With a rise in business complexities, organizations are broadening their focus of risk management beyond finance. So far, capital alone was considered to be a big risk for businesses. While that still continues to be true, a set of new risk categories are increasingly gaining prominence. Reputation, ethics and talent, to name a few, are considered to be big risks forcompanies today, even as the role of a CRO (chief risk officer) is making a grand debut in corporate corridors."A plethora of new-age risks, when they materialize, have the ability to set the businesses off their course from achieving the deliverables they owe to their various stakeholders," said Nitin Kini, director, KPMG, adding: "It is important to be alive to the changes wherever they may occur - the impact of competitor/regulator action, changes in technology/innovation or the ability to respond to and recover from calamities."Companies are realizing the importance of building capability to anticipate and respond to a variety of risks. Maruti India has a CRO and so does Mahindra & Mahindra (M&M). Maruti has taken steps to improve its 'risk consciousness', while the Godrej Group has identified 'damage to reputation' as an important risk factor."Our group chairman felt the need to ensure that the group should never compromise on its core value proposition. Accordingly, the risk committees of each business addressed this risk and came up with mitigation plans to ensure that they proactively look into the minutest details to protect the reputation of the group," said V Swaminathan, EVP, corporate audit and assurance, Godrej Group.M&M looks at risks to its brand in addition to other risks. "We have streamlined our approach in a matrix format and have identified six areas when risks are felt. These include, volume at risk, value at risk, cost at risk, growth at risk, governance at risk and brand at risk," said K N Vaidyanathan, CRO, M&M.Recently, Maruti India carried out a comprehensive 'risk culture survey' to gauge risk awareness within different business functions. This was basically to understand how people in the company perceive various risk factors.As part of the process, the company involved vendors, dealers, analysts, workers, union members and even the village panchayats where its facilities are based.The auto major has also been reviewing impact of natural calamities on its business for many years. The change in outlook this year included how well it was able to map impact of natural calamity on its vendors sourcing parts from a different country. A flood/earthquake in South East Asia (Thailand) or Japan could likely result in production disruptions at its vendors' end. "So now, we could no longer study only one geography or market. The approach now was to take an integrated view on how it impacts everyone in the value chain. The whole rationale of developing alternate suppliers stems from this learning," said a company spokesperson.Talent retention is also a big risk and Maruti's root cause analysis now includes factors like heterogeneity of employees, opportunities and better choices over previous decade.Companies were largely following risk management as an informal process till it got formalized with Sebi's clause 49 of the listing agreement, which brought in requirements for listed companies to have a robust risk management framework. Some organizations are taking the lead to look beyond the stipulated mandate to broaden the scope of risk assessment.Godrej Group, for instance, has internally mandated the process in its unlisted and acquired entities as well. "Many organizations are yet to realize that risk needs to be an integral part of the business. Even large organizations are struggling to put a system in place where risk management becomes an essential component of business," said Rohit Mathur, partner, advisory services, EY.What's important, said Mathur said that this function has to be driven top-down from CEO/CFO. Some organizations have certainly begun to deal with the subject with a sense of urgency.With increased accountability on corporate governance, said Sanjoy Sen, senior director, Deloitte Touche Tohmatsu India, the top leadership (including the CFO) and the board of directors are directly involved with matters relating to risk management rather than just delegating it to their mid-management colleagues. "Compliance continues to be one of the top concerns of CFOs as the consequences of non-compliance include heavy fines and incarceration and getting it right 9 times out of 10 is not enough. One needs to get it right 10 out of 10 times," said Sen.That explains the emerging role of a CRO. "In India, the concept of a full-time CRO is emerging, though not widespread among a large majority of manufacturing and other non-financial services companies," said Kini of KPMG. Usually, internal audit heads, CFOs double up as CROs. However, niche and separate skills required for the job are driving the demand for specialists whose day job is to manage risk for organizations.