Governance Risk and Compliance Is the need of the hour

An Abstract on GRC - Internal Controls and Corporate Governance is the buzz word today. Regulators are trying their best to sustain investors confidence in the corporate world.
In India the companies registered under the Companies Act 1956, are classified as Private or Public. Private companies are those companies which are not entitled to borrow money from the public and it is mandatory to suffix as Private Ltd along with their own legal name. Public companies are those companies which are entitled to receive the money in any form from the public. Once the company received the money from the public, the company comes under the surveillance camera of the government. The government cannot directly monitor their operations of the company hence it has appointed some of the following agents to monitor, to regulate and to reveal the companies rules and regulations. Registrar of Companies and Securities Exchange Board of India

Apart from the above, the companies are required to comply, the laws that applicable according their type of business.

Corporate Governance:
The OECD [Organization for Economic Co operation and Development] principles of corporate governance states: "Corporate governance involves a set of relationships between a companys management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined." The ICSI [Institute of Companies Secretaries of India] has defined Corporate Governance is the application of best management practices, compliance of law in true letter and spirit and adherence to ethical standards for effective management and distribution of wealth and discharge of social responsibility for sustainable development of all stakeholder.

Public invest money in the companies hoping to harvest with a high return. Unfortunately, most of the companies are not providing the returns as expected by the investor. To ensure the safety of the public money, the government has made mandatory to the companies to follow the good Corporate Governance to increase the confidence of shareholders and capital-market investors. Basically, corporate governance focuses on the followings: Rights and equitable treatment of shareholders; Interests of other stake holders; Role and responsibilities of the board; Integrity and ethical behavior; Disclosure and transparency.

As concern with the corporate governance, there is a considerable regulation in different countries: USA: The most significant regulation in this context is the Sarbanes-Oxley Act [SOX] 2002; Compliance in the USA generally means compliance with laws and regulations. These laws can have criminal or civil penalties. UK: There is a considerable regulation in the UK, some of which is from EU legislation. Important compliance issues for all organizations large and small include the Data Protection Act 1998 and, for the public sector, Freedom of Information Act 2000. Combined Code issued by the London Stock Exchange (LSE) is the Sarbanes-Oxley equivalent in the UK. Australia: The regulators are the Australian Securities and Investment Commission and the Australian Prudential Regulation Authority (APRA). Compliance demands in the superannuation industry continue to increase due to the new licensing regime implemented by APRA. Canada: In Canada, Bill 198 is an Ontario legislative bill effective April 7, 2003, which provides for regulation of securities issued in the province of Ontario. It is perhaps best known for clauses that provide equivalent legislation to the U.S. Sarbanes-Oxley Act to protect investors by

improving the accuracy and reliability of corporate disclosures. Thus, it is also known as the "Canadian Sarbanes-Oxley" Act or C-SOX. Japan: The regulation, which will apply to all listed companies in Japan, calls for the establishment of internal control rules to ensure proper disclosures and reporting on internal accounting procedures. It will also require company management to verify that these rules are being complied with, and for auditing firms to conduct the relevant audits. The same law as US-SOX was established by Japanese government in Jun, 2006.The law is so-called J-SOX (Japanese SOX India: In India, the primary responsibility of protection of public money is in the hands of SEBI. SEBI was set up in the year 1992 as a saturated authority to take care of the public money invested in the listed public companies. The main objective of the SEBI is To protect the interest of the investors in securities; To Promote the development of securities market; and To regulate the securities market. The SEBI is liable to provide protection of the public money. As per the SEBI guidelines, any company needs to enter into an agreement with the stock exchange where they need to list. Such an agreement has several clauses and Clause 49 is one among the clause which deals with the corporate governance norms that a listed companies needs to follow. The definition of independent directors, strengthening the responsibilities of audit committees, improving quality of financial disclosures, including those relating to related party transactions and proceeds from public/ rights/ preferential issues, requiring Boards to adopt formal code of conduct, requiring CEO/CFO certification of financial statements and for improving disclosures to shareholders are some of the crisp on the SEBI Clause 49. Thus, the companies are trying to achieve the good corporate governance with the objective of protecting the interest of the investors.

RISK:
Risk has been defined as effect of uncertainty on objectives while comparing with the objective of Corporate Governance: Rights and equitable treatment of shareholders; Interests of other stake holders; Role and responsibilities of the board; Integrity and ethical behavior; and Disclosure and transparency

When the above specified objective is not met by the companies then the consequence will be as follows; No rights and equitable treatment of shareholders; No interests of other stake holders; No role and responsibilities of the board; No integrity and ethical behavior; and No disclosure and transparency.

PREVENTIVE MEASURES: There are many preventive measures are available to mitigate the risk. Analyzing, Identifying, Designing and Implementation of proper control measures will diminish the chances of risk. Companies, who realize the importance of control over the risk, allocate a separate department to take care of all control measures. Some of the control measures are as follows which will mitigate the risk happening in the organization. We can classify the control in two different manners: Organization Level or Entity Level - Macro Process Level or Activity Level - Micro ORGANIZATION LEVEL Macro Level Controls: We can reclassify the Organization Level of Control on the basis of Industry which it belongs. Some of the common Organization Level Controls is required in the following areas Strategic Planning Intra Department Relationship Retaining Human Resource

Quality Check Training and Development Manage Facilities Monitoring Adequacy of internal control Internal audit Effective machines Power shut down Underemployment

PROCESS LEVEL Micro Level Controls: These are all department wise and process level controls. We can identify and implement those control measures depends on the process which the organization dealt. [These are all just limited and not exhaustive] MARKETING DEPARTMENT: Purchase Order with quality, quantity and pre specified price Knowing the best supplier in all context Storing the goods - procuring according to it Advertising only the true message or information Ensure of supplying the product in a right place to the right person Aware of receipt of money on the supplied goods

PRODUCTION DEPARTMENT: Planning before production Procuring the right goods & materials in time Placing the machines in a right place Maintenance of all the machines in a routine manner Effective decision on requirement of human resources Best utilization of available resources

ACCOUNTS AND FINANCE DEPARTMENT: Track on each invoices and ensure the bill has made Allowing trusted person to deal in cheque processing on the behalf of the company Cash Management Ensure on effective working capital management Internal audit on accounts

 Providing and making mandatory of documents for every transactions HUMAN RESOURCE DEPARTMENT: Maintain the records on all the employees irrelevant to their designation Keep on track of their performance Ensure a fair performance appraisal Monitoring the behavior of each employees especially after appraisal Communicating the escalation policies to all employees Aware of employees qualification enrichment and promoting them according to that Encouraging the employees who do something extra ordinary even other than job Promoting Workmens Participation programme Assure on providing equal opportunities Making them to realize importance to an organization

ADMINISTRATION DEPARTMENT: Ensuring all the department has had enough resource to run. Providing immediate support to required person to avoid interruption in the job Coordinating with all stakeholders to ensure the business move parallel to their objective Thus, In order to mitigate the risk, the organization should realize the importance of each and every department and define the risk & control measures. RISK MANAGEMENT PROCESS:
M O N I T O R & R E V I E W ESTABLISH THE CONTEXT C O M M U N I C A T E

IDENTIFY THE RISKS

ANALYZE THE RISKS

EVALUATE THE RISKS

TREAT THE RISKS

There is a high probability of mitigating the risk if such standard risk management process is followed in any organization.

Compliance:
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations. This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources. In India, since 1991 since then, we have witnessed wide-ranging changes in both laws and regulations and a major positive transformation of the corporate sector and the corporate governance landscape. Though, rules and regulations do not extremely prevent corporate scandals. So, the government appointed a committee in 1998 under the chair Mr. Rahul Bajaj, a leading Industrial magnate, to look into the issues of Corporate Governance who submitted the report named as Confederation of Indian Industry Code for Desirable Corporate Governance. Later the SEBI constituted two committees to look into the issue of corporate governance--the first chaired by Mr. Kumar Mangalam Birla, another leading industrial magnate, and the second by Mr. Narayana Murthy, one of the major architects of the Indian IT outsourcing success story. These two committees have been instrumental in bringing about far reaching changes in corporate governance in India through the formulation of Clause 49 of Listing Agreements Listing Agreement Clause 49 exclusively speaks on compliance of listed companies to enhance the Good Corporate Governance. It is similar in spirit and in scope to the Sarbanes-Oxley measures in the United States. The key mandatory features of Clause 49 regulations deal with the followings: (i) (ii) (iii) (iv) (v) (vi) (vii) Composition of the board of directors; The composition and functioning of the audit committee; Governance and disclosures regarding subsidiary companies; Disclosures by the company; CEO/CFO certification of financial results; Reporting on corporate governance as part of the annual report; and Certification of compliance of a company with the provisions of Clause 49.

Thus, the government takes measures to prevent the corporate scandals by implementing strong corporate governance requirement by the companies. Recently, Standard & Poor has launched a new service, known as Corporate Governance Scores, to evaluate corporate governance practices, both at a country and at a company level. The first part of deals with the countries compliance by considering the four main areas: Legal Infrastructure, regulation, information infrastructure and market infrastructure. The second part of the analysis is concerned with company analysis which is concerned with evaluating the practices at individual companies. Standard and Poor assigns scores to a companys overall practices using a synthesis of the OECDs and other international codes and guidelines of corporate governance practices. The analysis has four main components. These four components and sub categories are as follows: Component 1: Concerned with ownership structure, relates to transparency of ownership structure, concentration and influence of ownership. Component 2: Concerned with financial stakeholder relations, has subcategories such as regularity of, access to, and information on shareholder meeting, voting and shareholder meeting procedures and ownership rights. Component 3: Concerned with financial transparency and information disclosure comprises sub-categories like quality and content of public disclosure, timing of, and access to, public disclosure and independent and standing of the companys auditor. Component 4: Concerned with board structure and process, is related to Board structure and composition, role and effectiveness of board, role and independence of outside directors and directors and executives compensation, evaluation and succession policies. Apart from all the regulations, rules and the compliances, the Corporate should feel the importance of their Governance and treat as one of the part of their [Corporate] Social Responsibility. This could happen only if companies strongly believe that the company is of the people, its promoted by the people, and running for the people. THANKS CS.RAJESH.V - csrajesh.v@gmail.com Company Secretary, OneGlobe Systems LLP, Chennai.