You are on page 1of 114


ACCA P1 Governance, Risk and Ethics

Carl R. Burch 4/26/2012

I put together these P1 notes when studying for the exam. Thought that it would be good to share them with you. Good luck with your Exam. If you have comments or questions you can reach me at the following email addess: |P a ge

Table of Contents A. Governance and Responsibility ................................................................................. 1

1. 2. 3. 4. 5. 6. 7. 8. 1. 2. 3. 4. THE SCOPE OF GOVERNANCE .......................................................................................................... 1 AGENCY RELATIONSHIP AND THEORIES ........................................................................................... 7 THE BOARD OF DIRECTORS ........................................................................................................... 13 BOARD COMMITTEES .................................................................................................................... 23 DIRECTORS REMUNERATION ........................................................................................................ 26 DIFFERENT APPROACHES TO CORPORATE GOVERNANCE ................................................................. 29 CORPORATE GOVERNANCE AND CORPORATE SOCIAL RESPONSIBILITY ............................................. 39 GOVERNANCE: REPORTING AND DISCLOSURE ................................................................................. 41 MANAGEMENT CONTROL SYSTEMS IN CORPORATE GOVERNANCE ................................................... 47 INTERNAL CONTROL, AUDIT AND COMPLIANCE IN CORPORATE GOVERNANCE .................................. 55 INTERNAL CONTROL AND REPORTING ............................................................................................ 62 MANAGEMENT INFORMATION IN AUDIT AND INTERNAL CONTROL................................................... 64

B. Internal Control and Review ................................................................................... 47

C. Identifying and Assessing Risk ................................................................................ 67

1. RISK AND THE RISK MANAGEMENT PROCESS .................................................................................. 67 2. CATEGORIES OF RISK .................................................................................................................... 68 3. IDENTIFICATION, ASSESSMENT AND MEASUREMENT OF RISK........................................................... 74

D. Controlling and Managing Risk .............................................................................. 79

1. TARGETING AND MONITORING OF RISK .......................................................................................... 79 2. METHODS OF CONTROLLING AND REDUCING RISK .......................................................................... 80 3. RISK VOIDANCE, RETENTION AND MODELING ................................................................................. 82

E. Professional Values and Ethics ................................................................................ 86

1. 2. 3. 4. 5. 6. 7. ETHICS THEORIES ......................................................................................................................... 86 DIFFERENT APPROACHES TO ETHICS AND SOCIAL RESPONSIBILITY .................................................. 89 PROFESSIONS AND THE PUBLIC INTEREST ....................................................................................... 93 PROFESSIONAL PRACTICE AND CODES OF ETHICS............................................................................ 96 CONFLICTS OF INTEREST AND THE CONSEQUENCES OF UNETHICAL BEHAVIOR ................................. 98 ETHICAL CHARACTERISTICS OF PROFESSIONALISM ....................................................................... 105 SOCIAL AND ENVIRONMENTAL ISSUES IN THE CONDUCT OF BUSINESS AND ETHICAL BEHAVIOR. ..... 106

i|P age


Governance and Responsibility

1. The Scope of Governance

a) Define and explain the meaning of corporate governance. Definition: The OECD says corporate governance is a: set of relationships between a companys directors, its shareholders and other stakeholders. structure through which the objectives of the company are set, and the means of obtaining these objectives and monitoring performance. The IIA says governance is: the system by which a company is controlled and directed. Governance includes the rules and procedures for making decisions on corporate affairs to ensure success while maintaining the right balance with stakeholders interest. Governance is the leadership and direction given to a company so that it can achieve the objectives of its existence. Note: Important points are boxed. Cadbury Report of 1992 said: Corporate Governance is the system by which organizations are directed and controlled. Explain the meaning of governance: Governance is the leadership and direction given to a company so that it achieves the objectives of its existence. Management is about making business decisions: governance is about monitoring and controlling decisions. Governance is not about formulating business strategy for the company. However, the responsibility of the board and senior managers for deciding strategy is an aspect of governance. The company will have improved risk management system. There will be clear accountability for executive decision making. It focuses management attention on introducing appropriate systems of internal control. It encourages ethical behavior and a CSR (Corporate Social Responsibility) perspective. It can help safeguard the organization from the misuse of assets and possible fraud. It can help to attract new investment into a company.
1|P a ge

Benefits to having GOOD corporate governance processes:

Seeks to put limits on excessive director remuneration. It could develop an excessively risk adverse culture amongst mangers. There could be too much reporting and not enough time to seek and pursue profit making activities. It could damper entrepreneurial activities. There could be too much excessive supervision, red tape and bureaucracy. The cost of operating internal controls exceeds any possible benefits. There is the possibility that the focus on meeting different stakeholder expectations will confuse management as to their corporate responsibilities.

Downside to governance:

b) Explain, and analyze the issues raised by the development of the joint stock company as the dominant form of business organization and the separation of ownership and control over the business activity. Joint stock companies have multiple shareholders. The shareholders own the company but generally do not run the company. There is a separation of ownership and control. In order to maintain control over the company, shareholders elect a board of directors who have oversight authority. The board then hires the CEO who is then responsible for putting together the management team to run the company. Since management does not have a vested interest in the company, they might not care as much whether the objectives of the company are met.

c) Analyze the purposes and objectives of corporate governance. Purpose of Governance: The purpose of corporate governance is to facilitate the effective, entrepreneurial and prudent management that can deliver the long-term success of the company. Good corporate governance should contribute to better company performance by helping a board discharge its duties in the best interest of the shareholders. If it is ignored, the consequences may well be vulnerability or poor performance. Good governance should facilitate efficient, effective and entrepreneurial management that can deliver shareholder value over the longer term.

d) Explain, and the apply in context of corporate governance, the key underpinning concepts of: i. ii. iii. Honestly/probity Be honest that statements about the company are truthful. Not putting a spin on the facts. Accountability The emphasis is the managers accountability to the shareholders, but also accountable to other possible stakeholders. Independence The emphasis is making sure that there are truly nonexecutive directors on the board who are free to critique the job performance of management. Independence is not having a conflict of interest issue. Responsibility The board has a responsibility to oversee the work on management. The board should also retain responsibility for certain key


decisions, such as setting strategic objectives and approving critical capital investments. v. Decision making / judgment All directors are expected to have sound judgment and to be objective in making their judgments. The OECD says the board should be able to exercise judgment on corporate affairs independent, in particular, from management. Reputation A companys reputation, if good, is built on success and management competence. However, it might take years for a company to gain its reputation and only a day for it to get ruined. Companies that are badly governed can be at risk of losing goodwill from investors, employees and customers. Integrity This is similar to honestly, but it also means behaving in accordance with high standards of behavior and a strict moral or ethical code of conduct. This means doing the right thing. Being a straight shooter. Fairness This means that all shareholders should receive fair treatment from the directors (one share one vote). This also means taking into account the other stakeholders of the company, such as suppliers, creditors, employees, local community, etc. Transparency / openness This means not hiding anything. Transparency means clarity. This involves full disclosure of material matters which could influence the decisions of stakeholders.





Note: A good way to remember the key concepts of corporate governance is to think of the mnemonic HAIRDRIFT. e) Explain and assess the major areas of organizational life affected by issues in corporate governance. i. Duties of directors and functions of the board (including performance measurement). Directors have a fiduciary duty to act in the best interest of the company. They need to use their powers for proper purpose, avoid conflicts of interest and exercise a duty of care. The composition and balance of the board (and board committees). Boards must be balanced in terms of skill and talents from several specialisms relevant to the organizations situation and also in terms of age (to ensure senior directors are brining on newer ones to help succession planning). Reliability of financial reporting and external auditing. The reliability of the financial reports is crucial to ensuring that management is held accountable. External auditors need to make sure that they are getting the right information in order to verify the reliability of the financial reports. External auditors cannot be fearful of asking awkward questions because of fear of losing the audit. Directors remuneration and rewards. Directors remuneration has to be seen as being fair. Excessive salaries and bonuses has been seen as one of the major corporate abuses for a number of years. Responsibility of the board for risk management systems and internal control. Boards should meet regularly as to provide proper oversight for risk management and internal control systems. Without proper oversight, the organization may have inadequate systems in place for measuring and reporting on risks.






The rights and responsibilities of shareholders, including institutional investors. Shareholders should have the right to receive all material information that may affect the value of their investment and to vote on measures affecting the organizations governance. Corporate social responsibility and business ethics. Corporate social responsibility and business ethics is an important part of the corporate governance debate. At this point, there is not any real consensus about these issues.


The South African King report commented that The relationship between a company and its stakeholders should be mutually beneficial. This inclusive approach is the way to create sustained business success and steady long-term growth in corporate value. However, the Hampel report emphasized responsibility towards shareholders and states that it is impractical for boards to be given lots of responsibilities towards the wider stakeholder community. f) Compare, and distinguish between public, private and non-governmental organizations (NGO) sectors with regard to the issues raised by, and scope of, governance. THESE ANSWERS MIGHT NEED EXPANDING. Public Sector Governance requirements stress the need for assessing the effectiveness of policy and arrangements for dialogue with users of services. Private The private sector is concerned with the continued existence of the company. Therefore, having good governance processes is of vital importance. NGOs Non-governmental organizations provide services which are not normally provided by either public or private organizations. Therefore, they need governance processes which can ensure that they are providing the best service possible.

g) Explain and evaluate the roles, interests and claims of, the internal parties involved in corporate governance. i. Directors Have an operational role in running the company, developing strategies, etc. Concerning corporate governance, directors have the role to act responsibly; to act with honesty; be accountable, etc. (HAIRDRIFT). Company Secretaries Company secretaries are an officer of the company and as such they have an operational role in the company. For example, company secretaries might sign some contracts, or declare some relevant matters to the proper authorities. They also have role to play in corporate governance by making sure that the directors are complying with corporate governance. Some of the functions / responsibilities of the company secretary are listed below: Should be responsible for providing relevant, reliable and timely information to all directors, so that they are able to make well-informed judgments in contributing to decision-making by the board. Should be an expert on the regulations and corporate governance, so that he can advise the board on any matters in which a governance issue should be considered.


Although the chairman should be responsible for induction of new directors and continuing professional development of established directors, the company secretary is likely to be given the responsibility for organizing induction and, where appropriate, CPD for directors. The chairman is also responsible for the performance appraisal of the board, board committees and individual directors. The company secretary should be the first point of contact for any NED wanting assistance or information from the company.


Sub-board management If a manager is not on the board, then he or she is considered to be part of sub-board management. This person might be the purchasing agent, human resource manager, etc. Concerning operational roles, directors develop strategies to achieve some objective, and it will be the sub-board managers who have to take the strategy and develop the tactics to achieve the objectives of the organization. Employees Employees have an operational role to carry out the tactical plans of the sub-board management. As far as corporate governance, the employees have the responsibility to comply with the corporate governance systems in place and adopt appropriate culture. They need to implement the risk management and control procedures and to report back if controls are not working as they should. Unions Unions have a responsibility to protect the interest of the employees. As such, the ability of management to alter its working practices, for example, may depend on obtaining the cooperation and support of the trade unions.



h) Explain and evaluate the roles, interest and claims of, the external parties involved in corporate governance. i. Shareholders (including shareholders rights and responsibilities) The role of governance is to protect the rights of all shareholders, including the right to vote for board members, etc. External Auditors Auditors try to influence to the company to present reliable and accurate financial statements. Auditors can also influence by recommending ways to improve the strength of internal controls within the company. They can also provide other audit services such as social and environmental audits. They can also highlight governance and reporting issues of concern to investors. Regulators Regulators (i.e., SEC, etc.) have a role of making sure that public companies financial information is transparent, reliable and accurate. Regulation can be defined as any form of interference with the operation of the free market. This could involve regulating supply, price, profit, quantity, entry, exit, information, technology, or any other aspect of production and consumption in the market. Government Like regulators, the government has a role to make sure that regulators are doing their job in making sure that public companies are abiding by the laws and regulators of the country.





Stock exchanges Public companies list their shares on regulated stock exchanges, such as New York Stock Exchange, NASDAQ, American Stock Exchange, London Stock Exchange, and many others. Stock exchanges are privately owned and thus they need to protect their reputation. Stock exchanges are regulated and thus require listed companies to abide by governmental regulations. Stock exchanges are important because they provide regulatory frameworks in principles-based jurisdictions. Stock exchange regulation can therefore have a significant impact on the wary corporate governance is implemented and companies report.


Small investors (and minority rights) The role of governance is to protect the interest of the minority shareholders; to make sure that their voices are heard and that they are treated equally. Institutional investors (Analyze and discuss the role and influence of institutional investors in corporate governance systems and structures, for example, the roles and influences of pension funds, insurance companies and mutual funds) - Institutional investors manage funds of individual investors. They are organizations which pool large sums of money and invest those sums in security, real property and other investment assets. They can also include operating companies which decide to invest its profits to some degree in these types of assets. Pension funds. Insurance companies. Investment and unit trusts. Venture capitalist organizations.


Major institutional investors are:

Institutional investors will have a lot of influence in the management of corporations because they will be entitled to exercise the voting rights in a company. They can actively engage in corporate governance. Furthermore, because institutional investors have the freedom to buy and sell shares, they can play a large part in which companies stay solvent, and which go under. Influencing the conduct of listed companies, and providing them with capital are all part of the job of investment management. Intervention by institutional shareholders: Under extreme circumstances, the institutional shareholders may intervene more actively, by, for example, calling a company meeting in an attempt to unseat the board. Reasons why institutional investors might intervene: Concern about the strategy in terms of product, markets and investments. Poor operational performance. Management is dominated by a small group of executive directors, with NEDs failing to hold them accountable. Major failure of internal controls, particularly in the area such as health and safety, pollution or quality.

Failure to comply with laws and regulations or governance codes. Excessive levels of directors remunerations. Poor attitudes towards corporate social responsibility.

2. Agency Relationship and theories

a) Define and explore agency theory. Agency theory is a theory of the relationship between the principal and an agent. In limited companies, the directors and senior managers act as agents of the shareholders, who own the company. Agency theory is based on the view that when an agent represents a principal, the self-interest of the agent is different from the interests of the principal. Without suitable controls and incentives, the agent will make decisions and actions that are in his or her own interest rather than those of the principal. Agency theory is relevant to corporate governance because many of the measures recommended for good governance are concerned with controls and incentives that will persuade agents to act in the shareholders best interest. o For example, controls are applied through accountability and incentives are given in remuneration packages. b) Define and explain the key concepts in agency theory: i. Agents The agents are the directors and senior management of the company. They are selected and hired to run the company in the best interest of the shareholders. Principals The principals are the shareholders. They elect the board and the board hire the CEO who is in charge of putting the management team together. Agency An agency relationship arises when one or more persons (the principals) engage another person (the agent) to perform some service on their behalf that involves delegating some decision making authority to the agent (Jensen and Meckling). Agency costs Agency costs are the costs of having an agent make decisions are behalf of a principal. Applying this to corporate governance, agency costs are the costs that the shareholders incur by having managers run the company instead of running the company themselves. There are three costs associated with agency costs: Cost of monitoring. The owners of the company have to establish systems to monitor the actions and performance of management, to try to ensure the management is acting in the best interest of the company. Bonding costs. These are costs to provide incentives to managers to act in the best interest of the company.




Residual loss. Costs to the shareholders of management decisions that are not in the best interest of the shareholders (but in the interest of the managers themselves).

Agency costs = monitoring costs + bonding costs + residual costs. v. Accountability Agents should be held accountable for their decisions and actions. Accountability means: Having to report back to the principal to give an account of what has been achieved. Having to answer questions from the principals about the performance and achievements. Having the power to reward or punish the agent for good or bad performance.

Greater accountability should reduce agency problems because it provides management with an incentive to achieve performance which is in the best interest of the shareholders. However, incentives should not be excessive where the cost of the incentive is greater than the benefit that the monitoring provides. vi. Fiduciary responsibilities Fiduciary duty is a duty of the agent to act for the good of the company. A person with fiduciary duty is in a position of trust. However, the existence of fiduciary duty is not sufficient to insure that there is good corporate governance. Evan and Freeman argued that management bears a fiduciary relationship to stakeholders and to the corporation as an abstract entity. It must act in the interests of the corporation to ensure the survival of the firm, safeguarding the long-term stakes of each group. The main fiduciary duties of directors are: o Act in the best interest of the company. o Avoiding conflict of interest. o Using powers of proper purpose. o Having a duty of care. vii. Stakeholders Stakeholders are parties (both internal and external) who have an interest in well-being of the company. The different stakeholders include: management, shareholders, vendors, creditors, board of directors, employees, regulators, pressure groups (like PETA, Green Peace, etc.), auditors, and the local community.

c) Explain and explore the nature of the principal-agent relationship in the context of corporate governance. Jensen and Meckling defined the agency relationship as a form of contract between the companys owners and its managers, where the owners appoint an agent to manage the company on their behalf. The owners expect the agents to act in the best interest of the owners. Ideally, the contract between the owners and managers should be sure that he managers always act in the between interest of the owners. However, it is impossible to arrange the perfect contract, because decisions by the

managers affect their own personal welfare as well as the interest of the owners. This raises a fundamental question. How can managers, as agents of their company, be induced or persuaded to act in the best interests of the shareholders?

d) Analyze and critically evaluate the nature of agency accountability in agency relationships. In the context of agency, accountability means that the agent is answerable under his contract to his principal and must account for the resources of his principal and the money he has gained working on his principals behalf.

Two issues with the idea of agents being held accountable: 1) How does the principal enforce this accountability? 2) What if the agent is accountable to parties other than his/her principal? How does he/she reconcile possible conflicting duties. e) Explain and analyze the following other theories used to explain aspects of the agency relationship. i. Transaction costs theory. Transaction cost theory was developed by Coase and Williamson is an economic theory. Is based on the idea that companies have to decide which activities are needed to be performed in house and which activities it can buy from external sources. It attempts to provide an explanation of the actions and decisions of managers that are not consistent with rationality and profit maximization. Williamson argued that the actions and decisions of managers are based on a combination of bounded rationality and opportunism. Bounded rationality means that the manager will have limited understanding of alternatives. This may imply that they will play it safe and concentrate only on safe markets. Opportunism means that managers make decisions based on their own personal interests.

Conclusion: Managers should be controlled to prevent them from acting in their own interests rather than in the best interest of the shareholders. This theory is consistent with agency theory and provides a theoretical justification for the need for rules or principles of good corporate governance. Need to make sure that the objectives of management and the shareholders are congruent. ii. Stakeholder theory. Companies provide not only wealth to the shareholders, but they provide jobs to a employees and contribute the national and local economies. Companies are corporate citizens and thus they have a responsibility to society.

There is a close link between stakeholder theory and CSR. In addition to providing returns to shareholders, companies have a responsibility to its employees, customers, governments, communities, suppliers, lenders and the general public. Accountability is an important aspect of responsibility. This means that companies not only should report to its shareholders, but also provide information to its stakeholders, either by producing more reports or by including more information in its annual reports. This might explain the publication by some companies of an annual sustainability report and employee reports for the benefit of the companys employees.

Mendelows power/interest matrix. Interest is horizontal, and power is vertical. Four quadrants Ignore, Keep informed, Keep satisfied, and Key Players.

Level of Interest Low Weak Ignore


High Keep Informed


Keep Satisfied

Key Players

Ignore quadrant Stakeholders who are in this category can be ignored by the company. In this quadrant might be the government, or some shareholders, or employees who really dont have any power or interest. However, this does not take into account any moral or ethical considerations. It is simply the stance to take if strategic positioning is the most important objective. Keep Informed Most shareholders would fall into this quadrant. You need to keep shareholders informed of whats going on (e.g., annual report), but they dont exert much power. However, stakeholders in this quadrant can increase their overall influence by forming coalitions with other stakeholders in order to exert a greater pressure and thereby make themselves more powerful. Keep Satisfied In this quadrant the stakeholder doesnt have much interest but does have strong power over the company. All these stakeholders need to do to become influential is to re-awaken their interest. This will move them across to the right and into the high influence sector, and so the management strategy for these stakeholders is to keep satisfied.

Key players Key players are those who have the greatest influence on the company. This question here is how many competing stakeholders reside in that quadrant of the map. If there is only one (e.g., management) then there is unlikely to be any conflict in a given decision-making situation. If there are several, then there are likely to be difficulties in decision-making and ambiguity over strategic direction. Different categories of Stakeholders: As far as stakeholders, have to understand the differences on how to categorize stakeholders. Including: Internal and external stakeholders. This is probably the easiest distinction between stakeholders. o Internal stakeholders management. will typically include employees and

o External stakeholders will include customers, competitors, suppliers, and so on. Some stakeholders might be more difficult to categorize, such as trade unions that may have elements of both. Narrow and wide (Evans and Freeman). o Narrow are those that are most affected by the org. policies and will usually include shareholders, management, employees, suppliers, and customers who are dependent upon the organizations output. o Wide are those not so much affected, including government, lessdependable customers, the wider community, etc. The Evans and Freeman model may lead some to conclude that an organization has a higher degree of responsibility and accountability to its narrower stakeholders. Primary vs. secondary (Clarkson). o A primary stakeholder is one without whose continuous participation the corporation cannot survive as a going concern. So primary are those that do influence the company and those that do not (i.e. shareholders, customers, suppliers and government (tax and legislation)). o Secondary are those that the org. does not directly depend upon for its immediate survival (e.g. broad communities and perhaps management, since management can be replaced. Active and passive stakeholders (Mahoney). o Active stakeholders are those who seek to participate in the organizations activities. These stakeholders may or may not be part of the formal structure. Management and employees obviously fall into this active category, but so may some parties from outside an organization, such as regulators, environmental pressure groups, and possibly large investors (i.e. institutional investors).

o Passive stakeholders are those who do not normally seek to participate in an organizations policy making. This is not to say that passive stakeholders are any less interested or less powerful, but they do not seek to take an active part in the organizations strategy. Passive stakeholders will normally include most shareholders, government, and local communities. Voluntary vs. involuntary. o Voluntary include the employees (those with transferable skills), most customers, suppliers and shareholders. o Involuntary are those who do not chose to be stakeholders, but are so nevertheless, for example, local communities, future generations, and most competitors. Legitimate vs. illegitimate. o This one is more difficult and it might depend on your viewpoint. While those with an active economic relationship with an organization will almost always be considered legitimate, others that make claims without such a link, or that have no mandate to make a claim, will be considered illegitimate by some. o While a terrorist would be considered illegitimate, there is more debate on the legitimacy of the claims of lobby groups, campaigning organizations, and non-governmental/charitable organizations. Recognized vs. unrecognized. o This categorization follows on from the debate over legitimacy. If an organization considers a stakeholders claim to be illegitimate, then the organization would not recognize the stakeholders claim when making a decision. Known and unknown. o Finally, some stakeholders are known about by the organization in question and others are not. This means, of course, that it is very difficult to recognize whether the claims of unknown stakeholders (e.g., nameless sea creatures, communities in close proximity to overseas suppliers, etc.) are considered legitimate or not. Some say that it is a moral duty for organizations to seek out all possible stakeholders before a decision is taken and this can sometimes result in the adoption of minimum impact policies. For example,, even though the exact identify of a nameless sea creature is not known, it might still be logical to assume that low emissions can normally be better for such creatures than high emissions. Instrumental and normative motivations of stakeholder theory. o The instrumental viewpoint is that organizations only take shareholder opinions into account only insofar as they are consistent with the economic objectives of the company. o The normative viewpoint takes a more moral stand. Based on the moral philosophy of Immanuel Kant (1724-1804) who believed the each of us has a moral duty to account for each others concerns and opinions.

Kant talked about the civil duty, which he believed important in maintaining and increasing overall good in society.

3. The Board of Directors

a) Explain and evaluate the roles and responsibilities of boards of directors. The board should be responsible for making major policy and strategic decisions. Directors should have a mix of skill and their performance should be assessed regularly. Boards are collectively responsible for: Promoting the success of the company Providing leadership and direction. Managing risks and instituting the appropriate systems of internal controls. Supervising lower levels of management and employees. Setting the strategic goals and targets of the company. Ensuring that the necessary financial and human resources are in place. Reviewing managerial performance.

Other responsibilities are: Monitoring the CEO. Overseeing the implementation of corporate strategy. Monitoring risks, control systems and systems of CG. Monitoring HR issues like succession planning, training, remuneration, etc. Ensuring the effective communication of strategic plans to stakeholders.

It was suggested by UK Cadbury report that, as a principle of good corporate governance, there should be a formal list of matters reserved for collective decisionmaking by the board. These matters include: Strategy approving long-term objectives, deciding commercial strategy, approving budgets, oversight of operational performance. Investments approving major capital investments, major contracts, acquisitions and disposals. Decisions on capital structure and financing. Decisions on major organization and management re-organization. Review of the effectiveness of internal controls and risk management systems. This function might be delegated to internal auditing, if the company has an internal auditing function. Communication with shareholders. Remuneration of executive directors and other senior executive managers. Appointments to the board.

Company policies. Proposing dividends.

b) Describe, distinguish between and evaluate the cases for and against, unitary and twotier board structure. In most countries, companies have a single board of directors (unitary board). This board would consist of executive and non-executive directors, with a chair and a CEO. Some countries have a 2-tier board structure (Germany and Netherlands), consisting of: A management board of executive directors (headed by the CEO or managing director). o The management board reports to the supervisory board. o Is responsible for day-to-day running of the business. A supervisory board of NED (headed by the chair of the company). o This board has no executive function; however it may review the companys direction and strategy. It is meant to safeguard shareholder interest. o Receives formal reports of the state of the companys affairs and finance. o It approves the accounts and may appoint committees and undertake investigations. In a 2-tier company board structure: Membership of the two boards is entirely separate. The effectiveness of this type of structure will depend on the relationship between the chair and CEO. In public companies: It is usual in a unitary board for most non-executive directors (NEDs) to be classified as independent. Most NEDs in a supervisory board would not be regarded as independent. In a 2-tier board structure, NEDs on the supervisory groups often are: o Represent interest groups (e.g., employees or major shareholders), or o Former executive directors of the company, possibly former members of the management board who have now retired form the company. 2-tier board
Advantages Responsibilities for management and governance are clearly separated. Supervisory board membership recognizes interests of stakeholders groups. Executive directors and NEDs have different responsibilities and duties. Disadvantages Supervisory board can be very large. Decision-making might be slower than with a unitary board. Might be the risk of conflict between the two boards. Risk of conflict between interest groups on the supervisory board


Unitary board
Advantages Unitary boards can be small in size because there are no requirements to appoint directors who represent stakeholder interest groups. It is easier for the NEDs and the executive directors to work co-operatively. Unitary boards work towards a common goal, which is what the board considers to be in the best interest of the shareholders and others. Disadvantages Can also get too large if not careful.

If there is a conflict between chair and CEO, this can negatively affect the company. As with any board, there not be a consensus of what the goals are.

c) Describe the characteristics, board composition and types of, directors (including defining executive and non-executive directors (NED). The Combined Code states that at least one half of the board members should be independent non-executive directors, with a minimum of 3 NEDs. There has to be a balance between EDs and NEDs. The Combined Code also states that a former CEO of a company should not move on to become the company chairman. The Combined Code argues that the power of chairman and CEO should not be held by one individual because it gives too much power on the board to that individual. A chairman, who may be any executive director but is usually a NED. Sometimes a deputy chairman. A chief executive officer, who an executive director. Other executive directors, possibly including the CFO, COO, and others. Other NEDs.

Board composition:

Balance of Power: The board should contain a suitable balance of power in order to prevent one person or group of people from dominating the decision making of the board. When there are several independent minded individuals on the board, it is more likely that the interest of the shareholders, and possibly also other stakeholders in the company will be properly represented. Several ways to achieve suitable balance: o The same individual should not hold the position of CEO and chairman at the same time. o The roles of the CEO and chairman should be specified formally so that one individual is not able to take responsibilities away from the other. There needs to be a written charter. o There needs to be the presence of independent non-executive directors on the board. The Combined Code states that for large stock market companies, a majority of the board should be independent NEDs (50%).

o There should be a senior NED with sufficient strength of character to challenge both the chairman and CEO if this seems necessary. This person needs to be able to ask hard questions. o The NEDs must be effective in their roles. They need to be able to give sufficient time to the company. o Some decision making should be delegated to the board committees to remove decision making from directors in cases where there is a conflict of interest, or to act as a check on some of the activities of executive directors (for example the audit committee). Executive and NEDs: Executive directors are directors who also have executive management responsibilities in the company. They are normally full-time employees. NEDs are directors who do not have any executive management responsibilities. o They are not employees of the company. o They are not full-time. When they are appointed, there should be a clear understanding about how much time (each month or each year) the NED will probably be required to give to the companys affairs. d) Describe and assess the purposes, roles and responsibilities of NEDs. The Higgs report commented that the role of the NED is frequently described as having two main elements: (1) monitoring executive activity and (2) contributing to the development of strategy. Higgs identified four roles for NEDs. 1) Strategy. Should contribute development of the companys business strategy. 2) Scrutinizing performance. The NEDs need to scrutinize the performance of management. 3) Risk management/Internal control. NEDs should satisfy themselves that financial information produced by management is reliable. They need to satisfy themselves that financial controls and systems of risk management are robust and defensible. 4) People. They should be involved in the people side of running the company, including their roles on the nomination committee and remuneration committees. NEDs are responsible for deciding the level of remuneration of executive directors. They also have a prime role in appointing and removing senior management, and in succession planning. Cross-directorship is a situation where the executive director of one company (company A) sits on the board of another company (company B). At the same time, a executive director of company B, sits on the board of company A. When this situation exists, the NEDs involved might be reluctant to criticize each other. In practice, many companies do not allow cross-directorships. Lack of independence if appointed by the NED. Lack of authority to impose their views.

Some of the problems that can occur with the appointment of NEDs:

Often confined to represent the views of the stakeholders. A limited amount of time they can devote to the board. May be a difficulty in recruiting good NEDs limited supply. Not involved in share scheme. Their service should not be pensionable. Should be for a specific period. The NED should not have any business, financial or other connection with the company-apart from fees and shareholdings. Re-appointment should not be seen to be automatic. The full board should decide on their selection and appointment. NED must be able to take external professional advice where necessary and the costs of same have to be borne by the company.

Ways to ensure independence:

e) Describe and analyze the general principles of legal and regulatory frameworks within which directors operate on corporate boards. Duties while in office: Legal rights and responsibilities. Directors are entitled to fees and expenses according to the companys constitution. Directors have a duty of care to show reasonable competence and may have to indemnify the company against loss caused by their negligence. Directors are also said to be in a fiduciary position in relation to the company. Duty to act within powers. Directors have to operate in accordance with the companys constitution and only to exercise powers for the purpose for what they were elected for. Duty to promote the success of the company. The law should encourage long-termism and regard for all stakeholders by directors and that stakeholder interests should be pursued in an enlightened and inclusive way. Duty to exercise independent judgment. This means that directors should not delegate their powers of decision-making or be swayed by the influence of others. Duty to exercise reasonable skill, care and diligence. Directors have the duty of care to show reasonable skill, care and diligence. Duty to avoid conflict of interest. A director is an agent of the company. A director would be in breach of fiduciary duty to the company, for example, if he puts his or her own interests first, ahead of the interests of the company. A breach of fiduciary duty would also occur if a director has an interest in a contract with the company but fails to disclose this interest to the rest of the board and obtain their approval. Duty not to accept benefits from third parties. This duty prohibits the acceptance of benefits (including brides) from third parties conferred by reason of them being a director, or doing, (or omitting to do) something as a director.

Duty to declare interest in proposed transaction or arrangement. Directors are required to disclose to the other directors that nature and extent of any interest, direct or indirect, that they have in relation to a proposed transaction or arrangement with the company. Insider dealing / trading. o An insider is someone who has business connection with an entity as a result of which they may acquire relevant information. o Insider dealing is where a person with inside information buys or sells shares or securities in an entity. o An insider in possession of unpublished price sensitive information should not deal. o An offense is also committed if the insider encourages another person to deal. o The person dealing as a result of that encouragement, and believing the source to be an insider, is also committing an offense. o Disclosure of insider information, other than in the proper course of employment to an authorized person, is also an offense.

Leaving Office: Departure from office. A director may leave office in the following ways: o Resignation. o Not offering him or herself for reelection. o Death. o Dissolution of the company (e.g. bankruptcy). o Being removed from office. o Prolonged absence (generally more than 6 months). o Being disqualified. o Agreed departure. Time limited appointments. Ordinary directors may have to retire from the board on reaching a retirement age or may not be able to seek reelection. o Time-limited appointments. Existing directors are required to stand for re-election at regular intervals. o Fixed term contracts. NEDs are usually appointed for a fixed term. In the UK, normal practice is for 3-years. At the end of this term, the appointment might be renewed for a further 3-years. Retirement by rotation. It is usual for directors who retire by rotation and stand for re-election to be reelected by a very large majority. In the UK, most companies include in their constitution a requirement that one-third of directors should retire each year by rotation and stand for re-election. This means that each director stands for re-election every three years. (this is why appointments of NEDs are for periods of 3-years.) Service contracts. Executive directors have service contracts with the company. A service contract includes terms such as entitlement to

remuneration including pension rights, and a minimum notice period for termination of office. Removal. When a director performs badly, it should be expected that he or she will be asked by the board or the company chairman to resign. This is the most common method by which directors who have failed are removed from office. When a director is removed from office, he or she retains contractual rights, as specified in his or her contract of employment. This could involve a very large payment. Disqualification. The corporate law of a company might provide for the disqualification of any individual acting as a director of any company, where the individual is guilty of behavior that is totally unacceptable from a director. This could include: o When a director is bankrupt. o Director is suffering from a mental disease. o Director has been found guilty of a crime in connection with the formation or management of a company. f) Define, explore and compare the roles of the CEO and the board chairman. Role of the CEO: The CEO is responsible for the executive management of the company operations. The CEO is the leader of the management team, and all senior managers report to the CEO. If there is an executive management committee for the company, the CEO should be the chairman of this committee. The CEO reports to the board on the activities of the entire management team, and is answerable to the board for the companys operational performance. Risk management. The CEO is responsible to manage the companys risk profile. Liaison with stakeholders. The CEO need to deal with those interested in the company. The chairman must act as the spokesperson of the board. Is the conduit of communication between the CEO and the shareholders. Ensuring that the board as a whole and also individual directors contribute effectively to the work of the board. o Sets the agenda for the board meetings. o Provides suitable information before each board meeting. o At board meetings, encourages open dialogue between members of the board. o Helps non-executive directors to contribute effectively to the company. The chairman is responsible for the effectiveness of the board. He is therefore responsible for:

Role of the Chairman:

o The induction of all new directors, and o The annual performance review of the board, board committee and individual directors. Also sets the tone at the top. Should be the advocate of ethical behavior in the company. An effective chairman should establish a close working relationship with the CEO and should ensure that all decisions by the board are implemented. He or she should promote best practice in corporate governance and high standards of ethical conduct by the company and its employees. He or she should provide leadership for the company are represent its views with external stakeholders, including the shareholders.

Summary of the roles of CEO and Chairman CEO Executive director. Full time employee Reporting Lines All executive managers report, directly or indirectly, to the CEO. The CEO reports to the Chairman and to the board generally. Main responsibilities Main responsibilities Head of the executive management Leader of the board, with responsibility team. for its effectiveness. Business strategy leadership. Make financing decisions. development and and To make sure that the board fulfills its role successfully. Chairman Part-time. Usually independent. Reporting Lines No executive responsibilities. Only the company secretary and the CEO report to the chairman directly, on matters relating to the board.

investment To ensure that all directors contribute to the work of the board.

Managing the companys risk profile. Implement board decisions. Involvement committees. with certain board

Division of responsibilities: The role of the CEO and chairman should be separated. The CEO runs the company and the chairman runs the board. Reasons to separate: The separation of roles avoids any conflicts of interest. It is difficult to make the CEO accountable if there is no one senior to him or her.

The board can make the CEO more accountable for management of the company if there is a separate Chairman of the board. The UK 2nd Combined Code suggests that the retired CEOs should not become Chair of the same company. The main concern is that he or she would interfere too much in the running of the company by the new CEO. The Cadbury report stated that if the roles were combined, there should be a strong independent element to the board with NEDs. Higgs states that one senior member of the NEDs should be appointed who would be available to shareholders who had concerns that could not be resolved through normal channels.

g) Describe and assess the importance and execution of, induction and continuing professional development of directors on boards of directors. The UK Higgs report provides guidance on the development programs. Induction of new directors: When directors are appointed to the board of a company, they are expected to bring the benefits of their knowledge, skill and experience to the discussions of the board. Directors need to build an understanding of the nature of the company, its business and its markets. This includes: o The companys culture and values. o The companys products and/or services. o The structure of the company/subsidiaries/joint ventures. o Major risks and risk management strategy. o Key performance indicators. o Regulatory constraints. Build a link with the companys people. o Meet with senior management. o Visit company sites. o Participate in the boards strategy development. o Briefing on internal procedures. Build an understanding of the companys main relationships including meeting with auditors. o Major customers. o Major suppliers. o Major shareholders. Continuing Professional Development: CPD is necessary to make sure that directors remain up to date on their relevant professional knowledge.


Higgs report suggests that CPD of potential directors should concentrate on the role of the board, obligations and entitlements of existing directors and the behaviors need for effective board performance. Topics for professional development would include financial management training, HR issues, CG developments, risk management updates on legal and regulatory issues, audit practice and procedures, financial reporting and strategic planning.

h) Explain and analyze the frameworks for assessing the performance of boards and individual directors (including NEDs) on boards. Performance of the board: Aim is to improve board effectiveness, maximizing strengths and tackling weaknesses. Performance of individual directors and the board as a whole needs to be appraised regularly. In the UK there is a requirement for an annual performance review. Ideally, the assessment should be by an external third party who can bring objectivity to the process. Performance of the whole board needs to include: o A review of the boards systems (conducting meetings, work of committees, quality of written documentation). o Performance measurement in terms of standards it has established, financial criteria, and non-financial criteria relating to individual directors. o Assessment of the boards role in the organization (dealing with problems, communicating with stakeholders). Higgs Report lists a number of criteria that can be used to monitor the effectiveness of boards. o Performance against objectives. o Contribution to strategic development. o Contribution to risk management. o Contribution to the development of corporate culture. o Appropriate composition of the board and committees. o Effectiveness of responses to crises and problems. o The proper delegation of matters to lower levels and the reservation of matters for board decision. o Effectiveness of internal and external communications. o The extent to which the board is kept appraised of developments. o The effectiveness of the board committees. o The quality of information supplied to board members. o The number of board meetings held. o The extent to which the board has met all legal, financial reporting, regulatory and CG requirements.

Performance of individual directors: Need to use the following criteria when judging the performance of the individual director. Independence: This means avoiding conflict of interest. Preparedness: The director knows the key staff, organization structure, industry and regulatory background. Practice: The director participates in board meetings, questions, insists on obtaining information, and undertakes CPD. Committee work: The director participates fully in audit, risk and nominations committees (remunerations for NEDs). Development: The director makes suggestions as to strategic choice and direction. If the director considers performance to be unsatisfactory, he should consider ways of encouraging directors to improve their performance.

4. Board Committees
a) Explain and assess the importance, roles and accountabilities of, board committees in corporate governance. A board committee is a committee set up by the board, and consisting of selected directors (both executive and non-executive), which is given responsibility for monitoring a particular aspect of the companys affairs for which the board has reserved the power of decision-making. The role of a committee is to monitor an aspect of the companys affairs, and: Report back to the board, and To make recommendations to the board.

The full board should make a decision based on the committees recommendations. If a board was to reject the recommendations of a committee, then the board needs to give a very good reason for doing so. A board committee needs to meet with sufficient frequency to enable it to carry out its responsibilities. It is important to remember, however, that a board committee is not a substitute for executive management and a board committee does not have executive powers. A committee might monitor activities of executive managers, but it does not take over the job of running the company from management. b) Explain and evaluate the role and purpose of the following committees in effective corporate governance. i. Remuneration committees. The Remuneration Committee deals with the remuneration of executive directors and senior managers. Some believe that the remuneration of directors should be linked to company performance.


Level of remuneration should be sufficient to attract and retain and motivate directors to do a good job, but should not pay them more than is necessary for this purpose. There should be a final and transparent procedure for developing policy on executive remuneration and for fixing the remuneration package of individual directors. No director should be involved in deciding his or her own remuneration. There should be limited contracts of service periods, ideally for one year. The committee should be made up of independent NEDs.

ii. Nominations committees. The Nominations Committee has the responsibility to identify and recommend individuals for appointment to the board and executive director. The committee should play an active role in the companys succession planning. This means planning for the eventual retirement of the: CEO, The board chairman, and Possibly the finance director. The desirable size of the board. The skills of the board members. Combined code recommends at least one NED have financial experience (aka qualified accountant). The need to attract board members from a diversity of backgrounds. The balance between ED and NEDs. The combined code says that there should be a balance with a minimum of 3 NEDs.

In addition, the NC should consider:

iii. Risk committees. There needs to be a way for companies to manage their risk. Risks include: Business and strategic risks, and Risk of errors, fraud, losses, breakdowns, etc.

This board would have oversight responsibility for risk and internal control. Typical roles of the Risk Committee: To agree with the RM strategy. Receive and review RM reports from all operational departments. Monitor overall exposure and specific risks. Assess the effectiveness of the RM strategy. Provide guidance to the main board. Work with the AC on designing and monitoring ICs for the mitigation and management of risk.


Prepare reports on risks and draft the RM strategy note for the annual accounts. To assist in determining a companys risk appetite. The board will determine the level of risk the company is willing and able to take on. The audit committee is considered to be the most important board committee. The UK Cadbury report emphasized the importance of internal audit having unrestricted access to the audit committee. The board should establish an AC of at least three, or in the case of smaller companies, two, independent NEDs. The board should be satisfied that at least one member of the AC has recent and relevant financial experience. The AC needs to ensure that the external auditors are completely independent of the company and its subsidiaries, and that they are working in the best interests of the shareholders. The audit committee should ensure that the company complies with all laws and regulations applying to it, and that the necessary reports are filed with the authorities. The AC needs to review and discuss with management and the external auditor the effects of changes in accounting standards, and the implications of these proposed changes. Needs to ensure that both the external and internal auditors have sufficient resources to carry out their defined roles. Needs to act as a mediator between management and auditors when there is a difference of opinion. Needs to recommend on the appointment or replacement the external auditor, who shall report directly to the Audit Committee. If the board does not accept the ACs recommendation, it should include the reasons in the annual report. Needs to be directly responsible for the compensation and oversight of the work of the external auditor. An AC of independent NEDs should liaise with external audit, supervise internal audit and review the annual accounts and internal controls. To monitor the integrity of the financial statements of the company, and any formal announcements relating to the companys financial performance, reviewing significant financial reporting judgments contained in them. To review the companys internal financial controls, and unless expressly addressed by a separate board risk committee composed of independent directors, or by the board itself, to review the companys internal control and risk management systems. To monitor and review the effectiveness of the companys internal audit function. To make recommendations to the board, for it to put to the shareholders for their approval in general meeting, in relation to the appointment, re25

iv. Audit committees.

Role and responsibilities of the Audit Committee:

appointment and removal of the external auditor and to approve the remuneration and terms of the external auditor.

The external auditor reports directly to the audit committee.

To review and monitor the external auditors independence and objectivity and the effectiveness of the audit process, taking into consideration relevant UK professional and regulatory requirements. To develop and implement policy on the engagement of the external auditor to supply non-audit services, taking into account relevant ethical guidance regarding the provision of non-audit services by the external audit firm, and to report to the board identifying any matters in respect of which it considers that action or improvement is needed and making recommendations as to the steps to be taken.

There are several reasons why an audit committee is beneficial to an organization. 1) Independence of the external auditors. The committee selects the external auditor and thus can eliminate some pressure that the executive management might try to apply. 2) Competence of the external auditor. The committee also assesses the competence of the external auditor. 3) Providing an assessment of the financial statements and audit process. The committee reports to the board on matters that they consider relevant, with regard to financial statements and audit process. Its responsibility is to ensure that the statements are reliable. 4) Independence of the internal auditor. The committee helps to ensure the independence of the internal audit function by having the IAF functionally report to the committee and not to someone in management. 5) Increase public confidence.

5. Directors remuneration
a) Describe and assess the general principles of remunerations. i. Purposes. There are two purposes of any remuneration package: 1) The package should be designed to attract qualified people to the company; however, it should not be more than necessary, 2) It should provide incentive for the director. The amount that the company will pay will depend upon: o What other companies are paying, and o How many suitable candidates are available. ii. Components. When a remuneration package is designed for a director or senior manager, it should consider: o Each separate element in the package, and also o All the elements in the package as a whole. The components include both short-term and long-term incentives, between cash and equity and between current pay and pension rights. For example, a director may be paid an average basic salary, but may receive a generous pension entitlement and an attractive long-term incentive scheme.

Another director might receive a low basic pay, but a very attractive short-term bonus incentive scheme. iii. Links to strategy. Any directors remuneration package should be linked to the company achieving its long-term objectives. This could entail the company giving the directors the right to purchase shares at a specified exercise price over a specified time period in the future. This provides incentive for the directors to do what they have to do to raise the price of the shares. iv. Links to labor market conditions. Any remuneration package has to be linked to local market conditions. Again, every company needs to be able to attract and retain qualified personnel, but companies need to make sure that they are not over compensating its directors. b) Explain and assess the effect of various components of remuneration packages on directors behavior. i. Basic salary will be in accordance with the terms of the directors contract of employment, and is not related to the performance of the company or the director. Instead it is determined by the experience of the director and what other companies might be prepared to pay for the directors service (the market rate). ii. Performance related bonuses. Directors may be paid a cash bonus for good (generally accounting) performance. To guard against excessive payouts, some companies impose limits on bonus plans as a fixed percentage of salary or pay. o There is also something called Transaction bonuses which is where the CEO get a bonus for acquisitions, regardless of subsequent performance, possibly indeed further bonuses for spinning off acquisitions that have not worked out. iii. Shares and share options (share schemes). Share schemes are used to provide long-term incentive which gives the executives a personal interest in the performance of the companys share price over a period of several years. Since they have an incentive, they will do (or should do) what they can to improve the financial performance and longer-term prospects. Problems with these share schemes are: o Executives might be motivated by short-term targets and cash bonuses than by longer term targets and share awards. o If share price falls because of a general decrease in the market, the options might be worthless, therefore, not providing much incentive for the executive to perform. o Share schemes are often for a three year period. The executive receives an award of fully-paid shares, or is able to exercise share options after three years. If the executive sells the shares, his or her interest in the company comes to an end. (The UK 2nd Combined Code states that non-executive directors should not normally be offered share options, as options may impact upon their independence).

iv. Loyalty bonuses are intended to get directors to stay with the company for an extended period of time. For example, if a directors contract expires, the director may be paid a bonus for extending the contract. v. Benefits in kind could include transportation (e.g., a car), health provisions, life assurance, holidays, expenses and loans. The remuneration committees should consider the benefit to the director and the cost to the company of the complete package. Also, the committee should consider how the directors package relates to the package for employees. Ideally, perhaps, the package offered to the directors should be an extension of the package offered to the employees. vi. Pension benefits. Many companies offer pension contributions for directors and staff. In some cases, however, there may be separate schemes available for directors at higher rates than for employees. The Combined Code states that as a general rule, only basic salary should be pensionable. The Code emphasizes that the remuneration committee should consider the pension consequences and associated costs to the companys basic salary increases and any other changes in pensionable remuneration, especially for directors close to retirement. c) Explain and analyze the legal, ethical, competitive and regulatory issues associated with directors remuneration. It needs to be a principle of corporate governance that the shareholders of the company be given the full information about the remuneration of the companys directors. This information is important so they understand the link between the directors remuneration and company performance. In the UK, quoted companies are required to publish a directors remuneration report each year. The report must contain extensive disclosures about directors remuneration. It is general practice to include the report in the annual report and accounts. Some of the information in the remuneration report must be audited by the companys auditors. Other parts of the report are not subject to an audit. Shareholders must vote at the companys annual general meeting on a resolution to approve the report. This is an advisory vote only, and the shareholders do not have the power to reject the report or amend the remuneration of any director or senior executive. The remuneration for the year for each director, analyzed into salary and fees, bonuses, expenses received, compensation for loss of office and other severance payments, and non-cash benefits. For each director, details of interests in share options, including details of options awarded or exercised during the year, options that expired during the year without being exercised, and any variations to the terms and conditions relating to the award or exercise of options. For options exercised during the year, the market price of the shares when the options were exercised should also be shown.

Information that is subject to audit includes:

For options have not been exercised, the report should show the exercise price, the date from which the options may be exercised and the date they expire. For each director, details should be given of pension contributions or entitlements. Details should also be provided of any large payments made during the year to former directors of the company.

Ethical issues about remuneration. There are some well-recognized ethical issues that affect the reputation and public perception of companies. The ethical issues include: The rate of increase in the directors pay has been much greater than the rate of increase in the pay of other employees. A survey conducted by KPMG (2005) found that bonus payments to senior executives had risen at a fast rate, but the pay rate increase was not linked to long-term strategy of the company and the shareholder value. o This meant that directors were paid large bonuses but were not adding value to the company. Research by Income Data Service in the UK in 2006 stated that directors were now earning almost 100 times as much in annual remuneration than other full-time workers, compared with about 40 times as much in 2010. This gap is continuing to increase.

6. Different approaches to corporate governance a) Describe and compare the essentials of rules and principles based approaches to corporate governance. Includes discussion of comply or explain. An example of a rules based approach to corporate governance is Sarbanes-Oxley. An example of a principles based approach to corporate governance is the UK Combined Code. Rules-based approach to corporate governance is based on the view that companies must be required by law to comply with established principles of good corporate governance. There are advantages with a rules-based approach: Companies do not have a choice of ignoring the rules. All companies are required to meet the same minimum standards of corporate governance. Investors confidence in the stock market might be improved if all the stock market companies are required to comply with recognized corporate governance rules. The same rules might not be suitable for every company, because the circumstances of each company are different. A system of corporate governance is too rigid if the same rules are applied to all companies.

Disadvantages are:

There are some aspects of corporate governance that cannot be regulated easily, such as negotiated the remuneration of directors, deciding the most suitable range of skills and experience for the board of directors, and assessing the performance of the board and its directors.

A principles-based approach to corporate governance is an alternative to a rulesbased approach. It is based on the view that a single set of rules is inappropriate for every company. Circumstances and situations differ between companies. The circumstances of the same company can change over time. This means that: The most suitable corporate governance practices can differ between companies, and The best corporate governance practices for a company might change over time, as its circumstances change.

In the UK, the Combined Code is the relevant code of corporate governance for listed companies. All UK listed companies must comply with rules known as the Listing Rules, which are issued and enforced by the financial markets regulator. Advantages of principles-based: It avoids the need for inflexible legislation that companies have to comply with even though the legislation might not be appropriate. It is less burdensome in terms of time and expenditure. A principles-based approach allows companies to develop their own approach to corporate governance that is appropriate for their company. Enforcement on a Comply or Explain basis which means that companies can explain why they are not in compliance with a specific provision. A principles-based approach accompanied by disclosure requirements put the emphasis on investors making up their own minds about what businesses are doing. Criticized as so broad that they are of very little use as a guide to best corporate governance practice. Hampel report comments about tick-boxing are incorrect. Investors cannot be confident of consistency of approach. Clear rules mean that the same standards apply to all directors.

Criticism of principles-based approach:

Which is more effective. It has been suggested that that the burden of the detailed rules in the US, especially the requirements of section 404, has made the US an unattractive country for foreign companies to trade their shares. As a result, many foreign companies have chosen to list their shares in countries outside the US, such as the UK. Comply or Explain The comply or explain approach is the trademark of corporate governance in the UK. The Listing Rules require companies to apply the Main Principles and report to shareholders on how they have done so. The principles are the core of the Code and the way in which they are applied should be the central question for a board as it determines how it is to operate according to the Code.

It is recognized that an alternative to following a provision may be justified in particular circumstances if good governance can be achieved by other means. If a company is in breach of the Code then the reason for the breach should be clearly and carefully explained to shareholders. In providing an explanation, the company should aim to illustrate how its actual practices are both consistent with the principle to which the particular provision relates and contribute to good governance. In their responses to explanations, shareholders should pay due regard to companies individual circumstances and bear in mind, in particular, the size and complexity of the company and the nature of the risks and challenges it faces. While shareholders have every right to challenge companies explanations if they are unconvincing, they should not be evaluated in a mechanistic way and departures from the Code should not be automatically treated as breaches. Shareholders should be careful when responding to the statements from companies in a manner that supports the comply or explain process and bearing in mind the purpose of good corporate governance. Smaller companies may judge that some of the provisions are disproportionate or less relevant in their case. Some of the provisions do not apply to companies below the FTSE 350. However, such companies may nonetheless consider that it would be appropriate to adopt the approach in the Code and they are encouraged to do so. b) Describe and analyze the different models of business ownership that influence different governance regimes (e.g., family firms versus joint stock company-based models). Insider structures This is where a company listed on a stock exchange is owned and controlled by a small number of major shareholders. The shareholders may be members of the companys founding family, banks, other companies or the government. o Family companies are perhaps the best example of insider structures. In this case, agency problems are not really an issue because there is no separation between management and owners theyre one and the same. Advantage of insider system: o Easier to establish ties between owners and managers. o Agency problem is reduced and costs of monitoring is also reduced, if management is involved in management. o Even if owners are not involved in management, it should be easier to influence company management through ownership and dialogue. o A smaller base of shareholders may be more flexible about when profits are made and hence more able to take a long-term view. Disadvantage: o May be discrimination against minority shareholders. o Evidence suggests that controlling families tend not to monitor effectively by banks or by other large shareholders. o Insider systems do not develop more formal governance structures until they need to.


o Insider firms, particularly family firms, may be reluctant to employ outsiders in influential positions and may be unwilling to recruit independent NEDs. o Succession issues may be a major problem. A vigorous company founder may be succeeded by other family members who are less competent or dynamic. Outsider systems Outsider systems are ones where shareholding is more widely dispersed, and there is the manager-ownership separation. Sometimes called Anglo-Saxon regimes. Advantages of outsider systems: o Provides an impetus for the development of more robust legal and governance regimes to protect shareholders. o Shareholders have voting rights that they can use to exercise control. o Hostile takeovers are far more frequent, and the threat of these acts as a disciplining mechanism. Disadvantages: o Companies are more likely to have an agency problem and significant costs of agency. o The larger shareholders in these regimes have often had short-term priorities and have preferred to sell their shares rather than pressurize the directors to change strategies. c) Describe and critically evaluate the reasons behind the development and use of codes of practice in corporate governance (acknowledging national differences and convergence). The international guidelines include the OECD principle and ICGN report. These guidelines came about because of the increase in international trade and cross-border links leads to increased pressure for the internationally comparable practices and standards. o This is particularly true for accounting and financial reporting. o Increasing international investment and integration of international capital markets has also led to pressure for standardization of governance guidelines, as international investors seek reassurance about the way their investments are being managed and risks involved. Not surprisingly, convergence models that have been developed lie between the insider/outsider models, and between profit-orientated and ethical stakeholder approaches. The result of encouraging better standards of CG should be that: o Better governance will attract more investment from global investor. o Companies will benefit from more investment finance, to increase their profits. o National economies will benefit from having strong and profitable companies.

Disadvantages of international codes of CG: These international codes can often represent an attempt to find the lowest common denominator. Attempts to find global solutions can be difficult because of differences in legal systems, financial systems, cultures, economies and structures of CG. International guidelines will be based on practice in a number of regimes; accordingly it may lag behind changes in the more advanced regimes. These international guidelines have no legal status.

d) Explain and briefly explore the development of corporate governance codes in principles-based jurisdictions. i) Impetus and background: Principles-based is based on the view that a single set of rules is inappropriate for every company. The UK Cadbury report suggested that a voluntary code coupled with disclosures would prove to be more effective than a statutory code in promoting the key principles of openness, integrity, and accountability. The development of CG practices in the UK is interesting because it helps to show how different aspects of CG emerged whenever problems with CG became known. In other words, codes of CG are reactive, not proactive. ii) Major corporate codes: The Cadbury report (1992). This was the first CG code in the UK. It was a reaction to several financial scandals involving listed UK companies. The main problems were considered to be in the relationship between auditors and boards of directors. There was thought that commercial pressures on both directors and boards caused pressure to be exerted on auditors, and too often, auditors gave in (capitulated). Problems were also perceived in the ability of the board to control their organizations. CG responsibilities: o Directors are responsible for CG. o Shareholders are linked to the directors through the financial reporting system. o Auditors provide shareholders with an external opinion on the directors financial reports. o Other concerned users, particularly the employees are indirectly addressed by the financial statements. Code of best practice: The primary aim was to all UK listed companies, but the directors of all companies were encouraged to use the Code. The Greenbury Code (1995): o This had to do with remuneration packages of directors. o The code established principles for the determination of directors pay and detailing disclosures to be given in the annual reports and accounts. The Hampel report (1998): o Aimed to restrict the regulatory burden on companies and substituting principles for detail whenever possible.

iii) Effects of: Recommendations of Cadbury: o Board should meet on a regular basis in order to retain control and monitor management. o Should be clear division of responsibilities at the head of the company, with no one person having complete power. o Should be at least 3 NEDs on the board, a majority of whom should be independent of management. o Report contains provisions about the length of service contracts and disclosure of remuneration that are developed further in the Greenbury and Hampel reports. o Audit committee is a board committee. It should liaise with internal and external auditors and provide a forum for both to express their concerns. The committee needs to review half yearly and annual statements. o Annual report should present a balanced and understandable assessment of the companys position. Statements should be made about the companys going concern and the effectiveness of its internal controls. Recommendations of Greenbury: o The remuneration committee should determine executive directors remuneration and that this committee should be comprised solely of NEDs. o Directors service contracts should be limited to one year. Recommendations of Hampel report: o The accounts should contain a statement of how the company applies the CG principles. o The accounts should explain their policies, including circumstances justifying departure from best practices. any

The London Stock Exchange issued the 1st Combined Code in 1998, which was derived from the recommendations of Cadbury, Greenbury and Hampel reports. The 2nd Combined Code took the 1st Combined Code and includes the following reports: o The Turnbull Report (1999 and revised 2005) focused on risk management and internal controls. o The Smith Report (2003) discussed the role of the audit committee. o The Higgs Report (2003) focused on the role of the NED. e) Explain and explore the Sarbanes-Oxley Act of 2002 as an example of a rulesbases approach to corporate governance. i. Impetus and background: SOX was a reaction to the Enron scandal of 2002. The main reasons why Enron collapsed was over-extension in energy markets, eventually too much reliance on derivatives trading which eventually went against the company, breaches of federal law, and misleading and

dishonest behavior. However, the scandal exposed a number of weaknesses in the CG: Lack of transparency in the accounts. Enron used a number of SPE to keep debt off the books (off balance sheet). Ineffective CG arrangements. NEDs were weak and there were conflicts of interest (e.g., the chair of the audit committee was Wendy Gramm, whose husband, Senator Gramm, received substantial political donations from Enron.). Inadequate scrutiny by the external auditors. Information asymmetry. This is an agency problem when directors/managers know more than the investors. The investors included the employees who tied up their wealth in Enron shares only to see Enron shares become worthless. However, many of Enron directors sold their shares when they began to fall. Executive compensation methods. This was meant to align the interest of the shareholders and managers.

ii. Main provisions/contents: The Sarbanes-Oxley Act of 2002 was signed into law on July 30, 2002. The Act contains far-reaching provisions affecting publicly-held companies, their officers and directors, and the independent auditors who audit their financial statements. 1) The Act established the Public Company Accounting Oversight Board (PCAOB) - This Board is charged with overseeing the audits done by public accounting firms. The Board, whose members are appointed by the SEC, has five financially-literate members from the private sector. Two of the members must be or have been certified public accountants. The remaining three must not be and cannot have been CPAs. The Chair may be held by one of the CPA members only if that member has not been a practicing CPA for five years. The responsibilities of the PCAOB include: Registering public accounting firms that audit publicly listed companies; Establishing auditing, quality control, ethics, independence and other standards relating to the preparation of audit reports for issuers; Conducting inspections of registered public accounting firms, annually for firms that audit more than 100 issuers and every three years for others; Conducting investigations and disciplinary proceedings and imposing appropriate sanctions; Enforcing compliance with the Act, the rules of the Board, professional standards, and securities laws relating to audit reports and the obligations of accountants for them; and Management of the operations and staff of the Board.

2) Prohibited activities to maintain auditor independence - It is unlawful for any registered public accounting firm to provide any nonaudit services to an issuer along with the audit. These include: Bookkeeping or other services related to the accounting records or financial statements of an audit client; Financial information systems design and implementation; Appraisal or valuation services, fairness opinions or contributionin-kind reports, or actuarial services; Internal audit outsourcing services; Management functions, broker or dealer, investment adviser, or investment banking services; Legal services or expert services unrelated to the audit; or Any other service impermissible. determined by the PCAOB to be

3) Auditor rotation required The lead audit or coordinating partner must rotate off the audit every five years. 4) Auditor reporting to audit committees The audit firm must report to the audit committee all critical accounting policies and practices to be used, all alternative treatments of financial information that have been discussed with management, the ramifications of the use of these alternative disclosures and treatments, and the treatment preferred by the firm. 5) Conflicts of interest The CEO, CFO, and Controller, Chief Accounting Officer or any person in an equivalent position cannot have been employed by the companys audit firm during the one-year period preceding the audit. 6) Audit committees: Members of the audit committee shall be members of the board of directors of the issuer but otherwise shall be independent. The audit committee is to be directly responsible for the appointment, compensation, and oversight of the registered public accounting firm employed to perform the audit. The audit committee is to establish procedures for the receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal controls, and auditing. The audit committee shall have the authority to engage independent counsel or other advisors as necessary to carry out its duties, and the issuer shall provide appropriate funding to the audit committee The CEO and CFO shall prepare a statement that accompanies the audit report to certify the appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in

7) Corporate responsibilities:

all material respects, the operations and financial condition of the issuer. A knowing and intentional violation gives rise to personal liability. Each annual report of an issuer must contain an internal control report which states the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting. It must also contain an assessment, as of the end of the issuers fiscal year, of the effectiveness of that internal control structure and procedures for financial reporting. The issuers auditor shall attest to and report on the assessment made by the management of the issuer in accordance with standards for attestation engagements issued or adopted by the Board. The auditors evaluation should not be a separate engagement or a basis for increased charges or fees. It is unlawful for any officer or director of an issuer to attempt to fraudulently influence, coerce, manipulate or mislead any auditor engaged in the performance of an audit in order to render the financial statements materially misleading. If an issuer is required to make a restatement due to material noncompliance with financial reporting requirements, the CEO and the CFO shall forfeit any bonus or other incentive-based or equity-based compensation they have received during the twelve months following the issuance or filing of the document and any profits realized from the sale of securities of the issuer during that period. Insider trades (purchases or sales) are prohibited during any pension fund blackout periods. All material off-balance sheet transactions and other relationships with unconsolidated entities that may have a material current or future effect on the financial condition of the issuer are to be disclosed in each annual and quarterly financial report. Personal loans from an issuer to any director or executive officer are prohibited. Company insiders must promptly notify the SEC whenever they buy or sell company stock. Enhanced disclosure of off-balance-sheet transactions; An internal control report to be included in each annual report; Disclosure by each issuer as to whether it has adopted a Code of Ethics for its senior financial officers, and the contents of that Code. Disclosure by each issuer as to whether at least one member of its audit committee is a financial expert.

8) Directives to the SEC: The SEC was directed to issue rules regarding:

Revised regulations concerning disclosure on Form 8-K to require immediate disclosure of any change in, or waiver of, an issuers Code of Ethics. Furthermore, issuers must disclose information on material changes in their financial condition or operations on a rapid and current basis.

9) Whistleblowing provisions: Employees of issuers and accounting firms were extended whistleblower protection that would prohibit their employers from taking actions against them. Whistleblowers were also granted a remedy of special damages and attorneys fees. iii. Effects of: There are about 1500 non US companies, including many of the worlds largest that list their shares in the US. These companies therefore need to be in compliance with SOX. There is criticism that SOX conflicted with local CG customs, and following intense round of lobbying from outside the US, changes to the rules were secured. For example, German employee representatives, who are non-management, can sit on audit committees, and AC do not have to have board directors if the local law says otherwise, as it does in Japan and Italy. Also, since the US is such an influence overseas, SOX may influence certain jurisdictions to adopt a more rules-based approach.

f) Describe and explore the objectives, content and limitations of, corporate governance codes intended to apply to multiple national jurisdictions. i. OECD report of 2004: The objective of OECD is to encourage development in the worlds economy. The principles of OECD are the minimum for corporate governance since the confidence of the investors is dependent on the quality of corporate governance in companies whose shares are traded on the stock market. Principles are: To assist governments of countries to improve the legal, regulatory and institutional framework for corporate governance in their countries, and Provide guidance to stock exchanges, investors and companies on how to implement best practice in corporate governance.

ii. ICGN report of 2005: The ICGN is a voluntary association of major institutional investors, companies, financial intermediaries and other organizations. Its aim is to improve corporate governance practices around the world, in all countries where institutional investors seek to invest. The principles of ICGN are similar to those of OECD, in that they deal with transparency and disclosure, rights and responsibilities of the shareholders, and the role structure of the board of directors. Limitations of International Codes or Statements of Principles There are several limitations to these international codes:


Because they apply to all countries they can only be general principles. They cannot be detailed guidelines and because they are not detailed, they are of limited practical value. The main objective is to raise standards of corporate governance in the worst countries. They are of less value in countries where corporate governance is well established, such as in Europe, USA, etc. Unlike national laws and codes, there is no regulatory authority to force compliance.

7. Corporate governance and corporate social responsibility a) Explain and explore social responsibility in the context of corporate governance. Corporate social responsibility (CSR) refers to the responsibilities that a company has towards society. CSR can be described decision-making by a business that is linked to ethical values and respect for individuals, society and the environment, as well as compliance with legal requirements. CSR is related to the idea that as well as their responsibilities to shareholders, boards of companies are also responsible to the general public and other stakeholder groups. Carrolls model of social responsibility suggests there are four ascending levels of social responsibility. Lower levels should be generally addressed first, although true responsibility can only be demonstrated with reference to all four. 1) Economic responsibilities: Companies have economic responsibilities to shareholders who require a good return on their investment, to employees who want fair employment conditions and reasonable wages, to customers who want value for money, the suppliers who want to get paid on time and others. 2) Legal responsibilities: Companies have an obligation to respect societys moral views as expressed in legislative codes. Obeying these laws must be the foundation of an organizations compliance with social responsibilities. 3) Ethical responsibilities: Apart from compliance with legal requirements, companies should act in a fair and just way even if the law does not compel them to do so. 4) Philanthropic responsibilities: According to Carroll, these are desirable requirements as opposed to mandatory. They include charitable donations and contributions to local community projects. The principles of CSR. There are five main aspects. 1) A company should operate in an ethical way, and with integrity. 2) A company should treat its employees fairly and with respect. 3) A company should demonstrate respect for human rights. For example, a company should not tolerate child labor. 4) A company should be a responsible citizen in its community. 5) A company should do what it can to sustain the environment for future generations. This could take the form of:

Reducing pollution of the air, land or rivers and seas. Developing a sustainable business, whereby all the resources used by the company are replaced. Cutting down the use of non-renewable (and polluting) energy resources such as oil and coal and increasing the use of renewable energy sources (water, wind). Re-cycling of waste materials.

b) Discuss and critically assess the concept of stakeholders and stakeholding in organizations and how this can affect strategy and corporate governance. The concept of corporate citizenship and corporate social responsibility is consistent with a stakeholder view of how a company should be governed. A company has responsibilities not only to its shareholders, but also to its employees, all its customers and suppliers, and to society as a whole. In developing strategies for the future, a company should recognize these responsibilities. The objective of profit maximization without regard for social and environment responsibilities should not be acceptable. Problems of dealing with stakeholders: When dealing with stakeholders, certain problems could arise, such as: Dealing with stakeholders may be time consuming and expensive. Could be a culture clash between company and certain groups of stakeholders. There may be a conflict between company and stakeholders on certain issues when they are trying to collaborate. Full consensus is difficult or impossible to achieve and the solution may not be strategically desirable.

Social Responsibilities can impact what companies do in a number of ways, such as: Objectives and mission statements. A company that publicizes a mission statement and mentions its social objectives is a sign that the board believes that they have a significant impact on strategy. Ethical code of conduct. Having a code a conduct is a way for the company to signify its pursuit of good corporate behavior. Corporate social reporting and social accounts. As part of social responsibility, a company may decide to report on its ethical and social conduct, or possibly produce social accounts showing quantified impacts on each of the organizations stakeholder constituencies. Corporate governance. Impacts on CG could include representatives from key stakeholder groups on the board, or perhaps even a stakeholder board of directors.

c) Analyze and evaluate issues of ownership, property, and the responsibilities of ownership in the context of shareholding. This is based on the idea that as a shareholder, you have to not only consider the return you get on the share but you need to also consider your responsibility as a

shareholder to society as a whole. This means that as a shareholder, you should be insisting that those managing the company carry out a policy that is consistent with the public welfare. Problem with this theory is the great dispersion of shareholders. This means that shareholders with small percentages holdings have negligible influence on managers. The idea of ownership responsibility has had a significant influence because of the importance of institutional investors. Not only do they have a level of shareholdings that can be used to pressure managers, but they also have a fiduciary responsibility as trustees on behalf of their investors. d) Explain the concept of the organization as a corporate citizen of society with rights and responsibilities. Corporate citizen of society is a business strategy that shapes the values underpinning a companys mission and the choices made each day by its executives, managers and employees as they engage with society. Three core principles define the essence of corporate citizenship, and every company should apply them in a manner appropriate to its distinct needs (Boston Center for Corporate Citizenship): 1) Minimizing harm. 2) Maximizing benefit. 3) Being accountable and responsive to stakeholders. Matten suggested the following three views of Corporate Citizenship: 1) Limited view A limited approach, restricted to local charitable donation and sponsorship of local community projects or activities where he positive PR is seen as justifying the expense. 2) Equivalent view This is a wider approach partly voluntary (local activities), partly imposed by legislation (e.g., requirements to comply with EPA regulations and CG codes). CSR activities are focused on a wider class of stakeholders, based on meeting economic, legal and ethical requirements. 3) Extended view Organizations adopt an active social citizenship approach based on respect for the citizens rights and the idea of the social contract. Under the extended view, organizations will promote: o Social rights for example, decent working conditions no matter what the legal requirements are. o Civil rights for example, employees right to join a trade union. o Political rights for example, allowing employees to be active in politics.

8. Governance: reporting and disclosure

a) Explain and assess the general principles of disclosure and communication with shareholders. The general principles of disclosure and communication are covered under the Turnbull report.

The original Combined Code in 1998 included provisions relating to the responsibility of the board for the effectiveness of the system of internal control and risk management. The Turnbull Committee was established by the Institute of Chartered Accountants in England and Wales (ICAEW), and was given the task of providing guidelines to companies about this aspect of the Combined Code. The Turnbull Report was published in 1999. General principles of disclosures: Here are the disclosure requirements: The governing body acknowledges responsibility for the system of internal control; An ongoing process is in place for identifying, evaluating and managing the significant risks; An annual process is in place for reviewing the effectiveness of the system of internal control; There is a process to deal with the internal control aspects of any significant problems disclosed in the annual report and accounts.

What information should be disclosed? There are three main categories of information that investors need from a company. Financial information about the past performance of the company, its financial position and its future prospects. Information about the ownership of shares in the company, and voting rights associated with the shares. This is important for global investors, who may have problems with investing in companies where there is a majority shareholder, or where there is a complex structure of share ownership, or where some shareholders have more voting rights than other shareholders. Corporate governance information. This is explained in more detail later.

There are several basic principles for disclosure and communication of information. The information should be reliable. Information should be understandable. Information should be timely. When information is disclosed by companies, it should be equally available to all investors. The OCED Principles state that the way information is distributed should enable users to access relevant information in an equal, timely and cost-efficient manner. Information should communication. be made available by convenient channels of

The opportunities for exploiting confidential information to make a personal profit should be minimized. By making information available to investors quickly, opportunities for insider dealing should be reduced.


b) Explain and analyze requirements.






Annual reports must convey a fair and balanced view of the organization. They should state whether the organization has complied with governance regulations and codes. It is considered best practice to give specific disclosures about the board, internal control reviews, going concern status and relations with stakeholders. CG codes recommend that the annual reports of listed companies should state the extent to which the company has complied with relevant laws, regulations and CG codes, the areas of non-compliance and reasons for such non-compliance. Recommended disclosures include: o Information about the board of directors. o Reports from the Audit Committee, Nomination Committee, and Remuneration Committee. o An explanation of directors and auditors responsibilities in relation to the accounts. o Details of the external auditors, noting any changes and steps taken to ensure auditor objectivity and independence when non-audit services have been provided. o A statement from the directors as to the effectiveness of internal controls, including risk management. o A statement on relations with, and dialogue with shareholders. o A statement that the company is a going-concern. o A sustainability report, including the nature and extent of social, ethical, health and safety and environmental management policies and procedures.

Good disclosure helps reduce the gap between the information available to directors and the information available to shareholders, and addresses one of the key difficulties of the agency relationship between directors and shareholders.

c) Define and distinguish between mandatory and voluntary disclosure of corporate information in normal reporting cycle. Mandatory means that it is required by the government and by the accounting standards. For example, companies have to disclose: Statement of Income (Comprehensive income). Statement of Cash flow. Financial position. Auditors report. Statement of going concern. Statement as to responsibility to preparing the accounts (board and management).

Directors remuneration.

Voluntary can be defined as any disclosure above the mandated minimum. This is information is not required to be published but often is because it gives stakeholders information that they like to see. Statement of risk. The chairmans statement. Statement of social and environmental report. Segmental data, etc. Wider information provision. Would give stakeholders a better idea of the environment within which the company is operating and how it responds to its environment. Different focus of information.

Advantages to disclosing information voluntarily.

d) Explain and explore the nature of, and reasons and motivations for, voluntary disclosure in a principles-based reporting environment (compared to, for example, the reporting regime in the USA). Voluntary disclosure can be defined as any disclosure above the mandated minimum. Examples include the CEOs report, a social/environmental report, additional risk or segmental data. Disclosing information voluntarily, going beyond what is required by law or listing rules can be advantageous for the following reasons: o Wider information provision. Going beyond should give shareholders a better idea of the environment within which the company is operating and how it is responding to that environment. This enables investors to carry out a more informed analysis of strategies that the company is pursuing, and reducing information asymmetry between directors and shareholders. o Different focus of information. Voluntary information can focus on future strategies and objectives, giving readers a different perspective to compulsory information that tends to be focused on historical accounting data. o Assurance about management. Gives investors another yardstick to judge the performance of management. Demonstrates managements concern for all aspects of company performance. o Consultation with equity (institutional) investors. The voluntary disclosures a company makes can be determined by consulting with major equity investors, such as institutional shareholders on what disclosures they would like to see in the accounts. The UK government set the process when trying to decide what voluntary disclosures to include. o The process should be planned and transparent, and communicated to everyone responsible for preparing the information.


o The process should involve consultation within the business and with shareholders and other key groups. o The process should ensure that all relevant information should be taken into account. o The process should be comprehensive, consistent and subject to review. e) Explain and analyze the purpose of the annual general meeting and extraordinary general meetings for information exchange between board and shareholders. The AGM (Annual General Meeting) is the most important formal means of communications. Governance guidance suggests that boards should actively encourage shareholders to attend the AGM. Hampel report contains recommendations on how the AGM can be used to enhance communications with shareholders: Notice of AGM and related papers sent to shareholders at least 20 days before the AGM, and held at least once a year. Companies should provide business presentation at the AGM, with Q&A sessions. Chair of the key sub-committees should be available to answer questions. Shareholders should be allowed to vote separately on each substantially separate issue. Bundling unrelated proposals in a single resolution should cease. Companies should propose a resolution at the AGM relating to the report and accounts. The UK stewardship code 2010, emphasizes the importance of institutional investors attending AGMs and using their votes, to translate their intention into practice. Also, institutional investors should provide their clients with details of how theyve voted. Codes with international jurisdictions, such as OECD principles, emphasize the importance of eliminating impediments to cross-border voting. Crossborder voting is a problem in Europe. Problems include: o Communication problems, and o Also, legal uncertainty as to who actually is entitled to determine how the votes on the shares are cast. f) Describe and assess the role of the proxy voting in corporate governance. A shareholder has the right to vote. However there may be a case where the shareholder cannot be at the meeting to vote, so the shareholder appoints an agent (proxy) the right to vote on his/her behalf. There are rules governing the use of proxies, such as o Does the proxy have to be a member (part of management), o Does the proxy has the right to speak, and

o When can the proxy vote. Proxy form can allow the shareholder either to instruct the proxy how to vote on some or all the motions, or nominate someone attending the meeting (often a director) to exercise the shareholders vote at his discretion. A problem is that unless the proxy card is very elaborately worded, it cannot anticipate all the possible amendment to the resolution(s) sent out in the notice of meeting. o If a substantial amendment is carried, the proxys authority to vote is unaffected, but he/she no longer has instructions as to how he/she should vote.

o The proxy should exercise his/her discretion in whatever fashion he/she

honestly believes is likely to reflect the wishes of the shareholder.



Internal Control and Review

1. Management control systems in corporate governance a) Define and explain internal management control. Control is defined as: .any action taken by management to enhance the likelihood that established goals and objectives will be achieved. Controls may be preventive, directive or directive. The concept of a system of control is the integrated collection of components and activities that are used by an organization to achieve its goals and objectives. Turnbull Report defined control as: The policies, processes, tasks, behaviors and other aspects of the company taken together: Help operate effectively and efficiently. These operational controls should allow the company to respond in an appropriate way to significant risks to achieving the companys objectives. This includes the safeguarding of assets from inappropriate use or loss and fraud and ensuring that liabilities are identified and managed. Help ensure the quality of external and internal financial reporting (financial controls). Help ensure the compliance with applicable laws and regulations, and also with internal policies for the conduct of business (compliance controls).

Explain internal management control: A theorist called Emmanuel states that any control system has 4 characteristics. 1) There has to be a set the objectives. The purpose of all control systems is to try and guide the organization towards desired goals and objectives. 2) There has to be a plan. In a typical accounting control system a plan is prepared the budget. 3) Have to be able to measure the results. The output from the process is compared against the standard. 4) Have to take corrective action. Any deviations (variances) must be corrected. The Cynbernetic control model has 6 key stages: 1) Identification of system objectives. 2) Setting targets. 3) Measure outputs. 4) Comparing achievements with targets. 5) Identifying corrective action. 6) Implementing corrective action.

The Turnbull Guidelines state that a sound system of internal control should: Be embedded in the operations of the company and form a part of its culture. Be capable of responding quickly to risks as they evolve. Include procedures for reporting significant weaknesses and failures of control to the appropriate level of management. IC can only provide reasonable assurance, not a guarantee. There is the possibility of management override of controls. There is the possibly of collusion between 2 or more employees to commit fraud. There is the possibility that a mistake happening. The costs outweigh the benefits of implementing the controls. Poor judgment in decision-making.

Limitations of internal controls:

b) Explain and explore the importance of internal control and risk management in corporate governance. A companys system of internal control has a key role in the management of risks that are significant to the fulfillment of its business objectives. A sound system of internal control contributes to safeguarding the shareholders investment and the companys assets. The board of directors is responsible for the effectiveness of the system of internal control and risk management and there should be regular review of internal control and risk management. The board has to delegate responsibility for implementing controls. Organizations need to develop risk management strategies in order to deal with the potential for losses. How it deals with potential losses is by having strong internal controls. Internal control facilitates the effectiveness and the efficiency of operations, helps ensure the reliability of internal and external reporting and assists compliance with laws and regulations. Effective financial controls, including the maintenance of proper accounting records, are an important element of internal control. They help ensure that the company is not unnecessarily exposed to avoidable financial risks and that financial information used within the business and for publication is reliable. They also contribute to the safeguarding of assets, including the prevention and detection of fraud. Turnbull emphasizes that internal controls need to be changed and reviewed to take account of an organizations changing environment. A sound system of internal control therefore depends on a thorough and regular evaluation of the nature and extent of the risk to which the company is exposed. Since profits are, in part, the reward for successful risk-taking in business, the purpose of internal control is to help manage and control risk appropriately rather than to eliminate it.


Benefits vs. costs. It can sometimes be difficult to estimate the benefit arising from having an internal control until such time as an organization suffers a loss from not having such an internal control. Turnbull states that in order to determine its policies in relation to internal controls and decide what constitutes a sound system of internal control, a board should consider the following: o The nature and extent of the risks facing the company. o The categories of risk deemed acceptable. o The likelihood of risks materializing. o The companys ability to reduce the negative consequences of risks that do materialize. o The costs of operating the controls vs. the benefit obtained in managing the risk.

c) Describe the objectives of internal control systems. Based on the Turnbull guidelines, an internal control system encompasses the policies, processes, tasks, behaviors and other aspects of a company that, taken together: 1) Facilitate its effective and efficient operation by enabling it to respond appropriately to significant business, operational, financial, compliance and other risks to achieving the companies objectives. This includes the safeguarding of assets from inappropriate use or loss and fraud and ensuring that liabilities are identified and managed. 2) Help ensure of internal and external reporting. This requires the maintenance of proper records and processes that generate a flow of timely, relevant and reliable information from both within and outside the organization. 3) Help ensure compliance with applicable laws and regulations, and also internal policies and procedures with respect to the conduct of business. d) Identify, explain and evaluate the corporate governance and executive management roles in risk management (in particular the separation between responsibility for ensuring that adequate risk management systems are in place and the application of risk management systems and practices in the organization). The board has overall responsibility for risk management as it is an essential part of its corporate governance responsibilities. Responsibilities below board level will depend on the extent of delegation to line managers and whether there is a separation of risk management function. The board responsibility: Helps to determine risk management strategy and has a monitoring function regarding risks. Set appropriate policies on internal controls and seeks assurances that the internal control system is functioning effectively. Needs to communicate the organizations strategy to employees.


The CEO: Has ownership of the risk management and internal control system. Has to consider the risk and control environment, focusing on how to promote the right culture. Should also monitor other directors and senior staff, particularly those whose actions can put the company at significant risk. Boards also need to consider whether there should be a separate board committee, with responsibility for monitoring and supervising risk identification and management. o If the board does not have a separate risk management board, then the audit committee will be responsible for risk management. e) Identify and assess the importance of the elements or components of internal control systems. Based on COSO, there are five components of internal control. These are: 1) Control Environment. 2) Risk Assessment. 3) Control Activities. 4) Information and Communication. 5) Monitoring. In the following we discuss each component in more detail. Control Environment: The control environment provides the foundation for all the other components, influencing the control consciousness of all the people in the organization. It sets the tone for the entire organization. There are seven primary principles behind building a solid control environment. These seven principles are: 1) Having integrity and ethical values. Integrity and ethical values have to be set by top management and the board. As the saying goes: Employees do as management does, not as they say. 2) Having a commitment to financial reporting competencies. This means having the right people in the right positions. 3) Having the right human resource policies and procedures. Proper human resource management is making sure the company has the right policies and procedures to help facilitate control over company operations. 4) Properly assigning decision-rights. 5) Understanding managements philosophy and operating style. This means having the right tone at the top.

The Risk Management Committee:


6) Having proper board and audit committee oversight. Proper oversight is making sure the goals of the board and audit committee are in line with the goals of management. 7) Having the right organizational structure. Note: The mnemonic is IC HAMBO. Internal controls are more likely to function well if management believes that the controls are important and communicates that support to employees at all levels. If management believes controls are meaningless or even an obstacle, employees will notice this attitude. And in spite of formal policies saying otherwise, employees will then view internal controls as red tape to be cut through to get the job done. Organizations with effective control environments set a positive tone at the top. They transmit guidance both verbally and by example, communicating the entitys values, standards and code of conduct, and they follow up on violations. There are mechanisms to encourage employee reporting of suspected violations, and disciplinary actions are taken when employees fail to report them. They foster a control consciousness by setting formal and clearly communicated policies and procedures that are to be followed at all times, without exception, and which result in shared values and teamwork. They specify the competence level needed for particular jobs, hire and retain competent people, and assign authority and responsibility appropriately. The board of directors is responsible for setting corporate policy and for seeing that the company is operated in the best interest of shareholders. The attention and direction provided by the directors is critical. The board consists of both inside and outside directors who have adequate expertise and who are active and involved. Independence from management is critical, so that if necessary, difficult and probing questions will be raised.

A companys organizational structure is key to its ability to achieve its objectives because the organizational structure provides the framework for all its activities. Aspects of establishing an organizational structure include: Defining the key areas of authority and responsibility and delineating reporting lines. The companys organizational structure should be whatever suits its needs. It may be centralized or decentralized. It may have direct reporting relationships or reporting may be more like a matrix. It may be organized by industry, product line, geographical location or distribution network, or it may be organized functionally. Authority and responsibility should be delegated to the extent necessary to achieve the organizations objectives.

The control environment is influenced by the fact that all individuals in the organization realize that they will be held accountable.

Risk Assessment: Within the control environment, management is responsible for the assessment of risk. A risk is anything that endangers the achievement of an objective. The questions should always be asked: What could go wrong here? What assets do we need to protect? Risk assessment is the process of identifying, analyzing, and managing the risks that have the potential to prevent the organization from achieving its objectives. Assessment of risk involves determining the volume of transactions and the average dollar amount per transaction, the dollar value of assets that are exposed to loss, as well as the probability that a loss will occur. The companys objectives must be established before the risks can be assessed. Risk assessment forms the basis for determining how the risks (external or internal) should be managed. External risks include changes in technology, changes in the market in which an entity operates, new legislation bringing new requirements, natural disasters, economic changes, a failure of a key supplier, or being sued, defrauded, or robbed. Internal risks include employee embezzlement accompanied by falsification of records to conceal the theft, lack of compliance with government regulations, or other illegal acts by employees, such as taking a bribe. They can include disruption in computer systems, poor management decisions, errors, or accidents. Changes in management responsibilities can affect control activities, and an ineffective board or audit committee may leave openings for fraudulent actions on the part of anyone in the organization.

Control Activities: After the risks have been assessed, controls should be designed to limit the risk. To accomplish this, control activities are implemented. Control activities are the policies that address the identified risks and the procedures that ensure that management directives are carried out, thus helping ensure that the organizations objectives will be achieved. Thus, controls should be designed to limit risk, wherever risk exposure is determined to exist, for the purpose of protecting the organizations ability to achieve its objectives. This risk could be in the form of loss of assets, or it could be a misstatement of accounting or management information. The identified risks cannot be completely eliminated, but designing appropriate control activities and ensuring that those control activities are implemented can minimize them. In addition, management must comprehend laws and regulations imposed on the organization from the outside and ensure that compliance policies and procedures are in place. Control activities can be preventive, to avoid the occurrence of an unwanted event; detective, to detect the occurrence of an unwanted event; directive, to ensure the occurrence of a desirable event; or corrective, to correct an occurrence of an

undesirable event. A control activity can also be compensating, to compensate for what appears to be a weakness in controls. Preventive: Segregation of duties, suitable authorization of transactions, checking creditworthiness of customers before goods are shipped. These may be yes/no controls that check if a certain condition exists. Directive: For example, managers of a construction company instructing project managers to hire local workers in order to create a favorable image in the communities in which it operates. Detective: Bank reconciliations, checking for missing document numbers in pre-numbered documents, performance reporting with variances. Corrective: Procedures put in place to remedy problems discovered by detective controls, such as steps taken to identify the cause of the problem, to correct errors arising from the problem, and to modify the processing system to minimize future occurrences of the problem. Compensating: Controls that compensate for shortcomings elsewhere. A bank reconciliation may be a compensating control as well as a detective control, because it can compensate for flaws in the controls that are typically established over the receipts or disbursement processes.

There are five core principles that drive the financial reporting process. These principles are: 1) Segregation of duties. Segregation (separation) of duties is considered to be the most important control devices that a company has in order to reduce risk of errors or inappropriate activities (fraud). It is simply the process of dividing duties among various employees. This ensures that no single individual is given too much responsibility so that no employee is in a position to both perpetrate and conceal irregularities.
The following four functions should be done by different people. 1) Authorizing a transaction; 2) Recording the transaction, preparing source documents, maintaining journals; 3) Keeping physical custody of the related asset for instance, receiving checks in the mail; and 4) The periodic reconciliation of the physical assets to the recorded amounts for those assets

2) Authorization. Employees should be appropriately empowered so they can perform their tasks, receive specific documents and make decisions that impact transactions and assets. Their authority must involve some kind of validation such as signature or authorization. Regarding authorization, it can be either general or specific. General Authorization is where management sets policies for all to follow. Examples of general authorization are the issuance of price lists


for products and services, credit limits on customers, reorder points for making inventory purchases, and others. Specific Authorization has more to do with individual transactions, where management is unwilling to make a general policy. In these cases, management would prefer to do it on a case-by-case basis. An example is the authorization of a sales transaction of a fixed asset, such as a piece of equipment.

3) Adequate documents and recordkeeping. Management is responsible for the safeguarding of assets and it must have confidence in the accuracy and legitimacy of its source documents, including: sales invoices, purchase orders, subsidiary ledgers, sales journals, employee time cards, etc In order to ensure the adequacy of the source documents, they should be Pre-numbered in order to account for all documents, reducing the likelihood of fraudulent use. Can also help prevent transaction from being recorded twice or not being recorded at all. Prepared at the time the transaction occurs. Sufficiently simple to ensure that they can be understood so the processing can be completed in a timely manner.

4) Safeguarding of assets and records. The most visible safeguarding controls include controls to protect the companys assets from losses due to natural disasters like floods, hurricanes, tornadoes, etc. Safeguarding controls also include physical protection measures to restrict access to assets and documents such as records and blank checks, purchase orders, bank codes, etc., to authorized personnel. Items must be counted periodically and compared with control records. 5) Independent verification. Our last principle has to do with making sure the other four principles are being followed to your satisfaction. Checks performed by someone other than the person responsible for the original operation are generally more effective at assuring that transactions are processed and activities are performed accurately. This is like having a new pair of eyes to spot mistakes that the originator did not catch. It might be that this independent verification could be a customer complaining about an incorrect bill or accounts receivable balance. Information and Communication: Relevant information must be identified, captured, and communicated in a manner that enables people to carry out their responsibilities. This means reports must contain the information that management needs and must be available in a timely manner. Communication must be ongoing, both within and between various levels and activities of the organization. All personnel must understand their roles in the


internal control system and have a means of communicating significant information upstream. Reports must be available containing operational, financial, and compliance information needed for informed decisions. Supervisors must communicate duties and responsibilities to the employees that report to them, and employees must be able to alert management to potential problems. Information must be communicated to those outside the organization, such as vendors, and must be able to be received from external sources. The systems must provide a way to communicate important information to the very top of the organization, when appropriate.

Monitoring: Finally, management monitors the entire system. Monitoring assesses the quality of the internal control systems performance over time. Management must also revisit previously identified problems to make sure that they have been corrected. Monitoring can be done in two ways: (1) ongoing monitoring during normal operations, and (2) separate evaluations by management with the assistance of the internal audit function. If monitoring is done regularly during normal operations, it lessens the need for separate evaluations. If operating reports are used to manage ongoing operations, exceptions to anticipated results will be recognized quickly. Monitoring should be done on a regular basis.

When deficiencies in internal control are discovered, they should be reported immediately to senior management and, for very significant matters, to the board of directors. Appropriate remedial action should be taken, and the results of the remedial action should be monitored.

2. Internal control, audit and compliance in corporate governance

a) Describe the function and importance of internal audit. Defining internal auditing: Internal auditing is an independent and objective assurance and consulting activity designed to add-value and improve an organizations operations. It helps the organization accomplish its objectives by taking a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes (Definition of The Institute of Internal Auditing). The UK Combined Code states that where there is no internal audit function, the audit committee should consider annually whether there is a need for such a function. The need for an internal audit function will depend on:


o Scale, diversity and complexity of the companys activities. The larger and more complex the company, the more need there is for an IAF. o The number of employees. The more employees there are, the more need there is. This is making sure that people are well qualified, etc. o Changes in the risk of the company. o Problems in the past with IC. o Cost / benefit of the department. o An increase in the number of unexplained or unacceptable risks. o Based on legal requirement. For example, SOX requires that there be an Internal Audit Activity. The scale and extent of weaknesses in the internal control system. If the audit committee considers that there seem to be extensive weaknesses in the internal control system, the introduction of an internal audit function should help to improve the control system and provide a benefit to the company. If the committee considers that controls are sufficient, it will reach the conclusion that an internal audit function is not (yet) required. However, the committee must be able to justify the reasons for the recommendation that it makes. The IAA should serve as the eyes and ears of management, audit committee and external auditors. The IAA must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: Promoting appropriate ethics and values with the organization. The internal auditor needs to be an ethics advocate. Ensuring effective accountability. organizational performance management and

Effectively communicating risk and control information within the organization, and Effectively coordinating the activities of and communicating information among the board, external and internal auditors and management.

Work of Internal Auditing: A useful mnemonic for remembering the work of internal auditing is SCREAM. Safeguarding assets. Compliance with all laws, regulations and internal policies. Reduce overheads and VFM audits. This has to do with the effectiveness and efficiency of operations. Effectiveness of internal controls. Accuracy of the accounting and other information. Monitoring risk and reviewing of corporate strategy.

b) Explain, and discuss the importance of, auditor independence in all clientauditor situations (including internal audit). In order for auditors to be effective, they must:

Be independent. This means working without management pressure. Be objective. This means working in an unbiased and impartial manner. Avoid conflict of interest situations. Report to an appropriate level. Be free from interference in determining the scope of their work, performing the actual audit and reporting the results.

For internal auditors, internal auditors must not audit areas for which they may have had responsibility. c) Explain, and assess the nature and sources of risks to, auditor independence. Assess the hazard of auditor capture. The AC is responsible for monitoring the independence of the external auditors, and ensuring that the external auditors are independent of the company and its management. When reviewing the independence of the external auditor, the AC should take into consideration the non-audit work performed for the company by the audit firm, as well as the audit work. The independence of the external auditors should be assessed in several ways: o If appointed for the first time, the AC should ask for a statement from the audit firm that the auditors and their staff have no family, financial, employment, investment or business relationship with the company, other than in the normal course of business. o Every year the AC needs to obtain information from the audit firm about the policies and processes that it uses for ensuring the continued independence of the auditors. o The AC should agree with the board the companys policy on the appointment to its full-time staff of individuals who were previously a part of the audit team and are now moving directly from the audit firm to the company. Recruiting former auditors could affect the relationship of the company with the audit firm, and damage the independence of the auditors. The AC should check periodically that the policy on the recruitment of former auditors is complied with by the company.

o The AC should check that the audit firm complies with ethical guidelines issued by the accountancy bodies and regulatory issues, such as: Rotation of the audit partners. The amount of income fee that the audit firm receives from the company, in relation to the overall fee income of (1) the audit firm, or (2) regional office of the audit firm, or (3) an individual audit partner.

The risk that the external auditors might lose their independence from a company is sometimes called the hazards of auditor capture.

o When an audit firm offers other services to a client, there is possibly that the auditor could lose his/her independence and objectivity. o In cases like this it is believed the auditor is deliberately being captured by the client. o The term capture implies a deliberate trap being set. d) Explain and evaluate the importance of compliance and the roles of the IAA in internal control. The role of IA will vary according to the organizations objectives, but is likely to include a review of internal controls, risk management, legal compliance and value for money. Internal auditors organization. provide independent appraisal function within an

Internal audit provides advice on the adequacy and effectiveness of controls within an organization and its operations and systems: o Adequacy. Are the existing controls, as designed, sufficient or adequate to achieve their purpose? Are more or better controls needed? o Effectiveness. If their design is adequate, are the controls actually applied properly and effectively in practice?

Every organization has to be in compliance with some law or regulation. It could be compliance over employee health and safety, or in compliance with environmental regulations, etc. In this case, IA would be involved in verifying that the organization is in compliance. This can be done through compliance audits. Management has operational responsibility for the effectiveness of internal control systems. In the UK: o The board is responsible for an annual review of the effectiveness of internal control and risk managements (only for listed companies). o Management reports to the board about internal control and risk management. o The board might carry out the annual review itself or delegate the detailed work to the audit committee or a risk committee.

e) Explore and evaluate the effectiveness of internal control systems.

The nature of the annual review will depend on the size, nature and complexity of the companys business. Turnbull report recommends: o Since the board cannot rely solely on embedded monitoring processes it should receive and review reports on internal control. o The board should consider on an annual basis whether it has assessed all aspects of internal control.


The board must be able to justify its statement to shareholders on its review of internal controls and risk management. It must have documented evidence to back up its claims. Management reports to the board on internal control should provide a balanced assessment of the significant risks and the effectiveness of the internal control system in managing risks. When reviewing management reports on internal controls and risk management, the board should consider: o Significant risks and assess how they had been identified, evaluated and managed. o Assess the effectiveness of controls in managing the significant risks, paying particular attention to significant failings or weaknesses. o Whether necessary actions were promptly taken to remedy the significant failings or weaknesses. o Whether the findings indicate the need for more extensive monitoring of the system of internal control.

There must be open and honest communications about control weaknesses. A culture of blame should be avoided, to encourage honesty. The boards annual assessment should consider: o The changes since the last annual assessment in the nature and extent of significant risk, and the companys ability to respond to changes in its business and the external environment. o The scope and quality of managements ongoing monitoring of risks and of the system of internal control, and where applicable, the work of its internal audit function and other providers of assurance. o The extent and frequency of the communications of the results of the monitoring to the board (or board committees) which allow it to build up a cumulative assessment of the state of control in the company and the effectiveness with which risk are being managed. o Significant control weaknesses found in the year and their effect on the financial performance and position. o The effectiveness of the companys public reporting processes.

If the board becomes aware of significant failings or weaknesses in internal control, it should determine how the failing or weakness arose and reassess the effectiveness of managements ongoing processes for designing, operating and monitoring the system of internal control.

f) Describe and analyze the work of the internal audit committee in overseeing the IAA. IA should functionally report to the AC. The purpose of this is to provide proper organizational status to IA. By reporting to AC, IA can maintain its independence. Although, administratively, IA must still report to someone (such as the CEO) in administrative. At some stage during the year, the head of internal audit should be required to report to the AC.

o Approve the appointment or termination of employment of the head of internal audit (which helps to protect that persons independence). o Monitor the work of IA (e.g., by requiring the head of IA to report occasionally to the AC). The Smith Committee recommends (2003) that the AC should: o Ensure that the CAE has direct access to the chair of the board and AC. o Ensure that the CAE is accountable to the AC. o Review and assess the work plan of the IA and confirm that it is acceptable. o Receive reports on a periodic basis form the CAE about work done. o Review the response of management to recommendations made by the internal auditors. Smith Committee recommends about the AC: o Meet at least once a year with CAE (without an executive managers being present). o Monitor and assess the effectiveness of IA with the overall system of internal control and risk management. o The Combined Code states that (unless the responsibility is taken on by the board or given to a separate risk committee) the AC should: Monitor and review the effectiveness of internal control activities. If there is no IA function, consider the need for one, and make a recommendation to the board. If the decision is that an IA function is not required, to explain the reason for this in the companys annual report and accounts.

g) Explain and explore the importance and characteristics of, the audit committees relationship with external auditors. The AC should ensure the integrity of financial reporting and external auditing (Smith report). o Management is responsible for the preparation of complete and reliable financial statements. o The AC should monitor the preparation of the financial statement, and give consideration to the significant estimates and judgments made by management in their preparation. o When two or more accounting methods could be used, the AC should obtain an explanation from management for its choice of methods. o The AC should compare the views of management with those of the external auditors. The AC should refer any problems it finds with the external audit to the full board for considerations. The AC is responsible for ensuring that the external auditors:

o Remain independent, free from management pressure and influence, and o Do their job properly. Appointment of external auditors. Smith report recommends: o The AC is responsible for recommending (to the board) the appointment, re-appointment or removal the external auditors. o The board then makes its recommendation to the shareholders. o If the board rejects the ACs recommendation, then the committee should give an explanation in the annual report and accounts. o The terms and remuneration: Smith recommends that the audit committee should (each year): Review and agree the terms of engagement of the auditors. Discuss with the auditors the scope of the audit. If necessary, ask for additional work to be done on the audit and for the auditors to provide more resources. Satisfy itself that the audit fee is sufficient for the amount of audit work to be done.

Monitoring the independence of the external auditors. o There is the risk that that audit firm could become dependent on the companys management (hazard of audit capture). o Upon appointment of the audit firm, the AC should ask for a statement from the audit firm that it has no family, employment, financial, investment, or business relationship with the company, except in the normal course of business. o Each year, the AC should obtain information from the audit firm about the measures it takes to ensure continued independence from the client. o The AC needs to check that the audit firm complies with guidelines of the accountancy bodies with regard to issues such as: The rotation of audit partners. The permissible amount of non-fee income from the audit client.

Auditor and non-audit work. o The Smith report states that the AC should be responsible for developing and recommending to the board a company policy on giving non-audit work to the audit firm. o The Combined Code states that it is the responsibility of the board to ensure the independence of the external auditors. In the annual report and accounts the board should explain to shareholders, if the audit firm does non-audit work, how auditor independence and objectivity are safeguarded.

Audit effectiveness. The AC should review the adequacy of work done in the external audit.

o The AC should ensure that an audit plan has been prepared and the audit firm is committing sufficient resources on the work. o At the end of the audit, the AC should review the work done by the audit firm, and: The issues that arose during the audit, The key accounting and auditing judgments that were made, The level of errors identified by the audit, The response of management to the auditors recommendations for changes to internal controls. Review whether the external auditors met the requirements in the audit plan. Get feedback from the companys management about the audit. Review the auditors management letter. Do the auditors show a good understanding of the business? What has been managements response to the auditors recommendations?

o Each year, the AC should also:

3. Internal control and reporting

a) Describe and assess the need to report on internal controls to shareholders. The method and content of reports to shareholders on the effectiveness of IC will vary between countries. Listed companies in the US have to report under Section 404 of SOX. In this case, companies have to provide a detailed statement to shareholders including details of major control weaknesses about financial controls only. In the UK, listed companies have to: o Conduct a review of the effectives of IC and RM systems, and o Inform shareholders that they have done so. The Turnbull report recommends that the boards annual report to shareholders about IC and RM should: o Summarize the processes used (and the committee used) to carry out the review of effectiveness. o Confirm that action has been taken to remedy any control weaknesses that were found. o Disclose the process it has used for dealing with the IC aspects of any significant problem revealed in the annual report and accounts. Reviewing the effectiveness of IC and RM: o Regular reports from management to the board. o An annual assessment by the board. o The board makes an annual statement to shareholders in the report and accounts.

b) Describe the content of a report on internal control and audit. The Turnbull report states that there should be an annual review of internal controls. The review should cover: o The changes since the last assessment in risks faced and the companys ability to respond to changes in its business environment. o The scope and quality of managements monitoring of risk and internal control, and of the work of internal audit, or consideration of the need for an internal audit activity (IAA) if the company does not have one. o The extent and frequency of reports to the board. o Significant controls, failings and weaknesses which have or might have material impacts upon the accounts. o The effectiveness of the public reporting processes. Based on the Turnbull report, the board should disclose as a minimum in the accounts, the existence of a process for managing risks, how the board has reviewed the effectiveness of the process and that the process accords with the Turnbull guidance. The board should include: o Acknowledge that the board is responsible for the companys system of control and reviewing its effectiveness. o An explanation that the system can only provide reasonable assurance against material misstatements or loss. This means that system is meant to manage rather than eliminate the risk of failure to achieving business objectives. o A summary of the process that the directors (or a board committee) have used to review the effectiveness of the system of internal control and consider the need for an internal audit activity if the company does not have one. There should also be disclosure of the process the board has used to deal with material internal control aspects of any significant problems disclosed in the annual accounts. o Information about those weaknesses in internal control that have resulted in material losses, contingencies or uncertainties which require disclosure in the financial statements or the auditors report on the financial statements. c) Explain and assess how internal controls underpin and provide information for accurate financial reporting. It does this by helping to ensure the accuracy and reliability of financial information. Internal control helps the company achieve its financial reporting objectives. Internal control objectives over financial reporting include: o Transactions are authorized. o All transactions are recorded: At the correct amount. In the correct account. In the proper accounting period (cut-off).

o Assets and records access are restricted. o Assets compared with existing ones regularly.

4. Management information in audit and internal control

a) Explain and assess the need for adequate information flows to management for the purposes of the management of internal control and risk. Board and managements involvement is a critical element of internal control systems and the control environment. Management needs different types of information. For example, they need: o Financial information. o Non-financial information such complaints, human resource data. as quality reports, customer

o External information about competitors, suppliers, impact of future economic and social trends. There are various ways that management can get the information they need for decision-making. The information directors need to be able to monitor controls effectively comes from a variety of sources. o The directors own efforts. This could entail MBWA (Management by walking around), regular visits by the directors to operations, etc. o Reports from subordinates. There must be a system where staff with supervisory responsibilities report on a regular basis to senior managers, and senior managers report to the directors. o Lines of communications. It must be communicated that staff have lines of communication that can be used to address concerns. This would include having a whistleblowing program. Whistleblowing program is where staff wants to say something but at the same time maintain their anonymity. It is important for staff to know that senior management does want to know about problems and will deal with them effectively. Staff must believe that there will be no reprisals for reporting relevant information. o Reports from control functions. Organizations that have a key role to play in IC must report on a regular basis to the board and senior management. One example is the need for a close relationship between IA and audit committee. The HR function should also report regularly to the board about personnel practices in operational units. Poor HR management can indicate future problems with controls, since it may create dissatisfied staff or staff who believe that laxness will be tolerated. o Reports on activities. The board should receive regular reports on certain activities. A good example is major developments in computerized systems.


o Reports on resolution of weaknesses. The board should receive evidence to confirm that control weaknesses that have previously been identified have been resolved. o Results of checks. The board should receive confirmation that necessary checks on the operation of the controls have been carried out satisfactorily and that the results have been clearly reported. Sufficient independent evidence from external or internal audit should be obtained to reinforce the evidence supplied by operational units. o Exception reporting. Exception reports highlight variances in budgeting systems, performance measures, quality targets and planning systems are an important part of the information that management receives. Managers may consider the following issues when deciding whether to investigate further: Materiality. Controllability The decision to investigate or not will depend on whether a manager is able to control issue. Variance tread If the trend is getting worse, would be more likely to investigate. However, if the variance is adverse but the same variance is always adverse, then the process is in control and the standard has been wrongly set. Cost Likely cost needs to be weighed against the cost to the organization or allowing the variance to continue in future periods. Interrelationship of variances Highly likely that variances are interconnected. So, if one variance is adverse, then another interrelated variance might be adverse as well. For example, if labor efficiency variance is negative then the variable efficiency variance will be negative as well (if calculated based on labor).

o Feedback from customers. Customer responses are important evidence for the board to consider, particularly as regards how controls ensure the quality of output. Making the best use of information. o Comparison of different sources of information. The pictures gleaned from different sources must be compared and discrepancies followed up and addressed. For example, if a random or special check identifies problems that should have been picked up and reported through regular channels, then the adequacy of these channels needs to be considered carefully. o Feedback to others. Directors need to ensure that as well as obtaining information they need to review internal control systems, relevant information on controls is also passed to all those within the organization who need it directly. E.g. Sales staff who obtain customer feedback on product shortcomings need to be aware of the channels for communicating with staff responsible for product quality and also staff responsible for product design.

o Review procedures. As well as investigating and resolving problems with the information they receive, the board ought to undertake regular reviews of the information sources that they need. E.g. they need to assess whether any layers of supervision or review can be reduced. b) Evaluate the qualities and characteristics of information required in internal control and risk management and monitoring. The COSO guidance stresses the importance for boards and management to have good quality information. Good information adds to the understanding of a situation. Good information means that the information is (ACCURATE): i. Accurate The numbers add up and there are no typos, items should be allocated to the correct category, assumptions should be stated for uncertain information. ii. Complete The information should contain everything that needs to be included. For example, external data if relevant, comparative information or qualitative information as well as quantitative. Sometimes managers or strategic planners will need to build on the available information to produce a forecast using assumptions or extrapolations. iii. Cost/beneficial The benefit of gathering the information should outweigh its costs. This gets into the issue of materiality. iv. User-targeted The needs of the user should be borne in mind, for instance senior managers need strategic summaries, junior managers need detail. v. Relevant Information that is not needed for decision making should be omitted, no matter how interesting it may be. vi. Authoritative The source of the information should be a reliable one. However, subjective information (e.g., expert opinion) may be required in addition to objective facts. vii. Timely The information has to be timely, which means when it is needed. It should also cover relevant time periods, the future as well as the past. viii. Easy to use Information should be clearly presented, not excessively long, and sent using the right medium and communication channel (email, telephone, hard-copy report).



Identifying and Assessing Risk

1. Risk and the risk management process

a) Define and explain risks in the context of corporate governance. Risk is the probability that some future event could adversely impact the organization. Risk is measured in terms of probability and impact. o This type of risk is known as pure risk. The board has overall responsibility for risk management as an essential part of its corporate governance responsibilities. Responsibilities below board level will depend on the extent of delegation to line managers and where there is a separate risk management function. Everyone who works in a company has responsibility for risk management, not just risk specialists. The Board the board has a very important role in managing risk. o Determines risk management strategy and monitoring risks o Setting appropriate policies on internal controls and seeking assurance the IC is functionally effectively. o Communicate the organizations strategy to employees. The CEO is the owner of the risk management and IC systems. o Must consider risk and control environment. Needs to promote the right culture. o Monitors other directors and senior staff, particularly those whose actions can put the company at significant risk. Senior managers Managers have an important role in making sure the organization has the right risk management culture. o Making sure that there is a culture that is focused on the mission and goals of the organization. o Ensuring that the culture is consistent with the needs and values of the key stakeholders. o That the culture considers the risk to shareholder value. o That the culture promotes the reporting and management of risks. c) Explain the dynamic nature of risk assessment. Risk assessment starts by first identifying the risks that face the business. Changes in the environment that may have changed the nature and scale of risks will be considered. How often risk assessment will be done in an organization will depend on the dynamic nature of the environment in which the organization operates. How dynamic the nature of the risk will depend on the nature of the business. In some businesses, risks will change very little, but in others they may change a great deal.

b) Define and describe management responsibilities in risk management.

d) Explain the importance and nature of management responses to changing risk assessments. Management needs to be aware of the environment that they are operating in. Management always needs to be in a position to changes in the environment that could cause changes in the risks faced by the company. In some environments, the risks change very little, but in others it changes a great deal. o Changes in the environment might arise because of changes in the strategic decision made by the business. For example, if a company decides to launch a new product, or penetrate a new market or significantly change the financial structure of the business. o Changes in risk might be the result of external changes, including (think of PEST): Political Businesses environments. operating in unstable political

Economic sellers of non-essential goods or services are particularly vulnerable to changes in the economy. Social Businesses selling goods in markets where fashion is a significant influence on consumer demand. Technology new technology can quickly and significantly benefit innovators.

e) Explain risk appetite and how this affects risk policy. Risk appetite has to do with the amount of risk a company is willing and able to tolerate. This directly affects the risk policy of the organization. For example, some types of organizations, such as charities or public sector, will seek to avoid certain risks. Other organizations may accept the same risks. This means that the organization is accept the risk in order to achieve its objectives.

2. Categories of risk
a) Define and compare (distinguish between) strategic and operational risks. Strategic risks are risks that are related to the fundamental decisions that the directors take about the future of the organization. Operational risks relate to the matter that can go wrong on a day-to-day basis while the organization is carrying out its business.
Strategic Resource allocation. Competition. Environmental factors. Mergers and Acquisition activity. Operational Internal control failures. IT failures. Human error. Fraud. 68

Product/service portfolio.

Staff dependency. Business recovery. continuity and disaster

Factors that could influence strategic risks: o The types of industries/markets within which the business operates. o The state of the economy. o The actions of the competitors and the possibility of mergers and acquisitions. o The stage in the products life cycle, higher risks in the introductory and declining stages. o The dependence upon inputs with fluctuating prices, such as oil. o The level of operating gearing the proportion of fixed costs to total costs. o The flexibility of production specifications or products. processes to adapt to different

o The organizations research and development capacity and ability to innovate. o The significance of new technology. o The quality of leadership at board level. o Relationships with suppliers. Factors that could influence operational risks: o Losses from internal control system or audit inadequacies. o Non-compliance with regulations or internal procedures. o IT failures. o Loss of key personnel. o Fraud. o Business interruptions. b) Define and explain the sources and impacts of common business risks. Business risks are strategic risks that threaten the survival of the whole business. Strategic risks. Is the potential volatility of profits caused by the nature and type of business operations. Market risk and derivatives risk: Market risk is the risk that changes in the market price or market rates can negatively affect a company. This risk is higher when the market is subject to large or unexpected movements both up and down. IFRS 7 defines market risk as the risk that the fair value or cash flows of a financial instrument will fluctuate due to changes in market prices. Market risk reflects interest rate risk, currency risk, and other price risks.


Derivative risk is the risk of unexpected gains or losses on trading positions in derivatives. o Derivatives can be used either for hedging (minimize risk) or for speculative purposes (to make a profit), as in the case of Sham group. A Derivative is a financial instrument with all three of the following characteristics: o Its value changes in response to a specified underlying (an underlying could be exchange rate, commodity prices, share prices, interest rates, etc.); o It requires little or no initial investment; and o It is has to be settled at a future date.

A significant risk with trading in derivatives is that a relatively small investment in derivatives can create an exposure to major losses, if the underlying market prices move against the company. There have been reported cases in the past where treasury departments of companies or government organizations have suffered severe losses through speculation in derivatives, for example, Orange County, near Los Angeles had to file for bankruptcy because of losses suffer through derivative trading.

o As controller of the various Orange County funds, Citron had taken a

highly leveraged position using repurchase agreements (repos) and floating rate notes (FRNs). The loss incurred by the usage of these financial instruments reached the amount of $2 billion and was caused by being too highly leveraged for rising federal interest rates. In other words, if federal interest rates had not risen, the massive trading position would have been a substantially profitable position; if interest rates did rise, the trading position would result in substantial losses. In fact, rates rose. Credit Risk: This is the risk to a company from a failure of its debtors to meet their obligations on time. o Most common credit risk is where a company fails to pay its supplier on time. Management of credit risk is particularly important to exporters. Arrangements used to assist in this includes: documentary credits, bills of exchange, export credit insurance, forfeiting and export factoring. Liquidity risk is the risk that a company will not have the funds to pay its short term obligations. Its a mismatch between cash inflows and cash outflows. Sources of cash are near-cash assets, such as marketable securities that can be sold quickly in the financial markets to obtain cash. Another source is available credit from a bank, such as an overdraft facility or a revolving credit line. An essential requirement for controlling liquidity risk is careful cash budgeting or cash forecasting. Companies should keep expected cash inflows and payments under continual review.

Liquidity risk:

Companies should also avoid taking actions that could create long-term liquidity problems, such as paying for capital assets out of operating cash flows, when the company cannot afford this. Efficient working capital management can also help to improve cash flows and reduce liquidity risk. In particular, companies should avoid investing in slow moving inventory, and should have efficient procedures for collecting receivables, like having a lockbox collection system. Occasionally, there may be two different technologies to choose from, and there is the risk that you will choose the wrong technology. This risk can affect companies that manufacture products (such as high definition digital televisions) and have to choose between the rival technologies. The potential cost of having to invest in new technology can be a serious risk for profitability. This risk is greater for companies that operate in the high tech field and the life cycle of the product is shorter. Companies that fail to comply with the law run the risk of legal penalties and bad publicity. This includes loss of employees time because of injury and the risks of having to pay compensation or legal costs because of breaches. Health and safety risks can arise from: o Lack of health and safety policies. o Lack of emergency procedures. o Failure to deal with hazards. o Poor employee welfare. Risk because of poor working conditions. o General poor health and safety culture.

Technology risk:


Health, safety and environmental:

Reputation risk: Lord Jeffrey said, A good name, like good will is got by many actions, and lost by one. Reputation risk is the risk of a loss of reputation of an organization, arising from the perception others have about the implications of risks materializing. Reputation risk levels depend not only on the levels of other risks, but the reaction of stakeholders to those other risk materializing how much less of the organization do stakeholders think, and what actions they take. In a large global company, the effect of reputation risk may also be localized, because an event that damages the companys reputation in one part of the world might not be considered so bad in other countries. o A reputation for unethical selling or poor quality can have a lasting impact on customer demand.


o Reputation can affect the choice of one producers goods on services in preference to another. o A bad reputation can make a company a target for pressure groups and activists. o In some cases, damage to reputation can lead to intervention by the government, which may introduce new laws or regulations. Of all the major risks, reputation risk is the risk that is most strongly correlated to other risks, since its level partly depends on the likelihood that other risks materialize. This is the risk of unethical behavior by one or more participants in a particular process. o Being victims of bribery, or corruption or being pressured into it are examples of probity risk. o However, assumptions about how different cultures view corruption can also be dangerous. E.g. there was an article that discussed how unorthodox methods might be required to be successful in Greece. In other words, the article was saying that to be successful in Greece, you were going to have to bride. Additionally, there is entrepreneurial risk, which if the risk that arises from any new business venture or opportunity. c) Describe and evaluate the nature and importance of business and financial risks. The company faces a wide range of business risks, such as risk from competitor activity, risk of low sales demand, economic risks, political and legal risks and so on. Financial risk is one of many types of business risks. The ultimate risk that any company faces is the risk that it will not continue as a going concern. Financial risks include the risks relating to: o Capital structure. Risk that long-term sources of finances will not be available. o Overtrading. o Fraud and misuse of financial resources. o Currency risk. Possibility of loss or gain due to changes in exchange rates. o Interest rate risks. If a company has significant amount of variable (floating) rate debt, interest rate movement will give rise to uncertainty about the cost of servicing this debt. Conversely if a company uses a lot of fixed rate debt, it will lose out if interest rates begin to fall. o Market risk. This is the risk of loss due to an adverse move in the market value of an asset typically stock prices. o Credit risk. This is the risk to a company from the failure of its debtors to meet their obligations on time.

Business probity risk:

o Liquidity risk. This is the risk of loss due to a mismatch between cash inflow and outflow. The attitudes of risk of the board and major finance providers will impact significantly on how risky the companys financial structure is. d) Recognize and analyze the sector or industry specific nature of many business risks. (NOTE: On pg. 176, it says that you may have to identify the risks that may affect a specific industry). Industry-specific risks are risks of unexpected changes to a businesss cash flows from events or changing circumstances in the industry or sector in which the business operates. o Could be from the result of new technology, or a change in the law or a rise or fall in the price of a key commodity. Example are listed below:
Retailing organization Business strategy risk. Risk that the business strategy might take the company in the wrong direction. Financial strategy and group treasury risk. This covers the risk of not having available funds, credit risks, interest rate risks and currency risk. Macro-economic trends. This is dependent of economic conditions. Competition risk. This is the risk of losses due to the activities and successes of the competition. People capabilities risk. This is the risk of failing to attract the best people to work for the company. Reputation risk. Environmental risk. Arises from issues such as energy savings, transport efficiency, waste management and the recycling of waste. Product safety risk. Fraud and compliance risk. IT systems risk. Political risk and terrorism risk. Pension risk. The risk that the company cannot meet its obligations to its employees. Oil companies Market risk, especially risk of changes in the price of oil. Exploration risk. The risk of not finding sufficient oil reserves. Reputation risk. Environmental risk. The risk of having a major oil spill (aka BP). Competition risk. IT failure risk. Political risk. This is the risk of operating in an unstable country. Regulatory risk. Shortage of skilled labor risk, especially a shortage of science graduates. Commercial bank Strategy risk. Choosing a strategy that does not max shareholder value. Product/service risk. The risk of developing products that customers do not want or need. Too much regulation Credit risk. Market risks. This includes the risk from changes in interest rates, currency exchanges as well as changes in market prices of financial products such as shares. Operational risks, such as IT failures, external risks (terrorism, nature disaster, etc.). Risk of inadequate liquidity. Complex financial instruments. Use of derivatives (high inherent risk). High dependence technology. on


3. Identification, assessment and measurement of risk

a) Identify, and assess the impact upon, the stakeholders involved in business risk. Organizations attitudes to risks will be influenced by the priorities of their stakeholders and how much influence the stakeholders have. Stakeholders who have significant influence may try to prevent an organization bearing certain risks. Shareholders Key issue for management is to determine whether shareholders: o Want steady income from dividends, or o More concerned with long-term capital gain. This issue is complicated by the fact that shareholders themselves have different risk tolerances. o In theory, managers should not care who the shareholders are since the shareholders can freely buy and sell their shares. However, this is not necessarily true in practice. o In addition, we have seen in the corporate governance reports the importance of maintaining links with individual shareholders. So, it is unlikely that the directors will be indifferent to who the company shareholders are. Debt providers and creditors Debt providers are concerned about threats to the amount the organization owes and can take various actions with potentially serious consequences such as denial of credit, higher interest charges or ultimately putting the company into liquidation. Creditors are going to be concerned about receiving a profit from the company, therefore they may limit the amount of product they deliver to a company. Employees Are going to be concerned about threats to their job prospects (money, promotion, benefits and satisfaction) and ultimately threats to the job themselves. If the business fails then it will seriously impact the employees. Customers and suppliers Suppliers can provide short-term financing. Customers will be concerned with threats to their getting the goods or services that they have been promised, or not getting the quality of service or product that they expect.

The impact of customer-supplier attitudes will partly depend on how much the organization wants to build long-term relationships with them. The Wider community Governments, regulatory and other bodies are particularly concerned with risks that the organization does not act as a good corporate citizen, implementing for example poor employment or environmental policies. Governments can impose tax increases or regulation or take legal action. Pressure groups tactics can include publicity, direct action, sabotage or pressure on governments. Companies need to monitor the wider community, but predicting their actions can be difficult.

b) Explain and analyze the concepts of assessing the severity and probability of risk events. Risk management is about identifying and assessing levels of risk. Risks can be measured as quantified amounts, although sometimes they are assessed in qualitative terms (judgment). For each identified risk, an assessment should consider the probability or frequency of the risk event and its likely impact (severity) if it occurs. Risk map and risk dashboard are graphic means of assisting management with the understanding and assessment of risks. The risk map is a simple 2x2 matrix, where one side of the matrix represents probability and the other side represents impact. Based on the assessment of risk
Low High
Insure risk or implement contingency plans. Reduction of severity of risk will minimize insurance premiums. Loss of key customers. Failure of computer systems

Risk map and risk dashboard:

Risk = Probability of occurrence x Impact (Severity)

Urgent risk management issue. Take immediate action to reduce severity and frequency of losses. Loss of senior or specialist staff. Loss of sales to competitor. Loss of sales due to macroeconomic factors. (TERMINATE/AVOID)


(TRANSFER) Not significant, but review occasionally. Loss of suppliers of small scale and unimportant inputs (TOLERATE/ACCEPT)

Management to consider the need for risk control measures. Take of action, e.g., self-insurance to deal with frequency of losses. Loss of lower-level staff (TREAT/REDUCE)

It can be useful for management to prioritize risks. o The risk dashboard is another graphic aid for risk management. o The basic idea is that it indicates which risks are dangerously high (colored red), which ones are relatively small (colored green) and which are somewhere in between (colored amber). o A dashboard can also be used to indicate the current exposures to the risk (residual risk) and risk appetite of the company for accepting exposures to the risk. o Residual risk should never be greater than the companys risk appetite for that risk.

c) Describe and evaluate a framework for board level consideration of risk. In order to be able to carry out an effective review, boards should regularly receive and review reports and information on internal control, concentrating on:

o What the risks are and strategies for identifying, evaluating and managing them. o The effectiveness of the management and internal control systems in the management of risk, in particular how risks are monitored and how any weaknesses have been dealt with. o Whether actions are being taken to reduce the risks found. o Whether the results indicate that internal control should be monitored more extensively. d) Describe the process of and importance of, externally reporting on internal control and risk. Because of the corporate accounting scandals over the past ten years, there is stricter requirements on external reporting. These requirements is meant to address the concerns of shareholders and other stakeholders that management has exercised proper control. According to the UK Turnbull report, the board should disclose as a minimum in the accounts, the existence of a process for managing risks, how the board has reviewed the effectiveness of the process and that the process accords with the Turnbull guidance. The board should: 1) Acknowledge that they are responsible for the companys system of internal control. 2) Explain that such a system is designed to manage rather than eliminate the risk of failure to achieve business objectives, and can only provide reasonable and not absolute assurance against material misstatements. 3) A summary of the process that the directors have used to review the effectiveness of the system of internal control and consider the need for an IAA if the company does not have one. 4) Information about those weaknesses in internal control that have resulted in material losses, contingencies or uncertainties which require disclosure in the financial statements or the auditors report on the financial statements. e) Explain the sources, and assess the importance of, accurate information for risk management. All CG codes stress the need for management to be held accountable to stakeholders for their stewardship of the company. In particular, CG codes require management to report on the risks faced by the organization. This is where risk management processes come into play. If management is to be held accountable, they need to know whats going on in the companies they are managing. This means that they need to be in receipt of all information needed to discharge their responsibilities. However, information is useless unless it is quality information. This means that it needs to be both reliable and accurate. Sources of information could come from:

1) The organizations code of conduct. 2) The internal auditors assessment of risks. 3) The audit committees assessment of the effectiveness of internal control. 4) External auditors report on weaknesses in the accounting and internal controls. 5) The results of a control management and staff. self-assessment process by line

f) Explain and assess the ALARP (as low as reasonably possible) principle in risk assessment and how this relates to severity and probability. Business is risky, therefore, businesses try to reduce most of the significant risks, rather than eliminate them. The general principle is that the higher the level of risk, the less acceptable it is. However, there are many risks which cannot be avoided completely, for example, hazardous activities where there is a risk of injury or loss of life (e.g. an oil rig, or factory or farm). Risk like these need to be reduced ALARP. For example, by installing protective shielding, issuing safety equipment like hats or protective glasses. The level of risk mitigation is a trade-off between the cost and the assessment derived from the risks likelihood and impact. The graph shows the relationship between risk and level of acceptability.



You can see that as you decrease risk, the level of acceptability increases, which gives it the downward sloping effect. Judgment is necessary in deciding what level of risk is ALARP. It may be that a new control system could reduce risks further, but they are judged to be far too expensive. The level of risk considered as ALARP may well be a compromise.

g) Evaluate the difficulties of risk perception including the concepts of objective and subjective risk perception. There is a problem with the issue of measurability.

The matrix above assumes that risk can be accurately quantified or at least ranked. In some case, the assessment can be made with a high degree of certainty and maybe even scientific accuracy. In this case, risks can be objectively assessed. Subjectively assessed is where risk cannot be assessed with any quantified accuracy. Accuracy will depend on the skills and knowledge of the person making the assessment, and also depend on the information available and the factors that may influence the risk levels. Need to be careful about having bias when judging the consequences of the risks. o Examples of a risk in which the likelihood can be measured objectively is the next outcome of tossing a coin. A risk, the impact of which can be objectively measured, is the number of shareholders affected by a loss of company value.

A risk with subjective likelihood is the risk of an accident occurring, and a risk with a subjective impact is the possible financial loss from a spillage from a factory. This has to do with the correlation coefficient between two risks. Where a positive correlation exists, the risks will increase or decrease together. One example of correlation has to do with reputation risk. o For example, there may be a strong correlation between reputation and environmental risks. o Another example: there may be a positive correlation between reputation risks and risks of serious faults being found in a product.

h) Explain and evaluate the concepts of related and correlated risk factors.

Correlation of risks is also important when considering the costs and benefits of risk management. o Major expenditure on controls may reduce risks, but it could increase financial risks such as running short of funds or not being able to make profitable investments.

An example of a negative correlation (as the risk of one item increases, the risk of something else decreases): In order to reduce the risk of stock out, a company increases the level of inventory stock. However, when doing this, the risk of obsolescence/damage/spoilage increases.



Controlling and Managing Risk

1. Targeting and monitoring of risk

a) Explain and assess the role of the risk manager in identifying and monitoring risk. The risk manager needs technical skills in credit, market and operational risks. Also needs to have good leadership skills to convince those in the organization that risk management is not to stifle initiative. The role of the risk manager is to be the leader of the risk management committee. The risk manager: o Reports directly to the board. o The risk managers role is to oversee implementation of the boards risk management policies. o The risk manager is supported by the risk management committee. o The risk manager is not normally involved in determining strategy. o Has more of an operational role. This means identifying, evaluating and determining specific risks within the entity. Risk manager is typically responsible for: o Overall leadership, vision and direction of ERM. o Establish an integrated risk management framework. o Promote ERM competence throughout the entity. o Developing RM policies, including quantification of managements risk appetite. o Establishing common risk management language, e.g. common measures around likelihood and impact, and common risk categories. o Implementing a set of risk indicators and reports including losses and incidents, key risk exposures, and early warning indicators. o Dealing with insurance companies. This is important because of increased premium costs, etc. o Allocating economic capital to business activities based on risk, etc. o Reporting to CEO on progress and recommending action as needed. This would include communicating the companys risk profile to key stakeholders such as the board, regulators, stock analysts, rating agencies and business partners. The risk management policies to be implemented are decided by the board and risk management committee. b) Explain and evaluate the role of the risk committee in identifying and monitoring risk. Risk management committee Companies that have significant market risks should have a risk management committee. Role and functions include:

o Approving the organizations risk management strategy and risk management policy. o Reviewing reports on key risks. o Monitoring overall exposure to risks and ensuring it remains within limits set by the board. o Assessing the effectiveness of the organizations risk management systems. o Providing early warning to the board on emerging risks. o Reviewing the companys statement on IC. c) Describe and assess the role of internal or external risk auditing in monitoring risk. If internal auditors carry out the audit, they have to be familiar with the organization, its culture, its regulations, et cetera. Internal auditors need to provide value added services which help the organization achieve its objectives. A value added service is monitoring recommendations for mitigating risks. However, internal auditors may suffer from the disadvantage of lack of independence and over-familiarity. IA might be undermined by politics and divisions. External auditors can provide an unbiased view of risks. A risk provided by the external auditor should give a higher degree of confidence to external shareholders. It is also possible that the external auditors knowledge of best practices might be more up-to-date. The external auditor may have a better awareness of certain risks than internal auditors do.

2. Methods of controlling and reducing risk

a) Explain the importance of risk awareness at all levels in an organization. Risk awareness should be embedded within an organizations processes, environment, culture, structure and systems. Organizations should issue a risk policy statement and maintain a risk register. Embedded means that the something is part of an organization. When talking about risk awareness, then this means that risk awareness is taken for granted at all levels of the organization, and is a foundation of a control system. If embedded then there is a greater chance that when risk becomes known, it will be properly dealt with. Risk management should be an integral part of the strategic planning process, the budgetary cycle and the audit planning.

b) Describe and analyze the concept of embedding risk in an organizations systems and procedures.

Embedding risk simply means that risk awareness is an integral part of operational and management systems within the organization. In other words, risk control is part of day-to-day operations. As an example, duties that need to be segregated are segregated. Risk should be embedded in its procedures. There should be suitable internal controls at all times. For example, safety procedures should be taught to all employees and properly carried out at all times. COSO suggests: o Risk management should be a part of everyones job description. o Personnel need to understand that they should resist pressure from superiors to engage in improper activities. o Whistleblowing procedures should exist. o Risk management should be part of the annual MbO process.

c) Describe and evaluate the concept of embedding risk in an organizations culture and values. Risk awareness should be embedded in an organizations culture. This means that an awareness and understanding of risk should be part of the thinking of management and of the employees. Risk should also be embedded in its values. This means that the company should recognize the importance of risk management and it takes risk management seriously. COSO suggests: o Link risk management to job descriptions. o Ethical and appropriate behavior is to be expected. o Have effective staff training. o Ownership of risks encourages their management. o Top-down communication as to what the companys risk appetite is and what is expected from employees. Culture in an organization is how we do things around here. It is a key part of the internal control environment. The culture of an organization can determine whether risk management is successful or not in any given organization.

d) Explain and analyze the concepts of spreading and diversifying risk and when this would be appropriate. There are four ways to respond to risk: 1) You can reduce (treat) the risk. Take some action, e.g. self-insurance to deal with frequency of losses. 2) You can transfer the risk. Best example here is insurance, where the risk of something going wrong has been transferred.


3) You can avoid (terminate) the risk. Companies take immediate action to reduce severity and frequency of losses, e.g., charging higher prices to customers or ultimately abandoning activities. 4) You can accept (tolerate) the risk. These risks are not significant. Keep under view, but costs of dealing with risks is unlikely to be worth the benefits. Whether a company spreads and diversifies the risk will depend on: o Its likelihood of materializing. o Its probability of materializing. Higher the likelihood and probability of occurring, the higher the chance that the company will do something to mitigate the risk.

e) Identify and assess how business organizations use policies and techniques to mitigate various types of business and financial risks. Business risks are strategic risks that threaten the survival of the whole business. o Business risk is a risk to both debt issuers and equity shareholders. Financial risk. The ultimate risk for a company is not to be able to continue functions as a going concern. Financial risks include the risks relating to the structure of finance the organization has, in particular the risks relating to the mix of equity and debt capital, etc. o Financial risk is a risk just to equity shareholders. This is because debt holders get preference in a liquidation. One important distinction in risk reduction is between risk management policies and techniques. This distinction refers to the way risk management operates at different levels in an organization. o Risk policies are agreed at very senior levels of the organization, by the board, risk committee or risk manager. They may be directed at particular risks. o Risk mitigation techniques will be the means of implementing the policies, applied at various levels in the organization by operational managers and staff, guided by the risk management function.

3. Risk voidance, retention and modeling

a) Explain, and assess the importance of, risk transference, avoidance, reduction, and acceptance. These responses to risk are also commonly referred to as the 4Ts or TARA (in the brackets). Risk transference (transfer the risk): o Risk transference does not reduce the amount of total risk in total. It simply moves it to another person, such as an insurance company.


o As far as the insurance company, the insurance company has accepted the risk. o Risks can be transferred to other internal departments, or externally to suppliers, customers, or insurers. An example of transferring risk to the customer a decision not to rectify the design of a product, because rectification could be expensive as paying any claims from disgruntled customers, is in fact, a decision to transfer the risks to the customers without their knowledge. o Internal risk transfer can also cause problems if it is away from departments with more clout (e.g. sales) and towards departments such as finance who may be presumed to downplay risks excessively. Risk avoidance (Terminate the risk): o Organization has to consider whether the risk can be avoided, and if so, whether avoidance is desirable. o An extreme avoidance is the termination of operations. Risk reduction (Treat the risk): o Often risks can be avoided, but not avoided altogether. o This is true of many business risks, where the risks of launching a new product can be reduced by market research, advertising, etc. Risk acceptance (Tolerate the risk): o Organization bears the risk itself, and if an unfavorable outcome occurs, it suffers the full loss. o Decision whether to retain or transfer risk depends first on whether there is anyone to transfer a risk to. o An option sometimes associated with accepting risks, is selfinsurance. This is putting money aside in case something happens. o A more sophisticated method of self-insurance is setting up a captive. A captive, or captive insurer is an insurance company wholly owned by a commercial organization, and usually dedicated solely to the underwriting of its parent companys risks. An organization with a risk that it cannot carry, which cannot find one or more insurers to take the bulk of that risk from it, may from a captive insurer to carry that risk. Its premiums will not be unnecessarily large and its policy terms will be reasonable.

b) Explain and evaluate the different attitudes to risk and how these can affect strategy. How organizations deal with risk is not only influenced by events and information but by managements perceptions of those risks. This gets into managements appetite for risks. Different items that influence a managers risk appetite are:

o Personal views Some managers acknowledge the emotional satisfaction from successful risk-taking. A good example is Richard Branson of Virgin Group. Branson started established Virgin Galaxy. Individuals vary in their attitudes to risk and this is likely to be transferred to their roles in organizations. o Response to shareholder demand Shareholders demand a level of return that is consistent with taking a certain level of risk. Thus, managers respond to shareholders expectations by viewing risk-taking as a key part of decision-making. Managers therefore need to have an understanding of what is the level of return that satisfies shareholders. In this case, risk appetite must be allied with need. On pg. 131 (story about Woolworths), there is a good example of aligning need with risk. o Organizational influences Larger companies tend to have more formal systems and will have to take account of varying risk appetites and incidence among its operations. o Risk management system employed will be dependent on the organizations management control systems that will depend on the formality of structure, the autonomy given to local operations and the degree of centralization deemed desirable. o Attitudes of risk will change as the organization develops and its risk profile changes. For example, attitudes of financial risk and gearing will change as different sources of finance become necessary to fund larger developments. o National cultural influences Study by Geert Hofstade shows that more individualistic cultures (aka US) are more entrepreneurial and thus, more willing to take on risks. Whereas, more collectivistic cultures like Europe, South America, etc. are less entrepreneurial and thus, less willing to be risk takers. c) Explain and assess the necessity of incurring risk as part of competitively managing a business organization. Business by its very nature is risky. Businesses have to take risk in order to develop. Concerning risk there are two possible extreme views of risks: risk averse businesses and risk seeking businesses. o Risk averse: Willing to tolerate risk up to a point provided it receives acceptable return. o Risk seeking: Are focused on maximizing returns and may not be worried about the level of risks that have to be taken to maximize returns. Businesses will probably be somewhere between. Most risk has to be managed to some extent, and some should be eliminated as being outside the business. For example, a business in a high-tech industry, such as computing, which evolves rapidly within every changing markets and technologies has to accept

high risks in its research and development activities, but should it be speculating on interest and exchange rates within its treasury function? d) Explain and assess attitudes towards risk and the ways in which risk varies in relation to the size, structure and development of an organization. Attitudes towards risk does depend on the size, structure and stage of development of the organization. o Larger organizations are more likely to have formal systems and will have to take account of varying risk appetites and incidence amongst its operations. These larger organizations are able to justify employing risk specialist.

o Risk management systems in place will be dependent on the organizations management control systems that will depend on the formality of structure, the autonomy given to local operations and the degree of centralization deemed desirable. o As the organizations develop their risk profile changes. For example, attitudes to financial risk and gearing will change as different sources of financing become necessary to fund larger developments.

Attitudes may be influenced by significant losses in the past, changes in regulation and best practices, or even changing views of the benefits risk management can bring.


1. Ethics Theories

Professional Values and Ethics

a) Explain and distinguish between ethical theories of relativism and absolutism. Absolutism There are absolute right and wrong which are applied universally. For example, you might think that slavery, war, child abuse and death penalty are morally wrong and cannot be justified under any circumstance. Relativism This view rejects the absolutist view. It states that there are no objective or absolute moral truths, and there are no universal standards of moral behavior. There are two aspects to relativism: o Descriptive ethical relativism. This view is that different cultures and societies have different ethical systems and cultures. o Normative ethical relativism. The beliefs or moral values within each culture are right within that culture. Moral values can only be judged from within the culture. b) Explain, in an accounting and governance context, Kohlbergs stages of human moral development: Kohlberg identified three levels of morality and six stages of moral development. He suggested that individuals progress through the stages of moral development during their life, one stage at a time. Many individuals do not progress to the higher stages, but cease to progress when they have reached a lower level. Although the ethical behavior of individuals is sometimes at a lower stage of development than the one they have reached, they do not regress to a lower stage of development having reached a higher one.

1. Pre-conventional level of morality. (1) Obedience and punishment. Individuals judge right and wrong on the basis of direct consequences for them of the action they took. o How will I be rewarded if I do this? o What punishment will there be if I do this? (2) Individualism and exchange. The individual recognizes that there is no single view of what is right and what is wrong. Will do what is in their best interest. For example, you might help someone if they are overworked, but in return expecting others to help them when the situation is reversed. When in this stage, companies will look at the penalties if the company does not follow regulations. 2. Conventional level of morality. (3) Good interpersonal relationships (Good boy/Good girl). Individual enters society and see morality as more than making deals for personal benefit. This is where individuals start to learn what is expected of them by their immediate circle (friends, coworkers, etc.). For example, an individual might be pressured to stay late at work because everybody else is doing so, even though it is past their prescribed hours. This is doing what the peers (competitors) are doing.

(4) Law/Order. Individual is concerned with society as a whole (not just the opinion of those around them), and the need to maintain social order. Have respect for social conventions, authority and obeying the law. This stage underlies most behavior by accountants, as they have to comply with financial reporting and CG requirements. 3. Post-conventional level of morality. This is the most advanced level that relates to individual development towards making their own ethical decisions in terms of what they believe to be right, not just acquiescing in what others believe to be right. (5) Social contract. Individual thinks about society differently from the conventional way. Recognize that people are different and have the right to their own views and opinions. At this stage, individuals talk about morality and rights from their own individual perspective, recognizing that people might disagree. (6) Universal ethical principles. Kohlberg suggested that individuals rarely reach level six of moral development. This stage is based on abstract universal ethical principles (i.e. justice, equity, rights, etc.). Individual questions the validity of laws and considers that laws are only valid if they are based on justice. Business decisions made on these grounds could be disclosure on grounds of right-to-know that isnt compelled by law, or stopping purchasing from a suppliers who test products on animals. Need to stress that when at this stage 6, reasoning may involve a personal cost, since it may mean failing to comply with existing social norms and regulations as they are seen as unethical. c) Describe and distinguish between teleological/consequential approaches to ethics: deontological and

A consequentialist approach to ethics (also called a teleological approach) is to take the view that the correctness or rightness of an action depends on its outcome (the consequences of the outcome). A consequentialist approach to business ethics is common. Many businessmen who regard themselves as ethical individuals will take the view that the rightness of an action can often be judged by the moral benefits that it will bring. For example, a deontological approach to ethics might be that it is wrong to take a away a job from a worker who has worked well and shown loyalty to the company. It is difficult to take this approach when the company is losing money and will become insolvent unless it takes measures to cut losses, including making some employees redundant. A consequentialist approach would be that although it is unpleasant to make employees redundant, this might be the right thing to do in order to keep the business in existence, providing work to the employees who remain. There are two versions of the consequentialist ethics: o Utilitarianism This is the view that the ethics of an action should be judged in terms of the good that it brings, and the best course of action is the one that brings the greatest good to the greatest number of people. The rightness of an action therefore depends on the

circumstances of the situation. This can be summed up in the greatest good principle greatest happiness of the greatest number. This principle underlies the assumption that the operation of the free market produces the best possible consequences. Free markets, it is argued, create wealth, this leads to higher tax revenue, and this can pay for greater social welfare expenditures. If you are judging something based on its providing the greatest good, then you might run into a problem. For example, greatest good might exclude minorities, which might be regarded as unethical. However, utilitarianism can be used as a guide to conduct. It has been used to derive wide ranging rules and can be applied to help us make judgments about individual, unique problems. o Egoism This states that an act is ethically justified if decision-makers freely decide to pursue their own short-term desires or their long-term interest. The subject to all ethical decisions is the self. Adam Smith argued that this pursuit is OK, since producers of goods have to offer value-for-money, since competition means that customers will buy from the competitors if they dont. Egoism can also link in with the enlightened self-interest, such as a business investing in good facilities for its work force to keep them content and hence maintain their loyalty. A criticism of this approach is that markets dont always work perfectly and some participants benefit at the expense of others. A deontological approach to ethics is associated with the ideas of the 18th century philosopher Kant. This approach takes the view that certain actions are ethically right and others are wrong. It is the action itself that makes it ethical or unethical, not the consequences of the action. This view can be simplified into a statement that it is the means that is more important than the result or ends and if it is not ethical, the means can never justify the ends.

d) Apply commonly used ethical decision-making models in accounting and professional contexts. i) The American Accounting Association model: The American Accounting Association (AAA) developed a model for ethical decision-making in 1990.
Step 1.

It is based on the teleological approach. It is based on a seven-step approach to decision-making.

Question to ask Comment It is important to establish all the relevant facts. It is difficult to make a correct decision without having a clear understanding of the facts. The decision-maker should identify what moral issues are involved (if any). What is the moral dilemma? The decision-maker should consider the ethical principles or values that ought to be considered in 88

What are the facts?


What are the ethical issues?


What moral principles, values or norms are relevant to the

decision? 4. 5. What are the alternative courses of action for the decision-maker? Which course of action seems best, because it is consistent with the moral principles and values identified in Step 3. What are the consequences of each possible course of action? What is the decision?

reaching the decision.

Each course of action should be assessed according to whether it is morally correct. Each choice is judged against the principles and values that should be applied in the case.

6. 7.

The decision-maker makes an ethical choice.

To remember the 7 steps, think of the acronym FEN ABCD. ii) Tuckers 5-question model: In using this model, need to ask the following five questions: 1) Is it profitable? Is the investment going to enable the company to make superior return than the alternatives. 2) Is it legal? Need to make sure that the investment to be made is legal in the country where the investment will be made. 3) Is it fair? Is the investment going to be fair to not only the company but to other stakeholders as well. 4) Is it right? Here you have to do an ethical assessment of the investment. 5) Is it sustainable or environmentally sound?

2. Different approaches to ethics and social responsibility

a) Describe and evaluate Gray, Owen & Adams (1996) seven positions on social responsibility. 1) Pristine capitalist. Believe in the capitalistic system (100%). Believe that capitalism is the best method for allocation of property. Believe in max shareholder wealth. Companies seek to make profits, and seek economic efficiency. Business has no responsibility to others, other than to its own shareholders. Expedients. Still believe in the above (liberal economic democracies, accepting that inequalities do happen. Therefore, businesses have to accept some governmental action to minimize inequalities. Argue that in the long-run, social legislation may actually be in the business best interest. Social contract position. Takes the expedient viewpoint and takes it a step further, in saying that companies are given a license to operate can they can operate as long as they deserve the license. If the company does something against society, then this contract can be revoked (as in the case of Arthur Anderson). Social Ecologist. They take the social contract position a step further in stating that companies should do everything they can to minimize the harm they do to the environment. Companies adopt environmentally




friendly positions, not because they have to, but because it is their responsibility to do so. 5) 6) Socialist. They believe that there is class struggle between business and workers. Believe that there has to be a redistribution of wealth. Radical Feminist. They argued that society and business are based on values that are usually considered masculine in nature, such as aggression, power, assertiveness, hierarchy, domination, and competitiveness. They argue that it is these traits, that got the world be in such a mess. They believe it would be better if society were based on feminine traits, such as equality, dialogue, compassion, fairness and mercy. Deep Ecologist. They believe that man does not have a right to use worlds resources. The current system is immoral and cannot be repaired. I guess they want us all to live in caves, or disappear completely.


b) Describe and evaluate other constructions of corporate and personal ethical stance: JSW said that there were four possible ethical stances for a business entity. 1) Short-term shareholder interests: This approach is where the company complies with all legal requirements but do not undertake any other demands that might impact short-term profitability. 2) Long-term shareholders interests: There are two reasons why an organization might take a wider view of ethical responsibilities when considering the long-term interest of the shareholder. o The org. corporate image may be enhanced by an assumption of wider responsibilities. o The responsible exercise of corporate power to prevent the buildup of social and / or political pressures for legal regulation. Freedom of action may be preserved and the burden of regulation lightened by acceptance of ethical responsibilities. 3) Multiply stakeholder obligations: The organization accepts the legitimacy of the claims or expectations of certain stakeholders like shareholders, suppliers and customers. Without these relationships, the organization could not function. 4) Shaper of society: This means changing conditions in society and altering the way that society operates and perceives itself. The media has been recognized as an important shaper of society. c) Describe and analyze the variables determining the cultural context of ethics and corporate social responsibility (CSR). Ethical decision-making depends on many factors, including the influence of a culture. Concerning cultural factors, there are two categories: 1) Individual the characteristics of the individual making the decision. 2) Situational the features of the context which determine whether the individual will make an ethical or unethical decision. Individual Influences:

Age and gender: Studies suggest that men and women might react differently to ethical dilemmas; however, empirical data does not support the idea that women are more ethical than men. National and cultural beliefs: Geert Hofstede studies indicate significant differences in the four areas: o Individualism/collectivism: US is an example of an individualist type of country. South American and Arabic countries are collectivist countries. o Power distance: This is how much a countrys society is willing to accept differences in the distribution of power and wealth. o Masculinity/femininity: This refers to the value placed on traditional male/female roles. Japan is considered to be the most masculine and Sweden the most feminine societies. o Uncertainty avoidance: This is the extent to which a countrys society attempts to cope with uncertainty. Countries that score high prefer rules and regulations. Mediterranean and Japan scored the highest. o Long and short-term orientation: Long-term oriented societies, thrift and perseverance are valued more and in short-term societies, respect for traditional and reciprocation of gifts and favors are valued more. China scored highest and Pakistan scored lowest. o Education and employment: There does tend to be some differences in ethical decision-making between those with different educational and professional experiences. o Psychological factors: This has to do with the way people think, and hence what they think is morally right or wrong. o Locus of control: This has to do with what a person believes he/she is able to control; how they are able to shape their own lives. o Personal integrity: Integrity is adhering to moral principles or values. Ethical consequences are potentially very significant, for example, in deciding to be whistleblower, despite pressure from colleagues or supervisors, or negative consequences for doing so. o Moral imagination: This has to do with the level of awareness individuals have about the variety of moral consequences of what they do, how creatively they reflect on ethical dilemmas.

Situational influences: Individuals tend to make ethical decisions based on the circumstances. Circumstances might include issue-related factors and context-related factors. o Issue-related factors include: Moral intensity: Thomas Jones proposed six criteria for deciding how ethically significant an issue was: Magnitude of consequences. Social consequences. Probability of effect.

Temporal immediacy. This is the speed with which the consequences are likely to occur. Proximity. The feeling of nearness that the decisionmaker has for those who will be affected. For example, if the decision maker has to decide who is going to be laid off. Concentration of the effect. This has to do with whether some persons will suffer greatly, or many people will suffer lightly.

Moral framing: This has to do with how issues are perceived in the organization. For example, using words such as fairness and honesty are likely to trigger moral thinking. System of reward: Reward system does have an impact for ethical behavior. For example, failing to reward for ethical behavior or penalizing whistleblowers will not encourage ethical behavior. Authority: Having authority is a method of encouraging ethical behavior. Can do this by setting targets, but making the targets attainable. Bureaucracy: Bureaucracy has to do with rules and procedures within an organization. Bureaucracy underpins the authority and reward system and may have a number of impacts on individuals reaction to ethical decision-making. Work roles: Education and experience build up expectations of how people in particular roles will react. Organizational field: Organizations within an organization field tend to share a common business environment, such as a common system of training and regulation. This means that they tend to cohere round common norms and values. As an example, a private sector manager joining a public service organization has to get used to the norms and values of the new organization; for example, the manager now has to get consensus when making a decision, whereas before, the manager made the decision alone. Organizational culture: This is the basic assumptions and beliefs that are shared by members of an organization, that operate unconsciously and define in a basic taken-for-granted fashion an organizations view of itself and its environment. Culture relates to: Values. Beliefs. Behaviors.

o Context-related factors include:


Taken for granted assumptions. These are the core of the organizations culture which people find difficult to explain but are central to the organization.

National and cultural context: This is the nation in which the ethical decision is made rather than the nationality of the decision-maker. For example, if a person spends a certain length of time working in a different country, then the persons views of ethical issues may be shaped by the norms of the other person, for example, on sexual harassment, etc. Globalization may complicate the position on this.

3. Professions and the public interest

a) Explain and explore the nature of a profession and professionalism. Profession has to do with the nature of the individuals work. For example, if you are an accountant, then you would probably have to belong a professional organization (e.g. ACCA, ACA, AICPA, CIMA, etc.), which intends to promote the work that you do. Professions are organized groups of highly-skilled individuals. And, organized by self-regulating professional body. Professionalism means avoiding actions that bring discredit on the accountancy profession. o Professional behavior imposes an obligation on professional accountants to comply with relevant laws and regulations and avoid any action that may bring discredit to the profession. b) Describe and assess what is meant by the public interest. The public interest is considered to be the collective well-being of the community of people and institutions the professional accountant serves, including clients, lenders, governments, employers, employees, investors, the business and financial community and others who rely on the work of professional accountants (IFAC). Accountants should act in the publics interest there is no clear definition of what is in the public interest, but in the public interest is usually associated with matters such as: o Detecting and reporting any serious crimes. o Protecting health and public safety. o Preventing the public from being misled by a statement or action by an individual or an organization. o Exposing the misuse of public funds and corruption in government. o Revealing the existence of any conflict of interests of those individuals who are in a position or power or influence. c) Describe the role of, and assess the widespread influence of, accounting as a profession in the organizational context.

The influence of the accountancy profession is huge. Its huge because accountants dominate senior business positions in many countries and accountants are involved in many different areas, including: o Financial accounting. o Audit. o Tax. o Public sector accounting. o Management accounting. o Consulting.

Based on this, the accountancy profession will undoubtedly have a significant impact on the organizations they work for. Accountants put together the numbers that are used by all spheres of society (i.e. investors, managers, governments (tax collectors), employees, employee unions, etc.). Therefore, the numbers included in the accounts can have a number of impacts: o Mechanistic issues are where the numbers are used to judge the performance of a company or its directors in line with the regulation or contract. Examples are company borrowing limits which are frequently defined as a multiple of share capital and reserves and directors bonus schemes that are based on some portion of reported profit. o Judgmental issues are where the figures in the accounts influence the judgment of their users. The accounts may influence not just the view of investors, but governments seeking to assess what a reasonable tax burden would be and employees determining their wage claims.

d) Analyze the role of accounting as a profession in society.

e) Recognize accountings role as a value-laden profession capable of influencing the distribution of power and wealth in society. It is highly arguable whether the accountancy profession is value-laden or not. Accountants put together the numbers that go into the accounts are used by all facets of society; from an organizations management whose performance is judged based on the numbers; to the tax authorities who use the numbers to determine the amount of tax owed to the government; to the employees whose bonuses are based on the profitability of the company, to the government who uses the numbers to judge the effectiveness of the governments services provided; to investors who use the numbers make a decision on whether to invest or not, or even determine the share price of the organizations shares. Ultimately, organizations are successful if they are able to use the numbers in the accounts (e.g. financial statements) to make decisions that will help an organization grow and be profitable. Accounting information assumes that accountants are producing information for individuals or corporations seeking to maximize their personal wealth.


o If this is moral justification, then this has to do with the idea of liberal economic democracy, where individuals should be free to exercise their economic choices and are equally able to do so. o The result of this is that individuals pursuit of economic benefit is economic efficiency, maximum profits and economic growth, and everyone with society being better off. Criticism of liberal economic democracy: o Lack of equality. Individuals are not equal economically; therefore they are not able to make economic choices that will benefit themselves. o Role of institutions. This has to do with the thought that individuals do not exercise real power, but institutions principally the government and corporations. o Failure to increase social welfare. The argument that the pursuit of individual self-interest leads to maximum social welfare is very tenuous. This is because there is no guarantee that all aspects of social welfare will be maximized. Critics claim that economic growth has been at the expense of a widening gap between rich and poor, both within developed countries and between developed countries and the third world.

o Environmental problems. Critics claim that economic growth is at the expense of the environment. By aiding the promotion of economic growth, accountants are complicit in supporting activity that harms the environment.

o Ethical viewpoint. Critics claim that accountants are complicit in a version of utilitarianism with economic ends justifying the means rather than another (preferable) ethical position. f) Describe and critically evaluate issues surrounding accounting and acting against the public interest. Criticism has to do with the rules that the profession has to follow. They argue that the rules: o Are too passive. This allows for variety has accounting treatment; failing to impose meaningful responsibilities on auditors such as the explicit responsibility to detect and report fraud. o Emphasize the wrong principles. This has to do with giving priority over confidentiality over disclosures in the wider public interest. o Allows auditors to develop long-term cozy relationship with clients rather than forcing them to maintain their distance. o Allow the creation of a too small a number of large firms (Big 4) who dominate the audit of major listed companies. However, we have seen over the past ten years, particularly from the fallout from the Enron case, where governments have established stricter rules over the accounting profession and the ways an organizations board operates (e.g. board is made up of a majority of independent NEDs).

4. Professional practice and codes of ethics

a) Describe and explore the areas of behavior covered by corporate code of ethics. There are five main areas that are covered in an organizations code of ethics. 1) Stating what an organizations values are. Code is intended to promote values that are linked to the organizations mission statement. 2) Promotion of stakeholder responsibilities. Code can be used to identify whom the organization regards as important stakeholders. They can show what action can be taken to maintain good stakeholder relationships. They can show external stakeholders that they are dealing with people who do business fairly. 3) Control of individuals behavior. Ethical codes can be referred to when employee actions are questioned. 4) Promotion of business objectives. Codes can be very useful when trying to solidify a companys strategic position. Taking a strong stance on responsibility and ethics and earning a good ethical reputation can enhance appeal to consumers in the same way as producing the right products of good quality can. 5) Conveying values to stakeholders. The code can be used as a communication devise, not only acting to communicate between partners and staff, but also increasing the transparency of the organizations dealings with its stakeholders. b) Describe and assess the content of, and principles behind, professional codes of ethics. The content of a corporate code of ethics is normally quite short, dealing with each point in just a few sentences, and sometimes in just one sentence. Typical code contains: o General statement about ethical conduct of the employees. o Specific reference to the companys dealings with each stakeholder group, such as employees, customers, shareholders and local communities. Might contain statements about the values of the company, such as: o Acting with integrity at all times. o Protecting the environment. o The pursuit of excellence. Respect for the individual. Objectivity. Members should be unbiased and impartial when providing business services. This means that members should not allow bias, conflict of interest or undue influence of others to override professional or business judgment.

Fundamental principles include:

Professional competence and due care. This is where members have to have the skill and knowledge to do his or her job. The client has to feel comfortable with the services being provided. Professional behavior. Members have to comply with all laws and regulations and should avoid any action that discredits the profession. Integrity. Members should be straightforward and honest in all business and professional relationships. Confidentiality. Members have a responsibility to respect the confidentiality of information acquired as a result of professional and business relationships and should not disclose any such information to third parties without proper or specific authority or unless there is a legal or professional right or duty to disclose.

c) Describe and assess the code of ethics relevant to accounting professionals such as the IFAC or professional body codes. Fundamental principles: o Technical standards. The accountant must perform his or her job within the relevant technical and professional standards. Technical and professional standards would include:: Standards issued by the IFAC or a similar national regulatory body. Financial reporting standards (US GAAP, or IFRS, or RAS). Standards and regulations accountancy body. of the members professional

Relevant legislation (Sarbanes-Oxley, Foreign Corrupt Practices Act, etc.).

o Objectivity. This means being unbiased and impartial, not having any conflict of interest issues. This also means not having undue pressure from others, for example, management wants the accountant to modify an engagement report because the conclusion is unpopular. o Professional competence and due care. Accountants need to be competent in the work they do. This means have the necessary skills and knowledge to perform their duties. Should strive to improve and stay on top of what is going on in the profession. o Professional behavior. Accountants are required to observe relevant laws and regulations and to avoid any actions that would discredit the accountancy profession. This requirement covers advertising by accountants, which must be truthful and must not disparage the services provided by rival firms. o Integrity. Requirement of fair dealing. The accountant needs to be straight forward, honest and truthful. This means that the accountant should not supply any information which could be misleading, false or deceptive. For example, the accountant will not modify a report unless factual errors are known to exist. o Confidentiality. Need to respect the confidentiality of information obtained during your work. Information may not be used to enrich oneself.

Use the mnemonic TOPPIC to remember the ACCAs code of ethics. The ACCA Code explains the fundamental principles as follows: Ethics is about the principles we use today to judge the right and wrong of our actions. It is about the fundamental principles that our members view and agree to each year when they review their ACCA membership and submit their CPD (continuing professional development) return.

5. Conflicts of interest and the consequences of unethical behavior

a) Describe and evaluate issues associated with conflicts of interest and ethical conflict resolution. A threat to independence of accountants in practice includes self-interest, selfreview, advocacy, familiarity, and intimidation. Accountants in practice may face conflict of interest between their own and clients interest, or between the interest of different clients. Therefore, audit firms should take reasonable steps to identify circumstances that could pose a conflict of interest. Threats to independence includes:
Conflict of interest Self-interest threat. Having a financial interest in a client. This can affect the objectivity of the accountant. Examples include: Financial interest. Close business relationship. Employment with assurance client. Partner on client board. Family and personal relationship. Gifts and hospitality. Loans and guarantees. High % of fees. Lowballing. Safeguards Discussing the issue with the clients AC. Taking steps to reduce dependency on client. Consulting an independent 3rd party like the ACCA. Maintaining records, compliance with all laws, audit standards and the internal quality control procedures.

Self-review threat. This threat arises where an audit firm provides services other than audit services to an audit client. Recent service with assurance client. General services. Preparing accounting financial statements. Valuation services. Tax services. Internal audit services. records and

Safeguards might include: Obtaining a quality control review of the individuals work on the assignment. Discussing the issue with the AC. Resigning from the assurance engagement. Making appropriate disclosures about the arrangement. Ensuring non assurance team staff are used for these roles. Using staff members other than assurance team members to carry out work. 98

Corporate finance. Other services (e.g. IT services, legal services, etc.).

Advocacy threat. Accountant promotes the point of view of a client, where the accountants objectivity is compromised. Legal services. Firm offered legal services to client and had to defend them in a legal case or provided evidence on their behalf as an expert witness. Corporate finance. Firm carried out corporate finance work for the client and was involved in advice on debt reconstruction and negotiated with the bank on the clients behalf. Familiarity threat. Knowing someone very well, possibly through a long association in business. Think Enron and Arthur Anderson. Where there are family and personal relationship between the client/firm. Employment with assurance client. Recent service with assurance client. Long association with the client.

Obtaining client approval of work. Second party review. Confirming that the client understands the valuation and the assumptions used. Ensuring that the client takes responsibility for the valuation. Relevant safeguards might be to use different departments in the firm to carry out the work and making disclosures to the audit committee.

Safeguards might include:

Rotating senior staff off the assurance team. Use second partners to carry out reviews and obtaining independent (but internal) quality control reviews.

Intimidation threat. This arises when members of the assurance team have reason to be intimidated by client staff. Examples: Close business relationship. Family and personal relationship. Assurance staff members employment with client. Litigation. move to

Safeguards might include:

Disclosing to the AC the nature and extent of the litigation. Removing specific affected individuals from the engagement team. Involving an additional professional accountant on the team to review work.

b) Explain and evaluate the nature and impacts of ethical threats and safeguards. The accountant in business may face a variety of difficulties including conflicts between professional and employment obligations, pressure to prepare misleading information, whether the accountant has sufficient expertise, financial interest or inducements.
Ethical threat Conflict between requirements of the employer and the fundamental principles. Safeguard Obtaining advice from the employer, professional organization or professional advisor. The employer providing a formal dispute 99

For example, acting contrary to laws or regulations or against professional or technical

standards. Preparation and reporting on information.

resolution process. Legal advice. Consult with superiors in the employing entity. Consult with those charged with governance. Consult with the relevant professional body. Obtain additional training. Negotiate more time for duties. Obtain assistance form someone with the relevant experience. Remuneration being determined by other members of management. Disclosure of relevant interests to those charged with governance. Consult with superiors professional body. or relevant

Accountants need to prepare/report on information fairly, objectively and honestly. However, the accountant may be pressured to provide misleading information. Having sufficient experience. Accountants need to be honest in stating their level of expertise - and not misleading employers by implying they have more expertise than they actually do process. Financial interest.

Situation where the accountant or close family member has financial interest in the employing entity. Examples include the accountant being paid a bonus based on the financial statement results which he is preparing, or holding share options in the entity. Inducements receiving offers.

Do not accept the inducement. Inform relevant third parties such as senior management and professional association.

Refers to incentives being offered to encourage unethical behavior. Inducements may include gifts, hospitality, preferential treatment or inappropriate appeals to loyalty. Objectivity and /or confidentiality may be threatened by such inducements. Inducement giving offers. Refers to accountants being pressured to provide inducements to junior members of staff to influence a decision or obtain confidential information. Confidential information. Accountants should keep information about their employing entity confidential unless there is a right or obligation to disclose, or they have received authorization form the client. Whistleblowing. Situations where the accountant needs to consider disclosing information although there is no obligation form statue or regulation. Disclosure would therefore be in the public interest.

Do not offer the inducement.

Disclose information in compliance with relevant statutory requirements, e.g. money laundering regulation.

Follow the disclosure provisions of the employer, e.g. report to those responsible for governance. Otherwise, disclosure should be based on assessment of: Legal obligations. Gravity of the matter. Whether members of the public will be 100

adversely affected. Likelihood of damage to reputation. Reliability of the information. Reasons why employer does not want to disclose.

c) Explain and explore how threats to independence can affect ethical behavior. There are number of different threats to independence, such as:
Threats to independence Financial interest an accountant holds shares in the clients entity. Possible effect on ethical behavior Conflict between wanting a dividend from the shareholding and reporting the financial results of the entity correctly. May want to hide liabilities or overstate assets to improve dividends. Conflict between wanting a dividend from the shareholding and providing an honest audit report on the entity. May want to hide errors found in the financial statements to avoid, qualifying the audit report and potentially decreasing the dividend payment. Self-interest threat. May decide not to qualify the audit report to ensure that the financial interests of the family member are not compromised. May also be an intimidation threat if an employee, the assurance client may threaten to fire the family member if a qualified audit report is produced. Self-interest threat. There may be a conflict between potential qualification of the entity financial statements and losing the friendship/golf with the chairman. Intimidation threat. The client may threaten to default on the payment unless more work is carried out by the assurance firm. The assurance firm may also be seen to be supporting the client financially, implying that any report will be biased because the firm wants the loan to be repaid. This might be seen as a bride by the client. The partner may accept the car and not report this. Conflict of interest because the assurance partner would not qualify the audit report since the family member is close family member. Self-interest and self-review threats. The partner would have a conflict between producing information for audit and then reporting on that information. The partner may either miss errors or even decide to ignore errors identified to avoid having to admit to mistakes being made. 101

Financial interest an auditor holds shares in a client entity.

Close family member has an interest in the assurance client.

The assurance partner plays golf on a regular basis with the chairman of the board of the assurance client. Fee due from the client is old and the assurance firm is concerned about payment of the fee.

An entity offers an assurance partner an expensive car at a considerable discount. A close family member is a director of the client entity. An assurance partner serves as an officer on the board of the assurance client.

Conflicts of interest and ethical conflict resolution When accountants are faced with ethical problems, they need to know what to do. There are two possible approaches that the professional accountancy bodies could take: rules based approach and a principles-based approach. i. Rules based approach is to identify each possible ethical problem or ethical dilemma that could arise in the work of the accountant and specify what the accountant must do in each situation. ii. Principles-based approach is to specify the principles that should be applied when trying to resolve an ethical problem, offer some general guidelines but leave it to the judgment of the accountant to apply the principles sensibly in each particular situation. o Main reason for taking the principles based approach is that it is impossible to identify every ethical situation that accountants might face, with differing circumstances in each case. iii. The recommended approach (principles-based) approach to resolving ethical problems: o Identify threats to compliance with the fundamental principles. o Evaluate the threat. Qualitative and quantitative factors should be considered in the assessment of a threat to compliance. If it is insignificant it may be ignored, but others should be dealt with. o Respond to threat. If the threat is not insignificant, the accountant should apply appropriate safeguards, if he or she can, to eliminate the threat or reduce the threat to an insignificant level. o If suitable cannot be applied, more drastic action will be needed, such as refusing to carry out a professional service ending the relationship with a client or resigning from the job. d) Explain and explore bribery and corruption in the context of corporate governance, and assess how these can undermine confidence and trust. Bribery is the offering, giving, receiving or soliciting of any item of value to influence the actions of a governmental official or other person in charge of a public or legal duty (Blacks Law Dictionary). Corruption can be defined as deviation from honest behavior.

The involvement of directors and other responsible for corporate governance in bribery and corruption can undermine the relationship of trust upon which corporate governance is based. Bribery The intent of a bribe is to influence the actions of the recipient. It may or may not involve money. o Granting a privilege to the recipient. o Payment does not have to take place to be effective. Promising to do something would be enough. Others may be complicit if they know of the bribe and fail to report it.

Legislation such as the Foreign Corrupt Practices Act and Bribery Act of 2011 makes commercial organizations liable if their employees pay bribes, unless they take adequate procedures to prevent bribery. Bribery is a form of corruption. Other forms of corruption include: o Abuse of the system This is when a person uses the system for improper purposes. o Bid rigging This is when a contract is promised to a party in advance, although other parties have been asked to participate. o Cartel This is a secret agreement by supposedly competing producers to fix prices, quantity or market share. o Influence peddling This is using personal influence in government or connections with persons in authority to obtain favors or preferential treatment for another, usually in return for payment.


Undermining the confidence and trust in Corporate Governance Bribery and corruption is an issue for companies because companies that deal in bribery or corruption: Lack honesty and good faith This means a person with corporate governance responsibility will no longer be acting impartially and in accordance with a position of trust. It violates a duty of service. Conflict of interest Those taking brides face a conflict between their legitimate duty and responsibilities, and any personal gains they may make through unethical activities. Personal gains does not necessarily always mean taking money. A manager involved in bid rigging may generate higher profits for the company, which enhances the managers performance bonus. International risk management UK Bribery Act of 2011 acknowledges that commercial organizations in some parts of the world and in some sectors may come under pressure to pay facilitation fees to foreign officials in order to conduct business in the foreign country. The issue of whether a company has to pay bribes to conduct business is debatable. It is argued that if a company had effective controls in place for assessing and managing risks, then they should probably decide to avoid these places anyway. Economic issues Bribery and corruption results in a misallocation of resources. Contracts are not necessarily going to the most efficient producer but to the producer that pays the highest bribe.

Therefore, bribery disrupts the establishment and operation of the markets. Participation in economic activity is less likely if it is felt that bribery or marketrigging make it unlikely that an acceptable return will be achieved for the risk taken. Professional reputation If accountants are found of guilty of bribery or corruption, then the accountant could lose his/her license. e) Describe and assess best practice measures for reducing and combating bribery and corruption, and the barriers to implementing such measures. Recent legislation in certain countries has put pressure on businesses to introduce sufficient controls, such as UK Bribery Act. In the US there is the Foreign Corrupt Practices Act which deals with bribery and corruption. Measures to combat bribery and corruption include: Establishing the right culture in the organization o Directors may seek to establish a commitment against corruption by a formal statement, setting out a zero tolerance policy and setting out consequences for employees and/or managers who transgress. o This statement could be a statement beyond the companys code of conduct statement. o Commitment of the management team should be reinforced by the involvement of senior management in the development and implementation of bribery prevention procedures. o Communicate the organizations policies and procedures, and provide training in their application is important in developing the right culture. Training should include general training on the threat of bribery on induction, and also specific training for those involved in higher risk activities such as purchasing and contracting. o Companies need to be aware that if employees receive mixed signals then this could affect the success of other measures. Having a code of conduct. A code of conduct is perhaps the most important element of communicating that bribery and corruption is not tolerated in the company. o Codes include includes provisions about dealing truthfully with suppliers and refraining from seeking or participating in questionable behavior to secure competitive advantage. o Business need decide that they need a separate anti-bribery code. Risk assessment. Identification of circumstances where bribery may be a problem must be built into business risk assessment. o Sensitive areas could include the activities of intermediaries or agents or staff within the organization responsible for hospitality or promotional expenditures. Note: UK guidance stresses that risk may change over time (for example as the business enters new markets) and so may need to be reassessed. A poor internal control environment may also be a factor that contributes significantly to increased risk.

Conduct of business. The UK guidance states, a strong tone at the top and the ethical code may be undermined by a lack of detailed guidance on the implementation of anti-bribery procedures.

Note: UK Bribery Act suggests that what is seen as adequate protect against bribery or corruption will depend on the bribery risks faced by the organization, and the nature, size and complexity of the business. The Act is based on six principles: Proportional procedures measures should be proportional to the risks and nature, size and complexity. Top level commitment top management needs to be committed to preventing bribery and promoting a culture where bribery is seen as unacceptable. Risk assessment organizations should assess the nature and extent of their exposure to bribery internally and externally. Due Diligence The organization should carry out due diligence procedures in relation to those who perform services for it, or on its behalf. Communication Prevention policies should be embedded and understood in the organization throughout the organization through communication and training. Monitoring and review The organization should monitor and review anti-bribery procedures and improve them as required. The guidance states that risks are dynamic and thus, may need to change if risks alter.

6. Ethical characteristics of professionalism

a) Explain and analyze the content and nature of ethical decision-making using content from Kohlbergs framework as appropriate. Ethics models (i.e. Tucker model and AAA model) are intended to help you come to the right ethical decision. It does this by understanding the ethical issues, and then getting you to understand the possible alternatives that can be taken. Once you understand the alternative actions, it should be easier for you evaluate the alternatives so you can make the right decision. Kohlbergs model talks about the stages of moral development. Kohlberg identified three levels of morality and six stages of moral development: preconventional, conventional and post-conventional. Kohlbergs model cannot be used to derive the right ethical decision, but it can be used to understand how different people would operate at each of Kohlbergs level (pg. 271). o For example, the text book related this to Tuckers ethical model.
Pre-conventional Profitability A very important criteria, as the pre-conventional level is based on the idea of rewards for self. Conventional Profitability may be seen as quite important depending on the local ethos very important if the decision maker works in a major financial center. Decision makers will also be influenced by any local requirements in company law to seek Post-conventional Surprisingly, perhaps this could be a very important criteria. Equally, it could have no importance if the decision maker believes it goes against other concepts. Those holding the pristine capitalist viewpoint would argue that companies have a


profit maximization.

moral duty to make profits to reward the shareholders whose finance underwrites their existence. Use of money for other purposes is effectively theft of shareholders funds under this stance.

b) Explain and analyze issues related to the application of ethical behavior in a professional context. In any situation dealing with ethical decisions, the following are the practical steps that can be taken. o Analyze the situation for ethical problems. o Identify the ethical issues. o Consider the alternative solutions. o State the best course of action based on the steps above. o Justify your recommendation (decision). c) Describe and discuss rules based and principles based approaches to resolving ethical dilemmas encountered in professional accounting. Rules-based is a code would contain specific rules about how they should act in a specific situation. o Weakness to rules based, is that some circumstances can be complex and varied and thus make it impossible to plan for every situation. o Over time, situations might change. Therefore, would have to update the code on a regular basis. o Ethical views differ between countries and cultures. Behavior that might be considered unethical in one country might be considered OK in another. Principles-based code is a code that specifies general principles of ethical behavior and requires the accountant to act in accordance with the principles. o The accountant has to use best judgment in these cases.

7. Social and environmental issues in the conduct of business and ethical behavior.
a) Describe and assess the social and environmental effects that economic activity can have (in terms of social and environmental footprints). There is increasing concern about business relationship with the natural environment. Businesses may suffer significant costs and a loss of reputation if problems arise. Many businesses anticipate increased regulation in this area and wish to avoid the costs associated with poor reputations.

Other businesses are motivated by the increased need for efficiency and the need to reduce waste. The effects that businesses have on society and the environment is often referred to as footprints. We describe these below: Social and Environmental footprint. A footprint is the mark that is left behind in the sand. o A social footprint is the effect the company has on the society (i.e., employees, communities) in which it operates. o In general, economic activity provides social benefits: wealth, higher standards of living, better health; however, it might also create social damage (e.g. use of child labor). o A social footprint might be measured in terms of: The number of jobs provided. Non-discrimination at work (composition of the workforce). Health and safety measures (e.g. accidents per employees). 1,000

o An environmental footprint is the effect of a companys operations on the environment. This could include the use of non-renewable resources, such as oil and gas, the depletion of scarce resources, the waste of natural resources, pollution and the creation of waste, carbon emissions, noise pollution, and so on. o A company might have environmental policies for reducing its environmental footprint: Reducing use of depleting materials or non-renewable materials. Reducing pollution and waste (e.g. reducing CO2 emissions, recycling, waste disposal). Improving the health and safety of the work environment.

Both social footprint and the environmental footprint should be measurable, so that changes over time in the size of the footprint can be managed and monitored. Impact of environmental costs. These costs can be divided into direct and indirect costs. o Direct costs would include the costs of disposing of waste, remediation costs, compliance costs, legal costs, fines, environmental labeling and certification costs and staff training. o Indirect costs would include compensation costs to those whose health may be adversely affected, the sustainability of certain natural resources and the need to replace them with more expensive alternatives, the risk of impaired asset values like share prices due to poor environmental policies and impact of public perception on brand values, market share and sales.


b) Explain and assess the concept of sustainability and evaluate the issues concerning accounting for sustainability (including the contribution of full cost accounting). Sustainability has to do with meeting the needs and wants of consumers today, without sacrificing the needs and wants of future generations. Sustainability means limiting the use of natural resources to a level where they can be replaced by the environment. Sustainability questions: o For whom: what species other than man. o In what way: Purely an ecological focus or does it extend to social sustainability which includes physical and mental health and wellbeing? o For how long: This is the question of generational equity, should this generation reduce per capita consumption or how many generations. o At what cost: This is the cost to the economy. o By whom: Governments or individuals, unilateral or multi-lateral, national or global. In the debate on sustainability, you need to understand the distinction between weak and strong sustainability. Weak sustainability: o Human beings need to prevail. o The natural environment can regarded as a resource. However, the human race needs to have better mastery of the natural environment. This can be done by incremental changes driven by market forces and legal regulation. Economic development is need to drive necessary technological changes. This is similar to the social ecologist perspective of CSR as identified by Gray, Owens, & Adams.

Strong sustainability: o Harmony with the natural world is our aim. o The environment sustains all species of life. o Current economic consumption must change. o Supporters of strong sustainability argue that fundamental changes are needed in society. o They argue that the time span may be several centuries and will require participation from governments and society to achieve. o This viewpoint is linked to the deep ecologist approach identified by Gray, Owens & Adams.

Full cost accounting: o FCA is at its simplest a system that allows current accounting and economic numbers to incorporate all potential/actual costs and benefits into

the equation including environmental (and perhaps social) externalities to get the prices right. o There are five tiers to FCA. Tier 0 (Usual costs) This is the basic accounting numbers. Tier 1 (Hidden costs) These costs include those hidden costs such as overhead costs of management systems and safety. Tier 2 (Liability costs) These costs include contingent liability costs, such as clean-up costs, etc. Tier 3 (Less tangible costs) These costs include the costs of poor environmental management costs, which might include loss of good will, reputation risks, etc. Tier 4 (Environmental focus costs/cost of prevention) This is the costs where the project has zero environmental effect.

Advantages of FCA: o Better knowledge of the extent of a companys environmental footprint. Investors are in a better position to assess the risks involved in the companies activities. o Able to reduce environmental footprint. If able to assess the significance of the organizations environmental footprint, then in a better position to actually reduce per unit and absolute resource usage. o Assist in decision-making. FCA can inform decision-making by allowing comparisons between externalities created by different investment decisions. Environmental costs identified under FCA will be indicators of future business costs in other areas. o Can lead to favorable PR. By using FCA, a company is able to demonstrate that its products or processes do not have a significant impact on the environment.

Disadvantages of FCA: o Have to collect and process a lot more data. Some suggest to adopt lifecycle accounting. o Not understanding which costs figures to use. One example is the choice between using the costs of correction (clean-up costs) or using costs of prevention (costs of changing the way business is conducted). o Translating activities into impacts. The translation process depends on the (possibly limited) state of scientific knowledge. o Limitation of business level analysis. In a lot of cases, businesses are just too small to use FCA. o Inclusion of social externalities. If using natural environmental effects, then it would seem reasonable to try to account for social effects. However, there are then additional problems of definition and measurement. o Impression given. FCA may show an alarming picture, suggesting that strong sustainability are needed rather than weak sustainability solutions.


o Compulsory FCA. If governments go future towards FCA, it might drive some businesses to locate in countries where FCA is compulsory. Thus, there is an export the externalities to developing nations. c) Describe the main features of internal management systems for underpinning environmental accounting such as EMAS and ISO 14000. As organizations move towards establishing the eco-credentials of their products, there are two internationally recognized standards that they can apply for. These include: The ISO 14000 series of standards, issued by the International Organization for Standardization. This environmental standard was first published in 1996. It provides a general framework of environmental quality standards based upon formal certification. Companies that want to be in compliance with ISO 14000 are required to have an audit each year of their system. These audits are to be undertaken by an independent external expert. Internal auditors can help to make sure that the company is in compliance with ISO 14000. Critics argue that it places more emphasis on the procedures for maintaining environmental quality than on the measurement of environmental results. ISO standards state that an EMS (Environmental management system) should be comprised of: o An environmental policy statement. o Independent assessment of the organizations environmental impact and obligations. o An effective EMS. o Internal audits of EMSs and reports to management. o An annual compliance declaration. EMAS: the Eco-Management and Audit Scheme in the EU. o This is a scheme where environmental reports are subject to independent verification (aka audit). o It was adopted in 1993 as a voluntary scheme. It has been adopted more widely in Germany. o Many countries lobbied against it as it was seen as imposing excessive reporting requirements. o It emphasizes setting targets and improvements. It has to do more than just monitor operations. It is intended to improve environmental performance and disclosures. o The scheme requires: An environmental policy statement (EPS). On-site environmental reviews. Environmental management systems.

Environmental audits from independent approved bodies. Done at least every three years.

Environmental policy statement (EPS) should outline the basis for future actions to be undertaken. o It should be based on reliable data. o It should set specific targets. o There are two types of EPSs: Internal statements these are tailored to the organizations specific requirements and mission statements. External charter adoption Compliance with generally published (EMAS) objectives which allows for international comparisons.

f) Explain the nature of social and environmental audit and evaluate the contribution it can make to the development of environmental accounting. Social and environmental audits are designed to ascertain whether the organization is complying with codes of best practice or internal guidelines, and is fulfilling the wider requirements of being a good corporate citizen. Social Audit may cover: o Sustainable use of resources, o Health and safety compliance, o Labor conditions, and o Equal opportunities. Through social auditing, an entity is able to assess and demonstrate its social, economic and environmental benefits. It also measures the extent to which an entity achieves its objectives as set out in its mission statement. Additionally, it establishes the process for the environmental audit.

An environmental audit is a systematic, documented, periodic and objective evaluation of how well an entity, its management and equipment are performing, with the aim of helping to safeguard the environment by facilitating management control of environmental practices and assessing compliance with entity policies and external regulation. Environmental audits are becoming more important because investors are increasingly interested in the environmental footprint of a company as well as its economic performance. o There is a growing opinion among investors that environmental issues are a potential source of risk to a companys business and reputation, and environmental issues must therefore be managed. o There is an increasingly greater number of ethical investors who prefer to invest in companies with strategies for sustainable business. o Consumers are gradually moving towards a preference for purchasing environmental-friendly products rather than cheaper alternatives.

It normally involves the implementation of ISO 14000 or EMAS. Without social and environmental auditing, environmental accounting would not be possible. Environmental accounting provides evidence of the achievement of social and environmental objectives. o One type of environmental accounting is environmental ABC. Similar to normal activity-based costing. An activity is identified for costing: it might be an environmentrelated activity such as waste recycling or pollution control. Costs are identified and recorded for the activity (environmentalrelated costs). A cost driver is identified for the activity (e.g. volume of waste, volume of emissions, and toxicity of emissions , etc.). Costs are calculated on the basis of the cost driver, e.g. environmental cost of waste recycling per ton of waste produced.

o Another type of environmental accounting is environmental life cycle costing. All the costs of the product, including its environmental costs are measured over the life of the product. High environmental costs might be incurred at the end of the products life (e.g. contamination). Decisions to go ahead with a new product will depend on all costs over the life cycle. Measures can be taken from an early stage to reduce the total of those costs (e.g. reducing contamination at the end of the life cycle, recycling materials).