Professional Documents
Culture Documents
Code of
Corporate
Governance
2018
Highlights and Implications
KPMG recognises that good corporate It is our hope in KPMG Nigeria that companies
governance is a key driver in the establishment in various sectors of the Nigerian economy,
of sustainable enterprise. Alignment with n i lica i n l i c a
leading corporate governance practices will governance journey.
guide companies in establishing a framework
of processes and attitudes that increases
their value, builds their reputation and ensures
their long term prosperity.
1 2 3
Introduction Highlights of the Code Conclusion
There are 28 principles, each with practices recommended for their implementation
Expected Outcomes
Enhance Business Rebuild Public Trust Facilitate Trade and Drive Business
Integrity and Confidence Investment Sustainability
— The implementation of the code is — The FRC will monitor the Code
based on the “Apply and Explain” through the sectoral regulators and
principle. registered exchanges who are
empowered to impose sanctions on
noted deviations.
— This assumes application of all
principles and requires entities to
explain how the principles have been — Additionally, the FRC may conduct
applied to suit their unique reviews on the implementation of
organisation context while still the Code where deviations from
achieving the intended outcome of the Code recur.
the principles.
THE CHAIRMAN
OF THE BOARD
THE INDEPENDENT
DIRECTOR
Section 8 highlights the key role that the performance appraisal results and
company secretary plays in supporting the should be approved collectively by the
effectiveness of the board and mandates board.
that he/she provides independent guidance • Realise that where the position of the
and support to the board. In line with this, company secretariat is merged with
the Code mandates that the board should other functional responsibilities (e.g.
properly empower the company secretary legal function, corporate services,
as well as approve his/her performance etc.), the company secretary would
evaluation, appointment and removal. have a dual functional reporting line.
Specifically the company secretary
would report directly to the board
Implications on all company secretariat activities
In order to empower and strengthen the and functionally to the management
independence of the company secretariat team on his/her other duties and
function, companies will need to: administrative responsibilities.
Obtain the approval of the board on the • Ensure that the company secretary is
appointment and removal of the company not a member of the board to guarantee
secretariat. Furthermore, the performance the continuous provision of objective and
appraisal of the company secretariat independent guidance to the board.
should be approved by the board. Board Ensure that the company secretary has
feedback/input should form a significant unfettered access to the board.
portion of the company secretariat
BOARD COMMITTEE
STRUCTURE
The Code recommends the establishment of review is particularly important for boards of
committees responsible for nomination and an an nancial in i i n a
governance, remuneration, risk management CBN Code permits the inclusion of EDs as
and audit. However, companies are availed the members of the nomination and governance
i ili c inin n i ili i committee (where these committees are not
in board committees taking into consideration combined with the remuneration committee).
the size, needs and activities of the company. Boards will also need to revisit their existing
The Code also recommends that the board a c ii n c an a a
committees responsible for nomination, number of INEDs required to form committees
governance, remuneration and audit comprise a ll a i c i ci n ci nc
of only NEDS (majority of whom should be particularly in the areas of risk management,
INEDs where possible). Committee chairs nanc an nanc i ci
are also expected to present a written oversight. Periodic training courses can be
report of their deliberations to the full board scheduled for the directors to enhance their
at its quarterly meetings. skills.
Lastly, company secretaries would need
Implications to document a written report summarising
Boards will have to review the existing key deliberations of committee meetings,
composition of the committees responsible which would be presented by the committee
for nomination, governance and remuneration chairpersons to the full board.
(where they exist) to ensure that the
membership comprises of only NEDs. This
The Code stipulates that the board Key considerations should include:
constitutes a committee which will
• Policies, Standards, and
be responsible for providing oversight
Strategy: Governance structures
for risk management related matters
in place to support the
within the organization. Amongst
implementation of IT governance
other duties, this committee
practices within the organisation.
will be responsible for reviewing
• Data Quality: Measures in
the company’s IT governance
place to ensure that data is
framework on an annual basis.
available, usable and accurate for
The reviewed framework is to be
management decision making.
approved by the board.
• Privacy/Compliance/Security:
Data privacy, access control,
Implications
information security controls,
IT governance issues will begin to while ensuring compliance with
take front burner in organisations. key regulatory, contractual, or
An annual IT governance internal requirement for data.
assessment will need to be • Architecture/Integration: Data
performed to ascertain that the right a a l c l
policies, processes and controls are system integrations at various
in place to ascertain that the overall levels of the IT architectural
management of enterprise data – stack.
including its availability, integrity,
c n n iali an all c i
TENURE
REMUNERATION -
Policy
The Code advocates for the implementation not specify any look-back period, companies
of a claw back policy to recover excess or l a li n i an
undeserved reward, such as bonuses, etc. recovery will be pursued based on their own
from directors and senior employees. unique circumstances.
It also excludes EDs from earning sitting Companies may need to review the
allowances at board and committee remuneration structure of their directors
meetings (including subsidiaries) and NEDs to ensure compliance with the Code with
from earning performance-based pay to respect to payment of sitting allowances or
minimize bias in their decision making. directors fees and performance-based pay to
EDS and NEDs, respectively. Companies that
Implications are currently doing this will need to discontinue
The introduction of claw back policy should the practice immediately.
help in reducing excessive risk taking on the
part of the management. Since the Code does
External audit firms may be retained for the number of years it has audited the
no longer than ten years continuously and company
may not be considered for reappointment the number of years the audit partner has
until after a seven year period after been involved on the audit.
disengagement. the number of years after its
disengagement from its previous audit
Where an external auditor’s tenure has client
already exceeded ten years, such auditor
should cease to hold office as an auditor of For Companies
the company at the next Annual General Relevant checks would also need to be
Meeting from the commencement of the implemented by companies to ensure
Code. a nal a i an a i a n
rotation is monitored by the audit
In order to preserve independence, committee and board of directors of the
there should be a rotation of the audit company
engagement partner every five years. To initiate the process to replace an
existing auditor where the ten (10) year
Implications tenure has already been exceeded.
For external audit firms
In order to ensure seamless implementation
i i n nal a i l
have to invest in their system and processes to
ensure proper monitoring of:
The Code requires the board to oversee and Additionally, companies would need to
approve the establishment of a framework that proactively identify, assess and manage
n a n in c an their changing risk profile, to minimise
risk policy, risk appetite and risk limits and operational losses. A robust risk assessment
review periodically relevant reports to ensure enables management collectively identify
the ongoing effectiveness of this framework. potential events, assess their likelihood
The board is also expected to undertake at and the extent to which they may impact
least annually, a thorough risk assessment the achievement of company objectives.
covering all aspects of the company’s Considering the varying nature of organisational
business. risks and their drivers, risk assessments should
be performed at least annually and appropriate
Implications strategies put in place in place to manage risks.
Boards would need to define their risk
appetite – the amount of risk they are willing To serve as a focal point for risk management
to accept in the pursuit of value – and derive issues, companies should consider appointing
relevant risk limits and metrics that would a i i c a i l
be used to measure and monitor risks. be positioned appropriately within the company
Properly determining a risk appetite and and possess the requisite authority. He/she
clearly documenting parameters for managing would also report to the committee responsible
risk will help boards to better manage their for risk management.
performance by bringing discipline to major
strategic decisions. Management of companies
ill al ci n a ill
appropriately guided in their operations.
INTERNAL
AUDIT
The Code requires the board to oversee and independent assurance on the management
approve the establishment of a framework that of risks and the effectiveness of the controls
n a n in c an i n ii a i ni i
risk policy, risk appetite and risk limits and achieve this, the Function would need to be
review periodically relevant reports to ensure headed by a competent and experienced
the ongoing effectiveness of this framework. senior management person who will report
The board is also expected to undertake at functionally to the audit committee and
least annually, a thorough risk assessment administratively to the MD/CEO. Companies
covering all aspects of the company’s may also choose to outsource the function to
business. ac n c i n i l
a i l n c
Implications internal audit and ensure that appropriate
The Code advocates for a proactive tools are employed in the implementation of
internal audit function that adopts a the auditing process and that the function is
risk-based audit process as opposed to adequately resourced and funded.
a compliance approach, limited to the
evaluation of adherence to procedures. In addition, the committee should ensure that
This enables internal audit to provide the internal audit function is independently
assessed at least once every three years.
The Code encourages the board as part of its • Ensuring the development of a
responsibilities to ensure that the company regulatory rule book i.e. a compendium
is in compliance with the laws of the Federal of all applicable rules and regulations
Republic of Nigeria and other applicable the organisation is exposed to
regulations. It further requires external Establishing a compliance function,
auditors to report to the regulator any board and management committees, or
observed instance where companies or designating existing structures that would
anyone associated with the companies be responsible for monitoring regulatory
commit an indictable offence under any law compliance
whether or not such matter is or will be Establishing processes and systems for
included in the Management Letter issued assessing, monitoring, managing and
to the committee responsible for audit and/ reporting regulatory compliance
or the board. Establishing whistle-blower mechanisms
that provide a platform for stakeholders to
Implications anonymously report instances of regulatory
Companies would need to put in place noncompliance
structures and processes required to Implementing a framework for effective
strengthen and promote a culture of regulatory internal audits & investigations that
compliance. Some of the immediate actions ensures accountability through
that could be implemented include; c n nc ana n
Reviewing the effectiveness of the current
process to identify gaps in compliance with
laws, regulations and good business ethics
WHISTLEBLOWING
The Code requires the board to establish the whistleblowers and, confidentiality
and periodically review an effective of the whistleblowing reports and the
whistleblowing framework for stakeholders resulting investigations. Consequently,
who wish to report any illegal or unethical organisations will need to conduct a current
behaviour, as well as ensure that there is state assessment of their whistleblowing
no retaliation against the whistleblower program and accordingly, update existing
for making reports. Such whistleblowers i l l in lici c
who suffer retaliation may be entitled to the Code. Organisations will also be required
compensation and/or reinstatement as n i a n c l c
appropriate. Furthermore, the Audit Committee that investigation reports are received by the
is required to present issues reported through appropriate board committees.
whistleblowing channels to the board.
In line with leading practice and the
Implications requirements to ensure anonymity and
Boards are required to establish a c n n iali a l c n i
whistleblowing program and design outsourcing their whistleblowing channels to a
policy which should address all the c n i nal ic
ci c i n The
whistleblowing program should be
reliable, accessible, provide anonymity for
DISCLOSURES
kpmg.com/socialmedia
entity. All rights reserved. | The KPMG name and logo are registered trademarks or trademarks of KPMG International.