Unit 1

Question 1

How does Hopkin define corporate governance

Answer 1

“The system by which organisations are directed and controlled”.

Question 2

Define governance.

Answer 2

Governance is the discipline concerned with the overall direction of organisations at their highest level, conducted by the board of directors/ trustees, or any other governing body.

Question 3

What are the objectives of corporate governance?

Answer 3

To safeguard the overarching interests of the organisation as a whole, not just its owners.

Question 4

How can governance safeguard the interests of the whole organisation, now just its owners?

Answer 4

By promoting the nomination of a diverse set of independent directors on Boards, by creating a senior independent director position, and by separating the roles of the CEO and chairman.

This will encourage better performance and reduce ‘groupthink’.

Question 5

What forces might influence the corporate governance models of a company?

Answer 5

Law making bodies
National and international regulators 
Shareholders
Creditors
Workers unions 
Multilateral institutions 
Stakeholders associations
Not for profit organisations 
Public opinion

Question 6

What formal guides set out requirements for corporate governance models?

Answer 6

UK corporate governance code
Stock exchange listing requirements

Professional associations training programs e.g. Financial Times non-exec director diploma/ Canada Institute of Corporate Directors Accreditation

Question 7

How does the risk management function add value to the strategic planning process?

Answer 7

Risk management helps to identify the risks associated with potential business strategies, provided risk assessment and contributes to the selection of chosen strategies.

This can lead to changes to the organisations mission, objectives, risk appetite or capacity (financial) which will ensure the companies long term success.

Question 8

What specific risk oversight responsibilities does a Board typically have?

Answer 8

Setting the tone from the top

Discussing and approving risk management policy and risk appetite statements

Ensuring the directors understand the risk management strategies and risk treatments and requiring internal controls be put in place

Enquiring about and understanding how a firm deals with risks through BCP and crisis management and risk transfer programs

Monitoring of risk portfolio

Question 9

What deficiencies in risk oversight contributed to the latest financial crisis?

Answer 9

Boards were ignorant of the risks being taken by their company

Risks were not managed on an enterprise wide basis

There was no link nor retroaction between strategy making and risk taking

Risk management was kept separate from management

Question 10

What steps should be taken by risk management model to establish and obtain Board approval?

Answer 10

State firms mission, values, vision, objectives and strategies

Set risk appetite at board level

Create an organisational chard for risk governance/ management, including hierarchy

Define risk management functions mission, objectives and staffing

Set policies, processes and delegate authorities

Adopt common language for risk e.g ISO31000

Define acceptable risk behaviours

Question 11

How do COSO define internal controls?

Answer 11

Internal control is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance (2013)

Question 12

When was it made illegal to bribe a foreign official in Germany?

Answer 12

Bribes to foreign officials were tax deductible in Germany until 1998. This was a contributing factor to the governance failings seen at Siemens in 2006 for bribery and corruption.

Question 13

Examples of corporate governance failures

Answer 13

Siemens 2006 - bribery and corruption

Enron 3001 - Accoutnjng errors resulted in gross overstatement a of Enron’s reported net income. Correct processes in place but insufficient scrutiny by the Board, CFO, CRO, and COO. The resulting scandal led to SOX being introduced in 2002.

Question 14

What is the role of corporate governance in preventing corruption?

Answer 14

Good corporate governance means having principles such as transparency and accountability at the decision making level of the firm as well as a robust compliance system. An independent corporate board represents the shareholders interests which can help in preventing the (sometimes) opportunistic behaviour of managers.

Question 15

Define corporate governance

Answer 15

Corporate governance is the system by which business corporations are directed and controlled. The corporate governance structure specified the distribution of rights and responsibilities among different participants in an organisation, such as the board, managers, shareholders and other stakeholders, and sets out the rules and procedures for making decisions on corporate affairs.

Question 16

Define compliance

Answer 16

Compliance refers to the fulfilment of, and adherence to, legal provisions and regulatory standards. It can be understood as an internal corporate management of risk which aims to identify, analyse and control internal corporate risks.

Question 17

What is the difference between corporate governance and compliance

Answer 17

Corporate governance outlines the perception of the regulators whereas compliance outlines the perception of the regulated.

Compliance is an essential element of corporate governance and it includes all the measures to ensure that effective governance is achieved. Therefore both are mutually dependent upon one another as a means to achieve their goals.

Question 18

What would a coherent, mutually exclusive and complimentary approach to risk management and internal control involve?

Answer 18

Strategic objectives

Identification and assessment of main risks

Implementation of risk acceptance and management process

Decisions about which intern controls are necessary to provide reasonable assurance to the board.

Reporting from internal audit.

Question 19

Who should undertake internal control activities?

Answer 19

Line and risk management - 1st and 2nd lines of defence, with the results monitored by line management and action taken where there are concerns.

Internal audit (3rd line) undertakes independent reviews and reports to the board.

Question 20

According to COSO, what are the five components of internal control?

Answer 20

The control environment 
Risk assessment 
Control activities
Information and Communication 
Monitoring activities

Question 21

Which risks are of particular concern to COSO?

Answer 21

Fraud is the main risk. COSO is attempting to broaden the scope of internal control to all activities but its origins trace back to financial controls, hence the emphasis on fraud.

Question 22

What are the major limitations of internal contol?

Answer 22

According to COSO the major limitations of internal control are that it cannot prevent bad judgement, bad decisions, or adverse external events.

Question 23

According to COSO what is the boards role in internal control?

Answer 23

Effect the process of internal control

Establish the tone at the top including expected standards of conduct

Establish the criteria by which deficiencies will be evaluated- demonstrate independence from management

Question 24

How might the corporate governance codes of South Africa, the UK and the US be described?

Answer 24

South Africa- apply or explain
UK - comply or explain
US - comply or else (as described by SA)

Question 25

What is the purpose of corporate governance?

Answer 25

To ensure ethical behaviour, responsibilitiy, accountability, ability to achieve objectives, and effective and efficient performance.

Contemporary corporate governances aim is to protect and foster the interests of the organisation as a whole

Question 26

Is ERM oversight the responsibility of a committee of the board or the full board?

Answer 26

ERM oversight is the responsibility of the full board (Fraser and Simmons 2010), although it usually delegates oversight tasks to a committee such as the ARC

Question 27

What is a risk profile and what is it’s purpose?

Answer 27

The risk profile is the global picture of an organisations main risks in a matrix or risk map (Fraser and Simmons, 2010). The risk profile is used to compare actual risk to the corresponding appetite and tolerance statements for each main risk, and presented to the board on a quarterly basis.

Question 28

What is the role of internal contol?

Answer 28

The role of internal control is to help the organisation achieve its objectives (Hopkin, 2018).

Question 29

What are the components of internal control? (STEINBERG, 2011)

Answer 29

Control environment- culture and tone at the top.

Risk Assessment

Control Activities- policies and procedures

Information and communication

Monitoring

Question 30

What are the negatives associated with SOX?

Answer 30

Reliance on reviews and certifications

Distracted, risk averse boards

Time sink for management

Exiting the public markets

Question 31

What were the benefits of SOX?

Answer 31

Confidence in reports

Streamlined processes and enhanced information

Seeds of ERM

Benefits to smaller companies

Question 32

What is unique about the Board system in Switzerland?

Answer 32

While Switzerland formally has a unitary board system, most of the larger companies essentially operate a dual board system, as boards of directors can, but are not required to, delegate most of the day to day management of the company to an executive board. The board of directors does retain responsibility for critical oversight tasks prescribed in legislation.

Question 33

What is the connection between risk and the financial crisis?

Answer 33

The financial crisis was in part a failure of risk management. In many cases risk was not managed on an enterprise wide basis and not adjusted to corporate strategy. Risk managers were often separated from management and not regarded as an essential part of implementing the companies strategy. Most important of all, boards were in a number of cases ignorant of the risk facing the company.

Question 34

Is effective risk management about eliminating risk?

Answer 34

Effective risk management is not about eliminating risk taking, which is a fundamental driving force in business and entrepreneurship. The aim is to ensure that risks are understood, managed, and when appropriate, communicated.

Question 35

What does OECD say about CRO objectivity?

Answer 35

To assist the board in its work it should be considered good practice that risk management and control functions be independent of profit centres and the CRO or equivalent should report directly to the board along the lines of the OECD principals for internal control functions reprinting to the audit committee or equivalent.

Question 36

What is the connection between risk and the financial crisis?

Answer 36

The financial crisis was in part a failure of risk management. In many cases risk was not managed on an enterprise wide basis and not adjusted to corporate strategy. Risk managers were often separated from management and not regarded as an essential part of implementing the companies strategy. Most important of all, boards were in a number of cases ignorant of the risk facing the company.

Question 37

Is effective risk management about eliminating risk?

Answer 37

Effective risk management is not about eliminating risk taking, which is a fundamental driving force in business and entrepreneurship. The aim is to ensure that risks are understood, managed, and when appropriate, communicated.

Question 38

What does OECD say about CRO objectivity?

Answer 38

To assist the board in its work it should be considered good practice that risk management and control functions be independent of profit centres and the CRO or equivalent should report directly to the board along the lines of the OECD principals for internal control functions reprinting to the audit committee or equivalent.