1

P1 – CORPORATE GOVERNANCE, RISKS & ETHICS

A) Corporate Governance (CG):

Why CG?

Globalization (Parity of treatment for local and foreign investors and characteristics of individual cultures)

High profile corporate scandals, failures and general dissatisfaction with financial reporting standards

Definitions of CG:

CG is a system by which companies are directed and controlled in the interest of shareholders and other

stakeholders: Cadbury Report (1992).

CG is a set of relationships between directors, shareholders and other stakeholders. It also provides the structure

through which the objectives of the company are set and determined and also provides the means of achieving

those objectives and monitoring performance: OECD.

Business Case/Benefits of CG: (FOCUS-IS-BAGS)

F - Framework for pursuing organizational strategies

O - Operation of appropriate and adequate control system with risk management

C - Confidence and trust of shareholders

U - Underpins capital market confidence

S - Safeguards companies‟ assets and shareholders‟ interests

I - Increase in management accountability

S - Sustainable wealth creation

B - Better management leads to better financial performance

A - Attraction for institutional investors

G - Governance dividend (Benefit of increase in share price that shareholders receives from good

CG)

S - Socially responsible dividend (Benefit of increase in revenue and share price that company

receives from customers and investors)

Purpose and Objective of CG:

In Private Sector:

Purpose: Monitor those parties within a company who control resource owned by shareholders.

Objective: Contribute to improved corporate performance and accountability in creating long-term

shareholder value.

In Public & Not-For-Profit Sector:

Purpose and objective within these organizations varies and is complex. Such organizations are often appraised

according to the “Value-for-money” that they generate. A detail discussion is made later in this chapter.

What is Value-for-money?

Value-for-money may be defined as performance of an activity to simultaneously achieve three E‟s i.e.

Economy, Efficiency and Effectiveness. In literal meaning, maximizing benefits for the lowest costs.

2

Concepts of CG: (HAIRDRIFTIS)

The foundation of governance is the action of an individual. These actions are guided by individual‟s moral

stances and an appropriate set of moral stances includes the following:

H - Honesty/Probity (Not only reporting the true financial position but also not misleading)

A - Accountability (This stems from acceptance of responsibility and as a results of which being

accountable for actions and decisions)

I - Independence (Avoidance of being unduly influenced by vested interests and taking an objective

position)

R - Responsibility (Maintaining conscious behavior and willingness to accept liability for outcome

of governance decisions)

D - Decisions/Judgments (Balancing competing interests and possessing sound business and its

surrounding knowledge to reach meaningful conclusions to numerous issues and giving each

issue due consideration)

R - Reputation (Developing and maintaining personal reputation and moral stance of company)

I - Integrity (Steadfast adherence to ethical standards and maintaining straightforward dealing)

F - Fairness (Sense of equality in dealing with all stakeholders and reaching equitable judgments)

T - Transparency/Openness (Clear and open disclosures including voluntary disclosures and lack of

withholding relevant information unless necessary)

I - Innovation (Transforming knowledge and ideas into new products, processes and systems for the

benefit of company and its stakeholders. In CG context, innovating reporting and communication

medium with shareholders)

S - Skepticism (Critically assessing evidences and maintaining an attitude which includes

questioning mind and being alert to conditions which may indicate possible misstatement due to

fraud or error)

History & Development of UK CG Code:

(i) Cadbury Report (1992): Code of best practice

(ii) Greenbury Report (1995): Director‟s remuneration and disclosures in annual reports

(iii) Hampel Report (1998): Substituted principles for details where possible

(iv) Combined Corporate Governance Code (1998): Issued by LSE – London Stock Exchange

(v) Turnbull Report (1999, Revised 2005): Risk Management and Internal Control System

(vi) Smith Report (2003): Role of audit committee

(vii) Higgs Report (2003): Role of non-executive directors

(viii) UK CGC – Corporate Governance Code (2010): Revision with name change.

Governance other than CG:

Public Sector:

Here, principals (stakeholders) and agents are different than for private sector. In public sector, principals are

mainly taxpayers, electors or users of the services (e.g. patients in state hospitals) whilst agents in this case

becomes the political leaders who in turn are principal to their agents i.e. elected officials/executive officers.

Funders and users of the services are therefore sometimes the same people (e.g. taxpayers placing their children

in state school).

Public sector organizations tend to be concerned with a social purpose and aims to achieve “Value-for-money”

by delivering their services efficiently, effectively and economically.

3

This is often depicted as the three E‟s:

Efficiency: Yielding an acceptable return on the money invested.

Effectiveness: To deliver the best service for which organization was created to provide given a level of

resource input.

Economy: To deliver service on time and within budget to create a shared value for taxpayers,

workers and users.

NGOs/Charities:

Often privately funded, such organizations tends to be task oriented (e.g. eradication of poverty) and driven by

people having a common interest of providing variety of services and humanitarian functions (e.g. Red Cross,

Edhi, Make-a-wish Foundation etc.). They also differ from “for profit & public sector” organizations in terms

of regulation, strategic purpose, societal expectation, stakeholders and governance arrangements.

Such organizations are managed by executives and non-executives directors/managers/boards who act as agent

and answerable to the “trustees” of the organization, whereas trustees then in turn act as agent for the

“donors/beneficiaries”. Trustees are placed to make sure that NGO/Charity operates in line with its stated

purpose.

Governance Arrangement: Oversight Body:

Since, control and monitoring is complex in sectors other than private, therefore to achieve accountability, a

system of reporting and oversight needs to be established.

In Public Sector: Board of Governors

In NGOs/Charities: Board of Trustees

An oversight body is an external body, comprising of executives and non-executives, formed to act in the

interest of providers of finance i.e. taxpayers/donors to make sure services being delivered on time and is for the

benefit of the users. The roles of oversight body include:

Ensure service compliance with prescribed rules.

Ensure performance targets are met.

Set and monitor performance against budgets.

Oversee senior/key appointments.

Monitor management performance.

Removing underperformers.

Report to higher authorities.

Agency Theory: (Shareholders, Directors & Auditors)

Agency theory is a group of concepts describing the nature of agency relationship that exists between principal

(shareholders) and agent (directors or auditors). In the context of CG and public company, shareholders appoint

directors to run the affairs of the company on their behalf and this leads to separation of management and

ownership. This separation results in conflict of interest as agent objectives (higher salary, bonuses, status) will

differ from those of principal‟s (maximization of shareholders wealth). Issues also arise because directors and

shareholders have different attitude to risk taking. All these issues can be addressed but at “Agency Cost”.

An agency relationship is one of trust and confidence between an agent and principal, which obliges agent to

meet the objectives placed upon him and to discharge its “Fiduciary Duty” to the principal.

4

What is Agency Cost?

This cost is borne by principal and arise largely from principal monitoring activities of agent and also indirectly

incurred as agent spends time and resources on certain activities. This could be in monetary terms and resources

or time consumed (e.g. audit fees, directors‟ incentives, cost of annual report preparation and analysis reports,

AGMs, committee activity, cost of meetings, residual losses resulting from directors furnishing themselves with

cars and planes).

What is Fiduciary Duty?

A duty imposed upon person because of the position of trust and confidence in which they stand in relation to

another. The duty is more onerous than generally arises under a contractual or tort relationship. It requires full

disclosures, accounting for profit received as a result of the relationship and to avoid conflicts of interest.

Duties of Directors as Agents:

Fiduciary duty is owed to entity, not to individual shareholders (Section 170, Companies Act 2006)

171. Act within their powers.

172. Promote the success of the company.

173. Exercise independent judgment.

174. Exercise reasonable skill, care and diligence.

175. Avoid conflicts of interest.

176. Not to accept benefits from third parties.

177. Declare an interest in a proposed transaction or arrangement.

Overcoming Agency Problems:

Profit related pay

Share issue schemes

Share option schemes

Regular meeting between directors and key institutional investors.

B) CG Stakeholders:

Stockholder vs. Stakeholder Theory:

Stockholder Theory: Milton Friedman was of the view that shareholders alone have a legitimate claim to

influence over the company (as they own it). An organization and its management are solely responsible for

profit maximization for shareholders.

Stakeholder Theory: Donaldson & Preston draws two motivational theories for organizations and its

management describing a moral case for business to know how its decision effects people both inside and

outside the organization. Modern corporations are so powerful socially, economically and politically that their

unrestrained use of power will inevitably damage other people‟s rights. Therefore a company must consider the

interest for a range of stakeholders. Following are two views towards stakeholders‟ theory:

Instrumental View: Fulfillment of responsibilities towards stakeholders is desirable because it

ultimately contributes to companies attaining their objectives of profit maximization. Therefore

stakeholders are to be used as instrument to pursue other objectives. It lacks moral consciousness.

Normative View: This stems from moral consciousness as accommodating stakeholders is an end in

itself – organizations must accept moral duties towards stakeholders as it is important to consider

concerns and opinion of others else not doing so will result in breakdown of social cohesion.

5

A B

C D

Classification of Stakeholders:

Internal (directors, company secretary, management, employees, trade union)

vs. Connected (shareholders, customers, suppliers, lenders, competitors)

vs. External (auditors, regulators, government, stock exchange, small & institutional investors)

Direct (Such stakeholders having straightforward claims and are unambiguous)

vs. Indirect (Such stakeholders are voiceless e.g. individual customer of large company, environment,

wildlife, future generations)

Primary (Those required by organization to continue its existence e.g. shareholders, customers,

suppliers, government)

vs. Secondary (Not essential for organization e.g. wider community)

Narrow (Those most affected by organization‟s strategies e.g. shareholders, employee, customers)

vs. Wide (Those less affected by organization‟s strategies e.g. government, wider community)

Voluntary (Those involved with organization of their free will e.g. management, employee, customer)

vs. Involuntary (Involved due to reasons e.g. regulators, government, community)

Active (Those who participates in organization‟s activities e.g. management, employee, customers)

vs. Passive (Those who do not wish to participate e.g. shareholders, government, community)

Legitimate (Those who are rightful in their claims e.g. employee, shareholders, customers)

vs. Illegitimate (Those who have no legal status of their claims)

Managing Stakeholder Relation (Mendelow Matrix Model):

Segment A: Typically small shareholders and general public having lack of

power and interest to influence CG. They require minimal efforts.

Segment B: Staff, customers, suppliers and environmental pressure groups is

placed in this segment. They normally try to persuade high power group to

take actions. They must be kept informed.

Segment C: Institutional investors and national government are placed in this

segment. They must be treated with care and kept satisfied.

Segment D: Major customers, large shareholders, directors and trade unions are found in this segment.

Organization‟s strategies and actions must be acceptable to them.

C) Approaches to CG:

Principles Based Approach:

The UK model is principles based and is governed through Stock Exchange Listing Rules which requires only

public listed companies to state in its annual reports that how they have complied with the requirements of CG

codes or explains in case they have not.

Characteristics (FLAWS):

F – Flexible and focuses on objectives

L – Lays stress upon areas where rules cannot be applied (e.g. culture, relationship with stakeholders)

A – Applied to cross jurisdiction

W – Works on comply or explain basis

S – Stock exchanges have prime role in setting standards

6

Rules Based Approach:

The US model is rules based where compliance with CG is enshrined into law by Sarbanes-Oxley Act (SOX).

Characteristics (MENDOS):

M – More emphasis on definite approach

E – Easy to see compliance as simply „box-ticking‟ exercise whether comply or not

N – No leeway, deviation or escapes

D – Difficult to deal in questionable situation where not enough guidelines in rulebook

O – Obeying the letter of law rather than its spirit

S – Standardization for all companies.

Which approach to use for a country?

Dominant ownership structure (bank, family or multiple shareholder)

Legal system and its power/ability

Government structure and policies

State of the economy

Culture and history

Level of capital inflows or investment coming into the country

Global economic and political climate

Sarbanes-Oxley Act (SOX):

In 2002, following a number of corporate failures and scandals like Enron and WorldCom, US developed tough

and rigid CG regulations known as SOX. Key provisions in SOX are as follows,

Application. Applies to all US listed companies and to all subsidiaries in the world if it has US based

parent company.

Accuracy of Financial Statements. All listed companies must provide a signed certificate (by CEO and

Chairman) to SEC vouching the accuracy of their financial statements.

Incase financial statements are restated due to material non-compliance than CEO and CFO must forfeit

bonuses received in previous 12 months.

Auditor Independence. Auditors are restricted to perform audit related work (and tax) and refrain from

non-audit work.

Audit Committee. Companies must have an audit committee if they are to continue their trade.

Audit Partner. Senior audit partner working on client‟s audit must change every 5 years.

Restrictions on dealing. Directors prohibited from dealing in shares at „sensitive times‟.

Increased Financial Disclosures. Detailing off-balance sheet transactions.

Internal Control Report. Annual report must contain statement regarding the system of internal control.

Public Entity Oversight Board. Independent body comprising of 5 members and is responsible for

enforcing professional standards in accounting and auditing.

Insider/Outsider System of Governance:

Insider System:

Jurisdiction where most listed companies are controlled by small family group or handful of

shareholders.

Formal and robust CG is not really required as agency issues do not generally arises here.

The system promotes long-term view of investment.

Suitable for under-developing countries.

7

Outsider System:

Dispersed and wide-spread shareholding.

Most suitable for advance and developed countries.

More robust and formal CG is required here to protect the interest of all shareholders.

Succession issues can be planned more easily and effectively.

The system promotes short-term view of investment.

D) Board of Directors:

Board Structures:

(i) Unitary Board Structure. Single tier board comprising of executive and non-executives directors where all

directors have equal responsibilities and play an active role. Especially, presence of NEDs in board is not

limited to supervising, but running of the company as well. Since all directors need to actively participate,

decision making imposes time constraints but however NEDs have better access to information they need.

(ii) Two-Tier (Dual) Board Structure. It consists of two sub-boards where lower tier is “management board”

and upper tier is “supervisory board”. There is clear and formal separation between those monitoring

(NEDs) and those being monitored (EDs). Lower tier board is responsible for day-to-day running of the

company and is led by CEO, while upper tier board, consisting of wide range of stakeholders (e.g. employee

representative, pressure groups, institutional investors etc.)is responsible to appoint, supervise and advice

management board and led by Chairman. Such type of board exists in high ethics bound country like

France, Germany.

Board Diversity:

Board should comprise of individuals belonging to different backgrounds. It could bring better governance,

effective decision making, utilization pool of expertise and enhances corporate reputation. A board could be

diversified using a range of demographic variables like race, ethnics, age, gender, education, status, religion etc.

Professionals like international experienced, lawyers, accountants, doctors or directors of private companies can

also be considered.

Board Meetings:

An agenda should be placed which consider short-term and long-term issues and every director should

have his/her input on the agenda.

Meetings should be regular and all directors should attend it and each director must commit to provide

sufficient time. (CG discourages appointment of full-time ED to more than one NED/Chairman position

in FTSE 100 companies.)

Chairman should direct meeting proceedings considering sufficient time and input from everyone.

Potential Problems for Board:

Mostly boards rely on information provided by management and therefore may not have that time or

skills to look at every detail, thus allowing management obscure problem and true state of the company.

Occasionally meetings in the board may cause unfamiliarity within board members and therefore

difficult to question the management.

Most of the times, CEOs have forceful personalities and sometimes they exercise it too much to

influence rest of the board.

Performance of CEO is judged by directors who appoints him/her

8

Appointment of Directors:

The first directors are nominated by promoters of the company and retire at first AGM. However, after first

nomination, Articles of Association (AoA) governs this issue and Table A provides “yearly-rotation-based”

election system under which one-third of the directors retires every year (not including CEO and those offering

themselves for reelection). For large listed companies (FTSE 350), EDs should face re-election every year and

for small listed companies, EDs may face election every 3 years.

UK CGC (2010) suggests that NEDs should normally serve for 6 years. If incase, an NED serve longer than 6

years than an explanation should be provided. Higgs Report suggests that NEDs should face reelection after 9

years.

Removal of Directors:

Removal of ED is possible by a simple ordinary resolution (though this may be in breach of service contract).

However, AoA provide additional ways to remove a director.

Directors Personality & Skills:

Personality: Motivated, proactive and experienced (been there, done that)

Skills: Listening, Questioning, Negotiating, Leadership, Specialist Knowledge, General Business Knowledge

Role & Responsibilities of EDs: (DEEP.SEA.DR.SEM)

UK CGC (2010) provides key roles and responsibilities of directors which are as follows,

Providing entrepreneurial leadership of the company.

Represent company view and account to public.

Decide on a formal schedule of matters to be reserved for board decisions.

Determine the company‟s mission and purpose (strategic aims).

Select and appoint the CEO, Chairman and other board members.

Set the company values and standards.

Ensure that the company‟s management is performing its job correctly.

Establish appropriate internal controls that enable risk to be assessed and managed.

Ensure that the necessary financial and human resources are in place for the company to meets its

objectives.

Ensure that its obligations to its shareholders and other stakeholders are understood and met.

Meet regularly to discharge its duties effectively.

For listed companies;

Appoint appropriate NEDs

Establish remuneration committee

Establish nomination committee

Establish audit committee

Assess its own performance and report it annually to shareholders.

Submit themselves for reelection at regular intervals. All directors in FTSE 350 companies should face

reelection every year.

9

Non-Executive Directors (NEDs):

(i) Role of NEDs: (StRiP-Performance)

St – Strategic Role (Contribution in strategy development, challenging strategies and offering advices)

Ri – Risk Role (Ensure that company has adequate systems of internal controls and systems of risk

management in place)

P – People Role (Contribution in committees working; remuneration, nomination and audit committee

where deciding remuneration and nomination of EDs and attending regular meetings with shareholders.)

Performance Scrutiny Role (Reviewing performance and holding EDs and management to account for

objectives, decisions and results)

(ii) Independence for NEDs:

UK CGC (2010) states that the board should include balance of NEDs and EDs. This balances power towards

executives. The board should contain half of NEDs excluding Chairman and one such NED should be directly

available to shareholders if they have concerns which cannot be dealt with other appropriate channels like

Chairman, CEO or Finance Director. NEDs primary holds fiduciary duty to company‟s shareholders. An NED

to be independent means,

They should avoid business, financial or personal interests with the company (including share options

and pensions). Also, Cross Directorship should be avoided.

Appointment should be for a specific period and the whole board should decide on their remuneration.

Part of independence is that, NEDs should be able to question intelligently, debate constructively,

challenge rigorously and decide dispassionately.

(iii) Threats to Independence:

Material business relationship with the company in last 3 years

Employee in last 5 years

Cross directorship in other companies

Receiving other remuneration from the company besides NED fee

Close family ties with EDs

Significant shareholding

Serving on board for more than 9 years

(iv) Recruiting NEDs:

Recruiting those with relevant industry experience can bring in higher technical knowledge, network and sound

awareness of business issues within the industry. However, these elements could also make the NED less

independent as objectivity may be compromised.

Chairman:

Roles of Chairman: (FREE-TREE)

F – Facilitate board appraisal (at least once a year)

R – Running the board (e.g. setting board agenda and planning board meetings)

E – Ensure timely and accurate information to board

E – Encourage active involvement of all (especially NEDs)

T – Taking the lead in board development (e.g. succession planning, composition, structure and size of

the board)

R – Reporting in and signing of accounts

10

E – Ensure effective two-way communication with shareholder and asks questions on behalf of

shareholders (public face) and also between EDs and NEDs

E – Ensure sufficient time being allocated for controversial issues

CEO

CEO is the leader of management and at below the board level. CEO is responsible for running the business of

the company and implementing the strategies and decisions of the board and reporting to Chairman/Board.

Roles of CEO: (BRIBE)

B – Business objectives and strategies development and management

R – Risk management (in line with „risk appetite‟ accepted by the board) and giving ownership to

organization‟s control

I – Investment and financing opportunities examined

B – Board and committee composition recommendation

E – Evaluating structure of organizational operation, performance appraisal and remuneration

suggestions

Why Chairman and CEO should not be the same person?

It is vital for good CG to separate the roles of Chairman and CEO to avoid “unfettered decision-making

power” in the hands of single individual.

Separation is also necessary as CEO have greater deal of influence in appointment of EDs while

Chairman over NEDs.

CEO becoming Chairman will results in interference in executive matters.

Separation of roles also brings division of responsibilities as Chairman is the leader of the board and

CEO is leader of management.

Separation of roles is also a reflection that these two positions are demanding.

E) Board Committees:

There are four types of board sub-committees;

(i) Nomination Committee (Majority NEDs, Structure & composition of board, Induction of new EDs)

The committee should comprised wholly or partially of NEDs. The nomination procedure should be

formal, rigorous and transparent. Essentially, a nomination committee has three roles as follows,

Future Role - Succession Planning. It should objectively consider, on a regular basis, the desirable size

of the board, skills, knowledge and experience possessed by the current board, the need to maintain a

balance between EDs and NEDs, succession planning and the need for diversity.

Past Role - Appraisal. Performance of the board, its committees and individual directors should be

assessed once a year. The appraisal should cover a review of the board‟s systems, performance

measurement, responses to problems/crisis, level of information board has, quality of information,

fulfillment of legal requirements, contribution by individual directors, assessment of level of delegation,

ability to learn lessons from experience, team-work, focus on long-term or too much involvement on

day-to-day matters etc.

Present Role - Induction. The nomination committee is also responsible for induction process. An

effective induction program should aim to:

Build an understanding of the nature of the company, its business and its markets (culture,

values, products, services, group structure, constitution, procedures, principal assets and

liabilities, contract, major competitor, regulatory constraints etc.)

11

Build an understanding of the company‟s people (meeting, visits to main sites)

Build an understanding of the company‟s main relationships (customers and suppliers etc.)

(ii) Remuneration Committee (100% NEDs, Policies, decisions & reports on pay & other benefits of EDs)

The committee to comprise only NEDs and to determine the organization‟s general policy on remuneration of

EDs. It has four main roles,

Setting overall remuneration policy

Decision on individual remuneration

Reporting

Compliance with law

UK CGC (2010) suggests that the packages need to attract, retain and motivate directors. Directors should be

assessed by non-financial matrices. There should be a balance between basic rewards and incentives (e.g.

transaction, loyalty bonus, share options). Bonuses should be related to measureable performance (Greenbury).

Voluntary elements of pay should be capable of being reclaimed in case of misstatement/misconduct.

NEDs should not be offered share options, however EDs could be offered share options with vesting period not

less than 3 years.

Benefits in kind and pensions should also be considered. Care, however needs to be taken in case of loans to

directors. Length of service contract should not be too long. Most codes recommend the period to be no longer

than 12 months. Singapore codes suggest a notice period of 6 months or less.

Annual accounts should disclose remuneration policy and packages of individual directors.

(iii) Risk Committee (Majority NEDs, Company risk exposure & strategies)

Discussed Later.

(iv) Audit Committee (100% NEDs, Controls, internal audit and external audit)

Discussed Later.

F) Board and Shareholders:

UK CGC (2010) emphasizes on a regular dialogue between the directors (particularly senior NEDs) and the

shareholders (particularly with institutional shareholders).

The main forum for such dialogues is the AGMs. Board should actively encourage shareholders to attend

general meetings. Ideally, the board should provide business presentations during the AGM, while the

chairpersons of the board committees should also be present to answer any questions.

UK Stewardship Code recommends that institutional shareholders should attend AGM and not only vote but

also provide their clients with details of how they have voted. They may even place requisition for general

meeting if needed.

12

G) Reporting on CG:

Disclosures help reduce “Information Asymmetry”. The LSE requires the following disclosures to be made,

“A narrative statement of how companies have applied the principles set out in CGC, providing any necessary

explanations and statement on compliance with CGC throughout the accounting period. In case of non-

compliance, the relevant provisions need to be disclosed along with the reasons for the non-compliance.”

Additionally, a “Directors Report” should also be published which contains,

Information about directors

Responsibilities of directors (including preparation of accounts)

Attendance details

Brief details of committee workings

Relationship with auditors and shareholders

Effectiveness of internal controls

Business review (operational & financial review)

Voluntary/Additional Disclosures: (Qualitative in nature, Non-numerical)

Besides the above, the companies should make voluntary disclosures (perhaps in consultation with the

investors) as this helps provide a wider information perspective, different focus (mostly future oriented) on

information and assurance about management‟s commitment. Examples of voluntary disclosures includes,

chairman statement, CEO review statement, environmental policies, risk policies etc.

Reasons/Benefits of Voluntary/Additional Disclosures: (BRACoS)

Brings accountability

Reduce information asymmetry

Attracts investors

Compliance with laws and regulations

Service to range of stakeholders

13

H) Internal Controls & Risk:

Corporate Governance & Risk Management:

CG requires directors/board to:

Establish appropriate controls and mechanism for dealing with the risks faced by the organization.

Monitor risks themselves by performing regular review.

Disclose their risk management policies and processes in the annual report.

I) Internal Control Systems: (The Control Environment)

What are Internal Controls?

Internal control is any action taken by the management to enhance the likelihood that established objectives and

goals will be achieved. It provides management with reasonable assurance that strategic objectives will be met

(Turnbull Report).

The principles and rules based approach discussed earlier in the context of CG equally applies to „Internal

Control System‟ as well.

UK Turnbull Report identifies the following characteristics of an internal control system:

Be embedded in the operation of the company and be a part of its culture.

Be capable of responding quickly to evolving risks.

Include mechanisms and procedures for highlighting/reporting immediately to management about

significant controls failures.

Benefits of Internal Controls: (TAPASA)

T – Timely reporting

A – Achieves orderly business conduct

P – Preventing and detecting fraud

A – Avoiding errors

S – Safeguard assets

A – Adherence to policies

COSO Framework – Enterprise Risk Management (ERM):

The „Committee of Sponsoring Organizations (COSO)‟ of the Treadway Commission lists the following as the

characteristics of ERM;

It is a process (ideally embedded),

Operated by people at every level,

Applied across the enterprise (each unit manager assessing his unit‟s risks),

Geared to achievement of objectives,

Provides reasonable assurance to management,

Applied in strategy setting,

Designed to identify risks and manage them within risk appetite.

Benefits of Enterprise Risk Management (ERM): (MIS-CLARP)

M – Minimizes surprises and losses

I – Identify and manage risks across the organization

S – Seize opportunities

14

C – Choose best risk response

L – Link growth, risk and return

A – Alignment of risk appetite and strategy

R – Rationalizes capital

P – Provide responses to multiple risks

Process of Control:

Internal/control environment (how strong do the controls need to be?)

Objective setting

Event/risk identification

Risk assessment (controllable/uncontrollable)

Risk response (avoidance, reduction, transfer, acceptance)

Control activities/procedures (policies, codes etc.)

Information and communication (following up, down and across)

Monitoring (to make necessary modification and changes)

Limitations of Internal Controls: (CHOCCUP2)

C – Cost of control

H – Human error/fraud

O – Overestimation of risks

C – Collusion between employees

C – Control being dependent on method of data processing

U – Unforeseen circumstances

P – Poor judgment

P – Possibility of controls being by-passed by employee/directors

J) Risk Attitudes & Internal Environment:

Risk Appetite:

Even a „Risk Averse‟ business will tolerate risk up to a point provided that it yield an acceptable return. „Risk

Seeking‟ business may not be bothered by level of risks, but must manage such risks. Risk management is

analyzing what the key value drivers are and the risks tied up with those value drivers.

Among the other factors shaping „Risk Appetite‟ are personal views, shareholders demand, organizational

history, experience (e.g. significant losses in the past), size (e.g. large companies can afford risk management

experts and diversification), structure and lifecycle stage of the organization.

An organization‟s attitude towards risk will generally be influenced by the priorities of its shareholders. The

stakeholders include shareholders (who may be more interested in dividends and/or long-term capital gains).

Creditors (who may prohibit excessive risk taking), employees (who will be interested in job security and

health and safety issues), customers and suppliers, government/regulatory authorities as well as the wider

community.

15

Embedding Risk Awareness:

E&Y in their report „Managing Risk across the Enterprise‟ emphasize that risk assessment should evolve into a

consistent, embedded activity rather than be executed as a stand-along process. The elements identified for such

embedded approach are;

Focus on risks to stakeholders values (future growth opportunities and core business operations, rather

than risk to processes)

Consistent action-oriented risk assessment criteria (monitoring, improvement, focus, accountability)

Common reporting elements and styles

Risk management is included within the control systems

Approval and support from the board

Risk Embedding can be considered at two levels;

Embedding risk in systems

Embedding risk in culture

Process of Embedding Risk Management:

1) Identify the controls that are already operating within the organization

2) Monitor those controls to ensure that they work

3) Improve and refine the controls as required

4) Document evidence of monitoring and control operation.

Risk Culture:

Culture is the „pattern of basic assumptions that a given group has invented, discovered or developed, in

learning to cope with its problems of external adaptation and internal integration, and that have worked well

enough to be considered valid and therefore to be taught to new members as the correct way to perceive, think

and feel in relation to these problems.‟; Schien.

Changing The Culture:

Communication with all concerned is a must here.

Such communication may be through regular briefings, newsletter, intranet, workshops, refresher courses,

making policies and procedures readily available to the employees, employee‟s consultation inter se, induction

sessions for new employees.

ERM should be integral part of everyone‟s job description; staff should understand the need to resist pressure

for superiors to participate in improper activities and to report this to authorities (COSO). Risk management

should be included as a part of performance appraisal.

Training is another must. Employees should be taught why risks should be managed and be involved in the

process.

Employees may resist change as it involves extra efforts of unlearning and relearning, there may be self-

interests to protect, or they may misunderstood or disagree with the change or simply mistrust the management

and not be bothered about the change.

16

Organization should ensure job satisfaction, leading by example, peer confirmation through learning

experiences and proper infrastructure to achieve successful change.

Organizations should have clear risk policy statements and risk registers (listing and prioritizing main risks,

responsibility index and actions taken).

Risk Management Responsibilities:

The primary responsibility for determining risk management strategy and monitoring risks is that of the board.

The board also sets appropriate policies on internal controls and seeks assurance that the controls are

functioning effectively.

The CEO takes the ownership of risk management and internal control system and must monitor other directors

and senior staff.

Although limited in scope, the internal and external audit committee functions deal with risks as well.

Turnbull stresses upon the role of management in implementation of risk management system. Both managers

and staff should know their responsibilities and how to report on them.

Board Risk Management Committee:

Although the board‟s audit committee may serve this purpose, a large company should have separate risk

management committee of its board. UK Walker Report recommends such committees for FTSE-100 banks and

life insurance companies.

This committee will have more time, focus and powers than the audit committee to manage risk. Unlike the

backward looking focus of audit committee, the risk management committee can have forward looking focus of

determining risk appetite and monitoring appropriate limits.

Among its functions would be approving risk management strategy, reviewing reports on key risks, monitoring

overall exposure, assessing effectiveness of risk management systems and providing early warning to the board.

Role of Risk Committee: (SEEM-R)

S – Strategies and policies

E – Early warning indicator

E – Effectiveness of risk management system

M – Monitoring risk exposure

R – Reviewing report on key risks

Risk Management Specialists: (PRICE-DEED)

A specialist risk manager could be hired to provide following functions;

P – Providing overall leadership, vision and direction for ERM

R – Reporting to CEO on progress and recommendations

I – Implementing set of risk indicators and reports

C – Championing ERM competence and awareness throughout organization

E – Establishing integrated ERM framework

17

De – Developing policies

E – Establishing common ERM language

D – Dealing with insurance companies

Objective Setting:

Internal control is all about achieving objectives by managing risks. Granger identifies 3 types of objectives:

Mission (general objective, open-ended)

Corporate objective (concerned with whole firm, quantifiable)

Unit objective (at divisional, business units and subsidiary levels)

COSO divides objectives in 4 categories:

Strategic

Operational

Reporting

Compliance

K) Risks:

Risk is an unrealized future loss arising from a present action or inaction. Return is, on average, a function of

risk (David Campbell). Risk is simply what can go wrong.

Risks can be strategic/business (for the board to determine) and operational (for the line or unit management

mainly). The former relates to fundamental decisions that directors take about the future of the organization and

the latter relate to matters that can go wrong on a day-to-day basis. Usually, operational risks can be managed

by having internal control systems.

Operational risks include;

Human error

IT failure

Fraud

Business interruption

Loss of key person

Non-compliance with regulations/internal procedures

Poor quality production

Not having input materials at the required time

Strategic Risk:

Strategic risks may be threat to profits which depend on the decisions made by the management about the

products and services it supplies (obsolescence, change in technology etc.) or they may be threats that do not so

depend (e.g. natural disaster). Strategic risks are capable of affecting the overall mission of the company.

Relevant factors to consider strategic risk include;

Types of markets within which organization operates

State of economy

18

Competitors

Dependence upon inputs

R&D capacity

Stage in product/organization lifecycle

Example of Business Risks:

Financial Risk

Financing Risk (lack of financier/excessive commitments/wrong sort of debt/restrictive covenants by

creditors)

Liquidity Risk & Cash Flow Risk (assets cannot be liquidated quickly and fairly/mismatch of cash

inflow and outflow)

Gearing Risk (This is a risk arising from exposure to high financial gearing and large amounts of

borrowings.)

Credit Risk (Credit risk is the possibility of losses due to non-payment or late payment by customers)

Currency Risk (Currency risk or foreign exchange risk arises from the possibility of movements in

foreign exchange rates and the value of one currency in relation to another.)

Interest Rate Risk (Interest rate risk is the risk of unexpected gains or losses arising as consequences of a

rise or fall in market interest rates.)

Derivatives Risk (It refers to the risks due to the use of financial instruments.)

Product Risk (The risk that customers will not buy new products (or services) provided by the organization or

the sales demand for current products and services will decline unexpectedly. Failing to innovate may also

result in risk.)

Technology Risk (These risks arise from the possibility that technological change will occur and render the

current technological system of an organization.)

Environmental Risk (Normally faced by in agricultural, chemical and transportation sectors and arises due to

environmental effects of company‟s operation. For e.g. pollution or restriction of supply of natural resources to

business due to scarcity or environmental factors)

Economic Risk (It refers to the risks facing by an organization from change in economic condition. For e.g.

economic growth, recession, govt. spending policy, taxation policy, unemployment ratio, international trading

conditions)

Business Probity Risk (This risk could arise of way of governance and ethics of the organization. For e.g.

leaking confidential information, lack of trust in business dealings, bribery, corruption etc.)

Property Risk (Damage or destruction to property)

Disruption Risk (For e.g. IT failure, employee errors, loss of employee/supplier etc.)

Organizational Risk (Grouping and lobbying within organization. For e.g. labor unions)

19

Reputation Risk (Image of company suffers due to anything that went wrong. For e.g. production of poor

quality products, product recalls, adverse publicity, unethical advertising, poor CG, poor ethics etc.)

Market Risk (Risks which derive from the sector in which the business is operating and loss due to an adverse

move in the market e.g. fall in value of assets, lack of resources, customer dissatisfaction etc.)

Legal or Litigation Risk (This risk arises from the possibility of legal action being taken against an

organization. For e.g. penalties, suits filed from customers, suppliers, competitors etc.)

Political Risk (This risk depends largely to the extent of political stability in the countries in which companies

operates and the attitude of governments towards protectionism.)

Regulatory Risk (Risk that regulatory bodies will affect the way an organization has to operate.)

Compliance Risk (It is the risk of losses, possibly fines resulting from non-compliance with laws or regulation.)

Health & Safety Risk (These are inherent risks arising from particular industry in which an organization

operates like oil rigs, factories, coal mines etc. For e.g. injury, loss of life, compensation for defaults etc.)

Fraud Risk (This risk arise from intentional and willful acts. For e.g. ghost employees/suppliers, data

falsification, hacking, alteration in programs, theft of information)

Knowledge Management Risk (This risk arises from unauthorized use of knowledge resources. For e.g. misuse

of intellectual property)

Entrepreneurial Risk (This is the necessary risk which is associated with every new business or product

venture or opportunity in the new or existing market. For e.g. major investment failing to deliver)

L) Risk Assessment & Response to Risks:

Risk Assessment:

While not always easy, organization must assess and respond to risks dynamically.

Risk assessment determines mitigation or management strategies. Underestimation of risks or exaggeration can

both result in additional costs and inefficient resource allocation (Stop and Go Errors!).

It is important therefore, not only to assess all relevant risks but also the severity and frequency of risks.

Risks quotient may change due to organization‟s own strategic decisions or those by the competitors, suppliers,

customers etc. Other factors influencing risk include technology and general social, economic and political

factors etc.

Objective Approach to Risk Assessment: Accounting Ratios

Debt Ratio (Total Debt / Total Assets) x 100 [50% is the benchmark]

Gearing Ratio (Interest Bearing Debt / Shareholders Equity Interest Bearing Debt) x 100 [50% is the

benchmark)

20

Interest Cover (PBIT / Interest Charges) [Interest cover of 3 times or below is worryingly low]

Cash Flow Ratio (Net Cash Inflow / Total Debts)

Current Ratio (Current Assets / Current Liabilities) [Ideally excess of 1]

Quick Ratio (Current Assets less Inventories / Current Liabilities) [Ideally at least 1]

Other significant warnings include;

Significant fall in revenue

Large increase in costs of capital

Increase in variables/inventories

Dependence on short-term credit

Risk Interrelation:

Risks may be inter-related (correlation or covariance). In case of positive correlation, risks will increase or

decrease together (product fault risk and reputation risk). In case of negative correlation, one risk will increase

as the other decreases (expenditure on controls reduces most risks but increases financial risks.)

Subjective Approach to Risk Assessment: (Likelihood/Consequences Matrix)

Including Risk Response Strategies (Accept, Reduce, Transfer, Avoid)

Even when risk has to be accepted, judgment will be involved in deciding what level of risk is as low as

reasonably practicable (ALARP Principle).

A dynamic environment requires constant risk assessment and flexibility in approach.

Transfer: Risk may be transferred through insurance, hold harmless agreements and limitation of liability.

Avoidance: Organization needs to consider if it is really desirable?

Reduction: Policies need to be in place, which will be achieved through Risk Mitigation Techniques. Reduction

may also involve contingency planning (identifying the post-loss needs). Physical (e.g. safety devices) and

psychological (e.g. awareness and commitment) factors should be employed to effect loss control.

Low

High

Likelihood (Risk Probability)

Consequences (Impacts/Hazards)

High Low

ACCEPT REDUCE

TRANSFER AVOID

21

A good policy is risk diversification, i.e. avoiding having all of the risks positively correlated. This can be done

(though perhaps not by all organizations) through a mix of higher and lower risk investment, mix of debt and

equity financing, separate divisions and subsidiaries, forward and backward integration and international

portfolio diversification.

Acceptance: Sometimes the risk is unavoidable or risk may be insignificant or too costly to manage. In these

cases, the risk is generally accepted. Self/captive insurance may be considered here.

Financial Risk Management:

Advantages of financial risk management include;

Reduction in earnings volatility

Reduced average tax liability

Improved credit rating

More opportunities to invest

Protection of cash flow

Better reputation

Methods of financial risk management include;

Risk diversification

Risk sharing

Risk transfer

Internal strategies (e.g. vesting and monitoring of and ceilings of credit limits with credit triggers)

Risk hedging (future and forward contract, call or put options, swaps)

Risk Hedging:

Forward Contract (Commitment to undertake a future transaction at a set time and price)

Future Contract (Commitment to an additional transaction in the future)

Call or Put Options (Grants an option on a party to buy or sell at a certain price in the future)

Swaps (Parties agree to exchange payments on different terms, e.g. a borrower borrowing at floating rate

may exchange this liability with one who borrowed at a fixed rate)

What is ALARP Principle?

Risk cannot be eliminated fully; therefore ALARP Principle simply states that residual risk should be as low as

reasonably practicable, taking into account the costly nature of risk reduction.

ALARP simply states that cost of reducing the risk should not exceed the benefit of reducing it.

Such principles are applied to areas which are generally not in the control of the company, like health

and safety risks at oil rigs, construction, chemical, coal mines companies.

Control Activities: (SPAM-SOAP)

S – Segregation of Duties (Each duty and task should be taken separately and should have different

persons responsible for running it. Each task then runs effectively, which reduces the risk of error.)

P – Physical Control (Tight security and procedures is needed to control the access to assets. Access

must be limited to the authorized personnel only.)

A – Authorization and Approval (Approval for every document is needed with specified limitation to the

authority.)

22

M – Management Controls (Four control functions – ORIS)

(i) Overall supervisory controls

(ii) Review of management accounts and comparison with budgets

(iii)Internal audit function

(iv) Special review procedures

S – Supervisory Controls (Centralization will help supervision across management so each transaction

and recording can be supervised.)

O – Organization as a Control (Enterprises should have a planning, control and decision making

function to define and allocate responsibilities and identify lines of reporting for all aspects of the

enterprises operations specified in the delegation of the authority. Responsibility should be clear.)

A – Arithmetical and Accounting Control (Auditing job must be authorized and correctly recorded and

accurately processed.)

P – Personnel Control (Person in a specific job must have specific responsibilities with appropriate

capabilities.)

Other Control Activities: (GF-CoMBA2T-VPD)

G – General and application controls (computer related)

F – Financial and non-financial controls

Co – Corporate control (general policies)

M – Management control

B – Business process control (authorization limits etc.)

A – Administrative control (division of responsibilities etc.)

A – Accounting control (accurate accounting records)

T – Transaction control (complying with procedures etc.)

V – Voluntary and mandatory control (regulatory license etc.)

P – Prevent, detect and correct control

D – Discretionary and non-discretionary control (ATM pins etc.)

M) Information, Communication & Monitoring:

Information:

Strategic Information: Required to plan the objectives of the organization and to see if the objectives are being

met. Examples include future market prospects, availability and accost of new funds, total manning level etc. It

is prepared on ad-hoc basis.

Tactical Information: Used to decide how resources of business should be employed and then monitor that, e.g.

productivity measurement, variance analysis and short-term purchase requirement etc. it is prepare o routine

basis.

Operational Information: Used to plan and carry out specific operational tasks.

Direct Information: Substantiates the operation of controls, obtained by observing and testing controls in

operation.

Indirect Information: It is other relevant information, including operating statistics, key risk and performance

indicators etc.

23

Qualities of Good Information: (ACCURATE)

A – Accurate

C – Complete

C – Cost beneficial

U – User targeted

R – Relevant

A – Authoritative

T – Timely

E – Easy to use

Information should be used effectively. Information from different sources should be compared and any

discrepancies found must be followed up and addressed. Information should be passed on to all relevant

persons.

Information Sources:

Directors own efforts (walking about, visits)

Reports from subordinates (COSO recommends two-way taling)

Lines of communication (whistle blowing with no reprisals, staff attitude survey, staff should believe that

organization wants to learn about their problem)

Reports from control functions (internal audit/audit committee, HR)

Reports on certain activities (e.g. IT and other projects)

Reports on resolution of weaknesses

Results of checks (right sort of checks, random checks)

Exception/variance reporting (factors to consider include materiality, controllability, variance trends, costs,

inter-relationship of variances)

Feedback from customers

Communication:

Turnbull report emphasizes how each employee has responsibility for internal control and must therefore have

the necessary skills, knowledge and understanding of the relevant risks.

Communication with employees is therefore important. It may be through regular briefings, newsletter, intranet,

workshops, refresher courses, making policies and procedures readily available to the employees, employees

consultation inter se, induction sessions for new employees. Risk management should be an integral part of

everyone‟s job description and training days should be encouraged. The effect of cultural factors upon control

functions should also be kept in mind.

Information to be communicated may include customer relations, service levels, health and safety, security of

assets, expenditure, accounting, financial and other reporting.

24

Monitoring:

COSO provides that the entirety (not just financial) of ERM should be monitored (assessment by appropriate

personnel of design and operation of control on a suitable timely basis) and modifications made as necessary.

Any weaknesses should be reported, assessed and root causes to be corrected (control procedures only makes

correction, monitoring corrects root cause of the problem).

This may be achieved through ongoing management activities (routine review of reconciliations etc.), separate

evaluations (by audit committee/internal audit, includes annual reviews of control procedures) or both.

Effective and efficient monitoring requires:

A proper foundation (proper tone at the top of organization, effective organizational structure, people

with appropriate skills and authority, objectivity and competencies)

Monitoring procedures based on prioritizing risks and identifying persuasive information

Assessing and reporting results

Monitoring Procedures: (QuaSC-ASAP)

Qua – Quality assurance reviews

S – Self assessment

C – Continuous monitoring programs

A – Analysis/follow up of operating reports

S – Supervisory review of controls

A – Audit committee enquiries

P – Period evaluation and testing of controls by internal audit

Internal Audit:

Internal audit is an independent appraisal function established within an organization to examine and evaluate

its activities as a service to the organization. The objective of internal audit is to assist members of the

organization in the effective discharge of their responsibilities. To this end, internal audit furnishes them with

analysis appraisals, recommendations, counsel and information concerning the activities reviews: UK Institute

of Internal Auditors.

Role of Internal Audit Function:

Review of accounting and internal control system

Examination of financial and operating information

Review of economy, efficiency and effectiveness of operations

Review of compliance with laws

Review of safeguarding of assets

Review of implementation of corporate objectives (effectiveness of planning, CG, communication etc.)

Identification and assessment of significant risks, monitoring overall risk management policy and

reporting to (Risk Audit)

Special investigations into particular areas (e.g. suspected fraud)

Turnbull report recommends that listed companies without internal audit function should annually review the

need to have one and those having such function should annually review the scope, authority and resources.

25

Whether or not an organization needs an internal audit function would depend on:

Scale and diversity of operations

Number of employees

Change in key risks

Problems with internal control systems

Increased number of unexplained events

Risk Audit:

Risk identification

Risk assessment

Review of internal controls

Reporting

Risk Audit can be performed by Internal and External Auditors.

Internal Auditor vs. External Auditor:

Internal Auditor External Auditor

An activity designed to add value to organizations

operations.

An exercise leading to an expression of opinion on the

financial statements.

Reports to board or audit/risk committee Reports to shareholders

Often an employee of an organization Independent of the management and the company

Role of Audit Committee: (CLARISSA)

C – Create a climate of discipline and control

L – Land an air of credibility and objectivity

A – Assists CFO/FD

R – Reviews financial statements

I – Independent judgments by NEDs

S – Strengthens the position of Internal Audit

S – Strengthens communication with External Audit

A – Assists in resolution of disputes

Audit committee must not however act as a barrier between the external auditor and the main board or allow the

board to abdicate its responsibilities in audit area. UK Smith Report recommends that the audit committee

should consist entirely of NEDs; one of them should at least have significant and recent financial experience.

Board’s Role:

Board review is the last stage of the audit process. Turnbull recommends that review of internal controls should

be an integral part of the company‟s operations. The board should regularly review reports, concentrating on

what the risks are, effectiveness of management and internal control system, how risks are monitored and how

any weaknesses are handled, what actions are taken to reduce risks etc.

26

M) Ethics & Social Responsibility:

Ethical Theories (Approaches to Ethics):

1) Absolutism vs. Relativism Theory:

Absolutism Relativism

There is unchanging and only one set of moral/ethical

rules and they are always true in all situations.

There are many sets of moral rules and these rules will

change over time in one society.

These set of moral rules are common to all societies. These sets of moral rules will be different in different

societies.

In absolutism, truth in one culture may be imposed as

truth in another culture.

Truth is less likely to be imposed because of

acceptance of different sets of moral rules and beliefs.

Now, absolutism tends to believe that each culture (or

society) has its own truths and that truth should be

protected in that culture.

In relativism, ethics and moral beliefs continue to

change as due to acceptance of ideas from different

races, religions, sects etc.

However, some truths are universal (or international)

irrespective of culture, religion or geography. For e.g.

murder anti-social act, not killing women and children.

Since, greater acceptance of moral and ethical codes,

truths will continue to evolve and may change over

times.

Advantage: This theory lays unambiguous rules that

people are able to follow to know that their actions are

right.

Advantage: Flexibility and acceptance of values and

beliefs of others. More inclined towards justification

of an action and conditions behind it.

Disadvantage: Failure to take account of evolving

norms (Is it ok tell a lie to save an innocent life?).

Disadvantage: Anything goes philosophy.

Dogmatic vs. Pragmatic Approach:

The idea of absolutism and relativism can be illustrated further with two similar concepts;

Dogmatic Approach: It takes the view that there is one truth and this truth is to be imposed in all

situations. This viewpoint corresponds to absolutism.

Pragmatic Approach: It attempts to find the best route through a specific moral situation. This

corresponds to relativism as attempting to find a solution based on given belief

system of the individuals involved.

2) Deontological & Teleological Theory:

Deontological Teleological

Right or wrong is based on the action itself.

A non-consequentialist approach.

An action can only be deemed right or wrong when the

morals/attitude behind taking that action is known,

hence not dependent upon the outcome of decision.

Key Maxims: An action to be “morally right” need to

satisfy all these three tests;

Consistency. Acts that are desirable to become

universal law, mean action can only be right if

everyone can follow the same underlying

principle.

Human Dignity. Act so that treating humanity.

Universality. Would the action be viewed as

morally suitable? Could it bring net benefit to

society?

Whether a decision is right or wrong depends on the

consequences or outcomes of that action.

A consequentialist approach.

As long as the outcome is right (beneficial), the action

is irrelevant.

Outcome can viewed with two perspectives;

Egoism (Individualism). What is best for me?

Egoist do what appears to be right in society

and which makes them feel better. However,

outcomes of the actions on all members of

society cannot be determined.

Utilitarianism (Society as a whole). What is

best for the greatest number? An action is

morally right if the outcome is in good for

majority number of people.

27

Kohlberg’s Cognitive Moral Development Theory: Relativism (Individual Perspective)

There are three levels where each level is divided into two stages, giving six stages in total. Individual moves

from Level 1 to Level 3 as they get older. Most people (including business managers) found on Level 2.

Level Explanation Stages

Level 1: Pre-conventional

Individual shows concern for self-

interest and external rewards and

punishments.

1.1 Obedience & Punishment

1.2 Instrumental Purpose &

Exchange

Level 2: Conventional Individual does what is expected of them

by others.

2.3 Good Interpersonal Accord &

Relationships

2.4 Social Accord & System

Maintenance

Level 3: Post-conventional

Individual develops more autonomous

decision making based on principles of

right and justice.

3.5 Social Contracts & Individual

Rights

3.6 Universal Ethical Principles

Level 1: Pre-conventional:

1.1 Obedience & Punishment (Individual only think of themselves and see the consequences of an action

i.e. right or wrong as a reward or punishment to them.)

1.2 Instrumental Purpose & Exchange (Individual think of the effect of their action on other but to a

very limited extent. Individual particularly thinks how they would benefit personally from particular

course of an action. Actions are therefore taken from a through process of fairness and “what‟s in it for

me”)

Level 2: Conventional:

2.3 Good Interpersonal Accord & Relationships (Actions are defined by what is expected of individual

by their immediate peers and those close to them. Approval or disapproval by immediate circle

determines morally correctness.)

2.4 Law & Order, Social Accord & System Maintenance (Consideration of social accord is extended

further from immediate peers to include broader society. Here important is maintaining a structured and

functioning society and thereby acceptance of laws and regulations.)

Level 3: Post-conventional:

3.5 Social Contracts & Individual Rights (Right and wrong are determined by reference to basic right,

values and contracts of society from an individual own perspective or interpretation rather than following

rules. Any law against benefit of society must be changed but that change must be supported by

majority.)

3.6 Universal Ethical Principles (Individual make decision based on self-chosen ethical principles which

they believe everyone should follow. Here, laws are only valid if they are grounded in justice. Obeying

law is important but bad laws should be broken. Actions here are taken based on what is the right thing to

do no matter at personal cost and not because of expectation, agreement or requirement of law.)

Criticism Kohlberg’s Cognitive Moral Development Theory:

The theory is based on typical abstract principles of US males such as fairness, impartiality, rights, maintenance

of rules. A student of Kohlberg and Carol Gilligan would have liked to see ethic of care, with focus on empathy,

harmony and interdependence, not putting fairness and justice above the need to achieve peaceful settle of

problems.

28

Acceptability of solution does not necessarily depend on the method of reasoning. In fact, moral actions are not

necessarily always decided by formal reasoning.

Assuming individual development. Individuals make different decisions in different circumstances (they have

multiple ethical stances). Hence situational influences (issue-related factors such as moral intensity/magnitude

of consequences and moral framing/language and context related factors such as reward mechanism, authority,

organizational culture and national and cultural context etc.)

Positions on Social Responsibility by Gray, Owen & Adams: Relativism (Corporate Perspective)

Gray, Owen and Adams provide seven positions to view social responsibility;

1) Pristine Capitalist (Only shareholders‟ wealth maximization is everything. Any act of socially

responsibility that reduces shareholders wealth is destroying shareholder values and is beyond the

mandate being given to agents/directors.)

2) Expedients (Recognizing some social responsibility expenditure may be necessary to strategically

position an organization to maximize its profits. Therefore, some form of social responsibility can be

taken if it increases overall image or profitability.)

3) Proponents of Social Contract (Business enjoys a license to operate which is granted by society as long

as business acts in appropriate way, so businesses need to be aware of the norms acceptable by society.)

4) Social Ecologist (Recognizes that a business has social and environmental footprints, therefore it must

accept responsibility of minimizing footprints.)

5) Socialist (Actions of business are those of the capitalist class oppressing other class of people. Business,

therefore, should be conducted in a way to redress and reprimand imbalances or inefficiencies in society

and going beyond shareholders to stakeholders.)

6) Radical Feminist (Society and business should be based on feminine characteristics such as equity,

dialogue, compassion and fairness. It is argued that society and business are based on masculine values

representing aggression, power, assertiveness, hierarchy, domination and competitiveness.)

7) Deep Ecologist (Humans have no more intrinsic right to exist than any other species. It is argued that

just because humans are able to control and subjugate social and environmental systems does not mean

that they should. A full recognition of each and every stakeholder claims would halt the business to

continue as it normally does.)

Ethics in Exam: (Solving Ethical Dilemmas)

AAA Model: (FIN-ABCD)

The American Accounting Association Model was set out in a report by Langenderfer and Rockness in 1990

and as follows;

F – What are the FACTS of the case?

I – What are the ethical ISSUES in the case?

N – What NORM, principles and values are related to the case?

A – What is the ALTERNATIVE course of action?

B – What is the BEST course of action that is consistent with these norms, principles and values?

C – What are the CONSEQUENCES of each possible course of action?

D – What is the DECISION?

29

Tucker’s 5 Question Model:

Tucker‟s Model can be used to determine the most ethical outcome in a particular situation. The five questions

are as follows;

Profitable? (Criticism: compared with what? Are we discussing business or moral dilemmas?)

Legal? (Criticism: will depend on the relevant jurisdiction)

Fair? (Criticism: From whose perspective?)

Right? (Criticism: Deontological vs. Teleological Theories)

Sustainable? (Criticism: Will it harm or protect environment?)

Corporate Codes of Ethics:

Codes are formal documents containing a series of statements setting out the organization‟s values and

explaining how it sees its responsibilities towards stakeholders. The focus is on regulating individual employee

behavior.

Amongst the purposes served by such Code of Ethics includes; (SCRIC)

S – Succinctly establishing organizations values.

C – Conveying organizations values to stakeholders.

R – Reputation/promotion of business objectives.

I – Identifying stakeholder and promotion of stakeholder responsibilities.

C – Controlling/influencing individual‟s behavior.

For Code of Ethics to have a real impact, merely enacting them is not enough. The following also need to be

ensured;

The management‟s commitment.

Positively discouraging previous behaviors.

Educating staff on the need for the change.

Supplementing the code with detailed training and practical guidelines, with proper reporting

procedures.

Addressing inherent problems with the codes (inflexibility, lack of clarity, deemed irrelevancy, failed

role models etc.)

Professional Codes of Ethics:

The same principle of Rules Based vs. Principles Based applies to Professional Codes of Ethics as well. The

two main codes we need to consider are the “Code of Ethics & Conduct” issued by ACCA and “Code of Ethics

for Professional Accountants (2009)” issued by IFAC.

Among the fundamental principles are; (PICOP)

P – Professional competence and due care.

I – Integrity (straightforward and honest)

C – Confidentiality (unless disclosure is required by law/profession)

O – Objectivity (no biasness, conflict of interest or undue influence)

P – Professional Behavior (avoid any action that discredits the profession)

30

Both IFAC and ACCA identify the following ethical threats to compliance with the fundamental principles;

Self-Interest Threat

1) Financial interest (e.g. owning shares)

2) Close business relationships (partnership with client, distribution/marketing for clients etc.)

3) Employment with client (staff moving to client may result in him attempting to impress future

employer, partner becoming finance director means over-familiarity with audit firm‟s system – 2

years should pass before a partner may take up such employment, other staff should let the firm

know ASAP he becomes interested in employment with a client.)

4) Partner on client board (although secretarial services may be fine as long as purely administrative)

5) Family and personal relationship (appropriate disclosures requirements should be in place.)

6) Gifts and hospitalities (unless clearly insignificant)

7) Loans and guarantees (unless by a financial institution and on normal commercial basis)

8) Overdue fees (this amounts to extending loan to client)

9) Contingent/percentage fees.

10) High percentage of fees from one client/group. (generally, should not exceed 15% of firm‟s total

earned fee, but in cases of listed companies/public interest companies, the figure should be 10%)

11) Lowballing (quoting significantly lower fee than predecessor firm)

12) Recruitment (management decisions should not be taken by audit firm, although they may review a

shortlist prepared by the client.)

In many cases, materiality of the interest will have to be considered. Clearly insignificant interests do not pose a

threat. Where there is a risk, safeguards may include;

1) Disposing of the interest.

2) Removing the individual from team.

3) Informing the audit committee of the client.

4) Using independent partner (or professional) to review the work,

5) External/internal quality control review.

6) Modifying assurance plan/resigning.

7) Taking steps to reduce dependency on the client.

8) Consulting third parties such as ACCA.

9) Complying with all assurance standards.

Self-Review Threat

This threat may arise mainly due to multiple services that assurance service providers may offer (e.g.

book-keeping, valuation, actuarial services, internal audit, management functions, legal services, human

resources and designing and implementation of financial information systems). Sarbane-Oxley rules

prohibit these, through many are generally allowed in UK with suitable safeguards. Other services

include IT services, temporary staff cover and legal services etc.

The rules mainly deal with public listed companies and public interest companies i.e. companies which

due to their size, nature or product are in the public eye.

This threat may take the following forms:

1) Recent services with assurance client.

31

2) Preparing accounting records/financial statements or preparing source documents/changing journal

entries (as opposed to assisting management with preparation thereof and giving general advice etc.)

3) Valuation services where valuation is material to the financial statements. Clients must always

understand valuation and assumptions used and acknowledge responsibility for valuation.

4) Corporate finance services. (no promotion, dealing in or underwriting of client‟s shares, no binding

of client and no management decisions on behalf of the client.)

5) Provision of tax advice is generally not considered a threat. Same with internal audit (except in

USA) as long as the client acknowledges its responsibility for establishing, maintaining and

monitoring the system.

Advocacy Threat

The obvious example of this threat is when the client is offered legal advice, but other examples include

advising on debt reconstruction and negotiations with a bank on behalf of the client.

The firm should determine the materiality of the risk and ideally use different departments for these

services. Disclosures to client‟s audit committee should also be considered. Where the risk is too high,

withdrawal from engagement may be the only option.

Familiarity Threat

Familiarity may arise due to family/personal relationship with client, employment/recent services with

assurance client, or long association with client. Staff rotation, second partner review and independent

quality control review are the relevant safeguards.

Intimidation Threat

Intimidation may involve actual or threatened litigation or second litigation. In case of the latter, the

second firm cannot give formal audit opinion (as only the appointed auditor can do that), but the fear for

the first firm will be to lose the client to the second firm for the following year. In any event, the second

firm should seek the first‟s permission before taking on the work and must ensure it has all the

information to give the opinion.

Ethical safeguards against the threats are also covered by both IFAC and ACCA. Such safeguards may be

professional/legal or internal to the firms.

Amongst professional/legal safeguards include;

Educational training and experience requirements.

Continuing professional development requirements.

Corporate governance regulations.

Professional standards.

Professional/regulatory monitoring and disciplinary proceedings.

Accountancy Profession & Public Interest:

IFAC‟s Code of Ethics defines professionalism in terms of professional behavior. Professional behavior

imposes an obligation on professional accountants to act in the public interest. They should comply with

relevant laws and avoid any action that may discredit the profession. Public interest is the collective well-being

32

of the community of people and institutions that the professional accountant serves. These are who matter and

not individual client/employer.

Attributes of a modern professional include: maintaining confidentiality, upholding ethical standards, preparing

(and interpreting) financial information and statements, communicating effectively and managerial skills.

Critics have maintained that the accountant‟s definition of public interest is too closely tied with their own self-

interest. The objection is that this model leads to accountant being seen as a servant of capital. It results in lack

of equality, fails to increase social welfare or equally distribute maximized profits, does not address

environment all concerns and focuses narrowly on utilitarianism. It is also said that the rules are too passive,

lacking a positive duty to detect and report fraud, prefers client confidentiality over disclosure in public interest

and provision of non-audit services etc.

Threat for Employee Accountant:

There may be inevitable conflicts for an employee accountant in the following areas:

1) Confidentiality (note the accountant‟s duty, in the public interest, to report an errant employer)

2) Interest served (accountant has a duty to wider stakeholders group)

3) Organizational vs. Professional Norms

4) Requirements for obedience

The main threat is pressure from employer to act contrary to law or technical/professional standards or to

mislead auditor etc. Lack of time, lack of information, insufficient training/experience and inadequate resources

are other factors leading to threats, as are financial interests (inside information).

Safeguards include using formal procedures within the organization, consultation with ACCA or lawyers and

disclosures where relevant. Finding sufficient time and expertise/training will also help in certain cases.

Bribery & Corruption:

Bribery is the offering, giving, receiving or soliciting of any item of value to influence the actions of an official

or other person in charge of a public/legal duty. Corruption is deviation from honest behavior and includes not

just bribery but also abuse of a system, bid rigging and cartels etc.

Failing to report bribery is also an offence now under three Bribery Act 2011. Organizations are liable if their

employees pay bribe (unless they can show adequate procedures to prevent bribery were in place)

Bribery leads to lack of honesty, good faith and to conflict of interest (personal gain/exposure vs. duty),

misallocation of resources threatening fair market. Facilitation payments need to be carefully considered to

ensure bribe is not paid.

The UK guidance setting up adequate procedures is based on 6 principles;

1) Proportionate procedures (risk, nature, size and complexity of risk/business)

2) Top level commitment

3) Risk assessment (certain businesses/countries are more prone)

4) Due diligence

33

5) Communication (embedding awareness through formal and unambiguous statements with zero tolerance

policy, general and specific training, anti-bribery codes, strong internal controls and effective whistle

blowing/disclosures arrangements)

6) Monitoring and review (risk is dynamic)

Corporate Social Responsibility (CSR):

CSR refers to organizations considering and managing their impact on variety of stakeholders including; local

community, environment, customers, suppliers, shareholders, employees etc. A corporation is an artificial

person in law and therefore it has same rights and responsibilities as of human beings.

According to Carroll, “CSR encompasses the economic, legal, ethical and philanthropic expectations placed

on organizations by society at a given point in time.”

Corporate Citizenship:

Corporate Citizenship is the business strategy that shapes the vales underpinning a company‟s mission and the

choices made by its officers as they engage with society. Three core principles are minimizing harm,

maximizing benefit and being accountable and responsive to stakeholders.

Corporate Citizenship has also been criticized as bringing in consideration that interfere with free market

notion. Economic self-interests, it is said ,ensures maximum economic growth and hence maximum social

welfare.

Social/Environmental Effects of Economic Activity:

While businesses can certainly have positive effects, the adverse effects include depletion of natural resources,

noise and aesthetic impacts, residual air and water emissions, long-term waste disposal, uncompressed health

effects and change in the local quality of life.

Sustainability:

Sustainability is about only using resources (inputs) at a rate that allows them to be replenished and confining

emissions (outputs) of waste to levels that do not exceed the capacity of the environment to absorb them. In

other words, sustainability is not a fixed state of harmony but a process of change in which exploitation of

resources is consistent with future as well as present needs.

This concept of needs was central to the UN World Commission on Environment and Development, the report

stated that what was required was political, economic, social, production, technological, international and

administrative systems.

Sustainability raises obvious questions such as;

For whom should we sustain? (humans, other species, future generations)

How should we sustain? (social, environmental, economic sustainability)

How long should we sustain and at what cost? (compensation vs. preservation)

Week sustainability proponents argue that sustainability should only be about human beings and that natural

environment can be considered as a resource. They do however accept that a better mastery of natural resource

should be pursued. Supporters of strong sustainability, however, advocate far more fundamental changes they

34

want sustainability for all species and want a complete re-think of how man sees economic growth. They are for

preservation rather than compensation.

Reporting:

Global Reporting Initiative (GRI) is a reporting framework aiming to develop transparency, accountability,

reporting and sustainable development. Reporting on SEE (social, environmental, economic) importance should

be routine, comparable to financial reporting (triple bottom line: people, planet, profit – or TBL/3BL).

The advantages of these special reporting are better risk-management, reduction in environmental footprint and

favorable publicity, but the disadvantages include higher cost, vagueness, confusing signals and

misunderstandings.