Corporate Governance and Risk Management
Written by Nina F Collins, November 2011.
Introduction
Since the publication of the second edition of Corporate Governance and Risk Management in October 2010 there have been a number of changes in the corporate governance environment in the UK and Ireland. The 2007 to 2009 global financial crisis, particularly the collapse of some major financial institutions, has partly been the driver of these changes. I set out some of the developments that have taken place.
Topic 1 Corporate governance frameworks and mechanisms
Corporate governance in UK central government departments – section 1.4.2 of the learning text
In July 2011, HM Treasury and Cabinet Office published a document entitled Corporate Governance in central government departments: code of good practice, along with guidance notes.
Corporate governance in Ireland - section 1.4.2 of the learning text
Last year the Central Bank of Ireland published the Corporate Governance Code for Credit Institutions and Insurance Undertakings. Many of the principles have been drawn from the UK Corporate Governance Code. However, the Central Bank Code is not on a 'comply and explain' basis. It is mandatory for those institutions within the scope of the Code. The Code came into effect on 1 January 2011, but institutions were given till June 2011 to implement some aspects, and 31 December 2011 to implement other aspects.
Executive pay (themes in reputational crisis) – section 1.6.3 of the learning text
The issue of excessive executive pay is a recurrent theme in corporate governance debates. For instance, the banking crisis in 2008 raised concerns that executives were paid excessive bonuses. In November 2011, the High Pay Commission (2011, p. 8) reported that excessive executive pay was ‘distorted’ and eroding trust in businesses. As the authors note, there is an impression that ‘senior company executive are ‘rigging’ the system for their own ends’. The Commission had a number of criticisms of pay systems in organisations, including:
- significant disparities between the pay of executives and average employees within organisations;
- the complexity of remuneration packages making it difficult to work out exactly what executives were likely to be paid;
- the lack of standardised reporting of executive pay in annual reports; and
- the ‘closed shop’ nature of remuneration committees.
The High Pay Commission made 12 recommendations based on three principles: transparency, accountability and fairness. The recommendations included reducing the complexity of pay packages, standardising remuneration reporting and including employee representation on remuneration committees.
Topic 2 The Board, subcommittees and directors
Board effectiveness – sections 2.4 to 2.7 of the learning text
In March 2011 the Financial Reporting Council published a document entitled Guidance on Board Effectiveness to help organisations apply sections A and B of the UK Corporate Governance Code, which address leadership and board effectiveness. The publication addresses issues such as: the roles of the chairman, senior independent director, other directors and the company secretary; decision-making policies and processes; board composition; and the performance management of the board and directors.
Diversity in the boardroom – section 2.5 of the learning text
The 2007 to 2009 financial crisis raised concerns that the lack of diversity in the boardroom had contributed to the problem of ‘group think’ (see for example the House of Commons Treasury Committee report Women in the City). The UK government asked Lord Davies to review the current situation, identify the barriers preventing women reaching the boardroom and to make recommendations regarding what government and businesses could do to increase the proportion of women on corporate boards. Lord Davies published his report Women on Boards in February 2011. The report found that women were under-represented on boards, and concluded that there were clear business benefits for having greater gender diversity on boards. The report rejected the imposition of statutory quotas. Instead it recommended a comply or explain approach. The key recommendations included the following:
- All chairmen of FTSE 350 companies should set out the percentage of women they aim to have on their boards in 2013 and 2015. FTSE 100 boards should aim for a minimum of 25% female representation by 2015. All chief executives to review the percentage of women they aim to have on their executive committees in 2013 and 2015.
- Quoted companies should be required to disclose each year the proportion of women on the board, women in senior executive positions and female employees in the whole organisation.
- The Financial Reporting Council should amend the UK Corporate Governance Code to require listed companies to establish a policy concerning boardroom diversity, including measurable objectives for implementing the policy, and disclose annually a summary of the policy and the progress made in achieving the objectives.
- Companies should report on the matters above in their 2012 corporate governance statement whether or not the underlying regulatory changes are in place. In addition, chairmen are encouraged to sign a charter supporting the recommendations.
- In line with the UK Corporate Governance Code provision B2.4 chairmen should disclose information about the company’s appointment process and how it addresses diversity in the company’s annual report including a description of the search and nominations process.
- Investors play a critical role in engaging with company boards. Therefore investors should pay close attention to recommendations above when considering company reporting and appointments to the board.
- Companies are encouraged to periodically to advertise non-executive board positions to encourage greater diversity in applications.
- Executive search firms should draw up a voluntary code of conduct addressing gender diversity and best practice which covers the relevant search criteria and processes relating to FTSE 350 board level appointments.
In response to Davies’ report, the Financial Reporting Council (FRC) undertook a consultation on amendments to the UK Corporate Governance Code that closed in July 2011. In October 2011, the FRC published two amendments to the Code that require companies to report on their boardroom diversity policy each year, and to include gender diversity in the evaluation of board effectiveness (FRC, 2011, and Deloitte, 2011). These amendments will be implemented in a revised edition of the Code to be issued in 2012 and will apply to financial years beginning on or after October 2012.
Audit committees – section 2.8.1 of the learning text
In December 2010 the Financial Reporting Council published a document entitled Guidance on Audit Committees to assist boards make arrangement for their audit committees. Sections 4.10 to 4.16 address internal auditing.
Topic 4 Stakeholders and regulators
Reforms in the financial sector - section 4.2 of the learning text
In May 2011 the Financial Services Authority (FSA) reported on the progress it had made in relation to the Prudential Regulation Authority (PRA) and Consumer Protection and Markets Authority (CPMA). The proposals are as follows:
- The PRA, which was initially called the Prudential Regulation Committee, will be charged with regulating sectors such as deposit-taking high street banks, insurers and investment banks. The supervisory approach will be 'intensive and judgment-based' and will be more hands-on then the FSA, which was criticised for being too passive before the 2007 financial crisis.
- The CPMA has been renamed the Financial Conduct Authority (FCA), and it will be responsible for protecting confidence in the UK financial systems. The Authority is still expected to be a consumer champion, but with more emphasis on ensuring competition in the financial sector so that consumers get better choice (The Telegraph, 2011).
Audit commission - progress towards disbandment - section 4.4.3 of the learning text
In August 2010 the UK government announced plans to disband the Audit Commission and reorganise the way local public audits are arranged. In summer 2011, the Department of Communities and Local Government’s (DCLG) announced what the plan are. The long term plan (tentatively 2015–17) is to disband the Commission and allow councils to appoint their own auditors under a new public sector audit framework. However, this change requires new legislation, which is currently being drafted (Philips, 2011, and Whitehead, 2011).
The interim plan is to outsource the audit work of the Commission to the private sector. So, in effect the Audit Commission has been split in two, with one part outsourced, and the other part – the smaller residual body – responsible for overseeing appointments and the next round of council auditing contracts, due to start in 2012-13. The Commission has now formally launched the process for outsourcing the work of its audit practice (Audit Commission, 2011).
Topic 5 Corporate Social Responsibility
Bribery Act UK - section 5.4.3 of the learning text
The Bribery Act came into force in July 2011, and the Ministry of Justice published guidance to help organisations prepare for the Act. One of the Ministry’s guidance documents sets out the six principles by which organisations should be guided when putting in procedures to prevent bribery. The six principles are: proportionate procedures, top-level commitment, risk assessment, due diligence, communication (and training), and monitoring and review.
Topic 7 Strategic perspective on risk management
HM Treasury and Cabinet Office (2011) set out the principles underpinning the responsibilities of the board with respect to risk management in the code of good practice, stating ‘the board should ensure that there are effective arrangements for governance, risk management and internal control for the whole departmental family. Advice about and scrutiny of key risks is a matter for the board, not a committee’.
In September 2011, the FRC published the feedback it got on how boards are approaching their responsibilities in relation to risk. The report has no formal status but provides boards with some issues to consider when considering their own approaches to risk. The report noted that the board’s responsibilities for risk are:
- determining the company’s approach to risk;
- setting and instilling the right culture throughout the organisation;
- identifying the risks inherent in the company’s business model and strategy, including risks from external factors;
- monitoring the company’s exposure to risk and the key risks that could undermine its strategy, reputation or long-term viability;
- overseeing the effectiveness of management’s mitigation processes and controls; and ensuring the company has effective crisis management systems.
What these two documents (along with the UK Corporate Governance Code) stress is that boards have strategic responsibilities with regards to risk management; however, in research conducted by the Chartered Institute of Internal Auditors (2011) heads of internal audit expressed the view that non executive directors’ scrutiny of risk management was inadequate, and that boards tended to leave the review of risks to audit committees.
Topic 8 The risk management process
Risk appetite and tolerance – section 8.3 of the learning text
In 2011, the Institute of Risk Management published guidance on designing and implementing a risk appetite framework. The guidance differentiates between the terms risk appetite and risk tolerance. It also introduces the concepts of ‘risk capacity’ and ‘risk capability’. The guidance states that ‘risk appetite should be established in the context of .. the risk capability of the organisation. Risk capability is a function of risk capacity: the ability to carry risks, and the risk management maturity to manage them’.
Table 1 Definitions taken from IRM and Crowe Horwath (2011)
| Risk appetite | The amount of risk that an organisation is willing to seek or accept in pursuit of its long term objectives. |
| Risk tolerance | The boundaries of risk taking outside of which the organisation is not prepared to venture in pursuit of its long term objectives. |
| Risk capability | A function of the risk capacity and risk management maturity which, when taken together, enable an organisation to manage risk in the pursuit of its long term objectives. |
| Risk capacity | The resources, including financial, intangible and human, which an organisation is able to deploy in managing risk. |
References
Audit Commission (2011), Outsourcing strategy, www.audit-commission.gov.uk (accessed 25 November 2011).
Central Bank of Ireland (2010), Corporate Governance Code for Credit Institutions and Insurance Undertakings, Central Bank of Ireland.
Chartered Institute of Internal Auditors (2011), Non executive directors (NEDs) and the management of risk: a survey of heads of internal audit, London, IIA.
Davies, E.M. (2011), Women on boards. Available from www.bis.gov.uk (accessed 3 June 2011)
Deloitte (2011), Women in the boardroom: a global perspective, Deloitte.
Financial Reporting Council (2011), Guidance on Board Effectiveness, London, FRC.
Financial Reporting Council (2010), Guidance on Audit Committees, London, FRC.
Financial Reporting Council (2011), Feedback Statement: Gender Diversity on Boards, London, FRC.
Financial Reporting Council (2011), Board and risk: a summary of discussions with companies, investors and advisers, London, FRC.
HM Treasury and Cabinet Office (2011), Corporate governance in central government departments: code of good practice, London, HM Treasury and Cabinet Office.
Institute of Risk Management and Crowe Horwath (2011), Risk appetite and tolerance guidance paper, London, IRM.
House of Commons Treasury Committee (2010), Women in the City, Tenth Report of Session 2009 – 2010, London, The Stationery Office Limited.
Ministry of Justice (2011), The Bribery Act 2010 Guidance (section 9 of the Bribery Act 2010), London, Ministry of Justice.
Philips, L. (2011), 'Ministers reveal audit commission outsourcing plans', Public Finance [online], 2 June. Available from www.publicfinance.co.uk (accessed 28 November 2011).
The High Pay Commission (2011), Cheques with balances: why tackling high pay is in the national interest, London, High Pay Commission.
The Telegraph (2011), ‘The Financial Conduct Authority: what it does and who is in charge’, The Telegraph [online], 19 May. Available from www.telegraph.co.uk.
Whitehead, F. (2011), 'Audit commission lives to scrutinise another five years', Guardian [online], 29 July. Available from www.guardian.co.uk (accessed 28 November 2011).