P1 BY DR.

PARMINDAR SINGH
These slides are meant for students taking the
P1 subject for ACCA.
These slides are not meant for the purpose of
selling, editing and anything else whatsoever
without the permission of Dr. Parmindar Singh.
The author also does not allow these slides to be
used by other lecturers, students and any other
agents for the purpose of lecturing, tutoring and
any other forms of delivery without the authors
consent.

Governance, Risk and Ethics

PAPER P1
SYLLABUS OUTLINE
LESSON TOPIC (OVERVIEW)
1 Corporate governance an introduction
2 Stakeholders
3 Agency model and transaction costs
4 Ethics and morality
5 Corporate social responsibility
6 Environmental accountability
7 Profession and public interests
8 Rule-based and principle-based approach
9 Principle-based approach overall
10 Combined code on corporate governance
11 Sarbanes-Oxley Act 2002
12 Board size, structure and culture
13 Risks and risk management
14 Internal controls
15 Internal audit
Focused areas for P1
June 2014

Dear students,

These focused areas are, as the name implies just to highlight important areas for consideration in
the June 2014exams.

However, it is the responsibility of the student to cover all areas of the P1 syllabus to ensure that
they are thoroughly prepared.


1. Stakeholder distinguish stakeholders; justifying the type of stakeholders
and stakeholder engagement.

2. Ethics Kohlberg, relativism and absolutism, code of ethics, ethical stances,
threats (FIASS), encouraging ethical behavior, general ethics question.

3. CSR Gray, Owen and Adams (especially social ecologist, socialist and
radical feminist and others), importance of CSR, social and environmental audit
pressures (TBL).

4. Environment environmental and social footprint, environmental
accountability, environmental audits
5. Profession and public interest public interest, accounting as a value-laden
profession.

6. Governance public-listed governance rules-based and principles-based;
non public-listed governance family-based corporate governance; Governance
(Combined) Code (read all and more focus on risk committee, remuneration
committee, roles of chairman, shareholders AGM, EGM, proxies); principles of
good governance (FIT-PRAR-JI). Also focus on the term business model and
characteristics of good annual reports; 2-tier boards; institutional investor
intervention

7. Risks types of risks, differentiation one risk from another, risk auditing, risk
correlation, risk management, risk expressions and terms (ALARP,
subjective/objective risks)

8. Internal controls internal control purposes/objecitves/aims/characteristics,
internal control challenges/measures, internal control failings (based on scenario),
reasons why internal control cannot provide absolute assurance.

9. Internal audit threats (FIASS), factors to consider, internal audit scope/remit,
internal auditor (recruit or promote from within).
NOTES ON PROFESSIONAL MARK
REQUIREMENTS FOR P1
1. Letter
Should have senders address details (company name, address line 1, address
line 2)
Date
Letter should commence with Dear XXXX
Write letter in first person, such as I, we, your board, our company etc.
Conclude letter with suitable sentence, thanking the reader for their interests and
time
Use Yours faithfully where the addressee is anonymous, such as shareholders
or use Yours sincerely if the addressee is named.
2. Presentation
Write your answers in first person
When writing notes for presentation write in short sentences, focus on key
points.
3. Briefing notes/management reporting
Should be written in third person, the company, XYZ Ltd, the board
Well structured focused on key points.
4. Press statement
Clear short paragraphs
Written in third person
Opening paragraph delivering the key message with background information
The rest of paragraphs will give more elaboration
5. Memo
Will have heading called Memorandum
Followed by: To:, From:, Date:, Subject:
Style of writing will be precise and factual
Written in first person (identifying author as I)
6. Report
Just like memo, but have a heading called Report
Should have an introduction
Finish with summary or conclusion
Use of sub-headings desirable



7. Statement
Have a heading, for example, Chairmans statement at AGM
Have an introduction
Use first person
Write a style that could be read out
Make sure flow is logical

Source: Condon, S. (2009), Professional marks, Student Accountant, June, pp. 86-89.

8. Speech
Have an introduction
Use first person
Write a style that could be read out
Make sure flow is logical
Have a proper ending
Analysis of past year questions

Topic Pilot
paper
Supplement
pilot paper
Dec
07
Jun
08
Dec
08
Jun
09
Dec 09 Jun
10
Dec 10 Jun
11
Dec 11 June
12
Dec 12 June 13
Corporate governance 1(a) 4(a) 2(a)
Stakeholders 4(a) 1(a)
(i),
(ii)
1(d) 1(a) 1(d, i) 4(b, c)
Agency model &
transaction costs
2(b) 3(a) 2(c),
4(c)
3(a) 1(c) 1(c) 1(d,
ii)
3(b)
Ethics & morality 3(a),
3(c)
1(a), 1(b), 1(d),
2(d)
1(b) 1(d)
(iii),
2(a),
2(b)
(ii),
2(c)
1(a),
1(c)
(ii),
4(a),
(c)
1(a)
(i),
(ii),
(iii);
2(b)
1(a),
3(b, c)
2(c),
4(c)
1(b) 1(b),
4(a, b,
c)
1(a);
4(c)
1(b),
3(b)
1(c),
4(a)
1(d,ii)
CSR 4(b) 1(c)
(i)
2(c) 4(c) d(ii) 4(a, b,
c)

Environmental
accountability
1(e) 1(d)
(i),
(ii)
1(d,
ii)
2(a, b) 1(b) 1(a) 1(b)
Profession & public
interests
2(b)
(i)
2(a) 3(a) 4(b) 3(a)
Accounting & financial
scandals

Rule & principle-based 3(d) 3(c) 4(a)
(i),
(ii)
3(a) 2(a) 2(b)
Principle-based 3(b) 1(a),
3(c)
3(b) 2(c) 1(d)
(i),
2(a)
2(b),
2(c)

Combined code 1(a),
1(d)
2(a),
2(b)
1(c),
2(c),
3(a),
3(b)
3(b),
3(c)
3(c),
3(d)
1(c),
2(c)
2(a, b) 1(a),
1(c) (i),
3(a,b,c)
d(i),
3(c)
2(b);
3(a, c)
2(a, b,
c),
3(c)
2(c),
2(a)
2(b, i,
ii), 4(a,
b, c)
SOA 2002 3(c) 4(b)
Board size, structure &
culture
1(a),
1(c)
2(b) 4(c)
Risks 1(b),
4(b)
2(a),
2(b)
1(b),
(c)
1(b),
3(c)
4(b),
4(c),
4(d)
1 (d, ii),
3 (a, b,
c)
1(d, i) 2(c),
4(a,b,c)
2(a, b,
c, d)
1(c) (ii,
iii, iv);
3(b)
1(a) 1(b),
1(d, i)
1(a),
3(a,c)
Internal controls 4(a) 1(d) 1(e) 3(a)
(i),
3(b)
1(b),
1(e)
1(b),
1(d, i)
3(b) 1(c)(ii,
iii)
1(a) 1(c) (i) 1(c) 1(d, ii),
3(a),
3(b),
3(c)
1(c),
2(c)



Internal audit


2(a), 2(b), 2(c),
2(d), 3(c)


3(a)
(ii),
3(b)



3(c)
2(a)
Consolidation of
knowledge
2(c),
4(c)
1(c), 1(d) 1(a),
2(c),
4(c)
4(c) 1 (d)
(i, ii),
4(b)
3(a),
3(b)
1(b),
4(a)

Topic Dec 2013
Corporate governance 1(c)

Stakeholders
Agency model & transaction costs 2(b)
Ethics & morality 3(c), 4(c)
CSR 3(c)
Environmental accountability 1(a, I, ii)
Profession & public interests
Accounting & financial scandals
Rule & principle-based 2(a)
Combined code/Governance Code (including Smith
and Higgs report)
1(c), 3(a, b), 4(a, i, ii)
OECD & ICGN
SOA 2002 2(b, c)
Board size, structure & culture
Risks 1(b), 4(b)
Internal controls 1(d, i)


Internal audit
1(d, ii)
Consolidation of knowledge
P1 key words

1. Critically evaluate generally, the answer would want the pros (in
support/benefits) and cons (problems/disadvantages).

2. Assess Mr. Xs understanding of his role as XXX explain whats wrong with his
understanding.

3. Construct the case for - in support of the argument.

4. Define give meaning.

5. Explain elaborate more and should be longer than simply defining.

6. Criticise to find issues in opposition to the points raised.
7. Assess whether there is any element of truth or otherwise.

8. Distinguish between X and Y differentiate between X and Y.

9. Discuss similar to explain and you can give your point of view (in support or to
oppose).

10. Explore find out more about a particular issue.

11. Advise telling what ought to be done in a polite manner.

12. Identify find out from the scenario about something (stakeholders, issues etc.).
Issues Key words
Reward/remuneration ARM = attract, reward, motivate
Information ACT = accurate, complete, timely
NED KSA = knowledge, skills, abilities
Annual report FBU = fair, balanced, understandable
Annual report Contains information about performance,
business model and strategy
Induction FFT = full, formal and tailored
NED induction BPS = business, people, stakeholders
CORPORATE GOVERNANCE

The Cadbury Committee defined corporate
governance as the system by which companies
are directed and controlled

Corporate governance is the relationship among
various participants in determining the
direction and performance of corporations
(Monks & Minow, 2002, p. 1). The primary
participants are (1) the shareholders, (2) the
management (led by the CEO) and (3) the BODs.

. Owners/principals/shareholders


Shareholders





Government Non-government



SOE GLC Individuals families Institutions

: public-listed firms
: private companies
: NGO charitable firms, religious
bodies, foundations, SIG
: pension funds, mutual funds,
hedge
funds, private equity funds
INSTITUTIONAL SHAREHOLDERS
Dedicated
Transient
CORPORATE GOVERNANCE PERSPECTIVES
Shareholder model/agency model is of the view that there is good
corporate governance when agents (management/CEO, board) take
action to maximize shareholders wealth. Hence agents fiduciary duty lies
only to shareholders; however, this model also recognizes that agents may
tend to pursue their own interests (i.e. act opportunistically) at the expense
of shareholders and therefore, there must be proper mechanisms in place
(monitoring, bonding) to ensure that agents do not act opportunistically
and consequently pursuing shareholders interests.


Stakeholder model is of the view that there is good corporate
governance when agents take care of the interests of the organizations
stakeholders. These stakeholders may be shareholders and employees or
the diverse range of stakeholders of an organization such as customers,
suppliers, community and others. All stakeholders have an inherent worth
and none should be exploited for the benefit of some. Therefore, agents
must attempt to treat each stakeholder fairly. Hence agents fiduciary lies
to all stakeholders communitarian position.
Stewardship model is of the view that good corporate governance occurs
when agents view themselves as stewards/guardians of the corporations
and diligently work to attain high levels of corporate profits and
shareholders returns. Stewards or agents will not shirk their
responsibilities. Being stewards of the organization, agents will never
pursue their own self-interests, and therefore there is no monitoring of
agents/management.


Enlightened shareholder value a corporate governance approach where
an agent takes the interests of its diverse stakeholders only in so far as to
promote and advance the long-term value of shareholders.
Political model a corporate governance approach where government
(being the sole- or major shareholder) decides how rewards, resources,
power, privileges, among others are allocated. Government will also
decide on appointments to be made as well as strategies to be pursued.
Government will also use the firm to pursue its own agenda.


Cultural model is of the view that good corporate governance occurs
when a healthy, dynamic and adaptive culture of the organization moulds,
shapes and gels the running of an organization so that it is well directed
and controlled.
CORPORATE GOVERNANCE
Monistic
Dualistic
Pluralistic
NEDs
Shareholder activism
Small board size
External auditors and
internal auditors
Rating agencies
Laws and regulations
Internal controls
Risk management
Mission, ethics,
culture, strategy

BENEFITS OF GOOD CORPORATE GOVERNANCE
Attracts greater investments into firms, both foreign and domestic
(McKinsey & Co.) with good corporate governance, many investors,
both foreign and domestic will be attracted to the firm. As such, the firm
will be highly sought after and consequently, its share price will be in
great demand. Hence its share price may move northwards.

Reduces cost of capital

Attracts patient capital

Reduce risk

Stimulates performance and improves share price

Enhance marketability of products and services by creating confidence
among stakeholders

Improve leadership standing

Demonstrates transparency and accountability

STAKEHOLDERS
Definition
Types classification


DEFINITION

Stakeholders are those whom the firms operations
has benefited or burdened (Steiner & Steiner).

Stakeholders can also be defined as the individuals
or groups who can affect, and are affected by, the
strategic outcomes achieved and who have
enforceable claims on a firms performance
(Freeman).


CLASSIFICATION OF STAKEHOLDERS
Narrow and wide stakeholders (Evans and
Freeman) narrow stakeholders are those that are
most affected by the organizations policies.
Examples include shareholders, employees,
customers, suppliers. Wide stakeholders are those
that are less affected and may include government,
indirect customers, the wider community and other
peripheral groups
Active and passive stakeholders (Mahoney)
active stakeholders are those who seek to
participate in the organizations activities.
Examples are management and employees.
Passive stakeholders include shareholders,
government and local communities.

Internal (internal actors employees and
their representatives, board of directors, sub-
board management, company secretary) and
external stakeholders (shareholders, stock
exchanges, auditors and governments and
regulators).

Voluntary and involuntary stakeholders
voluntary stakeholders will include
employees, customers, suppliers and
shareholders. Involuntary stakeholders will
include local communities, natural
environment, future generations and most
competitors

Legitimate and illegitimate stakeholders
legitimate stakeholders are those that an
organization recognizes as having a valid
claim on an organizations operations and
acknowledges its existence and vice-versa for
illegitimate stakeholders
Recognized and unrecognized stakeholders -
recognized stakeholders are those that an
organization views as a legitimate stakeholder
and acknowledges its existence and vice-versa for
unrecognized stakeholders.

Known-about and unknown stakeholders

Mendelow power-interest matrix
Level of interest (in organizational strategies)

Low High

Low



Power





High



A. B.
Minimal effort Keep informed
(e.g.
community)




C. D.
Keep satisfied Key players
(e.g. institutional
investors)


Low High
Mendelows power-interest matrix
STAKEHOLDERS
Identify all stakeholders non should be omitted
Classify stakeholders accurately
Undertake proper stakeholder relationship
management



A proper stakeholder relationship management
will give an organization competitive advantage
Hillman and Keim
Stakeholder relationship management




Stakeholder engagement





Shareholders Employees Community Customers


AGMs, Meetings, Town-hall meetings, CRM
Meetings PA, rewards open day,
Annual dinner, CSR programs
Family day,


QUESTIONS

Required:

(a) Distinguish between voluntary and involuntary stakeholders,
identifying both types of stakeholders in Hesket Nuclear. Assess the
claims of THREE of the involuntary affected stakeholders identified.
(12 marks)
Answer:

- Define voluntary stakeholders
- Give examples
- Define involuntary stakeholders
- Give examples
- Assess claims of THREE of the involuntary
affected stakeholders

(d) Distinguish between narrow and wide stakeholders and
identify three narrow stakeholders in Global-bank (based
on Evan & Freemans definition) from information in the
case. Assess the potential impact of the events described on
each narrow stakeholder identified. (10 marks)
Answer:

- Define narrow stakeholders
- Define wide stakeholders
- Identify three narrow stakeholders
- Assess impact on the narrow stakeholders
identified
AGENCY THEORY
Agency theory
Agency costs
Fiduciary duty
Increasing fiduciary duty of board
1932 Berle and Means (US)




Owner Controller




Jensen and Meckling (1976)




Fiduciary duty
Principal Agent (CEO)
(ROAD)






Appoint, place some degree of trust and confidence, provide resources




Principal conflict
Opportunistically


to address
Agency costs Agency conflict










Increases agent opportunism

Agency costs


increase



Adverse selection






Management style poor Low PET

Compounded by


Information asymmetry BOD ineffective poor internal controls external and
Risk management internal
auditor
not I&O





AGENCY COSTS
Jensen and Meckling defines agency costs as the sum of:

Monitoring management (the agent),

Bonding the agent to the principal (economic bonding) and,

Sum of all the previous residual losses.

Information asymmetry

Ineffective Board of directors

Management style poor high turnover of staff

Poor internal controls and risk management

External and internal auditors not I&O
Agency costs can therefore increased due to:












REDUCING AGENCY COSTS
Remuneration - performance-based incentive plans performance shares,
performance bonuses and other remuneration (incentives must be aligned
to shareholders long-term interests).

Direct intervention by shareholders (especially institutional investors)

The threat of firing (reduced by golden handshake/severance pay and
empire building)

The threat of takeover (sometimes agents resist this takeover through
greenmail and poison pill) (or use of white knight or white squire)

An effective board of directors chairman, nomination committee, audit
committee, risk management committee and other committees, INEDs

Triple-bottom line reporting

Internal audit risk management, internal controls and governance

External audit

Empire building (managerial self-interest)
Pursing unprofitable acquisitions
Managerial entrenchment
Harder to be laid-off
Remuneration increases
-Greenmail approaching shareholders of acquiring
firm to buy back shares at a premium

-Poison pill (i) share rights option, (ii) borrowing on
terms that require immediate repayment of all loans if
the firm/target is acquired, (iii) selling-off at bargain
prices the assets that originally made the firm a
desirable target

-White knight friendly acquirer

-White squire friendly investor
INCREASING FIDUCIARY DUTY
Political-economic argument
Profits
Legitimate theory
Competitive advantage

QUESTIONS
(c) Explain what an agency relationship is and examine
the board of HPCs current agency relationship and
objectives. Briefly explain how these would differ if HPC
was a company with private shareholders. (10 marks)
Answer:

- What is agency relationship
- Examine current principal and agent
- Explain current objectives
- How current principal and agent changes if
company owned by private shareholders
ETHICS

Kohlbergs moral development
Ethical relativism and absolutism
Tucker
AAA
Teleological utilitarianism
Deontological Kantian ethics
JSWs ethical stances
Code of ethics (benefits and problems)
IFAC/ACCA code of ethics principles of
professionalism
Threats to professionalism

Level Stage Description
1 1. Person acts in such a way in order to
avoid punishment or to receive rewards.
2. Person acts because it is his/her self-
interests to act in such a way.
2 3. Person acts in such a way so as to
nurture long-term relationships of
mutual support with members on ones
in-group/immediate circle or those close
to them.
4. Consists of upholding the law, order, LR,
regulations, and policies. Here the in-
group expands to include ones larger
community.


3 5. Conceives morality as compliance with
the social contract. Rules are
understood to be relative to a particular
group but are upheld in the interests of
impartiality.
6. Morality based on commitment to self-
selected universal principles for
governing social cooperation.
Kohlbergs moral development
ETHICAL RELATIVISM AND ABSOLUTISM
Ethical relativism is a theory that what is right (i.e.
ethical/moral) is determined by what a culture or
society say is right. What is right in one place may
be wrong in another more
pragmatic/flexible/practical


Ethical absolutism where there are a set of
principles that can be applied, irrespective of culture
and society. These set of principles falls under
normative theories of ethics more rigid and firm
PRAGMATIC APPROACHES
Profitable?
Legal?
Fair?
Right?
Sustainable or
environmentally
sound?

What are the facts of the case?
What are the ethical issues of
the case?
What are the norms,
principles, and values related
to the case?
What are the alternative
courses of action?
What is the best course of
action that is consistent with
the norms, principles, and
values identified in step 3?
What are the consequences of
each possible course of action?
What is the decision?

Tucker AAA
NORMATIVE THEORIES
Bentham an act is
morally right if it
promotes the greatest
net human
welfare/net happiness
in the long run.

Kants categorical imperative
can be broken down into two
postulates:
What makes an action right is
that the agent would be
willing to be so treated were
the positions of the parties
reversed (Universal
Acceptability)
Humanity as an End, never
as merely a Means i.e.
human beings has an
inherent worth and should
not be exploited
Teleological -
utilitarianism
Deontological Kantian
ethics
ETHICAL STANCES - JSW
Short- term shareholder interests is of the view that organizations
have acted ethically if it can perform her economic and legal
responsibilities, i.e. the adage, the business of business is business

Tends to adopt an agency model, i.e. to maximize shareholders
interests/wealth

Long-term shareholder interest is of the view that an organization
has acted ethically by promoting and advancing the long-term value
of shareholders by taking care of its other stakeholders (constituents)

All expenses incurred in taking care of other stakeholders are
Classified as marketing expenses/PR

Has an instrumental view on CSR; adopts an enlightened
Shareholder view on CG
Multiple stakeholder obligations is of the view that an organization has
acted ethically by taking care of all its stakeholders (dualistic or pluralistic)
and therefore must be seen to be acting fairly to all its stakeholders

Has a normative view on CSR

Adopts a stakeholder approach to CG

Shaper of society is of the view that an organization has acted ethically
if it is able to influence society with its ideals, values, beliefs, principles
and doctrines

Mainly for non-profit oriented firms: religious bodies, SIG/NGOs, charitable
organizations
ENCOURAGING ETHICAL BEHAVIOUR
Self-regulation SOP, policies, code of
ethics
Whistle-blowing
Ethics Ombudsman
Appoint senior executives to oversee
matters (IKEAs CEO)
Leadership by example
Internal controls
HRM practices
Culture

CODE OF ETHICS
Code of ethics can also be defined as a statement of principles a business
agrees to abide by voluntarily over the course of its operations
Benefits of code of ethics Problems
Clarifies company expectations of
employee conduct in various situations

Ineffective from the work of some
researchers
Makes clear that the company expects
its people to recognize the ethical
dimensions in decisions and actions
Not influential in determining a persons
ethical decision-making behavior
Enhance reputation and brand equity Inflexibility
Communication sending the right
message about good business practices
to stakeholders as well as to indicate
firm is committed to ethical behavior
Lack of clarity
Helps to create cohesive corporate
culture
Irrelevant
Can help firm avoid adversity such as
fines, sanctions and litigations self-
regulation

Globalization imperative codes may
transcend local laws and culture

Improve employee commitment
IFAC/ACCA CODE OF ETHICS/PRINCIPLES OF
PROFESSIONALISM
Professional behaviour
- Complying with laws and regulations,
listing requirements
- Complies with policies and procedures
- Kind, understanding, considerate,
courteous, helpful, empathetic, P&Qs
Objectivity
- Rational, impartial/unbias
- Independent
- Emotionally detached
- Under no undue
pressure/duress/influence
- Practices professional skepticism -
facts
Professional competence and due care
- Keeping up-to-date CPD

- Practices due diligence: analyse
meticulously, all facts covered before
making decisions
Integrity
- Strong internal moral code/principles/
high PET
- Level 3 stage 6 (Kohlberg)
- Honest, truthful
- Never compromising on principles

Confidentiality
- Values confidentiality and keep things
confidential unless needed by law

- Confidential information obtained not to
be used for ones personal advantage
nor for the advantage of any 3
rd
parties

POPIC
THREATS TO PROFESSIONALISM
Familiarity threat external auditor knowing someone in client
firm; internal auditor auditing areas where he/she familiar with
people in those areas

Intimidation threat external auditor receiving bribes etc. and
subsequently being blackmailed or intimidated; external auditor
being intimidated into completing tasks as unqualified even
though there are irregularities as demanded by FD of client firm
or by lead partner

Advocacy threat upon receiving bribes or gifts, senior
accountant advocating/promoting the giver of bribes/gifts for
certain projects/contracts

Self-review threat internal auditor review or providing
assurance on earlier work where he has provided consultancy

Self-interest threat external auditor auditing client firm where
he has some vested interests; senior accountant providing inside
tips to outsiders where benefits will be reaped by both parties


CSR GRAY, OWEN AND ADAMS
Position Description
Pristine capitalist Is of the view that organizations have acted in a socially responsible manner if
they are able to safeguard the interests of shareholders and creditors; in
short, performing their economic and legal responsibilities. (related to the
business of business is business and short-term shareholder interests
Expedients Is of the view that organizations have a limited responsibility in performing its
corporate social responsibility especially if such a behavior can help to
promote the organizations self-interests.
Proponents of the social contract Organizations believe they should behave in a way broadly in conformance with
the ethical norms in society because there is effectively a contract or
agreement between the organizations in power and those who are affected
by the exercise of this power and an organizations survival and prosperity is
dependent on it.
Social ecologist Is of the view that organizations, especially large organizations have caused much
social and environmental degradation; as such, organizations must now fully
pledge and undertake its CSR to redeem itself.
Socialists Is of the view that organizations can only perform its CSR if society as a whole is a
socialist or an egalitarian community where organizations are expected to
treat its workers and other stakeholders equally and therefore one class of
workers (the capitalists, shareholders, bourgeois) do not oppress lower-class
workers or the proletariats.
Radical feminists Is of the view that organizations can only be successful in undertaking its CSR if
the society/country has a feminine culture.
Deep ecologists Is of the view that organizations can only start to practice its CSR if it starts to
respect the rights of the down-trodden and also to appreciate that human
beings have no greater rights to resources or life than other species.
IMPORTANCE OF CSR
Profits
Improve customer loyalty
Globalization imperative
Successful implementation of strategies
Competitive advantage
Gen. Y
SOCIAL AND ENVIRONMENTAL AUDIT PRESSURES
Environmental issues as a source of risk
reputational damage, liabilities
Profits
Potential employees
Investors

TRIPLE BOTTOM-LINE
Political-economic argument
Legitimate theory
Shareholders
Financial performance
Environmental disasters
Laws/regulations
Stakeholder theory
ENVIRONMENT
Environmental footprint -
Environmental footprint
shows the impact that a
businesss activities have
upon its environment, in
terms of:

An organizations consumption
of resources such as energy,
water, land, feedstock
(grains, edible plants etc.)
and,

An organizations harm to its
environment in terms of
pollution, emissions,
spillages (in respect to oil,
chemicals, contaminants
etc.)
Large environmental/carbon
footprint = negative
environmental footprint
Small environmental/carbon
footprint = positive
environmental footprint
More social contributions
than harm = positive social
footprint
More harm than social
contributions = negative
social footprint
VOLUNTARY INITIATIVES
Carbon trading
Reducing, reusing and recycling
Alternative energy sources wind, geothermal,
solar, landfills (methane gas), biogas digester
(methane gas), biofuels
Pursuing sustainable development
Equator principles discouraging lending to
infrastructure projects that pollute
Working closely with NGOs to reduce
environmental footprint
Awards/certificates LEEDs, Green mark
certification
SUSTAINABLE DEVELOPMENT
BRUNDTLAND COMMISSION REPORT
a process of change in which the exploitation of resources, the direction of
investments, the orientation of technological development, and institutional
change are made consistent with future as well as present needs.


Brundtland Commission Reports also mentions the need to internalize all
externalities










- Repletion rate depletion rate

- Internalize all externalities
ENVIRONMENTAL ACCOUNTABILITY
Triple bottom-line reporting
Full-cost accounting
EMS
Environmental certification
EMS
Defining environmental goals and missions

Developing adequate and effective environmental
policies and procedures

Properly documenting and communicating
the established environmental policies and
procedures to affected personnel

Monitoring these policies and procedures and
ensuring compliance with them


ENVIRONMENTAL AUDIT
Agree upon metrics (and objectives/targets)
What to measure emissions (pollution, waste,
greenhouse gases) and consumption (energy,
water, feedstock etc.) (see GE)
Performance of company measured against these
metrics
Report on levels of compliance or variance
GENERAL ELECTRIC
PROFESSION AND PUBLIC INTERESTS
A profession is an occupation for which the
necessary preliminary training is intellectual in
character, involving knowledge and to some
extent learning as distinguished from mere skills

It is an occupation which is pursued largely for
others and not merely for oneself

It is an occupation in which the amount of
financial return is not the accepted measure of
success
PUBLIC INTERESTS
Taking care of the interests of all stakeholders
who have a direct or indirect impact on what
happens to a firm

Example, external auditor, accountants and
other accounting professionals have to take care
of the public interests as employees,
shareholders, government, customers, suppliers
and others will be impacted on the goings-on in
the firm
Performs job according to job description

Accept and obey instructions from superior
consistent with job requirements

Be a team player and should not rebel

Act in the best interest of the firm

Work to ensure profitability and harmony of
firm

Responsibilities of employees
PROFESSIONAL ACCOUNTANT
Practice professional skepticism

Maintain the reputation of the accounting/audit
profession

POPIC

Maintain I&O and should not be under any threats

Maintaining fiduciary duty to shareholders and
maintain public interest

PRINCIPLES AND RULES-BASED GOVERNANCE
SIMILARITIES AND DIFFERENCES
Improve corporate
governance effective board
no duality (rule-based does
not mention this), formation
of sub-committees

Protect whistleblowers

Enhance external auditor
independence

Ensure proper internal
controls

Improves disclosure
financial statements etc.

Increased top management
accountability
Rules-based regime require
mandatory compliance while
principles-based adopts
comply or explain

Rule-based regime was
passed by the US congress
and this law resulted in the
formation of an oversight
board called the PCAOB,
while principles-based regime
was initiated by both private
and government sector such
as FRC and DTI

Rule-based considered more
of a knee-jerk reaction to
corporate scandals such as
Enron while principle-based
more meticulously planned
PUBLIC-LISTED COMPANIES
No opportunism
Easy to compare
across firms
Less meticulous
scrutiny
Provide fair-level
playing field
More disclosure
Lesser information
asymmetry
Costs
Flexibility
Relative ease of
adoption
Developing country
mindset
Benefits of rules-based
Benefits of principles-
based
Country Name of code/report
Italy Preda code
Spain Olivencia code
South Africa King report
France Vienot report
Netherlands Peters report culminated in
Tabaksblat code
Germany Cromme code
Belgium Lippens code
UK Governance code (Combined
code)
Countrys code of corporate governance
WHY CG VARY?
National culture
Laws (common/civil)
Concentrated/diffused ownership
Financing options (capital market/equity or
banks)
NATIONAL CULTURE - HOFSTEDE
Power-distance
Uncertainty avoidance
Individualism collectivism
Masculinity femininity
Power distance
Uncertainty Avoidance
Individualism collectivism
Masculinity femininity
High
High
High
High
Low
Low
Low
Low
High uncertainty
avoidance
High individualism
Larger board size
(unitary)
Two-tier board for
continental Europe
Higher basic
component
remuneration
More risk averse
Smaller board size
More risk taking
board
Can have CEO duality
Variable or
performance-related
component
remuneration higher
NATIONAL CULTURE
HIGHER FEMININITY
Higher percentage of women in board
Greater quality of work life
Greater altruism
OWNERSHIP STRUCTURE
Diffused shareholder base very broad
Concentrated shareholder base narrower
DIFFUSED OWNERSHIP
Major shareholder not a controlling shareholder.
E.g. Steve Jobs wife is now the major
shareholder of Walt Disney (with around 7.3%
shares)

Major shareholder cannot decide on CEO
selection nor non-executive director selection
the other shareholders also need to vote
therefore agents are not directly chosen by major
shareholder
Agency conflict and independent NED
CONCENTRATED OWNERSHIP
Exists controlling shareholder via dual/triple
class shares or pyramidal structure

There exists principal-principal conflict and gray
NEDs
DUAL-CLASS SHARES (RESTRICTED VOTING
SHARES)
Type/class A
Type/class B
Facebook type A 1 voting right; Type B 10 voting
rights
TRIPLE-CLASS SHARES
Type A
Type B
Type C
Zynga Type A 1 vote; Type B 10 votes; Type C 70
votes
PYRAMIDAL STRUCTURE
A
B C
D E F G
H
WHY CORPORATE GOVERNANCE CAN
CONVERGE?
Transnational entities (OECD, UN, ICGN,
CACG, IMF)
FDI
Cross-listing
Diffusion of corporate governance code Cadbury
Code
Harmonization of accounting principles
TRANSNATIONAL ENTITIES
These organizations try to disseminate good
corporate governance values across the world
As a result, many countries have been influenced
by their works
Consequently, there is convergence
FDI
In the form of international JVs, international
M&As, international strategic investments
Through FDIs, countries corporate governance
interact
Therefore, as time goes by, the corporate
governance will converge

CROSS-LISTING
Listing is more than one stock exchange board
As time goes by, the best practices with regards
to corporate governance will converge
CADBURY CODE
Research shows that Cadbury code triggered
many countries to realize the importance of CG
As a result, many countries adopted and adapted
the best provisions of CG using Cadbury code as
their benchmark
HARMONIZATION OF ACCOUNTING
PRINCIPLES
Most countries are moving towards IFRS
As countries financial statements become
relatively similar, companies annual report will
also become more similar
Eventually, this may also impact on CG and
therefore corporate governance can also converge
Hence one size does not fit all
CORPORATE GOVERNANCE
PRINCIPLES OF GOOD CG
Fairness
Independence
Transparency
Probity
Responsibility
Accountability
Judgment
Integrity
Reputation
PRINCIPLES OF GOOD CORPORATE
GOVERNANCE
Fairness the directors
must practice proper
deliberations; they
should be unbias, non
discriminatory, rational
as well as objective
Independence Board
of directors must have
non-executive directors
that are independent
Transparency - DATA

Probity/honesty telling
the truth, not misleading
stakeholders, honest,
practice candour, directors
should not mislead, or
deceive
Responsibility
directors (NEDs) have to
monitor agents, attend
regular meetings, give
suggestive contributions,
protecting
shareholders/stakeholders
interests

Accountability
effective committees,
giving suggestive
contributions, attend
regular board meetings
Judgment adequate
balance of knowledge,
skills, abilities, and
experience to contribute
towards organizational
prosperity
Integrity morally
right, strong internal
moral code, virtuous
Reputation
reputation as an asset
to the organization.
By fulfilling other
principles of corporate
governance, the
reputation of a firm
can be enhanced

ACCOUNTABILITY
- Directors should explain in the annual report their responsibility for
preparing the annual report, and state that they consider the annual
report and accounts, taken as a whole, is fair, balanced, and
understandable and provides the information necessary for
shareholders to assess the companys performance, business model
and strategy.
- There should be a statement by the auditor about their reporting
responsibilities.
- The directors should explain in the annual report an explanation on
how the company generates and preserves value over the longer term
(the business model).
- The directors should report in annual and half-yearly financial
statements that the business is a going concern, with supporting
assumptions or qualifications as necessary.
AN EFFECTIVE BOARD (FROM GOVERNANCE CODE)
- Should have a chairman that demonstrates good leadership
- Should have non-executive directors who are independent (including a
senior independent non-executive director (INED)) with the right
balance of skills, knowledge and experience
- Excluding the chairman, at least half of the board must be INED (for
small firms, below FTSE 350, at least two)
- Board members to meet regularly and attendance should be regular
- No duality of posts between chairman and CEO
- Formation of committees audit, nomination, remuneration, risk etc.
which has the right balance of skills, experience, knowledge and
independence
- Should maintain a sound system of risk management and internal
control systems
- Company should arrange appropriate insurance cover in respect of
legal action against its directors
Against CEO duality reduce unfettered
powers, improves monitoring role of
NEDs, improves organizational
performance, reduce conflict of interests,
reduces agent opportunism

For CEO duality single unified leader,
no guarantee of significant improvement
in organizational performance (Dalton et
al.)
CHAIRMAN
Provide leadership

Ensures directors receive accurate, clear and timely information

Setting boards agenda

Communication with shareholders (through annual report)

Promoting a culture of openness and debate

Facilitate effective contribution of NEDs

Ensure constructive relations between EDs and NEDs

Ensure sufficient communication with shareholders (to discuss
governance and strategy issues)

Ensure that directors continually update their skills and knowledge

Ensure sufficient resources allocated
CRITERIA FOR INDEPENDENCE
Should NOT have been an employee of the company or
group within the last five years
Should NOT have or had had within the last three years
any material business relationship with the company
either directly or as a partner, director, or senior employee
of a body that has such a relationship with the company
Should NOT have received or receives additional
remuneration from the company apart from a directors fee,
should not participate in the companys share option or a
performance-related pay scheme, should not be a member
of the companys pension scheme
Should NOT have close family ties with any of the
companys advisers, directors, or senior employees
Should NOT hold cross-directorships or has significant
links with other directors through involvement in other
companies or bodies
Should NOT represent a significant shareholder
Should NOT have served on the board more than nine
years from the date of the first election
NEDS
Strategy NEDs should constructively
challenge and help develop strategies
Performance NEDs should scrutinize the
performance of management in meeting agreed
goals and objectives and monitor the reporting of
performance
Risk NEDs should satisfy themselves on the
integrity of financial information and that
financial controls and systems of risk
management are robust and defensible
People NEDs are responsible for determining
appropriate levels of remuneration of executive-
directors and have a prime role in appointing,
and where necessary removing, executive
directors and in succession planning
For NEDs Higgs, improves organizational
performance (Choi et al.), reduce group think

Against NEDs - costs (director fees, insurance,
induction, CPD), time, competencies, control (financial
vs strategic), independence
-Audit committees should have at least three members, who should all be
INEDs (or in the case of smaller companies, i.e. below FTSE 350, two)
-The chairman of the company should not be an audit committee member
(except for smaller firms, below FTSE 350)
-Appointments to the audit committee should be made by the board on
the recommendation of the nomination committee, in consultation with
the audit committee chairman
-Appointments should be for a period of up to one year, extendable
through re-election, so long as members continue to be independent
-At least one member of the audit committee should have significant,
recent and relevant financial experience, for e.g. as an auditor, or a
finance director of a listed company
-It is recommended that there should be not fewer than three meetings
during the year. No one other than audit committees chairman and
members is entitled to be present at audit committee meetings. External
auditor will be invited regularly to attend meetings as well as the
finance director
-The audit committee should review and approve the internal audit
functions remit; should approve the appointment or termination of the
head of internal audit; should ensure that the internal auditor has direct
access to the board chairman and to the audit committee and is
accountable to the audit committee; meet with the head of internal
audit at least once a year without the presence of management; review
and assess the annual internal audit plan

Audit Committee
AUDIT COMMITTEE ROLES
To provide advice to the board on whether the annual reports and accounts taken as a whole is fair,
balanced, and understandable and provides the information necessary for shareholders to assess
companys performance, business model and strategy

To monitor the integrity of the financial statements

To review the companys internal financial control systems

To review the companys internal control and risk management systems (if there is no risk
committee)

To monitor and review the effectiveness of the companys internal audit function (if no internal audit
function, then the need to consider annually whether there is a need for internal audit function and
make recommendations to the board, and the reasons for the absence of such a function)
To recommend to the board for it to put forward to the shareholders in relation to the appointment,
re-appointment and removal of external auditors (if board does not accept, then board must explain
why in annual report or in any relevant papers) as well as their remuneration and terms of
engagement
For FTSE 350 companies, the audit committee should put the external audit contract out to tender
at least every ten years (if the board does not accept audit committees recommendation, it should
include in annual report or in any papers the reasons for not accepting)
To review and monitor the external auditors independence and objectivity and the effectiveness of
the audit process
To develop and implement a policy on the engagement of the external auditor to supply non-audit
services
Be an avenue for whistle-blowers

Advantages of external auditor providing non-
audit services to audit client reduce client costs
(economies of scope for client), external auditor
has better holistic understanding, reduce fraud
and internal controls

Problems increase threat of economic bonding,
affect external auditors I&O, self-review threat,
reduce share price
- Should ideally be made up of INEDs (however, EDs may also be
members)

- Ideally should be chaired by an INED

- Some recommends majority should be insiders from operations
Risk committee
RISK COMMITTEE ROLES
Approving the organizations risk management
strategy and risk management policies
Reviewing reports on key risks prepared by
business operating units, management and
auditor
Assessing overall exposure to risk and ensuring it
remains within limits set by the board
Reviewing the firms internal control systems
Assessing the effectiveness of the organizations
risks management systems
Providing early warning to the board on
emerging risk issues and significant changes in
the companys exposure to risks
Problems of combining audit committee with risk
management committee competency, time, focus
(finance matters)
Advantages of combining audit committee with
risk management committee holistic, effective


Some organizations therefore have separate audit
and risk management committee
NOMINATION COMMITTEE
Appointments to the board must be made on
merit and against a set of objective criteria and
with due regard for the benefit of diversity,
including gender
Care must be taken to ensure that appointees
have enough time, that there is an appropriate
balance of skills and experience within the
company and the board
To encourage the use of external advice or open
advertising (and to explain if it was not used)
A majority of members must be INEDs and is
chaired by either the chairman of the board or an
INED (but chairman of board must not chair the
meeting if it is concerning the succession of board
chairman)
NOMINATION COMMITTEE ROLES
Prepare job description for a particular post (after
evaluating the balance of skills, knowledge, and experience
needed)
Prepare a job specification for the post
Plans for orderly succession for both executive and NEDs;
reviewing regularly the leadership needs of the
organization, both EDs and NEDs
Regularly review the size, structure and composition of the
board and make recommendations, when necessary
Any NED beyond six years should be subject to a
particularly rigorous review
To make recommendations to the re-appointment of any
NED
To monitor and convey to the board to ensure that a full
time ED does not take more than one NED or
chairmanship of a company (normally a large company, e.g.
FTSE 100 company
BOARD SIZE

Problems unwieldy (3Cs, free-rider), costs, time,
decreased organizational performance

Benefits improves organizational performance
(Dalton et al.), greater stakeholder representation,
do not need to use same persons for committees
Remuneration committee should consists of at
least three (or in the case of smaller
companies, two) INEDs


The company chairman may also be a member
of the remuneration committee but may not
chair the committee
Remuneration Committee
REMUNERATION COMMITTEE ROLES
Setting remuneration for EDs, chairman, and company
secretary (the remuneration of NEDs shall be a matter for the
chairman and EDs or shareholders)

To ensure level of remuneration is sufficient to attract, retain,
and motivate directors to run the company; however, should
avoid paying more than what is necessary

Should ensure that remuneration of executive directors be
aligned to corporate and individual performance

Determining targets for any performance-related pay schemes

Determining the policy for and scope of pension arrangements
for each ED

Determining the total individual remuneration package of
each ED
Fixed/basic component salary,
contractual bonuses, allowances, perks
(company car, insurance coverage etc.)

Variable/performance-related component
options of shares, restricted share grants
(also used in golden parachute),
performance bonuses, any long term
incentive plans

Combined code recommends that variable
component should be of a significant
proportion than fixed component
WHY REMUNERATION CAN DIFFER
ACROSS COMPANIES AND COUNTRIES

National culture
Organizational life cycle small, large,
public-listed, delisted etc.
Costs direct, indirect, reputation
Shareholders
Motivation
gender
Hence, one size does not fit all
INSTITUTIONAL SHAREHOLDERS
INTERVENTION
Companys strategy acquisition or
disposal strategy too risky
Companys operational performance
Independent directors failing to hold
executive management properly to
account
Internal control failings
Inadequate succession planning
Unjustifiable failure to comply with
combined code
Inappropriate remuneration levels,
incentive or severance packages
NED ORIENTATION
Business nature of the firms business and
operations

People the people in the organization; whos
who

Stakeholders major shareholders, key
customers, suppliers etc.

BPS


OECD FRAMEWORK FOR GOOD CG
Ensuring the basis for an effective corporate
governance framework
The rights of shareholders and key ownership
functions
The equitable treatment of shareholders
The responsibilities of the board
Disclosure and transparency
The role of stakeholders in corporate governance

Traits Public-listed firm Private firm NGOs (charities,
foundations etc.)
Family business
Owner Shareholders Shareholders Founder and perhaps
descendent
Patriarch/
matriarch
Board Ideally, BODs have
the right balance of
KSA,
competencies, and
there is
independence;
professionally
managed
BODs consist of
shareholders/owners
Consists of Board of
governors/trustees
Made up mainly
of family
members
Committees Ideally proper
committees
May or may not have
committees
May or may not May or may not
Succession planning Ideally proper
succession
planning with NC;
properly managed;
sometimes
difficulties in
finding the right
candidate
Succession planning not
formal
Succession planning
not important as the
board will ensure that
the ideology of the
founder lives on even
after the demise of
founder
Successor will
be another
family member
and therefore
succession
planning
generally not a
big issue
Governance Based on LR and
CG perspective
principles-based or
rules-based
Based on requirements of
shareholders
Based on founders
ideologies and culture
of the NGO
Based on family
member needs
Feud/conflict AGMs, EGMs
professionally
managed
Reconciled among owners
may be violent and not
professionally managed
Addressed by reverting
to founders values
Feud could be
family rivalry to
wrest control of
board decisions
RULES-BASED APPROACH SARBANES-
OXLEY ACT
Title number Description
I Public Company Accounting Oversight Board (Sec. 101-109)
II Auditor independence (Sec. 201-209)
III Corporate Responsibility (Sec. 301-308)
IV Enhanced financial disclosure (Sec. 401-409)
V Analyst conflict of interest (Sec. 501)
VI Commission resources and authority (Sec. 601-604)
VII Studies and reports (Sec. 701-705)
VIII Corporate and criminal fraud accountability (Sec. 801-807)
IX White-collar crime penalty enhancement (Sec. 901-906)
X Corporate tax returns (Sec. 1001)
XI Corporate fraud and accountability (Sec. 1101-1107)
EXTERNAL AUDITOR INDEPENDENCE
- Section 201 SOA prohibits external auditor from
providing internal audit outsourcing services, financial IS
design and implementation, bookkeeping and financial
statement services, management and HR functions,
actuarial services, investment advisor, appraisal or
valuation services, audit-related legal services.

- Section 203 lead audit partner and reviewing partner
to rotate the audit engagement every 5 years

- Section 207 audit firm rotation
SECTION 302
The CEO and CFO must certify in a statement that
accompanies the audit report: the appropriateness of the
financial statements and disclosures; that the statements
fairly present, in all material respects, the operations and
financial conditions of the company; and that all significant
deficiencies in internal controls have been disclosed to the
auditors and audit committee.

Also states that the officers are responsible for internal
controls, have evaluated its effectiveness in the last 90 days,
have presented in their report their conclusions about the
effectiveness of their internal controls and have discussed any
changes in internal controls, including corrective actions
during the period under review.


SECTION 404
Internal control over financial reporting (ICOFR)















Managements report


a. Describe framework
used to evaluate internal
controls COSO, CObIT



b. An assessment of its
ICOFR effectiveness
Auditors report (3 reports)

1. Assessment of the
effectiveness of the
framework used

2. Attest on
managements
assessment of ICOFR
effectiveness

3. Presentation of
financial statements: true
and fair
WHISTLEBLOWING
Section 301 Audit committee should be the avenue
for whistleblowers
Section 806 no public company or any officer,
employee, contractor, or agent of such company may
discharge, demote, suspend, threaten, harass or in
any other manner discriminate against any
whistleblowers
Section 1107 makes it a crime for anyone knowingly
with the intent to retaliate, to interfere with the
employment or livelihood of any person a
whistleblower who provides a law enforcement
officer any truthful information relating to the
possible commission of a SOA violation offense fines
and imprisonment of up to 10 years

Benefits of SOA Problems of SOA
Accounting and financial scandals still persists post-SOA
Costs of compliance increased
Reduce IPOs
Reduce economic growth of company
Alteration of business practices, e.g. IS
Improves auditors independence
Improve internal controls
CEO and CFO must certify financial statements increased accountability
Improvements in ICOFR
All companies that are public listed must have code of ethics (Section 406)
Improvements in risk management (Section 409)
Whistleblower protection
BOARD STRUCTURE
One-tier/unitary board
Chairman
NEDs
EDs
Two-tier board
Supervisory board
Chairman
NEDs
Bank representatives,
Controlling shareholder
representatives, employee
representatives
EDs
Management board
EDs
Works
council
Advantages Disadvantages
All directors have equal legal
and executive status all are
held responsible and can be
held accountable for board
decisions
Uncomfortable tidiness in
having one group of directors
supervising or controlling
another group on the same
board
More viewpoints are likely to
be expressed in board
deliberations and discussions
No employee representation;
no banks involved as in
German model
Intellectual strength of the
board increased
Time requirements both in
board meetings and
committee meetings for NEDs
Strategies can be more
robustly scrutinized

More free-flow of information
can take place resulting in
better decision-making

Improves relationship and
cooperation between different
types of directors

Unitary board

Advantages Disadvantages
Two-tier board clearly
separates the role of the
chairman and CEO
Management board can
only nominate directors
to supervisory boards but
cannot oppose
inequality
Employee, shareholders
and banks
representation in
supervisory boards and
employee representation
in works council
All the above advantages
for unitary board can
somehow be lacking in
two-tier boards
Two-tier board

RISKS A POSSIBILITY/CHANCE THAT AN UNFAVOURABLE EVENT
WILL OCCUR
Sources of risks
exogenous and
endogenous
ICAEW financial
risks, operational
risks, compliance
risks,
business/strategic
risks, any other risks
(FOCBA)
Any other risks:
Legal
Political
Technological
Natural disaster
Health, safety and
environmental
Probity
Reputational
Credit risks is the risk to a
company from the failure of its
debtors to meet their obligations on
time
Liquidity risks is the risk of loss
to a mismatch between cash inflows
and cash outflows
Currency risks is the possibility of
loss or gain due to future changes in
exchange rates
Market risks also known as
systematic risk (or non-diversifiable
risk) occurs due to external events
such as political (wars), economic
(inflation, recession, high interest
rates) etc. Company-specific risks
are also known as diversifiable or
unsystematic risks
Derivative risks CDOs, CDS

Risks that can affect
day-to-day businesses,
such as:
Errors or omissions by
employees
Product failure
Health and safety
Failure of IT systems
Fraud
Loss of key people
Loss of suppliers etc.

Financial risks
Operational risks
Failing to follow all
requirements of the
laws, regulations,
policies and
procedures

Strategic risks are risks
that relate to the
fundamental and key
decisions that the directors
take about the future of
the organization. Strategic
risks occurs if the
decisions made by board
and top management fails
to improve organizational
performance, losing out in
terms of competitive
advantage, failing to
create new markets etc.
Can lead to strategic drift.

Compliance risks Strategic/business risks
If correlation is positive, then risks covary,
i.e. risk A increases then risk B also
increases and vice-versa.

Some risks can covary, for example,
environmental risks and reputational risks

If correlation is negative, then risks are
inversely proportional, for example,
reputational risks and share price
Risks correlation
Risk identification nature/source of risks

Risk assessment likelihood and impact of
each risk

Risk review analyse the controls the
organization has in the event the risk
materializes

Risk reporting prepare reports on risks and
submit to the board

Risks audit
Selim and McNamee:

- Risk assessment risk identification, risk
measurement, and risk prioritization.
- Risk response acceptance, transference,
avoidance or reduction.
- Risk communication internal and external
stakeholders.

Risk management process

















Risk assessment:
- Selim and McNamee IMP
- COSO
- Turnbull
Risk management
Risk
assessment


Identify risks


Categorize the risks



Acceptable risks Unacceptable risks



Likelihood? (H, M, L)



Ability? (Y/N) Impact? (H, M, L)




Costs Benefits

Risk assessment - Turnbull
Risk assessment















Turnbull:

- Identifying the nature and the extent of risks facing the company
- Categorising the risks which it regards as acceptable for the company to
bear
- Assessing the likelihood (probability) of the risks concerned materializing
- Assessing the companys ability to reduce the incidence/risks and impact
on the business of risks that do materialize
- Assess the costs of operating particular controls relative to the benefits
thereby obtained in managing the related risks
Risk assessment









COSO:

- Estimating the significance of the risk
- Assessing the likelihood of the risk occurring
- Considering how the risk should be managed, and assessing what
actions to be taken

Consequences

Low High
Low



Likelihood



High







Acceptance Transference

Risks are not significant. Insure risks, outsource and
implement contingency
plans to pass to 3
rd
parties
Keep under view.


Reduction Avoidance

Take some action, e.g. Take immediate action e.g.
insurance, contingency terminate operations etc.
planning, internal controls,
culture of ethics,
code of ethics, risk
management, HRP, HRD,
internal audit
Risk management strategy/response/treatment
Risk terms and expressions:

1. Dynamic nature of risk assessment
- Risks are not static
- Risk assessment therefore should not be one-off but continual

2. Importance and nature of management responses to changing risk
assessments
- Since risk assessment is continual, some risks can change in likelihood
and importance
- Therefore, proper responses will be needed

3. Risk appetite and risk policy
- If the board or firm has a higher appetite for risks, then the risk policies
would reflect this higher risk appetite

4. External reporting on internal controls and risks
- Less information asymmetry
- Improve investor confidence (more transparent)

5. ALARP principle in risk assessment
- Some risks are subjective and cannot be eliminated; others cant even
be imagined
- At best, one should try to minimize the risks as much as possible, given
the constraints of costs versus benefits through transference and
reduction
- Some risks have to be accepted as the costs of eliminating the risks
exceeds its benefits

6. Difficulties of risk perception
- Some risks are harder to quantify and therefore more difficult to
perceive its likelihood and impact
- If risks are objective/quantifiable, risk perception becomes easier and
vice-versa

7. Covariant risk
- Risks are positive correlated
8. Techniques and policies to mitigate business and financial risk
- TAR approaches such as insurance, outsourcing, strategies (JV,
franchising, licensing); hedging

Turnbull guidance:

A system that encompasses the policies, processes, tasks, behaviours and
other aspects of a company that, taken together:

Facilitate its effective and efficient operation by enabling it to respond
appropriately to significant business, operational, financial, compliance
and other risks to achieving the companys objectives. This includes the
safeguarding of assets from inappropriate use or from loss and fraud and
ensuring that liabilities are identified and managed;

Help ensure the quality of internal and external reporting. This requires the
maintenance of proper records and processes that generates a flow of
timely, relevant and reliable information from within and outside the
organization;

Help ensure compliance with applicable laws and regulations, and also
with internal policies with respect to the conduct of business

Internal controls
CHARACTERISTICS/
BENEFITS/OBJECTIVES/PURPOSES/AIMS OF INTERNAL
CONTROL
Operations can proceed efficiently and effectively
Respond to risks in a timely manner
Safeguarding assets
Reliable/quality reporting both financial and
non-financial, external and internal reporting
Proper data/record collection, processing and
maintenance
Compliance to laws, regulations, policies and
procedures
Achieving strategic objectives
Internal controls and risk management


Review/approve BOD/committee


Design


DIOM CEO




Some responsibility all employees




Embed in culture

















COSO:

Control environment

Risk assessment

Control activities

Information and communication

Monitoring

CRAIM
Elements of internal control
CONTROL ENVIRONMENT
Strategies for dealing with risks
Structure assigning the right people to the right tasks,
having a proper organizational structure (matrix, flat/tall,
centralized/decentralized etc.), authority, responsibility and
accountability clearly defined, proper communication so
that employees are aware what is expected of them
Systems proper risk policies in place, process/activities
adjusted to reflect changes in risks, proper internal audit in
place
Staff competent personnel through HRP,
orientation/induction, HRD, rewards, performance
appraisal, promotion and discipline, proper BOD and
committees
Style right management style (setting tone at the top),
commitment to competence, integrity, and fostering a
climate of trust
Skills competent personnel (knowledge, skills)
Super-ordinate goals integrity and ethical values, code of
conduct, proper culture based on trust

CONTROL ACTIVITIES
All activities, processes, systems, policies,
procedures in place to ensure no internal control
failing
Examples: SPAM-SOAP:
Segregation of duties, physical controls,
authorization and approval, management
controls, supervision controls, organization
controls, arithmetic and accounting controls,
personnel controls
INFORMATION AND COMMUNICATION
Proper information systems in place to provide
real-time information about internal and
external events
Information is relevant, accurate, reliable,
sufficient, complete, concise etc. and IS
constantly reassessed to ensure functionality
Information must be about the firm as well as
about the environment
Information must flow vertically, laterally,
inside-out and outside-in
Proper channels of communication in place for
whistleblowers

MONITORING
Monitoring can be done periodically as well as
ongoing (control self assessment etc.)
Aim:
Emerging risks
Deficiencies in internal controls and risk
management systems

So as to make the necessary
adjustments/modifications to ensure
sound/robust internal controls and risk
management systems

A sound system of internal control reduces, but cannot
eliminate, the possibility of poor judgment in decision-making;
human error; control processes being deliberately
circumvented by employees and others; management
overriding controls; and the occurrence of unforeseeable
circumstances.

A sound system of internal control therefore provides
reasonable, but not absolute, assurance that a company will
not be hindered in achieving its business objectives, or in the
orderly and legitimate conduct of its business, by circumstances
which may reasonably be foreseen. A system of internal control
cannot, provide protection with certainty against a company failing
to meet its business objectives or all material errors, losses, fraud,
or breaches of laws or regulations.

INTERNAL AUDIT
IIA:

A systematic and disciplined approach to provide
an independent and objective:

assurance and
consulting activity on
risk management, internal controls and
governance

that is designed to add value to an organizations
operations
OBJECTIVES/FUNCTIONS/SCOPE OF INTERNAL
AUDIT
Evaluate and improve risk management process
Evaluate and improve internal controls
Social and sustainability audits
External audit assistance
Corporate takeovers and mergers
Project management
The operation of the organizations corporate governance arrangements
Examination of financial and operating information check for suitability,
reliability and integrity, financial audits
Review of the economy, efficiency and effectiveness of operations operations audit
Review of the safeguarding of assets

Review of the implementation of corporate objectives
Special investigations, e.g. suspected fraud
Review of compliance with legislation, regulations and codes of practices
Follow-up action taken to remedy weaknesses identified by internal audit reviews
and ensuring that good practice is identified and communicated widely
Testing to ensure robustness stress-, compliance-, load testing; security issues

NEED FOR INTERNAL AUDIT
The scale, diversity and complexity of the
companys activities
The number of employees
Cost-benefit considerations
Changes in organizational structures, reporting
processes or underlying information systems
Changes in key risks
Problems with internal control systems
An increased number of unexplained or
unacceptable events

RECRUITMENT OF INTERNAL AUDITOR
Advantages
Fresh perspective
Emotionally
detached
independent and
objective
May transfer best
practice from
outside
Disadvantages
May not understand
organization
initially and
therefore may take
time to contribute
Possibly lack
cooperation from
others
Costly
OUTSOURCING INTERNAL AUDIT
Improve focus and cost
Outsourcer may have
more expertise
improve efficiency
Less subject to high
turnover of staff from
internal audit
Skills of internal audit
may be only be required
for a short time in each
year
Conflict of interest if
outsourced service is
provided by external
auditor illegal in US
Lack of knowledge or
awareness of the
organization objectives,
culture or business
High costs
perhaps poor quality
Advantages Disadvantages


has access to

Reports to and accountable to
Approves or terminate
Duty
approve consulting &
& review IA remit assurance
Reviews and
Approve IC and I,O,M IC & RM
RM
Develops/design
IC & Risk management

Recommends the appointment, re-appointment and removal
Decides on engagement policies and remuneration
Reviews the effectiveness of the audit process








Audit
committee
CEO
Internal
Auditor
Chairman
External
auditor