MONITOR CORPORATE GOVERNANCE ACTIVITIES

ASSESSMENT 1

PRIMARY FUNCTIONS OF BOARD OF DIRECTORS

The essence of good corporate governance is ensuring trustworthy relations between the
corporation and its stakeholders. Therefore, good governance involves a lot more than
compliance. Good corporate governance is a culture and a climate of Consistency,
Responsibility, Accountability, Fairness, Transparency, and Effectiveness that is Deployed
throughout the organisation (the ‘CRAFTED’ principles of governance).

Boards have the basic responsibility to ensure sustainable improvements in corporate

valuations by providing strategic guidance and oversight regarding management decisions, as
well as selecting and changing the management whenever necessary. Success can only be
achieved on a sustainable basis, if boards behave as a role model for implementing the
CRAFTED principles of governance in their own operations and ensure that the corporation
follows these principles in making key decisions.

The board of directors is the most important element in corporate structures. The tone at the
top determines the tune in the middle.*In particular, clear separation of management rights
(taking initiative and implementation) and governance rights (guidance, approval, and
oversight), is critical in minimising potential ‘agency’ risks of the management such as:
• fraud
• cronyism, building a personal fiefdom with company resources
• lethargy, focusing on excuses as opposed to results
• being too risk averse that may lead to overinvestment
• being too risk prone

BASIC ELEMENTS BOARD SHOULD ADOPT

First, what is more important than which demographic characteristics a board member
possesses, is what kind of experience he/she has and what types of behaviour he/she portrays.
Therefore, gender, nationality and age diversity are not sufficient to evaluate the effectiveness
of a board. One should also evaluate the relevance of the experience of board members to
address the main challenges the company is likely to face.

Another important issue is that the quality of the information that the board gets is a key
determinant of its effectiveness. Whether relevant and timely information, presented in a
context, with the benchmarks and alternatives identified, assumptions understood and stress-
tested, or whether the potential effects of various alternatives on different stakeholders have
been taken into account, would have a significant impact on the quality of the board’s decision.

Third, the impact of a board’s decisions on output measures should be evaluated, not just not
inputs such as information quality. Governance is important for the sustainability of value
creation. If the model that aims to measure effectiveness of governance does not evalute the
linkages to output measures - not only financial performance, but also lead indicators such as
 customer, employee, or other stakeholder satisfaction - it would be missing an important
dimension.

Boards should also be focusing not only on the business results, but also how business results
are obtained. As an outstanding performance could sometimes be due to excessive risk-taking,
resulting in a relatively good performance during a particular period, it may not be sustainable.
Such an elaborate evaluation of management proposals requires an open and transparent
culture, where members are encouraged to challenge assumptions and evaluate alternatives.
 
Also, as there is a time lag between decisions and their impacts, the board’s performance should
be evaluated over a period of time, not at a specific time.

Finally, the purpose of measuring the effectiveness of governance should be to improve it

continuously. Therefore, assessing how a board learns and invests in developing its own
performance should be an important dimension of the model.

SOME ORGANISATIONS SHAPING CORPORATE GOVERNANCE

ICSA: The Governance Institute defines corporate governance as “the way in which companies
are governed and to what purpose.” To elaborate, corporate governance impacts all aspects of
an organization, from communication to leadership and strategic decision-making, but it
primarily involves the board of directors, how the board conducts itself and how it governs the
company.

Business advisory firm PricewaterhouseCoopers (PwC) calls corporate governance “a

performance issue,” because it provides a framework for how the company operates. According
to PwC, corporate governance should encompass the following:

 The company’s performance and the performance of the board

 The relationship between the board and executive management
 The appointment and assessment of the board’s directors
 Board membership and responsibilities
 The “ethical tone” of the company, and how the company conducts itself
 Risk management, corporate compliance and internal controls
 Communication between the board and the C-suite
 Communication with the shareholders
 Financial reporting
This list provides a bird’s-eye view of corporate governance in action, and conveys the extent to
which it can influence business. To help organizations navigate corporate governance, Deloitte
offers a Governance Framework that outlines the board’s objectives and responsibilities, and
how they relate to the corporate governance infrastructure.

OTHER SOURCES OF GUIDANCE

There are many other sources of regulatory and best practice guidance in relation to
matters of corporate governance. These include:

 ASX (including the ASX Corporate Governance Council)

 Australian Institute of Company Directors
 Governance Institute of Australia
 Financial Services Council
 Australian Council of Superannuation Investors.
 CORPORATE GOVERNANCE AND THE ROLE OF THE DIRECTOR

Good governance goes hand in hand with a director’s role, either as a manifestation of how a
director's duties are fulfilled or as a support in fulfilling these duties.

For instance corporate governance is concerned with:

 the quality of information flow within the company – this supports the board perform an
oversight role in the company;
 dealing with conflicts of interest, transparency and accountability to shareholders – a
director has a duty to act in good faith and in the company's best interests.

CONCLUSION

Corporate governance is the way a corporation polices itself. In short, it is a method of

governing the company like a sovereign state, instating its own customs, policies and laws to its
employees from the highest to the lowest levels. Corporate governance is intended to increase
the accountability of your company and to avoid massive disasters before they occur. Failed
energy giant Enron, and its bankrupt employees and shareholders, is a prime argument for the
importance of solid corporate governance. Well-executed corporate governance should be
similar to a police department's internal affairs unit, weeding out and eliminating problems
with extreme prejudice. A company can also hold meetings with internal members, such as
shareholders and debtholders - as well as suppliers, customers and community leaders, to
address the request and needs of the affected parties.

MONITOR CORPORATE GOVERNANCE ACTIVITIES

ASSESSMENT 2

According to the HIH 2000 Annual Report the company had gross premium revenue of
$2.8 billion, total assets of $8.0 billion, total liabilities of $7.1 billion, with net assets of
$900 million.

A brief recent history of HIH is provided below.

Date Event
Jun 4 1992 British insurance broker CE Heath floats off 45 per cent of its under–
performing subsidiary CE Heath International Holdings Ltd (HIH) on
the stock exchange. HIH in 1991 had net assets of $A39.7 million.

April 1995 HIH Insurance Ltd acquires CIC Insurance

Jun 6 1996 HIH acquires Utilities Insurance

Jan 8 1997 HIH becomes Australia's largest underwriter of bancassurance

business after acquiring Colonial Mutual General Insurance.

Sep 1998 HIH blacklists stockbroking analysts who disputed its assessment of
the company

January 1999 HIH wins a $300-million takeover bid for FAI Insurance

3 March 1999 HIH posts a 39 per cent fall in 1998 net profit to $37.6 million, blaming
damage claims

19 November 1999 HIH admits it paid more than it expected for FAI.

March 2000 HIH returns to profitability in first half of 1999/2000.

June 2000 Analysts are concerned about HIH after the Australian Prudential
Regulatory Authority's (APRA) proposes to increase capital adequacy
requirements for insurers

13 September 2000 HIH sells part of its domestic personal lines business to German
insurance giant Allianz for nearly $500 million

14 September 2000 HIH shares tumble to an all-time low after a lower-than-expected

profit result and criticism of the Allianz deal

12 October 2000 HIH chief executive Ray Williams announces his retirement

15 December 2000 HIH shareholders call for resignation of former FAI chief Rodney Adler
from the HIH board

26 February 2001 Rodney Adler resigns from HIH board

14 March 2001 NRMA Insurance buys HIH's workers' compensation portfolio.

 15 March 2001 HIH Insurance goes into provisional liquidation with losses of $800
million

16 March 2001 APRA says HIH's woes stem largely from a reassessment of claims
liabilities

11 April 2001 Provisional liquidator warns it could take up to 10 years before some
creditors are paid.

16 May 2001 Australian Securities and Investments Commission launches its

biggest ever investigation, seizing HIH documents

18 May 2001 Former HIH chief Ray Williams hands in his passport and says he has
nothing to hide

21 May 2001 The federal government announces a royal commission into what is
Australia's biggest corporate collapse.

IN MARCH 2001 HIH INSURANCE SUFFERED A COLLAPSE

The March 2001 collapse of HIH Insurance sent shockwaves through the Australian business
community. The country’s second-largest employer, HIH was at the tail-end of a major
acquisition spree that had seen the company purchase major insurance operations in New
Zealand, Argentina, Switzerland and the US since 1997. Most significantly, in 1999 HIH had
purchased one of its main competitors, FAI Insurance, taking on that company’s chief executive
Rodney Adler as one of its corporate directors. With an estimated $8.1bn asset base at the end
of 2000, HIH was widely perceived as an extremely robust and reliable company; however,
private internal reports had begun to demonstrate that the company’s debt leverage and
insurance liabilities were so high that there was a real risk of insolvency. Ultimately, in early
2001 the company’s precarious financial situation became untenable and HIH endured the
largest corporate collapse in Australian history, going down with losses of more than $5bn. With
the company continuing to function purely so as to service old claims, with no new business
being taken onboard, Australia’s financial regulators set out to determine the precise chain of
events that had led to the HIH collapse. (M. Westfield. 2003)

A Royal commission, examined the chain of events that led to the collapse of HIH. Reporting in
April 2003, the commission found that there wasn't just a single cause of the company’s
collapse. But that there was systematic failure in almost every area of its operation
(hihroyalcom.gov.au 2003), and the extent of this failure was so great that criminal charges
were brought against key members of the company’s board such as William Howard, Ray
Williams, Geoffrey Cohen and Rodney Adler. (ASIC 2005) In particular, Rodney Adler was
convicted on four separate charges: one count of obtaining money by deception; one count of
dishonesty in the discharge of his duties; and two counts of intentionally disseminating false
information. In particular, Adler was found to have falsely claimed, in a number of interviews,
that he had personally purchased HIH shares in mid-2000. (D. Elias .2005)Â   By making such
claims, and specifically by claiming that HIH is undervalued in terms of its share price, Adler
was guilty of willfully disseminating financial information that they knew, or had good reason to
know, was false. However, there were separate calls for an inquiry into how HIH’s corporate
governance systems had failed to prevent Adler abusing his position in such a manner. In a
separate claim, Adler was accused of persuading HIH to invest a $2m loan in Business Thinking
Systems (BTS), a company in which Adler had an interest.(Karen Percy 2005)

The other major failing identified in the downfall of HIH was a failure to provide properly for
future claims, and all other problems essentially stemmed from this issue. Covering future
claims is one of the most fundamental aspects of any insurance company’s business, yet by the
end of its existence HIH was in a position where a negative shift of as little as 1.7% would be
enough to bring the company to the point of insolvency(M Westfield,2003) . The primary reason
for this failure was reported to be a mismanagement of changing market conditions, which
increased HIH’s liabilities massively and were not covered by strategic planning initiatives that
might have been expected to absorb such changes. Changing market conditions can cause
serious destabilization for any insurance company, but the risks are well-known and most
companies take extra care in order to minimize their exposure to such changes. The fact that
HIH dramatically over-exposed itself was for the most part due to the company’s extremely
rapid expansion (Brendan Bailey 2003).As noted earlier, HIH acquired a number of companies
during its final years and was making a major push for international expansion. Such expansion,
while often a strong business move, often brings greater liabilities than would otherwise be the
case, and HIH appears to have acted based on the belief that the liabilities would merely be
proportional to its expansion. The company appears to have fundamentally misunderstood the
degree to which extra provisions need to be made for changes in its market environment. This is
a major mistake that could in my opinion, if addressed at the time, have been resolved. The fact
that the board of HIH apparently went unchallenged when pursuing this strategy shows that
there was a failure of governance at HIH, with no real oversight being applied to check whether
the company’s strategy was correct or financial sustainable.

In the aftermath of the HIH collapse, the Australian Securities and Investments Commission
(ASIC) made a number of changes to ensure that the same problem could not be repeated. In
particular, ASIC inaugurated a strict new set of corporate governance rules designed to ensure
that companies stay closer to the regulations in this area. ASIC acted on the belief that the core
governance procedures and rules were fundamentally sound during HIH’s final months, but that
ultimately the company’s board was able to find ways to achieve technical compliance while still
engaging in the kind of activity that the regulations were designed to prevent.(ASIC 2003) In my
opinion this can be seen as a failure of the regulations as much as a failure of the company,
although clearly it was the decision of individuals such as Adler to deliberately move against
these regulations that led to the company’s downfall because there was no proper oversight on
the actions of the board. However Adler and other members of the HIH board were in no way
induced or encouraged to act in the way that they did. Rather, they chose to go against the spirit
of the rules and act in a manner that was clearly against the best interests of the company.

Ultimately, it’s clear that HIH should have been much more cautious when pursuing its
expansion, and should have taken greater steps to ensure that its liabilities were covered. By
expanding so rapidly, the company was entering markets in which it had little or no experience,
yet no provision appears to have been made for the need to leave extra margins while entering
these new markets. This is clearly a case of major mismanagement and of over-confidence
during a period of major expansion. These problems were increased, by the company’s reaction
to its bad financial position, and particularly by Rodney Adler’s decision to attempt to secure
investment based on false statements. Even when the company’s enhanced liability was made
apparent, in my opinion there still could have been a chance for HIH to recover by introducing a
major cost-cutting program and ensuring that future operations would eventually make up for
the losses. Adler chose to try to cover up the financial problems in the short-term and hope that
his misstatements might ultimately bring the company back onto a strong financial footing that
would allow it to cover over his mismanagement so that it would never become public. This
approach by Adler was designed to fix the initial over-expansion error, but actually
compounded that problem and represented a second serious mistake. The fact that the
regulatory authorities were unaware of what was happening in my opinion does not indicate
major problems with those authorities, since any company that engages in the level of deception
orchestrated at HIH will always have a chance of getting past the rules. Although lessons can be
learnt, particularly in terms of the apparently concentration of power in Adler’s hands, there’s
clearly a limit to the ability of regulatory groups to cover companies where the directors set out
on a determined path to commit fraud and to mislead observers. Although this does not mean
that the authorities should not be vigilant, it’s clear that in the case of HIH, ensuring full and
proper punishment for Adler and other executives in the aftermath of the collapse, as a warning
to others, was in my opinion one of the best options.

CORPORATE GOVERNANCE ISSUES

An American report attributed insurance company failures to rapid expansion, unsupervised

delegation of authority, extensive and complex reinsurance arrangements, underpricing,
reserve problems, false reports, reckless management, incompetence, fraud, greed, and self–
dealing. According to A.M. Best,) insurance industry insolvencies started to rise again in 1997 due to
inadequate reserves for claims.

According to press reports, HIH's actuarial adviser had warned HIH management a year before
the company collapsed that its accounting practices could have "disastrous consequences." (3)
These practices were the amount of assets held by the company in order to pay future claims.
"Instead of adding a buffer – known in the industry as a 'prudential margin' HIH chose to lay off
some of its risk by buying reinsurance from other insurance companies." According to HIH's
actuarial adviser, "by June 2000 it had run out of reinsurance cover," (4) and presumable did not
have sufficient assets – or a sufficient prudential margin to pay claims.

The actual reasons for the demise of HIH is likely to be revealed either by the provisional
liquidator, or by one or all of the inquiries into the HIH collapse.

Dominance of Ray Williams, the CEO of HIH Ray Williams was one of the founders of HIH
insurance, and won a wide respect for his excellent capability and loyalty to the company.
Although HIH has become a listed corporation for a long time, the historically developed
predominant position makes Ray Williams still have an illusion that HIH is his own belongings
not the shareholders and he no doubt deserves to override the board. Unfortunately the board
of directors fails to refrain him from doing so, and conversely indulges him to run the company
dominantly. For example, there were no clearly defined limits on the authority of CEO in some
vitally important areas within HIH; Ray Williams got the favor to control the board and the
company through manipulating the agenda for board meeting and the evaluation of the other
senior executives’ performance. Dominant, unfettered CEO made HIH become an
entrepreneurially run company which was actually controlled by the senior manager and to run
primarily in the interest of the senior managers rather than in the interest of stakeholders. The
existence of a dominant CEO is a known big threat to the function of the corporate governance
model and increases the company’s risk of departing from the interest of stakeholders and
going into corporate excess.

Inadequate risk management Given the nature of insurance company, the risk management
plays a vital role in the operation of the company. Although the board has set a investment
committee to appreciate the risk of investment and set investment guidelines on currency and
property dealings, the fact of three major investment failure mentioned above provides ample
evidence that the risk management of HIH has not yet been well shaped and performed. As
Justice Neville Owen has pointed out, directors are negligent in terms of analyzing the strategy
for investment decisions and appreciating the risk in relation to the investment with adequate
appropriate information sources, “risk management failure was just part of the bizarre
management style that sent HIH down the toilet”.

Lack of independent information resources for NEDs to fulfil their responsibilities It is no doubt
that the accounting system plays a dominant role in the function of the corporate governance
systems. For the company as large as HIH, It is not feasible and economical for the non-
executive directors to collect and process the information necessary for them to fulfil their
directors’ responsibility by themselves, Hence the non-executive directors’ fulfilment of their
responsibility have to be compromised because they have no choice but to depend on the
accounting system organized and directed by the management. Undoubtedly this point
represents a inherent risk of the corporate governance system. In order to mitigate potential
menace brought by the defect, the company seeks the compensation from such below
institutional arrangements: (1) including a finance director into the board so that the non-
executive directors can be more properly and directly informed of the accounting information;
(2) ensuring the audit committee functions independently and effectively so that the non-
executive directors can have faith in the audited accounting information. Judged from the given
information, HIH seemed to fall short of the above requirement: First of all, there was no finance
director included in the board and Ray Williams, the chief executive, dominated the
management and accounting information provision. Secondly, Due to the seemingly defect in
the independence of the non-executive directors who composed the audit committee, the
function effect of the audit committee deserved to be doubted. Accordingly, the non-executive
directors can hardly Corporate and Other Policies

Corporate and other policies include professional indemnity, directors and officers, public and
products liability, marine, group salary continuance, property and special risk classes such as
jewellers block, group personal accident, and trade credit.

According to the provisional liquidator, an agreement was reached to facilitate QBE to provide
renewal insurance for most of HIH's remaining corporate business. QBE is willing to consider
providing insurance to existing HIH customers prior to the completion of this transaction.
Policyholders who take up this offer will need to approach QBE in order to reach agreement
about the terms of any cover and the payment of any additional insurance premium.

Corporate policyholders should consult their insurance brokers/advisors and obtain alternative
insurance cover if advised. These policyholders may also wish to contact their industry
associations if relevant.

Outstanding claims in respect of these policies and any premium refund will constitute claims
against HIH. There is therefore a real risk that claims made in relation to these classes of
business may not be capable of being fully satisfied.

How Did it Happen?

 MONITOR CORPORATE GOVERNANCE ACTIVITIES

ASSESSMENT 3

CORPORATE GOVERNANCE

The phrase was coined with modern usage around the common law world after the release of
the Cadbury Report in the UK in 1992. Sir Adrian attempted to define this concept as ‘the system
by which companies are directed and controlled’. This report prompted many other common
law jurisdictions, such as Australia, New Zealand, Malaysia and South Africa to follow suit with
their own reports into corporate governance.

Without doubt ‘corporate governance’ had become the buzzword of the 1990s and has
continued into the 2000s. Historically the phrase “corporate governance” can be dated back to
the Swiss cantons of the 1300s and the modern version from the financial corporate collapses of
the late 1980s.

Other definitions found in the academic environment include the Cochran and Wartick’s 1988
publication Corporate Governance: A Review of the Literature, believe corporate governance to
be ‘an umbrella term that includes specific issues arising from interactions among senior
management, shareholders, boards of directors and other corporate stakeholders’.

Australia’s attempt at reviewing corporate governance as part of the reform of directors’ duties
under the Corporate Law Economic Reform Program (CLERP) defined it as ‘dealing with how,
and to what extent the interests of various agents involved in the company are reconciled and
what checks are put in place to ensure that managers maximise the value of the investment
made by shareholders’.

Probably, one of the most significant contributions is the 2003 Final Report into the Collapse of
HIH Insurance by Royal Commissioner, Justice Neville Owen. He stated that ‘corporate
governance’ is not a term of art and thus will vary from corporate entity to corporate entity. He
said “At its broadest, the governance of corporate entities comprehends the framework of rules,
relationships, systems and processes within and by which authority is exercised and controlled
in corporations.” Owen went on to state that at a high level, corporate governance is all about
accountability and stewardship. As a part of this Royal Commission, 61 policy recommendations
were made to strengthen and reform Australias’ system of corporate governance.

But how can one term mean so many different things? Well, the answer isn’t an easy one! As
with defining things like fulfilling ‘legal obligations’ or ‘account keeping’, corporate governance
will mean different things to different corporations depending upon what class of company they
are, what style of management they use, what type of personnel they involve and the companies
particular needs and attributes. There is no ‘One Size Fits All’ approach to corporate
governance.

COMPANY DIRECTORS OBLIGATIONS

As a director, the law makes you personally responsible for keeping proper company records.

You must see that the company keeps up-to-date financial records that:
correctly record and explain its transactions (including any transactions as a trustee), and

explain the company’s financial position and performance.

All companies must have financial records so that:

true and fair financial statements of the company can be prepared if needed

financial statements can be conveniently and properly audited if necessary, and

the company can obey the tax laws.

If your company is a ‘small proprietary company’ or a small company limited by guarantee (as
defined in the Corporations Act), it will generally not have to prepare formal financial reports
under that Act each year and lodge them with ASIC. However, you must still keep financial
records, and may need financial reports for managing and monitoring your company’s financial
position and performance for tax purposes or for raising finance.

In most cases, large proprietary and public companies—even not-for-profit public companies—
will have to prepare financial reports, have them audited and lodge them with ASIC.

The HIH Royal Commission responsible for investigating this crime was no small affair in
Australia’s corporate world. The Commission involved 120 members of staff- six executives
including Justice Owen, 23 Secretariat, 26 Assisting lawyers, 20 forensic accountants and
actuaries, and a 44 strong team of IT specialists and document managers.

ASIC was able to isolate a single $10m transaction from the HIH Royal Commission so as to
bring a civil penalty action focusing on “officers’ duties” against Adler, Williams (chairman) and
Fodera (chief financial officer). The court found that the majority of the funds used to acquire
HIH shares were actually provided by the company. The NSW Supreme Court (and subsequently
the NSW Court of Appeal) found that the defendants had collectively contravened 197
provisions.

The Court imposed civil penalties of:

$250,000 fine and disqualification for 10 years (Williams);

$5000 fine (Fodera);

$900,000 fine, disqualification for 20 years (Adler); and

$8m in compensation to HIH Insurance Ltd (Williams and Adler).

It was reasonably assumed that Adler, after being found liable for breaches and contraventions
of the Corporations Act for mostly officers’ duties, would have finished his litigation. However,
“Round No 2” commenced with a criminal prosecution, brought by ASIC, for similar events. The
NSW Supreme Court looked at the actual charges that had been laid, which related to market
manipulation claims, and held they were very different in nature to the officers’ duties actions;
as such, the double jeopardy rules did not apply.

Officers’ duties are owed to the company, and possibly to its shareholders. Where there is a
liquidation, then, the action for breach of officers’ duties can be brought for recovery for the
benefit of creditors (including the $8 million ordered for compensation by the earlier court).
This has to be compared with the market manipulation provisions which are all about the
protecting of the business community and market fairness, integrity and reputation.

On 16 February 2005, Rodney Adler pleaded guilty to charges relating to false and misleading
information, inducing persons to trade and conflicts of interest. The market manipulation
charges were dropped as part of a plea-bargain. On the 14 April 2005 Adler was sentenced to
four and a half years imprisonment, with a non-parole period of two and a half years. A day
later, Williams was sentenced to four and a half years, with a non-parole period of two years.
Under the sentencing guidelines, the judges had to take into account the different sentencing
regimes under the Commonwealth law and under the NSW state laws, as well as the discounting
for the guilty plea. Williams received a 25% discount for his early plea, where as Mr Adler only
received a 10% discount for his guilty plea as it was on the first day of the criminal trial.
Additionally there are other criminal charges against Mr Howard, Mr Cooper, Mr Abbott, Mr
Mainprize, Mr Wilkie and Mr Burroughs, to name a just few of the outcomes from the HIH
insurance collapse.

THE PROBLEMS

There is clear evidence that the focus on corporate governance and preventing inappropriate
market conduct only seems to arise when there is a business decline. Financial Services Reform
Act amendments in 2002 and reforms are a step in the right direction, but are complex and
expensive to comply with and enforce. Many companies are reporting difficulties with the time
and expertise it requires to ensure a company is fully compliant with the current corporate
governance legal regime. The first civil penalty action for insider trading was handed down in
ASIC v Petsta in February 2005, which may encourage other actions which would have been too
difficult to prove as criminal cases. But the successful plea-bargaining of Adler to avoid the
market manipulation charges and substitute other contraventions still indicates how hard it is
for the regulators to prove a complex criminal case. A similar view could be taken with the Steve
Vizard case in August 2005.

Before addressing the meaning of good corporate governance, it is important to understand the
reputation damage caused to organisations when serious allegations of white collar crime are
made.

What is the connection to corporate governance?

What is the common tie that binds these corporate criminals together? Apart from the fact that
they were the rich business leaders of successful companies and are now professionally poorer,
both financially and in reputation, with jail sentences hanging over their heads; the fact is that
each of the corporations in question could have had better corporate governance systems in
place. And with the beauty of hindsight, it is clear that with better corporate governance, none
of them would be where they are today!

Michael Rose, a partner with the law firm Allen Arthur Robinson, has identified four reasons
why in the last 15 years greater enforcement of “white-collar crimes” has been pursued:

There has been a change in attitude by the broader community towards corporate crime

This has been coupled with a more sophisticated legal system under the FSRA and Corporations
Act amendments

There is also a stronger political will to catch corporate crooks at a state and federal level

In recent times there has been a greater personalisation of businesses by their leaders, which
makes it more difficult for the individuals to escape attention.
That leads to the natural question of “how can good corporate governance have provided better
protection for either the individuals involved in these cases or their corporate entity?”

COVERAGE AREA OF CORPORATE GOVERNANCE

If we accept the thoughts of Justice Owen that the board is responsible for setting the
framework for the system and processes of accountability and stewardship, then the ‘corporate
governance’, as a task, can be divided into three definitive aspects. There is often a lot of
confusion between the inter-relationship between corporate governance, due diligence and
compliance. These three fundamental components may be applied to any company from the
smallest of firms to the largest ASX listed entity:

Corporate governance

Due diligence

Compliance programmes

Due Diligence:

Due diligence, as a phrase, is another import from the USA, which had a specific defence to
certain legal transactions, such as a takeover or a fundraising exercise. This might be fairly
described as “external due diligence” or possibly transactional due diligence. This has become
established in Australia as there are legal defences at common law (in negligence) as well as in
the Corporations Act 2001 (Cth) for directors and officers who have taken reasonable care. One
of the most significant examples introduced in March 2000 was the statutory business judgment
rule defence as found in s 180(2) Corporations Act. There are also defences in terms of financial
products, such as a product disclosure statement or a fundraising document (prospectus) or the
reliance on others defence in s 189. At an even broader level, much of the Corporations Act is
governed by the Commonwealth Criminal Code and that contains a defence to general due
diligence under Division 12 of the Criminal Code Act 1995 (Cth).

However, ‘due diligence’ is no longer limited to this external transaction approach and limited
to a reactive legal form of defence. The term due diligence now also refers to the internal
processes of evaluating everything within a corporation from internal legal audit and risk
management processes. Thus many organisations to fulfil their corporate governance plans or
frameworks have established an internal due diligence process. It is common to have a legal risk
audit conducted (either internally or by external professionals, depending upon the type of
business). This is used as a driver for a compliance planning program to be developed which
will be overseen and implemented by senior management. On a regular basis (between six
months and two years) these compliance programs may be reviewed and adapted to changing
regulatory and business environments and finally audited as part of the risk management
strategy. The actual process may vary from corporation to corporation and other labels may be
applied, but a due diligence process made up of a variety of compliance programs, will help set
the framework for a culture of good corporate governance to develop and be led by the board of
directors, who have the ultimate responsibility.

Thus, due diligence no longer just refers to the process of evaluating external processes and
transactional activities, but also refers to the internal processes of legal compliance.

COMPLIANCE METHODS

Often it is the compliance programmes that are where the confusion between the three
fundamental processes within the periphery of corporate governance stems. Part and parcel of
engaging in fulfilling the duty of due diligence when conducting day to day checks on internal
processes is checking compliance to legal obligations, to trade practices, to environmental,
corporate and privacy law. This process of implementing compliance programs to ensure
compliance is a key defence or at least mitigation by the corporation against any legal actions.

It may be that a corporation, in carrying out its internal due diligence will conduct a legal risk
audit, from which plans will be developed in order to manage and minimise risk. The
development of compliance plans may be a part of performance of due diligence, but the simple
act of designing and implementing compliance programs does not constitute due diligence per
se. It is accurate to say that internal processes of due diligence then, involve factors of
establishing compliance programs, yet it would be inaccurate to say that the two were
synonymous. Regulators like ASIC have many powers to help them enforce the Corporations Act
and other such legislation. The use of enforceable undertakings often requires a corporation to
undertake a new compliance program and put in place a due diligence process to make sure that
such potential contraventions of the law do not arise, as well as an educational program for
employees, agents and officers of the corporation.

The importance of internal control

A company’s system of internal control has to serve a number of functions.

It is one of the main tools used to identify and manage a company’s risks, protect the
investments made by shareholders and safeguard the company’s assets. Internal control aims to
enhance business operations and ensure the effectiveness of external and internal reporting. In
addition, an internal control system should be designed to detect fraud and support
management in complying with laws and regulations.

In order to achieve this, an internal control system will focus to a large extent on financial
controls and the detection and management of financial risks. The system has to be able to
adapt to a continuously changing risk profile, which also means that the efficiency of internal
control methods and processes themselves need to be evaluated on a periodic basis.

Internal control systems are not designed to avoid risks altogether, but to detect and assess the
material risks to which a company is exposed and to enable the management of these exposures
in the most appropriate way.

Regulations and voluntary codes of conduct on internal control

The way in which a company has to organise its system of internal controls and the
responsibilities that the management board has with regard to internal control depends on the
country of operation. It will be governed by law, by voluntary codes of conduct or, in some rare
cases, not be governed at all externally.

Internal control frameworks typically stipulate that all members of a company are in different
ways responsible for internal control. While management is responsible for establishing policies
and procedures governing internal control, the board of directors should assume the role of
providing governance and oversight. Ultimately, the board will be responsible for the system of
internal control. It may choose to delegate to management the establishment, operation and
monitoring of the system, but it cannot delegate its responsibility for the internal control
framework as a whole.

Nonetheless, staff must have the necessary knowledge and authority for reporting any issues
such as infringements of policies and procedures, illegal actions or any weaknesses of the
internal control system if and when they are detected.
Internal auditors may have an important role to play when assessing the effectiveness of
internal control systems and performing monitoring functions. Internal auditors will report to
senior management and recommend improvements to the existing set-up. They may also have a
reporting line to the board or the board’s finance committee. Internal auditors should not be
involved in the design nor take part in the running of the control system in order to maintain
their independence.

Internal control components

Irrespective of the internal control framework that is implemented, any control system will
contain a number of key components, including a wide range of issues and criteria that need to
be addressed when establishing a system of internal control. These issues will depend on the
specific situation of the company, its size and the risks it may be facing, but several key points
are addressed below:

ASSESSMENT OF RISK

The company must establish clear objectives with regard to internal control issues and
communicate these objectives throughout the organisation. All employees need to receive direct
effective instruction on the objectives. To this end, internal control plans and objectives should
include measurable targets or indicators whenever possible.

All risks must be identified and evaluated on a continuous basis. The board must define the level
of acceptable risk for the organisation and ensure that the risk threshold is understood by
management and staff and incorporated into the internal control system.

CONTROL ACTIVITIES

There must be effective strategies and policies in place to deal with any identified risks. Risk
management and internal control objectives should be reflected in the company’s culture and
code of conduct as well as the management’s actions and Directives. Senior executives should
contribute to a general climate within the company that encourages integrity and trust.

Authority, responsibility and accountability must be clearly defined and assigned. Any actions
or decisions must be made by the appropriate person. Employees need to be aware of their role
in internal control in all areas relevant to the company’s internal control objectives.

Senior management needs to ensure that all staff are sufficiently sourced and informed in order
to manage any identified risks and achieve the company’s objectives. At the same time the risk
policies, processes and controls should be flexible enough to adapt to new or changing risk
exposures.

REPORTING MECHANISMS

Information and communication

In order to take effective decisions, management and board will have to receive regular reports
on whether business objectives are being achieved and which external and internal threats and
risks may prevent the company from reaching its objectives. These reports need to be supplied
in a timely, relevant and reliable manner and can be based on quantitative measures such as
progress and performance indicators as well as qualitative information (eg customer
satisfaction).

The information systems required for this type of reporting must be able to adapt to changing
information needs in response to changing risks or identified reporting weaknesses. In addition,
external reporting processes should accurately reflect the company’s situation and future
projections in an accessible and comprehensive way.
Direct communication processes and channels must be established to enable individual
employees to report potential non-compliance with laws and regulations, suspected fraud or
other irregularities to senior management.

Monitoring

Ongoing monitoring processes should be embedded into the company’s business operations.
Risk management and internal control processes, policies and activities must be established by
senior management and their application monitored. The supervision by management can be
based, for example, on confirmation procedures, control self-assessment, internal audits or
management reviews.

Existing processes must allow for the re-evaluation of risks and the adaption of controls to new
and changing business objectives and risk exposures. The effectiveness of the internal control
system in adapting to change must be followed up and assessed by management.

The company needs to implement effective communication processes and channels to support
the regular reporting on monitoring processes and internal control, in particular the reporting
of weaknesses or flaws. In addition, a company should establish specific monitoring and
reporting systems for high priority risks and control issues such as potential fraud.

Reviewing the effectiveness of internal control

One of the board’s key responsibilities is to review the effectiveness of internal control. The
board cannot however rely merely on the monitoring activities that are part of the company’s
operations. It will also have to request and review individual reports on internal control.

In many jurisdictions, the board will also have to assess, once a year, the overall effectiveness of
the internal control systems and report its findings together with the company’s annual reports
or in a separate statement. The board should define the scope and timing of the reports it
requires for this annual assessment and the general internal control review process.

Management is typically accountable to the board for monitoring the internal control system.
Management should, in its reports to the board, point out the significant risks faced by the
company and the effectiveness of internal control system in managing those risks. Any existing
control deficiencies and their impact should be discussed by the reports as well as the measures
taken to address any identified weaknesses of the control system. A functioning communication
between management and board is therefore crucial to the maintenance of internal control.

Whether any of the review tasks are taken over by a designated audit committee or other body
can be decided by the board and will depend on the size and complexity of a company’s
operations and the risks it faces. The audit committee should in any case report all of its
findings directly to the board as the board will take ultimate responsibility for any disclosures
made on internal control in the annual report. The main points that should be considered when
evaluating the effectiveness of internal control are:

Significant risks and the way these risks have been identified, assessed and managed.

How effective the internal control system is in identifying and managing the risks.

The quality and frequency of information supplied by management or internal auditors to the
board.

The scope, quality and frequency of existing monitoring activities and the need to implement a
more extensive monitoring of the internal control system.
Any reported weaknesses of the internal control system and their current and future impact on
operations and financial performance.

How any failings have been addressed and whether the design, maintenance and monitoring of
internal control will need to be improved.

Cost-benefit of internal control

While the value of internal control systems is generally not disputed, some critics argue that the
regulation of internal control, particularly in the US, has led to an imbalance in terms of the cost-
benefits. Internal control systems can be both expensive and time-consuming for senior
management. At the same time the evaluation of the effectiveness of internal control systems is
a complex and technical matter, which cannot provide complete assurance.

The Turnbull guidance and the European Corporate Governance Forum both support the view
that the cost-benefit of internal controls is an important factor that should be considered when
implementing an internal control framework. The Turnbull guidance presents a risk-based
approach which regards risk as an intrinsic part of conducting business and emphasises the
management of the highest impact risks.

Whichever framework is used, internal control is more than just a compliance issue. If
implemented effectively it should add real benefits to the operation and management of a
business.

FINAL CONCLUSION

Lessons learnt in recent Australian corporate history including the $5.3 billion collapse of HIH
Insurance; One.Tel Limited; the NAB’s foreign exchange division, Rene Rivkin’s insider trading
activities, indicate a stronger commitment to prevent and prosecute corporate crime. The High
Court has recently ruled on the impact of Directors and Officers insurance in two cases (Willkie
v Gordian Runoff Limited and Rich & Silbermann v CGU Insurance These cases involved the
payment of defence costs in out standing litigation by regulators and creditors. The court ruled
that the terms of the policy are crucial to the advancement of costs, but re-enforce why
corporate officers would want an effective corporate governance framework, based on an
effective internal due diligence system, which is supported by efficient compliance programs to
white-collar crimes.

ASIC in recent times has indicated that they are serious about enforcement of Australia’s
regulatory regime and corporate governance laws. In 2004/05 to June this year ASIC is
responsible for jailing 21 people for an average term of 3.7 years for corporate crime. So far this
year, the most popular sentence has been for a period of between one and two years, with eight
people being jailed for this period. This is followed by sentences of four to eight years which
seven people have been awarded. No one this year has been sentenced to more than 10 years
imprisonment. Despite this, ASIC’s high profile litigations have been sent the message to the
Australian corporate world: White collar crime will not and is not tolerated. Good corporate
governance could ensure that your company is not the next HIH collapse!

MANAGE CORPORATE GOVERNANCE ACTIVITIES

ASSESSMET 4
ANSWER 1

Corporate governance

Corporate governance is the mechanisms, processes and relations by which corporations are
controlled and directed. Governance structures and principles identify the distribution of rights
and responsibilities among different participants in the corporation and includes the rules and
procedures for making decisions in corporate affairs. Corporate governance includes the
processes through which corporations' objectives are set and pursued in the context of the
social, regulatory and market environment. Governance mechanisms include monitoring the
actions, policies, practices, and decisions of corporations, their agents, and affected
stakeholders. Corporate governance practices are affected by attempts to align the interests of
stakeholders. Interest in the corporate governance practices of modern corporations,
particularly in relation to accountability, increased following the high-profile collapses of a
number of large corporations during 2001–2002, most of which involved accounting fraud; and
then again after the recent financial crisis in 2008.

ANSWER 2

OBJECTIVES OF INTERNAL CONTROL SYSTEM

Propriety and Reliability

An important objective of internal controls is to ensure that all monetary transactions

conducted by the organization are in line with the company’s operational activities. Controls in
this area are focused around accounts payable and accounts receivable, ensuring that money is
not being lost, stolen or posted to erroneous accounts. Division of a cash payment and receipt-
related tasks among several employees is a good way to control these errors, as is the use of
internal auditing software.

The timeliness and reliability of information is another key concern addressed by internal
controls. Management relies on information gathered throughout an organization to make
critical decisions, so it is vital that incoming information is accurate. Internal controls of
information should provide transparency and accessibility throughout all levels of your
organization to ensure that key decision makers have access to the same primary data at the
same time.

Compliance

Compliance with government regulations can require significant investments of time and
money. Implementing internal controls to maintain compliance with applicable laws can help
you avoid costly legal consequences as well as greatly reduce the costs associated with
compliance-related activities.

Efficiency

Efficiency is very important to the achievement of competitive advantage and the maximization
of profitability. Effective internal controls can ensure that all tasks are being completed
according to standards and that all quotas are being met. Performance reviews, best-practice
operational procedures and the use of kanbans are effective internal controls of efficiency.

Safety and Security

Safety plays a large part in any system of internal controls. Rules and procedures play a vital
role in maintaining a safe atmosphere for your employees and customers. Policies such as hard
hat requirements, two-person ladder operation and “wet floor” sign usage help you and your
business avoid devastating lawsuits.

Security is very important to organizations such as banks that keep valuable assets in employee
work areas. Physical controls such as locks and logged keycard access points are highly effective
in this area. Policies such as requiring anyone entering a bank vault or handling money to be
directly supervised can also play a part in controlling security.

Considerations

There are many strategies available for creating and implementing an effective system of
internal controls. Physical controls, policies, organizational structure, division of task
components and internal auditing are all vital tools to aid you meeting your objectives. Consider
your specific objectives when deciding which types of internal control methods are the most
effective and cost efficient for your organization.

ANSWER 3

MONITORING EFFECTIVENESS OF INTERNAL CONTROL PROCEDURES

“monitoring ensures that internal control continues to operate effectively.”4 Monitoring should
evaluate (1) whether management reconsiders the design of controls when risks change, and
(2) whether controls that have been designed to reduce risks to an acceptable level continue to
operate effectively.

ANSWER 4

MONITORING EFFECTIVENESS OF INTERNAL POLICIES

Monitoring the efficiency and effectiveness of policies, rules or other methods in policy
statements or plans (policy and plan monitoring) is an important part of the resource
management planning process. It has a direct relationship to sections 32 and 35 of the Act. It is
an ongoing activity throughout the planning cycle to assess how well the plan is working. Policy
and plan effectiveness monitoring helps determine the need for further action, and possible
changes and improvements in policy statements and plans, or in actions taken to implement
them.

The Resource Management Act (RMA) requires local authorities to monitor the efficiency and
effectiveness of policies, rules, or other methods in its policy statements or plans; to take
appropriate action when monitoring indicates that this is necessary and to prepare a report at
least every five years on the results of section 35(2)(b) monitoring.

Monitoring closes the loop in the 'plan - do - monitor - review' cycle and informs decision-
makers of the consequences of actions and changes in the environment. Policy and plan
effectiveness monitoring provides a means for determining how well plans are working in
practice. It both builds on and provides information for state of the environment monitoring
and can be assisted by monitoring resource consents, compliance and complaints. It is
important to have an integrated approach.

ANSWER 5

TYPES OF EMPLOYEE RECORDS TO MONITOR EMPLOYEE PERFORMANCE

Whilst not all employee records are legally required to be kept, it may be best practice to keep
employee records such as;

Employee resume and job application details

Employee workplace performance records

Employee trade certificate or registration certificates

ANSWER 6

KEY ACCOUNTING PRINCIPLES THAT AN ORGANISATION MUST MAINTAIN TO MEET

LEGISLATIVE REQUIREMNENTS

Legal requirements

You must consider your legal requirements when starting your business. If you do not follow
legislative requirements and regulations, your business can face serious penalties. A range of
legal requirements may affect your business.

Business structure

You must keep all registrations for your business structure up to date. For example,
your business name must be renewed when due and you must lodge annual returns if you
operate a company.

The Corporations Act 2001 (Cwlth) details requirements relating to companies and financial

products and services.

Taxation requirements of businesses include GST and PAYG.

If you go into a partnership, your solicitor should draw up a written contract before you begin
trading or make any financial commitments.

ANSWER 7

Managers hold positions of authority that make them accountable for the ethical conduct of
those who report to them. They fulfill this responsibility by making sure employees are aware of
the organization’s ethical code and have the opportunity to ask questions to clarify their
understanding. Managers also monitor the behavior of employees in accordance with the
organization’s expectations of appropriate behavior. They have a duty to respond quickly and
appropriately to minimize the impact of suspected ethical violations. Lastly, managers make
themselves available as a resource to counsel and assist employees who face ethical dilemmas
or who suspect an ethical breach.
Of course, managers are responsible for upholding ethical standards in their own actions and
decisions. In addition to following the organization’s ethical code, managers may be obligated to
follow a separate professional code of ethics, depending on their role, responsibilities, and
training. Fiduciary duty is an example that applies to some managerial roles. A fiduciary must
put the interests of those to whom he is accountable ahead of any interests, and must not profit
from his position as a fiduciary unless the principal consents.

Many managers have responsibility for interacting with external stakeholders such as
customers, suppliers, government officials, or community representatives. In those encounters,
managers may be called on to explain a decision or a planned action in terms of ethical
considerations. The stakeholders will be interested to hear how the organization took ethics
into account, and in those cases it is the manager’s duty to speak on the company’s behalf.

Additionally, managers may be responsible for creating and/or implementing changes to an

organization’s ethical codes or guidelines. These changes may be in response to an internal
determination based on the experience of employees; for instance, additional clarification may
be needed about what constitutes nepotism or unfair bias in hiring. Alternatively, new
regulations, altered public perceptions and concerns, or other external factors may require the
organization to make adjustments.