CORPORATEGOVERNANCE BEST

PRACTICESStrategies for Public, Private, and

Not-for-Profit Organizations

FREDERICK D. LIPMAN

with

L. KEITH LIPMANon

Information Technology

John Wiley & Sons, Inc.

ch00fm_4682_R1 6/29/06 11:18 AM Page iii

File AttachmentC1.jpg

ch00fm_4682_R1 6/29/06 11:18 AM Page vi

Corporate GovernanceBest Practices

ch00fm_4682_R1 6/29/06 11:18 AM Page i

Also by Frederick D. Lipman:

Valuing Your Business: Strategies to Maximize the Sale Price

Audit Committees

The Complete Guide to Employee Stock Options

The Complete Guide to Valuing and Selling Your Business

The Complete Going Public Handbook

Financing Your Business with Venture Capital

How Much Is Your Business Worth?

Going Public

Venture Capital and Junk Bond Financing

ch00fm_4682_R1 6/29/06 11:18 AM Page ii

CORPORATEGOVERNANCE BEST

PRACTICESStrategies for Public, Private, and

Not-for-Profit Organizations

FREDERICK D. LIPMAN

with

L. KEITH LIPMANon

Information Technology

John Wiley & Sons, Inc.

ch00fm_4682_R1 6/29/06 11:18 AM Page iii

This book is printed on acid-free paper.

Copyright 2006 by Frederick Lipman and L. Keith Lipman. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmittedin any form or by any means, electronic, mechanical, photocopying, recording, scanning,or otherwise, except as permitted under Section 107 or 108 of the 1976 United StatesCopyright Act, without either the prior written permission of the Publisher or authorizationthrough payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc.,222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-646-8600, or on theweb at www.copyright.com. Requests to the Publisher for permission should be addressedto the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken,NJ 07030, 201-748-6011, fax 201-748-6008, or online atwww.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used theirbest efforts in preparing this book, they make no representations or warranties with respectto the accuracy or completeness of the contents of this book and specifically disclaim anyimplied warranties of merchantability or fitness for a particular purpose. No warranty maybe created or extended by sales representatives or written sales materials. The advice andstrategies contained herein may not be suitable for your situation. You should consultwith a professional where appropriate. Neither the publisher nor author shall be liable forany loss of profit or any other commercial damages, including but not limited to special,incidental, consequential, or other damages.

For general information on our other products and services, or technical support, pleasecontact our Customer Care Department within the United States at 800-762-2974, outsidethe United States at 317-572-3993 or fax 317-572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content thatappears in print may not be available in electronic books.

For more information about Wiley products, visit our Web site at www.wiley.com.

Library of Congress Cataloging in Publication Data:

Lipman, Frederick D.Corporate governance best practices : strategies for public, private and not-for-profit

organizations / Frederick Lipman, L. Keith Lipman.p. cm.

Includes index.ISBN-13: 978-0-470-04379-0 (cloth)ISBN-10: 0-470-04379-2 (cloth)

1. Corporate governance. I. Lipman, L. Keith, 1967 II. Title.HD2741.L5323 2006658.4dc22

2006008675

Printed in the United States of America

10 9 8 7 6 5 4 3 2 1

ch00fm_4682_R1 6/29/06 11:18 AM Page iv

www.wiley.com

To Gail and Kimberly

ch00fm_4682_R1 6/29/06 11:18 AM Page v

ch00fm_4682_R1 6/29/06 11:18 AM Page vi

vii

Contents

Preface ix

Acknowledgments xi

PART I

BEST PRACTICES FOR ALL ORGANIZATIONS 1

1 Why Is Corporate Governance Important? 3

2 Summary of Major Corporate Governance Principles and Best Practices 9

3 Best Practices to Monitor Risk in Different Organizational Departments 33

4 Monitoring and Changing the Corporate Culture 54

5 The Internal Audit Function 65

6 Compensation Committees of Public, Private, and Not-for-Profit Organizations 74

7 Other Committees 89

8 Independent Directors and Their Committees 94

PART II

INFORMATION TECHNOLOGY CORPORATE GOVERNANCE 107

9 IT Content: Best Corporate Governance Practices 109

10 IT Security Best Corporate Governance Practices 122

ch00fm_4682_R1 6/29/06 11:18 AM Page vii

viii Contents

PART III

THE PUBLIC COMPANY AUDIT COMMITTEE 135

11 Who Can Qualify for a Public Company Audit Committee? 137

12 Public Company Audit Committee: Personal Liability of Audit Committee Members 146

13 Minimum Responsibilities of Public Company Audit Committees 156

14 Other Public Company Audit Committee Functions 165

15 30 Best Practice Considerations for the Public Company Audit Committee 174

16 Who Is an Independent Auditor? 201

PART IV

PRIVATE AND NOT-FOR-PROFIT ORGANIZATIONS 213

17 Corporate Governance for Family-Owned and Other Private Businesses 215

18 Corporate Governance for Not-for-Profit Organizations 221

PART V

APPENDIXES 235

A Summary of Sarbanes-Oxley Act of 2002 237

B Risk Assessment Chart under Auditing Standard No. 2 251

C Uncooking the Books: How Three Unlikely Sleuths Discovered Fraud at WorldCom 256

D Suggested Corporate Governance Web Site Resources 265

Index 267

ch00fm_4682_R1 6/29/06 11:18 AM Page viii

Preface

This book is intended to be a practical guide to best corporate governance prac-tices for public, private (including family-owned businesses), and nonprofit orga-nizations, using concrete real-life examples. Good corporate governance isimportant to private companies that wish to attract bank and other institutional fi-nancing and equity investors. Private family-owned businesses need good corpo-rate governance to establish dispute resolution mechanisms to prevent familyquarrels from harming the business, particularly after the founder has died or re-tired. Not-for-profit organizations need to practice good corporate governance inorder to assure their contributors that their gifts will be well spent.

The Sarbanes-Oxley Act of 2002 and accompanying Securities and ExchangeCommission (SEC) and listing rules legally mandate minimum corporate gover-nance practices for most public companies. This book will be helpful to boards ofdirectors and management of public companies that want to engage in the bestpractices, not just minimum legal requirements. Public companies that engage inbest practices will generally be more attractive to investors and will receive highercorporate governance ratings.

This book proceeds on the assumption that a best practice is one in which thebenefits to the organization substantially exceed the cost of implementation. Thisbook discusses current best practices, with the understanding that best practicestend to evolve over time. What is a best practice today may not be a best practicein the future. Although the book is addressed primarily to U.S.-based organiza-tions, the general principles are applicable to foreign entities as well, althoughmodifications must be made to account for legal and cultural differences.

Part I of this book (Chapters 1 through 8) describes best practices and providespractical guidance to the boards of directors and management of all organiza-tions, whether public, private, or not-for-profit. Chapter 1 describes the benefits toall organizations of good corporate governance, how to make the benefits exceedthe cost, and why exclusive reliance on outside auditors does not work. The as-sumption that only public companies need to follow best practices is disputed inChapter 1.

Chapter 2 summarizes best practices in general for all organizations and dis-cusses internal investigations and the fiduciary duties of directors, using concreteexamples. Chapter 3 deals with the best practices to monitor risk in different or-ganizational departments, such as human resources, sales, purchasing, insurance,tax, legal, and corporate development, whether these services are provided in-houseor are outsourced. Chapter 4 focuses on the important issue of corporate cultureand provides examples of best practices to monitor and change the corporate cul-ture. Chapter 5 discusses the internal audit function, which is extremely importantto good corporate governance, and suggests best practices for internal audit. Chap-ters 6 and 7 describe best practices for the compensation and other committees.

ix

ch00fm_4682_R1 6/29/06 11:18 AM Page ix

The formation and operation of independent director committees (also called spe-cial committees) is covered by Chapter 8.

Part II of this book (Chapters 9 and 10) covers best corporate governance prac-tices for information technology (IT) content and security. Part II is also applica-ble to all organizations, since all organizations use IT to some degree. Chapter 9deals with IT content best practices, and Chapter 10 deals with IT security bestpractices.

Part III of this book (Chapters 11 through 16) focuses on the particular corpo-rate governance issues of public company audit committees. Chapter 11 dealswith the qualifications for a public company audit committee. Chapter 12 dis-cusses the personal liability of audit committee members. The minimum respon-sibility and other functions of public company audit committees are covered inChapters 13 and 14.

Chapter 15 discusses 30 issues of importance to public company audit com-mittees and provides best practice advice on each issue. Specific warning eventsto the audit committee are described (such as insider stock sales, a significant shortposition in the stock, a chief executive officer with an extravagant lifestyle), whichshould trigger more intensive audits. Chapter 16 deals with the important topic ofwhen an auditor can be considered independent and focuses on the serious con-sequences to public companies whose auditors flunk the independence test.

Not-for-profit and private companies should review carefully the best practicesfor public companies discussed in Part III; they may wish to adopt many of thesesame practices.

Part IV of this book (Chapters 17 and 18) deals with the special issues of non-profit and private organizations (including family-owned businesses), many ofwhich wish to adopt good corporate governance but do not wish to be bound byall of the costly procedures applicable to public companies.

Part V of this book contains Appendixes A through D, which include a shortsummary of the Sarbanes-Oxley Act of 2002 (Appendix A), a Risk AssessmentChart describing a risk rating system for financial statement accounts (AppendixB), an interesting article, entitled Uncooking the Books: How Three UnlikelySleuths Discovered Fraud at WorldCom on how the internal auditor discoveredthe WorldCom fraud (Appendix C), and a few suggested corporate governanceWeb site resources (Appendix D).

x Preface

ch00fm_4682_R1 6/29/06 11:18 AM Page x

Acknowledgments

The authors wish to acknowledge the assistance of these attorneys at Blank RomeLLP in preparing this book: Jane Storero, Esq., Jeffrey Myers, Esq., Jennifer HaleEagland, Esq., Jonathan Goldstein, Esq., Kevin Cronin, Esq., Yelena Barychev,Esq., Jay Reynolds, Esq., and Stephen Luongo, Esq. We would also like to ac-knowledge the contributions of Alexander D. Bono, Esq., former partner of BlankRome LLP and currently General Counsel of Commerce Bancorp, Inc., particularlyto Chapter 12. Kara Popovich, a Blank Rome LLP paralegal, was kind enough toproofread different versions of the manuscript.

Barbara Helverson, my secretary, showed great patience in assisting me in typ-ing, retyping, and further retyping the manuscript for this book.

xi

ch00fm_4682_R1 6/29/06 11:18 AM Page xi

ch00fm_4682_R1 6/29/06 11:18 AM Page xii

Part I

Best Practices forAll Organizations

CH01_4682_R1 6/29/06 11:19 AM Page 1