Unit 6 Flashcards
(24 cards)
The main features of the UK Corporate Governance Code
Leadership – Every company should be headed by an effective board which is collectively responsible for the long-term success of the company.
2. Division of Responsibilities – There should be a clear division of responsibilities between the leadership of the board and the executive leadership of the company’s business.
3. Composition, Succession and Evaluation – The board and its committees should have a combination of skills, experience,
and knowledge. Annual evaluation of the board should consider its composition, diversity and how effectively members work together to achieve objectives.
4.Audit, Risk, and Internal Control – The board should establish procedures to manage risk, oversee the internal control framework, and determine the nature and extent of the principal risks the company is willing to take to achieve its long-term strategic objectives.
5. Remuneration – Remuneration policies and practices should be designed to support strategy and promote long-term sustainable success. Executive remuneration should be aligned to company purpose and values and be clearly linked to the successful delivery of the company’s long-term strategy.
Role of the Board according to the UK Code
The board should establish procedures to manage risk, oversee the internal control framework, and determine the nature and extent of the principal risks the company is willing to take in order to achieve its long-term objectives
What the Code includes
The Code defines principal risks noting that they ‘should include, but are not necessarily limited to, those that could result in events or circumstances that might threaten the company’s business model, future performance, solvency or liquidity and reputation
This definition is typically interpreted to be related to threats only, and the board should also consider those principal risks that offer a significant improvement to the business model, future performance, solvency or liquidity and reputation.
In addition, the Code refers to material controls and material uncertainties.
Principles based corporate governance
Corporate governance requirements that are ‘wanted’ are usually referred as principles based.
In this case, organisations are expected to comply with the principles set out, but it is not mandatory to do so
However, they do not comply with any of the principles, they
must explain why
Principles based corporate governance is also referred to as ‘comply or explain
In other words, compliance with the code is not a legal requirement but listed companies arerequired to publish in their annual report and accounts where they might not be complying with the code, together with reasons why they arenot complying
This is so their shareholders and other interested parties can judge the materiality (or importance) of the non-compliance
Prescriptive based corporate governance
Corporate governance requirements that are ‘compulsory’ are usually referred to as prescriptive based
In this case, organisation must comply with the principles set out, and there are penalties for non-compliance. Prescriptive based corporate governance is also referred to as ‘comply and sign. The prescriptive based approach is not just a regulatory requirement but is instilled into law with appropriate penalties in instances of non-compliance for directors of publicly listed organisations, usually in the form of a fine, imprisonment or both.
What corporate governance is used in UK and US
The approach to corporate governance is typically set at a national level
For example, in the UK a principles-based approach to corporate governance is used and is supported by the relevant rules and
regulations, whereas in the US (United States) a prescriptive based approach is used
Board Composition
This is a group of elected individuals who represent the shareholders or members of the organisation. The board is the highest governing authority within the management structure of an organisation and is responsible for organisation’s governance. Boards may comprise of executive directors or non-executive directors, or both
Executive Directors
Executive directors are full-time employees of the organisation. Examples of an executive director include the Chief Executive Officer and Chief Finance Officer. Depending on the nature of the organisation, other senior leaders may be considered to be executive directors. They may include those who work in a senior capacity regarding strategy, technical, sustainability, communications etc.
Non Executive Directors
Non-executive directors are not employees of the organisation and not involved in its day-to-day running. The Institute of Directors (2022)state that non-executive directors ‘provide a creative contribution to the board by providing independent oversight and constructive challenge to the executive directors’. NEDs should be independent of the organisation and its activities, and of businesses connected to it. It is also recognised as good practice that there should be more NEDs on the board than executive directors.
Unitary boards - definition, advantages, disadvantages
Unitary boards are those where executive and non-executive directors serve together on one board. This has been the model adopted by most organisations in the UK, US, Australia and South Africa
The advantages of a unitary board are that the board receives more detailed information, has greater involvement in the organisation and is closer to the organisational strategy. The disadvantages are that, from an external perspective there is little distinction between management and supervision, and conflicts of interest and loss of independence may develop.
Two-tier boards - definition, advantages, disadvantages
Two-tier boards are those where the responsibility for supervision (the non-executives) is separated from the responsibility for day-to-day operations (the executives). The operational board oversees the routine managerial tasks and transactions, whereas the supervisory board generally manages the long-term strategic planning and decision making and oversees the operating board. This two-tier board structure is the one adopted by many countries in continental Europe.
The advantages of the two-tiered board are that although executives have more control over the appointment of NEDs
members are appointed on their expertise, the CEO is prevented from serving as the chair of the supervisory board and there is a reduction in bias in the decision making process.
The main disadvantage is that two-tiered boards tend to be larger than unitary boards
Which are the three common committees
Nomination: responsible for the appointment of new directors and ensuring succession plans are in place for the board and the executive level immediately below it
Remuneration – responsible for setting executive pay , which is a contentious issue in ensuring an organisation can attract and retain executive directors, at the same time avoid paying them too much
Audit – responsible for an organisation’s financial reporting and reviewing the effectiveness of internal controls and risk management. Also, the conduit for whistle-blowing and following up on any issues of bad conduct within an organisation
Financial Reporting Council
The FRC now regulates auditors, accountants and actuaries (αυτοι που υπλογιζουν τον κινδυνο για ασφαλιστρα), setting the corporate governance, reporting and auditing standards and holding those responsible for delivering them to account. As such they monitor and take enforcement actions when things go wrong and as an independent, transparent organisation they also consult with and report to the UK government. the FRC are responsible for the UK Corporate Governance Code, the related Guidance on Board Effectiveness and the Wates Corporate Governance Principles for large private companies.
Sarbanes Oxley (SOX)
The Sarbanes-Oxley Act requires companies listed on the US stock exchange to disclose accurate financial information. This is an example of the ‘comply and sign’ approach.
the key sections of SOX relating to risk management are:
Section 302 – states that the Chief Executive Officer and Chief Financial Office are directly responsible for the accuracy, documentation and submission of all financial reports and the internal control structure.
Section 404 – states that all annual financial reports must report that management are responsible for an ‘adequate’ internal control structure, and an assessment by management of the effectiveness of that structure, with any weaknesses being reported. In addition, registered external auditors must attest to the accuracy of management’s declaration that the internal accounting controls are in place, operational and effective.
SOX also requires a recognised risk management framework to be implemented, with the recommendation that the COSO ERM framework is used. As such, SOX has an influence on both risk management and corporate governance, particularly in relation to companies listed on a US stock exchange.
OECD
The Organisation for Economic Co-operation and Development (OECD) is an international, not-for-profit organisation that establishes international standards and policies, collaborating with representatives from governments, parliaments, international organisations, businesses, and society in general.
The OECD’s overall approach is three-fold:
To provide knowledge and advice to inform policies and help steer decision making
To engage and influence policy makers to enable ideas and experiences to be shared
To encourage countries and other partners to develop international standards to enable a consistent approach to be taken in key areas and to provide a forum for co-operation
to reach shared objectives.
Although the UK and US are members of the OECD, they are not required to implement the corporate governance requirements, however, they have, by nature of their membership, influenced and been influenced by the OECD guidance.
Risk assurance
Risk assurance is the phrase that is intended to indicate the information and analysis that is provided to managers and directors with regard to the status of the risk and control environment in an organisation – it is the internal process we use to create checks and balances within our governance and risk frameworks. As we have discussed in connection with corporate governance, the board is responsible for risk management, and they therefore need and seek assurance that the risk strategy is working.
5 sources of risk assurance
Culture measurement
Audit reports
Unit reports
Performance of the unit
Unit documentation
The four components of CoCo (criteria of control framework evaluation)
Purpose – understanding the purpose of a task (what are we here for?
Commitment to perform a task well (do we want to do a good job?)
Capability – support in the
implementation of the task (what actions do we need to take?)
Monitoring and learning - monitoring of the task to learn lessons and improve (what progress, what next?)
the CoCo framework is used by many organisations to benchmark their risk management approach against, to provide assurance on the quality of the control environment, and as a means of evaluating the risk culture of an organisation.
Chief Risk Officer four key headings
- Insight and context
- strategy and performance
- risk management process
- organisational capability
What are the three major objectives of controls according to COSO?
- effectiveness and efficiency of operations
- reliability of internal and external reporting
- compliance with applicable laws and regulations and internal policies
What are the similarities and differences of COSO and CoCo?
Coco: has a broader approach than COSO to the control environment (controls are required in the setting of objectives, strategic planning, corrective actions and decision making). CoCo is more explicit about the following issues:
- identification of a need to exploit opportunities
-mitigation of weakness in business resilience
-the importance of individual trust to the quality of the control environment
the need to periodically challenge assumptions
COSO features:
- the organization is committed to integrity and ethical values;
● the board has oversight of development and performance of internal control;
●the management sets structures, reporting lines, authorities and responsibilities;
●the organization seeks to attract, develop, and retain competent individuals; and
●the organization holds individuals accountable for internal control responsibilities.
All the elements of an organisation that, taken together, support people in the achievement of the organisation’s objectives. Is this the definition for Internal Control Framework of COSO, CoCo or IIA (Institute of Internal Auditors)?
CoCo
Internal control is a set of processes, functions, activities, sub-systems, and people who are grouped together or consciously segregated to ensure the effective achievement of objectives and goals. Is this the definition for Internal Control Framework of COSO, CoCo or IIA (Institute of Internal Auditors)?
IIA (Institute of Internal Auditors)
Internal Control is a process effected by an entity’s Board of Directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
● effectiveness and efficiency of operations
● reliability of financial reporting
● compliance with applicable laws and regulations
Is this the definition for Internal Control Framework of COSO, CoCo or IIA (Institute of Internal Auditors)?
COSO
