On the Road to Good Corporate Governance

Submitted by: Carl Burch, CMA, CIA

Finance and Accounting Lecturer
Moscow, Russia
Cburch@global.t-bird.edu

Introduction
We have already touched upon the topics of internal control and risk management. We
discussed how important these items are to the achievement of organizational objectives.
Ultimately, successful companies are those companies that achieve their objectives. Now,
we want to turn our attention to governance, particularly something called corporate
governance.
The past decade has seen the topic of corporate governance become increasingly important
for all stakeholders (i.e., shareholders, management, board of directors, employees,
suppliers, customers, banks, etc.). This has become particularly true since the dramatic
collapse of a number of large US and international firms such as Enron, WorldCom,
Parmalet, and others. Taking just Enron, more than $60 billion of shareholder wealth was
erased from the books. Thus, we can see that this topic is not only important for company
shareholders, but for the general health of a country’s economy as well.

What is corporate governance?

There are many definitions of corporate governance, but it is most generally thought of as
“the system by which businesses are directed and controlled.” Businesses are directed
and controlled through the involvement of its executive management, board, shareholders
and other stakeholders. Corporate governance also provides a structure through which
objectives are set, and the means of achieving the objectives can be determined.

Good governance is characterized by companies that:

1) Comply with society’s legal and regulatory rules,
2) Satisfy the generally accepted norms, ethical precepts, and social expectations of
society,
3) Provide overall benefit to society and enhances its interest of the specific
stakeholders in both the long term and short term, and
4) Report fully and truthfully to its owners, regulators, other stakeholders, and
general public to ensure accountability for its decisions, actions, conduct, and
performance.

Legislating Governance
There have been times when the private sector failed to safeguard against corporate abuse
such as what happened at Enron, WorldCom and others. When this happens it then
becomes necessary for governments to step in and establish legislation that protects the
public sector from such wanton abuse.
In response to the crash of 1929 the Securities Act was established. The Foreign Corrupt
Practices Act was in response to the illegal payoff of foreign government officials. Now, the
most recent example of legislating corporate conduct is the Sarbanes-Oxley Act of 2002
(SOX).

1
It was the failings of Enron, WorldCom and others that directly led to the passing of SOX.
The main aim of SOX was to restore public confidence in company financial statements. To
further strengthen financial reporting, SOX legislation reduced the conflict of interest in
auditing that arose in the consulting activities of the auditing firms. It has been argued that
the main reason why Arthur Anderson failed to seriously monitor Enron’s accounts was
because it was afraid to lose it as a consulting client. Thus, SOX legislation went after these
basic conflicts by:
1) Strictly limiting the consulting activities that the auditing firm can perform,
2) Making the audit committee responsible for selecting the audit firm, not the CFO,
3) Giving the Public Company Accounting Oversight Board (PCAOB), which was
established by SOX, the authority to oversee the audits done by the public
accounting firms, and
4) Requiring greater disclosure of off-balance sheet transactions to reduce the risk of
accounting manipulation. This particularly related to transactions called Special
Purpose Entities (SPE). It was the use of these SPE transactions that finally
brought down Enron.

What role should the Internal Audit Activity play in Corporate

Governance?
The internal audit activity (IAA) has often been described as the “window into the whole
company” and thus serves as the “eyes and ears” of management, audit committee and
external auditors. Thus, the IAA is in a unique position of being able to take a lead role in
governance.
Although SOX does not specifically address the role the IAA can play in the governance
process, the expanded requirements of the audit committee, management and external
auditors suggest an expanded role for internal auditors as well. For example, Section 302 of
SOX requires that management certify the effectiveness of disclosure controls and
procedures with respect to the quarterly and annual reports. Section 404, requires
management to document, evaluate, and report on the effectiveness on internal control
over financial reporting. It also requires the external auditor to evaluate and give an opinion
on management’s assessment of internal control. These new requirements give the IAA an
opportunity and expanded role in meeting these new regulatory requirements. For example,
the internal auditor can expect to keep the audit committee up to date on the organization’s
efforts to company with Sections 302 and 404.

The IIA’s International Standards for the Professional Practice of Internal Auditing weighs in
on internal auditing corporate governance role in Standard 2110. The Standard states, “the
IAA must assess and make recommendations for improving the governance process in its
accomplishment of the following objectives:
1) Promoting appropriate ethics and value within the organization,
2) Ensuring effective organizational performance management and accountability,
3) Effectively communicating risk and control information within the organization, and
4) Effectively coordinating the activities of and communicating information among the
board, external and management.”

Standard 2130 further calls on the IAA to “evaluate the design, implementation, and
effectiveness of the organization’s ethics related objectives, programs, and activities.”
Standard 2130 C1 clarifies the auditor’s consulting role by saying that consulting objectives
should be consistent with the overall values and goals.

2
Foundation of strong Corporate Governance
It’s recognized that the general public, as a whole, is best served when organizations make
a concerted effort to improve governance. This includes all organizations, whether they are
public, private, non-profit, or governmental.

It’s been recognized that there are 10 basic principles for the development of sound
corporate governance. The following principles were issued in the IIA’s “Tone at the Top”
June 2002 publication. These principles are:
1) Interaction - Sound governance requires effective interaction among the board,
management, the external auditor, and the internal auditor.
2) Board Purpose - The board of directors should understand that its purpose is to
protect the interests of the corporation's stockholders, while considering the
interests of other stakeholders (e.g., creditors, employees, etc.).
3) Board Responsibilities - The board's major areas of responsibility should be
monitoring the CEO, overseeing the corporation's strategy, and monitoring risks
and the corporation's control system. Directors should employ healthy skepticism
in meeting these responsibilities.
4) Independence - The major stock exchanges should define an "independent"
director as one who has no professional or personal ties (either current or former)
to the corporation or its management other than service as a director. The vast
majority of the directors should be independent in both fact and appearance so as
to promote arms-length oversight.
5) Expertise - The directors should possess relevant industry, company, functional
area, and governance expertise. The directors should reflect a mix of backgrounds
and perspectives. All directors should receive detailed orientation and continuing
education to assure they achieve and maintain the necessary level of expertise.
6) Meetings and Information - The board should meet frequently for extended
periods of time and should have access to the information and personnel it needs
to perform its duties.
7) Leadership - The roles of Board Chair and CEO should be separate.
8) Disclosure - Proxy statements and other board communications should reflect
board activities and transactions (e.g., insider trades) in a transparent and timely
manner.
9) Committees - The nominating, compensation, and audit committees of the board
should be composed only of independent directors.
10) Internal Audit - All public companies should maintain an effective, full-time
internal audit function that reports directly to the audit committee.

Ultimately, corporate governance is strengthened when there is synergy among its four
cornerstones: the board of directors, executive management, external auditors, and internal
auditors. To make sure that there is consistent and effective governance processes, all four
of these groups should be in place and working cohesively. These principles should provide
an excellent format from which to develop effective governance.
In addition to following these basic principles, companies have to make sure that
inappropriate and unethical behavior is not tolerated. It’s been shown that successful
companies are those who are able to foster a culture of integrity, which is dependent on the
tone at the top. In other words, the tone at the top is put in place by the board, top
management, and the audit committee.