Corporate Governance Risk

8/8/2019 Corporate Governance Risk

1/27

Board and risk management


2/27

The Financial Reporting Council (FRC) Combined Codesets out the purpose of Corporate Governance asfollows:

Good corporate governance should contribute tobetter company performance by helping a boarddischarge its duties in the best interests ofshareholders; if it is ignored, the consequence may wellbe vulnerability or poor performance. Good

governance should facilitate efficient, effective andentrepreneurial management that can delivershareholder value over the longer term.


3/27

Role of the board in managing risk

Boards have a responsibility to identify and understandthe conditions within which their organisations areoperating,

ensure that there is alignment between long and shortterm strategy,

ensure that there is alignment between long and shortterm strategy,

to ensure th

at remuneration policies are in line with

the long term strategy, that ethical standards, riskmanagement and assurance practices are appropriateso as to identify potential issues as soon as possible


4/27

Types of risk faced by companies

Members of the board although are not

supposed to look into day to day

management,but have to formulate a

strategy to avoid the major risks asociated

with the companies.

Common types of risk are:

A) Financial Risks


5/27

Financial risk

Global financial crises have hit the banking andthe financial servives sector.

Companies in the other sectors have also been

hit,thus care has to be taken of the liquitdityneeds,risk associated with the foreign exchange .

Operational risk which is the risk associated withdocumentational problems have to be also

looked into time and again in order to avoid anykindof inaccurate business deals which could leadto unintended exposure.


6/27

fraud

Complexity of globak companiestransactions,financial reporting process havegiven rise to unethical behaviour such asfraud,bribery, accounts manipulations.

Also unethical behaviour of the employes or theemployee damages the reputaion of thecompanies.

It has become imperative for the companies tomaintain appropriate monitoring and auditingprocess due to alert media,investors ,regulatoryauthorities.


7/27

Bribery / foreign corruption

This pertains to the companies whichhasbusiness opeations abroad.

Concentration should to be towards the Foreign

Practices Act(FCPA). Senior officer should be designated with relevant

expertise to manage the operations.

2.Establish anonymous reporting mechanism.

3.Strong internal control.

4.Regularly auditing business lines.


8/27

disasters

Crises management procedures should be

adopted to deal with the material occurances of

material disruptions in the financial

systems,terrorist attacks and the natural

disasters.

Focus should be on insurance coverage,disaster

planning which includes emergency procedures,alternate supply chain,emergency staff

planning,emergency liquidity planning .


9/27

Products liability

This arise due to large scale damage awards throughjury verdicts,settlement in products liabilityor fromstrict product safety laws and reg ulations.

Recent legislation in consumer product safety

modernization Act in Aug 2008 in response toconsumer product safety issues in connection with thelarge number of recall of imported goods from China.

Thus special attention must be give by the companiesregarding engg,procurement,manufacturing,qualitycontrol sales and distribution.

Board should be regularly be informed about all kindsof transactions particularly with the third parties.


10/27

Health and safety

Board should review with the management

the programs in place to maintain the

companies facilities in complaince with

relevant legal standards and provide

adequate safety training.


11/27

Insurance

Insurance, both commercial insurance andself-insurance, covering operational risks ispart of a companys risk management

structure. In overseeing risk management, the

companys board or relevant committeeshould be briefed on the companys insuranceprograms,the type and level of insurancecoverage.


12/27

Information Technology

To comply with the norms and security of the nation where thecompany is dealing.

Failures of IT systems can cause major business disruption,including significant revenue and business losses, while breaches ofIT system security can have legal consequences such as private

lawsuits and regulatory restrictions caused by compliance issueswith applicable data security regulations.

Ex black berry case recently.

In the context of data security and privacy regulation, it is also

important to keep in mind foreign laws and regulations, such asconsumer privacy laws in Europe that are significantly stricter thanthose in the U.S.


13/27

Intellectual Property

Safeguarding the integrity of a companys intellectualproperty (IP) including patents, trademarks andcopyrights, trade secrets, know-how and preventingthe misappropriation of another partys intellectual

property are both important parts of overall riskmanagement for many companies.

IP rights face risks of appropriation (act of takingpossession of or assigning purpose to properties orideas )and exploitation in todays environment, as they

often are relatively easily accessible for other partiesthrough the use of sophisticated technical means, suchas spyware, or by partners in business relationshipswith whom the company works globally,


14/27

What the board should do?

Management should review with the board or the relevantcommittee the companys organizational structures and proceduresfor IP protection, including:

(1) proper recognition of inventions by employees, suppliers, jointventures, and other parties;

(2) transformation of inventions into protected intellectual propertyrights of the company;

(3) adequate protection of trade secrets against misappropriationor loss of knowledge by or to employees, consultants,partners,suppliers, vendors, or other third parties;

(4) appropriate processes to register anddefend patent and other IPrights; and

(5) sufficient diligence processes to avoid the infringement of theother parties rights.


15/27

Antitrust Compliance

Charges of price-fixing, the abuse of a dominant position and otheranticompetitive practices that violate U.S. and other antitrust lawscan carry with them the prospect of lengthy governmentinvestigations, heavy fines, reputational damage, and exposure toprivate lawsuits.

Ex Microsoft was fined approximately 497 million by the EU for alleged abuse of its dominant position in the

EU market,

and the European

Commission recently imposed its highest-ever cartel penalty ofmore than 1.3 billion on a group of companies deliveringautomotive glass in Europe.

Case of vodafone in india.


16/27

Employment Practices

Employment-related claims are most commonly based on allegeddiscrimination,sexual and workplace harassment, wrongfultermination, emotional distress, misrepresentation,written or oraldefamation, and retaliation against whistle-blowers.

To protect against these risks, companies

1. should have clear policies and procedures for hiring, promotion,and compensation and robust

2. programs for educating supervising employees about their legalobligations.

3. The policies should be regularly reviewed and updated to reflect the

most recent legal developments and4. should be clearly documented in employee handbooks and other

sources of employee information.


17/27

Social Responsibility and Human Rights


18/27

RECOMMENDATIONS FOR

IMPROVING RISK

1) adequately identify the material risks that thecompany faces in a timely manner, (2) implement

appropriate risk management strategies that areresponsive to the companys risk profile

and specific material risk exposures, (3) integrateconsideration of risk and risk management into

business decision-making throughout the company,and (4) include policies and procedures that

adequately transmit necessary information withrespect to material risks to senior executives and,

as appropriate, to the board or relevant committee.


19/27

I Dedicated commitee or sub-

committee NYSE gives audit committee the right to discuss policies

with respect to risk assessment and risk management.

Many companies because of complexity of riskmanagement there is a need to have risk-management

commitee exclusively. Alsothe audit company may not be able to view the risk

management at the board level.it tends to focus more onauditing and accounting standards.

There should be serious and thoughtful board-level

attention to companiesrisk management process whichwould give time for designing and companies policies andprocedures to respond and mitigate all kinds of risks.


20/27

II specialized committes

There should also be specialized comm to lookinto overall risk and management system.

Companies compensation structure s should be

reviewed and revised to avoid incentives thatpromote excessive risk taking.

Specialized companies should be targeted tospecific areas of risk exposure.eg banks maintain

credit or finance committee.

Energy companies have to take care of env andsafety measures.


21/27

III board training

orientation and training programs for new directors should bereviewed to make sure that such programs enable directors to gainan understanding of the companysbusiness quickly, and thecompanys risk profile should be incorporated into that training.

If necessary, additional time and content should be devoted to

educating new directors so that they have a full picture of thecompany.

Training and tutorials should be tailored to the issues most relevantand important to the particular company and its business.

For example, commercial banks and investment

banks th

at issue and deal in volatile securities and derivativesgenerally monitor their exposure to risk through daily calculationsbased on the market


22/27

IV Board and Committee Composition

Directors are selected who has a background ofindustries or relevant industry so that they havethe expertise.

For a board on wh

ich

th

eCEO is th

e solemanagement representative, consideration mayalso be given to adding a secondor thirdmanagement representative,such as chief riskofficer, to provide an additional source of direct

input and information on the companysbusiness, operations, and risk profile in theboardroom.


23/27

Lines of Communication

The ability of the board or relevant committee to perform itsoversight role effectively is, to a large extent, dependent upon therelationship and the flow of information between the directors,senior management, and the risk management executives in thecompany.

Directors need to be more proactive in order to get more inforegarding the risk environment internal and external

Senior risk managers and senior executives should be comfortablein informing the board or relevant committee of extraordinary riskissues and developments that need the immediate attention of theboard outside of the regular reporting procedures.

the committee charged with risk oversight should also report on itsdiscussions and findings to the full board on a periodical basis.


24/27

Legal Compliance Programs and

Corporate Culture

Senior management should provide the board orrelevant committee with an appropriate review of thecompanys legal compliance programs and how theyare designed to addressthe companys risk profile.

There should be a strong tone at the top from theboard and senior management emphasizingt hat non-compliance will not be tolerated.

The compliance program should be designed bypersons with relevant expertise and will typicallyinclude interactive training as well as written materials.


25/27

Compliance policies should be reviewed periodically inorder to assess their effectiveness and to make anynecessary changes.

Finally, th

ere sh

ould be a clear reporting system inplace so that employees understand when and towhom they should report suspected violations.

A company may choose to appoint a chief complianceofficer and/or constitute a compliance committee toadminister the compliance program, includingfacilitating employee education and issuing periodicreminders.


26/27

the board or relevant committee should also

encourage management to promote a corporate

culture that understands risk management

and incorporates it into its overall corporate

strategy and its day-to-day business

operations.assessment of risk, the accurate

calculation of risk versus reward, and the prudent mitigation of risk should be

incorporated into all businessdecision-making.


27/27

Anticipating Future Risks

The companys

ongoing effort to assess and analyze the most

likely areas of future risk for the company.

Anticipating future risks is obviously a key

element of avoiding or mitigating those risks

before they become crises.

Documents

Corporate Governance Risk