Corporate Governance

Week 6

4-1
 Define Corporate Governance

"a process by which the owners and creditors

of an organization exert control and require
accountability for the resources entrusted to
the organization. The owners (shareholders)
elect a board of directors to provide
oversight of the organization's activities"

4-2
 Accountability/Responsibility

Shareholders
Responsibility

Accountability
Elect

Board of Directors
Empower

Management
Engage

Operating management
4-3
 Primary parties involved in
corporate governance
Shareholders
Boards of Directors
Audit Committees of the Board
Management
Self-Regulatory Accounting Organizations (e.g.
MIA, MASB)
Other Self-Regulatory Organizations (e.g.
KLSE/BM, MESDAQ)
Regulatory Agencies (e.g. Securities Commission)
External Auditors
Internal Auditors

4-4
 Shareholders – Failure in CG

 Responsibility:
 Effective oversight through election of
BOD, approve major decisions, buy/sell
shares
 Failures:
 Focused on ST prices
 Failed to perform LT growth analysis
 Surrendered responsibilities to
management as long as share price
increased

4-5
 Board of Directors – Failure in CG

 Responsibility:
 Directly accountable to shareholders

 Failures:
 Inadequate oversight of management
 Approval of mgt’s compensation plans, esp
those which include share options
 Election of directors which are not
independent
 Insufficient time in performing duties
 Continually repriced share options when
market price declined
4-6
 Management – Failure in CG
 Responsibility:
 Operations & accountability - formulating
strategy & risk, implementing internal controls,
financial & other reports to stakeholders
 Failures:
 Earnings management to meet analysts’
expectations
 Fraudulent financial reporting
 Pushing accounting concepts to achieve
reporting objective
 Viewed accounting as a tool, not a framework,
for accurate reporting
4-7
 Audit Committee – Failure in CG
 Responsibility:
 Oversight of internal & external audit
function & the preparing of annual FS &
public reports on internal control.
 Failures:
 No expertise or time to provide effective
oversight
 Were not viewed by the auditor as the “audit
client”. The power to hire/fire often rested
with the management.

4-8
 Self-regulatory accounting
organisations – Failure in CG
 Responsibility:
 Setting accounting/auditing standards that
determine underlying financial reporting/
auditing concepts, set expectations of audit &
accounting quality
 Failures:
 Too rule-oriented in response to complex
economic transactions

4-9
 Other self-regulatory organisations
(KLSE/BM, MESDAQ)
- Failure in CG

 Responsibility:
 Ensuring efficiency of the financial markets,
including oversight of trading & companies
that are allowed to trade on the exchange
 Failures:
 Pushed for improvements for better CG by
its members, but failed to implement those
same procedures for its governing board &
management

4 - 10
 Regulatory agencies – Failure in CG
 Responsibility:
 Ensuring accuracy, timeliness & fairness of
public reporting of financial & other info for
plcs
 Failures:
 Identified problems but not provided with
sufficient resources by Govt to deal with the
issues

4 - 11
 External auditors – Failure in CG
 Responsibility:
 Performing audits of FS to ensure that they are
free of material misstatements, including those that
may be due to fraud
 Failures:
 Pushed accounting concepts to help orgns boost
earnings
 Promoted personnel based on ability to “cross-sell”
 Failed to uncover basic frauds, e.g. Worldcom &
HealthSouth because fundamental audit
procedures were not performed

4 - 12
 Internal auditors – Failure in CG
 Responsibility:
 Performing audits of companies for compliance
with company policies & laws, efficiency audits,
audits to determine accuracy of financial
reporting process
 Failures:
 Focused efforts on operational audits & left
financial reporting to external auditors
 Reported results to management with little
effective reporting to audit committee
 In some instances (Worldcom, HealthSouth),
did not have access to the corporate FS
4 - 13
 What are SEC concerns regarding
the auditing profession? (US)
 Auditors were no longer willing to
confront clients over questionable
accounting practices
 Consulting fees were impairing auditor
independence
 Accountants were using technical
interpretations of GAAP to push the
limits of accounting
4 - 14
 What are the Public Oversight Board
(POB) concerns? (US)
 Analytical procedures used inappropriately to
replace direct tests of account balances
 Audit firms not thoroughly evaluating internal
control and applying substantive procedures to
address weaknesses in control
 Audit documentation, especially related to audit
planning, did not meet professional standards
 Auditors ignored warning signs of fraud and other
problems
 Auditors were not providing sufficient warning
about companies that might not continue as 'going
concerns'
4 - 15
 Sarbanes-Oxley Act 2002 –
PCAOB’s authority & powers (US)
 Establishes the Public Companies Accounting Oversight Board
(PCAOB) with broad authority, including the power to set
auditing standards for audits of plcs
 Authority & powers:
 Set auditing standards - the PCAOB has chosen to set auditing
standards
 Set financial accounting standards - the PCAOB has chosen to
let the FASB continue to set accounting standards
 Set standards for the reports on internal control and risk
management
 Perform quality reviews of public accounting firms and
recommend penalties if the firms fail to perform
 Establish quality control standards for the audits of public
companies
 Require all public accounting firms that audit plcs to register
with the PCAOB and become licensed to perform such audits

4 - 16
SOX - auditor independence provisions?

 Prohibits audit firms from performing consulting work

for their audit clients (in most cases)
 Makes the Audit Committee the auditor's client
 Requires the Audit Committee to pre-approve any non-
audit services by the audit firm, e.g. tax planning
 Audit engagement partners, as well as other partners
and managers with significant roles in the audit, must be
rotated off the engagement every 5 years for plc’s
 A "cooling off" period before an audit partner or
manager can take a high-level position with an audit
client without jeopardizing the independence of the
public accounting firm
 Auditors must report on internal controls

4 - 17
 SOX - Management

 Requires the CEO and CFO to certify the accuracy of

the financial statements and provides criminal
penalties for misrepresentation
 Requires management to describe whether they have
implemented a Corporate Code of Conduct
 Requires management to report on the effectiveness of
internal control over financial reporting
 Increased disclosure of "off-balance sheet"
transactions or agreements that may have a material
effect

4 - 18
 SOX – Audit Committees
 All PLCs must have a fully independent Audit Committee
 Is designated as the audit client
 Has oversight responsibilities over the internal audit and
financial reporting processes
 Must be comprised of "outside" directors, i.e. not members of
management or have other relationships with the organization
 Must have at least 1 person who is a financial expert. Other
members must be knowledgeable in financial accounting and
control
 Must report on its activities to public, including the results of
significant discussions with the external auditor

4 - 19
 SOX - Audit committee responsibilities
 Be appraised of all significant accounting decisions
made by management
 Be appraised of all significant changes in accounting
systems and system controls
 Have authority to hire and fire the external auditor
 Review the audit plan and discuss audit results with
the auditor
 Have authority to hire and fire the head of the
internal audit function and set the budget for the
internal audit function
 Review the audit plan and discuss all significant
results
 Receive all regulatory audit reports and meet with
regulatory auditors to discuss findings

4 - 20
SOX - Required communications to the
audit committee (US)
 Auditing standards (SAS 61) require specific
communications between the audit committee and
the external auditor:
 Auditor's responsibility under Generally Accepted
Auditing Standards
 Significant Accounting Policies
 Management Judgments and Accounting
Estimates
 Significant Audit Adjustments
 Other Information in Annual Reports
 Disagreements with Management

4 - 21
Protections for Corporate Whistleblowers
under Sarbanes- Oxley
 Civil liability whistleblower protection
 Creates civil liability for companies that retaliate against

whistleblowers
 Protects only employees of publicly traded companies
 The employee must report the suspected misconduct to a

federal regulatory or law enforcement agency, a member

of Congress or committee of Congress, or a supervisor
 Employees are protected against retaliation for filing,

testifying in, participating in, or otherwise assisting in a

proceeding filed or about to be filed
 Protected even if the company is ultimately found not to

have committed securities fraud

4 - 22
Protections for Corporate Whistleblowers
under Sarbanes- Oxley
 Criminal liability whistleblower protection
 Makes it a crime to knowingly, with the intent to

retaliate, take any harmful action against a person for

providing truthful information relating to the commission
or possible commission of any federal offense
 Information must be provided to a law enforcement

officer in order for protection to be triggered

 Broader than the civil liability protections

 Protections covers all individuals regardless of where

they work

4 - 23
 Corporate governance in Malaysia
 Establishment of Securities Commission in 1993 to
regulate the market, CG
 Financial Reporting Act, 1997 --> introduces
accountability & transparency in the regulatory
environment
 Finance Committee on Corporate Governance
established, issued The Finance Committee Report
on CG (1999), sets out…
 The Malaysian Code on Corporate Governance 
principles & best practices for good governance by
plcs

4 - 24
 The Finance Committee Report on
Corporate Governance
 Strengthening laws over shareholder rights,
director duties, duties of other corporate
participants (with emphasis on RPT’s)
 Enhancing disclosure & transparency
 Promoting effective enforcement
 Development of a Malaysian Code of Best
Practices in CG  restructure BOD
composition, more effective
 Identification of training & education needs of
directors, other key corporate participants &
investors

4 - 25
Malaysian Code of Best Practices in CG
 Set by the Malaysian Institute of Corporate
Governance (MICG)
 MICG comprised of:
(a) The Federation of Public Listed Companies
(b) MIA
(c) MAICSA
(d) MICPA
(e) The Malaysian Institute of Directors
 Improvement of BOD composition – independent
directors, independence of working
 Increase in efficiency & accountability of BOD’s –
independent & seen to be independent

4 - 26
Malaysian Code of Best Practices in CG
 Enforcement by Bursa Malaysia in Revamp
Listing Requirements 2001.
 Requirements for companies to disclose in
reports/accounts:
(a) How have companies applied the principles set
out in the Code?
(b) To what extent have they complied with best
practices in the Code (with justification for
non-compliance)?
(c) To set out dates when the Code would be
complied with

4 - 27
 Recommendations of Finance
Committee Report
 Every plc should be headed by an effective BOD
which should lead & control the company
 BOD should have a balance of executive & non-exec
directors (including independent non-execs) such that
no individual or small group can dominate decision-
making
 Timely & high quality information should be
supplied to the BOD to enable decision making
 Formal & transparent procedures:
 For appointment of new directors
 All directors to submit themselves for re-election at
regular intervals, & at least every 3 years
 Annual Report should contain details of directors’
remuneration
4 - 28
 Recommendations of Finance
Committee Report (Contd.)
 Companies should use the AGM to
communicate with shareholders & encourage
their participation
 Audit Committees:
 Each plc to establish an AC of at least 3 non-
exec directors (majority of them independent),
with written terms of reference which deal
clearly with its authority & duties
 Chairman should be an independent non-
executive director

4 - 29
 Recommendations of Finance
Committee Report (Contd.)
 Audit Committees – duties (Contd.):
 Consider the appointment of external auditor, audit fee,
questions of resignation/dismissal
 Discuss with external auditor before audit commences,
the nature & scope of audit. Ensure co-ordination where
more than 1 audit firm is involved.
 Review half-year & annual FS, focusing on changes in
accounting policies/practices, significant adjustments
arising from audit, going concern assumption,
compliance with standards & other legal requirements
 Discuss problems & reservations arising from interim &
final audits, and any other matter the auditor wants to
discuss (in absence of mgt where necessary)
 Review external auditor’s management letter & mgt’s
response
4 - 30
 Recommendations of Finance
Committee Report (Contd.)
 Audit Committees – duties (Contd.):
 Where an internal audit function exists, to
ensure that it is adequately resourced & has
appropriate standing in the company.
 To review the IA programme
 Consider RPT’s
 Consider major findings of internal
investigations & mgt’s response
 Consider other topics as defined by the BOD

4 - 31
 Recommendations of Finance
Committee Report (Contd.)
 Audit Committee meetings
 Shall be attended by a representative of the IA function
& external auditors
 Other BOD members may attend meetings at the
invitation of the AC
 At least once a year, the AC will meet with external
auditors without the presence of executive BOD
members
 Companies should consider having an IA function
 External auditors should communicate matters of
governance to those in charge (ISA 260)

4 - 32
 Recommendations of Finance
Committee Report (Contd.)
 Directors’ Report on Internal Control
 Directors should report on internal controls
 Auditors should report on the effectiveness of
the controls
 Annual Report should contain a statement of
how the company applies CG principles &
explanation of policies. Also include
circumstances justifying departure from best
practice.

4 - 33