Only 12 per cent of listed companies here are complying with new non-mandatory guidelines on risk management, a study has found.
Many companies are still grappling with how much and what to disclose of their risk management strategies, it concluded.
And many have different ideas on who should take responsibility for risk management - the board, the management or a board committee specially assigned to the role.
Risk management involves looking at aspects of a company's operations that might face challenges - such as debt levels, investments that might turn sour and so forth.
The study, by the Institute of Singapore Chartered Accountants and KPMG in Singapore, pored over 250 firms' annual reports published last year.
Under the Code of Corporate Governance, which is not mandatory, companies have to disclose both the adequacy and effectiveness of their risk management and internal controls, or explain why they fail to do so.
The 12 per cent voluntary disclosure rate is far below the 98 per cent which complied with a mandatory Singapore Exchange (SGX) listing rule requiring firms to give an opinion on just the adequacy of internal controls.
While there are calls to regulate disclosure regimes, experts who spoke at a forum Wednesday to discuss the study's findings urged caution.
SGX deputy chief regulatory officer Richard Teng said: "As regulators, you do not want to prescribe more and more rules. "There's a cost to having new rules," he added.
Mr Alan Chan, the chairman of the Corporate Governance Council which revised the Code and the chief executive of Singapore Press Holdings, said the Code is just a step below that of regulation.
"It is actually a very subtle instrument that the authorities have undertaken; let's not be so prescriptive and regulate everything under the sun," he said.
Another point brought up by the chief executive of the Accounting and Corporate Regulatory Authority, Mr Kenneth Yap, was that the Code is in its infancy and more time should be allowed to gauge its effectiveness.
"It'll be interesting to see what happens in the survey next year. If the percentage does not move enough, then we need to consider some regulatory action," he said.
The revised Code was accepted by the authorities in May last year.
Listed companies have had to comply with the new guidelines when publishing their annual reports for the financial year beginning from Nov 1 last year.
The study found that companies held contrasting views on who should be responsible for risk governance.
Of those surveyed, 34 per cent stated that their board is responsible for risk governance.
About 26 per cent said the management is responsible while 19 per cent indicated that board committees have oversight.
KPMG Singapore's head of risk consulting Irving Low said that more clarity is needed from the company's board, which is ultimately responsible for safeguarding the assets of the company.
He does not think regulators need to step in to help companies define corporate governance.
But Mr Low added: "As you can see from the findings of this survey, if you don't make it mandatory, people just don't do it."
Singapore Institute of Directors chairman Willie Cheng said both the board and management have to work together.
"Responsibility is at different levels: At one level, the board should be responsible for the governance. At the other level, the management needs to both frame the policy of risk management and execute it, with oversight from the board," he said.
About 250 people attended the forum held Wednesday at St Regis hotel.
Get a copy of The Straits Times or go to straitstimes.com for more stories.