Disclosure, corporate social responsibility and stakeholders Flashcards
What is the difference between disaster recovery planning and business continuity planning?
A disaster recovery plan is a plan of what needs to be done immediately after a disaster to recover from the event. The disaster is of a nature unconnected with the company’s business and outside the control of management. Examples of disasters are:
* natural disasters, such as major fires or flooding or storm damage to key installations or offices;
* IT disruptions; and
* major terrorist attacks.
Business continuity planning goes beyond procedures that should be taken in an emergency, such as a fire or explosion
in a building. It is intended to establish, in advance, a plan of what a company needs to do to ensure that its key products
and/or services continue to be delivered in the longer-term, i.e. a plan for the sustainability of the business. A business continuity plan should be developed from the disaster recovery planning and the risk management process. It should seek to make the company ready to take advantage of the longer-term threats to the business, thus giving the company competitive advantage over competitors who are not planning for the future sustainability of their business.
It is important for the board to be involved in both disaster recovery and business continuity planning as both are critical to the on-going activity of the business.
What is the difference between triple bottom line reporting and integrated reporting?
The difference is that triple bottom line reports describe the organisation’s non-financial performance, both positive and
negative, in areas such as the environment, society and governance.
Integrated reports, on the other hand, combine financial and non-financial information and are usually targeted at
investors.
How can company mislead the market in financial reporting? (5)
A company can misreport their financial numbers to improve its financial position through:
* policies - the adoption of accounting policies that give a more flattering picture of the company’s position.
* early profits - claiming that revenue or profits were earned earlier than they were. This can happen when a company has a contract for several years. Revenue from the contract can be accounted for in the first year instead of being spread over the life of the contract.
* spv - taking debts off the company’s balance sheet. This can be achieved by transferring these debts to other companies (special purpose vehicles).
* loan - disguising money from loans as operating income so that the company’s reported cash flow from operating activities is increased.
* over-valuing the company’s assets.
You are the company secretary of a clothing retail business and as the person responsible for risk, you have been asked to complete the risk register for the following risk, which has been related high. Propose a treatment and a method of measuring the effectiveness of the treatment: theft of clothes from the store.
Treatment – security tags on each item.
Monitoring – stock auditors carrying out regular audits.
What is a safe harbour?
This means a director will be liable only in relation to statements in directors report (which includes the business review), the directors’ remuneration report and summary financial statements, which are untrue or misleading and are made in bad faith or recklessly or when there is deliberate and dishonest concealment of material facts. Also, that liability is only to the company and not to any third party.
This safe harbour addresses the concern of directors over liability for negligence when making, for example, forward- looking statements in the reports, in particular, the strategic report. The directors’ liability is limited to the company rather than to third parties.
What is risk appetite and risk tolerance?
Risk appetite is the level of risk that an organisation is willing to take in the pursuit of its objectives. It should be set by the board who should review its level regularly as the business environment changes.
Risk tolerance is the amount of risk that an organisation is prepared to accept in order to achieve its financial objectives.
It is expressed as a quantitative measure. For example, in banks, the value at risk (VaR) for a portfolio.
What are some of the major problems with traditional corporate reporting? (7)
- Annual reports have become so detailed and extensive that many are totally inaccessible to the average reader.
- Annual reports present the historic performance and activities of the company over the previous financial year.
- Annual reports tend to focus on the financial performance of the company excluding information on non-financial
matters. - Some intangibles are excluded – such as good corporate governance, brand recognition, good reputation and sound risk management.
- Some costs are excluded – e.g. the environmental costs of using up natural resources that can never be
regenerated, and of the impact of carbon emissions on climate change are excluded from financial accounting. - Different reports are prepared for different users, for example, sustainability report and corporate governance report. Each of these reports tries to meet the demands of a particular stakeholder group. These reports are often not connected as they are developed by different departments within the organisation that are not talking to each other. The result is that they end up showing each stakeholder group a different aspect of the organisation.
- By focusing on financial reporting only, organisations have been pushed into short-termism as they strive to meet
the requirements on a quarterly or six-monthly basis of the markets.
Give three examples of why a company would choose to voluntarily report on its CSR activities. (9)
- reputation of brand
- ethical considerations
- innovation and learning
- employee motivation
- risk management or reduction
- access to capital/increased shareholder value
- economic considerations
- strengthened supplier relationships
- market position improvement
- improved relations with government
- cost savings
Explain the difference between downside and upside risk?
Downside risk is the risk of something bad happening that affects an organisation’s ability to meet its strategic objectives. Examples are a fire or an IT breakdown. Upside risk is where an organisation performs better than expected, which creates its own risks – for example, the take-up of a product being more than anticipated which could lead to a risk that the product will not be available, and the organisation may be seen as unreliable.
What areas should be covered in a cybersecurity policy?
The cybersecurity policy should inform employees and other authorised users of the company’s technology the requirements for protecting that technology and the information it contains from a cyberattack. The policy is usually made up of three parts:
* Physical security of the technology. This section explains the importance of keeping the physical asset secure – locking doors, surveillance, alarms etc.
- Personnel management. This section explains to employees how to conduct their day-to-day activities – password management, keeping confidential certain information, the use of the internet, the use of memory sticks etc. Some organisations go as far as restricting access to the internet and sealing the ports of computers for UBS devices in an attempt to stop viruses and malware from being introduced into their systems.
- Hardware and software. This section explains to the technology administrators what type of technology and software to use and how networks should be configured to ensure they are secure. Due to the technical nature of this part of the policy, boards may wish to get independent advice on the recommendations of management in this area.
What changed to create an interest in the social responsibility of companies?
By the late 1980s, society was becoming more and more concerned with the behaviour of corporations and their lack of concern for the communities within which they operated. There was a belief by some that short-term profits were being focused on to the detriment of long-term profitability and sustainability, not just of the organisations but also of
society as a whole. In 1991, a theoretical debate on ‘doing well by doing good’ was started by the Porter hypothesis that the financial benefits from innovation induced by CSR more than offset the engagement and compliance costs. There has also been a growing recognition since the early 1990s that the reputational impact of a good CSR rating is positive as the outside world sees the organisation as decent, trustworthy, and good to its employees, the community and the environment. Evidence shows that this increases the financial returns for an organisation’s investors.
Briefly describe the four areas over which the audit committee would typically have responsibility?
The FRC in their ‘Guidance on Audit Committees’ provides information about the role and responsibilities of the audit committee. These include:
Annual reports and other periodic reports
Internal control and risk management systems
Internal audit
External audit
What is the audit committee’s relationship with shareholders?
FRC Guidance on Audit Committees, para 80
The FRC Guidance on Audit Committees states that the audit committee has a role in ensuring that shareholder interests are properly protected in relation to financial reporting and internal control.
In carrying out this role the audit committee should:
* consider the clarity of its reporting and be prepared to meet investors; and
* develop for inclusion in the annual report, a separate report describing the work of the audit committee in discharging its responsibilities, which should be signed by the chair of the audit committee.
The chair of the audit committee should be present at the annual general meeting to answer questions on the separate section of the annual report describing the audit committee’s activities and matters within the scope of the audit committee’s responsibilities.
List four common failures of boards in relation to risk management. (10)
- Failure to take responsibility for risk at the board level.
- Failure to see the importance of risk to the organisation as a whole.
- Failure to capture the major risks of the organisation.
- Failure to consider the integrated nature of risk.
- Failure to put in place the appropriate control or other mitigants for risk.
- Failure to manage reputational risk.
- Failure by the board to map out clearly, often in a risk manual, who has responsibility for what at what level of the organisation.
- Failure to consider, decide or articulate effectively the risk appetite for the organisation.
- Failure to obtain and share timely and good quality information can lead to heightened risk within an organisation.
- Failure of the board to appropriately challenge management on the proposals brought to the board can create risk.
What is the purpose of financial reporting and how is that purpose different from in listed companies (9)
Below is a list of users of a company’s financial reporting and why they find it of interest.
* investors - dividends, profit
Potential investors are interested in the ability of the company to generate net cash flows for dividends, distributable profits, or an increase in the share price, and to assist the decision to buy, hold or sell equities. They are also interested in assessing the stewardship or accountability of management.
- cash flow - Creditors are interested in the amounts, timing, and uncertainty of future cash flows that will give rise to interest, repayment of borrowings, and/or increases in the prices of debt securities. They are interested in the security of their debt.
- pay a debt - suppliers are interested in the fact that the entity may be able to pay a debt, when it comes due, for goods or services provided to the entity.
- stability - employees are interested in the stability, profitability, and growth of their employer, which gives rise to the continuing ability to pay salaries, wages, and other employment-associated benefits.
- supply - customers are interested in ensuring the continued supply of goods or services, especially if these customers have a long-term association with or are dependent on the company.
- taxation - governments are interested in the efficient allocation of economic resources, determining and applying taxation to
the entity and/or for preparing national statistics. - compliance - regulators are interested in being able to assess that the company is complying with all of the laws, regulations, standards and codes applicable to it.
- activity - the public has variable interests – including the assessment of the company’s prosperity, activities and ability to continue participating in the local economy and in local activities.
The financial reporting requirements for listed companies are more rigorous than those for private companies. This is due to the fact that listed companies also have to be accountable and transparent to their shareholders. This is due to the separation of ownership and control between the shareholders and the board of the company whom the shareholders appoint to manage the company on their behalf.
What matters should the company secretary consider when handling insider information? (5)
Managing insider information is a major part of the company secretary role. The following are some of the matters that the company secretary may consider when handling insider information:
* Confidentiality of board papers. Extra care should be taken when distributing paper board packages. This might mean using double envelopes, anti-tear envelopes, and even hand delivery rather than email or courier. If documents are made available electronically through a board portal, the company secretary should make sure the system is as secure as possible, for example, by encrypting documents.
* Careful consideration may have to be given to securing the computers used to prepare the papers to be included in the package. If shared drives are used or computers are networked, the company secretary should know who has access to these drives and networks. If a password is needed to access certain drives, the company secretary should know that usually the administrator of the system (often an IT person or sometimes an outsourced person) can access the drive/folder. It has been known in highly sensitive transactions for the papers to be prepared and kept on an offsite server usually maintained by the company’s law firm.
* Confidentiality of board discussions. The company secretary should consider the following:
– Is the room in which the board is meeting soundproof?
– Can anyone see into the room from outside? Especially, if a PowerPoint presentation is made, will it be visible?
– Some listed companies even check for listening devices and coat windows so that no one can see in to ensure
confidentiality.
* Insider lists. These lists are often required by regulators for listed companies, although they can be used by any company involved in a commercially sensitive project. To control the spread of confidential information, insider lists contain the names of people, internally and externally, who are aware of the project. Only those on the list can discuss the project. If someone else needs to be consulted, they have to be added to the list. The company secretary is often the holder of the insider lists.
* The communication plan for the project. The company secretary may be asked on behalf of the board to work with management to produce a communication plan for the project. This will indicate who should be communicated to, how, and when. If the company is listed or is a regulated business, then any regulations for communications should be reflected in the plan. For example, a listed company may have to make a regulatory announcement before it can release information to others.
Define narrative reporting.
Narrative reporting describes the additional non-financial information which is included in companies’ annual reports providing a wider, and some would argue a more meaningful, picture of the company’s business, its strategy, and future prospects.
Why is it important for companies to think in an integrated way?
Integrated thinking considers things in a balanced way to allow the effective and efficient utilisation of the capital resources available to an organisation when developing strategy or decision making. These capitals are growing rare and therefore costs to the organisation are growing. It is important for an organisation to manage resources in the most effective way.
Why should boards routinely monitor and review the organisation’s systems of risk management and internal controls?
The existence of risk management and internal control systems does not, on its own, indicate that risk and internal controls are being managed effectively within an organisation. The board (or audit committee) should, on an ongoing basis, monitor and review the systems to ensure that they:
* remain aligned with the organisation’s strategic objectives;
* address the risks facing the organisation;
* are being developed, applied and maintained appropriately for the organisation.
What concerns should an employee raise through a whistleblowing procedure? (8)
An effective whistleblowing procedure should allow for an employee to raise concerns about illicit behaviour, usually in one of the following areas:
* fraud;
* a serious violation of a law or regulation by the company or by directors, managers or employees within the company;
* a miscarriage of justice;
* offering or taking bribes;
* price-fixing;
* a danger to public health or safety, such as dumping toxic waste in the environment or supplying food that is unfit for
consumption;
* neglect of people in care; or
* in the public sector, gross waste or misuse of public funds.
