1 to 10, estimates of claims and provisions (up from 4.2 to 4.3) were deemed the factor most likely to result in a material misstatement in companies’ period-end financial statements. Next came impairment involving vessels in use (up from 4 to 4.1), changes to legislation (down from 4.2 to 4.1), and reliance on spreadsheets for financial reporting (up from 4 to 4.1). Loan covenant non-compliance, meanwhile, was up from 3.8 to 4.
A stand-alone survey question addressed only to publicly traded companies revealed that 80 percent of such organizations had a dedicated audit committee in place. Respondents in two-thirds of those companies, meanwhile, confirmed that their audit committees met on a quarterly basis to discuss risks, while 22 percent reported that such meetings were held annually.
Michael Simms, Moore Stephens partner, Shipping Industry Group, says, “Embedding proper and effective risk management controls into daily operating procedures is a huge challenge for companies in the shipping sector, where high risk levels are an accepted and fundamental part of the industry. This is particularly the case, as is now, when the industry is ultra-competitive and grappling with an imbalance in tonnage supply and demand, and when wider global economic conditions remain extremely tough.
“In such a scenario, it may be tempting for companies to take their eye off their exposure to risk in pursuit of retaining or securing new business. And although the survey suggests that is not the case, it also reveals that the standard of risk awareness and response capability in many shipping companies is below the required levels.
“The good news is that there is greater acknowledgement that sound enterprise and business risk management is contributing to the success of those shipping organizations which responded to our survey. More companies are now formally documenting the way in which such risk is managed, with a healthy level of involvement by senior management. Moreover, there has been a noticeable increase in the deployment of third-party software to manage exposure to risk.
“But the survey results show that there is still room for improvement. As the level of risk is not only increasing but also changing in nature, there is a need for companies engaged in the shipping industry to up their game in terms of implementing effective corporate governance systems, monitoring procedures and maintaining controls throughout their organizations.
“The factors identified by respondents to the survey as being most likely to result in a material misstatement in their accounts were unsurprising – particularly claims estimates and impairment. The same is true of factors posing an increased level of risk to business over the next 12 months, including operating costs, ballast water management legislation, and cyber security.
“There is nothing new about the challenge posed by operating costs, which are as old as shipping itself. Such costs may have fallen over the past four recorded years, but it is unlikely that this will continue, particularly given the need to meet increasingly onerous legislative and regulatory demands, and continually escalating crew costs. But the need to invest heavily in measures to preserve the environment, and to protect against the threat of cyber-attack, are more recent developments which change the risk landscape for the shipping industry.
“IMO recently approved an extension to the implementation date for the Ballast Water Management Convention, but it is a delay rather than a reprieve for owners and operators. Meeting the cost of compliance over the coming decade represents an enormous challenge.
“The threat to cyber security within the shipping industry, meanwhile, grows apace. Ship operation is becoming an increasingly digitalized business, calling for cyber risk management both on board and ashore. IT systems and onboard operational technology are increasingly being networked and connected to the internet, resulting in a heightened risk of unauthorized access to ships’ systems and networks.
“The effective management of risk is fundamental to both safety and commercial success in the shipping industry. The level of effective management of risk must continue to improve. The challenge for companies operating in the shipping sector is to balance risk awareness and risk management with the pursuit of commercial success in an industry which traditionally rewards success commensurate with the informed and acceptable taking of risk. Those who fail to meet this challenge may pay a heavy price in terms of performance, and even survival.”