Corporate Governance - Risk Structures, Policies, Procedures and Compliance Flashcards
What are three Considerations relevant to Risk Control Structures?
- If risk and internal controls should be overseen by the board or delegated to a committee.
- If delegated, whether to one or more committees - e.g. audit committee for internal controls; risk committee for risk.
- Balance of responsibility between the board and senior management for risk
What are five key Benefits in establishing a Risk Committee?
- Forum focussed solely on risk.
- Audit committee may lack necessary experience and skills.
- Committee compiosition not limited by Code requirements.
- May advise board and make specific risk appetite, strategy and tolerance recommendations.
- Capable of inputting into board risk strategy formulation regarding key orgaisational risks and mitigants.
What five key Constitutional Requirements for a Risk Committee?
- > =Three independent directors.
- Should include >=one audit committee member and/or >=one remuneration committee member and/or one NED responsible for risk.
- Committee members should, individually and as a whole, have appropriate risk knowledge, skills and expertise to fully understand company’s risk appetite and strategy.
- Committee as a whole should ahve relevant competence to company’s business sector.
- CFO and CRO should regularly attend committee meetings.
What are six Key Roles of the Risk Committee?
- Providing board assurance that risk management and control processes are effective.
- Monitoring risk areas faced by company.
- Overseeing CRO’s role and responsibilities.
- Supplying the board with information to help strategy formulation.
- Recommending risk management policy changes to board.
- Reviewing and approving risk- and internal control-related statements to be included in AR&A.
What are Principal Responsibilities of the Company Secretary in relation to the Audit and Risk Committees?
- Development:
- Committee terms of reference.
- Induction of new committee members.
- Annual activities calendar.
- Sufficient resources for committee activities.
- Organisation of annual committee/chair performance evaluation. - Advising:
- Appropriate composition.
- Current and emerging issues (re. shareholders, regulators and other stakeholders).
- Sourcing relevant expert advice. - Monitoring:
- Communicating:
- Drafting reports for inclusion in AR&A.
- Acting as committee (re. governance and procedural advice).
What are the six Principal Benefits of having an In-house Audit Function?
- Understands and can add value to organisation, culture, operations and processes, and can add value to the same.
- Via organisational integration and networking, can become the ‘eyes and ears’ of the board.
- Provides assurance on the integrity of the organisation’s systems.
- Forms an essential part of the organisation’s checks and balances.
- May be lower cost than an outsourced solution.
Cf. outsourced IA function may offer resources, technology, skills and experience not available to an in-house team.
What are the five Key Roles of the Internal Audit Function?
- Undertaing value-for-money audits re. economy, efficiency and effectiveness of an operation.
- Reviewing compliance with laws and regulations.
- Risk assessment of risk management systems.
- Reviewing suitability of controls.
- Reporting to audit committee, risk committee and board.
What three Objectivity and Independence Requirements does the Audit Committee have?
- Approving appointment/termination of IA head.
- Ensuring necessary committee and chair access for IA.
- Ensuring IA reporting lines enable them to remain independent of executive.
What four Key Roles does the Audit Committee have in (annually) assessing the IA function?
- Meeting with IA head, without management, to discuss function’s effectiveness.
- Reviewing/assessing IA annual work plan.
- Reviewing report on results of IA activities.
- Monitoring/assessing role and effectiveness of IA function in terms of company’s overall risk management system.
What does the UK Corporate Governance Code require in terms of whistleblowing?
- Workforce should be able to raise any matter of concern (Principle E, Code).
- Must be means for concerns to be raised confidentially and, if necessary, anonymously, with proportionate and independent investigation of disclosed matters (Provision 6, Code).
What eight Areas of Illicit Activity should an Effective Whistleblowing Procedure allow an Employee to Disclose?
- Fraud.
- Serious legal or regulatory violation by company or its personnel.
- Miscarriage of justice.
- Bribery.
- Price-fixing.
- Dangers to public heath or safety.
- Neglect of people in care.
- Waste or misuse of public funds.
What six Steps are involved in introducing a Whistleblowing Procedure?
- Identification of purpose, scope and coverage.
- Development of reporting procedures.
- Development of process for handling, and ensuring anonymity and protection of whistleblowers during investigations.
- Policy creation and circulation.
- Periodic board/audit committee reporting.
- On-going monitoring.
What three Items does a Cybersecurity Policy usually cover?
- Physical security of technology.
- Personnel management.
- Hardware and software.
What are the four Principal Roles of the Company Secretary in managing Insider Information?
- Ensuring confidentiality of board paper.
- Ensuring confidentiality of board discussions.
- Insider list management.
- Development of communications plan for projects.
What six Steps should be following to Develop a Disaster Recovery Plan?
- Definition of essential operations that must be maintained during disaster.
- Identification/analysis of all potential threats to essential operations.
- Identifcation of possible threat reactions.
- Specification of operational back-up site/measures.
- Identification of key personnel required to sustain essential operations.
- Communication to affected stakeholders of DRP.
