You are on page 1of 532

December 2014June 2015 Edition

STUDY SYSTEM

ACCA
Paper P1 | GOVERNANCE, RISK AND ETHICS

ATC International became a part of Becker


Professional Education in 2011. ATC International
has 20 years of experience providing lectures
and learning tools for ACCA Professional
Qualications. Together, Becker Professional
Education and ATC International offer ACCA
candidates high quality study materials to maximize
their chances of success.

In 2011 Becker Professional Education, a global leader in professional education, acquired ATC International.
ATC International has been developing study materials for ACCA for 20 years, and thousands of candidates
studying for the ACCA Qualification have succeeded in their professional examinations through its Platinum and
Gold ALP training centers in Central and Eastern Europe and Central Asia.*
Becker Professional Education has also been awarded ACCA Approved Content Provider Status for materials
for the Diploma in International Financial Reporting (DipIFR).
Nearly half a million professionals have advanced their careers through Becker Professional Education's
courses. Throughout its more than 50-year history, Becker has earned a strong track record of student success
through world-class teaching, curriculum and learning tools.
Together with ATC International, we provide a single destination for individuals and companies in need of global
accounting certifications and continuing professional education.
*Platinum Moscow, Russia and Kiev, Ukraine. Gold Almaty, Kazakhstan

Becker Professional Education's ACCA Study Materials


All of Beckers materials are authored by experienced ACCA lecturers and are used in the delivery of classroom
courses.
Study System: Gives complete coverage of the syllabus with a focus on learning outcomes. It is designed to
be used both as a reference text and as part of integrated study. It also includes the ACCA Syllabus and Study
Guide, exam advice and commentaries and a Study Question Bank containing practice questions relating to
each topic covered.
Revision Question Bank: Exam style and standard questions together with comprehensive answers to
support and prepare students for their exams. The Revision Question Bank also includes past examination
questions (updated where relevant), model answers and alternative solutions and tutorial notes.
Revision Essentials*: A condensed, easy-to-use aid to revision containing essential technical content and
exam guidance.
*Revision Essentials are substantially derived from content reviewed by ACCAs examining team.

ACCA
GOVERNANCE, RISK AND ETHICS P1
STUDY SYSTEM
December 2014June 2015 Edition

No responsibility for loss occasioned to any person acting or refraining from action as a result of any
material in this publication can be accepted by the author, editor or publisher.
This training material has been prepared and published by Becker Professional Development
International Limited:
16 Elmtree Road
Teddington
TW11 8ST
United Kingdom
Copyright 2014 DeVry/Becker Educational Development Corp. All rights reserved.
The trademarks used herein are owned by DeVry/Becker Educational Development Corp. or their
respective owners and may not be used without permission from the owner.
No part of this training material may be translated, reprinted or reproduced or utilised in any form
either in whole or in part or by any electronic, mechanical or other means, now known or hereafter
invented, including photocopying and recording, or in any information storage and retrieval system
without express written permission. Request for permission or further information should be
addressed to the Permissions Department, DeVry/Becker Educational Development Corp.

LICENSE AGREEMENT
DO NOT DOWNLOAD, ACCESS, AND/OR USE ANY OF THESE MATERIALS UNTIL YOU HAVE
READ THIS AGREEMENT CAREFULLY. IF YOU DOWNLOAD, ACCESS, AND/OR USE ANY OF
THESE MATERIALS, YOU ARE AGREEING AND CONSENTING TO BE BOUND BY AND ARE
BECOMING A PARTY TO THIS AGREEMENT.
The printed materials provided to you and/or the materials provided for download to
your computer and/or provided via a web application to which you are granted access
(collectively, "Materials") are NOT for sale and are not being sold to you. You may NOT
transfer these materials to any other person or permit any other person to use these
materials. You may only acquire a license to use these materials and only upon the terms
and conditions set forth in this license agreement. Read this agreement carefully before
downloading, and/or accessing, and/or using these materials. Do not download and/or
access, and/or use these materials unless you agree with all terms of this agreement.
NOTE: You may already be a party to this agreement if you registered for a Becker
Professional Education ACCA Program (the "Program") or placed an order for these
materials on-line or using a printed form that included this license agreement. Please
review the termination section regarding your rights to terminate this license agreement
and receive a refund of your payment.
Grant: Upon your acceptance of the terms of this agreement, in a manner set forth above, DeVry/
Becker Educational Development Corp. ("Becker") hereby grants to you a non-exclusive, revocable,
non-transferable, non-sublicensable, limited license to use (as defined below) the Materials by
downloading them onto a computer and/or by accessing them via a web application using a user ID
and password (as defined below), and any Materials to which you are granted access as a result of
your license to use these Materials and/or in connection with the Program on the following terms:
You may:
use the Materials for preparation for the ACCA examinations (the "Exams"), and/or for your
studies relating to the subject matter covered by the Materials and/or the Exams, including taking
electronic and/or handwritten notes during the Program; provided that all notes taken that relate
to the subject matter of the Materials are and shall remain Materials subject to the terms of this
agreement.
You may not:
use the Materials for any purpose other than as expressly permitted above, including, but not
limited to making copies of all or any part of the Materials;
make copies of the Materials;
rent, lease, license, lend, or otherwise transfer or provide (by gift, sale, or otherwise) all or any part
of the Materials to anyone;
permit the use of all or any part of the Materials by anyone other than you;
create derivate works of the Materials.
Materials: Materials means and includes any printed materials provided to you by Becker, and/or
to which you are granted access by Becker (directly or indirectly) in connection with your license of
the Materials and/or the Program, and shall include notes you take (by hand, electronically, digitally,
or otherwise) while using the Materials relating to the subject matter of the Materials; any and all
electronically-stored/accessed/delivered, and/or digitally-stored/accessed/delivered materials included
under this License via download to a computer or via access to a web application, and/or otherwise
provided to you and/or to which you are otherwise granted access by Becker (directly or indirectly),
including, but not limited to, applications downloadable from a third-party, for example Google or
Amazon, in connection with your license of the Materials.
Title: Becker is and will remain the owner of all title, ownership rights, intellectual property, and all
other rights and interests in and to the Materials that are subject to the terms of this agreement. The
Materials are protected by the copyright laws of the United States and international copyright laws and
treaties.

Termination: This license shall terminate the earlier of: (i) ten (10) business days after notice to
you of non-payment of or default on any payment due Becker which has not been cured within such
10 day period; or (ii) immediately if you fail to comply with any of the limitations described above;
or (iii) upon expiration of the relevant examination period(s) for which the Materials are valid, that
is, Materials marked, "2014 Edition," are valid for the June 2014 and December 2014 examination
periods and the license to these Materials terminates with the December 2014 examination; Materials
marked, "December 2014June 2015," are valid for the December 2014 and June 2015 examination
periods and the license to these Materials terminates with the June 2015 examination and Materials
marked, "For Examinations to August 2015," are valid for examinations from February 2014 until
August 2015 and the license to these Materials terminates at the end of August 2015. Upon
termination of this license for any reason, you must delete or otherwise remove from your computer
any Materials you downloaded, including, but not limited to, any archival copies you may have made.
Your Limited Right to Terminate this License and Receive a Refund: You may terminate this
license for the in-class, online, and self-study Programs in accordance with Becker's refund policy at
http://beckeratci.com.
Exclusion of Warranties: YOU EXPRESSLY ASSUME ALL RISK FOR USE OF THE MATERIALS. YOU
AGREE THAT THE MATERIALS ARE PROVIDED TO YOU "AS IS" AND "AS AVAILABLE" AND THAT
BECKER MAKES NO WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE MATERIALS,
THEIR MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND NO WARRANTY OF
NONINFRINGEMENT OF THIRD PARTIES' RIGHTS. NO DEALER, AGENT OR EMPLOYEE OF BECKER IS
AUTHORIZED TO PROVIDE ANY SUCH WARRANTY TO YOU. BECAUSE SOME JURISDICTIONS DO NOT
ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, THE ABOVE EXCLUSION OF IMPLIED WARRANTIES
MAY NOT APPLY TO YOU.
Exclusion of Damages: UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT,
CONTRACT, OR OTHERWISE, SHALL BECKER OR ITS DIRECTORS, OFFICERS, EMPLOYEES OR
AGENTS, BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY CONSEQUENTIAL, INCIDENTAL,
INDIRECT, PUNITIVE, EXEMPLARY OR SPECIAL DAMAGES OF ANY CHARACTER, INCLUDING, WITHOUT
LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR
MALFUNCTION OR ANY AND ALL OTHER DAMAGES OR LOSSES, OR FOR ANY DAMAGES IN EXCESS
OF BECKER'S LIST PRICE FOR A LICENSE TO THE MATERIALS, EVEN IF BECKER SHALL HAVE BEEN
INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY.
Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential
damages, so the above limitation or exclusion may not apply to you.
Indemnification and Remedies: You agree to indemnify and hold Becker and its employees,
representatives, agents, attorneys, affiliates, directors, officers, members, managers and shareholders
harmless from and against any and all claims, demands, losses, damages, penalties, costs or
expenses (including reasonable attorneys' and expert witness' fees and costs) of any kind or nature,
arising from or relating to any violation, breach or nonfulfillment by you of any provision of this
license. If you are obligated to provide indemnification pursuant to this provision, Becker may, in its
sole and absolute discretion, control the disposition of any indemnified action at your sole cost and
expense. Without limiting the foregoing, you may not settle, compromise or in any other manner
dispose of any indemnified action without the consent of Becker. If you breach any material term of
this license, Becker shall be entitled to equitable relief by way of temporary and permanent injunction
and such other and further relief as any court with jurisdiction may deem just and proper.
Severability of Terms: If any term or provision of this license is held invalid or unenforceable by a
court of competent jurisdiction, such invalidity shall not affect the validity or operation of any other
term or provision and such invalid term or provision shall be deemed to be severed from the license.
This license agreement may only be modified by written agreement signed by both parties.
Governing Law: This license agreement shall be governed and construed according to the laws
of the State of Illinois, United States of America, excepting that State's conflicts of laws rules. The
parties agree that the jurisdiction and venue of any dispute subject to litigation is proper in any state
or federal court in Chicago, Illinois, USA. The parties hereby agree to waive application of the UN
Convention on the Sale of Goods.
ACCA and Chartered Certified Accountants are registered trademarks of The Association of Chartered
Certified Accountants and may not be used without their express, written permission. Becker
Professional Education is a registered trademark of DeVry/Becker Educational Development Corp. and
may not be used without its express, written permission.

Paper
P1

Contents
Page

Introduction ...............................................................................................v
About This Study System ............................................................................v
Syllabus.....................................................................................................vi
ACCA Study Guide ......................................................................................ix
Examination Approach ............................................................................. xvi
Examination Technique .......................................................................... xvii
Sessions
1

Scope of Governance ............................................................ 1-1

Agency Relationships and Stakeholder Theory ...................... 2-1

The Board of Directors .......................................................... 3-1

Board Committees ................................................................ 4-1

Directors' Remuneration ....................................................... 5-1

Approaches to Corporate Governance ................................... 6-1

Corporate Social Responsibility ............................................ 7-1

Governance: Reporting and Disclosure ................................. 8-1

Management Control Systems .............................................. 9-1

10

Internal Audit and Compliance ............................................10-1

11

Reporting on Internal Control ..............................................11-1

12

Identifying Risk ...................................................................12-1

2014 DeVry/Becker Educational Development Corp. All rights reserved.

iii

Contents

Sessions

iv

Page

13

Assessing Risk .....................................................................13-1

14

Controlling Risk ...................................................................14-1

15

Ethical Theories ...................................................................15-1

16

Ethics and Social Responsibility ...........................................16-1

17

Professions and the Public Interest .....................................17-1

18

Professional Practice and Codes of Ethics ............................18-1

19

Conicts of interest and unethical behaviour ......................19-1

20

Integrated Reporting and Sustainability ..............................20-1

21

Index ..................................................................................21-1

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Introduction

about thiS Study SyStem


This Study System has been specifically written for the Association of Chartered Certified
Accountants Professional Paper P1 Governance, Risk and Ethics (GRE).
It provides comprehensive coverage of the core syllabus areas and is designed to be used
both as a reference text and as an integral part of your studies to provide you with the
knowledge, skill and confidence to succeed in your ACCA studies.
About the author: Keith Rye is ATC International's lead tutor in this subject area of
governance, risk and ethics, and has more than 10 years' experience in delivering ACCA
exam-based training.

How to Use This Study System


You should start by reading through the syllabus, study guide and approach to examining
the syllabus provided in this introduction to familiarise yourself with the content of this
paper.
The sessions which follow include the following features:
Focus

These are the learning outcomes relevant to the session,


as published in the ACCA Study Guide.

Session Guidance

Tutor advice and strategies for approaching each session.

Visual Overview

A diagram of the concepts and the relationships addressed


in each session.

Definitions

Terms are defined as they are introduced and larger groupings of terms will
be set forth in a Terminology section.

Illustrations

These are to be read as part of the text. Any solutions to numerical


Illustrations are provided.

Exhibits

These extracts of external content are presented to reinforce concepts and


should be read as part of the text.

Examples

These should be attempted using the pro forma solution provided (where
applicable).

Key Points

Attention is drawn to fundamental rules, underlying concepts and


principles.

Exam Advice

These tutor comments relate the content to relevance in the examination.

Commentaries

These provide additional information to reinforce content.

Session Summary

A summary of the main points of each session.

Session Quiz

These quick questions are designed to test your knowledge of the technical
content. A reference to the answer is provided.

Study Question
Bank

A link to recommended practice questions contained in the Study Question


Bank. At a minimum, you should work through the priority questions
after studying each session. For additional practice, you can attempt the
remaining questions (where provided).

Example Solutions

Answers to the Examples are presented at the end of each session.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Syllabus

P1 Governance, Risk and Ethics

Syllabus
Aim
To apply relevant knowledge, skills and exercise professional judgement in carrying out
the role of the accountant relating to governance, internal control, compliance and the
management of risk within an organisation, in the context of an overall ethical framework.

Rationale
The syllabus for Paper P1 Governance, Risk and Ethics acts as the gateway syllabus into the
professional level. It sets the other Essentials and Options papers into a wider professional,
organisational, and societal context.
The syllabus assumes essential technical skills and knowledge acquired at the Fundamentals
level where the core technical capabilities will have been acquired, and where ethics,
corporate governance, internal audit, control, and risk will have been introduced in a
subject-specific context.
The GRE syllabus begins by examining the whole area of governance within organisations
in the broad context of the agency relationship. This aspect of the syllabus focuses on the
respective roles and responsibilities of directors and officers to organisational stakeholders
and of accounting and auditing as support and control functions.
The syllabus then explores internal review, control and feedback to implement and support
effective governance, including compliance issues related to decision-making and decisionsupport functions. The syllabus also examines the whole area of identifying, assessing and
controlling risk as a key aspect of responsible management.
Finally, the syllabus covers personal and professional ethics, ethical frameworksand
professional valuesas applied in the context of the accountant's duties and as a guide to
appropriate professional behaviour and conduct in a variety of situations.

Main Capabilities
On successful completion of this paper, candidates should be able to:
A. Define governance and explain its function in the effective management and control of
organisations and of the resources for which they are accountable.
B. Evaluate the Governance, Risk and Ethics' role in internal control, review and
compliance.
C. Explain the role of the accountant in identifying and assessing risk.
D. Explain and evaluate the role of the accountant in controlling and mitigating risk.
E. Demonstrate the application of professional values and judgement through an ethical
framework that is in the best interests of society and the profession, in compliance with
relevant professional codes, laws and regulations.

vi

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Syllabus

Relational Diagram of Main Capabilities

Position Within the Syllabus

GRE
Professional
Module

Professional
Papers

AA (F8)
AB (F1)

2014 DeVry/Becker Educational Development Corp. All rights reserved.

vii

Syllabus

P1 Governance, Risk and Ethics

Detailed Syllabus
A. Governance and Responsibility

C. Identifying and Assessing Risk

1. The scope of governance

1. Risk and the risk management process

2. Agency relationships and theories

2. Categories of risk

3. The board of directors

3. Identification, assessment and


measurement of risk

4. Board committees
5. Directors' remuneration

D. Controlling Risk

6. Different approaches to corporate


governance

1. Targeting and monitoring risk

7. Corporate governance and corporate


social responsibility

3. Risk avoidance, retention and modelling

2. Methods of controlling and reducing risk

8. Governance: reporting and disclosure

E. Professional Values, Ethics and Social


Responsibility

B. Internal Control and Review

1. Ethical theories

1. Management control systems in


corporate governance

2. Different approaches to ethics and


social responsibility

2. Internal control, audit and compliance


in corporate governance

3. Professions and the public interest

3. Internal control and reporting


4. Management information in audit and
internal control

4. Professional practice and codes of ethics


5. Conflicts of interest and the
consequences of unethical behaviour
6. Ethical characteristics of professionalism
7. Social and environmental issues in
the conduct of business and of ethical
behaviour

ACCA Support
For examiner's reports, guidance and technical articles relevant to this paper see:
www.accaglobal.com/en/student/acca-qual-student-journey/qual-resource/
acca-qualification/p1.html.
The ACCA's Study Guide which follows is referenced to the Sessions in this Study System.

viii

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

ACCA Study Guide

ACCA Study Guide


A. Governance and Responsibility

Ref.

1. The scope of governance


a) Define and explain the meaning of corporate governance.
b) Explain, and analyse the issues raised by the development of the joint stock
company as the dominant form of business organisation and the separation of
ownership and control over business activity.
c) Analyse the purposes and objectives of corporate governance.
d) Explain, and apply in context of corporate governance, the key underpinning
concepts of:
i) fairness
ii) openness/transparency
iii) innovation
iv) scepticism
v) independence
vi) probity/honesty
vii) responsibility
viii) accountability
ix) reputation
x) judgment
xi) integrity
e) Explain and assess the major areas of organisational life affected by issues in
corporate governance.
i) duties of directors and functions of the board (including setting a responsible
'tone' from the top and being accountable for the performance and impacts of
the organisation)
ii) the composition and balance of the board (and board committees)
iii) relevance and reliability of corporate reporting and external auditing
iv) directors' remuneration and rewards
v) responsibility of the board for risk management systems and internal control
vi) the rights and responsibilities of shareholders, including institutional investors
vii) corporate social responsibility and business ethics.
f) Compare, and distinguish between public, private and non-governmental
organisations (NGO) sectors with regard to the issues raised by, and scope of,
governance.
g) Explain and evaluate the roles, interests and claims of, the internal parties involved
in corporate governance.
i) Directors
ii) Company secretaries
iii) Sub-board management
iv) Employee representatives (e.g. trade unions)
h) Explain and evaluate the roles, interests and claims of, the external parties involved
in corporate governance.
i) Shareholders (including shareholders' rights and responsibilities)
ii) Auditors
iii) Regulators
iv) Government
v) Stock exchanges
vi) Small investors (and minority rights)
vii) Institutional investors (see also next point)
i) Analyse and discuss the role and influence of institutional investors in corporate
governance systems and structures, for example the roles and influences of
pension funds, insurance companies and mutual funds.

(continued on next page)

2014 DeVry/Becker Educational Development Corp. All rights reserved. ix

ACCA Study Guide

P1 Governance, Risk and Ethics

Ref.
2. Agency relationships and theories
a) Define and explore agency theory.
b) Define and explain the key concepts in agency theory.
i) Agents
ii) Principals
iii) Agency
iv) Agency costs
v) Accountability
vi) Fiduciary responsibilities
vii) Stakeholders
c) Explain and explore the nature of the principal-agent relationship in the context of
corporate governance.
d) Analyse and critically evaluate the nature of agency accountability in agency
relationships.
e) Explain and analyse the following other theories used to explain aspects of the
agency relationship.
i) Transaction costs theory
ii) Stakeholder theory
3. The board of directors
a) Explain and evaluate the roles and responsibilities of boards of directors.
b) Describe, distinguish between and evaluate the cases for and against, unitary and
two-tier board structures.
c) Describe the characteristics, board composition and types of, directors (including
defining executive and non-executive directors (NED).
d) Describe and assess the purposes, roles and responsibilities of NEDs.
e) Describe and analyse the general principles of legal and regulatory frameworks
within which directors operate on corporate boards:
i) legal rights and responsibilities,
ii) time-limited appointments
iii) retirement by rotation,
iv) service contracts,
v) removal,
vi) disqualification
vii) conflict and disclosure of interests
viii) insider dealing/trading
f) Define, explore and compare the roles of the chief executive officer and company
chairman.
g) Describe and assess the importance and execution of, induction and continuing
professional development of directors on boards of directors.
h) Explain and analyse the frameworks for assessing the performance of boards and
individual directors (including NEDs) on boards.
i) Explain the meanings of "diversity" and critically evaluate issues of diversity on
boards of directors.
4. Board committees
a) Explain and assess the importance, roles and accountabilities of, board committees
in corporate governance.
b) Explain and evaluate the role and purpose of the following committees in effective
corporate governance:
i) Remuneration committees
ii) Nominations committees
iii) Risk committees.
iv) Audit committees

4
4
6
10

(continued on next page)

x

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

ACCA Study Guide

Ref.
5. Directors' remuneration
a) Describe and assess the general principles of remuneration.
i) purposes
ii) components
iii) links to strategy
iv) links to labour market conditions.
b) Explain and assess the effect of various components of remuneration packages on
directors' behaviour.
i) basic salary
ii) performance related
iii) shares and share options
iv) loyalty bonuses
v) benefits in kind
vi) pension benefits
c) Explain and analyse the legal, ethical, competitive and regulatory issues associated
with directors' remuneration.
6. Different approaches to corporate governance
a) Describe and compare the essentials of 'rules' and 'principles' based approaches to
corporate governance. Includes discussion of 'comply or explain'.
b) Describe and analyse the different models of business ownership that influence
different governance regimes (e.g. family firms versus joint stock company-based
models).
c) Describe and critically evaluate the reasons behind the development and use of
codes of practice in corporate governance (acknowledging national differences and
convergence).
d) Explain and briefly explore the development of corporate governance codes in
principles-based jurisdictions.
i) impetus and background
ii) major corporate governance codes
iii) effects of
e) Explain and explore the Sarbanes-Oxley Act (2002) as an example of a rules-based
approach to corporate governance.
i) impetus and background
ii) main provisions/contents
iii) effects of
f) Describe and explore the objectives, content and limitations of, corporate
governance codes intended to apply to multiple national jurisdictions.
i) Organisation for economic cooperation and development (OECD) Report
(2004)
ii) International corporate governance network (ICGN) Report (2005)
7. Corporate governance and corporate social responsibility
a) Explain and explore social responsibility in the context of corporate governance.
b) Discuss and critically assess the concept of stakeholders and stakeholding in
organisations and how this can affect strategy and corporate governance.
c) Analyse and evaluate issues of 'ownership,' 'property' and the responsibilities of
ownership in the context of shareholding.
d) Explain the concept of the organisation as a corporate citizen of society with rights
and responsibilities.
8. Governance: reporting and disclosure
a) Explain and assess the general principles of disclosure and communication with
shareholders.
b) Explain and analyse 'best practice' corporate governance disclosure requirements.
c) Define and distinguish between mandatory and voluntary disclosure of corporate
information in the normal reporting cycle.

7
2
2
7
8

(continued on next page)

2014 DeVry/Becker Educational Development Corp. All rights reserved. xi

ACCA Study Guide

P1 Governance, Risk and Ethics

Ref.
d) Explain and explore the nature of, and reasons and motivations for, voluntary
disclosure in a principles-based reporting environment (compared to, for example,
the reporting regime in the USA).
e) Explain and analyse the purposes of the annual general meeting and extraordinary
general meetings for information exchange between board and shareholders.
f) Describe and assess the role of proxy voting in corporate governance.
9. Public sector governance
a) Describe, compare and contrast public sector, private sector, charitable status
and non-governmental (NGO and quasi-NGOs) forms of organisation, including
purposes, ownership and stakeholders (including lobby groups).
b) Describe, compare and contrast the different types of public sector organisations at
subnational, national and supranational level.
c) Assess and evaluate the strategic objectives and governance arrangements specific
to public sector organisations as contrasted with private sector.
d) Discuss and assess the nature of democratic control, political influence and policy
implementation in public sector organisations including the contestable nature of
public sector policy.
B. Internal Control and Review

1
1
4
1
Ref.

1. Management control systems in corporate governance


a) Define and explain internal management control.
b) Explain and explore the importance of internal control and risk management in
corporate governance.
c) Describe the objectives of internal control systems.
d) Identify, explain and evaluate the corporate governance and executive management
roles in risk management (in particular the separation between responsibility for
ensuring that adequate risk management systems are in place and the application
of risk management systems and practices in the organisation).
e) Identify and assess the importance of the elements or components of internal
control systems.
2. Internal control, audit and compliance in corporate governance
a) Describe the function and importance of internal audit.
b) Explain, and discuss the importance of, auditor independence in all client-auditor
situations (including internal audit).
c) Explain, and assess the nature and sources of risks to, auditor independence.
Assess the hazard of auditor capture.
d) Explain and evaluate the importance of compliance and the role of the internal
audit function in internal control.
e) Explore and evaluate the effectiveness of internal control systems.
f) Describe and analyse the work of the internal audit committee in overseeing the
internal audit function.
g) Explain and explore the importance and characteristics of, the audit committee's
relationship with external auditors.
3. Internal control and reporting
a) Describe and assess the need to report on internal controls to shareholders.
b) Describe the content of a report on internal control and audit.
c) Explain and assess how internal controls underpin and provide information for
accurate financial reporting.
4. Management information in audit and internal control
a) Explain and assess the need for adequate information flows to management for the
purposes of the management of internal control and risk.
b) Evaluate the qualities and characteristics of information required in internal control
and risk management and monitoring.

10

9
10

11
11
9, 11
9

(continued on next page)

xii

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

ACCA Study Guide

Ref.
C. Identifying and Assessing Risk
1.
a)
b)
c)
d)
e)
2.
a)
b)

c)
d)
3.
a)
b)
c)
d)
e)
f)
g)
h)

Ref.

Risk and the risk management process


Define and explain risk in the context of corporate governance.
Define and describe management responsibilities in risk management.
Explain the dynamic nature of risk assessment.
Explain the importance and nature of management responses to changing risk
assessments.
Explain risk appetite and how this affects risk policy.
Categories of risk
Define and compare (distinguish between) strategic and operational risks.
Define and explain the sources and impacts of common business risks.
i) market
ii) credit
iii) liquidity
iv) technological
v) legal
vi) health, safety and environmental
vii) reputation
viii) business probity
ix) derivatives
Describe and evaluate the nature and importance of business and financial risks.
Recognise and analyse the sector or industry specific nature of many business
risks.
Identification, assessment and measurement of risk
Identify, and assess the impact upon, the stakeholders involved in business risk.
Explain and analyse the concepts of assessing the severity and probability of risk
events.
Describe and evaluate a framework for board level consideration of risk.
Describe the process of and importance of, externally reporting on internal control
and risk.
Explain the sources, and assess the importance of, accurate information for risk
management.
Explain and assess the ALARP (as low as reasonably practicable) principle in risk
assessment and how this relates to severity and probability.
Evaluate the difficulties of risk perception including the concepts of objective and
subjective risk perception.
Explain and evaluate the concepts of related and correlated risk factors.

D. Controlling and Managing Risk

12
13, 14
14
14
14
12

13
13
13
11, 12
11
14
14
13
Ref.

1. Targeting and monitoring of risk


a) Explain and assess the role of a risk manager in identifying and monitoring risk.
b) Explain and evaluate the role of the risk committee in identifying and monitoring
risk.
c) Describe and assess the role of internal or external risk auditing in monitoring risk.
2. Methods of controlling and reducing risk
a) Explain the importance of risk awareness at all levels in an organisation.
b) Describe and analyse the concept of embedding risk in an organisation's systems
and procedures.
c) Describe and evaluate the concept of embedding risk in an organisation's culture
and values.
d) Explain and analyse the concepts of spreading and diversifying risk and when this
would be appropriate.
e) Identify and assess how business organisations use policies and techniques to
mitigate various types of business and financial risks.

14

14

(continued on next page)


2014 DeVry/Becker Educational Development Corp. All rights reserved. xiii

ACCA Study Guide

P1 Governance, Risk and Ethics

Ref.
3. Risk avoidance, retention and modelling
a) Explain, and assess the importance of, risk transference, avoidance, reduction and
acceptance.
b) Explain and evaluate the different attitudes to risk and how these can affect
strategy.
c) Explain and assess the necessity of incurring risk as part of competitively managing
a business organisation.
d) Explain and assess attitudes towards risk and the ways in which risk varies in
relation to the size, structure and development of an organisation
E. Professional Values, Ethics and Social Responsibility

14

Ref.

1. Ethical theories
a) Explain and distinguish between the ethical theories of relativism and absolutism.
b) Explain, in an accounting and governance context, Kohlberg's stages of human
moral development.
c) Describe and distinguish between deontological and teleological/consequentialist
approaches to ethics.
d) Apply commonly used ethical decision-making models in accounting and
professional contexts
i) American Accounting Association model
ii) Tucker's 5-question model
2. Different approaches to ethics and social responsibility
a) Describe and evaluate Gray, Owen & Adams (1996) seven positions on social
responsibility.
b) Describe and evaluate other constructions of corporate and personal ethical stance:
i) short-term shareholder interests
ii) long-term shareholder interests
iii) multiple stakeholder obligations
iv) shaper of society
c) Describe and analyse the variables determining the cultural context of ethics and
corporate social responsibility (CSR).
d) Explain and evaluate the concepts of "CSR strategy" and "strategic CSR".
3. Professions and the public interest
a) Explain and explore the nature of a 'profession' and 'professionalism'.
b) Describe and assess what is meant by 'the public interest'.
c) Describe the role of, and assess the widespread influence of, accounting as a
profession in the organisational context.
d) Analyse the role of accounting as a profession in society.
e) Recognise accounting's role as a value-laden profession capable of influencing the
distribution of power and wealth in society.
f) Describe and critically evaluate issues surrounding accounting and acting against
the public interest.
4. Professional practice and codes of ethics
a) Describe and explore the areas of behaviour covered by corporate codes of ethics.
b) Describe and assess the content of, and principles behind, professional codes of
ethics.
c) Describe and assess the codes of ethics relevant to accounting professionals such
as the IFAC or professional body codes.

15

16

7
17

18

(continued on next page)

xiv

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

ACCA Study Guide

Ref.
5. Conflicts of interest and the consequences of unethical behaviour
a) Describe and evaluate issues associated with conflicts of interest and ethical conflict
resolution.
b) Explain and evaluate the nature and impacts of ethical threats and safeguards.
c) Explain and explore how threats to independence can affect ethical behaviour.
d) Explain and explore "bribery" and "corruption" in the context of corporate
governance, and assess how these can undermine confidence and trust.
e) Describe and assess best practice measures for reducing and combating bribery
and corruption, and the barriers to implementing such measures.
6. Ethical characteristics of professionalism
a) Explain and analyse the content and nature of ethical decision-making using
content from Kohlberg's framework as appropriate.
b) Explain and analyse issues related to the application of ethical behaviour in a
professional context.
c) Describe and discuss "rules based" and "principles based" approaches to resolving
ethical dilemmas encountered in professional accounting.
7. Integrated reporting and sustainability issues in the conduct of business
a) Explain and assess the concept of integrated reporting and evaluate the issues
concerning accounting for sustainability (including the alternative definitions
ofcapital):
i) Financial
ii) Manufactured
iii) Intellectual
iv) Human
v) Social and relationship
vi) Natural
b) Describe and assess the social and environmental impacts that economic activity
can have (in terms of social and environmental "footprints" and environmental
reporting).
c) Describe the main features of internal management systems for underpinning
environmental and sustainability accounting such as EMAS and ISO 14000.
d) Explain and assess the typical contents and guiding principles of an integrated
report, and discuss the usefulness of this information to stakeholders.
e) Explain the nature of social and environmental audit and evaluate the contribution
it can make to the assurance of integrated reports.

19

15, 19
19
19
20

2014 DeVry/Becker Educational Development Corp. All rights reserved. xv

Examination Approach

P1 Governance, Risk and Ethics

examination approach
The syllabus will be assessed by a three-hour paper-based examination. The examination
paper will be structured in two sections.
Time allowed: 3 hours
Section A:
Section B:

One compulsory question


Choice of two out of three 25-mark questions

Number of marks
50
50
100

Section A
Section A will be based on a case study style question, with requirements based on several
parts with all parts relating to the same case information. The case study will usually
assess a range of subject areas across the syllabus and will require the candidate to
demonstrate high level capabilities to evaluate, relate and apply the information in the case
study to several of the requirements.

Section B
Section B comprises three questions of 25 marks each, of which the candidate must
answer two. These questions will be more likely to assess a range of discrete subject areas
from the main syllabus section headings, but may require application, evaluation and the
synthesis of information contained within short scenarios in which some requirements may
need to be contextualised.
Additional Information
The examiner has stated that some simple arithmetical calculations may be required when
dealing with risk. This will enable some aspects of risk to be examined that cannot be
examined in a solely narrative based examination.
The study guide offers more detailed guidance on the depth and level at which the
examinable documents will be examined.

xvi

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Examination Technique

Examination technique
Aim of Paper P1
"To apply relevant knowledge, skills and exercise professional judgement in carrying out
the role of the accountant relating to governance, internal control, compliance and the
management of risk within an organisation, in the context of an overall ethical framework."
It is widely recognised that there is more to passing exams than recalling facts, terms,
definitions, etc. You must practise your examination technique to convey the skills other
than knowledge (i.e. comprehension, application and analysis) which the examiners and
their markers will be looking for when assessing the quality (rather than the quantity) of
your answers.
The examiner has made it clear that he expects you to read around and research the topic
and be aware of current issues related to the syllabus.
This will mean reviewing appropriate websites and key documents referred to in this Study
System (e.g. the UK Corporate Governance Code and the UK Stewardship Code) and major
listed companies' websites (e.g. business reviews, corporate governance statements,
sustainability reports, risk reports, investors' pages) and generally keeping up to date on
current corporate governance issues (e.g. research the Examples and Illustrations given in
this Study System).

(1) Understand the Requirements


Before attempting any question, and in order to impress the markers, you need to
understand the examiner's requirements.
Understanding the Context
With a long scenario (i.e. Question 1) it is often best to obtain a general idea of the context
of the scenario. This should be done by briefly reading through the first paragraph, no
more. For example, am I dealing with a company or an NGO? What industry is involved
chemical, civil engineering, extraction, service, retailing? Single entity or group? National
or international? Developing country?
DO NOT read through the whole question at this stagedo so ONLY after having understood
the requirements.
Read the Requirements
With the context in mind, read the requirements (at the end of the question). Always
do this before reading the whole question. The longer the question, the more vital it is
that you observe this guidance! It is a waste of time to start by reading a question from
beginning to end because you will not appreciate the relevance of the "scenario" until you
know what the examiner is asking you for. A further advantage of this recommended
approach is that it reduces the risk of answering the question you wanted to see rather than
the question set by the examiner. This risk is greatest when the scenario, if it is read first,
suggests an examinable topic which is not central to the examiner's requirement.
Highlight "Instruction" and "Content"
All requirements (and parts thereof) should have an "instruction" (e.g. "describe") and
"content" (e.g. "procedures"). The instructions tell you how your answer should be written;
the content tells you what you should be writing about.

2014 DeVry/Becker Educational Development Corp. All rights reserved. xvii

Examination Technique

P1 Governance, Risk and Ethics

Instructions

< "Construct" (i.e. build up from basics) an argument. Lay the foundation and then

strengthen your argument. If the requirement is to "Construct an argument for X rather


than Y" then concentrate on the positive aspects of X plus the negative aspects of Y.
< "Describe" (i.e. "set out the characteristics of"). Use brief sentences but give more
depth than if the instruction was "state" (see below).
< "Explain" (i.e. make plain, clarify, elucidate). For example, defining a term does not
explain it, but providing an illustration may do so.
< "State" (i.e. express in words). Use one short sentence (bullet point) to make each
answer point.
< "Discuss" or "Constructively criticise" (i.e. give balanced views on and conclude, where
appropriate).
< "List" (i.e. make a list of like things).
< "Justify" (i.e. give reasoning or provide a strong argument for).
< "Identify" (i.e. from the scenario). This requirement is often implied rather than
expressly stated. For example, "Describe the risks ." requires that the risks be
identified before they can be described.
< "Comment" (i.e. make observations, debate, appraise and/or examine (critically),
express a reaction).

< "Suggest" (i.e. propose or put forward).


< "Evaluate/assess" (i.e. weigh up and make a judgement). Consider, for example,

advantages/disadvantages, benefits/costs and/or pros/cons.


< With Q1, look for a particular "thread" running through and linking the requirements.

(2) Read the Scenario


From the requirements you will have a good idea of what to look out for as you read
through the scenario.
It is important to establish the underlying themes in the scenario (e.g. corporate
governance issues, risks of merging with an overseas company, culture and ethics, role and
structure of the board, sustainability).
Points to Look Out For

< Ethical positions of the company and its directorsoften one director will have a

conflicting ethical view to that of another. How can they be reconciled and how can
the ethical conflict be resolved? Identify from the scenario the ethical drivers and the
factors that determine the ethical position. Most situations can easily have an ethical
element.
< Corporate governancethe scenario is likely to present weaknesses that must be
identified and then resolved through recommendations. These may be based at a
national level or they may be based around cultural differences. Best practice has to be
identified.
< Agency and stakeholdersthe scenario will give plenty of detail of the environment
that the entity operates in. If directors are mentioned (as they probably will be) then
consider potential agency problems and costs. Not all of the stakeholders may be
specifically mentionedpractical experience and extrapolation may be necessary.
< As with Paper F8 Audit and Assurance control systems usually implies design,
application, weaknesses and impact on risks. Whenever something has gone wrong,
then consider the control implications (i.e. a control failed or was missing).
< With risks, look out for the most significant risksthese may relate to strategy,
operations and change. Having identified them, you will probably need to assess their
impact and how to respond to thempractical and cost effective solutions are expected.
< Look for clues indicating the use of a particular modelif the requirement does not
mention any by name, the scenario will give good clues if the examiner expects you to
use them.
xviii

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Examination Technique

< Be aware of the underlying moral and ethical frameworksjust as you may think about

them in real life, do the same when answering questions. For example, is it acceptable
to favour one stakeholder over another?
< "Underpinning confidence"the examiner's "pet" phrases include "sound application
of corporate governance principles underpins market confidence in an entity";
"good controls that are relevant to the information needs of management, underpin
management's confidence in the information received"; "a good control environment
underpins regulatory confidence in the entity". Be alert to opportunities to "underpin".

(3) Plan Your Answer


The importance of adequate planning cannot be over-emphasised. Adequate planning leads
to an organised logical structure to your answer, incorporating all the points you can come
up with and highlighting your powers of analysis and communication.
A lack of planning leads to a disorganised illogical jumble of scraps of thoughts and ideas,
causing you to omit key elements of the question and repeat answer points already made.
How much planning is needed on each question depends, in the main, on just two factors:
(i) How much the requirement and scenario are broken down into partsthe more this
is already done for you, the less you need to do.
(ii) The mark allocation. In general, the more marks available, the more planning will be
required for that section.
When you are practiced in exam technique, planning 25 mark questions should take only
five minutes. Obviously, Q1 will take a little longerbut remember you do have 15 minutes
reading and planning time ("RAPT"). Use this time mostly on Q1 to maximise marks.
Ensure that you read the question thoroughly, as discussed in (2) above. Highlight key
points or note them down to ensure that you incorporate them in your answer.
Plan your answer in whatever way you prefer: some people like to use "mind maps" or
"spider-grams" and put everything on the page and then assemble it into order; others
prefer to put down key headings and then allocate points to them as they work through the
question.
Write any answer plans you do after the RAPT in your answer booklet so you can submit it.
Clearly head up the page "answer plan" or "workings".
WARNING: Never write " sentences"there is no time for them in answer planning and
no place for them in writing out your answer.

(4) Professional MarksQ1


These will not only be awarded for the style of your answer (e.g. a report, press release,
briefing notes or a letter) but also for the logic and structure of your answer, your
argument, the way you construct your case.
Failing to get all of the professional marks can be the difference between passing and
failing49 is the loneliest number in the world (not 1) at the time of your results. So plan
your answer accordingly. If a press release is required, do not do a letter. No marks will be
awarded.
Make sure you know what a press release looks like and the differences between it and,
for example, a briefing note or a statement to shareholders. Look at press releases on the
internet.
Lastly look at past Q1s. Note the way in which the subject matter is introduced and
concludedthe opening and closing paragraphs.

2014 DeVry/Becker Educational Development Corp. All rights reserved. xix

Examination Technique

P1 Governance, Risk and Ethics

(5) Write the Answer


If you have adequately read, thought and planned, this should be the easiest part of the
whole exercise. Points to remember:

< Use underlined HEADINGS and subheadings (generated by the requirement and any

breakdown of the scenario into parts) to produce a logical and structured answer. This
is particularly important if you have been asked to present your answer in the form of a
report, for example.
< The examiner positively discourages rewording of requirements into introductory
sentences as recommended by some (former) examiners because, not only is it timeconsuming, it does not earn marks and candidates fail to identify the key words and so
fail to focus on the question set.
< Maintain a sentence structure and keep sentences and paragraphs short and succinct.
Look to suggested solutions of past examinations for appropriate style.
Explain and define where necessary (e.g. if asked to be writing to a layman, explain phrases
such as "business risk" briefly: "business risk, that is the risk that the business will not
achieve its objectives ..."). This is particularly important, if for example you are asked to
prepare a briefing note for the CEO to explain a position to shareholders. If being explained
to institutional investors, then an explanation would not be necessary.

< Try to achieve a good standard of English. Although you will not lose marks for spelling
mistakes and poor grammar, you may lose marks if your answer points cannot be
understood by the marker.
< Allow plenty of space to present your answer and, if your writing is difficult to read,

write on

every
other

linein CAPITALS if necessary.

WARNING: Restrict the use of underlining to headings and sub-headings (and use a
ruler). Do not waste time underlining what you consider to be the "key" wordsit is quite
unnecessary and may interfere with the marking process.

< Candidates often ask, "How much should I write". The examiner is not interested in

volume, he does not weigh scripts and marking is an arduous task. So do yourselves
(and your markers) a favouranswer the Q set and think about the relevance of what
you are writing. Look back to the answer plan (above).

Summary
When attempting an exam style and standard question, always practise exam technique so
that it is second nature to you by the time of the real exam.

< Spend time thoroughly reviewing your answer against the "model" answer and make

a note of the points you missed. (Do not be despondent if some of the answers you
encounter do not follow this guidancehistorically "model" answers are written solely to
convey technical content rather than exam technique.)
< Study the examiner's comments on candidates' performance in previous exams, areas of
weakness and suggestions for improvements.
< Practice "effective writing" throughout your studiesit is not unique to answering
auditing questions!
Remember the key elements to examination technique:
Read: This provides the facts to trigger your knowledge.
Think: without this planning process you will not be able to convey the skills of
comprehension, application and analysis which are expected of you.
Write: concentrate on your style of writing to address the examiners' requirements as
directly as possible.
xx

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Examination Technique

NOTES

2014 DeVry/Becker Educational Development Corp. All rights reserved. xxi

Session 1

Scope of Governance
FOCUS
This session covers the following content from the ACCA Study Guide.
A. Governance and Responsibility
1. The scope of governance
a) Define and explain the meaning of corporate governance.
b) Explain and analyse the issues raised by the development of the joint
stock company as the dominant form of business organisation and the
separation of ownership and control over business activity.
c) Analyse the purposes and objectives of corporate governance.
d) Explain, and apply in context of corporate governance, the key
underpinning concepts.
e) Explain and assess the major areas of organisational life affected by issues
in corporate governance.
f) Compare, and distinguish between, public, private and non-governmental
organisations (NGO) sectors with regard to the issues raised by, and scope
of, governance.
9. Public sector governance
a) Describe, compare and contrast public sector, private sector, charitable
status and non-governmental (NGO and quasi-NGOs) forms of
organisation, including purposes, ownership and stakeholders (including
lobby groups).
b) Describe, compare and contrast the different types of public sector
organisations at subnational, national and supranational level.
d) Discuss and assess the nature of democratic control, political influence
and policy implementation in public sector organisations including the
contestable nature of public sector policy.
(see ACCA Study Guide for expanded learning objectives)

Session 1 Guidance
Read the Introduction (s.1) and Organisational Impact (s.3).
Understand the various meanings of corporate governance (s.2.1) and the key concepts (s.2.3) as
all are highly examinable. The King Report (s.2.4) provides a link to corporate social responsibility
(Session 7).

(continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To provide a basic understanding of the scope of corporate governance.

CORPORATE DEVELOPMENT
Introduction
A Brief History

MEANING OF
CORPORATE
GOVERNANCE
Terminology
Best-Practice Elements
Key Underpinning
Concepts
King Report

ORGANISATIONS
Listed Companies
Private Companies
(Non-listed)
Public Sector
Non-governmental
Organisations
Quangos
Lobby Groups
Public Sector Debate

Session 1 Guidance
Understand how concepts of governance apply to public sector organisations (e.g. Q1 June 2010)
and charities (see Q1 June 2011).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

1-1

Session 1 Scope of Governance

Corporate Development

1.1

Introduction

P1 Governance, Risk and Ethics

There is no single, accepted definition of corporate

governance. Corporate governance as a specific discipline


is relatively new, although the concept has been around for
centuries. As beauty "lies in the eyes of the beholder", so
does the answer to the question, "What exactly is corporate
governance?"
There is a range of definitions, from a narrow view that it
is restricted to the relationship between a company and its
shareholders (agency theory) to the much wider view that
corporate governance is a complex web of direct, indirect
and ever-changing relationships between the entity and its
stakeholders (stakeholder theory).*
The study of corporate governance is in essence the same as
the study of the mechanics of the capitalist system. It can be
argued that every country in the world has its own variation
of the "capitalist system" and management of that system
(corporate governance) based on the law, corporate ownership
structure, culture, history, traditions, politics and economics
of that country. As the capitalist system has evolved, so has
corporate governance.
While the United States (US) and United Kingdom (UK) are
just two of the many forms of capitalist systems, history
shows that they tend to be the most active and, therefore,
the most researched. Also, because of the UK's colonial past,
many countries have law and corporate systems (originally)
based on that of the UK.
The principal corporate structure of the 21st century allows
companies to be listed on stock exchanges and shareholders
to freely trade their shares. The so-called Anglo-Saxon (or
Anglo-American) model of corporate governance is one that is
held up as a benchmark for other systems.

1.2

*See s.2.1 for

definitions and
descriptions of
Corporate Governance.

A Brief History

Trade between individuals, settlements and countries has

1-2

existed since the first civilisation. Although initiated by soletraders and merchant guilds (effectively groupings of specialist
traders and craftsmen in a locality), the financing required to
expand trade and develop new markets outgrew the capacity
of the guilds. They began to seek finance through investment
by wealthy individuals, not connected with the guild, into
"joint stock". This eventually led to the formation of regulated
companies whose members could trade their shares in that
company. In theory, such members controlled the guild.
Also, governments issued charters to organisations to allow
them to raise public funding for particular risky ventures. An
early example of this was the East India Company formed by
Royal Charter in 1600 for the Merchant Guild of London to
develop trade into the East Indies.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 1 Scope of Governance

The growth of incorporation and raising of funds through the

public issue of unlimited liability "shares" continued until, in


1720, the collapse of the Company of Merchants of Great
Britain Trading to the South Seas caused a public outcry and
the banning of companies raising public funds without the
government's approval.
The South Sea Bubble, as the collapse was called, was the
first stock market overvaluation and subsequent demise of a
corporation. At one stage of trading, the value placed on the
shares of the corporation reached 500m ($1,000m), twice
that of the value of all of the land in England.
It was not until the mid-1800s that laws were passed in the
UK to allow limited liability companies to issue shares to fund
the industrial revolution and in particular, the building of a
national railway network. Greater emphasis was placed on
the rights and protection of shareholders, as they employed
managers to run the business for them.
In 1865, the 14th Amendment to the US Constitution gave
corporations the same rights as an individual and in the
UK, Solomon v Solomon, enshrined the same concept into
case lawthat corporations were separate legal bodies to
their managers and owners. Thus commenced the so-called
"divorce" of control and ownership.

Throughout the early and mid-1900s in the UK, various

Companies Acts were passed incorporating some governance


elements on regulating the requirement of companies to
produce audited financial statements, the duties of directors
and the rights of shareholders. In addition, the London Stock
Exchange placed further governance requirements on listed
companies through their listing rules.
Since the 1970s there has been a substantial growth in
the number of corporations, their size, global trading and
power. Many government-controlled utilities were privatised
(especially in the UK), which created millions of additional
shareholders and further widened the gulf between ownership
and management.
Initially this did not seem to be of concern to shareholders
(many writers commented then on the apparent malaise of
shareholders which allowed directors to gain greater control
over companies) but a series of UK corporate scandals in
the early 1990s (e.g. Polly Peck, BCCI, Maxwell, British Gas
and Barings Bank) spurred the government into requiring
a detailed corporate governance code (the UK Corporate
Governance Code).* In the US, Enron and WorldCom had a
similar effect, leading to the Sarbanes-Oxley Act of 2002, and
a review/update of the UK Corporate Governance Code.*

*Although rules and regulations may deter financial fraud, they do


not change the criminal mindset. Financial fraud may still happen
(e.g. Tyco, Shell, Conrad Black, Madoff, Sanlu Group, Satyam, etc).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*The UK Corporate
Governance Code was,
prior to 2010, called
the UK Combined
Code. The current
edition of "the Code"
was published in
September 2012 and
applies to accounting
periods beginning on
or after 1 October
2012 and applies to
all companies with
a Premium listing
of equity shares
regardless of whether
they are incorporated
in the UK or elsewhere.

1-3

Session 1 Scope of Governance

P1 Governance, Risk and Ethics

In addition, the last 10 years have seen a substantial increase


in the scrutiny of the roles and actions taken by corporations
as "good corporate citizens" (e.g. ethical behaviour, social
responsibility and sustainability). This is having a significant
effect on how corporations are being governed in a "CNN
world" and the necessary widening of the directors' vision to
consider all who are affected by the company and those who
can affect the company.*

*"CNN world" refers to the ease with which corporations are being
held to account by the public airing of their actions/inactions by
global media (e.g. use of child labour, the poor treatment of workers
in developing nations).
It may take 20 years to build a good reputation, but only 20 seconds
for bad publicity through the global media to destroy it. Reputation
risk is now taken very seriously.

Meaning of Corporate Governance

2.1

Terminology

A specific definition for corporate governance is difficult to


determine because there are many different legal jurisdictions,
corporate structures, cultures, moral beliefs and conditions under
which organisations operate throughout the world.*
The Organisation for Economic Co-operation and Development
(OECD) explains corporate governance as:

"The system by which business corporations are directed and

controlled. The corporate governance structure specifies


the distribution of rights and responsibilities among different
participants* in the corporation and spells out the rules
and procedures for making decisions on corporate affairs. By
doing this, it also provides the structure through which the
company objectives are set, and the means of attaining those
objectives and monitoring performance."
Other explanations include:

*Participants include
the board, managers,
shareholders and
other stakeholders
(e.g. employees,
suppliers, customers,
government, local
communities)hence
"society" in the
broader definition.

"The system of checks and balances, both internal and

1-4

external to companies, which ensures that companies


discharge their accountability to all stakeholders and act in a
socially responsible way in all areas of their business activity."
Jill Solomon, 2004
"Corporate governance is concerned with holding the balance
between economic and social goals and between individual
and communal goals the aim is to align as nearly as possible
the interests of individuals, corporations and society."
Cadbury, World Bank report, 1999

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 1 Scope of Governance

"It is the relationship among various participants in

determining the direction and performance of corporations."


Monks and Minow, 1995
"Corporate governance is the system by which companies are
directed and managed. It influences how the objectives of
the company are set and achieved, how risk is monitored and
assessed, and how performance is optimised. Good corporate
governance structures encourage companies to create value
(through entrepreneurism, innovation, development and
exploration) and provide accountability and control systems
commensurate with the risks involved."
Australian Securities Exchange, 2010
"The ethical corporate behaviour by directors or others
charged with governance in the creation of wealth for all
stakeholders. It is the way of promoting corporate fairness,
transparency, independence, integrity and accountability."

2.2

"Best-Practice" Elements of Corporate


Governance

From these definitions, earlier studies on corporate governance


(e.g. papers F1 and F8) and the study of P1, it is clear that
there are a number of critical elements that reflect corporate
governance best practice:*

A framework through which strategic, tactical and operational

objectives are set (taking into account both internal and


external influences) and performance is optimised.
Strong internal control and risk management procedures.
Corporate strategies set and executed in an ethical and
effective way.
Fairness, transparency, independence, integrity and
accountability are essential to ensure market confidence and
attract appropriate investment.
Application of substance over form.
Governance is top-down driven (set by the "tone from the
top") and pervasive throughout the organisation.
No longer inward looking and no longer purely about money.
Sustainable development and sustainability reporting had
been evolving parallel to governance during the 1990s and
all are now intrinsically linked through Integrated Reporting
(Session 20).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*These sum up the


way in which an entity
sets a responsible
"tone from the top"
(actions of senior
executive managers
and the board) to
provide sustainable
"wealth" for all its
stakeholders.

1-5

Session 1 Scope of Governance

2.3

P1 Governance, Risk and Ethics

Key Underpinning Concepts


Fairness
Openness and
Transparency

Reputation

Innovation

Integrity

Judgement

CORPORATE GOVERNANCE
KEY UNDERPINNING
CONCEPTS

Independence

Accountability

Responsibility

2.3.1

Scepticism

Probity and Honesty

Fairness

The systems and values in the company must be balanced

in taking into account all those that have an interest in the


company and its future.
There should be equality and even-handedness in directors'
deliberations with the ability to reach an equitable judgement
in any given ethical situation.
The rights of various groups (stakeholders) have to be
acknowledged and respected. For example, minority
shareowner interests must receive equal consideration to
those of the dominant shareowner(s).

2.3.2

Openness/Transparency

The ease with which stakeholders are able to make meaningful

analysis of a company's actions, its economic fundamentals


and the non-financial aspects pertinent to that business.*
A measure of how good management is at making necessary
information available in a candid, accurate and timely
mannernot only the statutory and listing disclosures
required in financial statements, but also general reports
(e.g. to financial institutions), press releases, sustainability
reports, general corporate social responsibility (CSR) reporting
and other voluntary information (e.g. through integrated
reporting).

Includes management developing the appropriate culture in


the company at all levels, strategic and operational.

*Stakeholders also
include board members
(executives and NEDs)
and management who
implement the board's
decisions. Board
meetings and actions
should be open and
transparent within the
confines of the board.

Reflects whether investors and other stakeholders obtain a

1-6

true picture of what is happening inside the company.


Strong controls and systems have to be in place to be able
to capture, analyse and present reliable information on a
timely basis to facilitate the appropriate level of openness
and transparency.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

2.3.3

Session 1 Scope of Governance

Innovation

Innovation"the process through which economic and social


value is extracted from knowledge through the generation,
development, and implementation of ideas to produce new
or improved strategies, capabilities, products, services, or
processes."
The Conference Board of Canada

Entities operate in open and dynamic environments. To

remain competitive and increase stakeholders' wealth (see


Session 2) and be of increasing benefit to society as a whole,
they must "innovate and adapt their corporate governance
practices so that they can meet new demands and grasp new
opportunities." (OECD)
This implies that entities should be innovative in the way they
apply good corporate governance practices. Not just a case
of "following the rules" or "doing the same as last year" but
applying substance over form to ensure that stakeholders
and society as a whole have increased understanding of, and
benefit from, governance procedures (e.g. greater openness
and transparency in reporting to stakeholders and society
through innovative Web-based applications and integrated
reports).

In addition, as noted above, "good corporate governance

structures encourage companies to create value through


entrepreneurism, innovation, development and exploration"
(Australian Securities Exchange).*

*Innovation implies taking risks which require appropriate risk


management. A key element of good corporate governance is the
appropriate management of risks and explanations to stakeholders
on what those risks are and how they are being managed.
2.3.4

Scepticism

Professional scepticism was covered in Paper F8 Audit and

Assurance. In audit terms, it is an attitude that includes a


questioning mind, being alert to conditions which may indicate
possible misstatement due to error or fraud and a critical
assessment of audit evidence.
In corporate governance, and in many other applications,
scepticism requires a questioning mind, being alert for
possible errors and a critical assessment of facts and evidence.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

1-7

Session 1 Scope of Governance

P1 Governance, Risk and Ethics

One key element of good corporate governance is the

oversight role applied by non-executive directors and


shareholders (especially institutional shareholders). For
example, under the UK Corporate Governance Code, nonexecutive directors should constructively challenge and help
develop proposals on strategy. To do so requires appropriate
levels of scepticism.*

*This does not, of course, mean challenging every single document


or discussion held during board meetings. No board could function
under such conditions. Nor does it mean, as in the banking crisis,
that boards, NEDs and shareholders totally fail to challenge chief
executives (and just accept what the CEO is doing because "the bank
is making good profits") until it is too late.

As an underpinning concept, scepticism is, perhaps, unique

in that it can also play a role in other underpinning concepts.


For example, application of healthy scepticism may assist
the development of fairness, openness and transparency,
independence, probity and honesty, integrity and judgement
within the entity (e.g. challenging any system within the
entity that may not appear to be fair to diversity or could
result in a reduction of transparency relating to a particular
transaction).*

*Note that reputation is effectively the cumulative result of all


of the underpinning conceptsalways remember that all of the
underpinning concepts are closely intertwined.

2.3.5

Independence

The extent to which mechanisms have been put in place to


minimise, or avoid, potential conflicts of interest that may
exist. Examples:

separation of the roles of chief executive and chairman of


the board;
independent non-executive directors (NEDs) to represent
the interest of the shareholders and other stakeholders;
independent NEDs balance on appointment and
remuneration committees to counter potential abuse by
executive directors;
use of internal and external auditors reporting to audit
committees; and
audit committees and limitation of non-audit work.
The decisions made and internal processes established should
be objective and not allow for undue influences or overt
personal motivation to prevail. That is, the company should
be run for the benefit of all stakeholders (shareholders being
a primary grouping).

1-8

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

2.3.6

Session 1 Scope of Governance

Probity and Honesty

This is fundamental to corporate governance systems

(regardless of their origin) involving integrity, honour, virtue


and fair dealing.
It implies not misleading stakeholders (e.g. shareholders, the
market, employees). At a higher level, the chief executive
provides all appropriate information to fellow executive
directors and NEDs.

2.3.7

Responsibility

Responsibility pertains to behaviour that allows for corrective

action and for penalising mismanagement. It is a willingness


by management to accept liability for the outcome of
governance decisions.*
Responsible management would, when necessary, put in
place what it would take to set the company on the right path
no matter how painful (e.g. dismissing an underperforming
chief executive) or against its own interests (e.g. the chief
executive realising that it is time to step down).

While the board is ultimately accountable to the company's

shareholders, recent corporate governance development


means that the board must act responsively to, and with
responsibility toward, all stakeholders of the company.
With regard to shareholders, it is argued that they have
responsibilities as owners. That is, to use the available
mechanisms (e.g. annual general meetings and voting)
to query and assess the actions of management.*

*In the past, institutional investors (e.g. pension funds) were


notorious for not exercising their ownership responsibilities. They
were often happy to sit back and take no interest in how the
managers ran a company (other than to pass to management their
proxy voting rights) so long as dividends and share value increased.
Increased activity by small shareholders, pressure groups (e.g.
Greenpeace), social responsibility and sustainability have resulted in
institutional investors becoming centre stage for shareholder activity
in holding managers accountable for their actions.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*"The buck stops


here" was a phrase
popularised by US
President Harry S
Truman that refers to
"passing the buck" (i.e.
handing responsibility
to someone else)
and the fact that as
president he had to
make decisions and
accept the ultimate
responsibility for
those decisions and
the decisions of his
subordinates. As
president, he was
ultimately responsible
to the people who
elected him.

1-9

Session 1 Scope of Governance

2.3.8

P1 Governance, Risk and Ethics

Accountability

Individuals or groups in a company who make decisions and

take actions on specific issues need to be accountable for their


decisions and actions.*

*The duties of directors and functions of the board include


being held accountable for the performance and impacts of the
organisation, the relevance and reliability of corporate reports and
the integrity of the integrated report (if producedsee Session 20).

Mechanisms must exist and be effective to allow for

accountability (e.g. annual general meetings). These provide


investors with the means to query and assess the actions of
the board and its committees.
But accountability is a two-way processdirectors must
provide the necessary information (e.g. through annual
financial statements) and opportunities to shareholders
(e.g. annual general meeting or specific meetings with
institutional investors) to be able to hold the directors
accountable for their actions. As discussed above,
shareholders have responsibilities as owners.

Current developments in corporate governance imply that

management is not just accountable to shareholders but to all


stakeholders. This is reflected in the development of CSR (see
Session 7) and integrated reporting (see Session 20) showing
that additional costs (e.g. social and environmental costs)
other than pure economic production costs should be
accounted for and explained.

2.3.9

Judgement

Entities operate in a complex and diverse range of events,

activities and environments. Achieving objectives requires


a series of decisions to be made based on a solid and sound
judgement of the relevant information and environments in
which the entity operates.*
An entity's management must be able to consider numerous
issues and inter-relationships, give each due consideration,
reach meaningful conclusions (that will enhance the prosperity
of the entity) and communicate/enact such conclusions.
This implies that managers have a thorough understanding
of the entity, its operations, business environment and risks/
opportunities as well as the necessary and appropriate skills
to maximise benefits and minimise risks.

*Sound and appropriate judgement is essential to strong corporate


governance as "Corporate governance is concerned with holding the
balance between economic and social goals and between individual
and communal goals the aim being to align as nearly as possible
the interests of individuals, corporations and society."
Cadbury, World Bank report, 1999
1-10

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 1 Scope of Governance

2.3.10 Integrity

Example 1 Integrity
Describe the concept of integrity and its context in corporate governance.
Solution

2.3.11 Reputation

Although reputation has both a personal and entity aspect,

an entity's reputation depends heavily on the reputation of its


managers and employeesan entity's reputation is effectively
the cumulative result of all of the other underpinning concepts
of good corporate governance.
Reputation risk is a business risk that many entities now
consider to be the greatest risk to their market standing.
Evidence suggests that reputation carries an appropriate
market capitalisation premium (good reputation) or discount
(bad or declining reputation) for listed companies.

Any of the key concepts can be explicitly examined (e.g. "define


transparency" or "construct the case for greater transparency").
However, as the concepts underpin strong corporate governance,
any one (or more) can easily, and relevantly, be referred to in exam
answers (e.g. transparency and judgement in relation to an ethical
dilemma faced by an entity's CFO and the impact on the entity's
reputation).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

1-11

Session 1 Scope of Governance

2.4

P1 Governance, Risk and Ethics

King Report

The South African King Report on Corporate Governance (2002)


considered the characteristics of corporate governance. As well
as transparency, independence, accountability, responsibility and
fairness, the report also noted discipline and social responsibility
as characteristics.*
2.4.1

Discipline

Corporate discipline is a commitment by a company's senior

management to adhere to behaviour that is universally


recognised and accepted to be correct and proper. This
encompasses a company's awareness of, and commitment to,
the underlying principles of good governance, particularly at
the senior management level.

2.4.2

Social Responsibility

A well-managed company will be aware of, and respond to,

social issues, placing a high priority on ethical standards.


A good corporate citizen is increasingly seen as one that is
non-discriminatory, non-exploitative and is responsible with
regard to environmental and human rights issues. A company
is likely to experience indirect economic benefits (e.g.
improved productivity and corporate reputation) by taking
account of such factors.

Organisations

Many commentators on business matters consider that there


are three "sectors" in the business environment. Private sector
(i.e. listed and non-listed companies) and public sector (i.e.
governmental) organisations are the first and second sectors.
The third sector encompasses organisations that do not exist
primarily to make a profit nor to deliver a service on behalf of the
state. Rather, they exist primarily to provide a set of benefits that
cannot easily be provided by either profit-making businesses nor
the public sector.

3.1

Listed Companies

In most jurisdictions, the rights and duties of directors are

enshrined in statutory and case law and, for listed companies,


in listing rules. Corporate governance codes aim to build
flexible requirements on a solid legal base so they can be
updated easily to reflect current best practice.
The contents page of the UK Corporate Governance Code
("the Code") provides an insight into those areas that are
considered to be key issues in corporate governance.*
Leadershipeffective board, clear division of responsibilities
between running the board and executive functions, no one
individual should have unfettered powers of decision-making,
chairman leads the board, role of non-executive directors.*
Effectivenessbalance and skills of the board and
committees; director appointments, re-election, induction,
training and appraisal; information.

1-12

*The latest version


of the King Report
(King Report III)
was published in
2009. In this report,
the concepts of
discipline and social
responsibility were
incorporated into the
need for the board to
embed a strong ethical
corporate culture
(see Session 16)
and ensure that the
entity is a responsible
corporate citizen
with the recognition
of sustainability as a
business opportunity.

*Also see Session 6


for the contents of
the OECD and ICGN
principles on corporate
governance.

*Integrated reporting
<IR> requires
those charged with
governance to
acknowledge their
responsibilities to
stakeholders in order
to ensure the integrity
of information provided
in the report (see
Session 20).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Accountabilitybalanced and understandable assessment


of the company's position and prospects; risks, risk
management and internal controls; relationship with the
external auditor.*
Remunerationappropriate to attract, retain and motivate
directors (without paying more than is necessary) with
strong links to company and individual performance; formal
and transparent procedures with no director involved in
deciding own remuneration.
Relations with shareholderssatisfactory dialogue,
communication of shareholder views to the board,
constructive use of the annual general meeting (AGM).
Directorsduties, functions, appointment, induction,
continuing professional education and performance appraisal.
In addition, with CSR and the application of business ethics
having a significant effect on corporate reputation, both
areas should now be considered as well within the scope
of corporate governance.

Session 1 Scope of Governance

3.2

*Corporate reporting
must be relevant and
reliable.

Private Companies (Non-listed)

While the concept of corporate governance has evolved

because of the actions of listed companies, it can just as


equally apply to private companies and, in particular, the
larger companies (which will have greater value than smaller
listed companies).*
Corporate governance may not be of high significance to
private companies, but that will depend on their size and
activities. Specific differences for private companies that
would have an effect on the level of governance compared
to listed companies include:
Limited number of shareholders (e.g. family members).
Directors are usually the only or major shareholders.
Lower need for different sources of finance (e.g. usually
just a bank loan).
Less regulation (e.g. standard legal requirements, no
listing rules).
Less complex systems (e.g. no need for internal audit).
Financial statement disclosure exemptions and audit
exemption for small companies.
However, all private companies should consider the principles
of good corporate governance and consider implementing the
most relevant ones (e.g. risk management).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*The South African


King III Report is
specifically aimed at
all companies; its
requirements are
compulsory for listed
companies.

1-13

Session 1 Scope of Governance

3.3

Public Sector Organisations

3.3.1

Structure and Governance

P1 Governance, Risk and Ethics

A range of organisations exist in a "mixed economy" (i.e.


an economy in which some industries and businesses are
government-owned and others are privately owned):

Business organisations that exist to make a profit.


Organisations that exist for charitable or benevolent purposes.
Public sector organisations that are, in some way, connected
to, or deliver, public goods and services that cannot (or should
not) be provided by "for-profit" businesses.*

In most cases, public sector organisations are operated, at least


in part, by the state (i.e. a self-governing, autonomous region,
often comprising a population with a common recent or ancient
history).* A state has four essential "organs" without which it
cannot fully operate:
1. The executive (e.g. monarch or other head of state) or
government (e.g. prime minister).

*Not to be confused
with "public
companies" (which
describes the
public availability of
shares).

*A state is not to
be confused with a
government.

2. The legislature (formulates and passes statute law)in a


democracy, this is largely elected.
3. The judiciary (the system of courts) that interprets statute
and enforces non-statute laws ("common law")in a
democracy, this is independent.*
4. The secretariat (or administration) is responsible for carrying
out government policy and administering a large number of
state functions. It is the largest of the four "organs" and its
roles depend on the Constitution but typically include:

education and health;


local authority provision and central government;
defence and foreign affairs;
state pensions;
tax collection; and
interior issues (e.g. immigration, policing and prisons).

*So it can bring a


legal case against
the government
or its members if
necessary.

Public sector organisations do not have shareholders, are mostly


funded by revenues from the state (mainly taxes together with
state borrowing) and they exist to deliver public services that
cannot (or, in the opinion of the government, should not) be
provided by the private sector (i.e. businesses funded by private
capital).*

*The public sector is very large in most developed countries


(e.g. more than 40% of the country's domestic product) and in
many developing countries, too. It accounts for many different
organisations delivering important services and employing thousands
or even millions of people (e.g. in the UK, it accounts for about a
quarter of all jobs).

1-14

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 1 Scope of Governance

Depending on their structure and constitution,* they may

be governed by a board of appointed directors, trustees or


governors (e.g. health service, schools), publicly elected officials
(e.g. local city hall mayor) or directly by a government minister.
Ultimately all public sector organisations are accountable
to the public, directly or indirectly. National and local
governments are accountable to the general public, which may
pass judgement through voting.*
Similar to companies, public sector organisations need an
executive to show leadership and managementnot only
representative of the services provided, but also from diverse
backgrounds to broaden the "gene pool" and represent the
community. They also need to balance the need for stability
against the need to "keep up with the times".
Although it is not common in the public sector, public sector
organisations which have a direct link to the public (e.g. local
councils) often produce independently audit statements of
income and expenditure, but in less detail than required for listed
companies.

*Public sector
organisations may
be at the national,
sub-national or supranational level (see
s.3.3.23.3.4 below).

*Public sector agency


and stakeholder issues
are discussed in
Session 2.

Many larger public sector organisations (e.g. local councils)

have internal audit departments carrying out similar roles


to those of listed companies. They do not generally report
to an audit committee, however, as it is rare for corporate
governance style committees to exist in public services.
In the UK (and in other countries), government expenditure
is closely scrutinised through various committees of members
of Parliament and a full-time "internal audit" department, the
Audit Commission. Ministers may be called upon to explain to
Parliament expenditure in their departments. A similar system
operates at the local administration level.
Also, many public sector organisations have established
independent procedures whereby employees and members
of the public may make official complaints about the
organisation's activities and procedures (similar to whistleblowing procedures).

3.3.2

National Public Sector Bodies

Typically a national government is divided into various


departments (e.g. treasury, interior ministry, foreign office,
defence ministry, health service, education and social services).
In many cases, these departments are led by a political minister
from the governing political party, supported by a staff of career
civil servants.
In terms of governance, the political minister issues instructions
on how the department should formulate and implement policy
to help achieve the government's overall strategic objectives.
The civil servants advise the minister and help him or her to
implement policy in the relevant department.
This structure is important in democratic countries as the policies
adopted by the various departments affect the entire population
of the country (as well as, perhaps, populations of other countries
(e.g. through trading and foreign aid) and it is critical that they
are subject to political change when the electorate changes a
government at an election.*

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*This process is
an example of the
application of a "social
contract" between
the people and the
government (i.e. the
state only exists to
serve the will of the
people and the people
are the source of all
political power enjoyed
by the state). The
people can choose to
give or withhold this
power.

1-15

Session 1 Scope of Governance

P1 Governance, Risk and Ethics

In addition, national government policy is configured and


coordinated centrally to ensure that strategic policies are pursued
and that departments work together to achieve this. The head of
government (e.g. the UK prime minister), not to be confused with
the head of state (e.g. in the UK, the Queen), is responsible for
national government policy and in a democracy he or she can be
re-elected or defeated based on his or her performance as head of
the government.
3.3.3

Sub-national Public Sector Bodies

Some countries are organised or subdivided at a "below" (i.e.


"sub-") national level, into regional authorities, variously called
regional assemblies, federal states, cantons, departments,
municipalities, local authorities or similar.
Some selected powers are devolved down to these sub-national
bodies by national government in the belief that these selected
powers are either best handled by local people (to meet specific
local needs) or that service delivery to the regions will be more
efficient or cost effective.
Typical powers devolved down to the sub-national level include:

planning (e.g. roads and new housing permissions);


utilities (e.g. energy and water); and
policing, local schools, housing, support of vulnerable
communities, rubbish collection, etc.

Illustration 1 Healthcare
In many countries general healthcare is one of the tasks devolved to
local authorities, as they are usually in possession of the particular
statistics and needs analyses that are necessary for effective
planning of local health services. If a large housing project is
planned, or if there has been a significant influx of people because
of employment opportunities, the local authority can ensure that
appropriate health services are added or expanded to serve the
increase in the local population. Similarly, local demographic trends
and particular health service needs may be better understood by
sub-national authorities than by national government. In such
cases, individual health centres and general hospitals must report
to the local authority on selected metrics, which might include
budgetary compliance, patient statistics, bed occupancy rates, and
operation statistics. This would also mean that specialist medical
needs (e.g. heart surgery) or very expensive equipment (e.g. brain/
body scanners) could be centralised in each local authority (or a
group of local authorities) to ensure value for money application.

In many cases, sub-national public sector organisations are led


by elected representatives in a way that is similar to national
governments. These are supported by permanent officials in a
similar manner to civil servants in national governments.

1-16

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

3.3.4

Session 1 Scope of Governance

Supranational Public Sector Bodies

Supranational bodies are formed by a grouping of national


governments ("locally" or worldwide) for a shared purpose.
They are often subject to significant pressures as the larger the
grouping of governments, the greater the potential for conflicts
and disagreements (e.g. pressure from each country's own people
to prefer one outcome to another).
Typical examples include:

The European Union, with offices in Strasbourg and Brussels.

Similar bodies for trading and/or political reasons exist


elsewhere in the world.
The United Nations (UN), based in New York, expresses the
collective opinion of many countries on a range of international
issues (in 2014, 192 nation states were members). The UN
employs many thousands of people, at its headquarters in
New York as well as around the world through its various
agencies (e.g. the World Health Organisation, refugee agency,
environmental programme, etc).
The World Trade Organisation (WTO, formerly the General
Agreement on Tariffs and Trade), the International Monetary
Fund (IMF), World Bank and the International Court of Justice
at The Hague.

3.3.5

The Seven Principles of Public Life*

*While ownership, control, objectives and risks of public sector


organisations may be different from listed companies, many of the
governance principles are equally applicable (e.g. composition,
ability and succession of the governing body, accountability, risk
management, transparency, effectiveness). It is not uncommon
for national governments (e.g. the UK) to take private-sector
methodologies and apply or adapt them to public sector
organisations in an attempt to make such organisations more
effective, market oriented and accountable.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

1-17

Session 1 Scope of Governance

P1 Governance, Risk and Ethics

Taken from the UK Government's Committee on Standards


in Public Life (originally the Nolan Committee on Standards
established in 1995), holders of public office should adhere to the
following principles:
Selflessness

Acting solely in terms of the public interest. Not


acting to gain financial or other material benefits for
themselves, family or friends.

Integrity

Not placing themselves under any financial or other


obligation to outside individuals or organisations that
might seek to influence them in performing their
official duties.

Objectivity

Making choices on merit in carrying out public


business, including making public appointments,
awarding contracts or recommending individuals for
rewards and benefits.

Accountability

Public accountability for decisions and actions.


Includes submitting themselves to whatever scrutiny
is appropriate to their office.

Openness

Being as open as possible about decisions and actions.


Giving reasons for decisions and restricting information
only when the wider public interest clearly demands it.

Honesty

Having a duty to declare any private interests


relating to their public duties and taking steps to
resolve any conflicts arising in a way that protects
the public interest.

Leadership

Promoting and supporting these principles by


leadership and example.

3.3.6

The Independent Commission for Good Governance


in Public Services

The Independent Commission for Good Governance in Public


Services (Office for Public Management, or OPM, and the
Chartered Institute of Public Finance and Accountancy, or CIPFA)
identified six principles of good governance in the public service.*

*Because of the significant range and objectives of public services,


taking one set of basic rules and applying them to all situations
is neither practical nor possible. Several organisations publish
guidelines and principles to be applied by public sector organisations.

1-18

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 1 Scope of Governance

1. Focusing on the organisation's purpose and on outcomes


for citizens and service users.
Being

clear about the organisation's purpose and its


intended outcomes for citizens and service users.
Ensuring that users receive a high-quality service.
Ensuring that taxpayers receive value for their money.
2. Performing effectively in clearly defined functions and
roles. Being clear about:
the

functions of the governing body;


responsibilities of NEDs and the executives and ensuring
that they are carried out; and
the relationships between governors and the public.
3. Promoting values for the whole organisation and
demonstrating the values of good governance through behaviour.
the

Putting

organisational values into practice.


governors uphold and exemplify effective
governance.
4. Taking informed transparent decisions and managing
risk through:
Individual

being

rigorous and transparent about how decisions are taken;


and using good-quality information, advice and
support;
ensuring that an effective risk management system is in
operation.
5. Developing the capacity and capability of the governing
body to be effective by:
having

ensuring

that appointed and elected governors have the


skills, knowledge and experience they need to perform well;
developing the capability of people with governance
responsibilities and evaluating their performance, as
individuals and as a group; and
striking a balance, in the membership of the governing
body, between continuity and renewal.
6. Engaging stakeholders and making accountability real
through:
understanding

formal and informal accountability


relationships;
taking an active and planned approach to dialogue with
accountability to the public;
taking an active and planned approach to responsibility to
staff; and
engaging effectively with institutional stakeholders.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

1-19

Session 1 Scope of Governance

3.4

P1 Governance, Risk and Ethics

Non-governmental Organisations (NGOs)

These organisations usually consider financial objectives as

constraints under which they have to operate. Examples


include:
Charities and Foundations (collect money and effectively
distribute according to the charity's aims).
Pressure groups (who raise money to be able to follow a
given agenda).
Clubs and mutual societies (e.g. trade unions which
raise money directly from members to be able to provide
common services to them).
Such organisations raise money from public sources (e.g.
benevolent individuals) to fund their activities. Larger
organisations take governance seriously as they need to
demonstrate to existing and potential fund providers that
money is being spent appropriately in accordance with the
entity's objectives, statute or charter.*
Also, many may be subject to specific regulatory requirements
(e.g. the UK Charities Act has accounting requirements very
similar to the Companies Act).

Using charities as an illustration, the principal comparisons to

listed companies are:


Although unlikely to have shareholders they may have
members and be supervised by a specific regulatory body
(e.g. Charities Commission in the UK).
Key stakeholders usually will include fund providers, grant
providers, donors, donation recipients and the general
public. In particular, providers and donors will take a close
interest in what happens to the funds they provide.
Although often run along the lines of a company (e.g.
with a board of directors, the majority of whom will be
independent) which may be overseen by a board of trustees
(all will be independent). Except for the larger, international
organisations, most directors and trustees may not be
remunerated.
Trustees have an oversight role similar to the combined
roles of audit, nominations and remuneration committees.*
Codes of governance contain similar provisions to codes for
listed companies regarding the board, roles of CEO, chairman
of the board, trustees chairman, committees, appointment,
remuneration, independence, reporting and auditing.

1-20

Non-governmental
organisation"An
independent voluntary
association of people
acting together on a
continuous basis, for
some common purpose
other than achieving
government office,
making money or
illegal activities."

*Medicins sans
Frontiers ("Doctors
Without Borders") is a
huge, well-structured
organisation, that
delivers emergency
medical aid to
people affected by
conflict, epidemics,
disasters, etc.

*A key role of the


Trustees is to ensure
that the charity (or
NGO) operates in line
with its stated purpose
or terms of reference.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 1 Scope of Governance

3.4.1 Principles for Good Governance and Ethical Practice


(Panelon the Non-profit Sector)

The Panel on the Non-profit Sector (2007) has been dedicated


to finding ways to strengthen governance, transparency and
ethical standards in the US charitable community since its
creation in October 2004.
33 principles are detailed in the guidelines, grouped into 4areas:
1.Legal
compliance
and public
disclosure

Responsibilities and practices (e.g.


implementing conflicts of interest and whistleblower policies) to assist charities in complying
with their legal obligations and providing
information to the public (similar to the UK
Code).

2.Effective
governance

Policies and procedures a board of directors


should implement to fulfil its oversight and
governance responsibilities effectively (similar
to the UK Code).

3.Strong
financial
oversight

Policies and procedures to ensure wise


stewardship of charitable resources
(appropriate variations from the UKCode).

4.Responsible
fundraising

Policies and procedures for soliciting funds


from the public to build donor support and
confidence (appropriate variations from the UK
Code).

3.4.2 Principles of the Code of Governance for the Voluntary


and Community Sector
Board
leadership

Every organisation should be led and


controlled by an effective board of
trustees to ensure delivery ofits objects,
set its strategic direction and uphold its
values.

The board in
control

The trustees are responsible and accountable


for ensuring and monitoring that the
organisation is performing well, is solvent and
complies with all its obligations.

The high
performance
board

The board should have clear responsibilities


and functions and compose and organise itself
to discharge them effectively.

Board review
and renewal

The board should periodically review its own


and the organisation's effectiveness and take
any necessary steps to ensure that both
continue to work well.

Board
delegation

The board should set out the functions of subcommittees, officers, the chief executive, other
staff and agents in clear delegated authorities
and monitor their performance.

Board and
trustee integrity

The board and individual trustees should


act according to high ethical standards and
ensure that conflicts of interest are dealt with
properly.

Board openness

The board should be open, responsive and


accountable to its users, beneficiaries,
members, partners and interested others.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

1-21

Session 1 Scope of Governance

3.5

P1 Governance, Risk and Ethics

Quasi-Autonomous NGOs (Quangos)

An NGO may be funded by a government but remain semiindependent of the government in its activities. For example,
a government may want to provide an important service (e.g.
regional support of businesses) but ensure that its delivery is
free from (and seen to be free from) political interference. To
avoid accusations that a business-support decision was based
on political advantage, the governing party may give a publicly
funded organisation effective autonomy in its decision-making,
even though it is helping to implement government policy.
There are two main problems with quangos:
They may be accused of being unaccountable for their
decisions because they only weakly report to the government
(and the taxpayers) who fund their decisions.*
They can be politically awkward and, accordingly, their use in
the public sector changes over time.

3.6

Lobbying and Lobby Groups

In a democratic society (i.e. one in which political priorities are


publicly debated and governments change with the collective will
of voters), varied external interests seek to influence public policy.

In some cases, external interests unite on a certain opinion,

and it may seem appropriate to campaign to influence


government policy in favour of a particular vested interest.
When organised specifically to try to influence government
policy or new legislation, such interests may "lobby" politicians
for their support (i.e. vote in their favour).
"Lobby groups" may attempt to influence in favour or against
a wide range of issues and include*:
British Medical Association
Campaign for Nuclear Disarmament
Energy Lobby
Greenpeace
National Rifle Association
Oxfam
Royal Society for the Protection of Birds.

*But that is partly the


point of a quango:
it accounts to many
principals, including
local stakeholders,
central government
and national
taxpayers.

*Also called pressure


groups, campaign
groups, special interest
groups, etc.

Although their activities are legal, some argue that they may
not be helpful because the best-funded are most likely to be
heard. This can be against the public interest and in favour
of sectional interests (which is not always helpful to the
democratic process).

1-22

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 1 Scope of Governance

3.7 Public Sector Debate


Public sector organisations (regardless of their form) are directly
responsible for delivering part of a government's policy and are,
in most countries, under the control of the government. This
means that they are under "political control" in that people in
government with a political agenda partly control their objectives
and activities.
In many countries, politics divides along a "left-right" split; in
others, political divisions are more concerned with ethnicity,
culture or religion. In some countries, universities may be funded
mainly by governments; in others, they may be mainly private
institutions. Healthcare and schools provide other examples;
these may be under central government control and funding or be
privately funded (citizens must pay for services directly or through
insurance).
There is occasional debate about how public sector organisations
should be operated and whether they should exist. Because, in
many democratic countries, public policy is debated in the public
arena, there is a public debate about how the state sector should
be constituted. This includes debates about the size of the state
and the role of its institutions.
In a democracy, political parties argue about the nature of
public policy and they do so from a particular set of underlying
assumptions. Some of these underlying assumptions influence
the way they argue for particular outcomes and the way in which
they guide a government when they achieve political power (e.g.
left-leaning governments tend to prefer a larger state sector, with
more state spending and more public sector employment, while
right-leaning governments prefer that more be achieved in the
private sector and less by government).
In addition, changing policy objectives mean that some public
sector organisations are required to change over time, both in
size and in what they are asked to do. As governments change,
some public sector organisations grow in size and become more
important, and others become small, less important or even
disappear.
The debate is often intense and enduring. In the case of
education, some believe that it should always be entirely within
the public sector and entirely funded by the taxpayer. This means
that, for the service user (the student), everything is free at
the point of use. Others strongly believe that this is a misuse
of public funds and that people should pay for their education in
other ways, such as through loans or a subscription scheme. With
tertiary, university education, some believe that it should be paid
for by the state (i.e. no fees) and others believe that students
should pay (although some believe that a form of "means testing"
should applyif a student's parents can afford to contribute, they
should do so).
In each case, debates are complicated. If there were easy and
convincing answers, there would be less debate. But public
opinion is split on most areas of public debate and this fuels
political debate and, in turn, how public sector organisations are
configured in line with particular political influences.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

1-23

Session 1 Scope of Governance

P1 Governance, Risk and Ethics

One of the ways in which some countries have restructured their


economies in recent years is through the process of privatisation.
This means taking a service that was previously delivered through
public sector organisations and then allowing it to be provided by
private sector organisations.
In some cases, the previous public sector monopoly supplier of a
service is transferred into the private sector by making it into a
public, listed company so people can buy shares in it. Those in
favour of privatisation tend to argue that services can be delivered
more efficiently in the private sector where management have a
profit motive and competition. This, in turn, delivers better value
to the customer.
This process is not without its critics, however. Opponents of
privatisation sometimes argue that some strategic services, such
as utilities, water, etc, are too important to be subject to the
market forces of private enterprise. Others believe, perhaps from
a position of personal ideology, that the state should control much
more of the economy rather than less. So, for example, transport
(especially buses and trains) should also be under state control.

Questions are regularly set that cover the governance issues of public
sector and non-corporate organisations. Such questions require an
understanding of the stakeholders involved and their issues/claims,
a realisation that the organisation is not controlled by shareholders,
agency relationships (see Session 2), the various governing bodies
and how they are overseen. In addition, a question could cover the
impact of moving from a public body (controlled by government)
to a listed private enterprise (accountable to shareholders) through
privatisation. Not only would governance procedures change but
there would also be significant changes in risks and culture.

1-24

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 1
Summary

Corporate governance is the system by which firms are directed and controlled within a
distribution of rights and responsibilities among directors, managers and stakeholders.

Corporate governance provides the structure for determining strategy and setting, monitoring
and achieving corporate objectives.

Corporate governance principles are also applicable to private firms and public entities.

The UK Corporate Governance Code recognises the key issues of corporate governance to be
leadership, effectiveness, accountability, remuneration, relations with shareholders and the
functions and duties of directors.

Corporate governance may also be applied to public sector organisations. The Committee
on Standards in Public Life adds selflessness (i.e. acting in the public interest rather than to
receive personal financial gain).

The fundamental underpinning concepts of corporate governance are fairness, openness


and transparency, innovation, scepticism, independence, probity and honesty, responsibility,
accountability, judgement, integrity and reputation.

Session 1 Quiz
Estimated time: 15 minutes
1.

Define corporate governance. (2.1)

2. List the ELEVEN key underpinning concepts of corporate governance. (2.3)


3. Explain why "accountability" is a two-way process. (2.3.6)
4. List FIVE key issues in corporate governance. (3.1)
5. List the SEVEN principles of public life. (3.3.5)

Study Question Bank


Estimated time: 50 minutes

Priority

Q1

Estimated Time

Completed

Corporate Governance 50 minutes

Additional

Q2

Public Service

2014 DeVry/Becker Educational Development Corp. All rights reserved.

1-25

EXAMPLE SOLUTION
Solution 1Integrity
Under the ACCA Code of Ethics and Conduct, integrity requires that
"in all professional, business, personal and financial relationships,
members should be straightforward and honest. This implies
honesty, fair dealing and truthfulness. Members should not be
associated with (e.g. sign off) reports, returns, communications or
other information where they believe that the information:
contains materially false or misleading statements;
contains statements or information furnished recklessly; or
omits or obscures information required to be included where such
omission or obscurity would be misleading."
This understanding of the concept of integrity is fundamental for
strong corporate governance. The perceived integrity of the entity
(e.g. as a corporate body), the integrity of the actions taken by the
management and employees of the entity, the integrity of its external
and internal reports and information cannot be greater than the
integrity of those involved.

Individual integrity describes a person of high moral valuean


individual who observes a steadfast adherence to a strict moral
code or ethical code notwithstanding other pressures on them to act
otherwise. The virtue of the individual rather than the ethics
of the action is emphasisedintegrity provides the necessary ethical
framework.

As in many situations in life, in corporate governance trust is vital.


Integrity underpins this.

1-26

2014 DeVry/Becker Educational Development Corp. All rights reserved.

NOTES

2014 DeVry/Becker Educational Development Corp. All rights reserved.

1-27

Session 2

Agency Relationships and


Stakeholder Theory
FOCUS
This session covers the following content from the ACCA Study Guide.
A. Governance and Responsibility
1. The scope of governance
g) Explain and evaluate the roles, interests and claims of the internal parties
involved in corporate governance.
h) Explain and evaluate the roles, interests and claims of the external parties
involved in corporate governance.
i)

Analyse and discuss the role and influence of institutional investors in


corporate governance systems and structures, for example the roles and
influences of pension funds, insurance companies and mutual funds.

2. Agency relationships and theories


a) Define and explore agency theory.
b) Define and explain the key concepts in agency theory.
c) Explain and explore the nature of the principal-agent relationship in the
context of corporate governance.
d) Analyse and critically evaluate the nature of agency accountability in
agency relationships.
e) Explain and analyse other theories used to explain aspects of the agency
relationship.
7. Corporate governance and corporate social responsibility
b) Discuss and critically assess the concept of stakeholders and stakeholding
in organisations and how this can affect strategy and corporate
governance.
c) Analyse and evaluate issues of "ownership", "property" and the
responsibilities of ownership in the context of shareholding.
(see ACCA Study Guide for expanded learning objectives)

Session 2 Guidance
Read Session 2 thoroughly; you may need to read this session more than once.
Understand the concepts of agency and stakeholder theory as both are key to the syllabus, are
always examined and will be covered in greater depth in later sessions.

(continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To consider the application of agency theory and stakeholder theory in the
context of corporate governance.

THEORIES

AGENCY

Development
Key Concepts
Fiduciary Duties
Agency Problem
Agency Costs
Aligning Interests
Public Sector

TRANSACTION COST
Development
Comparison to
Agency Theory

INFLUENCE
Risk
Mendelow

STAKEHOLDER

Application
Development
Boardroom Impact
Stakeholder
Classification
Public Sector

ROLES
Internal Stakeholders
External Stakeholders

Session 2 Guidance
Read section 2 on transaction costs theory.
Work through all the Examples.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

2-1

Session 2 Agency Relationships and Stakeholder Theory

Agency Theory

1.1

Development

P1 Governance, Risk and Ethics

Historically, the same individual owned, controlled and

managed an individual company. As that company expanded


and sought increasing finance through share issues to the
general public, owners (the shareholders) found it increasingly
difficult to also manage (control) the business on a daily basis.
The development of the market system (stock exchanges) in
the UK and US eventually resulted in shareholders delegating
the running of the business to the company's management.
The separation of ownership and control became evident.
Berle and Means (1932) noted that every improvement
made by governments in the system for owning company
shares was designed to make it easier for shareholders to
trade their shares.
As stock markets became more active, owners became more
passive, owning share certificates rather than assets of the
business.

Agency theory
duties and conflicts that
occur between parties
who have a relationship
in which one or
more persons (the
principals) delegate
some decision-making
authority to another
person (the agent) in
order for the agent to
perform some service
on behalf of the
principals.

Clearly, as the number of shareholders grew, the incentive and

ability of individual shareholders to gather information and


monitor managers decreased. Issuing shares and expanding
share ownership may have been considered a "good thing
to bring capitalism to the ordinary people" but it also gave
managers greater potential to run the business as they wanted
with little interference and accountability.
Jensen and Meckling (1976) described how agency costs affect
the value of outside financing.

1.2

Key Concepts

Agents and principals: An agent is an individual hired or


employed by another, the principal, to carry out a task on
principal's behalf.
Agency: The relationship between a principal and the agent.
Agency costs: The costs incurred in establishing and monitoring
the agent by the principal (i.e. how the shareholder controls and
verifies management's activities).
Residual loss: The reduction in shareholder value that
results from excessive agency costs. For example, directors
awarding themselves other benefits beyond basic salaries and
incentive schemes such as company cars, houses, planes, club
memberships, etc.
Accountability: Under the agency relationship, the agent is
accountable to the principal for the outcome of the work the
agent carries out and the resources used. In theory, the directors
are answerable to, and held responsible by, the shareholders for
their actions.
Fiduciary duty: The duty imposed upon certain persons because
of the position of trust and confidence in which they stand in
relation to another.

2-2

Questions may
clearly be set on
agency theory
(e.g. definitions,
explanations,
analysing agency
relationships in a
given scenario).
However, even if
there is no specific
reference to agency,
agency relationships
can often be identified
in a scenario and
incorporated into
an answer, where
relevant. For
example, directors
will always have
a fiduciary duty
explaining that in
the context of the
question set would
earn marks.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 2 Agency Relationships and Stakeholder Theory

Example 1 Agency Costs


List FOUR types of agency costs in the shareholder-director relationship.

Solution
1.
2.
3.
4.

1.3

Fiduciary Responsibilities

Fiduciary duty is more onerous than duties which generally arise


under a relationship of contract or tort. It requires full disclosure
of information held by the fiduciary, a strict duty to account for
any profits received as a result of the relationship and a duty to
avoid conflicts of interest.
Under English law, fiduciary duties of directors to the company
(as derived under common law) include:

To act in good faith in the best interests of the company;


To act within the powers conferred by statutory documents

(e.g. memorandum and articles of association) and to exercise


powers for proper purposes;
Not to restrain discretion (must use independent judgement
on the company's behalf);
To avoid conflicts of interest and conflicting duties;
Not to make a secret profit (includes accepting benefit or
bribes from third parties);
To exercise due skill and care in the performance of their
duties.*

1.4

The Agency Problem

Agency and the relationship between directors and

shareholders lie at the core of corporate governance. The


separation of ownership and control has resulted in potential
conflicts of interest between directors and shareholders
divergent interests.
The "agency problem" concerns how the shareholders
(principals) control the directors (agents) to ensure that the
agents act in the principals' best interests and not their own.
While the fiduciary duty to act in good faith should be for the
best interests of the company, agency theory takes the view
that this may not always be the case. A basic assumption
of financial theory is that companies aim to maximise
shareholders' wealth. However, the goals of the principal and
agent may conflict and the agent may prefer to pursue the
agent's own interests.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Fiduciary means
"trust". A fiduciary
relationship arises
when the faith and
confidence given
by one person is
accepted by the other
person. Fiduciary
responsibilities/duties
can be legal or ethical
in nature. Although
fiduciary duties apply
to directors, they
equally apply to any
agent.

*These duties are now


incorporated in UK law
(Companies Act 2006).
Collectively they mean
that the directors
must promote the
success (i.e. long-term
increase in value) of
the entity.

2-3

Session 2 Agency Relationships and Stakeholder Theory

P1 Governance, Risk and Ethics

Examples of potential conflicts between principal and agent


include:
salaries, benefits and easy-to-obtain bonuses
(regardless of performance).
Excessive retirement benefits.
Long-term contracts (making it difficult and/or costly to
dismiss directors).
"Golden-parachutes" providing directors with significant
compensation in the event of a takeover.
"Poison-pills" making a takeover difficult when it would be
in the shareholders' interests, but not in the interests of
the directors.
Non-business use of corporate assets.
Related party transactions which are not at arm's length.
Effectively treating the company as the agent's own private
bank account.
As first noted by Berle and Means, as companies grew, their
shareholders became further divorced from control with a
tendency to merely vote for management proposals or give
the directors their voting rights (by proxy).
A certain malaise set in with individual shareholders, realising
that they could not influence the directorssettling for annual
dividends and capital growth. If dissatisfied, they could sell
their shares and, if the worst happened, they would only lose
their initial investment (and not their entire wealth).
The gradual emergence of institutional investors (e.g. pension
funds, life insurance companies, unit trusts, investment trusts
and, more recently, hedge funds) made the agency problem
worse. Such investors were primarily interested in maximising
short-term gains (in share value and income). They took little
interest in actively voting so a high proportion of proxy votes
would be handed over to the directors.*
As long as the directors were able to meet the basic needs
of shareholders or offer sufficient "sweeteners" (e.g. special
dividends, increased shareholder benefits), they were more or
less able to do as they pleased to run the company.
High

*The primary interest of institutional investment managers put


pressure on company managers to take decisions that would
maximise short-term profit rather than ensure long-term profits and
company stability. As the percentage of issued shares held by these
investors grew (40% in 1960 to over 80% in 2000 for UK equities),
the agency problem was exacerbated.
In many cases, this was further aggravated by directors awarding
themselves bonuses based on short-term results. Thus there were
incentives for directors to manipulate financial results in order to
achieve short-term targets.
However, the corporate excesses and scandals of the late 1980s
and 1990s, the emergence of corporate social responsibility (CSR),
the UK Corporate Governance Code and the US Sarbanes-Oxley
Act (2002) had a profound effect on the way institutional investors
viewed their responsibilities as shareholders. Instead of intensifying
the agency problem, institutional investors are now at the forefront
of narrowing the divide between ownership and control.

2-4

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.5

Session 2 Agency Relationships and Stakeholder Theory

Agency Costs

As noted previously, agency costs are the costs incurred in


establishing and monitoring the agent by the principal; how the
shareholder controls the activities of the managers and directors,
and verifies their activities.
The total agency cost arising from the agency problem may be
summarised as the sum of (Jill Solomon, 2007):

monitoring expensescosts incurred to ensure

agent performance such as remuneration contracts,


performance-based contracts, control procedures,
external audit fees and internal audit costs;*
bonding (contracting) coststhe costs of the agents
to show the principals that they have acted in good faith,
such as financial statements and interim statements, listing
reports, voluntary statements, meetings with institutional
shareholders, websites; and*
residual coststhe costs of the agents providing themselves
with additional benefits beyond basic remuneration such
as bonus and incentive schemes, "working" holidays, office
equipment and employment of spouses as personal assistants.

1.6

Aligning Director and Shareholder Interests

Solutions to aligning director (agent) and shareholder (principal)


interests are often a balancing act between incentivisation and
active monitoring. Also, they may tend to be theoretical rather
than practical.*
1.6.1

Remuneration and Incentive Contracts

What remuneration levels will satisfy directors so as not to

pursue their own interests? What incentive schemes (e.g.


bonuses, share options) are needed to encourage directors to
maximise shareholders' wealth? How are such schemes to be
designed to balance both short-term and long-term wealth?
Given that the majority of directors do not have a financial
interest in the shares of the companies they manage (research
indicates this may be as low as 5%), they may only take a
short-term view, rather than a long-term view, on notionally
maximising shareholder wealth as it will be in their direct
interests to do so. The actions they take may create future
problems which will crystallise when they have moved on from
the company.*
1.6.2

Voting at Annual General Meetings (AGMs)

Shareholders usually have the right to vote at the AGM of the

company. Such voting will be, for example, on acceptance of


the financial statements, dividends proposed, re-appointment
of directors, re-appointment of the auditors, or specific
resolutions put forward by management.
They either can vote for, vote against or allow a proxy vote to
be used by a director as the director sees fit.

While the vote is considered to be an essential aspect of

controlling the directors, it will only have an effect if a


sufficiently large number of votes are cast in a particular way
(e.g. against a directors' resolution or the re-appointment of a
particular director).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Agency theory
assumes that it is
costly and difficult for
the principal to verify
what the agent is
doing.

*Monitoring expenses
also include the
principal's time (e.g.
reading and analysing
reports, travelling to
and attending AGMs).
These costs are the
"other side" of some of
the bonding costs.
*Bonding costs also
include costs of stock
options and other
structures which
incentivise agents to
act in the principal's
best interests.
Residual costs also
include costs of agent
misbehaviour such
as using corporate
funds for private
purposes (e.g.
club memberships,
"meetings" in exotic
locations, employing
unqualified relatives at
high rates, etc).

*Many of these
"solutions" are
discussed in greater
detail in later sessions:
remuneration in
Session 5, AGMs in
Session 8 and the
board in Session 3.
*Many corporate
scandals centre on the
greed and arrogance
of the directors.
Despite being highly
remunerated, their
egos tend to get the
better of them.

2-5

Session 2 Agency Relationships and Stakeholder Theory

P1 Governance, Risk and Ethics

The more fragmented the shareholders, the more difficult

and costly it is to effectively challenge the management. But


with institutional investors, they have the effective holdings to
bring appropriate pressure and control on management and
have, in the recent past, grown far more active in using their
voting power.

1.6.3

Board Composition

In theory, shareholders can vote against new appointments

or re-appointments to the board. But, in practice, this


would take considerable organisation within a fragmented
shareholder base. Many individual shareholders would pass
across a proxy vote to the directors, who would vote for a
fellow director.
The activism of institutional shareholders has, in recent years,
resulted in directors being voted off of boards.
1.6.4

Shareholder Resolutions

In most jurisdictions, shareholders may propose resolutions

to be discussed and voted upon at general meetings. There


normally are minimum requirements (e.g. number and
value of shares held5% of the issued share capital or 100
members holding an average of 100 shares each). Such
requirements usually are not a hindrance to an individual
shareholder as they may be able to gather the necessary
support through shareholder and activist websites.

Although just about all shareholder resolutions fail if they

do not have the support of the directors or the institutional


investors, they often are disliked by directors because of the
publicity they may generate.

1.6.5

Selling Shareholdings

Where shareholders disagree with the actions of management


and management does not take their concerns into account,
the ultimate sanction against management will be for the
shareholders to sell (divest) their shares.
Management will not be concerned if the shareholder is an
individual. Concern will be great, however, if the shareholder
is an institutional investor as the action could easily lead to a
domino effect, causing other institutional investors to divest.

It is not unusual for poor management action/inaction to result


in a fall of the share price to a level at which the company
becomes a takeover target. Shareholders dissatisfied with
management may threaten to sell their shares to a bidder if
appropriate action is not taken to turn the company around.
If the shareholders are primarily institutional investors, one
of those investors could easily be the tipping point for the
takeover bid to be successful.
1.6.6

One-to-One Meetings

A direct way that institutional investors can influence (control)


management is through one-to-one meetings to discuss
issues concerning the investor. Such meetings have become
common since the mid-'90s and significantly influence
company behaviour.*

2-6

*There is a danger
that one-to-one
meetings may result
in the divulgence
of price sensitive
information to the
investor, who will then
be committing a crime
(insider trading) should
the investor act upon
the information before
it becomes public
knowledge.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 2 Agency Relationships and Stakeholder Theory

Example 2 Agent-Principal Relationships


Describe THREE other agent-principal relationships and accountabilities in
company structures.

Solution
1.

2.

3.

1.7

Agency in the Public Sector

Agency in the private sector may be summarised as follows:

Those who manage a business do not own it but manage it on

behalf of their principals (e.g. shareholders in companies).


Management has an agency relationship with the principals
(they have a fiduciary duty to help the principals achieve the
outcomes they seek).
In most cases, shareholders seek to maximise the long-term
value of their shares (e.g. through profitable trading and
competitive strategies).
Those who work in the public sector work just as hard and have
similarly clear (but sometimes conflicting) objectives, but there
are two particularly important differences:
1. Principalspublic sector roles are carried out on behalf of
those that:*

fund the activity (mainly taxpayers); and


use the services (e.g. hospital patients).

*Taxpayers and users may be the same people (e.g. taxpayers


whose children go to state school) but if they are not, this can give
rise to disagreements about spending (e.g. how much state funding
should be allocated to each public sector organisation and how it
should be spent).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

2-7

Session 2 Agency Relationships and Stakeholder Theory

P1 Governance, Risk and Ethics

2. Objectivesin general, these tend to be concerned with social


purposes and delivering their services efficiently, effectively
and with good "value for money" (VFM).*

Economy represents value for money and delivering

the required service on budget, on time and within other


resource constraints. It is common for public sector
employees and their representatives to complain about
underfunding as public sector organisations have to deliver
value to the taxpayers as well as those using the service.
Efficiency is concerned with getting an acceptable
return on the money and resources invested in a service.
Efficiency is defined as work output divided by work input,
and it is all about getting as much as possible out of the
amount put into a system. An efficient organisation,
therefore, delivers more for a given level of resource input
than an inefficient one.
Effectiveness describes the extent to which the
organisation delivers what it is intended to deliver.

Transaction Cost Theory

2.1

Development

*Three Es: Economy,


efficiency and
effectiveness.

Initially considered by Ronald Coarse (1937), transaction

costs were first defined in purely economic terms as the costs


incurred in making an "economic exchange with an external
third party". These include:
search and information costssuch as market research
and employing consultants (e.g. to determine who has the
goods and services available, terms and conditions and
prices charged by different suppliers);

bargaining costssuch as legal fees (e.g. in negotiating
prices, terms and conditions, reaching an acceptable
agreement, drawing up contracts, etc); and
policing and enforcement costs (e.g. to ensure that there
is no breach of contract and to seek redress if there is).
Coarse argued that these market-based transactions and costs
can be eliminated within a firm. Firms should therefore tend
toward vertical integration (e.g. brewery groups, oil groups) as
this would remove such costs and the risks and uncertainties
of dealing with external sources. Ultimately, the market would
be replaced by one firm.
His underlying assumption was that managers make rational
decisions for the primary aim of profit maximisation. Further
work by Cyert and March (1963), Williamson (1966) and
others considered that a firm consists of people with differing
views and objectives. They also extended the concept
of transactions from merely buying and selling to include
intangible elements (e.g. promises made and favours owed).
They also considered managers to behave rationally, but only
up to a certain point as, like all human beings, they also are
opportunistic. As agents, they take advantage of opportunities
to further their own self-interest and privileges.

2-8

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 2 Agency Relationships and Stakeholder Theory

While managers would organise transactions for the firm's

benefit, there would come a point eventually (e.g. when it


is worth the risk and they do not expect to be caught) when
certain transactions and opportunities would be geared to the
manager's benefit.
Consequently, principals need to ensure that transactions
maximise the benefit to the company while minimising the
potential for opportunism by agents.

2.2

Comparison to Agency Theory

Both agency theory and transaction cost theory, in their current


forms, aim to explain the need for the principal to control
the agent, or rather ask the question: "How can company
management be persuaded to maximise the interests of the
shareholder rather than management's own interests?"
Agency Theory

Transaction Cost Theory

Managers actively pursue their own

Managers opportunistically arrange their

economic benefits.
Considers the individual person (and the
costs of controlling and monitoring them).

Stakeholder Theory

3.1

Application

transactions in order to benefit.


Considers the nature of transactions
and the opportunities they may give
to management to organise them for
their benefit.

The definition of stakeholder implies the two-way nature of


stakeholder theorygroups that can affect a firm and/or be
affected by a firm. Typical examples of stakeholders in
companies include:

the original "capitalist institutions" (shareholders, managers,


employees, customers and suppliers);

the CSR elements (government, local communities and

society); and
in current thinking, the environment (incorporating animals,
vegetables and minerals) and future generations.
Agency theory only considers the relationship between directors
and shareholders with the need to maximise shareholders'
wealth. Stakeholder theory establishes the need for the directors
to consider all stakeholders in their decision making in order to
maximise the value of the company, thus effectively maximising
the wealth of the shareholders.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Stakeholder"Any
group or individual
who can affect or
be affected by the
achievement of
an organisation's
objectives."
Freeman, 1984

2-9

Session 2 Agency Relationships and Stakeholder Theory

P1 Governance, Risk and Ethics

3.2 Development
Stakeholder theory is not strictly a theory in the traditional

sense. It is more a mixture of various ideals that have


developed since the mid-70s and is now highly relevant in
corporate governance with the emergence of the concept of
CSR in the mid-'90s.
As firms have grown, so has their impact on all areas of the
society in which they operatethey have a pervasive effect
on that society where a particularly large "footprint" (positive
or negative) is left on society. The theory argues that firms
should be held accountable for their actions not only to
shareholders but to all stakeholders.
As corporate scandals have unfolded, becoming ever larger
with a corresponding impact not only on their employees but
increasingly on other stakeholders (e.g. the multiplier/domino
effect on suppliers, customers and the local community)
shareholders (particularly institutional investors) have realised
the negative effect this has on the value of their business.
In addition, the "activist agenda" has rapidly become
national and international with the development of electronic
communications (the Internet and websites) and the growth of
instant reporting (the "CNN world"). Social and environment
lobby groups can easily gather information on business
activities and publicise companies that have treated their
stakeholders unethically (e.g. animal testing, child labour,
exposing employees to unnecessary danger, river pollution,
illegal dumping of hazardous waste).

3.3 Boardroom Impact


The development of stakeholder theory and the emergence

of CSR have shown that, in maximising the wealth of


shareholders, directors cannot afford to ignore stakeholders.
The theory implies that it is only by taking account of
stakeholder interests, as well as shareholder interests,
that companies can achieve long-term profit maximisation.
In considering any stakeholder interest, a business case
for inclusion of that interest must be made. This implies
high levels of stakeholder dialogue and engagement. This
in turn will be viewed by investors as indicators of quality
management.
Literature and empirical evidence is beginning to show that
companies which follow a strong stakeholder approach
(including CSR and corporate governance) to maximising their
wealth are outperforming those which do not.
Donaldson and Preston (1995) suggested that there
were two basic motivations for companies to respond to
stakeholder concerns:
an instrumental approach; and
a normative approach.

2-10

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

3.3.1

Session 2 Agency Relationships and Stakeholder Theory

Instrumental Approach

The instrumental approach to stakeholder management

takes the view that organisations mainly have economic


responsibilities (as well as legal ones) and that "the ultimate
objective of corporate decisions is marketplace success".
Therefore, to maximise shareholder wealth, managers must
pay attention to key stakeholder-relationships and manage
such relationships to ensure revenues, profits and ultimately
returns to shareholders ("instrumental value").
Stakeholder management is "a means to an end", something
the company has to do in order to maximise wealth. Concerns
of stakeholders only enter a company's decision-making
process if they have strategic value for the firm (e.g. not
losing customers, retaining talented staff). The firm's interest
in stakeholders is therefore instrumental.
3.3.2

Normative (Intrinsic) Approach

In the normative view, a firm establishes fundamental moral

principles (not just based on what is best for the firm) on


how it will take account of the concerns and opinions of
others. These guide how the firm does business and, in
particular, how it treats stakeholders beyond minimum legal
requirements.
Stakeholder interests have intrinsic worth in that stakeholder
claims also are often based on fundamental moral principles.
They are unrelated to the instrumental value of stakeholders
for a company.
Such stakeholder claims must be addressed as part of, or
prior to, strategic considerations. There is a wider moral
duty to take account of the concerns and opinions of others
rather than a narrow perspective of what is right just for the
company. This suggests a philanthropic and altruistic attitude
to business.

3.4

Stakeholder Classification

2014 DeVry/Becker Educational Development Corp. All rights reserved.

2-11

Session 2 Agency Relationships and Stakeholder Theory

3.4.1

P1 Governance, Risk and Ethics

Internal, External and Connected

The easiest classification to understandthose stakeholders


inside the organisation (e.g. employees, management) and
those outside (e.g. government, the public, lobby groups).
A third, hybrid, classification is "connected" and relates to
those stakeholders who are external to the organisation but
who have an internal connection, usually of a legal form
(e.g. shareholders, customers, suppliers, lenders).
3.4.2

Narrow and Wide

Based around the effect which an organisation's strategy,

policies and actions will have on the stakeholder.


Narrow stakeholders are those most affected (e.g.
shareholders, management, employees, key suppliers and
customers, local community and environment).
Wide stakeholders are those less affected and typically include
government, minor suppliers and customers and the wider
community and environment.
Basically, the further away from any effect created by the
organisation, the "wider" classification applies. This could
imply that narrow stakeholders demand a higher level of
accountability and responsibility from the organisation.
3.4.3

Primary and Secondary*

A primary stakeholder is one without whose continuing

participation the organisation cannot survive as a going


concern. For example, shareholders, management,
employees, major customers and suppliers, government
(laws, infrastructure, support) and banks (supporting loans).
A secondary stakeholder is one that would have little
influence on the going concern status of the organisation (e.g.
community, environment, minor customers and suppliers).
3.4.4

Active and Passive

Active stakeholders include management, employees,

*Primary/secondary
relate to the
impact that the
stakeholder has on
the organisation,
whereas narrow/wide
considers the impact
the organisation has
on the stakeholder.

institutional shareholders, trade unions, regulators, pressure


groups. They seek an active relationship with the organisation.
Passive groups can include government, local communities and
individual shareholders. Being passive does not imply that the
stakeholders are less interested or less powerful than active
stakeholdersjust that they do not seek to become involved
in the organisation's policy making and strategy.
3.4.5

Voluntary and Involuntary*

*Classifications may be relative or change (e.g. a footballer may


voluntarily sign a contract with a club, but once signed, the player
becomes an involuntary stakeholder bound by the terms of the
contract for the length of the contract).
Suppliers (e.g. small farmers) start as voluntary stakeholders of a
supermarket, but often become "locked in" to the supermarket and
therefore become involuntary.

2-12

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 2 Agency Relationships and Stakeholder Theory

Those stakeholders who have a choice as to whether they

interact with the organisation are referred to as voluntary


stakeholders. Examples include management and employees
(they can change employers), most customers, suppliers and
shareholders.
Involuntary stakeholders have no or little choice (e.g.
government, communities, competitors, animals and nature
as a whole).

3.4.6

Legitimate and Illegitimate*

*For many organisations which have a direct relationship with


the environment, Greenpeace (the environmentalist lobby group)
may be considered legitimate. However, Sea Shepherd, a similar
environmentalist group, may be considered illegitimate by the same
organisations because of its direct-action policy, often involving
violent actions.

As "beauty lies in the eye of the beholder" and actions may

be moral or immoral depending on your point of view, what is


legitimate to one individual may be illegitimate to another.
Stakeholders which have a strong economic relationship with
an organisation will always be considered legitimate. Other
groups which do not have such links may be considered as
illegitimate stakeholders by some and not worthy of being
considered a stakeholder.
3.4.7

Recognised and Unrecognised

An extension of the legitimate and illegitimate classification.


Stakeholders who are considered to be illegitimate by an
organisation will not be able to get their stakeholder claim
recognised by the organisation. Therefore, decisions made
by the organisation are unlikely to take into account
unrecognised claims and/or illegitimate stakeholders.

3.4.8

Known and Unknown

Known stakeholders are easy to further classify and deal with

because, by definition, the organisation knows about them.


If a stakeholder is unknown, it is far more difficult to consider
whether any claim can be considered as legitimate.

At one end of the spectrum of unknown stakeholders would be

those that, by extrapolation, should be expected to be known


about or be relatively easy to establish (e.g. local communities
and the environment around international suppliers). At the
other end would be as yet undiscovered species.
Proponents of the full inclusion approach to stakeholder theory
consider that it is the moral duty of organisations to consider
all known and unknown stakeholders in reaching decisions.
This will result in minimum impact policies being adopted.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

2-13

Session 2 Agency Relationships and Stakeholder Theory

3.5

P1 Governance, Risk and Ethics

Public Sector Stakeholders

The stakeholder classification detailed in the previous section can


easily be applied to public sector organisations with the exception
that there are no shareholders and the government will be the
effective "owner" (and not an external stakeholder).
In addition, public sector organisations have, in many cases, an
even more complex set of stakeholder relationships than do some
private sector businesses.

As most public sector activities are funded through taxation,

public sector bodies have a complicated model of how they


add value.*
Taxation is mandatory in all modern economies and may be
paid against the wishes of the taxpayer. Citizens may object
to levels of taxation (especially if it is spent on causes they
oppose or services that benefit others and not themselves).

Political theorists have long discussed the importance of a social


contract (see Sessions 15 and 16) between governments and
those they purportedly serve. In this arrangement, those who
pay for and those who use public services must all feel that
they are being fairly treated and neither overexploited nor badly
served.*
Furthermore, the claims of some stakeholders are assessed
differently according to one's particular political stance (e.g. far
left through far right).

Some stakeholder claims are recognised by some but not by

others (recognised and unrecognised stakeholders). This can


make for a very difficult situation when it comes to deciding
which stakeholder claims to recognise and which to reduce in
weight or ignore.
Some stakeholders have a very weak voice, while others have
no effective voice at all in order to express their claim. Part
of the debate in politics is the extent to which these weaker
stakeholders are represented and how their needs can be
met.*

*A private business
receives revenue from
customers willingly
to buy its goods or
services.

*Because there are


so many claims to
balance, stakeholder
pressures on a
government can
be very difficult to
understand.

*It is unlikely that such stakeholders will be ignored (see Mendelow


below). Past experience has shown governments that ignore such
stakeholder groups can lead to social unrest with the social contract
being "ripped up". In Mendelow terms, these stakeholders can
move very quickly (politically and effectively) from low interest, low
power to high interest, high power. They move from being passive
stakeholders to active stakeholders (in some cases, very active
stakeholders).

2-14

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Stakeholder Influence

4.1

Risk

Session 2 Agency Relationships and Stakeholder Theory

A key underlying concept of corporate governance is managing


risk (see Session 14).

Business risk is "the risk that the business will not achieve
its objectives".

Stakeholder risk (as a subset of business risk) can be

considered as the risk that the business will not maximise its
wealth because of the lack of understanding of the impact of
stakeholders on the business by the directorsa failure by
the directors to make the appropriate business case.
Under stakeholder theory, it is essential for directors to identify all
stakeholders, assess their level of interest and their level of power
when developing the company's strategy.

4.2

Mendelow

Mendelow (1991) suggested that the influence of each


stakeholder on key strategic decisions could be "mapped" by
looking at two aspects of their relationship with the firm:

Powerthe ability to influence strategic objectives (how

much they can).


Interestthe stakeholder's willingness (how much they care)
to influence.
Influencethe combined impact of power and interest.
As with similar approaches (e.g. the Boston Consulting Group
matrix for risk analysis) the difficulty is in identifying all
stakeholders and their level of interest and power. As businesses
operate in an open and dynamic environment, stakeholders will
change and can easily move around the grid. It is important that
once stakeholders are identified, they are continually tracked.

POWER

High
Keep satisfied
(L,H)

Key players
(H,H)

Minimal effort
(L,L)

Keep informed
(H,L)

Low

INTEREST

2014 DeVry/Becker Educational Development Corp. All rights reserved.

High

2-15

Session 2 Agency Relationships and Stakeholder Theory

4.2.1

P1 Governance, Risk and Ethics

High Interest, High Power = Key Players

Most of the firm's efforts need to be placed on the key players.


The firm cannot manage without them. They have the ability
(interest and power) to prevent the firm from achieving
its strategy (e.g. upsetting customers will drive them to
competitors). A specific difficulty may be that there are a
number of conflicts between stakeholders in this category
which have to be managed.
Alternatively, an interested stakeholder may be in a position of
power to actively lobby for the benefit of the organisation.
4.2.2

Low Interest, Low Power = Minimal Effort

Diametrically opposite are the stakeholders with low interest

and low power. Mendelow indicates that these stakeholders


can be largely ignored when considering strategic objectives.*

4.2.3

High Interest, Low Power = Keep Informed

High-interest, low-power stakeholders need to be kept

informed and not underestimated. Because of their high


interest, they care a lot and can be useful in forming positive
lobby groups. Alternatively, they may join forces to form a
stronger grouping and so move toward the high-power sector
and become lobbyists against the firm.

4.2.4

Low Interest, High Power = Keep Satisfied

Lastly, the low-interest, high-power stakeholders (often

referred to as "sleeping giants") need to be kept satisfied and


stay dormant. If, for whatever reason, they become more
interested (woken up), they can easily become key players
and, for example, frustrate the adoption of a new strategy.
Alternatively, their interest could be deliberately enhanced by
the organisation so that their power can be effectively used.
4.2.5

*From an ethical/
moral view, lowinterest/low-power
stakeholders should
still be considered
because to ignore
them could result in
negative consequences
in the future if their
power and interest
increase. It is also
important to identify
when interest/power of
a stakeholder changes
and the effect on the
entity that this may
have.

Use of Mendelow's Framework

Using the Mendelow framework and approach, firms can:


whether their current strategy is still in line with
stakeholders' interests and power;
identify who will support a strategic project and who can
and aim to stop it;
try to reposition stakeholders to increase support/reduce
threats to a strategic objective;
encourage stakeholders to stay in a category or prevent
them moving to another; and
identify change within stakeholders that may imply that the
current strategy needs to be re-thought with the possibility
of a new strategy being developed.
understand

2-16

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 2 Agency Relationships and Stakeholder Theory

Example 3 Mendelow Football Club


Prepare a Mendelow stakeholder grid for an English Premiership football club.

Solution

POWER

High

Low
INTEREST

High

Stakeholder Roles in Corporate Governance

5.1

Internal Stakeholders

Internal stakeholders will usually have an operational role in the


company, will be involved in the corporate governance procedures
applied by the directors of the company and will have a number of
interests in being connected with the company.

Stakeholder-based questions include classification theory, stakeholder


identification, stakeholders' roles and claims and the practical
application of Mendelow. Also, because of the pervasive nature of
stakeholders, they can be identified in almost all exam scenarios.
Relevant mention of stakeholder issues may therefore be included
in answers relating to controls, risk, CSR, ethics and social and
environmental issues. So be alert to opportunities to earn marks.

5.1.1

Directors

Responsible and accountable to stakeholders for the strategic

direction of a company, its day-to-day operations and its


moral and corporate social behaviour. Powers are usually laid
down in the company's statutory documents and supported by
relevant statute and corporate governance codes.
Under corporate governance, there is usually a distinction
between executive directors (who manage the business on
a full-time basis) and non-executive directors (who oversee
and monitor the executive function). The role of directors in
corporate governance is detailed in Sessions 3 and 4.
As stakeholders, their interest covers, for example,
remuneration, bonuses, share options, retirement benefits,
status, reputation and power.
2014 DeVry/Becker Educational Development Corp. All rights reserved.

2-17

Session 2 Agency Relationships and Stakeholder Theory

5.1.2

P1 Governance, Risk and Ethics

Company Secretary

The company secretary ensures that the company complies

with relevant legislation and regulation and that the directors


are kept informed of their legal responsibilities.*
It is also their responsibility:
to register and communicate with shareholders;
to ensure that dividends are paid;
to maintain statutory records; and
to ensure that the annual financial statements and all other
statutory returns are filed with the relevant authorities.
Under corporate governance, the company secretary will
usually play a key role in ensuring that the board and corporate
governance procedures are observed and regularly reviewed.
They may also be considered to be a major source of guidance
on corporate governance, its implementation and workings.
As a senior employee of the company, direct interests include
salary, bonuses, job stability, career path, status and working
conditions.
5.1.3

*Company secretaries
are usually a named
representative of the
company on legal
documents and it is
their responsibility
to ensure that the
company and its
directors operate
within the law.

Sub-board Management

Interests may be similar to those of the board directors,

especially at higher levels just below board level. As they


usually have the responsibility of implementing board policies,
they will have a direct interest in corporate governance.
Roles in the corporate governance sphere may include risk
management and implementing and monitoring controls.
As management-level employees, their main interest in
the firm will be similar to the company secretary. Career
progression will aim at becoming a director on the board.
5.1.4

General Employees

The significant majority of employees are directly involved in

delivering products or services. They carry out management's


instructions to achieve the firm's short-, medium- and long-term
objectives and provide appropriate feedback to their supervisors.
They will comply with the various risk management and
control systems in the corporate governance framework and
culture of the company.

As stakeholders, although their power is fairly limited, their

interest (which can be high) will be in the performance of the


company, pay, working conditions, job security and, for some,
career progression. In many jurisdictions, it is not uncommon
for employees to be represented at the board level. In others,
the directors must, by law, take into account the interests of
their employees when considering strategy.
With the development of corporate governance and, in particular,
CSR, many firms provide their employees with regular feedback
on its activities and performance (often at a departmental
level)a form of "stakeholder report" specifically for employees.

2-18

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

5.2

Session 2 Agency Relationships and Stakeholder Theory

External Stakeholders

There are many and varied external stakeholders that are affected
by corporate governance. Each stakeholder will influence the
operation of the firm as well as having its own interests and
stakeholder claims on the firm.
5.2.1

Trade Unions

Trade unions are stakeholders connected through their

relationship with employees in protecting and developing


employee interests. With the development of corporate
governance and CSR, they have expanded their role to
manage and develop stakeholder relationships with the firm,
on behalf of employees. They may be represented on the
board and will highlight and take action against breaches in
governance requirements.
The history and development of trade unions has been very
diverse. In some jurisdictions, trade unions are powerful
entities supported by law, with the right to sit on the boards
of companies. In others, they are banned or are effectively
an extension of the government, being a trade union in
name only.
Trade unions have an important role in lobbying for their
members' interests when there is conflict with other
stakeholder interests.*
5.2.2

External Auditors

External auditors have always been critical to the principal-

agent relationship. They provide the means by which


the shareholders (principals) receive assurance about
management's assertions in the annual financial statements
(i.e. by providing an opinion on a "true and fair" view).
Although a stakeholder, their relationship is complicated
in that as well as having a direct agent-principal role with
the shareholders, they must also maintain an independent
professional working relationship with management.
The auditor's interests and claims in the company (their
clients) include audit and other service fees, reputation,
quality of relationship and compliance with audit regulations.
In many of the financial scandals, a common question
asked was, "Where were the auditors?" This has led to a
loss in confidence of the role undertaken by the auditors
and the public perception that they are not independent of
management. For example:
"British accounting practices have more holes than Swiss
Cheese"; and
"Auditors' reports are not worth the paper they are written
on." (Mitchell and Sikka, 2005)
These concerns have been considerably addressed in
corporate governance through the use of audit committees
(see Session 4) and the strengthening of audit regulations on
the monitoring of auditors.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*Trade unions are

strong lobbyists at
the governmental
level, such as, in
developing employment
law and when their
members have become
disadvantaged because
of bad corporate
behaviour (e.g. collapse
of corporate pension
funds such as Maxwell
and Enron). They may
also lobby on behalf of
weaker stakeholders on
CSR matters.

2-19

Session 2 Agency Relationships and Stakeholder Theory

5.2.3

P1 Governance, Risk and Ethics

Regulators

Regulators come in "all shapes and sizes". They can be

governmental and affect all firms (e.g. health and safety) or


industry specific (e.g. banking). Regulation can be targeted at
entities meeting specific criteria (e.g. "size" as determined by
revenue or number of employees).
Most regulators exist to protect customers from abuse (e.g. poor
value, poor quality, product mis-selling, overcharging). Other
regulators ensure appropriate procedures are followed (e.g.
filing annual financial statements and audit firm inspections).*
Apart from requiring that specific rules and procedures be
followed and possibly putting a "cap" on prices, the main
impact of regulation is additional administration and costs.
Setting up and running the regulatory authorities/agencies
(e.g. specialist staff, monitoring visits, pursuing breeches of
regulations). Funding for this will usually be raised through
an annual fee charged to those being regulated.
Establishing, maintaining and monitoring systems to ensure
compliance with the regulations. Completion and return
of annual returns confirming breaches/no breaches of the
regulations. Specialist staff may need to be employed by
the firm and management time committed to this.
Costs of monitoring visits, correcting breaches found,
follow-up visits and possible fines for breaches made.
Invariably this takes management time away (at what
cost?) from running the business.
The key interests of regulators in a firm are, therefore, to
ensure that it is complying with the appropriate regulations
and assessing how effective those regulations are.
It is important that regulation is appropriate. "Regulation
is essentially a question of balance too little or ineffective
regulations leave the market open to abuse, too much
regulation makes markets rigid, costly to operate and
uncompetitive." (McMenamin)
"Regulatory capture" is another aspect of regulation. Similarly
as auditors may lose independence if they get too close to
management, so it is possible that a regulator becomes
dominated and controlled by the regulated firms.*

2-20

*In the UK, as an


example, separate
regulators have
been established by
the government to
monitor and regulate
the utility companies
(e.g. gas, electricity,
water, rail) after they
were privatised, on the
basis that they were
effectively monopolies
and could easily abuse
their position with the
general public.

*Regulatory capture
this was a case in point
with Enron, where
the regulator for the
California electricity
market was ineffective
in dealing with the
practices used by
Enron to control the
market.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

5.2.4

Session 2 Agency Relationships and Stakeholder Theory

Stock Exchanges

Stock exchanges are a prime example of regulators making

a direct impact on listed companies and influencing others.


They are important because they allow shareholders to trade
in shares. Listed companies are more strictly regulated than
prescribed by company law. For example:
companies listed on the London Stock Exchange are
regulated by its listing rules which incorporate the
requirements of the UK Corporate Governance Code;
the equivalent on the New York Stock Exchange is the
Sarbanes-Oxley Act of 2002.
Stock exchanges, therefore, are influential conduits for
corporate governance.
5.2.5

Governments

Taxessales taxes, VAT, profit taxes, capital gains taxes,

employment taxes and withholding taxes on dividends are just


a few taxes levied on companies. In most cases, companies
are expected to also act as unpaid tax collectors.*

*"Tax Freedom Day" is an interesting exercise for companies and


individuals to establish how many days' work they have to do
before they start earning money for themselves rather than the
government. In 2011, it came to 99 days in the US and 149 days
in the UK. The lowest is usually in India, being from 70 to 80 days
each year, with the highest in France, Germany, Israel, Norway,
Poland or Sweden, averaging from 170 to 210 days each year.

Tax structures and incentivessome governments

deliberately establish favourable tax regimes to attract


companies to their country, or specific cities or to encourage
particular investment decisions.
Regulatory environmentcompanies are regulated by a
proliferation of laws passed by governments. A major
criticism of government, especially by small companies, is the
amount of administration ("red tape") with which they are
expected to comply.
Direct investmentin some jurisdictions, governments may
purchase shares in a company to save it from collapse, but
this is generally rare. Such investment will usually take the
form of loans or grants, especially in strategic companies and
high-tech developments.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

2-21

Session 2 Agency Relationships and Stakeholder Theory

5.2.6

P1 Governance, Risk and Ethics

Shareholders

In theory, shareholders are the basic owners of companies.

Session 1 discussed how time, with the growth of listed


companies and their internationalisation, has resulted in
the concept of the separation of ownership, management
and control.
Many commentators consider that some CEOs (usually
autocratic) of listed companies tend to view the shareholder
as, at best, an irrelevance or at worse a nuisance that must
be kept satisfied through capital growth and the payment
of dividends.
Most jurisdictions provide listed and non-listed company
shareholder protection through legal rights, supplemented by
requirements of corporate codes (e.g. the UK Corporate Code
as discussed in Session 1 and the OECD corporate governance
principles discussed in Session 6). Typically such rights include:*
equal treatment of all shareholders;
equal access to timely information;
equal access to directors;
ability to hold directors to account;
equal voting rights;
reasonable notice of shareholder meetings;
equal rights to attend and call shareholder meetings;
equal rights to have matters discussed at shareholder
meetings;
avoidance of abuse of minority shareholders by the
majority; and
avoidance of abuse of proxy voting.

5.2.7

Institutional Investors

Example 4 Institutional Investors

*While shareholders
have rights, they also
have responsibilities.
This was made
clear during the
banking crisis when
many institutional
shareholders
admitted that they
had failed to take
their responsibilities
seriously enough
as shareholders
in engaging and
overseeing CEOs,
directors and boards.
This is discussed in
greater detail below
when considering the
UK Stewardship Code.

Describe SIX reasons that may lead institutional investors to attempt


to intervene directly in the management of a company.

Solution
1.

2.

3.

4.

5.

6.

2-22

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 2 Agency Relationships and Stakeholder Theory

With the growth of international stock exchanges many

shareholders (including institutional investors) became


accustomed to regard their shareholdings as "property" that
is separate from the companys net assets that support the
shares.
Shares are bought and soldnot the companys assets.
This exacerbates the sense of divorce of control and
ownership.
A company "does its own thing" (under the control of
the directors) and shareholders "do their own thing" in
developing a market to sell their shares as their property.*
In the UK this attitude towards shareholding led to the
development of the UK Stewardship Code. This code aims
to enhance the quality of engagement between institutional
investors and companies (www.frc.org.uk).
The principles of the code are that institutional investors
should:*
Publicly disclose their policy on how they will discharge their
stewardship responsibilities.
Have a robust policy on managing conflicts of interest in
relation to stewardship and this policy should be publicly
disclosed.
Monitor their investee companies.
Establish clear guidelines on when and how they will
escalate their activities as a method of protecting and
enhancing shareholder value.
Be willing to act collectively with other investors where
appropriate.
Have a clear policy on voting and disclosure of voting activity.
Report periodically on their stewardship and voting activities.

*In a manner that is


not "connected" to the
company.

*Basically, the UK Stewardship Code aims to "encourage"


institutional shareholders to take seriously their responsibilities as
major shareholders of companies. That is, to actively oversee and
challenge the actions of the board and not just to accept increased
share price and dividends. In the recent banking crisis, many
institutional shareholders admitted that they had failed to carry out
their responsibilities.
5.2.8

Small Investors

Small investors in the larger listed companies are perhaps

becoming rare. On average, the vast majority of shares


will be held by institutional investors. This leaves the small
investor with very little power, meaning that the main interest
of such an investor will be in share value and dividends.
Because of their relatively weak position, small investors
can easily be abused by the majority shareholders (and
have been, especially in emerging markets). Most corporate
governance codes therefore place strong emphasis on
ensuring equal treatment by companies of all shareholders.*

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*While saying that


small investors have
a relatively weak
position, social media
can easily be (and has
been) used to form
very effective lobbying
groups of a company's
small investors.

2-23

Summary
Agency theory addresses situations in which decision makers (principal or owner) must

delegate their authority to another person (agent). Corporate governance concerns two basic
types of principal-agent relationship:

) Shareholders with directors/officers/managers; and


1
) Directors with officers, officers with managers, and managers with employees.
2
The agency relationship implies agent accountability for work carried out and resources used.

Some agency relationships also establish a fiduciary duty (i.e. a higher duty to conduct affairs
for the benefit of the entity).

Agency costs include monitoring costs, bonding (contracting) costs and residual costs.
To mitigate principal-agent costs, shareholders (principals) will typically vote to establish
corporate governance structures that address their interests (shareholder rights).
Shareholders will also typically vote on:

board composition and executive remuneration; and


proxy voting and shareholders' resolutions.
Shareholders with substantial holdings that become dissatisfied with management may:
request one-on-one meetings (but cannot act on/divulge price sensitive information);
terminate management (if they have a controlling interest); or
threaten to sell their shares (reducing the share price and making the company a
takeover target).

Transactions cost theory identifies three types of costs: for search and information,
bargaining and policing and enforcement.

Agency theory concerns the principal's desire to maximise wealth; stakeholder theory

concerns more than the profit motive. There is empirical evidence that firms adopting a
stakeholder-friendly approach earn higher profits.

Stakeholder risk arises if directors fail to make an appropriate business case to stakeholder
groups. Mendelow's matrix of stakeholder power and interests can help directors to avoid
offending one group with decisions favouring another group. High interest, high power
stakeholders are "key players".

UK Corporate Code, OECD corporate governance principles and other codes typically require

or endorse shareholder rights relating to access to timely information, voting, participation in


meetings and minority protection.

2-24

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 2
Session 2 Quiz
Estimated time: 15 minutes

1. Define "agency" and explain the principal-agent relationship. (1)


2. Explain the concept of "the agency problem". (1.4)
3. Define "stakeholder". (3.1)
4. Identify and describe FOUR stakeholder classifications. (3.4)
5. State TWO uses of Mendelow's framework for organisations. (4.2)
6. Give THREE examples of internal and external stakeholders. (5)

Study Question Bank


Estimated time: 40 minutes

Priority

Q4

Estimated Time
Stakeholder Theory

Completed

40 minutes

Additional

Q3

Agents and Objectives

2014 DeVry/Becker Educational Development Corp. All rights reserved.

2-25

EXAMPLE SOLUTIONS
Solution 1Agency Costs
1.

External audit fees

2.

Control and risk management systems

3.

Governance procedures (e.g. internal audit)

4.

Shareholder meetings (e.g. AGM)

Solution 2Agent-Principal Relationships


1.

Shareholders and auditors. Technically, the shareholders


(principals) appoint the auditors (agents) who report to them on
the financial statements produced by the directors. In practice,
the directors may appoint the auditors, but the shareholders will
approve the appointment at the following AGM. Although the
auditors work closely with the directors, they are accountable to
the shareholders for their work.
Apart from the auditors' report to the shareholders, there is very
little other agency control over the auditors by the shareholders.
However, in listed companies, under corporate governance, the
appointment, remuneration and termination are dealt with by
the audit committee. The audit committee also has, among
many, specific tasks to ensure the independence of the auditors
and review the audit approach and results. In effect, the audit
committee undertakes significant principal control over the
auditors on behalf of the shareholders.

2.

Directors and employees. Directors (principals) employ


managers and other members of staff (agents) to carry out the
day-to-day operations of the company. The staff members are
accountable to their immediate managers (and managers to the
directors) for the work that is delegated to them.

3.

Banks and directors. This relationship relates to the banks'


lending money to the company. Banks are the principals and
directors are the agents. The directors are accountable to the
banks for the way they spend the money. Depending on the
nature of the loan, a contract will be signed between the bank
and the company. Terms in the contract will include how the
loan will be used and how this can be monitored by the bank
(the principal monitoring the agent). This may be through
monthly management accounts, the annual financial statements
or a special audit.

2-26

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Solution 3Mendelow Football Club

POWER

High

Low

Sponsors
Taxman

Fans
Shareholders
Media
Controlling regulators

Other clubs
Public institutions
Government
Banks

Employees
Players / coaches
Players' agents
Interest groups

INTEREST

High

Notes: High/High
Controlling regulators (e.g. FIFA, UEFA and Premier League) have significant
influence over clubs through setting the rules, arbitrating disputes and
punishing clubs who break the rules and "bring the game into disrepute".
Fans, as for every customer, expect good quality and a high level of service
for the price they pay. Fans are a critical commercial opportunity. Clubs need
to attract and keep the fans. Fans often place managers and players under
extreme pressure to perform. If managers or players do not meet the fans'
expectations, then significant pressure can be placed on the club to release
the manager/player.
In football clubs, it is not unusual for one person to own a controlling interest.
The individual, therefore, has significant power and interest. Often the
interest is not financial but a passion. The individual bought the club because
he or she is a lifelong fan of the club.
Media can be divided into two elementsTV and press. TV has significant
power and interest in the higher levels of football (e.g. the English Premier
League). BSkyB invested significant money into buying the sole television
rights to premier club matches. They assisted the clubs in developing a
positive and "easy-to-sell" image and encouraged clubs to invest in key
players (e.g. those who would win games and attract viewers).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

2-27

Solution 4Institutional Investors


1.

Concerns about strategy, especially when, in terms


of long-term investor value, the strategy is likely to be
excessively risky or, conversely, unambitious in terms of
return on investment. The strategy determines the longterm value of an investment and so is very important to
shareholders.

2.

Poor or deteriorating performance, usually over a


period of time, although a severe deterioration over a
shorter period might also trigger intervention, especially
if the reasons for the poor performance have not been
adequately explained in the company's reporting.

3.

Poor non-executive performance. It is particularly


concerning when non-executives do not, for whatever
reason, balance the executive board and provide the
input necessary to reassure markets. Their contributions
should always be seen to be effective. This is especially
important when investors feel that the executive board
needs to be carefully monitored or constrained, perhaps
because one or another of the factors mentioned in this
answer has become an issue.

4.

Major internal control failures. These are a clear


sign of the loss of control by senior management over
the operation of the business. These might refer, for
example, to health and safety, quality, budgetary control
or IT projects.

5.

Compliance failures, especially with statutory


regulations or corporate governance codes. Legal noncompliance is always a serious matter and under complyor-explain, all matters of code non-compliance must also
be explained. Such explanations may or may not be
acceptable to shareholders.

6.

Excessive directors' remuneration or defective


remuneration policy. Often an indicator of executive
greed, excessive board salaries are also likely to be an
indicator of an ineffective remunerations committee
which is usually a non-executive issue. While the
absolute monetary value of executive rewards is
important, it is usually more important to ensure that
they are highly aligned with shareholder interests
(to minimise agency costs).

7.

Poor CSR or ethical performance, or lack of social


responsibility. Showing a lack of CSR can be important in
terms of the company's long-term reputation and also its
vulnerability to certain social and environmental risks.

2-28

2014 DeVry/Becker Educational Development Corp. All rights reserved.

NOTES

2014 DeVry/Becker Educational Development Corp. All rights reserved.

2-29

Session 3

The Board of Directors


FOCUS
This session covers the following content from the ACCA Study Guide.
A. Governance and Responsibility
3. The board of directors
a) Explain and evaluate the roles and responsibilities of boards of directors.
b) Describe, distinguish between and evaluate the cases for and against,
unitary and two-tier board structures.
c) Describe the characteristics, board composition and types of directors
(including defining executive and non-executive directors (NED) ).
d) Describe and assess the purposes, roles and responsibilities of NEDs.
e) Describe and analyse the general principles of legal and regulatory
frameworks within which directors operate on corporate boards:
i)

legal rights and responsibilities

ii)

time-limited appointments

iii)

retirement by rotation

iv)

service contracts

v)

removal

vi)

disqualification

vii) conflict and disclosure of interests


viii) insider dealing/trading
f) Define, explore and compare the roles of the chief executive officer and
company chairman.
g) Describe and assess the importance and execution of, induction and
continuing professional development of directors on boards of directors.
h) Explain and analyse the frameworks for assessing the performance of
boards and individual directors (including NEDs) on boards.
i)

Explain the meanings of "diversity" and critically evaluate issues of


diversity on boards of directors.

Session 3 Guidance
Understand the role of bank boards and NEDs during the banking crisis. This content is highly
examinable and very topical.
Download for reference the UK Corporate Governance Code and the London Stock Exchange (LSE)
publication Corporate Governance: A Practical Guide.

(Continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To examine the role, structure and composition of boards of directors following
good corporate governance principles.

THE BOARD

BOARD
STRUCTURES
Forms
Unitary Boards
Tiered Boards

Role
Governance
Legal Framework
Composition
CEO and Chairman
Separation of Roles

NON-EXECUTIVE DIRECTORS
(NEDs)

Role
Skills
Independence
Advantages and Disadvantages

INDUCTION,
CPD AND
PERFORMANCE
Induction
Education
Performance
Appraisal

Session 3 Guidance
Research the Walker review into the governance of UK banks. www.hm-treasury.gov.uk/
walker_review_information.htm. Although relating to banks, the subject material and
recommendations are highly topical for all companies. Browse the web to find summaries/quick
reads as the full report is 140 pages.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

3-1

Session 3 The Board of Directors

The Board

1.1

Role

P1 Governance, Risk and Ethics

"Every company should be headed by an effective board


which is collectively responsible for the success of the
company.
"The board's role is to provide entrepreneurial leadership of
the company within a framework of prudent and effective
controls which enables risk to be assessed and managed."
UK Corporate Governance Code, 2012
" to define the purpose of the company and the values
by which the company will perform its daily existence and
to identify the stakeholders relevant to the business of the
company. The board must then develop a strategy combining
all three factors and ensure management implements this
strategy."
King Report, South Africa

1.2

Governance

The UK Corporate Governance Code ("the Code") provides


guidance on the responsibilities and duties of the board.* For
example, the board is required to:

provide entrepreneurial and ethical leadership of the company;


set the company's strategic aims and objectives and provide

3-2

direction for management;


create a performance culture that drives value creation
without exposing the company to excessive risk of value
destruction;
ensure that the necessary financial and human resources are
in place to achieve objectives;
take well-informed and high-quality decisions objectively in
the interest of the company;
monitor progress in achieving strategic objectives by reviewing
performance of the company (including that of the CEO and
managers) and its own performance as a board;
set the company's values and standards (this includes ethical
leadership and promoting throughout the firm behaviour
consistent with the culture and values of the entity);
ensure that obligations (and accountability) to shareholders
and other stakeholders who provide the entity's capital and
finance are understood and met;
ensure that a satisfactory dialogue with stakeholders takes
place and that contact with stakeholder opinion is maintained;
establish various committees (e.g. for audit, remuneration,
appointments) and ensure that they have sufficient resources
to undertake their roles;
appoint a CEO with appropriate leadership qualities;
maintain a sound system of risk management and internal
control;
determine the nature and extent of the significant risks the
board is prepared to take in achieving its strategic objectives;

*The typical AngloSaxon board has 8 to


16 directors. Larger
companies (e.g. FTSE
100) tend to have
more directors than
smaller companies.
The board size relates
to the complexity of
the business and the
potential influence of
stakeholders.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 3 The Board of Directors

conduct, at least annually, a review of the effectiveness of the

risk management and internal control systems;


present to shareholders and others (as required by statute,
regulators and listing rules) a balanced and understandable
assessment of the company's position and prospects;*
use the annual general meeting (AGM) to communicate with
investors and to encourage their participation;
ensure that directors have access to independent professional
advice;
undertake a formal and rigorous annual evaluation of its own
performance, board committees and individual directors;
meet frequently and insist on receiving relevant financial and
non-financial information to assess the qualitative measures
that are important to broader stakeholder interests; and
ensure that all board members are able to allocate sufficient
time to the company to discharge their responsibilities
effectively.

Exhibit 1

EFFECTIVE BOARD *
CHARACTERISTICS

Excerpts from Corporate Governance: A Practical Guide, a publication


of the London Stock Exchange (www.londonstockexchange.com) and
Robson Rhodes, list the following characteristics for an effective board.
The Effective Board
Clear strategy aligned to capabilities;
Vigorous implementation of strategy;
Key performance drivers monitored;
Effective risk management;
Sharp focus on views of key stakeholders; and
Regular evaluation of board performance.

1.3

The following matters relate to the general principles of legal and


regulatory frameworks (with reference to UK law) within which
directors operate on corporate boards.
Legal Rights and Responsibilities

As discussed in the previous session, directors have a general

*An effective
board may not be
a "comfortable
place". Challenge
of the executive and
teamwork are essential
features.

Legal Framework

As well as governance responsibilities, boards of directors are


subject to extensive legal and regulatory requirements. The
majority of these relate to the individual directors, but may be
extended to the board as being composed of directors.

1.3.1

*Communication to
shareholders includes
an explanation in the
annual report of how
the company generates
or preserves value
over the longer term
(the business model)
and the strategy for
delivering the objectives
of the company.

fiduciary duty to the company. Therefore, by extension, so


does the board.
Essentially, directors are responsible for making sure that the
company fulfils its statutory duties.
Beyond their general fiduciary duties, their main statutory
responsibility is the preparation of the financial statements,
the various elements of the annual report and ensuring that
the company maintains "proper accounting records".
Directors have a legal right to fees and expenses according to
the company's constitution, emoluments and compensation
for loss of office in line with their service contracts. Any other
rights are determined by their service contracts.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Note that you will not


be expected to have
specific knowledge
of the law of any
particular jurisdiction.
You should, however,
be aware of the
matters concerning
directors that are
likely to be regulated
(e.g. the concept of
retirement by rotation
has been examined).

3-3

Session 3 The Board of Directors

P1 Governance, Risk and Ethics

Example 1 Board Directors' Fiduciary Duty


Directors (and therefore the board) must act in good faith in a way that they
consider would be most likely to promote the success (i.e. long-term increase in
value) of the company for the benefit of its members as a whole.
Required:
Describe the factors that result in this fiduciary duty and include a focus of
"enlightened shareholder value".

Solution

1.3.2

Time-Limited Appointments

Employees and managers of companies usually have open-

length employment contracts. Managers appointed as


directors, however, are usually appointed under a specific
service contract relating to their role as a director.
A director's period of service will usually be specified in the
company's constitution (i.e. a fixed period of time with a fixed
retirement age).
UK law requires that a director's service contract longer than
two years must be approved by the shareholders.
The Code recommends that notice or contract periods should
be set at one year or less (i.e. for listed companies).
For non-executive directors (NEDs) the Code requires that any
term beyond six years should be subject to a rigorous review
and take into account the need for progressive refreshing of the
board. The maximum term served should not exceed nine years.

1.3.3

Retirement by Rotation

Retirement by rotation is a requirement, specified (e.g. by

3-4

law, a company's constitution or a director's service contract)


for directors to "retire" after serving a specified period (e.g.
three years) and to offer themselves for re-election (to serve
another term).
Alternatively, one-third of directors may retire each year. For
a stable board this effectively means each director serves
three years before retiring by rotation.
New directors appointed during a year will retire at the end of
that year, offer themselves for re-election (so the appointment
is "ratified" by the shareholders) and then retire by rotation
after having served the rotation period. This procedure applies
to new companies when the entire board retires for re-election
at the first AGM.
2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 3 The Board of Directors

In some cases, a chief executive or other named executive

director may be exempt from this procedure. However,


corporate governance often requires all directors to submit
to regular re-election.*
Advantages of retirement by rotation:
Allows shareholders to remove a particular director as well
as to bring "fresh blood" into the board while maintaining
medium-term stability of membership.
Encourages directors to perform, as they know shareholders
can remove them without the need to follow specific
procedures (see later discussions).
Reduces the cost of contract termination for underperforming
directors as they are simply not re-elected and have to retire
from the board.
1.3.4

*The Code requires


all directors of FT
350 companies to be
subject to annual reelection, regardless
of position and
contractual terms.

Service Contracts

As with any contract of employment, a director's service

agreement sets out the basis for the director's employment


and regulates separate activities as a director. Given the
importance of a director to a business, the agreement is long
and detailed and will be drafted to give as much protection to
the company as possible.

Typical contents cover:


appointment and duration, duties, place of work, hours
of work;
salary, expenses, bonus, pension, insurance (health,
medical, life);
holiday, car/car allowance, use of company property;
sickness leave entitlements;
confidential information, intellectual property, conflicts
of interest;
termination of employment and post-termination restrictions
(e.g. non-solicitation);
retirement;
discipline and grievance;
data protection; and
collective agreements.
The terms and conditions of directors' employment have
always been controversial (e.g. salaries, bonuses, use of
rolling contracts, pension payments and other post-retirement
benefits, being rewarded for failure). Many of these areas
are now dealt with (for listed companies) through corporate
governance procedures (e.g. remunerations committee).

In most jurisdictions, it is a legal requirement for directors'

service contracts to be made available for inspection by the


shareholders.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

3-5

Session 3 The Board of Directors

1.3.5

P1 Governance, Risk and Ethics

Removal and Disqualification

As discussed above, a director may be removed from office by

the vote of shareholders when the director retires by rotation.


Other means of removal* include:
The director resigning or not seeking re-election.
By special resolution of the shareholders in accordance with
the company's constitution or company law.
By resolution of the board.
By breach of specific requirements as set out in the service
agreement of the director (e.g. breach of fiduciary duty,
which in the UK is also enshrined in company law).
Disqualification implies that specific events or actions (usually
dictated by law or the company's constitution) have occurred
resulting in the director being unable or unfit to carry out the
duties of a director. Examples:
Personal bankruptcy;
Mental disorder;
Criminal activity;
Allowing the company to trade while insolvent;
Failing to file statutory returns, tax returns and financial
statements;
Failing to keep proper books and records.

1.3.6

*Director removal also


occurs with company
dissolution or the
director's death.

Conflict and Disclosure of Interests

Key elements of a director's fiduciary duty include:


not to fetter discretion (e.g. voting under influence from
others);
to avoid conflicts of interest and conflicting duties; and
not to make a secret profit.
Many examples of conflicts of interest include different types
of fraud against the company and other stakeholders (e.g. a
director forming a parallel company and diverting contracts to
that company).
In executing the company's business (e.g. awarding contracts)
any interest in that business by a director must be declared to
the board.
Ideally, all directors' interests in a company (e.g.
compensation, securities, loans, transactions, connected
parties) should be disclosed to the shareholders. If material,
this is usually required by law and GAAP (e.g. IAS 24 Related
Party Disclosures).

Lawful conflicts of interest may be ratified by a resolution

passed during the AGM. However, an unlawful act cannot be


ratified by the company, directors or its members.

3-6

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.3.7

Session 3 The Board of Directors

Insider Dealing

Insider dealing"The illegal use of insider information by an


individual to secure a profit or reduce a loss resulting from dealing in
investments. This illegality is extended to any person who knowingly
uses insider information passed by this first person to secure a
similar result."
Insider information"is non-public information of a precise nature
relating to one or more issuers of financial instruments or to one
or more financial instruments, which, if it were made public, would
be likely to have a significant effect on the price of those financial
instruments or on the price of related derivative financial instruments."
Directive 2003/6/EC of the European Parliament

Directors are well placed to benefit from insider (or "inside")


information. As well as being a criminal offence, it is an
abuse of directors' roles as agents.

Although it is legal for directors to buy or sell shares in their

company, they must not use, or appear to use, any inside


information in deciding to do so. In some jurisdictions,
a "closed period" (e.g. two months before results are
announced) is legally enforced during which directors cannot
trade their company's shares.
Dealers track directors' dealings as a means for identifying
shares with substantial potential (i.e. directors buy if they
think the shares are undervalued; they sell if they think they
are overvalued). Such dealings may be an indication of inside
information.
Most stock exchanges use sophisticated intelligent monitoring
systems to identify unusual trades that may indicate insider
trading.

1.4

Composition

1.4.1

Effective Board Characteristics

As stated earlier, "every company should be headed by an


effective board, which is collectively responsible for the success
of the company".

To be effective implies having:

a sufficient number of directors appropriate to the size and


complexity of the company's operations, but not of such a
size as to be unwieldy;
the necessary depth, breadth of skills, experience and life
qualities to understand, manage and grow the company; and
an appropriate diversity (e.g. gender, age, ethnicity) to
ensure that all appropriate views and stakeholder interests
can be considered and that the board reflects the diversity
of its employees and customers.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

3-7

Session 3 The Board of Directors

P1 Governance, Risk and Ethics

A key corporate governance principle is that the board should

include a balance of executive directors and non-executive


directors such that no individual or small group of individuals
can dominate the board's decision-making.
Under the Code, at least half the board, excluding the
chairman, should be independent NEDs. Other codes require
fewer (e.g. at least one-third, Singapore Code) while others
require that the NEDs must be in the majority (e.g. US
Sarbanes-Oxley Act).

Executive directorappointed or elected member of the board of


directors of a firm who, with other directors, has the responsibility for
determining and implementing the firm's strategy as well as working
as a full-time senior manager in the firm.
Non-executive director (NED)a director of a firm who is neither
an executive director nor employed by the company and, therefore,
does not participate in the day-to-day management of the company.

1.4.2

Board Diversity

Diversity in the context of board composition extends beyond the


typical classifications of gender, age and ethnicity. It includes
personality types, functional expertise and industry experience.
Diversity in board composition is an important driver of the
board's effectiveness.*

*Under the Code,


a description of the
boards policy on
diversity, including
gender, any
measurable objectives
set for implementing
the policy, and
progress on achieving
the objectives, must
be disclosed within an
entitys annual report.

A board with limited diversity runs the risk of "groupthink."

3-8

Groups whose cohesiveness stems from member similarities


may be too homogeneous in their thinking, resulting in an
insufficiently challenging environment for decision-making.
A variety of personalities will promote active discussions of
business activities and courses of action, and create a breadth
of perspective. A balance of supportive and challenging
independent directors will encourage innovation and mitigate
the emergence of unproductive "factions".
Functional expertise such as marketing, finance and human
resources, and industry specific experience reinforce a board's
ability to appropriately rank and address strategic priorities as
well as short-term tactical issues.
Members of under-represented groups are a gateway to the
needs and wants of customers, shareholders and employees.
The cultural and societal experiences of these members may
help to engage the commitment of the workforce and improve
communication with shareholders.*

*It is part of a
company's social
contract, that it
should "reflect
back" to society its
own demographic
diversity (e.g. a board
comprising 100%
white, male directors
with a minimum age
of 50 is unlikely to
understand the needs
of mixed gender,
mixed race, teenage
customers).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.5

Session 3 The Board of Directors

CEO, Chairman and the Senior


Independent Director

The chief executive officer (CEO) and the chairman of the board
(company chairman) are the two key roles in companies. The
chairman heads the board of directors and the CEO leads the
management team at and below board level in implementing and
managing the entity's strategy.
1.5.1

CEO

The managing director/CEO is responsible for the performance


of the company, as dictated by the board's overall strategy.
The UK's Institute of Directors suggests that the CEOs'
responsibilities include:
reporting to the chairman or board of directors;
formulating and successfully implementing company policy;
directing strategy towards the profitable growth and
operation of the company;
developing strategic operating plans that reflect the board's
longer-term objectives and priorities;
maintaining a strong, key relationship with the chairman;
putting in place adequate operational planning and financial
control systems;
closely monitoring the operating and financial results
against plans and budgets;*
taking remedial action where necessary and informing the
board of significant changes;
maintaining the operational performance of the company;
assuming full accountability to the board for all company
operations;
building and maintaining an effective executive team.*

1.5.2

*The Chief Financial


Officer (CFO) provides
necessary financial
information to the
board and commentary
on financial issues
facing the company.
*The CEO leads
the executive team
and ensures that
the team's views on
relevant issues are
communicated to
the board. Where
members of the
executive are also
board directors, a
clear distinction must
be made between
their responsibilities
as directors and
their day-to-day
responsibilities as
managers reporting to
the CEO.

Chairman

The Financial Reporting Council's publication Guidance on Board


Effectiveness (March 2011) provides practical explanations on the
role of the board and directors. The chairman's role includes:*

demonstrating ethical leadership;


developing productive working relationships with all executive

directors, and the CEO in particular, providing support and


advice while respecting executive responsibility;
setting a board agenda which is primarily focused on strategy,
performance, value creation and accountability, and ensuring
that issues relevant to these areas are reserved for board
decision;
ensuring a timely flow of high-quality supporting information
so that NEDs have sufficient time to deliberate critical issues
and are not faced with unrealistic deadlines for decisionmaking;
making certain that the board determines the nature and
extent of the significant risks that the company is willing to
embrace in implementing its strategy, and that there are no
"no go" areas which prevent directors from operating effective
oversight in this area;

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*The chairman of
each board committee
should apply a
similar leadership
role, particularly in
creating conditions
for overall committee
and individual director
effectiveness.

3-9

Session 3 The Board of Directors

P1 Governance, Risk and Ethics

regularly considering succession planning and the composition

of the board;*
making certain that the board has effective decision-making
processes and applies sufficient challenge to major proposals;
ensuring that the board's committees are properly structured
with appropriate terms of reference;
encouraging all board members to engage in board and
committee meetings by drawing on their skills, experience,
knowledge, diversity and, where appropriate, independence;
fostering relationships founded on mutual respect and open
communication (both in and outside the boardroom) between
the NEDs and the executive team;
consulting the senior independent director on board matters
where appropriate (see below);
ensuring his own and other directors' development, including
induction programmes for new directors and regular reviews
with all directors;
acting on the results of board evaluation; and

*This is especially
important in relation to
a new CEO and to the
diversity of the board.

ensuring effective communication with stakeholders and, in


particular, that all directors are made aware of the views of
those who provide the company's capital.

1.5.3

The Senior Independent Director

The senior independent director usually:


acts as a sounding board for the chairman;
provides support for the chairman in the delivery of his
objectives; and
leads the evaluation of the chairman on behalf of the other
directors.
He should work with the chairman and other directors (and/
or shareholders) to resolve significant issues where, for
example:*
there is a dispute between the chairman and the CEO;
shareholders or NEDs have expressed concerns that are not
being addressed by the chairman or the CEO;
the strategy being followed by the chairman and the CEO is
not supported by the entire board;
the relationship between the chairman and the CEO is
particularly close, and decisions are being made without the
approval of the full board; or
succession planning is being ignored.

3-10

*Boards should ensure

that they have a clear


understanding of when
the senior independent
director might intervene
in order to maintain
board and company
stability.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.6

Session 3 The Board of Directors

Separating the Roles of the CEO


and Chairman

The reason that many corporate codes (e.g. the Code)


recommend separating the roles of CEO and chairman is to avoid
a situation in which one individual has unfettered (uncontrolled)
power. There should be a balance of power between board
members such that no one individual will gain unlimited,
unchecked, power.*

*Unfettered power
should be avoided
so that it cannot be
abused as in the case
of Maxwell.

In a number of governance codes, this is enhanced by requiring


the chairman to be an independent NED.*
1.6.1

Benefits of Separating the Roles

The CEO is able to concentrate on the management of the


company without having to report to shareholders or become
distracted from executive responsibilities. The chairman is
expected to represent shareholders' interests and act as the
point of contact for shareholders.*
Having two people at the head of a large company removes the
risks of "unfettered powers" being concentrated in the hands of
one individual. This is an important "check and balance" for
investors (as well as other board members) concerned about a
potential lack of transparency and accountability.
Separate roles reduce the risk of a conflict of interest in one
person being responsible for company performance while also
reporting on that performance to markets.
The chairman can be an important "sounding board" for
the concerns of NEDs who, in turn, provide independent
representation of external concerns on boards of directors.
1.6.2

Arguments Against Separating the Roles*

Even with separate roles a CEO's influence may be so strong


that he dominates the board.*
There is no academic evidence to suggest that it is a good thing.
In family-run companies, the CEO and the chairman may not
be independent of each other.
High-calibre managers may not agree to have the role split
(as is usual in the US).
There are insufficient excellent managers/leaders to source
the two roles.

*It used to be
common practice
for a retiring CEO to
become the Chairman.
Clearly, this could
easily lead to conflicts
over strategy between
the new CEO and the
Chairman (ex-CEO).

*Some governance
codes also require the
chairman to represent
the interests of other
stakeholders, such as
employees.

*Interestingly, in most of the corporate scandals of the last 20


years, a key element has been the dominant CEO who also acted as
chairman. In the few scandals in which there was separation of the
roles (e.g. Enron and RBS) the chairman (and the board as a whole)
was dominated by the CEO. In both cases, the CEO had or was
allowed, unchecked, unfettered power.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

3-11

Session 3 The Board of Directors

P1 Governance, Risk and Ethics

Illustration 1 Marks & Spencer (M&S)


In the early 2000s, M&S had lost its way as a leading UK retailer, with serious
splits and battles in the boardroom over strategy. In 2004, the board appointed an
outsider retail specialist, Sir Stuart Rose, to the role of CEO to defend the company
against takeover bids and to turn the business around. Sir Stuart had indicated he
would only stay for five years.
Within two years, all the executive directors had been replaced, a new nonexecutive chairman appointed (Lord Burns) and the company was well on the way
to recovery with impressive results. Sir Stuart was doing the job he had been
employed to do.
In 2007, when Lord Burns started to consider the succession of Sir Stuart, it
became clear that there was nobody in the organisation who had the necessary
experience and "whose face fitted". To add to his concern, UK trading conditions
were showing a turn down and by the beginning of 2008 showed no sign of
reversingin fact they were getting worse. To have changed the CEO at this
time would have been potentially disastrous and therefore the board requested
Sir Stuart to stay for a further two years to allow a successor to be found and
embedded in the company.
Sir Stuart agreed, but only on condition that he would also become chairman to
allow him to have total control over the direction and strategy of the business.
Lord Burns agreed to step down as chairman to allow this to happen and the board
therefore agreed to appoint Sir Stuart in the joint role of CEO/chairman.
A letter to shareholders from Lord Burns essentially announced this as a done
deal. There was an immediate uproar from institutional shareholders (65% of total
shareholders) as many considered that too much power was being given to Sir
Stuart and that the combined role was against governance requirements.
Following a bitter two-week row between M&S and its institutional investors, the
M&S board agreed to put in place a series of measures to calm investors' fears of
too much power being concentrated in one pair of hands, including:

Putting Sir Stuart up for re-election at the July 2008 AGM and then every year
(rather than every three years as is normal for all directors);

Roles to be split on Sir Stuart's retirement in 2011;

Providing additional powers to the non-executive vice chairman as a check on


Sir Stuart (i.e. they will work together on chairman issues);

Appointing two additional NEDs to the board;

No additional compensation to be given to Sir Stuart.

While these measures were reluctantly accepted at the July 2008 AGM, on the
basis that keeping Sir Stuart until 2011 was in the company's best interests, many
shareholders stated that they would be closely monitoring what they perceived to
be an unprecedented bid (at least in the UK) for company and boardroom power.
Because Sir Stuart felt hindered by the close monitoring of his dual roles, he stepped
down as CEO in May 2010 and as executive chairman in July 2010 (one year earlier
than expected) but continued as a non-executive chairman until January 2011.

3-12

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Board Structures

2.1

Forms

Session 3 The Board of Directors

There are generally two models of board structure:*


unitary; and
tier (usually two tiers, but there may be three).
Which structure is used generally comes down to historical,
legal and cultural factors.

2.2

Unitary Boards

This is the most common board structure in the Anglo-Saxon

world and in a number of EU countries.


A unitary board includes both executive directors and NEDs
who take decisions as a unified group and are held legally and
executively responsible (as a group and as individuals) for
their individual actions and the success of the company.*
All members are not equal in terms of the organisational
hierarchy, but they all are legally responsible and equally
accountable for board decisions.

2.2.1

Advantages

Broadly, that the board acts as one with equal status,


responsibilities and decision-making.
All members of the board have the same legal responsibility for
the performance of a company. Therefore, NEDs are empowered
within the board, being accorded equal status to executive
directors rather than just acting in a supervisory capacity.
The presence of NEDS on the board might provide executive
directors with different expertise, experience and perspectives
that may be of invaluable help in devising strategy and the
assessment of risk.
NEDs bring independent scrutiny to the board, challenging the
CEO and executive directors before strategies are devised and
implemented.
Board accountability is enhanced by providing a greater
protection against fraud and malpractice and by holding all
directors equally accountable under a "cabinet government"
arrangement.
Unitary board arrangements reduce the likelihood of abuse of
(self-serving) power by a small number of senior directors.
Closer relationships and better information flow as all directors
are on the same single board. Promotes easier co-operation
between the board members.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*A jurisdiction's
corporate governance
requirements often
will be based on these
criteria.

*All listed companies


in the UK operate
a unitary board,
although any UK
company could operate
a tiered board if they
considered it to be
more appropriate
(e.g. a subsidiary of
a foreign company
that operates a tiered
board).

3-13

Session 3 The Board of Directors

2.2.2

P1 Governance, Risk and Ethics

Disadvantages

The success of the NED role depends on the robustness,


tenacity and expertise of the NED.
No specific provision is made for employees, external
shareholders or union representatives to be on the board.
Such stakeholders depend on the role of the NEDs to be able
to put forward their point of view.
The role of NEDs may be strenuous in terms of time and
expertise. Not only do they perform a director's role, they
also are expected to monitor executive directors as a whole.
NEDs are dependent on the information provided to them by
the CEO. The higher the quality, the better they will be able
to perform their role. This may, however, lead to "reluctance"
on the part of the CEO to provide information that will then be
used to challenge the CEO's decisions.*
Managers may be less inclined to share information with a board
as its monitoring intensity increases. With less information, even
an independent board cannot monitor effectively. This implies
that recent regulation aimed at increasing board independence
may decrease shareholder value if there is a unitary board, even
though shareholders may benefit if increases in independence
improve disclosure practices.

2.3

*It is critical that


directors ensure they
receive all relevant
information needed
to carry out their
functionsone of the
key functions of the
board chairman.

Tiered Boards

Predominantly associated with Austria, Germany and the

Netherlands (two tiers) and Japan (three tiers), these also


are found in other countries which have been influenced by
Germany and the Netherlands (particularly in Asia).
Two-tiered boards usually consist of:
a management board; and
a supervisory board.

2.3.1

Management Board

Made up of executive directors, headed by the CEO. Focus is

on operational issues and the running of the business.


Responsibilities broadly include:
Running the business.
Entrepreneurship.
Compliance with statutory requirements.
Regular reporting to the supervisory board on strategy,
accounts and performance.

3-14

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

2.3.2

Session 3 The Board of Directors

Supervisory Board

Broadly responsible for safeguarding stakeholders' interests

and overseeing the management board.*


Made up of NEDs (headed by the company chairman) drawn
from employees, shareholders and (often) banks.
Shareholders elect their representatives for the supervisory
board, and employee representatives are elected by the
workers of the corporation or appointed by the trade unions
for a term of four to five years.
The size of the supervisory board often depends on the size
of the company, with up to half of the board consisting of
employee representatives.
Responsibilities include:
Approval and evaluation of strategy and policies.
Monitoring company performance and accounts.
Safeguarding shareholder interests.
Calling shareholders meetings.
Appointment or dismissal of the management board.
Monitoring the management board's performance.
Representing the company in its dealings with members of
the management board.
Examining the annual financial statements.
Providing a written report on the result of the audit for the
shareholders meeting.

*When matters go wrong, it is usually the supervisory board that "takes


the flack".
"It is easier to grab a pig at its soapy tail than to hold the manager of a
German corporation liable."
Hermann Abs, former CEO of Deutsche Bank AG
The focus of the supervisory board has begun to shift more towards
advising and counselling the management board. The rationale of
monitoring a company's management is no longer perceived to be
a question of detecting past mistakes but rather of preventing them
from being made in the first place. From this follows the importance
of controlling and supervising the management in time in order to
prevent worse consequences.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

3-15

Session 3 The Board of Directors

2.3.3

P1 Governance, Risk and Ethics

Advantages of the Two-Tier Board

Clear and formal separation between management (those


monitored) and the monitors.
Stakeholders (e.g. investors and employees) can sit on the
supervisory board, therefore ensuring that their interests will
be heard.
Explicit representation of stakeholder interests other
than of shareholders. No major strategic decisions can
be made without the cooperation of employees and their
representatives.
Direct power over management through the right to appoint
and dismiss.
Encourages transparency between management and shop floor.
2.3.4

Disadvantages of the Two-Tier Board

Potential for confusion over authority and therefore lack of


accountability. The more tiers there are in a system the greater
this disadvantage, often resulting in over-secretive procedures.
The nomination of members of the supervisory committee may
not be as independent as intended. Some of the employee
and shareholder representatives may have connections with
the company management.*
Because the management board generates most of the
information required and used by the supervisory board,
there is a risk that information may be withheld or not fully
disclosed (agency problem). By manipulating information to
the supervisory board, executive management will be able to
influence the agenda of the supervisory board.
The number of supervisory board members is not limited.
Where the number is high (e.g. greater than 1015) research
has shown that efficient work and orderly discussion becomes
far more difficult. Trade unions and employees often block
any attempt to reduce the size of the board relating it to "an
attack on co-determination".
Employee representatives may delay or block decisions being
made that are in the best interest of the company but not of the
employees (e.g. restructuring, rationalisation, redundancies).

3-16

*In German companies


43% of supervisory
boards include a
former member of
the management
board. It is common
practice for the
retiring CEO to move
to the supervisory
board and become its
chairman. It seems
questionable how
this chairman could
become sufficiently
independent of his
former "environment".
On the other hand,
his experience could
be valuable for the
supervisory board.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Non-executive Directors (NEDs)

3.1

Role

As defined earlier in this session, NEDs are directors who have no


executive or managerial responsibilities.
The UK Higgs Report (incorporated into the Code) identifies four
areas of key involvement for NEDs:
1 Strategy
2. Performance (Scrutiny)
3. Risk

Session 3 The Board of Directors

NEDs are expected to


monitor and challenge
the performance
of the executive
directors and the
management, and to
take a determined
stand in the interests
of the firm and its
stakeholders.

4. People
3.1.1

Strategy

As part of their role as members of a unitary board, NEDs

should constructively challenge and help develop proposals


on strategy.
The strategy role recognises that NEDs are full members
of the board and thus have the right and responsibility to
contribute to the strategic success of the organisation for the
benefit of shareholders.
The enterprise must have a clear strategic direction and NEDs
should be able to bring considerable experience from their
lives and business experience to bear on ensuring that chosen
strategies are sound.
In this role NEDs may challenge any aspect of strategy and
offer advice or input to help to develop successful strategy.

3.1.2

Performance (Scrutiny)

NEDs should scrutinise the performance of management

in meeting agreed goals and objectives and monitor the


reporting of performance.
NEDs are required to hold executive colleagues to account for
decisions taken and company performance. In this respect
they are required to represent the shareholders' interests
against the possibility that agency issues arise to reduce
shareholder value.

3.1.3

Risk

NEDs should satisfy themselves on the integrity of financial

information and that financial controls and systems of risk


management are robust and defensible.
This includes monitoring the veracity and adequacy of the
financial and other company information provided to investors
and other stakeholders and monitoring the company's legal
and ethical performance.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

3-17

Session 3 The Board of Directors

3.1.4

P1 Governance, Risk and Ethics

People

The "people" role involves NEDs overseeing a range of

responsibilities with regard to the management of the


executive members of the board.
They are responsible for determining appropriate levels
of remuneration of executive directors and have a prime
role in appointing and removing executive directors (where
necessary) and in succession planning.
Boards should assign a sufficient number of NEDS capable
of exercising independent judgement to tasks where there
is potential for conflict of interest (e.g. financial reporting,
nomination, executive and board remuneration).

3.2

Skills

The "Tyson Report on the Recruitment and Development of

Non-executive Directors" identified four personal attributes


required by NEDs in order to carry out the responsibilities of
their role:
1. Integrity and high ethical standards.
2. Sound judgement.
3. Ability and willingness to challenge and probe.
4. Strong interpersonal skills.

Integrity and high standards should be taken for granted, as

with all directors and professionals.


The exercise of sound judgement must be based on knowledge
about the company and the environment in which it functions.
NEDs must be able to recognise problematic actions or a
flawed decision-making process. They must be able to identify
issues of risk and judge how and when to raise them with the
CEO or other executive directors.
NEDs must be able and willing to challenge and probe the
information presented to them by company management.*
To be able to challenge and probe, strong interpersonal skills
are essential. Without such skills, an individual NED will
not be able to participate fully on a board of highly talented
individuals or to question the recommendations of powerful
executives.

NEDs also need high levels of engagement and


independence.*

*The willingness to
confront management
and raise difficult
issues with executive
management is
often cited as one of
the most important
characteristics of an
effective NED.

"Effectiveness requires high levels of engagement It is not


sufficient just to turn up at board meetings. Instead individuals
need to build their knowledge of the business through all sorts of
informal contact with executives, as well as their work on board subcommittees. Only with this sort of engagement and understanding
of a company can individuals make a credible contribution to board
discussions."
McNulty, Roberts, Stiles, 2003

3-18

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 3 The Board of Directors

The Higgs Report considers that the effective NED:

3.3

upholds the highest ethical standards of integrity and


probity;
supports the leadership role of executives, while monitoring
their conduct;
questions intelligently, debates constructively, challenges
rigorously and decides dispassionately;
listens sensitively to the views of others, inside and outside
of the board;
gains the trust and respect of other board members; and
promotes the highest standards of corporate governance
and compliance with the Code.

Independence*

Under the Code, " the board should identify in the annual
report each NED it considers to be independent. The board
should determine whether the director is independent in
character and judgment and whether there are relationships
or circumstances which are likely to affect, or could appear to
affect, the director's judgment."
Threats to independence include:*
Being a former employee of the company within the last
five years.
Material business relationships with the company in the past
three years.
Remuneration paid (apart from the director's fee) by the
company.
Participation in the company's share option scheme or a
performance-related pay scheme, or being a member of the
company's pension scheme.
Close ties with the company's advisors, directors or senior
employees.
Having been a member of the board for more than nine years.
Being, or representing, a major shareholder.
Holding too many non-executive directorships in various
companies.
Not being able to devote enough time to the tasks in hand.

3.4

Advantages and Disadvantages of NEDs

3.4.1

Advantages

*Given their role and


the skills required of
them, independence
is clearly a necessary
pre-requisite
for the effective
accountability of NEDs
to shareholders.

*Historically, former
CEOs have been asked
to stay on the board
either as chairman or
in another important
non-executive role
so their expertise
and knowledge of the
business would not be
lost. This would now
be a direct threat to
independence.

Independent monitoring.
External expertise and knowledge, yet with insider knowledge
of the business.
Wider perspective.
Perception and comfort factor for third parties (e.g. investors,
regulators).
Wider "gene pool" (e.g. gender, culture, ethnicity, age)
representative of major stakeholders.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

3-19

Session 3 The Board of Directors

3.4.2

P1 Governance, Risk and Ethics

Disadvantages

Lack of appropriate numbers of suitably qualified individuals.


Low rewards, but high liability (e.g. basic salary, but equal
share of blame).
Conflict with executives when trying to get their views heard.
Resentment from executive directors leading to board disunity.
Recruited for governance political correctness (e.g. female or
ethnicity).

Illustration 2 Royal Bank


of Scotland*
A report (December 2011) by the UK's Financial Services Authority
into the near collapse of RBS (Royal Bank of Scotland) during the
(ongoing) banking crisis noted that:
Underlying deficiencies in RBS management, governance, risk

controls and culture made it prone to make poor decisions.

The CEO tended to take an optimistic view of what was likely to

happen as he had often, in the past, been proved right.

With 17 directors, the board was too big for effective discussion

and challenge and seems to have been badly infected by


groupthink.

A forceful CEO in a complex business and with the wrong

incentives is unlikely to be constrained by an over-large board of


directors drawn from the same establishment pool.

The NEDs were also mostly establishment figures and therefore

failed to be sufficiently challenging of the Chief Executive (i.e.


they let him do what he wanted).

Most on the board did not fully understand the bank's products

and the risks they posed. All they seemed to understand was
that whilst other banks were doing the same, they (RBS) needed
to be the leader in being quicker and doing more. This resulted
in a "Titanic effect" of full steam ahead regardless of the warning
signs (that were not recognised or accepted until it was too late).

This view permeated the whole business and was reinforced by


incentives that made it rational for the CEO and his colleagues to
concentrate on increasing revenue, profits, assets and leverage
rather than on capital, liquidity and asset quality (basically they
weakened what were once very strong foundations).

*The RBS CEO's blind belief in himself, his arrogance and the failure
of the board to rein him in resulted in RBS in 2008 running up the
UK's largest-ever corporate loss of $35 billion, mainly due to the writedown of its investments. Without government assistance the bank
(and with it the UK's banking system) would have collapsed. The UK
government currently owns over 80% of the share capital of RBS.

3-20

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 3 The Board of Directors

Induction, CPD and Performance

As part of a wide-ranging review of UK corporate governance


post-Enron, the role of NEDs was closely scrutinised. This
resulted in two reports, the Higgs Report and the Tyson Report
recommendations were incorporated in the Code.*
Although these reports were aimed at NEDs, it was recommended
that their principles be applied to all directors, executive and nonexecutive, wherever possible.

*Prior to the Higgs and Tyson reports, it was not unusual for new
directors to "learn the ropes" by doing the job. Only a few of the
larger, listed companies had any form of induction for new directors,
training for all directors and performance reviews.
New directors could be relatively ineffective in their roles for some
time and unwittingly exposed to breaching laws and regulations.
Other directors could easily become out of date and fail to keep up
with emerging issues and the best way to deal with them. There
also was the risk that new directors would be "house trained" by an
aggressive CEO and not protected by a weak chairman.

4.1

Induction

Every company should develop its own comprehensive, formal

induction programme that is tailored to the needs of the


company and individual directors.*
The aim of the programme is to effectively and efficiently
engage new directors with the company, the board and
stakeholders, and their roles and responsibilities on a timely
basis.*
The company and its shareholders will benefit through the new
directors' added value (e.g. through innovative ideas).
For a new NED or an externally appointed executive director,
a combination of selected written information together with
presentations and activities such as meetings, site visits and
shadowing an executive director will help give a balanced and
real-life overview of the company.
A new director should not be overloaded with information. A
list of all induction information available should be provided so
the new director can call up items as required.
For individuals who have not previously held directorship
roles, it is important that they fully understand their legal and
fiduciary duties.
The induction process should:
communicate vision and culture;
communicate practical procedural duties;
reduce the time for a new director to become productive;
make the new director feel welcomed and a useful member
of the team; and
ensure retention of individuals.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*For NEDs, there


must be emphasis on
independence (rather
than indoctrination).
For executives,
emphasis will be on
their responsibilities as
directors as compared
to their roles as
managers.
*To sustain their
added value, all
directors must remain
at an effective and
efficient level of
operational and
innovative ability
through continuing
professional
development (CPD).

3-21

Session 3 The Board of Directors

4.1.1

P1 Governance, Risk and Ethics

Understanding the Nature of the Company, Its Business


and Its Markets*

Brief history of the company including when it was

incorporated and any significant events during its history.


Company organisational chart and management succession
plans.
Current strategic/business plan, market analysis and budgets
for the year with revised forecast and three-/five-year plan.
Latest annual report and accounts (and interim financial
statements as appropriate) plus explanation of key
performance indicators.
Copy of all management accounts prepared since the
company's last audited accounts.
The corporate brochure, mission statement, environmental
reports, etc with a summary of the main events (e.g. mergers,
divestments, introductions of new products, diversification into
new areas, restructuring, etc) over the last few years.
Listing Rules and corporate governance guidelines which the
company seeks to follow.

*Obviously, where
the director has been
appointed internally,
much of this detail
may already be known.

The company's main products or services.


Group structure/subsidiaries/joint ventures.
Summary details of the company's principal assets, liabilities,
significant contracts and major competitors.

Major risks, risk management strategy and relevant disaster

recovery plans.
Key performance indicators.
Regulatory constraints.

4.1.2

Board Issues

Brief outline of the role of a director and a summary of his

responsibilities and ongoing obligations under legislation,


regulation, best practice and the culture of the organisation.
Up-to-date copy of the company's constitution, with a
summary of the most important provisions.
Minutes of the last three to six board meetings.
Schedule of dates of future board meetings and board
subcommittees if appropriate.

Description of the board structure and procedures (e.g. when

papers are sent out, the normal location of meetings, how


long meetings last and routine business transacted).
Brief biographical and contact details of all directors, the
company secretary and other key executives. This should
include executive responsibilities, dates of appointment and
membership of board committees.
Details of board committees and their terms of reference.
Also, if the director will be joining a committee, copies of the
minutes of meetings for the last 12 months.
Policies as regards health and safety, environmental, ethics
and whistle-blowing, and charitable and political donations.

3-22

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

4.1.3

Session 3 The Board of Directors

Link With the Company's People*

Internal company telephone directory (including any

international contact numbers and names).


Meetings with senior management.
Visits to company sites other than the headquarters, to learn
about production or services and meet employees in an
informal setting.
Participating in board strategy development.

4.1.4

Understanding the Company's Main Relationships

*It is important, not


only for the board to
get to know the new
NED, but also for the
NED to build a profile
with employees below
board level.

Auditors;
Major customers;
Major suppliers;
Major shareholders and capital investors;
Shareholder relations policy;
Meeting with shareholders.

4.1.5

Information Provided by the Company Secretary

Protocol, procedures and dress code for board meetings,

general meetings, formal dinners, office, staff social events,


site visits, etc, including the involvement of partners
(husband, wife, etc) where appropriate.
Procedures for accounts sign off, results announcements,
items requiring approval outside of board meetings.
Expenses policy and method of reimbursement.

4.2

Continuing Profession Development (CPD)

As with any profession, continuing education is essential for an

individual to reach and maintain an effective and efficient level


of operation.
To run an effective board, companies need to provide
resources for developing and refreshing the knowledge and
skills of their directors, including NEDs.
The chairman should address the development needs of the
board as a whole with a view to enhancing its effectiveness as
a team.
The chairman should also lead in identifying the development
needs of individual directors, with the company secretary
playing a key role in facilitating provision.

NEDs should be prepared to devote time to keeping their skills


up to date.

Any of the board directors who are members of a professional

body (e.g. accountants, lawyers) will also need to meet their


professional body's annual continuing profession development
(CPD) requirements.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

3-23

Session 3 The Board of Directors

P1 Governance, Risk and Ethics

Example 2 CPD*
Suggest the CPD requirements.
Solution

a general board
director of a listed
bank;
an NED on the
audit committee;
and
a director on
the nominations
committee.

*When a director serves on one of the corporate governance


committees (i.e. audit, remuneration, nominations, risk) not only
will they require CPD but they should follow a specific induction
programme to ensure they have the appropriate skills and
understand their role and requirements of being on the committee.

3-24

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

4.3

Session 3 The Board of Directors

Performance Appraisal

The key elements are aimed at improving effectiveness,

maximising strengths and tackling weaknesses of individual


directors and of the board as a whole. The system should
provide essential feedback to individuals and the groups in
which they operate.
Under the Code:
The board should undertake a formal and rigorous
annual evaluation of its own performance and that of its
committees and individual directors.*
Evaluation of the board should consider the balance of skills,
experience, independence and knowledge of the company
on the board, its diversity, including gender and how the
board works together as a unit.
The chairman should regularly review and agree with each
director on their training and development needs.
Individual evaluation should aim to show whether each
director continues to contribute effectively and to demonstrate
commitment to the role (including commitment of time for
board and committee meetings and any other duties).
The chairman should act on the results of the performance
evaluation by recognising the strengths and addressing the
weaknesses of the board and, when appropriate, proposing
new members be appointed to the board or seeking the
resignation of directors.
The board should state in the annual review how performance
evaluation of the board, its committees and individual directors
has been conducted. NEDs led by the senior independent
director, should review the performance of the chairman,
taking into account the views of executive directors.
The use of trusted external consultants, while not a
consideration of the Code, does provide an independent factor
and counselling element into the process.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*For major listed


companies (FT
350), an externallyfacilitated review
should be carried
out at least every
three years.

3-25

Session 3 The Board of Directors

4.3.1

P1 Governance, Risk and Ethics

Evaluation of the Board

How well has the board performed against any performance

objectives that have been set?


Has the board shown clarity of, and given leadership to, the
purpose, direction and values of the company?
What has been the board's contribution to the testing and
development of strategy?
What has been the board's contribution to ensuring robust and
effective risk management?
Is the composition of the board and its committees
appropriate, with the right mix of knowledge and skills to
maximise performance in light of the future strategy? Are
relationships inside and outside the board working effectively?
How has the board responded to any problems or crises that
have emerged and could or should these have been foreseen?
Are the matters specifically reserved for the board the
right ones?
How well does the board communicate with the management
team, company employees and others?

*The questions
phrased for the
assessment of NEDs
are also relevant for
appraising executive
directors.

How effectively does it use mechanisms such as the AGM and

the annual report?


Is the board as a whole up to date with latest developments in
the regulatory environment and the market?
How effective are the board's committees?
Is appropriate, timely information of the right length and
quality provided to the board and is management responsive
to requests for clarification or amplification?
Does the board provide helpful feedback to management on
its requirements?
Are sufficient board and committee meetings of appropriate
length held to enable proper consideration of issues? Is time
used effectively?
Are board procedures conducive to effective performance and
flexible enough to deal with all eventualities?

4.3.2

Relationship of the Chairman and the Board

Is the chairman demonstrating effective leadership of


the board?

Are relationships and communications with shareholders well


managed?

Are relationships and communications within the board

constructive?
Are the processes for setting the agenda working? Do they
enable board members to raise issues and concerns?
Is the company secretary being used appropriately and to
maximum value?

3-26

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

4.3.3

Session 3 The Board of Directors

NEDs*

How well prepared and informed are NEDs for board meetings

and is their meeting attendance satisfactory?


Do they demonstrate a willingness to devote time and effort
to understand the company and its business and a readiness
to participate in events outside the boardroom, such as site
visits?
What has been the quality and value of their contributions at
board meetings?
What has been their contribution to development of strategy
and to risk management?
How successfully have they brought their knowledge and
experience to bear in the consideration of strategy?
How effectively have they probed to test information and
assumptions? Where necessary, how resolute are they in
maintaining their own views and resisting pressure from
others?
How effectively and proactively have they followed up their
areas of concern?

How effective and successful are their relationships with

fellow board members, the company secretary and senior


management?
Does their performance and behaviour engender mutual trust
and respect within the board?
How actively and successfully do they refresh their knowledge
and skills and are they up to date with:
the latest developments in areas such as corporate
governance framework and financial reporting?
the industry and market conditions?
How well do they communicate with fellow board members,
senior management and others (e.g. shareholders)? Are they
able to present their views convincingly yet diplomatically and
do they listen and take on board the views of others?

*The key aspect of board appraisal is to have evaluation procedures


in place and use them effectively at least once a year. If they
are not in place, the question is, "Why not?" How can a company
set performance-related pay for its directors if there are no such
procedures?
The individual evaluation of directors is useful because it provides
individual directors with the opportunity to discuss important issues
with the chairman on a one-to-one basis to find out about possible
problem areas (e.g. lack of communication, information) and/or better
contribution opportunities.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

3-27

Summary

Every company should have an effective board which is collectively responsible for the
company's success.

The board's role is to provide entrepreneurial leadership of the company within a framework
of prudent and effective controls which enables risk to be assessed and managed.

There should be a clear division of responsibilities at the head of the company between
the running of the board (chairman) and the executive responsibility for the running of the
company's business (CEO). No one individual should have unfettered powers of decision.

At least half the board, excluding the chairman, should be independent NEDs.

The board and its committees should have the appropriate balance of skills, experience,
independence and knowledge of the company to enable them to discharge their respective
duties and responsibilities effectively.

There should be a formal, rigorous and transparent procedure for the appointment of new
directors to the board.

All directors should be able to allocate sufcient time to the company to discharge their
responsibilities effectively.

All directors should receive induction on joining the board and should regularly update and
refresh their skills and knowledge.

The board should be supplied in a timely manner with information in a form and of a quality
appropriate to enable it to discharge its duties.

The board should undertake a formal and rigorous annual evaluation of its own performance
and that of its committees and individual directors.

All directors should be submitted for re-election at regular intervals, subject to continued
satisfactory performance.

3-28

As part of their roles as members of a unitary board, NEDs should constructively challenge
and help develop proposals on strategy.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 3
Session 3 Quiz
Estimated time: 15 minutes
1.

List 10 responsibilities and duties of the board. (1.2)

2.

Explain how directors may be removed from the board. (1.3.5)

3.

Briefly explain the roles of the CEO and the chairman. (1.5)

4.

List the areas that a typical director's induction should cover. (4.1)

5.

Explain how external consultants can be used to assist in the appraisal of the board. (4.3)

Study Question Bank


Estimated time: 50 minutes

Priority

Q5

Estimated Time

Alliya Yongvanich

Completed

50 minutes

Additional

Q6

TQ Company

2014 DeVry/Becker Educational Development Corp. All rights reserved.

3-29

EXAMPLE SOLUTIONS
Solution 1Board Directors' Fiduciary Duty

The likely consequence of any decision in the long term.

The interests of the company's employees.

The need to foster the company's business relationships with suppliers, customers
and others.

The effect of the company's operations on the community and the environment.

The desirability of the company maintaining a reputation for high standards of


business conduct.

The need to act fairly as between the members of the company.

3-30

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Solution 2CPD
General Director of a Bank*

All directors need to maintain a full understanding of the general


environment in which their business operates. They will require
regular briefings and more specific training on:
General political, economic, social and technological ("PEST")
factors that will affect their work environment.
Audit and remuneration issues.
Legal issues with a direct effect on their role as directors.
Management of human resources.
Risk management.
Interpersonal and management skills (e.g. communication,
negotiation, presentation, persuasion, time management, body
language, team development).
Technical issues directly affecting the business.

*With specific reference to the bank, it is becoming clear from


the various investigations into the sub-prime and credit crisis that
many of the banks' managers and directors did not understand the
complexity of the instruments they were dealing in. In a number
of cases, the boards had been warned by their risk managers of the
dangers they faced, but chose to ignore the advice given. In one
such case the former CEO of a major mortgage bank admitted to a
friend in 2005 that he did not fully understand the instruments used
and how the bank was making its money, but it was making a lot
of money. If he had taken the advice of his risk manager (to slow
down the bank's expansion and exposure to such instruments), he
felt, he would have been sacked by his board. "Everybody else was
doing it, and for us not to would have been suicide for me." Instead
he sacked the risk manager and replaced him with an individual who
had less experiencea good example of "shooting the messenger".

NED on Audit Committee

While the Code requires at least one member of the audit committee
to have had recent relevant experience, all of the committee
members should ideally have relevant knowledge of audit and
financial statements. For example, a general understanding of the
roles of internal and external auditors, an understanding of control
procedures and an up-to-date understanding of GAAP (e.g. IFRS).

Therefore, in addition to the general training noted above, audit


committee members should also have specific financial reporting
skills training.

Nominations Committee*

Members of the nominations committee will be specifically involved in


executive search and selection. Therefore sound interviewing skills
will be a high priority, as well as other interpersonal skills (e.g. body
language, questioning). They should also be kept up to date with
benchmark comparisons of directors' compensation packages in the
financial services industry, both nationally and internationally.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*Nominations
Committee is detailed
in Session 4.

3-31

Session 4

Board Committees
FOCUS
This session covers the following content from the ACCA Study Guide.
A. Governance and Responsibility
4. Board committees
a) Explain and assess the importance, roles and accountabilities of, board
committees in corporate governance.
b) Explain and evaluate the role and purpose of the following committees in
effective corporate governance:
i)

Remuneration committees

ii)

Nominations committees

9. Public sector governance


c) Assess and evaluate the strategic objectives and governance arrangements
specific to public sector organisations as contrasted with private sector.

Session 4 Guidance
Note that board committees are regularly the subject of an examination question.
Note that a fourth committee, the audit committee, is covered in Session 10. You should be familiar
with the role of this committee from your Paper F8 studies.

(continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To explain the role and purpose of the main board committees in corporate
governance.

BOARD COMMITTEES
Introduction
Governance

REMUNERATION
COMMITTEE

PUBLIC SECTOR
ORGANISATIONS

Background
The Code
Principal Duties

NOMINATIONS
COMMITTEE
Background
The Code
Principal Duties

Strategic Objectives
Governance
Arrangements

RISK COMMITTEE

Background
Role
Composition
Issues

Session 4 Guidance
Understand each committee's composition and role, which vary and can easily be mixed up.
See the Illustrations for good examples of the scope of each committee.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

4-1

Session 4 Board Committees

Board Committees

1.1

Introduction

P1 Governance, Risk and Ethics

Board committeea group of people to whom authority has been


delegated by a larger group to perform a particular function or duty.

Committees are formed to carry out specific functions that

4-2

cannot be carried out effectively by the managing board


(e.g. board of directors or trustees) alone due to:*
the time commitment required (e.g. all of the directors
cannot be involved all of the time in all business functions);
the specialisation of the subject matter (e.g. information
systems projects, finance matters); or
the legal/regulatory requirement to establish specific
committees.
The purpose and role of a committee are many and varied.
Examples:
Creating new ideas, research and development,
brainstorming;
Communication, disseminating information and obtaining
feedback;
Problem solving, task force or working party;
Coordination of projects, departments, disciplines,
organisations;
Representing interests of others, stakeholders,
environment;
Overseeing procedures, roles, activities;
Making formal recommendations (to do something or not to
do anything).
To be effective:
The committee's terms of reference must be clearly set out
with appropriate authority and responsibilities (e.g. to make
decisions/recommendations, to have access to information/
individuals, to provide feedback to the board).
The number and mix of individuals forming the committee
should be appropriate to ensure that it is strong, well
balanced and workable.*
Committee members must be selected based on the skills,
knowledge, experience and expertise that they can bring to
the requirements of the terms of reference.
The committee should be led by an experienced chairman
supported by adequate administrative resources (e.g. the
company secretary).

*The board of
directors is a form
of committee
established by the
shareholders to run
the business on their
behalf.

*Corporate
governance
committees (including
the main board)
should have some
representation by
NEDs. This enhances
the accountability of
each committee to
the shareholders.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance Risk and Ethics

1.2

Session 4 Board Committees

Governance

Under most corporate governance codes the key committees


are:
a remuneration committee;
a nominations committee;
a risk committee; and
an audit committee.*

*The audit committee is probably the most important in corporate


governance as it deals with the integrity of controls and risk
management processes and financial reporting (see Session 10).

Expect at least one


of the committees
to feature in the
exam. The best way
to become familiar
with the structure,
role and reporting
requirements of the
committees is to
read through a listed
company's corporate
governance report.

Most companies also will have an executive committee

comprising the CEO, executives and other key senior


managers (but not the chairman or NEDs). Such committees
usually are responsible for the day-to-day management of
the company's businesses, the company's overall financial
performance in fulfilment of strategy, plans and budgets,
capital structure and funding. It may also review major
acquisitions and disposals.

Remuneration Committee

2.1

Background

During the 1990s, the issue of directors' remuneration became

a primary concern for investors and the public at large,


particularly in the UK.
Many public entities were being privatised (e.g. British
Telecoms, British Gas, British Airways, British Rail, electricity
boards) in the 1980s and early 1990s and their directors
started to award themselves significant increases in their
compensation packages to bring themselves into line with
equivalent private companies in the UK and the US.
However, the performance of most of the companies failed to
improve with the business mentality of many of the directors
firmly fixed in a public sector mindset. This was exacerbated
by directors continuing to award themselves bonuses and pay
rises as their companies underperformed and made losses.
Shareholders revolted and the phrase "fat cats" became a
common description of the directors.
Consequently, it was recognised that corporate governance
issues relating to directors' remuneration needed to be
addressed in a more rigorous manner. This led to the
establishment of the Greenbury Committee and the
subsequent issue of the Greenbury Report (1995) which
was then incorporated into the Combined Code (1998).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

4-3

Session 4 Board Committees

P1 Governance, Risk and Ethics

2.2 Requirements of The Code


There should be a formal and transparent procedure for

developing policy on executive remuneration and for fixing the


remuneration packages of individual directors.
The board should establish a remuneration committee of
at least three, or in the case of smaller companies, two,
independent NEDs.
The committee should have delegated responsibility for setting
remuneration for all executive directors and the chairman,
including pension rights and any compensation payments.
No executive director should be involved in deciding his or her
own remuneration.
The committee should also recommend and monitor the level
and structure of remuneration for senior management (e.g. at
least the first layer of management below board level).
The terms of reference of the committee, explaining its role
and the authority delegated to it by the board, should be
made available.

Where remuneration consultants are appointed, a statement


should be made available of whether they have any other
connection with the company.

2.2.1 Considered Advantages


Prevents executive directors from setting their own
remuneration levels.
Establishes a transparent system for setting executive
remuneration levels.
Helps to link objectives and performance-related pay and
looks into a balance between short-term and long-term
performance elements.
Makes sure that directors are rewarded fairly and according to
market standards.

2.3 Principal Duties


In summary, the principal duties of the remuneration

committee include:
an organisation's remuneration policy for
executive directors;
making recommendations of executive remuneration and its
cost to the board;
deciding on the different types of reward;
deciding on the time period within which performancerelated packages become payable; and
guaranteeing the transparency of directors' compensation.
establishing

4-4

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance Risk and Ethics

Exhibit 1

Session 4 Board Committees

REMUNERATION COMMITTEE

The following is taken from the Institute of Chartered Secretaries and Administrators (ICSA)
Guidance on Terms of ReferenceRemuneration Committee (www.icsa.org.uk).
Determine and agree with the board the framework or broad policy for the remuneration of the
company's chief executive, chairman, the executive directors, the company secretary and such
other members of the executive management as it is designated to consider.
In determining such policy, take into account all factors which it deems necessary.
The objective of such policy shall be to ensure that members of the executive management of the
company are provided with appropriate incentives to encourage enhanced performance and are,
in a fair and responsible manner, rewarded for their individual contributions to the success of the
company.
Review the ongoing appropriateness and relevance of the remuneration policy, approve the design
of, and determine targets for, any performance related pay schemes operated by the company and
approve the total annual payments made under such schemes.
Review the design of all share incentive plans for approval by the board and shareholders. For
any such plans, determine each year whether awards will be made, and if so, the overall amount
of such awards, the individual awards to executive directors and other senior executives and the
performance targets to be used.
Determine the policy for, and scope of, pension arrangements for each executive director and
other senior executives.
Ensure that contractual terms on termination, and any payments made, are fair to the individual,
and the company, that failure is not rewarded and that the duty to mitigate loss is fully recognised.
Within the terms of the agreed policy and in consultation with the chairman and/or chief executive
as appropriate, determine the total individual remuneration package of each executive director
and other senior executives including bonuses, incentive payments and share options or other
share awards.
In determining such packages and arrangements, give due regard to any relevant legal
requirements, the provisions and recommendations of corporate governance codes and the
appropriate Listing Rules and associated guidance.
Review and note annually the remuneration trends across the company or group.
Oversee any major changes in employee benefits structures throughout the company or group.
Agree the policy for authorising claims for expenses from the chief executive and chairman.
Ensure that all provisions regarding disclosure of remuneration, including pensions, are fulfilled.
Be exclusively responsible for establishing the selection criteria, selecting, appointing and setting
the terms of reference for any remuneration consultants who advise the committee.
Obtain reliable, up-to-date information about remuneration in other companies. The committee
shall have full authority to commission any reports or surveys which it deems necessary to help it
fulfil its obligations.

Example 1 Remuneration Committee


One of the tasks of the remuneration committee is to "approve the design of, and determine
targets for, any performance related pay schemes operated by the company".
Required:
Identify potential problems faced by the remuneration committee in carrying out this task
and the consequences of "getting it wrong" (i.e. setting rewards too high, too low and
making misjudgements).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

4-5

Session 4 Board Committees

Nominations Committee

3.1

Background

P1 Governance, Risk and Ethics

As for remuneration, concern was raised during the 1990s

over the appointment of directors in listed firms. Many


institutional shareholders began to question if "the old boys
network" was effectively operating a cartel on directorships,
particularly for NEDs and therefore failing to take advantage of
the available "gene-pool". Many considered this to be to the
detriment of maximising shareholder wealth.
In addressing this issue the Higgs Report (2003)
recommended that nominations committees be established in
all listed companies.*

3.2

Requirements of The Code

There should be a formal, rigorous and transparent procedure

for the appointment of new directors to the board.


Appointments to the board should be on merit, against
objective criteria and with due regard for the benefits of
diversity, including gender.
Plans should be in place for orderly succession for
appointments to the board and to senior management, so as
to maintain an appropriate balance of skills and experience in
the company and on the board.
There should be a nominations committee which should
lead the process for board appointments and make
recommendations to the board.
A majority of members of the nominations committee should
be independent NEDs.
The chairman or an independent NED should chair the
committee, but the chairman should not chair the nominations
committee when it is dealing with the appointment of a
successor to the chairmanship.
The nominations committee should make available its terms of
reference, explaining its role and the authority delegated to it
by the board.

3.2.1

*This is now
incorporated in the
Code.

Perceived Advantages

Independent selection procedure.


Allows senior executives to concentrate on running the
business.
Selection process not "captured" by an individual director
(e.g. CEO).
Forward thinking on succession matters.

3.3

Principal Duties

In summary, the principal duties of the nominations committee


include:
evaluating the existing balance of skills, knowledge and
expertise on the board;

4-6

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance Risk and Ethics

Session 4 Board Committees

considering the ratio and number of executive and NEDs;


guaranteeing transparent procedures;
ensuring the board and individual board members are
evaluated on a regular basis;
searching for appropriate candidates in a wide range of
areas to ensure that it chooses the most suitable candidates
for the business;
developing appropriate selection criteria;
ensuring that the new board members receive proper
orientation and other necessary training; and
preparing for succession planning.

Exhibit 2

NOMINATION COMMITTEE

The following is taken from the Institute of Chartered Secretaries and Administrators
(ICSA) Guidance on Terms of ReferenceNomination Committee (www.icsa.org.uk)
It incorporates and enhances (for current practice) the original guidance issued in the
Higgs Report (2003).

Regularly review the structure, size and composition (including the skills,
knowledge and experience) required of the board compared to its current
position and make recommendations to the board with regard to any changes.
Give full consideration to succession planning for directors and other senior
executives in the course of its work, taking into account the challenges and
opportunities facing the company and what skills and expertise are therefore
needed on the board in the future.
Be responsible for identifying and nominating for the approval of the board,
candidates to fill board vacancies as and when they arise.

Before any appointment is made by the board, evaluate the balance of skills,
knowledge and experience on the board and, in the light of this evaluation, prepare
a description of the role and capabilities required for a particular appointment.

In identifying suitable candidates the committee shall:

use open advertising or the services of external advisers to facilitate the search;

consider candidates from a wide range of backgrounds; and


consider candidates on merit and against objective criteria, taking care that
appointees have enough time available to devote to the position.

Keep under review the leadership needs of the organisation, both executive and
non-executive, with a view to ensuring the continued ability of the organisation
to compete effectively in the marketplace.
Keep up-to-date and fully informed about strategic issues and commercial
changes affecting the company and the market in which it operates.
Review annually the time required from non-executive directors. Performance
evaluation should be used to assess whether the non-executive directors are
spending enough time to fulfil their duties.
Ensure that on appointment to the board, non-executive directors receive a
formal letter of appointment setting out clearly what is expected of them in terms
of time commitment, committee service and involvement outside board meetings.
Make recommendations to the board concerning:
formulating plans for succession for both executive and non-executive
directors and in particular for the key roles of chairman and chief executive;
suitable candidates for the role of senior independent director;
(continued on next page)

2014 DeVry/Becker Educational Development Corp. All rights reserved.

4-7

Session 4 Board Committees

Exhibit 2

P1 Governance, Risk and Ethics

NOMINATION
COMMITTEE (continued)

membership of the audit and remuneration committees, in consultation with


the chairmen of those committees;
the re-appointment of any non-executive director at the conclusion of their
specified term of office having given due regard to their performance and
ability to continue to contribute to the board in the light of the knowledge,
skills and experience required;
the continuation (or not) in service of any director who has reached the age
of [70] if required by the articles;
the re-election by shareholders of any director under the "retirement by
rotation" provisions having due regard to their performance and ability to
continue to contribute to the board in the light of the knowledge, skills and
experience required;
any matters relating to the continuation in office of any director at any time
including the suspension or termination of service of an executive director as
an employee of the company subject to the provisions of the law and their
service contract; and
the appointment of any director to executive or other office.
Make a statement in the annual report about its activities, the process used to make
appointments and explain if external advice or open advertising has not been used.

Risk Committee

4.1

Background

Although the Code does not specifically recommend the

establishment of a risk committee, the Turnbull Report (Internal


Control Guidance for Directors on the UK Corporate Governance
Code) regards managing risk as part of internal control an
essential role of the board in corporate governance.*
As with Sarbanes-Oxley, if there is no separate risk
committee, the UK Corporate Governance Code requires the
risk management function to be incorporated into the role of
the audit committee if it is not within the main board function.

Exhibit 3

*The general
concepts of risk and
identifying, assessing
and controlling risk
are dealt with in
Sessions 12 to 14.

RISK COMMITTEE

In determining its policies with regard to internal control, and thereby assessing what
constitutes a sound system of internal control in the particular circumstances of the
company, the board's deliberations regarding risks should include consideration of the
following factors:

the nature and extent of the risks facing the company;


the extent and categories of risks which it regards as acceptable for the
company to bear;
the likelihood of the risks concerned materialising;
the company's ability to reduce the incidence and impact on the business of
risks that do materialise; and
the costs of operating particular controls relative to the benefit thereby
obtained in managing the related risks.
Turnbull Report

4-8

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance Risk and Ethics

4.2

Role

Agree and approve the risk management strategy and policies.


Assist the board to define the "risk appetite" of the

Session 4 Board Committees

organisation.*
Provide general and explicit guidance to the main board on
emerging risks and to report on existing risks.
Identify actual risks and the control deficiencies in the
organisation.
Oversee management's responsibilities and review the risk
profile of the organisation to ensure that risk is not higher
than the risk appetite determined by the board.
Receive and review risk reports from functions, divisions,
subsidiaries and other components of the business.
Ensure that infrastructure, resources and systems are in
place for risk management and are adequate to maintain a
satisfactory level of risk management discipline.
Monitor overall exposure and specific risks.
Monitor the effectiveness of independence risk management
functions throughout the organisation.

*Risk appetite is
the level and nature
of exposure to
risks that the board
considers acceptable.
See Session 14
Controlling Risk.

Review the strategies, policies, frameworks, models and

procedures that lead to the identification, measurement,


reporting and mitigation of material risks.
Review issues raised by Internal Audit that affect the risk
management framework.
Ensure that the risk awareness culture is pervasive throughout
the organisation.
Work with the audit committee on designing and monitoring
internal controls for the management and mitigation of risks.

4.3

Composition

As there is no specific requirement to establish a risk

committee in corporate governance, there is usually no


specific guidance on its composition.
The only indication in the Code is given in the guidance on the
role and responsibility of the audit committee:
"to review the company's internal financial controls and,
unless expressly addressed by a separate board risk
committee composed of independent directors, or by the
board itself, to review the company's internal control and
risk management systems"
This wording, and the fact that the audit committee comprises
independent NEDs, implies that the risk committee would
be made up of independent NEDs, which create a number of
advantages and disadvantages.

4.3.1

Advantages

Independent scrutiny.
Vested interests of executive directors would not be present.
Specific external expertise that may be more relevant to a
risk.
Ability to stand back and see "the wood from the trees".

2014 DeVry/Becker Educational Development Corp. All rights reserved.

4-9

Session 4 Board Committees

4.3.2

P1 Governance, Risk and Ethics

Disadvantages

Executive directors would not be able to provide direct


knowledge and experience of the risks being reviewed, unless
invited to provide such information to the committee (while
not being able to debate them).
If a risk manager is appointed (individual dealing with risk on
a day-to-day basis) he would only be able to report directly to
the risk committee as and when it convened.
Excessive time delays may be experienced between an emerging
risk being recognised and action taken by the main board.

Example 2 Risk Committee


Suggest an "ideal" composition of a risk committee to include both executive and nonexecutive directors.

Solution

4.4

Issues

Practical issues faced by the risk committee include:

4-10

Developing and implementing meaningful definitions of risk.


Understanding the company's key non-financial risk and the
risk profile of the company.
Getting business unit managers to take ownership for
managing risk.
Raising the level of awareness in the entire organisation.
Having enough time to thoroughly and strategically review
the risk assessment.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 4 Board Committees

P1 Governance, Risk and Ethics

Public Sector Organisations

5.1

Strategic Objectives

Although most private sector organisations are independent


in that they are "stand-alone" companies answerable to their
shareholders, most public sector organisations are part of a larger
public sector structure.
In the public sector, the national government would be the
ultimate (apex) component, effectively the holding organisation
for everything in the public sector (e.g. UK Gov plc). The
government ministers that are the ministers in charge of the
major departments (e.g. the treasury, ministry of health, ministry
of trade, ministry of education) would most likely be members of
the public-sector equivalent of the main board of a company.*
Each government ministry would then have its own board
equivalent that is helping to achieve and implement a set of
higher government strategic policy objectives. Depending on
the nature of government (e.g. centralist or federalist system)
individual ministries and public sector organisations (e.g. local
authorities) may be given various levels of autonomy. When this
is the case, they will need to set and achieve their own strategic
objectives.

*In the UK and


French governmental
structures, the main
government board is
the Cabinet.

Each must work out how it will achieve what it is asked to

do within the constraints (tight or loose) set by the national


government (e.g. tight constraints over central government
funding, but looser constraints over the spending of locally
raised taxes).*
Each must be strategically effective in that it must achieve the
objectives established for it in carrying out government policy.
Because they are funded by public money, they must also be
efficient and make the most of whatever resources they are
provided with.
Finally, they must also be economical in that they must work
within specified budget and deliver desired outputs within that
budget.
Accordingly, there is an emphasis on value for money and service
delivery. When public sector organisations are occasionally
criticised in the media or by their customers/users, it is usually
because they have either overspent, underperformed, or both.

4-11

*The "3 Es" framework


is an appropriate
model to use in
understanding public
sector strategy.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 4 Board Committees

5.2

P1 Governance, Risk and Ethics

Governance Arrangements

Although the public sector shares some features of governance


with the private sector (e.g. the need for strategic leadership, clear
thinking and effective strategy implementation) the governance
arrangements often differ. It is therefore particularly important to
study this aspect.

There is no one single way in which public sector organisations


are governed. Accountability is gained in part by having a system
of reporting and oversight of one body over others. Because
there is no market mechanism of monitoring performance (as
there is with listed companies), other means have been developed
(e.g. oversight bodies) to ensure that organisations achieve the
objectives and service delivery targets established for them.
An oversight body may be a board of governors, a council of
reference, a board of trustees, an oversight board or similar. In
each case, its role is to hold the management of the public service
organisation to account for the delivery of the service and to
ensure that the organisation is run for the benefit of the service
users. This can be considered as similar to a two-tier system
in the private sector (a management board and a supervisory
board).
Because public sector organisations are not held to account by
shareholders as with business companies, the oversight body
is often put in place as a means of holding the management
to account. In this respect, oversight bodies are acting in the
interests of service funders (usually taxpayers) in making public
sector organisations accountable.
Typical (and general) roles of oversight bodies include the
following, although their roles do vary substantially depending on
jurisdiction and government policy.

They are there to comply with government rules on whichever

public sector governance applies. So a school may have a


board of governors in order to comply with the local authority
or education department rules on school governance. A
hospital's management may likewise report to a superordinate
body possibly overseeing several other hospitals at the same
time.
It is the role of an oversight body to ensure that the
organisation is well-run and meets the performance targets
established for it by higher levels of government. It may
receive internal or external audit reports to help achieve this
or make visits and other interventions to ensure that the
organisation is performing to expectation.

4-12

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance Risk and Ethics

Session 4 Board Committees

< The oversight body may be involved in budget negotiations

and then in monitoring performance against budget and any


number of other agreed financial measures in a similar way to
that of a management accountant in a conventional business.
< It is likely to be involved in making senior appointments to
the public sector body and in monitoring the performance of
management on an ongoing basis. In many cases, boards of
governors in schools or universities, for example, have the
power to remove a senior manager (perhaps a head teacher)
if they believe that he or she is underperforming and not
delivering the quality of services required.
< Oversight bodies are sometimes required to report upward,
perhaps to local or central authorities, on the organisations for
which they have oversight.
There is an increasing move in some situations to run some public
services along similar lines to private companies. This means
they may have an executive board and also some non-executive
membership on the board with subcommittees.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

4-13

Summary

Some board committees are established through legal or regulatory requirements. Other
committees may be desirable (e.g. if its subject matter calls for specialist knowledge).

Most corporate governance codes specify remunerations, nominations, risk and audit
committees.

Many companies have an executive committee (excluding the chairman and NEDs) which has
responsibility for operations.

The audit committee is particularly important as it deals with the integrity of financial reporting,
controls and risk management processes. It may be combined with the risk committee.

The remuneration committee:

4-14

decides on types of reward and when performance-related pay is payable; and


guarantees transparency of directors' compensation.
evaluates board member skills, knowledge and expertise;
considers the number and ratio of executives and NEDs;
guarantees transparent nominations procedures;
ensures regular board and board member evaluation;
develops a pool of suitable candidates and chooses the most suitable;
ensures new member orientation and training; and
prepares for board member succession.

The risk committee:

makes recommendations on and estimates costs of executive remuneration;

The nominations committee:

establishes remuneration policy for executive directors;

determines the company's key risks;


develops meaningful denitions of risk;
assists the board in dening its "risk appetite";
implements effective risk measures and monitors changes to risk levels;
approves risk management strategies and policies; and
raises awareness of risk management issues.

The Code recommends or requires composition as follows:

Remuneration committeeat least two independent NEDs for small companies; three for
larger companies.

Nominations committeea majority of independent NEDs. The chairman may chair the
committee but not the meeting to determine his successor.

Risk committeeall independent NEDs.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 4
Session 4 Quiz
Estimated time: 10 minutes

1. List the principal duties of the remuneration committee. (2.3)


2. Distinguish between the membership of the remuneration and nominations
committees. (2.3)
3. Explain the principal duties of the nominations committee. (3.3)
4. Explain the practical issues faced by a risk committee. (4.4)

Study Question Bank


Estimated time: 50 minutes

Priority

Q8

Estimated Time

Tomato Bank

Completed

50 minutes

Additional

Q7

Nominations Committee

2014 DeVry/Becker Educational Development Corp. All rights reserved.

4-15

EXAMPLE SOLUTIONS
Solution 1Remuneration Committee*

Inappropriate performance measures chosen that are not linked


to the performance of the company and therefore not to the benefit
of the shareholders.

Narrow perspective taken on selecting performance indicators;


concentrating on only one or a few areas of performance affected by
directors.

Focus on short-term results, with insufficient balance on long-term.

Targets set too low and thus too easy to achieve.

Difficulty in setting clear objectives and measuring results.

The implications of "getting it wrong" include:

Rewards that are too high (or too easy to obtain) and that fail to
generate equivalent increases in shareholders wealth and/or relevant
benefits to other stakeholders (e.g. employees) will attract criticism
and negative press of the company and its remuneration policy
from shareholders and other stakeholders (e.g. trade unions). In
particular the board of the company could find itself under close
scrutiny from society through lobbyists (e.g. The High Pay Centre
www.highpaycentre.org).

Rewards that are set too low (or too difficult to obtain) may not
retain the directors that the company needs. This will result in an
outflow of the skills needed by the company in order to achieve its
objectives and maintain appropriate levels of shareholder wealth.

*The "classic" case of poor judgement by the remuneration and


nominations committees together with the failure of the NEDs and
the board was that of the Royal Bank of Scotland with their new chief
executive Sir Fred Goodwin (see Illustration 2, Session 3).

Solution 2Risk Committee

At least three members.

A majority of NEDs.

At least one member shall also be a member of the audit committee.

At least one member must be a risk expert.

The chairman of the committee must be a NED.

4-16

2014 DeVry/Becker Educational Development Corp. All rights reserved.

NOTES

2014 DeVry/Becker Educational Development Corp. All rights reserved.

4-17

Session 5

Directors' Remuneration
FOCUS
This session covers the following content from the ACCA Study Guide.
A. Governance and Responsibility
5. Directors' remuneration
a) Analyse and assess the general principles of remuneration.
i)

purposes

ii)

components

iii)

links to strategy

iv)

links to labour market conditions

b) Explain and assess the effect of various components of remuneration


packages on directors' behaviour.
i)

basic salary

ii)

performance related

iii)

shares and share options

iv)

loyalty bonuses

v)

benefits in kind

vi)

pension benefits

c) Explain and analyse the legal, ethical, competitive and regulatory issues
associated with directors' remuneration.

Session 5 Guidance
Note that this is another highly contentious issue, especially relating to banks and the
financial services industry.
Read through all of the sections, as they summarise best practice. Refer to the Code and
the LSE publication as necessary (s.1).

(continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To assess the governance issues relating to the remuneration of directors.

COMPENSATION PRINCIPLES
Background
Corporate Governance Guidance

COMPENSATION PACKAGES

Components
Basic Salary
Performance-Related Bonus
Transaction and Loyalty Bonus
Share Options
Shares
Benefits-in-Kind
Pensions
Termination

OTHER ISSUES

Legal
Ethical
Competitive
Regulatory

NEDS
Principles
Guidelines

Session 5 Guidance
Consider the questions, "How much are executives worth?" and "How should
executives be paid?" (s.2), as well as the legal and regulatory environment that affects
compensation options (s.4).
Know best-practice guidelines for each type of compensation (s.2).
Understand the compensation principles specific to non-executive directors (s.3).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

5-1

Session 5 Directors' Remuneration

P1 Governance, Risk and Ethics

Compensation Principles

1.1 Background
< Remuneration and compensation of directors is a hotly

debated topic. As the result of corporate governance


standards and legislation that requires ever-greater disclosure
in financial statements, it has become one of the more visible
areas of deliberation by boards of directors.
< The debate usually centres on four areas:
1. the overall level of directors' remuneration and
compensation;
2. the role of share options;
3. performance measures and linking remuneration with
performance; and
4. the role of the remuneration committee (see Session 4).

< Compensation plans should balance between:


= rewarding

strong current performance and providing


incentives for the future; and
= avoiding payment for bad performance.
Getting the balance right will tend to attract and retain
high-performing individuals who lead the firm to success
and create shareholder value.
Getting the balance wrong may result in a failure
to attract or retain the "right" talent, employee
demotivation and executives aiming to achieve shortterm targets which impair corporate value.
< The London Stock Exchange/Robson Rhodes publication Corporate
Governance: A Practical Guide (www.londonstockexchange.com)
asks the following questions about directors' remuneration:
= Is the policy in line with guidance in the Code and relevant
institutional investors' organisations?
= Are institutional shareholders supportive of the
remuneration policy?
= Has executive directors' pay and performance been fairly
compared with that of an appropriate peer group?
= Are targets set (e.g. for bonuses) such that high rewards
are available only for outstanding performance?
= Does the remuneration committee thoroughly assess
whether targets have been met before making awards?
= Are any contract periods for executive directors in excess of
one year? If so, can they be justified?
= Are there arrangements to ensure that failure is not
rewarded when directors leave early because of poor
performance?
= Is there a high level of transparency in publicly explaining
how remuneration has been determined?

5-2

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.2

Corporate Governance Guidance

1.2.1

The Code

Session 5 Directors' Remuneration

< Levels of remuneration should be sufficient to attract, retain


<
<

and motivate directors of the quality required to run the


company successfully.
A company should avoid paying more than is necessary for
this purpose.
The remuneration committee members should judge where to
position their company relative to others.*

*Organisation boards have a natural tendency to "ratchet up"


remuneration levels to at least match the average compensation
in the industry. Firms outside the US should be particularly
mindful about comparing remuneration packages to US executive
compensation, which tends to run higher than outside the US.
Directors have always argued that they should be rewarded
according to the US model as they could, if necessary, resign and
find a well-compensated position in the US.

< A significant proportion of total remuneration should be


<

<
<
<

structured to link rewards to corporate and individual


performance.
Performance-related elements should align directors' interests
with those of shareholders to give these directors keen
incentives to perform at the highest levels and to promote the
long-term success of the company.
There should be a formal and transparent procedure for
developing policy on executive remuneration and setting
remuneration packages of individual directors.
No director should be involved in deciding his or her own
remuneration.
The chairman of the board should ensure that the company
informs its principal shareholders about remuneration in the
same way as for other matters.

< Shareholders should be invited to approve all new long-term

incentive schemes (as may be defined in relevant listing rules)


and significant changes to existing schemes.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

5-3

Session 5 Directors' Remuneration

Exhibit 1

P1 Governance, Risk and Ethics

SAY
AY ON PAY: BOARDS LISTEN WHEN
SHAREHOLDERS SPEAK

The following article was published 7 June 2012 by Bloomberg Businessweek.


www.businessweek.com/articles/2012-06-07/say-on-pay-boards-listen-when-shareholders-speak
Shareholders have now had two years to
express their views on executive pay, and a
theme has emerged: They have no problem
approving generous compensation packages,
provided they're getting richer too. When
a company's stock falls, they are not so
agreeable.
The Dodd-Frank financial reform law enacted in
2010 calls for companies to submit executive
compensation plans to nonbinding shareholder
votes at least once every three years. This
year there have been some notable nays.
In April, Citigroup (C) shareholders refused
to endorse Chief Executive Officer Vikram
Pandit's $14.8 million package after the stock
fell 44.3 percent in 2011. In May they voted
four to one against the $5.8 million Chiquita
Brands (CQB) awarded CEO Fernando Aguirre
following a 41 percent decline in the stock
in 2011even after the board said that the
company's poor performance had cost Aguirre
his bonus.
Overall, though, shareholders were remarkably
obliging. As of June 4, corporations had
brought 1,911 say-on-pay resolutions to
a vote. Institutional Shareholder Services
(MSCI), which advises investors, recommended
voting against 265 of them. Shareholders
rejected just 36, or less than 2 percent.
Does that mean say on pay is a bust? Daniel
Ryterband, president of pay consultant
Frederic W. Cook, says the numbers underplay
the drama taking place behind the scenes. In
his view, "say on pay has had a significant
impact on the design and magnitude of pay
packages." Boards are nervous about how
proxy advisers such as ISS and Glass Lewis
will react to packages, so they're reaching out
to shareholders and reducing pay that's not
tied to performance.
Almost all of the companies that faced
embarrassing "no" votes last year have
done away with practices that irked their
investors. Hewlett-Packard (HPQ) no
longer uses the formula that allowed CEO
Lo Apotheker to pocket $30 million for an
11-month run during which the stock fell by
almost half. Successor Meg Whitman has a
salary of $1, with the bulk of her $16.5 million
package tied to the company's share
performance. Nabors Industries' (NBR) former
chief agreed in February to waive his $100
million termination payment in the face of last
year's no vote.

5-4

In some cases, shareholders remained


unhappy. When presented last year with Kilroy
Realty (KRC) CEO John B. Kilroy Jr.'s pay
package, 51 percent of shareholders gave it
a thumbs down. That sent the Los Angeles
company's six-man boardchaired by John B.
Kilroy Sr.scrambling to "make substantive
changes," according to Securities and
Exchange Commission filings. Not substantive
enough, perhaps. Kilroy's 2011 package, which
the company calculated at $6.4 million, was
rejected by 70 percent of the votes on May 17.
"We made a lot of effort last year," says Chief
Financial Officer Tyler Rose, "and the board will
continue to evaluate this issue."
Towers Watson analyzed 1,438 companies that
conducted the nonbinding say-on-pay votes
as of May 30 and found that companies whose
shareholder returns were consistently in the
bottom quartile over five years were about
nine times more likely to fail their say-on-pay
votes than neutral performers.
Companies with hot stocks can pretty much do
what they want. Apple (AAPL) shareholders
overwhelmingly approved CEO Tim Cook's
$378 million package, much of which is stock
that vests over 10 years. To Doug Friske,
who leads Towers Watson's (TW) executive
compensation practice, such votes show the
Dodd-Frank rule working exactly as intended.
"If a company is doing well," he says,
"shareholders have no problem with pay that
recognizes that."
Eleanor Bloxham, a pioneer in designing pay
programs who now advises boards as CEO
of the Value Alliance, says that placing such
a high premium on stock performance can
undermine a company's long-term success.
She points to studies by the Federal Reserve
and others that found loading up a CEO's pay
package with stock incentives just encourages
riskier behavior and a focus on the short term.
"Boards should concentrate on rewards tied to
things a manager can control, like profits," she
says. Trying to please people whose sole goal
is to profit from a share spike risks moving
boards back into favoring tools that encourage
leaders to talk up earnings and game the
system. "These votes reward the perception
of performance instead of long-term goals."
The bottom line: Boards are responding to
say on pay, even though shareholders have
rejected less than 2 percent of executive comp
packages this year.
Diane Brady, 7 June 2012

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.2.2

Session 5 Directors' Remuneration

The International Corporate Governance Network (ICGN)

< Remuneration has an important role in a firm's ability to

<

<
<

recruit and retain the executive talent it needs to ensure


success. It also has the potential to damage reputation and
affect employee morale and behaviour. Getting the balance
on time, especially for long-term deferred compensation, and
appropriate performance measures is critical.
Well-designed remuneration programs have a demonstrable
positive effect on the long-term performance of the firm.
Conversely, poorly designed or poorly executed compensation
plans can have a serious negative effect on shareholder value.
Best practice in remuneration begins with the formation of an
independent and effective process for deciding on executive
remuneration.
The three underpinning principles are:
1. Transparencyinvestors can clearly understand the
program and see total pay.
2. Accountabilityboards represent owners, in part by
obtaining shareholder approval of a remuneration report.
3. Performance basedprograms are linked to relevant
measures of performance over an appropriate time.

< Design of a compensation plan should consider the possible

<
<

<

<

major elements (cash and short-term incentives, equity and


long-term incentives, post-employment benefits, etc) and be
constructed to fit the individual circumstances of each firm.
Benchmarking or peer relative analysis should have minimal
influence in establishing compensation levels.*
Remuneration plans should be:
= structured with an appropriate balance of short- and
long-term incentives which may vary according to market
conditions and the specific circumstances of the firm; and
= strongly linked to the firm's performance which reflects, and
is consistent with, value to long-term shareholders.
Incentives may be provided to achieve both long- and shortterm goals; however, the performance drivers should not be
dual purpose and a balance should be struck with the need to
reward success over the long term.
Each plan should be tailored to the firm's unique
circumstances as well as to the responsibilities of the position
held and the experience and expertise of the individual.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*Just because a CEO


in Company A gets
$1,000,000 a year does
not mean that the CEO
of Company B should
get the same or more.

5-5

Session 5 Directors' Remuneration

1.2.3

P1 Governance, Risk and Ethics

The Association of British Insurers (ABI)*

< Executive remuneration should be:


set at levels which retain and motivate (based on
appropriate benchmarks, which should be used with caution
to avoid "ratcheting up" with no corresponding improvement
in performance); and
= linked to individual and corporate performance through
graduated targets, which align the interests of executives
with those of shareholders.
The resulting arrangements should be clear and readily
understandable.*
=

<

*The ABI provides


corporate governance
advice to its members,
who hold about 20% of
the UK stock market.

*"Ratcheting up" is the process of raising pay to a benchmark at


a time when all firms in the industry are attempting to exceed the
benchmark in order to attract and retain talent.

Illustration 1 ABI Extract


The following extract from a letter sent in September 2008
to the members of the Association of British Insurers (ABI)
explains the relevance of the ABI's "Principles and Guidelines
on Executive Remuneration (Dec 2007)" to the current
economic situation.
"In addition, we would like to use this opportunity to draw
attention to the following points, which we consider to be
pertinent in the current economic climate.
The remuneration policy should be fully explained and

justified, particularly when changes are proposed.


Members will carefully scrutinise remuneration uplifts,
particularly increases in salaries or annual bonus levels.

Where a company has underperformed and seen a

significant fall in its share price, this should be considered


when determining the level of awards under share incentive
schemes. In such circumstances, it is not appropriate for
executives to receive awards of such a size that they are
perceived as rewards for failure.

Shareholders are generally not in favour of additional

remuneration being paid in relation to succession or


retention, particularly where no performance conditions
are attached.

In the context of the consultation process for share

incentive schemes, Remuneration Committees should


ensure that shareholders have adequate time to consider
the proposal and that their views are carefully considered.
Relevant information related to the consultation should be
clearly and fully disclosed."

5-6

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Compensation Packages

2.1

Components

Session 5 Directors' Remuneration

< There are many variations on the components and make up of

<

directors' compensation depending on industry norms, culture,


country and circumstances (e.g. government restrictions,
economic factors).
The more common elements are:

2.2

Basic Salary

< Received in accordance with the terms of a director's contract

<

<

The overall purposes


of any reward are to
attract, retain and
motivate.

of employment. It does not relate to the performance of the


company or the individual (but there will be an argument for
not raising the basic salary if the director underperforms).
It reflects the basic contribution of the executive and
recognises the market value of a director generally. Usually
it is set in relation to:
= company size;
= sector;
= experience; and
= the level of basic salary in similar companies.
As most governance codes suggest that performance-related
elements of remuneration should form a significant proportion
of the total compensation package, basic salary is unlikely to be
a significant proportion (e.g. will be less than 50%).*

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*Some commentators
argue that basic
salary is for turning
up each day and doing
the administration.
Thus it should be
as insubstantial as
possible compared to
the whole package.
Obviously, where
a director does
not receive any
performance-related
element or options,
basic salary will be a
far higher proportion
of the total package.

5-7

Session 5 Directors' Remuneration

2.3

Performance-Related Bonus

2.3.1

Background

P1 Governance, Risk and Ethics

< Performance-related elements have caused the most

controversy in recent years with some directors being awarded


a bonus even though their firms have underperformed (and
in some cases made substantial losses) or failed to meet or
exceed the sector average.

Example 1 Benefits of PRP


Explain the benefits of performance-related pay (PRP) in rewarding
directors.
Solution

< A balance between short- and long-term bonus schemes

<

should be found. The ICGN recommends a minimum bonus


period of one year (and not, for example, quarterly) and that
bonuses should be based on a percentage of basic salary (or
subject to a fixed "cap").
A danger of bonus schemes is the directors' ability to
manipulate the target results on which bonuses are based
(e.g. revenue, profits). Achieving sales targets, in particular,
may result in questionable, unethical practices by directors
and employees.

Illustration 2 General Electric (GE)


A sales director in a US division of GE refused to complete a deal to sell
aircraft engines to an overseas airline because the CEO of that company
requested a consultancy fee. By doing so, the director failed to reach
his personal annual sales target. Jack Welch, the CEO of GE, not only
publicly praised the action of the director, but awarded him his bonus as
if the sale had been made.

5-8

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

2.3.2

Session 5 Directors' Remuneration

Best-Practice Guidelines

< The remuneration committee should consider whether

directors are eligible for:


Annual bonuses. If so, performance conditions should be
relevant, challenging and designed to enhance shareholder
value.
= Benefits under long-term incentive schemes.*
Upper limits should be set and disclosed. There may be a case
for part payment in shares to be held for a significant period.
In normal circumstances, shares granted or other forms of
deferred remuneration should not vest, and options should not
be exercisable, in fewer than three years.
Directors should be encouraged to hold their shares for a
further period after vesting or exercise (subject to the need to
finance any purchase costs and associated tax liabilities).
Proposals for new long-term incentive schemes should be
approved by shareholders and preferably replace existing
schemes. Total potential rewards should not be excessive.
Payouts or grants under all incentive schemes should be
subject to "challenging performance criteria" reflecting the
firm's objectives.
Challenging performance criteria should:
= relate to overall corporate performance;
= demonstrate that demanding levels of financial performance
have been achieved in the context of the firm's prospects
and the prevailing economic environment;
= be measured relative to an appropriate, defined peer group
or other relevant benchmark; and
= be disclosed and transparent.
Criteria which reflect the firm's performance relative to
comparable companies (e.g. shareholder return) should be
considered.
"Sliding scales" generally provide a better motivator for
improving corporate performance than a "single hurdle" by
encouraging exceptional performance.
Rewards under executive share option plans (ESOPs) and
other long-term incentive schemes should normally be phased
over a set period.
=

<
<
<
<
<
<

<
<
<

*Traditional share
option schemes
should be weighed
against other kinds of
long-term incentive
schemes.

< In general, only basic salary should be pensionable.


< Consequences of basic salary increases (e.g. on pension

costs) should be considered, especially for directors close to


retirement.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

5-9

Session 5 Directors' Remuneration

2.4

Transaction and Loyalty Bonus

2.4.1

Transaction Bonus

P1 Governance, Risk and Ethics

< There is a rising trend to award payment based on particular


<

<

transactions rather than on firm performance generated as a


result of the transaction.
Such transactions or events include:
= successful acquisitions (often regardless of subsequent
performance);
= disposing of loss-making or underperforming elements;
= successful defence of a takeover bid; and
= successful listing of a company (e.g. at the most favourable
share price).
Many consider such transactions to be within the normal
duties of directors and any bonus related to them should come
only through the normal performance-bonus scheme.

Example 2 Transaction-Based Bonus


No guidelines for transaction-based bonuses have yet been issued
by a corporate governance body.
Required:
Suggest what guidelines would be appropriate in dealing
with transaction-based bonuses.
Solution

2.4.2

Loyalty Bonus

< These are usually awarded for long-term service or staying

<

<

<

with a firm during a difficult time. Directors who stay with


a firm and "turn it around" (i.e. prevent it from going into
liquidation and then make it successful) often will be awarded
a loyalty bonus.*
Guaranteed bonuses are becoming popular for employees
and directors (especially in the banking industry). A specified
percentage of salary is paid for staying in the service of the
company for a given period (e.g. one year).*
The "golden hello", on joining a firm, is an incentive to
employees and directors to leave their current employment.
Loyalty requirements may include payment of the bonus
only after a set period and requiring repayment should the
employee leave within a further period.
For directors, such awards are usually made in the company's
shares with a condition that they cannot be sold until the end
of a vesting period (e.g. three years).

5-10

*The need to retain a


director in the longterm may be part of
a strategic plan (e.g.
to achieve a specific
position in a particular
market). A loyalty
bonus can be used
to incentivise that
director to remain in
the company.
*Guaranteed bonuses
"handcuff" employees
to stay in order to
receive the bonus.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

2.5

Share Options

2.5.1

Background

Session 5 Directors' Remuneration

< As controversial as bonus schemes may have been, share

<

<

option schemes have been even more controversial because of


the ease of abuse on setting the option price, vesting rights and
the various methods directors have employed to enhance share
price in the short- to medium-term to gain maximum benefit.*
Share options were the most common form of long-term
market orientated-incentive scheme. However, long-term
usually meant only three years (or less) with the director being
able to cash in without waiting for any further period to expire.
Following a number of scandals, some of which involved
abuse of share options (e.g. Enron), there has been a general
tightening up of accounting and disclosure requirements for
share options (e.g. IFRS 2 Share-based Payment, requiring
the cost and liability of share options to be recognised in
financial statements). This has resulted in a decline in the use
of share options as a means of director compensation.*

*The collapse of stock markets in 2007/08 and, for many countries,


recession, will have meant that the option price will far exceed the
market value at the date of vesting. Therefore, options currently
vesting are unlikely to be exercised. However, some directors
may well see an excellent long-term opportunity in options issued
currently based on actual market prices.

2.5.2

*A share option gives


the holder the right
(but not the obligation)
to purchase an agreed
number of shares, at
an agreed price, on or
after an agreed date
for an agreed period
from that date. The
date that the holder
accepts the contract
is the grant date.
Vesting conditions
usually apply (e.g. a
percentage increase in
the share price). Such
conditions must be
met for the holder to
be entitled to exercise
the option.

Best-Practice Guidelines

< Share-based incentives should align the interests of executive


<
<
<
<
<
<

directors with those of shareholders and link reward to


performance over the long term.
ESOPs should not be offered at a discount (to the market price
at the grant date) except as permitted by the appropriate
provisions of the relevant listing rules.
In normal circumstances, shares granted or other forms of
deferred remuneration should not vest, and options should not
be exercisable, in under three years.
Directors should be encouraged to hold their shares for a
further period after vesting or exercise (subject to the need to
finance their acquisition and associated tax liabilities).
Grants under all incentive schemes, including new grants
under existing share option schemes, should be subject to
challenging performance criteria.
Consideration should be given to criteria which reflect the
company's performance relative to a group of comparable
companies in some key variables.*
Grants under ESOPs and other long-term incentive schemes
should normally be phased rather than awarded in one large
block.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*Performance
measures (e.g.
total shareholder
return, earnings per
share (EPS) and
net profits) must be
carefully defined by
the remuneration
committee. It is far
too easy to define and
set very low hurdles
for such measures.

5-11

Session 5 Directors' Remuneration

P1 Governance, Risk and Ethics

< All new share-based incentives, substantive changes to

<
<

<
<

<

existing schemes or changes in the general conditions of


operating schemes should be subject to prior approval by
shareholders by means of a separate and binding resolution.
Their operation, rationale and cost should be fully explained so
that shareholders can make an informed judgment.
Remuneration committees should regularly review share
incentive schemes to ensure their continued effectiveness,
compliance with the current best guidance and contribution to
shareholder value.
Sliding scales are a useful way to ensure challenging
performance targets. They generally provide a better motivator
for improving corporate performance than a single hurdle.
There will be no automatic waiving of performance conditions
either in the event of a change of control or where subsisting
options and awards are rolled over in a capital reconstruction
and/or the early termination of the participant's employment.
Share or option awards should normally be granted only
within a 42-day period following the publication of the
company's results.

< Where individuals choose to terminate their employment before

<

the end of the service period, or in the event that employment


is terminated for any cause, any unvested options or conditional
share-based award should normally lapse.
Commitments to issue new shares under all schemes must not
exceed 10% of the issued ordinary share capital in any rolling
10-year period. For executive (discretionary) schemes this
should not exceed 5%.

2.6

Shares

< The issue of shares instead of cash bonuses or share options is


<
<

becoming more popular.


The guidance given by the Code and the ABI on share options
generally applies (as they refer to "long-term incentive
schemes" as well as share options).
Some share bonus schemes follow the principles of granting
and vesting over a rolling period (e.g. three years). Others
award shares as part of the bonus (instead of 100% cash)
usually with a minimum period (e.g. three years) that the
shares must be held.*

5-12

*The vast majority


of directors consider
share options to be
remuneration and
cash them in at the
earliest opportunity.
Share issue schemes
encourage directors
to hold their shares
after they vest and
incentivise them to
maintain a high level
of performance.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 5 Directors' Remuneration

Illustration 3 Participation in
Performance
At a number of UK banks, the executive directors followed the lead
of the CEO and invested at least 50% (in some cases 100%) of their
cash bonus in the shares of the bank. Following the market crash
(2008), when many banks lost up to 80% of their share value and
have since required government bailouts, these directors suffered
significant financial losses.
In the ongoing (2009) investigations (e.g. the House of Commons
Finance Committee), these CEOs have been able to look the
investigating committee and bank shareholders "in the eye", and say
that they "put their money where their mouth was" and suffered just
as much as others.
However, as one member of the House of Commons committee
said, "you are all still in bloody denial" in accusing the CEOs of not
accepting that their "decisions, greed, poor governance and lemming
mentality" resulted in the near collapse of their banks.

2.7

Benefits-in-Kind

< Standard benefits-in-kind for senior employees and directors


<

normally would include a company car, pension scheme,


private health insurance and life insurance.
Other benefits-in-kind may include company loans (although
these are illegal in most jurisdictions), use of company assets
(e.g. aircraft, helicopters, housing) club membership (e.g.
golf, tennis, football, gym, health centre) and similar benefits
for their spouse (e.g. car, health insurance, life insurance).*

2.8

Pensions

2.8.1

Background

< Pension schemes are often open to abuse, in that the scheme

<

<

for directors is usually a final salary scheme (higher costs


with the risk taken by the firm), while those provided for
other employees would usually be fixed contribution schemes
(lower cost and the risk of a pension shortfall is placed on the
employee).
Typically, a final salary scheme may be based on a set
percentage (e.g. 60%) of the average salary over a set
period (e.g. the last five years before retirement). There
is, therefore, an incentive for directors to weight their
remuneration towards salary in their last years before
retirement.
In addition, directors may attempt to transfer company assets
into their pension scheme.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*Some of the more


abusive uses of
benefits-in-kind have
included use of a
company jet as a
private jet (e.g. for
holidays or regular
trips by relatives), the
purchase of a racing
horse, the purchase
of a baseball team
and the use of the
company credit card
to pay for all private
expenditure (no refund
to the company).

5-13

Session 5 Directors' Remuneration

P1 Governance, Risk and Ethics

Illustration 4 WorldCom
During the year-long investigation into WorldCom's accounts, $9
billion in discrepancies were found.
The SEC levied charges against the corporation's CEO and several
executives. Among these, Scott Sullivan (WorldCom's chief financial
officer) was indicted on charges of securities fraud, and David Myers
(WorldCom's controller) pleaded guilty to committing securities fraud
and falsifying SEC filings.
In order to present a successful face to investors when company
profits began to wane, Sullivan, then CFO, made a series of
accounting adjustments. Over five financial quarters, Sullivan
masked $3.8 billion in WorldCom operation costs.
Another charge against WorldCom centres on the fact that the
corporation's CEO, Bernard Ebbers, illegally took $408 million in
personal loans from the corporation's funds.

2.8.2

Best-Practice Guidelines

< The remuneration committee should provide whatever

<
<

ancillary benefits would either be expected with the position


of executive director or which would increase loyalty and
motivation.
In general, only basic salary should be pensionable.
The remuneration committee should consider the pension
consequences and associated costs to the company of basic
salary increases and any other changes in pensionable
remuneration, especially for directors close to retirement.

2.9

Termination

2.9.1

Background

< All governance codes make it clear that directors should not be

<
<

rewarded for failure. Therefore, when directors fail to achieve,


they should only be entitled to the minimum termination rights
under the law.
Many directors' service contracts contain strict conditions on
what a director is entitled to on termination and under what
circumstances such entitlement may be lost.
Restricting the length of a contract to one year minimises the
termination period to be paid to one year. Placing a notice
period of less than one year (e.g. six months) on the basis
of poor performance restricts the termination payment even
further.

2.9.2

Best-Practice Guidelines

< The remuneration committee should carefully consider what

compensation commitments (including pension contributions


and all other elements) their directors' terms of appointment
would entail in the event of early termination. The aim should
be to avoid rewarding poor performance. They should ensure
that contracts protect the company from being exposed to the
risk of payment in the event of failure.

5-14

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 5 Directors' Remuneration

< The committee should take a robust line on reducing


<

<

<
<
<

compensation to reflect departing directors' obligations to


mitigate loss.
Notice or contract periods should be set at one year or less. If
it is necessary to offer longer notice or contract periods to new
directors recruited from outside, such periods should reduce to
one year or less after the initial period.
The treatment of bonuses should be clear and a contractual link
established between variable pay and performance. Therefore,
in the event of early termination, there should be no automatic
entitlement to bonuses or share-based payments.
When drawing up contracts, remuneration committees should
calculate the likely cost of any severance and determine
whether this is acceptable.
Contracts should make clear that if a director is dismissed as a
result of a disciplinary procedure, a shorter notice period than
that given in the contract would apply.
Contracts should not provide additional protection in the form of
compensation for severance as a result of change of control.*

< Pension entitlement on severance can represent a large

<

element of cost to shareholders. Remuneration committees


should identify, review and disclose in a report any
arrangements that guarantee pensions with limited or no
abatement on severance or early retirement. These would not
be regarded as acceptable if included in new contracts.
Remuneration committees should demonstrate that the route
taken on severance represents the lowest overall cost to the
company.

*Such "golden
parachutes" provide
compensation in
addition to any
normal termination
entitlement when
directors lose their
jobs in a takeover.

Illustration 5 Subordinated Debt


Under government pressure, UK banks that have taken government
loans and investment to survive following the subprime and credit
crunch crisis have used subordinated debt instead of cash or shares
to pay their staff bonuses (and will continue to have to do so until
they have repaid the government debt).
Only those parts of a bank that were in profit will receive any
bonus. The bonus also will be paid to other staff members who are
considered to be essential for the recovery of the bank and who
would otherwise create a serious risk should they leave.
The payments will be staggered over three years from 2010, with a
performance-related provision to claw back up to 100% of the award
over that period.
This approach allows staff members to still collect their bonuses (albeit
over three years) and will act as a motivating factor not to leave.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

5-15

Session 5 Directors' Remuneration

NEDs

3.1

Principles

P1 Governance, Risk and Ethics

1. The remuneration committee is usually made up of nonexecutive directors (NEDs) and, therefore, should not set their
own compensation.
2. The alternative is for the main board, or a separate committee
of the board (made up of executive directors), to set the
annual salary of the NEDs.
3. As the NEDs should be independent, most governance codes
do not allow any other compensation apart from salary.

Example 3 NED Shares


Suggest the advantages and disadvantages of paying NEDs in shares.
Solution

3.2

Best-Practice Guidelines

< Levels of remuneration for NEDs should reflect the time


commitment and responsibilities of the role.

< Remuneration for NEDs needs to be sufficient to attract and


<

<

retain high-calibre candidates but no more than necessary for


this purpose.
The board itself or the shareholders should determine the
remuneration of the NEDs within limits set in its constitution.
Where permitted, the board may, however, delegate this
responsibility to a committee, which might include the CEO.
Remuneration for NEDs should not include share options.*
Shareholder approval should be sought in advance to grant
shares as an exception, and any shares acquired by exercise
of the options should be held until at least one year after the
NED leaves the board.

5-16

*Holding share options


can be a threat to
independence.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 5 Directors' Remuneration

Illustration 6 FRC Guidance


The Financial Reporting Council's Guidance of Audit Committees (formally the Smith Report)
recommends that:
"In addition to the remuneration paid to all non-executive directors, each company should
consider the further remuneration that should be paid to members of the audit committee to
recompense them for the additional responsibilities of membership."
"Consideration should be given to the time members are required to give to audit committee
business, the skills they bring to bear and the onerous duties they take on, as well as the value of
their work to the company."
"The chairman's responsibilities and time demands will generally be heavier than the other
members of the audit committee and this should be reflected in his or her remuneration."

Other Issues

4.1

Legal

< Most of the legal requirements relating to directors'

<
<

remuneration will relate to the basic disclosure detail required


by law (e.g. the UK's Companies Act 2006). Further detailed
disclosures will be required by specific regulations (e.g. the
UK's 2002 Directors' Remuneration Report Regulations),
corporate governance codes and relevant listing rules.
Directors have a legal right to receive compensation for
the duties they perform in accordance with the terms and
conditions of their service contract.
Additional legal requirements may arise with a director's
employment and service agreement. Care must be taken
to ensure that there are no illegal actions required by the
director's service contract and that the contract does not
contradict any clauses in the company's constitution.

4.2

Ethical

< There is a traditional view that ethics and business do not mix.

<

<

As discussed later in Sessions 15 to 20, modern corporations


are increasingly demonstrating that they can combine
sensitivity to ethical issues with commercial success. The key
to this combination is seeing the effect on the commercial
environment of issues that companies are expected to
deal with. These ethical issues must be addressed by an
organisation's corporate governance system.
There will always be an ethical argument about directors'
compensation where an organisation is considered to operate
in an unethical area (e.g. animal testing, armaments) or in an
unethical way.
= Should directors earn high levels of compensation
(performance bonuses, share options) in maximising
shareholder wealth when the business they are directing is
considered by many to be unethical?
The questions about the ethics of directors' compensation are
mostly raised following high-profile corporate failures, especially
where the directors are perceived to have been earning
excessive remuneration in relation to their performance.*

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*The ethical
arguments about
"what is a person
worth" is not
just confined to
directors. Footballers,
performers, actors,
singers, DJs and
even professional
accountants have
all been subject to
scrutiny.

5-17

Session 5 Directors' Remuneration

P1 Governance, Risk and Ethics

Illustration 7 Bank Bonuses


Shortly after receiving government bailouts to keep them afloat following the 2007/08 banking
crisis, many banks announced that they would still be paying out substantial bonuses to their
staff and directors for 2008, much to the fury of the general public.
Many press articles questioned the ethics of a banker earning millions for the banker's
contribution to society, compared to the much lower, fixed salary of a surgeon and the surgeon's
contribution to society.

4.3

Competitive

< It is essential that a company attract and retain the

<
<

appropriate directors to enable successful performance.


However, competition for the scarce resource of rare talent
may result in spiralling costs.
This usually has a cascading effect, in that players in
the "second tier" will believe that they should follow the
compensation trend of those top directors.*
Compensation on main boards of global organisations often
trend toward US levels as they hire international directors.*

*The Code warns


against "ratcheting
up" directors' pay
without any link to
expected increases in
performance.

*Following proposals by the US and UK governments to limit the


bonuses of bank directors as a condition for taking public money,
many senior bankers cautioned against doing so as "the best talent
was needed by the banks to sort out the mess" and if they were not
paid well, they would not stay.
Many commentators replied that if this was the same "talent" that
got the banks into trouble in the first place, then it was a good thing
that they should go. In addition, given that most banks were in
trouble and would therefore have the same conditions applied to
them, where would the bankers who left go?

4.4

Regulatory

< The primary regulatory issues relating to directors'

<

remuneration are the numerous disclosure requirements in an


organisation's annual financial statements and the procedural
requirements at annual general meetings (AGM).
Since 2003, UK companies have been required to produce
and submit to shareholders for approval (non-binding vote) a
Director's Remuneration Report.* The contents of the report are
extensive and must contain detail on the following areas:
= Consideration by the directors of matters relating to
directors' remuneration.
= Statement of the company's policy on directors'
remuneration.
= Performance graphs.
= Service contracts.
= Emoluments and compensation.
= Share options.
= Long-term incentive schemes.

5-18

*This report combines


and enhances
the disclosure
requirements on
directors' remuneration
in company law and
the Code.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

=
=
=
=

Session 5 Directors' Remuneration

Pensions.
Excess retirement benefits of directors and past directors.
Compensation for past directors.
Sums paid to third parties in respect of a director's services.

Vodafone's annual report (available at www.vodafone.com/content/


index/investors/investor_information/annual_report.html) includes
a good example of the detail required in this report. The examiner
will not expect you to reproduce the detailed content, but will expect
you to be able to broadly describe its use and give examples of the
typical content.

< Because of the legal nature of directors' service contracts and

<

compensation arrangements, the shareholders' vote on the


report is advisory only, but can send a powerful signal if
negative.
Directors need to remember that shareholders vote on their
re-appointment (by rotation) and, if sufficient support is
raised, can pass a special resolution to have them removed.

Illustration 8 UBM's AGM, May 2005


UBM's annual remuneration report disclosed the payment of a special
250,000 bonus to the company's chief executive, Lord Hollick, for ensuring
a successful handover to the new chief executive, David Levin. This
triggered a major rebellion, with 76% of shareholders voting against the
2004 remuneration report at the AGM.
UBM claimed it was contractually bound to pay the bonus whatever
shareholders said, and Lord Hollick appeared defiant, saying he had earned
the money. The shareholders protested that ensuring a smooth transition
was one of the "normal duties" of a chief executive and did not merit a
special award.
Peter Montagnon, head of investment affairs at the Association of British
Insurers (ABI), the voice of some of the UK's biggest institutional investors,
was quoted in the Financial Times of May 13, 2005, as saying: "The
company's owners have spoken. If Lord Hollick insists on keeping the
payment then he will be remembered for defying 76% of shareholders
and not for his good performance as chief executive."
A few days later, Lord Hollick agreed to waive his right to receive the money.

< The Code requires that the board chairman should arrange

for the chairmen of the audit, remuneration and nomination


committees to be available to answer questions at the AGM
and for all directors to attend.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

5-19

Session 5 Directors' Remuneration

P1 Governance, Risk and Ethics

Illustration 9 Excessive Pay (1)


"European anger at 'social scourge' of excessive pay" (headline),
Article by David Gow, Brussels, guardian.co.uk, 12 September 2008
The "social scourge" of excessive boardroom pay has prompted widespread debate
in the European Union as workers see their purchasing power eroded by rising
prices and low wage increases. European political leaders have demanded a legal
and fiscal clampdown.
Shareholders, especially retail investors, are pressing for greater corporate
disclosure of remuneration policy, including links to performance, and individual
directors' pay packages as well as votes on the issue at annual meetings.
The pay debate has been exacerbated by the credit crunch, which has exposed
undue risk-taking in the search for higher bonuses by highly paid investment
bankers and high-profile severance packages for failed executives, deepening the
sense of outrage in mainland Europe, which is culturally more egalitarian than the
US or Britain.
Even before Pat Russo, chief executive of serially loss-making IT firm Alcatel-Lucent,
quit in late July with a contractual pay-off of up to 6m (4.8m), French president
Nicolas Sarkozy had produced draft laws to curb such "golden parachutes".
The Dutch government has introduced legislation for a 30% tax on bonuses of
more than 500,000 and a 15% increase in employer's fiscal contributions to
executive pensions, partly influenced by the multi-million pay-off for ABN Amro
chief Rijkman Groenink.
In Germany, where workers' pay rose only 4.3% between 2003 and 2007 as firms
laid off hundreds of thousands of employees, Social Democrats are demanding a
1m ceiling on tax-deductible boardroom remuneration.
It is the widening gap between boardroom and shop floor remuneration in
a deteriorating economic environment that is fuelling the furor. The growing
evidence is that mainland European companies are following the lead of their
British counterparts by setting executive remuneration packages, including stock
options, at a level commensurate with globalnot nationalpeers in an effort to
retain and incentivise directors.
Executive pay in the EU averages 5m a year. French chief executives are said to
be the highest paid with packages worth 6m after a reported 58% leap in 2007.
A recent survey by the German DSW investor lobby found that German executive
pay had risen 7.75% in 2007 to just below 3m, with Josef Ackermann of
Deutsche Bank the top earner with 14m, though Wendelin Wiedeking of unlisted
Porsche earned more than four times that.
It is this degree of corporate generosity that prompted Jean-Claude Juncker,
chairman of the EU's euro group, to label it a "social scourge".
Disclosure practices vary widely across the European Union despite a four-yearold non-binding European commission recommendation to increase corporate
remuneration transparency on individual executive pay and remuneration policies
as a whole.
A European commission report last year found greater transparency had ensued
but responses had been patchy, with only a third of member states enabling even
an advisory shareholder vote on executive remuneration. In Germany, where
only 40% of the top 30 firms in the Dax have remuneration committees and most
annual reports detail just the package of the highest earner, even that stipulation
causes anger among directors.

5-20

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 5 Directors' Remuneration

Illustration 9 Excessive Pay (2)


A report (primarily aimed at banks) by the UK's High Pay
Commission in November 2011 concluded that "Executive pay
should be radically simplified to halt spiralling awards that are
'corrosive' to the economy and threaten to create the type of
inequalities last seen in the Victorian era."
The report notes that "pay packages have become increasingly
complex, damaging relations with shareholders and creating
confusion. The performance element should be a simple award of
shares at the discretion of the remuneration committee, held for
at least five years" and that "4 out of 5 people (in the UK) believe
executive pay is out of control".
Examples given to support the conclusion included:
= Barclays' Bank's top executive earned 4.36m in 2010169 times

the earnings of an average British worker (25,800). In 1980,


the multiple had been 13. Total earnings of the executive had
increased by 4,899% over a 30-year period.

= At BP, the chief executive earned 63 times the company's average,

while the 1980 multiple was 16.5. His % increase was 3006%.

= In 1979 the top 0.1% of earners took home 1.3% of national

income, but by 2007 this had grown to 6.5%. At the current rate
of increase the top 0.1% would take home 14% of income by
2035equivalent to that last seen in Victorian Britain.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

5-21

Summary
<

The UK Code recommends that firms set remuneration levels sufficiently high to attract the
talent required to successfully run the company, but avoid paying more than is necessary.
Directors retain responsibility for positioning the firm with regard to remuneration. A significant
proportion should reward corporate and individual achievement (i.e. low salary with significant
performance-based pay).

<
<

Directors should avoid setting their own remuneration.

<

The ABI indicates that benchmarks may be appropriate, but that firms should avoid
"ratcheting up".

<

ESOPs should not offer shares at a discount to market price. Share availability should be
phased in over time. Sliding-scale performance targets generally result in greater motivation.
Early termination should result in loss of options. Committed shares should not exceed 10%
of the issued ordinary share capital in any rolling 10-year period.

<

Benefits-in-kind (e.g. company car, pension scheme, private health insurance, life insurance,
club memberships, etc) should not be excessive.

<

The remuneration committee should include only NEDs, who set annual bonuses based on
challenging goals with an eye towards enhancing shareholder value (i.e. not just short-term
based). Share awards to executives should vest only after three years. Rewards on longerterm incentives should be phased in over time. Only basic salary should be pensionable.

<

NEDs should be independent and compensated with salary only. The salary should reflect the
time commitment and responsibilities. Salary should be set by a separate board committee,
which may include the CEO.

<

The UK Companies Act 2006 requires a certain detail of disclosure regarding board and
executive compensation. The 2002 Directors Remuneration Report Regulations require
additional levels of disclosure.

5-22

The ICGN, however, suggests that peer-relative analysis should have minimal influence in
establishing pay.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 5
EXAMPLE SOLUTIONS
Solution 1Benefits of PRP
=

In general terms, performance-related pay aligns directors and


shareholders interests by rewarding attainment of shareholderpreferred results (e.g. meeting financial targets, share price levels or
even social responsibility goals).*

These rewards, in turn, motivate directors, especially if they are


directly responsible for a cost or revenue/profit budget or centre.

The possibility of additional income for achieving organisation targets


can assist in director recruitment and retention.

Finally, performance-related pay aligns rewards against strategic


objectives, which increases the boards control over strategic planning
and implementation.

*Increasing the
alignment with
shareholders interests
should reduce agency
costs.

Solution 2Transaction-Based Bonus


The general approach should be that these awards are fully exposed to
the scrutiny and recommendation of the remuneration committee, the
same criteria as applied to performance-based bonuses are applied,
full disclosure is made to shareholders and, because of the special
(and perhaps controversial) nature of the awards, they are subject to
shareholder approval at the AGM.

Solution 3NED Shares


Can align the interests of the NED with the long-term interests of
shareholders they represent.
Most NEDs would prefer to be paid primarily in cash.
If they are also an executive director of another company, any fee
they receive may, under their service contract, go directly to that
company. Shares may not be an acceptable alternative for either
company.
Any material build-up of shares held by NEDs places their
independence in jeopardy.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

5-23

Session 6

Approaches to Corporate
Governance
FOCUS
This session covers the following content from the ACCA Study Guide.
A. Governance and Responsibility
6. Different approaches to corporate governance
a) Describe and compare the essentials of rules- and principles-based
approaches to corporate governance. Includes discussion of "comply or
explain".
b) Describe and analyse the different models of business ownership that
influence different governance regimes (e.g. family firms versus joint stock
company-based models).
c) Describe and critically evaluate the reasons behind the development and
use of codes of practice in corporate governance (acknowledging national
differences and convergence).
d) Explain and briefly explore the development of corporate governance
codes in principles-based jurisdictions.
i)

impetus and background

ii)

major corporate governance codes

iii)

effects of

e) Explain and explore the Sarbanes-Oxley Act (2002) as an example of a


rules-based approach to corporate governance.
i)

impetus and background

ii)

main provisions/contents

iii)

effects of

f) Describe and explore the objectives, content and limitations of corporate


governance codes intended to apply to multiple national jurisdictions.
i)

Organisation for Economic Co-operation and Development (OECD)


Report (2004)

ii)

International Corporate Governance Network (ICGN) Report (2005)

Session 6 Guidance
Note the commentary made in section 1.1.
Note that the key elements to understand are:
the differences between principles-based and rules-based approaches and between insider and
outsider systems (s.2);
the SOX approach (s.4); and
the OECD approach to developing a broad-based set of corporate governance (CG) principles (s.5).
(continued on next page)
P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Course

VISUAL OVERVIEW
Objective: To assess the factors which influence governance regimes and evaluate
development of different approaches to corporate governance.

DEVELOPMENT OF CODES
Background
National Differences
Convergence

BASIS OF CODES

Principles-Based
Rules-Based
Ownership
Insider Systems
Outsider Systems

UK CORPORATE
GOVERNANCE CODE

SARBANES-OXLEY
ACT (2002)

Cadbury (1992)
Greenbury (1995)
Hampel (1998)
Turnbull (1999)
Higgs and Smith
(2003)

Rules-Based
Regulation
Impact
Key Requirements
Criticisms

INTERNATIONAL

OECD
Background
Principles

ICGN
Background
Principles

Session 6 Guidance
Read section 3, as this shows how the UK Corporate Governance Code developed (note the
Illustrations).
Read section 5 (OECD) and section 6 (ICGN) to obtain a general understanding. Appreciate that
the OECD is a framework that can be used by a developing nation as the basis for its own code.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

6-1

Session 6 Approaches to Corporate Governance

1.1

P1 Governance, Risk and Ethics

Development of Codes
Background

Previous sessions have already indicated that although the

different definitions of corporate governance are compatible,


the way in which corporate governance has developed, and is
applied in different jurisdictions, varies considerably.
Corporate governance and effective regulation contribute to
the attractiveness of a country (in terms of inward investment
and business development) and also to the efficiency of its
capital markets and their effectiveness in the service of the
real economy.
The Code of Corporate Governance for Bangladesh (2004)
states: "The obvious function of a Code of Corporate Governance
for Bangladesh is to improve the general quality of corporate
governance practices." The code attempts to do this by:
defining best practices of corporate governance;
designing specific steps that organisations can take to
improve corporate governance;
raising the quality and level of corporate governance to be
expected from organisations;
specifying more stringent practices than is required by
local law;
behaviour, other than financial, needed to be provided for;
increasing market credibility through comparable practices
and standards.
However, the way of dealing with each element can be
different in each jurisdiction (e.g. what is best practice in one
country may not be considered best practice in another).

Example 1 Influences
Suggest SIX influences on the development of corporate
governance codes.

Solution
1.
2.
3.
4.
5.
6.

6-2

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 6 Approaches to Corporate Governance

In any one jurisdiction, the issues surrounding corporate

governance development would include:


Board independence.
The diversity, human and social capital within the board.
Shareholder activism.
Breadth and depth of public information disclosure and
sharing.
Independence of the external auditors.
Competence of the audit committee.
Presence of internal control systems and support of
whistle-blowing.
Long-term performance-related incentives.
Transparent and independent control of the remuneration
committee.
Transparency/protection for shareholders during mergers/
acquisitions.
Stakeholder involvement in corporate governance.
Employee participation in financial outcomes and collective
voice in decision-making.

Illustration 1 Timeline
The following table indicates the timeline for the development of
codes around the world. Many codes have since been updated.
1992
1994
1995
1997
1998
1999
2001
2002

1.2

UK (Cadbury Report leading to Combined Code 1998,


renamed UK Corporate Governance Code in 2010)
Canada, South Africa (King Report)
Australia, France
Japan, US
Germany, India, Thailand
Brazil, Hong Kong, South Korea, OECD, ICGN
China, Singapore (Singapore Code)
US (Sarbanes-Oxley Act)

National Differences

The influences on the development of corporate governance

codes (discussed in Example 1) have resulted in key national


differences between the various corporate governance codes
(which reflect national and international characteristics), not only
in their approach but also in the language and meaning used.
As discussed in greater detail below (and in other sessions),
key differences include:
either a principle- or rules-based approach to corporate
governance codes;
an insider or outsider ownership influence; and
a unitary board or tiered board structures.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Although a detailed
knowledge of all the
various codes is not
expected the P1 exam
calls for knowledge
(e.g. of the Code) and
application of "best
practice". As the
Sarbanes-Oxley Act
of 2002 (SOX), the
OECD and the ICGN
codes are specifically
mentioned in the
syllabus, they may
be referred to in an
examination question,
although it is highly
unlikely that you will
be asked for specific
details on a particular
section of these codes
(e.g. see Question
4(b) June 2008).

6-3

Session 6 Approaches to Corporate Governance

1.3

P1 Governance, Risk and Ethics

Convergence

Corporate governance on a national basis is appropriate

when investing and financing by companies is on a national


basis. But a set of global requirements should be applicable,
as a minimum, to entities listing or obtaining finance across
borders. Requiring companies which participate in global
capital markets to follow global rules will provide greater
protection to global investors.
This approach was taken when the development of a set of
international financial standards (IFRS) commenced in the
mid-1970s. After some 40 years, with the programme to
converge US GAAP into IFRS, the concept of a truly global set
of standards (IFRS) looks to become a reality.
The national differences summarised above provide a
significant hurdle (perhaps an insurmountable hurdle) to be
overcome when considering the convergence of corporate
governance codes.
However, unlike IFRS, there does not need to be a "one size
fits all" approach to a global corporate governance code. The
key underpinning concepts of corporate governance (see
Session 1) within an appropriate ethical environment should
be able to cater to the different legal structures and cultural
identities that a global corporate governance model requires.

Both the Organisation for Economic Co-operation and

Development (OECD) and the International Corporate


Governance Network (ICGN) have issued separate sets
of corporate governance principles with the aim that they
can be used to form the core elements of a good corporate
governance regime, which can be adapted to the specific
circumstances of individual countries and regions. These
models are discussed later in this session.

Basis of Codes

2.1

Principles-Based Approach

2.1.1

Characteristics

Two key elements in the development of corporate governance


codes have been the legal and business cultures of the
jurisdiction in which a company operates. This has resulted in
two basics groupings when considering the basis of corporate
governance guidance:
principles-based or rules-based; and
insider or outsider ownership influence.

Focuses on objectives rather than how these objectives might

6-4

be achieved.
Ensures all situations can be covered through applying the
appropriate principle in the code.

Applicable across different legal jurisdictions.


Flexible and adoptable to different and new situations.
Not simply a "box ticking" exercise.
Incorporates a "comply or explain" regime (i.e. state that the
code was fully complied with or explain why a requirement of
the code was not applied).*

The Code is the


primary example of
a principles-based
corporate governance
code.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 6 Approaches to Corporate Governance

*This can be a very effective incentive to comply, as the need


to explain and the potential negative effect on the company (e.g.
reduction in share price, adverse publicity) may result in a greater
"cost" than complying. Shareholders and stock markets are entitled
to challenge the explanation for non-compliance.
In South Africa, the King Report III has moved from a "comply
or explain" approach to an "apply and explain" approach. This
approach requires a greater consideration of how a principle or a
recommended practice in King III could be applied. A board may
conclude that applying a recommended practice is not necessarily
in the best interests of the company and apply a different practice
provided that it explains the practice adopted and its reasons for
doing so. This basically means that a requirement from King III
cannot be simply "air-brushed" away in the hope that shareholders
will accept it not being implementedsomething relevant has to be
implemented in its place and explained.

Illustration 2 Comply or Explain


The "comply or explain" approach is the trademark of corporate
governance in the UK. It has been in operation since the Code's
beginnings and is the foundation of the Code's flexibility. It is
strongly supported by both companies and shareholders and has
been widely admired and imitated internationally.
The Code is not a rigid set of rules. It consists of principles (main
and supporting) and provisions. The (London Stock Exchange)
Listing Rules require companies to apply the Main Principles and
report to shareholders on how they have done so. The principles are
the core of the Code and the way in which they are applied should
be the central question for a board as it determines how it is to
operate according to the Code.
It is recognised that an alternative to following a provision may
be justified in particular circumstances if good governance can
be achieved by other means. A condition of doing so is that
the reasons for it should be explained clearly and carefully to
shareholders. In providing an explanation, the company should
aim to illustrate how its actual practices are both consistent with
the principle to which the particular provision relates and contribute
to good governance and promote delivery of business objectives.
It should set out the background, provide a clear rationale for
the action it is taking, and describe any mitigating actions taken
to address any additional risk and maintain conformity with the
relevant principle. Where deviation from a particular provision is
intended to be limited in time, the explanation should indicate when
the company expects to conform with the provision.
Whilst shareholders have every right to challenge companies'
explanations, they should not be evaluated in a mechanistic way and
departures from the Code should not be automatically treated as
breaches.
Satisfactory engagement between company boards and investors
is crucial to the health of the UK's corporate governance regime.
Companies and shareholders both have responsibility for ensuring
that ''comply or explain'' remains an effective alternative to a rulesbased system.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

6-5

Session 6 Approaches to Corporate Governance

2.1.2

P1 Governance, Risk and Ethics

Advantages

The rigour with which governance systems are applied can be


varied according to size, situation, stage of development of
business, etc.
Organisations (in legal terms) choose the extent to which they
comply, although they will usually have to "comply or explain"
in accordance with the relevant listing rules.*
Obeying the spirit of the law is better than "box ticking".
Being aware of overall responsibilities is more important than
going through a compliance exercise merely to demonstrate
conformance.
Avoids the "regulation overload" of rules-based systems (and
associated increased business costs).*
Self-regulation (e.g. by Financial Reporting Council in the UK)
rather than legal control has proved to underpin investor
confidence.
May be more responsive to changes in the business
environment and easier to review and update (than rulesbased systems which require tortuous legal processes).
Together with disclosure requirements, the emphasis is placed
on the market to accept or disagree and protest.*

*Explanations about a
particular requirement
that would not be
cost effective (e.g.
internal audit) are
better accepted by
shareholders and stock
markets for smaller
companies.

*The cost of SOX


compliance has been a
cause of considerable
concern in the US and
for foreign companies
listed in New York.

*Compliance in principles-based jurisdictions does not mean


"voluntary". The requirement to "comply or explain" is not a passive
thingcompanies must adhere to "comply or explain". In fact, it is
almost the only requirement from the Code. Analysts and other stock
market opinion leaders, however, take a very dim view of significant
breaches, especially in larger companies. Companies are very well
aware of this and "explain" statements, where they do arise, typically
concern relatively minor breaches. However, companies in the UK and
elsewhere may be subject to "listing requirements" which mandate
certain other behaviours for listed companies.

2.1.3

Criticisms

The principles set may be too broad as to give guidance to


best practice.
Where the principles are tightly drafted, they may be regarded
as rules "via the back door".
For companies seeking a listing, there may be confusion over
what is or is not compulsory. Companies may conclude that
despite the "comply or explain" approach, they will have to
comply with all the requirements.
The effectiveness of the approach depends on a company's
drive for complying with it, whether it is due to corporate law,
regulatory authorities or listing standards.*
There needs to be a high level of transparency with coherent
and focused disclosures, as well as a mechanism for
shareholders to hold company boards accountable.
Companies not complying with the principles might be seen by
some investors in the same light as companies breaking rules.

6-6

*Although the Code is


principles-based, the
requirement to follow
it is stipulated in the
rules-based regulatory
environment of the
Stock Exchange Listing
Rules.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 6 Approaches to Corporate Governance

Example 2 Developing Countries


Suggest reasons as to why a principles-based approach to corporate governance may be
preferable in developing countries.

Solution

2.2
2.2.1

Rules-Based Approach
Characteristics

Focuses on definite achievements rather than underlying

factors and/or principles.


Prescribed set of requirements.
Emphasis placed on obeying the letter of the rule.
Can ensure compliance through adopting a checklist approach.
Clear distinction between compliance and non-compliance
("yes/no").
Easy for oversight to ensure that rules have been followed.
Black/white with no shades of grey in between.

2.2.2

Advantages

2.2.3

Criticism

The primary example


of a rules-based
approach is the
Sarbanes-Oxley Act
(2002) enshrined in
US corporate law.

One set of rules applies to all companies. Every company


knows exactly what is required and all stakeholders know
what the rules are.
The rules are legally binding and enforceable in law.
Non-compliance is punishable by fines or ultimately (in
extremis) by delisting and director prosecutions. This might
deter companies from illegal business practises.
Greater government control may promote confidence in the
system.

One set of rules applies to all companies, even though rules


for some companies may not be relevant and will involve
significant cost beyond any benefit obtained.
Rules tend to be rigid and may not cover all possibilities, thus
leaving gaps to be exploited. Companies may design systems
and procedures specifically to exploit such gaps.
The effectiveness of the approach depends on a company's
drive for applying, whether due to corporate law, regulatory
authorities or listing standards.
Unless the penalties for non-compliance are severe, some
rules may be ignored.
Lack of flexibility in updating the rules. A legal process will be
required, which will take time and often means the process is
undertaken by lawmakers who may not fully understand the
needs of companies and stakeholders or will push their own
interests.*

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*In getting the various


bank crisis bailout
packages through
the US Congress,
the lawmakers had
to accept various
amendments from
a number of US
congressmen which
had nothing to do with
banks or the crisis.
This was the only way
they could be certain
of getting the required
level of support from
Congress.

6-7

Session 6 Approaches to Corporate Governance

2.3

P1 Governance, Risk and Ethics

Ownership

A country's corporate governance system will be affected by:


how companies finance themselves; and
the structure of corporate ownership.
In many European countries, in Latin-influenced countries (e.g.
South America) and in Asia, publicly listed companies tend to
be owned by a small number of major shareholders. These are
usually members of the company's founding families or a small
group of shareholders such as banks or the government. These
organisations are referred to as "insider systems".
In the Anglo-Saxon (sometimes referred to as Anglo-American)
world (e.g. UK, US, Canada, Australia) there is dispersed
ownership of listed corporate equity among a large number of
outside investors.
With most of the major shareholders being institutional
investors (i.e. investing on behalf of pension schemes,
investment funds, etc) about 20% of shareholders are private
individuals. Such ownership structures are referred to as
"outsider systems".*

2.4

Insider Systems

In these systems, the roles of banks, families and non-

financial corporations are crucial. There are close ties between


owners and managers. Company ownership is concentrated
in the hands of a few, families take active part in management
and there is marked separation of control and cash-flow rights
(e.g. through the use of preferential voting shares held by
family members).
Insider systems are often referred to as "relationship-based"
systems because of the close ties between companies and
their shareholders.*

2.4.1

Advantages

Reduced agency problem as owners are involved in


management.
Better alignment of interests of the management and
shareholders, as they are often the same people.
Family control helps to protect shareholders' interest against
managerial abuses, because the controlling owner and the
manager are often the same person.
Long-term view on the business as the controlling family is
likely to commit more human capital to the firm and cares
more about its long-run value.
Protection against hostile takeovers as most of the
shareholders must agree to the takeover.
Better strategic management as group decisions are prevalent.
Quality of decision-making is enhanced in ambiguous and
uncertain situations when diverse perspectives are shared.
Sharing is encouraged when people are in similar social
positions.
Stronger ethical values as the "family honour" is at stake.

6-8

*Outsider systems
tend to develop in
jurisdictions where
there is a strong legal
protection of minority
shareholders.

*"Insider" systems
may take different
institutional forms.
For example:
In Germany, banks
or other industrial
firms are often the
main shareholders;
In Sweden and
Italy, families are the
main shareholders
the Wallenbergs in
Sweden (estimated
to control 40% of the
wealth of the Swedish
stock market) and the
Agniellis in Italy (Fiat,
Juventus, Cushman &
Wakefield);
In France, the
largest shareholding
role is usually taken
by the state.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

2.4.2

Session 6 Approaches to Corporate Governance

Disadvantages

Little separation of ownership and control may lead to abuse


of power.
Less transparencyminority shareholders may not be able to
obtain information.
Banks (even if they are shareholders) tend not to monitor
family-run companies effectively.
Family feuds add to the cultural complexity of insider
companies.*
Poorer legal protection for minority shareholders. "Block
holders", rather than external shareholders, discipline and
monitor the company's management and therefore the
empowerment of external minority shareholders is not a
social necessity.
Misuse of funds through self-dealing or "tunnelling" of value
from firms where the controlling shareholder owns a small
fraction of the cash-flow rights (lower down in the pyramid)
to firms where the controlling shareholder owns a large
fraction of cash-flow rights (higher up in the pyramid).*
Reluctance and unwillingness to recruit outsiders to hold
influential positions and appoint independent NEDs.
Jurisdictions where insider systems dominate tend not to
develop corporate governance structures until absolutely
necessary (often too late). For example, where it takes
a major scandal to force implementation of corporate
governance procedures.
The stock market may not be considered an "open system", as
one family member selling shares can have a significant effect
on that market.*

2.5

Outsider Systems

"Outsider" refers to systems and corporate governance where

listed companies are controlled by their managers but owned


by outside shareholders, resulting in a separation of ownership
and control.
The role of the securities markets is crucial. A first indicator
of "outsider-domination" is a comparatively high stock market
capitalisation as a percentage of gross domestic product (GDP).
This indicates that the high level of equity issued by the major
listed companies (e.g. the "top 100") is the dominant form of
funding (rather than the debt bias found in insider systems).
There is simply too much equity in issue for it to be held by
a small number of shareholders (e.g. family insiders).

Furthermore, in such systems ownership is normally

dominated by portfolio-oriented institutional investors, with


ownership stakes of typically less than 3% per investor. Such
owners undertake their governance functions "outside" the
company and do not generally involve themselves in active
management.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*The feuding between


the German Dassler
brothers led to them
splitting their original
sports shoes company
to form Adidas and
Puma in 1948. The
rivalry continued to
such an extent that
both companies "took
their eye off the ball"
and allowed Nike to
claim the No. 1 position
in sports and leisure
wear as well as
innovation.

*Parmalat (Italy) is
an example of insider
system abuse, where
family members
siphoned off money
borrowed by Parmalat
for personal use and
for investing in other
family business.
Another example is
Satyam (India), where
similar techniques (such
as siphoning USD4
million each month for
13,000 non-existent
employees) appear to
have been used.

*The Asian financial


crisis of 1997 was
primarily caused by
the lack of appropriate
corporate governance
structures to counter
abuses in the insider
system.

6-9

Session 6 Approaches to Corporate Governance

P1 Governance, Risk and Ethics

2.5.1

Advantages

UK Corporate Governance Code*

Manager-ownership separation has


fostered more robust legal and
governance developments to protect
shareholders, particularly minority
shareholders.
Hostile takeovers are more frequent and
can act as a disciplining mechanism on
company management.
Management is subject to shareholder
approval through the use of voting rights.
Shareholders may use legal and
regulatory features to empower
information gathering, oversight and
control (e.g. directors' remuneration
disclosures, non-executive boards
elected by shareholders).

2.5.2

Disadvantages

Diffuse ownership can create potential


agency problems and increase agency
costs.
The interests of management may not
always align with the shareholders.
Larger shareholders often require shortterm gains and are therefore more likely
to "exit" (i.e. sell the shares) than stay
for the longer-term when companies fail
to meet expectations.

*This and the following sections provide an overview of the


development of the major codes based on a principles-based
approach (UK Corporate Governance Code), a rules-based approach
(SOX) and an international approach (OECD and ICGN). Throughout
this Study System the Code has been referred to as being an
example of "best practice" supported, as necessary, by examples
based on SOX, other codes and guidelines.

A prime example of a principles-based code. Many other

jurisdictions (e.g. South Africa, Singapore, Hong Kong) operate


similar codes primarily because of their historical links to the UK.
Development of the UK code was driven by various financial
scandals of the 1980s and early 1990s (e.g. Barlow Clowes,
Polly Peck, BCCI and in particular, Maxwell).
The UK Corporate Governance Code is a combination of a
number of original codes:
Cadbury Report (1992), Greenbury Report (1995) and
Hampel Report (1998).
Combined Code (1998) comprising the above three reports.
Turnbull Report (1999) issued to assist companies in
applying the Combined Code.
Higgs Report and Smith Review (2003).
Revised Combined Code (2004) incorporating Higgs and
Smith recommendations.
Combined Code (2006, 2008)minor working adjustments.
UK Corporate Governance Code (2010)minor working
adjustments and renamed.
UK Corporate Governance Code (2012)small number of
additional requirements.

6-10

It is important to
appreciate how the
Code was developed
based on principles
rather than rules.
Many of the original
recommendations
have been
incorporated into,
and enhanced in,
the current UK Code.
Questions will not be
set on the old reports
now incorporated
in the Code, but on
current best practice
and application of
the Code's principles
(e.g. advantages
of principles-based
codes in developing
nations, benefits
of separating the
roles of the CEO
and chairman and
the impact of the
principles-based
system on an insider
(or family) dominated
company when
listed).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

3.1

Session 6 Approaches to Corporate Governance

Cadbury Report, 1992

Illustration 3 Cadbury Report


Cadbury Report (forerunner to the Combined Code):
"The effectiveness with which boards discharge their responsibilities
determines Britain's competitive position. They must be free to
drive their companies forward, but exercise that freedom within a
framework of effective accountability. This is the essence of any
system of good corporate governance.
"We believe that our approach, based on compliance with a voluntary
code coupled with disclosure, will prove more effective than a statutory
code. It is directed at establishing best practice, at encouraging
pressure from shareholders to hasten its widespread adoption, and at
allowing some flexibility in implementation. We recognise, however
that if companies do not back our recommendations it is probable that
legislation and external regulation will be sought to deal with some
of the underlying problems which the report identifies. Statutory
measures would impose a minimum standard and there would be a
greater risk of boards complying with the letter, rather than with the
spirit, of their requirements."

Following the many governance failures, as noted above, Sir

Adrian Cadbury was asked to investigate the British corporate


governance system and to suggest improvements to restore
investor confidence in the system.
The final report set out recommendations on the arrangement
of company boards and accounting systems to mitigate
governance risks and failures.
Rather than taking a statutory route, the report recommended
a principles-based approach supported by "comply or explain".
The main recommendations were:
the appointment of NEDs;
an audit committee to oversee greater control of financial
reporting; and
the separation of the role of the chair and chief executive.

3.2

Greenbury Report, 1995

Following public concern about executive remuneration (large

pay increases, large gains from share options and excessive


compensation for departing directors) in the recently
privatised utility industries (e.g. gas, electricity) a working
party was established under the chairmanship of Sir Richard
Greenbury.
The final report recommended:
establishing a remuneration committee to determine
directors' remuneration;
a nominations committee to oversee new appointments to
the board; and
detailed reporting to shareholders on the workings of both
committees.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

6-11

Session 6 Approaches to Corporate Governance

3.3

P1 Governance, Risk and Ethics

Hampel Report, 1998

Established to review the workings of the Cadbury and


Greenbury Reports.

Recommended combination of the two Codes into a Combined


Code, plus further requirements relating to:
communication with shareholders; and
the balance between implementing controls and allowing
companies to find their own ways of applying corporate
governance principles.

3.4

Turnbull Report, 1999

A working party led by Nigel Turnbull was established to

provide assistance for companies in reporting how they had


applied the Combined Code and its principles.
The report covered operational and financial controls based on
high-level principles of good governance rather than rules or
detailed checklists.
The main recommendations of the Turnbull Report are:
Boards must make an annual statement on the effectiveness
of internal controls.
Boards, not operational managers, are responsible for risk
management and internal control.
All internal controls should be considered, not just financial
reporting, using a "risk-based" approach.
Boards should continue to review application of the guidance,
to embed the controls in how a company operates, with
procedures to identify and report weaknesses.
The external auditor's responsibility over internal controls
should not increase.

3.5

Higgs Report and Smith Review, 2003

Following the Enron scandal in the US and the implementation

of SOX, an extensive review of UK corporate governance was


carried out to establish whether there were any lessons to be
learnt for UK companies.
The review resulted in two reports, the Higgs Report and the
Smith Review.
The Higgs Report dealt mainly with the role of NEDs (see
Session 3).*
The Smith Review concentrated on the role of the audit
committee (see Session 10).

Illustration 4 Higgs
"The comply or explain approach offers flexibility and intelligent
discretion and allows for valid exception to the sound rule. The
brittleness and rigidity of legislation cannot dictate the behaviour, or
foster the trust, I believe is fundamental to the effective unitary board
and superior corporate performance."
Higgs, Higgs Report, 2003

6-12

*Higgs also
reconsidered, in the
light of SOX, the
continued use of
a principles-based
approach.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

4.1

Session 6 Approaches to Corporate Governance

Sarbanes-Oxley Act (2002)


Rules-Based Regulation

For historical reasons, a rules-based approach to regulation

is firmly embedded in the US approach to dealing with most


issues (e.g. corporate governance, US GAAP).
Therefore, following the high-profile collapses of Enron and
WorldCom and the serious short comings with US corporate
governance that these and other collapses showed, the US
Congress passed the SarbanesOxley Act in 2002 (shortened
to "Sarbox" or "SOX").
Named for Paul Sarbanes and Michael Oxley, who were the
legislation's main architects, SOX is mandatory. All listed
organisations, large or small, must comply.*

*Because of its mandatory nature and the severe penalties for noncompliance, an extensive compliance consultancy industry evolved
around accountants and management consultants. Companies had
to get their SOX detail right the first time; there was no leeway for
error. The introduction of SOX for most companies was therefore a
very costly exercise.

4.2

Impact

One of the (many) major criticisms of SOX was that it

assumes a "one size fits all" approach to corporate governance


provisions (rules-based disadvantage). The same detailed
provisions are required of small- and medium-sized companies
as are required of the largest companies listed on the New York
Stock Exchange (regardless of the fact that it may be a part of
a company listed in another jurisdiction).
Many of the SOX requirements also apply to foreign companies
listed in the US as well as foreign subsidiaries of US-listed
companies.
Commentators noted that the number of initial public offerings
(IPOs) fell in New York after the introduction of SOX as
new listings were made on exchanges that allowed a more
flexible, lower-cost approach (e.g. London's principles-based
approach).*

4.3

Key Requirements

4.3.1

PCAOB

The establishment of a new regulator, the Public Company

Accounting Oversight Board (PCAOB) with powers to set


auditing, quality control, independence and ethical standards,
plus inspection and disciplinary powers (see Session 17).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*Many of the
requirements in SOX
mirror those already
in other corporate
codes but put them
into a rules-based
framework.

6-13

Session 6 Approaches to Corporate Governance

4.3.2

P1 Governance, Risk and Ethics

Boards and Committees

The majority of directors on a board must be independent.


Audit, nominations and remuneration committees must

consist of 100% independent directors. All must have general


experience of the responsibilities of the committee (e.g. Audit
Committee members must be able to read and understand
financial statements) and at least one member of each
committee must have relevant "expert" experience (e.g. an
Audit Committee member must have senior management,
consultancy or academic experience in financial reporting).

4.3.3

Audit Committees

Audit committees are responsible for the fiscal integrity of the

company, overseeing the accounting and financial reporting


process and audits of the financial statements.
Exclusive hiring, firing and spending authority over the
external auditor.
Approval of auditing and non-auditing services (which must
not be carried out by the auditors).
External auditor to report directly to the Audit Committee.
Review the external auditor's independence and work.
Receive reports from the auditor on critical accounting
policies; receive reports from the auditor on discussions
with management on alternative GAAP, their effects and the
auditor's preference; receive reports from the auditor on
material communications with management.
Discuss annual and quarterly statements with management
and auditors.
Discuss any financial information provided for press releases
and rating agencies.
Resolve management and auditor disagreements over
financial accounting treatments.
Establish procedures to deal with external complaints
concerning accounting, internal controls or auditing matters.
Set up whistle-blowing procedures.

4.3.4

Responsibilities of CEO and CFO

Must certify that there are no untrue statements of material

fact in financial results presented in quarterly and annual


reports and that the statements fairly represent the financial
condition of the company.

Are responsible for effectiveness of internal controls and

must attest to the scope and adequacy of the internal control


structure (including a statement on the effectiveness of
controls) and procedures for financial reporting in annual
reports (see Sessions 9 and 11).*

4.3.5

Registered Accounting Firm

The registered accounting firm (auditor):

6-14

must attest to and report on effectiveness of the internal


control structure and procedures for financial reporting; and
cannot provide services to audit clients which are not
directly related to the audit.

*Certifying officers will


face penalties up to:
$ 1,000,000 in fines
and/or up to 10
years' imprisonment
for "knowing"
violations.
$ 5,000,000 in fines
and/or up to 20
years' imprisonment
for "wilful"
and "knowing"
violations.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

4.3.6

Session 6 Approaches to Corporate Governance

Codes of Business and Ethics

These must be in place (and disclosed) for directors, officers

and employees (Session 18).


All material off-balance sheet liabilities, transactions and
obligations must be disclosed.
Altering, destroying, mutilating, concealing, falsifying records,
documents or tangible objects with the intent to obstruct,
impede or influence a legal investigation is punishable by
unlimited fines and up to 20 years' imprisonment.
Accountants who knowingly and wilfully violate the
requirements to maintain all audit or review papers for a
period of five years will be subject to unlimited fines and up to
10 years' imprisonment.
Listed companies cannot avoid SOX by delisting, unless after
delisting they have fewer than 300 US shareholdersonce
"SOXed, always SOXed".
Employees and the auditor are guaranteed protection against
the company if they disclose confidential information to parties
involved in a fraud claim (whistle-blowing protection).

4.4

Criticisms

The main criticism of SOX concerns the initial set-up costs


and the annual costs of compliance (including the costs of the
PCAOB).*
Because of the rapid enactment of SOX, many critics argued
that it was not thoroughly thought through and in some areas
was more of a "knee-jerk", overkill reaction. The authors and
supporters of SOX reject such claims.
Company and auditor regulators outside of the country
objected to the initial "SOX or nothing" approach taken by
the American regulators in requiring any foreign company
listed in the US to be subject to the full requirements of SOX
regulation. There was a strong feeling that US regulators
considered any foreign regulatory regime inferior to SOX
(when in many areas it was at least equal, if not superior).*

*SOX supporters claim


that the increased
costs are necessary to
ensure that confidence
is restored and retained
in the US market.

*In the area of auditor regulation and inspection, progress was made
in 2005 by the UK and European authorities in getting the PCAOB to
accept that a number of European auditor regulatory authorities were
equivalent to the PCAOB and did not therefore require a full PCAOB
inspection. Even so, in some areas a PCAOB inspector may accompany
local national inspectors when they hold meetings with auditors.

Audit fees have significantly increased because of the


increased workload in dealing with internal controls.
Auditors are considered to be the "winners" through providing
consultancy on SOX compliance and other services to firms
that are not their audit clients.
A consultancy industry has grown up around SOX, focussing
company attention on complying with all aspects of the
legislation regardless of size and relevancea "scare factor".

2014 DeVry/Becker Educational Development Corp. All rights reserved.

6-15

Session 6 Approaches to Corporate Governance

P1 Governance, Risk and Ethics

Illustration 5 Comments on SOX


Against
"The new laws and regulations have neither prevented frauds nor
instituted fairness. But they have managed to kill the creation
of new public companies in the U.S., cripple the venture capital
business and damage entrepreneurship. According to the National
Venture Capital Association, in all of 2008 there have been just
six companies that have gone public. Compare that with 269
IPOs in 1999, 272 in 1996 and 365 in 1986. Faced with crushing
reporting costs if they go public, new companies are instead selling
themselves to big, existing corporations. For the last four years
it has seemed that every new business plan in Silicon Valley has
ended with the statement "And then we sell to Google". The
venture capital industry is now under water, paying out less than
it is taking in. Small potential shareholders are denied access
to future gains. Power is being ever more centralized in big,
established companies. For all of this, we can first thank SarbanesOxley. Cooked up in the wake of accounting scandals earlier this
decade, it has essentially killed the creation of new public companies
in America, hamstrung the NYSE and Nasdaq (while making the
London Stock Exchange rich) and cost U.S. industry more than $200
billion by some estimates."
Wall Street Journal, 21 December 2008
For
"I am surprised that the Sarbanes-Oxley Act, so rapidly developed
and enacted, has functioned as well as it has ... the act importantly
reinforced the principle that shareholders own our corporations
and that corporate managers should be working on behalf of
shareholders to allocate business resources to their optimum use."
Alan Greenspan
"Sarbanes-Oxley helped restore trust in US markets by increasing
accountability, speeding up reporting, and making audits more
independent."
Christopher Cox, SEC
"Corporate boards are working better. The responsibilities that
should have been there all along, but got shifted to the CEO,
are back in the board's hands, particularly with independent
audit committees."
William Donaldson, SEC

5.1

OECD
Background

For more than 40 years, the OECD has been one of the world's

largest and most reliable sources of comparable statistics


and economic and social data. As well as collecting data,
the OECD monitors trends, analyses and forecasts economic
developments and researches social changes or evolving
patterns in trade, environment, agriculture, technology,
taxation and more.
The OECD provides a setting where governments compare
policy experiences, seek answers to common problems,
identify good practice and coordinate domestic and
international policies.

6-16

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 6 Approaches to Corporate Governance

The OECD brings together governments of countries

committed to democracy and the market economy from


around the world to:
support sustainable economic growth;
boost employment;
raise living standards;
maintain financial stability;
assist other countries' economic development; and
contribute to growth in world trade.

5.2

Principles

Originally published in May 1999 (updated in 2002 and revised

in 2004), the OECD Principles of Corporate Governance


(www.oecd.org) responded to growing awareness of the
importance of good corporate governance for investor
confidence and national economic performance.
The Principles are a living instrument offering non-binding
standards and good practices as well as guidance on
implementation, which can be adapted to the specific
circumstances of individual countries and regions.
It also represents the first initiative by an inter-governmental
organisation to develop increased transparency, integrity
and the rule of law as core elements of a good corporate
governance regime.
Therefore, the Principles can be used:
as a benchmark by governments as they evaluate and
improve their laws and regulations; and
by private sector parties which have a role in developing
corporate governance systems and best practices.
to embrace different models that exist.*
The Principles cover five areas:
1. Rights of shareholdersprotection of shareholders'
rights and key ownership functions.
2. Equitable treatment of shareholdersensuring the
equitable treatment of all shareholders, including minority
and foreign shareholders.
3. Role of stakeholdersrecognising the rights of
stakeholders (including employees) as established by law
and encouraging active cooperation between corporations
and stakeholders in creating wealth, jobs and financial
sustainability.
4. Disclosure and transparencyensuring that timely and
accurate disclosure (transparency) is made on all material
matters regarding the corporation, including the financial
situation, performance, ownership and governance of the
company.

5. Responsibilities of the boardensuring the strategic


guidance of the company, the effective monitoring of
management by the board and the board's accountability
to the company and its shareholders (the responsibilities of
the board).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*For example, they


do not advocate
any particular board
structure and the term
"board" as used in the
document is meant to
embrace the different
national models of
board structures found
in OECD countries.
In the typical twotier system, found
in some countries,
"board" as used in
the Principles refers
to the "supervisory
board" and "key
executives" refers to
the "management
board". In systems
where the unitary
board is overseen by
an internal auditor's
board, the term
"board" includes both.

6-17

Session 6 Approaches to Corporate Governance

P1 Governance, Risk and Ethics

5.2.1 Rights of Shareholders

Secure methods of ownership, registration and transfer

of shares.
Receive relevant information on the corporation on a timely
and regular basis, including the voting procedures that govern
general shareholder meetings.
To participate in, and to be sufficiently informed on, decisions
concerning fundamental corporate changes, including effective
participation in general shareholder meetings.
5.2.2 Equitable Treatment of All Shareholders

All shareholders have effective redress for violation of their

rights.
All shareholders of the same series of a class are treated
equally.
Minority shareholders are protected from abusive actions of
the majority holders.
Any changes in voting rights are approved by those classes of
shares which are negatively affected.
Processes and procedures for general shareholder meetings
allow for equitable treatment of all shareholders.
Insider trading and abusive self-dealing is prohibited.
Members of the board and key executives disclose to the
board whether they, directly, indirectly or on behalf of third
parties, have a material interest in any transaction or matter
directly affecting the corporation.
5.2.3 Role of Stakeholders

Effective redress for violation of their rights.


Access to relevant, sufficient and reliable information on a
timely and regular basis.

Able to freely communicate their concerns about illegal or

unethical practices to the board and their rights should not be


compromised for doing this.

5.2.4
Disclosure and Transparency

Financial and operating results of the company, company

objectives and major share ownership and voting rights.


Information about the board members and key executives on
their remuneration policy, qualifications, the selection process,
other company directorships and whether they are regarded
as independent by the board.
Related party transactions, foreseeable risk factors and issues
regarding employees and other stakeholders.
Governance structures and policies, in particular, the content
of any corporate governance code or policy and the process by
which it is implemented.
Annual audit undertaken by an independent, competent and
qualified auditor accountable to the shareholders.

6-18

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 6 Approaches to Corporate Governance

5.2.5 Responsibilities of the Board

The board as a whole (including independent NEDs) is able

to monitor the day-to-day activities of the entity's executive


management and in particular the CEO.
No one individual executive, or group of executives, should
dominate the direction and strategy of the company or benefit
themselves or others under their influence.
For key oversight roles, independent committees should be
established (e.g. Audit Committee, Nomination Committee,
Remuneration Committee).
The board (as a whole) should:
Act on a fully informed basis, in good faith, with due
diligence and care and in the best interests of the company
and its shareholders.
Apply high ethical standards and exercise objective
independent judgement on corporate affairs, taking into
account the interests of all stakeholders.
Review and guide corporate strategy, major plans of action,
risk policy, annual budgets and business plans.
Set performance objectives, monitor implementation
and corporate performance and oversee major capital
expenditures, acquisitions and divestitures.
Ensure the integrity of the corporation's accounting and
financial reporting systems (e.g. independent audit, control
systems, risk management procedures, financial and
operational control, compliance with the law and regulations).
Monitor and manage potential conflicts of interest of
management, board members and shareholders, including
misuse of corporate assets and related party transactions.
Assign independent NEDs to tasks where there is a
potential for conflict of interest (e.g. review of related
party transactions, nomination of key executives and board
remuneration).
Select, compensate, monitor and, when necessary, replace
key executives and oversee succession planning.
Align key executive and board remuneration with the
longer-term interests of the company and its shareholders.
Monitor effectiveness of governance practices and make
changes as needed.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

6-19

Session 6 Approaches to Corporate Governance

6.1

P1 Governance, Risk and Ethics

ICGN
Background

The International Corporate Governance Network

(www.icgn.org) was founded in 1995 at the instigation of


major institutional investors.
It represents investors, companies, financial intermediaries,
academics and other parties interested in the development of
global corporate governance practices.

6.1.1

Primary Purposes

To provide an investor-led network for the exchange of

views and information about corporate governance issues


internationally.*
To examine corporate governance principles and practices.
To develop and encourage adherence to corporate governance
standards and guidelines.
To generally promote good corporate governance.

6.1.2

Committees

Current policy related committees include:

6.2

Accounting and Auditing Practices Committee


Anti-Corruption Practices working group
Corporate Governance Principles Review Committee
Cross-Border Voting Practices Committee
Director and Shareholder Engagement working group
Executive Remuneration Committee
Non-financial Business Reporting Committee
Shareholder Responsibilities Committee
Shareholder Rights Committee

*Through this process,


the ICGN believes
that companies
can compete more
effectively and
economies can best
prosper. The ICGN
also believes that it is
in the public interest
to encourage and
enable the owners
of corporations to
participate in their
governance.

Principles

Originally issued in 1999, the principles were revised and

reissued in 2005 following the update of the OECD Principles


in 2004. A further extensive review and revision was carried
out in 2009.
The Principles are drafted to be compatible with other
recognised codes of corporate governance, although in some
circumstances, the ICGN Principles may be more rigorous.

6-20

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 6 Approaches to Corporate Governance

The relevant sections are:


Corporate objectives
Corporate boards
Corporate culture
Risk management
Remuneration
Audit
Disclosure and transparency
Shareholder rights
Shareholder responsibilities.
The ICGN has also published a number of policies addressing
in greater detail certain of the Principles (e.g. the policy
statement on directors' remuneration and the statement on
anti-corruption practices).

Example 3 International Codes


Discuss the limitations of international corporate governance codes.

Solution

2014 DeVry/Becker Educational Development Corp. All rights reserved.

6-21

Becker Professional Education | ACCA Course

Session 27 IAS 7 Statement of Cash Flows

Summary

Strong corporate governance encourages investment, strengthens the capital markets and
invites foreign capital.

Codes of corporate governance:

provide best-practice guidance;


dene specic steps to improve governance;
describe expected behaviour; and
increase market credibility.

Codes may be influenced by the advantages of diversity of human capital on the board,
independence from executive management, promotion of shareholder activism and
increased public communication. Codes of ethics can be accomplished through a variety
of processes, including a competent, strong audit function, a transparent and independent
remunerations process and employee participation in financial outcomes.

Corporate governance tends to be principles-based (e.g. the Code) or rules-based (e.g.


SOX). Different countries tend to have different board structures (i.e. unitary v multitiered), and different ownership characteristics (i.e. insider v outsider). The principles,
however, are the important thing and should allow a variety of styles to serve the same end.

Rules-based systems tend to have much higher implementation and ongoing costs.
The Code places responsibility for internal controls with the board of directors. SOX
established the Public Company Accounting Oversight Board (PCAOB) with power to
set auditing, quality control, independence and ethics standards. The PCAOB also has
inspection and disciplinary powers.

Session 6 Quiz
Estimated time: 15 minutes

1. List EIGHT issues surrounding corporate governance development. (1.1)


2. Compare the advantages of a principles-based system with those of a rules-based system. (2)
3. Explain the major difference between an insider system and an outsider system.
(2.4, 2.5)
4. State THREE recommendations from the Turnbull Report. (3.4)
5. List the key requirements of SOX. (4.3)
6. State the FIVE OECD Principles of Corporate Governance. (5.2)
7. Describe the purpose of the ICGN. (6.1.1)

Study Question Bank


Estimated time: 30 minutes

Priority

Q9

6-22

Estimated Time
Corporate Governance Standards

Completed

30 minutes

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Becker Professional Education | ACCA Course

Session 6

Session 27 IAS 7 Statement of Cash Flows

EXAMPLE SOLUTIONS
Solution 1Influences

Corporate ownership and financing structure

Legal system

GAAP (although converging to IFRS)

Government policies

Culture and social attitudes

History

State of the economy (local and global)

Capital inflows

Globalisation and the free movement of capital

Cross-border institutional investment

Solution 2Developing Countries

Developing countries' economies tend to be dominated by small- and


medium-sized enterprises (SMEs). It would be very costly, and
probably futile, to attempt to burden small businesses with regulatory
requirements comparable to larger concerns.

Having the flexibility to "comply or explain" allows for those seeking


foreign equity to increase compliance while those with different
priorities can delay full compliance. In low-liquidity stock markets
(such as those in some developing countries) where share prices
are not seen as strategically important for businesses, adopting a
more flexible approach might be a better use of management talent
rather than "jumping through hoops" to comply with legally binding
constraints.

The state needs to have an enforcement mechanism in place to deal


with non-compliance and this itself represents a cost to taxpayers
and the corporate sector. Developing countries may not have the full
infrastructure in place to enable compliance (auditors, pool of NEDs,
professional accountants, internal auditors, etc) and a principlesbased approach goes some way to recognise this.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

6-23

Solution 3International Codes

There is no single international model of corporate governance.


Different legal systems, institutional frameworks, traditions and
culture mean that a range of different approaches have developed
around the world.*

However, common to all good corporate governance regimes is a


high degree of priority placed on the interests of shareholders, who
place their trust in corporations to use their investment funds wisely
and effectively.

In addition, the best-run companies recognise that business ethics


and corporate awareness of the environmental and societal interest
of the communities in which they operate can have an impact on the
reputation and long-term performance of companies.

Limitations of corporate governance codes, therefore:

To be acceptable to the majority of countries, the code will need


to take the lowest common denominator. Thus it may be fairly
tame and bland.

Global differences in legal structures, financial systems,


corporate ownership, culture and economies will make it hard to
strengthen any of the principles.

As the code will need to be based on best practice of a number


of jurisdictions, development will always lag changes in the most
advanced countries.

The codes will have no legislative power and may not even be
supported by national stock exchanges or governments.*

*The concept
of International
Accounting Standards
was first established
in the mid-1970s.
It took at least 30
years for them to
become, more or
less, the de facto set
of financial reporting
standards (IFRS)
acceptable around the
world. Similarly with
International Auditing
Standards (ISAs).

*In spite of the above limitations, the OECD and the ICGN codes have:

highlighted the contributions good governance can make to


companies;

emphasised specific dangers that have contributed to governance


failure;

provided benchmarks and a solid starting point; and

promoted good practice.

6-24

2014 DeVry/Becker Educational Development Corp. All rights reserved.

NOTES

2014 DeVry/Becker Educational Development Corp. All rights reserved.

6-25

Session 7

Corporate Social
Responsibility
FOCUS
This session covers the following content from the ACCA Study Guide.
A. Governance and Responsibility
7. Corporate governance and corporate social responsibility
a) Explain and explore social responsibility in the context of corporate
governance.
d) Explain the concept of the organisation as a corporate citizen of society
with rights and responsibilities.

E. Professional Values, Ethics and Social


Responsibility
2. Different approaches to ethics and social responsibility
d) Explain and evaluate the concepts of "CSR strategy" and "strategic CSR".

Session 7 Guidance
Study carefully! Many of the ideas in this session are developed in Session 20. Appreciate that there
are contrasting and opposing views on corporate social responsibility (CSR) and you could be required
to discuss both sides of the CSR argument and, perhaps, build a case for a particular approach.

(continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To appreciate the concepts of corporate social responsibility and
corporate citizenship.

CORPORATE SOCIAL
RESPONSIBILITY

Background
Development
The Business in Society
Business Case
CSR strategy
Strategic CSR
Coverage
Carroll
Perceived Advantages
Perceived Disadvantages

STAKEHOLDERS

CORPORATE CITIZENSHIP

Approach
Codes and Guidelines

Reasoning
Perspectives
Principles
Management Framework

SOCIAL AND
ENVIRONMENTAL ISSUES
Session 20

Session 7 Guidance
Note that the guidelines of ABI, a key driver for socially responsible investments, are provided for
illustration. Review the CSR articles on Chris MacDonald's blog (www.businessethicsblog.com) and
Mallen Baker's website (www.mallenbaker.net). Think about how, for example, CSR is applied at
McDonald's or Nike compared to, say, Enron and the sub-prime banks.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

7-1

Session 7 Corporate Social Responsibility

P1 Governance, Risk and Ethics

Corporate Social Responsibility

1.1 Background
As with corporate governance, corporate social responsibility
(CSR) evades a strict, universal definition. "It is all things, to
all men."
CSR will be shaped, throughout the world, by the legal
jurisdictions, corporate structures, cultures, moral and ethical
beliefs and conditions under which corporations operate. As such,
it has been defined in many ways.

"CSR encompasses the economic, legal, ethical and


philanthropic expectations placed on organisations by society
at a given point in time."
Carroll

"The obligation that organisations have to act responsibly


towards the social and environmental context in which they
operate. This means at least the need to protect society
and the environment from harm and perhaps the need to
actually add value in these areasit's a move away from
just considering profit and shareholder value into broader
awareness of the role of business in society."
Ashridge College, UK
"CSR is the continuing commitment by business to behave
ethically and contribute to economic development while
improving the quality of life of the workforce and their families
as well as of the local community and society at large. It
refers to all of the impacts a company may have on society
and the need to deal with those impacts on all stakeholders in
a responsible way."
World Business Council for Sustainable Development
"CSR is about capacity building for sustainable livelihoods.
It respects cultural differences and finds the business
opportunities in building the skills of employees, the
community and the government."
Ghanaian perspective

"CSR is about business giving back to society."


Philippine perspective
"CSR is about how companies manage the business processes
to produce an overall positive impact on society."
Mallen Baker
CSR is "doing the right thing even when no one is looking".
Anonymous, 2006
CSR is not based on a set of rules or principles (as is corporate
governance). It is a term that considers certain actions taken by
entities. It:

describes the principle that firms can and should make a


positive contribution to society;

is the practice of managing the social, environmental and

economic impacts of firm (the "triple bottom line" or "3BL");


encompasses being responsive to "stakeholders" and behaving
according to a set of values not codified in law; and
can refer to a wide range of actions that firms may take, from
donating to charity to reducing carbon emissions.
7-2

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.2

Session 7 Corporate Social Responsibility

Development

The idea of corporations having a "responsibility to society"

has existed since they began to affect the communities in


which they operated and their environment.
Initially, any effect was mainly limited to employees, local
suppliers, customers and communities and tended to arise
through the owner's religious and ethical beliefs. However, such
enlightened employers were few and far between, with most
treating their workers, for example, as little better than slaves.
The industrial revolutions of the 1800s raised the issue to a
national level with a growing consciousness of the harm that
irresponsible corporate behaviour could cause to employees,
the local community and the environment.
In the early 1950s, US corporations found themselves
increasingly under public attack and criticism. They responded
by developing the formal notion of social responsibility. Many
started social responsibility programmes and spent a lot of
money advertising to show how they were promoting the
"social good".

The phrase "Corporate Social Responsibility" was coined in

1953 with the publication of Bowen's Social Responsibility of


Businessmen, which posed the question, "What responsibilities to
society can business people reasonably be expected to assume?"
As firms expanded their local impact to national and
(eventually) global levels (especially from the 1960s), so
has the global awareness of their effects on stakeholders
expanded beyond local considerations.
Stakeholder awareness of the effects of firms on society
became clearer as entities expanded their operations,
in particular to developing countries, where national
governments were unable to support a social infrastructure
which the entities were familiar with in their home countries.*

*The unprecedented growth in power of corporations over the last


half century, together with an informed and educated general public,
created a real threat to the legitimacy of the corporation in society,
which CSR sought to counteract.
Exactly what "social responsibility" means varied according to the
industry, company and location. But whether it was reforestation,
reducing pollution or increasing diversity in the workforce, social
responsibility was the term used to capture those activities of a
corporation that were beneficial to society.

1.3

The Business in Society

A business needs to address two aspects of its operations:


1. The quality of its managementin terms of both people
and processes.
2. The nature and quantity of its impact on society in various
areas.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

7-3

Session 7 Corporate Social Responsibility

P1 Governance, Risk and Ethics

Customers

Unions

e
lac
p
et

Wo
rk

e
ac
pl

Financial
analysts

Employees

Ma
rk

Shareholders

un
m

n
ir o
Env

ity

Quality of
Management

en
t

Government

m
Co
Impact on
Society

Local communities

NGOs

Mallen Baker

Outside stakeholders are taking an increasing interest in

business activities. What has the company done, good or bad,


in terms of its impact on the environment, local community and
workforce? This is depicted in Mallen Baker's "outer circle".
Of the various stakeholders, it is financial analysts who focus
predominantly on the quality of management as an indicator of
likely future performance, as well as past financial performance.

1.4

Business Case

The directors of a company:


must, as agents, act in the interests of the owners (agency
theory);
have a fiduciary duty to act in good faith in the best
interests of the company; and
cannot afford to ignore the impact of stakeholders in
maximising shareholders' wealth (stakeholder theory).
Milton Friedman argued that a society determines and meets
its wants and needs through the market place where the
self-interest pursuit by business happens to result in society
getting what it wants. Firms have no responsibility other than
to make a profit for shareholders through economic and legal
means. Only human beings have moral responsibility for their
actions. Social issues are the province of the state and not
corporations, thus CSR is not appropriate"The business of
business is ... business".

7-4

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 7 Corporate Social Responsibility

However, with the development of corporate governance and

stakeholder awareness and activism, firms engage in CSR as


they perceive that doing so will improve their profits
(e.g. ethical buyers will only buy from ethical companies).
Swanson (1995) suggested that there were three main types
of motivation for CSR:
the utilitarian perspectivean instrument to help achieve
performance objectives;
the negative duty approachcompulsion to adopt
socially responsible initiatives to appease stakeholders; and
the positive duty viewbusiness is self-motivated
regardless of social pressures.
In selecting CSR issues, a company's board should avoid
reacting to external pressures (or the latest "fads") unless, by
doing so, value is added to the business. The board should
consider only those issues which:
create business value; and
can be linked to the firm's core business and sustainability
in the long run.

Illustration 1 British Petroleum (China)


BP (China) resisted pressure from the Chinese government to support the infrastructure
which needs to be put in place to deal with the current AIDS crisis facing the country.
BP publicly declared that it would not support the AIDS programme, but that it would
invest in a road improvement scheme in its areas of operation. Poor roads in China cost
many lives, particularly near schools, so this was considered a worthy CSR direction.
BP estimated that the vehicle costs and loss of value through using poor roads (vehicles
were damaged and drivers often injured) were far greater than the costs to improve the
roads. So investment in this policy had significant community benefits as well as specific
company benefits.

CSR activities which are linked to the core competences of

the firm should be systematically assessed, evaluated and


communicated to stakeholders.
The business case for CSR would therefore normally
emphasise the benefits:
stronger operational efficiency, financial performance
and profitability;

enhanced employee commitment;


improved accountability to and assessments from the
investment community;
improved access to capital;
competitiveness and market position;
enhanced attractiveness to qualified employees;
decreased vulnerability through stronger relationships
with communities;
improved reputation and branding;
maintenance of regulatory and public goodwill;
improved competitive advantage; and
maintenance of the social licence to operate (i.e. society
will still invest in the entity and buy its products).*

2014 DeVry/Becker Educational Development Corp. All rights reserved.

7-5

Session 7 Corporate Social Responsibility

P1 Governance, Risk and Ethics

*Various research studies have shown that, in general, the vast


majority of firms apply CSR through enlightened self-interest (the
business case approach) and are therefore applying an economic
approach to CSR and the maximisation of shareholder wealth (i.e.
using CSR as a "means to an end" rather than applying it for its own
sake, "an end in itself"). The economic approach does not dispute
the validity of CSR, but the exponents of CSR would call it "profit
maximisation dressed as social responsibility".

1.5

CSR Strategy

Strategythe direction and scope of an organisation over the long-term


which achieves advantage for the organisation through its configuration
of resources within a challenging environment to meet the needs of
markets and to fulfil stakeholder expectations.
Johnston and Scholes

Because CSR has become a key element of the social contract

7-6

between business and society, it is essential that any business


that embraces CSR should have a CSR strategy to define the
direction and scope of its CSR.
For example, CSR can:
assist in configuring resources (e.g. skilled employees)
through being known as a good employer that provides
appropriate facilities and environments;
help develop the expectations of key stakeholders (e.g.
green investments);
assist the business to gain a competitive advantage (e.g.
sound reputation); and
assist the business in gaining a reputation as a good
corporate citizen (e.g. local environmental projects,
charitable donations).
Any CSR strategy, as with any other business strategy (e.g.
IT/IS strategy, HR strategy, operational strategy) must be
embedded in the overall corporate strategy.*

*Porter and Kramer


divided CSR into
two approaches
responsive or strategic.
Responsive is basically
being a good corporate
citizen because
of the demands
from stakeholders.
This approach
often leads to the
business carrying out
philanthropic activities
unrelated to its
activities.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.6

Session 7 Corporate Social Responsibility

Strategic CSR

CSR that supports core business activities and thereby contributes to the
firm's effectiveness in accomplishing its mission.
Halme and Kourula
CSR that goes beyond good corporate citizenship, and mitigating
harmful value-chain impacts, by mounting a small number of initiatives
whose social and business benefits are large and distinctive.
Porter and Kramer

Strategic CSR relates to those CSR activities that are at the

core and the heart of the business in assisting the business to


achieve its objectives.
Strategic CSR is very selective in its activities as opposed
to general CSR, which is often conducted as a "damage
limitation" exercise (e.g. trying to convince the world of the
business' "greenness").
Porter and Kramer considered strategic CSR to build "shared
value" for the business and CSR beneficiary (e.g. Dell's
campaign to plant a tree for every computer monitor it
sold; BP's road-building programme in China) rather than
unconnected CSR activity (e.g. making donations to a charity
that has no relationship to the business).
Creating shared value (CSV) is the concept that business
economic value is created in a way that also creates value
for society by addressing its needs and challenges. For
example, by implementing policies and operating practices
which enhance the competitiveness of a company while
simultaneously advancing the economic and social conditions
of the communities in which the business operates.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

7-7

Session 7 Corporate Social Responsibility

P1 Governance, Risk and Ethics

Burke and Logsdon set out five independent variables or

strategic dimensions which, ideally, would all positively align to


create value:

Centrality
Closeness of fit to the
firm's mission and
objectives

Visibility
Recognisable,
observable credit by
stakeholders for
the firm

Specificity
Ability to capture
private benefits by
the firm

Strategic
CSR

Voluntarism
Scope of
discretionary
decision-making and
lack of externally
imposed compliance
requirements

Proactivity
Degree to which
the programme is
planned in anticipation
of emerging trends
and in the absence
of crises

Visibility

is observed to be related to value creation. To


the extent that consumers and other stakeholders are
perceived to observe CSR activity, they are able to reward
firms for their participation.
Centrality suggests that the greater the extent to which
certain social objectives coincide with the firm's business
mission, the more likely they will create value. Thus firms
that develop resources and capabilities through CSR may be
able to leverage benefits for their core business.
Specificity (appropriability) is the ability to link financial
benefits to the achievement of social objectives (e.g.
through "fair trade" initiatives).
Proactivity in environmental and social policy tends to be
correlated with a proactive business strategy. Proactive
firms are more like to engage stakeholders and adapt to
changes in societal expectations.
Voluntarism is associated with choice (i.e. undertaking
social activities freely rather than in response to legal
constraints, fiscal incentives or industry practice).
Stakeholders tend to value voluntary action more than nonvoluntary action as, for example, it reflects management's
commitment to CSR.

7-8

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 7 Corporate Social Responsibility

Strategic CSR can also be seen as a source of business

innovation through creating business opportunities aimed at


reducing or eliminating a particular social or environmental
problem. This will mean new services and products will be
developed to provide the solution.

Illustration 2 Reebok (India)


Through strategic CSR innovation, Reebok in India manufactures
training shoes locally and sells them for less than $2.
This means local employment, use of local materials and providing
affordable footwear. A low individual profit margin based on a
potential market of millions of buyers throughout India adds up to a
reasonable outcome. One of the rationales behind Adidas' strategy
(Reebok's parent company) is that Reebok customers will "move
up" to the higher-margin shoes produced by Adidas as their status
and buying power increases.

1.7

Coverage

In most jurisdictions, CSR is not governed by laws, regulations

or codes (e.g. the Companies Acts or Codes of Corporate


Governance). It is voluntary best practice driven by the fact
that, in a global environment, brands and business reputation
are key to a firm's success.
With the development of corporate governance and
stakeholder activism, firms developed business models around
identifying and assessing the effect on and of stakeholders
(Session 2).
However, such "in-house" actions would have little impact
unless stakeholders were made aware of what was happening
and how the business was interacting with its environment.
This led to CSR reports being introduced with annual financial
statements.

Typical Activities Falling Under CSR

Corporate philanthropydonating to charities is simple and


enhances reputation. However, because it is easy to do and
very "PR-friendly", it is often dismissed as a public relations
exercise.

Cause-related marketingin partnership with a charity, a

firm uses the charity's logo, alongside its own, in marketing


campaigns or brand promotions. Firms choose charities
to attract target consumers (e.g. the Avon Breast Cancer
Crusade and Gillette Prostate Cancer Challenge). Charities
receive money and a raised profile. The firm benefits by
associating itself with a good cause as well as increasing sales.
Sponsoring awardsaward schemes give firms positive
exposure and position themselves as experts on particular
issues (e.g. Reebok Human Rights Awards and the Alcan Prize
for Sustainability).
Codes of conductexplicit statements of a firm's "values"
and standards of corporate behaviour. Codes vary in content
and quality from company to company (see Illustration 2 and
Session 18).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

7-9

Session 7 Corporate Social Responsibility

P1 Governance, Risk and Ethics

Social and environmental reportinglinked to codes of

conduct. Reports on social and environmental performance


were pioneered by Shell (see Session 20).
Stakeholder engagementdialogue between stakeholders.
Some stakeholders (e.g. future generations and the
environment) may not be able to speak for themselves.
Community investmentprojects in the local community
may offset negative effects or "give back" to the community.
Eco-efficiencydescribes the need for firms to improve their
ecological as well as economic performance (see Session 20).

Illustration 3 British Petroleum


BP Code of ConductContents (extract) (www.bp.com)

Health, safety, security and the environment


Health, safety and security
Environment

Employees
Fair treatment and equal employment opportunity
Respectful, harassment-free workplace
Privacy and employee confidentiality

Business partners
Receiving and giving gifts and entertainment
Conflicts of interest
Competition and antitrust
Trade restrictions, export controls and boycott laws
Money laundering
Working with suppliers

Governments and communities


Bribery and corruption
Dealing with governments
Community engagement
External communications
Political activity

Company assets and financial integrity


Accurate and complete data, records, reporting and accounting
Protecting BP's assets
Intellectual property and copyright of others
Insider trading
Digital systems use and security

7-10

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 7 Corporate Social Responsibility

Example 1 Community Investment


Suggest FOUR activities that could be established as community
investment projects and FOUR eco-efficiency processes.

Solutions
1.

2.

3.

4.

1.

2.

3.
4.

In the absence of legal and regulatory requirements for

the disclosure of CSR activities, a number of organisations


have provided guidelines, measurement and assurance
recommendations (e.g. the Global Reporting Initiative,
"GRI"Session 20).

Exhibit 1

NEXT STEPS

"Today, CSR goes far beyond the old philanthropy of the past
donating money to good causes at the end of the financial year
and is instead an all year round responsibility that companies
accept for the environment around them, for the best working
practices, for their engagement in their local communities and for
their recognition that brand names depend not only on quality,
price and uniqueness but on how, cumulatively, they interact with
companies' workforce, community and environment. Now we need
to move towards a challenging measure of corporate responsibility,
where we judge results not just by the input but by its outcomes:
the difference we make to the world in which we live, and the
contribution we make to poverty reduction."
Gordon Brown, as UK Chancellor

2014 DeVry/Becker Educational Development Corp. All rights reserved.

7-11

Session 7 Corporate Social Responsibility

1.8

P1 Governance, Risk and Ethics

Carroll

Archie Carroll ("The four faces of corporate citizenship", 1998)


suggested a four-part model of CSR covering the expectations
placed on organisations by society:

PHILANTHROPIC
ETHICAL
LEGAL
ECONOMIC

Economic responsibility (required"have to")


reasonable return to shareholders, safe and fairly paid
employment, quality products at a fair price.
Legal responsibility (essential"must do")follow
the letter and spirit of the law applicable to the firm, its
dealings, the environment and interaction with stakeholders.
Ethical responsibility (desired"should do")doing what
is right, just and fair.
Philanthropic (wished for"might do")the discretionary
behaviour of organisations to improve the lives of others.*

*Traditionally in the US, CSR has been defined much more in terms of
a philanthropic model. Companies make profits, unhindered except
by fulfilling their duty to pay taxes. Then they donate a certain share
of the profits to charitable causes. It is seen as tainting the act for
the company to receive any benefit from the giving.
The European model is more focused on operating the core
business in a socially responsible way, complemented by community
investment for business case reasons.

In dealing with these, boards need to consider and report on


(under the general term of CSR), for example:
ethical practices;
ecology, environmental impact and protection;
sustainability;
current and future needs of society;
product design and customer relations;
employees, communities, human rights.

7-12

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 7 Corporate Social Responsibility

In particular, sustainability reporting (see Session 20) in CSR

covers:
Economiccustomers, suppliers, employees, providers of
capital;
Environmentalmaterials, energy, water, biodiversity,
emissions, suppliers, compliance, transport;
Labour practicesemployment, relations, health and
safety, training, education, diversity, opportunities;
Human rightsstrategy, development, non-discrimination,
freedom of association, child labour, indigenous rights;
Societycommunity, bribery and corruption, political
contributions, competition and pricing;
Product responsibilitycustomer health and safety,
advertising, respect for safety.

Example 2 Carroll and Friedman


Discuss the similarities and differences between Friedman's and
Carroll's views on CSR.

Solution
1.
2.
3.
4.
5.

1.9

Perceived Advantages of CSR

Organisations which are seen as ethically and morally sound


attract better business (e.g. customers, suppliers, additional
finance). Those considered unsound are boycotted.
Employees are more attracted to work for, and are more
committed to, socially responsible firms.
A positive contribution to society is a long-term investment
in a safer, better-educated and more equitable community
creating a more stable context in which to do business.
Firms are motivated to involve stakeholders in their decisionmaking and to address social challenges. Stakeholders are
increasingly aware of the importance and impact of corporate
decisions on society and the environment and need to judge
the firm on its CSR.
Firms are differentiated in the marketplace based on their CSR
strategy and commitments.
Firms maintain a (social) licence to operate with the public or
specific stakeholders.
Good practices attract favourable financing conditions as
financial markets demand better information on social and
environmental performance.
2014 DeVry/Becker Educational Development Corp. All rights reserved.

7-13

Session 7 Corporate Social Responsibility

P1 Governance, Risk and Ethics

Cost savings are made through using sustainable practices.


Innovation is encouraged through a better understanding of
stakeholder needs or future risks.
Reputation is enhanced by providing truthful and robust
information on tough issues.
All of the above will result in greater long-term wealth being
generated by the firm.

1.10 Perceived Disadvantages of CSR


A major criticism is that it is no more than corporate PR. If
firms followed ethical and moral practices, CSR would not be
necessary.
Well over 80% of the world's 250 largest companies now
produce CSR reports that purport to improve corporate
accountability to stakeholders. Criticisms include:
a lack of common benchmarks to compare the performance
of different firms;
content is discretionary, leading to allegations of "spin";
the difficulty in verifying many of the claims made;
many of the claims are designed to give a "feel good factor";
identifying only the more sustainable and "greener" aspects
of activities and "glossing over" or ignoring the more
damaging aspects;
policies lacking the engagement or commitment of the
work force, particularly the managers (e.g. due to resource
shortages, lack of communication, an inappropriate skill
base, mismatch with core values); and
that a wide variety of stakeholders make use of the reports
has yet to be proved.*
Although CSR started off as a good idea, it has been hijacked
for commercial reasons and morphed to match its "users" aims.
Just as a company's financial statements can conceal fraud
perpetrated by management, CSR can be used to hide and
deflect attention from unethical actions and practices.

Illustration 4

*A number of projects
have been, and are
being, undertaken in
an attempt to codify
the disclosure and
measurability of CSR
elements (e.g. the
GRI discussed in
Session 20).

Smokescreen

Chris MacDonald (www.businessethicsblog.com) argues:


CSR misunderstands capitalism. It implies a misunderstanding of the basic wealth-and-welfare
generating function of markets. Business contributes to society through producing things
society requires and when business is conducted honestly (e.g. makes useful products, provides
useful services; provides employment; provides an investment opportunity for investors;
follows scrupulously all laws and regulations to which it is subject and pays its taxes) leaves all
concerned better off.
CSR can be a smokescreen covering financial irregularities and the flaunting of environmental,
employment and other laws. Questions to ask business leaders should not be based around
their CSR disclosures but about how honest they are in their daily business, in corporate
governance and in regulatory compliance.
What would happen if all of the effort and money being spent on CSR (training, conferences,
dinners, activists, media, etc) were redirected to the simple idea of getting more people, in more
businesses, to behave consistently according to basic rules of honesty and integrity?

7-14

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Illustration 5

Session 7 Corporate Social Responsibility

Insincerity

CSR evolved as a response to the threat anti-corporate campaigns posed to companies' licence
to operate. But corporate social responsibility is a contradiction in terms.
Companies are legally bound to maximise profits to shareholders. This duty to make money
above all other considerations means that corporations can only be "socially responsible" if they
are being insincere. Any doubtful social benefits from CSR are outweighed by the losses to
society in other areas.
CSR is an effective strategy for:
bolstering a company's public image;
avoiding regulation; and
gaining legitimacy and access to markets and decision-makers.
Also, CSR enables business to propose ineffective, voluntary, market-based solutions to social and
environmental crises under guise of being responsible.
This deflects blame for problems caused by corporate operations away from the company and
protects companies' interests while hampering efforts to tackle the root causes of social and
environmental injustice.
CSR does not pose any sustainable solutions. It can easily be reversed if the economic
climate changes. As well as being voluntary, it reinforces rather than challenges the power of
corporations. A genuinely socially responsible company would look so different from today's
corporations as to be unrecognisable. Tackling the big issues of overconsumption, climate change
and massive economic inequality requires major shifts in our lifestyles and systems of social
organisation. CSR seems to present us with an easy alternativeusing corporate power as a
lever for social change rather than seeing it as an obstacle. Ultimately, CSR is not a step towards
a more fundamental reform of the corporate structure but a distraction from it.
Exposing and rejecting CSR is a step towards addressing corporate power.
Claire Fauset, Corporate Structures researcher, Corporate Watch

Stakeholders

2.1

Approach

The success of all firms relies on the contributions made by

a wide set of stakeholders, not just shareholders. Firms


therefore have a duty to consider interests of all stakeholders.
Stakeholdersdefinitions, types, impact, power and roles
have already been covered in Session 2. In particular,
stakeholder power and roles can have a significant influence
on an organisation within stakeholder theory.
Therefore, it is essential that the board fully understands who
the stakeholders are, their impact on the business and what
they regard as the firm's principal CSR challenges.
The firm needs to balance which stakeholders to engage with,
when and on what issues. Failure to balance their needs and
expectations could lead to some disgruntled stakeholders
causing undue trouble for the firm.*
The board must be able to determine that it is addressing key
needs and incorporating them in the CSR agenda.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*There is a risk that


a firm concentrates
on "key players"
(see Mendelow). This
could result in a "firefighting" approach to
CSR.

7-15

Session 7 Corporate Social Responsibility

2.2

Codes and Guidelines

2.2.1

UK Corporate Governance Code

P1 Governance, Risk and Ethics

The UK Corporate Governance Code does not specifically refer

to CSR. It does, however, suggest that "the board should


state the company's values and standards and ensure that its
obligations to its shareholders and others are met."
Therefore CSR will be implicit in the application of much of
the Code (e.g. risk management, dialogue with institutional
shareholders and reporting).

2.2.2

Association of British Insurers (ABI)

The ABI represents many substantial institutional shareholders

(a powerful group of stakeholders) and is a key driver for


socially responsibility investments (SRI).
In 2001 it issued a set of SRI guidelines setting out basic
disclosure principles to guide member investors in seeking to
engage with companies in which they invested.
These were updated in 2007 to take into account changes
in (UK) law and the increased need for companies to make
qualitative (rather than quantitative) disclosures.

Guidelines on Responsible Investment Disclosure emphasises

the quality of the environmental, social and governance (ESG)


disclosures made by companies.

Illustration 6 ABI Guidelines on Responsible


Investment Disclosure
Questions on environmental, social and governance matters.

7-16

Has the company made any reference to each of environmental, social and governance
(ESG) matters? If so, does the Board take these regularly into account?

Has the company identified and assessed significant risks and opportunities affecting its
long- and short-term value arising from its handling of ESG matters?

Does the annual report contain a forward-looking assessment of ESG and other risks
facing the company?

Does the annual report describe the role of the Board in overseeing risk management?

Does the company state that it has adequate information for identification and
assessment?

Are systems in place to manage the ESG risks?

Does the Remuneration Committee take account of the handling of ESG risks when
setting performance targets?

Does Directors' training include ESG matters? (http://www.abi.org.uk/Display/File/85/


SRI_Guidelines.doc)

Does the company disclose significant short- and long-term risks and opportunities arising
from ESG issues? If so, how many different risks/opportunities are identified?

Are policies for managing risks to the company's value described?

Does the company state whether it has followed ASB guidance on narrative reporting?

Does the company produce KPIs on material ESG risks?

Does the company produce KPIs on material ESG risks for each business unit?

Does the company report on the effectiveness of the ESG strategy through a review of
these KPIs?

Are verification procedures described?

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

2.2.3

Session 7 Corporate Social Responsibility

OECD Guidelines for Multinational Enterprises

These recommendations by governments are addressed

to multinational enterprises. They provide voluntary


principles and standards for responsible business conduct
consistent with applicable laws. (http://www.oecd.org/
dataoecd/56/36/1922428.pdf)
In following the guidelines, entities "should take fully into
account established policies in the countries in which they
operate, and consider the views of other stakeholders".
The first (of 11) General Policies states that the entity should:
"Contribute to economic, social and environmental progress
with a view to achieving sustainable development."

Illustration 7

British Telecom

We aim to be at the heart of the information societya communications-rich world in which


everyone, irrespective of nationality, culture, ethnicity, class, creed or education, has access to the
benefits of information and communications technology (ICT).
In practical terms, that means we are committed to doing business in a way that:
maximises the benefits of ICT for individuals;
contributes to the communities in which we operate;
minimises any adverse impact that we might have on the environment.
It means doing business in a way that will persuade customers to buy from us, investors to back
us, the best people to work for us and communities to have us around.
If we had to say what we believe in a single sentence, it would be this: better communications
help create a better world.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

7-17

Session 7 Corporate Social Responsibility

Corporate Citizenship

3.1

Reasoning

P1 Governance, Risk and Ethics

During the mid-1990s, the term corporate citizen emerged


as a new way of addressing, and adding to, the social role of
corporations.

Corporate citizenshipis the business strategy that shapes the values


underpinning a company's mission and the choices made each day by its
executives, managers and employees as they engage with society.
The current global challenges of transparency, stakeholder
expectations, accountability, trust and reputation require a strategic
approach endorsed at the highest levels of the company and
integrated and aligned throughout the business operation.
Boston College Centre for Corporate Citizenship

Directors had never been happy with the phrases "business

ethics" and "CSR" as both "ethics" and "responsibility" implied


something not normally found in businesses (and were
therefore additional to the role of business in society).
Society consists of citizens with specific rights. So a
corporation, as a separate legal entity with specific legal
rights, obligations and responsibilities, is a corporate citizen.*
The term "corporate citizen" puts CSR onto a "higher level"
where ethics and responsibilities are accepted as being natural.

3.2

Perspectives

There are currently three views on CC:


1. Limitedbased on Carroll's fourth level, philanthropy;

*Corporate citizenship
(CC) is effectively an
"emerging technology"
and there are different
perspectives on its
concepts in different
jurisdictions.

2. Equivalentessentially equates with CSR;


3. Extendedacknowledges the extended political role.
3.2.1

Equivalent Perspective

In updating his work on CSR, Carroll discusses CC in the same


termseconomic, legal, ethical and philanthropic.

In addition, Maignan and Ferrell (2000) describe CC as being

"the extent to which businesses meet the economic, legal,


ethical and discretionary responsibilities imposed on them by
their stakeholders".
In practice, CC is more or less CSR but with self-interest not
being the primary motivationgreater focus is given to legal
and ethical fulfilment.

7-18

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

3.2.2

Session 7 Corporate Social Responsibility

Extended Perspective

This is based on the firm being an active social and political

citizen. The focus is on stakeholders, with a combination


of self-interest promoting corporate power and a wider
responsibility towards society.
Such citizenship includes three different aspects of entitlement:

Social rights

These provide an individual with the freedom to


participate in society (e.g. the right to education,
healthcare, welfare, good working conditions).
In many developing countries, governments cannot
(or do not) provide such basic rights. Companies
may then step in to provide, for example, liveable
wages, improved conditions (e.g. in "sweatshops",
schools and medical centres.
This is a "providing role".

Civil rights

Where governments fail to provide basic civil rights,


entities may be able to use their power to encourage
the government to desist from violating basic civil
rightsan "enabling role".

Political rights

Individuals are allowed to promote their political


causes by "attacking" governments indirectly
through corporations, thereby leveraging the power
of corporations against the government.
Attempting to engage government directly
on political issues is usually ineffectivebut
demonstrating against a particular company and
achieving international media coverage may have
the desired effect.
This is called "channelling".

*Rupert Murdoch, founder, chairman and CEO of News Corporation,


has often commented that he has the power through his various
newspaper titles to be able to make or break governments. His
main vehicle for doing so in the UK is The Sun newspaper, which has
the largest daily circulation of any newspaper in the UK. By openly
supporting a particular political party through The Sun, Murdoch claims
to "have made the difference" in a number of recent general elections.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

7-19

Session 7 Corporate Social Responsibility

P1 Governance, Risk and Ethics

Illustration 8 Use of CC
"We pledge to be a good corporate citizen in all the places we operate worldwide. We will
maintain the highest ethical standards, comply with all applicable laws and regulations, and
respect local and national cultures. We are dedicated to running safe and environmentally
responsible operations."
Exxon Mobil Corp
"Corporate citizenship has become an integral part of every decision and action we take. We
believe corporate citizenship is demonstrated in who we are as a company, how we conduct our
business and how we take care of our employees, as well as in how we interact with the world at
large."
Ford Motor Co
"Our vision is to be an innovative and inspirational global citizen in a world where our company
participates. Every day we drive responsible business practices that contribute to profitable and
sustainable growth."
Nike Inc
"Our goal is to be a good corporate citizen wherever we operate, as a responsible and
contributing member of society."
Nokia
"With the aim of becoming a corporate citizen respected by international society, Toyota is
conducting a wide range of philanthropic activities throughout the world. Its activities cover five
major areas: education, the environment, culture and the arts, international exchange and local
communities."
Toyota Motor Corp

3.3

Principles

The Boston Centre for Corporate Citizenship

(www.bcccc.net) identifies four core principles that define the


essence of corporate citizenship:

3.3.1

Minimise Harm

Work to minimise the negative consequences of business activities


and decisions on stakeholders. Examples:

operate ethically;
support efforts to stop corruption;
champion human rights;
prevent environmental harm;
enforce good conduct from suppliers;
treat employees responsibly;
ensure the safety of employees;
ensure that marketing statements are accurate; and
deliver safe, high-quality products.

3.3.2

Maximise Benefit

Contribute to society and economic well-being by investing

resources in activities benefitting shareholders as well as


broader stakeholders.
Examples:
voluntarily participate in helping address social issues;
ensure stable employment;
pay fair wages; and
produce a product with social value.

7-20

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

3.3.3

Session 7 Corporate Social Responsibility

Be Accountable and Responsive to Key Stakeholders

Build relationships of trust that involve greater transparency

and openness about the progress and setbacks which


businesses experience in an effort to operate ethically.
Create mechanisms to:
include the voice of stakeholders in governance;
produce social reports assured by third parties;
operate according to a code of conduct; and
listen to and communicate with stakeholders.

3.3.4

Support Strong Financial Results

The responsibility of a company to return a profit to

shareholders must always be considered part of its obligation


to society.

3.4

Corporate Citizenship Management


Framework (CCMF)

Products
& Services

Community

Values
Mission
Principles
Policies

Operations

The CCMF outlines four domains of the business to be

considered in corporate citizenship management:


Values, mission, principles and policies;
Community;
Operations;
Products and services.
Using this framework a company should:
assess the appropriate and effective actions it should
take regarding transparency, governance, community
economic development, work-family balance, environmental
sustainability, human rights and ethical investor
relationships; and
make connections between risk management, brand image,
stakeholder engagement, supplier certification, causerelated marketing and employee diversity.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

7-21

Session 7 Corporate Social Responsibility

P1 Governance, Risk and Ethics

Some firms may have already made a significant investment

in citizenship. In this case, the CEO typically leads the firm's


position on social and environmental issues and the board is
fully informed. To move forward these firms might try to:
connect citizenship to core business strategy and to
employees through a "live the brand" campaign (e.g. IBM); or
establish citizenship objectives for line managers
(e.g. DuPont and UBS).
However, many companies lack an understanding of the many
aspects of corporate citizenship and have neither the expertise
nor the machinery to respond to so many diverse interests
and demands. Their chief challenges are:
to put citizenship firmly on the corporate agenda;
to be better informed about the concerns of stakeholders; and
to take sensible initial steps.

3.4.1

Corporate Values, Mission, Principles, Policies


Integration and Accountability

Embedding corporate citizenship in the governance and

management structure of the firm addresses how its core


values, mission, vision and governance structures support
or prevent it from understanding and managing corporate
citizenship as an integrated part of business strategy.

3.4.2

Community EngagementAddressing Social Challenges

Mobilising the firm's assets to address social issues and

support social well-being (beyond job creation and paying


taxes) can range from philanthropy to participation in multistakeholder, social-issue partnerships engaging a range of
corporate resources.

3.4.3

OperationsResponsible Business Practices

Using responsible business practices to minimise potential

negative impacts on society (and maximise positive impacts)


addresses how a firm manages and reports to stakeholders on
a broad range of issues.

3.4.4

Products and ServicesMarket Strategy

Addressing societal needs with marketplace solutions that return


a profit to the firm can range from adapting existing products
and services to be more eco-efficient or socially beneficial, to a
fundamental reinvention of product lines or services.

7-22

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 7
Summary

CSR encompasses an organisation's ethical obligations. The specifics depend on each


person's ideal of the ethical obligations; thus, CSR cannot be practically defined.

CSR engenders the idea that corporations should make a positive contribution to society;
manage the social, environmental and economic impacts of the firm on the world; and be
responsive to stakeholders.

Management quality has an important impact on CSR behaviours. Outstanding behaviours,


it is believed, will lead to positive future business performance.

The firm should engage in CSR issues only if they create business value and improve
sustainability. The business case for CSR emphasises:

enhanced employee commitment;


improved reputation and branding;
decreased regulatory vulnerability;
improved investment community response;
lower cost of capital; and
enhanced competitiveness and market position.

The GRI has established guidelines, as well as measurement and assurance


recommendations, for a firm to indicate its social responsibility. GRI has been reported as
a public relations exercise that allows firms to deflect attention from unethical actions with
minimally socially responsible behaviours.

The firm's CSR agenda should identify stakeholders and address their needs. The UK
Code does not address CSR, but indicates that firms should state organisation values and
standards and ensure that it meets stakeholder obligations.

Boards tend to prefer the concept of "corporate citizenship" rather than CSR.

The equivalent perspective (Carroll) is CSR but with self-interest replaced by legal and
ethical fullment.

The extended perspective addresses social rights, civil rights and political rights in the
context of improving the world.

CC principles include minimising harm, maximising benefits to society and being


accountable and responsive to key stakeholders. The last principle recognises that a
company must return a profit to shareholders.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

7-23

Session 7 Quiz
Estimated time: 15 minutes
1.

Define CSR, CSR strategy and Strategic CSR. (1.1, 1.5 and 1.6)

2. Explain Carroll's four-part model of CSR. (1.8)


3. Explain the perceived disadvantages of CSR. (1.10)
4.

True or False? The ABI represents a powerful group of stakeholders and is a key driver for
socially responsible investments. (2.2)

5.

Define "corporate citizenship". (3.1)

6.

Explain the differences between the equivalent perspective and extended perspective on
corporate citizenship. (3.2)

7.

List the FOUR core principles identified by the Boston Centre for Corporate Citizenship. (3.3)

Study Question Bank


Estimated time: 30 minutes

Priority

Q10

Estimated Time

Objectives of Companies

Completed

30 minutes

Additional

Q11

7-24

Principles of CSR

2014 DeVry/Becker Educational Development Corp. All rights reserved.

EXAMPLE SOLUTIONS
Solution 1Community Investment
Community investment covers a range of initiatives including:
1.

running health programmes;

2.

sponsoring schools;

3.

playgrounds or community centres;

4.

employee volunteering schemes.

Eco-efficient processes include:


1.

using renewable energy sources (e.g. solar power);

2.

recycling waste;

3.

using biodegradable and minimal packaging;

4.

using non-solvent products (e.g. non-solvent adhesives);

5.

recycling products sold at the end of their life.

Solution 2Carroll and Friedman


1.

Carroll and Friedman agree on basic responsibilities (e.g.


the maximisation of firms' values as a core responsibility).
They also advocate that such responsibility remain in-line
with legal standards and therefore firms are not to engage in
illegal activities.

2.

In short, Carroll and Friedman agree on the "Must-Dos" and


the "Have-Tos" of a firm. This implicates the economic and
legal responsibilities of an organisation.

3.

Carroll looks beyond maximisation of profits. He takes


a firm's responsibilities further by talking about social
responsibility. Under social responsibility, he outlines ethical
and discretionary responsibilities. These are affectionately
known as the "Should-Dos" and "Might-Dos", respectively.

4.

This gives a wider dimension to the importance of being a


responsible firm. Social responsibility requires firms to look
beyond figures and documents, and to look out at people and
the environment.
Carroll foresees the importance of ethical standards as part of
a firm's success in the long run. By following beliefs of certain
moral standards and proactively volunteering to search for
charitable avenues, the social responsibility dimension will
create a positive rapport between the firm and parties that
are privy to its operationsthis includes suppliers, clientele,
employees and the surrounding community.

5.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

7-25

Session 8

Governance: Reporting and


Disclosure
FOCUS
This session covers the following content from the ACCA Study Guide.
A. Governance and Responsibility
8. Governance: reporting and disclosure
a) Explain and assess the general principles of disclosure and communication
with shareholders.
b) Explain and analyse "best practice" corporate governance disclosure
requirements (e.g. under the UK Corporate Governance Code).
c) Define and distinguish between mandatory and voluntary disclosure of
corporate information in the normal reporting cycle.
d) Explain and explore the nature of, and reasons and motivations for,
voluntary disclosure in a principles-based reporting environment
(compared to, for example, the reporting regime in the USA).
e) Explain and analyse the purposes of the annual general meeting
and general meetings for information exchange between board and
shareholders.
f) Describe and assess the role of proxy voting in corporate governance.

Session 8 Guidance
Read this through a couple of timesnote that voluntary disclosure links into CSR. Although AGMs
may seem just a regulatory thing, they have "livened up" a bit recently (e.g. Marks & Spencer, and the
UK bank AGMs, especially over bonuses).
Understand the advantages and disadvantages of mandatory, as well as voluntary, disclosures (s.2).

(continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To assess the general disclosure and reporting requirements to shareholders
under corporate governance.

DISCLOSURES
Meaning
Aim

MANDATORY AND
VOLUNTARY
Mandatory
Voluntary
Principles-Based Approach

SHAREHOLDER MEETINGS

Annual General Meeting


General Meeting
Proxy Voting
Myners Report

Session 8 Guidance
Recognise the link between good corporate governance and the flow of information provided by
annual general meetings and general meetings of shareholders (s.3).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

8-1

Session 8 Governance: Reporting and Disclosure

Disclosures

1.1

Meaning

P1 Governance, Risk and Ethics

"Disclosure" refers to a wide range of different forms of


information produced by companiesregulatory, codes, best
practice and voluntary.*
For example:

annual report, quarterly reports;


chairman's statement, business review, financial statements
(including notes, etc);

governance statement, remuneration statement, director's

responsibilities;
internal control, corporate responsibility, sustainability,
integrated report ("IR");
additional shareholders' information;
profit warnings;
stakeholder meetings, annual general meetings; and
corporate websites, stakeholder websites.
One of the key agency problems is the knowledge gap between
directors and shareholders. Appropriate and timely disclosures by
the company help narrow that gap.

*Great care must


be taken to avoid
"blurring" and
duplication of required
disclosures (e.g. of
Companies Acts, stock
exchange listing rules
and the Code) and
voluntary disclosures
(e.g. integrated
reporting). Statutes
and regulations
must be drafed with
care and disclosure
requirements crosschecked to ensure
they are clear and
not repetitive or
overlapping.

Illustration 1 Information
Sharing
"The lifeblood of markets is information and barriers to the flow of
relevant information represent imperfections in the market. The
need to sift and correct the information put out by companies adds
cost and uncertainty to the market's pricing function. The more the
activities of companies are transparent, the more accurately will their
securities be valued."
Cadbury Report, 1992
"Companies should engage in regular, effective and fair
communication with shareholders. In disclosing information,
companies should be as descriptive, detailed and forthcoming as
possible and avoid boilerplate disclosures."*
Singapore Code
"The statutory and regulatory corporate governance framework*
should ensure that timely and accurate disclosure is made on all
matters regarding the company, including its financial situation,
performance, ownership, and governance.
Disclosure should include, but not be limited to, material information
on:
the financial and operating results of the company;
company objectives;
major share ownership and voting rights;
members of the board and key executives and their remuneration;
material foreseeable risk factors;
material issues regarding employees and other stakeholders; and
governance structures and policies."

Organisation for Economic Co-operation and Development

8-2

*"Boilerplate"
disclosure refers
to the practice of
taking examples from
regulations, guidelines,
etc without tailoring
them to the specific
nature of the business.
They may comply with
the law or disclosure
requirement, but not
its "spirit".
*A corporate
governance framework
relates to all
regulations (e.g.
statutory, listing
rules, governance
codes) that apply to
corporate entities.
As voluntary codes
and frameworks may
also be applied (e.g.
integrated reporting)
care must be taken
to avoid unnecessary
duplication and
blurring of disclosure.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.2

Session 8 Governance: Reporting and Disclosure

Aim

A strong disclosure regime is an important feature of the

market-based monitoring of corporate governance. It is also


central to the ability of shareholders to exercise their voting
rights effectively.
Experience in countries with large and active equity markets
shows disclosure requirements can be a powerful tool for
influencing the behaviour of companies and for protecting
investors.
A strong disclosure regime can help attract capital and
maintain confidence in capital markets. Shareholders (and
potential investors) require regular, reliable and comparable
information in sufficient detail to assess management's
stewardship, make informed investment decisions and exercise
voting rights. Insufficient or unclear information hampers the
market's ability to function, increases the cost of capital and
results in a poor allocation of resources.
Disclosure (through codes of best practice or voluntary) also
helps to improve public understanding of the structure and
activities of companies, their environmental policies and
performance, ethical standards and relationships with local
communities.

Illustration 2 Disclosure
"For 'comply or explain' to work, clear and well-supported
explanations are needed, with the users of reports taking these
explanations into account and not demanding a box to tick.
"In reporting, companies need to remember its overriding purpose
is to communicate the nature and quality of the strategic leadership
and control exercised by the board.
"The board is at the heart of value creation and it is what investors
and other stakeholders want to read about. But, in the eyes of the
users, few companies manage to report effectively on governance
and board performance."
Independent Audit Ltd (www.independentaudit.com)

2014 DeVry/Becker Educational Development Corp. All rights reserved.

8-3

Session 8 Governance: Reporting and Disclosure

P1 Governance, Risk and Ethics

Mandatory and Voluntary

2.1

Mandatory

Mandatory disclosures are required elements of a report. For

example:
law (e.g. Companies Act 2006, Sarbanes-Oxley 2002);
regulation (e.g. Directors' Disclosure Regulations 2002,
London Stock Exchange Listing Rules);
governance codes (e.g. the UK Code's "comply or explain"
approach); and
financial reporting standards (e.g. IFRS or US GAAP).
Mandatory disclosures seek to satisfy stakeholders'
information needs, ensuring quality control through the
observance of laws and standards.
Mandatory disclosure refers to:
Issuercompany.
Receiversshareholders, employees, creditors, customers
and other stakeholders.
Regulationscommercial law, accounting law, accounting
standards: IFRS, US GAAP, European Accounting Directives,
national accounting standards, etc.
Contentformat and object of disclosed statements.
Period of disclosureannual, biannual, quarterly or
occasionally.
Disseminationprinted or website.

Illustration 3 Mandatory
Elements
The mandatory elements in a set of financial statements may include:
Statement of comprehensive income, statement of financial

position, statement of cash flow; statement of changes in equity;

Accounting policies and notes (primarily through legislation and

financial reporting standards);

Directors' report, chairman's statement and business review (even

if required, these may be loosely defined); and

Corporate governance disclosures and reports.

2.1.1

Advantages of Mandatory
Disclosure

Encourages comparative analysis and


better understanding of business.
Basic costs of disclosure diminish over
time as systems are established to
collate necessary information.
Facilitates communication.
Helps to prevent corruption.
Serves as a risk management tool.

8-4

2.1.2

Disadvantages of Mandatory
Disclosure

More information is always needed, thus


marginal costs increase.
Loss of corporate privacy and potential
loss of competitiveness.
Direct compliance and administrative
costs (e.g. the cost of complying with
SOX is often cited as a reason why
companies may list on another stock
exchange rather than New York).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

2.2

Session 8 Governance: Reporting and Disclosure

Voluntary

Voluntary disclosure is any disclosure above the mandated and

regulated minimum. Such disclosures are usually narrative


rather than numerical in nature.
The amount of disclosure is influenced by culture, social,
economic and behavioural factors which are specific to each
company, its directors and country.
Organisations have been increasingly willing to use voluntary
disclosure as a method to become good corporate citizens and
maintain the "social contract" with their communities.*
The Global Reporting Initiative, for example, recommends
extensive voluntary disclosures (see Session 20).

Illustration 4 Climate Risk


Disclosure
A group of leading institutional investors from around the world
released the Global Framework for Climate Risk Disclosurea
statement on disclosure which investors expect from companiesin
October 2006.
Investors require this information in order to analyse a company's
business risks and opportunities resulting from climate change,
as well as the company's efforts to address those risks and
opportunities.
The Framework encourages standardised climate risk disclosure to
make it easy for companies to provide and for investors to analyse
and compare companies.
The Framework consists of four elements of disclosure:
1. Total historical, current and projected greenhouse gas emissions.
2. Strategic analysis of climate risk and emissions management.
3. Assessment of physical risks of climate change.
4. Analysis of risk related to the regulation of greenhouse gas
emissions.
www.calstrs.com/INVESTMENTS/GlobalFramework_Climate.pdf

*This may include


public reporting,
openness to input,
access points for
complaints about
services or behaviour
of employees. It
also may include
the concept of an
ombudsman to
address community or
employee issues.

Managers generally have an information asymmetry versus

owners. Voluntary disclosure results when managers, who


have been delegated leadership functions, act in the best
interests of shareholders and the firm by sharing information.*

*Companies do not have to wait for the publication of financial


reports to disclose voluntary information. This can be done at any
time, through any mediathe obvious choice being the company's
website. Most listed companies have dedicated websites for
investors and other stakeholders.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

8-5

Session 8 Governance: Reporting and Disclosure

2.2.1

P1 Governance, Risk and Ethics

Advantages of Voluntary Disclosure

Example 1 Voluntary Disclosure


Advantages
Suggest SIX advantages to a company for making voluntary disclosures.

Solution
1.
2.
3.
4.
5.
6.

2.2.2

Disadvantages of Voluntary Disclosure

Increased costs in collecting and reporting information (which


will hopefully be outweighed by the increased opportunities).
Disclosure of specific information to competitors.*
The information provided may be considered as "green wash"
or "green spin" (i.e. disclosing as much as possible to appear
to be "green").
A natural approach to raise the good news, but bury
(downplay or ignore) the bad news and therefore not present
a balanced view.
As most of the data will be qualitative, it may be difficult to
apply quantitative analysis from year to year and between
companies.
Each company may have its own interpretation of the jargon
(terminology) used in disseminating information (which makes
comparability more difficult).*
There is, as yet, no mandatory requirement to audit (assure)
voluntary disclosures, although many companies will have an
independent audit carried out to provide creditability and to
underpin market confidence in the company.*

*Many organisations provide assurance on their social and


environmental reports from their auditors or a specialist organisation
(see Session 20).
An example of an assurance statement can be found in BP's
Sustainability Report 2011 at www.bp.com.

8-6

*However, this may


bring a competitive
advantage if it better
positions the company
with its customers.

*Global Reporting
Initiative (GRI)
guidelines recognise
this difficulty and
therefore aim to
promote comparability.
Remember that CSR,
sustainability and
integrated reporting
are relatively new
"technologies" and
so will be refined as
"bugs" are removed
from future releases.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

2.3

Session 8 Governance: Reporting and Disclosure

Principles-Based Approach

Under the UK's Corporate Governance Code, the company

must explain the reason why it did not comply with a reporting
issue (i.e. "comply or explain").*

Shareholder Meetings

3.1

Annual General Meeting

An AGM is a gathering of the directors and shareholders of a

company (as required by law) to be held each calendar year.


In the UK, firms must provide written notice of the AGM date
to shareholders at least 21 days prior to the meeting date and
not more than 15 months can elapse between AGMs.
The main purposes of an AGM are usually to:
comply with necessary legal requirements;
present and approve the audited financial statements;
reappoint new directors and those retired by rotation;
reappoint auditors or approve new auditors;
vote on directors' remuneration (in some jurisdictions this
may be a non-binding vote)
approve auditor's remuneration;
approve final dividends;
discuss issues raised by the shareholders from the floor; and
discuss and vote on issues raised by shareholders through
pre-submitted resolutions.

*Specific disclosure
requirements under
the Code are referred
to throughout this
Study System. A
complete summary
of the disclosures can
be found in Schedule
C of the Code, along
with other disclosure
requirements on
governance as required
by the London Stock
Exchange Listing Rules.

Illustration 5 UK Corporate Governance


Code AGM Requirements
The board should use the AGM to communicate with investors and to
encourage their participation.
At any general meeting, the company should propose a separate resolution on
each substantially separate issue, and should in particular propose a resolution
at the AGM relating to the report and accounts.
The chairman should arrange for the chairmen of the audit, remuneration and
nomination committees to be available to answer questions at the AGM and for
all directors to attend.
The company should arrange for the Notice of the AGM and related papers to
be sent to shareholders at least 20 working days before the meeting.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

8-7

Session 8 Governance: Reporting and Disclosure

P1 Governance, Risk and Ethics

Illustration 6 Allied Irish Bank, AGM


Notice on Investors Relations webpage:
ANNUAL GENERAL MEETING (AGM), 2011
Date/Time: Tuesday, 26 July, 2011 at 12.00 noon (or 20 minutes after
the conclusion of the Extraordinary General Meeting of the Company to be
convened for 10.00 a.m. on the same day and at the same location, whichever
is later).
Venue: Bankcentre, Ballsbridge, Dublin 4
Executive Chairman's Letter to Shareholders containing the Notice of

the 2011 Annual General Meeting and setting out the business to be
conducted at the AGM.

Form of Proxy, AGM 2011


Annual Financial Report, 2010.
Interactive Annual Financial Report, 2010.
Shareholders Report, 2010.

1.
2.
3.
4.

To receive the Annual Financial Report for the year ended 31 December 2010.
To re-appoint the following Directors.
To authorise the Directors to determine the remuneration of the Auditor.
The Directors have received notice from a shareholder of her intention to
propose a resolution that Mr Niall Murphy be appointed a Director of the
Company.
Extract showing AGM business:
All shareholders are invited to attend the AGM and to participate in the
proceedings. Shareholders are invited to submit written questions in advance
of the AGM, to which the Chairman responds in writing following the meeting.
At the AGM, it is practice to give a brief update on the Group's trading
performance and developments of interest for the year to date. Separate
resolutions are proposed on each separate issue.
The proportion of proxy votes lodged for, against, and withheld relating to
each resolution is indicated; this shows what the voting position would be if all
votes cast, including votes cast by shareholders not in attendance, were taken
into account.
The Chairmen of the Board's Committees are available to answer questions
about the Committees' activities. It is usual for all Directors to attend the
AGM and to be available to meet shareholders before and after the Meeting.
A Help Desk facility is available to shareholders attending.

8-8

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

3.2

Session 8 Governance: Reporting and Disclosure

General Meeting

A general meeting may be called and held at any time for

shareholders to vote on resolutions which, because of their


nature and timing, cannot wait to be dealt with at an AGM.*

Illustration 7 Allied Irish


Bank, EGM
EMERGENCY GENERAL MEETING, 2011
An Extraordinary General Meeting of Allied Irish Banks, plc
(the "Company") will be held at 10.00 a.m. on 26 July 2011 at
Bankcentre, Ballsbridge, Dublin 4 to consider and, if thought fit,
pass the following Resolutions, of which Resolutions 1, 2, 3 and 5
will be proposed as ordinary resolutions and Resolutions 4, 6 and 7
will be proposed as special resolutions. The Resolutions are interconditional and all of them must be passed to enable the Proposals
(as such term is defined in the Circular dated 1 July 2011 of which
this Notice forms part [the "Circular"]) to proceed.
Proposed Placing of 5 billion of Ordinary Shares with the NPRFC
Proposed Issue of up to 1.6 billion of Contingent Capital Notes
to the Minister for Finance
Proposed Renominalisation of Ordinary Shares
Proposed Amendments to the Articles of Association
Proposed Reduction of Capital Redemption Reserve and Share
Premium

*The UK Companies
Act 2006 now refers to
all meetings other than
the AGM as a "general
meeting". Although
the previous term
"extraordinary general
meeting" (EGM) has
been removed from
statute it is still widely
referred to.

General meeting may be called by:

the directors to obtain the shareholders' mandate for a


particular action (e.g. acquisitions, takeover approaches,
share issues);* or
by a quorum of shareholders to discuss and vote on
pertinent matters (e.g. immediate removal of the CEO,
chairman or other directors, or fraud, regulatory or other
issues that undermine shareholder value and confidence in
the board).*

*In the above illustration, the EGM was held on the same day as
the AGM as it was convenient to do so. But even though held on
the same day, they were not combined as one meeting. Both have
separate legal purpose, procedures, requirements and content.
The full (extensive) detail including explanations of proxy votes can
be found on the AIB Investor Relations webpage
(see www.aibgroup.com).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

8-9

Session 8 Governance: Reporting and Disclosure

3.3

Proxy Voting

3.3.1

Concept

P1 Governance, Risk and Ethics

A member of a company, who has the right to attend and vote

at a meeting of the company, has a statutory right to appoint


an agent ("proxy") to attend and vote for him.
Any shareholder who cannot attend can still vote.
Standard procedure is for a postal proxy to be appointed
(usually a director) who records the votes indicated by the
shareholder (for, against or at the discretion of the director).
Many companies now allow voting by electronic means (e.g.
through a specific website with password protected access).*

3.3.2

Requirements of the Code

At any general meeting, the company should propose a

separate resolution on each substantially separate issue, and


should in particular propose a resolution at the AGM relating to
the report and accounts.
For each resolution, proxy appointment forms should provide
shareholders with the option to vote either for or against the
resolution or to abstain (i.e. withhold their vote).

*See the AGM/EGM


notices on AIB's
Investor Relations
webpages for
significant detail on the
use of proxy votes.

The proxy form and any announcement of the results of a vote

should make it clear that a "vote withheld" is not a vote in law


and will not be counted in the calculation of the proportion of
the votes for and against the resolution.
The company should ensure that all valid proxy appointments
received for general meetings are properly recorded and
counted.*
For each resolution, after a vote has been taken, except where
taken on a show of hands, the company should ensure that
the following information is given at the meeting and made
available as soon as reasonably practicable on a website
(maintained by or on behalf of the company):
the number of shares for which proxy appointments have
been validly made;
the number of votes for the resolution;
the number of votes against the resolution; and
the number of shares in respect of which the vote was
directed to be withheld.

8-10

*Under UK law, if a
resolution is by a show
of hands, proxy votes
cannot be counted.
Only if a poll is called
can proxy votes count.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

3.4

Myners Report, 2004

3.4.1

Background

Session 8 Governance: Reporting and Disclosure

The reportA review of the impediments to voting UK

shares 2004aimed to address concerns about problems


in administering proxy votes and the lack of interest of the
beneficial owners, in particular institutional shareholders.
The review was undertaken following persistent concerns that
the system for proxy voting had not been as effective and
efficient as it should be. Votes were being "lost" because they
need to pass along a complex chain.
The report outlines a comprehensive action programme to
remove obstacles to casting votes by institutional investors at UK
company meetings. It details a series of actions required from:
beneficial owners of shares;
companies or issuers;
company registrars;
investment managers;
custodians; and
proxy voting agencies.

Illustration 8 Proxy Voting


"There has been continuing concern that the system for registering
proxy votes at company meetings is not as efficient as it should
be. Complications arise from the number of different participants
involved and the confusing lines of responsibility. There is no
single simple solution, no silver bullet to the problem of 'lost
votes'. However, significant improvements can be achieved through
concerted action by all interested parties. There is nothing inherently
flawed in the pipe work that carried votes from the investor to the
issuer. What has previously been lacking is a commitment on the
part of participants to make it work effectively."
Paul Myners

2014 DeVry/Becker Educational Development Corp. All rights reserved.

8-11

Session 8 Governance: Reporting and Disclosure

3.4.2

P1 Governance, Risk and Ethics

Recommendations

Beneficial owners should:


require their agents (custodians, investment managers,
etc) to have an electronic voting capability as part of their
standard service conditions;
determine a voting policy with their agents and ensure that
it is carried out; and
consider requiring their shares to be registered in a nominee
company with designation in their own name or some other
unique designation, rather than in an undesignated omnibus
nominee account.
Where shares have been lent (e.g. used as collateral or in a
complex hedging transaction), the current holder should not
be able to use them for voting. Only the owner (e.g. those
who through substance over form control the share) should be
able to exercise the vote.
Investment managers (e.g. of pension funds) should actively
exercise the votes in shares they hold or manage and have
a stated, public and regularly reviewed policy on voting (UK
Stewardship Code).
At general meetings:
On voting resolutions, best practice should be to call a
poll (rather than a show of hands) on all resolutions at
company meetings.
Quoted companies should disclose on their websites
and in summary in annual reports the results of polls at
general meetings.
Votes consciously withheld can be a useful tool in
communicating shareholders' reservations about a resolution,
provided there is a clear explanation to the company as to
why the vote has been withheld. Companies should provide a
"vote withheld" box on all proxy forms.
Independent scrutiny of polls should be allowed if requested
by shareholders.

Illustration 9 Speedhire plc


It is the policy of the Company to propose a separate resolution at its AGM on each
substantially separate issue and there will be a resolution to receive the Annual
Report and Accounts for 2010.
For each resolution proxy appointment forms provide shareholders with the option
to direct their proxy to vote either for or against the resolution or to withhold their
vote. The proxy form makes it clear that a "vote withheld" is not a vote in law and
will not be counted in the calculation of the proportion of the votes for and against
the resolution.
It is the policy of the Company to ensure all valid proxy appointments received are
properly recorded and counted.
It is the policy of the Company to ensure that for each resolution, after a vote has
been taken, unless a poll is taken, to give at the meeting and then make available
on its website details of the number of (i) shares in respect of which proxy
appointments have been made; (ii) votes for and against the resolution; and (iii)
shares regarding which votes were withheld.
The Chairmen of the Audit, Remuneration and Nomination Committees will be
available to answer questions at the 2010 AGM and all Directors will attend.
The Notice of Meeting for the 2010 AGM was sent to shareholders at least 20
working days before the meeting.

8-12

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 8
Summary

Good corporate governance relies upon a strong disclosure regime as a method of marketbased monitoring that allows effective shareholder rights exercise. These can be:

mandatory in law or through regulation; or


voluntary (i.e. disclosing additional information not required by law or regulation).

The AGM is the general meeting of shareholders which meets the legal requirement for
companies to communicate with investors. The agenda typically includes the appointment
of directors and auditors and consideration of their reports, approval of the accounts and
the declaration of dividends.

Other general meetings may be called by:

the directors (e.g. to obtain shareholders' approval for a share issue); or


a quorum of shareholders (e.g. on matters of concern about directors actions
or inactions).

Directors may vote for shareholders who cannot attend a general meeting through the use
of the shareholder's proxy to vote.

Session 8 Quiz
Estimated time: 10 minutes
1.

Give FIVE examples of types of disclosures made by companies. (1.1)

2.

Give THREE examples of mandatory disclosures in financial statements. (2.1)

3.

Give FIVE examples of matters that may be decided upon by an AGM. (3.1)

4.

State who can call a general meeting. (3.2)

5.

Explain the concept of "proxy voting". (3.3.1)

2014 DeVry/Becker Educational Development Corp. All rights reserved.

8-13

EXAMPLE SOLUTION
Solution 1Voluntary DisclosureAdvantages
Reduces the information asymmetry between managers
and owners.
Increases a company's credibility in the eyes of many
stakeholders.
Underpins the confidence of the market in the company.
Provides a fuller picture of the state of the company.
Increases the number of potential investors by enabling
them to match the company against their social, ecological,
sustainability, risk, ethical and strategic benchmarks.
Encourages a more forward-looking perspective as the
financial reporting data is often historical.
Adds to transparency.
Enables qualitative data (e.g. strategy, ethical content,
social reporting, business expectations) to be presented to
stakeholders.
Enables directors to respond to specific stakeholder concerns
as they arise.
Opens additional opportunities to capital (e.g. from
"green" investors).
Improves relationship with stakeholders.
Reduces the risk of political intervention in the market.

8-14

2014 DeVry/Becker Educational Development Corp. All rights reserved.

NOTES

2014 DeVry/Becker Educational Development Corp. All rights reserved.

8-15

Session 9

Management Control Systems

FOCUS
This session covers the following content from the ACCA Study Guide.
B. Internal Control and Review
1. Management control systems in corporate governance
a) Define and explain internal management control.
b) Explain and explore the importance of internal control and risk
management in corporate governance.
c) Describe the objectives of internal control systems.
d) Identify, explain and evaluate the corporate governance and executive
management roles in risk management (in particular the separation
between responsibility for ensuring that adequate risk management
systems are in place and the application of risk management systems and
practices in the organisation).
e) Identify and assess the importance of the elements or components of
internal control systems.
2. Internal control, audit and compliance in corporate governance
e) Explore and evaluate the effectiveness of internal control systems.
3. Internal control and reporting
c) Explain and assess how internal controls underpin and provide information
for accurate financial reporting.
4. Management information in audit and internal control
a) Explain and assess the need for adequate information flows to
management for the purposes of the management of internal control and
risk.
b) Evaluate the qualities and characteristics of information required in internal
control and risk management and monitoring.

Session 9 Guidance
Note that much of this will be familiar from your F8 studies (s.1, s.2).
Recognise and be able to differentiate the CoCo framework (s.3).

(continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To discuss the need for effective management control systems in entities.

INTERNAL CONTROL
MANAGEMENT

Terminology
Elements
Importance
Risk Management
Frameworks

COSO

CoCo

Overview
The Control
Environment
Risk Assessment
Procedures
Information and
Communication
Control Activities
Monitoring Controls

Criteria
Controls

ASSESSING CONTROL
EFFECTIVENESS
Overview
Board Questionnaire

Session 9 Guidance
Understand the process of assessing control effectiveness (s.4), especially the information
recommended in the board questionnaire (s.4.2).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

9-1

Session 9 Management Control Systems

P1 Governance, Risk and Ethics

Internal Management Control

1.1

Terminology

Internal management controls: controls implemented by


directors over the actions taken by all employees (including
directors) to increase the probability that established objectives
and goals will be achieved. Appropriate internal controls therefore
provide assurance (but not absolute assurance) to management
that their plans, organising and direction will be as intended.
Control arises through:

< effective and coherent business planning;


< suitable organisational structure; and
< clear management direction.
Internal control: a process, effected by an entitys board of
directors, management and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives
relating to operations, reporting, and compliance.
Internal ControlIntegrated Framework, COSO 2013

Focus and learn


those areas with
which you are not
familiar. Remember
P1 deals with the
much broader
concept of internal
control (not just
related to financial
statements) and its
importance within
risk management
(download the report
Implementing
Turnbull if you do
not already have it).

Internal control systems: the policies and procedures (internal


records) adopted by the directors and management of an entity to
succeed in their objective of ensuring, as far as practicable, the:

<
<
<
<
<
<

orderly and efficient conduct of the business;


adherence to internal policies;
safeguarding the assets of the business;
prevention and detection of fraud and error;
accuracy and completeness of business accounting records; and
timely preparation of financial information.
Auditing Practices Board of the (UK's)
Financial Reporting Council (FRC)

1.2

Elements

< According to the Turnbull Report (issued to provide

<

9-2

guidance to directors on the UK Corporate Governance Code


www.frc.org.uk), a "sound" control system encompasses the:
= policies;
= processes;
= tasks;
= behaviours and other aspects of a company
that when taken together
= facilitate its effective and efficient operation (by enabling it
to respond appropriately to significant business, operational,
financial, compliance and other risks to achieving the
company's objectives);
= help ensure the quality of internal and external reporting; and
= help ensure compliance with applicable laws and regulations
and internal policies with respect to the conduct of business.

Whenever the
examiner uses the
phrase "sound system
of internal control",
think "Turnbull".

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 9 Management Control Systems

< To achieve its objectives, it is critical that the system of

control should:
be embedded in the operations of the company and form
part of its culture;
= be capable of responding quickly to evolving risks to the
business arising from factors within the company and to
changes in the business environment; and
= include procedures for reporting immediately, to appropriate
levels of management, any significant control failings or
weaknesses that are identified together with details of
corrective action being undertaken.
=

Example 1 Sound Control Systems


Suggest FIVE reasons why a system of control may not be as "sound"
as intended.

When something
has gone wrong in
a scenario, it will
usually be due to
a breakdown in
controls. Remember
that for strategic
decisions, controls
will often be based
on subjective
judgement; poor
judgement (at any
level) will be a control
weakness.

Solution
1.
2.
3.
4.
5.

1.3

Importance

A sound system of internal control:

< enables management to identify, track and control known and


<
<
<
<
<
<
<

emerging risks;
helps to manage and embed quality and risk awareness
throughout the firm;
provides reliable management information on internal
operations and compliance with laws and regulations;
identifies and enables appropriate action to be taken on
underperforming internal operations;
reduces management time spent in "firefighting";
places focus internally on doing the right things properly;
provides the necessary reliable information for internal
and external reporting, not only for the legal and GAAP
requirements but also for CSR; and
underpins investor confidence, which potentially achieves a
lower cost of capital and higher relative share prices over the
longer term.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

A sound system
of internal control
contributes to
safeguarding the
shareholders'
investment and the
companys assets.

9-3

Session 9 Management Control Systems

1.4

P1 Governance, Risk and Ethics

Risk Management

< A company's system of internal control has a key role in the

<

<

management of risks which are significant to the fulfilment of


its business objectives. The Turnbull Report stresses the links
between internal control and risk.
Turnbull suggests that in determining internal control policies
and what constitutes a sound system of internal control, an
entity should consider:
= the nature and extent of the risks facing the company;
= the extent and categories of risk which it regards as
acceptable for the entity to bear;
= the likelihood of the risks materialising;
= its ability to reduce the incidence and impact of business
risks that do materialise;
= the costs of operating particular controls relative to the
benefit thereby obtained in managing the related risks.
Directors and management should identify and evaluate the
risks faced by the entity (for consideration by the board) and
design, operate and monitor a suitable system of internal
control which implements the policies adopted by the board.

Remember that the


examiner expects
professional and
commercially
relevant answers.
Suggesting controls
that have little or
no cost benefit, are
impractical or show
little commercial
awareness, will not
obtain any marks.

< All employees have some responsibility for internal control as

<

<

part of their accountability for achieving their work related


to the entity's objectives. Collectively, they should have the
necessary knowledge, skills, information and authority to
establish, operate and monitor the system of internal control.*
Turnbull also emphasises that as entities operate in an open
and dynamic environment, the risks they face are continually
changing. Control systems must therefore be able to identify
changes in risk and the emergence of new risks and evolve to
manage them.
Risk and risk management (identifying, analysing, tracking
and managing) are detailed in later sessions.

1.5

Frameworks

*Employee
participation in
internal control will
require appropriate
understanding by
the employee of
the company, its
objectives, the
industries and its
markets and the
risks it faces.

< Internal control frameworks provide a systematic approach

<

<

9-4

for entities to establish and develop a firm-wide approach to


internal controls. They provide a way of understanding the
important elements of control and the relationships between
them.
Typically, they consist of two elements:
= The control environmentthe overall context of controls
within the entity. This covers the culture, infrastructure
and architecture of control plus the attitude, awareness and
actions of management.
= Control proceduresthe detailed controls established
and operated.
Widely used frameworks include:
= the Committee of Sponsoring Organisations (COSO) of the
Treadway Commission; and
= the Criteria of Control (CoCo) Framework of the Canadian
Institute of Chartered Accountants (CICA).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

COSO Framework

n
at
io
ic

Activities

io
at
m

r
fo

Monitoring

In

ENTITY LEVEL

FUNCTION

PL

CO

OPERATING UNIT

RE

ol Env
ironm
ent
Risk A
ssess
ment
Contr
ol Act
ivities
Inform
ation
& Com
munic
Monit
ation
oring
Activi
ties

2.1

CE

N
IA

PO

m
m
un

RT

DIVISION

Contr

IN

PE

I
AT

Co

Session 9 Management Control Systems

Risk
Assessment
Environment

Overview

The five inter-related components of the COSO framework,


derived from the way management runs a business and integrated
in the management process, are depicted here:*

*Internal control, being a business process, implies a means to an


end, not an end in itself. As with all other business processes it is
pervasive and inherent in the way the business is run and managed
(planning, executing and monitoring).
Internal control is not just about policy manuals, forms and
rules, but people at every level of the entity being geared
the
<-toOriginal
object - Do not use
achievement of objectives in one or more separate but overlapping
categories (e.g. operations, financial reporting and compliance).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

9-5

Session 9 Management Control Systems

2.2

P1 Governance, Risk and Ethics

The Control Environment

< The control environment sets the tone of an organisation,

<

9-6

influencing the control consciousness of its management and


employees. It is the foundation for effective internal control,
providing discipline and structure.
It strongly relates to how management (and governance)
has created a culture of honesty and ethical behaviour,
supported by appropriate controls to prevent and detect
fraud and error, through:
= Communication and enforcement of integrity and
ethical values.*
= "Tone at the top" (i.e. following management's example).
Also called "tone from the top" or "cascade effect" this
means that management's attitude permeates down
through the organisation.
= Commitment to competence (e.g. only those with the
appropriate knowledge and skills are considered for a
position; using job descriptions and competence analysis).
= Participation by those charged with governance (e.g. the
board and audit committee):
independent from the entity and management;
experienced and prepared to be a sounding board for
management;
prepared to work with, but stand up to, management;
demanding and challenging of management decisions;
access to documents and information as required;
effective interaction with internal and external auditors; and
operation of "whistle-blower" procedures, independent of
management.
= Management's philosophy and operating style (including
approach to risk management and application of accounting
policies).
= Organisational structure (e.g. open and transparent or
closed and opaque; appropriate to carry out strategies to
achieve objectives).
= Assignment of authority and responsibility (e.g. clearly
defined and understood by those delegating and receiving;
recognition by individuals that they will be held accountable
for their actions).
= Human resource policies and practices to attract, develop,
and retain competent individuals in alignment with
objectives (e.g. commitment to best practice in recruitment,
training, appraisal, counselling, progression, compensation
and remedial actions).

*The effectiveness of
internal control cannot
rise above the integrity
and ethical values of
the people who create,
administer and monitor
the controls.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 9 Management Control Systems

< A strong control environment may be a positive influence

when assessing, for example, the risk of fraud. However, the


elements must be considered collectively (e.g. enforcement of
ethical values together with appropriate recruitment policies
for financial reporting staff will not mitigate aggressive
earnings reporting by senior management).*

*Not only should the board be concerned with the entity's internal
control, but the board should also consider the internal controls
operated by autonomous operating divisions, foreign and domestic
subsidiaries, major suppliers and customers. Many organisations
now extend their control environment factors to other connected
parties (e.g. through supply agreements). This aspect is considered
further in Sessions 1214 (e.g. an entity's reputation risk can be
damaged because of the use of child labour and poor employment
practices operated by a foreign supplier).

2.3

Risk Assessment Procedures

< Risk assessment procedures are how the entity's management:


identifies relevant risks to the achievement of objectives; and
forms the basis for determining how the risks should be
managed.
This is an ongoing and iterative process and is a crucial
component of an effective internal control system.
Objective setting is a key starting point which enables
management to identify measurable criteria for performance
with a focus on critical success factors (i.e. "where things must
go right") and thus identify what can stop "things going right".
The risk of fraud is a significant risk and must always be
assessed and appropriate controls implemented.
As businesses operate in open and dynamic environments,
entities must identify and assess changes that could
significantly affect the system of control.
The entity's objectives can be broadly categorised into three
areas (but in many cases specific objectives will often overlap
between categories):
1. Operationseffectiveness and efficiency including
performance and profitability goals and safeguarding
resources against loss.

=
=

<

<
<
<

2. Financial reportingthe preparation of reliable published


financial statements.
3. Complianceadherence to applicable laws and regulations
that are often a mix of generic and specific matters.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

9-7

Session 9 Management Control Systems

2.3.1

P1 Governance, Risk and Ethics

Operational Objectives

< These are not extensively based on external standards but are

affected by external events, many of which are not within the


control of the entity. Controls should therefore aim to develop
consistency of objective setting, identifying key success
factors and timely reporting of performance and expectations.
Through appropriate controls and risk assessment,
management must have reasonable assurance of knowing when
operational objectives are in danger of not being achieved.

<

2.3.2

Financial Reporting and Compliance Objectives

< These are generally based on external standards established

independently of the entity and therefore mostly lie within the


entity's control (i.e. it is relatively easy to identify and manage
the associated risk).

Example 2 Business Risks


Risks relevant to financial reporting include external and internal
events and circumstances which may occur and adversely affect an
entity's ability to initiate, record, process and report financial data.
Required:
Suggest FIVE business risks which may affect the production
of financial statements.
Solution
1.
2.
3.
4.
5.

2.4

Information and Communication

2.4.1

Information

< Information is at the core of enabling managers to run a

business and move towards the achievement of objectives.

< Relevant data (internal, external, financial and non-financial)


must be identified, captured, processed (into information)
and communicated (by information systems) in a form and
timeframe which enables managers and other staff to fulfil
their responsibilities.

< Information systems consist of:


=
=
=
=
=

9-8

physical and hardware (if IT-based) infrastructure;


software (if IT-based);
people;
procedures; and
data.
2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 9 Management Control Systems

< Typically, systems will:


= initiate

(e.g. start the process manually or by programmed


procedures);
= record (e.g. identify, capture and record information on a
timely basis);
= process (e.g. edit, validate, calculate, summarise, reconcile
and classify); and
= report (e.g. prepare reports so that transactions, disclosures
and other information are correctly presented).
< The data used in information systems may be:
= formal (e.g. despatch and sales data in an accounting
system); or
= informal (e.g. conversations with customers, suppliers,
regulators, employees, other professionals).
< Data may be obtained through many means (e.g. Webbased searches, data mining, questionnaires, interviews,
market surveys, focus groups, other internal/external
information systems).

< The quality of the information delivered to the recipient must

enable the correct decision to be made in managing and


controlling the entity's activities. Such information must
therefore be:
= Appropriate/relevantfor the user to be informed (not
distracted) and reach a decision;
= Timelymeasured at the appropriate time (e.g. month end
reports actually represent "month end");
= Currentup-to-date;
= Completemissing information will result in an
inappropriate decision or delay the decision until the
information is complete;
= Concisetoo much information (cannot "see the wood for
the trees") may mislead the user;
= Accuratewithin the requirements of the user and free
from error; and
= Accessibleeasy to obtain and review at any time, in the
required format.
< Transactions may be standard (i.e. in the normal course of
business) or non-standard (e.g. asset impairment, related party
transactions, suspicion of illegal activities). How the information
systems deal with both standard and non-standard transactions
must be understood (e.g. to raise exception reports).

< The information systems must also be able to deal with errors

and incorrect processing (e.g. is a suspense account used and


regularly checked and cleared; is it possible to override the
system or bypass controls; if so, how does the management
deal with this?).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

9-9

Session 9 Management Control Systems

2.4.2

P1 Governance, Risk and Ethics

Communication

< This is not just about written procedures manuals, reports,

<

<
<

<

<

memos, etc. It also refers to oral (e.g. instructions,


discussions, meetings, informal chats); visual (e.g. the
observation of activities, instruments, changes); the use of
body language (e.g. facial expressions); and actions (e.g.
disciplinary procedures taken for a breach in ethical rules).
It is also a two-way processan activity may be delegated
to a subordinate, but the manager must ensure that the
subordinate fully understands what to do, why it is necessary
and how it fits into the "bigger picture". The subordinate must
have the confidence (e.g. through the corporate culture) to
discuss with the manager any aspects they do not understand
and ask for clarification.
Effective communication not only will be downwards, but also
upwards, sideways, internal, external, inwards, outwards to
and between all stakeholders.
Management must be able to demonstrate understanding of
the individual roles and responsibilities of those within the
information and control systems and how they interrelate.
Management must also clearly communicate to employees
and other stakeholders the importance placed on the effective
operation of internal control.
Individuals in the system must understand their roles and
responsibilities and how they relate to others within the
system. This information must be clearly communicated to
them, not only through procedures manuals but, for example,
through training, supervision, meetings, publications, websites
and the actions of others. Management action (or inaction) is
a very powerful form of communication.
The means of communicating exceptions to a higher authority
must be clear and unambiguous. This includes reporting
channels to management, those charged with governance
(e.g. the audit committee, whistle-blowing) and, if necessary,
to an external authority (e.g. regulators).

2.5

Control Activities

< The policies and procedures which help ensure management

directives are carried out (e.g. actions are taken to address


risks which threaten achievement of the entity's objectives).
They are applied to systems to ensure that risks are reduced to
acceptable levels and objectives are achieved.

< They have various objectives and are applied at various

<

organisational and functional levels. Common control


activities include:
= Approval;
= Authorisation;
= Verification;
= Reconciliation;
= Review;
= Security of assets; and
= Segregation of duties.
More than one control activity may be necessary to achieve a
given control objective.

9-10

A mnemonic for
remembering
control procedures is
SOAPMAPS:
Segregation of duties
Organisation
Authorisation and
approval
Physical
Management
Arithmetic and
accounting
Personnel
Supervision

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 9 Management Control Systems

Example 3 Financial Control System


State the control objectives and list control activities for a typical
financial reporting system.

Solution
Control objectives:

Control activities:

< There are many and varied classifications of controls, the most
common being:
Corporate, management, process and transaction controls;
= Administration and accounting controls;
= Preventive, detective and corrective controls;
= Discretionary and non-discretionary controls;
= Voluntary and mandated controls;
= Financial and non-financial controls; and
= Manual and automated controls.
Automated controls can be further sub-classified as:
= general controls (e.g. operations, software, access,
development and maintenance); and
= application controls (e.g. regarding completeness, accuracy,
authorisation, validity of processing data).
=

<

2.6

Monitoring Controls

< Without monitoring control systems and feedback on the


<

<

performance of controls, management will have no assurance


whether a control, while still operating, is actually effective.
Monitoring is therefore a process to assess the effectiveness of
internal control performance over time. It involves:*
= understanding the business objective which the controls
relate to;
= assessing the risks to the objectives which the controls
monitor;
= assessing the design and operation of controls on a
timely basis;
= assessing the effectiveness of the controls; and
= taking necessary corrective actions for changes in conditions
and emerging risks.
As the business environment changes and evolves, so must
the related controls used. This not only applies to the entity
itself, but also to third parties directly connected to the entity
(e.g. providers of outsourced services).

< Ongoing monitoring activities are often built into normal

recurring activities (e.g. embedded IS audit procedures) and


include regular management and supervision.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*Failures in control
systems must be
reported to (and
acted upon) by those
responsible for taking
corrective action.
This includes senior
management and the
board of directors.
Part of the role of the
audit committee is to
ensure that the board
does take appropriate
action. This is also a
control.

9-11

Session 9 Management Control Systems

P1 Governance, Risk and Ethics

Illustration 1 COSO Guidance on Monitoring


Internal Control 2009
ESTABLISH A FOUNDATION
Tone at the top
Organisational structure
Baseline understanding of internal control
effectiveness

DESIGN & EXECUTE

Prioritise risks
Identify controls
Identify persuasive information about controls
Implement monitoring procedures

ASSESS & REPORT


Prioritise findings
Report results to the appropriate level
Follow up on corrective action

Supported Conclusions Regarding Control Effectiveness


Establishing a Foundation for monitoring, including:
= A tone at the top that stresses the importance of monitoring;
= An effective organisational structure that considers the roles of management and

the board in regard to monitoring, and places people with appropriate capabilities,
objectivity, authority and resources in monitoring roles; and

= A baseline understanding of internal control effectiveness.


Design and Execute monitoring procedures which:
= Evaluate controls in areas of meaningful risk;
= Select appropriate controls for evaluation from across any or all of the five

components;

= Identify information that will be persuasive in supporting conclusions about control

effectiveness; and

= Evaluate that information through a mix of ongoing monitoring and separate

evaluations.
Assess and Report results in order to:
= Prioritise findings;

= Provide support at the appropriate organisational level for conclusions regarding the

effectiveness of internal control; and

= Facilitate prompt corrective actions and follow-up where necessary.

< The COSO approach to monitoring is linked directly to the risk


assessment and the management process, as shown in the
following illustration.*

*In other words, controls over high-risk areas are closely monitored.
Sessions 12, 13 and 14 deal with risk.

9-12

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 9 Management Control Systems

Illustration 2 COSO Monitoring Design and


Implementation Progression

IMPLEMENT
MONITORING

Develop and
implement cost-effective
procedures to evaluate that
persuasive information

PRIORITISE
RISKS

Understand
and prioritise risks to
organisational objectives

IDENTIFY
INFORMATION

Identify information
that will persuasively indicate
whether the internal control
system is operating effectively

IDENTIFY
CONTROLS

Identify key controls


across the internal control
system that address those
prioritised risks

= Understand and prioritise risks to organisational objectives.


= Identify key controls across the internal control systems which address those

prioritised risks.

= Identify information which will persuasively indicate whether the internal control

system is operating effectively.

= Develop and implement cost-effective procedures to evaluate that persuasive

information.

2.6.1

Examples of Monitoring Activities

< Checking that activities (e.g. closing and "arming" of aircraft


<
<

doors) are carried out.


Producing reports on a timely basis and action taken thereon
(e.g. follow up on exception reports).
External party corroborating internally generated information
(e.g. customers paying amounts as stated on their statements
or querying invoices raised).

< External regulators reporting on aspects of the internal


<
<
<
<

controls relating to regulations (e.g. financial services,


environmental services).
Physical to book reconciliations (e.g. perpetual inventory
systems).
Internal audit evaluation of the effectiveness of internal
control and business risk procedures.
Feedback from employees (e.g. mechanical failures of key
equipment).
Segregation of duties (e.g. as earlier processes are checked
by the next operator).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

9-13

Session 9 Management Control Systems

P1 Governance, Risk and Ethics

< External audit management letters and reports (e.g. not only
<

on financial controls but also on business risk controls).


Business activity and management accounts discussed at
monthly board meetings and challenged by non-executive
directors and those charged with governance (e.g. challenging
why key information for liquidity ratios in a bank are always
three weeks old).

CoCo Framework

Developed by the CICA, the Criteria of Control (CoCo) framework


consists of:

< a definition of control (similar to that of COSO);


< the criteria of control; and
< the grouping of control criteria.

3.1

Criteria

ACTION

< Purposedeals with the organisation's direction.


=
=
=

=
=

9-14

Objectives should be established and communicated.


Significant internal and external risks faced in achieving
objectives should be identified and assessed.
Policies designed to support the achievement of objectives
and risk management should be communicated and
practised so people understand what is expected of them
and their freedom to act.
Plans to guide efforts to achieve objectives should be
established and communicated.
Objectives and related plans should include measurable
performance targets and indicators.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 9 Management Control Systems

< Commitmentdeals with the organisation's identity and values.


= Shared

ethical values, including integrity, should be


established, communicated and practised throughout the firm.
= Human resource policies/practices should be consistent with
ethical values and the achievement of objectives.
= Authority, responsibility and accountability should be clearly
defined and consistent with objectives so that decisions and
actions are taken by the appropriate people.
= An atmosphere of mutual trust should be fostered to
support the flow of information between people and their
effective performance towards achieving objectives.
< Capabilitydeals with the organisation's competences.
= People should have the necessary knowledge, attitudes,
skills and tools to support achievement of objectives.
= Communication processes should support the firm's values
and achievement of objectives.
= Sufficient and relevant information should be identified
and timely communicated so assigned responsibilities can
be performed.
= Decisions and actions of different parts of the firm should
be coordinated.
= Control activities should be designed as an integral part of
the firm, considering objectives, risks to their achievement
and relevance of control elements.
< Monitoring and learningdeals with the organisation's
evolution.
= External/internal environments should be monitored to
obtain information flagging a need to re-evaluate objectives
or controls.
= Performance should be monitored against the targets and
indicators identified in the objectives and plans.
= Assumptions behind objectives should be periodically
challenged.
= Information needs and information systems should be
reassessed as objectives change or as reporting deficiencies
are identified.
= Follow-up procedures should be established and performed
to ensure that appropriate change or action occurs.
= Management should periodically assess the effectiveness of
control and communicate results.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

9-15

Session 9 Management Control Systems

3.2

P1 Governance, Risk and Ethics

Controls

< The essence of control is to explicitly identify and assess risks

<

which affect people, assets and/or continuing operations and


treat these risks through "TARRA":*
= Transferinsurance, delegation;
= Avoideliminate involvement, change objectives;
= Reduce consequencesmitigate to reduce damages;
= Reduce likelihoodcontrol to reduce probability; and
= Accept/retaintake the risk without doing anything.
Controls can be of five basic types:
= Directivehigh-level direction from legislators, governance
bodies, senior management, standards organisations and
other accountable individuals and groups (e.g. legislation,
policy on risk management).
= Preventiveactivities, processes and procedures designed
to prevent or reduce the effect of errors, malice and other
undesirable events (e.g. user ID, password, segregation of
duties, application controls).
= Detectiveactivities, processes and procedures designed
to detect errors, malice and other undesirable events
(e.g. managerial review, periodic counting of assets, error
reports, computer logs and audit trails).
= Correctiveactivities, processes and procedures designed
to correct errors, malice and other undesirable events in a
timely manner (e.g. journal entries, training, discipline).
= Recoveryactivities, processes and procedures designed to
recover from errors, malice and other undesirable events in
a timely and effective manner (e.g. disaster recovery plans,
data backup).

Assessing Control Effectiveness

4.1

Overview

*TARRA is a key
element in risk control
and is explained
further in Session 14
Controlling Risk.

< Turnbull, COSO and CoCo all make very clear that effective
<

monitoring is an essential component of a sound system of


internal control.
Turnbull states that:
= The board cannot rely solely on any "embedded"
monitoring process.
= Regular reports on internal control must be received and
reviewed.
= An annual assessment must be undertaken for the purposes
of reporting on internal control in the annual report.
= The board must define the process to be adopted for the
reports and review.
= Reports from management to the board must provide a
balanced assessment of significant risks and effectiveness of
internal control systems in managing them.
= Any significant control failings or weaknesses identified
must be disclosed in assessment reports, including the
impact they have had, or may have, on the firm and the
actions being taken to rectify them.

9-16

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

4.2

Session 9 Management Control Systems

Board Questionnaire

< Both Turnbull and COSO contain extensive detail on how the
effectiveness of a control system can be assessed.*

< Overall three basic questions must be answered:


Have the firm's objectives relating to reliability of
managerial and financial reporting been achieved?
= Have the firm's operations been carried out effectively
and efficiently?
= Has the firm fully complied with applicable laws and
regulations?
Based on the Turnbull Report, questions should be asked by
the board relating to:
= risk assessment;
= control environment and activities;
= management information and communication; and
= monitoring.
=

<

4.2.1

Risk Assessment

< Does the company have clear objectives and have they been
<
<

communicated to provide effective direction to employees on


risk assessment and control issues?
Are the significant internal and external operational, financial,
compliance and other risks identified and assessed on an
ongoing basis?
Is there a clear understanding by management and others in
the company of which risks are acceptable to the board?

4.2.2

*It is essential to
ensure that any
contingency plans
will actually function
when needed. In
many cases, the
only way to find out
will be to initiate (or
simulate) events
which will lead to the
plan being activated
(e.g. setting off fire
alarms in a hotel to
test evacuation and
emergency services
procedures).

Control Environment and Control Activities

< Does the board have clear strategies for dealing with the
<
<
<

<
<

<

significant risks which have been identified? Is there a policy


on how to manage these risks?
Do the firm's culture, code of conduct, human resource
policies and performance reward systems support its business
objectives and risk management and internal control system?
Does senior management demonstrate, through its actions
as well as policies, the necessary commitment to competence
and integrity to foster a climate of trust in the firm?
Are authority, responsibility and accountability defined clearly
such that decisions are made and actions taken by the
appropriate people? Are decisions and actions of different
parts of the company appropriately coordinated?
Does the company communicate to its employees what is
expected of them and their freedom to act?
Do people in the company (and its providers of outsourced
services) have the knowledge, attitudes, skills and tools to
support the achievement of the company's objectives and to
effectively manage risks to their achievement?
How are processes/controls adjusted to reflect new or
changing risks, or operational deficiencies?

2014 DeVry/Becker Educational Development Corp. All rights reserved.

9-17

Session 9 Management Control Systems

4.2.3

P1 Governance, Risk and Ethics

Management Information and Communication

Example 4 Board Questions


Suggest FOUR questions that a board should be asking
concerning information and communication.
Solution
1.

2.

3.

4.

4.2.4

Monitoring

< Are there ongoing processes embedded in the company's overall

<
<
<

<

business operations and addressed by senior management


to monitor effective application of the policies, processes and
activities related to internal control and risk management?
Do these processes monitor the company's ability to reevaluate risks and adjust controls effectively in response to
changes in its objectives, business and external environment?
Are there effective follow-up procedures to ensure that
appropriate change or action occurs in response to changes in
risk and control assessments?
Is there appropriate communication to the board (or board
committees) on the effectiveness of the ongoing monitoring
processes on risk and control matters and of failures (and
action taken) in the systems?
Are there specific arrangements for management monitoring
and reporting to the board on risk and control matters of
particular importance?

9-18

The examiner is
unlikely to ask for a
specific "checklist"
approach but will
expect candidates to
be able to analyse
a scenario and
identify particular
weaknesses. The
"checklists" presented
could therefore be
used to identify
particular weaknesses
(or strengths).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 9
Summary
<

Internal control is the process designed and implemented by those charged with governance
and management to provide assurance about reporting, operational effectiveness and
efficiency, and legal and regulatory compliance. Internal controls safeguard company assets
on behalf of shareholders.

<

The Turnbull report further suggests that the system of internal controls should be able to
respond quickly to emerging risks and that statements of corrective action should be part of
the control process.

<

Employees should understand the board's tolerance for risk, company objectives and
operating environment in order to properly design internal controls.

<

The major frameworks for internal control consist of two elements; the control environment
and control procedures:

<

<

COSO framework

CoCo framework

Risk assessment;
Information systems;
Control activities; and

Purpose;
Commitment;
Capability; and
Monitoring and learning.

Control monitoring.

CoCo identifies
The essence of control through TARRA

The following types of control

Transfer;
Avoid;
Reduce consequences;
Reduce likelihood; and
Accept/retain.

Directive;
Preventive;
Detective;
Corrective; and
Recovery.

Turnbull, COSO and CoCo all recognise that organisations must regularly assess their
internal control effectiveness. The basic assessment areas include:

<

Control environment;

Reliability of managerial and nancial reporting;


Operational effectiveness and efciency; and
Legal and regulatory compliance.

Turnbull also suggests that the board ask questions related to the areas of risk assessment,
control environment, management information and monitoring.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

9-19

Session 9 Quiz
Estimated time: 10 minutes

1. Define "internal control". (1.1)


2. Explain the concept of a "sound system of internal control". (1.3)
3. List the FIVE elements of the COSO internal control framework. (2.1)
4. List SEVEN control activities. (2.5)
5. State the FOUR CoCo criteria and give examples of each. (3.1)

Study Question Bank


Estimated time: 50 minutes

Priority

Q12

Estimated Time

Bateleur Zoo Gardens

Completed

50 minutes

Additional

Q13

9-20

VCF

2014 DeVry/Becker Educational Development Corp. All rights reserved.

EXAMPLE SOLUTIONS
Solution 1Sound Control Systems*
1. Poor judgement in decision-making.
2. Human error.
3. Control processes being deliberately circumnavigated by employees.
4. Management overriding controls.
5. Occurrence of unforeseeable circumstances.

Solution 2Business Risks


1. Changes in regulatory or operating environment. Such changes
can, for example, result in changes in competitive pressures and
significantly different risks. Such risks have to be identified and their
impact quantified.
2. New personnel. Potential risk will depend on their seniority or the
position they hold in finance. New personnel may have a different focus
on understanding and applying internal control; they will need to learn
new processes and may attempt to change or ignore existing controls.
3. New or upgraded information systems. Significant and rapid
changes in information systems can change the risk relating to
internal control (e.g. previous controls may no longer be effective,
new controls are not enacted). The change process in itself is a
significant risk in that data may not be correctly converted or the new
system does not function as intended.

*The failure of a
number of banks
during the sub-prime
and credit crunch
crisis of 2007 and later
was due to the poor
judgement of their
CEOs who ignored the
advice of their risk
managers (given as
part of the internal
control procedures).
They also failed
to understand the
financial products their
traders had developed
and were prepared to
deal in the products,
allowing traders to
override trading
controls that would
have restricted the
process.

4. Rapid growth. Significant and rapid expansion of operations can


strain controls and increase the risk of a breakdown in controls (e.g.
overtrading, strained gearing and loss of direction by the entity).
5. New technology. Incorporating new technologies into production
processes or information systems may change the risk associated with
internal control.
6. New business models, products or activities. Entering into
business areas or transactions with which an entity has little
experience may introduce new risks associated with internal control.
7. Corporate restructurings. Restructurings may be accompanied
by staff reductions and changes in supervision and segregation of
duties that may change the risk associated with internal control.
Management time spent on restructuring and making every effort to
ensure that it works means less time can be spent on running other
areas of the business.
8. Expanded foreign operations. The expansion or acquisition of
foreign operations carries new and often unique risks which may
affect internal control, for example, additional or changed risks from
foreign currency transactions.
9. New accounting pronouncements. Adoption of new accounting
principles or changing accounting principles may affect risks in
preparing financial statements, especially in relation to recognition,
measurement and disclosure requirements.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

9-21

Solution 3Financial Control System


Control Objectives
< At the financial statement assertion level, control objectives aim to
ensure that only:
authorised (ValidV) transactions are
promptly recorded (CompleteC) in the
correct (AccurateA) amount in the
appropriate (A) accounts in the
proper (Correct Cut-offC) accounting period and that
recorded assets exist (ExistenceE).

Control Activities
< Authorisation (basically, "if it can move, authorise it").
For example:
purchase or disposal of non-current assets;
new suppliers;
journals;
payments;
writing off irrecoverable debts.
Performance reviews, for example:
actual against budget, prior year and variance analysis;
analytical review, internal versus external data;
functional or activity performance in that activities that should take
place, did take place.
< Information processing (accuracy, completeness and
authorisation), for example:
checking arithmetical accuracy (e.g. of documents, records);
maintaining and reviewing accounts and trial balances;
carrying out reconciliations (e.g. bank, supplier statements);
sequence checks of pre-numbered documents (e.g. despatch notes);
completeness checks (e.g. that all documents have been processed);
follow-up of error reports (includes taking appropriate action);
IT application controls;
IT general controls.
<

Physical controls, for example:


secured access to assets and records;
password access to computer systems;
comparing book to physical (e.g. inventory, petty cash,
non-current assets).
< Segregation of duties, for example:
separation of the authorising, recording and custody functions;
actions of one employee are checked by another.

<

9-22

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Solution 4Board Questions


1.

2.

3.

4.

Do management and the board receive timely, relevant and reliable


reports on progress against business objectives and the related risks
that provide them with the internal and external information needed
for decision-making and management review purposes?
Are information needs and related information systems reassessed
as objectives and related risks change or as reporting deficiencies
are identified?
Are periodic reporting procedures, including half-yearly and annual
reporting, effective in communicating a balanced and understandable
account of the firm's position and prospects?
Are there established communication channels for individuals
to report suspected breaches of law or regulations or other
improprieties?

2014 DeVry/Becker Educational Development Corp. All rights reserved.

9-23

Session 10

Internal Audit
and Compliance
FOCUS
This session covers the following content from the ACCA Study Guide.
#. Governance
A.
Focus List Subhead
and Responsibility
4. List
1.
Board
text
committees
b) Explain
a) Focusand
list evaluate
2nd levelthe role and purpose of the following committees in
effective corporate governance:
iv)

Audit committees

B. Internal Control and Review


2. Internal control, audit and compliance in corporate governance
a) Describe the function and importance of internal audit.
b) Explain, and discuss the importance of, auditor independence in all clientauditor situations (including internal audit).
c) Explain, and assess the nature and sources of risks to, auditor
independence. Assess the hazard of auditor capture.
d) Explain and evaluate the importance of compliance and the role of the
internal audit function in internal control.
f) Describe and analyse the work of the internal audit committee in
overseeing the internal audit function.
g) Explain, and explore the importance and characteristics of, the audit
committee's relationship with external auditors.

Session 10 Guidance
Note that this is another area with which you should be familiar from your F8 studies. Refresh your
understanding, bearing in mind that P1 deals with the subject in a much broader sense.
Understand the scope and forms of work performed in the internal audit function (s.1.2).
Recognise the nature of, threats to and safeguards appropriate for auditor independence (s.2).

(continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To discuss the functions and role of internal audit and the audit committee.

INTERNAL AUDIT
Audit and Compliance
Scope and Forms of
Work
Assessing Need

AUDITOR
INDEPENDENCE
IIA Definition
Code of Ethics and
Rules of Conduct
Ethical Threats
Ethical Safeguards
IIA Standards

AUDIT COMMITTEE
Composition and
Role
Internal Audit
External Audit

Session 10 Guidance
Know the composition and role of audit committees (s.3.1).
Differentiate between internal (s.3.2) and external (s.3.3) audit services and responsibilities.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

10-1

Session 10 Internal Audit and Compliance

Internal Audit

1.1

Audit and Compliance

P1 Governance, Risk and Ethics

Audit is the corporate governance function that assures


effectiveness of internal controls.

Internal Audit
"An independent, objective assurance and consulting activity designed
to add value and improve an organisation's operations. It helps
an organisation accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk
management, control and governance processes ... ."
Institute of Internal Auditors (IIA)
"Internal auditing, which is ultimately responsible to the owners of the
enterprise, is a service to senior management that includes:
monitoring management controls;
anticipating, identifying and assessing risks to assets and activities;
investigating actual and potential lapses of control and incidents of
risk; and
making recommendations for improvement of control, the response
to risk and the attainment of enterprise objectives."*
Mautz

*Mautz's definition implies that internal audit is ultimately


responsible to the owners of the business. As for stakeholder
theory, there is a case to argue that internal audit should be held
accountable to the organisation as a whole with rights, duties and
obligations to all stakeholders.

Many of the various roles (scope and forms of work) of internal


audit are often referred to by the generic term "compliance".
Compliance means that the actions of individuals, groups or
an entity conform to established guidelines, specifications,
requirements, laws or regulations. Many of the examples given in
the next section are effectively compliance roles (e.g. assessing
the reliability and integrity of key financial information). Clearly
it is essential that management is aware that not only that the
entity complies with its own internal procedures, but also with
external requirements (e.g. corporate governance, listing rules,
corporate laws).*

10-2

*As previously
explained internal
audit is at the core of
the control monitoring
component of internal
control (see Session 9).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.2

Session 10 Internal Audit and Compliance

Scope and Forms of Work


Functional audits
Risk management

Recommend
controls

Due diligence
Evaluate
risks

Internal control framework

Operational audits

Analyse
operations

Conrm information

Value for Money


Consultancy

Assure safeguards
IT/IS audits

Review compliance

Education

Financial process audits


Forensic audits

Examples of the scope and forms of work that comprise an


internal audit include:

Understand the key business risks (including fraud) and

assess the adequacy of the processes by which these risks are


identified, evaluated and managed.
Assess the reliability and integrity of key financial and
operating information and the means used to identify,
measure, classify and report such information.
Review processes and systems to ensure adherence to
policies, plans and procedures.
Review compliance with laws and regulations that could have
an impact on the entity.
Review the means of safeguarding assets and other key
resources, especially information, including business
contingency plans and IT security.
Review operations or projects (including systems under
development) to ascertain whether results are consistent with
established objectives and goals and whether the operation or
projects are being carried out as planned.
Review of the economy, efficiency and effectiveness of
operations and value for money (VFM) of processes,
operations and decisions made.
Due diligence on potential acquisitions and financial investments.

Forensic-style investigations (e.g. on fraud or insurance claims).


Review compliance with corporate governance requirements

board structures, committees, remuneration and evaluation,


communications, reporting transparency, strategic, tactical
and operational objectives.
Monitor corrective action plans to ensure that management
implements them promptly and effectively.
Educate management and employees in risk management,
internal control, quality control and other related functions.
Advise management on cost effective controls for new systems
and activities.
Control design within, and testing of, information systems
(during development).
Liaise with those charged with governance (e.g. the audit
committee) and the external auditors (as necessary).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

10-3

Session 10 Internal Audit and Compliance

1.3

P1 Governance, Risk and Ethics

Need Assessment

The audit committee should monitor and review the effectiveness of


the internal audit activities.
Where there is no internal audit function, they should consider
annually whether there is a need for an internal audit function. The
reasons for the absence of internal audit must be explained in the
annual report.

Factors to consider when assessing the need for an internal audit


function include:

Scale, diversity and complexity of the company's

activitiesthe larger, more diverse and more complex a


range of activities is, the more there is to monitor (and the
more scope for things to go wrong).

Number of employeesas a proxy for size, the number of

employees signifies that larger organisations are more likely


than smaller concerns to need internal audit to underpin
investor confidence.
Cost-benefitmanagement must be certain of the benefits
that will result from establishing internal audit and that they
will outweigh the costs.*

*Note that in some rules-based jurisdictions (e.g. under SOX)


internal audit is required by law (i.e. a "one size fits all" regime).
In "comply or explain" jurisdictions, such as the UK, small listed
companies could determine, for example, that there is little if any
cost-benefit in having an internal audit function and would therefore
explain this in their annual report.

Changese.g. in the organisational structures, reporting

10-4

processes or underlying information systems. Any internal


(or external) change is capable of changing the complexity of
operations and, accordingly, the risk.
Key risk changesthese could be internal or external,
introducing a new product or entering a new market; a change
in any of the PEST/PESTEL factors or changes in the industry
might trigger the need for internal audit.
Problems with existing internal control systemsthese
clearly signify the need for a tightening of systems and
increased monitoring.
Unexplained or unacceptable eventsan increase in the
number of events usually means system failures and is a clear
demonstration of internal control weakness.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Auditor Independence

2.1

IIA Definition

Session 10 Internal Audit and Compliance

The Institute of Internal Auditors' (IIA) definition of internal audit


states that internal audit is "an independent, objective assurance
and consulting activity ". An appropriate internal audit
code of ethics and standards is therefore necessary to ensure
continued trust in internal audit's objective assurance about risk
management, control and governance processes.*

*Note that although the definition refers to "independent", an


internal auditor cannot be fully independent as a paid employee. In
this context, objectivity and the role of a strong audit committee are
crucial to ensure that "auditor capture" does not occur.
Auditor capture describes the risk that the auditor is "in the pocket"
of a particular director (e.g. the CFO) or group of directors and
so only does what that director wants. This would mean that the
auditor is failing in his responsibility and accountability to the
organisation and its stakeholders as a whole.

2.2

Code of Ethics and Rules of Conduct

The IIA Code of Ethics and Rules of Conduct cover the


concepts of:

Integrity;
Objectivity;
Confidentiality; and
Competency.

2.2.1

Integrity

Establishes trust and so provides the basis for reliance on the

judgement of the internal auditors.


Performs work with honesty, diligence and responsibility.
Observes the law and makes disclosures as required by law.
Does not knowingly become a party to any illegal activity.
Does not bring the profession or organisation into disrepute.

2.2.2

Objectivity

Exhibits the highest level of professional objectivity in

gathering, evaluating and communicating information about


the activity or process being examined.
Makes a balanced assessment of all relevant circumstances
and is not unduly influenced by their own interests or by
others in forming judgements.
Declines to participate in any activity or relationship that may:
impair or be presumed to impair their unbiased
assessment; or
be in conflict with the interests of the organisation.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

10-5

Session 10 Internal Audit and Compliance

P1 Governance, Risk and Ethics

Declines to accept anything that may impair or be presumed

to impair their professional judgement.


Discloses all material facts known to them which, if not
disclosed, may distort the reporting of activities under review.

2.2.3

Confidentiality

Respects the value and ownership of information received.

They do not disclose information without appropriate authority


unless there is a legal or professional obligation to do so.
Exhibits prudence in the use and protection of information
acquired in the course of an engagement.
Does not use information for any personal gain or in any
manner that would be contrary to the law or detrimental to
the legitimate and ethical objectives of the organisation.

2.2.4

Competency

Applies the knowledge, skills and experience needed in

performance of internal auditing services.


Engages only in those services for which they have the
necessary knowledge, skills and experience.

Performs internal auditing services in accordance with the

International Standards for the Professional Practice of


Internal Auditing.*
Continually improves proficiency and the effectiveness and
quality of services.

2.3

Ethical Threats

Many threats to internal auditors may be classified as:

self-interest;
self-review;
familiarity; and
intimidation.

2.3.1

Self-Interest Threat

May occur as a result of financial or other interests of internal


auditors (including immediate or close family), e.g.:
Loans or guarantees;
Close personal relationships;
Financial interest (e.g. shares);
Gifts and hospitality;
Incentive compensation arrangements (e.g. bonuses,
share options);
Concern about security of employment;
Interest in transactions with the company; and
Inappropriate use of corporate assets.

*It is hardly surprising


that the IIA code is
very similar to the
ACCA's Code of Ethics
and Conduct. Many
of the elements from
Paper F8, "Audit and
Assurance", can be
used when addressing
ethical issues faced by
internal auditors. But
notice that the internal
auditor cannot be fully
independent (as a paid
employee).

10-6

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 10 Internal Audit and Compliance

2.3.2 Self-Review Threat

May arise when a previous judgement needs to be re-

evaluated by individuals responsible for that judgement. The


original judgement may have been made, for example, by the
individual or by others in the individual's department.
Examples include:
Reviewing the operation of systems after being involved in
their design, testing or implementation.
A member of an internal audit team having previously been
part of the department under review and in a position to have
had a direct influence on the subject matter of the review.
Business decisions or data being subject to review and
justification by the same person responsible for making
those decisions or preparing that data.
2.3.3 Familiarity Threat

Can arise where internal auditors, because of a close

relationship, become too sympathetic to the interests of others


(e.g. auditor and manager are related).
< There is a significant risk that appropriate objectivity will not
be applied by the auditor.
< Examples that may create familiarity threats include:
An auditor, in a position to influence the assignment
outcome, has an immediate or close family member in a
position to benefit from that influence (e.g. a shareholder);
Over-familiarity with management and employees of a
department being reviewed that compromises professional
judgement;
Long association by auditing the same department/process;
Acceptance of gifts or preferential treatment from
managers unless the value is clearly insignificant
("modest"); and
A former senior member of internal audit being an officer
or employee of the department under review is in a position
to exert direct influence over the subject matter of the
review/investigation.
2.3.4 Intimidation Threat

This occurs where members may be deterred from acting

objectively by threats, actual or perceived, direct or indirect.

< Examples include:


Threat

of dismissal or replacement of the auditor or a close


or immediate family member over a disagreement with the
auditor;
A dominant personality (e.g. the CEO) attempting to
influence the decision-making process of the scope of work
to be carried out by the internal auditors;
Being directly or indirectly threatened with litigation; and
Coming under pressure to reduce necessary work to ensure
that a budget is met.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

10-7

Session 10 Internal Audit and Compliance

P1 Governance, Risk and Ethics

2.4 Ethical Safeguards


Employment of internal auditors independent of management

(e.g. chief audit executive (CAE) and senior auditors


interviewed and approved by an audit committee).
< Open and transparent recruitment procedures (e.g. internal
and external candidates fully appraised).
< Appropriate training and qualification (e.g. IIA or ACCA) and
regular continuing professional development (e.g. in areas of
risk management, financial reporting, etc).
< CAE is free from interference in determining the scope of
work, evaluating the performance of work and communicating
results (especially by those directors/managers responsible for
the finance and risk management functions).
< Audit committee involvement, for example:
Advising on scope of work;
Receiving regular reports and results of the work carried out;
Senior NED on the committee acting as a mentor and
confident to the internal auditors; and
Overview and regular review of the internal audit function.
Awareness among all managers and employees of the
importance placed on internal audit (by the CEO and board).
Free and unhindered access to books, records, staff,
management, assets and properties (financial and nonfinancial, manual and electronic).
Rotation of audit staff to avoid familiarity.
Only assigning appropriately experienced and qualified
auditors to assignments (e.g. IT specialists or those
experienced in financial instruments).
Adequate funding to ensure that the appropriate training and
tools are available for use by the auditors (e.g. CAATs, data
mining and analysis, embedded processes).
Not involving auditors in areas in which they have previously
been involved as employees (see familiarity and self-review
threat).
The CAE should have no other responsibilities for operational
elements other than internal audit.

10-8

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 10 Internal Audit and Compliance

Example 1 Employing CAE


Suggest FIVE reasons for recruiting a new chief auditing executive externally, rather than
promoting internally.

Solution
1.

2.

3.

4.

5.

2.5

IIA Standards

The purpose of the IIA's International Standards for the


Professional Practice of Internal Auditing is to:*

delineate basic principles which represent the practice of

internal auditing;
provide a framework for performing and promoting a broad
range of value-added internal auditing;
establish the basis for the evaluation of internal audit
performance; and
foster improved organisational processes and operations.
The standards are principles-focused, mandatory requirements
consisting of:

Statements of basic requirements for the professional

practice of internal auditing and for evaluating the


effectiveness of performance, which are internationally
applicable at organisational and individual levels; and
Interpretations that clarify terms or concepts in the
Statements.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*The requirements
of the attribute and
performance standards
are very similar to
those of International
Standards of Auditing
(ISAs) for external
auditors. Practice
Advisories are
separate notes issued
to support each
Standard. Although
not mandatory,
they represent best
practice endorsed by
IIA to implement the
Standards.

10-9

Session 10 Internal Audit and Compliance

P1 Governance, Risk and Ethics

International Standards for the Professional Practice of Internal Auditing

Practice Advisories

Example 2 Annual Review of Internal Audit


Outline the scope of an annual review of the internal audit function.

Solution

10-10

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 10 Internal Audit and Compliance

Illustration 1 Rogue Trader:


Internal Audit
In 1995, Nick Leeson, a trader at Barings Bank, caused the collapse
of the bank by taking significant trading positions that subsequently
turned against him. The report into the collapse found that, in
respect of the bank's internal audit function:
The internal auditor sent by the bank's London head office was

inexperienced and did not understand the concept of derivative


trading.

The audit scope and programme was limited and defective in

many key areas through not fully understanding the bank's


Singapore operation.

Leeson was quoted as saying that the internal auditor was "an

idiot". He was easily able to direct the auditor away from areas
which may have given some indication of the trouble he was
in. He also gave technically complex answers to the auditor's
questions, knowing that the auditor did not understand his
answers nor wanted to show ignorance.

The audit was incomplete in that the auditor was recalled to

London before completing the work programme.

Audit Committee

3.1

Composition and Role

Under the Code, the audit committee should consist of at least

three NEDs.* At least one member should have recent and


relevant financial experience.
The main role and responsibilities of the committee members
must be set out in written terms of reference (which should be
published in the annual report):
Monitor the integrity of the financial statements including
reviewing significant financial reporting judgements
used (also covers formal announcements relating to the
company's financial performance).
To advise the board on whether the annual report is fair,
balanced and understandable and provides the information
necessary for users to assess the company's performance,
business model and strategy.
Review the company's internal financial controls.
Review internal control and risk management systems (if
not dealt with by a separate risk committee or the board).
Monitor and review the effectiveness of the internal audit
function. If there is no internal audit, annually consider if
there is a need and recommend it to the board.
Make recommendations to the board on the appointment,
remuneration, terms of engagement, reappointment and
removal of the external auditor.*
Review and monitor the external auditor's independence
and objectivity (in line with appropriate standards, e.g.
IFAC) and the effectiveness of the audit process.
Develop and implement policy on the engagement of the
external auditor to supply non-audit services, in line with
relevant ethical guidance.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*Only independent
NEDs should
be on the audit
committee. The fact
that NEDs form this
committee enhances
accountability to
shareholders.

*These matters have


to be agreed by the
shareholders at the
AGM. Should the
board not follow the
audit committee's
recommendations, e.g.
if the board wishes to
replace the auditor but
the audit committee
does not, the audit
committee will usually
have the right to
speak at the AGM on
the matter.

10-11

Session 10 Internal Audit and Compliance

P1 Governance, Risk and Ethics

Report to the board any matters in need of action or


improvement and recommend steps to be taken.
Review arrangements by which staff of the company may,
in confidence, raise concerns about possible improprieties
in matters of financial reporting or other matters
("whistle-blowing"). There should be arrangements
for proportionate and independent investigation and
appropriate follow-up action.
Report to the board on how it has discharged its
responsibilities.

Illustration 2 Enron
The chair of Enron's audit committee was the wife of one of Enron's
key lobbyists to the US Senate. The lobbyist received substantial
political donations from Enron.
Another member of the audit committee had a consulting contract
with Enron.
The vast majority of the audit committee had no relevant financial
experience, especially of the type of transactions Enron was
carrying out.
Enron staff members were obliged to go through their managers
if they had any doubts about financial transactions. They had no
direct access to the audit committee.
The audit committee was effectively just a "rubber stamp" for
the annual financial statements and appointment of the external
auditors. Its members turned up when required to have a "good
lunch and collect their pay cheques".
"In fairness, investors have unrealistic expectations of boardroom
committees. No director can be expected to catch sophisticated
fraud by company insiders."
An Enron audit committee member

3.2

Internal AuditResponsibilities

Approve the appointment or termination of the head of

internal audit.
Ensure that the internal auditor has direct access to the board
chairman and to the audit committee and is accountable to the
audit committee.

Review and assess the annual internal audit work plan.


Receive a report on the results of the internal auditors' work

on a periodic basis.
Review and monitor management's responsiveness to the
internal auditor's findings and recommendations.
Meet with the CAE at least once a year without the presence
of management.
Monitor and assess the role and effectiveness of the internal
audit function in the overall context of the company's risk
management system.

10-12

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 10 Internal Audit and Compliance

3.3 External Audit


3.3.1 Responsibilities

Annually assess and report to the board on the qualification,

expertise and resources, and independence of the external


auditors and the effectiveness of the audit process.
< Approve the terms of engagement and remuneration for audit
services provided.
< Review and agree the annual engagement letter, ensuring that
it has been updated to reflect changes in circumstances.
< Ensure that the external auditors are independent of the
company, for example, through:
= discussion with, and written confirmation from, the auditors;
= review of all relationships between the entity and the auditors;
= review of their policies and processes to maintain
independence;
= review of the safeguards put in place by the auditors to
maintain independence;
= review of the rotation policy for audit partners;
= comparing fee levels paid to the overall income of the
auditors; and
= obtaining written confirmation of compliance with
appropriate ethical guidelines.
Ensure that appropriate plans are in place at the start of
each annual audit (e.g. overall strategy, risk assessment,
materiality, resources and work plans).
Review and discuss with the external auditors their audit
findings, for example:
major issues that arose during the audit (both resolved
and unresolved);
key accounting and audit judgements;
levels of error identified during the audit; and
reasons why certain errors remain unchanged.
Review the audit representation letter (before management
signs).
Review the management letter and monitor management's
actions taken on its recommendations.
Assess the effectiveness of the audit process by, for example:
reviewing whether the agreed audit plan was met and if
changes were made, understanding the reasons for such
changes (including changes in perceived audit risks and the
work undertaken to address those risks);
considering the robustness and perceptiveness of the
auditors (e.g. in assessing key accounting judgements
identified); and
obtaining feedback about the conduct of the audit from key
people involved (e.g. the finance director and CAE).
< If the auditor resigns, investigate why and consider what
action, if any, should be taken.
< If the audit committee recommends considering the selection
of possible new appointees as external auditors, it should
oversee the selection process.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

10-13

Session 10 Internal Audit and Compliance

3.3.2

P1 Governance, Risk and Ethics

Non-audit Services

The audit committee should develop, and recommend to the

board, a company policy relating to the provision of non-audit


services by the auditor.
The audit committee's objective is to ensure that provision
of such services does not impair the external auditor's
independence or objectivity. The audit committee should
consider:
whether the audit firm's skills and experience make it a
suitable supplier of the non-audit service;
any safeguards which ensure that no threat to objectivity or
independence arises; and
the nature of the non-audit services and related fee levels
(individually and in aggregate relative to the audit fee).

10-14

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 10
Summary

Audit is the corporate governance function that assures effectiveness of internal controls,
identifies and assesses risks to assets and activities, and makes recommendations to improve
systems that help organisation attain its objectives.

Some jurisdictions require internal audit, and others have a "comply or explain" orientation.
Assessing the need for an internal audit function includes:

The scale, diversity and complexity of the company's activities;


The number of employees;
Cost-benet analysis of the process;
Change that could increase or decrease risk;
Change that is required when risk changes; and
Unexplained or unacceptable events.

Auditor independence encompasses integrity, objectivity, confidentiality and competency.


Threats to auditor independence include self-interest, self-review, familiarity and intimidation.
The CAE should have no other operational responsibilities. In addition, safeguards against
such threats to independence include:

Employing a CAE;
Ensuring transparent and open recruitment;
Requiring appropriate training, qualication and experience;
Ensuring freedom from interference;
Placing high regard on the audit function;
Rotating audit staff to avoid familiarity; and
Avoiding auditor placement in areas in which they have worked previously.

IIA Standards are principles-focused, mandatory requirements similar to ISAs. IIA also
issues practice advisories that are not mandatory, but represent best practices in audit.

The audit committee should include at least three independent NEDs and at least one should
have recent and relevant financial experience. The audit committee:

Monitors and reviews the effectiveness of the internal audit function;


Approves the appointment or termination of the internal audit head;
Reviews and monitors management responses to audit ndings;
Makes recommendations to the board about the external auditor;
Reviews arrangements for voluntary reporting by employees;
Assures objectivity of an external auditor providing non-audit services; and
Meets with the CAE without management presence at least annually.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

10-15

Session 10 Quiz
Estimated time: 10 minutes
1.

Define "internal audit". (1.1)

2.

Explain the factors to consider when assessing the need for internal audit. (1.3)

3.

List the FOUR elements of the internal audit code of ethics. (2.2)

4.

Explain the role and responsibilities of the audit committee. (3.1)

Study Question Bank


Estimated time: 50 minutes

Priority

Q15

Estimated Time

Flight Investment

Completed

50 minutes

Additional

Q14

10-16

Internal Audit
Effectiveness

2014 DeVry/Becker Educational Development Corp. All rights reserved.

EXAMPLE SOLUTIONS
Solution 1Employing CAE

An external appointment would bring detachment and independence


which would be less likely with an internal one.

An external appointment would help with independence and


objectivity (avoiding the possibility of auditor capture).

The new CAE would owe neither personal loyalties nor "favours" from
previous positions within the organisation.

The CAE would have no personal grievances or conflicts with other


people from past disputes or arguments.

There would be a "new broom" effect in that the appointment would


see the company through fresh eyes and would be unaware of
vested interests.

The CAE would be likely to come in with new ideas and expertise
gained from other situations.

As for any external appointment, the possibility exists for the transfer
of best practice in from outside.

Solution 2Annual Review of Internal Audit

Compliance with the Standards and the Code of Ethics (e.g. objectivity
and competence of the auditors).

Adequacy of the safeguards to ensure that the Code of Ethics was


effectively applied.

Adequacy of the internal audit's activity charter, goals, objectives,


policies and procedures.

Development, implementation and review of the annual internal


audit plan.

Contribution to the organisation's risk management, governance and


control processes, e.g. testing and review of the entity's:
adequacy, effectiveness and value for money of internal control;
risk assessment and management processes;
compliance with laws, regulations and policies;
compliance with governance regulations;
safeguarding of assets;
reliability of information;
value for money; and
attainment of objectives and goals.

Compliance with applicable laws, regulations, governance,


government or industry standards relating to internal audit.

Effectiveness of continuous improvement activities (e.g. review and


application of emerging technologies and issues, CPD) and adoption
of best-practices.

Review of selected assignments to ensure appropriate adherence to


the Standards, e.g. terms of reference, planning, work carried out,
documentation, follow-through of exceptions, reporting, review and
management follow-through.

Review of the liaison with the board and audit committee.

Review of the activities of the audit committee with respect to


internal and external audit.

Whether the audit activity adds value and improves the organisation's
activities (per the IIA definition of internal audit).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

10-17

Session 11

Reporting on Internal Control

FOCUS
This session covers the following content from the ACCA Study Guide.
B. Internal Control and Review
3. Internal control and reporting
a) Describe and assess the need to report on internal controls to
shareholders.
b) Describe the content of a report on internal control and audit.

C. Identifying and Assessing Risk


3. Identification, assessment and measurement of risk
d) Describe the process of, and importance of, externally reporting on internal
control and risk.
e) Explain the sources, and assess the importance of, accurate information
for risk management.

Session 11 Guidance
Note that this session is NOT about reporting internal control weaknesses to management.
Read through all of the Illustrations (extracts from issued financial statements) a couple of times to
get an idea of the practical realities discussed in this session. Then go through the detail. The UK's
Turnbull guidance provides a useful checklist, albeit somewhat extensive.

(continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To discuss the requirements for reporting to shareholders on internal control.

REPORTING
ON INTERNAL CONTROL

UK CORPORATE
GOVERNANCE CODE

SARBANES-OXLEY ACT (2002)

Requirement
Turnbull Guidance
Financial Services Authority
(FSA)

Section 404
Report Content

AUDITOR'S RESPONSIBILITIES
SOX
UK Corporate Governance Code

Session 11 Guidance
Understand the difference between the UK principles-based approach and the US rules-based
approach and the different roles of the auditor.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

11-1

Session 11 Reporting on Internal Control

P1 Governance, Risk and Ethics

UK Corporate Governance Code

1.1

Requirement

< The board is responsible for maintaining a sound system of

internal control to safeguard the shareholders' investment and


the company's assets and should, at least annually:*
= conduct a review of the effectiveness of the group's system
of internal controls;
= cover all material controls, including financial, operational
and compliance controls and risk management systems
within their review; and
= report to shareholders that they have done so.

1.2

*The report to
shareholders covers
the year under review
and the time up to the
date of approval of the
financial statements.

The Turnbull Guidance

< Requires directors to exercise judgement in reviewing how the


<

entity has implemented the provisions of the Code relating to


internal control and reporting to shareholders thereon.
The guidance identifies two elements in the reviewing and
reporting procedures:
1. Regular receipt and review of internal control reports.
2. An annual assessment for the purposes of the board's
statement in the annual financial statements.

1.2.1

Regular Reports

< Scope and frequency of reports from management decided by


<

<

11-2

the board.
Reports should provide:
= a balanced assessment of significant risks and the
effectiveness of the system of internal control in managing
those risks; and
= a basis for sound, appropriately documented support for the
board's annual assessment.*
The board review of the reports should:
= consider the risks identified by the reports and whether they
are significant;
= assess how they have been identified, evaluated and
managed;
= assess the effectiveness of the system of internal control in
managing the risks, having regard to any significant failings
or weaknesses in internal control reported;
= consider whether necessary actions are being taken promptly
to remedy any significant failings or weaknesses; and
= consider whether the findings indicate a need for more
extensive monitoring of the system of internal control.

*Significant control
failings or weaknesses
identified must be
reported together with
the impact they have
had, or may have, and
the actions to be taken
to rectify them.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.2.2

Session 11 Reporting on Internal Control

Annual Assessment

< Made by the board in order to prepare a statement on


<

internal controls.
Should consider issues raised by the regular reports, plus:
= changes since the last assessment in the nature and extent
of significant risks;
= a company's ability to respond to changes in its business
and external environment;
= the scope and quality of ongoing monitoring of risks and the
system of internal control;
= where applicable, the work of internal audit and other
providers of assurance;
= the extent and frequency of reporting to enable a
cumulative assessment of the state of control and the
effectiveness with which risk is being managed;
= the incidence of significant control failings or weaknesses
that have been identified during the period;
= the extent to which failures resulted in actual, possible or
potential future material effects on the company's financial
performance; and
= effectiveness of the company's public reporting processes.

1.3

Details of the Turnbull Guidance

< The Turnbull guidance suggests a number of questions to be

considered, as a minimum, by the board as part of its review


process covering:
= risk assessment;
= control environment and control activities;
= information and communication; and
= monitoring.

1.3.1

Risk Assessment
=

1.3.2

Does the company have clear objectives? Have they


been communicated to provide effective direction to
employees on risk assessment and control issues? For
example, do objectives and plans include measurable
performance targets and indicators?
Are the significant internal and external operational,
financial, compliance and other risks identified and
assessed on an ongoing basis?*
Is there a clear understanding by management and
employees of what risks are acceptable to the board?

Control Environment and Control Activities


=

Does the board have clear strategies and policies for


dealing with and managing the significant risks that have
been identified?
Do the company's culture, code of conduct, human
resource policies and performance reward systems
support the business objectives and risk management
and internal control system?
Does senior management demonstrate, through its
actions as well as its policies, the necessary commitment
to competence and integrity and foster a climate of trust
in the company?

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*The risks would


include those
identified under
IAS 1 Presentation
of Financial
Statements and
IFRS 7 Financial
Instruments:
Disclosures.

11-3

Session 11 Reporting on Internal Control

P1 Governance, Risk and Ethics

= Are

authority, responsibility and accountability defined


clearly such that decisions are made and actions taken by
the appropriate people?
= Are the decisions and actions of different parts of the firm
appropriately coordinated?
= Does the company communicate to its employees what is
expected of them and the scope of their freedom to act?
For example, in the areas of:
customer relations;
service levels for both internal and outsourced
activities;
health, safety and environmental protection;
security of tangible and intangible assets;
business continuity issues;
expenditure matters; and
accounting, financial and other reporting.
= Do people in the firm (and in its providers of outsourced
services) have the knowledge, skills and tools to support
the achievement of the firm's objectives and to manage
effectively any risks to their achievement?
= How are processes/controls adjusted to reflect new or
changing risks, or operational deficiencies?
1.3.3 Information and Communication
= Do

management and the board receive timely, relevant


and reliable reports on progress against business
objectives (quantitative and qualitative) and the related
risks? For example:
key performance reports and benchmarking key
performance indicators;
variance analysis and indicators of change; and
regulatory reports, customer satisfaction and employee
attitudes.
= Do they use such reports for decision-making and
management review purposes?
= Are information needs (thus related information systems)
reassessed as the objectives and related risks evolve, and
as reporting deficiencies are identified?
= Are periodic reporting procedures, including half-yearly
and annual reporting, effective in communicating a
balanced and understandable account of the company's
position and prospects?
= Are there established channels of communication for
individuals to report suspected breaches of law or
regulations or other improprieties (whistle-blowing)?

11-4

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 11 Reporting on Internal Control

1.3.4 Monitoring
= Are

there ongoing processes embedded in the overall


business operations which monitor the effective
application of the policies, processes and activities related
to internal control and risk management? For example:
control self-assessment and confirmation by personnel
of compliance with policies and codes of conduct;
internal audit reviews and specific management reviews.
= Do these processes monitor the company's ability to reevaluate risks and adjust controls effectively in response
to changes in its objectives, its business and its external
environment?
= Are there effective follow-up procedures to ensure that
appropriate change or action occurs in response to
changes in risk and control assessments?
= Is there appropriate and timely communication to the
board (or board committees) on the effectiveness of the
monitoring processes on risk and control matters?
= Are there specific arrangements for management
monitoring and reporting to the board on risk and control
matters of particular importance? For example:
actual or suspected fraud;
illegal or irregular acts;
matters that could adversely affect the company's
reputation; or
matters negatively impacting financial position.

1.4 Financial Conduct Authority (FCA)


< The UK FCA's Disclosure and Transparency rules (as part of

the listing rules for companies listed on the London Stock


Exchanges) require a description of the main features of the
internal control and risk management systems in relation to
the financial reporting process to be included in the corporate
governance statement (which also includes many of the
disclosure requirements of the Code).
< For a listed company in the UK, the board's statements on
internal control over financial reporting and their statement
covering internal control and risk management must refer to:
= an ongoing process, regularly reviewed by the board, for
identifying, evaluating and managing the significant risks
faced by the company;
= an acknowledgement by the board of its responsibility
for the system of internal control and for reviewing its
effectiveness;
= an explanation that control systems are designed to manage
rather than eliminate the risk of failure to achieve business
objectives and can only provide reasonable and not absolute
assurance against material misstatement or loss;
= a summary of the board's processes applied in reviewing
the effectiveness of internal control; and
= the process applied to deal with material internal control
aspects of any significant problems disclosed in the financial
statements.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

11-5

Session 11 Reporting on Internal Control

P1 Governance, Risk and Ethics

Illustration 1 BT Group
30 June 2011
Internal Control and Risk Management
The Board is responsible for the group's systems of internal control
and risk management and reviews each year the effectiveness of
those systems. Such systems are designed to manage, rather than
eliminate, the risk of failure to achieve business objectives; any
system can provide only reasonable and not absolute assurance
against material misstatement or loss. The process in place for
reviewing BT's systems of internal control includes procedures
designed to identify and evaluate failings and weaknesses, and, in
the case of any categorised as significant, procedures exist to ensure
that necessary action is taken to remedy the failings.
The Board also takes account of significant social, environmental
and ethical matters that relate to BT's businesses and reviews
annually BT's corporate social responsibility policy. The company's
workplace practices, specific environmental, social and ethical risks
and opportunities and details of underlying governance processes are
dealt with in Business reviewOur resources.
We have enterprise wide risk management processes for identifying,
evaluating and managing the significant risks faced by the group.
These processes have been in place for the whole of the 2011 financial
year and have continued up to the date on which this document was
approved. The processes are in accordance with the Revised Guidance
for Directors on the UK Corporate Governance Code published by the
Financial Reporting Council (the Turnbull Guidance).
Risk assessment and evaluation takes place as an integral part
of BT's annual strategic planning cycle. We have a detailed risk
management process, culminating in a Board review, which
identifies the key risks facing the group and each business unit.
This information is reviewed by senior management as part of the
strategic review. Our current key risks are summarised in Business
reviewOur risks.
The key features of the enterprise wide risk management process
comprise the following procedures:

The BT Group
illustrations put into
context the various
requirements for
external reporting
on internal control.
The examiner
expects candidates
to demonstrate
knowledge of the
general contents and
requirements in this
area. He does not
expect details of a
specific report.

= senior executives collectively review the group's key risks and

11-6

have created a group risk register describing the risks, owners


and mitigation strategies. This is reviewed by the Operating
Committee before being reviewed and approved by the Board;
the lines of business and internal service units carry out risk
assessments of their operations, create risk registers relating to
those operations, and ensure that the key risks are addressed;
senior executives with responsibilities for major group operations
report quarterly with their opinion on the effectiveness of the
operation of internal controls in their area of responsibility;
the group's internal auditors carry out continuing assessments
of the quality of risk management and control, report to
management and the Audit & Risk Committee on the status of
specific areas identified for improvement and promote effective
risk management in the lines of business and internal service units
operations; and
the Audit & Risk Committee, on behalf of the Board, considers the
effectiveness of the operation of internal control procedures in
the group during the financial year. It reviews reports from the
internal and external auditors and reports its conclusions to the
Board. The Audit & Risk Committee has carried out these actions
for the 2011 financial year.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 11 Reporting on Internal Control

Sarbanes-Oxley Act (2002)

2.1 Section 404


< Section 404 of Sarbanes-Oxley requires management to

document and evaluate the design and operation, and report on


the effectiveness, of its internal control over financial reporting.

2.2 Internal Control Report Content


< The internal control report must be incorporated into the

annual report and include the following components:


recognition of its responsibility for
establishing and maintaining adequate internal controls and
procedures for financial reporting.
= The framework used by management in its evaluation.
= Management's assessment of the effectiveness of the
company's internal control over financial reporting and a
statement of the effectiveness of the internal control.
= A statement that the issuer's external auditors have issued
an attestation report on management's assessment of
effectiveness of internal control over financial reporting and
that it is included in the annual report.
< In addition, the report will include:
= The nature and extent of involvement by the chairman and
chief executive, but may also specify the other members
of the board involved in the internal controls over financial
reporting. The purpose is for shareholders to be clear about
who is accountable for the controls.
= The disclosure of any "material weaknesses" in the
company's internal control over financial reporting identified
by management.
= For frameworks developed internally, a description of the key
metrics, measurement methods (e.g. rates of compliance,
fair value measures, etc) and tolerances allowed.
= Rates of compliance, failures, costs, resources committed
and outputs (if measurable) achieved as necessary and any
qualification to the auditor's attestation.
= Management's

2014 DeVry/Becker Educational Development Corp. All rights reserved.

11-7

Session 11 Reporting on Internal Control

P1 Governance, Risk and Ethics

Illustration 2 BT Group
30 June 2011
Report of Management on Internal Control Over
Financial Reporting
US Sarbanes-Oxley Act of 2002
BT has securities registered with the US Securities and Exchange
Commission (SEC). As a result, we must comply with those
provisions of the Sarbanes-Oxley Act applicable to foreign issuers.
We comply with the legal and regulatory requirements introduced
pursuant to this legislation, insofar as they are applicable.
The Audit & Risk Committee includes members Phil Hodkinson and
Nick Rose who, in the opinion of the Board, are "audit committee
financial experts" and who are independent (as defined for this
purpose). The Board considers that the Committee's members have
broad commercial knowledge and extensive business leadership
experience, having held between them various prior roles in major
business, Government, financial management, treasury and financial
function supervision and that this constitutes a broad and suitable
mix of business and financial experience on the Committee.
The code of ethics adopted for the purposes of the Sarbanes-Oxley
Act is posted on the company's website at www.bt.com/ethics. The
code applies to the Chief Executive, Group Finance Director and
senior finance managers.
Disclosure controls and procedures
The Chief Executive and Group Finance Director, after evaluating
the effectiveness of BT's disclosure controls and procedures as of
the end of the period covered by this Annual Report & Form 20F, have concluded that, as of such date, BT's disclosure controls
and procedures were effective to ensure that material information
relating to BT was made known to them by others within the group.
The Chief Executive and Group Finance Director concluded that
BT's disclosure controls and procedures are also effective to ensure
that the information required to be disclosed by the company in
reports that it files under the Exchange Act is recorded, processed,
summarised and reported within the time periods specified in the
rules and forms of the SEC. The Chief Executive and Group Finance
Director have also provided the certifications required by the
Sarbanes-Oxley Act.
Internal control over financial reporting
BT's management is responsible for establishing and maintaining
adequate internal control over financial reporting for the group
including the consolidation process. Internal control over financial
reporting is designed to provide reasonable assurance regarding
the reliability of financial reporting and the preparation of financial
statements for external reporting purposes in accordance with
IFRS. Management conducted an assessment of the effectiveness of
internal control over financial reporting based on the framework for
internal control evaluation contained in the Turnbull Guidance.
Based on this assessment, management has concluded that as at
31 March 2011, BT's internal control over financial reporting was
effective. There were no changes in BT's internal control over
financial reporting that occurred during 2011 that have materially
affected, or are reasonably likely to have materially affected, the
group's internal control over financial reporting. Any significant
deficiency, as defined by the US Public Company Accounting
Oversight Board (PCAOB), in internal control over financial reporting,
is reported to the Audit & Risk Committee. PricewaterhouseCoopers
LLP, which has audited the consolidated financial statements for
2011, has also audited the effectiveness of the group's internal
control over financial reporting under Auditing Standard No. 5 of the
PCAOB. Their report is on page 90.

11-8

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 11 Reporting on Internal Control

Auditor's Responsibilities

3.1

SOX*

< Under SOX, auditors have strict


and extensive responsibilities
to audit and report on an
organisation's internal control
over financial reporting.

*SOX effectively requires a full audit of the internal


control systems and how this has been combined into
the form of a standard ISA 700 audit report.

Illustration 3 Extracts From Audit Opinion


United States Opinion
Report of Independent Registered Public Accounting Firm to the Board of Directors and
Shareholders of BT Group plc (the "company")
In our opinion, the accompanying Group income statements, Group statements of comprehensive
income, Group statements of changes in equity, Group cash flow statements and Group balance
sheets present fairly, in all material respects, the financial position of BT Group plc. and its
subsidiaries at 31 March 2011 and 2010 and the results of their operations and cash flows for
each of the three years in the period ended 31 March 2011, in conformity with International
Financial Reporting Standards (IFRSs) as issued by the International Accounting Standards Board.
Also, in our opinion the company maintained, in all material respects, effective internal control over
financial reporting as of 31 March 2011, based on criteria established in the Turnbull Guidance.
The company's management is responsible for these financial statements, for maintaining
effective internal control over financial reporting and for its assessment of the effectiveness of
internal control over financial reporting, included in management's evaluation of the effectiveness
of internal control over financial reporting as set out in the first three paragraphs of Internal
control over financial reporting in the Report of the directors, Business Policies of the BT Group
plc. Annual Report & Form 20-F. (See Illustration 2)
Our responsibility is to express opinions on these financial statements and on the company's
internal control over financial reporting based on our integrated audits. We conducted our audits
in accordance with the standards of the Public Company Accounting Oversight Board (United
States). Those standards require (audit scope) ... and whether effective internal control over
financial reporting was maintained in all material respects.
Our audits of the financial statements included (audit scope) Our audit of internal control
over financial reporting included obtaining an understanding of internal control over financial
reporting, assessing the risk that a material weakness exists, and testing and evaluating the
design and operating effectiveness of internal control based on the assessed risk. Our audits also
included performing such other procedures as we considered necessary in the circumstances. We
believe that our audits provide a reasonable basis for our opinions.
A company's internal control over financial reporting is a process designed to provide reasonable
assurance regarding the reliability of financial reporting and the preparation of financial
statements for external purposes in accordance with generally accepted accounting principles.
A company's internal control over financial reporting includes those policies and procedures that
(i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect
the transactions and dispositions of the assets of the company; (ii) provide reasonable assurance
that transactions are recorded as necessary to permit preparation of financial statements in
accordance with generally accepted accounting principles, and that receipts and expenditures of
the company are being made only in accordance with authorisations of management and directors
of the company; and (iii) provide reasonable assurance regarding prevention or timely detection
of unauthorised acquisition, use, or disposition of the company's assets that could have a material
effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or
detect misstatements. Also, projections of any evaluation of effectiveness to future periods are
subject to the risk that controls may become inadequate because of changes in conditions, or that
the degree of compliance with the policies or procedures may deteriorate.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

11-9

Session 11 Reporting on Internal Control

3.2

P1 Governance, Risk and Ethics

UK Corporate Governance Code

< Requirements placed on external auditors under the UK

<

Corporate Governance Code and FCA's listing rules are


significantly less onerous. The auditors are only required
to review (i.e. discuss, assess and appraise documents and
reports) if the directors have carried out specific actions as
required by a limited number of Code sections and FCA listing
rules. They are not required to carry out any tests nor form
any opinion.
They are expected to:
= draw upon their knowledge of the client, its environment
and internal control;
= consider the results of their testing of the effectiveness of
internal controls for audit purposes;
= review the information disclosed by the provisions of the UK
Corporate Governance Code and FCA rules for consistency
with the financial statements as required by ISA 720 Other
Information in Documents Containing Audited Financial
Statements;
= report any non-compliance with the specific requirements of
the UK Corporate Governance Code/FCA rules (e.g. where
no explanation is given when required) in their audit report,
but not as a qualification (e.g. as an "Other Matter" following
any Emphasis of Matter) nor give any of the missing required
information (i.e. not as a disagreement qualification).

Illustration 4 BT Group
30 June 2011
Matters on which we are required to report by exception:
We have nothing to report in respect of the following:
Under the Companies Act 2006 we are required to report to you if, in
our opinion:
= certain disclosures of directors' remuneration specified by law are

not made; or

= we have not received all the information and explanations we

require for our audit.


Under the Listing Rules we are required to review:

= the directors' statement, set out on page 54, in relation to going

concern; and

= the part of the Corporate Governance Statement relating to the

company's compliance with the nine provisions of the Combined


Code (June 2008) specified for our review.

11-10

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 11
Summary
UK Approach (Principles-Based)

<

Directors required to exercise judgement in reviewing how the entity has implemented
the requirements of the UK Corporate Governance Code relating to internal control and
reporting to shareholders on the controls in place.

<

Two elements in the reviewing and reporting procedures:

regular receipt and review of internal control reports; and


an annual assessment for the purposes of the board's statement in the annual nancial
statements.

<

A description of the main features of the internal control and risk management systems in
relation to the financial reporting process must be included within the corporate governance
statement of the annual report.

<

A summary of the board's processes applied in reviewing the effectiveness of internal


control and the process applied to deal with material internal control aspects of any
significant problems disclosed in the financial statements must also be made.

<

Auditors are expected to review information disclosed under provisions of the Listing Rules
and Corporate Governance Code and report any non-compliance. They are not required to
disclose any missing information or qualify their audit opinion.

US Approach (Rules-Based)

<

Section 404 of SOX requires management to document, evaluate and report on the
effectiveness of internal controls (similar to the provisions of the UK Code). SOX, however,
has the more onerous requirements to determine rates of compliance, failures, costs, inputs
and outputs.

<

Auditors are required to perform an extensive audit of an organisation's internal control


systems over financial reporting alongside the financial statement audit and produce an
audit report covering both the internal controls and the financial statements.

Session 11 Quiz
Estimated time: 10 minutes

1. List SIX considerations in assessing the control environment and control activities. (1.2.2)
2. List SIX components of an internal control report under SOX. (2)
3. State the main UK Corporate Governance Code requirements for reporting on internal control
by external auditors. (3.2)

Study Question Bank


Estimated time: 40 minutes

Priority

Q16

Estimated Time

Reporting on Internal
Control Systems

Completed

40 minutes

2014 DeVry/Becker Educational Development Corp. All rights reserved.

11-11

Session 12

Identifying Risk
FOCUS
This session covers the following content from the ACCA Study Guide.
C. Identifying and Assessing Risk
1. Risk and the risk management process
a) Define and explain risk in the context of corporate governance.
2. Categories of risk
a) Define and compare (distinguish between) strategic and operational risks.
b) Define and explain the sources and impacts of common business risks:
i)

market

ii)

credit

iii)

liquidity

iv)

technological

v)

legal

vi)

health, safety and environmental

vii) reputation
viii) business probity
ix)

derivatives

c) Describe and evaluate the nature and importance of business and


financial risks.
d) Recognise and analyse the sector or industry specific nature of many
business risks.
3. Identification, assessment and measurement of risk
d) Describe the process of and importance of, externally reporting on internal
control and risk.

Session 12 Guidance
RecogniseIn theory you should be familiar with the content in this and the following two sessions
from your F8 studies. Be careful, however, as P1 requires greater depth of understanding.
Read this session a couple of times to understand the depth of defining and explaining each risk.
Understand the central role risk plays within corporate governance; this is highly examinable.
Refer to Implementing Turnbull.

P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To consider the various risks faced by business entities.

RISK AND CORPORATE


GOVERNANCE

Background
Turnbull
Risk Management Benefits
Beyond Turnbull
External Reporting

RISK CATEGORIES
Strategic Risk
Operational Risk
Sector-Specific Risk

COMMON RISKS EXPLAINED

Market Risk
Credit Risk
Liquidity Risk
Technological Risk
Legal and Regulatory Risk
Health and Safety Risk
Environmental Risk
Reputation Risk
Business Probity Risk
Derivative Risk

2014 DeVry/Becker Educational Development Corp. All rights reserved.

COUNTRY RISKS
Unique Risks
Examples

12-1

Session 12 Identifying Risk

P1 Governance, Risk and Ethics

Risk and Corporate Governance

1.1

Background

Businesses have always faced risk and the need to manage


such risks.
Risk has been defined as:

< "Risk is any event which may affect an organisation's ability

<
<

to survive and compete in its market as well as to maintain its


financial strength, positive public image and the overall quality
of its people and services.
"It is the threat that an event or action will adversely affect
an organisation's ability to meet its business objectives and
execute its strategies successfully."
The Economist
"Risk is the possibility that an event will occur and adversely
affect the achievement of objectives."
COSO
"Risk is the combination of the probability of an event and its
consequences."

Risk is a core element


of the P1 syllabus
and will always be
examined. This
broad topic is further
explored in Sessions
12-14.

Institute of Risk Management

< Business risk is the "risk that the business will not be able to
'do the business' ".

Risk management has been defined as:

< "The process whereby organisations methodically address

<

the risks attaching to their activities with the goal of achieving


sustained benefit within each activity and across the portfolio
of all activities."
Institute of Risk Management
"A process, effected by the entity's board of directors,
management and other personnel, applied in strategy
setting and across the enterprise. It is designed to identify
potential events that may affect the entity, and manage risk
to be within the entity's risk appetite, to provide reasonable
assurance regarding the achievement of entity objectives."

COSO

12-2

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 12 Identifying Risk

Kit Sadgrove (The Complete Guide to Business Risk Management)


identifies three risk management "ages":*
1. First Age
Non-entrepreneurial types of risk (e.g. security, fire, theft,
fraud, pollution) usually covered by insurance. The focus was
internal, reactive and with an uncoordinated risk management
strategy.
2. Second Age
Similar to the first age, except in the 1970s and '80s
organisations started to use more preventative and proactive
solutions (e.g. use of quality assurance procedures).
Legislation (e.g. on health and safety), the emergence of
stakeholder theory and a "green" agenda raising concerns over
the environmental impact of businesses also enhanced the
need for greater interaction and proactivity.
The first "chief risk officer" (at GE Capital) was only appointed
in 1993.
3. Third Age
Entrepreneurial types of risk (e.g. innovation, investment,
diversification, new and emerging markets, and other business
environments that cannot be covered by insurance) can
significantly enhance shareholder wealth or can waste a lot of
financial resources.
The focus is both internal and market orientated with a
systematic approach to risk management strategy (e.g.
Turnbull, COSO).
The third age was initiated in 1995 with the first publication
of a risk management standard. This was followed by other
standards (e.g. Turnbull Report, Institute of Risk Management
Risk Management Standard and COSO ERM Integrated
Framework) and greater disclosure requirements in financial
statements (e.g. IAS 1, IFRS 7) and other reports (e.g. CSR
and Global Reporting Initiative).

*Perhaps a "Fourth Age" is beginning as risk management has


moved from insurance, compliance and loss avoidance to a boardlevel activity, embedded throughout the organisation and a core part
of its culture.
What were once considered to be "exotic" risks (e.g. human capital,
reputation, supply chain, business resilience and climate change) are
now mainstream. In addition, risk management is no longer being
seen as a means to minimise loss but as a way to leverage broader
benefits (e.g. enhancing reputation and gaining a competitive
advantage).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

12-3

Session 12 Identifying Risk

1.2

P1 Governance, Risk and Ethics

Turnbull and the Code

< The UK Corporate Governance Code became not only the


<

<

first code on corporate governance but the first to establish a


strong link between internal control and risk management.
As already noted in previous sessions, under the Code:
= The board's role is to provide entrepreneurial leadership
within a framework of prudent and effective controls which
enables risk to be assessed and managed.
= NEDs should satisfy themselves that financial controls and
systems of risk management are robust and defensible.
= The board's review of the effectiveness of the internal
controls should cover risk management systems.
= The audit committee should review the risk management
systems unless expressly addressed by a separate board risk
committee (of independent directors) or by the board itself.
= When assessing governance disclosures, institutional
shareholders should bear in mind the size and complexity of
the company and the nature of the risks and challenges it
faces.
= Under the London Stock Exchange Listing Rules, financial
statements must include a description of the main features
of a company's internal control and risk management
systems.
The Turnbull guidance was issued in September 1999 (updated
in October 2005) to assist boardrooms with the Code's
requirements on internal control and risk management.*

*At the time Turnbull was issued (1999), very few companies
systematically carried out non-conventional risk analysis. The impact
of Turnbull on the role of internal audit, for example, was substantial.
The IIA noted that although initially many companies were
complacent about Turnbull when it was first issued, within six months
the vast majority had commenced to change their processes to
ensure risk management would become an embedded organisationwide activity with the necessary assurance being required from
internal audit. Many of the organisations cited that such changes
were considered to make sound business sense and would contribute
to shareholder prosperity.

< Turnbull recommended that firms identify, evaluate and

manage all their risks, not just the narrowly financial ones
(e.g. environmental, reputation and business propriety risks).

12-4

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 12 Identifying Risk

< Specific guidance under Turnbull relating to risks includes:


=

Regular reporting by management to the board on internal


controls (required under the Code) should provide a
balanced assessment of the significant risks and the
effectiveness of the system of internal control in managing
those risks.
Recommendations for board review:
consider what are the significant risks and assess how
they have been identified, evaluated and managed; and
assess the effectiveness of the related system of internal
control in managing the significant risks.

=
=

Consideration of the scope, quality and effectiveness with


which risks are identified and managed.
Questions to be considered by the board when assessing the
effectiveness of the entity's risk and control processes.

Example 1 Risk Assessment Questions


Suggest THREE questions that an entity's board should consider when carrying out
an annual review of risk assessment.

Solution
1.
2.
3.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

12-5

Session 12 Identifying Risk

1.3

12-6

P1 Governance, Risk and Ethics

Risk Management Benefits

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 12 Identifying Risk

Illustration 1 Cases
Swiss Bank
In 2002, a major private Swiss bank established an asset
management and investment business. The bank also established
an independent risk management function. Because the trust
of investors was vital to the continued success of the asset
management business (the trust, built up over many years, easily
could be lost through one bad decision), the risk management
process was used as a key selling point in presentations made
to institutional investors. Thus the function was not only used
internally, but also as a key competitive advantage to keep business,
take business away from rivals and to generate new business.
Dock Strike
In September 2002, a severe dockworkers strike on the West
Coast of the US affected 29 ports for a total of 10 days. Several
major retailers (including Wal-Martsee next case) had foreseen
this event (because of the deteriorating relationships over several
months between the port workers and managers) and had increased
their imports of vital inventory prior to September. Many other
retailers did not recognise this risk and did nothingtheir vital goods
remained ship bound during the strike and were not delivered until
several weeks after the strike ended due to the time taken to clear
the backlog of containers.
Wal-Mart Stores
In August 2005, the Gulf Coast of the US was struck by a severe
hurricane, Katrina. New Orleans, in particular, was heavily hit.
From the moment the hurricane formed over the Bahamas, Wal-Mart
Stores' (the largest US corporation by revenue) risk management
and procurement systems, using information from the US National
Weather Service's National Hurricane Center and Wal-Mart's own
database, had identified the basic foodstuffs, goods and equipment
that would be needed should the hurricane come ashore.
As it became clear where the hurricane was most likely to hit, the
company moved the necessary supplies and materials into the
relevant stores, in preparation to meet the expected demand.
During the hurricane and its aftermath, because of the catastrophe
caused by the hurricane and the failure of New Orleans' levee
system (and the subsequent flooding of the city), Wal-Mart
gave away most of the foodstuffs and essential supplies. It also
established supply routes bringing in more aid to stricken areas.
Although state and federal officials came under harsh criticism for
their handling of the disaster, Wal-Mart was held up as a model for
logistical efficiency, risk management and nimble disaster planning,
which allowed it to quickly deliver the necessary food, water, fuel
and other essential goods to thousands of people affected by
the hurricane.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

12-7

Session 12 Identifying Risk

P1 Governance, Risk and Ethics

1.4 Beyond Turnbull


< The Turnbull guidance was a significant turning point for how

entities considered and managed risk. The report made it


perfectly clear that risk management:
= requires recognition that firms face risks similar to their
operations; that is, along the continuum between static
and dynamic;
= must recognise that changes in the internal and external
environment of a business will effect various risks faced by
the business to a lesser or greater extent;
= requires awareness that the assessment of any given risk
can change and, thereby, the strategy for managing that
risk must change as well;
= must match the complexity of business risks;
= is not a one-off exercise but evolves as business,
environments and risks change (especially as the unknown
risks become known and are replaced by new emerging
risks);
= is not about eliminating all risk (as maximising shareholder
and stakeholder wealth involves taking risks) but assessing,
monitoring and controlling risk;
= is about identifying trends and future events, thus being
first to take a competitive advantagean opportunity risk to
create value or take first advantage of limited, decreasing
resources.

1.5 External Reporting


< Along with Turnbull, the significant increase in stakeholder

interests since the 1990s has resulted in greater pressures


placed on entities not only to manage risks but also to disclose
the risks they face and how those risks are being managed.
< The approach to external reporting on risk varies among the
various corporate governance codes. For example:
= UK Corporate Governance Codethe board should, at
least annually, conduct a review of the effectiveness of the
company's risk management and internal control systems
and should report to shareholders that they have done so.
The directors should also include in the annual report an
explanation of the basis on which the company generates or
preserves value over the longer term (the business model)
and the strategy for delivering the objectives of the company.
= SOXidentify key business activities and the risks associated
with them.
= King IIIdetailed disclosure and discussion in the
company's integrated report of the effectiveness of the
system and process of risk management, including the
nature of the risks faced, how they are managed, the
effectiveness of the risk management process and details of
undue, unexpected or unusual risks.

12-8

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 12 Identifying Risk

< In addition:*
=

Stock exchange listing rules require various narrative


disclosures to be made about risks faced by a business
(e.g. a business review).
IFRS requires extensive disclosures to be made about
various risks faced by an entity (e.g. IFRS 7 Financial
Instruments: Disclosure).
Social and environmental reporting requirements (e.g.
Global Reporting Initiative and the AA 1000 set of
standards) require discussion of the various social and
environmental risks faced by entities and the impact the
entities have on their stakeholders.

*A discussion report issued by the UK's Financial Reporting Council


in September 2011 made the following suggestions for improving
external risk reporting in UK companies' annual reports:
< Integrating commentary on risk throughout the company report,
rather than treating it as a stand-alone section.
< Linking risk reporting directly to the discussion of strategy and the
business model.
< Explaining changes in the company's risk exposure over the
previous 12 months, as a result of changes to the strategy or
business environment, and indicating if it might change in the
future.
< Disclosing how key risks were being mitigated.
The report also noted that although many company directors were
wary of disclosing commercial sensitive information or information
which, if disclosed might bring about the very risks the company was
trying to avoid, others accepted that there was a need to find ways
of conveying more useful information to stakeholders.

Risk Categories

< There are many risks (potentially hundreds) faced by different


entities.

< Typical risks will be categorised as:


strategic;
operational (business process, financial or compliance);
= market; and
= credit.
Each of these may fit into other categories, for example:
= common business risks;
= sector-specific risks; and
= country risks.
=
=

<

2014 DeVry/Becker Educational Development Corp. All rights reserved.

The risks and


categories discussed
in the sections which
follow are based on
the requirements of
the syllabus. In the
exam, you may be
required to explain
the meaning of a
particular risk (e.g.
strategic risk) or
explain a risk in the
context of a scenario.
You may also be
asked to identify risks
based on a scenario.

12-9

Session 12 Identifying Risk

2.1

P1 Governance, Risk and Ethics

Strategic Risk

< Strategic (sometimes called "enterprise") risk is the risk that


an entity is unable to achieve one or more of its strategic
objectives. This may be due to poor selection of strategic
options, poor management and execution and other factors.

Example 2 Factors Affecting


Strategic Risk
Give FIVE examples of factors that would increase strategic risk.

Strategy"The
direction and scope
of an organisation
over the long-term
with the aim of
fulfilling stakeholder
expectations."
Johnson, Scholes
and Whittington

Solution
1.
2.
3.
4.
5.

< The risks to an entity's strategy are the threats or

<
<

<

opportunities that materially affect the ability of an entity


to survive. They arise from the need for directors to make
fundamental decisions concerning the organisation's objectives
and relate to, for example, the environment, stakeholders,
changes in the economy, new products, emerging markets,
competitors, life cycles, emerging technology and refinancing.
A top-down (strategic) approach is essential, rather than an
(operational) bottom-up approach.
As strategy concerns assumptions about the future, strategic
threats and opportunities:
= Often come from unexpected quarters (surveys of CEOs and
boards indicate at least 35% of all strategic threats). Risk
management systems must rapidly identify, analyse and
enable fast and effective responses to mitigate threats and
capitalise on opportunities.
= Are often low frequency, but high impact. Because such
risks will never have occurred before, they may not be
predicted or identified by traditional risk management
systems which rely on historical data.
= Are often very complex, arising out of ambiguous and nonroutine situations (the very nature of strategic decisionmaking) with organisation-wide rather than operationspecific implications. Risk management must identify
when managers are dealing with something they do not
understand well nor respond to often.
In order to recognise and respond quickly to developing
strategic risks, it is essential for boards to understand
how the entity integrates with, and reacts to, the external
environment. Building up an understanding of all
environmental factors that will effect an entity is an essential
first step to enabling recognition of a developing problem.

12-10

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 12 Identifying Risk

Example 3 Strategic Risks


Suggest FIVE strategic risks that could be expected to affect businesses over the next 12 months.

Solution
1.
2.
3.
4.
5.

2.2

Operational Risks

Common operational risks might include:*

< Business process risks;


< Financial risks; and
< Compliance risks.

*A formal definition of operational risks also covers financial


and compliance risk, but typically excludes market and credit
risks. Certain businesses, however, will have these risks as part
of their operations. For example, many firms will have market
risks associated with dealing in securities of other firms. However,
financial services firms may be greatly affected by changes in the
market. Clearing houses and other firms that deal in promises to
pay will be greatly affected by credit risks. The emphasis from a
risk management perspective is to manage and report on firmappropriate risks.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Operational
risk"The risk of
loss resulting from
inadequate or failed
internal processes,
people and systems, or
from external events."
Basel II

12-11

Session 12 Identifying Risk

P1 Governance, Risk and Ethics

2.2.1 Business Process Risks

< Business processes not aligned to

strategic goals
< Change initiative failure
< Loss of entrepreneurial spirit
< Stock outs of raw materials
< Skills shortage
< Physical disasters (e.g. fire, earthquake)
< Failure to create/exploit intangible
assets
< Loss of physical assets
< Lack of business continuity
< Poor brands
< Breach of confidentiality
< Succession problems
< Loss of key people
< Inability to reduce cost base
< Tough contract obligations
< Over-reliance on key suppliers or
customers
< Failure of new products or services
< Poor service levels
< Unsatisfied customers

< Quality problems


< Lack of orders
< Failure of major project
< Loss of key contracts
< Inability to use the Internet
< Failure of outsource provider to deliver
< Industrial action (own, supplier or
customer)
< Failure of information technology
< Low employee motivation or efficiency
< Inability to implement change
< Inefficient/ineffective processing of
documents
< Poor brand management
< Product liability
< Inefficient/ineffective management
process
< Exploitation of developing-world
employees
< Business probity issues
< Reputation issues
< Missed business opportunities

2.2.2 Financial Risks

< Liquidity risk


< Going concern problems
< Overtrading
< Interest risk
< Currency risk
< High cost of capital
< Treasury risk
< Misuse of financial resources
< Fraud risks

< Misstatement in financial statements


< Breakdown of accounting system
< Unrecorded liabilities
< Unreliable accounting records
< Hacking of IT/IS
< Too much data, insufficient analysis
< Decisions based on incomplete or faulty
information

2.2.3 Compliance Risks

< Breach of listing rules


< Breach of financial regulations
< Breach of legal requirements
< Litigation risk
< Breach of competition laws

12-12

< Tax problems and penalties


< Breach of other laws or regulations
< Health and safety risks
< Environmental problems

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

2.3

Session 12 Identifying Risk

Sector-Specific Risk*

< Also called industry-specific risks, these affect only particular

business sectors (e.g. regulation risk may be considered as a


generic risk, but different businesses are subject to different
regulatory authorities). For example:
= company law which applies to all businesses would be
considered a compliance risk applicable to all companies;
= listing regulations which only apply to companies that are
listed (specific sector);
= Financial Services Regulations would only apply to those
companies (listed or otherwise) providing financial services
(e.g. banks);
= charity regulations would only apply to those organisations
registered as charitiessome of which may also be
companies subject to company law.

Common Risks Explained*

3.1

Market Risk

< Market risk (sometimes referred to as systematic risk) is the

<
<

<

<

exposure to the uncertain market value of an asset, liability,


investment portfolio or a derivative contract linked to the asset
(liability) held.
It is the risk that the value of an investment (or liability) will
decrease (increase) due to moves in market factors.
Typical market factors include:*
= Changes in equity value (equity risk).
= Interest rate changes (interest rate risk).
= Foreign exchange changes (currency risk).
= Changes in commodity prices (commodity risk).
= Other price risks that would cause the market price
to change.
Market risk may also relate to the horizontal and vertical
market conditions in which the firm operates (e.g. expanding
or declining markets, new competitive products, new
competitors, changes in consumer requirements, changes in
operating conditions).
Horizontal markets may include competitors with vertical
markets including both resource suppliers and product end
users (if the firm is an intermediate producer in its industry).

*Within any one sector


(e.g. extractive sector)
there will be different
industries (e.g. oil
and coal). Each
industry faces different
risks that may
change. Even within
a particular industry
(e.g. mining) risks may
differ (e.g. depending
on the extraction
methoddeep seam or
open cast).

*The risks described


in section 3 are listed
in the ACCA's Study
Guide as common
business risks.

*IFRS 7 Financial Instruments: Disclosures defines market risk


as "the risk that the fair value or future cash flows of a financial
instrument will fluctuate because of changes in market prices".
Remember that the simple receivable is a financial instrument as
are foreign currency deposits, investments in another entity (e.g.
equity or fixed interest debt), foreign currency hedges and forward
contracts for commodities.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

12-13

Session 12 Identifying Risk

3.2

P1 Governance, Risk and Ethics

Credit Risk

< The risk that one party to a financial instrument (e.g. trade

<

receivable, loan) will cause a financial loss for the other party
by failing to discharge an obligation (i.e. fail to settle the
debt). This also may be known as credit default risk.*
The factors to be taken into account include:
= the total volume of credit sales;
= the organisation's credit policy and credit terms offered
(credit limits and time allowed to pay);
= the "quality" of customers (some types of customer are a
greater credit risk than others); and
= credit vetting, assessment and debt collection procedures.

Illustration 2 Sub-prime
Mortgages

*The term "credit risk"


also may be applied to
the risk that the firm's
credit rating could be
downgraded, in which
case its cost of capital
will increase. That
type of risk is more
commonly known as
"credit rating risk" or
"financing cost risk" (a
type of financial risk).

The sub-prime mortgage market (developed on the back of the US


housing bubble of 20002008) was based on banks and mortgage
brokers in the US selling mortgages to known credit risks (sub-prime
NINJA; that is, No Income, No Job or Assets).
As they were then able to resell these mortgages on through the
mortgage bond market, the banks' credit risks were considered to be
limited (someone else's problem). Should default occur, mortgage
bond packagers maintained, the debt would easily be covered by the
rising value of the property held as collateral. By 2005, 20% of US
mortgages were of this type.
However, most of these mortgages were ARM (adjustable rate
mortgages) which held "reset" clauses so that after two to five
years, the low interest rate would reset to market rates (often
double the initial rate). As the reset clauses activated, most
mortgagees defaulted. Initially, this had little effect on house prices
but as more "reset" clauses activated, more repossessed houses
came onto the market and house prices started to collapse. Within
two years (2007 and 2008), the average annual change in house
prices fell from +10% to -10%.
Banks which had not resold sub-prime mortgages into the mortgage
bond market suffered huge bad debts, and some of those which had
were required to repay under the terms of the bond.
In addition, the banks and other financial institutions involved
in the mortgage bond market had developed and sold to other
financial institutions new financial instruments (Collateralized Debt
ObligationsCDO) in which the sub-prime debt had been "sliced and
diced" with prime debt in order to obtain a high credit rating (i.e. it
was not possible to identify and remove the sub-prime element from
the whole financial instrument).
As the defaults on sub-prime mortgages increased, the value of the
sub-prime mortgages, the financial instruments containing or derived
from sub-prime mortgages, collapsed, leading to the "credit crunch"
when banks had to write off billions of dollars from their statements
of financial position, attempted to raise additional finance to shore up
their financial position and (along with other lenders) tightened up
their lending requirements. The inter-bank lending market froze as
banks lost faith in the money-market system and refused to continue
to lend to each otherpreferring to hold onto money rather than lend
it in fear that it may not be repaid.
The lack of credit caused consumers not to spend, major
development projects to halt, companies to cease expansion (with
many unable to roll over existing credit lines or debt) and contract.
As faith has been lost in the banking and consumer systems, many
companies have been faced with significant declines in market
capitalisation, restructuring and increased going concern risks.

12-14

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 12 Identifying Risk

3.3 Liquidity Risk


< There are three aspects:
1. Risk that an entity will encounter difficulty in meeting
obligations associated with financial liabilities (i.e. difficulty
in repaying debt).
2. Risk that an entity will not be able to raise cash either from
its shareholders or other third parties (e.g. banks).
3. Risk of a premature or forced sale of assets, at a market
loss, to raise necessary funds.

< An entity is said to have liquidity if it can easily meet its needs
for cash either because it has cash on hand or can otherwise
raise or borrow cash.
< Obviously, the concept of liquidity for an entity revolves
around cash. The liquidity of an entity depends on:
= the short-term need for cash;
= cash on hand;
= available lines of credit;
= the liquidity of the entity's assets; and
= the entity's reputation in the marketplacehow willing will
counterparties be to trade with or lend to the entity and
how willing are existing or potential shareholders to invest
in the entity?

3.4 Technological Risk


< The risk that a firm does not realise (or recognise) the

potential of technology (including change and emerging


technology) to maintain or gain competitive advantage.
< Such technology may be:
= back room (e.g. executive information systems, decision
support systems, CAD); or
= front room (e.g. operational systems, production systems,
procurement systems, supply chain systems, customer
management systems).
< Like many other categories of risk, technology risk is a
two-way risk and technological change creates threats and
opportunities for organisations.
< Neumann (taking Porter's competitive advantage strategies)
developed a five-point competitive strategy for information
systems and technology:
1. Cost leadershipusing technology to reduce costs,
production and administration, below those of competitors.
2. Differentiationunique products, improved quality,
improved effectiveness of service, developing niche
markets, increased efficiency of business processes.
3. Innovationnew ways of doing business, extending
product life through added value, business model evolution.
4. Growthnew markets, quicker responses to market
indicators, Web-based selling.
5. Strategic alliancewith customers, suppliers,
competitors, other companies through integration of
systems, shared systems, joint ventures and mergers.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

12-15

Session 12 Identifying Risk

P1 Governance, Risk and Ethics

All of the previous raise specific strategic and operational risks


and opportunities.

< Challenges facing entities (that will give rise to risks) include:
= Achieving

alignment of IT with business objectives.


Business strategy must drive technology strategy. A strong
business case must be made for the technology with a
positive cost/benefit.
= Dealing with increasingly complex technology environments.
In order to measure risk, management must understand
it. Management may believe that it understands the
technology and its impact, when in fact it does not. Thus,
risks are not identified until they occuroften too late to be
able to react to them.
= Protecting against a plethora of new threats and
vulnerabilities. These include data loss, data corruption,
hacking, viruses and loss of reputation.
= Increased regulatory compliance obligations. Initially data
protection, but now including cross-border tax issues and
monitoring of website content.
= Out-of-control IT projects (that should never have been
started). Poorly planned, implemented and managed,
they invariably involve overspend. The greatest damage
arises when a completed project fails to meet the original
objectives.
= Achieving visibility of IT spending (ensuring that
management is fully aware of the budget and actual
spending) and the value it returns to the business (this
may be difficult to quantify when the expected benefits are
qualitative).
< Further specific risks relating to technology include:
= Theft (physical or of data)
= Data corruption
= Poor training in the use of the technology
= Unauthorised access to systems
= Internet damage (e.g. viruses, hacking and denial of
service attacks)
= Physical damage (e.g. fire, flood, weather, natural disaster,
terrorist attack, accidental damage, deliberate damage).

12-16

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

3.5

Session 12 Identifying Risk

Legal and Regulatory Risk

< The risk of breaching applicable laws and regulations, sometimes


<
<

referred to as compliance risk (i.e. the risk of not complying


with laws and regulations).
Such laws may be general (e.g. health and safety, company
law, financial statements) or they may be specific (e.g.
financial service regulations, listing regulations).
Typical legal risks include:
1. Competition law (e.g. cartels)
2.

Data protection (e.g. illegal use, unlawful access)

3.

Copyright infringement

4.

Product recalls (e.g. food safety, products fit for use, use
of illegal materials)

5.

Health and safety

6.

Financial statements

7.

Taxation

8.

Financial services regulations

9.

Money laundering

10. Extradition (particularly where operations are conducted


in the US).

< Although the breach of some laws and regulations may result
in immaterial fines, others may result in the withdrawal of an
operating licence, business closure or substantial fines, bad
publicity and criminal procedures (including jail terms) for
managers and directors.*

*The sheer number and intensity of the laws and regulations


governing companies is often stated by directors as being their
"worst nightmare". Many surveys conclude that far too much time is
taken up by the CEO and the board in keeping up to date and dealing
with what are considered an unnecessary bureaucratic intrusion into
company affairs. However, to ignore them is not an option.
As discussed in Session 11, for example, firms will be subject to
regulation beginning in early 2013 by both Prudential Regulatory
Authority (PRA) and Financial Conduct Authority (FCA). These
replace the Financial Services Authority (FSA) as the result of the
Financial Services Bill passed in early 2012.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

12-17

Session 12 Identifying Risk

3.6

P1 Governance, Risk and Ethics

Health and Safety Risk

< Health is not merely the absence of disease or infirmity, but a

<
<

<
<
<

state of complete physical, mental and social well-being and


the avoidance of unintentional injury or death. (World Health
Organisation, or WHO).
Safety, in the WHO report, is interpreted to refer directly to
the means of avoiding unintentional injury or death and is
considered to be an aspect of health promotion.
Health and safety risk can thus be considered as the risk of
unintentional harm (actual or potential) to employees or other
individuals (e.g. visitors, customers and local population)
caused by the entity.
A hazard is anything that may cause harm, such as chemicals,
electricity, working from ladders, an open drawer, etc.
The risk is the chance, high or low, that somebody could
be harmed by these and other hazards, together with an
indication of how serious the harm could be.*
Initially employer (and employee) responsibilities for health
and safety in the workplace were laid down in laws and
regulations. With the increasing importance of CSR, many
employers consider health and safety to be a moral issue and
provide a working environment which exceeds the minimum
legal requirements in order to achieve an appropriate work-life
balance for their employees.

< It is critical for organisations, their managers and employees

to observe health and safety legislation (and assess the risks


of breaches) for the following reasons:
= In many jurisdictions health and safety is covered by
legislation, thus breaches will be subject to criminal
proceedings, fines and, in extreme cases, business closure.
= Accidents and illness can be costly in monetary and
reputational terms to the employer through lost production,
absence of key employees, lower morale in the workforce,
legal fees if involved in a court case and bad publicity.
= Under civil law, it may be possible for an employee (or
visitors to the organisation) to sue for compensation
if injured.
= Organisations have a moral obligation to protect others
(including not only their employees but customers, visitors
and the local community).
= Insurance cover is usually required by organisations. A
poor health and safety record may invalidate any insurance
cover, without which the organisation would not be allowed
to operate.

12-18

*In many occupations


there is always the risk
of serious injury and
death (e.g. mining,
fire-fighting, deep
sea diving). Health
and safety procedures
therefore need to be
in place to reduce this
risk to an acceptable
level to the employee.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 12 Identifying Risk

Example 4 Health and Safety Risks


Suggest 10 risks to the health and safety of employees working in an office environment.

Solution
1.

6.

2.

7.

3.

8.

4.

9.

5.

10.

3.7

Environmental Risk

3.7.1

Impact on the Environment

< Environmental risk concerns damage an entity's activities, can


<

<

harm the environment and people, and cause a loss of quality


of life as a result of environmental degradation.
It refers to the actual or potential threat of adverse effects on
living organisms and the environment by effluents, emissions,
wastes, resource depletion, etc, arising out of an entity's
activities (e.g. global warming, river pollution, groundwater
pollution).
Although all entities will face environmental risk, the
agriculture, chemical, transportation, logging and nuclear
power industries are examples of industries with a high
environmental risk.

Illustration 3 Changing Risks


Gas Wars
The January 2009 "gas wars" involving the EU, Ukraine and Russia
increased the environmental risk of a number of companies as they
were unable to use gas (a relatively clean fuel) as their normal
power source. Some EU countries restarted old-technology nuclear
power plants and others allowed their industries to use heavy fuel
oil, resulting in smog warnings in cities.
Biofuels
Biofuels are generated through the cropping of plants such as
soya beans, maize, wheat and sugar cane to use as a source of
energy (e.g. transport fuel). Initially hailed as a "green" solution
to the depletion of unsustainable fossil fuels and increasing global
warning, biofuels are now being considered a major environmental
risk because of deforestation (as forests are cleared to enable more
crops to be grown) and as a major factor in the food shortages (and
significant increases in food prices) during the first decade of the
21st century, as millions of acres of land were switched from food
production to fuel production.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

12-19

Session 12 Identifying Risk

P1 Governance, Risk and Ethics

< Although many countries have specific legislation dealing

with the environmental impact of entities, a key driver for


environmental risk has been the sustainability reporting
guidelines of the GRI, which, for the environment, include
disclosure, monitoring, management and risks related to, for
example:
= Materials
= Energy
= Water
= Emissions, effluents and waste
= Transport.

3.7.2

Impact of the Environment

< Additionally, environmental risk encompasses the potential


<

impact that the environment may have on an entity.


Such risks include climate change; natural events (e.g.
earthquake, volcanic eruption, landslide, tsunami); adverse
weather (e.g. hurricanes, monsoon, flash floods, snow); and
resource depletion and threats to natural resources (e.g. water
and energy supplies).

3.8

Reputation Risk

< Reputation risk is the risk that negative publicity regarding

<

<

<

an institution's business, its procedures, policies, practices,


actions, ethics and the actions of its stakeholders (e.g.
directors, managers, employees, regulators, customers and
suppliers) will lead to a loss of shareholder value, competitive
advantage and business revenue, or lead to regulatory action
or litigation.
An entity's or individual's reputation will decline when
experience of the entity or individual falls short of expectation.
This does however, raise three key questions:
= Whose experiencecustomers, investors, regulators,
employees, the general public.
= What experienceeach stakeholder will have its own
claims on, and perceptions of, the entity and thus a set of
experiences that could lead to reputational damage.
= Which expectations and how were they formedthe
expectation of a stakeholder may be unrealistic. The
factors related to expectations may be outside of the
entity's control. Expectations may be based on incorrect
assumptions or standards.
Thus it is easy to see why reputation risk is referred to as "the
risks of risks" or "the mother of all risks" and why it can be
very difficult to manage. A reputation that has taken 20 years
to develop can (in the "CNN world") be lost in 20 seconds.*
In addition, many elements of an entity's reputation may
be outside its control (e.g. actions of its customers and
suppliers). However, the way the entity reacts to such matters
often will determine its reputation.

12-20

*Should reputation risk


be treated as a single
element or considered
to be embedded within
many other risks (e.g.
product risk, brand
risk, procurement risk,
HR risk, operational
risk, etc)?

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 12 Identifying Risk

Illustration 4 BP
The BP Deepwater Horizon oil spill in the Gulf of Mexico in 2010 is
a prime example of an organisation digging itself ever deeper into
a reputation risk grave through total lack of understanding of and
sensitivity about the effect of its actions. In particular, both CEO
Tony Hayward and Chairman Carl-Henric Svanberg throughout
the crisis made comments that have become public-relations
disaster classics.
Initially, Hayward referred to the Gulf of Mexico as being a "big
ocean" and the oil spill as just a "drop in the ocean". The spill
became the world's largest accidental ocean-based disaster.
At the end of May that year, he visited Venice, Louisiana (one of the
worst affected areas) to apologise for the disaster. "The first thing to
say is I'm sorry," he told reporters. When asked what he would like
to tell locals whose livelihoods had been affected, he said: "We're
sorry for the massive disruption it's caused their lives. There's no one
who wants this over more than I do. I would like my life back."
His comment about wanting his life back outraged the American
public, especially people who had lost their livelihoods because of
the oil spill. A blog on Forbes played out the possible consequences
had the spill occurred off the coast of China. It concluded that
Hayward was "sentenced to death in his absence", which would have
made his comment far more poignant.
This comment was compounded by his action of taking a day off
(two weeks later) to go sailing with his son. The White House
said the move was one of a "long line of PR gaffes and mistakes"
by Hayward.
During one of the congressional and Senate hearings into the
disaster, Hayward was asked about why he did not take action
earlier on the spill. His reply was that "I cannot be expected to
know everything about all of our wells. We have thousands spread
around the world."
Hayward was voted, for 2010, the "most hated and most clueless
man in America" in one US nationwide survey.
BP's chairman also joined in on the PR disaster. After a meeting
with President Barack Obama, Svanberg told the press: "I would
like to take this opportunity to apologise to the American people on
behalf of all the employees of BP . I hear comments sometimes
that large oil companies are greedy companies who don't care. But
that is not the case in BP. We care about the small people."
The reference to "small people" again outraged the American public,
as it implied that everybody affected was somehow "down there"
and BP managers were "way above them, with the gods".
Many PR professionals concluded that the biggest mistake BP made
was in not understanding the US attitude and expectations. For
the first two months of the crisis there was no senior American
involvement or PR management. In mid-June, Hayward was
replaced by American Bob Dudley in dealing with the spill. Hayward
left BP by "mutual consent" in October 2010. Dudley became
the CEO.
Within three months of the oil spill, BP's market capitalisation had
halved (losing over $100 billion) with speculation that the company
would collapse. Although the share price dropped from a high of
650p before the spill to a low of 300p, the company survived. By
the end of 2011, the share price was 450p. But share prices for
comparable oil companies had increased by 50% during the same
period, meaning that BP's share price should have been in the region
of 900p.
This Illustration demonstrates the impact of reputation risk.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

BP is a good example
of the examiner's
expectation that
candidates should
have a broad
understanding of
"real life" corporate
governance issues.
Q1 December 2011
concerning internal
control failures,
code of ethics, risks
and environmental
risk management
was based on the
BP oil spill disaster.
Although any
candidate who can
analyse a scenario,
link the requirements
to it and understand
how the requirements
are related should do
well, those who know
the background to
the scenario should
also be able to add
relevant "real life"
comments which
should impress the
marker.

12-21

Session 12 Identifying Risk

P1 Governance, Risk and Ethics

Example 5 Reputation Risk


Give FOUR examples of corporate behaviour that may lead to a reputation risk.

Solution
1.
2.
3.
4.

3.9

Business Probity Risk

< Probity is the strict adherence to a code of ethics based on

<

<
<

undeviating honesty, especially in commercial (monetary)


matters and beyond legal requirements. Thus business
probity risk is the risk that business transactions and actions
may not be ethical, lawful, prudent, effective and transparent.
Basic probity risk relates to bribe offering and accepting,
with the defence, oil, public works/construction and banking/
finance (e.g. money laundering) industries ranking as having
the highest incidence of bribery being considered a normal
business practice.
For an individual firm, the greatest probity risk may be
considered to arise in the awarding of supply and service
contracts.
Other probity issues include:
= the actions of specific directors (e.g. the CEO) in not
providing all necessary information to the board or audit
committee;
= providing misleading information (e.g. through reports,
websites, briefings) to the market, shareholders, regulators
and other stakeholders;
= being "economical with the truth"; not providing the "full
picture" (usually bad news) or just "drip feeding" the
information to those who have a right to know; and
= attempting to hide bad news on the basis that the problem
will go away.

12-22

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 12 Identifying Risk

3.10 Derivative Risk


< Derivative risk is the risk that derivatives will cause substantial
<

<

<

financial damage to an entity (or not behave as expected).


Derivatives are financial instruments that require no initial net
investment and will be settled at a future date. Their value
derives from the value of something else (the "underlying").
For example, interest rates, another financial instrument price,
commodity prices, foreign exchange rates, an index of prices
or rates, a credit rating or a credit index.
Initially developed as a tool to manage and reduce risk, they
hedge the risk of owning things that are subject to unexpected
price fluctuations (e.g. foreign currencies, bushels of wheat,
oil, company shares and government bonds). There are two
main types of standardised derivatives contract:
= futures, or contracts for future delivery at a specified
price; and
= options that give one party the opportunity to buy from or
sell to the other side at a prearranged price.
Because, simplistically, derivatives investments represent bets
taken on the movement of the underlying, many financial
institutions started to trade in derivatives on the basis of
wanting to make substantial profits through either winning
the bet or making commissions on placing the bet on behalf
of clients.*

*The job of derivatives trader has been likened to that of a "bookie"


once removed (i.e. taking bets on people making bets). As with all
bets, somebody wins and somebody loses. By their very nature,
derivatives encourage higher degrees of speculation. The potential
rewards are such that a technique designed to reduce risk is all too
often treated as a gambler's tool.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

12-23

Session 12 Identifying Risk

P1 Governance, Risk and Ethics

Illustration 5 Derivatives
"We view them as time bombs both for the parties that deal in them
and the economic system. ... In our view ... derivatives are financial
weapons of mass destruction, carrying dangers that, while now
latent, are potentially lethal."
Warren Buffett (2002)
1994: Procter & Gamble Co loses $157 million on interest rate
speculation.
1994: Metallgesellshaft loses $1.5 billion on oil futures and
collapses.
1995: Barings Bank goes bust, losing $1.4 billion.
1998: Long-Term Capital Management bailout costs $3.5 billion.
2001: Enron goes bankrupt. The seventh-largest company in the
US and the world's largest energy trader made extensive use of
energy and credit derivatives but becomes the biggest firm to go
bankrupt in US history after systematically attempting to conceal
huge losses.
2002: Allied Irish Bank (AIB) loses $750 million.
2004: National Australia Bank (NBA) loses A$180 million.
2004: China Aviation loses $550m in speculative trade.
2006: The US-based hedge fund Amaranth Advisors loses $6
billion trading in natural gas futures.
2007: (ongoing) Toxic assets, the credit crunch and a derivatives
Chernobyl. $500 trillion total derivatives market exposure (Bear
Stearns, Lehman Brothers, UBS and Citigroup, to name a few)
as substantial attempted unwinding of positions freezes the
derivatives market, leaving both parties and the middleman banks
with substantial losses.
2008: Socit Gnrale loses 4.9 billion in unauthorised futures
trading.
2011: UBS loses 2.0 billion through a rogue trader.
2012: JPMorgan Chase & Co could, as of this writing, lose as much
as $8 billion through derivatives tied to bond prices.*

3.11 Alternative Meanings


< Some of the risks already described can have alternative

meanings, for example:


Market riskthe risk that particular buying/selling markets
may collapse or change.
= Credit riskrelating to an organisation's credit rating.
Should this decrease, the cost of capital for the organisation
will rise as lenders will require a higher return. This may
result in an increase in liquidity risk; that is, the risk that
the market will not want the organisation's debt or equity
securities at a reasonable price.
=

12-24

*Many of the entities


in Illustration 5 are not
financial institutions.
Many such entities
attempted to use
derivatives to generate
profits rather than as
a way to manage cost.
Dealing in derivatives
was not their formal
business. Many paid
the price because of
their inexperience.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 12 Identifying Risk

Country Risks

4.1 Unique Risks


< Many of the risks discussed above can be compounded by the
fact that an entity operates overseas, has suppliers and/or
customers based overseas. For example, different:
= legal systems;
= tax systems;
= financial reporting requirements;
= health and safety regulations;
= employment laws;
= regulatory frameworks; and
= ethical, moral and environmental expectations.
< Each of these elements presents additional risks, in the
framework of country risks, to the entity.

4.2 Examples
< Bribery may be a common way of conducting business (to

obtain contracts) in one country, but would be a high probity


risk in the home country and thus of particular concern
when dealing with overseas customers who would expect
to be bribed.
< Use of child labour may be acceptable in the country of
a supplier, but would not be acceptable in the operating
environment of the buyer's country and could therefore be a
high reputation risk.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

12-25

Summary
<

Risk is the potential occurrence of an event and the magnitude of its consequences,
negative or positive, with regard to achieving an objective.

<
<

Risk management concerns the systematic process of addressing risks to the organisation.

<

The Turnbull guidance suggests methods that directors can meet their responsibilities under
the Code.

<

Organisations faces a wide range of risks.

<

The UK Code of Corporate Governance requires that firms address the nature of their
risk and describe for shareholders what they are doing about risk, or why they are not
addressing a particular risk.

Strategic (enterprise) risks concern the organisation's ability to achieve its objectives due
to poor strategy selection or execution.

Operational risk concerns the areas of business operations, nance or compliance.

Market risk concerns changes in the value of a particular asset, liability or portfolio due to
market factors.

Credit risk concerns the risk of default by a counterparty to a transaction.

Legal and regulatory risk concerns losses that a rm may incur as the result of failure to
comply with a law or regulation.

Health and safety risk is the potential harm to employees or customers.

Technological risk occurs when a rm fails to keep up with technology and loses a
competitive position.

Environmental risk concerns harms to the environment.


Reputation risk recognises the potential loss of goodwill with consumers or the investing
public that could occur as the result of a company's actions.

Country risks compound several other types of risks and include:

12-26

Sector-specic risks are those that apply to one organisation's sector but are not common
to all business.

legal systems;
tax systems;
nancial reporting requirements;
health and safety regulations;
employment laws;
regulatory frameworks; and
ethical, moral and environmental expectations.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 12
Session 12 Quiz
Estimated time: 15 minutes

1. Define risk and risk management. (1.1)


2. Explain why risk management is crucial within corporate governance. (1.2)
3. List FIVE risk management benefits. (1.3)
4. Explain sector-specific risks. (2.3)
5. True or False? Liquidity risk is the risk that one party to a financial instrument will cause a
financial loss for the other party by failing to discharge an obligation. (3.3)
6. True or False? Derivatives were initially developed as a tool to manage and reduce the risk of
owning things that are subject to unexpected price fluctuations. (3.10)
7. Describe TWO examples of country risk. (4.2)

2014 DeVry/Becker Educational Development Corp. All rights reserved.

12-27

EXAMPLE SOLUTIONS
Solution 1Risk Assessment Questions
<

Does the company have clear objectives and have they been
communicated so as to provide effective direction to employees on
risk assessment and control issues?

<

Are the significant internal and external operational, financial,


compliance and other risks identified and assessed on an ongoing basis?

<

Is there a clear understanding by management and employees of


what risks are acceptable to the board?

Solution 2Factors Affecting Strategic Risk


<

Inaccurate business analysis incorporated


into business strategy

<

Competitive pressure on price/market


increases

<

Natural disaster brings about general/


regional economic problems

<

Technologic advantage becomes obsolete


because firm is too slow to innovate

<

Substitute products enter the market

<

Adverse government policy enacted

<

Largest customer goes out of business due


to industry sector decline

<

Acquisition poorly integrated

<

Change in interest rates causes difficulty in


obtaining further capital

Solution 3Strategic Risks*


<

The credit crunch (tighter credit, lack of credit, inability to refinance,


recall of credit).

<

Regulation and compliance (unknown regulatory reaction to, for


example, sub-prime credit crisis, the tightening of banking capital
ratios initiated by Basle III).

<

Deepening recession (lack of customers, going concern).

<

Radical greening encompassing environmental and sustainability


challenges, additional disclosure and regulation (e.g. carbon emissions).

<

Non-traditional market entrants (emerging markets).

<

Cost cutting (cost containment internally and from suppliers).

<

Managing talent (keeping talent in time of recession, misaligned


compensation packages).

<

Executing alliances and transactions (recession provides opportunities,


but could easily result in missed opportunities and bad mergers).

<

Business model redundancy (long-established business models may


no longer be appropriate).

<

Reputation.

12-28

*The suggested risks


are from an Ernst &
Young 2009 survey
on business risks.
Search the Internet
for the company's
latest report to identify
what changes, if any,
have occurred. Other
surveys could easily
suggest similar or
different risks.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Solution 4Health and Safety Risks


<

Blocked fire exits or insufficient exits.

<

Fire protection systems not operating correctly (or none at all).

<

Poor ventilation.

<

Low light in working areas, corridors and stairs.

<

Sharp edges on equipment and furniture.

<

Frayed electric wires, overloaded plugs, electrical equipment exposed


to water.

<

Trailing wires, cables and leads.

<

Poorly designed seating not supporting the back.

<

Top-heavy filing cabinets.

<

Worn or torn carpets.

<

Liquid on floors.

<

Untrained equipment operators.

<

Lack of training in basic health and safety procedures.

<

No first-aid facilities.

Solution 5Reputation Risk


<

Employing child labour in developing countries or operating


"sweatshops" in which employees (usually immigrant labour, often
illegal immigrants) work long hours in poor conditions for low pay.

<

Causing environmental damage and pollution.

<

Engendering public suspicions about the damage to health from using


the company's products or from materials used in their manufacture.

<

Investing heavily in countries with unpopular, racist or tyrannical


governments.

<

Involvement in business "scandals" such as mis-selling financial


products or products known to be unsafe.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

12-29

Session 13

Assessing Risk
FOCUS
This session covers the following content from the ACCA Study Guide.
C. Identifying and Assessing Risk
1. Risk and the risk management process
b) Define and describe management responsibilities in risk management.
3. Identification, assessment and measurement of risk
a) Identify, and assess the impact upon, the stakeholders involved in
business risk.
b) Explain and analyse the concepts of assessing the severity and probability
of risk events.
c) Describe and evaluate a framework for board level consideration of risk.
h) Explain and evaluate the concepts of related and correlated risk factors.

Session 13 Guidance
Read through section 1 a couple of times to grasp the importance and approaches to risk management
techniques; learn the two key groupings in the risk management process (s.1.4).
Understand the four elements of the COSO framework used in the evaluation and analysis of
risk (s.2).

(continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Course

VISUAL OVERVIEW
Objective: To explain the process of assessing risk.

RISK MANAGEMENT PROCESS

Elements
Risk Management Standard
COSO Framework
Key Groupings

ANALYSIS AND EVALUATION

Internal Environment
Strategic Objectives
Event (Risk) Identification
Risk Assessment
Risk Register

IMPACT ON STAKEHOLDERS

Session 13 Guidance
Revisit the influence of stakeholders and remember that Mendelow's grid can be used to
estimate stakeholder power and, thus, how the effect on stakeholders from a risk event will
affect the company.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

13-1

Session 13 Assessing Risk

P1 Governance, Risk and Ethics

Risk Management Process

1.1

Elements

Many examples exist of risk management systems and processes


that have been developed by organisations. In general, a risk
management process should, at the very least, incorporate the
following elements:

MONITOR
REVIEW
FEEDBACK

IDENTIFY

THREATS TO ACHIEVING
CORPORATE OBJECTIVES

EVALUATE
ANALYSE
ASSESS

MANAGE
APPROACH
AND ACTION

13-2

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.2

Session 13 Assessing Risk

Risk Management Standard

The Institute of Risk Managers (IRM), the Association of Insurance


and Risk Managers (AIRMIC) and the National Forum for Risk
Management in the Public Sector (ALARM) jointly published
a Risk Management Standard in 2002, within which the risk
management process was diagrammatically shown as:

The Organisation's
Strategic Objectives

Risk Assessment
Risk Analysis
Risk Identification
Risk Description
Risk Estimation
Risk Evaluation
Formal
Audit
Risk Reporting
Threats and Opportunities

Decision

Risk Treatment

Residual Risk Reporting

Monitoring

2014 DeVry/Becker Educational Development Corp. All rights reserved.

13-3

Session 13 Assessing Risk

1.3

P1 Governance, Risk and Ethics

COSO Framework

COSO has expanded the risk assessment layer of its internal


control framework to develop the Enterprise Risk Management
(ERM) model.

GI

E
AT

R
ST

O
TI

RE

CO

DIVISION

1.4

PL

ENTITY LEVEL

onme
nt
tive S
etting
Event
Ident
icati
on
Risk A
ssess
ment
Risk R
espon
se
Contr
ol Act
ivities
Inform
ation
& Com
munic
ation
Monit
oring
Objec

CE

N
IA

PO

SUBSIDIARY

al Env
ir

I
RT

BUSINESS UNIT

Intern

R
PE

There are many


diagrammatic
representations of
the risk management
cycle. When
considering risk, the
examiner expects
an understanding
on the elements of
identifying, assessing,
managing, reviewing
and feedback.

Key Groupings

Broadly there are two key groupings in the risk management


process:

Assessing (analysing and evaluating) risks to identify key

13-4

risks; and
Developing strategies to manage, control and monitor those
risks (see Session 14).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 13 Assessing Risk

Analysis and Evaluation

According to COSO's ERM model there are four elements in the


analysis and evaluation of risk:*
1. Internal environment
2. Objective setting
3. Event identification
4. Risk assessment.

2.1

Internal Environment

The internal environment encompasses the firm's risk tone,

how its managers, employees and other stakeholders react


to risk and how risk is embedded within the firm and its
environment.
Factors include risk capacity, risk appetite, risk
management philosophy, oversight procedures, integrity,
ethical values, competence, authority, responsibility,
organisation and development. (Risk capacity and risk
appetite are detailed in Session 14.)

The internal environment influences how strategies and

objectives are established; business activities structured;


risks identified, assessed and acted upon; and the design and
functioning of control activities, information, communication
and monitoring activities.

2.1.1

Risk Management Philosophy

This is driven by an entity's board and pervasive through

everything managers, staff and connected stakeholders


do, from developing strategy to implementing day-to-day
operations.
It reflects the entity's values, culture and operating style and
how risk management is applied (e.g. how risks are identified,
what risks are accepted and how they are managed).*

*In the COSO framework it is crucial that the risk management


philosophy is uniform across the entire entity, especially, for
example, where elements of the entity operate under different
cultural influences.

2.1.2

Board of Directors

Effective board structures (e.g. as emphasised under good

corporate governance including NEDs and committees) will


ensure effective risk management.
It does not matter how well a business is run; every entity
is vulnerable to risk so an effective board is critical to risk
management.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*These elements
are inter-related and
cannot be considered
in isolation. As
explained in s.2.5, the
risk register is a tool
used to document,
control and provide
necessary support
in analysing and
evaluating risk.

Risk capacitythe
maximum amount
and type of risk
that an entity could
take under current
circumstances. This is
determined by various
constraints, such as
capital and human
resources, expertise
and regulatory
requirements (e.g.
if capital resources
increase and/
or regulatory
requirements are
relaxed, risk capacity
can increase).
Risk appetitethe
amount of risk,
taking into account
risk capacity, that an
entity is prepared to
accept in pursuit of
value. It reflects the
entity's management
philosophy and in turn
influences the entity's
culture and operating
style.

13-5

Session 13 Assessing Risk

2.1.3

P1 Governance, Risk and Ethics

Integrity, Ethical Values and Corporate Culture

Risk management cannot rise above the integrity and ethical

values espoused and enacted by management and employees


who design, create, administer and monitor the entity's
activities.
Although the board and management may determine official
policies, corporate culture determines what happens (rather
than what should happen) and which rules are obeyed, flexed,
broken or ignored.
Basing risk management on what should happen is far less
effective than understanding exactly which ethical values are
applied and how corporate culture operates.

2.1.4

Organisational Structure

The organisational structure provides the framework to plan,

execute, control and monitor activities. It may be centralised,


decentralised, based along functional, industry, product,
geographical lines or a mix.
Risk management needs to recognise the complexity or
simplicity of the entity's structure, its interdependencies and
its internal and external factors.

2.1.5

Authority and Responsibility

The degree to which delegation is encouraged throughout the

organisation and the limits to which individuals and teams


are encouraged to use initiative. Alignment of authority and
accountability is often used to encourage initiative.
The boundaries of authority and responsibility need to be set
to ensure that objectives are understood as well as being
achieved.
The internal environment is greatly influenced by the extent
that individuals (from the CEO to the doorman) recognise that
they are, and will be, held to account.

Illustration 1 Bank of Ireland


As part of their ethical and risk management standards, many
entities forbid access to unauthorised websites. In May 2004,
Michael Soden, CEO of the Bank of Ireland, resigned after a regular
internal check revealed that he had broken the institution's rules on
Internet use by accessing a pornography site.
"I now understand and accept that in doing this I breached the
policies of the Bank of Ireland. I have made it a central part of
my tenure as group chief executive to set the highest standards
of integrity and behaviour and to do so in an environment of
accountability, transparency and openness."

13-6

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 13 Assessing Risk

Example 1 Enron
A significant energy company was generally thought to have effective enterprise risk
management due to its high-powered and respected senior managers, prestigious
board of directors, innovative strategies, well-designed information systems and
control activities, extensive policy manuals prescribing risk and control functions
and comprehensive reconciling and supervisory routines.

Required:
Explain why the company earned the distinction of becoming one of the
largest bankruptcies in US (let alone world) history.

Solution

2014 DeVry/Becker Educational Development Corp. All rights reserved.

13-7

Session 13 Assessing Risk

2.2

P1 Governance, Risk and Ethics

Strategic Objectives

As strategic risk is the risk that an entity may not be able

to carry out its strategy and achieve its objectives, then


developing a strategy and setting objectives is a precondition
to identifying, assessing and analysing risks.
A top-down approach to objective setting is crucial.
For example:

Mission statement

Strategic objectives for entity as a whole

Strategy formulated covering whole entity

Strategy formulated for each entity business unit

Tactical objectives for each business unit

Operational activity objectives for each function and employee

13-8

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 13 Assessing Risk

Example 2 Objectives
Objectives and decision-making are usually classified as strategic, tactical
and operational.

Required:
Describe the general characteristics of each classification.

Solution
1. Strategic:

2. Tactical:

3. Operational:

As the process moves from a strategic level to the operational


level, critical success factors may be established for each
business unit, function, department, individual or any other
unit.*

*Objectives can be many and varied (e.g. cash flow objectives,


reporting, compliance, environmental, investment) and each entity
will need to establish a specific set of objectives as no one set will be
appropriate as a standard for each entity.

Having set the mission statement, strategic objectives and

critical success factors, the risks to achieving the strategy and


objectives should be identified. Similar processes should be
applied at each level (i.e. tactical and operational).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

13-9

Session 13 Assessing Risk

2.3

P1 Governance, Risk and Ethics

Event (Risk) Identification

A risk event is essentially any external or internal matter which


can have a positive or negative effect on the entity achieving its
objectives. Events may be expected (e.g. routine and recurring)
or unexpected, but predictable.
2.3.1

Identification Techniques

Beyond the development of a sound understanding of strategic

and operational objectives, identifying events that may affect


the achievement of those objectives requires a detailed
understanding of the entity, its markets and the legal, social,
political, economic, technological, environmental and cultural
environments in which it operates.
Examples:
Commodity price and exchange rate fluctuations, availability
and cost of capital.
Flood, fire, earthquake, global warming, pollution,
destruction of raw materials.
Government elections, new laws and regulations, tax
changes, political differences.
Changing demographics, work/life balance, terrorism,
change in school leaving age, change in education priorities.
Improvement in electronic commerce, emerging
technologies, loss of data.
Upstream/downstream effect of suppliers/customers (supply
chain management).
Events at the operational/activity level should also be
considered so as to focus attention on the specific units and
functions of the entity. Examples:
Changes in customer demands, lifestyle indicators, new
competitor products, new suppliers, locking in/locking out to
suppliers/customers.
Workplace accidents, fraud, dated work practices, renewal
of agreements, strikes, increased sick leave, need for
preventative maintenance.
Change management, outsourcing, changes in market
share, inefficiency, increasing customer complaints,
production problems, loss of repeat business.
IS security breaches, systems downtime, denial of service,
updating of websites.
As each entity is unique and operates under different
circumstances, management must select the techniques which
are appropriate to its risk management philosophy and which
ensure robust event identification capabilities. Without such
capabilities, entities will not be able to assess and respond to
risks, especially unexpected risks.*

13-10

*Obviously there will


always be risks which
are unexpected and
unpredictable (i.e.
"always expect the
unexpected"). Entities
cannot plan for all
risks; there will always
be the unknown.
What is important,
however, is once the
unknown becomes
known how does the
entity respond? A key
element in reputation
risk is the response to
crystallisation of the
unknown.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 13 Assessing Risk

Illustration 2 Risk Identification


Because of alarm over an increase in the number of patient deaths
during and shortly after surgical procedures, the World Health
Organisation conducted a survey across hospitals in a number
of countries to identify the root causes. From this survey a onepage checklist was developed and field tested. This has resulted in
dramatic declines in major patient complications (30%) and deaths
(40%) during or after surgical procedures.
"Operating theatres are high-risk environments. By using the checklist
for every operation we are improving team communication, saving
lives and helping ensure the highest standard of care for our patients."
UK Health Minister Lord Ara Darzi, 2009

Example 3 Event Identification


Suggest FIVE techniques that could be used by entities to identify potential risk events.

Solution
1.
2.
3.
4.
5.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

13-11

Session 13 Assessing Risk

2.3.2

P1 Governance, Risk and Ethics

Event Interdependences and Correlation

The effects of events on an entity are highly unlikely to be

in isolation. One event can easily trigger another event;


linkage is when the occurrence of one risk may lead to
another risk materialising or becoming activea domino
effect. Management must understand the relationship between
events. The relationship may be simultaneous or there may
be significant lead time between the connected events. The
events may be in the same unit/function, or an event could
affect different units of an entity in different ways.
The probability and impact of two unrelated risks occurring
at the same time must be assessed. Thus, the whole may be
greater than the sum of the parts.
The correlation between risks can be positive or negative
positive when the risks move together (both increase or
decrease) and negative when the risks move in opposite
directions.*

Increasing exposure to an environmental risk (e.g. chemical


spill or leakage) will usually also result in an increase
in reputational riskpositive correlation. If both risks
materialise the organisation will have to bear clean up
costs and repair its damaged reputation. Both risks decline
if the potentially environmentally damaging activity is
discontinued
If a company borrows money to spend, for example, on
reducing its carbon emissions, its environmental risk is
reduced. However, financial risk increases due to the
increase in gearingnegative correlation.
Hedging illustrates negative correlationthe movement in
value of the hedged item is offset by an opposite movement
in the hedging instrument.
Risk management must therefore consider not only single,
mutually exclusive risks but also the risk of multiple linked and
correlated risks.

*It is not necessary


that movements of
risk exactly mirror
each other (e.g. in
monetary terms) just
that vary together.

Illustration 3 Correlated Risks


As economies enter into recession, many businesses cut back
on capital and human investmentthereby reducing exposure
to liquidity and solvency risks. When emerging from recession,
however, such companies often find that they are unable to take
advantage of the opportunities available (e.g. due to obsolete
equipment, lack of infrastructure, lack of experienced employees,
etc)thereby increasing their exposure to the risk of losing a
competitive advantage.

13-12

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

2.3.3

Session 13 Assessing Risk

Event Categories

Event categories are designed to:


enable management to identify links and the effect of each
event (horizontally) across the entity (group, business
divisions, units, etc) and (vertically) in each operating unit;
gain a better understanding of the relationship, interaction
and "cross impact" of events (i.e. how the likelihood of an
event changes when another event actually occurs);
identify possible gaps in the event categorisation
framework; and
identify those events which will have a negative effect and
those which will have a positive effect.*
Many entities initially group potential events into categories
(e.g. political, environmental, law and regulatory, technology,
HR). These categories also can be grouped under, for
example, external and internal factors.
A further categorisation may be based on objectives, starting
at the top with strategic objectives and then working down to
the operational objectives.

2.4

Risk Assessment

Having established a strategy and strategic and operational

objectives and identified potential events which may affect


objectives, risk assessment allows entities to consider the
effect (e.g. severity, consequences and hazard) each event
may have on achieving objectives and its likelihood (i.e. a risk
profile).
In measuring or estimating impact and probability, the criteria
used may be quantitative, qualitative or a combination. The
methodologies used must be appropriate to the entity and
should be consistently applied.
Examples of risk assessment techniques include:
Benchmarkingfocuses on specific events or processes,
comparing measures and results using identified metrics.
Often used to assess probability and the effect of potential
events across a specific industry.
Probabilistic modelling (e.g. value at risk, cash flow at
risk, earnings at risk). Risk is assessed using historic data
or simulated outcomes reflecting assumptions of future
behaviour. Often used to assess expected or average
outcomes versus extreme or unexpected effects.
Non-probabilistic modelling (e.g. sensitivity measures,
stress tests, scenario analysis, "gut" feeling). Extensive use
is made of subjective assumptions in estimating the impact
of events without quantifying an associated likelihood.
The Risk Management Standards (IRM, AIRMAC, ALARM)
provide several examples on how impact and probability may
be measured.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*One event (e.g.


exchange rate change)
may be negative in
one business unit but
positive in another.
Therefore the overall
effect on the entity
needs to be considered
and an appropriate
approach developed
event correlation
across a group.

13-13

Session 13 Assessing Risk

P1 Governance, Risk and Ethics

2.4.1 Impact/Consequences (Applies to Threats


and Opportunities)
High

Financial impact to exceed $x


Significant impact on strategy or operational activities
Significant stakeholder concern

Medium

Financial impact between $x and $y


Moderate impact on strategy or activities
Moderate stakeholder concern

Low

Financial impact less than $y


Low impact on strategy or operational activities
Low stakeholder concern

$x and $y, significant, moderate and low will need to be

defined/quantified, as well as the areas of the strategy and


operational activities.
A stakeholder analysis (Mendelow) would also need to be
carried out to identify which stakeholders would be affected
and how.

Where past data (internal and external) is used to quantify the


financial effect, the source of the data should be reliable.

Many situations require subjective judgements concerning

uncertainty. Different managers will have different levels of


"uncertainty subjectiveness" and different confidence in their
ability in making subjective decisions. Care must therefore be
taken to ensure that subjective judgements are appropriately
made for the entity as a whole.

High

Likely to occur each year or more than a 25% chance


of occurrence (probable?)

Medium

Likely to occur in a 10-year time period or less than a


25% chance of occurrence (possible?)

Low

Not likely to occur in a 10-year period or less than a


2% chance of occurrence (remote?)

Where a percentage chance of occurrence is used, the time


frame would need to be quantifiedis this every year, over
a five-year period or perhaps a 25-year period? Is the
time frame in line with the strategic horizon? In the above
example, 10 years appears to be the strategic horizon.

Where the time frame is relatively short, care should be taken


to ensure to include significant risk events that may occur
beyond the time frame. The more objective the criteria used,
the more robust the risk assessmentthe more subjective,
the greater the degree of uncertainty and estimation.

13-14

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 13 Assessing Risk

Example 4 Objectivity
For each of the following, identify if the matter can be objectively or subjectively assessed.

Solution
1. Theclosureofafactorywillcost$1m.
2. Failure to meet a delivery deadline will
result in the loss of the client.
3. A nuclear accident will occur this year in
the UK.
4. Revolution in the Middle East will result in
the closure of our business.
5. There is a 25% chance that global warming
will result in a 50% increase of sales.

2.4.2

Mapping

A 2x2 "likelihood-consequences" matrix of the likelihood and

Likelihood

impact of risks provides a relatively simple tool for mapping


(graphing) and ranking the various assessments of risk:*

Low impact,
high likelihood

High impact,
high likelihood

Low impact,
low likelihood

High impact,
low likelihood

*Likelihood may
instead be labelled risk
probability and hazard
is an alternative label
for consequences or
impact.

Impact

The area considered to be high impact, high likelihood need not

be as precisely quantified as in the above diagram. Each entity


will need to consider what could be a critical area. For example:

2014 DeVry/Becker Educational Development Corp. All rights reserved.

13-15

Session 13 Assessing Risk

P1 Governance, Risk and Ethics

Critical area

X
X
X

X
X

Likelihood

X
X

X X

X
X

X
X

X
X
X
X

X
X

Impact

2.5 Risk Register


Entities that are subject to complex risk profiles will use a

risk register (usually computer-based, whether spreadsheet


based or a database management system in a complex risk
management model) to record, prioritise and track each risk
through the risk management process.
The risk register is effectively an essential part of the project
management process (e.g. to access and recommend potential
takeover targets) tracking each stage of the project (from
start to finish, identification through to monitoring) and being
reactive or proactive as events are completed or developed.
A typical register will record (and be updated as the risk cycle
progresses):
Name of risk
Risk owner/accountable party
Scope/description (events, size, type, number)
Inter-dependencies (i.e. relationship with other potential
risks)
Nature (e.g. strategic, operational, financial, compliance)
Stakeholders (e.g. use of Mendelow grid)
Quantification of risk (i.e. probability and significance)
Risk tolerance/appetite
Key risk management/control activities
Monitoring approach (including use of controls)
Gaps, issues and actions
Processes, initiatives, objectives affected by risk
management approach
Standard and tailored reporting (e.g. residual risk).

13-16

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 13 Assessing Risk

Impact on Stakeholders

The roles and claims of stakeholders have been discussed in

previous sessions.
In simple terms, the impact of risk on stakeholders is that
they will not be able to pursue their claims on the entity.
As the definition of stakeholders implies a two-way
relationship (" can affect and be affected by ") stakeholder
claims also should be considered as potential events that could
lead to threats and opportunities to the entity's strategy.*

*Stakeholder power
and the use of
Mendelow's grid have
already been discussed
as potential sources of
event indicators.

Example 5 Stakeholder Risk


Describe the impact of risk on FIVE stakeholders.

Solution

Stakeholder

Impact of Risk

1.

2.

3.

4.

5.

In the examination, the examiner will expect you to use scenario


analysis, experience and common sense in identifying stakeholders
and the impact certain risks will have on them. Wrote learnt
examples are unlikely to gain a pass mark.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

13-17

Summary

Two key groupings in the risk management process include:


1. Assessing (analysing and evaluating) risks to identify key risks.
2. Developing strategies to manage, control and monitor those risks (see Session 14).

Assessing (COSO ERM) involves four elements:


1. Internal environment
2. Objective setting
3.Eventidentication
4. Risk assessment.

A risk register or matrix may be used to record, prioritise and track each risk through the
risk management process.

Mendelow's grid can be used to estimate stakeholder power and, thus, how the impact on
stakeholders from a risk event will affect the company.

Session 13 Quiz
Estimated time: 10 minutes
1.

List the basic elements of the COSO risk management framework. (1.3)

2. Explain the concept of an entity's "risk tone". (2.1)


3. Define "risk capacity" and "risk appetite". (2.1)
4. List the techniques used to identify risk events. (2.3)
5. List the contents of a risk register. (2.5)

13-18

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 13
EXAMPLE SOLUTIONS
Solution 1Enron
Despite its high external reputation, Enron's internal environment was
significantly flawed. Management participated in, practiced and allowed
many highly questionable business practices. Their sheer arrogance
allowed them to think of themselves as "the smartest guys in the room"
anywhere, any time.

Solution 2Objectives
Strategic decisions:
affect the whole organisation;
are often subjective (as the future cannot be known until it happens);
may be based on a number of different scenarios (to enable appropriate
reaction as events unfoldbeing proactive rather than reactive);
are often about long-term planning, but not always (the strategic
horizon may be five years, it may be 20 years, or it may be on a
rolling basis);
have a higher level of risk than other decisions (because of the many
variable and unpredictable factors that such decisions may be based
on, such as the future political, economic, social and technological
(i.e. "PEST") environment);
are usually complex;
are unlikely to be recurring; and
provide the framework and guidance for tactical decision-making.
Tactical decisions:
implement the requirements of the strategic plan;
affect significant parts of the organisation;
are based on a mixture of internal and external information, with the
emphasis often on internal information;
are usually (but not always) based on financial analysis;
use a mix of qualitative and quantitative data;
are related to the short- and medium-term;
are often recurring processes, although in different contexts (e.g.
setting quality standards for different departments); and
provide the rules for operational decision-making.
Operational decisions:
affect day-to-day routine operations;
are immediate (or very short-term);
are basically concerned with control rather than planning;
have a low level of risk/uncertainty (as they are derived from set
rules and procedures;
are often repetitive;
can easily be programmed;
use internal information; and
follow rules set by tactical decision-making.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

13-19

Solution 3Event Identification

Establishing or purchasing an event inventory. Basically detailed


listings of potential events common to entities in a particular industry
developed through past experience (e.g. events related to the project
management in the construction industry).

Internal analysisinterviews with experienced managers,


brainstorming, scenario analysis, internal audit reports, regulator
reports, incident investigation and analysis, key event feedback to
managers, checklist analysis.

External analysis and monitoringexternal advisers/consultants/


lobbyists, market research, survey reports, industry benchmarking,
tracking competitors, legal changes, economic changes, political
changes, social trend analysis, emerging technologies, stakeholder
analysis and feedback.

Facilitated workshopsbrainstorming, questionnaires, what-if scenarios.

Leading event indicatorsthe monitoring of key procedures and


processes (e.g. reports, variance analysis, checklists, electronic
tracing) to enable identification of events (e.g. late schedule
repayments indicating possible default or increase in maintenance
costs indicating possible breakdown of equipment).

Business studiesinternal/external influences.

Process flow analysisfully map a process (e.g. manufacture of


motor vehicles) identifying the complete sets of inputs, tasks,
responsibilities and outputs. Consider the internal and external
factors that affect inputs or activities in the process and identify
events that could affect the achievement of the process objectives.

Trends and root causesuse data sets and data mining to identify
trends and potential causes. Once a root cause has been identified,
this is the event to be sorted.

Hazard and operability studies (HAZOP)a methodology for


identifying and dealing with potential problems in industrial
processes, particularly those which would create a hazardous
situation or a severe impairment of the process.

Solution 4Objectivity
1.Theclosureofafactorywillcost$1mobjectiveimpact
measurement as the costs of closure can be measured with
reasonable certainty (e.g. redundancy, impairment to assets,
cancellation of contracts).
2. Failure to meet a delivery deadline will result in the loss of
the clientdepends on known facts about the client and the
effect on that client of failing to meet the deadline. If this is a
general statement it is subjective. If already threatened by the
client it is an objective impact.
3. A nuclear accident will occur this year in the UKsubjective
likelihood. A nuclear accident may be military, civilian, in
a power station or a research laboratory. May be minor or
majormany "may be" thus subjective.
4. Revolution in the Middle East will result in the closure of our
business of selling clothes to the general publicsubjective.
Location and final outcome are unknown. The product is one
that is highly unlikely to be affected by political factors, but
may be (for an unknown length of time) by economic factors.
5. There is a 25% chance that global warming will result in a
50% increase of salessubjective. On what data can such
assumptions be made?
13-20

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Solution 5Stakeholder Risk


Stakeholder

Impact of Risk

Shareholder

Decrease in wealth through lower share price and dividend income.


Potential for takeover or liquidation.

Directors

Loss of reputation, loss of compensation related to performance,


criminal or civil proceedings if risk event was caused by a direct result
of their illegal actions (e.g. bribery, fraud, money laundering).

Managers

As above plus loss of promotion possibilities. In addition they may


become demotivated due to poor performance of the business unit or
function in which they work. May result in further risk as manager
pursues own interests or seeks employment elsewhere.

Employees

Similar to above. May be higher exposure to health and safety issues.


For all employees, ultimate impact will be loss of employment.

Customers

Possible impacts include loss of after-sales service, warranties, lower


quality of goods and service, loss of supplier.

Suppliers

Loss of contract to supply customer, potential bad debts, need to


extend credit terms (effect on cash flows), lawsuit from customer.

Government

Possible effects include loss of tax revenue (profits, VAT and employee),
increase in economic support to the entity, statutory redundancy
payments and increase in unemployment benefits (both direct and
indirect through the multiplier-effect on suppliers and customers).

Banks

Bad debt risk (non-payment of loan and interest), reduced value of


collateral (may result in margin calls, for example). In some cases
may increase the entity's requirement for capital.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

13-21

Session 14

Controlling Risk
FOCUS
This session covers the following content from the ACCA Study Guide.
C. Identifying and Assessing Risk
1. Risk and the risk management process
b) Define and describe management responsibilities in risk management.
c) Explain the dynamic nature of risk assessment.
d) Explain the importance and nature of management responses to changing risk
assessments.
e) Explain risk appetite and how this affects risk policy.
3. Identification, assessment and measurement of risk
f) Explain and assess the ALARP (as low as reasonably practicable) principle in risk
assessment and how this relates to severity and probability.
g) Evaluate the difficulties of risk perception including the concepts of objective
and subjective risk perception.

D. Controlling and Managing Risk


1. Targeting and monitoring of risk
a) Explain and assess the role of a risk manager in identifying and monitoring risk.
b) Explain and evaluate the role of the risk committee in identifying and
monitoring risk.
c) Describe and assess the role of internal or external risk auditing in monitoring
risk.
2. Methods of controlling and reducing risk
a) Explain the importance of risk awareness at all levels in an organisation.
b) Describe and analyse the concept of embedding risk in an organisation's systems
and procedures.
c) Describe and evaluate the concept of embedding risk in an organisation's
culture and values.
d) Explain and analyse the concepts of spreading and diversifying risk and when
this would be appropriate.
e) Identify and assess how business organisations use policies and techniques to
mitigate various types of business and financial risks.
3. Risk avoidance, retention and modelling
a) Explain, and assess the importance of, risk transference, avoidance, reduction
and acceptance.
b) Explain and evaluate the different attitudes to risk and how these can affect
strategy.
c) Explain and assess the necessity of incurring risk as part of competitively
managing a business organisation.
d) Explain and assess attitudes towards risk and the ways in which risk varies in
relation to the size, structure and development of an organisation.

P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To explain the process of managing and controlling risk.

CONTROLLING RISK

RISK
DIMENSIONS
Risk Cascade
Risk Appetite
Factors

RISK RESPONSE

TARA
Diversifying
ALARP
Contingency
Planning

MANAGEMENT
RESPONSIBILITIES

EMBEDDING
RISK AWARENESS

The CEO
The Board
Risk
Committee
Risk Manager
Chief Financial
Officer
Risk Auditing
Employees

Importance
Procedures
Risk
Management
Summary

Session 14 Guidance
Note that only section 2, "Risk Response", will be familiar to you from F8 studies. All the other
sections must be carefully studiedthey are all highly examinable.
Bear in mind that businesses must take risks in order to maximise returnsif a business was to
avoid all risks, it would not survive. Risks must be taken in order to gain.
Understand factors that may influence management's appetite for and attitude towards risk (s.1)
and how risk is controlled given particular attitudes to risk (s.2).
Recognise the roles of the board, management and the rank-and-file employee in managing risk
(s.3) and embedding risk awareness into strategy formulation and operations (s.4).
2014 DeVry/Becker Educational Development Corp. All rights reserved.

14-1

Session 14 Controlling Risk

Risk Dimensions

1.1

Risk Cascade

P1 Governance, Risk and Ethics

The following diagram depicts how risk appetite is related to

risk capacity. Risk tolerance, targets and limits are aspects of


risk appetite and relate to specific categories and operational
elements of risk.
RISK CAPACITY
The maximum amounts and
types of all risk that an entity
could take under current circumstances
RISK APPETITE
The amount and nature of exposure to risks
that an entity is prepared to accept in pursuit of
its strategic and operational goals.
RISK TOLERANCE
The maximum for each category and type of risk (at
strategic, tactical and operational levels) that the entity
is prepared to accept.
RISK TARGET/LIMITS
The optimal level of specific risk for an individual business goal (target)
set within a specified range (limits).

Risk capacity is determined by various constraints (e.g. if capital


resources increase and/or regulatory requirements are relaxed,
risk capacity can increase).
Risk appetite leads to a risk attitude that reflects the board's
response to risks that the entity will fail to meet objectives (i.e.
risk averse, risk tolerant, risk seeking or risk neutral).
An example of a risk limit is +/ 5% of the target risk level
in quantitative terms. Breaching a risk limit should result in
corrective action (at the process/operational level).

Risk appetite addresses the board's willingness to accept risk. The


board's attitude towards risk will depend on the organisation's ability
to identify, assess, control and manage risks.*

14-2

*A firm may be in
a unique position to
capitalise on a market
opportunity which
could bring great
success or moderate
failure. Under normal
circumstances, the
board's appetite for
this project could be
high. If, however,
the firm suffers from
an inability to obtain
financing, and failure
of the project would
result in serious
financial consequences
(low risk capacity),
the board would have
a low risk attitude. In
this case the board will
be risk adverse.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 14 Controlling Risk

Management's reaction to risks will not be automatic. Some

risk will always have to be accepted and managed (otherwise


there would be no activity). Some managers have a risk
attitude that positively seeks out the pleasure of taking risks;
others are risk avoiders, minimising the risks they and their
organisations take.*

*The closest businesses may have come to 100% risk seeking was
when many senior bank managers thought they had conquered risk,
and their fear of risk evaporated. In reality, they failed to appreciate
and understand exactly what risks they were facing and, when
advised what the consequences of their actions could be, "shot the
messengers".
The result was the near collapse of the financial system.

Illustration 1 Risk Appetite and Attitude


Virgin Galactic
Richard Branson, chairman of the Virgin Group, is a self-confessed "adrenalin
junkie" prepared to take on what many would consider to be high-risk ventures
(personal and business). The Group's current "adventure", through Virgin
Galactic, is to develop, build and operate privately owned spaceships and to offer
space tourism. "My interest in life comes from setting myself huge, apparently
unachievable challenges and trying to rise above them ... from the perspective of
wanting to live life to the full, I felt that I had to attempt it." He is a successful
businessman who takes risk management extremely seriously. His risk attitude is
such that he takes on ventures which many others would decline.

Lloyds TSB
This was one of the very few UK banks not be have been directly exposed to the
sub-prime crisis. Although the former CEO, Eric Daniels, was often chided by
other bank CEOs for not moving into the sub-prime and jumbo mortgage sector
with its high profits, but sticking to a traditional banker's view on mortgage
lending (many competitor bankers considered their logo, a virile black stallion,
to be more of an old black nag), the sub-prime crisis and subsequent creditcrunch validated his risk-averse approach to the mortgage business. (In 2008,
its mortgage arrears only increased by 14% compared to the industry's average
of 34% reflecting their risk averse approach to mortgage lending and subsequent
probability of default.)

1.2

Risk Appetite*

Risk appetite will be at the corporate, business unit and

department/product level. Each level feeds down to the next


finally reaching the operational level (risk tolerance, risk
targets and risk limits).
The risk appetite process covers:
Setting the overall risk appetite and at all levels in the
organisation.
Embedding risk appetite at all levels of the organisation.
Monitoring risk appetite throughout the organisation.
Revising risk appetite as internal and external environments
change at all levels.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*"Risk appetite"
encompasses all
things riskrisk
assessment, risk
management,
risk tolerance,
risk attitude, risk
response, risk
culture, ERM, etc.

14-3

Session 14 Controlling Risk

P1 Governance, Risk and Ethics

A well-defined risk appetite should have the following

characteristics:
Reflective of strategic plans, operational objectives and
stakeholder expectations.
Reflective of key aspects of the business.
Acknowledges the organisation's willingness and capacity to
take risk.
Is documented as a formal risk appetite statement.
Considers the skills, resources and technology required to
manage and monitor risk exposures.
Includes tolerance for loss or negative events that can be
reasonably quantified.
Is periodically reviewed and reconsidered with reference to
evolving industry and market conditions.
Has been approved by the board.

1.3

Factors

The factors that affect risk appetite/attitude include:


Perception
Emotion
Stakeholder requirements
Culture
Ethics
Organisation structures.
Most of these factors feed into the internal environment
identified under the COSO risk model.
A CIMA research paper, Risk and management accounting:
best practice guidelines for enterprise-wide internal control
procedures, made the following points:
Many risks are not objectively identifiable, but are
subjective and qualitative.
Everyone has a tendency to take risks; nobody is 100% risk
averse or 100% risk seeking. It is just the degree of risk
taking that will vary.
Potential rewards and individual perceptions of the risk will
influence assumption of the risk.*

*Perception (recognising information (stimuli) which triggers


individual behavioural responses to particular situations) may
be based on past experience, experience of others, the current
situation, future expectations, context of the event, selectivity, needs
and the individual.

1.3.1

Stakeholder Requirements

Stakeholder requirements can have an important effect on the

14-4

risk approach taken by managers.


A Mendelow analysis establishes who the stakeholders are,
their demands and their influence on the strategic objectives
of the business. In some cases, the risk appetite of a business
has been changed to take into account the demands of a
particular set of stakeholders.
2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 14 Controlling Risk

Illustration 2 Fannie Mae


Fannie Mae (the Federal National Mortgage Association) was founded
in the US in 1938 with the purpose of purchasing or guaranteeing
and collateralizing mortgages to ensure that funds were consistently
available to the institutions that lent money to home buyers,
particularly the lower paid. In 1968, Fannie Mae was chartered by
the US Congress as a government-sponsored enterprise. So, the US
government became a major stakeholder.
Relaxing controls and regulations over the US banking industry in
the late 1990s and early 2000s put considerable pressure on the
company as other banks and mortgage brokers became major
competitors. Fannie Mae then came under significant political
pressure in 2004 from Congress to increase the loans it guaranteed
for low-income borrowers (the sub-prime group) as the government
wanted to expand home ownership.
Disregarding warnings from his managers that such loans were
very high risk and too many owners would probably default, Daniel
Mudd, then-president and CEO of Fanny Mae, bowed to the wishes
of political stakeholders and steered the company into what was,
initially, profitable business.
Between 2005 and 2008 Fannie purchased or otherwise securitised
$311 billion in loans to risky borrowers (more than five times as much
as in previous years combined). They were moving into unchartered
waters and dealing with financial instruments (e.g. CDOs) they little
understood.
Following the sub-prime crisis the US government was forced, in
September 2008, to rescue Fannie Mae for $200 billion. On resigning,
Daniel was quoted as saying: "Almost no one expected what was
coming. It is not fair to blame us for not predicting the unthinkable."

1.3.2

Culture

Culture"A system of shared values and beliefs about what is


important, what behaviours are appropriate and about feelings and
relationships internally and externally. Values and cultures need to
be unique to the organisation, widely shared and reflected in daily
practice and relevant to the company purpose and strategy."
Chartered Institute of Personnel and Development

Research has shown that the culture of an organisation plays a

significant part in determining its risk profile.


The culture of an organisation is basically set by its managers
(in particular the CEO) which in turn can be determined by a
complex mix of individual risk traits and the national culture
within which the organisation operates.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

14-5

Session 14 Controlling Risk

P1 Governance, Risk and Ethics

Illustration 3 Cultural Bias


Against Risk*
The cultural differences between India and the US (and also the UK)
have been starkly shown by the sub-prime crisis and credit crunch.
Indians are mainly very conservative and not as comfortable with
credit as Americans. They take the view that if you spend more
money than you earn, you will get into a lot of difficulties. Indian
culture revolves around extended families that help each other out
with finances.
Banks in India were not permitted by the Indian Central Bank to
sell issued mortgages into the secondary marketthey had to keep
them and were therefore very careful to ensure borrowers would
be able to repay. They could not lend more than 60% to 70% of
a property's value and could not lend further as the value of the
property increased. At the time of its collapse, Northern Rock, a UK
bank, was offering mortgages at 120% of the valuation of property
and five times annual salary. Indian banks had to maintain capital
ratios that were at least double if not triple those of US or UK banks.
Nor were they allowed to deal with the various financial instruments
being "invented" by US and UK banks.
The same conservative culture can be seen in many UK and US
companies that were founded and run by Indian entrepreneurs.

Risk Response

2.1

TARA

*Of course, not all


Indian companies are
free from scandal.
For example, Satyam
Computer Services
is already being
described, perhaps
inaccurately, as
"India's Enron".

Risks can be ranked using, for example, a simple 22 matrix

Likelihood

grid model:

Low impact,
high likelihood

High impact,
high likelihood

Low impact,
low likelihood

High impact,
low likelihood

Impact

14-6

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 14 Controlling Risk

After ranking a risk, an approach to dealing with the risk must

Likelihood

be formulated.
When considering how to deal with each risk, management
needs to assess the effect on risk likelihood, as well as costs
and benefits, to select a response which will bring the risk
within desired risk tolerances.
A common risk response is often referred to as the TARA
(or SARA or TARAS) approach:

Reduce

Avoid

Accept

Transfer

Impact

Transfer (Share)
(high impact,
low likelihood)

Reducing risk likelihood or impact by transfer or sharing. Typical


methods include insurance (external, self and captive arrangements)
hedging, outsourcing, strategic alliances, joint ventures and contractual
risk-sharing arrangements with independent parties.

Avoid
(high impact,
high likelihood)

If in doubt, do not do it, or if already in (and risk becomes


unacceptable), exit (e.g. stop producing, leave a market, sell a
subsidiary). Price and cost services appropriately to reflect retained
risk (e.g. audit firms in quoting fees).

Reduce
(low impact,
high likelihood)

Control (manage) the risk and reduce it to within the entity's risk
threshold (e.g. through internal control processes).
Two aspects to considerreduce the likelihood and/or reduce the
impact.
A risk management framework should include:
a control environment;
control procedures;
monitoring activities (on the effectiveness of risk management);
and
information flow.
Controlling the risk may also mean modifying the way in which the
business or activity is conducted to reduce the risk (e.g. pooling,
diversification).

Accept
(low impact,
low likelihood)

No action is taken. Accept the risk at its present level as one that can
legitimately be borne (e.g. part of doing day-to-day business) or the
cost of sorting is greater than the cost of the risk itself.
A subset will be risk retention, the residual risk that is left after all
other risk responses have been utilised.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

14-7

Session 14 Controlling Risk

2.2

P1 Governance, Risk and Ethics

Spreading and Diversifying Risk

An alternative approach to sharing risk is through spreading

and diversifying risk. Diversifying risk helps spread risk


because it reduces the potential losses. Portfolio management
of share investments is a typical example of diversification.
In good economic situations there may be little
diversification. All the "eggs" may be placed in "one basket"
to generate the highest possible return.
As the economic situation declines (and potential risks
increase) the investment portfolio is diversified into
a number of investments that have a low or negative
correlation. All the eggs are not being placed in one basket
to avoid the worst possible outcome.
A prime example of spreading risk and getting it wrong was
the risk management policy of the banks that led to the
banking crisis. Although each bank sought to spread its own
risk the same approach to risk management was being used
by them all. The risk in the financial sector increased as the
risk spreads were piled on top of each other.*

2.3

*See Illustration 2 in
Session 12.

ALARP Approach

ALARP is the acronym for "as low as reasonably practicable".

Reasonably practicable involves weighing a risk against the


trouble, time and money needed to control it. Thus, ALARP
describes the level to which risks will be controlled. For
example, in deciding to reduce a risk (TARA approach) how far
should the risk be reduced?*

*A legal definition of "reasonably practicable" was set out by the UK


Court of Appeal [in its judgement in Edwards v. National Coal Board,
(1949)] as:
" a narrower term than 'physically possible' a computation must
be made in which the quantum of risk is placed on one scale and the
sacrifice involved in the measures necessary for averting the risk
(whether in money, time or trouble) is placed in the other, and that,
if it be shown that there is a gross disproportion between themthe
risk being insignificant in relation to the sacrificethe defendants
discharge the onus on them."

For a risk to be ALARP it must be possible to demonstrate

14-8

that the cost involved in reducing the risk further would be


grossly disproportionate to the benefit gainedeffectively at
the margin, marginal risk ALARP. This involves weighing a risk
against the trouble, time and money needed to control it.
Thus, ALARP describes the level to which risks would be
controlled.
The ALARP principle arises from the fact that infinite time,
effort and money could be spent on the attempt of reducing
a risk to zero (the acceptable, residual risk is zero). It should
not be understood as simply a quantitative measure of benefit
against detriment. It is more a best common practice of
judgement of the balance of risk and benefit.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 14 Controlling Risk

Illustration 4 "Reasonable"
Measures
In countries in which human life is considered "cheap", industrial
ALARP would be relatively high; little time, effort and money
would be spent to protect employees from industrial accidents as
the legal, ethical and governance consequences would be minimal
(e.g. employees would not be issued protective clothing).
In other countries in which the legal and ethical requirements for
health and safety are high, ALARP would be relatively low; the risk
of an industrial accident would be minimised to at least the legal
requirements (e.g. employees would be issued protective clothing).
In this case, for example, the most expensive earmuffs would
exclude all noise, whereas a cheaper model would eliminate all noise
above 40 decibels (sufficient to protect the wearer from going deaf).
The cheaper model would be ALARPin fact the most expensive
model could be the more dangerous as the wearer would not hear
any shouted warnings about an imminent danger.

Factors come into play such as ongoing costs set against

remote chances of one-off events, or daily expense and


supervision time required to ensure, for example, that
employees wear ear defenders set against a chance of
developing hearing loss at some time in the future.
It requires judgement.
There is no simple formula for computing what is ALARP, and
ALARP does not represent zero risk.
As the internal and external environments change, so will
ALARP. As part of the risk management process, ALARP must
also be monitored.
Even though a risk may be ALARP, it does not mean that the
risk will not happen at some stage.
With ALARP, the attention is on collecting feedback, improving
procedures and managing change to maintain the residual
risk at an ALARP level. With advances in technology, however,
what is ALARP today may not be ALARP tomorrow, so periodic
reviews will be necessary.*

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*Another term,
SFAIRP, may also
be used. SFAIRP is
the acronym for "so
far as is reasonably
practicable". ALARP
and SFAIRP mean
essentially the
same thing; at their
core is the concept
of "reasonably
practicable".

14-9

Session 14 Controlling Risk

2.4

P1 Governance, Risk and Ethics

Contingency Planning

Many risk management procedures will include the use of

a contingency recovery plan. As part of assessment and


management, it is essential to:
consider certain disaster scenarios (e.g. loss of office due to
fire, loss of data);
identify where it may not be possible to adequately reduce
or eliminate the risk; and
consider alternatives to take up any risk slack (e.g.
recovery insurance).
Wherever a contingency plan is devised, it is essential that
it has been fully thought through and tested to ensure it will
operate correctly (e.g. data recovery from backup systems,
fire evacuation, equipment hire, recovery teams, emergency
cover, replacement power and services).*
The plan should have an owner, an implementation manager
and deputy, whose delegated duties and responsibilities
are known by all who will be affected. It must be in writing
and securely held with easy access. It should be regularly
reviewed and updated.

*Storing a recovery
plan on a computer
will be of little benefit
if the computer has
crashed and cannot be
accessed.

Example 1 Contingency Plan


The quality control procedures of a major confectionary manufacturer have just identified possible
contamination of one of its chocolate products. It is clear that any contamination is not in sufficient
quantities to be a threat to human health and has been caused by ingredients from a supplier.

Required:
Describe the contingency plan the manufacturer is most likely to have in place for
this scenario.

Solution

14-10

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Management Responsibilities

3.1

The CEO

Session 14 Controlling Risk

Holds ultimate ownership responsibility for risk management.


Sets the tone at the top, along with the board, which
influences internal environmental factors and the other
components of risk management throughout the entity.

3.2

The Board

The board's chairman has direct responsibility for managing

strategic risks and overall responsibility for organisational risk.*


In summary, the board's risk management responsibilities
include:
Promoting a culture that emphasises integrity.
Embedding sound risk management in all aspects of the
entity's activities.
Approving the entity's risk appetite.
Determining the principle risks and ensuring they are
adequately communicated throughout the entity.
Setting the overall policies for risk management and control.
Adopting the most appropriate scheme of delegation of
board responsibilities to committees and individuals with
regard to managing risks.
Receiving reports on a timely and regular basis on the
management of key risks and taking appropriate follow-up
action.
Integrating risk management into the board's own
decision-making.
In addition, the board:
must ensure that sufficient balance is achieved through
considering principal risks at all levelsnot only a
top-down, strategic approach, but also a bottom-up,
operational perspective (i.e. not neglecting those at the
"coal face" who often deal with day-to-day operational
risks); and
should be satisfied that responsibility and accountability for
managing risk is assigned to individuals at an appropriate
level in the business.
Delegation of risk management may be made to a committee
(executive, non-executive, audit committee or specific risk
committee) or to specific individuals. Under the UK Corporate
Governance Code, if there is no specific risk committee, then
risk management falls under the remit of the audit committee
unless addressed by the full board.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*Refer to the UK
Corporate Governance
Code and the Turnbull
Report.

14-11

Session 14 Controlling Risk

3.3

P1 Governance, Risk and Ethics

Risk Committee

If deemed necessary, a separate risk committee, at board

level, should be established by the board comprising (under


the UK Corporate Governance Code) independent nonexecutive directors. Such members of the committee must
have the appropriate entity environment and risk management
experience (see Session 4).
It is critical that there are written terms of reference.

Illustration 5 Risk Committee


The Risk Committee is formed to oversee, on behalf of the Board, the
integration of risk management in the Bank through the enterprise
risk management (ERM) process.
The Committee shall monitor the risk framework of the Bank,
promote effective management of all risk categories and foster
the establishment and maintenance of an effective risk culture
throughout the Bank.
The Committee oversees the integration of risk management in the
Bank through the ERM process to determine whether or not such
mechanisms are commensurate with the extent and complexity of
the Bank's business activities.
Specifically, the Committee will fulfil the following key responsibilities:

14-12

review and recommend changes to the Board to ensure that


the Bank has in place at all times a Risk Management Policy
that addresses the Bank's exposure to credit, market, liquidity,
business and operation risks that conforms to regulation and risk
management "best practices";
recommend to the Board, for approval, risk tolerance levels,
limits and metrics taking into consideration the strength of the
Bank's capital, adequacy of retained earnings and overall quality
of risk management, measurement and reporting systems;
review, on a regular basis, management's risk assessments that
identify and evaluate all material risks (both qualitative and
quantitative aspects) and assist the Board in understanding the
nature and level of risks;
provide oversight to ensure that the risk management monitoring
and reporting functions in the Bank are independent of business
line or risk-taking processes;
discuss and evaluate the Bank's risk exposures in the light of
current market conditions, established risk limits, operating
performance, etc;
review reports that monitor compliance with risk parameters
established by regulation or Bank policy and measure the
adequacy of risk monitoring, testing and governance;
inform the Board of the status of risk exposures and risk
management processes in the Bank;
oversee the Bank's risk framework and controls and monitor the
activities of the management level risk committees, which oversee
the Banks management of enterprise risk categories; and
periodically review and approve proposals regarding financial,
investment, credit and operating risk management strategies and
key decisions of the management level.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

3.4

Session 14 Controlling Risk

Risk Manager

The risk manager advises on any potential risks to the

profitability or existence of the company. The risk manager:


identifies and assesses threats;
puts plans in place in case things go wrong; and
decides how to avoid, reduce or transfer risks.
The risk manager is responsible for managing the risk to the
organisation, its employees, customers, reputation, assets and
interests of stakeholders. He may work in a variety of sectors
and may specialise in a number of areas (e.g. corporate
governance, business continuity, information and security risk
and credit risk).
The risk manager's specific tasks will depend on:
the industry;
how specialised is the role; and
seniority in the organisation.*
Typical work activities may include:
planning, designing and implementing an overall risk
management process;
risk assessment;
risk evaluation;*
establishing and quantifying the organisation's "risk
appetite";
risk reporting in an appropriate way for different audiences:
to the board of directors (so they understand the most
significant risks),
to business heads (to ensure that they are aware of risks
relevant to the parts of the business for which they are
responsible), and
to individuals (to understand their accountability for
individual risks);
corporate governance involving external risk reporting to
stakeholders;
limiting risks and preparing in case things go wrong (e.g.
determining insurance cover, implementing health and
safety measures and making business continuity plans);
conducting audits of policy and compliance to standards,
including liaison with internal and external auditors; and
providing support, education and training to staff to build
risk awareness within the organisation.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

*If the entity has a


risk committee the risk
manager will sit on
it. As an executive he
may be called the chief
risk officer.

*Including evaluation
of the organisation's
previous handling of
risks.

14-13

Session 14 Controlling Risk

P1 Governance, Risk and Ethics

3.5 Chief Financial Officer


Of particular significance to risk management activities are the
financial executives (including management accounting) and
staff, as finance is pervasive through virtually all activities and
units in an entity.
Finance is involved in developing budgets and plans, tracking
and analysing performance and dealing with operational,
compliance and reporting perspectives across all functions and
units of the entity.
The chief financial officer (CFO) is a key element in helping
the CEO and the board set the ethical tone, in preventing and
detecting fraudulent reporting (internal as well as external)
and in influencing the design, implementation and monitoring
of the entity's reporting systems.
CFOs are also usually heavily involved in establishing the
financial elements of strategic objectives, analysing the risks
involved, making decisions on how the entity will be managed
and in monitoring the actions taken.

3.6 Risk Auditing


A risk audit is the review and assessment of the risks

faced by an organisation and provides assurance on the


effectiveness of the risk management process implemented by
the organisation (see Session 13) covering the controls and
safeguards implemented.
Where weaknesses are found in the risk management process,
the auditor should be able to provide appropriate advice and
recommendations.
As with any audit/assurance process, a thorough
understanding of the entity and its internal and external
environments must be obtained by the auditor to be able to
identify the risks with which the business operates. This will
include an understanding of the risk appetite of management
and the risk culture embedded in the organisation.
The risk management process will be benchmarked against an
appropriate framework (e.g. COSO, Turnbull).
Qualitative and quantitative controls will be assessed
using procedures similar to a normal audit (e.g. enquiry,
observation, confirmation).

14-14

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 14 Controlling Risk

Risk auditing brings together many aspects discussed in Session 9


(Management Control Systems), Session 13 (Assessing Risk) and
Session 20 (Integrated Reporting and Sustainability). The ability to
recall basic auditing from Paper F8 will also assist.

The audit can be carried out by internal audit or an

independent external auditing entity:


The advantage of internal audit will be that they will have
a thorough day-to-day understanding of the entity and the
risk management process and will be able to embed their
audit procedures 24/7.
The advantage of an external auditor will be independence,
a "fresh pair of eyes", avoidance of auditor capture and use
of emerging technology and procedures.

3.7

Employees

Virtually all employees (from management to the shop floor)

have a role in effective risk management. They may apply


controls, follow appropriate procedures to ensure appropriate
quality, collect information to be used in risk management
reports or produce the reports for management and the board.
Risk management systems should require employees to
communicate to higher levels any problems in operations,
non-compliance with internal and external regulations or codes
of conduct, and illegal actions. Channels should be available
for employees to report, to an appropriate level, pressure
placed on them from superiors to breach procedures and
conduct abnormal activities.

Illustration 6 Circumventing
Risk Management
A prime factor of the Merrill Lynch collapse in 2008 during the
sub-prime crisis was the change in risk management engineered
by its autocratic CEO and two of his "closed door" board members
(executives overseeing the mortgage business and risk management)
effectively creating a "mini-board" of the main board.
They intentionally weakened the risk management systems by
removing long-standing employees who understood the bank's
systems and risks and had "walked the floor" (talked with traders)
to understand the kinds of risks the bank was taking on. Internal
control procedures were also relaxed.
The employees who replaced them were loyal to the CEO and wanted
to please him by "overlooking" higher risk mortgage trades which
were earning substantial profits for the bank.
In addition, the executive who oversaw Merrill's mortgage operation
would often intimidate traders and other money makers into not
telling risk management employees exactly what they were doing.
As there was no dissent among the traders, possibly through fear
of losing their well-paid jobs, critical information input to the risk
management system (that would be reviewed by the main board)
effectively stopped.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

14-15

Session 14 Controlling Risk

P1 Governance, Risk and Ethics

Embedding Risk Awareness

4.1

Importance

Although management typically will be more aware than

employees of many risks, it is important to embed awareness at


all levels to reduce the costs of risk to a firm and its members
(which might be measured in financial or non-financial terms).
In practical terms, embedding means introducing an "eat,
sleep, dream" risk awareness philosophy into the culture of
an organisation and its internal systems such that it becomes
second natureawareness, attitude, action.
The embedding of risk awareness into the culture and systems
involves introducing risk controls into the process of work and
the environment in which it takes place.
Risk awareness and risk mitigation become as much a part
of a process as the process itself so that employees assume
such measures to be non-negotiable components of their work
experience. In such organisational cultures, risk management is
unquestioned, taken for granted, built into the corporate mission
and culture, and may be used as part of the reward system.
Embedding risk awareness assists the risk management
process through (x becoming y):

Fragmented

Integrated

Negative

Positive

Reactive

Proactive

Ad hoc
Cost based
Narrowly focused

4.2

Risk awarenessthe
knowledge of the
nature, hazards and
probabilities of risk in
given situations.

Continuous
Value based
Broadly focused

Procedures

The COSO ERM framework (and other sources) suggests

embedding risk awareness and management through the


following procedures:
Induction training on risk management for all new employees.
Implicitly included in every employee's (shop floor to
director) job description, contract of employment and
employee handbook.
Risk management policies, standards and procedures
easily available to employees who are required to confirm
compliance.
Risk management included in all training, supported by
regular updates and workshops.
Regular management/employee roundtable meetings to
discuss and brief on risks and risk responses.
Regular communications to employees on emerging risks
and changes in risk management.

14-16

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

4.3

Session 14 Controlling Risk

Risk Management Summary

The following diagram, from the document Implementing


Turnbulla Boardroom Briefing, is a useful summary of the risk
management process covered in this and previous sessions.*

*"It is never the risk that causes damage or creates opportunities


it is the way we respond."
"Risk management is based on the notion that history repeats itself,
but not quite."
Peter L. Berstein

Focus on fulfilling
objectives through better
management of risk

2014 DeVry/Becker Educational Development Corp. All rights reserved.

14-17

Summary

Risk appetite considers the board's willingness to accept risk and the board's attitudes
towards risk recognise its ability to assume risk.

Perceptions of risk may vary among individuals; varying stakeholder requirements and their
relative power to influence objectives may constrain risk acceptance.

Risk responses are TARA (transfer, avoid, reduce, or accept) and the level of risk acceptance
will tend to be judged by ALARP (as low as reasonably possible) or SFAIRP (so far as is
reasonably practicable).

The board is responsible for managing strategic risks and the board has overall
responsibility for organisational risk; the CEO holds ultimate responsibility for
managing risks.

A CRO assists management with integrating risk management with strategy and operations and may periodically conduct a risk audit. The absence of this C-suite function will
usually necessitate that the board's audit committee have a special risk subcommittee.

The CFO assists in analysing risks to corporate strategy and prevents risk with respect to
accounting and nancial functions (recording, reporting, etc).

Employees participate in making the risk management system effective. There should
be a provision that allows employees to report a breach of controls without reprisal from
superiors.

Risk awareness should be embedded in all facets of strategic and operational design. COSO
ERM framework provides a model for embedding risk awareness.

Session 14 Quiz
Estimated time: 10 minutes
1.

List the factors that impact risk attitude. (1.3)

2.

Explain, giving examples, the meaning of TARA. (2.1)

3.

List EIGHT responsibilities of the board for risk management. (3.2)

4.

List EIGHT typical activities of a risk manager. (3.4)

5.

State FIVE procedures involved in "embedding" risk. (4)

Study Question Bank


Estimated time: 100 minutes

Priority

Estimated Time

Q17

Ferry

50 minutes

Q18

Southern Continents
Company

50 minutes

Completed

Additional

Q19

14-18

H&Z Company

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 14
EXAMPLE SOLUTIONS
Solution 1Contingency Plan

The significant risk in this situation is loss of reputationreputation risk. Although


there is the obvious risk of loss of sales of the confectionary, there is also the risk of
association (that other goods produced by the entity will suffer loss of sales).

There will also be a compliance risk (e.g. breach of health and safety regulations).

The contingency plan should cover:


The need to be proactive, quick to react, upfront, open, humble, honest and
ensuring that customers needs and possible reactions are fully considered.
The need to withdraw from public sale the contaminated product(s) and any other
products that could possibly be associated.
The need to inform and consult with the supplier of the contaminated ingredients.
The need to consider alternative suppliers/increase supplies from other suppliers.
The need to publicise what has happened, the products involved, the action being
taken, appropriate medical advice, returns and refunds (should this just be for
the affected products, related products or for any of the entity's products that
customers may feel unsure about).
The need to keep customers informed of the progress in rectifying the situation
and when replacement products are available (this may mean rebranding the
items affected).
Who will be the lead director that the risk management is channelled through and
who will be the public face of the entity? Should this be the CEO, as ultimately
"the buck stops here"?
Draft statements and appropriate pro forma notices for publication should be
drawn up as part of the contingency plan.
The chosen directors must have the appropriate media and public skills, as they
may be required to give interviews and face a potentially hostile public. In most
cases, the CEO may well be the key lead director.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

14-19

Session 15

Ethical Theories
FOCUS
This session covers the following content from the ACCA Study Guide.
E. Professional Values and Ethics
1. Ethical theories
a) Explain and distinguish between the ethical theories of relativism and
absolutism.
b) Explain, in an accounting and governance context, Kohlberg's stages of
human moral development.
c) Describe and distinguish between deontological and teleological/
consequentialist approaches to ethics.
d) Apply commonly used ethical decision-making models in accounting and
professional contexts.
i)

American Accounting Association model

ii)

Tucker's 5-question model

6. Ethical characteristics of professionalism


a) Explain and analyse the content and nature of ethical decision-making
using content from Kohlberg's framework as appropriate.

Session 15 Guidance
Understand the relationship of values, morality and ethics (s.1).
Differentiate between absolutism and relativism (s.2), including the implications of each
(s.2.1, s.2.2).
Learn Kohlberg's six stages of moral development in relation to an action in a business setting (s.3).

(continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To explain and distinguish between ethical theories.

ETHICAL THEORY

ABSOLUTISM AND RELATIVISM


Absolutism
Relativism
Ethical Pluralism

KOHLBERG'S
STAGES OF MORAL
DEVELOPMENT
Method
Six Stages
Level I: Preconventional
Level II:
Conventional
Level III: Postconventional
Summary

APPROACHES TO
ETHICS
"Kantianism"
Deontological
Approach
Teleological
Approach

ETHICAL DECISIONMAKING MODELS


(EDMM)
Issues Addressed
AAA Model
Tucker's 5-Question
Model
Other Models

Session 15 Guidance
Differentiate among various approaches to ethics, including Kantianism (s.4.1), the deontological
approach (s.4.2) and the teleological approach (s.4.3).
Learn the ethical decision-making models and be able to apply them to an exam scenario (s.5).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

15-1

Session 15 Ethical Theories

P1 Governance, Risk and Ethics

Ethical Theory

Whereas morality concerns "good" v "bad" for an individual


or a community based on that group's values, ethics concerns
development of rules and principles (i.e. "ethical theories") which,
if followed, will likely lead to a morally acceptable outcome in a
given situation.*

*Kaler (1999) suggests that morality is foremost a social


phenomenon (as humans constantly need to establish the rules and
arrangements for living together) and that it is all about harm and
benefit (right and wrong are primarily about avoiding harm and
providing benefits).

Absolutism and Relativism

Absolutism and relativism are the two extreme positions of ethical


theory. The middle ground between these extremes is called
pluralism.

2.1

Absolutism

2.1.1

Concept

Absolutismbelief that an action is always right or wrong, regardless


of the consequences or intention behind it.*

*That is, absolute


standards against
which moral questions
can be judged. There
are "eternal" rules
that should guide
all ethical and moral
decision-making in all
situations."

Actions are right (moral) or wrong (immoral).


Right and wrong are objective qualities that can be rationally

determined and do not change regardless of the person,


culture or environment.*
Morals are inherent in some fundamental source, such as:
the "divine right of kings";
the laws of the universe;
the nature of humanity (this is developed in modern human
rights theory);
the will or character of God.
At its extreme, actions are judged as moral or immoral
regardless of the circumstances in which they occur.*

*Slavery, war,
dictatorship, the death
penalty, abortion
or childhood abuse
may be judged to
be absolutely and
inarguably immoral
regardless of the
beliefs and goals of a
culture which permits
these practices.

*Lying would always be immoral, even if done for a greater good


(e.g. to save a life). This rare view of moral absolutism might be
contrasted with moral consequentialism (i.e. that the morality of an
action depends on its consequences).

15-2

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Session 15 Ethical Theories

Absolutism can be expressed in:


deontological theories, where actions are in and of
themselves good or bad; and
absolute principles as well as intrinsic actions.*
Absolutism as an ethical theory is contrasted with moral
relativism.

2.1.2

Implications

Our truth is the truth (a dogmatic approach to morality, to be

accepted without discussion or debate).


Certain things are intolerable.
We cannot learn from others.

2.2

Relativism

2.2.1

Concept

*Utilitarianism ("the
greatest happiness of
the greatest number"
should be the criterion
of the virtue ("good")
of an action) can
be said to have an
absolute principle at its
heart. Kantian ethics
has both absolutist
principles and
consequent actions
inferred by those
principles.

Relativismbelief that moral truths are relative to social, cultural,


historical or personal references, and to situational ethics, which holds
that the morality of an act depends on the context of the act.

Relativism describes a group of distinct theories arguing that

there is no objective, neutral moral truth.


Moral relativism takes several forms:
Descriptive ethical relativismdifferent cultures and
societies have different moral values derived from universal
principles and, thus, different ethical principles. This view is
supported by the work of cultural anthropologists.
Normative ethical relativismeach culture establishes
the values on which it determines morality and that
there are no universal values to which society must
adhere. This view is not supported by the work of cultural
anthropologists.*
Relative assumptions are "situational" in nature. A relativist
tends to adopt a pragmatic approach and decides, in the
particular situation, what is the best outcome.
Modern relativists observe that individual people, rather than
groups within cultures, have different value setsthey follow
different moral codes.

2.2.2

*Some relativists
believe that although
moral absolutes
may exist they are
unknowable (because
no one knows absolute
truth).

Implications of Relativism

The need for tolerance and understanding.


The fact of moral diversity.
We should not judge ethical practices in cultures that we do
not understand.

Reasonable people may differ in their view on what is morally


acceptable.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

15-3

Session 15 Ethical Theories

2.2.3

P1 Governance, Risk and Ethics

Criticisms of Relativism

It is self-defensive ("if I cannot judge others then neither can


they judge me").
Allowing every culture to live as it sees fit is only feasible
when cultures do not have to interact with each other.

2.3

Ethical Pluralism

Ethical pluralism recognises three categories of actions:


Prohibited: important
to absolutism;

Prohibited

Tolerated: important
to relativism;

Area of
legitimate
disagreement

Ideal: a moral vision;

Ideal
society

Moral
disagreements

Respect
Tolerance
No Tolerance

Kohlberg's Stages of Moral Development

3.1

Kohlberg's Method

Lawrence Kohlberg (19271987) was a well-known theorist


in the field of cognitive moral development (CMD). He posed
moral dilemmas (e.g. the Heinz Dilemma, Illustration 1) to
his subjects, then asked questions to determine their reasons
for recommending a specific course of action. Kohlberg was
more concerned with the reasoning of the action (that becomes
motivation) than the action itself.

Illustration 1 The Heinz


Dilemma
A woman was near death as the result of a unique cancer.
Only one drug might save her. It had been developed by
a local pharmacist, who sold it for $2,000 a treatment, 10
times more than it cost him to make. The woman's husband,
Heinz, could only borrow $1,000 from everyone he knew. He
asked the pharmacist for a discount or to let him pay later.
The pharmacist refused, saying he had discovered the drug
and wanted to make money from it. Heinz got desperate and
broke into the pharmacy to steal the drug.

15-4

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

3.2

Session 15 Ethical Theories

Kohlberg's Six Stages


Kohlberg's Theory of Moral Development
Stage 1: Punishment-Obedience Orientation

Level I:
Pre-conventional Morality
Stage 2: Instrumental Relativist Orientation

Level II:
Conventional Morality

Stage 3: Good Boy-Nice Girl Orientation

Stage 4: Law and Order Orientation

Stage 5: Social Contract Orientation

Level III:
Post-conventional Morality
Stage 6: Universal Ethical Principle Orientation

Kohlberg's theory is a "stage" theory (i.e. everyone goes

through the stages sequentially without omitting any stage).


Movement through these stages is not natural (i.e. people do
not automatically move from one stage to the next as they
mature by some genetic blueprint). Nor are the stages the
product of socialisation. The stages emerge from individual
thinking about moral problems.
In stage development, movement is effected when cognitive
dissonance occurs (i.e. when the inadequacies in a present
way of coping with a moral dilemma are recognised). Social
experiences promote development by stimulating mental
processes. It is through discussions and debates with others
that views are questioned and challenged.*

3.3

Level I: Pre-conventional Morality

3.3.1

Stage 1: Punishment-Obedience Orientation

Level 1 thinking is called "pre-conventional" because children

do not yet speak as members of society. Morality is seen as


something imposed by grown-ups.
It often is seen in terms of reward and punishment.
Punishment "proves" that disobedience is wrong so to obey
is to avoid punishment. "Will I be punished, if I am caught?"
"Will I be rewarded, if I obey?"

*According to stage
theory, people cannot
understand moral
reasoning more than
one stage ahead of
their own (e.g. a
person in Stage 3
cannot understand
beyond Stage 4
reasoning).

"Goodness" or "badness" is therefore determined by physical

consequences. The concern is for self.


"Heinz should not steal the drug because he might be
caught and sent to prison."
"Heinz can steal it because he asked first and it's not like he
stole something big; he won't get punished."

2014 DeVry/Becker Educational Development Corp. All rights reserved.

15-5

Session 15 Ethical Theories

3.3.2

P1 Governance, Risk and Ethics

Stage 2: Instrumental Relativist Orientation

This stage recognises different sides to any issue. Because

everything is relative, each person is free to pursue his


individual interests. Also called "Individualism and Exchange",
responses might be:
"It is right for Heinz to steal the drug because it can cure his
wife and then she can look after the children."
"The pharmacist had spent lots of money developing the
drug so it's not fair to him if Heinz stole it."
"Heinz was right to steal the drug because the pharmacist
was trying to rip him off."
"Right" meets the needs of the individual (i.e. "What's in it
for me?", an instrumental approach). Aspects of fairness,
reciprocity and equality are interpreted in physical or practical
terms rather than in terms of loyalty, gratitude or justice (e.g.
"you scratch my back and I will scratch yours"). Punishment
is a risk to be avoided.*

3.4

Level II: Conventional Morality

3.4.1

Stage 3: Good Interpersonal Relationships ("Good BoyNice Girl" Orientation)

"Good" behaviour is that which pleases, impresses or helps

others and is approved by them (i.e. "What will people think


of me?"). Behaviour is judged by intention. Self-sacrifice is
rewarded by the approval of others.
A form of peer pressure, in that the action taken would
conform to what would be expected from peers or what is
normal among peers ("they do it; so will I"). "Bad" behaviour
is unfair, selfish, greedy, letting the team down, etc.
"Yes, he should steal the drug. He probably will go to jail
but his friends will think he is a good husband."
"The judge should not punish Heinz because he was wellmeaning."
"It was the pharmacist's fault trying to overcharge and
letting someone die."*

3.4.2

Stage 4: Maintaining the Social Order (Law and Order


Orientation)

"Right" behaviour is about doing one's duty, showing respect

for authority and maintaining the given social order, regardless


of peer pressure. There is concern for society as a whole and
"civilised" behaviour. Society is seen as a system of fixed rule,
law and authority. Obligation to the law overrides any loyalty
(i.e. no one is above the law).
"Heinz has a duty to save his wife's life so he should steal
the drug. But it's wrong to steal, so he should be prepared
to accept the penalty for breaking the law."
"The judge should sentence Heinz to jail. Stealing is against
the law! He should not make any exceptions. If Heinz is
not punished others may think it is right to steal and there
will be chaos in the society."

15-6

*Reasoning is still
"pre-conventional"
because responses
are those of isolated
individuals "exchanging
favours". There is no
identification of family
or community values.

*This "conventional"
morality assumes a
collective response (i.e.
"anyone" would be right
to do what Heinz did.
It is what his peers
would have done).

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

3.5

Level III: Post-conventional Morality

3.5.1

Stage 5: Social Contract and Individual Rights

Session 15 Ethical Theories

"Right" is defined in terms of protecting individual rights

according to standards which have been agreed on "in the


public interest". The law (a "social contract") should be
upheld until it is changed by democratic means. Although
different social groups will have different values they would all
agree that they would want:
Certain basic rights (e.g. liberty and life) to be protected.
Some democratic procedures for changing unfair law and for
improving society.
"Heinz should steal the drug because everyone has the
right to life. If Heinz is caught and prosecuted then the
law (against stealing) needs to be reinterpreted because a
person's life was at stake."
"It is a husband's duty to save his wife."
"The pharmacist's decision is despicable but his right to
fair compensation (for his discovery) must be maintained.
Therefore, Heinz should not have stolen the drug."*

3.5.2

Stage 6: Universal Ethical Principles

"Right" is defined by conscience according to self-chosen ethical

principles appealing to logical comprehensiveness, universality


and consistency. These principles are not concrete moral
rules (like the Ten Commandments) but universal principles of
justice, equality of human rights and respect for individuals.
At Stage 6, a commitment to justice increases the argument
for civil disobedience.
"Heinz should steal the drug to save his wife because
preserving human life is a higher moral obligation than
preserving property."*

*Because democratic
processes alone do
not always result in
outcomes that seem
"just", Kohlberg
believed that there
must be a higher
stage which defines
the principles by which
justice is achieved.

*Martin Luther King Jr. argued that laws are only valid insofar as
they are grounded in justice and that a commitment to justice carries
with it an obligation to disobey unjust laws.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

15-7

Session 15 Ethical Theories

P1 Governance, Risk and Ethics

Example 1 Kohlberg's Stages


Relate each of the following business examples to Kohlberg's stages:
Solution
(a) Mihail uses his company BlackBerry mobile for all his personal "intertalk" and Web surfing.
He believes that it is an established practice that company mobiles are used for private
communications.

(b) XYZ Co has had its best year of trading since it was incorporated 15 years ago. The chief
executive offers share options to all suppliers and employees who have contributed to the
company's success.

(c) Elena, an ACCA student, is caught using a "crib sheet" during an ACCA Exam. She is fully
aware of ACCA's Exam misconduct rules. However, when ACCA determined that Elena
violated its rules her firm pleaded "mitigating circumstances" and supported her in an
appeal as a result of which she was not "struck off" ACCA's student register.

(d) Boris, a full-time employee of Defi Co, has charged 60 days to his timesheet developing
a new service but claims that he cannot deliver it as a Defi product because it is too
demanding of him. He asks Defi for part-time employment because delivering the new
product under the terms of his full-time contract is too stressful. As a part-time employee
he is now offering the same services that he refused to supply to Defi to a "personal"
client portfolio on a consultancy basis.

(e) Two employees have, for the first time, violated a corporate policy. The offence calls for
a written reprimand. One employee has an excellent job record and his line manager
verbally counsels him, but does not put a record on his file. The other employee's work
is generally regarded as substandard. The line manager also gives him only a verbal
warning because equity demands that they both receive the same treatment.

(f) Alexei, an accounting trainee attending an introductory course for ACCA Paper P1, signs
the attendance register for an absent colleague. His firm tries to enforce strict policies
to ensure attendance that contributes to their "proper preparedness". He knows that his
firm does not provide any financial support for students who have to re-sit if they did not
fully attend courses provided for their first attempt. Alexei believes that his colleague
will reciprocate the favour.

15-8

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

3.6

Session 15 Ethical Theories

Summary

The social perspective and view of a person at each stage may be


summarised as follows:*
Social Perspective Stage
6

Mutual respect as a universal


principle

Sees how human fallibility and frailty


are affected by communication.

Contractual perspective

Recognises that contracts will allow


persons to increase welfare of both.

Social systems perspective

Able to see abstract normative


systems.

Social relationships perspective

Recognises good and bad intentions.

Instrumental egoism

Sees that
a) others have goals and preferences,
b) either conform to or deviate from
norms.

Blind egoism

No view of person; only self and norm


are recognised.

View of Person

*Professionals (of all descriptions, not just accountants) would be


expected to be at least at Stage 2 in Kohlberg's stages of moral
development. They are regulated by professional rules incorporating
ethics and would be subject to peer pressure to act as others in the
profession would do so to be in the public interest.
They also would be expected to apply an approach of absolutism,
rather than a relativism, as the ethical standards (principles- or
rules-based) of their profession would effectively be absolute
standards against which moral questions can be judged.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

15-9

Session 15 Ethical Theories

Approaches to Ethics

4.1

"Kantianism"

P1 Governance, Risk and Ethics

Immanuel Kant, "the grandfather" of modern ethical thought,

argued that it is not possible to create a basic framework


for ethics because religious texts often supply conflicting
responses. Using the philosophy of logic, he created a new
form of ethical thought.
Kant believed in a sense of "duty" which one should follow on
all occasions. To find out what these duties were and provide
rational reasons why they must be obeyed he split reason into:
"theoretical reason" (covered by math and logic); and
a superior "practical reason".*
Kant held that nothing is good except "a good will" (i.e.
one that wills to act in accord with the moral law and out of
respect for that law, not out of natural inclinations).
He saw the moral law as a "categorical imperative" (i.e.
an unconditional command) and based his principles on
rationality rather than God's law.
The primary criticism of Kant's argument is that not all duties
can be derived from his purely formal principle.*

*There are numerous prima facie duties (e.g. keeping promises,


reparation, gratitude and justice) rather than one single formal
principle. Such duties are distinguishable from actual duties
because the many aspects of "right" or "wrong" need to be weighed
before forming a judgement and creating an obligation in the given
circumstances.

Three major post-Kant philosophies in modern studied ethics


are:
1. Deontology;

2. Utilitarianism; and
3. Virtue ethics (a belief in virtuous traits such as servility and
bravery).

15-10

*Duty is grounded in
a sense of "ought",
which implies can.
There is no sense of
"ought" about things
that cannot (or
should not) be done.
Reason begins with
the principle: "Act
only on that maxim
whereby thou canst
at the same time will
that it should become
a universal law."

Categorical
imperativean end in
itself and the basis for
all action.
Hypothetical
imperativesa
means to an end (e.g.
"if you pass your
exams you will get a
salary increase").

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

4.2

Deontological Approach

4.2.1

Description

Session 15 Ethical Theories

This concerns the application of universal ethical principles to

arrive at rules of conduct. It originates from the Greek word


deon, meaning "duty or obligation" (logos, "science").
It is based on the concept of duty. Duty theories base
morality on specific, foundational principles of obligation (e.g.
an obligation to tell the truth, not to harm others, to improve
ourselves, to improve the life of others).
It lays down the criteria by which actions can be judged in
advance.
An action is considered morally good because of some
characteristic of the action itself, not because the product of
the action (consequence) is good.
Often referred to as non-consequentialist ethical theories, they
are obligatory irrespective of the consequences that will follow.
An action can only be considered right or wrong when the
morals for taking that action are known.*

It is encapsulated in expressions such as:


"Duty for duty's sake";
"Virtue is its own reward"; and
"Let justice be done though the heavens will fall."
It is termed "formalistic" because the central principle lies in
the conformity of an action to some rule or law.

4.2.2

Three Maxims

Kant put forward three maxims that could be used to

determine an ethical act:


1. Consistencyall acts must be treated as if they are
laws of nature. An action can only be right if it would be
acceptable and applied by everyone. Basically, do unto
others as you would have done unto yourself.

*Some acts are


morally obligatory
regardless of their
consequences for
human welfare.
That is, an action
is right (or wrong)
independent of the
consequences (the
end does not justify
the means).

2. Human dignityall of humanity must be treated as an


end, not as a means to an end. Humans should not just be
considered as tools to be used. All humans have needs and
expectations that should be considered.
3. Universalityyou are ethical as long as you create laws
within the maxims and follow your own laws.*
*Universality maybe
described as the "New
York Times test" (i.e.
"Would others take
your view if your
actions were publicised
in the press?").

2014 DeVry/Becker Educational Development Corp. All rights reserved.

15-11

Session 15 Ethical Theories

P1 Governance, Risk and Ethics

Example 2 Deontological Theory


Explain, using deontological theory, whether advertising standards should allow the marketing of
"alcopop" drinks to underage consumers.

Solution

4.3

Teleological ("Consequentialist") Approach

This derives from the Greek word teos, meaning "end", since

the end result of the action is the sole determining factor of its
morality.

It is a consequentialist approach in that whether a decision

is right or wrong depends on its consequences or outcome.


As long as the consequences of the action taken are more
favourable than unfavourable, then the action can be
considered as morally right.
Duty or moral obligation is derived from what is good or
desirable as an end to be achieved (i.e. the value of what an
action brings into being).
"The end justifies the means."
The teleological theory comprises two approaches:
1. Egoist
2. Utilitarian

4.3.1

Egoism

Individuals ought to do what is in their self-interest (what's

in it for me?), according to egoism. An action is morally right


if the consequences of that action are more favourable (than
unfavourable) only to the person taking that action.
Argument foreach person should pursue their own aims
rather than please others.
Argument againstit ignores blatant wrongdoing.

15-12

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

4.3.2

Session 15 Ethical Theories

Utilitarianism

The moral worth of an action, according to utilitarianism,

is judged solely by its contribution to overall utility (i.e. by


how much happiness it creates or by how much it reduces
suffering). An action is morally right if the consequences
of that action are more favourable than unfavourable to
everyone.
Argument forbenefits everyone regardless of the route
chosen to accomplish a goal.
Argument againstit ignores the rights of the individual.

4.3.3

Altruism

A third approach, altruism, is sometimes considered. An action


is morally right if the consequences of that action are more
favourable than unfavourable to everyone other than the person
taking that action.

Illustration 2 Altruism
The decision of a company not to make a donation to a charity could
be based on prejudice or self-interest. This is not then a moral
decision.
Alternatively, it could be based on an ethical position that supporting
the charity may help the plight of those who are disadvantaged and/
or prevent others suffering similarly.
Whether a donation is made does not give insight into the motive. A
donor may give without much thought through embarrassment or a
belief that it is wrong to rebut a call for help. The decision could be
motivated by a considered ethical stance or by self-interest or some
other non-ethical position.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

15-13

Session 15 Ethical Theories

P1 Governance, Risk and Ethics

Ethical Decision-Making Models (EDMM)

5.1

Issues Addressed

The two basic issues in ethics are determining:


1. the right motive; and
2. the right action.

Ethics may be approached from different perspectives to

resolve these two issues (e.g. Kantian, social contract, egoism,


deontology, teleology).
EDMMs have been developed from conceptual approaches,
to provide a method of practically applying a framework to
resolve ethical dilemmas.
The role of EDMMs is to provide a more systematic analysis
enabling comprehensible judgement, clearer reasons and
a justifiable and more defensible action than would have
otherwise been the case.*

5.2

American Accounting Association (AAA)*

The AAA model frames the ethical decision as a series of

answers to questions and requires the user to explicitly outline


their norms, principles and values. The model is appropriate for
use when considering professional or individual ethical conflicts.
The questions to be answered are:
1. What are the facts of the case?

*Although only two


models are specified
by the examiner, the
AAA and Tucker's,
there are many such
models.

2. What are the ethical issues in the case?


3. What are the norms, principles and values related to
the case?
4. What are the alternative courses of action?
5. What is the best course of action that is consistent with
the norms, principles and values identified in No. 3 above?
6. What are the consequences of each possible course of action?
7. What is the decision?

*The AAA model was formerly known as the "American Accounting Association and Arthur
Andersen method of ethics instruction".
Establishing the facts of the case eliminates ambiguity about what is under consideration.
Norms, principles and values are generally standards, rules and beliefs that guide acceptable and
morally "good" conduct (e.g. profit motive, least harm, integrity, respect for individuals, etc). The
model places the decision into its social, ethical and professional behaviour context.
When considering what the alternative courses of action are, all should be listed no matter how
appropriate or inappropriate they may seem.
Note that when deciding the best course of action, a principle or value may be so persuasive that
a resolution is obvious. For example, protecting the environment to avoid permanent damage and
respect the rights of those whose livelihoods depend on the environment.
With each consequence, consider the long- and short-term perspectives and all positive and
negative effects. It is important to ensure that the implications of each outcome are unambiguous
so that the final decision is made with full knowledge.

15-14

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

Example 3

Session 15 Ethical Theories

AAA Model

You are the chief executive of a company which depends heavily on government
contracts. You have been approached by the fundraiser for a political party candidate.
He asks you for a large contribution, strongly implying that if this candidate wins the
election it will increase your ability to win government contracts. You do not prefer the
candidate, either personally or from a business perspective.
Required:
Use the AAA model to determine whether the contribution should be made.
Solution
1.

What are the facts of the case?

2.

What are the ethical issues in the case?

3.

What are the norms, principles and values related to the case?

4.

What are the alternative courses of action?

5.

What is the best course of action that is consistent with the norms, principles
and values identified in No. 3. above?

6.

What are the consequences of each possible course of action?

7.

What is the decision?

2014 DeVry/Becker Educational Development Corp. All rights reserved.

15-15

Session 15 Ethical Theories

5.3

P1 Governance, Risk and Ethics

Tucker's 5-Question Model

Five questions about a business decision must be answered in


the affirmative to confirm that it is ethical. Is the decision:
1. Profitable (but compared to what)?
2. Legal (what framework was used)?
3. Fair (from whose perspective? Consider stakeholders.)?
4. Right (based on what ethical position)? and
5. Sustainable (or environmentally sound)?

Example 4

Tucker's Model

Your company owns a number of large properties in various major cities. The real estate
assessor in one city offers, for a fee, to underestimate the value of your building and
so you will save substantial annual taxes assessed on property value. This is common
practice in the region.
Required:
Use Tucker's model to determine whether you ought to pay the fee.
Solution

Tucker's model actually creates more questions than it asks.

It encourages debate about conflicting ethical approaches, the


stakeholders involved and sustainability, and is therefore more
appropriate to use when considering organisational problems
rather than professional or individual situations.

15-16

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

5.4

Other Models

5.4.1

Laura Nash Model (1981)

Session 15 Ethical Theories

This model uses 12 practical steps or questions, some

of which focus more on ethical decision-making in a


business environment. This model is noteworthy because
it acknowledges alternative problem definitions, promotes
comparing intentions against likely consequences, and
considers the role of symbolism in interpreting outcomes.

Only the AAA and Tucker models are examinable, but you should be
aware that other ethical models do exist as described here.

Example 5

Laura Nash Model

You are the president of a firm which manufactures mattresses for cots. You have the option
of using either of two foams for the filling: a less expensive one which meets what you feel to
be a too-lenient government safety requirement regarding inflammability (a requirement which
you are quite sure was established as a result of pressure from your industry) and one which is
considered safer but more expensive. Assume that the market will not pay a higher price for the
more expensive material.
Required:
Use the following Laura Nash model to decide whether you should use the more
expensive filling.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

15-17

Session 15 Ethical Theories

Example 5

Laura Nash Model

P1 Governance, Risk and Ethics

(continued)

Solution
1.

Have you defined the problem accurately?

2.

How would you define the problem if you stood on the "other side of the fence"?

3.

How did this situation arise in the first place?

4.

To whom (and what) do you give your loyalties? (Consider this as a person and as a member
of the corporation.)

5.

What is your intention (in making this decision)?

6.

How does this intention compare with the likely results?

7.

Whom could your decision or action injure?

8.

Can you discuss the problem with the affected parties before making your decision?

9.

Are you confident that your current stance will be as valid over a long period of time?

10. Could you disclose without qualm your decision or action to your CEO, the board of directors,
your family, or society as a whole?

11. What is the symbolic potential of your action if it is understood? If it is misunderstood?

12. Under what conditions would you allow exceptions to your stance?

15-18

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

5.4.2

Session 15 Ethical Theories

ACCA Ethical Conflict Resolution

Under ACCA's Code of Ethics and Conduct, professional

accountants should consider:*


the relevant facts;
the ethical issues involved;
related fundamental principles;
established procedures of the firm;
the action which can be followed and the probable outcome;
alternative courses of action and their consequences;
internal and external sources of consultation available (e.g.
ethics partner; audit committee).
If a significant conflict cannot be resolved, consulting
legal advisors and/or ACCA should be considered. Such
consultation can be taken without breaching confidentiality.
If, after exhausting all possibilities, the ethical conflict remains
unresolved, members should, where possible, refuse to remain
associated with the matter creating the conflict.

5.4.3

*Although this is not


specifically examinable
it is clearly relevant
to the professional
careers of ACCA
affiliates and student
members..

Institute of Business Ethics (IBE)

The IBE, a UK charity registered in 1986, promotes three

simple ethical tests for a business decision:


1. Transparencydo I mind others knowing what I have
decided?
2. Effectwho does my decision affect or hurt?
3. Fairnesswould my decision be considered fair by those
affected?

2014 DeVry/Becker Educational Development Corp. All rights reserved.

15-19

Summary

Morality concerns "good" or "bad" outcomes based on values; ethics concerns the
development of rules or principles designed to produce good outcomes.

Absolutism ignores the intentions or consequences of an action in favour of universal


principles of right or wrong. Relativism considers the intentions or consequences of an
action in the context of social, cultural, historical or personal references.

Kohlberg's Theory of Moral Development relies on three levels, each with two stages,
progressing from a self-centered orientation to an other-centered orientation. According to the
theory, everyone passes through each stage as the result of thinking about moral problems.

Kant viewed moral law as categorical imperatives based on rational principles rather than on
religious views, which he found contradictory. However, not all duties could be found from a
rational perspective. His thinking gave rise to additional schools:

Deontological approachapplication of universal ethical principles, based on a concept of


duty, not outcome dependent.

Teleological approachexamination of the end result of actions to determine their morality.


"The end justies the means."

Ethical decision-making models provide clearer reasoning and more defensible actions
than do general ethical decision-making frameworks, and explore ethical principles and
acceptability of outcomes.

Session 15 Quiz
Estimated time: 10 minutes

1. Explain the differences between absolutism and relativism. (2)


2. List the SIX stages of Kohlberg's Theory of Moral Development. (3)
3. Describe the deontological approach. (4.2)
4. Compare the AAA decision-making model to Tucker's model. (5)

Study Question Bank


Estimated time: 30 minutes

Priority

Q20

Estimated Time

Ethical theories

Completed

30 minutes

Additional

Q21

15-20

Ethical Management

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Session 15
EXAMPLE SOLUTIONS
Solution 1Kohlberg's Stages
(a) Stage 3: Conformity
Mihail probably believes it to be an established policy because he
is aware that all other employees use their phones for the same
purpose. Even if he knew that it was not company policy to allow
private use of company assets, the fact that his peers (his immediate
group) do so puts him under pressure to do the same.
(b) Stage 4: Maintaining the Social Order
In the context of offering share options to employees, this can be
considered to be one of a number of standard practices in rewarding
employees (e.g. bonuses based on salaries). Therefore the employer
applies what may be considered as a social accord because other
firms do likewise.
Offering share options to suppliers (as a form or reward, rather than
payment for services) may be considered to be unusual in that not
many entities do so. This action may therefore be thought of as
post-conventional (e.g. Stage 5).
(c) Stage 1: Obedience and Punishment
Initially, Elena would have been concerned with the question, "Will
I be punished if I am caught, or can I get away with it and pass the
exam?" Having been caught once and, because of the support from
her firm, escaped being "struck off" from ACCA she took the view
that if caught again, no punishment would be applied. Thus she
continued her practice of examination misconduct.
(d) Stage 2: Individualism
Basically, "what's in it for me?" Boris has decided that he will be
better off by leaving Defi and becoming a freelance consultant,
thereby ignoring any loyalty or gratitude to Defi for his employment,
training and development. It is clear that he would be working just as
many hours, if not more, but would probably be earning more money.
(e) Stage 6: Consistency
The line-manager is applying wider universal ethical principles (e.g.
equity, equality, justice). Having used his judgement to give the
"excellent" employee only a verbal reprimand (although the offence
requires a higher sanction, a written warning) he considers it only fair
and right to do the same for the other employee.
(f) Stage 2: Exchange
Basically, Alexei believes that his absent colleague owes him a
favour. As he has "rewarded" his colleague, so he expects to be
given a similar "reward" at a later stage. It is in both students'
interests to be able to claim full attendance at the courses in order to
meet the "proper preparedness" criteria.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

15-21

Solution 2Deontological Theory


1.

Consistency
Would you allow your children to buy/have alcohol if underage (the
same would apply to smoking, sex, solvents, drugs, etc)? Would
you be happy if a particular product/advert was directly or indirectly
aimed to encourage your children to break the law or be encouraged
to inflict self-damage?

2.

Human dignity
Children are easily persuaded by advertising and may not be able
to tell the difference between right and wrong. In many cases,
they may wish to act like adults (e.g. drinking and smoking). Thus,
they have the right to be protected from the consequences, in this
scenario, of underage drinking.

3.

Universality
The entity producing the drink and commissioning the advertising
would not be happy should there be negative publicity in the press
(papers, TV, etc). Such publicity would probably damage the
company's reputation.*

Solution 3AAA Model


1.

Factsin exchange for a significant payment you may secure


government contracts in the future.

2.

Ethical issuesshould you provide a contribution in what, in the best


case, would be an inducement and, in the worst case, be considered
a bribe. As the CEO, you may be in breach of your fiduciary
duties and probably in breach of campaign contribution laws. As
a professional accountant you would be in breach of your ethical
codes. However, not to do so may mean that there will be a lack of
government orders should the candidate win the election.

3.

Norms, principles and valuesgovernment contracts should not


be awarded on the basis of favours, inducements or bribesvalue
for money (VFM) would be an expected driver. CEOs, as leaders of
their companies, are expected to set the moral and ethical tone of
the organisation. Professional accountants are expected to have
integrity and objectivity.

4.

Alternative courses of action(i) make the contribution; (ii) make a


lower contribution; or (iii) make no contribution.

5.

Best course of actiondecline to make a contribution and report the


incident to an appropriate elections committee.

6.

Consequences of each possible course of action:

*In many countries it


is illegal to advertise
"adult" products in a
predominantly childoriented environment
(e.g. TV adverts before
21.00) as the audience
will probably consist of
a significant number
of children, or at the
cinemas when the
certificates are, for
example, "15" or less.

(i) Making the payment will incur cash flow now for which there
may be future awards of contracts if the candidate wins. The
political contribution would need to be disclosed in the financial
statements and the candidate also would need to disclose it,
as it is material. If the candidate wins and additional contracts
are awarded, there may be possible media speculation why the
company appears to be winning more contracts than normal,
which may lead to an investigation and negative consequences
for the firm and its directors.
(ii) If the payment is not made (or is lower than requested) and the
candidate wins, the result may be that future contracts are not
awarded. This would have a detrimental effect on the business
with possible going-concern consequences.
(iii) The broad assumptions are that the candidate will win and have
control over the tendering process (i.e. awards are not made by
a separate committee).
7.

Decisionthe ethical approach would be to decline making the


requested contribution.

15-22

2014 DeVry/Becker Educational Development Corp. All rights reserved.

Solution 4Tucker's Model


This is a case of bribery. Because all five questions in this model must be
answered in the affirmative, the payment is not defensible as the evasion
of tax is illegal.
It is not fair to the wider society that the burden of evaded tax should be
borne by others in order to provide the services and facilities for which
the tax is raised. Nor can it be right (just) that others should suffer a
deterioration in, or lack of, services as a result of under-funding. That it
is considered common practice does not make it acceptable.
It is not sustainable in that a "vicious circle" is created of increasing
levies which are increasingly evaded. The environment may be harmed.
For example, vital services such as the provision of clean water may be
compromised. If charges then have to be made for services such as waste
disposal (because there are no taxes to fund the service), environmentally
damaging practices such as illegal dumping are likely to increase.

Solution 5Laura Nash Model


1.

Problemthe safer material will cost the company more/reduce profit.

2.

Problem from other side of the fencea safer foam is better.

3.

How the situation arosethe opportunity to use an inferior material


exists.

4.

Loyalty tothe consumers, without whom there is no profit for


shareholders.

5.

Intentionuse the safer foam.

6.

Comparison to resultsthe same.

7.

Who could be injured (by intention in No. 5.)no one.

8.

Discuss with other parties firstyes.

9.

Confident about position over a long periodyes.

10. Could discuss decision with familyyes.


11. Symbolic potentialthat profits are based on sound ethical action.
12. Exception conditionsif the less expensive foam met appropriate
safety standards.

The use of the safer material may be considered a sound business


decision, rather than an ethical one, because it would maintain
reputation and be a marketable feature. Or, even if profits are
reduced, this is an acceptable price for the reduction of risk.
(Consider, for example, that even though the foam meets safety
standards, the company's reputation could suffer hugely if accidents
involving infants were publicised in the media. This would result in
future costs/loss of revenues, even if the company had no liability
to the customers.) Because the law in this case does not set an
acceptable ethical safety level, "obedience" to the law is not an issue
no laws are being broken if the safety standard is being exceeded.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

15-23

Session 16

Ethics and Social


Responsibility
FOCUS
This session covers the following content from the ACCA Study Guide.
E. Professional Values and Ethics
2. Different approaches to ethics and social responsibility
a) Describe and evaluate Gray, Owen & Adams (1996) seven positions
on social responsibility.
b) Describe and evaluate other constructions of corporate and personal
ethical stance:
i)

short-term shareholder interests

ii)

long-term shareholder interests

iii)

multiple stakeholder obligations

iv)

shaper of society

c) Describe and analyse the variables determining the cultural context


of ethics and corporate social responsibility (CSR).

Session 16 Guidance
Notethis session moves the ethical theories from Session 15 into the business, social and
cultural arenas.
UnderstandGray, Owens and Adams (s.1.2) and Johnson and Scholes business ethical stances
(s.2.1, s.2.2).

(continued on next page)


P1 Governance, Risk and Ethics

Becker Professional Education | ACCA Study System

VISUAL OVERVIEW
Objective: To describe some of the key theories underlying views on social responsibility
and ethics in the workplace.

ETHICS AND SOCIAL


RESPONSIBILITY

SOCIAL RESPONSIBILITY

ETHICAL STANCE

Environmental
Philosophy
Seven Positions on CSR

Johnson and Scholes


Business Stances
Personal Stances

CULTURAL CONTEXT

INDIVIDUALS
Individual Characteristics
Situational Influences

ENTITIES

Cultural Frames
Pyramid of CSR
Strategic Postures
Corporate Culture

Session 16 Guidance
Read the remaining areas to "soak up" the variables that determine the cultural context of ethics.

2014 DeVry/Becker Educational Development Corp. All rights reserved.

16-1

Session 16 Ethics and Social Responsibility

P1 Governance, Risk and Ethics

Social Responsibility

1.1

Overview of Environmental Philosophy

< Traditional philosophy is divided between:


consequential (or teleological) theories (e.g. utilitarianism);
and
= non-consequential (or deontological) theories (e.g. rightsbased philosophies).
Environmental philosophies can be classified as:
= anthropocentric (human-centred); and
= eco-centric (earth-centred).*
=

<

1.2

Seven Positions on Corporate Social


Responsibility

Gray et al. (1996) offer a seven-level classification framework to


explain "a few general ways in which different groups in society
might envisage the organisation-society relationship."
1. Pristine capitalists
Functionalist
(individualist)
philosophies
Green
(communitarian)
accounting
philosophies

2. Expedients

Anthropocentric
(human-centred)

3. Social contract
4. Social ecologists
5. Socialists
6. Radical feminists
7. Deep ecologists

1.2.1

Rights

*Consideration of
the environment in
decision-making may
involve actions such as
pollution abatement,
resource conservation
and restoration
activities. Nature, other
species and ecosystems
are recognised as
having values beyond
human usage.

Responsibilities

Eco-centric
(earth-centred)

Pristine Capitalists

Example 1 Pristine Capitalist


A Pristine capitalist view is that organisations have:

the right to pursue legal business activities, consume resources and maximise returns to
shareholders; and

responsibilities to shareholders, but not society as a whole.


Required:
Describe the role and actions of "pristine capitalists".
Solution

16-2

2014 DeVry/Becker Educational Development Corp. All rights reserved.

P1 Governance, Risk and Ethics

1.2.2

Session 16 Ethics and Social Responsibility

Expedients

< Basically share the same underlying position as the pristine

<
<

capitalist (i.e. maximising shareholder wealth). However,