The third annual Shipping Risk Survey from Moore Stephens confirms that the effective management of risk within the industry has improved slightly over the past 12 months. But shipping still needs to up its game in terms of managing its exposure to risk, which is increasing and changing in nature, not least in terms of the threat posed by cyber security.
Respondents to the survey rated the extent to which enterprise and business risk management is contributing to the success of their organisation at an average 6.8 out of a possible score of 10.0, compared to 6.6 last time. Charterers returned the highest rating (8.8) in this regard, followed by owners (6.9) and ship managers (6.8). Brokers returned the lowest rating at 6.3. Geographically, Europe (7.0) was ahead of Asia (6.6), but it was the Middle East which returned the highest figure, at 7.8.
Overall, respondents rated the extent to which enterprise and business risk was being managed effectively by their organisations at 7.1 out of 10.0, up from the rating of 7.0 recorded last time and indeed in the inaugural survey in August 2015. Charterers (8.8) expressed the highest level of confidence in this regard, followed by owners (7.3) and managers (6.9). In the previous survey, charterers recorded the lowest rating (6.5) of the main respondent types.
Demand trends were deemed by the greatest number of respondents to pose the highest level of risk, closely followed by competition and the cost and availability of finance. Demand trends were thought to pose the highest level of risk for owners, charterers and brokers, while for managers it was competition that topped the list.
Geographically, demand trends were the number one concern in Europe, Asia and the Middle East, while respondents in Latin America and North America identified competition as posing the highest level of risk.
Respondents to the survey felt that the level of risk posed by most of the factors which impacted their business would remain largely unchanged over the next 12 months, with the exception of ballast water management legislation, cyber security, geopolitics, operating costs and other changes to laws and regulations, which were all perceived to have the potential for increased risk.
Overall, 69 per cent of respondents (unchanged from last time) felt that the senior managers in their organisations had a high degree of involvement in enterprise and business risk management. Meanwhile, 22 per cent (up from 20 per cent previously) said that senior management's involvement was limited to "periodic interest if risks materialise", while seven per cent (down from 10 per cent last time) noted that senior management, "acknowledged but had a limited involvement in", enterprise/risk management. Just two per cent (marginally up on the 2016 figure) said that senior management had no involvement whatsoever.
Overall, 30 per cent of respondents (compared to 35 per cent in the previous survey) confirmed that such risk was managed by means of discussion without formal documentation, while 45 per cent noted that risk was documented by the use of spreadsheets or written reports, compared to 41 per cent previously. Internally developed software was employed by 10 per cent of respondents (17 per cent last time) to manage and document risk, while 14 per cent used third-party software, as opposed to just five per cent at the time of the previous survey.
On a scale of 1.0 to 10.0, estimates of claims and provisions (up from 4.2 to 4.3) were deemed the factor most likely to result in a material misstatement in companies' period-end financial statements. Next came impairment involving vessels in use (up from 4.0 to 4.1), changes to legislation (down from 4.2 to 4.1), and reliance on spreadsheets for financial reporting (up from 4.0 to 4.1). Loan covenant non-compliance, meanwhile, was up from 3.8 to 4.0.
A stand-alone survey question addressed only to publicly traded companies revealed that 80 per cent of such organisations had a dedicated audit committee in place. Respondents in two-thirds of those companies, meanwhile, confirmed that their audit committees met on a quarterly basis to discuss risks, while 22 per cent reported that such meetings were held annually.
"Embedding proper and effective risk management controls into daily operating procedures is a huge challenge for companies in the shipping sector, where high risk levels are an accepted and fundamental part of the industry," commented Michael Simms, Moore Stephens partner, Shipping Industry Group. "This is particularly the case, as is now, when the industry is ultra-competitive and grappling with an imbalance in tonnage supply and demand, and when wider global economic conditions remain extremely tough.
"In such a scenario, it may be tempting for companies to take their eye off their exposure to risk in pursuit of retaining or securing new business. And although the survey suggests that is not the case, it also reveals that the standard of risk awareness and response capability in many shipping companies is below the required levels.
"The good news is that there is greater acknowledgement that sound enterprise and business risk management is contributing to the success of those shipping organisations which responded to our survey. More companies are now formally documenting the way in which such risk is managed, with a healthy level of involvement by senior management. Moreover, there has been a noticeable increase in the deployment of third-party software to manage exposure to risk.
"But the survey results show that there is still room for improvement. As the level of risk is not only increasing but also changing in nature, there is a need for companies engaged in the shipping industry to up their game in terms of implementing effective corporate governance systems, monitoring procedures and maintaining controls throughout their organisations.
"The factors identified by respondents to the survey as being most likely to result in a material misstatement in their accounts were unsurprising – particularly claims estimates and impairment. The same is true of factors posing an increased level of risk to business over the next 12 months, including operating costs, ballast water management legislation, and cyber security.
"There is nothing new about the challenge posed by operating costs, which are as old as shipping itself. Such costs may have fallen over the past four recorded years, but it is unlikely that this will continue, particularly given the need to meet increasingly onerous legislative and regulatory demands, and continually escalating crew costs. But the need to invest heavily in measures to preserve the environment, and to protect against the threat of cyber-attack, are more recent developments which change the risk landscape for the shipping industry.
"IMO recently approved an extension to the implementation date for the Ballast Water Management Convention, but it is a delay rather than a reprieve for owners and operators. Meeting the cost of compliance over the coming decade represents an enormous challenge.
"The threat to cyber security within the shipping industry, meanwhile, grows apace. Ship operation is becoming an increasingly digitalised business, calling for cyber risk management both on board and ashore. IT systems and onboard operational technology are increasingly being networked and connected to the internet, resulting in a heightened risk of unauthorised access to ships' systems and networks.
"The effective management of risk is fundamental to both safety and commercial success in the shipping industry. The level of effective management of risk must continue to improve. The challenge for companies operating in the shipping sector is to balance risk awareness and risk management with the pursuit of commercial success in an industry which traditionally rewards success commensurate with the informed and acceptable taking of risk. Those who fail to meet this challenge may pay a heavy price in terms of performance, and even survival."