Corporate Governance 2 Flashcards
RIGHTS, DUTIES, RESPONSIBILITIES, AND AUTHORITY OF THE BOARD OF DIRECTORS AND OFFICERS
Board of Directors
Primary role: (a) Safeguard the company’s assets (b) maximize shareholder return.
Specific duties of directors: (a) Election/removal/supervision of officers (review officer conduct; may remove officer with/without cause) (b) adoption, amendment, and repeal of bylaws (c) setting management compensation and (d) initiating changes to corporation’s structure.
1. Declaration of Distributions: Sole discretion to declare distributions to shareholders, including dividends, in the form of cash, property, or the corporation’s own shares. The shareholders have no power to compel a distribution.
2. Fiduciary Duties: a. Directors are corporation’s fiduciaries - must always act in its best interests. But, directors are not insurers of the corporation’s success. b. business judgment rule: Director not liable to corporation for acts performed or decisions made in good faith, if conducted in a manner that the director believes to be in the best interest of the corporation and with the care an ordinarily prudent person in a like position would exercise. Directors liable to corporation only for negligent acts/omissions (e.g., failure to obtain fire insurance, hiring a convicted embezzler as treasurer without looking at his record, etc.).
a. Right to Rely: Director entitled to rely on information/opinions/reports/statements (incl. Financial Statements) if prepared by any of the following: (1) Corporate officers/employees/board committee whom the director reasonably believes to be reliable and competent; or (2) Legal counsel/accountants/experts as to matters the director reasonably believes are within such person’s professional competence.
b. Liability for Unlawful Distributions Directors may be held liable for authorizing a distribution in violation of law, such as when: (1) corporation could default its debts ; or (2) the corporation’s total assets < total liabilities.
c. Duty of Loyalty Fiduciary responsibilities dictate duty of loyalty (must act in best interests).
(1) Directors shouldn’t compete with corporation, but can transact business with it. Director contract will be upheld only if: (a) after full disclosure, the transaction is approved by a disinterested majority of the board of directors or the shareholders; or (b) the transaction was fair and reasonable to the corporation.
(2) The board of directors has the power to set director compensation .
d. Corporate Opportunity Doctrine Director should present business opportunity to corporation first before taking it for himself.
3. Indemnification Corporations can indemnify directors for legal expenses against them in corporate capacity, including judgment imposed, except in a shareholder derivative suit.
4. Limitation on Director Liability Articles of incorporation may eliminate/limit director’s liability to the corporation for money damages for action taken as a director except to the extent of: a. financial benefits received by the director to which the director was not entitled; b. intentional harm inflicted on the corporation or the shareholders; c. unlawful distributions authorized by the director; d. intentional violations of criminal law; and e. breaches of the duty of loyalty.
5. Manage Principal-Agent Conflict (Shareholders vs Management) eg: conflict of interest in contracts by CEO
Officers
Individual agents of corporation who ordinarily manage day-to-day operations and bind corporation to contracts made on its behalf.
1 . Selection and Removal by directors. Removed without cause and pre-term (although corporation may be liable for damages).
2. Authority Officers are corporate agents, and agency rules determine their authority and power, including authority to contract/act on behalf of the corporation.
3. Fiduciary Duties and Indemnification Same as directors.
4. Also May Serve as Directors
5. Not Required to Be Shareholders, but can receive ESOPs
SARBANES-OXLEY ACT OF 2002
A. Title III-Corporate Responsibility
This section relates to the establishment of audit committee and representations made by key corporate officers (CEO/CFO)
1 . Public Company (Issuer) Audit Committees
a. Public companies should establish audit committee responsible for appointment/compensation/oversight of the work of the public accounting firm (auditor). The auditor reports directly to the audit committee. Audit committee is responsible for resolving disputes between the auditor and management.
b. Audit committee members are independent directors. Independence criteria: (1) No compensation from issuer for consulting/advisory services. (2) Not be affiliated (ability to influence financial decisions).
c. Audit committees must establish procedures to accept reports/complaints regarding audit, accounting, or internal control issues. (1) Procedures must accommodate confidential, anonymous reports by employees of the issuer. (2) Procedures must accommodate receipt and retention of complaints as well as a method to address those complaints.
2. Corporate Responsibility for Financial Reports Corporate officials (typically CEO/CFO) must sign representations on annual/quarterly reports, including assertion that:
a. They have reviewed the report.
b. The report does not contain untrue statements or omit material information.
c. The financial statements fairly present in all material respects the financial condition and results of operations of the issuer.
d. The CEO and CFO signing the report have assumed responsibility for internal controls, including assertions that: (1) Internal controls have been designed to ensure that material information has been made available. (2) Internal controls have been evaluated for effectiveness as of a date within 90 days prior to the report. (3) Their report includes their conclusions as to the effectiveness of internal controls based upon their evaluation.
e. The CEO and CFO signing the report assert that they have made the following disclosures to the issuer’s auditors and the audit committee: (1) All significant deficiencies in design/operation of internal controls which might adversely affect the financial statements. (2) Any fraud (regardless of materiality) that involves management or any other employee with a significant role in internal controls.
f. The CEO and CFO signing the report must also represent whether there have been any significant changes to internal controls.
3. Improper Influence on the Conduct of Audits
No officer or director, or any person acting under the direction thereof, may take any action that would fraudulently influence, coerce, mislead, or manipulate the auditor in a manner that would make the financial statements materially misleading.
4. Forfeiture of Certain Bonuses and Profits
If an issuer is required to prepare an accounting restatement due to material noncompliance with any financial reporting requirement under the securities laws, the CEO and CFO may be required to reimburse the issuer for: a. bonuses or incentive-based or equity-based compensation. b. gains on sale of securities during that 12-month period.
SARBANES-OXLEY ACT OF 2002 B.
Title IV-Enhanced Financial Disclosures
Relates to additional disclosures regarding FS, internal controls, and audit committee operations.
1 . Disclosures in Periodic Reports (generally quarterly or annually) Financial statement disclosures are intended to ensure that the application of GAAP reflects the economics of the transactions included in the report and that those transactions are transparent to the reader. Enhanced disclosure requirements include the following:
a. All material correcting adjustments identified by the auditor should be reflected in the financial statements.
b. The financial statements should disclose all material off-balance sheet transactions: (1) Operating leases (2) Contingent obligations (3) Relationships with unconsolidated subsidiaries
c. Conformance of pro forma financial statements to the following requirements: (1) No untrue statements (2) No omitted material information (3) Reconciled with GAAP basis financial statements
d. Use of special purpose entities (SPEs).
2. Conflict of Interest Provisions Issuers are generally prohibited from making personal loans to directors or executive officers.
a. Exceptions apply if the consumer credit loans are made in the ordinary course of business by the issuer.
b. Exceptions apply if the terms offered to the officer are generally made available to the public under similar terms and conditions with no preferential treatment.
3. Disclosure of Transactions Involving Management and Principal Stockholders
a. Disclosures are required for persons who generally have direct or indirect ownership of more than 10 percent of any class of most any equity security. Disclosures are made by filing a statement.
b. Statements are filed at the following times: (1) At the time of registration. (2) When the person achieves 10 percent ownership. (3) If there has been a change in ownership.
4. Management Assessment of Internal Controls Section 404.. Each annual report is required to contain a report that includes the following:
a. A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting.
b. An assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures for financial reporting. (1) The auditor must attest to management’s assessment of internal control.
5. Certain Exemptions Investment companies are exempted from this act.
6. Code of Ethics for Senior Officers
a. Issuers must disclose whether or not the issuer has adopted a code of conduct for senior officers (e.g. , CEO, CFO, controller, and chief accountant). If no code of conduct has been adopted , the issuer must disclose the reasons.
b. The code of ethics contemplates standards that promote: (1) Honest and ethical conduct (including handling of conflicts of interest). (2) Full, fair, accurate, and timely d isclosures in periodic financial reports. (3) Compliance with laws, rules, and regulations.
7. Disclosure of Audit Committee Financial Expert At least one member of the audit committee should be a financial expert. Financial reports of the issuer must disclose the existence of a financial expert on the committee or the reasons why the committee does not have a member who is a financial expert.
a. A financial expert qualifies through education, past experience as a public accountant, or past experience as a principal financial officer, comptroller, or principal accounting officer for an issuer.
b. Knowledge of the financial expert should include: (1) Understanding of GAAP. (2) Experience in the preparation or auditing of financial statements for comparable issuers. (3) Application of GAAP. (4) Experience with internal controls. (5) Understanding of audit committee functions.
8. Enhanced Review of Periodic Disclosures by Issuers The Securities and Exchange Commission (SEC) is required to review disclosures made by issuers, including those in Form 10-K, on a regular and systematic basis for the protection of investors. When scheduling reviews, the SEC should consider the following:
a . Issuers that have issued material restatements of financial results.
b. Issuers that experience significant volatility in their stock prices when compared to other issuers.
c. Issuers with the largest market capitalization .
d . Emerging companies with disparities in price-to-earning ratios.
e. Issuers whose operations significantly affect any material sector of the economy.
SARBANES-OXLEY ACT OF 2002
Title VIII-Corporate and Criminal Fraud Account
1 . Criminal Penalties for Altering Documents
a. Individuals who alter, destroy, mutilate, conceal, cover up, falsify, or make false entry in any record , document, or tangible object with the intent to impede, obstruct, or influence an investigation, will be fined, imprisoned for not more than 20 years, or both.
b. Auditors of issuers should retain all audit and review work papers for a period of seven years from the end of the fiscal period in which the audit or review was conducted. Failure to do so will result in a fine, imprisonment for not more than 10 years, or both.
2. Statute of Limitations for Securities Fraud The statute of limitations for securities fraud is no later than the earlier of (a) two years after the discovery of the facts constituting the violation, or (b) five years after the violation .
3 . Whistle-Blower Protection An employee who lawfully provides evidence of fraud may not be discharged, demoted, suspended, threatened, harassed, or in any other matter discriminated against for providing such information. An employee who alleges discharge or other discrimination for providing evidence of fraud may file a complaint with the Secretary of Labor and may be provided with compensatory damages, including: a. reinstatement with the same seniority status that the employee would have had; b. back pay with interest; and c. compensation for any special damages as a result of the discrimination .
4. Criminal Penalties for Securities Fraud An individual who knowingly executes, or attempts to execute, securities fraud will be fined, imprisoned not more than 25 years, or both.
SARBANES-OXLEY ACT OF 2002
Title IX-White-Collar Crime Penalty Enhancements
1 . Attempt and Conspiracy An individual who attempts (conspires) to commit any white-collar offense will be subject to the penalties as pre-determined by the United States Sentencing Commission. This includes mail fraud, wire fraud , and violations of the Employee Retirement Income Security Act (ERISA).
2. Amendment to Sentencing Guidelines Related to Certain While-Collar Offenses
a. The United States Sentencing Commission (“Sentencing Commission”) will review and amend, as needed, the Federal Sentencing Guidelines and policy statements to carry out the provisions of the Attempt and Conspiracy Act. This includes ensuring that the sentencing guidelines and policy statements take into account the nature of any offense and that the corresponding penalties are commensurate with the provisions of the Act. In the event the Sentencing Commission determines a growing trend of a particular offense, it will review to determine if any modification to the sentencing guidelines or pol icy statements is necessary.
b . The Sentencing Commission will review any additional aggravating or mitigating circumstances for a particular offense that could justify an exception to the existing sentencing ranges.
3. Failure of Corporate Officers to Certify Financial Reports
a. Any issuer periodic report which contains financial statements that is filed with the U.S. Securities and Exchange Commission (SEC) must be accompanied by the following:
(1) A written statement that the periodic report fully complies with the Securities Exchange Act of 1934.
(2) A written statement that the information contained in the report fairly presents, in all material respects, the financial condition and operating results of the issuer.
(3) The written statements above must be signed by the CEO/CFO (or equivalent) of the issuer (who bear responsibility for these statements).
b. Any party that certifies the periodic financial report and/or its content knowing that it does not satisfy all the requirements (outlined in 3.a above) shall be fined or be imprisoned . Specifically, a party who:
(1) Certifies any statement knowing that it does not comply with all requirements will be fined not more than $1,000,000 and/or imprisoned not more than 10 years; or
(2) Willfully certifies any statement knowing that it does not comply with all requirements will be fined not more than $5,000,0000 and/or imprisoned not more than 20 years.
SARBANES-OXLEY ACT OF 2002 Title XI-Corporate Fraud Accountability
1 . Tampering With Record or Impeding an Official Proceeding
Any individual who alters, destroys, or conceals a document (record ) with the intent to modify the document and its integrity or the availability of the document in an official proceeding shall be fined and/or subject to not more than a 20-year prison term.
2. Temporary Freeze Authority for the SEC
If during an investigation pertaining to potential violations of federal securities laws by an issuer of publicly traded securities (or a director, officer, or employee acting on its behalf) the SEC determines it is likely that the issuer will be required to make penalty payments, the SEC may petition a federal district court to require the issuer to escrow the payments in an interest-bearing account for 45 days.
3. Authority of the SEC to Prohibit Persons From Serving as Officers or Directors
For any cease-and-desist proceedings, the SEC may issue an order to conditionally or unconditionally prohibit an individual from serving as an officer or director of the issuer for a stipulated period (or’ permanently) if that individual has violated securities rules and regulations and the SEC determines that this individual is unfit to continue to serve as an officer or director of the issuer.
4. Retaliation Against Informants
Any individual who knowingly takes any harmful action against another person with the intent to retaliate for that person providing truthful information to the SEC regarding a possible federal offense shall be fined and/or imprisoned for not more than 10 years.
INTERNAL CONTROL
Committee on Sponsoring Organizations (COSO) Basics
COSO - an independent private sector initiative, established mid-1980s to study the factors that lead to fraudulent financial reporting.
Private “sponsoring organizations” include five major US financial professional associations : The American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), the Financial Executives Institute ( FEI ) , the Institute of Internal Auditors (IIA), and the Institute of Management Accountants ( IMA)
An effective system of internal control requires more than adherence to policies and procedures by management, the board of directors, and the internal auditors. It requires the use of judgment in determining the sufficiency of controls, in applying the proper controls, and in assessing the effectiveness of the system of internal controls. The principles-based approach of the framework supports the emphasis on the importance of management judgment.
1 . Application of COSO to Management and Board The framework assists an entity’s management and board of directors in the following areas:
a. Effectively applying internal control within the overall organization, on a divisional (operating) unit level, or at a functional level.
b. Determining the requirements of an effective system of internal control by ascertaining whether the components and principles exist and are functioning properly.
c. Allowing judgment and flexibility in the design and implementation of the system of internal control within all operational and functional areas of the organization.
d. Identifying and analyzing risks and then developing acceptable actions to mitigate or minimize these risks to an acceptable level.
e. Eliminating redundant, ineffective, or inefficient controls.
f. Extending internal control application beyond an organization’s financial reporting.
2. Application to Stakeholders The framework also provides value to external stakeholders and other parties that interact with the organization by providing:
a. Greater understanding of what constitutes an effective system of internal controls.
b. Greater confidence that management will be able to eliminate ineffective, redundant, or inefficient controls.
c. Greater confidence that the board has effective oversight of the organization’s internal controls. d. Improved confidence that the organization will achieve its stated objectives and will be capable of identifying, analyzing, and responding to risks affecting the organization
Internal Control: COSO Framework
Definition of Internal Control
Internal control is a process that is designed and implemented by an organization’s management, board of directors and other employees to provide reasonable assurance that it will achieve its compliance, operating, and reporting objectives.
Framework Objectives
There are three categories of objectives within the framework.
- Operations Objectives: Relate to the effectiveness and efficiency of an entity’s operations. This category includes financial and operational performance goals as well as ensuring that the assets of the organization are adequately safeguarded against potential losses.
- Reporting Objectives Pertain to the reliability, timeliness, and transparency of an entity’s external and internal financial and non-financial reporting as established by regulators, accounting standard setters, or the firm’s internal policies.
- Compliance Objectives Established to ensure the entity is adhering to all applicable laws and regulations.
Components of Internal Control (CRIME)
Control Environment
Risk Assessment
Information and Communication
Monitoring
(Existing) Control Activities
The candidate should be familiar with the five components of internal control (in bold) and each of the 17 principles within the components.
Control Environment
- Commitment to ethical values and integrity
- Board independence and oversight
- Organizational structure
- Commitment to competence
- Accountability
Risk Assessment
- Specify objectives
- Identify and analyze risks
- Consider the potential for fraud
- Identify and assess changes
Information and Communication
- Obtain and use information
- Internally communicate information
- Communicate with external parties
Monitoring Activities
- Ongoing and/or separate evaluations
- Communication of deficiencies
(Existing) Control Activities
- Select and develop control activities
- Select and develop technology controls
- Deploy through policies and procedures
Effective Internal Control
1. General Requirements
The framework indicates that an effective system of internal control provides reasonable assurance that the entity’s objectives will be achieved. Under the framework, an effective system of internal control requires:
a. All 5 components and 17 principles that are relevant to be both present and functioning.
(1) Present The term “present” means that the components and relevant principles are included in the design and implementation of the internal control system.
(2) Functioning The term “functioning” demonstrates that the components and relevant principles are currently operating as designed in the internal control system.
b. That all 5 components operate together as an integrated system, in order to reduce, to an acceptable level, the risk that the entity will not achieve its objectives.
2. Specific Requirements To be considered an effective system of internal control, senior management and the board must have reasonable assurance that the entity:
a. Achieves effective and efficient operations when:
(1) external threats are considered unlikely to have a significant impact on the achievement of objectives; or
(2) the organization can reasonably predict and mitigate the impact of external events to an acceptable level.
b. Understands the extent to which operations are managed effectively and efficiently when:
(1) external events may have a significant effect on the achievement of objectives; or
(2 ) the organization can reasonably predict and mitigate the impact of external events to an acceptable level .
c. Complies with all applicable rules, regulations, external standards, and laws.
d . Prepares reports that are in conformity with the entity’s reporting objectives and all applicable standards, rules, and regulations.
3. Ineffective Internal Control-COSO A major deficiency represents a material internal control deficiency or combination of deficiencies that significantly reduces the likelihood that an organization can achieve its objectives. When a major deficiency is identified pertaining to the presence and functioning of a component or relevant principle, or with respect to the components operating together in an integrated manner, the entity may not conclude that it has met the requirements for an effective internal control system under the COSO framework.
COSO Framework vs. Audit Framework
While the five components of the COSO framework are useful for identifying and evaluating an entity’s internal controls in an audit context, an external auditor focuses on how a g iven control prevents or detects and corrects material m isstatements in the entity’s financial reporting. Under auditing standards, there are three categories of internal control deficiencies that may be identified, including a (control) deficiency, Significant deficiency, and material weakness.
Internal Control (Framework) Limitations
Although internal control provides reasonable assurance that a firm will achieve its stated objectives, it does not prevent bad decisions or eliminate all external events that may prevent the achievement of the entity’s operational goals. The following are inherent limitations that may exist even in an effective internal control system:
- Breakdowns in internal control due to errors or human failure
- Faulty or biased judgment used in decision making
- Issues relating to the suitability of the entity’s objectives
4 . External events beyond the control o f the entity
- Circumvention of controls through collusion
- Management override of internal controls
ENTERPRISE RISK MANAGEMENT - part I
According to COSO, “Risk is the possibility that an event will occur and adversely affect the achievement of objectives.”
In 2004, the COSO issued Enterprise Risk Management (ERM)-Integrated Framework (“the framework”) to assist organizations in developing a comprehensive response to risk management.
- The underlying premise of ERM is that every entity exists to provide value for stakeholders, that all entities face uncertainty (risk), and that management must determine how much uncertainty to accept as it strives to grow stakeholder value.
- The intent of ERM is to allow management to effectively deal with uncertainty, evaluate risk acceptance, and build value.
- Value is maximized when strategy balances risks and returns as well as efficiency and effectiveness in accomplishing objectives.
- Each enterprise is unique and has its own individual features. The ERM framework helps identify those features.
A. Introduction
Enterprise risk management is a process, effected by an entity’s board of directors, management, and other personnel , applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be with i n its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
The ERM framework encompasses the following themes:
1 . Aligning Risk Appetite and Strategy Organizations set strategy and objectives based on their individual willingness to bear risk. The levels and types of risk, including the mechanisms used to manage risk, are important themes in ERM.
2. Enhancing Risk Response Decisions ERM provides a framework that can be used to evaluate how an organization will respond to risk and how to improve the effectiveness of risk decision making.
3. Reducing Operational Surprises and Losses ERM devotes time to event identification. Events may be positive (opportunities) or negative (risks). The early identification of events and the establishment of responses to those events reduce surprises and losses or lost opportunities.
4. Identifying and Managing Multiple and Cross-Enterprise Risks The character of risks changes when viewed from an entity-wide perspective through to the division and business unit levels. Applying the framework at each level identifies unique and common risks which helps management identify appropriate responses.
5. Seizing Opportunities Management can better capitalize on opportunities when they know their own entity’s strengths and weaknesses and how to use them to maximize profitable opportunities.
6. Improving Deployment of Capital Management can maximize the efficiency and effectiveness of capital investments when it has identified the maximum level of risk for a given capital investment.
B. Objectives
ERM defines enterprise objectives in four categories:
- Strategic-High-Ievel goals designed to achieve the mission.
- Operations-Achievement of objectives through the effective and efficient use of resources.
- Reporting-Achievement of reliable and consistent reporting.
- Compliance-Ensuring compliance with laws and regulations.
C . Components of Enterprise Risk Management
ERM includes components that are similar to the components of the COSO Internal Control Framework but are somewhat broader in scope. The components of ERM are supported by key elements. The components of ERM are as follows:
- Internal environment
- Setting objectives
- Event identification
- Assessment of risk
- Risk response
- Control activities
- Information and communication
- Monitoring
Internal Environment The internal environment component of ERM is similar to the control environment of the Internal Control Framework and defines the tone of the organization. The internal environment component is supported by eight key elements. a. Commitment to Ethical Values and Integrity Adoption and demonstration of high ethical values by management will shape the internal environment. b. Board Oversight The appropriate oversight provided by the Board of Directors establishes an organization-wide tone that recognizes their authority and promotes accountability of management. c. Organizational Structure The organizational structure should support the entity’s enterprise risk management system. d. Commitment to Competence Management’s specification of required competency levels for each job function establishes the organization-wide expectation of individual and thus corporate competence. e. Accountability The degree to which individuals are given appropriate authority to handle their responsibilities and the degree to which they are held accountable influences the internal environment. f. Risk Management Philosophy The shared beliefs and attitudes of management that impact the entire organization are defined by the risk management philosophy. g. Human Resources Standards The commitment to hiring the most qualified people will influence the internal environment. Minimum educational and work experience requirements, background checks, and the like demonstrate human resource commitment and facilitate individual and corporate accountability for new employee hires. h. Risk Appetite The amount of risk an organization will accept in the pursuit of value maximization is defined by risk appetite. Risk appetite factors heavily into balancing strategy with return. 2. Objective Setting Organizations set objectives and then identify the events that may prevent the achievement of those objectives. Objective setting is supported by the following key elements: a. Strategic Objectives The broad, mission-driven objectives of an organization are its strategic objectives. Strategic objectives are established for a longer corporate time frame while the related objectives and the selected objectives are more dynamic. b. Related Objectives Strategic objectives are supported by related objectives that help to identify critical success factors at each level of business operation. Related objectives generally fall into the three categories: (1) Operations Objectives Operations objectives include efficiency, effectiveness, and profitability goals that are subject to management discretion or style. (2) Reporting Objectives External and internal reporting objectives are associated with both financial and non-financial data. It is paramount that all reporting be done on a timely basis and that all information contained in the individual reports be accurate. (3) Compliance Objectives Compliance objectives include adherence to the laws, rules, and regulations associated with operations, including tax and financial reporting compliance, workplace safety, environmental regulations, and other laws. c. Selected Objectives Objectives ultimately selected and implemented by the organization must not only support the mission, but should also align with the entity’s risk appetite. d. Risk Appetite Management establishes the risk appetite of the entity with the oversight of the board of directors. The entity’s risk appetite is the benchmark for strategy setting. It is the theoretical balance of willingness to accept risk in order to achieve return and growth. Risk appetite is sometimes expressed as a risk-adjusted shareholder value-added measure. Risk appetite impacts strategy, which in turn impacts resource allocation. e. Risk Tolerances An organization’s risk tolerance is the accepted level of variation relative to the achievement of objectives. Risk tolerance is measured i n the same units as those used to measure the related objective.
