Flashcards in Chapter 4 - Main Aspects Of Corporate Governance Deck (240):
Corporate governance is the process by which company objectives are established, achieved and monitored. Corporate governance is also concerned with...
Relationships and responsibilities of the board, management, shareholders and other relevant stakeholders within a legal and regulatory framework.
The two most important elements of corporate governance are?
Transparency and accountability
Codes of corporate governance differ across the world, but commonly adopted principles include the following:
- company's should respect shareholders rights and help shareholders to exercise them.
- companies should recognise they have obligations to other stakeholders
- the board needs the skills and understanding to review and challenge management performance
- colonies should develop a code of conduct for their directors and managers that promotes ethical and responsible decision making.
-companies should make public the roles and responsibilities of the board and management to provide shareholders with a level of accountability
-companies should have procedures to independently verify their financial reporting
The corporate governance framework in the UK operates at a number of levels through legislation particularly the company's act and...
-through regulation and in particular for the London stock exchange listed companies through the listing rules which are the responsibility of the FCA
-through the UK corporate governance code which is the responsibility of the financial reporting council
For companies not listed on the London stock exchange, companies can still adopt equivalent approaches to those that are listed as the UK corporate governance code is considered...
To represent the best practice standards for supervision and management up by directors and other stakeholders
The first full corporate governance code was the ???
Cadbury report in 1992. The initiative formed a committee under the chairmanship of sir Adrian Cadbury to publish a code of practice followed several high profile corporate failures. It brought to light how difficult it was for shareholders to rain information about company affairs. Companies didn't have internal audit functions and often chairman and ceo was same person, with too much power.
The Cadbury committee was formed by the London stock exchange and the ...
Financial reporting council, together with the accountancy profession.
The Cadbury committee was tasked to...
Producing guidance on best practice for boards of listed companies to follow.
The Cadbury committee/Cadbury report was further refined in 1995 to become the...
Combined code. Code is updated every 2 years to ensure that it remains relevant. Any changes seek to include recommendations from committees such as the green bury report and the Sherman inquiry. Changes are subject to extensive consultation and dialogue with the market.
The FRC issues and updated UK corporate governance code in ???? That...
2014. This updated version of the code enhances the quality of the information that investors receive about the long term health and strategy of listed companies.
The five areas of the UK corporate governance code are...
- relations with shareholders
What is the leadership section under the UK corporate governance code concerned with?
-every company should be headed by an effective board
-clear division of responsibilities at the head of the company between running the board, and executive responsibility of the running the business. No one individual should have too much power.
-chairman is responsible for leading the board and ensuring its effectiveness on all aspects of its role
What is the effectiveness section under the UK corporate governance code concerned with?
-the board and its committees should have the appropriate balance of skills and experience to do duties effectively
-should be a formal rigorous and transparent procedure for appoint of new directors to the board
-the board should be supplied in a timely manner with information in a form and of a quality appropriate to enable it to discharge its duties
What is the accountability section of the UK corporate governance code concerned with?
-the board should present a balanced and understandable assessment of the company's position and prospects
-the board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives, the board should maintain sound risk management and internal control systems.
What is the remuneration section under the UK corporate governance code concerned with?
-levels of remuneration should be sufficient to attract, retain And motivate directors of the right quality required to run the business, without paying too much. Should be a proportion structured as to link towards rewards for corporate and Individual performance.
-emphasis should be placed on the long term success of the company
-arrangements should be made to recover or withhold variable pay when appropriate to do so.
What is the relations with shareholder section under the UK corporate governance code concerned with?
-should be a dialogue with shareholders based on mutual understanding of objectives.
-board should use the annual general meeting to communicate with investors and encourage their participation
-companies should explain how they are to engage with shareholders when a significant percentage of them has voted against a resolution.
What are the other 2 areas of the UK corporate governance code?
-concern, risk management and internal control
-comply or explain
Under the UK corporate gonveance code, with regards to risk management and internal control, companies should?
-identify any material uncertainties in their ability to trade as a going concern
-asses their principal risks and explain how they are being managed
-state whether they are able to continue in operation and meet their liabilities
-monitor their risk management and internal control systems at least annually
With regards to the comply or explains section of the UK corporate governance code, what does this mean?
Compliance with the code is not a legal requirement, but it is part of the London stock exchange listing rules. Companies are required to state in their annual report whether they are in compliance with the code, or if not fully compliant to derail, explain where they are not complaint and the reason for this.
The turnbull guidance sets out...
Best practice for internal control for UK listed companies, and assists them in applying the section of the UK corporate governance code that deals with internal control.
Turnbull guidance was originally published in...
In September 2014, the FRC published a revised guidance of the turnbull guidance called...
Guidance on risk management, internal control and related financial and business reporting (the risk guidance)
Who has published a version of the UK corporate governance code for mutual insurers?
Association of financial Mutuals
The AFM annotated corporate governance code for mutual insurers includes...(also give example)
Guidance on matters such as the role of shareholders and the appointment of directors that have specific experience in the interests of members. An example of this is the metropolitan police friendly society, where certain non executive directors or retried police officers serve.
In 2003 the FRC published guidance on audit committees which was called the smith report, this guidance was last updated in September 2012 and is now referred to us the...
FRC guidance on audit committees
What is the purpose of the FRC guidance on audit committees?
Assist company boards when implementing the sections of the UK corporate governance code. Dealing with the audit committees and to assist directors serving on audit committees in carrying out their role.
The FRC guidance on audit committees states that the board should establish an audit committee of at least...
Three, or in the case of smaller companies, two members.
The main roles and responsibilities of the audit committee include:
-Monitoring the integrity of the company's financial statements
-reviewing the company's internal financial controls
-making recommendations to the board, for it to be put to shareholders for their approval in the general meeting, in relation to the appointment of the external auditor And to improve the remuneration and terms of engagement of the external auditor
-reviewing and mo irony the external auditors independence and objectivity and the effectiveness of the audit process
-developing and implementing policy on the engagement of the stern all auditor to supply non audit services, taking into account relevant ethical guidance regarding the provision of non audit services by the external audit firm.
-to report to the board, identifying any matters where it considers that action or improvement is needed, and making recommendations as the steps to be taken.
In March 2011 the FRC published the guidance on...
The FRC's guidance on board effectiveness relates primarily to leadership and effectiveness of the board. The institute of chartered secretaries and administrators developed guidance on the FRC's behalf and it deals with the following topics:
-role of the board and directors
-board support and role of the company secretary
-board composition and succession planning
-evaluating the performance of the board and directors
-audit, risk and remuneration
-relations with shareholders
Corporate governance codes have been adopted in many other countries in a similar way to the UK. On Australia, the ASX corporate governance council published the corporate governance principles and recommendations. Codes also exist in European counties, for example Germany has the...
Deutscher corporate governance codex
In the USA a different approach is taken, companies with a listing on the stock exchange in the USA are required to comply with the requirements of the...
Sarbanes-oxley act 2002
Explain why the sarbanes-oxley act came about
The USA, due to failings in corporate govnerance made the legislation. The purpose of which is to protect investors by improving the accuracy and reliability of corporate disclosures.
What notable scandal in the USA helped bring about legislation like the sarbanes-Oxley act?
The need for auditor independence, corporate responsibility, and ehanced financial disclosure feature heavily in which act...
Sarbanes-Oxley act 2002
The two key provisions of the sarbanes-Oxley act are....
302 and 404
What does section 302 of the sarbanes-oxley act do?
Mandates a set of internal procedures designed to ensure accurate financial disclosure. The signing officers must certify that they are responsible for establishing and maintaining internal controls. And have designed such internal controls to ensure that materiel information relating to the company and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared.
What is part 404 of the sarbanes-oxley act?
Requires management and external auditor to report on the adequacy of the company's internal control over financial reporting. This is the most costly aspect of the legislation for company's to implement, as documenting and testing important financial manual and automated controls requires a large amount of resources.
SOX type laws have been adopted...
In other places of the world.
Listed companies have to abide by which rules...
The listing rules
The listing rules dictate...
Such matters as the contents of the prospectus for a company seeking a listing for the first time. This is called an initial public offering, and on going obligations such as the disclosure of price sensitive information, and communications on new share offers, rights issues, and potential or actual takeover bids for the company.
The listing rules require quoted companies to produce half...
Yearly financial reports as well as annual reports. The rules implement the EU transparency directive but also set slightly more stringent requirements.
The main legislation covering limited companies is...
The companies act 2006
The companies act 2006 includes regulations affecting:
-responsibility of a company's directors and officers
Companies house keeps the public records of companies registered in Great Britain. It lists its three statutory functions as to:
-Incorporate and dissolve limited companies
-examine and store company information delivered under the companies act and related legislation and
-make this information available to the public
All company directors have a personal responsibility for making Information about the capital structure, management and activities of their companies available both to the members of the company and to the public by...
Filing the documents at companies house.
Every registered company has the legal obligation to provide companies house with...
An up to date annual return, and in most cases, annual accounts including a directors statement
Until a company is registered with companies house, it has...
No legal existence, so cannot enter into contracts or undertake any business.
The majority of companies are private companies and may be formed by one or more individuals subscribing to the...
Memorandum of association and complying with the registration requirements of the act
If a company is to issue shares to the public it must register as a
Public company and comply with certain additional rules such as having allotted...
Share capital of at least £50,000
The registration documents for companies house set out...
-whether the company is a private or public company
-whether the liability of the members of the company is to be limited and if so whether it is to be limited by shares or guarantee
-the situation of the company's registered office, I.e whether it is in England and Wales, Wales Scotland or norther Ireland.
-address of the registered office, which must be the same as the situation of the registered office
-the statement of proposes officers and
-the proposes articles of association
If the company is to be limited by shares the document must also include a statement of capital and the initial share holdings
The articles of association are an important part of the company's constitution. Model articles are set out for private and public companies, and companies may chose to adopt these.
The articles of association contain the main provisions governing the relationship between...
Shareholders and the company, as well as moderating the balance of power between the shareholders themselves.
The articles of association compromise the regulations for the running of the company's internal affairs and they specify how many members must be present if the proceedings at meetings are to be ...
Regarded as valid
The meetings in regards to articles of association, how many members must be present for it to be valid is called a ....
Quorum. It is Usually necessary to have a quorum before a meeting is valid.
As part of statutory reporting requirements, an annual return is required. What does this contain?
A range of information including the company's registered office address. The principal business activities. Details of the the directors, company secretary, shareholders and the company's share capital.
Every company must deliver an annual return to companies house at least...
Once every 12 months. The company has 28 days from the date which the return is made to do this. The return is a summary of the company's details at a particular date (the made up date). The latest date to which it may be made up is the anniversary of the previous return or in the case of a new company, the anniversary of its incorporation.
The companies act requires that every company must keep accounting records which are sufficient to show and explain the company's transactions and as such to:
-disclose with reasonable accuracy at any time the financial position of the company at that time and
- enable the directors to ensure that any accounts required to be prepared comply with the requirements of the act
Annual accounts are useful for investors and other stakeholders who want to know...
The condition of the company in which they have invested their capital and to assess the performance of its directors.
Annual accounts may also help creditors obtain reassurance that their debts will be paid, or alert them to the possibility that they will not be
By law, a company's annual accounts must give a....
True and fair view of its economic state
To aid the process of companies providing their annual accounts showing a true and fair view, companies are required to comply with accounting standards, for instance....
Companies listed on the London stock exchange follow International financial reporting standards
These IFRS standards are aimed at establishing...
A uniformed approach to methods of accounting, so that a consistently true and fair view of every company's financial state can be presented.
For most companies, the annual accounts will include...
-a balance sheet signed by a director
-a directors report signed by a director or the company secretary
The entire set of required documents is sometimes grouped together and called the annual report and financial statements.
The directors report is required by the companies act to include a business review, unless the company is subject to the small companies regime. This review should be a fair review of...
The company's business and a description of the principal risks and uncertainties facing the company.
The directors report review is required to be a balanced and comprehensive analysis of the performance of the company, using key financial reporting indicators,moon sirens with the size and...
Complexity of the company
The the case of a quoted company, a review by the director under the directors report must include:
-main trends and factors likely to affect the future development, performance and position of the company's businesses.
. Environmental matters
. Social and community issues, including information about any policies of the company in relation to those matters and the effectiveness of those policies
. Information about persons with whom the company has contractual or other arrangements which are essential to the business of the company
The directors of a quoted company must prepare a ????? ?????? Which must be approved by the board of directors and signed by a director or the secretary of the company.
Directors remuneration report
A statement of the company's policy on directors remuneration should be provided and this must include a detailed summary of any....
Performance conditions for share options and long term incentive schemes and why such performance conditions were chosen.
In regards to directors remuneration report, details must be given of...
Directors service contracts, salaries, fees, bonuses, share options, long term incentive scheme, pensions, retirement benefits, compensation for past directors and sums paid to third parties for directors services.
The directors remuneration report will be approved at...
Annual general meeting
Which body has been influencing directors remuneration since the 1970s and published the first guidelines on the subject?
Association of British insurers
In regards to directors remuneration reports, the ABI guidelines were published in response to the issue of the ...
Large and medium sized companies and groups (accounts and reports) (amendment) regulations 2013.
In regards to the large and medium sized companies and grounds (accounts and reports) (amendment) regulations 2013 - the significant changes in the regulations relate to the requirement for....
Directors to have a significant shareholding in the company. Remuneration should be adjusted to reflect performance and allow for the claw back of monies paid and that
Reform and should include non financial issues such as environmental social and governance objectives.
Corporate governance is commonly referred to as?
A system by which organisations are directed and controlled.
A chairmans statement is sometimes included in?
The annual report
What does the chairmans statement show?
Usually a statement about the company's activities attributed to the company's chairman
The chairmans statement is not required by...
The company's act
External auditors are not required to judge whether the content of either the directors or chairmans statements provide a true and fair fair, however they would have to report to shareholders if...
Any inconsistency was found between the two statements and the rest of the report
All companies have to keep accounting records and all limited companies must send their accounts to...
How long do both private companies and public companies each have to file their accounts with companies house?
Private companies have within nine months of the year end and public companies must file within six months.
Late delivery of accounts to companies house is likely to result in...
Failure to deliver accounts on time to companies house is a ?????? And as a result the ????? And ??????? May be ????????
Criminal offence, which means company directors and the company secretary may be prosecuted
The companies act 2006 requires all public companies have...
A company secretary
A private company does not need to have a company...
What does the companies act 2006 say about the requirements for a company secretary?
Must take all reasonable steps to secure that the secretary... Of the company is a person who appears to them to have the requisite knowledge and experience to discharge the functions of the secretary of the company.
The companies act 2006 sets out a list of acceptable qualifications for the post of company secretary, including a chartered secretary and a number of accountancy professional and legal qualifications. However these qualifications are not exclusive and the sectarian may be a person who...
By virtue of his holding or having held any other position or his being a member of any other body, appears to the directors to be capable of discharging the functions of secretary of the company.
The company secretary should maintain the statutory registers, these are...
-register of members (the shareholders)
-register of directors and secretaries
-register of director interests
-register of charges
-register of interests in shares (for public companies)
The company secretary should give notice of the annual general meeting. This includes providing company members and the company's auditors with ?? Days of written notice of an annual general meeting and ?? Days if notice of a meeting other than an annual general meeting or of a meeting to pass a special resolution.
21 days for annual general meeting and 14 days for meeting other than annual general meeting
A private company no longer needs to have a annual general meeting unless...
The shareholders require one to be held
In regards to special and extraordinary resolutions, the company secretary must...
Ensure that companies house is sent copies of every extraordinary or special resolution or agreement of the company's directors
Companies house requires changes in company information to be notified to it, using its own special forms and within a specified period. These changes in information include the particulars (names and addresses) of...
Directors and company secretaries
The company secretary should supply every member of the company with a copy of the annual accounts ?? Days before a meeting at which the accounts are to be laid
The company secretary should keep minutes of ?????? Meetings and ???????? Meetings.
Directors meetings and general meetings
The company secretary should supply copies of the company accounts and other documents to the appropriate people and ensure that members of the company and members of the public can inspect the company's records. For example, where a poll is taken at a general meeting of a quoted company, the company must ensure that the results of the poll are...
Made available on the website.
Good corporate governance and and effective risk management is not an activity that is assigned to a particular team, such as the risk management team , but is something that should be adopted ...
By all operational managers and staff within the organisation.
The first line of defence is?
Once a risk strategy is set, with an associated control environment, it is primarily the responsibility of front line managers to ensure that risks are identified and controlled in keeping with the strategy and control environment.
To support the work of operational management, firms will have a team of risk management specialists who coordinate the risk activities and act as advisors and monitors to the senior management and board. This team may be made up of .... And forms the .....
Risk analysts, health and safety specialists, regulatory and compliance advisors. They form the second line of defence.
Who will be the risk owner for risks associated with fraudulent claims?
The head of Claims
Who will be the risk owner for service interruptions
The head of IT
Who will be the risk owner and have ultimate responsibility for ensuring the accuracy of account records?
Although the risk management department will be actively involved in discussing the most appropriate and effective controls to be put in place, accountability for the deliver of risk control remains with...
The risk management department forms the what line of defence?
Second line of defence
The internal audit team has the responsibility of reviewing from time to time the overall risk ?????? ??????? Ensuring that the ??????? ?????? Strategy agreed by the senior management or board is being actively completed with.
Risk management operation and risk management
Auditing of both the front line operational management of risks and the effectiveness of the risk management department will give assurance to senior managers or board members that the strategy for risk management is being...
When external parties such as regulatory bodies review the actives of regulated firms, the feedback to senior managers provides a useful assessment of the effectiveness of risk management practices and the design of the risk strategy. This is known as...
The third line of defence
Summarise the people involved in each line of defence:
1. First line of defence includes - risk and control owners and business managers
2. Second line of defence includes - risk oversight, risk management, compliance, health and safety and security
3. Third line of defence includes - risk assurance, internal and external audit regulators
In a claims department of an insurance company, supervisors and managers are responsible for ensuring that fraudulent of invalid claims are not paid, this is achieved by using peer review control
Processes. This is the what line of defence?
First line of defence
Periodically, the effectiveness of review control processes will be discussed with the risk management team and any agreed improvements to the process are then implemented. This review by the risk management is the what line of defence?
The ???? Line of defence is enacted when the internal audit team carries out checks to see that the agreed processes are being operated in practice.
Third line of defence
To ensure the effective management of risks, controls and monitors are established with specific reference to the function of the ??????? In question
Most risks are managed through the use of more than one...
In regards to risk mangement controls, give some examples of controls for the underwriting department:
-limits of authority to individual underwriters
-second review of quotations by senior underwriters
-regular review of pricing schedules
-monitoring of aggregation (or risk accumulation) practices
In regards to risk management controls, give some examples for the claims department:
-all claim payments reviewed by second member of staff
-claim validity checking
-reinsurance coverage reviewed by senior management
In regards to risk management controls, give some examples for the finance department:
-daily reconciliation between ledgers and bank accounts
-limited authorities for authorising accounts payable
-anti money laundering measures
In regards to risk management controls, give some examples for human resources:
-reference checks for new employees
-a scheme of regular training and development for all staff
-audit of expenses claimed
In regards to risk management controls give examples for IT:
-back up records on a daily basis
-relocation contingency plans
-anti virus and intrusion software
-data security and quality management
What are some is the risk management controls specific to insurance brokers?
-thorough collection of clients risk information
-double checking of presentations to underwriters to ensure all disclosures are made
-second person review when quoting price and cover terms to client
For insurance companies the scope of risk is generally focused into three or four risk categories. These are often defined as...
Stategic, insurance and reserving, investment/market and credit.
What other two types of often less material risk groups are there also?
Operational and group risks.
Which risks in insurance companies is often seen as the dominant risk?
Why is reputation risk important?
Without a good reputation, customers will not purchase your products and existing customers will be attracted to your competitors.
Reputation is not usually regarded as a risk category in its own right because damage to reputation often comes from risk events under..
How does the following show a reputation risk: poor staff training causes service standards to fail, the FCA investigate into the fair treatment of customers.
Public criticism of the firm would lead to a further loss of reputation.
What falls under the risk category, strategic risks?
Senior management consider matters such as takeover bids, new lines of business, opening branches in new locations including overseas and the distribution policy.
A balanced view of the risks when going into new ventures will ensure that the descion is well informed and potential negative outcomes are anticipated and managed.
What falls under the risk category, insurance and reserving?
Potential for the loss ratio to be higher that which was assumed, adequacy of pricing I.e premiums. Also think of claims, having enough adequate reserves and all the risks associated with for example like liability claims and the other issues around accurately reserving, as this can threaten the solvency of the business.
What falls under the risk category, investment/market?
Includes losses due to the reduction in value of investments or returns that are below the planned level. Causes of these losses may be specific to the insurers investment portfolio or a more general market wide downturn.
What falls under the risk category, credit?
Risks relating to premium payments by clients and also for reinsurance recoveries. Losses due to non payment are likely to be minimal because in most personal lines insurances payment is required before cover commences, and for commercial policies insurers are able to give notice of cancellation of premiums that are not paid.
Insurers have the risk though that as brokers hold their premiums, should the broker go bankrupt the insurer will lose money.
There is also the risk that as an insurance company pays direct first their claims and then seeks recover from reinsurers, the reinsurer could get into financial problems before reinsurance claim is paid, so the insurer might not be able to recover money from the reinsurer.
What falls under the risk category, operational?
Scope of operational risks is very wide and in effect sweeps up all the risks that are not included in other categories. The risks include property damage to the insurers offices and equipment, fraud by employees, beach or regulatory rules, injury or illness to staff or visitors, IT interruptions or security failures.
What falls under the risk category, group?
Risks within this ceremony emerge when a firm is part of a wider group. For example, a company could rely on its parent company for solvency capital, technical support and centralised services such as actuarial. If the strategy at the centre should change (such as the redistribution of capital) then the company may not be able to fulfil its business aims. (Sort of think of maybe like AXA not helping fund bluefin, in a sort of way)
Firms will use the control model of key risk indicators in regards to risk management. At for example monthly board meetings, managers and senior directors review any changes to the status of risks and controls, these could cover for example...
-it downtime (graded accordingly to materiality, for example less than 30 mins, greater than 30 mins, greater than two hours)
-examples of fraud (internal employees and external third parties and
Policyholders making fraudulent claims)
-complaints by number, department and type
-property loss or damage, by location, type of loss and value
-Employee injury or illness by location, type of injury and estimated cost.
When key risk indicators show an example of a prejudicial trend or a major risk event occurs then the management can investigate the circumstances and review the effectiveness and adequacy of the controls. If appropriate, further controls can be put in place to reduce risk. Typical a ????/??????? Excersise would be carried out to assist in the descion making
An important part of strategy and business planning is for the senior management to decide on the risks it wishes to seek. This is called...
Senior management will decide on the risks they wish to avoid by setting...
The level of risk undertaken is an important measure of exposure with regard to the calculation of the firms...
Solvency capital requirements.
A typical risk appetite statement for an insurance company may be...
We have an appetite to take on insurance risk and investment risk in pursuit of our business objectives, subject to the limitations stated in the business plan.
The approach to risk tolerance is to take risk categories and derailed risks and select a level of loss that the firm would tolerate if...
The risk occurred.
It is important to remember that risk reduction or control measures rarely eliminate all levels of risk - there is often a ?????? Risk that the company must bear.
Note that in some cases, it is valid to state that the firm has zero tolerances for losses, knowing...
That there is a chance that some might occur.
If a company says, we have no tolerance for claims that exceed 70% of premium, what risk type is this?
Insurance and reserving
If a company says, we have no tolerance for claims reserves to fall short of payments by more than 5%, this is an example of which type of risk?
Insurance and reserving
If a company says, we have a tolerance for credit losses up to 1% of premium income and up to 3% of reinsurance recoverable, this is what type of risk?
If a company says the following, what types of risk are these?
- we have zero tolerance for injuries to staff
- we have no tolerance for IT interruptions exceeding 30 minutes
- we have zero tolerance for theft by employees
- we have no tolerance for property damage exceeding £5,000 in costs
In order to guide them with respect of risk management, insurance companies use ...
An established framework or standard
Standards for risk management have been published by various organisations over the past 20 years but one that is widely adopted is the...
UK risk management standard.
The UK risk management standard was compiled and published as a joint venture between the institute of risk management, association of insurance and risk managers and the...
ALARM (The Public risk management association)
At the heart of any risk management standard is a flow process for the risk management activities, each step follows on from previous work, for example, risk identification must be undertaken before...
Risk estimation can take place.
The risk management process looks at:
- organisations strategic objectives
- risk assessment, including risk analysis, identification, description, estimation and evaluation
- risk reporting, threats and opportunities
- risk treatment
- residual risk reporting
And included a formal ...
Other risk management standards include the ISO 31000 (and the associated ISO 31010 - risk identification techniques). This is an international standard that provides a framework, principles and a process for managing risk in organisations of ...
Good corporate governance requires that an organisation has an audit committee made of up NEDs, these are...
Non executive directors
The UK corporate govnerance code in regards to audit committees States, the board should establish an audit committee of at least three, or in the case of smaller companies two independent non executive directors. In smaller companies, the company chairman may be a member but not a ????
In regards to audit committees, the board should satisfy itself that at least one member of the audit committee has...
Recent and relevant financial experience
The chair of the audit committee should make him or herself available at the...
AGM to take any questions the shareholders may have regarding audits
Under the companies act 2006 and subsequent regulations, companies are required to have an external audit undertaken by an approved entity and for a report to shareholders to be published in the UK. Only companies with the following are required to have a full statutory audit by a registered auditor:
- a turnover exceeding £6.5m
- net assets exceeding £3.26m or
- more than 50 employees
The statutory external audit report must state clearly whether in the auditors opinion the annual accounts...
- give a true and fair view, for a balance sheet at the end of the year, for the profit and loss account for the financial year, and in the case of group accounts of the state of affairs as the end of the financial year etc
- have been properly prepared in accordance with the relevant financial reporting framework and
- have been prepared in accordance with the requirements of this act ( and where applicable, article 4 of the IAS regulation )
The annual report of companies contains a report from the auditors confirming that...
No defects in the accounts have been discovered
The chief internal auditor will propose a plan of ????? To be reviewed each year for consideration by the company's audit committee
The chief internal auditor usually has direct reporting line to...
The audit committee
The turnbull report emphasised the Importance of internal audit, stating that its main role is to ...
Evaluate risk and monitor the effectiveness of the systems of financial control
What has brought about the need for internal audit activities?
Increasing demands placed on management for monitoring and controlling its activities for regulatory purposes.
Internal audits can contribute to good corporate governance by advising management on how an effective and efficient system of internal control can be...
Internal audits can assist the directors with the implementation of good corporate govnerance by for example:
-maintaining a sound system of internal control by reviewing how a company identities and manages risk
-reviewing board reports to ensure that they present a balanced and understandable view point
-ensuring the directors are up to date with new accounting and auditing issues, e.g intensifying accounting standards
-communicating with the external auditors and ensuring a unified approach to work
-ensuring that the board received the correct communications and information required from the external auditors
The compliance function in a regulated entity has very similar aims to the risk management and internal audit areas and their respective roles often...
The focus of compliance work is to ensure that processes and activities carried out in the firm are...
In compliance with the established operational procedures and meet the requirements of the regulator
Compliance plays a key role in corporate...
Governance structure of a firm
A compliance report is provided to monthly underwriting meetings and also to a risk and compliance committee. A summarised statement of compliance issues and management will...
Also be included as a standing item at each board meeting.
Insurance companies base their business planning assumptions on...
Statistics on the risks they are insuring and it is therefore critical that the data can be relied upon.
Insurance company's keep data for property such as construction, premises etc. life insurers maintain record of life expectancy and keep details of the ...
Occupation of policyholders and whether or not they are smokers.
Data in an insurance company must be maintained in a format that can be ...
Pricing actuaries and underwriting staff will use data as input to their...
Risk prediction software
Being being able to affirm the accuracy of data is important when providing reports and analysis to senior management when considering whether...
To enter or continue a class of business
Accurate record keeping is a requirement of the...
Data protection act 1998
Data ????? Is the term given to the challenge of ensuring that the data is reliable and complete.
Why is it important that say for example details of flood losses in the UK have correct post code assigned to the losses?
Because premium is set according to post codes
Sometimes data is collected on an inconsistent basis and a ???? ??????? Is undertaken to bring....
Data cleansing is taken to bring each line of data into a standard format.
Data cleansing is labour intensive but necessary if the data is to be used for matter such as...
Pricing and solvency capital calculations
Why would a data cleansing sometimes happen when two company's merge?
One company may gather information in a slightly different way to another and at the time of merging there is the likelihood that the data fields will not match.
Following the announcement by the information commissioners office (ICO) of its fines for breaches of the data protection act, KPMGs 2012 data loss barometer (DLB) considers lost and stolen information worldwide. The headline data for 2012 is as follows:
- data loss incidents have increased by 40% since 2011
- hacking is the number one cause of data loss
- internal threats have reduced significantly, while external threats have doubled
- total incident number show that technology, financial services, retail and media are the worst performing sectors over the last 5 years.
In April and May 2011, Sony announced that personal information for more than ????? Had been stolen. This included almost ??????? Numbers and nearly ??????? Direct debit records
100 million customers, 13,000 credit or debit card numbers as well as 11,000 direct debit records.
Data loss can be highly damaging for a company, giving rise to loss of customers and significant claims for injured parties as company has a duty to....
Not divulge confidential information unless it has permission to do so.
A company will have the need to protect sensitive Data that it owns, such as information that the company relies on to give it a...
Competitive edge. Such confidential information can be the most valuable asset of a business.
People will what peoples information for often fraudulent purposes and assessing their bank accounts, for this reasons organisations need to ...
Safeguard confidential and personal information
Safeguarding information is a cause for concern. Which example shows this?
Survey of dry cleaners revealed that 17,000 USB sticks had been left at their premises during 2010
Confidential information which is in paper form such as insurance policy records including claims information should be marked... And stored in.....
Private and confidential. Stored in a secure,preferably lockable cabinet or desk. Access should only be given to trusted individuals.
Due to the growing cases of identity fraud, it is now essential that all office waste that contains any customer information is treated in a similar manner to confidential records that are no longer required. This means that information must be disposed of carefully, either by putting them through a...
Shredding machine or having them collected by a specialist confidential waste contractor. Customer information must not be left in office waste bins and just be put out for general waste collection.
The former regulator the FSA previously fined a major bank £3m for failing to properly...
Look after its customers information and private data. The bank in question had found unencrypted customer details on open shelves and unlocked cabinets. Customer details were also sent via the post or couriers to third parties. Staff were not trained in dealing with risks associated with identity theft.
Lots of data is on computers, the same rules to keeping confidential information secure and with trusted people applies here also. Limiting access to computer files can be achieved through...
Password systems and the encryption of information.
When is encryption used and how does this work?
Usually when information is transmitted through the Internet. Information is encoded during transmission and decoded when it arrives at its intended destination. This protects the information from being understood by any unauthorised person who intercepts it.
Regular reminders within an organisation about the need for confidentiality within the organisation will help to stimulate...
As an additional measure for encouraging personal information about people to be kept confidential. The DPA 1998 prohibits the unauthorised disclosure of records stored in anyway (including on a computer database) to ...
With regards to computer records, companies must guard against hacking into their database so....
Anti hacking devices, anti virus and fire wall protection is essential
It is common for businesses to sign confidentially agreements, or to require others sign such agreements when one or both parties want to discuss confidential information associated with...
Transactions such as purchases or sales of businesses or portfolios, joint venture agreements and outsourcing arrangements.
It is important to ensure that those people dealing with confidential information subject to a confidentially agreement are aware....
Of the importance of keeping the information confidential
As with confidential papers and computer records, confidential conversations, whether face to face or on the telephone, should be conducted in a secure environment where they cannot be overheard by...
Unauthorised parties. Any notes of such conversations must be treated as if they were confidential documents.
The misuse of confidential information by making investment decisions using information that should be confidential is called...
Insider dealing or insider trading
Insider dealing is a ???? ?????As defined in section 118'of the financial services and markets act 2000
Under the financial services and markets act 2000, what is insider dealing classed as, and what is improper disclosure classed as?
Insider dealing - when an insider deals, or try's to deal, on the basis of inside information
Improper disclosure - when an insider improperly discloses inside information to another person
When a company is considering a transaction such as the purchase or sale of a business, an insider list should be maintained which records...
The names of all those allowed to know about the transaction under consideration
What are 4 recommended guidelines to combatting insider dealing?
-limit the number of people who need to know about a deal to the minimum requirement and a requirement to justify adding people to the list of insiders/seniors level sign off.
-not passing information to individuals unless they are first clearly made aware of their responsibilities for handling sensitive information
-if members of staff are identified as needing to know some but not all of the deal information, then as far practical, limit their knowledge to only those parts that are necessary, rather than allowing them to access all information that is available.
-where appropriate, communicate to all other insiders when someone is removed from an insiders list.
Between 2004 and 2013 the regulator has secured ?? Convictions related to insider dealing
Changes in 2010 allow the FCA to generate much bigger fines, with a minimum starting point of £100,000 for individuals in serious market ...
There have been 62 market abuse fines and the total amount of market abuse fines issued between 2004 - 2013 is in excess of...
In April 2012 the previous regulator the FSA imposed a £450,000 fine on the former chairman of capital markets at JP Morgan Cazenove. They where found to have disclosed information concerning Heritage oil in two emails to a prospective client, in which they detailed a new oil find and a potential....
Offer for the company.
What two reasons have seen decline in the evidence of insider dealing in recent years?
Fewer takeovers and tightening of the analysis of the market and sanctions used.
What is a risk with homeworkers?
Greater risk of unauthorised disclosure of loss because not in the controlled safe work environment.
To combat the risks of data loss etc for homeworkers, the company will implement...
Controls and policies and procedures for homeworkers.
The data protection act 1998 defines UK law on the processing of data on ....
Identifiable living people
The data protection act 1998 brought the UK in line with the EU Data....
Protection directive 1995
The purpose of the data protection act is to protect...
An individual's right to privacy with respect to the processing of personal data and includes the legal right for individuals to control information about themselves.
The DPA applies to firms holding information about individuals on paper and...
In electronic format
Compliance with the DPA is overseen by an independent government authority, the ...
Information commissioners office
The information commissioners office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Unless they are exempt, anyone holding personal data for other than domestic use is...
Legally obliged to notify the information commissioners office.
Failure to notify the information commissioners office is a ?????? ?????? And they can issue fines up to ??????? For serious breaches of the DPA.
Criminal offence and fines up to £500,000
The DPA is a large act and has a reputation for...
What is an issue with regards to the fact that interpreting the DPA is not always simple?
Some companies through misunderstanding or fear of non compliance hide behind the act and refuse to provide even very basic, publically available materiel quoting the act as a restriction.
In regards to the DPA, directors, managers and similar officers can be ...
Held liable for offences committed under their institutions.
If an individual believes their rights under the DPA have been breached, they can...
Go directly to court.
Personal data may only be transferred to non-EU/EEA nations if ...
Certain conditions are met.
Subject access requests made on behalf of third parties to determine criminal or medical histories are...
The DPA is an important act for ??????? Because it is concerned with the holding and processing of personal data, I.e the information in machine readable form and manual filing systems which relate to a living person (the data subject) who can be identified either from the information alone or when it is taken together with other information (not necessarily in machine readable form) in the possession of the data user.
What are the 8 data protection act principles?
1. Fairly and lawfully processed
2. Processed for specific purposes
3. Adequate, relevant and not excessive
4. Accurate and where necessary, kept up to date.
5. Kept no longer than is necessary
6. Processed in line with the rights of the individual
7. Kept secure
8. Transferred to countries outside the EEA only when the information is adequately protected.
The first seven principles of the data protection act apply to personal data held by data users. The eighth principle with regards to transferring to countries outside the EEA only when the information is adequately protected applies both to data users and to persons providing a....
Computer bureau service. (an organisation that offers data processing and online services to its customers for a fee.)
All use of personal data must be covered by an entry in the data...
Since data registration can only be made by an appropriate legal entity known as the data user, companies that use personal data as described by the act must set up appropriate procedures to ensure that all such use of data is correctly registered. One possibility is that each operating unit or subsidiary appoints a ???? ?????? ??????? To take responsibility for data in that unit.
Data protection officer
The DPO in each unit should be asked from time to time to verify that existing regulations still meet its needs. It Is important that all data users ensure that their personal data holdings are included in the parent return since any case of unregistered data anywhere in the business could be sufficient cause for the registrar to ...
Suspend all processing under the appropriate registration throughout the business.
The data protection acts anyone who...
Holds or processes personal data as defined.
The data protection act even applies in cases where the machine-readable data does not identify individuals, providing the data user has the relevant...
Information elsewhere in their possession.
The data protection act does not distinguish between confidential and publicly available personal data except in the case of... It therefore applies to things like bibliographies and files of electronic mail messages containing the user of identities of the sender and recipient, as well as more obvious personal data.
Information such as the register of electors. Which has to be made public by law.
Data means information:
-stored in a form capable of being processed by a computer or other automatic equipment
-recorded in any form for later processing by computer or other automatic equipment (such as information collected from registration forms; CCTV pictures)
-stored as part of a relevant filing system or intended to be included in one in the future (including card files or filing cabinets structured by name , address or other identifier; Rolodex non automated microfiche)
- not covered by the above but part of an accessible record under section 68 of DPA 1998 such as doctors notes relating to a named patient or certain non higher education educational records
Personal data is data which...
Relates to a living individual who can be identified from that information, or fro, that data and other information in the possession of the data controller which is likely to come into their possession. These include any expression of opinion about the individual and by the intentions of the data controller in respect of that individual.
Ordinary personal data includes...
Name, address and telephone number
Sensitive personal data includes information relating to...
Racial ethnic origin, political opinions, religious beliefs, trade union membership, health, sexual orientation and criminal convictions. Under the act the processing of such data is subject to much stricter conditions.
Data subject is...
Any living individual who is the subject of personal data
Data subject access is...
Is the right of an individual to access personal data relating to them which is held by a data controller.
Data controller is any person who makes descions with regard to particular personal data, including descions about the purposes for which the personal data is processed and the way in which the personal data are...
Data processor is a person who processes the data on behalf of the data controller, but who is not an employee of...
The data controller.
Processing is not confined to technical processing operations on data, such as organisation, retrieval, disclosure and detention. It also includes:
-obtaining and recording data
-the retrieval, consultation or use of data
-the disclosure of otherwise making available of data
Data subjects are entitled to apply for a copy of the information held about them under any particular registration. On receipt of a data access request a reply usually has to be made within ...
In 2009 the EU recognised the need to revise the EU data protection directive 1995 to account for ...
-more frequent publication and transfer of personal data
-consistent/portable access by individuals to their data
In March 2014, the European Parliament confirmed support for reforms to the current EU data protection legislation and these expected to be ratified by....
The European council.
An insurers articles of association will include the regulation for the the running of the insurers...