You are on page 1of 114


ACCA P1 Governance, Risk and Ethics

Carl R. Burch

I put together these P1 notes when studying for the exam. Thought that it would be good to share
them with you. Good luck with your Exam. If you have comments or questions you can reach me at
the following email addess:

Table of Contents
A. Governance and Responsibility .................................................................................... 1

THE SCOPE OF GOVERNANCE...............................................................................................................1

AGENCY RELATIONSHIP AND THEORIES ...............................................................................................7
THE BOARD OF DIRECTORS ...............................................................................................................13
BOARD COMMITTEES .........................................................................................................................23
DIRECTORS REMUNERATION .............................................................................................................26
DIFFERENT APPROACHES TO CORPORATE GOVERNANCE ....................................................................29
CORPORATE GOVERNANCE AND CORPORATE SOCIAL RESPONSIBILITY ...............................................39
GOVERNANCE: REPORTING AND DISCLOSURE ....................................................................................41

B. Internal Control and Review ...................................................................................... 47


MANAGEMENT CONTROL SYSTEMS IN CORPORATE GOVERNANCE......................................................47

INTERNAL CONTROL AND REPORTING ................................................................................................62
MANAGEMENT INFORMATION IN AUDIT AND INTERNAL CONTROL .....................................................64

C. Identifying and Assessing Risk................................................................................... 67

1. RISK AND THE RISK MANAGEMENT PROCESS ......................................................................................67
2. CATEGORIES OF RISK .........................................................................................................................68
3. IDENTIFICATION, ASSESSMENT AND MEASUREMENT OF RISK .............................................................74

D. Controlling and Managing Risk ................................................................................. 79

1. TARGETING AND MONITORING OF RISK ..............................................................................................79
2. METHODS OF CONTROLLING AND REDUCING RISK .............................................................................80
3. RISK VOIDANCE, RETENTION AND MODELING ....................................................................................82

E. Professional Values and Ethics .................................................................................. 86


ETHICS THEORIES ..............................................................................................................................86

DIFFERENT APPROACHES TO ETHICS AND SOCIAL RESPONSIBILITY ....................................................89
PROFESSIONS AND THE PUBLIC INTEREST ...........................................................................................93
PROFESSIONAL PRACTICE AND CODES OF ETHICS ...............................................................................96
ETHICAL CHARACTERISTICS OF PROFESSIONALISM ..........................................................................105



Governance and Responsibility

1. The Scope of Governance

a) Define and explain the meaning of corporate governance.
The OECD says corporate governance is a:
set of relationships between a companys directors, its shareholders and other
structure through which the objectives of the company are set, and the means of
obtaining these objectives and monitoring performance.
The IIA says governance is:
the system by which a company is controlled and directed. Governance includes the rules
and procedures for making decisions on corporate affairs to ensure success while
maintaining the right balance with stakeholders interest.
Governance is the leadership and direction given to a company so that it can achieve the
objectives of its existence.
Note: Important points are boxed.

Cadbury Report of 1992 said:

Corporate Governance is the system by which organizations are directed and
Explain the meaning of governance:

Governance is the leadership and direction given to a company so that it

achieves the objectives of its existence.

Management is about making business decisions: governance is about

monitoring and controlling decisions.

Governance is not about formulating business strategy for the company.

However, the responsibility of the board and senior managers for deciding
strategy is an aspect of governance.

Benefits to having GOOD corporate governance processes:

The company will have improved risk management system.

There will be clear accountability for executive decision making.

It focuses management attention on introducing appropriate systems of

internal control.

It encourages ethical behavior and a CSR (Corporate Social Responsibility)


It can help safeguard the organization from the misuse of assets and possible

It can help to attract new investment into a company.


Seeks to put limits on excessive director remuneration.

Downside to governance:

It could develop an excessively risk adverse culture amongst mangers.

There could be too much reporting and not enough time to seek and pursue
profit making activities.

It could damper entrepreneurial activities.

There could be too much excessive supervision, red tape and bureaucracy.

The cost of operating internal controls exceeds any possible benefits.

There is the possibility that the focus on meeting different stakeholder

expectations will confuse management as to their corporate responsibilities.

b) Explain, and analyze the issues raised by the development of the joint stock
company as the dominant form of business organization and the separation of
ownership and control over the business activity.

Joint stock companies have multiple shareholders. The shareholders own the
company but generally do not run the company. There is a separation of
ownership and control. In order to maintain control over the company,
shareholders elect a board of directors who have oversight authority. The
board then hires the CEO who is then responsible for putting together the
management team to run the company.

Since management does not have a vested interest in the company, they
might not care as much whether the objectives of the company are met.

c) Analyze the purposes and objectives of corporate governance.

Purpose of Governance:

The purpose of corporate governance is to facilitate the effective,

entrepreneurial and prudent management that can deliver the long-term
success of the company.

Good corporate governance should contribute to better company performance

by helping a board discharge its duties in the best interest of the shareholders.
If it is ignored, the consequences may well be vulnerability or poor
performance. Good governance should facilitate efficient, effective and
entrepreneurial management that can deliver shareholder value over the
longer term.

d) Explain, and the apply in context of corporate governance, the key

underpinning concepts of:

Honestly/probity Be honest that statements about the company are truthful.

Not putting a spin on the facts.


Accountability The emphasis is the managers accountability to the

shareholders, but also accountable to other possible stakeholders.


Independence The emphasis is making sure that there are truly nonexecutive directors on the board who are free to critique the job performance
of management. Independence is not having a conflict of interest issue.


Responsibility The board has a responsibility to oversee the work on

management. The board should also retain responsibility for certain key

decisions, such as setting strategic objectives and approving critical capital


Decision making / judgment All directors are expected to have sound

judgment and to be objective in making their judgments. The OECD says the
board should be able to exercise judgment on corporate affairs independent,
in particular, from management.


Reputation A companys reputation, if good, is built on success and

management competence. However, it might take years for a company to gain
its reputation and only a day for it to get ruined. Companies that are badly
governed can be at risk of losing goodwill from investors, employees and


Integrity This is similar to honestly, but it also means behaving in

accordance with high standards of behavior and a strict moral or ethical code
of conduct. This means doing the right thing. Being a straight shooter.


Fairness This means that all shareholders should receive fair treatment
from the directors (one share one vote). This also means taking into account
the other stakeholders of the company, such as suppliers, creditors,
employees, local community, etc.


Transparency / openness This means not hiding anything. Transparency

means clarity. This involves full disclosure of material matters which could
influence the decisions of stakeholders.

Note: A good way to remember the key concepts of corporate governance is to think
of the mnemonic HAIRDRIFT.
e) Explain and assess the major areas of organizational life affected by issues in
corporate governance.

Duties of directors and functions of the board (including performance

measurement). Directors have a fiduciary duty to act in the best interest of
the company. They need to use their powers for proper purpose, avoid
conflicts of interest and exercise a duty of care.


The composition and balance of the board (and board committees).

Boards must be balanced in terms of skill and talents from several specialisms
relevant to the organizations situation and also in terms of age (to ensure
senior directors are brining on newer ones to help succession planning).


Reliability of financial reporting and external auditing. The reliability of the

financial reports is crucial to ensuring that management is held accountable.
External auditors need to make sure that they are getting the right information
in order to verify the reliability of the financial reports. External auditors cannot
be fearful of asking awkward questions because of fear of losing the audit.


Directors remuneration and rewards. Directors remuneration has to be

seen as being fair. Excessive salaries and bonuses has been seen as one of
the major corporate abuses for a number of years.


Responsibility of the board for risk management systems and internal

control. Boards should meet regularly as to provide proper oversight for risk
management and internal control systems. Without proper oversight, the
organization may have inadequate systems in place for measuring and
reporting on risks.


The rights and responsibilities of shareholders, including institutional

investors. Shareholders should have the right to receive all material
information that may affect the value of their investment and to vote on
measures affecting the organizations governance.


Corporate social responsibility and business ethics. Corporate social

responsibility and business ethics is an important part of the corporate
governance debate. At this point, there is not any real consensus about these

The South African King report commented that The relationship between a
company and its stakeholders should be mutually beneficial. This inclusive
approach is the way to create sustained business success and steady long-term
growth in corporate value.
However, the Hampel report emphasized responsibility towards shareholders and
states that it is impractical for boards to be given lots of responsibilities towards the
wider stakeholder community.
f) Compare, and distinguish between public, private and non-governmental
organizations (NGO) sectors with regard to the issues raised by, and scope of,

Public Sector Governance requirements stress the need for assessing the
effectiveness of policy and arrangements for dialogue with users of services.

Private The private sector is concerned with the continued existence of the
company. Therefore, having good governance processes is of vital

NGOs Non-governmental organizations provide services which are not

normally provided by either public or private organizations. Therefore, they
need governance processes which can ensure that they are providing the
best service possible.

g) Explain and evaluate the roles, interests and claims of, the internal parties
involved in corporate governance.

Directors Have an operational role in running the company, developing

strategies, etc. Concerning corporate governance, directors have the role to
act responsibly; to act with honesty; be accountable, etc. (HAIRDRIFT).


Company Secretaries Company secretaries are an officer of the company

and as such they have an operational role in the company. For example,
company secretaries might sign some contracts, or declare some relevant
matters to the proper authorities. They also have role to play in corporate
governance by making sure that the directors are complying with corporate
Some of the functions / responsibilities of the company secretary are listed

Should be responsible for providing relevant, reliable and timely

information to all directors, so that they are able to make well-informed
judgments in contributing to decision-making by the board.

Should be an expert on the regulations and corporate governance, so

that he can advise the board on any matters in which a governance
issue should be considered.

Although the chairman should be responsible for induction of new

directors and continuing professional development of established
directors, the company secretary is likely to be given the responsibility
for organizing induction and, where appropriate, CPD for directors.

The chairman is also responsible for the performance appraisal of the

board, board committees and individual directors.

The company secretary should be the first point of contact for any NED
wanting assistance or information from the company.


Sub-board management If a manager is not on the board, then he or she is

considered to be part of sub-board management. This person might be the
purchasing agent, human resource manager, etc. Concerning operational
roles, directors develop strategies to achieve some objective, and it will be the
sub-board managers who have to take the strategy and develop the tactics to
achieve the objectives of the organization.


Employees Employees have an operational role to carry out the tactical

plans of the sub-board management. As far as corporate governance, the
employees have the responsibility to comply with the corporate governance
systems in place and adopt appropriate culture. They need to implement the
risk management and control procedures and to report back if controls are not
working as they should.


Unions Unions have a responsibility to protect the interest of the

employees. As such, the ability of management to alter its working practices,
for example, may depend on obtaining the cooperation and support of the
trade unions.

h) Explain and evaluate the roles, interest and claims of, the external parties
involved in corporate governance.

Shareholders (including shareholders rights and responsibilities) The

role of governance is to protect the rights of all shareholders, including the
right to vote for board members, etc.


External Auditors Auditors try to influence to the company to present

reliable and accurate financial statements. Auditors can also influence by
recommending ways to improve the strength of internal controls within the
company. They can also provide other audit services such as social and
environmental audits. They can also highlight governance and reporting
issues of concern to investors.


Regulators Regulators (i.e., SEC, etc.) have a role of making sure that
public companies financial information is transparent, reliable and accurate.
Regulation can be defined as any form of interference with the operation of the
free market. This could involve regulating supply, price, profit, quantity, entry,
exit, information, technology, or any other aspect of production and
consumption in the market.


Government Like regulators, the government has a role to make sure that
regulators are doing their job in making sure that public companies are abiding
by the laws and regulators of the country.


Stock exchanges Public companies list their shares on regulated stock

exchanges, such as New York Stock Exchange, NASDAQ, American Stock
Exchange, London Stock Exchange, and many others. Stock exchanges are
privately owned and thus they need to protect their reputation. Stock
exchanges are regulated and thus require listed companies to abide by
governmental regulations.
Stock exchanges are important because they provide regulatory frameworks
in principles-based jurisdictions. Stock exchange regulation can therefore
have a significant impact on the wary corporate governance is implemented
and companies report.


Small investors (and minority rights) The role of governance is to protect

the interest of the minority shareholders; to make sure that their voices are
heard and that they are treated equally.


Institutional investors (Analyze and discuss the role and influence of

institutional investors in corporate governance systems and structures, for
example, the roles and influences of pension funds, insurance companies and
mutual funds) - Institutional investors manage funds of individual investors.
They are organizations which pool large sums of money and invest those
sums in security, real property and other investment assets. They can also
include operating companies which decide to invest its profits to some degree
in these types of assets.
Major institutional investors are:

Pension funds.

Insurance companies.

Investment and unit trusts.

Venture capitalist organizations.

Institutional investors will have a lot of influence in the management of

corporations because they will be entitled to exercise the voting rights in a
company. They can actively engage in corporate governance. Furthermore,
because institutional investors have the freedom to buy and sell shares, they can
play a large part in which companies stay solvent, and which go under.
Influencing the conduct of listed companies, and providing them with capital are
all part of the job of investment management.
Intervention by institutional shareholders:
Under extreme circumstances, the institutional shareholders may intervene more
actively, by, for example, calling a company meeting in an attempt to unseat the
board. Reasons why institutional investors might intervene:

Concern about the strategy in terms of product, markets and


Poor operational performance.

Management is dominated by a small group of executive directors, with

NEDs failing to hold them accountable.

Major failure of internal controls, particularly in the area such as health

and safety, pollution or quality.

Failure to comply with laws and regulations or governance codes.

Excessive levels of directors remunerations.

Poor attitudes towards corporate social responsibility.

2. Agency Relationship and theories

a) Define and explore agency theory.

Agency theory is a theory of the relationship between the principal and an


In limited companies, the directors and senior managers act as agents of the
shareholders, who own the company.

Agency theory is based on the view that when an agent represents a principal,
the self-interest of the agent is different from the interests of the principal.
Without suitable controls and incentives, the agent will make decisions and
actions that are in his or her own interest rather than those of the principal.

Agency theory is relevant to corporate governance because many of the

measures recommended for good governance are concerned with controls
and incentives that will persuade agents to act in the shareholders best
o For example, controls are applied through accountability and incentives
are given in remuneration packages.

b) Define and explain the key concepts in agency theory:


Agents The agents are the directors and senior management of the
company. They are selected and hired to run the company in the best interest
of the shareholders.


Principals The principals are the shareholders. They elect the board and
the board hire the CEO who is in charge of putting the management team


Agency An agency relationship arises when one or more persons (the

principals) engage another person (the agent) to perform some service on
their behalf that involves delegating some decision making authority to the
agent (Jensen and Meckling).


Agency costs Agency costs are the costs of having an agent make
decisions are behalf of a principal. Applying this to corporate governance,
agency costs are the costs that the shareholders incur by having managers
run the company instead of running the company themselves. There are three
costs associated with agency costs:

Cost of monitoring. The owners of the company have to establish

systems to monitor the actions and performance of management, to try
to ensure the management is acting in the best interest of the company.

Bonding costs. These are costs to provide incentives to managers to

act in the best interest of the company.

Residual loss. Costs to the shareholders of management decisions

that are not in the best interest of the shareholders (but in the interest of
the managers themselves).

Agency costs = monitoring costs + bonding costs + residual costs.


Accountability Agents should be held accountable for their decisions and

actions. Accountability means:

Having to report back to the principal to give an account of what has

been achieved.

Having to answer questions from the principals about the performance

and achievements.

Having the power to reward or punish the agent for good or bad

Greater accountability should reduce agency problems because it provides

management with an incentive to achieve performance which is in the best
interest of the shareholders. However, incentives should not be excessive
where the cost of the incentive is greater than the benefit that the monitoring

Fiduciary responsibilities Fiduciary duty is a duty of the agent to act for

the good of the company. A person with fiduciary duty is in a position of trust.

However, the existence of fiduciary duty is not sufficient to insure that

there is good corporate governance.

Evan and Freeman argued that management bears a fiduciary

relationship to stakeholders and to the corporation as an abstract entity.
It must act in the interests of the corporation to ensure the survival of
the firm, safeguarding the long-term stakes of each group.

The main fiduciary duties of directors are:

o Act in the best interest of the company.
o Avoiding conflict of interest.
o Using powers of proper purpose.
o Having a duty of care.


Stakeholders Stakeholders are parties (both internal and external) who

have an interest in well-being of the company. The different stakeholders
include: management, shareholders, vendors, creditors, board of directors,
employees, regulators, pressure groups (like PETA, Green Peace, etc.),
auditors, and the local community.

c) Explain and explore the nature of the principal-agent relationship in the context
of corporate governance.

Jensen and Meckling defined the agency relationship as a form of contract

between the companys owners and its managers, where the owners appoint
an agent to manage the company on their behalf.

The owners expect the agents to act in the best interest of the owners. Ideally,
the contract between the owners and managers should be sure that he
managers always act in the between interest of the owners. However, it is
impossible to arrange the perfect contract, because decisions by the

managers affect their own personal welfare as well as the interest of the

This raises a fundamental question. How can managers, as agents of their

company, be induced or persuaded to act in the best interests of the

d) Analyze and critically evaluate the nature of agency accountability in agency


In the context of agency, accountability means that the agent is answerable

under his contract to his principal and must account for the resources of his
principal and the money he has gained working on his principals behalf.

Two issues with the idea of agents being held accountable:

1) How does the principal enforce this accountability?
2) What if the agent is accountable to parties other than his/her principal? How
does he/she reconcile possible conflicting duties.
e) Explain and analyze the following other theories used to explain aspects of the
agency relationship.

Transaction costs theory.

Transaction cost theory was developed by Coase and Williamson is an
economic theory. Is based on the idea that companies have to decide which
activities are needed to be performed in house and which activities it can buy
from external sources. It attempts to provide an explanation of the actions and
decisions of managers that are not consistent with rationality and profit
Williamson argued that the actions and decisions of managers are based on a
combination of bounded rationality and opportunism.

Bounded rationality means that the manager will have limited

understanding of alternatives. This may imply that they will play it safe
and concentrate only on safe markets.

Opportunism means that managers make decisions based on their

own personal interests.

Conclusion: Managers should be controlled to prevent them from acting in their

own interests rather than in the best interest of the shareholders.
This theory is consistent with agency theory and provides a theoretical justification
for the need for rules or principles of good corporate governance.
Need to make sure that the objectives of management and the shareholders are

Stakeholder theory.

Companies provide not only wealth to the shareholders, but they

provide jobs to a employees and contribute the national and local

Companies are corporate citizens and thus they have a responsibility to


There is a close link between stakeholder theory and CSR.

In addition to providing returns to shareholders, companies have a

responsibility to its employees, customers, governments, communities,
suppliers, lenders and the general public.

Accountability is an important aspect of responsibility. This means that

companies not only should report to its shareholders, but also provide
information to its stakeholders, either by producing more reports or by
including more information in its annual reports. This might explain the
publication by some companies of an annual sustainability report and
employee reports for the benefit of the companys employees.

Mendelows power/interest matrix. Interest is horizontal, and power is

Four quadrants Ignore, Keep informed, Keep satisfied, and Key Players.

Level of Interest






Keep Informed

Keep Satisfied

Key Players

Ignore quadrant Stakeholders who are in this category can be ignored by the
company. In this quadrant might be the government, or some shareholders, or
employees who really dont have any power or interest. However, this does not
take into account any moral or ethical considerations. It is simply the stance to
take if strategic positioning is the most important objective.
Keep Informed Most shareholders would fall into this quadrant. You need to
keep shareholders informed of whats going on (e.g., annual report), but they
dont exert much power. However, stakeholders in this quadrant can increase
their overall influence by forming coalitions with other stakeholders in order to
exert a greater pressure and thereby make themselves more powerful.
Keep Satisfied In this quadrant the stakeholder doesnt have much interest but
does have strong power over the company. All these stakeholders need to do to
become influential is to re-awaken their interest. This will move them across to the
right and into the high influence sector, and so the management strategy for these
stakeholders is to keep satisfied.

Key players Key players are those who have the greatest influence on the
company. This question here is how many competing stakeholders reside in that
quadrant of the map. If there is only one (e.g., management) then there is unlikely
to be any conflict in a given decision-making situation. If there are several, then
there are likely to be difficulties in decision-making and ambiguity over strategic
Different categories of Stakeholders:
As far as stakeholders, have to understand the differences on how to categorize
stakeholders. Including:
Internal and external stakeholders. This is probably the easiest distinction
between stakeholders.
o Internal stakeholders






o External stakeholders will include customers, competitors, suppliers,

and so on.
Some stakeholders might be more difficult to categorize, such as trade unions
that may have elements of both.
Narrow and wide (Evans and Freeman).
o Narrow are those that are most affected by the org. policies and will
usually include shareholders, management, employees, suppliers, and
customers who are dependent upon the organizations output.
o Wide are those not so much affected, including government, lessdependable customers, the wider community, etc.
The Evans and Freeman model may lead some to conclude that an organization
has a higher degree of responsibility and accountability to its narrower
Primary vs. secondary (Clarkson).
o A primary stakeholder is one without whose continuous participation
the corporation cannot survive as a going concern. So primary are
those that do influence the company and those that do not (i.e.
shareholders, customers, suppliers and government (tax and
o Secondary are those that the org. does not directly depend upon for its
immediate survival (e.g. broad communities and perhaps management,
since management can be replaced.
Active and passive stakeholders (Mahoney).
o Active stakeholders are those who seek to participate in the
organizations activities. These stakeholders may or may not be part of
the formal structure. Management and employees obviously fall into
this active category, but so may some parties from outside an
organization, such as regulators, environmental pressure groups, and
possibly large investors (i.e. institutional investors).

o Passive stakeholders are those who do not normally seek to

participate in an organizations policy making. This is not to say that
passive stakeholders are any less interested or less powerful, but they
do not seek to take an active part in the organizations strategy.
Passive stakeholders will normally include most shareholders,
government, and local communities.
Voluntary vs. involuntary.
o Voluntary include the employees (those with transferable skills), most
customers, suppliers and shareholders.
o Involuntary are those who do not chose to be stakeholders, but are so
nevertheless, for example, local communities, future generations, and
most competitors.
Legitimate vs. illegitimate.
o This one is more difficult and it might depend on your viewpoint. While
those with an active economic relationship with an organization will
almost always be considered legitimate, others that make claims
without such a link, or that have no mandate to make a claim, will be
considered illegitimate by some.
o While a terrorist would be considered illegitimate, there is more debate
on the legitimacy of the claims of lobby groups, campaigning
organizations, and non-governmental/charitable organizations.
Recognized vs. unrecognized.
o This categorization follows on from the debate over legitimacy. If an
organization considers a stakeholders claim to be illegitimate, then the
organization would not recognize the stakeholders claim when making
a decision.
Known and unknown.
o Finally, some stakeholders are known about by the organization in
question and others are not. This means, of course, that it is very
difficult to recognize whether the claims of unknown stakeholders (e.g.,
nameless sea creatures, communities in close proximity to overseas
suppliers, etc.) are considered legitimate or not. Some say that it is a
moral duty for organizations to seek out all possible stakeholders
before a decision is taken and this can sometimes result in the adoption
of minimum impact policies. For example,, even though the exact
identify of a nameless sea creature is not known, it might still be logical
to assume that low emissions can normally be better for such creatures
than high emissions.
Instrumental and normative motivations of stakeholder theory.
o The instrumental viewpoint is that organizations only take
shareholder opinions into account only insofar as they are consistent
with the economic objectives of the company.
o The normative viewpoint takes a more moral stand. Based on the
moral philosophy of Immanuel Kant (1724-1804) who believed the
each of us has a moral duty to account for each others concerns and

Kant talked about the civil duty, which he believed important in

maintaining and increasing overall good in society.

3. The Board of Directors

a) Explain and evaluate the roles and responsibilities of boards of directors.
The board should be responsible for making major policy and strategic decisions.
Directors should have a mix of skill and their performance should be assessed
regularly. Boards are collectively responsible for:

Promoting the success of the company

Providing leadership and direction.

Managing risks and instituting the appropriate systems of internal controls.

Supervising lower levels of management and employees.

Setting the strategic goals and targets of the company.

Ensuring that the necessary financial and human resources are in place.

Reviewing managerial performance.

Other responsibilities are:

Monitoring the CEO.

Overseeing the implementation of corporate strategy.

Monitoring risks, control systems and systems of CG.

Monitoring HR issues like succession planning, training, remuneration, etc.

Ensuring the effective communication of strategic plans to stakeholders.

It was suggested by UK Cadbury report that, as a principle of good corporate

governance, there should be a formal list of matters reserved for collective decisionmaking by the board. These matters include:

Strategy approving long-term objectives, deciding commercial strategy,

approving budgets, oversight of operational performance.

Investments approving major capital investments, major contracts,

acquisitions and disposals.

Decisions on capital structure and financing.

Decisions on major organization and management re-organization.

Review of the effectiveness of internal controls and risk management

systems. This function might be delegated to internal auditing, if the company
has an internal auditing function.

Communication with shareholders.

Remuneration of executive directors and other senior executive


Appointments to the board.


Company policies.

Proposing dividends.

b) Describe, distinguish between and evaluate the cases for and against, unitary
and twotier board structure.
In most countries, companies have a single board of directors (unitary board). This
board would consist of executive and non-executive directors, with a chair and a
Some countries have a 2-tier board structure (Germany and Netherlands),
consisting of:

A management board of executive directors (headed by the CEO or

managing director).
o The management board reports to the supervisory board.
o Is responsible for day-to-day running of the business.

A supervisory board of NED (headed by the chair of the company).

o This board has no executive function; however it may review the
companys direction and strategy. It is meant to safeguard shareholder
o Receives formal reports of the state of the companys affairs and
o It approves the accounts and may appoint committees and undertake

In a 2-tier company board structure:

Membership of the two boards is entirely separate.

The effectiveness of this type of structure will depend on the relationship between the
chair and CEO. In public companies:

It is usual in a unitary board for most non-executive directors (NEDs) to be

classified as independent.

Most NEDs in a supervisory board would not be regarded as independent. In a

2-tier board structure, NEDs on the supervisory groups often are:
o Represent interest groups (e.g., employees or major shareholders), or
o Former executive directors of the company, possibly former members
of the management board who have now retired form the company.

2-tier board


governance are clearly separated.
Supervisory board membership recognizes
interests of stakeholders groups.

Supervisory board can be very large.

Decision-making might be slower than with a

unitary board.

Executive directors and NEDs have different

responsibilities and duties.

Might be the risk of conflict between the two


Risk of conflict between interest groups on the

supervisory board


Unitary board


Unitary boards can be small in size because

there are no requirements to appoint directors
who represent stakeholder interest groups.
It is easier for the NEDs and the executive
directors to work co-operatively.

Can also get too large if not careful.

If there is a conflict between chair and CEO, this

can negatively affect the company.

Unitary boards work towards a common goal,

which is what the board considers to be in the
best interest of the shareholders and others.

As with any board, there not be a consensus of

what the goals are.

c) Describe the characteristics, board composition and types of, directors

(including defining executive and non-executive directors (NED).

The Combined Code states that at least one half of the board members
should be independent non-executive directors, with a minimum of 3 NEDs.
There has to be a balance between EDs and NEDs.

The Combined Code also states that a former CEO of a company should not
move on to become the company chairman. The Combined Code argues that
the power of chairman and CEO should not be held by one individual because
it gives too much power on the board to that individual.

Board composition:

A chairman, who may be any executive director but is usually a NED.

Sometimes a deputy chairman.

A chief executive officer, who an executive director.

Other executive directors, possibly including the CFO, COO, and others.

Other NEDs.

Balance of Power:
The board should contain a suitable balance of power in order to prevent one person
or group of people from dominating the decision making of the board.

When there are several independent minded individuals on the board, it is

more likely that the interest of the shareholders, and possibly also other
stakeholders in the company will be properly represented.

Several ways to achieve suitable balance:

o The same individual should not hold the position of CEO and chairman
at the same time.
o The roles of the CEO and chairman should be specified formally so that
one individual is not able to take responsibilities away from the other.
There needs to be a written charter.
o There needs to be the presence of independent non-executive directors
on the board. The Combined Code states that for large stock market
companies, a majority of the board should be independent NEDs

o There should be a senior NED with sufficient strength of character to

challenge both the chairman and CEO if this seems necessary. This
person needs to be able to ask hard questions.
o The NEDs must be effective in their roles. They need to be able to give
sufficient time to the company.
o Some decision making should be delegated to the board committees to
remove decision making from directors in cases where there is a
conflict of interest, or to act as a check on some of the activities of
executive directors (for example the audit committee).
Executive and NEDs:

Executive directors are directors who also have executive management

responsibilities in the company. They are normally full-time employees.

NEDs are directors who do not have any executive management

o They are not employees of the company.
o They are not full-time. When they are appointed, there should be a clear
understanding about how much time (each month or each year) the NED
will probably be required to give to the companys affairs.

d) Describe and assess the purposes, roles and responsibilities of NEDs.

The Higgs report commented that the role of the NED is frequently described as
having two main elements: (1) monitoring executive activity and (2) contributing to
the development of strategy.
Higgs identified four roles for NEDs.
1) Strategy. Should contribute development of the companys business strategy.
2) Scrutinizing performance. The NEDs need to scrutinize the performance of
3) Risk management/Internal control. NEDs should satisfy themselves that
financial information produced by management is reliable. They need to
satisfy themselves that financial controls and systems of risk management are
robust and defensible.
4) People. They should be involved in the people side of running the company,
including their roles on the nomination committee and remuneration
committees. NEDs are responsible for deciding the level of remuneration of
executive directors. They also have a prime role in appointing and removing
senior management, and in succession planning.
Cross-directorship is a situation where the executive director of one company
(company A) sits on the board of another company (company B). At the same time, a
executive director of company B, sits on the board of company A. When this situation
exists, the NEDs involved might be reluctant to criticize each other.

In practice, many companies do not allow cross-directorships.

Some of the problems that can occur with the appointment of NEDs:

Lack of independence if appointed by the NED.

Lack of authority to impose their views.


Often confined to represent the views of the stakeholders.

A limited amount of time they can devote to the board.

May be a difficulty in recruiting good NEDs limited supply.

Ways to ensure independence:

Not involved in share scheme.

Their service should not be pensionable.

Should be for a specific period.

The NED should not have any business, financial or other connection with the
company-apart from fees and shareholdings.

Re-appointment should not be seen to be automatic.

The full board should decide on their selection and appointment.

NED must be able to take external professional advice where necessary and
the costs of same have to be borne by the company.

e) Describe and analyze the general principles of legal and regulatory frameworks
within which directors operate on corporate boards.
Duties while in office:

Legal rights and responsibilities. Directors are entitled to fees and

expenses according to the companys constitution. Directors have a duty of
care to show reasonable competence and may have to indemnify the
company against loss caused by their negligence. Directors are also said to
be in a fiduciary position in relation to the company.

Duty to act within powers. Directors have to operate in accordance with the
companys constitution and only to exercise powers for the purpose for what
they were elected for.

Duty to promote the success of the company. The law should encourage
long-termism and regard for all stakeholders by directors and that
stakeholder interests should be pursued in an enlightened and inclusive way.

Duty to exercise independent judgment. This means that directors should

not delegate their powers of decision-making or be swayed by the influence
of others.

Duty to exercise reasonable skill, care and diligence. Directors have the
duty of care to show reasonable skill, care and diligence.

Duty to avoid conflict of interest. A director is an agent of the company. A

director would be in breach of fiduciary duty to the company, for example, if he
puts his or her own interests first, ahead of the interests of the company. A
breach of fiduciary duty would also occur if a director has an interest in a
contract with the company but fails to disclose this interest to the rest of the
board and obtain their approval.

Duty not to accept benefits from third parties. This duty prohibits the
acceptance of benefits (including brides) from third parties conferred by
reason of them being a director, or doing, (or omitting to do) something as a

Duty to declare interest in proposed transaction or arrangement.

Directors are required to disclose to the other directors that nature and extent
of any interest, direct or indirect, that they have in relation to a proposed
transaction or arrangement with the company.

Insider dealing / trading.

o An insider is someone who has business connection with an entity as a
result of which they may acquire relevant information.
o Insider dealing is where a person with inside information buys or sells
shares or securities in an entity.
o An insider in possession of unpublished price sensitive information
should not deal.
o An offense is also committed if the insider encourages another person
to deal.
o The person dealing as a result of that encouragement, and believing
the source to be an insider, is also committing an offense.
o Disclosure of insider information, other than in the proper course of
employment to an authorized person, is also an offense.

Leaving Office:

Departure from office. A director may leave office in the following ways:
o Resignation.
o Not offering him or herself for reelection.
o Death.
o Dissolution of the company (e.g. bankruptcy).
o Being removed from office.
o Prolonged absence (generally more than 6 months).
o Being disqualified.
o Agreed departure.

Time limited appointments. Ordinary directors may have to retire from the
board on reaching a retirement age or may not be able to seek reelection.
o Time-limited appointments. Existing directors are required to stand
for re-election at regular intervals.
o Fixed term contracts. NEDs are usually appointed for a fixed term. In
the UK, normal practice is for 3-years. At the end of this term, the
appointment might be renewed for a further 3-years.

Retirement by rotation. It is usual for directors who retire by rotation and

stand for re-election to be reelected by a very large majority. In the UK, most
companies include in their constitution a requirement that one-third of directors
should retire each year by rotation and stand for re-election. This means that
each director stands for re-election every three years. (this is why
appointments of NEDs are for periods of 3-years.)

Service contracts. Executive directors have service contracts with the

company. A service contract includes terms such as entitlement to

remuneration including pension rights, and a minimum notice period for

termination of office.

Removal. When a director performs badly, it should be expected that he or

she will be asked by the board or the company chairman to resign. This is the
most common method by which directors who have failed are removed from
office. When a director is removed from office, he or she retains contractual
rights, as specified in his or her contract of employment. This could involve a
very large payment.

Disqualification. The corporate law of a company might provide for the

disqualification of any individual acting as a director of any company, where
the individual is guilty of behavior that is totally unacceptable from a director.
This could include:
o When a director is bankrupt.
o Director is suffering from a mental disease.
o Director has been found guilty of a crime in connection with the
formation or management of a company.

f) Define, explore and compare the roles of the CEO and the board chairman.
Role of the CEO:

The CEO is responsible for the executive management of the company


The CEO is the leader of the management team, and all senior managers
report to the CEO.

If there is an executive management committee for the company, the CEO

should be the chairman of this committee.

The CEO reports to the board on the activities of the entire management team,
and is answerable to the board for the companys operational performance.

Risk management. The CEO is responsible to manage the companys risk


Liaison with stakeholders. The CEO need to deal with those interested in the

Role of the Chairman:

The chairman must act as the spokesperson of the board.

Is the conduit of communication between the CEO and the shareholders.

Ensuring that the board as a whole and also individual directors contribute
effectively to the work of the board.
o Sets the agenda for the board meetings.
o Provides suitable information before each board meeting.
o At board meetings, encourages open dialogue between members of the
o Helps non-executive directors to contribute effectively to the company.

The chairman is responsible for the effectiveness of the board. He is therefore

responsible for:

o The induction of all new directors, and

o The annual performance review of the board, board committee and
individual directors.

Also sets the tone at the top.

Should be the advocate of ethical behavior in the company.

An effective chairman should establish a close working relationship with the

CEO and should ensure that all decisions by the board are implemented.

He or she should promote best practice in corporate governance and high

standards of ethical conduct by the company and its employees.

He or she should provide leadership for the company are represent its views
with external stakeholders, including the shareholders.

Summary of the roles of CEO and Chairman



Executive director. Full time employee

Part-time. Usually independent.

Reporting Lines

Reporting Lines

All executive managers report, directly

or indirectly, to the CEO.

No executive responsibilities. Only the

company secretary and the CEO
report to the chairman directly, on
matters relating to the board.

The CEO reports to the Chairman and to

the board generally.
Main responsibilities

Main responsibilities

Head of the executive management Leader of the board, with responsibility

for its effectiveness.

Business strategy development



Managing the companys risk profile.

Implement board decisions.




and To make sure that the board fulfills its

role successfully.

investment To ensure that all directors contribute

to the work of the board.



Division of responsibilities: The role of the CEO and chairman should be

separated. The CEO runs the company and the chairman runs the board. Reasons to

The separation of roles avoids any conflicts of interest.

It is difficult to make the CEO accountable if there is no one senior to him or


The board can make the CEO more accountable for management of the
company if there is a separate Chairman of the board.

The UK 2nd Combined Code suggests that the retired CEOs should not
become Chair of the same company. The main concern is that he or she
would interfere too much in the running of the company by the new CEO.

The Cadbury report stated that if the roles were combined, there should be a
strong independent element to the board with NEDs. Higgs states that one
senior member of the NEDs should be appointed who would be available to
shareholders who had concerns that could not be resolved through normal

g) Describe and assess the importance and execution of, induction and
continuing professional development of directors on boards of directors.
The UK Higgs report provides guidance on the development programs.
Induction of new directors:

When directors are appointed to the board of a company, they are expected to
bring the benefits of their knowledge, skill and experience to the discussions
of the board.

Directors need to build an understanding of the nature of the company, its

business and its markets. This includes:
o The companys culture and values.
o The companys products and/or services.
o The structure of the company/subsidiaries/joint ventures.
o Major risks and risk management strategy.
o Key performance indicators.
o Regulatory constraints.

Build a link with the companys people.

o Meet with senior management.
o Visit company sites.
o Participate in the boards strategy development.
o Briefing on internal procedures.

Build an understanding of the companys main relationships including meeting

with auditors.
o Major customers.
o Major suppliers.
o Major shareholders.

Continuing Professional Development:

CPD is necessary to make sure that directors remain up to date on their

relevant professional knowledge.


Higgs report suggests that CPD of potential directors should concentrate on

the role of the board, obligations and entitlements of existing directors
and the behaviors need for effective board performance.

Topics for professional development would include financial management

training, HR issues, CG developments, risk management updates on legal and
regulatory issues, audit practice and procedures, financial reporting and
strategic planning.

h) Explain and analyze the frameworks for assessing the performance of boards
and individual directors (including NEDs) on boards.
Performance of the board:

Aim is to improve board effectiveness, maximizing strengths and tackling


Performance of individual directors and the board as a whole needs to be

appraised regularly. In the UK there is a requirement for an annual
performance review. Ideally, the assessment should be by an external third
party who can bring objectivity to the process.

Performance of the whole board needs to include:

o A review of the boards systems (conducting meetings, work of
committees, quality of written documentation).
o Performance measurement in terms of standards it has established,
financial criteria, and non-financial criteria relating to individual
o Assessment of the boards role in the organization (dealing with
problems, communicating with stakeholders).

Higgs Report lists a number of criteria that can be used to monitor the
effectiveness of boards.
o Performance against objectives.
o Contribution to strategic development.
o Contribution to risk management.
o Contribution to the development of corporate culture.
o Appropriate composition of the board and committees.
o Effectiveness of responses to crises and problems.
o The proper delegation of matters to lower levels and the reservation of
matters for board decision.
o Effectiveness of internal and external communications.
o The extent to which the board is kept appraised of developments.
o The effectiveness of the board committees.
o The quality of information supplied to board members.
o The number of board meetings held.
o The extent to which the board has met all legal, financial reporting,
regulatory and CG requirements.

Performance of individual directors: Need to use the following criteria when

judging the performance of the individual director.

Independence: This means avoiding conflict of interest.

Preparedness: The director knows the key staff, organization structure,

industry and regulatory background.

Practice: The director participates in board meetings, questions, insists on

obtaining information, and undertakes CPD.

Committee work: The director participates fully in audit, risk and nominations
committees (remunerations for NEDs).

Development: The director makes suggestions as to strategic choice and


If the director considers performance to be unsatisfactory, he should consider

ways of encouraging directors to improve their performance.

4. Board Committees
a) Explain and assess the importance, roles and accountabilities of, board
committees in corporate governance.
A board committee is a committee set up by the board, and consisting of selected
directors (both executive and non-executive), which is given responsibility for
monitoring a particular aspect of the companys affairs for which the board has
reserved the power of decision-making.
The role of a committee is to monitor an aspect of the companys affairs, and:

Report back to the board, and

To make recommendations to the board.

The full board should make a decision based on the committees recommendations.
If a board was to reject the recommendations of a committee, then the board needs
to give a very good reason for doing so.
A board committee needs to meet with sufficient frequency to enable it to carry out its
responsibilities. It is important to remember, however, that a board committee is not a
substitute for executive management and a board committee does not have
executive powers. A committee might monitor activities of executive managers, but it
does not take over the job of running the company from management.
b) Explain and evaluate the role and purpose of the following committees in
effective corporate governance.
i. Remuneration committees.
The Remuneration Committee deals with the remuneration of executive directors
and senior managers.

Some believe that the remuneration of directors should be linked to

company performance.


Level of remuneration should be sufficient to attract and retain and

motivate directors to do a good job, but should not pay them more than is
necessary for this purpose.

There should be a final and transparent procedure for developing policy on

executive remuneration and for fixing the remuneration package of
individual directors.

No director should be involved in deciding his or her own remuneration.

There should be limited contracts of service periods, ideally for one year.

The committee should be made up of independent NEDs.

ii. Nominations committees.

The Nominations Committee has the responsibility to identify and recommend
individuals for appointment to the board and executive director. The committee
should play an active role in the companys succession planning.
This means planning for the eventual retirement of the:


The board chairman, and

Possibly the finance director.

In addition, the NC should consider:

The desirable size of the board.

The skills of the board members. Combined code recommends at least

one NED have financial experience (aka qualified accountant).

The need to attract board members from a diversity of backgrounds.

The balance between ED and NEDs. The combined code says that there
should be a balance with a minimum of 3 NEDs.

iii. Risk committees.

There needs to be a way for companies to manage their risk. Risks include:

Business and strategic risks, and

Risk of errors, fraud, losses, breakdowns, etc.

This board would have oversight responsibility for risk and internal control.
Typical roles of the Risk Committee:

To agree with the RM strategy.

Receive and review RM reports from all operational departments.

Monitor overall exposure and specific risks.

Assess the effectiveness of the RM strategy.

Provide guidance to the main board.

Work with the AC on designing and monitoring ICs for the mitigation and
management of risk.


Prepare reports on risks and draft the RM strategy note for the annual

To assist in determining a companys risk appetite. The board will

determine the level of risk the company is willing and able to take on.

iv. Audit committees.

The audit committee is considered to be the most important board

committee. The UK Cadbury report emphasized the importance of internal
audit having unrestricted access to the audit committee.

The board should establish an AC of at least three, or in the case of

smaller companies, two, independent NEDs.

The board should be satisfied that at least one member of the AC has
recent and relevant financial experience.

The AC needs to ensure that the external auditors are completely

independent of the company and its subsidiaries, and that they are
working in the best interests of the shareholders. The audit committee
should ensure that the company complies with all laws and regulations
applying to it, and that the necessary reports are filed with the authorities.

The AC needs to review and discuss with management and the external
auditor the effects of changes in accounting standards, and the
implications of these proposed changes.

Needs to ensure that both the external and internal auditors have sufficient
resources to carry out their defined roles.

Needs to act as a mediator between management and auditors when

there is a difference of opinion.

Needs to recommend on the appointment or replacement the external

auditor, who shall report directly to the Audit Committee. If the board does
not accept the ACs recommendation, it should include the reasons in the
annual report.

Needs to be directly responsible for the compensation and oversight of the

work of the external auditor.

Role and responsibilities of the Audit Committee:

An AC of independent NEDs should liaise with external audit, supervise

internal audit and review the annual accounts and internal controls.

To monitor the integrity of the financial statements of the company, and

any formal announcements relating to the companys financial
performance, reviewing significant financial reporting judgments contained
in them.

To review the companys internal financial controls, and unless expressly

addressed by a separate board risk committee composed of independent
directors, or by the board itself, to review the companys internal control
and risk management systems.

To monitor and review the effectiveness of the companys internal audit


To make recommendations to the board, for it to put to the shareholders

for their approval in general meeting, in relation to the appointment, re25

appointment and removal of the external auditor and to approve the

remuneration and terms of the external auditor.

The external auditor reports directly to the audit committee.

To review and monitor the external auditors independence and objectivity

and the effectiveness of the audit process, taking into consideration
relevant UK professional and regulatory requirements.

To develop and implement policy on the engagement of the external

auditor to supply non-audit services, taking into account relevant ethical
guidance regarding the provision of non-audit services by the external
audit firm, and to report to the board identifying any matters in respect of
which it considers that action or improvement is needed and making
recommendations as to the steps to be taken.

There are several reasons why an audit committee is beneficial to an organization.

1) Independence of the external auditors. The committee selects the
external auditor and thus can eliminate some pressure that the executive
management might try to apply.
2) Competence of the external auditor. The committee also assesses the
competence of the external auditor.
3) Providing an assessment of the financial statements and audit
process. The committee reports to the board on matters that they
consider relevant, with regard to financial statements and audit process.
Its responsibility is to ensure that the statements are reliable.
4) Independence of the internal auditor. The committee helps to ensure
the independence of the internal audit function by having the IAF
functionally report to the committee and not to someone in management.
5) Increase public confidence.

5. Directors remuneration
a) Describe and assess the general principles of remunerations.

Purposes. There are two purposes of any remuneration package:

1) The package should be designed to attract qualified people to the
company; however, it should not be more than necessary,
2) It should provide incentive for the director. The amount that the
company will pay will depend upon:
o What other companies are paying, and
o How many suitable candidates are available.

ii. Components. When a remuneration package is designed for a director or

senior manager, it should consider:
o Each separate element in the package, and also
o All the elements in the package as a whole.
The components include both short-term and long-term incentives, between
cash and equity and between current pay and pension rights.
For example, a director may be paid an average basic salary, but may receive
a generous pension entitlement and an attractive long-term incentive scheme.

Another director might receive a low basic pay, but a very attractive short-term
bonus incentive scheme.
iii. Links to strategy. Any directors remuneration package should be linked to
the company achieving its long-term objectives. This could entail the company
giving the directors the right to purchase shares at a specified exercise price
over a specified time period in the future. This provides incentive for the
directors to do what they have to do to raise the price of the shares.
iv. Links to labor market conditions. Any remuneration package has to be
linked to local market conditions. Again, every company needs to be able to
attract and retain qualified personnel, but companies need to make sure that
they are not over compensating its directors.
b) Explain and assess the effect of various components of remuneration
packages on directors behavior.
i. Basic salary will be in accordance with the terms of the directors contract of
employment, and is not related to the performance of the company or the
Instead it is determined by the experience of the director and what other
companies might be prepared to pay for the directors service (the market
ii. Performance related bonuses. Directors may be paid a cash bonus for good
(generally accounting) performance. To guard against excessive payouts,
some companies impose limits on bonus plans as a fixed percentage of salary
or pay.
o There is also something called Transaction bonuses which is where
the CEO get a bonus for acquisitions, regardless of subsequent
performance, possibly indeed further bonuses for spinning off
acquisitions that have not worked out.
iii. Shares and share options (share schemes). Share schemes are used to
provide long-term incentive which gives the executives a personal interest in
the performance of the companys share price over a period of several years.
Since they have an incentive, they will do (or should do) what they can to
improve the financial performance and longer-term prospects.
Problems with these share schemes are:
o Executives might be motivated by short-term targets and cash bonuses
than by longer term targets and share awards.
o If share price falls because of a general decrease in the market, the
options might be worthless, therefore, not providing much incentive for
the executive to perform.
o Share schemes are often for a three year period. The executive
receives an award of fully-paid shares, or is able to exercise share
options after three years. If the executive sells the shares, his or her
interest in the company comes to an end.
(The UK 2nd Combined Code states that non-executive directors should not
normally be offered share options, as options may impact upon their

iv. Loyalty bonuses are intended to get directors to stay with the company for an
extended period of time. For example, if a directors contract expires, the
director may be paid a bonus for extending the contract.
v. Benefits in kind could include transportation (e.g., a car), health provisions,
life assurance, holidays, expenses and loans.
The remuneration committees should consider the benefit to the director and
the cost to the company of the complete package.
Also, the committee should consider how the directors package relates to the
package for employees. Ideally, perhaps, the package offered to the directors
should be an extension of the package offered to the employees.
vi. Pension benefits. Many companies offer pension contributions for directors
and staff. In some cases, however, there may be separate schemes available
for directors at higher rates than for employees.
The Combined Code states that as a general rule, only basic salary should be
The Code emphasizes that the remuneration committee should consider the
pension consequences and associated costs to the companys basic salary
increases and any other changes in pensionable remuneration, especially for
directors close to retirement.
c) Explain and analyze the legal, ethical, competitive and regulatory issues
associated with directors remuneration.

It needs to be a principle of corporate governance that the shareholders of the

company be given the full information about the remuneration of the
companys directors. This information is important so they understand the link
between the directors remuneration and company performance.

In the UK, quoted companies are required to publish a directors

remuneration report each year. The report must contain extensive
disclosures about directors remuneration. It is general practice to include the
report in the annual report and accounts.

Some of the information in the remuneration report must be audited by the

companys auditors. Other parts of the report are not subject to an audit.

Shareholders must vote at the companys annual general meeting on a

resolution to approve the report. This is an advisory vote only, and the
shareholders do not have the power to reject the report or amend the
remuneration of any director or senior executive.

Information that is subject to audit includes:

The remuneration for the year for each director, analyzed into salary and fees,
bonuses, expenses received, compensation for loss of office and other
severance payments, and non-cash benefits.

For each director, details of interests in share options, including details of

options awarded or exercised during the year, options that expired during the
year without being exercised, and any variations to the terms and conditions
relating to the award or exercise of options.

For options exercised during the year, the market price of the shares when the
options were exercised should also be shown.

For options have not been exercised, the report should show the exercise
price, the date from which the options may be exercised and the date they

For each director, details should be given of pension contributions or


Details should also be provided of any large payments made during the year
to former directors of the company.

Ethical issues about remuneration.

There are some well-recognized ethical issues that affect the reputation and public
perception of companies. The ethical issues include:

The rate of increase in the directors pay has been much greater than the rate
of increase in the pay of other employees.

A survey conducted by KPMG (2005) found that bonus payments to senior

executives had risen at a fast rate, but the pay rate increase was not linked to
long-term strategy of the company and the shareholder value.
o This meant that directors were paid large bonuses but were not adding
value to the company.

Research by Income Data Service in the UK in 2006 stated that directors

were now earning almost 100 times as much in annual remuneration than
other full-time workers, compared with about 40 times as much in 2010. This
gap is continuing to increase.

6. Different approaches to corporate governance

a) Describe and compare the essentials of rules and principles based
approaches to corporate governance. Includes discussion of comply or
An example of a rules based approach to corporate governance is Sarbanes-Oxley.
An example of a principles based approach to corporate governance is the UK
Combined Code.
Rules-based approach to corporate governance is based on the view that
companies must be required by law to comply with established principles of good
corporate governance.
There are advantages with a rules-based approach:

Companies do not have a choice of ignoring the rules.

All companies are required to meet the same minimum standards of corporate

Investors confidence in the stock market might be improved if all the stock
market companies are required to comply with recognized corporate
governance rules.

Disadvantages are:

The same rules might not be suitable for every company, because the
circumstances of each company are different. A system of corporate
governance is too rigid if the same rules are applied to all companies.

There are some aspects of corporate governance that cannot be regulated

easily, such as negotiated the remuneration of directors, deciding the most
suitable range of skills and experience for the board of directors, and
assessing the performance of the board and its directors.

A principles-based approach to corporate governance is an alternative to a rulesbased approach. It is based on the view that a single set of rules is inappropriate for
every company. Circumstances and situations differ between companies. The
circumstances of the same company can change over time. This means that:

The most suitable corporate governance practices can differ between

companies, and

The best corporate governance practices for a company might change over
time, as its circumstances change.

In the UK, the Combined Code is the relevant code of corporate governance for
listed companies. All UK listed companies must comply with rules known as the
Listing Rules, which are issued and enforced by the financial markets regulator.
Advantages of principles-based:

It avoids the need for inflexible legislation that companies have to comply
with even though the legislation might not be appropriate.

It is less burdensome in terms of time and expenditure.

A principles-based approach allows companies to develop their own approach

to corporate governance that is appropriate for their company.

Enforcement on a Comply or Explain basis which means that companies can

explain why they are not in compliance with a specific provision.

A principles-based approach accompanied by disclosure requirements put the

emphasis on investors making up their own minds about what businesses are

Criticism of principles-based approach:

Criticized as so broad that they are of very little use as a guide to best
corporate governance practice.

Hampel report comments about tick-boxing are incorrect.

Investors cannot be confident of consistency of approach. Clear rules mean

that the same standards apply to all directors.

Which is more effective. It has been suggested that that the burden of the detailed
rules in the US, especially the requirements of section 404, has made the US an
unattractive country for foreign companies to trade their shares. As a result, many
foreign companies have chosen to list their shares in countries outside the US, such
as the UK.
Comply or Explain
The comply or explain approach is the trademark of corporate governance in the
UK. The Listing Rules require companies to apply the Main Principles and report to
shareholders on how they have done so. The principles are the core of the Code and
the way in which they are applied should be the central question for a board as it
determines how it is to operate according to the Code.

It is recognized that an alternative to following a provision may be justified in

particular circumstances if good governance can be achieved by other means. If a
company is in breach of the Code then the reason for the breach should be clearly
and carefully explained to shareholders. In providing an explanation, the company
should aim to illustrate how its actual practices are both consistent with the principle
to which the particular provision relates and contribute to good governance.
In their responses to explanations, shareholders should pay due regard to
companies individual circumstances and bear in mind, in particular, the size and
complexity of the company and the nature of the risks and challenges it faces. While
shareholders have every right to challenge companies explanations if they are
unconvincing, they should not be evaluated in a mechanistic way and departures
from the Code should not be automatically treated as breaches. Shareholders should
be careful when responding to the statements from companies in a manner that
supports the comply or explain process and bearing in mind the purpose of good
corporate governance.
Smaller companies may judge that some of the provisions are disproportionate or
less relevant in their case. Some of the provisions do not apply to companies below
the FTSE 350. However, such companies may nonetheless consider that it would be
appropriate to adopt the approach in the Code and they are encouraged to do so.
b) Describe and analyze the different models of business ownership that
influence different governance regimes (e.g., family firms versus joint stock
company-based models).

Insider structures This is where a company listed on a stock exchange is

owned and controlled by a small number of major shareholders. The
shareholders may be members of the companys founding family, banks, other
companies or the government.
o Family companies are perhaps the best example of insider structures.
In this case, agency problems are not really an issue because there is
no separation between management and owners theyre one and the
Advantage of insider system:
o Easier to establish ties between owners and managers.
o Agency problem is reduced and costs of monitoring is also reduced, if
management is involved in management.
o Even if owners are not involved in management, it should be easier to
influence company management through ownership and dialogue.
o A smaller base of shareholders may be more flexible about when profits
are made and hence more able to take a long-term view.
o May be discrimination against minority shareholders.
o Evidence suggests that controlling families tend not to monitor
effectively by banks or by other large shareholders.
o Insider systems do not develop more formal governance structures until
they need to.


o Insider firms, particularly family firms, may be reluctant to employ

outsiders in influential positions and may be unwilling to recruit
independent NEDs.
o Succession issues may be a major problem. A vigorous company
founder may be succeeded by other family members who are less
competent or dynamic.

Outsider systems Outsider systems are ones where shareholding is more

widely dispersed, and there is the manager-ownership separation. Sometimes
called Anglo-Saxon regimes.
Advantages of outsider systems:
o Provides an impetus for the development of more robust legal and
governance regimes to protect shareholders.
o Shareholders have voting rights that they can use to exercise control.
o Hostile takeovers are far more frequent, and the threat of these acts as
a disciplining mechanism.
o Companies are more likely to have an agency problem and
significant costs of agency.
o The larger shareholders in these regimes have often had short-term
priorities and have preferred to sell their shares rather than pressurize
the directors to change strategies.

c) Describe and critically evaluate the reasons behind the development and use
of codes of practice in corporate governance (acknowledging national
differences and convergence).

The international guidelines include the OECD principle and ICGN report.

These guidelines came about because of the increase in international trade

and cross-border links leads to increased pressure for the internationally
comparable practices and standards.
o This is particularly true for accounting and financial reporting.
o Increasing international investment and integration of international
capital markets has also led to pressure for standardization of
governance guidelines, as international investors seek reassurance
about the way their investments are being managed and risks

Not surprisingly, convergence models that have been developed lie between
the insider/outsider models, and between profit-orientated and ethical
stakeholder approaches.

The result of encouraging better standards of CG should be that:

o Better governance will attract more investment from global investor.
o Companies will benefit from more investment finance, to increase their
o National economies will benefit from having strong and profitable

Disadvantages of international codes of CG:

These international codes can often represent an attempt to find the lowest
common denominator.

Attempts to find global solutions can be difficult because of differences in

legal systems, financial systems, cultures, economies and structures of

International guidelines will be based on practice in a number of regimes;

accordingly it may lag behind changes in the more advanced regimes.

These international guidelines have no legal status.

d) Explain and briefly explore the development of corporate governance codes in

principles-based jurisdictions.
i) Impetus and background:
Principles-based is based on the view that a single set of rules is inappropriate
for every company. The UK Cadbury report suggested that a voluntary code
coupled with disclosures would prove to be more effective than a statutory
code in promoting the key principles of openness, integrity, and
The development of CG practices in the UK is interesting because it helps to
show how different aspects of CG emerged whenever problems with CG
became known. In other words, codes of CG are reactive, not proactive.
ii) Major corporate codes:
The Cadbury report (1992). This was the first CG code in the UK. It was a
reaction to several financial scandals involving listed UK companies. The main
problems were considered to be in the relationship between auditors and
boards of directors. There was thought that commercial pressures on both
directors and boards caused pressure to be exerted on auditors, and too
often, auditors gave in (capitulated). Problems were also perceived in the
ability of the board to control their organizations.
CG responsibilities:
o Directors are responsible for CG.
o Shareholders are linked to the directors through the financial reporting
o Auditors provide shareholders with an external opinion on the
directors financial reports.
o Other concerned users, particularly the employees are indirectly
addressed by the financial statements.
Code of best practice: The primary aim was to all UK listed companies, but
the directors of all companies were encouraged to use the Code.

The Greenbury Code (1995):

o This had to do with remuneration packages of directors.
o The code established principles for the determination of directors pay
and detailing disclosures to be given in the annual reports and

The Hampel report (1998):

o Aimed to restrict the regulatory burden on companies and substituting
principles for detail whenever possible.

iii) Effects of:

Recommendations of Cadbury:
o Board should meet on a regular basis in order to retain control and
monitor management.
o Should be clear division of responsibilities at the head of the company,
with no one person having complete power.
o Should be at least 3 NEDs on the board, a majority of whom should be
independent of management.
o Report contains provisions about the length of service contracts and
disclosure of remuneration that are developed further in the
Greenbury and Hampel reports.
o Audit committee is a board committee. It should liaise with internal
and external auditors and provide a forum for both to express their
concerns. The committee needs to review half yearly and annual
o Annual report should present a balanced and understandable
assessment of the companys position. Statements should be made
about the companys going concern and the effectiveness of its
internal controls.
Recommendations of Greenbury:
o The remuneration committee should determine executive directors
remuneration and that this committee should be comprised solely of
o Directors service contracts should be limited to one year.
Recommendations of Hampel report:
o The accounts should contain a statement of how the company applies
the CG principles.
o The accounts should explain their policies,
circumstances justifying departure from best practices.



The London Stock Exchange issued the 1st Combined Code in 1998, which was
derived from the recommendations of Cadbury, Greenbury and Hampel reports.
The 2nd Combined Code took the 1st Combined Code and includes the following
o The Turnbull Report (1999 and revised 2005) focused on risk
management and internal controls.
o The Smith Report (2003) discussed the role of the audit committee.
o The Higgs Report (2003) focused on the role of the NED.
e) Explain and explore the Sarbanes-Oxley Act of 2002 as an example of a rulesbases approach to corporate governance.
i. Impetus and background: SOX was a reaction to the Enron scandal of 2002.
The main reasons why Enron collapsed was over-extension in energy
markets, eventually too much reliance on derivatives trading which eventually
went against the company, breaches of federal law, and misleading and

dishonest behavior. However, the scandal exposed a number of weaknesses

in the CG:

Lack of transparency in the accounts. Enron used a number of SPE

to keep debt off the books (off balance sheet).

Ineffective CG arrangements. NEDs were weak and there were

conflicts of interest (e.g., the chair of the audit committee was Wendy
Gramm, whose husband, Senator Gramm, received substantial political
donations from Enron.).

Inadequate scrutiny by the external auditors.

Information asymmetry. This is an agency problem when

directors/managers know more than the investors. The investors
included the employees who tied up their wealth in Enron shares only
to see Enron shares become worthless. However, many of Enron
directors sold their shares when they began to fall.

Executive compensation methods. This was meant to align the

interest of the shareholders and managers.

ii. Main provisions/contents:

The Sarbanes-Oxley Act of 2002 was signed into law on July 30, 2002. The
Act contains far-reaching provisions affecting publicly-held companies, their
officers and directors, and the independent auditors who audit their financial
1) The Act established the Public Company Accounting Oversight
Board (PCAOB) - This Board is charged with overseeing the audits
done by public accounting firms. The Board, whose members are
appointed by the SEC, has five financially-literate members from the
private sector. Two of the members must be or have been certified
public accountants. The remaining three must not be and cannot have
been CPAs. The Chair may be held by one of the CPA members only if
that member has not been a practicing CPA for five years.
The responsibilities of the PCAOB include:

Registering public accounting firms that audit publicly listed


Establishing auditing, quality control, ethics, independence and

other standards relating to the preparation of audit reports for

Conducting inspections of registered public accounting firms,

annually for firms that audit more than 100 issuers and every
three years for others;

Conducting investigations and disciplinary proceedings and

imposing appropriate sanctions;

Enforcing compliance with the Act, the rules of the Board,

professional standards, and securities laws relating to audit
reports and the obligations of accountants for them; and

Management of the operations and staff of the Board.


2) Prohibited activities to maintain auditor independence - It is

unlawful for any registered public accounting firm to provide any nonaudit services to an issuer along with the audit. These include:

Bookkeeping or other services related to the accounting records

or financial statements of an audit client;

Financial information systems design and implementation;

Appraisal or valuation services, fairness opinions or contributionin-kind reports, or actuarial services;

Internal audit outsourcing services;

Management functions, broker or dealer, investment adviser, or

investment banking services;

Legal services or expert services unrelated to the audit; or

Any other service








3) Auditor rotation required The lead audit or coordinating partner

must rotate off the audit every five years.
4) Auditor reporting to audit committees The audit firm must report to
the audit committee all critical accounting policies and practices to be
used, all alternative treatments of financial information that have been
discussed with management, the ramifications of the use of these
alternative disclosures and treatments, and the treatment preferred by
the firm.
5) Conflicts of interest The CEO, CFO, and Controller, Chief
Accounting Officer or any person in an equivalent position cannot have
been employed by the companys audit firm during the one-year period
preceding the audit.
6) Audit committees:

Members of the audit committee shall be members of the board

of directors of the issuer but otherwise shall be independent.

The audit committee is to be directly responsible for the

appointment, compensation, and oversight of the registered
public accounting firm employed to perform the audit.

The audit committee is to establish procedures for the receipt,

retention, and treatment of complaints received by the issuer
regarding accounting, internal controls, and auditing.

The audit committee shall have the authority to engage

independent counsel or other advisors as necessary to carry out
its duties, and the issuer shall provide appropriate funding to the
audit committee

7) Corporate responsibilities:

The CEO and CFO shall prepare a statement that accompanies

the audit report to certify the appropriateness of the financial
statements and disclosures contained in the periodic report, and
that those financial statements and disclosures fairly present, in

all material respects, the operations and financial condition of the

issuer. A knowing and intentional violation gives rise to personal

Each annual report of an issuer must contain an internal

control report which states the responsibility of management
for establishing and maintaining an adequate internal control
structure and procedures for financial reporting. It must also
contain an assessment, as of the end of the issuers fiscal year,
of the effectiveness of that internal control structure and
procedures for financial reporting.

The issuers auditor shall attest to and report on the assessment

made by the management of the issuer in accordance with
standards for attestation engagements issued or adopted by the
Board. The auditors evaluation should not be a separate
engagement or a basis for increased charges or fees.

It is unlawful for any officer or director of an issuer to attempt to

fraudulently influence, coerce, manipulate or mislead any auditor
engaged in the performance of an audit in order to render the
financial statements materially misleading.

If an issuer is required to make a restatement due to material

noncompliance with financial reporting requirements, the CEO
and the CFO shall forfeit any bonus or other incentive-based or
equity-based compensation they have received during the twelve
months following the issuance or filing of the document and any
profits realized from the sale of securities of the issuer during that

Insider trades (purchases or sales) are prohibited during any

pension fund blackout periods.

All material off-balance sheet transactions and other

relationships with unconsolidated entities that may have a
material current or future effect on the financial condition of the
issuer are to be disclosed in each annual and quarterly financial

Personal loans from an issuer to any director or executive officer

are prohibited.

Company insiders must promptly notify the SEC whenever they

buy or sell company stock.

8) Directives to the SEC: The SEC was directed to issue rules regarding:

Enhanced disclosure of off-balance-sheet transactions;

An internal control report to be included in each annual report;

Disclosure by each issuer as to whether it has adopted a Code of

Ethics for its senior financial officers, and the contents of that

Disclosure by each issuer as to whether at least one member of

its audit committee is a financial expert.

Revised regulations concerning disclosure on Form 8-K to

require immediate disclosure of any change in, or waiver of, an
issuers Code of Ethics. Furthermore, issuers must disclose
information on material changes in their financial condition or
operations on a rapid and current basis.

9) Whistleblowing provisions:
Employees of issuers and accounting firms were extended
whistleblower protection that would prohibit their employers
from taking actions against them. Whistleblowers were also
granted a remedy of special damages and attorneys fees.
iii. Effects of:

There are about 1500 non US companies, including many of the

worlds largest that list their shares in the US. These companies
therefore need to be in compliance with SOX.

There is criticism that SOX conflicted with local CG customs, and

following intense round of lobbying from outside the US, changes to
the rules were secured. For example, German employee
representatives, who are non-management, can sit on audit
committees, and AC do not have to have board directors if the local
law says otherwise, as it does in Japan and Italy.

Also, since the US is such an influence overseas, SOX may influence

certain jurisdictions to adopt a more rules-based approach.

f) Describe and explore the objectives, content and limitations of, corporate
governance codes intended to apply to multiple national jurisdictions.
i. OECD report of 2004: The objective of OECD is to encourage development in
the worlds economy. The principles of OECD are the minimum for corporate
governance since the confidence of the investors is dependent on the quality
of corporate governance in companies whose shares are traded on the stock
Principles are:

To assist governments of countries to improve the legal, regulatory and

institutional framework for corporate governance in their countries, and

Provide guidance to stock exchanges, investors and companies on how

to implement best practice in corporate governance.

ii. ICGN report of 2005: The ICGN is a voluntary association of major

institutional investors, companies, financial intermediaries and other
organizations. Its aim is to improve corporate governance practices around the
world, in all countries where institutional investors seek to invest.
The principles of ICGN are similar to those of OECD, in that they deal with
transparency and disclosure, rights and responsibilities of the shareholders,
and the role structure of the board of directors.
Limitations of International Codes or Statements of Principles
There are several limitations to these international codes:


Because they apply to all countries they can only be general principles.
They cannot be detailed guidelines and because they are not detailed,
they are of limited practical value.

The main objective is to raise standards of corporate governance in the

worst countries. They are of less value in countries where corporate
governance is well established, such as in Europe, USA, etc.

Unlike national laws and codes, there is no regulatory authority to force


7. Corporate governance and corporate social responsibility

a) Explain and explore social responsibility in the context of corporate
Corporate social responsibility (CSR) refers to the responsibilities that a company has
towards society. CSR can be described decision-making by a business that is linked
to ethical values and respect for individuals, society and the environment, as well as
compliance with legal requirements.
CSR is related to the idea that as well as their responsibilities to shareholders,
boards of companies are also responsible to the general public and other stakeholder
Carrolls model of social responsibility suggests there are four ascending levels of
social responsibility. Lower levels should be generally addressed first, although true
responsibility can only be demonstrated with reference to all four.
1) Economic responsibilities: Companies have economic responsibilities to
shareholders who require a good return on their investment, to employees
who want fair employment conditions and reasonable wages, to customers
who want value for money, the suppliers who want to get paid on time and
2) Legal responsibilities: Companies have an obligation to respect societys
moral views as expressed in legislative codes. Obeying these laws must be
the foundation of an organizations compliance with social responsibilities.
3) Ethical responsibilities: Apart from compliance with legal requirements,
companies should act in a fair and just way even if the law does not compel
them to do so.
4) Philanthropic responsibilities: According to Carroll, these are desirable
requirements as opposed to mandatory. They include charitable donations and
contributions to local community projects.
The principles of CSR. There are five main aspects.
1) A company should operate in an ethical way, and with integrity.
2) A company should treat its employees fairly and with respect.
3) A company should demonstrate respect for human rights. For example, a
company should not tolerate child labor.
4) A company should be a responsible citizen in its community.
5) A company should do what it can to sustain the environment for future
generations. This could take the form of:

Reducing pollution of the air, land or rivers and seas.

Developing a sustainable business, whereby all the resources used by

the company are replaced.

Cutting down the use of non-renewable (and polluting) energy

resources such as oil and coal and increasing the use of renewable
energy sources (water, wind).

Re-cycling of waste materials.

b) Discuss and critically assess the concept of stakeholders and stakeholding in

organizations and how this can affect strategy and corporate governance.
The concept of corporate citizenship and corporate social responsibility is consistent
with a stakeholder view of how a company should be governed. A company has
responsibilities not only to its shareholders, but also to its employees, all its
customers and suppliers, and to society as a whole.
In developing strategies for the future, a company should recognize these
responsibilities. The objective of profit maximization without regard for social and
environment responsibilities should not be acceptable.
Problems of dealing with stakeholders: When dealing with stakeholders, certain
problems could arise, such as:

Dealing with stakeholders may be time consuming and expensive.

Could be a culture clash between company and certain groups of


There may be a conflict between company and stakeholders on certain issues

when they are trying to collaborate.

Full consensus is difficult or impossible to achieve and the solution may not be
strategically desirable.

Social Responsibilities can impact what companies do in a number of ways,

such as:

Objectives and mission statements. A company that publicizes a mission

statement and mentions its social objectives is a sign that the board believes
that they have a significant impact on strategy.

Ethical code of conduct. Having a code a conduct is a way for the company
to signify its pursuit of good corporate behavior.

Corporate social reporting and social accounts. As part of social

responsibility, a company may decide to report on its ethical and social
conduct, or possibly produce social accounts showing quantified impacts on
each of the organizations stakeholder constituencies.

Corporate governance. Impacts on CG could include representatives from

key stakeholder groups on the board, or perhaps even a stakeholder board of

c) Analyze and evaluate issues of ownership, property, and the responsibilities

of ownership in the context of shareholding.
This is based on the idea that as a shareholder, you have to not only consider the
return you get on the share but you need to also consider your responsibility as a

shareholder to society as a whole. This means that as a shareholder, you should be

insisting that those managing the company carry out a policy that is consistent with
the public welfare.
Problem with this theory is the great dispersion of shareholders. This means that
shareholders with small percentages holdings have negligible influence on
The idea of ownership responsibility has had a significant influence because of the
importance of institutional investors. Not only do they have a level of shareholdings
that can be used to pressure managers, but they also have a fiduciary responsibility
as trustees on behalf of their investors.
d) Explain the concept of the organization as a corporate citizen of society with
rights and responsibilities.

Corporate citizen of society is a business strategy that shapes the values

underpinning a companys mission and the choices made each day by its
executives, managers and employees as they engage with society. Three core
principles define the essence of corporate citizenship, and every company
should apply them in a manner appropriate to its distinct needs (Boston
Center for Corporate Citizenship):
1) Minimizing harm.
2) Maximizing benefit.
3) Being accountable and responsive to stakeholders.

Matten suggested the following three views of Corporate Citizenship:

1) Limited view A limited approach, restricted to local charitable
donation and sponsorship of local community projects or activities
where he positive PR is seen as justifying the expense.
2) Equivalent view This is a wider approach partly voluntary (local
activities), partly imposed by legislation (e.g., requirements to comply
with EPA regulations and CG codes). CSR activities are focused on a
wider class of stakeholders, based on meeting economic, legal and
ethical requirements.
3) Extended view Organizations adopt an active social citizenship
approach based on respect for the citizens rights and the idea of the
social contract. Under the extended view, organizations will promote:
o Social rights for example, decent working conditions no
matter what the legal requirements are.
o Civil rights for example, employees right to join a trade union.
o Political rights for example, allowing employees to be active
in politics.

8. Governance: reporting and disclosure

a) Explain and assess the general principles of disclosure and communication
with shareholders.
The general principles of disclosure and communication are covered under the
Turnbull report.

The original Combined Code in 1998 included provisions relating to the responsibility
of the board for the effectiveness of the system of internal control and risk
management. The Turnbull Committee was established by the Institute of
Chartered Accountants in England and Wales (ICAEW), and was given the task of
providing guidelines to companies about this aspect of the Combined Code. The
Turnbull Report was published in 1999.
General principles of disclosures:
Here are the disclosure requirements:

The governing body acknowledges responsibility for the system of internal


An ongoing process is in place for identifying, evaluating and managing the

significant risks;

An annual process is in place for reviewing the effectiveness of the system of

internal control;

There is a process to deal with the internal control aspects of any significant
problems disclosed in the annual report and accounts.

What information should be disclosed? There are three main categories of

information that investors need from a company.

Financial information about the past performance of the company, its financial
position and its future prospects.

Information about the ownership of shares in the company, and voting rights
associated with the shares. This is important for global investors, who may
have problems with investing in companies where there is a majority
shareholder, or where there is a complex structure of share ownership, or
where some shareholders have more voting rights than other shareholders.

Corporate governance information. This is explained in more detail later.

There are several basic principles for disclosure and communication of


The information should be reliable.

Information should be understandable.

Information should be timely.

When information is disclosed by companies, it should be equally available to

all investors. The OCED Principles state that the way information is distributed
should enable users to access relevant information in an equal, timely and
cost-efficient manner.

Information should

The opportunities for exploiting confidential information to make a personal

profit should be minimized. By making information available to investors
quickly, opportunities for insider dealing should be reduced.









b) Explain and analyze







Annual reports must convey a fair and balanced view of the organization. They
should state whether the organization has complied with governance
regulations and codes. It is considered best practice to give specific
disclosures about the board, internal control reviews, going concern status
and relations with stakeholders.

CG codes recommend that the annual reports of listed companies should

state the extent to which the company has complied with relevant laws,
regulations and CG codes, the areas of non-compliance and reasons for such

Recommended disclosures include:

o Information about the board of directors.
o Reports from the Audit Committee, Nomination Committee, and
Remuneration Committee.
o An explanation of directors and auditors responsibilities in relation to
the accounts.
o Details of the external auditors, noting any changes and steps taken to
ensure auditor objectivity and independence when non-audit services
have been provided.
o A statement from the directors as to the effectiveness of internal
controls, including risk management.
o A statement on relations with, and dialogue with shareholders.
o A statement that the company is a going-concern.
o A sustainability report, including the nature and extent of social, ethical,
health and safety and environmental management policies and

Good disclosure helps reduce the gap between the information available to
directors and the information available to shareholders, and addresses one of
the key difficulties of the agency relationship between directors and

c) Define and distinguish between mandatory and voluntary disclosure of

corporate information in normal reporting cycle.
Mandatory means that it is required by the government and by the accounting
standards. For example, companies have to disclose:

Statement of Income (Comprehensive income).

Statement of Cash flow.

Financial position.

Auditors report.

Statement of going concern.

Statement as to responsibility to preparing the accounts (board and


Directors remuneration.

Voluntary can be defined as any disclosure above the mandated minimum. This is
information is not required to be published but often is because it gives stakeholders
information that they like to see.

Statement of risk.

The chairmans statement.

Statement of social and environmental report.

Segmental data, etc.

Advantages to disclosing information voluntarily.

Wider information provision. Would give stakeholders a better idea of the

environment within which the company is operating and how it responds to its

Different focus of information.

d) Explain and explore the nature of, and reasons and motivations for, voluntary
disclosure in a principles-based reporting environment (compared to, for
example, the reporting regime in the USA).

Voluntary disclosure can be defined as any disclosure above the mandated

minimum. Examples include the CEOs report, a social/environmental report,
additional risk or segmental data.

Disclosing information voluntarily, going beyond what is required by law or

listing rules can be advantageous for the following reasons:
o Wider information provision. Going beyond should give shareholders
a better idea of the environment within which the company is operating
and how it is responding to that environment. This enables investors to
carry out a more informed analysis of strategies that the company is
pursuing, and reducing information asymmetry between directors
and shareholders.
o Different focus of information. Voluntary information can focus on
future strategies and objectives, giving readers a different perspective
to compulsory information that tends to be focused on historical
accounting data.
o Assurance about management. Gives investors another yardstick to
judge the performance of management. Demonstrates managements
concern for all aspects of company performance.
o Consultation with equity (institutional) investors. The voluntary
disclosures a company makes can be determined by consulting with
major equity investors, such as institutional shareholders on what
disclosures they would like to see in the accounts.

The UK government set the process when trying to decide what voluntary
disclosures to include.
o The process should be planned and transparent, and communicated
to everyone responsible for preparing the information.


o The process should involve consultation within the business and with
shareholders and other key groups.
o The process should ensure that all relevant information should be
taken into account.
o The process should be comprehensive, consistent and subject to
e) Explain and analyze the purpose of the annual general meeting and
extraordinary general meetings for information exchange between board and
The AGM (Annual General Meeting) is the most important formal means of
communications. Governance guidance suggests that boards should actively
encourage shareholders to attend the AGM.
Hampel report contains recommendations on how the AGM can be used to enhance
communications with shareholders:

Notice of AGM and related papers sent to shareholders at least 20 days

before the AGM, and held at least once a year.

Companies should provide business presentation at the AGM, with Q&A


Chair of the key sub-committees should be available to answer questions.

Shareholders should be allowed to vote separately on each substantially

separate issue. Bundling unrelated proposals in a single resolution should

Companies should propose a resolution at the AGM relating to the report and

The UK stewardship code 2010, emphasizes the importance of institutional

investors attending AGMs and using their votes, to translate their intention into
practice. Also, institutional investors should provide their clients with details of
how theyve voted.

Codes with international jurisdictions, such as OECD principles, emphasize

the importance of eliminating impediments to cross-border voting. Crossborder voting is a problem in Europe. Problems include:
o Communication problems, and
o Also, legal uncertainty as to who actually is entitled to determine how
the votes on the shares are cast.

f) Describe and assess the role of the proxy voting in corporate governance.

A shareholder has the right to vote.

However there may be a case where the shareholder cannot be at the

meeting to vote, so the shareholder appoints an agent (proxy) the right to vote
on his/her behalf.

There are rules governing the use of proxies, such as

o Does the proxy have to be a member (part of management),
o Does the proxy has the right to speak, and

o When can the proxy vote.

Proxy form can allow the shareholder either to instruct the proxy how to vote
on some or all the motions, or nominate someone attending the meeting (often
a director) to exercise the shareholders vote at his discretion.

A problem is that unless the proxy card is very elaborately worded, it cannot
anticipate all the possible amendment to the resolution(s) sent out in the
notice of meeting.
o If a substantial amendment is carried, the proxys authority to vote is
unaffected, but he/she no longer has instructions as to how he/she
should vote.

o The proxy should exercise his/her discretion in whatever fashion he/she

honestly believes is likely to reflect the wishes of the shareholder.



Internal Control and Review

1. Management control systems in corporate governance

a) Define and explain internal management control.
Control is defined as:
.any action taken by management to enhance the likelihood that established goals
and objectives will be achieved. Controls may be preventive, directive or directive.
The concept of a system of control is the integrated collection of components and
activities that are used by an organization to achieve its goals and objectives.
Turnbull Report defined control as:
The policies, processes, tasks, behaviors and other aspects of the company taken

Help operate effectively and efficiently. These operational controls should

allow the company to respond in an appropriate way to significant risks to
achieving the companys objectives. This includes the safeguarding of assets
from inappropriate use or loss and fraud and ensuring that liabilities are
identified and managed.

Help ensure the quality of external and internal financial reporting (financial

Help ensure the compliance with applicable laws and regulations, and also
with internal policies for the conduct of business (compliance controls).

Explain internal management control:

A theorist called Emmanuel states that any control system has 4 characteristics.
1) There has to be a set the objectives. The purpose of all control systems is
to try and guide the organization towards desired goals and objectives.
2) There has to be a plan. In a typical accounting control system a plan is
prepared the budget.
3) Have to be able to measure the results. The output from the process is
compared against the standard.
4) Have to take corrective action. Any deviations (variances) must be
The Cynbernetic control model has 6 key stages:
1) Identification of system objectives.
2) Setting targets.
3) Measure outputs.
4) Comparing achievements with targets.
5) Identifying corrective action.
6) Implementing corrective action.

The Turnbull Guidelines state that a sound system of internal control should:

Be embedded in the operations of the company and form a part of its culture.

Be capable of responding quickly to risks as they evolve.

Include procedures for reporting significant weaknesses and failures of control

to the appropriate level of management.

Limitations of internal controls:

IC can only provide reasonable assurance, not a guarantee.

There is the possibility of management override of controls.

There is the possibly of collusion between 2 or more employees to commit


There is the possibility that a mistake happening.

The costs outweigh the benefits of implementing the controls.

Poor judgment in decision-making.

b) Explain and explore the importance of internal control and risk management in
corporate governance.

A companys system of internal control has a key role in the management of

risks that are significant to the fulfillment of its business objectives. A sound
system of internal control contributes to safeguarding the shareholders
investment and the companys assets.

The board of directors is responsible for the effectiveness of the system of

internal control and risk management and there should be regular review of
internal control and risk management. The board has to delegate responsibility
for implementing controls.

Organizations need to develop risk management strategies in order to deal

with the potential for losses. How it deals with potential losses is by having
strong internal controls.

Internal control facilitates the effectiveness and the efficiency of operations,

helps ensure the reliability of internal and external reporting and assists
compliance with laws and regulations.

Effective financial controls, including the maintenance of proper accounting

records, are an important element of internal control. They help ensure that
the company is not unnecessarily exposed to avoidable financial risks and that
financial information used within the business and for publication is reliable.
They also contribute to the safeguarding of assets, including the prevention
and detection of fraud.

Turnbull emphasizes that internal controls need to be changed and reviewed

to take account of an organizations changing environment. A sound system of
internal control therefore depends on a thorough and regular evaluation of the
nature and extent of the risk to which the company is exposed. Since profits
are, in part, the reward for successful risk-taking in business, the purpose of
internal control is to help manage and control risk appropriately rather than to
eliminate it.


Benefits vs. costs. It can sometimes be difficult to estimate the benefit arising
from having an internal control until such time as an organization suffers a loss
from not having such an internal control.

Turnbull states that in order to determine its policies in relation to internal

controls and decide what constitutes a sound system of internal control, a
board should consider the following:
o The nature and extent of the risks facing the company.
o The categories of risk deemed acceptable.
o The likelihood of risks materializing.
o The companys ability to reduce the negative consequences of risks
that do materialize.
o The costs of operating the controls vs. the benefit obtained in managing
the risk.

c) Describe the objectives of internal control systems.

Based on the Turnbull guidelines, an internal control system encompasses the
policies, processes, tasks, behaviors and other aspects of a company that, taken
1) Facilitate its effective and efficient operation by enabling it to respond
appropriately to significant business, operational, financial, compliance and
other risks to achieving the companies objectives. This includes the
safeguarding of assets from inappropriate use or loss and fraud and ensuring
that liabilities are identified and managed.
2) Help ensure of internal and external reporting. This requires the
maintenance of proper records and processes that generate a flow of timely,
relevant and reliable information from both within and outside the organization.
3) Help ensure compliance with applicable laws and regulations, and also
internal policies and procedures with respect to the conduct of business.
d) Identify, explain and evaluate the corporate governance and executive
management roles in risk management (in particular the separation between
responsibility for ensuring that adequate risk management systems are in
place and the application of risk management systems and practices in the
The board has overall responsibility for risk management as it is an essential part of
its corporate governance responsibilities.
Responsibilities below board level will depend on the extent of delegation to line
managers and whether there is a separation of risk management function.
The board responsibility:

Helps to determine risk management strategy and has a monitoring function

regarding risks.

Set appropriate policies on internal controls and seeks assurances that the
internal control system is functioning effectively.

Needs to communicate the organizations strategy to employees.


The CEO:

Has ownership of the risk management and internal control system.

Has to consider the risk and control environment, focusing on how to promote
the right culture.

Should also monitor other directors and senior staff, particularly those whose
actions can put the company at significant risk.

The Risk Management Committee:

Boards also need to consider whether there should be a separate board

committee, with responsibility for monitoring and supervising risk identification
and management.
o If the board does not have a separate risk management board, then
the audit committee will be responsible for risk management.

e) Identify and assess the importance of the elements or components of internal

control systems.
Based on COSO, there are five components of internal control. These are:
1) Control Environment.
2) Risk Assessment.
3) Control Activities.
4) Information and Communication.
5) Monitoring.
In the following we discuss each component in more detail.
Control Environment:
The control environment provides the foundation for all the other components,
influencing the control consciousness of all the people in the organization. It sets the
tone for the entire organization.
There are seven primary principles behind building a solid control environment.
These seven principles are:
1) Having integrity and ethical values. Integrity and ethical values have to
be set by top management and the board. As the saying goes: Employees
do as management does, not as they say.
2) Having a commitment to financial reporting competencies. This means
having the right people in the right positions.
3) Having the right human resource policies and procedures. Proper
human resource management is making sure the company has the right
policies and procedures to help facilitate control over company operations.
4) Properly assigning decision-rights.
5) Understanding managements philosophy and operating style. This
means having the right tone at the top.


6) Having proper board and audit committee oversight. Proper oversight is

making sure the goals of the board and audit committee are in line with the
goals of management.
7) Having the right organizational structure.
Note: The mnemonic is IC HAMBO.
Internal controls are more likely to function well if management believes that the
controls are important and communicates that support to employees at all
levels. If management believes controls are meaningless or even an obstacle,
employees will notice this attitude. And in spite of formal policies saying otherwise,
employees will then view internal controls as red tape to be cut through to get the
job done.
Organizations with effective control environments set a positive tone at the top.

They transmit guidance both verbally and by example, communicating the

entitys values, standards and code of conduct, and they follow up on
violations. There are mechanisms to encourage employee reporting of
suspected violations, and disciplinary actions are taken when employees fail
to report them.

They foster a control consciousness by setting formal and clearly

communicated policies and procedures that are to be followed at all times,
without exception, and which result in shared values and teamwork.

They specify the competence level needed for particular jobs, hire and retain
competent people, and assign authority and responsibility appropriately.

The board of directors is responsible for setting corporate policy and for
seeing that the company is operated in the best interest of
shareholders. The attention and direction provided by the directors is critical.
The board consists of both inside and outside directors who have adequate
expertise and who are active and involved. Independence from management
is critical, so that if necessary, difficult and probing questions will be raised.

A companys organizational structure is key to its ability to achieve its objectives

because the organizational structure provides the framework for all its
Aspects of establishing an organizational structure include:
Defining the key areas of authority and responsibility and delineating reporting

The companys organizational structure should be whatever suits its needs.

It may be centralized or decentralized. It may have direct reporting
relationships or reporting may be more like a matrix. It may be organized by
industry, product line, geographical location or distribution network, or it may
be organized functionally.

Authority and responsibility should be delegated to the extent necessary

to achieve the organizations objectives.

The control environment is influenced by the fact that all individuals in the
organization realize that they will be held accountable.

Risk Assessment:
Within the control environment, management is responsible for the assessment of
risk. A risk is anything that endangers the achievement of an objective. The
questions should always be asked: What could go wrong here? What assets do we
need to protect?
Risk assessment is the process of identifying, analyzing, and managing the risks that
have the potential to prevent the organization from achieving its objectives.
Assessment of risk involves determining the volume of transactions and the average
dollar amount per transaction, the dollar value of assets that are exposed to loss, as
well as the probability that a loss will occur.
The companys objectives must be established before the risks can be assessed.
Risk assessment forms the basis for determining how the risks (external or internal)
should be managed.

External risks include changes in technology, changes in the market in which

an entity operates, new legislation bringing new requirements, natural
disasters, economic changes, a failure of a key supplier, or being sued,
defrauded, or robbed.

Internal risks include employee embezzlement accompanied by falsification

of records to conceal the theft, lack of compliance with government
regulations, or other illegal acts by employees, such as taking a bribe. They
can include disruption in computer systems, poor management decisions,
errors, or accidents. Changes in management responsibilities can affect
control activities, and an ineffective board or audit committee may leave
openings for fraudulent actions on the part of anyone in the organization.

Control Activities:
After the risks have been assessed, controls should be designed to limit the risk. To
accomplish this, control activities are implemented. Control activities are the
policies that address the identified risks and the procedures that ensure that
management directives are carried out, thus helping ensure that the organizations
objectives will be achieved. Thus, controls should be designed to limit risk, wherever
risk exposure is determined to exist, for the purpose of protecting the
organizations ability to achieve its objectives.
This risk could be in the form of loss of assets, or it could be a misstatement of
accounting or management information. The identified risks cannot be completely
eliminated, but designing appropriate control activities and ensuring that those
control activities are implemented can minimize them.
In addition, management must comprehend laws and regulations imposed on the
organization from the outside and ensure that compliance policies and procedures
are in place.
Control activities can be preventive, to avoid the occurrence of an unwanted event;
detective, to detect the occurrence of an unwanted event; directive, to ensure the
occurrence of a desirable event; or corrective, to correct an occurrence of an

undesirable event. A control activity can also be compensating, to compensate for

what appears to be a weakness in controls.

Preventive: Segregation of duties, suitable authorization of transactions,

checking creditworthiness of customers before goods are shipped. These may
be yes/no controls that check if a certain condition exists.

Directive: For example, managers of a construction company instructing

project managers to hire local workers in order to create a favorable image in
the communities in which it operates.

Detective: Bank reconciliations, checking for missing document numbers in

pre-numbered documents, performance reporting with variances.

Corrective: Procedures put in place to remedy problems discovered by

detective controls, such as steps taken to identify the cause of the problem, to
correct errors arising from the problem, and to modify the processing system
to minimize future occurrences of the problem.

Compensating: Controls that compensate for shortcomings elsewhere. A

bank reconciliation may be a compensating control as well as a detective
control, because it can compensate for flaws in the controls that are typically
established over the receipts or disbursement processes.

There are five core principles that drive the financial reporting process. These
principles are:
1) Segregation of duties. Segregation (separation) of duties is considered to be
the most important control devices that a company has in order to reduce risk
of errors or inappropriate activities (fraud). It is simply the process of dividing
duties among various employees. This ensures that no single individual is
given too much responsibility so that no employee is in a position to both
perpetrate and conceal irregularities.
The following four functions should be done by different people.
1) Authorizing a transaction;
2) Recording the transaction, preparing source documents, maintaining journals;
3) Keeping physical custody of the related asset for instance, receiving checks in the mail; and
4) The periodic reconciliation of the physical assets to the recorded amounts for those assets

2) Authorization. Employees should be appropriately empowered so they can

perform their tasks, receive specific documents and make decisions that
impact transactions and assets. Their authority must involve some kind of
validation such as signature or authorization. Regarding authorization, it can
be either general or specific.

General Authorization is where management sets policies for all to

follow. Examples of general authorization are the issuance of price lists


for products and services, credit limits on customers, reorder points for
making inventory purchases, and others.

Specific Authorization has more to do with individual transactions,

where management is unwilling to make a general policy. In these
cases, management would prefer to do it on a case-by-case basis. An
example is the authorization of a sales transaction of a fixed asset,
such as a piece of equipment.

3) Adequate documents and recordkeeping. Management is responsible for

the safeguarding of assets and it must have confidence in the accuracy and
legitimacy of its source documents, including: sales invoices, purchase orders,
subsidiary ledgers, sales journals, employee time cards, etc
In order to ensure the adequacy of the source documents, they should be

Pre-numbered in order to account for all documents, reducing the

likelihood of fraudulent use. Can also help prevent transaction from
being recorded twice or not being recorded at all.

Prepared at the time the transaction occurs.

Sufficiently simple to ensure that they can be understood so the

processing can be completed in a timely manner.

4) Safeguarding of assets and records. The most visible safeguarding controls

include controls to protect the companys assets from losses due to natural
disasters like floods, hurricanes, tornadoes, etc. Safeguarding controls also
include physical protection measures to restrict access to assets and
documents such as records and blank checks, purchase orders, bank codes,
etc., to authorized personnel. Items must be counted periodically and
compared with control records.
5) Independent verification. Our last principle has to do with making sure the
other four principles are being followed to your satisfaction. Checks performed
by someone other than the person responsible for the original operation are
generally more effective at assuring that transactions are processed and
activities are performed accurately. This is like having a new pair of eyes to
spot mistakes that the originator did not catch. It might be that this
independent verification could be a customer complaining about an incorrect
bill or accounts receivable balance.
Information and Communication:
Relevant information must be identified, captured, and communicated in a manner
that enables people to carry out their responsibilities. This means reports must
contain the information that management needs and must be available in a timely

Communication must be ongoing, both within and between various levels and
activities of the organization. All personnel must understand their roles in the


internal control system and have a means of communicating significant

information upstream.

Reports must be available containing operational, financial, and compliance

information needed for informed decisions.

Supervisors must communicate duties and responsibilities to the employees

that report to them, and employees must be able to alert management to
potential problems.

Information must be communicated to those outside the organization, such as

vendors, and must be able to be received from external sources.

The systems must provide a way to communicate important information to the

very top of the organization, when appropriate.

Finally, management monitors the entire system. Monitoring assesses the quality of
the internal control systems performance over time. Management must also revisit
previously identified problems to make sure that they have been corrected.
Monitoring can be done in two ways: (1) ongoing monitoring during normal
operations, and (2) separate evaluations by management with the assistance of the
internal audit function. If monitoring is done regularly during normal operations, it
lessens the need for separate evaluations.

If operating reports are used to manage ongoing operations, exceptions to

anticipated results will be recognized quickly.

Monitoring should be done on a regular basis.

When deficiencies in internal control are discovered, they should be reported

immediately to senior management and, for very significant matters, to the board of
directors. Appropriate remedial action should be taken, and the results of the
remedial action should be monitored.

2. Internal control, audit and compliance in corporate governance

a) Describe the function and importance of internal audit.
Defining internal auditing:
Internal auditing is an independent and objective assurance and consulting activity
designed to add-value and improve an organizations operations. It helps the
organization accomplish its objectives by taking a systematic, disciplined approach to
evaluate and improve the effectiveness of risk management, control and governance
processes (Definition of The Institute of Internal Auditing).

The UK Combined Code states that where there is no internal audit function,
the audit committee should consider annually whether there is a need for such
a function.

The need for an internal audit function will depend on:


o Scale, diversity and complexity of the companys activities. The

larger and more complex the company, the more need there is for an
o The number of employees. The more employees there are, the more
need there is. This is making sure that people are well qualified, etc.
o Changes in the risk of the company.
o Problems in the past with IC.
o Cost / benefit of the department.
o An increase in the number of unexplained or unacceptable risks.
o Based on legal requirement. For example, SOX requires that there be
an Internal Audit Activity.
The scale and extent of weaknesses in the internal control system. If the audit
committee considers that there seem to be extensive weaknesses in the internal
control system, the introduction of an internal audit function should help to improve
the control system and provide a benefit to the company. If the committee considers
that controls are sufficient, it will reach the conclusion that an internal audit function is
not (yet) required. However, the committee must be able to justify the reasons for the
recommendation that it makes.
The IAA should serve as the eyes and ears of management, audit committee and
external auditors. The IAA must assess and make appropriate recommendations for
improving the governance process in its accomplishment of the following objectives:

Promoting appropriate ethics and values with the organization. The internal
auditor needs to be an ethics advocate.


Effectively communicating risk and control information within the organization,


Effectively coordinating the activities of and communicating information among

the board, external and internal auditors and management.





Work of Internal Auditing:

A useful mnemonic for remembering the work of internal auditing is SCREAM.

Safeguarding assets.

Compliance with all laws, regulations and internal policies.

Reduce overheads and VFM audits. This has to do with the

effectiveness and efficiency of operations.

Effectiveness of internal controls.

Accuracy of the accounting and other information.

Monitoring risk and reviewing of corporate strategy.

b) Explain, and discuss the importance of, auditor independence in all clientauditor situations (including internal audit).
In order for auditors to be effective, they must:

Be independent. This means working without management pressure.

Be objective. This means working in an unbiased and impartial manner.

Avoid conflict of interest situations.

Report to an appropriate level.

Be free from interference in determining the scope of their work, performing

the actual audit and reporting the results.

For internal auditors, internal auditors must not audit areas for which they may have
had responsibility.
c) Explain, and assess the nature and sources of risks to, auditor independence.
Assess the hazard of auditor capture.

The AC is responsible for monitoring the independence of the external

auditors, and ensuring that the external auditors are independent of the
company and its management.

When reviewing the independence of the external auditor, the AC should take
into consideration the non-audit work performed for the company by the audit
firm, as well as the audit work.

The independence of the external auditors should be assessed in several

o If appointed for the first time, the AC should ask for a statement from
the audit firm that the auditors and their staff have no family, financial,
employment, investment or business relationship with the company,
other than in the normal course of business.
o Every year the AC needs to obtain information from the audit firm about
the policies and processes that it uses for ensuring the continued
independence of the auditors.
o The AC should agree with the board the companys policy on the
appointment to its full-time staff of individuals who were previously a
part of the audit team and are now moving directly from the audit firm to
the company.

Recruiting former auditors could affect the relationship of the

company with the audit firm, and damage the independence of
the auditors.

The AC should check periodically that the policy on the

recruitment of former auditors is complied with by the company.

o The AC should check that the audit firm complies with ethical guidelines
issued by the accountancy bodies and regulatory issues, such as:

Rotation of the audit partners.

The amount of income fee that the audit firm receives from the
company, in relation to the overall fee income of (1) the audit
firm, or (2) regional office of the audit firm, or (3) an individual
audit partner.

The risk that the external auditors might lose their independence from a
company is sometimes called the hazards of auditor capture.

o When an audit firm offers other services to a client, there is possibly

that the auditor could lose his/her independence and objectivity.
o In cases like this it is believed the auditor is deliberately being captured
by the client.
o The term capture implies a deliberate trap being set.
d) Explain and evaluate the importance of compliance and the roles of the IAA in
internal control.

The role of IA will vary according to the organizations objectives, but is likely
to include a review of internal controls, risk management, legal
compliance and value for money.

Internal auditors

Internal audit provides advice on the adequacy and effectiveness of controls

within an organization and its operations and systems:







o Adequacy. Are the existing controls, as designed, sufficient or

adequate to achieve their purpose? Are more or better controls
o Effectiveness. If their design is adequate, are the controls actually
applied properly and effectively in practice?

Every organization has to be in compliance with some law or regulation. It

could be compliance over employee health and safety, or in compliance with
environmental regulations, etc.

In this case, IA would be involved in verifying that the organization is in

compliance. This can be done through compliance audits.

e) Explore and evaluate the effectiveness of internal control systems.

Management has operational responsibility for the effectiveness of internal

control systems.

In the UK:
o The board is responsible for an annual review of the effectiveness of
internal control and risk managements (only for listed companies).
o Management reports to the board about internal control and risk
o The board might carry out the annual review itself or delegate the
detailed work to the audit committee or a risk committee.

The nature of the annual review will depend on the size, nature and
complexity of the companys business.

Turnbull report recommends:

o Since the board cannot rely solely on embedded monitoring processes
it should receive and review reports on internal control.
o The board should consider on an annual basis whether it has assessed
all aspects of internal control.


The board must be able to justify its statement to shareholders on its review of
internal controls and risk management. It must have documented evidence to
back up its claims.

Management reports to the board on internal control should provide a

balanced assessment of the significant risks and the effectiveness of the
internal control system in managing risks.

When reviewing management reports on internal controls and risk

management, the board should consider:
o Significant risks and assess how they had been identified, evaluated
and managed.
o Assess the effectiveness of controls in managing the significant risks,
paying particular attention to significant failings or weaknesses.
o Whether necessary actions were promptly taken to remedy the
significant failings or weaknesses.
o Whether the findings indicate the need for more extensive monitoring of
the system of internal control.

There must be open and honest communications about control weaknesses. A

culture of blame should be avoided, to encourage honesty.

The boards annual assessment should consider:

o The changes since the last annual assessment in the nature and extent
of significant risk, and the companys ability to respond to changes in its
business and the external environment.
o The scope and quality of managements ongoing monitoring of risks
and of the system of internal control, and where applicable, the work of
its internal audit function and other providers of assurance.
o The extent and frequency of the communications of the results of the
monitoring to the board (or board committees) which allow it to build up
a cumulative assessment of the state of control in the company and the
effectiveness with which risk are being managed.
o Significant control weaknesses found in the year and their effect on the
financial performance and position.
o The effectiveness of the companys public reporting processes.

If the board becomes aware of significant failings or weaknesses in internal

control, it should determine how the failing or weakness arose and reassess
the effectiveness of managements ongoing processes for designing,
operating and monitoring the system of internal control.

f) Describe and analyze the work of the internal audit committee in overseeing
the IAA.

IA should functionally report to the AC. The purpose of this is to provide proper
organizational status to IA. By reporting to AC, IA can maintain its
independence. Although, administratively, IA must still report to someone
(such as the CEO) in administrative.

At some stage during the year, the head of internal audit should be required to
report to the AC.

o Approve the appointment or termination of employment of the head of

internal audit (which helps to protect that persons independence).
o Monitor the work of IA (e.g., by requiring the head of IA to report
occasionally to the AC).

The Smith Committee recommends (2003) that the AC should:

o Ensure that the CAE has direct access to the chair of the board and
o Ensure that the CAE is accountable to the AC.
o Review and assess the work plan of the IA and confirm that it is
o Receive reports on a periodic basis form the CAE about work done.
o Review the response of management to recommendations made by the
internal auditors.

Smith Committee recommends about the AC:

o Meet at least once a year with CAE (without an executive managers
being present).
o Monitor and assess the effectiveness of IA with the overall system of
internal control and risk management.
o The Combined Code states that (unless the responsibility is taken on
by the board or given to a separate risk committee) the AC should:

Monitor and review the effectiveness of internal control activities.

If there is no IA function, consider the need for one, and make a

recommendation to the board.

If the decision is that an IA function is not required, to explain the

reason for this in the companys annual report and accounts.

g) Explain and explore the importance and characteristics of, the audit
committees relationship with external auditors.

The AC should ensure the integrity of financial reporting and external auditing
(Smith report).
o Management is responsible for the preparation of complete and reliable
financial statements.
o The AC should monitor the preparation of the financial statement, and
give consideration to the significant estimates and judgments made by
management in their preparation.
o When two or more accounting methods could be used, the AC should
obtain an explanation from management for its choice of methods.
o The AC should compare the views of management with those of the
external auditors.

The AC should refer any problems it finds with the external audit to the full
board for considerations.

The AC is responsible for ensuring that the external auditors:


o Remain independent, free from management pressure and influence,

o Do their job properly.

Appointment of external auditors. Smith report recommends:

o The AC is responsible for recommending (to the board) the
appointment, re-appointment or removal the external auditors.
o The board then makes its recommendation to the shareholders.
o If the board rejects the ACs recommendation, then the committee
should give an explanation in the annual report and accounts.
o The terms and remuneration: Smith recommends that the audit
committee should (each year):

Review and agree the terms of engagement of the auditors.

Discuss with the auditors the scope of the audit.

If necessary, ask for additional work to be done on the audit and

for the auditors to provide more resources.

Satisfy itself that the audit fee is sufficient for the amount of audit
work to be done.

Monitoring the independence of the external auditors.

o There is the risk that that audit firm could become dependent on the
companys management (hazard of audit capture).
o Upon appointment of the audit firm, the AC should ask for a statement
from the audit firm that it has no family, employment, financial,
investment, or business relationship with the company, except in the
normal course of business.
o Each year, the AC should obtain information from the audit firm about
the measures it takes to ensure continued independence from the
o The AC needs to check that the audit firm complies with guidelines of
the accountancy bodies with regard to issues such as:

The rotation of audit partners.

The permissible amount of non-fee income from the audit client.

Auditor and non-audit work.

o The Smith report states that the AC should be responsible for
developing and recommending to the board a company policy on giving
non-audit work to the audit firm.
o The Combined Code states that it is the responsibility of the board to
ensure the independence of the external auditors. In the annual report
and accounts the board should explain to shareholders, if the audit firm
does non-audit work, how auditor independence and objectivity are

Audit effectiveness. The AC should review the adequacy of work done in the
external audit.

o The AC should ensure that an audit plan has been prepared and the
audit firm is committing sufficient resources on the work.
o At the end of the audit, the AC should review the work done by the audit
firm, and:

The issues that arose during the audit,

The key accounting and auditing judgments that were made,

The level of errors identified by the audit,

The response of management to the auditors recommendations

for changes to internal controls.

o Each year, the AC should also:

Review whether the external auditors met the requirements in

the audit plan.

Get feedback from the companys management about the audit.

Review the auditors management letter. Do the auditors show a

good understanding of the business? What has been
managements response to the auditors recommendations?

3. Internal control and reporting

a) Describe and assess the need to report on internal controls to shareholders.

The method and content of reports to shareholders on the effectiveness of IC

will vary between countries.

Listed companies in the US have to report under Section 404 of SOX. In this
case, companies have to provide a detailed statement to shareholders
including details of major control weaknesses about financial controls only.

In the UK, listed companies have to:

o Conduct a review of the effectives of IC and RM systems, and
o Inform shareholders that they have done so.

The Turnbull report recommends that the boards annual report to

shareholders about IC and RM should:
o Summarize the processes used (and the committee used) to carry out
the review of effectiveness.
o Confirm that action has been taken to remedy any control weaknesses
that were found.
o Disclose the process it has used for dealing with the IC aspects of any
significant problem revealed in the annual report and accounts.

Reviewing the effectiveness of IC and RM:

o Regular reports from management to the board.
o An annual assessment by the board.
o The board makes an annual statement to shareholders in the report
and accounts.

b) Describe the content of a report on internal control and audit.

The Turnbull report states that there should be an annual review of internal
controls. The review should cover:
o The changes since the last assessment in risks faced and the
companys ability to respond to changes in its business environment.
o The scope and quality of managements monitoring of risk and internal
control, and of the work of internal audit, or consideration of the need
for an internal audit activity (IAA) if the company does not have one.
o The extent and frequency of reports to the board.
o Significant controls, failings and weaknesses which have or might have
material impacts upon the accounts.
o The effectiveness of the public reporting processes.

Based on the Turnbull report, the board should disclose as a minimum in the
accounts, the existence of a process for managing risks, how the board has
reviewed the effectiveness of the process and that the process accords with
the Turnbull guidance. The board should include:
o Acknowledge that the board is responsible for the companys system of
control and reviewing its effectiveness.
o An explanation that the system can only provide reasonable assurance
against material misstatements or loss. This means that system is
meant to manage rather than eliminate the risk of failure to achieving
business objectives.
o A summary of the process that the directors (or a board committee)
have used to review the effectiveness of the system of internal control
and consider the need for an internal audit activity if the company does
not have one. There should also be disclosure of the process the board
has used to deal with material internal control aspects of any significant
problems disclosed in the annual accounts.
o Information about those weaknesses in internal control that have
resulted in material losses, contingencies or uncertainties which require
disclosure in the financial statements or the auditors report on the
financial statements.

c) Explain and assess how internal controls underpin and provide information for
accurate financial reporting.

It does this by helping to ensure the accuracy and reliability of financial


Internal control helps the company achieve its financial reporting objectives.
Internal control objectives over financial reporting include:
o Transactions are authorized.
o All transactions are recorded:

At the correct amount.

In the correct account.

In the proper accounting period (cut-off).


o Assets and records access are restricted.

o Assets compared with existing ones regularly.

4. Management information in audit and internal control

a) Explain and assess the need for adequate information flows to management
for the purposes of the management of internal control and risk.

Board and managements involvement is a critical element of internal control

systems and the control environment.

Management needs different types of information. For example, they need:

o Financial information.
o Non-financial information such
complaints, human resource data.





o External information about competitors, suppliers, impact of

future economic and social trends.

There are various ways that management can get the information they need
for decision-making.

The information directors need to be able to monitor controls effectively comes

from a variety of sources.
o The directors own efforts. This could entail MBWA (Management by
walking around), regular visits by the directors to operations, etc.
o Reports from subordinates. There must be a system where staff with
supervisory responsibilities report on a regular basis to senior
managers, and senior managers report to the directors.
o Lines of communications. It must be communicated that staff have
lines of communication that can be used to address concerns. This
would include having a whistleblowing program. Whistleblowing
program is where staff wants to say something but at the same time
maintain their anonymity. It is important for staff to know that senior
management does want to know about problems and will deal with
them effectively. Staff must believe that there will be no reprisals for
reporting relevant information.
o Reports from control functions. Organizations that have a key role to
play in IC must report on a regular basis to the board and senior
management. One example is the need for a close relationship
between IA and audit committee.
The HR function should also report regularly to the board about personnel
practices in operational units. Poor HR management can indicate future
problems with controls, since it may create dissatisfied staff or staff who
believe that laxness will be tolerated.
o Reports on activities. The board should receive regular reports on
certain activities. A good example is major developments in
computerized systems.


o Reports on resolution of weaknesses. The board should receive

evidence to confirm that control weaknesses that have previously been
identified have been resolved.
o Results of checks. The board should receive confirmation that
necessary checks on the operation of the controls have been carried
out satisfactorily and that the results have been clearly reported.
Sufficient independent evidence from external or internal audit should
be obtained to reinforce the evidence supplied by operational units.
o Exception reporting. Exception reports highlight variances in
budgeting systems, performance measures, quality targets and
planning systems are an important part of the information that
management receives.
Managers may consider the following issues when deciding whether to
investigate further:


Controllability The decision to investigate or not will depend

on whether a manager is able to control issue.

Variance tread If the trend is getting worse, would be more

likely to investigate. However, if the variance is adverse but the
same variance is always adverse, then the process is in control
and the standard has been wrongly set.

Cost Likely cost needs to be weighed against the cost to the

organization or allowing the variance to continue in future

Interrelationship of variances Highly likely that variances are

interconnected. So, if one variance is adverse, then another
interrelated variance might be adverse as well. For example, if
labor efficiency variance is negative then the variable efficiency
variance will be negative as well (if calculated based on labor).

o Feedback from customers. Customer responses are important

evidence for the board to consider, particularly as regards how controls
ensure the quality of output.

Making the best use of information.

o Comparison of different sources of information. The pictures
gleaned from different sources must be compared and discrepancies
followed up and addressed. For example, if a random or special check
identifies problems that should have been picked up and reported
through regular channels, then the adequacy of these channels needs
to be considered carefully.
o Feedback to others. Directors need to ensure that as well as obtaining
information they need to review internal control systems, relevant
information on controls is also passed to all those within the
organization who need it directly. E.g. Sales staff who obtain customer
feedback on product shortcomings need to be aware of the channels
for communicating with staff responsible for product quality and also
staff responsible for product design.

o Review procedures. As well as investigating and resolving problems

with the information they receive, the board ought to undertake regular
reviews of the information sources that they need. E.g. they need to
assess whether any layers of supervision or review can be reduced.
b) Evaluate the qualities and characteristics of information required in internal
control and risk management and monitoring.

The COSO guidance stresses the importance for boards and management to
have good quality information.

Good information adds to the understanding of a situation.

Good information means that the information is (ACCURATE):


Accurate The numbers add up and there are no typos, items should
be allocated to the correct category, assumptions should be stated for
uncertain information.

ii. Complete The information should contain everything that needs to be

included. For example, external data if relevant, comparative
information or qualitative information as well as quantitative. Sometimes
managers or strategic planners will need to build on the available
information to produce a forecast using assumptions or extrapolations.
iii. Cost/beneficial The benefit of gathering the information should
outweigh its costs. This gets into the issue of materiality.
iv. User-targeted The needs of the user should be borne in mind, for
instance senior managers need strategic summaries, junior managers
need detail.
v. Relevant Information that is not needed for decision making should
be omitted, no matter how interesting it may be.
vi. Authoritative The source of the information should be a reliable one.
However, subjective information (e.g., expert opinion) may be required
in addition to objective facts.
vii. Timely The information has to be timely, which means when it is
needed. It should also cover relevant time periods, the future as well as
the past.
viii. Easy to use Information should be clearly presented, not excessively
long, and sent using the right medium and communication channel
(email, telephone, hard-copy report).



Identifying and Assessing Risk

1. Risk and the risk management process

a) Define and explain risks in the context of corporate governance.
Risk is the probability that some future event could adversely impact the
organization. Risk is measured in terms of probability and impact.
o This type of risk is known as pure risk.

The board has overall responsibility for risk management as an essential

part of its corporate governance responsibilities. Responsibilities below board
level will depend on the extent of delegation to line managers and where there
is a separate risk management function.

b) Define and describe management responsibilities in risk management.

Everyone who works in a company has responsibility for risk management, not
just risk specialists.

The Board the board has a very important role in managing risk.
o Determines risk management strategy and monitoring risks
o Setting appropriate policies on internal controls and seeking assurance
the IC is functionally effectively.
o Communicate the organizations strategy to employees.

The CEO is the owner of the risk management and IC systems.

o Must consider risk and control environment. Needs to promote the right
o Monitors other directors and senior staff, particularly those whose
actions can put the company at significant risk.

Senior managers Managers have an important role in making sure the

organization has the right risk management culture.
o Making sure that there is a culture that is focused on the mission and
goals of the organization.
o Ensuring that the culture is consistent with the needs and values of the
key stakeholders.
o That the culture considers the risk to shareholder value.
o That the culture promotes the reporting and management of risks.

c) Explain the dynamic nature of risk assessment.

Risk assessment starts by first identifying the risks that face the business.

Changes in the environment that may have changed the nature and scale of
risks will be considered.

How often risk assessment will be done in an organization will depend on the
dynamic nature of the environment in which the organization operates.

How dynamic the nature of the risk will depend on the nature of the business.
In some businesses, risks will change very little, but in others they may
change a great deal.

d) Explain the importance and nature of management responses to changing risk


Management needs to be aware of the environment that they are operating in.
Management always needs to be in a position to changes in the environment
that could cause changes in the risks faced by the company.

In some environments, the risks change very little, but in others it changes a
great deal.
o Changes in the environment might arise because of changes in the
strategic decision made by the business. For example, if a company
decides to launch a new product, or penetrate a new market or
significantly change the financial structure of the business.
o Changes in risk might be the result of external changes, including (think
of PEST):

Political Businesses

Economic sellers of non-essential goods or services are

particularly vulnerable to changes in the economy.

Social Businesses selling goods in markets where fashion is a

significant influence on consumer demand.

Technology new technology can quickly and significantly

benefit innovators.





e) Explain risk appetite and how this affects risk policy.

Risk appetite has to do with the amount of risk a company is willing and able
to tolerate.

This directly affects the risk policy of the organization. For example, some
types of organizations, such as charities or public sector, will seek to avoid
certain risks. Other organizations may accept the same risks. This means that
the organization is accept the risk in order to achieve its objectives.

2. Categories of risk
a) Define and compare (distinguish between) strategic and operational risks.
Strategic risks are risks that are related to the fundamental decisions that the
directors take about the future of the organization.
Operational risks relate to the matter that can go wrong on a day-to-day basis
while the organization is carrying out its business.



Resource allocation.

Internal control failures.


IT failures.

Environmental factors.

Human error.

Mergers and Acquisition activity.


Product/service portfolio.

Staff dependency.





Factors that could influence strategic risks:

o The types of industries/markets within which the business operates.
o The state of the economy.
o The actions of the competitors and the possibility of mergers and
o The stage in the products life cycle, higher risks in the introductory and
declining stages.
o The dependence upon inputs with fluctuating prices, such as oil.
o The level of operating gearing the proportion of fixed costs to total
o The flexibility of production
specifications or products.






o The organizations research and development capacity and ability to

o The significance of new technology.
o The quality of leadership at board level.
o Relationships with suppliers.

Factors that could influence operational risks:

o Losses from internal control system or audit inadequacies.
o Non-compliance with regulations or internal procedures.
o IT failures.
o Loss of key personnel.
o Fraud.
o Business interruptions.

b) Define and explain the sources and impacts of common business risks.
Business risks are strategic risks that threaten the survival of the whole business.
Strategic risks. Is the potential volatility of profits caused by the nature and type of
business operations.
Market risk and derivatives risk:
Market risk is the risk that changes in the market price or market rates can
negatively affect a company. This risk is higher when the market is subject to
large or unexpected movements both up and down.
IFRS 7 defines market risk as the risk that the fair value or cash flows of a
financial instrument will fluctuate due to changes in market prices. Market risk
reflects interest rate risk, currency risk, and other price risks.


Derivative risk is the risk of unexpected gains or losses on trading positions

in derivatives.
o Derivatives can be used either for hedging (minimize risk) or for
speculative purposes (to make a profit), as in the case of Sham group.

A Derivative is a financial instrument with all three of the following

o Its value changes in response to a specified underlying (an underlying
could be exchange rate, commodity prices, share prices, interest rates,
o It requires little or no initial investment; and
o It is has to be settled at a future date.

A significant risk with trading in derivatives is that a relatively small investment

in derivatives can create an exposure to major losses, if the underlying market
prices move against the company.

There have been reported cases in the past where treasury departments of
companies or government organizations have suffered severe losses through
speculation in derivatives, for example, Orange County, near Los Angeles
had to file for bankruptcy because of losses suffer through derivative trading.

o As controller of the various Orange County funds, Citron had taken a

highly leveraged position using repurchase agreements (repos) and
floating rate notes (FRNs). The loss incurred by the usage of these
financial instruments reached the amount of $2 billion and was caused
by being too highly leveraged for rising federal interest rates. In other
words, if federal interest rates had not risen, the massive trading
position would have been a substantially profitable position; if interest
rates did rise, the trading position would result in substantial losses. In
fact, rates rose.
Credit Risk:

This is the risk to a company from a failure of its debtors to meet their
obligations on time.
o Most common credit risk is where a company fails to pay its supplier on

Management of credit risk is particularly important to exporters. Arrangements

used to assist in this includes: documentary credits, bills of exchange,
export credit insurance, forfeiting and export factoring.

Liquidity risk:

Liquidity risk is the risk that a company will not have the funds to pay its short
term obligations. Its a mismatch between cash inflows and cash outflows.

Sources of cash are near-cash assets, such as marketable securities that can
be sold quickly in the financial markets to obtain cash.

Another source is available credit from a bank, such as an overdraft facility

or a revolving credit line.

An essential requirement for controlling liquidity risk is careful cash budgeting

or cash forecasting. Companies should keep expected cash inflows and
payments under continual review.

Companies should also avoid taking actions that could create long-term
liquidity problems, such as paying for capital assets out of operating cash
flows, when the company cannot afford this.

Efficient working capital management can also help to improve cash flows and
reduce liquidity risk. In particular, companies should avoid investing in slow
moving inventory, and should have efficient procedures for collecting
receivables, like having a lockbox collection system.

Technology risk:

Occasionally, there may be two different technologies to choose from, and

there is the risk that you will choose the wrong technology. This risk can affect
companies that manufacture products (such as high definition digital
televisions) and have to choose between the rival technologies.

The potential cost of having to invest in new technology can be a serious risk
for profitability.

This risk is greater for companies that operate in the high tech field and the life
cycle of the product is shorter.


Companies that fail to comply with the law run the risk of legal penalties and
bad publicity.

Health, safety and environmental:

This includes loss of employees time because of injury and the risks of having
to pay compensation or legal costs because of breaches. Health and safety
risks can arise from:
o Lack of health and safety policies.
o Lack of emergency procedures.
o Failure to deal with hazards.
o Poor employee welfare. Risk because of poor working conditions.
o General poor health and safety culture.

Reputation risk:

Lord Jeffrey said, A good name, like good will is got by many actions, and lost
by one.

Reputation risk is the risk of a loss of reputation of an organization, arising

from the perception others have about the implications of risks materializing.

Reputation risk levels depend not only on the levels of other risks, but the
reaction of stakeholders to those other risk materializing how much less of
the organization do stakeholders think, and what actions they take.

In a large global company, the effect of reputation risk may also be localized,
because an event that damages the companys reputation in one part of the
world might not be considered so bad in other countries.
o A reputation for unethical selling or poor quality can have a lasting
impact on customer demand.


o Reputation can affect the choice of one producers goods on services in

preference to another.
o A bad reputation can make a company a target for pressure groups and
o In some cases, damage to reputation can lead to intervention by the
government, which may introduce new laws or regulations.

Of all the major risks, reputation risk is the risk that is most strongly correlated
to other risks, since its level partly depends on the likelihood that other risks

Business probity risk:

This is the risk of unethical behavior by one or more participants in a particular

o Being victims of bribery, or corruption or being pressured into it are
examples of probity risk.
o However, assumptions about how different cultures view corruption can
also be dangerous. E.g. there was an article that discussed how
unorthodox methods might be required to be successful in Greece. In
other words, the article was saying that to be successful in Greece, you
were going to have to bride.

Additionally, there is entrepreneurial risk, which if the risk that arises from any new
business venture or opportunity.
c) Describe and evaluate the nature and importance of business and financial

The company faces a wide range of business risks, such as risk from
competitor activity, risk of low sales demand, economic risks, political and
legal risks and so on.

Financial risk is one of many types of business risks. The ultimate risk that any
company faces is the risk that it will not continue as a going concern.

Financial risks include the risks relating to:

o Capital structure. Risk that long-term sources of finances will not be
o Overtrading.
o Fraud and misuse of financial resources.
o Currency risk. Possibility of loss or gain due to changes in exchange
o Interest rate risks. If a company has significant amount of variable
(floating) rate debt, interest rate movement will give rise to uncertainty
about the cost of servicing this debt. Conversely if a company uses a lot
of fixed rate debt, it will lose out if interest rates begin to fall.
o Market risk. This is the risk of loss due to an adverse move in the
market value of an asset typically stock prices.
o Credit risk. This is the risk to a company from the failure of its debtors to
meet their obligations on time.

o Liquidity risk. This is the risk of loss due to a mismatch between cash
inflow and outflow.
The attitudes of risk of the board and major finance providers will impact significantly
on how risky the companys financial structure is.
d) Recognize and analyze the sector or industry specific nature of many business
risks. (NOTE: On pg. 176, it says that you may have to identify the risks that may
affect a specific industry).

Industry-specific risks are risks of unexpected changes to a businesss cash

flows from events or changing circumstances in the industry or sector in which
the business operates.
o Could be from the result of new technology, or a change in the law or a
rise or fall in the price of a key commodity.

Example are listed below:

Commercial bank

Retailing organization

Strategy risk. Choosing a

strategy that does not max
shareholder value.
Product/service risk. The risk of
customers do not want or need.

Business strategy risk. Risk that

the business strategy might take
the company in the wrong

Financial strategy and group

treasury risk. This covers the risk of
not having available funds, credit
risks, interest rate risks and
currency risk.

Too much regulation

Credit risk.
Market risks. This includes the
risk from changes in interest
rates, currency exchanges as
well as changes in market
prices of financial products such
as shares.
Operational risks, such as IT
(terrorism, nature disaster, etc.).
Risk of inadequate liquidity.
Complex financial instruments.
Use of derivatives (high inherent

Macro-economic trends. This is

dependent of economic conditions.

Competition risk. This is the risk of

losses due to the activities and
successes of the competition.

People capabilities risk. This is the

risk of failing to attract the best
people to work for the company.

Reputation risk.

Environmental risk. Arises from

issues such as energy savings,
management and the recycling of

Product safety risk.

Fraud and compliance risk.

IT systems risk.

Political risk and terrorism risk.

Pension risk. The risk that the

obligations to its employees.


Oil companies

Market risk, especially risk

of changes in the price of

Exploration risk. The risk of

not finding sufficient oil

Reputation risk.

Environmental risk. The

risk of having a major oil
spill (aka BP).

Competition risk.

IT failure risk.

Political risk. This is the

risk of operating in an
unstable country.

Regulatory risk.

Shortage of skilled labor

risk, especially a shortage
of science graduates.


3. Identification, assessment and measurement of risk

a) Identify, and assess the impact upon, the stakeholders involved in business

Organizations attitudes to risks will be influenced by the priorities of their

stakeholders and how much influence the stakeholders have. Stakeholders
who have significant influence may try to prevent an organization bearing
certain risks.

Shareholders Key issue for management is to determine whether

o Want steady income from dividends, or
o More concerned with long-term capital gain.
This issue is complicated by the fact that shareholders themselves have
different risk tolerances.
o In theory, managers should not care who the shareholders are since
the shareholders can freely buy and sell their shares. However, this is
not necessarily true in practice.
o In addition, we have seen in the corporate governance reports the
importance of maintaining links with individual shareholders. So, it is
unlikely that the directors will be indifferent to who the company
shareholders are.

Debt providers and creditors Debt providers are concerned about threats
to the amount the organization owes and can take various actions with
potentially serious consequences such as denial of credit, higher interest
charges or ultimately putting the company into liquidation. Creditors are going
to be concerned about receiving a profit from the company, therefore they may
limit the amount of product they deliver to a company.

Employees Are going to be concerned about threats to their job prospects

(money, promotion, benefits and satisfaction) and ultimately threats to the job
themselves. If the business fails then it will seriously impact the employees.

Customers and suppliers Suppliers can provide short-term financing.

Customers will be concerned with threats to their getting the goods or services
that they have been promised, or not getting the quality of service or product
that they expect.

The impact of customer-supplier attitudes will partly depend on how much the
organization wants to build long-term relationships with them.

The Wider community Governments, regulatory and other bodies are

particularly concerned with risks that the organization does not act as a good
corporate citizen, implementing for example poor employment or
environmental policies.
Governments can impose tax increases or regulation or take legal action.
Pressure groups tactics can include publicity, direct action, sabotage or
pressure on governments.
Companies need to monitor the wider community, but predicting their actions
can be difficult.

b) Explain and analyze the concepts of assessing the severity and probability of
risk events.

Risk management is about identifying and assessing levels of risk.

Risks can be measured as quantified amounts, although sometimes they are

assessed in qualitative terms (judgment).

For each identified risk, an assessment should consider the probability or

frequency of the risk event and its likely impact (severity) if it occurs.

Risk map and risk dashboard:

Risk map and risk dashboard are graphic means of assisting management
with the understanding and assessment of risks.

The risk map is a simple 2x2 matrix, where one side of the matrix
represents probability and the other side represents impact.

Based on the assessment of risk

Risk = Probability of occurrence x Impact (Severity)




Insure risk or implement

contingency plans. Reduction of
severity of risk will minimize
insurance premiums.

Urgent risk management issue.

Take immediate action to reduce
severity and frequency of losses.
Loss of senior or specialist staff.
Loss of sales to competitor. Loss
of sales due to macroeconomic

Loss of key customers. Failure of

computer systems




Not significant, but review

Loss of suppliers of small scale
and unimportant inputs

Management to consider the need

for risk control measures. Take of
action, e.g., self-insurance to deal
with frequency of losses.


Loss of lower-level staff


It can be useful for management to prioritize risks.

o The risk dashboard is another graphic aid for risk management.
o The basic idea is that it indicates which risks are dangerously high
(colored red), which ones are relatively small (colored green) and which
are somewhere in between (colored amber).
o A dashboard can also be used to indicate the current exposures to the
risk (residual risk) and risk appetite of the company for accepting
exposures to the risk.
o Residual risk should never be greater than the companys risk appetite
for that risk.

c) Describe and evaluate a framework for board level consideration of risk.

In order to be able to carry out an effective review, boards should regularly

receive and review reports and information on internal control, concentrating

o What the risks are and strategies for identifying, evaluating and
managing them.
o The effectiveness of the management and internal control systems in
the management of risk, in particular how risks are monitored and how
any weaknesses have been dealt with.
o Whether actions are being taken to reduce the risks found.
o Whether the results indicate that internal control should be monitored
more extensively.
d) Describe the process of and importance of, externally reporting on internal
control and risk.

Because of the corporate accounting scandals over the past ten years, there
is stricter requirements on external reporting.

These requirements is meant to address the concerns of shareholders and

other stakeholders that management has exercised proper control.

According to the UK Turnbull report, the board should disclose as a minimum

in the accounts, the existence of a process for managing risks, how the board
has reviewed the effectiveness of the process and that the process accords
with the Turnbull guidance. The board should:
1) Acknowledge that they are responsible for the companys system of
internal control.
2) Explain that such a system is designed to manage rather than eliminate
the risk of failure to achieve business objectives, and can only provide
reasonable and not absolute assurance against material misstatements.
3) A summary of the process that the directors have used to review the
effectiveness of the system of internal control and consider the need for
an IAA if the company does not have one.
4) Information about those weaknesses in internal control that have
resulted in material losses, contingencies or uncertainties which require
disclosure in the financial statements or the auditors report on the
financial statements.

e) Explain the sources, and assess the importance of, accurate information for
risk management.

All CG codes stress the need for management to be held accountable to

stakeholders for their stewardship of the company.

In particular, CG codes require management to report on the risks faced by

the organization. This is where risk management processes come into play.

If management is to be held accountable, they need to know whats going on

in the companies they are managing.

This means that they need to be in receipt of all information needed to

discharge their responsibilities.

However, information is useless unless it is quality information. This means

that it needs to be both reliable and accurate.

Sources of information could come from:


1) The organizations code of conduct.

2) The internal auditors assessment of risks.
3) The audit committees assessment of the effectiveness of internal
4) External auditors report on weaknesses in the accounting and internal
5) The results of a control
management and staff.





f) Explain and assess the ALARP (as low as reasonably possible) principle in risk
assessment and how this relates to severity and probability.

Business is risky, therefore, businesses try to reduce most of the significant

risks, rather than eliminate them.

The general principle is that the higher the level of risk, the less acceptable it
is. However, there are many risks which cannot be avoided completely, for
example, hazardous activities where there is a risk of injury or loss of life (e.g.
an oil rig, or factory or farm).

Risk like these need to be reduced ALARP. For example, by installing

protective shielding, issuing safety equipment like hats or protective glasses.

The level of risk mitigation is a trade-off between the cost and the assessment
derived from the risks likelihood and impact.

The graph shows the relationship between risk and level of acceptability.



You can see that as you decrease risk, the level of acceptability increases,
which gives it the downward sloping effect.

Judgment is necessary in deciding what level of risk is ALARP. It may be that

a new control system could reduce risks further, but they are judged to be far
too expensive. The level of risk considered as ALARP may well be a

g) Evaluate the difficulties of risk perception including the concepts of objective

and subjective risk perception.

There is a problem with the issue of measurability.


The matrix above assumes that risk can be accurately quantified or at least

In some case, the assessment can be made with a high degree of certainty
and maybe even scientific accuracy. In this case, risks can be objectively

Subjectively assessed is where risk cannot be assessed with any quantified


Accuracy will depend on the skills and knowledge of the person making the
assessment, and also depend on the information available and the factors that
may influence the risk levels.

Need to be careful about having bias when judging the consequences of the
o Examples of a risk in which the likelihood can be measured objectively
is the next outcome of tossing a coin. A risk, the impact of which can be
objectively measured, is the number of shareholders affected by a loss
of company value.

A risk with subjective likelihood is the risk of an accident occurring, and a risk
with a subjective impact is the possible financial loss from a spillage from a

h) Explain and evaluate the concepts of related and correlated risk factors.

This has to do with the correlation coefficient between two risks.

Where a positive correlation exists, the risks will increase or decrease


One example of correlation has to do with reputation risk.

o For example, there may be a strong correlation between reputation and
environmental risks.
o Another example: there may be a positive correlation between
reputation risks and risks of serious faults being found in a product.

Correlation of risks is also important when considering the costs and

benefits of risk management.
o Major expenditure on controls may reduce risks, but it could increase
financial risks such as running short of funds or not being able to make
profitable investments.

An example of a negative correlation (as the risk of one item increases, the
risk of something else decreases): In order to reduce the risk of stock out, a
company increases the level of inventory stock. However, when doing this, the
risk of obsolescence/damage/spoilage increases.



Controlling and Managing Risk

1. Targeting and monitoring of risk

a) Explain and assess the role of the risk manager in identifying and monitoring

The risk manager needs technical skills in credit, market and operational risks.
Also needs to have good leadership skills to convince those in the
organization that risk management is not to stifle initiative.

The role of the risk manager is to be the leader of the risk management
committee. The risk manager:
o Reports directly to the board.
o The risk managers role is to oversee implementation of the
boards risk management policies.
o The risk manager is supported by the risk management
o The risk manager is not normally involved in determining strategy.
o Has more of an operational role. This means identifying, evaluating
and determining specific risks within the entity.

Risk manager is typically responsible for:

o Overall leadership, vision and direction of ERM.
o Establish an integrated risk management framework.
o Promote ERM competence throughout the entity.
o Developing RM policies, including quantification of managements risk
o Establishing common risk management language, e.g. common
measures around likelihood and impact, and common risk categories.
o Implementing a set of risk indicators and reports including losses and
incidents, key risk exposures, and early warning indicators.
o Dealing with insurance companies. This is important because of
increased premium costs, etc.
o Allocating economic capital to business activities based on risk, etc.
o Reporting to CEO on progress and recommending action as needed.
This would include communicating the companys risk profile to key
stakeholders such as the board, regulators, stock analysts, rating
agencies and business partners.

The risk management policies to be implemented are decided by the board and risk
management committee.
b) Explain and evaluate the role of the risk committee in identifying and
monitoring risk.

Risk management committee Companies that have significant market

risks should have a risk management committee. Role and functions include:

o Approving the organizations risk management strategy and risk

management policy.
o Reviewing reports on key risks.
o Monitoring overall exposure to risks and ensuring it remains within
limits set by the board.
o Assessing the effectiveness of the organizations risk management
o Providing early warning to the board on emerging risks.
o Reviewing the companys statement on IC.
c) Describe and assess the role of internal or external risk auditing in monitoring

If internal auditors carry out the audit, they have to be familiar with the
organization, its culture, its regulations, et cetera.

Internal auditors need to provide value added services which help the
organization achieve its objectives. A value added service is monitoring
recommendations for mitigating risks.

However, internal auditors may suffer from the disadvantage of lack of

independence and over-familiarity. IA might be undermined by politics and

External auditors can provide an unbiased view of risks.

A risk provided by the external auditor should give a higher degree of

confidence to external shareholders.

It is also possible that the external auditors knowledge of best practices

might be more up-to-date.

The external auditor may have a better awareness of certain risks than
internal auditors do.

2. Methods of controlling and reducing risk

a) Explain the importance of risk awareness at all levels in an organization.

Risk awareness should be embedded within an organizations processes,

environment, culture, structure and systems. Organizations should issue a risk
policy statement and maintain a risk register.

Embedded means that the something is part of an organization. When talking

about risk awareness, then this means that risk awareness is taken for
granted at all levels of the organization, and is a foundation of a control

If embedded then there is a greater chance that when risk becomes known, it
will be properly dealt with.

Risk management should be an integral part of the strategic planning process,

the budgetary cycle and the audit planning.

b) Describe and analyze the concept of embedding risk in an organizations

systems and procedures.

Embedding risk simply means that risk awareness is an integral part of

operational and management systems within the organization. In other words,
risk control is part of day-to-day operations. As an example, duties that need
to be segregated are segregated.

Risk should be embedded in its procedures. There should be suitable internal

controls at all times. For example, safety procedures should be taught to all
employees and properly carried out at all times.

COSO suggests:
o Risk management should be a part of everyones job description.
o Personnel need to understand that they should resist pressure from
superiors to engage in improper activities.
o Whistleblowing procedures should exist.
o Risk management should be part of the annual MbO process.

c) Describe and evaluate the concept of embedding risk in an organizations

culture and values.

Risk awareness should be embedded in an organizations culture. This means

that an awareness and understanding of risk should be part of the thinking of
management and of the employees.

Risk should also be embedded in its values. This means that the company
should recognize the importance of risk management and it takes risk
management seriously.

COSO suggests:
o Link risk management to job descriptions.
o Ethical and appropriate behavior is to be expected.
o Have effective staff training.
o Ownership of risks encourages their management.
o Top-down communication as to what the companys risk appetite is and
what is expected from employees.

Culture in an organization is how we do things around here.

It is a key part of the internal control environment.

The culture of an organization can determine whether risk management is

successful or not in any given organization.

d) Explain and analyze the concepts of spreading and diversifying risk and when
this would be appropriate.

There are four ways to respond to risk:

1) You can reduce (treat) the risk. Take some action, e.g. self-insurance
to deal with frequency of losses.
2) You can transfer the risk. Best example here is insurance, where the
risk of something going wrong has been transferred.


3) You can avoid (terminate) the risk. Companies take immediate action
to reduce severity and frequency of losses, e.g., charging higher prices
to customers or ultimately abandoning activities.
4) You can accept (tolerate) the risk. These risks are not significant.
Keep under view, but costs of dealing with risks is unlikely to be worth
the benefits.

Whether a company spreads and diversifies the risk will depend on:
o Its likelihood of materializing.
o Its probability of materializing.

Higher the likelihood and probability of occurring, the higher the chance that
the company will do something to mitigate the risk.

e) Identify and assess how business organizations use policies and techniques to
mitigate various types of business and financial risks.

Business risks are strategic risks that threaten the survival of the whole
o Business risk is a risk to both debt issuers and equity shareholders.

Financial risk. The ultimate risk for a company is not to be able to continue
functions as a going concern. Financial risks include the risks relating to the
structure of finance the organization has, in particular the risks relating to the
mix of equity and debt capital, etc.
o Financial risk is a risk just to equity shareholders. This is because debt
holders get preference in a liquidation.

One important distinction in risk reduction is between risk management

policies and techniques.

This distinction refers to the way risk management operates at different levels
in an organization.
o Risk policies are agreed at very senior levels of the organization, by
the board, risk committee or risk manager. They may be directed at
particular risks.
o Risk mitigation techniques will be the means of implementing the
policies, applied at various levels in the organization by operational
managers and staff, guided by the risk management function.

3. Risk voidance, retention and modeling

a) Explain, and assess the importance of, risk transference, avoidance, reduction,
and acceptance.

These responses to risk are also commonly referred to as the 4Ts or TARA (in
the brackets).

Risk transference (transfer the risk):

o Risk transference does not reduce the amount of total risk in total. It
simply moves it to another person, such as an insurance company.


o As far as the insurance company, the insurance company has accepted

the risk.
o Risks can be transferred to other internal departments, or externally to
suppliers, customers, or insurers. An example of transferring risk to the
customer a decision not to rectify the design of a product, because
rectification could be expensive as paying any claims from disgruntled
customers, is in fact, a decision to transfer the risks to the customers
without their knowledge.
o Internal risk transfer can also cause problems if it is away from
departments with more clout (e.g. sales) and towards departments
such as finance who may be presumed to downplay risks excessively.

Risk avoidance (Terminate the risk):

o Organization has to consider whether the risk can be avoided, and if so,
whether avoidance is desirable.
o An extreme avoidance is the termination of operations.

Risk reduction (Treat the risk):

o Often risks can be avoided, but not avoided altogether.
o This is true of many business risks, where the risks of launching a new
product can be reduced by market research, advertising, etc.

Risk acceptance (Tolerate the risk):

o Organization bears the risk itself, and if an unfavorable outcome
occurs, it suffers the full loss.
o Decision whether to retain or transfer risk depends first on whether
there is anyone to transfer a risk to.
o An option sometimes associated with accepting risks, is selfinsurance. This is putting money aside in case something happens.
o A more sophisticated method of self-insurance is setting up a captive.

A captive, or captive insurer is an insurance company wholly

owned by a commercial organization, and usually dedicated
solely to the underwriting of its parent companys risks.

An organization with a risk that it cannot carry, which cannot find

one or more insurers to take the bulk of that risk from it, may
from a captive insurer to carry that risk.

Its premiums will not be unnecessarily large and its policy terms
will be reasonable.

b) Explain and evaluate the different attitudes to risk and how these can affect

How organizations deal with risk is not only influenced by events and
information but by managements perceptions of those risks.

This gets into managements appetite for risks.

Different items that influence a managers risk appetite are:


o Personal views Some managers acknowledge the emotional

satisfaction from successful risk-taking. A good example is Richard
Branson of Virgin Group. Branson started established Virgin Galaxy.
Individuals vary in their attitudes to risk and this is likely to be
transferred to their roles in organizations.
o Response to shareholder demand Shareholders demand a level of
return that is consistent with taking a certain level of risk. Thus,
managers respond to shareholders expectations by viewing risk-taking
as a key part of decision-making. Managers therefore need to have an
understanding of what is the level of return that satisfies shareholders.
In this case, risk appetite must be allied with need. On pg. 131 (story
about Woolworths), there is a good example of aligning need with
o Organizational influences Larger companies tend to have more
formal systems and will have to take account of varying risk appetites
and incidence among its operations.
o Risk management system employed will be dependent on
the organizations management control systems that will
depend on the formality of structure, the autonomy given to
local operations and the degree of centralization deemed
o Attitudes of risk will change as the organization develops and
its risk profile changes. For example, attitudes of financial risk
and gearing will change as different sources of finance
become necessary to fund larger developments.
o National cultural influences Study by Geert Hofstade shows that
more individualistic cultures (aka US) are more entrepreneurial and
thus, more willing to take on risks. Whereas, more collectivistic
cultures like Europe, South America, etc. are less entrepreneurial
and thus, less willing to be risk takers.
c) Explain and assess the necessity of incurring risk as part of competitively
managing a business organization.

Business by its very nature is risky. Businesses have to take risk in order to

Concerning risk there are two possible extreme views of risks: risk averse
businesses and risk seeking businesses.
o Risk averse: Willing to tolerate risk up to a point provided it receives
acceptable return.
o Risk seeking: Are focused on maximizing returns and may not be
worried about the level of risks that have to be taken to maximize

Businesses will probably be somewhere between.

Most risk has to be managed to some extent, and some should be eliminated
as being outside the business.

For example, a business in a high-tech industry, such as computing, which

evolves rapidly within every changing markets and technologies has to accept

high risks in its research and development activities, but should it be

speculating on interest and exchange rates within its treasury function?
d) Explain and assess attitudes towards risk and the ways in which risk varies in
relation to the size, structure and development of an organization.

Attitudes towards risk does depend on the size, structure and stage of
development of the organization.
o Larger organizations are more likely to have formal systems and will
have to take account of varying risk appetites and incidence amongst
its operations.

These larger organizations are able to justify employing risk


o Risk management systems in place will be dependent on the

organizations management control systems that will depend on the
formality of structure, the autonomy given to local operations and the
degree of centralization deemed desirable.

As the organizations develop their risk profile changes. For

example, attitudes to financial risk and gearing will change as different
sources of financing become necessary to fund larger developments.

Attitudes may be influenced by significant losses in the past, changes in

regulation and best practices, or even changing views of the benefits risk
management can bring.



Professional Values and Ethics

1. Ethics Theories
a) Explain and distinguish between ethical theories of relativism and absolutism.

Absolutism There are absolute right and wrong which are applied
For example, you might think that slavery, war, child abuse and death penalty
are morally wrong and cannot be justified under any circumstance.

Relativism This view rejects the absolutist view. It states that there are no
objective or absolute moral truths, and there are no universal standards of
moral behavior. There are two aspects to relativism:
o Descriptive ethical relativism. This view is that different cultures and
societies have different ethical systems and cultures.
o Normative ethical relativism. The beliefs or moral values within each
culture are right within that culture. Moral values can only be judged
from within the culture.

b) Explain, in an accounting and governance context, Kohlbergs stages of

human moral development:

Kohlberg identified three levels of morality and six stages of moral

development. He suggested that individuals progress through the stages of
moral development during their life, one stage at a time. Many individuals do
not progress to the higher stages, but cease to progress when they have
reached a lower level. Although the ethical behavior of individuals is
sometimes at a lower stage of development than the one they have reached,
they do not regress to a lower stage of development having reached a higher

1. Pre-conventional level of morality.

(1) Obedience and punishment. Individuals judge right and wrong on the basis
of direct consequences for them of the action they took.
o How will I be rewarded if I do this?
o What punishment will there be if I do this?
(2) Individualism and exchange. The individual recognizes that there is no
single view of what is right and what is wrong. Will do what is in their best
interest. For example, you might help someone if they are overworked, but in
return expecting others to help them when the situation is reversed.
When in this stage, companies will look at the penalties if the company does not
follow regulations.
2. Conventional level of morality.
(3) Good interpersonal relationships (Good boy/Good girl). Individual enters
society and see morality as more than making deals for personal benefit. This
is where individuals start to learn what is expected of them by their immediate
circle (friends, coworkers, etc.). For example, an individual might be pressured
to stay late at work because everybody else is doing so, even though it is past
their prescribed hours. This is doing what the peers (competitors) are doing.

(4) Law/Order. Individual is concerned with society as a whole (not just the
opinion of those around them), and the need to maintain social order. Have
respect for social conventions, authority and obeying the law. This stage
underlies most behavior by accountants, as they have to comply with financial
reporting and CG requirements.
3. Post-conventional level of morality. This is the most advanced level that
relates to individual development towards making their own ethical decisions in
terms of what they believe to be right, not just acquiescing in what others believe
to be right.
(5) Social contract. Individual thinks about society differently from the
conventional way. Recognize that people are different and have the right to
their own views and opinions. At this stage, individuals talk about morality and
rights from their own individual perspective, recognizing that people might
(6) Universal ethical principles. Kohlberg suggested that individuals rarely
reach level six of moral development. This stage is based on abstract
universal ethical principles (i.e. justice, equity, rights, etc.). Individual
questions the validity of laws and considers that laws are only valid if they are
based on justice.
Business decisions made on these grounds could be disclosure on grounds of
right-to-know that isnt compelled by law, or stopping purchasing from a
suppliers who test products on animals.
Need to stress that when at this stage 6, reasoning may involve a personal
cost, since it may mean failing to comply with existing social norms and
regulations as they are seen as unethical.
c) Describe
teleological/consequential approaches to ethics:



A consequentialist approach to ethics (also called a teleological approach)

is to take the view that the correctness or rightness of an action depends on
its outcome (the consequences of the outcome).

A consequentialist approach to business ethics is common. Many

businessmen who regard themselves as ethical individuals will take the view
that the rightness of an action can often be judged by the moral benefits that
it will bring. For example, a deontological approach to ethics might be that it is
wrong to take a away a job from a worker who has worked well and shown
loyalty to the company. It is difficult to take this approach when the company is
losing money and will become insolvent unless it takes measures to cut
losses, including making some employees redundant. A consequentialist
approach would be that although it is unpleasant to make employees
redundant, this might be the right thing to do in order to keep the business in
existence, providing work to the employees who remain.

There are two versions of the consequentialist ethics:

o Utilitarianism This is the view that the ethics of an action should be
judged in terms of the good that it brings, and the best course of action
is the one that brings the greatest good to the greatest number of
people. The rightness of an action therefore depends on the

circumstances of the situation. This can be summed up in the greatest

good principle greatest happiness of the greatest number.
This principle underlies the assumption that the operation of the free
market produces the best possible consequences. Free markets, it is
argued, create wealth, this leads to higher tax revenue, and this can
pay for greater social welfare expenditures.
If you are judging something based on its providing the greatest good,
then you might run into a problem. For example, greatest good might
exclude minorities, which might be regarded as unethical.
However, utilitarianism can be used as a guide to conduct. It has been
used to derive wide ranging rules and can be applied to help us make
judgments about individual, unique problems.
o Egoism This states that an act is ethically justified if decision-makers
freely decide to pursue their own short-term desires or their long-term
interest. The subject to all ethical decisions is the self.
Adam Smith argued that this pursuit is OK, since producers of goods
have to offer value-for-money, since competition means that customers
will buy from the competitors if they dont.
Egoism can also link in with the enlightened self-interest, such as a
business investing in good facilities for its work force to keep them
content and hence maintain their loyalty.
A criticism of this approach is that markets dont always work perfectly
and some participants benefit at the expense of others.

A deontological approach to ethics is associated with the ideas of the 18th

century philosopher Kant. This approach takes the view that certain actions
are ethically right and others are wrong. It is the action itself that makes it
ethical or unethical, not the consequences of the action. This view can be
simplified into a statement that it is the means that is more important than
the result or ends and if it is not ethical, the means can never justify
the ends.

d) Apply commonly used ethical decision-making models in accounting and

professional contexts.


The American Accounting Association model: The American Accounting

Association (AAA) developed a model for ethical decision-making in 1990.

It is based on the teleological approach.

It is based on a seven-step approach to decision-making.

Question to ask



What are the facts?

It is important to establish all the relevant facts. It is

difficult to make a correct decision without having a
clear understanding of the facts.


What are the ethical issues?

The decision-maker should identify what moral

issues are involved (if any). What is the moral


What moral principles, values or

norms are relevant to the

The decision-maker should consider the ethical

principles or values that ought to be considered in


What are the alternative courses

of action for the decision-maker?


Which course of action seems

best, because it is consistent with
the moral principles and values
identified in Step 3.


What are the consequences of

each possible course of action?


What is the decision?

reaching the decision.

Each course of action should be assessed according

to whether it is morally correct. Each choice is
judged against the principles and values that should
be applied in the case.

The decision-maker makes an ethical choice.

To remember the 7 steps, think of the acronym FEN ABCD.

ii) Tuckers 5-question model: In using this model, need to ask the following five
1) Is it profitable? Is the investment going to enable the company to make
superior return than the alternatives.
2) Is it legal? Need to make sure that the investment to be made is legal in
the country where the investment will be made.
3) Is it fair? Is the investment going to be fair to not only the company but to
other stakeholders as well.
4) Is it right? Here you have to do an ethical assessment of the investment.
5) Is it sustainable or environmentally sound?

2. Different approaches to ethics and social responsibility

a) Describe and evaluate Gray, Owen & Adams (1996) seven positions on social

Pristine capitalist. Believe in the capitalistic system (100%). Believe that

capitalism is the best method for allocation of property. Believe in max
shareholder wealth. Companies seek to make profits, and seek economic
efficiency. Business has no responsibility to others, other than to its own


Expedients. Still believe in the above (liberal economic democracies,

accepting that inequalities do happen. Therefore, businesses have to
accept some governmental action to minimize inequalities. Argue that in
the long-run, social legislation may actually be in the business best


Social contract position. Takes the expedient viewpoint and takes it a

step further, in saying that companies are given a license to operate can
they can operate as long as they deserve the license. If the company does
something against society, then this contract can be revoked (as in the
case of Arthur Anderson).


Social Ecologist. They take the social contract position a step further in
stating that companies should do everything they can to minimize the
harm they do to the environment. Companies adopt environmentally

friendly positions, not because they have to, but because it is their
responsibility to do so.

Socialist. They believe that there is class struggle between business and
workers. Believe that there has to be a redistribution of wealth.


Radical Feminist. They argued that society and business are based on
values that are usually considered masculine in nature, such as
aggression, power, assertiveness, hierarchy, domination, and
competitiveness. They argue that it is these traits, that got the world be in
such a mess. They believe it would be better if society were based on
feminine traits, such as equality, dialogue, compassion, fairness and


Deep Ecologist. They believe that man does not have a right to use
worlds resources. The current system is immoral and cannot be repaired. I
guess they want us all to live in caves, or disappear completely.

b) Describe and evaluate other constructions of corporate and personal ethical

JSW said that there were four possible ethical stances for a business entity.
1) Short-term shareholder interests: This approach is where the company
complies with all legal requirements but do not undertake any other demands
that might impact short-term profitability.
2) Long-term shareholders interests: There are two reasons why an
organization might take a wider view of ethical responsibilities when
considering the long-term interest of the shareholder.
o The org. corporate image may be enhanced by an assumption of
wider responsibilities.
o The responsible exercise of corporate power to prevent the buildup of
social and / or political pressures for legal regulation. Freedom of
action may be preserved and the burden of regulation lightened by
acceptance of ethical responsibilities.
3) Multiply stakeholder obligations: The organization accepts the legitimacy of
the claims or expectations of certain stakeholders like shareholders, suppliers
and customers.
Without these relationships, the organization could not function.
4) Shaper of society: This means changing conditions in society and altering
the way that society operates and perceives itself. The media has been
recognized as an important shaper of society.
c) Describe and analyze the variables determining the cultural context of ethics
and corporate social responsibility (CSR).

Ethical decision-making depends on many factors, including the influence of a

culture. Concerning cultural factors, there are two categories:
1) Individual the characteristics of the individual making the decision.
2) Situational the features of the context which determine whether the
individual will make an ethical or unethical decision.

Individual Influences:

Age and gender: Studies suggest that men and women might react differently
to ethical dilemmas; however, empirical data does not support the idea that
women are more ethical than men.

National and cultural beliefs: Geert Hofstede studies indicate significant

differences in the four areas:
o Individualism/collectivism: US is an example of an individualist type
of country. South American and Arabic countries are collectivist
o Power distance: This is how much a countrys society is willing to
accept differences in the distribution of power and wealth.
o Masculinity/femininity: This refers to the value placed on traditional
male/female roles. Japan is considered to be the most masculine and
Sweden the most feminine societies.
o Uncertainty avoidance: This is the extent to which a countrys society
attempts to cope with uncertainty. Countries that score high prefer rules
and regulations. Mediterranean and Japan scored the highest.
o Long and short-term orientation: Long-term oriented societies, thrift
and perseverance are valued more and in short-term societies, respect
for traditional and reciprocation of gifts and favors are valued more.
China scored highest and Pakistan scored lowest.
o Education and employment: There does tend to be some differences
in ethical decision-making between those with different educational and
professional experiences.
o Psychological factors: This has to do with the way people think, and
hence what they think is morally right or wrong.
o Locus of control: This has to do with what a person believes he/she is
able to control; how they are able to shape their own lives.
o Personal integrity: Integrity is adhering to moral principles or values.
Ethical consequences are potentially very significant, for example, in
deciding to be whistleblower, despite pressure from colleagues or
supervisors, or negative consequences for doing so.
o Moral imagination: This has to do with the level of awareness
individuals have about the variety of moral consequences of what they
do, how creatively they reflect on ethical dilemmas.

Situational influences: Individuals tend to make ethical decisions based on

the circumstances. Circumstances might include issue-related factors and
context-related factors.
o Issue-related factors include:

Moral intensity: Thomas Jones proposed six criteria for

deciding how ethically significant an issue was:

Magnitude of consequences.

Social consequences.

Probability of effect.

Temporal immediacy. This is the speed with which the

consequences are likely to occur.

Proximity. The feeling of nearness that the decisionmaker has for those who will be affected. For example, if
the decision maker has to decide who is going to be laid

Concentration of the effect. This has to do with whether

some persons will suffer greatly, or many people will
suffer lightly.

Moral framing: This has to do with how issues are perceived in

the organization. For example, using words such as fairness and
honesty are likely to trigger moral thinking.

o Context-related factors include:

System of reward: Reward system does have an impact for

ethical behavior. For example, failing to reward for ethical
behavior or penalizing whistleblowers will not encourage ethical

Authority: Having authority is a method of encouraging ethical

behavior. Can do this by setting targets, but making the targets

Bureaucracy: Bureaucracy has to do with rules and procedures

within an organization. Bureaucracy underpins the authority and
reward system and may have a number of impacts on
individuals reaction to ethical decision-making.

Work roles: Education and experience build up expectations of

how people in particular roles will react.

Organizational field: Organizations within an organization field

tend to share a common business environment, such as a
common system of training and regulation. This means that they
tend to cohere round common norms and values. As an
example, a private sector manager joining a public service
organization has to get used to the norms and values of the new
organization; for example, the manager now has to get
consensus when making a decision, whereas before, the
manager made the decision alone.

Organizational culture: This is the basic assumptions and

beliefs that are shared by members of an organization, that
operate unconsciously and define in a basic taken-for-granted
fashion an organizations view of itself and its environment.
Culture relates to:





Taken for granted assumptions. These are the core of

the organizations culture which people find difficult to
explain but are central to the organization.

National and cultural context: This is the nation in which the

ethical decision is made rather than the nationality of the
decision-maker. For example, if a person spends a certain length
of time working in a different country, then the persons views of
ethical issues may be shaped by the norms of the other person,
for example, on sexual harassment, etc. Globalization may
complicate the position on this.

3. Professions and the public interest

a) Explain and explore the nature of a profession and professionalism.

Profession has to do with the nature of the individuals work. For example, if
you are an accountant, then you would probably have to belong a professional
organization (e.g. ACCA, ACA, AICPA, CIMA, etc.), which intends to promote
the work that you do.
Professions are organized groups of highly-skilled individuals. And, organized
by self-regulating professional body.

Professionalism means avoiding actions that bring discredit on the

accountancy profession.
o Professional behavior imposes an obligation on professional
accountants to comply with relevant laws and regulations and avoid any
action that may bring discredit to the profession.

b) Describe and assess what is meant by the public interest.

The public interest is considered to be the collective well-being of the community of
people and institutions the professional accountant serves, including clients, lenders,
governments, employers, employees, investors, the business and financial
community and others who rely on the work of professional accountants (IFAC).

Accountants should act in the publics interest there is no clear definition of

what is in the public interest, but in the public interest is usually associated
with matters such as:
o Detecting and reporting any serious crimes.
o Protecting health and public safety.
o Preventing the public from being misled by a statement or action by an
individual or an organization.
o Exposing the misuse of public funds and corruption in government.
o Revealing the existence of any conflict of interests of those individuals
who are in a position or power or influence.

c) Describe the role of, and assess the widespread influence of, accounting as a
profession in the organizational context.

The influence of the accountancy profession is huge. Its huge because

accountants dominate senior business positions in many countries and
accountants are involved in many different areas, including:
o Financial accounting.
o Audit.
o Tax.
o Public sector accounting.
o Management accounting.
o Consulting.

Based on this, the accountancy profession will undoubtedly have a significant

impact on the organizations they work for.

d) Analyze the role of accounting as a profession in society.

Accountants put together the numbers that are used by all spheres of society (i.e.
investors, managers, governments (tax collectors), employees, employee unions,

Therefore, the numbers included in the accounts can have a number of impacts:
o Mechanistic issues are where the numbers are used to judge the
performance of a company or its directors in line with the regulation or
Examples are company borrowing limits which are frequently defined as a
multiple of share capital and reserves and directors bonus schemes that
are based on some portion of reported profit.
o Judgmental issues are where the figures in the accounts influence the
judgment of their users. The accounts may influence not just the view of
investors, but governments seeking to assess what a reasonable tax
burden would be and employees determining their wage claims.

e) Recognize accountings role as a value-laden profession capable of

influencing the distribution of power and wealth in society.

It is highly arguable whether the accountancy profession is value-laden or not.

Accountants put together the numbers that go into the accounts are used by all
facets of society; from an organizations management whose performance is
judged based on the numbers; to the tax authorities who use the numbers to
determine the amount of tax owed to the government; to the employees whose
bonuses are based on the profitability of the company, to the government who
uses the numbers to judge the effectiveness of the governments services
provided; to investors who use the numbers make a decision on whether to invest
or not, or even determine the share price of the organizations shares.

Ultimately, organizations are successful if they are able to use the numbers in the
accounts (e.g. financial statements) to make decisions that will help an
organization grow and be profitable.

Accounting information assumes that accountants are producing information for

individuals or corporations seeking to maximize their personal wealth.


o If this is moral justification, then this has to do with the idea of liberal
economic democracy, where individuals should be free to exercise their
economic choices and are equally able to do so.
o The result of this is that individuals pursuit of economic benefit is economic
efficiency, maximum profits and economic growth, and everyone with
society being better off.

Criticism of liberal economic democracy:

o Lack of equality. Individuals are not equal economically; therefore they
are not able to make economic choices that will benefit themselves.
o Role of institutions. This has to do with the thought that individuals do not
exercise real power, but institutions principally the government and
o Failure to increase social welfare. The argument that the pursuit of
individual self-interest leads to maximum social welfare is very tenuous.
This is because there is no guarantee that all aspects of social welfare will
be maximized.

Critics claim that economic growth has been at the expense of a

widening gap between rich and poor, both within developed
countries and between developed countries and the third world.

o Environmental problems. Critics claim that economic growth is at the

expense of the environment.

By aiding the promotion of economic growth, accountants are

complicit in supporting activity that harms the environment.

o Ethical viewpoint. Critics claim that accountants are complicit in a version

of utilitarianism with economic ends justifying the means rather than
another (preferable) ethical position.
f) Describe and critically evaluate issues surrounding accounting and acting
against the public interest.

Criticism has to do with the rules that the profession has to follow. They argue
that the rules:
o Are too passive. This allows for variety has accounting treatment; failing
to impose meaningful responsibilities on auditors such as the explicit
responsibility to detect and report fraud.
o Emphasize the wrong principles. This has to do with giving priority over
confidentiality over disclosures in the wider public interest.
o Allows auditors to develop long-term cozy relationship with clients
rather than forcing them to maintain their distance.
o Allow the creation of a too small a number of large firms (Big 4) who
dominate the audit of major listed companies.

However, we have seen over the past ten years, particularly from the fallout from
the Enron case, where governments have established stricter rules over the
accounting profession and the ways an organizations board operates (e.g. board
is made up of a majority of independent NEDs).

4. Professional practice and codes of ethics

a) Describe and explore the areas of behavior covered by corporate code of

There are five main areas that are covered in an organizations code of ethics.
1) Stating what an organizations values are. Code is intended to promote
values that are linked to the organizations mission statement.
2) Promotion of stakeholder responsibilities. Code can be used to identify
whom the organization regards as important stakeholders. They can show
what action can be taken to maintain good stakeholder relationships. They
can show external stakeholders that they are dealing with people who do
business fairly.
3) Control of individuals behavior. Ethical codes can be referred to when
employee actions are questioned.
4) Promotion of business objectives. Codes can be very useful when trying
to solidify a companys strategic position. Taking a strong stance on
responsibility and ethics and earning a good ethical reputation can
enhance appeal to consumers in the same way as producing the right
products of good quality can.
5) Conveying values to stakeholders. The code can be used as a
communication devise, not only acting to communicate between partners
and staff, but also increasing the transparency of the organizations
dealings with its stakeholders.

b) Describe and assess the content of, and principles behind, professional codes
of ethics.

The content of a corporate code of ethics is normally quite short, dealing with
each point in just a few sentences, and sometimes in just one sentence.

Typical code contains:

o General statement about ethical conduct of the employees.
o Specific reference to the companys dealings with each
stakeholder group, such as employees, customers, shareholders
and local communities.

Might contain statements about the values of the company, such as:
o Acting with integrity at all times.
o Protecting the environment.
o The pursuit of excellence.

Respect for the individual.

Fundamental principles include:

Objectivity. Members should be unbiased and impartial when providing

business services. This means that members should not allow bias, conflict
of interest or undue influence of others to override professional or business

Professional competence and due care. This is where members have to

have the skill and knowledge to do his or her job. The client has to feel
comfortable with the services being provided.

Professional behavior. Members have to comply with all laws and

regulations and should avoid any action that discredits the profession.

Integrity. Members should be straightforward and honest in all business

and professional relationships.

Confidentiality. Members have a responsibility to respect the

confidentiality of information acquired as a result of professional and
business relationships and should not disclose any such information to
third parties without proper or specific authority or unless there is a legal or
professional right or duty to disclose.

c) Describe and assess the code of ethics relevant to accounting professionals

such as the IFAC or professional body codes.

Fundamental principles:
o Technical standards. The accountant must perform his or her job within
the relevant technical and professional standards. Technical and
professional standards would include::

Standards issued by the IFAC or a similar national regulatory


Financial reporting standards (US GAAP, or IFRS, or RAS).

Standards and regulations

accountancy body.

Relevant legislation (Sarbanes-Oxley, Foreign Corrupt Practices

Act, etc.).





o Objectivity. This means being unbiased and impartial, not having any
conflict of interest issues. This also means not having undue pressure from
others, for example, management wants the accountant to modify an
engagement report because the conclusion is unpopular.
o Professional competence and due care. Accountants need to be
competent in the work they do. This means have the necessary skills and
knowledge to perform their duties. Should strive to improve and stay on top
of what is going on in the profession.
o Professional behavior. Accountants are required to observe relevant laws
and regulations and to avoid any actions that would discredit the
accountancy profession. This requirement covers advertising by
accountants, which must be truthful and must not disparage the services
provided by rival firms.
o Integrity. Requirement of fair dealing. The accountant needs to be straight
forward, honest and truthful. This means that the accountant should not
supply any information which could be misleading, false or deceptive. For
example, the accountant will not modify a report unless factual errors are
known to exist.
o Confidentiality. Need to respect the confidentiality of information obtained
during your work. Information may not be used to enrich oneself.

Use the mnemonic TOPPIC to remember the ACCAs code of ethics.

The ACCA Code explains the fundamental principles as follows: Ethics is about
the principles we use today to judge the right and wrong of our actions. It is
about the fundamental principles that our members view and agree to each year
when they review their ACCA membership and submit their CPD (continuing
professional development) return.

5. Conflicts of interest and the consequences of unethical behavior

a) Describe and evaluate issues associated with conflicts of interest and ethical
conflict resolution.

A threat to independence of accountants in practice includes self-interest, selfreview, advocacy, familiarity, and intimidation.

Accountants in practice may face conflict of interest between their own and
clients interest, or between the interest of different clients.

Therefore, audit firms should take reasonable steps to identify circumstances that
could pose a conflict of interest.

Threats to independence includes:

Conflict of interest


Self-interest threat. Having a financial interest

in a client. This can affect the objectivity of the
accountant. Examples include:

Financial interest.

Close business relationship.

Employment with assurance client.

Partner on client board.

Family and personal relationship.

Gifts and hospitality.

Loans and guarantees.

High % of fees.


Self-review threat. This threat arises where an

audit firm provides services other than audit
services to an audit client.

Recent service with assurance client.

General services.

Preparing accounting
financial statements.

Valuation services.

Tax services.

Internal audit services.



Discussing the issue with the clients AC.

Taking steps to reduce dependency on
Consulting an independent 3rd party like
the ACCA.
Maintaining records, compliance with all
laws, audit standards and the internal
quality control procedures.

Safeguards might include:

Obtaining a quality control review of the
individuals work on the assignment.
Discussing the issue with the AC.
Making appropriate disclosures about the
Ensuring non assurance team staff are
used for these roles.
Using staff members other than
assurance team members to carry out

Corporate finance.

Other services (e.g. IT services, legal

services, etc.).

Advocacy threat. Accountant promotes the

point of view of a client, where the accountants
objectivity is compromised.

Legal services. Firm offered legal

services to client and had to defend them
in a legal case or provided evidence on
their behalf as an expert witness.

Corporate finance. Firm carried out

corporate finance work for the client and
was involved in advice on debt
reconstruction and negotiated with the
bank on the clients behalf.
Familiarity threat. Knowing someone
very well, possibly through a long
association in business. Think Enron and
Arthur Anderson.

Where there are family and personal

relationship between the client/firm.

Employment with assurance client.

Recent service with assurance client.

Long association with the client.

Intimidation threat. This arises when members

of the assurance team have reason to be
intimidated by client staff. Examples:

Close business relationship.

Family and personal relationship.

Assurance staff members

employment with client.




Obtaining client approval of work.

Second party review.
Confirming that the client understands
the valuation and the assumptions used.
responsibility for the valuation.
Relevant safeguards might be to use
different departments in the firm to carry
out the work and making disclosures to
the audit committee.

Safeguards might include:

Rotating senior staff off the assurance


Use second partners to carry out reviews

and obtaining independent (but internal)
quality control reviews.

Safeguards might include:

Disclosing to the AC the nature and

extent of the litigation.

Removing specific affected individuals

from the engagement team.

Involving an additional professional

accountant on the team to review work.

b) Explain and evaluate the nature and impacts of ethical threats and safeguards.

The accountant in business may face a variety of difficulties including conflicts

between professional and employment obligations, pressure to prepare
misleading information, whether the accountant has sufficient expertise, financial
interest or inducements.
Ethical threat

Conflict between requirements of the

employer and the fundamental principles.
For example, acting contrary to laws or
regulations or against professional or technical

Obtaining advice from the employer,
professional organization or professional
The employer providing a formal dispute


Preparation and reporting on information.

resolution process.

Legal advice.

Consult with superiors in the employing


Accountants need to prepare/report on

information fairly, objectively and honestly.
However, the accountant may be pressured to

provide misleading information.

Having sufficient experience.

Accountants need to be honest in stating their

level of expertise - and not misleading employers
by implying they have more expertise than they
actually do process.
Financial interest.

Situation where the accountant or close family

member has financial interest in the employing
Examples include the accountant being paid a
bonus based on the financial statement results
which he is preparing, or holding share options in
the entity.
Inducements receiving offers.

Refers to incentives being offered to encourage

unethical behavior. Inducements may include
gifts, hospitality, preferential treatment or
inappropriate appeals to loyalty. Objectivity and
/or confidentiality may be threatened by such
Inducement giving offers.

Consult with those charged with governance.

Consult with the relevant professional body.
Obtain additional training.
Negotiate more time for duties.
Obtain assistance form someone with the
relevant experience.
Remuneration being determined by other
members of management.
Disclosure of relevant interests to those
charged with governance.
professional body.



Do not accept the inducement.

Inform relevant third parties such as senior
management and professional association.

Do not offer the inducement.

Disclose information in compliance with

relevant statutory requirements, e.g. money
laundering regulation.

Follow the disclosure provisions of the

employer, e.g. report to those responsible for

Refers to accountants being pressured to

provide inducements to junior members of staff
to influence a decision or obtain confidential
Confidential information.
Accountants should keep information about their
employing entity confidential unless there is a
right or obligation to disclose, or they have
received authorization form the client.

Situations where the accountant needs to

consider disclosing information although there is
no obligation form statue or regulation.
Disclosure would therefore be in the public

Otherwise, disclosure should be based on

assessment of:
Legal obligations.
Gravity of the matter.
Whether members of the public will be

adversely affected.
Likelihood of damage to reputation.
Reliability of the information.
Reasons why employer does not want
to disclose.

c) Explain and explore how threats to independence can affect ethical behavior.
There are number of different threats to independence, such as:
Threats to independence

Possible effect on ethical behavior

Financial interest an accountant holds shares

in the clients entity.

Conflict between wanting a dividend from the

shareholding and reporting the financial results
of the entity correctly. May want to hide liabilities
or overstate assets to improve dividends.

Financial interest an auditor holds shares in a

client entity.

Conflict between wanting a dividend from the

shareholding and providing an honest audit
report on the entity. May want to hide errors
found in the financial statements to avoid,
qualifying the audit report and potentially
decreasing the dividend payment.

Close family member has an interest in the

assurance client.

Self-interest threat. May decide not to qualify the

audit report to ensure that the financial interests
of the family member are not compromised. May
also be an intimidation threat if an employee,
the assurance client may threaten to fire the
family member if a qualified audit report is

The assurance partner plays golf on a regular

basis with the chairman of the board of the
assurance client.

Self-interest threat. There may be a conflict

between potential qualification of the entity
friendship/golf with the chairman.

Fee due from the client is old and the assurance

firm is concerned about payment of the fee.

Intimidation threat. The client may threaten to

default on the payment unless more work is
carried out by the assurance firm. The
assurance firm may also be seen to be
supporting the client financially, implying that
any report will be biased because the firm wants
the loan to be repaid.

An entity offers an assurance partner an

expensive car at a considerable discount.

This might be seen as a bride by the client. The

partner may accept the car and not report this.

A close family member is a director of the client


Conflict of interest because the assurance

partner would not qualify the audit report since
the family member is close family member.

An assurance partner serves as an officer on the

board of the assurance client.

Self-interest and self-review threats. The partner

would have a conflict between producing
information for audit and then reporting on that
information. The partner may either miss errors
or even decide to ignore errors identified to
avoid having to admit to mistakes being made.

Conflicts of interest and ethical conflict resolution

When accountants are faced with ethical problems, they need to know what to do.
There are two possible approaches that the professional accountancy bodies could
take: rules based approach and a principles-based approach.

Rules based approach is to identify each possible ethical problem or ethical

dilemma that could arise in the work of the accountant and specify what the
accountant must do in each situation.

ii. Principles-based approach is to specify the principles that should be applied

when trying to resolve an ethical problem, offer some general guidelines but
leave it to the judgment of the accountant to apply the principles sensibly in
each particular situation.
o Main reason for taking the principles based approach is that it is
impossible to identify every ethical situation that accountants might
face, with differing circumstances in each case.
iii. The recommended approach (principles-based) approach to resolving ethical
o Identify threats to compliance with the fundamental principles.
o Evaluate the threat. Qualitative and quantitative factors should be
considered in the assessment of a threat to compliance. If it is
insignificant it may be ignored, but others should be dealt with.
o Respond to threat. If the threat is not insignificant, the accountant
should apply appropriate safeguards, if he or she can, to eliminate the
threat or reduce the threat to an insignificant level.
o If suitable cannot be applied, more drastic action will be needed,
such as refusing to carry out a professional service ending the
relationship with a client or resigning from the job.
d) Explain and explore bribery and corruption in the context of corporate
governance, and assess how these can undermine confidence and trust.

Bribery is the offering, giving, receiving or soliciting of any item of value to

influence the actions of a governmental official or other person in charge of a
public or legal duty (Blacks Law Dictionary).

Corruption can be defined as deviation from honest behavior.

The involvement of directors and other responsible for corporate governance in

bribery and corruption can undermine the relationship of trust upon which
corporate governance is based.

The intent of a bribe is to influence the actions of the recipient.

It may or may not involve money.
o Granting a privilege to the recipient.
o Payment does not have to take place to be effective. Promising to do
something would be enough.

Others may be complicit if they know of the bribe and fail to report it.

Legislation such as the Foreign Corrupt Practices Act and Bribery Act of
2011 makes commercial organizations liable if their employees pay bribes,
unless they take adequate procedures to prevent bribery.


Bribery is a form of corruption.

Other forms of corruption include:

o Abuse of the system This is when a person uses the system for
improper purposes.
o Bid rigging This is when a contract is promised to a party in
advance, although other parties have been asked to participate.
o Cartel This is a secret agreement by supposedly competing
producers to fix prices, quantity or market share.
o Influence peddling This is using personal influence in government or
connections with persons in authority to obtain favors or preferential
treatment for another, usually in return for payment.

Undermining the confidence and trust in Corporate Governance

Bribery and corruption is an issue for companies because companies that deal in
bribery or corruption:

Lack honesty and good faith

This means a person with corporate governance responsibility will no longer
be acting impartially and in accordance with a position of trust. It violates a
duty of service.

Conflict of interest
Those taking brides face a conflict between their legitimate duty and
responsibilities, and any personal gains they may make through unethical
Personal gains does not necessarily always mean taking money. A manager
involved in bid rigging may generate higher profits for the company, which
enhances the managers performance bonus.

International risk management

UK Bribery Act of 2011 acknowledges that commercial organizations in some
parts of the world and in some sectors may come under pressure to pay
facilitation fees to foreign officials in order to conduct business in the
foreign country.
The issue of whether a company has to pay bribes to conduct business is
It is argued that if a company had effective controls in place for assessing and
managing risks, then they should probably decide to avoid these places

Economic issues
Bribery and corruption results in a misallocation of resources. Contracts
are not necessarily going to the most efficient producer but to the producer
that pays the highest bribe.

Therefore, bribery disrupts the establishment and operation of the markets.

Participation in economic activity is less likely if it is felt that bribery or marketrigging make it unlikely that an acceptable return will be achieved for the risk

Professional reputation
If accountants are found of guilty of bribery or corruption, then the accountant
could lose his/her license.

e) Describe and assess best practice measures for reducing and combating
bribery and corruption, and the barriers to implementing such measures.
Recent legislation in certain countries has put pressure on businesses to introduce
sufficient controls, such as UK Bribery Act. In the US there is the Foreign Corrupt
Practices Act which deals with bribery and corruption.
Measures to combat bribery and corruption include:

Establishing the right culture in the organization

o Directors may seek to establish a commitment against corruption by a
formal statement, setting out a zero tolerance policy and setting out
consequences for employees and/or managers who transgress.
o This statement could be a statement beyond the companys code of
conduct statement.
o Commitment of the management team should be reinforced by the
involvement of senior management in the development and
implementation of bribery prevention procedures.
o Communicate the organizations policies and procedures, and provide
training in their application is important in developing the right culture.
Training should include general training on the threat of bribery
on induction, and also specific training for those involved in
higher risk activities such as purchasing and contracting.
o Companies need to be aware that if employees receive mixed signals
then this could affect the success of other measures.
Having a code of conduct. A code of conduct is perhaps the most important
element of communicating that bribery and corruption is not tolerated in the
o Codes include includes provisions about dealing truthfully with suppliers
and refraining from seeking or participating in questionable behavior to
secure competitive advantage.
o Business need decide that they need a separate anti-bribery code.

Risk assessment. Identification of circumstances where bribery may be a

problem must be built into business risk assessment.
o Sensitive areas could include the activities of intermediaries or agents
or staff within the organization responsible for hospitality or promotional

Note: UK guidance stresses that risk may change over time (for example as the
business enters new markets) and so may need to be reassessed. A poor internal
control environment may also be a factor that contributes significantly to increased

Conduct of business. The UK guidance states, a strong tone at the top and
the ethical code may be undermined by a lack of detailed guidance on the
implementation of anti-bribery procedures.

Note: UK Bribery Act suggests that what is seen as adequate protect against bribery or
corruption will depend on the bribery risks faced by the organization, and the nature, size
and complexity of the business. The Act is based on six principles:

Proportional procedures measures should be proportional to the risks and

nature, size and complexity.

Top level commitment top management needs to be committed to preventing

bribery and promoting a culture where bribery is seen as unacceptable.

Risk assessment organizations should assess the nature and extent of their
exposure to bribery internally and externally.

Due Diligence The organization should carry out due diligence procedures in
relation to those who perform services for it, or on its behalf.

Communication Prevention policies should be embedded and understood in the

organization throughout the organization through communication and training.

Monitoring and review The organization should monitor and review anti-bribery
procedures and improve them as required. The guidance states that risks are
dynamic and thus, may need to change if risks alter.

6. Ethical characteristics of professionalism

a) Explain and analyze the content and nature of ethical decision-making using
content from Kohlbergs framework as appropriate.

Ethics models (i.e. Tucker model and AAA model) are intended to help you
come to the right ethical decision. It does this by understanding the ethical
issues, and then getting you to understand the possible alternatives that can
be taken. Once you understand the alternative actions, it should be easier for
you evaluate the alternatives so you can make the right decision.

Kohlbergs model talks about the stages of moral development. Kohlberg

identified three levels of morality and six stages of moral development: preconventional, conventional and post-conventional.

Kohlbergs model cannot be used to derive the right ethical decision, but it can
be used to understand how different people would operate at each of
Kohlbergs level (pg. 271).
o For example, the text book related this to Tuckers ethical model.





A very important criteria,

as the pre-conventional
level is based on the idea
of rewards for self.

Profitability may be seen

depending on the local
ethos very important if
the decision maker works
in a major financial
center. Decision makers
will also be influenced by
any local requirements in
company law to seek

Surprisingly, perhaps this

could be a very important
criteria. Equally, it could
have no importance if the
decision maker believes
it goes against other
concepts. Those holding
the pristine capitalist
viewpoint would argue
that companies have a


profit maximization.

moral duty to make

profits to reward the
finance underwrites their
existence. Use of money
for other purposes is
under this stance.

b) Explain and analyze issues related to the application of ethical behavior in a

professional context.

In any situation dealing with ethical decisions, the following are the practical
steps that can be taken.
o Analyze the situation for ethical problems.
o Identify the ethical issues.
o Consider the alternative solutions.
o State the best course of action based on the steps above.
o Justify your recommendation (decision).

c) Describe and discuss rules based and principles based approaches to

resolving ethical dilemmas encountered in professional accounting.

Rules-based is a code would contain specific rules about how they should act
in a specific situation.
o Weakness to rules based, is that some circumstances can be complex and
varied and thus make it impossible to plan for every situation.
o Over time, situations might change. Therefore, would have to update the
code on a regular basis.
o Ethical views differ between countries and cultures. Behavior that might be
considered unethical in one country might be considered OK in another.

Principles-based code is a code that specifies general principles of ethical

behavior and requires the accountant to act in accordance with the principles.
o The accountant has to use best judgment in these cases.

7. Social and environmental issues in the conduct of business and ethical

a) Describe and assess the social and environmental effects that economic
activity can have (in terms of social and environmental footprints).

There is increasing concern about business relationship with the natural


Businesses may suffer significant costs and a loss of reputation if problems


Many businesses anticipate increased regulation in this area and wish to avoid
the costs associated with poor reputations.

Other businesses are motivated by the increased need for efficiency and the
need to reduce waste.

The effects that businesses have on society and the environment is often
referred to as footprints. We describe these below:

Social and Environmental footprint. A footprint is the mark that is left behind
in the sand.
o A social footprint is the effect the company has on the society (i.e.,
employees, communities) in which it operates.
o In general, economic activity provides social benefits: wealth, higher
standards of living, better health; however, it might also create social
damage (e.g. use of child labor).
o A social footprint might be measured in terms of:

The number of jobs provided.

Non-discrimination at work (composition of the workforce).

Health and safety measures (e.g. accidents per 1,000


o An environmental footprint is the effect of a companys operations on

the environment. This could include the use of non-renewable
resources, such as oil and gas, the depletion of scarce resources, the
waste of natural resources, pollution and the creation of waste, carbon
emissions, noise pollution, and so on.
o A company might have environmental policies for reducing its
environmental footprint:

Reducing use of depleting materials or non-renewable materials.

Reducing pollution and waste (e.g. reducing CO2 emissions,

recycling, waste disposal).

Improving the health and safety of the work environment.

Both social footprint and the environmental footprint should be measurable, so

that changes over time in the size of the footprint can be managed and

Impact of environmental costs. These costs can be divided into direct and
indirect costs.
o Direct costs would include the costs of disposing of waste, remediation
costs, compliance costs, legal costs, fines, environmental labeling and
certification costs and staff training.
o Indirect costs would include compensation costs to those whose
health may be adversely affected, the sustainability of certain natural
resources and the need to replace them with more expensive
alternatives, the risk of impaired asset values like share prices due to
poor environmental policies and impact of public perception on brand
values, market share and sales.


b) Explain and assess the concept of sustainability and evaluate the issues
concerning accounting for sustainability (including the contribution of full
cost accounting).

Sustainability has to do with meeting the needs and wants of consumers

today, without sacrificing the needs and wants of future generations.

Sustainability means limiting the use of natural resources to a level where they
can be replaced by the environment.

Sustainability questions:
o For whom: what species other than man.
o In what way: Purely an ecological focus or does it extend to social
sustainability which includes physical and mental health and wellbeing?
o For how long: This is the question of generational equity, should this
generation reduce per capita consumption or how many generations.
o At what cost: This is the cost to the economy.
o By whom: Governments or individuals, unilateral or multi-lateral, national
or global.

In the debate on sustainability, you need to understand the distinction between

weak and strong sustainability.

Weak sustainability:
o Human beings need to prevail.
o The natural environment can regarded as a resource. However, the human
race needs to have better mastery of the natural environment.

This can be done by incremental changes driven by market forces and

legal regulation.

Economic development is need to drive necessary technological


This is similar to the social ecologist perspective of CSR as identified

by Gray, Owens, & Adams.

Strong sustainability:
o Harmony with the natural world is our aim.
o The environment sustains all species of life.
o Current economic consumption must change.
o Supporters of strong sustainability argue that fundamental changes are
needed in society.
o They argue that the time span may be several centuries and will require
participation from governments and society to achieve.
o This viewpoint is linked to the deep ecologist approach identified by Gray,
Owens & Adams.

Full cost accounting:

o FCA is at its simplest a system that allows current accounting and
economic numbers to incorporate all potential/actual costs and benefits into

the equation including environmental (and perhaps social) externalities to

get the prices right.
o There are five tiers to FCA.

Tier 0 (Usual costs) This is the basic accounting numbers.

Tier 1 (Hidden costs) These costs include those hidden costs such
as overhead costs of management systems and safety.

Tier 2 (Liability costs) These costs include contingent liability costs,

such as clean-up costs, etc.

Tier 3 (Less tangible costs) These costs include the costs of poor
environmental management costs, which might include loss of good
will, reputation risks, etc.

Tier 4 (Environmental focus costs/cost of prevention) This is the

costs where the project has zero environmental effect.

Advantages of FCA:
o Better knowledge of the extent of a companys environmental
footprint. Investors are in a better position to assess the risks involved in
the companies activities.
o Able to reduce environmental footprint. If able to assess the
significance of the organizations environmental footprint, then in a better
position to actually reduce per unit and absolute resource usage.
o Assist in decision-making. FCA can inform decision-making by allowing
comparisons between externalities created by different investment
decisions. Environmental costs identified under FCA will be indicators of
future business costs in other areas.
o Can lead to favorable PR. By using FCA, a company is able to
demonstrate that its products or processes do not have a significant impact
on the environment.

Disadvantages of FCA:
o Have to collect and process a lot more data. Some suggest to adopt lifecycle accounting.
o Not understanding which costs figures to use. One example is the
choice between using the costs of correction (clean-up costs) or using
costs of prevention (costs of changing the way business is conducted).
o Translating activities into impacts. The translation process depends on
the (possibly limited) state of scientific knowledge.
o Limitation of business level analysis. In a lot of cases, businesses are
just too small to use FCA.
o Inclusion of social externalities. If using natural environmental effects,
then it would seem reasonable to try to account for social effects. However,
there are then additional problems of definition and measurement.
o Impression given. FCA may show an alarming picture, suggesting that
strong sustainability are needed rather than weak sustainability solutions.


o Compulsory FCA. If governments go future towards FCA, it might drive

some businesses to locate in countries where FCA is compulsory. Thus,
there is an export the externalities to developing nations.
c) Describe the main features of internal management systems for underpinning
environmental accounting such as EMAS and ISO 14000.

As organizations move towards establishing the eco-credentials of their

products, there are two internationally recognized standards that they can
apply for. These include:

The ISO 14000 series of standards, issued by the International Organization

for Standardization.

This environmental standard was first published in 1996.

It provides a general framework of environmental quality standards based

upon formal certification.

Companies that want to be in compliance with ISO 14000 are required to have
an audit each year of their system. These audits are to be undertaken by an
independent external expert. Internal auditors can help to make sure that the
company is in compliance with ISO 14000.

Critics argue that it places more emphasis on the procedures for maintaining
environmental quality than on the measurement of environmental results.

ISO standards state that an EMS (Environmental management system)

should be comprised of:
o An environmental policy statement.
o Independent assessment of the organizations environmental impact and
o An effective EMS.
o Internal audits of EMSs and reports to management.
o An annual compliance declaration.

EMAS: the Eco-Management and Audit Scheme in the EU.

o This is a scheme where environmental reports are subject to independent
verification (aka audit).
o It was adopted in 1993 as a voluntary scheme. It has been adopted more
widely in Germany.
o Many countries lobbied against it as it was seen as imposing excessive
reporting requirements.
o It emphasizes setting targets and improvements. It has to do more than
just monitor operations. It is intended to improve environmental
performance and disclosures.
o The scheme requires:

An environmental policy statement (EPS).

On-site environmental reviews.

Environmental management systems.


Environmental audits from independent approved bodies.

Done at least every three years.

Environmental policy statement (EPS) should outline the basis for future
actions to be undertaken.
o It should be based on reliable data.
o It should set specific targets.
o There are two types of EPSs:

Internal statements these are tailored to the organizations

specific requirements and mission statements.

External charter adoption Compliance with generally published

(EMAS) objectives which allows for international comparisons.

f) Explain the nature of social and environmental audit and evaluate the
contribution it can make to the development of environmental accounting.
Social and environmental audits are designed to ascertain whether the
organization is complying with codes of best practice or internal guidelines, and is
fulfilling the wider requirements of being a good corporate citizen.

Social Audit may cover:

o Sustainable use of resources,
o Health and safety compliance,
o Labor conditions, and
o Equal opportunities.

Through social auditing, an entity is able to assess and demonstrate its

social, economic and environmental benefits.

It also measures the extent to which an entity achieves its objectives as set
out in its mission statement.

Additionally, it establishes the process for the environmental audit.

An environmental audit is a systematic, documented, periodic and objective

evaluation of how well an entity, its management and equipment are performing, with
the aim of helping to safeguard the environment by facilitating management control of
environmental practices and assessing compliance with entity policies and external

Environmental audits are becoming more important because investors are

increasingly interested in the environmental footprint of a company as well as
its economic performance.
o There is a growing opinion among investors that environmental issues
are a potential source of risk to a companys business and reputation,
and environmental issues must therefore be managed.
o There is an increasingly greater number of ethical investors who prefer
to invest in companies with strategies for sustainable business.
o Consumers are gradually moving towards a preference for purchasing
environmental-friendly products rather than cheaper alternatives.

It normally involves the implementation of ISO 14000 or EMAS.

Without social and environmental auditing, environmental accounting would

not be possible.

Environmental accounting provides evidence of the achievement of social

and environmental objectives.
o One type of environmental accounting is environmental ABC.

Similar to normal activity-based costing.

An activity is identified for costing: it might be an environmentrelated activity such as waste recycling or pollution control.

Costs are identified and recorded for the activity (environmentalrelated costs).

A cost driver is identified for the activity (e.g. volume of waste,

volume of emissions, and toxicity of emissions , etc.).

Costs are calculated on the basis of the cost driver, e.g.

environmental cost of waste recycling per ton of waste

o Another type of environmental accounting is environmental life cycle


All the costs of the product, including its environmental costs are
measured over the life of the product.

High environmental costs might be incurred at the end of the

products life (e.g. contamination).

Decisions to go ahead with a new product will depend on all

costs over the life cycle.

Measures can be taken from an early stage to reduce the total

of those costs (e.g. reducing contamination at the end of the life
cycle, recycling materials).