Unit 1 Flashcards
How does Hopkin define corporate governance
“The system by which organisations are directed and controlled”.
Define governance.
Governance is the discipline concerned with the overall direction of organisations at their highest level, conducted by the board of directors/ trustees, or any other governing body.
What are the objectives of corporate governance?
To safeguard the overarching interests of the organisation as a whole, not just its owners.
How can governance safeguard the interests of the whole organisation, now just its owners?
By promoting the nomination of a diverse set of independent directors on Boards, by creating a senior independent director position, and by separating the roles of the CEO and chairman.
This will encourage better performance and reduce ‘groupthink’.
What forces might influence the corporate governance models of a company?
Law making bodies National and international regulators Shareholders Creditors Workers unions Multilateral institutions Stakeholders associations Not for profit organisations Public opinion
What formal guides set out requirements for corporate governance models?
UK corporate governance code
Stock exchange listing requirements
Professional associations training programs e.g. Financial Times non-exec director diploma/ Canada Institute of Corporate Directors Accreditation
How does the risk management function add value to the strategic planning process?
Risk management helps to identify the risks associated with potential business strategies, provided risk assessment and contributes to the selection of chosen strategies.
This can lead to changes to the organisations mission, objectives, risk appetite or capacity (financial) which will ensure the companies long term success.
What specific risk oversight responsibilities does a Board typically have?
Setting the tone from the top
Discussing and approving risk management policy and risk appetite statements
Ensuring the directors understand the risk management strategies and risk treatments and requiring internal controls be put in place
Enquiring about and understanding how a firm deals with risks through BCP and crisis management and risk transfer programs
Monitoring of risk portfolio
What deficiencies in risk oversight contributed to the latest financial crisis?
Boards were ignorant of the risks being taken by their company
Risks were not managed on an enterprise wide basis
There was no link nor retroaction between strategy making and risk taking
Risk management was kept separate from management
What steps should be taken by risk management model to establish and obtain Board approval?
State firms mission, values, vision, objectives and strategies
Set risk appetite at board level
Create an organisational chard for risk governance/ management, including hierarchy
Define risk management functions mission, objectives and staffing
Set policies, processes and delegate authorities
Adopt common language for risk e.g ISO31000
Define acceptable risk behaviours
How do COSO define internal controls?
Internal control is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance (2013)
When was it made illegal to bribe a foreign official in Germany?
Bribes to foreign officials were tax deductible in Germany until 1998. This was a contributing factor to the governance failings seen at Siemens in 2006 for bribery and corruption.
Examples of corporate governance failures
Siemens 2006 - bribery and corruption
Enron 3001 - Accoutnjng errors resulted in gross overstatement a of Enron’s reported net income. Correct processes in place but insufficient scrutiny by the Board, CFO, CRO, and COO. The resulting scandal led to SOX being introduced in 2002.
What is the role of corporate governance in preventing corruption?
Good corporate governance means having principles such as transparency and accountability at the decision making level of the firm as well as a robust compliance system. An independent corporate board represents the shareholders interests which can help in preventing the (sometimes) opportunistic behaviour of managers.
Define corporate governance
Corporate governance is the system by which business corporations are directed and controlled. The corporate governance structure specified the distribution of rights and responsibilities among different participants in an organisation, such as the board, managers, shareholders and other stakeholders, and sets out the rules and procedures for making decisions on corporate affairs.
Define compliance
Compliance refers to the fulfilment of, and adherence to, legal provisions and regulatory standards. It can be understood as an internal corporate management of risk which aims to identify, analyse and control internal corporate risks.
What is the difference between corporate governance and compliance
Corporate governance outlines the perception of the regulators whereas compliance outlines the perception of the regulated.
Compliance is an essential element of corporate governance and it includes all the measures to ensure that effective governance is achieved. Therefore both are mutually dependent upon one another as a means to achieve their goals.
What would a coherent, mutually exclusive and complimentary approach to risk management and internal control involve?
Strategic objectives
Identification and assessment of main risks
Implementation of risk acceptance and management process
Decisions about which intern controls are necessary to provide reasonable assurance to the board.
Reporting from internal audit.
Who should undertake internal control activities?
Line and risk management - 1st and 2nd lines of defence, with the results monitored by line management and action taken where there are concerns.
Internal audit (3rd line) undertakes independent reviews and reports to the board.
According to COSO, what are the five components of internal control?
The control environment Risk assessment Control activities Information and Communication Monitoring activities
Which risks are of particular concern to COSO?
Fraud is the main risk. COSO is attempting to broaden the scope of internal control to all activities but its origins trace back to financial controls, hence the emphasis on fraud.
What are the major limitations of internal contol?
According to COSO the major limitations of internal control are that it cannot prevent bad judgement, bad decisions, or adverse external events.
According to COSO what is the boards role in internal control?
Effect the process of internal control
Establish the tone at the top including expected standards of conduct
Establish the criteria by which deficiencies will be evaluated- demonstrate independence from management
How might the corporate governance codes of South Africa, the UK and the US be described?
South Africa- apply or explain
UK - comply or explain
US - comply or else (as described by SA)
What is the purpose of corporate governance?
To ensure ethical behaviour, responsibilitiy, accountability, ability to achieve objectives, and effective and efficient performance.
Contemporary corporate governances aim is to protect and foster the interests of the organisation as a whole
Is ERM oversight the responsibility of a committee of the board or the full board?
ERM oversight is the responsibility of the full board (Fraser and Simmons 2010), although it usually delegates oversight tasks to a committee such as the ARC
What is a risk profile and what is it’s purpose?
The risk profile is the global picture of an organisations main risks in a matrix or risk map (Fraser and Simmons, 2010). The risk profile is used to compare actual risk to the corresponding appetite and tolerance statements for each main risk, and presented to the board on a quarterly basis.
What is the role of internal contol?
The role of internal control is to help the organisation achieve its objectives (Hopkin, 2018).
What are the components of internal control? (STEINBERG, 2011)
Control environment- culture and tone at the top.
Risk Assessment
Control Activities- policies and procedures
Information and communication
Monitoring
What are the negatives associated with SOX?
Reliance on reviews and certifications
Distracted, risk averse boards
Time sink for management
Exiting the public markets
What were the benefits of SOX?
Confidence in reports
Streamlined processes and enhanced information
Seeds of ERM
Benefits to smaller companies
What is unique about the Board system in Switzerland?
While Switzerland formally has a unitary board system, most of the larger companies essentially operate a dual board system, as boards of directors can, but are not required to, delegate most of the day to day management of the company to an executive board. The board of directors does retain responsibility for critical oversight tasks prescribed in legislation.
What is the connection between risk and the financial crisis?
The financial crisis was in part a failure of risk management. In many cases risk was not managed on an enterprise wide basis and not adjusted to corporate strategy. Risk managers were often separated from management and not regarded as an essential part of implementing the companies strategy. Most important of all, boards were in a number of cases ignorant of the risk facing the company.
Is effective risk management about eliminating risk?
Effective risk management is not about eliminating risk taking, which is a fundamental driving force in business and entrepreneurship. The aim is to ensure that risks are understood, managed, and when appropriate, communicated.
What does OECD say about CRO objectivity?
To assist the board in its work it should be considered good practice that risk management and control functions be independent of profit centres and the CRO or equivalent should report directly to the board along the lines of the OECD principals for internal control functions reprinting to the audit committee or equivalent.
What is the connection between risk and the financial crisis?
The financial crisis was in part a failure of risk management. In many cases risk was not managed on an enterprise wide basis and not adjusted to corporate strategy. Risk managers were often separated from management and not regarded as an essential part of implementing the companies strategy. Most important of all, boards were in a number of cases ignorant of the risk facing the company.
Is effective risk management about eliminating risk?
Effective risk management is not about eliminating risk taking, which is a fundamental driving force in business and entrepreneurship. The aim is to ensure that risks are understood, managed, and when appropriate, communicated.
What does OECD say about CRO objectivity?
To assist the board in its work it should be considered good practice that risk management and control functions be independent of profit centres and the CRO or equivalent should report directly to the board along the lines of the OECD principals for internal control functions reprinting to the audit committee or equivalent.