Upload
language
View
214
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Using corporate governance techniques to generate real business benefits, from the Institute of Directors & Grant Thornton.
Citation preview
Building Blocks for Business Success
Using corporate governance techniques to generate real business benefits
Building Blocks for Business Success
Using corporate governance techniques
to generate real business benefits
Foreword 4
Introduction 5
Where do I start? 6
The corporate governance context 8
Board structure and balance 12
Independent non-executive directors 16
The role of the chairman 21
The role of the managing director 24
The audit committee 26
Strategic planning 29
Risk management 31
Internal control 34
Internal audit 37
Reporting and information quality 40
Remuneration policies 43
Succession planning 45
Company-wide policies 46
Governance considerations for businesses in difficulty 47
References and further reading 49
Table of contents
4 BUILDINGBLOCKSFORBUSINESSSUCCESS
Grant Thornton and the Institute of
Directors in Ireland have created this
publication to provide a practical resource
for owners and managers of private
companies. The principal focus of anyone
in this group is ensuring that their business
operates in a profitable manner, and
continues to do so regardless of external
events and economic conditions.
The upheaval in trading conditions in
the past few years has shown that it is
difficult for businesses to cope with every
eventuality and deal with constantly
changing risks. Not surprisingly, many
owners and managers have found that the
approach to managing a business in an
economic boom is ill-suited to managing
it in a downturn. The techniques in this
publication are designed to make a
business more resilient and aware of risks
and changing circumstances.
We hope that you will find the
publication useful, and that it will assist
in strengthening the indigenous private
companies that form such a vital part of
the Irish economy.
Cian Blackwell
Partner, Business Risk Services,
Grant Thornton
Maura Quinn
Chief Executive, Institute of Directors
in Ireland
Foreword
5
Objectives
This publication is designed to provide
guidance and assistance to private
companies, not to increase their
compliance burden. Although it covers
many components of the traditional
corporate governance frameworks, the
focus is on governance mechanisms that
contribute to the business — those that
can be shown to add shareholder value if
implemented well, rather than focusing
on theoretical best practice or compliance
and box-ticking.
It is therefore not intended to be a
governance code — management and
boards of directors can, and should,
evaluate each of the recommendations,
assess the potential benefits and,
accordingly, choose what to implement
and how to implement it.
How to use this book
The vast majority of private companies
have, quite understandably, focused on the
management of their business rather than
its governance, and thus are unlikely to
have implemented many of the techniques
discussed here.
Consequently, it is not intended that
organisations aim to implement all of
the recommendations. Instead, we have
prepared an overview chapter, entitled
“Where do I start?”, to assist in prioritising
which recommendations to evaluate first.
This approach allows companies to start
small, with minimal investment, and
continue to critically assess the resulting
benefits as the initiative progresses.
Introduction
6 BUILDINGBLOCKSFORBUSINESSSUCCESS
This publication contains several dozen
recommendations on changes that can
be made to how a business is governed.
Whilst each recommendation has
been chosen for its ability to benefit a
business, it is not intended that they all
be implemented at once — in fact, the
quantity of effort required, and the level
of change involved, would prove very
disruptive for most businesses.
Instead, owners and managers should
carefully evaluate each recommendation,
to make sure that it can deliver the
required benefit without much disruption
or excessive cost. To assist with this
process, we have included an example of
a prioritised list, providing suggestions
for the order in which to approach
these changes.
In our experience, as businesses invest
more time and effort in increasing the
sophistication of their governance
approach, it becomes easier to add
further enhancements, and the return on
investment becomes easier to achieve.
Where do I start?
7
Suggested priority for governance enhancements
Everycompanyisdifferent,andwillhavedifferentprioritiesandlevels
ofpreparednessforthegovernancemechanismsinthispublication.The
followinglistshouldservemerelyasasuggestionfortheorderinwhich
youapproachtheinitiatives.
Thepriorityofeachinitiativewillbeinfluencedbythesizeofacompany–
foramediumtolargeprivatecompany,forexample,thecomplexityand
scaleofbusinessprocessesshouldincreasetheemphasisonrisk,internal
controlandinternalaudit.
1 Createasingledocumentthatdescribesyourcompany’sstrategy
2 Addanon-executivedirectortotheboard
3 Separateboardmeetingsfrommanagementmeetings
4 Createanauditcommittee,andgiveitaformalroledistinctfrom
management
5 Createaformalroleofchairmanoftheboard
6 Formaliseandstrengthencrucialaspectsofthemanagingdirector’s
role,bydocumentingresponsibilities,linkingremunerationtolong-
termperformance,andensuringasuccessionplanexists
7 Putinplaceariskmanagementprocessthatidentifies,categorisesand
assignsresponsibilityforallmajorrisks
8 Reviewyourmanagementandfinancialinformation–decide
whatyoureallyneed,anddeterminewhichpiecesofinformation
supportyourkeydecisions
9 Createaflowchartforyourmostimportantprocess(es),adding
narrativeexplanationswhereappropriate;identifytherisksrelatedto
theprocesses,andthecontrolsthatmitigatethoserisks
10 Implementaninternalauditfunctiontoreviewcriticalprocessesand
controls,andcheckwhetherrisksarebeingmitigated
11 Collateallpoliciesintoasinglepolicydatabase,makingsurethatitis
comprehensive,clearandproperlycommunicatedtoallstaff
8 BUILDINGBLOCKSFORBUSINESSSUCCESS
About this chapter
This chapter is intended to provide
further background on corporate
governance — what it is, the types
of organisations to which it applies,
the rationale for implementing good
corporate governance, and the benefits
of doing so. It is included for readers who
wish to learn more about the context and
background to the techniques described
later in this publication.
What is corporate governance?
For a topic as familiar and widely
referenced as corporate governance, it is
a little surprising that there are no widely
accepted definitions of what the term
actually means.
It has been defined in many ways,
encompassing concepts such as “a set
of relationships between a company’s
management, its board, its shareholders
and other stakeholders,”1 or as a set of
practices to “align as nearly as possible the
interests of individuals, corporations and
society.”2 Whilst these phrases are certainly
appropriate, perhaps the most relevant
1 OECD, Principles of Corporate Governance, 2004
2 Sir Adrian Cadbury, Global Corporate Governance Forum, World Bank, 2000
definition is phrased in commercial terms:
corporate governance mechanisms are
“the ways in which suppliers of finance to
corporations assure themselves of getting
a return on their investment.”3
In this context, governance mechanisms
should be seen as those which:
– directly enhance shareholder value; and
– provide assurance that shareholder
value is being enhanced
For a private company, anything which doesn’t
meet one or other of these dual objectives
is simply a waste of valuable resources.
However, determining how to meet these
objectives is not as easy as it might seem. For
a start, enhancing shareholder value is only
feasible if everyone concerned has a clear and
consistent idea of the overall objectives of
the organisation, and the strategy employed
to execute those objectives must be clearly
understood and articulated. The governance
mechanisms should then operate to
support those objectives, by mitigating risk,
ensuring controls are effective, and providing
assurance of this to shareholders and other
stakeholders.
3 Andrei Shleifer and Robert Vishny, A Survey of Corporate Governance, Journal of Finance, Volume 52, No. 2, June 1997
The corporate governance context
9
Additionally, governance mechanisms
play a crucial role in aligning disparate
interests of the various groups involved
in a company, particularly management
and shareholders. Shareholders have a
clear interest in maximising the long-
term performance of the company as a
whole; management, on the other hand,
has a clear interest in meeting their
performance targets and being well-
remunerated for their efforts. These
objectives should be, but frequently aren’t,
compatible. Many of the governance
practices described in this publication are
designed to align these various objectives,
ultimately for the benefit of shareholders.
Governance frameworks and
private companies
Governance codes exist as part of
the regulatory framework for many
types of companies. In the main, these
codes are created for companies with
external stakeholders, i.e. individuals
or organisations who have a vested
interest in the successful operation of the
company, but have no direct control over
the management of the company.
The purpose of governance codes,
therefore, is largely to protect the
interests of stakeholders. The three
categories of companies most commonly
considered to have large groups of
external stakeholders are:
– Listed companies (the stakeholders
being their shareholders,
both retail and institutional)
– Public sector bodies (stakeholders
being taxpayers and citizens); and
– Financial institutions (stakeholders
being account or policy holders, and in
the case of institutions with systemic
importance, all citizens)
Private companies are, not surprisingly,
conspicuously absent from this list. Most
private companies have a very small
number of stakeholders, primarily the
shareholders, and even where there is
some external (non-management or non-
executive) ownership of the company —
for example in the case of private equity
investments — this is generally by parties
with strong links with management.
10 BUILDINGBLOCKSFORBUSINESSSUCCESS
Overall benefits
Ifchosencarefully,governancemechanismscanconfersignificantbenefits
onabusiness.Subsequentchaptersprovidedetailsofthelikelybenefitsof
eachoftheparticulargovernancepractices,butoverall,goodgovernance
can,andshould,resultinthefollowing:
Benefits of good governance practices:
— Safeguardingthereputationofthecompany
— Supervisingandcontrollingalllevelsofmanagement
— Settingtherighttoneatthetop
— Identifyingopportunitiesforefficiency
— Ensuringthattherisksfacedbythecompanyarebetterunderstood
andcontrolled
Most private companies have tended
to view this as a lucky escape — the
absence of external stakeholders means
that nobody is loudly clamouring for the
imposition of a governance framework on
private companies, and the consequent
regulatory burden can be avoided entirely.
Nevertheless, the experiences of the
economic downturn have shown that
the management techniques adopted in
the previous decade are not necessarily
appropriate to current circumstances, and
in particular many companies, not just
private ones, failed to deal with a changing
risk environment.
The governance practices described in this
publication are designed to address exactly
this — the risks, new and familiar, faced by
businesses operating in current conditions.
11
12 BUILDINGBLOCKSFORBUSINESSSUCCESS
not have any ownership of the company.
There may also be shareholders who
are not involved in the management of
the company, e.g. family members who
have retired or inherited a shareholding
in the business without being involved
in the day-to-day management, i.e. non-
executive shareholders.
As soon as the membership of these
groups diverges, their goals and objectives
will too. The most effective mechanism to
redress this imbalance is a well-structured
board that can advise and monitor the
whole management team effectively,
represent the interests of non-executive
shareholders, and act as a bridge between
shareholders and management.
A balanced board, preferably with input
from independent non-executive directors
as noted in the next chapter, provides a
vital means of challenging and controlling
executive directors and management,
and ensuring that the objectives of the
company and management are aligned.
The need for board structure
and balance
The typical board in a private company
contains largely the same people as
the senior management team. This is
understandable, and in many cases these
individuals will also be shareholders in
the company — quite possibly the only
ones. Although this three-way overlap
between management, board and owners
is common, it can create problems for all
but the smallest of businesses.
The three-way overlap can be managed
quite easily if each of the three groups
consists of exactly the same people —
that is, there is nobody involved in the
management, direction or ownership
of the company other than the same
individual or small group of individuals.
Since it’s the same people in each
group, their respective interests are, by
definition, aligned and consistent.
However, interests and objectives can
start to diverge as soon as this neat
overlap of groups starts to break down,
and this will almost inevitably happen at
an early stage of a company’s growth. For
example, the needs of the business may
dictate that additional members of the
management team are required, but these
managers are not on the board and do
Board structure and balance
13
Where shareholders and management are
not entirely the same group (i.e. where
there are some non-management or non-
executive shareholders) it gives them a
formal opportunity to meet and discuss
issues. But even where the attendees at
board and management meetings are the
same, segregating the agenda allows for
greater focus on the real issues at stake
within each topic. Some companies insist
on board meetings taking place offsite, to
truly underscore the distinction.
Board diversity
A diverse board provides the company
with access to a wide range of skills and
expertise. Ideally board composition
should reflect important skills such as
financial, audit, risk, strategy, commercial,
marketing, etc and should be able
to understand the perspectives of
shareholders, management, customers,
suppliers, regulators, etc. Board
diversity also sends a clear message to
stakeholders (employees, customers,
banks, investors) that there is a strong and
diverse board in charge of the company.
Rotation of board members should also be
considered — introducing new directors
after a number of years provides fresh
perspectives and a means of preventing
the board from being stuck in a routine.
Distinguishing between management
and directors
It is therefore essential for any large or
growing private company to establish
a distinction between management
and directors. This distinction allows
directors to focus on the supervisory
and governance aspects of their role,
rather than operational aspects, allowing
them to see the big picture without being
distracted by day-to-day business.
However, there is still likely to be a
significant number of board members
who are also senior managers, and
there should be a means of separating
and distinguishing their dual roles
(management and governance). Perhaps
the simplest way of doing this can be
surprisingly effective — separating
management meetings and board
meetings. This can be done by setting
clear and distinct agendas for each,
with minimal overlap, and scheduling
them separately.
14 BUILDINGBLOCKSFORBUSINESSSUCCESS
Action points
— Holdseparateboardandmanagementmeetings,withaformalagenda
foreach
— Ensurethatthereissufficientdiversityontheboard,makingsurethe
boardhasabroadrangeofviewpoints
— Ensurethattheboardcontainsabalanceofexecutive(management)
andnon-executiveboardmembers
Template – sample board agenda
Atypicalboardagendashouldencompassthefollowingataminimum:
— Minutesofthepreviousmeeting
— Strategicupdate,includinganupdateonthecurrenttrading
conditionsinthecompany’smarketplace,updateonmajor
competitors
— Operationalupdate,includinghigh-leveldetailsoftheperformanceof
thecompany’sproductorservicelines
— Financialupdate,focusingonthecompany’skeyperformance
indicators,managementaccountsandfinancialreporting
— Cashandfinancingupdate,focusedonensuringthatthecompany
remainssolvent,andcoveringcashflowandfinancing
— Legalandregulatoryupdate(whereapplicable)
— Existingprojects–updateonthestatusofprojectsdiscussedat
previousboardmeetings
— Newandproposedprojects
— Anyotherbusiness
15
Atappropriatetimesoftheyear,theagendashouldalsocoverperiodic
processessuchas:
— Budgetsandfinancialplanning
— Annualexternalauditprocess
Ifthecompanydoesn’thaveaseparateauditcommittee,thentheitems
includedintheauditcommittee’sremit(seelaterchapter)shouldbe
includedintheboardmeetingagenda.
Toensuretheyareeffective,boardmeetingsshouldstickcloselyto
theagenda.
16 BUILDINGBLOCKSFORBUSINESSSUCCESS
Defining independence
So what is independence? This can be a
surprisingly difficult question to answer,
even for companies that have a regulatory
requirement to include independent non-
executive directors on their boards. Some
companies take a checklist approach,
defining a director as independent if they
meet a list of certain criteria. Although
this can be useful, in practice it is far
better to pose a single, overall question —
is this particular director impartial, and
free of any significant vested interests
related to the company? If so, then he
or she can be regarded as independent.
The typical list of criteria can help in this
regard, but shouldn’t replace that single
overall question. Independence is, after
all, a state of mind.
In the previous chapter we looked at the
need to introduce balance and diversity to
a board, so that it can act as an effective
governance mechanism. A crucial aspect
of board balance is the split between
executive directors — i.e. those involved in
the day-to-day running of a company —
and non-executive directors, (NEDs)
who are involved at board level but not at
management level.
In private companies, non-executive
directors will often be shareholder
representatives, such as family members
in a family business. A private company
with external investors — seed capital,
venture capital, or government-supported
investment — may have shareholder
nominees on the board.
However, there is a separate class of non-
executive director that is common on large
companies’ boards and is becoming more
widespread amongst private companies —
the independent non-executive director.
These directors, by definition, do not have
a vested interest in the company outside
their role as a director, and are brought
onto a board to provide the benefit of their
expertise rather than to directly represent
shareholders’ interests.
Independent non-executive directors
17
Criteria to bear in mind when assessing independence
Anindependentnon-executivedirectorislikelytomeeteachofthe
followingcriteria:
— Notaformeremployeeofthecompany
— Notashareholderinthecompany
— Notcloselyrelated(bybirthormarriage)toanyonewhoisasenior
employeeorshareholderinthecompany
— Nosignificantfinancialrelationshipswiththecompany,i.e.nota
creditorordebtorofthecompany
— Nosignificantcommercialrelationshipswiththecompany,i.e.nota
customer,supplier,jointventurepartner,businessadvisor,etc.
— Remuneratedwithaflatfee,ratherthanonthebasisofthecompany
meetingcertainperformancetargets
Inassessingeachoftheabove,companiesanddirectorsshouldconsider
boththedirectorinapersonalcapacity,andanyothercompaniesofwhich
heorsheisadirector.
18 BUILDINGBLOCKSFORBUSINESSSUCCESS
An independent director can also be an
excellent choice as a board chairman,
if the company wishes to appoint one
formally (see the next chapter).
Although there are some potential
drawbacks to appointing an INED —
primarily the cost — the benefits above
should outweigh them.
How much will it cost?
The cost of engaging an independent non-
executive director will vary, depending
on factors such as the director’s skills
and experience, the complexity, size
and turnover of your business. At
present there is no specific norm for
non-executive directors’ fees. Much
depends on the circumstances of time,
responsibilities and membership of board
committees. Chairing sub-committees for
example would command an additional
remuneration over and above the basic
annual fees.
The Boardroom Centre at the Institute of
Directors in Ireland can offer guidance on
what to expect to pay and assistance in
sourcing an independent non-executive
director for your board (see References
and Further Reading chapter).
The benefits of independent non-
executive directors (INEDs)
Companies considering appointing an
independent director should assess the
benefits of doing so. If carefully chosen,
the benefits of introducing an INED to the
board should include:
– Bringing an outside viewpoint
with valuable relevant experience,
particularly when dealing with
matters of strategic importance
– Offering an unbiased perspective
and greater objectivity, which
management and shareholders are
not in a position to provide due to
their closeness to the company
– Offering assurance to external parties
(e.g. banks or investors) that the
board has the appropriate levels of
experience and objectivity
– Acting as a facilitator and negotiator
to aid in reaching consensus and
reconciling differing viewpoints
amongst board members
19
Choosing an INED
Thepotentialappointeeshouldobviouslybeindependent,basedonthe
guidelinesoutlinedpreviously,butideallyshouldmeetthefollowingcriteria:
— Shouldbeabletodevotesufficienttimetotherole–iftheINEDhasa
full-timeroleelsewhere,boththecompanyandtheindividualmustbe
satisfiedthatthisiscompatiblewiththepositionofINED.
— Shouldhaveappropriateexperience,whichwilldependonthenature
ofthecompanyandtheexperiencethatalreadyexistsontheboard.
CompanieswilltypicallylookforINEDswithexperienceoftheir
industry,aswellascross-sectoralskillssuchasfinance,audit,risk,
strategyorcommercialexpertise.
— Shouldhavetheappropriatepersonalattributesthatwillsupport
therole–whichwillrangefromtrustworthiness,totheabilityto
challengeanddebatematterswiththerestoftheboardandwith
management.
— Shouldbesufficientlycredibletoexternalparties–seekingexternal
opinionsonaconfidentialbasismaybeappropriate.
— Ideally,shouldbewell-connectedandinapositiontoassistthe
companyonacommercialbasis,throughcontactsandnetworks.
Inordertoprepareashortlistofappropriatecandidates,companies
shoulduseastructuredapproach.IthasbeencommoninIrelandand
elsewheretoselectboardcandidatespurelythroughinformalmethods,
i.e.personalcontactsandnetworks.Thisapproach,althoughstillused,
hasbecomefarlesswidelyaccepted,duetoitsassociationwithcronyism
anditslackofrigour.
20 BUILDINGBLOCKSFORBUSINESSSUCCESS
Apreferableapproachistouseanappropriateintermediaryoragency,such
astheBoardroomCentreoperatedbytheInstituteofDirectorsinIreland
toprepareashortlistofcandidates.Evenwherecompaniesdoincludeon
theirshortlist,candidateswhohavebeenintroducedthroughinformal
means,itisstillessentialthatallpotentialboardmembersgothrougha
processofvettingandinterviewswithkeystakeholders.Iftheboardhas
achairman(seenextchapter)thenheorsheshouldleadtheselection
process;ifnot,thenapanelcomposedofrelevantstakeholders(e.g.key
shareholders)andadvisorsshouldbeassembled.
Action points:
— ConsiderwhetheranINEDcanaddvaluetoyourcompany
— Determineyourpotentialbudgetforanindependentdirector’sfees
— Usetheapproachesoutlinedabovetoprepareashortlistandstartthe
interviewprocess
21
The evolving board
In practice, smaller companies are likely
to enhance the board on an ongoing and
evolutionary basis. This will typically
mean engaging an ordinary independent
non-executive director as the first step
in enhancing the board. This is often
followed by then formalising the role of
the chairman at a later stage, perhaps by
promoting the INED to the role of chair
and engaging an additional INED. This
gradual approach ensures that the board
and company are not subject to disruptive
change, and allows the company to
confirm that arrangements are beneficial
before making further investments.
Board processes
The chairman is responsible for ensuring
that the board runs smoothly and
effectively, including managing the
agenda and conduct of board meetings,
and ensuring that all critical matters are
appropriately debated by the board and
that decisions are reached. Formalised
and defined board processes are therefore
important, and should be a major focus
for a new chairman.
The role of a chairman
A chairman holds a distinct and important
role in a company, one that should be
clearly distinguished from that of the
managing director or chief executive.
The chairman is charged with leading the
board, rather than the company, and is
responsible for board-level processes and
board meetings. For a small company,
the chairman will frequently deal with
the important governance processes that
are in place, including external audit, risk
management and internal audit, where
these exist. The chairman provides crucial
support for the MD, allowing him or her to
focus on the demanding role of running the
business.
The role of the chairman should ideally
be seen as an extension of the role of an
independent non-executive director —
despite the role of running the board, a
chairman should be non-executive, i.e. not
involved in the day-to-day management
of the company. An independent
chairman is preferable — all of the
benefits of independence described in
the previous chapter will also apply to a
chairman, arguably even more so given
the importance of the role. The following
sections provide a detailed list of typical
roles for the chairman.
The role of the chairman
22 BUILDINGBLOCKSFORBUSINESSSUCCESS
by management, to help ensure that
there is no confusion between the roles.
Suitable templates exist for this, including
those issued by the Institute of Chartered
Secretaries and Administrators (ICSA) —
see the References and Further Reading
chapter at the end of this publication.
One useful technique to assist with
formalising board processes and
distinguishing between board and
management is to prepare a ‘schedule
of matters reserved for the board’. This
sets out which decisions and matters are
to be performed by the board, and which
The role of the chairman
— Buildastrong,effectiveandwellbalancedboardand,where
appropriate,boardcommittees
— Reviewboardcompositionandtakeanactiveroleinchangestoboard
composition,includingtheselectionandinductionofnewboard
members
— Clarify,agreeanddocumenttherolesandresponsibilitiesofthe
board,itscommitteesandindividualdirectors
— Ensurethattherespectiverolesandresponsibilitiesoftheboardand
managementareunderstoodbyall
— Ensurethatthereisaneffectiveworkingrelationshipbetweenthe
boardandmanagement
— ManagetheprocessofsuccessionplanningfortheroleofMD/CEO
— Overseetheperformanceevaluationandcompensationofthesenior
managementteam(seetheRemunerationPolicychapter)
— WiththeMD,setthe‘toneatthetop’andcultureofthecompanyand,
inparticular,settheappropriatecultureofgoodcorporategovernance
— Providedirectionandadvicetomanagementonmattersofcompany-
wideimportance
— Inconsultationwiththeboardandmanagement,settheagenda
forboardmeetings,andensurethatmeetingsareconductedin
accordancewiththeagendaandgoodpractice
23
— Ensurethattheboardhasadequateresourcestosupportitswork,in
particular,timelyandrelevantinformationinadvanceofmeetings
— Ensurethatthereiseffectivecommunicationbetweenmanagement,
theboardandshareholders,andactasapointofcontactforall
shareholderswhoarenotinvolvedinthemanagementofthecompany
Action points
— Engageanindependentnon-executivedirectorasthefirststepin
addingbalanceanddiversityofskillsandviewpointstotheboard
(seepreviouschapter)
— OnceanINEDisinplace,consideraddingtheroleofchairman,either
asanenhancementtotheexistingINED’sroleorasanewrole
— Formallydocumenttherespectiveresponsibilitiesoftheboard,
includingthechairman
24 BUILDINGBLOCKSFORBUSINESSSUCCESS
However, it is not uncommon for a single
individual to take on both roles — often
where a dominant MD is reluctant to cede
any senior responsibilities to another
individual. There are risks associated with
such a situation, where the role of the MD
is not adequately separated from the role
of the chairman — principally the lack
of an independent individual capable of
giving shareholders assurance that the
MD is acting in their interests.
The managing director’s role in a
governance context
The role of the managing director or
chief executive is largely concerned with
the management of the company — i.e.
the strategy, operations, etc. — rather
than its governance. The role of the
chairman, as noted in the previous
chapter, is primarily concerned with
leading and running the board.
The role of the managing director
Key points in separating the role of the chairman and CEO/MD
— Separatingtherolesobviouslyinvolvesappointingaseparatechair–
butthereismoretoitthanthat
— Thechairmanshouldbeindependentandideallyhavenoprevious
connectiontothecompany
— Toensurethattheboundariesoftherolesarenotblurred,thereshould
beaclearstatementoftherespectiveresponsibilitiesofeachrole,e.g.
writtentermsofreferenceforeach
25
Action points:
— Ideally,identifyandappointanindependentchairman
— MakesureboththechairmanandtheCEOhaveclearlyunderstood,
documented,distinctroles
— Iftherolescannotbeseparatedandheldbydifferentpeople,atleast
makesurethatthetworolesareclearlydefined,sothattheCEO
knowswhatallshareholdersexpectofhimorherwhenexercising
theroleofchairman
26 BUILDINGBLOCKSFORBUSINESSSUCCESS
nature of the responsibilities of an audit
committee, objectivity and independence
from management are essential.
What if I don’t have a full-time finance
department?
For small companies, particularly start-
ups, it is not uncommon to have no
full-time finance staff. This need not
be an issue — in fact, many companies
have found that there are benefits to
outsourcing the finance function to a
professional firm, including removing the
responsibility for managing the finance
function, leaving the senior executives
to focus on the operational aspects of
the business, and providing access to
professional accounting and financial
reporting expertise as required.
However, where a company has no
finance team, or only a small team, this
can increase the need for the board to
devote attention to the financial aspects
of the business, and thus increase the
benefits of forming an audit committee.
Responsibilities of an audit committee
The responsibilities of an audit committee
are vital to a company’s survival and
success, and potentially very broad in
scope. It is therefore important to note
Role and composition of an audit
committee
The role of the audit committee is to
provide oversight of finance, internal
control, risk, audit and related matters.
Although the board as a whole is
ultimately responsible for these matters,
it makes sense in both large and small
companies to delegate this role to
a committee with the appropriate
expertise to ensure that sufficient
attention is devoted to these critical
matters. Regardless of composition,
the audit committee should have clear
responsibility for the crucial matters
within its remit — the company’s risk
management, internal control, internal
audit and financial reporting (see
subsequent chapters on each of
these areas).
Composition of an audit committee
Under the governance regulations for
listed companies and financial institutions,
the audit committee is a sub-committee
of the board, comprised entirely of
independent non-executive directors.
For smaller companies without such
regulation, the composition will vary
in practice, and it may comprise, for
example, an independent non-executive
director and the head of finance. Given the
The audit committee
27
Templates for the terms of reference of an
audit committee are freely available and
can be used as the basis of a description
of the audit committee’s responsibilities.
Links to templates are included in the
References and Further Reading chapter.
explicitly what those responsibilities
are, to ensure that all parties — the
committee, the board as a whole,
management and shareholders — are
clear about what the committee will do.
Major responsibilities of an audit committee
Theroleofanauditcommitteecanbedividedintoanumberof
importantareas.
Financial reporting
— Review,andwherenecessarychallenge,periodicfinancialreports,
focusingontrendsandanalysis,keytransactions,accounting
standardsandapproachesused
Internal controls and risk management systems
— Ensurethatmanagementreviewstheeffectivenessofthecompany’s
internalcontrols,andreportstothecommitteeontheresultsof
thesereviews
— Ensurethatthecompanyhasputinplaceappropriateprocessesto
identifyandmitigaterisk,includingfraudrisk
— Ensurethatstaffandmanagementareprovidedwitharrangements
forraisingconcernsinconfidence,i.e.whistle-blowingpolicies
andprocedures
Internal audit
— Actasadvisorwhenimplementinganinternalauditfunction
— Approvetheappointmentorremovaloftheheadoftheinternal
auditfunction,andactastheprimaryreportinglineforthehead
ofinternalaudit
— Approvethescopeoftheinternalauditfunctionandensureadequate
resourcesandappropriateaccesstoinformationisavailable
28 BUILDINGBLOCKSFORBUSINESSSUCCESS
— Reviewandassesstheannualinternalauditplanandallreports
produced
— Reviewandassessmanagement’sresponsetofindingsand
recommendations
— Monitorandreviewtheongoingeffectivenessoftheinternal
auditfunction
External audit
— Overseetherelationshipwiththeexternalauditor,including
remuneration,termsofengagement,independenceandobjectivity
— Meetwiththeauditorattheplanningandfinalreportingstages
— Reviewandapprovetheannualauditplan
— Reviewthefindingsoftheexternalauditor,includinganymajor
issuesthatwerefoundduringtheaudit,anyaccountingoraudit
judgements,andlevelsoferroridentified
— Reviewtheeffectivenessoftheexternalauditorandconsiderand
makerecommendationstotheboardontheauditor’sre-appointment
orremoval
Action points:
— Decidewhethertheresponsibilitiesnotedaboveshouldbeperformed
bytheboardasawhole,ordelegatedtoanauditcommitteewith
appropriateexpertise
— Ifagreedonbytheboard,formanauditcommitteeconsistingofthe
mostappropriatelyskilledboardmembers;includerepresentation
frommanagementbutaimforacommitteethatisatleast50percent
independent–e.g.oneINEDandtheheadoffinance
— Formallydocumenttheresponsibilitiesoftheauditcommittee
29
Documenting strategy
Thus the company, via the board
and management, should be able
to document and clearly articulate
the objectives and strategy of the
organisation. This provides clarity
and consistency of understanding
between shareholders, the board and
management, and provides a basis for
other governance mechanisms to
operate effectively.
Documenting the strategy in this way is
not merely an aspirational or ‘nice-to-
have’ goal — it is the only practical way
of ensuring that all stakeholders have a
common agreement on strategy. Likewise,
as described in the next chapter, the
strategy document should form the basis
for understanding the company’s risks.
Focusing on results
Furthermore, the strategy document
should not fall into the trap of relying on
vague mission and vision statements.
Although these might set the tone for
a strategy document, they are of little
use unless backed up with substantive
descriptions of the company’s strategic
goals and the means it will use to reach
these goals. The strategy documents
must include quantitative and qualitative
Respective roles in the strategic
planning process
The role of the board in the strategy of the
company should not be underestimated.
In many companies, the MD or CEO has,
effectively, sole responsibility for strategy —
planning, development, execution and
monitoring. However, if the guidance in
the previous chapters is put into practice,
the board will have the expertise, skills
and independence to contribute to the
strategic processes in the company.
The board, as the body that monitors the
activities of the company and protects
the shareholders’ interests, should retain
responsibility for approving the strategic
direction of the company. Whilst in most
cases the executive team will devise a
strategy and present this to the board,
the board’s role should be more than
just rubber-stamping its approval of the
strategy. The board should understand
all significant aspects of the current
strategy and any proposed changes to
it, and should actively challenge, critique
and suggest alternatives to the executive
team’s proposals. Only when the board
and management are satisfied that there
is a workable and mutually agreeable
strategy, should they formally approve it.
Strategic planning
30 BUILDINGBLOCKSFORBUSINESSSUCCESS
measurements of strategic targets, to
provide the board with a benchmark
to monitor the execution of strategy
by management, and to provide clear
success criteria.
Action points
— Prepareahigh-levelstrategydocumentforthecompany
— EnsurethattheMDandseniormanagementteamcanclearly
articulatethecompany’sstrategy
— Ensurethattheboardhasreviewed,understood,challenged,critiqued
andcontributedtothestrategystatement,andthatbothboardand
managementagreeonthestrategicdirectionofthecompany
31
range of risks such as commercial,
reputational, legal or environmental risks.
The risk management process
The risk management process in any
company should start with a discussion,
at board and management level, about
the company’s risk appetite, i.e. the
level of risk that is acceptable. This will
vary depending on how conservative or
entrepreneurial the company is. The risk
process, at a high level, consists of the
stages in the diagram on the next page.
The first stage, identifying the full range
of risks faced by a company, can often be
the hardest part, particularly if it has never
been attempted before. To assist with this,
many companies use techniques such as
management workshops, to pool ideas on
the risks the company faces, and to reach
a consensus that will form the basis of the
risk register.
The definition of risk is crucial to the
effectiveness of this process. Risk should
not be seen merely as adverse events
viewed in isolation. Instead, risks must
be seen explicitly in the context of the
strategy of the company — risks are
anything which impact the company’s
ability to achieve its objectives.
The risk management context
Risk management has been the victim of
much negative coverage recently. This
is for two reasons: firstly, because of a
perception that risk management projects
are major, costly endeavours that only
the largest companies can afford; and
secondly, because many companies that
did undertake such projects still fell victim
to the financial crisis and recession.
This doesn’t give the full picture. In reality,
smaller companies can implement useful
risk management processes without
much effort or cost. And where risk
management has failed in the past, the
problem often lies not with the process,
but with the assumptions used — such as
the widespread assumption that property
values would never suffer a significant fall.
So, while a formal enterprise-wide risk
management (ERM) system is not
essential, every company should have
processes for ensuring that all major risks,
particularly risks which may be subject to
change, are identified and appropriately
addressed. Often, risk management
is seen as something that the head of
finance should deal with, but this can
result in an excessive focus on the core
financial risks such as fraud or financial
misstatement, at the expense of a broader
Risk management
32 BUILDINGBLOCKSFORBUSINESSSUCCESS
allows companies to focus on the most
significant risks, e.g. those with high
impact and medium or high likelihood,
and to devote resources accordingly.
Using scenario planning techniques to
help understand how risks can impact a
business can also be useful.
To evaluate and assess risk, companies
should at least estimate the likelihood
and impact of risks. Although it is, in
theory, possible to assign numeric
probabilities and financial cost estimates
to each risk, in practice it is sufficient for
most purposes to merely rank each as
high, medium or low. That at least
Identify andcategorise risks
Evaluateand assess
(likelihoodand impact)
Mitigatewith
appropriatecontrols
Report onrisk exposure
and controleffectiveness
Monitorcontrol
effectiveness
Periodically review and repeat
Action points
— Createariskregister,withinputfromthemanagementteam
— Assessthelikelihoodandimpactofeachrisk
— Considerwhatcontrols–existingornew–couldmitigateeachrisk
The risk management process
33
Template – sample risk register
Ariskregisterneednotbeacomplexdocument.Thesampleriskregisterbelowshows
themajorheadingsthatariskregistershouldinclude,andexamplesofcategorisedrisks
andcontrols.
Category Risk Impact Likelihood Overall rating
Responsible person
Control(s)
Reputation Defectiveproductcausescustomerinjury
High Med High Qualitymanager,headofproduction
Qualitycontrolprocesses
Reputation Tribunaldisputeoverstaffminimumwage
Med Low Med HRmanager Ensurethatallrelevantstaffareatleastpaidminimumwage(inlinewithIrishlabourlegislations)
Key people Lossofkeystaff High Low Low HRmanager Ensurethatsuccessionplansareinplaceforkeypositions;appropriaterewardsystemisinplaceforkeypersonnel
Business continuity
Mainproductionfacilitiesareunavailable
High Med Med Productionmanager/engineer
Regularmaintenanceperformedtoensurethatcoreproductionfacilitiesarewellmaintained
Key customers
Lossofsignificantcustomer
High Low Low Salesdirector Ensurethatnoindividualcustomeraccountsformorethan10%ofrevenue
Key suppliers
Lossofmajorsupplier
Med Low Low Purchasingmanager
Maintaingoodrelationshipswithkeysuppliers
Cashflow Ineffectivecashmanagementresultsinshortageofcash
High Low Low Financemanager
Monthly/weeklycashflowforecastispreparedandreviewed
Availability of credit
Expirationofcurrentbankfacilitiesresultsindifficultyinobtainingcredit
High Med High FinanceManager
Enterintoproactivenegotiationswithcurrentandotherbanks;maintaingoodrelationshipwithbankbykeepingtheminformedofkeybusinessdecisionsandfinancialstatus
34 BUILDINGBLOCKSFORBUSINESSSUCCESS
However, a balance must be
struck between creating too much
documentation, and not creating enough.
For most companies, documenting every
process is excessive, but conversely,
failing to document crucial processes
is risky. Undocumented processes
give rise to a risk that they will not be
performed consistently by all staff, or that
management and staff may not have the
same understanding of how a process
operates; they can also make it harder to
train new staff or deal with unexpected
staff absences.
Where major processes are documented,
the process documentation should
explicitly refer to the key controls, i.e.
those that are most important in mitigating
major risks.
Linking internal controls to risk
Internal controls should be matched to
risk, i.e. where there is a risk identified
by the risk management process then it
should be appropriately mitigated by an
internal control. The process of mapping
risks to controls and documenting
controls should not only identify risks
which are not mitigated, but which
controls are unnecessary.
Documenting key processes
Companies should consider documenting
crucial processes to support the risk
management and internal controls
described above, and to ensure that
important processes are understood and
operated consistently.
Internal control
Action points
— Assesswhichprocessesaremostimportanttothebusinessinterms
ofriskandfinancialmateriality
— Prepareaflowchartshowinghowtheseprocessesoperate
— Determinewhatthekeycontrolsareineachoftheseprocesses–
cross-referencingeachkeycontroltotheriskregister
35
The particular details of fraud risks will
vary in each business, but there are a
number of fraud indicators that can be
found in many businesses and that may
point to a potential for fraud.
Internal control and fraud
One of the more significant risks faced by
many companies — and therefore one of
the more important reasons to have robust
internal controls — is the risk of fraud.
Potential indicators of fraud
Whilstitcanneverbepossibletoguaranteedetectionoffraud,the
followingfactorsshouldraisesuspicionsandpromptfurtherinvestigation:
— Oneemployeeresponsibleforanentireprocess,e.g.payments(lackof
segregationofduties)
— Anemployeewhonevertakestimeoff
— Apartofthebusinessthatmaintainsgoodperformancewhenother
indicators–anecdotalevidence,poorperformanceelsewhere–suggest
thatitshouldbeunderpressure
— Looseinternalcontrols,suchaslackofsign-offandapprovalforset-up
ofnewcustomers
— Reconcilingitemsthatmightseemreasonable,butwhichrecuron
everymonthlyreconciliation
— Failuretoperformmonthlyreconciliations
— Employeeswhoseemguardedaboutprovidingaccesstodocuments
andreports,orwhoseektoactasgatekeeperstoallinformation
— Individualswithaccountingorgeneralmanagementresponsibilities
whohaveadministratoraccesstotheaccountingsystem–whilethisis
common,itdoesactasafacilitatortofraud
— Missingdocuments–includingunexplainedgapsinnumerical
sequence
36 BUILDINGBLOCKSFORBUSINESSSUCCESS
— Documentswhichappeartohavebeenaltered,orwhereonlya
photocopyappearsonfile
— Ahistoryofimpropriety–areaswherepastauditsandreviewshave
foundanomaliesorsuspicionsofinappropriateactivity
— Unexplaineddecisionsand/ortransactions
— Requestsforexceptionstotheprocedures,e.g.advancepayment
requests
— Weakmanagement–employeesareallowedfreereinandcontrolsare
notstrictlyenforced
— Baddebtwrite-offsthatareexcessive,suspicious,hasty,ornot
appropriatelyapproved
— Excessiveorincreasinglevelsofstockspoilage/waste/damagedgoods
— Unusuallevelofaddresschangesforvendorsorpayees
— Multiplepayeeswiththesameaddress
— Anylackofaudittrail:forcomputersystems,atransactionhistory
byusershouldalwaysbeavailable;forpaperrecords,anyerrorsor
changesshouldshowtheoriginalrecordcrossedout,notblankedout
ordestroyed
— Significantpurchases,orpurchasesfromnewvendors,beingmade
withoutmultiplecompetitivequotesonrecord
37
Approaches to internal audit
Although large companies will normally
create and maintain their own internal
audit function staffed with dedicated
auditors, for most companies this is not a
practical option. Internal audit functions
for small and medium companies can be
engaged on an outsourced basis, using an
external firm or contractor to provide the
services, typically on a part-time basis. A
co-sourced approach can also be taken,
typically by medium-sized companies
who will engage a core team or one or
more internal auditors supplemented by
external expertise as needed.
Implementing an internal audit function
need not be prohibitively expensive, even
for small organisations. It is perfectly
feasible to deliver an appropriate internal
audit function, which addresses the major
risks faced by a company, with an annual
budget that runs to tens rather than
hundreds of thousands.
What internal audit does
An internal audit function is a separate
function within a company which provides
assurance that the risk and control
processes are operating effectively, and
evaluates and benchmarks processes
in order to make recommendations for
improvements. Internal audit should act
as an independent insider — more familiar
with the operations of the business than
the board members, but nonetheless
independent of management.
As noted in previous chapters, strategy,
risk and internal control are all closely
linked. From this viewpoint, internal
controls serve to mitigate risks to the
achievement of the company’s strategic
objectives. Internal audit has a crucial role
in ensuring that this process operates, i.e.
ensuring that controls effectively mitigate
risk on an ongoing basis.
Internal audit
38 BUILDINGBLOCKSFORBUSINESSSUCCESS
How internal audit can benefit
a business
The benefits of investing in internal audit
are frequently debated. In particular,
many executives question the need for an
internal auditor when there is already a
statutory obligation to engage an external
auditor. In practice, the roles of internal
and external auditors are very different —
whereas the external auditor focuses
almost entirely on whether historical
financial statements show a ‘true and
fair’ view, the internal auditor should
cover all current and future risks faced
by a business, not just the risk of mis-
statement in historical financial reports.
For example, a well-managed internal
audit function will frequently focus on
critical commercial risks, such as the
risks that revenue and profit are not
being maximised. From an external
auditor’s perspective, there is no reason
why a company cannot get a clean audit
report regardless of the extent to which
revenue is being maximised — as long as
transactions are properly recorded and
accounted for. The benefit of internal audit
primarily lies in this crucial difference and
much broader scope. The following table
summarises the differences between the
two audit functions.
The internal audit process
The most widely accepted internal
audit approach is to use a risk-based
process. Starting from the existing risk
register and risk management processes
undertaken by the company, the internal
auditor creates a strategy that focuses on
the highest-risk processes, departments
or functions within the business, and
aims to review these in turn over the
course of a multi-year audit plan.
Once this plan and the associated
priorities have been agreed with the
board, the internal auditor conducts a
review of each area in turn, focusing on
the risks within that part of the business,
and examining the design and operational
effectiveness of the controls that mitigate
the risks.
The internal auditor then prepares a
report identifying control gaps and
recommending improvements to better
mitigate risk, validating the details with
management prior to presenting to the
board. Management should provide
responses to each of the points raised,
and an action plan for resolving the issues.
39
Essential differences between internal and external (statutory) audit
External audit Internal audit
Scopeislimitedtofinancialstatements,andwhethertheyshowa“trueandfairview”
Scopeshouldcoverallpartsofthebusinesswhereriskexists
Approachisdrivenbythematerialityofbalancesheetandprofitandlossitems
Approachisdrivenbythelikelihoodandimpactofrisksineachareaofthebusiness
Perspectiveislargelyhistorical,asidefromthefocusonwhetherthebusinessisagoingconcern
Perspectiveshouldaddresscurrentprocessesandcurrentandfuturerisksfacedbythebusiness
Operatesonanannualbasis,althoughfrequentlyincludesaninterimaudit
Operatesyear-round,accordingtoanannualormulti-yearplan
Mustbeperformedbyanindependentexternalfirm
Canbeperformedbyaninternalresourceorteam,althoughcertainlevelsofindependencemustbemaintained
Externalauditisalegalrequirement Nolegalrequirementforinternalaudit–shouldbedoneonlywherethereisabenefit
Action points
— Assesswhetheryourcompanyhasreachedapointwherean
independentinternalauditfunctionisjustified
— Considerwhethertodevelopanin-houseinternalauditfunction,
oroutsourceit
— Preparecostestimates,orobtainquotes,fordevelopingthe
auditfunction
40 BUILDINGBLOCKSFORBUSINESSSUCCESS
The board and management of a company
should agree what information they
actually need, not just what they are
accustomed to getting. What they need
should be defined by reference to how
they make decisions — information is
valuable and essential if it affects what
decisions need to be made.
The need for high-quality information
in a business
Previous chapters have emphasised the
importance of the board in governing
a company. In order to fulfil this role,
the board must have access to the right
information to understand how the
company is operating and performing.
Likewise, the management team must
have access to an even broader range of
information to enable it to perform its
ongoing duties.
Unfortunately, many companies suffer
either from insufficient information, or
from too much — a surplus of irrelevant
information. To deal with this, awareness
of what information is needed for critical
strategic decisions is essential — it’s
frequently not the traditional financial and
management information that is required.
Reporting and information quality
Common indicators of poor quality management information
— Historical,notforward-looking
— Point-in-timeratherthantrends
— Presentationofinformationcanbepoor
— Focusedoninternal(notexternale.g.banks,grantauthorities)
— Toomuchdetailandvolumeofinformation
— Preparedonanad-hocbasisratherthanautomated
— KPIsandmetricsnotdefined
41
Suggested minimum financial data
Thefollowinglistprovidessuggestionsforthesortofinformationthat
shouldbeavailabletoboardsandmanagementteams:
Historical reports
— Incomestatement(profitandlossaccount):showstherevenue,
expenses,andtheprofitorlossofthecompanyforaspecificperiod
oftime
— Balancesheet:thefinancialpositionofthecompanyonaspecificdate,
intermsofassets,liabilities,andshareholders’equity
— Cashflowstatement:thesourcesandusesofcash,i.e.cashinflows
andoutflows
— Marginreports:moredetailedthantheincome/profitandloss
reports,theseshowhowmuchmargin/grossprofiteachproductor
servicelinemakes;theyshouldbesubdividedasappropriatetoallow
comparisons,e.g.acrosscategories,departments,salesteams,products,
geographicalregions,etc.
— Financingandcreditreports:informationcoveringboththe
company’sowncredit-worthiness,includingdetailsofitsfinancing
status,andthecredit-worthinessofthecompany’scustomersand
debtors
— Salesgenerationreports:informationonthegenerationofnewsales
opportunities,andtheextenttowhichtheyaretranslatedintosales
orders
— Customerservicereports:informationindicatinglevelsofcustomer
satisfaction,e.g.numbersofservicerequests,complaints,warranty
claims,etc.,anddetailsoftheresolutionofcustomerissues,
complaintsclosed,resolutiontime,etc.
42 BUILDINGBLOCKSFORBUSINESSSUCCESS
Forward-looking reports
— Monthlybudgetsandvarianceanalysis:alistofplannedfuture
incomeandexpenseswhichcanbeupdatedperiodicallyand
comparedagainstactualincomeandexpenditure
— Salesforecastandtrendanalysis:forexample,usingsalesfiguresfrom
thesamemonthintheprioryearcoupledwithinformationonthe
currenteconomicclimatetopredictsalesforamonthinthefuture
Action points:
— Performacriticalreviewofalloftheinformationbeingproducedfor
themanagementteamonaperiodicbasis–whousesit,howoften,
andforwhat(ifany)purpose?
— Establishwhichkeyperformanceindicators(KPIs)arenecessaryto
makeongoingbusinessdecisions,andensurethatthereportsand
informationbeingproducedreflectstheseKPIs
43
Devising an appropriate approach
To be successful, a remuneration policy
should be based on a set of performance
metrics that shareholders and managers
mutually agree indicate a positive financial
result for the company. These metrics
will typically incorporate revenue and
profit targets, but must be devised so
that they measure profitability in the
long term, not just short term profit
peaks that may not be sustainable. Once
those measures are agreed, a significant
proportion of executive remuneration
should be made conditional on achieving
those targets. Proportionality should be
built in to the mechanisms, so that partial
achievement of goals, results in partial
award of contingent remuneration, where
appropriate. However, the goals should
be set, and made sufficiently difficult
to achieve, to ensure that executives
are genuinely encouraged to reach the
targets. Remuneration should not be
based on reaching once-off targets, but
on continuously reaching targets over a
period of time.
The need for remuneration policies
Remuneration is obviously a critical
concern for larger companies — listed
companies are required to have a specific
sub-committee of the board devoted
to remuneration. This allows them to
put in place remuneration policies that
ensure that the senior management team
is rewarded for acting to the benefit of
shareholders, i.e. by generating profit
and long-term shareholder value, the
executives are generating wealth for
themselves; conversely, a remuneration
policy should ensure that executives
are not rewarded for failing to generate
shareholder value.
For smaller companies, these goals
are just as important, although the
mechanisms used to achieve them
can be very different. Remuneration
policy should be driven primarily by the
shareholders, and should be done in a
planned and proactive manner, not just as
an annual ad-hoc negotiation exercise.
Remuneration policies
44 BUILDINGBLOCKSFORBUSINESSSUCCESS
The formalising and documenting of
agreed remuneration processes should
therefore ensure that management
is incentivised to meet the goals of
shareholders and the company, i.e. that
management works towards the long-
term enhancement of shareholder value.
Action points:
— Ensurethattheshareholdersandseniorexecutivesagreeasetofkey
performanceindicatorsfortheseniormanagementteam
— Ensurethatbonuspaymentsandsalaryupdatesaremadeinlinewith
performanceagainsttheagreedKPIs
45
Succession in family businesses
Succession planning can be particularly
difficult in family businesses, when
handing over from one generation to the
next. The most successful approach is
likely to involve separating the ownership
from the management of the company,
and treating each differently — it should
be feasible to pass on shareholdings in
a company to the next generation, but
pass on the management of the company
as a separate and distinct process. This
allows management roles to be performed
by the most capable person in each
instance, regardless of whether this is
any particular person, or even whether
they are family members at all. Doing so
is likely to be the best way to protect the
value of the business for the benefit of
all shareholders.
The need for succession planning
Succession planning, i.e. ensuring that
board and management vacancies,
particularly at MD or CEO level, can be
managed, is essential to ensuring that
the company can continue to operate
effectively in the event of resignation,
illness, incapacity, etc.
Approach to management succession
In some cases, typically in larger
companies, it is feasible to have a deputy
MD who is trained and capable of taking
over as MD should the need arise. Even in
smaller companies, it should be feasible
to identify at least one member of the
management team who is capable of
filling in for the MD on an interim basis,
with appropriate assistance from the
board or external advisors as required.
Action points:
— Makesurethereisalwaysatleastonememberofthemanagement
teamwhoistrainedandpreparedtotakeoverfromtheMDinan
emergency
— EnsurethatallessentialaspectsoftheMD’srolearedocumentedto
enablerapidtransitionwhererequired
— Ensurethatnormal(non-emergency)successiontakesplaceina
formalandplannedmannertoensurethatdisruptiontothecompany
isminimised
Succession planning
46 BUILDINGBLOCKSFORBUSINESSSUCCESS
Policies do not need to be lengthy or
detailed to be effective, but must be clear
and unambiguous. If well-drafted and
properly communicated, they can provide
several important benefits, including:
– better assurance of good
management and staff practices
– a better defence against legal liability
for management and directors
– annual confirmation of compliance
with policies will focus the minds of
your management and staff on their
obligations.
The need for policies
A company should have a comprehensive
range of formal policies at board,
management and staff level. These
should set standards for appropriate
conduct; many of these may already have
been defined by HR (e.g. bullying and
harassment policies) or IT (e.g. acceptable
use policies), but many policies need
input from multiple functions within an
organisation. Examples of these include
policies on ethics and whistle-blowing,
and policies on information security,
privacy and protection of personal and
confidential data. Companies also have
a legal obligation to implement certain
policies, for example in relation to health
and safety.
Action points:
— Discusswithmanagementandemployeeswhatpolicieswouldprovide
guidanceonhowtoworkandbehavewithinthecompany
— Draftpoliciesforthemostimportanttopics,usingtemplatesorreadily
availableguidancewhereappropriate
— Collateallpoliciesintoasinglepolicydatabase–preferablyonline,
e.g.onaninternalwebserverorintranet–andkeepthemuptodate
— Communicatepoliciestoallemployeessothattheyareclearthat
complianceismandatory
Company-wide policies
47
In practice, since many companies are
already dealing with adverse conditions,
directors and management should be on
the lookout for any indicators, no matter
how minor, of worsening circumstances.
The guidance below provides some
indicators that may point to the
deterioration of a company’s financial
situation, as well as some recommended
actions for directors to bear in mind in
such circumstances.
As companies continue to experience
difficult trading conditions across most
sectors, it is essential for management
and boards alike to keep a close watch
on their companies to ensure that any
indication of worsening of the financial
position is identified early enough to be
dealt with.
Warning signs that a business may be in difficulty
— Customersaretakinglongerandlongertopay
— Suppliersarereluctant–orunwilling–toextendcredittothesame
extentasbefore
— Bankfacilitiesaredueforrenewal,andthereisnofirmcommitment
fromthebanktocontinuetoprovidecredit
Essential actions to take when a business is in difficulties
— Beawareoftheextentofdutiesowedbydirectorstoshareholders,and
actinaccordancewiththoseduties
— Beabletodemonstratethatyoudidso:
– ensurethatappropriateinformationwasrequestedandobtained
fromthemanagementteamwherethereisanysuspicionof
impendinginsolvency
– askappropriatequestionsandmakesurethatthereisanaudit
trailofthis,containedinboardminutes,emails,etc.
Governance considerations for businesses in difficulty
48 BUILDINGBLOCKSFORBUSINESSSUCCESS
— Getexternalprofessionaladvicefromaninsolvencypractitioner
— Takeaproactiveapproachtoresolvingissues,particularlythose
involvingcashflowandtheavailabilityofcredit
— Holdboardmeetingsfrequently
— Ensuregoodquality,timelymanagementinformationisavailable
— Avoidincurringunnecessaryexpenditure—eventotheextentof
temporarilyforgoingdirectors’salariestohelpthecompanythrough
adifficultperiod
Action points:
— Beawareoftheindicatorsofworseningfinancialconditions
— Makesurethatboardsandmanagementconducttheirbusinessina
prudentmanner,avoidingrecklesstradinginthefaceofinsolvency,
andeventheappearanceofrecklesstrading
49
Board structure, roles and
responsibilities
Institute of Directors in Ireland,
Directors’ Handbook www.iodireland.ie
The Boardroom Centre, Institute of
Directors in Ireland http://www.
iodireland.ie/the-boardroom-centre
Institute of Chartered Secretaries and
Administrators (ICSA) guidance notes
on corporate governance: http://www.
icsa.org.uk/resources/guidance (Select
Resource Types › Guidance Notes and
Subjects › Governance/Corporate
Governance)
Institute of Chartered Secretaries and
Administrators: ICSA Guidance on Terms
of Reference — Audit Committee http://
www.icsa.org.uk/assets/files/pdfs/
guidance/071012.pdf
Institute of Chartered Secretaries and
Administrators: ICSA Guidance on Matters
Reserved for the Board http://www.icsa.org.
uk/assets/files/pdfs/guidance/071011.pdf
General corporate governance topics
Organisation for Economic
Cooperation and Development, OECD
Principles of Corporate Governance,
2004. http://www.oecd.org/
dataoecd/32/18/31557724.pdf
R. I. Tricker, Twenty Practical Steps to Better
Corporate Governance, Corporate Secretaries
International Association, March 2010.
http://www.csiaorg.com/pdf/research_
paper.pdf
References and further reading
©2011,GrantThornton,InstituteofDirectorsinIreland.Allrightsreserved.
51
52 BUILDINGBLOCKSFORBUSINESSSUCCESS
Institute of Directors in Ireland
Europa House Harcourt Street Dublin 2
Tel: +353 1 411 0010 Fax: +353 1 411 0090
www.iodireland.ie
Grant Thornton
24-26 City Quay Dublin 2
Tel: +353 1 680 5805 Fax: +353 1 680 5806
www.grantthornton.ie