p1 Notes

KNOWLEDGE SUMMARY
SEPT./DEC. 2017
Key Concepts for P1
Private and institutional shareholders
Shares in public listed companies are held by a range of individuals and institutions. In most stock exchanges, it is
convenient and relatively cheap to buy or sell shares (usually on an internet-based application) and many
individual people often buy and sell shares in companies in this way.
A second type of shareholder is the institutional shareholder. This is an organisation, rather than an individual, and
accordingly, the number of shares held is usually much higher than individual private shareholders hold. Some
investors buy shares directly in companies through the stock exchange whilst others purchase a small part of a
larger fund. Institutional shareholders tend to be large financial institutions with large capital sums and include
pension funds, insurance companies, banks, and specialised investment companies. They have many clients buying
into a certain fund and this fund is then managed in some way with the agreement of the clients who have placed
money into that fund. The fund attracts a management cost (to pay for the transactions and the fund management
costs) which is deducted from the gains (or losses) made.
Corporate governance
A set of relationships between a companys directors, its shareholders and other stakeholders.(OECD)
Corporate governance is the system by which organisations are configured, co-ordinated and controlled. This
usually involves the characteristics of leadership, the structures, particularly at board level, to help facilitate
desirable outcomes, and the behaviours of senior management in the pursuit of those outcomes.
Agency relationship
Agency relationships underpin any governance situation, in which there is a separation of ownership and control of
an organisation. Agency involves two parties: the principal and the agent. In most situations, the agency is the
director responsibility for the performance of the organisation and this party reports to the principal in a fiduciary
relationship. The principal is the shareholder in the case of a public company but this is less straightforward in
public sector organisations, involving taxpayers and a hierarchy of public sector servants who intermediate on
behalf of the state and the taxpayer.
Page 1 of 110
Types of Organisations
1. Private/listed/quoted/ floated/public companies

- For profit origanisations
- Often categorized as 1st sector origanisations
2. Public sector organizations/ state controlled
- Goods/services that CANNOT be or SHOULD NOT be provided by for profit organizations

- Often categorized as 2nd sector origanisations
Public sector organisations can be at various levels:
At National level:
- Based in capital city; divided into Central Government departments such as treasury, interior department,
foreign office, defence, education.
- Led by a political minister of governing party.
- Ministers are advised or helped by civil servants/ permanent government employees
At Sub-national level (below national)
- Some countries are sub-divided into regional authorities/ regional assemblies/ states/ municipalities/
local authorities/ department (whatever term used!)
- Selected powers given by national government due to belief that these areas are best handled by local
people, due to knowledge, efficiency or cost effectiveness E.g. panning of roads, new housing permission,
utilities, local schools, rubbish collection etc.
- Led by elected representatives and advised by permanent officials/civil servants
Supranational
- A multi-national organisation where power is delegated to the organisation by the government of

member states. E.g. European Union, World Trade Organisation, World Bank
3. Charities and NGOs
- Not make profit; not deliver services on behalf of the state.

- Provide benefits that cannot be easily provided by profit making or public sector organizations
- Often categorized as 3rd sector organisations
Page 2 of 110
The following discussion (for the three types of organisations above) is very important for P1!
Strategic Objective
Public companies Public sector organisations Charities/NGOs
- Primarily to make a - Concerned with social - Support the charitable

financial return for the purposes and delivering cause for which the
investors (shareholders) their services efficiently, organisation was set up. It
effectively and with good is likely to be a social or
- Value is added by the value for money. benevolent cause and
creation of shareholder funds are donated
wealth and this is specifically to support that
measured in terms of cause.
profits, cash flows, share
price movements and
price/earnings
Agency Relationship
Principal: Shareholders/Investors Principal: Taxpayers and service Principal: Donors

users
Agent: Directors Agent: Trustees
Agent: Government officials
Fiduciary duty: Fiduciary duty: Duty to the donors-
Fiduciary duty: Duty to the benefit ensure funds spent for the
Act in Principals economic of society rather than just a duty to benevolent purpose of the charity.
interest; one particular party
transparency in
communication;
avoid conflict of interest
(director owes a duty to all
shareholders not to place
him/herself in a situation
where personal self-
interest conflicts with the
interests of the company,
and its shareholders.
Conflict of interest is when
ones personal interest is at
variance with ones
professional duty of care.)
Page 3 of 110
Governance
Regulations: Company law, listing There is no single way in which NGOs and charities may have an
rules public sector organisations are executive and non-executive board,
governed. but these are subject to a higher
Governance: Formal governance board of trustees whose role it is to
arrangements ( BOD, General Public sector organization tend to ensure that the NGO or charity
meetings etc.) be highly bureaucratic. operates in line with its stated
purpose or terms of reference.
Charities receive recognition by a

countrys charity authority to
operate and they then
receives the concessions that
charitable status gives (favourable
tax treatment and different
reporting requirements) depending
upon the countrys rules, they may
be subject to audit and have some
reporting requirements
Accountability
Directors, individually and Accountability is gained in part by In a charity, the operating board is
collectively, have a duty under having a system or reporting and usually accountable to a board of
corporate governance to provide oversight of one body over others. trustees. It is the trustees who act
entrepreneurial leadership and run Because there is no market as the interpreters and guarantors
the company to the betterment of mechanism of monitoring of the fiduciary duty of the charity
the shareholders. performance, other ways must be (because the beneficiaries of the
found to ensure that organisations charity may be unable to speak for
The agents are granted both achieve the objectives and service themselves).
expressed and implied authority to delivery targets established for
deal with third parties on behalf of them. The trustees ensure that the board
their principal, and they are held is acting according to the charitys
accountable under corporate In some cases, then, a head of stated purposes and that all
governance for their actions and service or a board of directors must management policy, including
outcomes. report to an external body of salaries and benefits, are consistent
oversight. with those purposes.
Oversight bodys role is to hold the
management of the service to
account for the delivery of the
public service and to ensure that the
organisation is run for the benefit of
the service user
Page 4 of 110
Performance measurement
Market mechanism for performance Financial measures are only one Value for money ( The 3 Es).
measurement (i.e the share price). type of many other relevant
objectives including the availability
Relatively straightforward financial and quality of service delivery.
measures are usually good signifiers
of success or failure- for example, Because public sector objectives are
return on equity or return on sales, often challenged by a range of
efficiency measures and different stakeholders in society,
productivity measures. public sector outcomes are often
expressed in terms of value for
money or in the delivery of public
services such as the provision of
public housing, health services,
refuse collection, provision of jobs
or learning opportunities.
The 3 Es framework is a way in

which public sector objectives can
be considered, with the 3 Es
referring to the efficiency of the
local authority, its effectiveness and
its economic performance.
Economy: Budget & Time
Efficiency: Acceptable return on

money/ resources invested in a
service (Efficiency is about
delivering outputs for a set level of
income, with efficient organisations
delivering more on a given level of
input than less efficient ones.)
Effectiveness: Extent to which an

organisation delivers what it
intended to deliver (must deliver its
required services to a high quality
and meet the expectations of
service users.)
Page 5 of 110
Focus of Corporate Governance
(Corporate Governance is the system by which organisations are configured, co-ordinated and controlled)
Focus on: Focus on: Focus on:
- delivering acceptable long- - balancing the quality and - Ensuring the funds are
term economic returns to effectiveness of service spent for the benevolent
investors. delivery with cost purpose of the charity.
- alignment of directors constraints.
remuneration with
shareholder priorities
- enforcement of
professional and ethical
behaviour to maximise
investor confidence.
Stakeholders
Stakeholders in a business often Taxpayers have different objectives Most stakeholders in a charity have
have an economic incentive to and views but do not have a choice claims more concerned with its
engage with the organisation. in paying tax. benevolent aims.
Society typically expects a business Assessment of validity of A charitys social acceptability is tied
to be efficient in order to be stakeholder claims depends on up with the charitys achievement of
profitable so that, in turn, it can political stance of the existing benevolent aims.
create jobs, wealth and value for government!
shareholders. Society expresses its
support for a business by
participating in its resource or
product markets, i.e. by supplying
its inputs (including working for it or
buying its products)
Page 6 of 110
The concepts underpinning governance
Corporate governance is based on a series of underlying concepts
Fairness: It suggests that a business respects the rights and views of all stakeholders with legitimate interests. To
be fair is to recognise many interests and to weigh each one against others in an equitable and transparent way.
Transparency: This is the important quality of governance which specifies that companies should disclose all
material information to shareholders and others unless there is a valid and defensible reason to withhold it. It
implies a default position of disclosure over the concealment of information.
Independence: Objectivity is a state or quality that implies detachment, lack of bias, not influenced by personal
feelings, prejudices or emotions.All those in a position of monitoring should be independent of those/what they
are monitoring. It requires an action to be based on objective criteria which service the interests of the firm, its
shareholders and other legitimate stakeholders.
Non-executive directors should be independent of the executive directors, and of company operations as
their role is to monitor performance.
External auditors should be independent of the company, especially its accounting department and
processes.
Internal auditors should be independent of the company, as they are likely to be involved in monitoring
systems throughout the companys operations.
Honesty: This is not just telling the truth, it also means finding out the truth, not ignoring it and not turning a blind
eye. Overall, corporate governance involves organizations being transparent and honest in all their dealings, be it
customers, suppliers, investors, employees or any type of stakeholder and shareholder. Honesty is important in
building stakeholders confidence that their interests are protected. Probity means honesty and making decisions
based on integrity.
Probity: Probity means honesty and making decisions based on integrity. Probity is a fundamental corporate
governance principle and is concerned with telling the truth and thereby not misleading shareholders or any other
stakeholders. For an individual, it suggests that they should act ethically with integrity, by always conducting their
business dealings in an honest and straight forward manner.
Responsibility: Responsibility means to accept liability for ones actions. This liability relates to an acceptance of a
penalty that is deemed necessary in order to atone or pay for the action carried out. Responsibility also relates to
accepting a duty to act on behalf of an external party Directors should understand and accept their responsibility
to shareholders and other stakeholders. They should act in their best interests and be willing to accept the
consequences if they fail in this responsibility.
Accountability: Directors must be willing to be held accountable for their actions so they must accept
responsibility for the roles entrusted to them. Accountability is a key relationship between two or more parties. It
implies that one party is accountable to, or answerable to, another. This means that the accountable entity can
reasonably be called upon to explain his, her or its actions and policies.
Page 7 of 110
Reputation: Reputation concerns the perceptions with which an organisation is viewed by a range of stakeholders.
A strong reputation, perhaps for service delivery and robust governance, can be a strategic asset, whilst a weak
reputation can be a strong disadvantage. Reputation is one of the important underlying principles in corporate
governance. Because there is a separation of ownership and control in many organisations, the reputation which
the management of an organisation enjoys with its principals is important in directors or trustees being given the
licence to manage the organisation as they see fit, for the long-term strategic benefit of the principals. Reputation
is also important for the positioning of an organisation in its environment in terms of societys trust in the
organisation as a buyer, supplier, employer, etc.
Judgment: Because corporate governance is based on decision-making, the ability to make sound and balanced
judgements is an important underlying principle. In many cases, judgement is the ability to decide between two
credible courses of action, and making finely-tuned calculations in so doing. The decision-makers personal
attitudes to risk, ethics and the timescale of likely returns are likely to be important factors in how a person judges
a given decision.
Integrity: This is quite a general term and has a crossover with some of the other terms above. Integrity means
honesty, fair-dealing, presenting information without any attempt to bias opinion and in a more general sense
doing the right thing.
Integrity goes beyond honesty and the law and brings moral and ethical issues into play. Cadbury Report
Summary: Integrity means straightforward dealing and completeness. What is required for financial reporting is
that it should be honest and should present a balanced picture of the state of the companys affairs. The integrity
of reports depends on the integrity of those who prepare and present them At times accountants will have to use
judgment or face a situation which is not covered by regulations or guidance and on those occasions integrity is
particularly important.
Innovation: this means discovering new idea, developing them and commercializing them for profit. This requires
long term commitment of resources .Although innovation is risky, it is necessary for the business to grow and
compete successfully.
Skepticism: this means a critical assessment of information, challenging information and being alert to possibilities
of manipulation/fraud.
Page 8 of 110
The Board of Directors
Executive directors are full time members of staff, have management positions in the organisation, are part of the
executive structure and typically have industry or activity-relevant knowledge or expertise, which is the basis of
their value to the organisation.
Non-executive directors are engaged part time by the organisation, bring relevant independent, external input and
scrutiny to the board, and typically occupy positions in the committee structure.
Non-Executive Directors (NED)
The board should consist of a balance of executive and non-executive directors and should be of sufficient size that
there is a balance of skills and experience in order to effectively manage the company.
Roles of NEDs
Higgs Report: Summary of the role of non-executive directors
1. Strategy: as part of the board, they assist with determining the strategy of the company. It is likely that
this is led by the executive directors but NEDs are involved in this process by challenging strategy and
questioning other options before the strategy is implemented.
2. Performance: NEDs should scrutinize the performance of the executive directors in meeting goals and
objectives. The NEDS lead the process of replacing and recruiting directors through the nomination
committee.
3. Risk: NEDs should satisfy themselves that the financial information is accurate and the financial controls
and risk management systems are effective. They play a role in ensuring that the companys systems of
financial reporting, internal control and risk management are operating satisfactorily through the audit
committee.
4. People role:
a) Directors and managers: NEDS are responsible for determining appropriate levels of remuneration for
executives and are key figures in appointment and removal of senior managers and succession
planning
b) Shareholders: should take responsibility for shareholders concerns and attend regular meetings with
shareholders.
Page 9 of 110
Independence
NEDs operate as a corporate conscience and therefore need to be independent.
1. They should not have been an employee within the last five years.
2. No business, financial or other connections with the company during the past few years (again, the period
varies by country). This means that, for example, the NED should not have been a shareholder, an auditor,
an employee, a supplier or a significant customer.
3. They should not have any family members in senior positions at the company.
4. Any NED who has been on a board for more than nine years is assumed to no longer be independent.
(Directors appointments are voted on by shareholders on a three-yearly cycle, so nine years is relevant as
it gives three terms as a director).
5. NEDs are only remunerated with a fee for director duties no profit share or share options.
6. They cannot hold cross-directorships This term is used to explain a potential relationship between the
executive directors of two companies. It occurs when an executive director of one company operates as a
non-executive in another company, and there is an identical reciprocal arrangement. Hence the directors
are non-executives in each others companies. This being the case, both directors are in a position to
influence the others executive rewards assuming they are both serving members of the remuneration
committee (as is common for all non-executive directors).
7. NED contracts sometimes allow them to seek confidential external advice (perhaps legal advice) on
matters on which they are unhappy, uncomfortable or uncertain.
NEDs with experience from the same industry NEDs with experience from a different industry
- higher technical knowledge of issues in that -a fresh pair of eyes to a given problem
industry -a lack of previous material business relationships will usually
- a network of contacts mean that a NED will not have any previous alliances or
- an awareness of what the strategic issues prejudices that will affect his or her independence
are within the industry -they will be lesser biased towards people, policies and
- might reduce the NEDs ability to be practices in that industry
objective
Page 10 of 110
Disadvantages of NEDS
May lack independence
May have difficulty imposing their views upon the board. Some NEDs are too willing to accept what
the executives tell them. There is still the problem that executive directors are really the only ones
that know exactly what is happening at the company.
High caliber NEDs may go to best run companies rather than the ones which are in more need of
input from good NEDs.
They can damage company performance by weakening board unity, stifling entrepreneurship and
concentrating on matters other than maximization of financial performance.
Having additional directors increases the size of the board of directors as at least half of the board
must be independent non executives. This will increase costs and may slow down decision making as
they may challenge every decision made by the executives.
As they do not work full time for the company, they may only spend limited time there. It is
debatable how much they actually know about the company and how much they can add value.
Chairmans responsibilities
The overall responsibility of the chairman is to:
With regards to protecting The chairman represents the company to investors and other outside
shareholders interest stakeholders/constituents.
communication with shareholders. This occurs in a statutory sense in the
annual report (where, in many jurisdictions, the chairman must write to
shareholders each year in the form of a chairmans statement) and at annual
and extraordinary general meetings.
With regards to BODs ensure there is a balance in the board ( between the number of EDs and
effectiveness NEDs excluding the Chairman and in the skills of the board)
ensure the existence and effective composition of the four sub-committees
facilitating good relationships between executive and non-executive directors
Lead in induction program for new directors
Lead in board development
Facilitating board appraisal
With regards to BODs setting the boards agenda and ensuring that board meetings take place on a
communication regular basis.
Internally, the chairman ensures that directors receive relevant information
in advance of board meetings so that all discussions and decisions are made
by directors fully apprised of the situation under discussion
Ensure no dominant individual dominates the discussions.
Page 11 of 110
CEO's responsibilities ( responsible for all aspects of operations)
The overall responsibility of the CEO is to:

To develop and implement policies and strategies capable of delivering superior shareholder value and to
assume full responsibility for all aspects of the companys operations
implement the decisions of the board. This means that the various divisions and/or departments in the
organisation must work out the strategies agreed, and the CEO must configure and co-ordinate the business to
achieve these.
Manage the financial and physical resources of the company
Monitor results: the CEO has to analyse the performance of all parts of the business in terms of each ones
contribution to strategy and its fit with the rest of the organisational structure
Ensure that effective operational and risk controls are in place
Overseeing the management team, co-ordinating the interface between the board and the other employees in
the company
Relate to a range of external parties including the companys shareholders, suppliers, customers and state
authorities
Splitting the role of CEO & Chairman

'A clear division of responsibilities must exist at the head of the company. No individual should have unfettered
power of decision.'
Reasons for splitting the role

Representation: the chairman is clearly and solely a representative of shareholders with no conflict of
interest having a role as a manager within the firm.
Accountability: the existence of the separate chairman role provides a clear path of accountability for the
CEO and the management team.
The chairman provides a channel for the concerns of non-executive directors who, in turn, provide an
important external representation of external concerns on boards of directors.
Having the two roles separated reduces the risk of a conflict of interest in a single person being
responsible for company performance whilst also reporting on that performance to markets- The removal
of the joint role reduces the temptation to act more in self-interest rather than purely in the interest of
shareholders.
The chief executive can fully concentrate on the management of the organisation without the necessity to
report to shareholders.
No unlimited power/unfettered powers with one person therefore greater transparency.
Page 12 of 110
Reasons against splitting the role
Unity: the separation of the role creates two leaders rather than the unity provided by a single leader.
Ability: both roles require an intricate knowledge of the company. It is far easier to have a single leader
with this ability rather than search for two such individuals.
Human nature: there will almost inevitably be conflict between two high powered executive offices.
NOMINATION COMMITTEE-ROLES
1. Oversees board appointments to maintain a balance in the board.
2. Establishes desirable size of the board(bearing in mind the current and planned size and complexity of the
operations
3. It needs to consider a balance between executives and independent NEDs And skills, knowledge and
expertise of the current board
4. It considers the need to attract board members from diverse backgrounds (diversity in the board)
5. Succession planning: It acts to meet the needs for continuity and succession planning, especially among
the most senior members of the board. CEO succession: The search for a potential replacement CEO
begins immediately after a new CEO is appointed!)
6. Arranges induction training of all directors
7. Arranges CPD activities for all directors
Page 13 of 110
REMUNERATION COMMITTEE-ROLES
1. Determines remunerations policy on behalf of the board and the shareholders(pay scales applied to
directors packages, the proportions of different types of reward within the overall package and the
periods in which performance related elements become payable)
2. Makes individual directors packages (ensure fair but not excessive-Contents of the package have been
discussed separately later)
3. It reports to the shareholders on the outcomes of their decisions, usually in the corporate governance
section of the annual report (usually called Report of the Remunerations Committee). This report, which is
auditor reviewed, contains a breakdown of each directors remuneration and a commentary on policies
applied to executive and nonexecutive remuneration.
4. They may also be asked to make severance packages.
5. Where appropriate and required by statute or voluntary code, the committee is required to be seen to be
compliant with relevant laws or codes of best practice.
Remuneration package
Market rate
The market rate for a reward is the equilibrium point at which supply and demand curves intersect. This is the
price which matches both the supply of suitable candidates for the position and the price which employers are
willing to pay for the job.
Because the shape and position of supply and demand curves differ between jobs (in other words, the supply of
candidates and the willingness to pay varies so much), market rates vary a great deal for different types of jobs.
This is why some senior positions attract a very high level of reward and others less so.
The market rate often expresses itself as the natural rate for a given job. It is generally understood, for example,
that the market rate for an office cleaner is lower than that for a qualified accountant or a medical doctor. This is
because of the supply and demand characteristics, as well as the years of professional training, for those jobs.
Key points to consider:

- Remuneration should be sufficient to Attract, Retain and Motivate
- No individual should have a say in setting his/her own remuneration
- DO NOT reward for failure
Page 14 of 110
Components of an EDs remuneration package
Basic salary When setting a directors salary, the remuneration committee should consider what
other directors doing similar jobs in similar setting are getting paid.
Performance-related Directors bonus schemes can be useful as a motivating tool. They are a means of
elements ensuring that directors are working towards the companys objectives. For example, if
the company is trying to grow, then a bonus scheme should be set up to reward
directors for company growth.
Bonuses are often given for increased profits, increased market share, increased sales,
reduced costs, increased margins and so on. However, bonuses could also be given for
non-financial measures, for example, reducing employee turnover or better customer
service or environmental targets such as reducing pollution. This may avoid the focus
on inflating short-term profits.
Bonus schemes tend to be short term in nature and focus on one financial year. This
may not be sufficient a time frame for the directors to achieve what shareholders want
them to.
Share options - Share options are contracts that allow the executive to buy shares at a fixed price
or exercise price.
- If the stock rises above this price the executive can sell the shares at a profit.
- Share options give the executive the incentive to manage the firm in such a way
that share prices increase, therefore share options are believed to align the
managers' goals with those of the shareholders.
Benefits in kind/perks The remuneration committee should consider the benefit to the directors and the cost
(transport, health to the company of the complete package.
provisions, holidays,
loans)
Retirement benefits All awards are ultimately given by the shareholders and should be viewed in relation to
performance achieved by the director. A retirement benefit such as lifetime use of the
company plane or a sizeable pension payout could be awarded.The company makes
payments into directors pension schemes so on retirement the director will have an
income.Usually contributions are a fixed percentage of the directors salary. The
Combined Code suggests that only a directors basic salary is pensionable.
COMPENSATION
In some situations a directors contract will be terminated before the end of its term. This may be the case if a
director is not performing as the company would expect. The Combined Code states that a company must consider
the compensation commitments if this were to happen. There have been many cases in the past where poorly
performing directors have received large payouts when their contracts have been terminated and companies must
avoid rewarding poor performance. The notice period of a directors contract should be set at one year or less.
Page 15 of 110
Why do shareholders support a link between rewards and performance?
The agency problem is reduced when the interests of directors and shareholders are aligned. One way of doing this
is to make the rewards of directors linked to the performance of the business they are managing. Shareholders
tend to prefer this approach for several reasons.
It motivates the directors in that they make more income (usually in performance bonuses or share options) when
the company does well. Typical measures upon which performance bonuses are based include return on equity or
performance based on the nature of the companys operations such as sales, internal control compliance or other,
context-specific measures. In each case, improvement is in line with the interests of shareholders in creating
shareholder value.
It encourages directors to think about creating shareholder value, as it is this which provides directors with higher
bonuses or the maximisation of the value of share options. This includes retaining talent, operating efficiently in
resource markets and innovating to produce efficiencies and controlling internal activities. Any increase in
organisational efficiency or effectiveness will serve the interests of shareholders and also potentially add to the
bonus for the director and, accordingly, performance-related rewards serve the interests of both shareholders and
directors.
It makes directors more accountable to shareholders. The issue of how directors remain strongly accountable to
shareholders is one of the key challenges in corporate governance. By forcing directors to create shareholder
value, the accountability link is strengthened as they are motivated to think in terms of maximising shareholder
value. Directors are less likely to behave in ways which reduce shareholder value, and are more likely to think
about how to maximise their own value to shareholders.
Appointment of Directors
Directors can be appointed to the board by the following means:

1. by resolution of the companys members for listed companies this will usually be at the AGM;
2. by resolution of the directors the companys articles of association will usually empower the directors to
appoint a new director to fill a vacancy or act as an additional director. This can be useful if a director leaves
unexpectedly, but for listed companies the appointment is only until the next AGM when the directors
appointment can be approved by members;
3. by resolution following direction from the Secretary of State this intervention would only occur if a company
did not have one director or a public company did not have at least two directors.
Page 16 of 110
Retirement by rotation
Retirement by rotation is an arrangement in a directors contract that specifies his or her contract to be limited to
a specific period (typically three years) after which he or she must retire from the board or offer himself (being
eligible) for re-election.
The director must be actively re-elected back onto the board to serve another term. The default is that the director
retires unless re-elected.
Removal of Directors
A director may leave office in one of the following ways:

1. removal by the members of the company the members of a company can remove a director by passing an
ordinary resolution. This must be done at general meeting of the company and special notice (28 days) must
be given of the meeting;
2. resignation a director may terminate their employment by formally giving notice to the company;
3. cessation of office under terms of the companys constitution there may be some circumstances where a
director must vacate their position. For example, if the director is bankrupt or disqualified from holding office.
DISQUALIFICATION OF DIRECTORS
Directors may be disqualified from acting as a director in the following circumstances:
a director has been convicted of an offence in connection with the promotion, formation, management or
liquidation of the company;
a director has been persistently in default with regard the Companies Act provisions relating to the submission
of accounts or annual returns;
where a director has been found guilty of fraudulent trading on the winding up of a company, or guilty of
fraud in relation to the company;
where a director has been convicted of an offence following the contravention of any requirement to file
returns, accounts or documentation with the Registrar of Companies;
When a company has gone into liquidation and an application has been made to the Secretary of State on the
grounds that conduct renders him/her unfit to be concerned in the management of a company;
Where an application to disqualify is made by the Secretary of State on the grounds of unfitness following a
report made on the company by official inspectors.
Page 17 of 110
Conflicts of interests
Company directors have a fiduciary duty to act in the best interests of the shareholders who have appointed them
to their position. They act as agents of the shareholders [the principals], and as such are delegated the power and
authority to make decisions which will ultimately increase shareholder value over the longer term. A director owes
a duty to all shareholders not to place him/herself in a situation where personal self-interest conflicts with the
interests of the company, and vicariously its shareholders.
Conflict of interest is when ones personal interest is at variance with ones professional duty of care.
In the context of corporate governance, directors must avoid the temptation to be influenced by factors which
might not be in the best interests of the company. This could include:
obtaining some personal advantage by virtue of their position as director, possibly to the detriment of the
company;
avoiding the influence of external parties, such as from a cross-directorship, when this comes into direct conflict
with the best interest of the company; and
directors contracting with their own company, except where permitted by the articles of association and where
the directors interest is fully disclosed.
Insider Dealing
Insider dealing (also called insider trading) is the buying or selling of company shares based on knowledge not
publicly available.
Directors are often in possession of market-sensitive information ahead of its publication and they would
therefore know if the current share price is under or over-valued given what they know about forthcoming events.
Why is insider trading unethical and often illegal?
By accepting a directorship, each director agrees to act primarily in the interests of shareholders. This means that
decisions taken must always be for the best long-term value for shareholders. If insider dealing is allowed, then it is
likely that some decisions would have a short-term effect which would not be of the best long-term value for
shareholders.
There is also the potential damage that insider trading does to the reputation and integrity of the capital markets
in general which could put off investors who would have no such access to privileged information and who would
perceive that such market distortions might increase the risk and variability of returns beyond what they should
be.
Page 18 of 110
Performance appraisal of the board
Appraisal should be carried out once a year and measured against the following criteria
- performance against objectives

- contribution to development strategy
- contribution to effective risk management
- contribution to development of corporate philosophy (values, ethics, social responsibilities)
- appropriate composition of boards and committees
- responses to problems or crises
- quality of information
- fulfilling legal requirement
Positive Aspects of Performance Evaluation
Performance evaluation demonstrates to shareholders that the board takes their responsibilities
seriously. It should provide confidence that the boards are monitoring the extent to which they are
meeting their duty of care and skill and are operating effectively.
It can lead to the introduction of new ideas through new executive and non executive membership and
lead to the realization that change is necessary to continue serving shareholders in an appropriate way.
Performance evaluation also helps to justify the pay of board members by demonstrating the level of
effort put into their work
Performance evaluation will also highlight any training needs of the directors which can then be
implemented to strengthen the skills of the board.
Performance evaluation also sets the same standard for the board as exists for members of staff. The use
of performance evaluation is widespread in large businesses and as such, in order to ensure buy in at
lower levels, should be demonstrated as important through the spine of the company right to the very
top.
Criticisms of Performance Evaluation
Board evaluation may be considered to be unnecessary if the company is performing well since its
performance can be seen in the continued success of the business.
Another argument against its use at this level is that the board is evaluating itself and will not be self
critical. This leads to a rubber stamp approach to the process.
It is also argued that performance evaluation is simply a bureaucratic cost and a necessary form of
compliance and should not be given any credibility beyond this. By the same token it could be argued that
any adherence to corporate governance requirements is simply a compliance issue without any intention
to have a practical impact on the board role.
Page 19 of 110
Induction of Directors
Induction is a process of orientation and familiarisation that new members of an organisation undergo upon
joining. It is designed to make the experience as smooth as possible and to avoid culture or personality clashes,
unexpected surprises or other misunderstandings.
The chairman should ensure that new directors receive a full, formal and tailored induction on joining the board.
If a non-executive director is joining the board, the company should invite major shareholders to meet the
director.
Objectives of induction
enable the new director to become familiar with the norms and culture
To give the directors an understanding of the nature of the company and its business model
To communicate practical procedural duties to the new director including company policies relevant to a new
employee
To reduce the time taken for an individual to become productive in their duties.
To help them gain an understanding of key stakeholders and relationships including those with auditors,
regulators, key competitors and suppliers
To establish and develop the new directors relationships with colleagues, especially those with whom he or
she will interact on a regular basis. The importance of building good relationships early on in a directors job is
very important as early misunderstandings can be costly in terms of the time needed to repair the
relationship.
Elements of induction training
Brief outline of the role of a director and a summary of responsibilities;

Company guidelines on directors share dealings, procedure for obtaining independent advice, and policies and
procedures of the board;
Current strategic plan, budgets and forecasts for the year together with the three and five year plans;
Latest annual report and accounts;
Key performance indicators;
Corporate brochures,mission statement, and other reports issued by the company;
Minutes of the last few board meetings;
Description of board procedures;
Details of all directors, company secretary and other key executives;
Details of board subcommittees and minutes of meetings if the director is to join any committee.
Page 20 of 110
Continuing professional development (CPD)
CPD is the systematic maintenance, improvement and broadening of knowledge and skills, and the development of
personal qualities necessary for the execution of professional and technical duties throughout an individuals
working life.
Objectives of CPD
- Maintain knowledge and skills bases ( and so improve overall performance in their roles)
- By keeping professional qualifications up-to-date, directors can improve their competence in a wider
context benefiting both themselves and professional roles. CPD can improve and broaden knowledge and
skills to support future professional development,
- By updating his knowledge and skills on existing and new areas of business practice, like tackling internet
fraud, directors are able to contribute towards the development of the company. In effect, CPD can act as
a catalyst for improving and enhancing business performance.
- By undertaking CPD, directors demonstrate a commitment to their professions and their company.
Features of effective CPD
Individual professionals should be responsible for organising and conducting their own CPD so that it meets their
particular needs. This can be achieved by determining what form of training or other intervention delivers the
necessary output.
ACCA operates a professional development matrix to assist its members analyse their roles and responsibilities,
and then prioritise learning needs.
The matrix comprises four elements:

Planning. The individual should analyse his current role and then identify the competencies which are needed to
deliver the required level of performance for that role. A development plan is then devised which involves
prioritising elements of the role which need most attention, but also addressing any emerging areas.
Action (inputs). The actual CPD undertaken should satisfy the following requirements:
Relevance of the actual learning activity to the role;
Understanding how the learning outcomes will apply to the workplace;
Providing evidence that the learning activity was undertaken, and in part independently verified.
Results (outputs). On completion the individual should compare the results of his learning activities against his
development plan,
and self-assess whether the CPD has met his pre-determined objectives.
Reflection. The individual should examine the evolving requirements of his role, as these will become a key feature
of future planning. This ensures that all CPD he undertakes in the future remains relevant to his role and the needs
of the company and its clients.
Page 21 of 110
Elements of Continuing professional development
CPD activities could include:

Professional educational courses;
Planning and running an in-house training event;
Coaching or mentoring;
Learning a new discipline;
Committee membership;
Attending trade exhibitions and conferences
Diversity
Diversity means having a range of many people that are different from each other. There is, however, no uniform
definition of board diversity. Traditionally speaking, one can consider factors like age, race, gender, educational
background and professional qualifications of the directors to make the board less homogenous. Some may
interpret board diversity by taking into account such less tangible factors as life experience and personal attitudes.
In short, board diversity aims to cultivate a broad spectrum of demographic attributes and characteristics in the
boardroom. A simple and common measure to promote heterogeneity in the boardroom commonly known as
gender diversity is to include female representation on the board.
Benefits of Diversity in the Workplace
More effective decision making: by reducing the risk of 'groupthink', paying more attention to managing and
controlling risks as well as having a better understanding of the companys consumers.( group think: a
psychological behaviour of minimising conflicts and reaching a consensus decision without critically
evaluating alternative ideas in a cohesive in-group environment.)
Better utilisation of the talent pool: One of the problems of searching for suitable directors lies on the
limited number of candidates there is especially a tendency to search for board members with typical
characteristics, such as male directors. If directors expand the pool of potential candidates by considering
more diversified attributes, like women and ethnic minorities to be included in the boardroom, it will
alleviate the problem of 'director shortage' and therefore better utilise the talent pool.
Enhancement of corporate reputation and investor relations by establishing the company as a responsible
corporate citizen.: It can enhance corporate reputation through signalling positively to the internal and
external stakeholders that the organisation emphasises diverse constituencies and does not discriminate
against minorities in climbing the corporate ladder. This may somehow indicate an equal opportunity of
employment and the managements eagerness in positioning the organisation as a socially responsible
citizen.
A board with a broad range of experience is more likely to develop independence of mind and a probing
attitude. It can also enhance corporate decision-making by having sensitivity to a wider range of risks to its
reputation.
Studies suggest that female non-executive directors contribute more effectively than male nonexecutives,
preparing more conscientiously for board meetings and being more prepared to ask awkward questions and
to challenge strategy. Studies also suggest that a gender-balanced board is more likely to pay attention to
managing and controlling risk.
Page 22 of 110
Surveys suggest that in the UK women hold almost half the wealth and are responsible for about 70% of
household purchasing decisions. As women are often the customers of the companys products, having more
women directors can improve understanding of customer needs. Large companies in consumer-facing
industries have a higher proportion of women on their boards than big companies in other sectors.
COSTS OF DIVERSIFYING THE BOARD

Diversifying the board is not without costs. Though a board is inherently subject to conflict as it is formed by
individuals collectively, having a diverse board may potentially increase friction between members, especially
when new directors with different backgrounds are stereotyped by existing members as atypical. This may split the
board into subgroups, which reduces group cohesiveness and impairs trust among members, leading to reluctance
to share information within the board.
Another danger of board diversity is sometimes referred to as tokenism. Theoretically, as mentioned in the
previous section, the minorities in the boardroom are said to contribute to value creation of the organisation by
their unique skills and experiences; however, in practice, they may feel that their presence is only to make up the
numbers required by the external stakeholders. They may then tend to undervalue their own skills, achievements
and experiences, which demeans their potential contribution to the organisation.
Further, the board may potentially ignore the underlying important attributes of successful directors as a sacrifice
to meet the requirement of board diversity. The board needs to pay special attention to these costs when
implementing measures to diversify the board.
REGULATORY INITIATIVES OF BOARD DIVERSITY

Board diversity can be promoted by a number of methods. Measures currently adopted by different regulatory
bodies are generally classified into the following approaches: (i) through imposing quotas on the board; and (ii)
enhancing disclosures using the 'comply or explain' approach.
Imposing quotas refers to mandatory requirement in appointing a minimum number of directors with different
attributes on the board. This legislation enactment mainly deals with gender diversity to tackle the relative
underrepresentation of women in the boardroom. For example, since 2008, each listed company in Norway has
had to ensure that women fill at least 40% of directorship positions. Spain and France are implementing similar
mandatory requirements for gender diversity. This approach increases the number of women on the board at a
faster rate and forces companies to follow the legislation.
Another measure to enhance board diversity is through transparency and disclosure. Companies, under corporate
governance codes, are required to disclose their diversity policy in appointing directors so that investors and
stakeholders can make proper evaluation. Those who fail to implement such measures have to explain their non-
compliance in the corporate governance report or equivalent. The Corporate Governance Code (2010) of the
United Kingdom, for example, stipulates that companies are required to: (i) incorporate diversity as a
consideration in making board appointments; and (ii) disclose in their annual reports describing the boards policy
on diversity, as well as its progress in achieving the objectives of that policy. Australia and Hong Kong are
promoting diversity using a similar 'comply or explain' approach. Supporters of this approach believe that board
appointments should be made on the basis of business needs, skills and ability instead of legislative requirements,
which may sometimes be considered excessive in the market.
Page 23 of 110
The Agency theory
The agents are granted both expressed and implied authority to deal with third parties on behalf of their principal,
and they are held accountable under corporate governance for their actions and outcomes.
Fiduciary duty: Agents owe a fiduciary duty (duty of utmost faith) to their principals. This means they need to act
in the principals interest and ensure all relevant information is communicated to them in a timely basis. This duty
can be legal or ethical.
Accountability: The agent is accountable to the principal. Directors, individually and collectively, have a duty under
corporate governance to provide entrepreneurial leadership and run the company to the betterment of the
shareholders.
Agency problem: The agents are granted both expressed and implied authority to deal with third parties on behalf
of their principal, and they are held accountable under corporate governance for their actions and outcomes.
Should a situation arise where the interests of the principal and agents are not necessarily aligned, an agency
problem arises.
Agency cost
Agency costs can include:

- the time and expense of reviewing published information, and then attending meetings to monitor and
scrutinise the boards performance;
- paying for the services of independent experts and advisers;
- external auditors fees; and
- transaction costs associated with managing the shareholding
An agency cost is a cost incurred by the shareholder (the principal) in monitoring the activities of company agents
(i.e. directors). Agency costs are normally considered as over and above existing analysis costs (such as those
involved in making an initial investment decision) and are the costs that arise because of compromised trust in
agents (directors).
They can be classified under two headings; costs associated with monitoring the agent, and those termed residual
loss.
Monitoring costs
This type of agency cost includes costs associated with attempts to control or monitor the organization. The most
important of these will be the provision of information to shareholders, such as financial statements and annual
reports detailing company operations.
Large organizations are required, usually as part of listing rules, to communicate effectively with major
shareholders. Meetings attended by the key board members including the chief executive can be arranged and
institutional shareholders invited, although these will take time and money both to organize and deliver.
The AGM is a regular meeting that can be utilized by shareholders to ask questions of the company.
Page 24 of 110
Many companies utilize performance-related incentive schemes to encourage directors to make decisions that are
in the best interest of the shareholders. The most effective of such schemes is that of offering directors share
options, usually with a specified period of time (several years) in which the shares cannot be sold. This provides the
incentive for their decision making to reflect the requirements of shareholders for long-term share price growth.
Residual loss
Residual loss costs are a part of agency costs. These are costs that attach to the employment of high caliber
directors (generally outside of salary) and the trappings associated with the running of a successful company. The
packages of the board members may include benefits in kind such as company cars, medical insurance and school
fee payments and would be considered a residual loss to shareholders.
Reducing agency costs

These agency costs could be reduced when direct action is taken to resolve the alignment of interest problem,
which would improve board accountability. The employment of sufficient independent non-executive directors to
monitor and scrutinise the executive members of the board should have a positive influence on their behaviour
and inspire confidence from shareholders.
Transaction cost theory
Transaction costs will occur when dealing with another external party:
Search and information costs: to find the supplier.

Bargaining and decision costs: to purchase the component.
Policing and enforcement costs: to monitor quality.
The way in which a company is organised can determine its control over transactions, and hence costs. It is in the
interests of management to internalise transactions as much as possible, to remove these costs and the
resulting risks and uncertainties about prices and quality.
Transaction costs can be further impacted by the following:
Bounded rationality: our limited capacity to understand business situations, which limits the factors we
consider in the decision.
Opportunism: actions taken in an individual's best interests, which can create uncertainty in dealings and
mistrust between parties.
The significance and impact of these criteria will allow the company to decide whether to expand internally
(possibly through vertical integration) or deal with external parties.
Internal transactions: Transaction costs still occur within a company, transacting between departments or
business units. The same concepts of bounded rationality and opportunism on the part of directors or managers
can be used to view the motivation behind any decision.
Page 25 of 110
Possible conclusions from transaction cost theory
Opportunistic behaviour could have dire consequences on financing and strategy of businesses, hence
discouraging potential investors. Businesses therefore organise themselves to minimise the impact of
bounded rationality and opportunism as much as possible.
Governance costs build up including internal controls to monitor management.
Managers become more risk averse seeking the safe ground of easily governed markets.
Transaction cost theory versus agency theory
Transaction cost theory and agency theory essentially deal with the same issues and problems. Where agency
theory focuses on the individual agent, transaction cost theory focuses on the individual transaction.
Agency theory looks at the tendency of directors to act in their own best interests, pursuing salary and
status. Transaction cost theory considers that managers (or directors) may arrange transactions in an
opportunistic way.
The corporate governance problem of transaction cost theory is, however, not the protection of
ownership rights of shareholders (as is the agency theory focus), rather the effective and efficient
accomplishment of transactions by firms.
Page 26 of 110
Two- Tier boards
Unitary Two-tier (used in France & Germany)
In a unitary board, all directors, including all In a two-tier board, responsibilities are split between a supervisory or
executive and non executive directors, are oversight board (chaired by the company chairman), and an
members. operational board (usually chaired by the chief executive).
All directors are of equal rank in terms of The supervisory board decides on strategic issues and the operational
their ability to influence strategy and they board becomes responsible for executing the strategy determined by
also all share the collective responsibility in the supervisory board.
terms of legal and regulatory liability.
There is no distinction in constitution or law Responsibilities between the boards are clearly defined with the
between strategic oversight and operational supervisory board responsible for many legal and regulatory
management. compliance issues (such as financial reporting). Directors on the lower
tier (operational board) do not have the same levels of responsibility
or power as those on the supervisory board.
Why? Why?
1.Direct power over management.
1.All directors have equal legal status(equal
accountability and responsibility). This also 2.More stakeholder involvement(therefore their interests protected)
ensures that the directors work together and
leads to better decision making. 3.Clear separation between management and monitoring.
2.NEDs are empowered(independent 4.Acts as a deterrent to management fraud.

scrutiny, experience and expertise). They
protect shareholders interest. 5. The supervisory board is separated from management therefore
may be more independent.
3.Lesser likelihood of power abuse by a small 6.As the supervisory board is relatively a smaller board, it may be
number of directors. This may also reduce more effective in turbulent environments where quicker decision
chances of fraud as the directors are making is required ( it will be easier and cheaper to arrange
involved in actual management. meetings!)
4.Greater intellectual strength (strategies Why not?

scrutinized more) 1. Lack of accountability of supervisory board.
2. Slower decision making as there are different stakeholders
5. Investor confidence increased through the involved (whose interest might be in conflict with each other at
above.
times)
3. Owners power is diluted as more stakeholders involved.
4. Agency problems and conflict between the two boards (e.g.
management board doesnt give complete info to supervisory
board etc)
5. Management board demotivated as they are not involved in
decision making
6. Supervisory board may not understand the operations in detail
as they are isolated from management meetings.
7. Responsibility is divided (as compared to unitary board where
entire board is held accountable)
Page 27 of 110
P1 questions for unitary and two-tier boards
1. Suitability of the board structure depends on the organizational culture, the country it operates in and the
size of the organization. For example, in Germany, employees have a legal right to have a representative
in the supervisory board.
2. Questions may have Anglo/Dutch companies which leads to investor unrest! You will need to analyze
which one is suitable. You may be asked to give a convincing argument in favour of either unitary or two-
tier board.
Generic Discussion- Code of corporate governance

Reasons for developing codes Problems with codes
-it should reduce risk, fraud and corruption -They restrict and dilute decision making power
-they improve investor confidence -They cannot stop fraud
-global investors are willing to pay a higher premium for -They increase red tape and bureaucracy
well governed companies
-The implementation of codes is a costly process(more NEDs,
-good governance is a major decision factor for new systems, compliance with regulations etc)
institutional shareholders
-The process is reactionary rather than proactive, responding
-good governance tends to lead to good performance to major failures in governance rather than setting the
agenda.
Should corporate governance provisions vary by country?
Some countries have more insider structures than outside because of which accountability relationship is
different
Developing countries may not want incur compliance and monitoring costs
Developing countries need not necessarily follow same levels of formal governance as developed
countries.
Some governments may have more flexible governance to attract international companies and hence
improve their economic climate ( when SOX was enforced in the USA, some companies delisted from the
NYSE and got themselves listed on the London stock exchange)
Regardless of the culture, standardized corporate governance provisions will ensure that minority interest
is protected.
Countries with poor reputation in terms of corruption and fraud need a strict standardized governance
structure.
Investor confidence is greater in countries where good governance structures are followed.
Page 28 of 110
Approaches to corporate governance/ regulating corporate governance
Rules based approach Principles based approach
In a rules-based approach to corporate governance, A principles-based approach works by (usually) a stock market making
provisions are made in law and a breach of any compliance with a detailed code a condition of listing.
applicable provision is therefore a legal offence. This
means that companies become legally accountable for Shareholders are then encouraged to insist on a high level of compliance in
compliance and are liable for prosecution in law for the belief that higher compliance is more robust than lower compliance.
failing to comply with the detail of a corporate When, for whatever reason, a company is unable to comply in detail with
governance code or other provision. every provision of a code, the listing rules state that the company must
explain, usually in its annual report, exactly where it fails to comply and the
reason why it is unable to comply. The shareholders, and not the law, then
. judge for themselves the seriousness of the breach.
It is the judiciary rather than investors which monitors
and punishes transgression and this means that there is If the shareholders are not satisfied with the explanation for lack of
no theoretical distinction drawn between major or compliance, they can punish the board by several means including holding
minor compliance failures. This is sometimes seen, them directly accountable at general meetings, by selling shares (thereby
therefore, to be clumsy or un-nuanced as a means of reducing the value of the company) or by direct intervention if a large
enforcement. enough shareholder.
In a rules-based approach such as Sarbanes-Oxley

(Sarbox or Sox), the legal enforceability of the Act
requires total compliance in all details. This places a
substantial compliance cost upon affected companies
and creates a large number of compliance advice
consultancies to help companies ensure compliance.
For rules based For principles based
-Clarity in terms of what you must do -Flexibility:.A principles-based approach is flexible and allows companies to
develop their own approach, perhaps with regard to the demands of their
-Standardization for all companies own industry or shareholder preferences. This places the emphasis on
investor needs rather than legal demands. There may be no reason, for
-Minimizes chances of going against the rule as non- example, why companies in lower risk industries should be constrained by
compliance results in penalties. the same internal control reporting requirements as companies in higher
risk industries. As long as shareholders recognise and are satisfied with this,
-If the law is good then it will give shareholders the cost advantages can be enjoyed.
assurance that a company is being run effectively
It enables the policing of compliance by those who own the entity and have
a stronger vested interest in compliance than state regulators who monitor
compliance in a legal sense. This places the responsibility for compliance
upon the investors who are collectively the legal owners of the company. It
makes the company accountable directly to shareholders who can decide
for themselves on the materiality of any given non-compliance.
Regulations can be changed more quickly as compared to law
By avoiding laws, businesses may be more willing to contribute to the

ongoing corporate governance debate
Page 29 of 110
Against rules based
By requiring explanations of non-compliance, companies are required to
Rigidity of law-companies will try to look for loopholes. think carefully about their reasons for not complying and this may make
them decide to follow the code after all.
Compliance is seen to be an inflexible box ticking
exercise and this can sometimes mean that companies It reduces the costs of compliance and recognises that one size does not fit
lose perspective of what are the most important aspects all. There may be legitimate reasons for temporary or semi-permanent non-
of governance and what can sometimes be a less compliance with the detail of a corporate governance code, perhaps
important provision to comply with. Disproportionate because of size or the company adopting its own unique approach for
amounts of management time can be used in ensuring highly specific and context-dependent reasons.
compliance in an area which may be less important to
shareholders, but which is nevertheless an important
box to have ticked. Against principles based
-Some companies may present weak or untrue explanations justifying their

Costs are incurred in ensuring and demonstrating actions.
compliance. It can be convincingly argued -Without the law to back it up, corporate governance becomes harder to
that a substantial proportion of this cost adds very little enforce.
value to shareholders, especially in small companies, and
resources are diverted to demonstrating minor areas of There may be confusion over what is compulsory under law and what is
compliance which could be used more effectively principles-driven under listing rules. A lack of clarity might be present,
elsewhere (such as in company operations). Because especially where compliance expertise is not available to management
compliance on the big issues is accorded equal weight (such as in some smaller companies) between legally-required compliance
in law to compliance with small issues, costs are and listing rules which are subject to comply or explain. This may confuse
disproportionately incurred in demonstrating some management teams and cause non-compliance borne of lack of
compliance in some non-critical areas. advice and information.
Infringements and transgressions are punished by the A rules-based approach provides standardisation and prevents any
state through its judiciary and not by those most directly individual companies gaining competitive or cost advantages with lower
affected by such transgressions: the shareholders. Those levels of compliance. This creates a level playing field in which all
in favour of principles-based approaches argue that competitors in an industry understand what is required.
there is a greater economic efficiency in having
governance monitored by those with the strongest stake
in gains and losses (the shareholders), rather than the (in
comparison) inefficient and undiscerning agents of the
state. In many cases, agents of the state are unable to
distinguish between major and minor infringements,
merely noticing that a box is unticked and pursuing
punishment as a result.
Page 30 of 110
Sarbanes Oxley Act(SOX)
In 2002, following a number of corporate governance scandals such as Enron and WorldCom, tough new corporate
governance regulations were introduced in the US by SOX.
SOX is extremely detailed and carries the full force of the law. It includes requirements for the Securities and
Exchange Commission (SEC) to issue certain rules on corporate governance.
Key points
SOX requires the Chief Executive Officer and Chief Financial Officer to personally attest to the accuracy of
the annual report, quarterly reports, and to the effectiveness of internal control systems. If subsequently
it is discovered that the accounts are not accurate and have to be restated, any bonuses paid to those
directors have to be repaid.
SOX has very detailed requirements on internal control. Companies must have a sound system of internal
control and they must also have suitable documentation in place to provide evidence that the system is
working. The directors must do a full review of the internal control system on an annual basis and report
the results of that review in their annual report.
The auditors have to provide a report to say they have checked the internal control systems over financial
reporting and give their opinion as to whether they are working this is called an attestation report. The
auditors have to do a full audit of internal controls over the financial reporting system at the company.
SOX makes audit partner rotation the law
SOX has a ban on auditors providing a range of other services to their audit clients.
Under SOX, no loans can be made by a public company to its directors or other senior executives.
In SOX there is greater protection of whistleblowers. A whistleblower is someone who reports bad
practice to those inside or outside the company so it can be dealt with. This was the case in Enron
andWorldCom.
Must have an audit committee
Complete transparency and minority interest protection
Complete disclosure of off-balance sheet transactions.
Negative reaction:
- Doubling of audit fee costs to organizations.

- Onerous documentation and internal control costs.
- Reduced flexibility and responsiveness of companies.
- Reduced risk taking and competitiveness of organizations.
- Limited impact on the ability to stop corporate abuse.
- Legislation defines a legal minimum standard and little more.
Page 31 of 110
Insider vs outsider systems
OUTSIDER SYSTEM
An outsider system is one where those that own the company are separate from those that run the company.
Ownership is largely in the hands of non-participating shareholders, e.g. institutions such as pension funds and
investment trusts.
There is a clear gap between those who run the company and those who own it, hence the agency problem.
Investors have traditionally played a passive role, leaving directors alone to run the company. Over the last 10
years, institutional investors require more accountability from the board on strategy and how they are running the
company. The more involved these shareholders become, the less of an agency problem there is.
They have more formal organizational and reporting structures and systems for accountability to external
shareholders.
generally, larger companies (public companies in particular) are more highly regulated and have more
stakeholders to manage than privately owned, smaller family businesses.
INSIDER SYSTEM
An insider system is one where there are strong links between those that run the company and major
stakeholders.
The major shareholders may also feature on the board, for example bankers or employees may have
representatives on the board.
Family dominated companies often have a similar structure with family members sitting on the board.
(There are a small number of major shareholders who both own and control the company e.g. government, family
members, banks)
Pros
There are usually lower agency costs associated with insider-dominated businesses owing to
there being fewer agency trust issues. Less monitoring is usually necessary because the owners
are often also the managers
Ethics it could be said that threats to reputation are threats to family honour and this increases
the likely level of ethical behaviour. Principals (majority shareholders) are able to directly impose
own values and principles (business or ethical) directly on the business without the mediating
effect of a board.
Fewer short-term decisions the longevity of the company and the wealth already inherent in
such families suggest long-term growth is a bigger issue.
Decision making may be quicker as there are relatively lesser number of people and they are
likely to have the same mindset
Page 32 of 110
Cons
Minority shareholders and non-included stakeholders may lack protection from the dominant insiders
as they have little representation within the company.
There is a potential lack of transparency as information is kept inside the company.
no need to account to public shareholders for either the performance of the company or its postures
on such issues as ethics.
There are relatively lesser formal governance structure, systems, policies and procedures.
lack of external expertise in the form of an effective non-executive presence (however, some
companies employ non-executive directors (NEDs) on a voluntary and best practice basis)
Gene pool and succession issues are common issues in family businesses. It is common for a business
to be started off by a committed and talented entrepreneur but then to hand it on to progeny who
are less equipped or less willing to develop the business as the founder did.
Feuds and conflict resolution can be major governance issues in an insider-dominated business.
Whereas a larger bureaucratic business is capable of professionalising confl ict (including staff
departures and disciplinary actions) this is less likely to be the case in insider-dominated businesses.
Family relationships can suffer and this can intensify stress and ultimately lead to the deterioration of
family relationships as well as business performance.
Important discussion to be read
Compare family businesses with listed companies
A family business, when incorporated as a company, is an example of a private limited company. This means that
the shares are privately held and are not available for members of the investing public to buy and sell. This is in
contrast to a public company, which is listed on a stock exchange and in which members of the public, including
private and institutional shareholders, can purchase or sell shares. Being a public listed or public limited company
carries a number of requirements, imposed either by statute or the stock exchange, which do not apply to private
companies. These requirements include compliance with a number of corporate governance provisions which
include the adoption of certain governance structures, adherence with internal control and internal audit
standards, and the external reporting of some types of information. A private limited company, in contrast, must
comply with company law and tax regulations, but is not subject to listing rules.
There are a number of differences between the governance arrangements for a privately-owned family business
like and a public company.
In general, governance arrangements are much more formal for public companies than for family businesses. This
is because of the need to be accountable to external shareholders who have no direct involvement in the business.
In a family business that is privately owned, shareholders are likely to be members of the extended family and
there is usually less need for formal external accountability because there is less of an agency issue.
Linked to this, it is generally the case that larger companies, and public companies in particular, are more highly
regulated and have many more stakeholders to manage than privately-owned, smaller or family businesses. The
higher public visibility that these businesses have makes them more concerned with maintaining public confidence
in their governance and to seek to reassure their shareholders. They use a number of ways of doing this.
The more formal governance structures that apply to public companies include the requirement to establish a
committee structure and other measures to ensure transparency and a stronger accountability to the shareholders.
Such measures include additional reporting requirements that do not apply to family firms.
Page 33 of 110
Contents of an annual report
Several corporate governance codes of practice prescribe the content for a report as part of an annual report.
Although these vary slightly, the following are prominent in all cases.
1. Financial statements
2. Independent Auditors report
3. Chairmans statement / Operating and financial review statement (a narrative statement about the
organiisations past performance and future plans)
4. Statement of compliance with corporate governance
5. Information on the board and its functioning. Usually seen as the most important corporate governance
disclosure, this concerns the details of all directors including brief biographies and the career information
that makes them suitable for their appointment. Information on how the board operates, such as
frequency of meetings and how performance evaluation is undertaken is also included in this section. This
section is particularly important whenever unexpected or unanticipated changes have taken place on the
board. Investors, valuing transparency in reporting, would always expect a clear explanation of any
sudden departures of senior management or any significant changes in personnel at the top of the
company. Providing investor confidence in the board is always important and this extends to a high level
of disclosure in board roles and changes in those roles.
6. The committee reports provide the important non-executive input into the report. Specifically, a best
practice disclosure includes reports from the non-executive-led remuneration, audit, risk and
nominations committees. In normal circumstances, greatest interest is shown in the remuneration
committee report because this gives the rewards awarded to each director including pension and
bonuses. The report on the effectiveness of internal controls is provided based in part on evidence from
the audit committee and provides important information for investors.
7. There is a section on accounting and audit issues with specific content on who is responsible for the
accounts and any issues that arose in their preparation. Again, usually a matter of routine reporting, this
section can be of interest if there have been issues of accounting or auditor failure in the recent past. It is
often necessary to signal changes in accounting standards that may cause changes in reporting, or other
changes such as a change in a year-end date or the cause of a restatement of the previous accounts.
These are all necessary to provide maximum transparency for the users of the accounts.
8. There is usually a section containing other papers and related matters which, whilst appearing to be
trivial, can be a vital part of the accountability of directors to the shareholders. This section typically
contains committee terms of reference,
AGM matters, NED contract issues, etc.
Page 34 of 110
Mandatory and voluntary disclosures
Annual reports contain both mandatory and voluntary components.
Mandatory disclosures are those which are required, either by statute (e.g. company law), reporting standard or
listing rule. The main financial statements, with their related disclosure notes, and the audit report fall into this
category. These are the statement of profit or loss, the statement of financial position (balance sheet), the
statement of changes in equity and the statement of cash flows. Some parts of the directors report are also
mandatory in some jurisdictions as are notes on the composition of the board and the remuneration of directors.
Listing rules in some jurisdictions have increased with regard to disclosure requirements. In many countries, for
example, a substantial amount of corporate governance disclosure is required, as is the comply or explain
statement. The presence of the comply or explain statement is often mandatory but the content is used to
convey the extent of non-compliance with the relevant corporate governance code.
Voluntary disclosures are those not required by any regulatory constraint but are often made nevertheless. Some
of these are made because of tradition and shareholder expectation (such as the chairmans statement) whilst
others are thought to be concerned with managing the claims of a companys wider stakeholders. Some
companies include disclosure on objectives so that shareholders can understand the boards ideas for the future,
possibly including a mission statement or similar. Likewise, social and environmental information is often included,
detailing, for example, the companys policy and objectives with regard to a range of social and environmental
measures. Some risk disclosures are also voluntarily supplied, for example, when a company is adopting an
integrated reporting approach.
Reasons and motivations behind voluntary disclosure

- Can help attract capital and maintain confidence in the company
- Can act as a marketing tool and help company in a positive light
- They help improve public understanding of the structure, activities, corporate policies and performance
- Provide regular, reliable and comparable information for shareholders and potential investors
- Decrease chances of unethical behaviour
Page 35 of 110
Stakeholders
Any group or individual who can affect or [be] affected by the achievement of an organisations objectives.
An organisations stakeholders are likely to include: Shareholders; Directors/management;

Employees;Customers;Suppliers; The local community;The wider community;The environment.
Why should stakeholders be identified?

-to assess the validity of their claims
-to identify source of risk/disruption
-to identify blockers and facilitators to the organizations strategies
Stakeholders are important to an organization as they make demands of it this is known as a stakeholder claim.
Some stakeholders wish to influence the organization and others are concerned with how the organization affects
them.
For Example
- Trade unions claim/expectations: To be consulted and involved in decisions which affect their members.
- Employees claim: Regular salary, pleasant working conditions, job security, interesting work and career
progression.
Direct stakeholder claims are made by those with their own voice. These claims are usually unambiguous, and
are often made directly between the stakeholder and the organisation. Stakeholders making direct claims will
typically include trade unions, shareholders, employees, customers, suppliers etc.
Indirect claims are made by those stakeholders unable to make the claim directly because they are, for some
reason, inarticulate or voiceless. Although this means they are unable to express their claim direct to the
organisation, it is important to realise that this does not invalidate their claim. Typical reasons for this lack of
expression include the stakeholder being (apparently) powerless (eg an individual customer of a very large
organisation), not existing yet (eg future generations), having no voice (eg the natural environment), or being
remote from the organisation (eg producer groups in distant countries). This raises the problem of interpretation.
The claim of an indirect stakeholder must be interpreted by someone else in order to be expressed, and it is this
interpretation that makes indirect representation problematic. How do you interpret, for example, the needs of
the environment or future generations? What would they say to an organisation that affects them if they could
speak? To what extent, for example, are environmental pressure groups reliable interpreters of the needs (claims)
of the natural environment? To what extent are terrorists reliable interpreters of the claims of the causes and
communities they purport to represent? This lack of clarity on the reliability of spokespersons for these
stakeholders makes it very difficult to operationalise (to include in a decision-making process) their claims
Stakeholder Theory Proposes That There Should Be Corporate Accountability To A Broad Range Of Stakeholders.
The basis for stakeholder theory is that companies are so large and their impact on society so pervasive that they
should discharge accountability to many more sectors of society than solely their shareholders.
Stakeholder Theory versus Agency Theory Convergence

Stakeholder theory may be the necessary outcome of agency theory given that there is a business case in
considering the needs of stakeholders through improved customer perception, employee motivation, supplier
stability, shareholder conscience investment.
Agency theory is a narrow form of stakeholder theory.
Page 36 of 110
Stakeholder Classification
1. Internal and external stakehodlers: Perhaps the easiest and most straightforward distinction is
between stakeholders inside the organisation and those outside. Internal stakeholders will
typically include employees and management, whereas external stakeholders will include
customers, competitors, suppliers, and so on. Some stakeholders will be more difficult to
categorise, such as trade unions that may have elements of both internal and external
membership.
2. Narrow and wide stakeholders: Narrow stakeholders are those that are the most affected by the
organisations policies and will usually include shareholders, management, employees, suppliers,
and customers who are dependent upon the organisations output. Wider stakeholders are those
less affected and may typically include government, less-dependent customers, the wider
community (as opposed to the local community) and other peripheral groups. The Evans and
Freeman model may lead some to conclude that an organisation has a higher degree of
responsibility and accountability to its narrower stakeholders.
3. Primary and secondary stakeholders: According to Clarkson: A primary stakeholder group is one
without whose continuing participation the corporation cannot survive as a going concern.
Hence, whereas Evans and Freeman view stakeholders as being (or not being) influenced by an
organisation, Clarkson sees the important distinction as being between those that do influence
an organisation and those that do not. Secondary stakeholders are those that the organisation
does not directly depend upon for its immediate survival.
4. Active and passive stakeholders: Mahoney (1994) divided stakeholders into those who are
active and those who are passive. Active stakeholders are those who seek to participate in the
organisations activities. These stakeholders may or may not be a part of the organisations
formal structure. Management and employees obviously fall into this active category, but so may
some parties from outside an organisation, such as regulators (in the case of, say, UK privatised
utilities) and environmental pressure groups. Passive stakeholders, in contrast, are those who do
not normally seek to participate in an organisations policy making. This is not to say that passive
stakeholders are any less interested or less powerful, but they do not seek to take an active part
in the organisations strategy. Passive stakeholders will normally include most shareholders,
government, and local communities.
5. Voluntary and involuntary stakeholders: This distinction describes those stakeholders who
engage with the organisation voluntarily and those who become stakeholders involuntarily.
Voluntary stakeholders will include, for example, employees with transferable skills (who could
work elsewhere), most customers, suppliers, and shareholders. Some stakeholders, however, do
not choose to be stakeholders but are so nevertheless. Involuntary stakeholders include those
affected by the activities of large organisations, local communities and neighbours, the natural
environment, future generations, and most competitors.
6. Legitimate and illegitimate stakeholders: This is one of the more difficult categorisations to
make, as a stakeholders legitimacy depends on your viewpoint (one persons terrorist, for
example, is anothers freedom fighter). While those with an active economic relationship with
an organisation will almost always be considered legitimate, others that make claims without
such a link, or that have no mandate to make a claim, will be considered illegitimate by some.
This means that there is no possible case for taking their views into account when making
decisions. While terrorists will usually be considered illegitimate, there is more debate on the
legitimacy of the claims of lobby groups, campaigning organisations, and non-
governmental/charitable organisations.
Page 37 of 110
7. Recognized and Unrecognized (By the Organization) Stakeholders: The categorization by
recognition follows on from the debate over legitimacy. If an organization considers a
stakeholders claim to be illegitimate, it is likely that its claim will not be recognized.
This means the stakeholders claim will not be taken into account when the organization makes
decisions.
8. Known About and Unknown Stakeholders : Finally, some stakeholders are known about by the
organization in question and others are not. This means, of course, that it is very difficult to
recognize whether the claims of unknown stakeholders (e.g. nameless sea creatures,
undiscovered species, communities in close proximity to overseas suppliers, etc) are considered
legitimate or not. Some say that it is a moral duty for organizations to seek out all possible
stakeholders before a decision is taken and this can sometimes result in the adoption of
minimum impact policies. For example, even though the exact identity of a nameless sea
creature is not known, it might still be logical to assume that low emissions can normally be
better for such creatures than high emissions
Managing Stakeholder Relations
UNDERSTANDING THE INFLUENCE OF EACH STAKEHOLDER (MENDELOW)

In strategic analysis, the Mendelow framework is often used to attempt to understand the influence that each
stakeholder has over an organisations objectives and/or strategy. The idea is to establish which stakeholders have
the most influence by estimating each stakeholders individual power over and interest in the organisations
affairs. The stakeholders with the highest combination of power and interest are likely to be those with the most
actual influence over objectives. Power is the stakeholders ability to influence objectives (how much they can),
while interest is the stakeholders willingness (how much they care).
Influence = Power x Interest
There are issues with this approach, however. Although it is a useful basic framework for understanding which
stakeholders are likely to be the most influential, it is very hard to find ways of effectively measuring each
stakeholders power and interest. The map generated by the analysis of power and interest (on which
stakeholders are plotted accordingly) is not static; changing events can mean that stakeholders can move around
the map with consequent changes to the list of the most influential stakeholders in an organisation.
Page 38 of 110
Level Of Interest
Low High
Low
Minimum effort Keep informed
e.g. community reps &
charities
(give them reasons as they
Power
might be able to influence

more important stakeholders!)
High
Keep satisfied Key players
e.g. institutional shareholders e.g. major customer
(they can move to key players (strategy should be acceptable
at any time) to them)
Power is the ability to bring pressure to bear over the objectives and policies of the project and interest is the
capital which a stakeholder has invested in the organisation or project (or, an assessment of how much they care
or are interested in the development)
Low interest low power
Those with neither interest nor power (top left) can, according to the framework, be largely ignored, although this
does not take into account any moral or ethical considerations. It is simply the stance to take if strategic
positioning is the most important objective
These stakeholders include small shareholders, the unskilled element of the labour force and the general public.
They have low interest in the organization primarily due to lack of power to change strategy.
High interest low power

Stakeholders with high interest (ie they care a lot) but low power can increase their overall influence by forming
coalitions with other stakeholders in order to exert a greater pressure and thereby make themselves more
powerful. By moving downwards on the map, because their power has increased by the formation of a coalition,
their overall influence is increased. The management strategy for dealing with these stakeholders is to keep
informed.
Low interest high power

those in the bottom left of the map are those with high power but low interest. All these stakeholders need to do
to become influential is to re-awaken their interest. This will move them across to the right and into the high
influence sector, and so the management strategy for these stakeholders is to keep satisfied.
High interest high power

These stakeholders have a high interest in the organization and have the ability to affect strategy. Stakeholders
include the directors, major shareholders and trade unions.
Those in the bottom right are the high-interest and high-power stakeholders, and are, by that very fact, the
stakeholders with the highest influence. The question here is how many competing stakeholders reside in that
quadrant of the map. If there is only one (eg management) then there is unlikely to be any conflict in a given
decision-making situation. If there are several and they disagree on the way forward, there are likely to be
difficulties in decision making and ambiguity over strategic direction.
Page 39 of 110
Institutional investors
Institutional investors tend to have large numbers of shares in companies and invest on behalf of individual
investors. They include pension funds, insurance companies, and investment trusts. For many listed companies,
the biggest individual shareholders are institutional investors.
In recent years, institutional shareholders have become much more active for the following reasons:
Corporate governance regulations has encouraged them to use their votes wisely.
Many institutional investors have seen that improved governance leads to increased share prices.
Those whose funds they are investing are putting more pressure on them to act.
When should institutional shareholders intervene?

Specifically, an institutional investor may intervene in the following circumstances:
the companys performance is consistently poor;
the company is engaged in unethical practices or has a poor reputation;
there is excessive risk taking or perhaps not enough risk taking;
there is a breakdown of communication between directors and shareholders;
they have a loss of faith in the management running the company;
there is consistent fail in the companys systems or repeated fraud.
The NEDs are ineffective
There are inappropriate remuneration policies
Law and regulations are not being followed
How institutional shareholders should monitor their client companies
1. A formal documented process through which client companies are monitored. Monitoring tends to
include a formal review of company accounts, resolution, voting and accompanying disclosure such as
press releases.
2. The Institutional Investor must provide adequate resources to allow this to happen and must train
analysis and other staff in company procedures.
3. Following investigation the shareholder must intervene as necessary. Intervention can involve dialogue
through meetings with the Chairman or senior non executive directors.
4. Extending the active participation in corporate management may include the need to discuss client cases
with other large shareholders or, in extreme cases calling on the company to explain its position through
an extraordinary general meeting.
5. The process of monitoring is one of continuous review and improvement steadily increasing the
responsibilities of the Institutional Investor in taking an active interest. The extent to which this is actually
done in part depends on the companys attitude towards ownership of the company.
Page 40 of 110
Internal Controls and review
Internal Controls
At its simplest, an internal control is any action or system put in place by management which will increase the likelihood that
organisational objectives will be met and assets safeguarded. Internal control measures are put in place to control the internal
activities in an organisation so that they achieve the purposes intended. By having internal activities co-ordinated and
configured appropriately, with means of measuring and reporting on compliance levels, waste (i.e. non value-adding activity) is
minimised and efficiencies are gained which increase the effectiveness of the organisation in meeting its strategic purposes.
Internal controls can be at the strategic or operational level. At the strategic level, controls are aimed at ensuring that the
organisation does the right things; at the operational level, controls are aimed at ensuring that the organisation does things
right. Those controls that operate at the strategic level are capable of influencing activities over a longer period.
COSO: Committee of Sponsoring Organisations--- an American The Turnbull Report(1999)-provided guidance on creating
voluntary organisation with the aim of guiding executive strong internal control systems. This has now been
management towards the establishment of more effective, incorporated into the Combined Code.
efficient and ethical business operations. It provided detailed The Turnbull guidance is still available as a stand alone
advice on application of controls document (last revised in October 2005).
Objectives of internal control
An internal control system comprises the whole network of systems established in an organisation to provide reasonable assurance
that organisational objectives will be achieved.
Specifically, the general objectives of internal control are as follows:

To ensure the orderly and efficient conduct of business in respect of systems being in place and fully implemented.
Controls mean that business processes and transactions take place without disruption with less risk or disturbance and
this, in turn, adds value and creates shareholder value.
To safeguard the assets of the business. Assets include tangibles and intangibles, and controls are necessary to ensure
they are optimally utilised and protected from misuse, fraud, misappropriation or theft.
To prevent and detect fraud. Controls are necessary to show up any operational or financial disagreements that might be
the result of theft or fraud. This might include off-balance sheet financing or the use of unauthorised accounting policies,
inventory controls, use of company property and similar.
To ensure the completeness and accuracy of accounting records. Ensuring that all accounting transactions are fully and
accurately recorded, that assets and liabilities are correctly identified and valued, and that all costs and revenues can be
fully accounted for.
To ensure the timely preparation of financial information which applies to statutory reporting (of year end accounts, for
example) and also management accounts, if appropriate, for the facilitation of effective management decision-making.
Page 41 of 110
Turnbull : Contents of a sound system of internal controls
The Turnbull guidance described three features of a sound internal control system.
1. Firstly, the principles of internal control should be embedded within the organisations structures,
procedures and culture(All employees have responsibility for internal control and this tone needs to be
set by management,who must be seen to be abiding by the controls they have put in place.
2. Secondly, internal control systems should be capable of responding quickly to evolving risks to the
business arising from factors within the company and to changes in the business environment.
3. Thirdly, sound internal control systems include procedures for reporting immediately to appropriate
levels of management any significant control failings or weaknesses that are identified, together with
details of corrective action being undertaken.
COSO: Contents of a sound system of internal control
To conclude that your system of internal control is effective, the five components of internal control and all
relevant principles must be:
1. Present and functioning

2. Operating together in an integrated manner
If a relevant principle is not present and functioning, a major deficiency exists in the system of internal control
Control environment 1. The organization demonstrates a commitment to integrity and

ethical values.
Points of focus:
Sets the tone at the top 2. The board of directors demonstrates independence from
Establishes standards of conduct management and exercises oversight of the development and
Evaluates adherence to standards of performance of internal control.
conduct
Addresses deviations in a timely manner 3. Management establishes, with board oversight, structures,
reporting lines, and appropriate authorities and responsibilities in
the pursuit of objectives.
4. The organization demonstrates a commitment to attract,

develop, and retain competent individuals in alignment with
objectives.
5. The organization holds individuals accountable for their

internal control responsibilities in the pursuit of objectives.
Page 42 of 110
Risk assessment 6. The organization specifies objectives with sufficient clarity to
enable the identification and assessment of risks relating to
objectives.
A precondition to risk assessment is the
establishment of objectives, linked at 7. The organization identifies risks to the achievement of its
different levels of the entity. Management objectives across the entity and analyzes risks as a basis for
specifies objectives within categories relating determining how the risks should be managed.
to operations, reporting, and compliance with
sufficient clarity to be able to identify and 8. The organization considers the potential for fraud in assessing
analyze risks to those objectives. risks to the achievement of objectives.
Management also considers the suitability of
the objectives for the entity. Risk assessment 9. The organization identifies and assesses changes that could
also requires management to consider the significantly impact the system of internal control.
impact of possible changes in the external
environment and within its own business
model that may render internal control
ineffective.
Control activities 10. The organization selects and develops control activities that
contribute to the mitigation of risks to the achievement of
Control activities are the actions established objectives to acceptable levels.
through policies and procedures that help
ensure that managements directives to 11. The organization selects and develops general control
mitigate risks to the achievement of activities over technology to support the achievement of
objectives are carried out. Control activities objectives.
are performed at all levels of the entity, at
various stages within business processes, and 12. The organization deploys control activities through policies
over the technology environment. that establish what is expected and procedures that put policies
into action
Information & communication 13. The organization obtains or generates and uses relevant,
quality information to support the functioning of internal control.
Information is necessary for the entity to
carry out internal control responsibilities to 14. The organization internally communicates information,
support the achievement of its objectives. including objectives and responsibilities for internal control,
Management obtains or generates and uses necessary to support the functioning of internal control.
relevant and quality information from both
internal and external sources to support the 15. The organization communicates with external parties
functioning of other components of internal regarding matters affecting the functioning of internal control.
control. Communication is the continual,
iterative process of providing, sharing, and
obtaining necessary information. Internal
communication is the means by which
information is disseminated throughout the
organization, flowing up, down, and across
the entity. It enables personnel to receive a
clear message from senior management that
control responsibilities must be taken
seriously. External communication is twofold:
it enables inbound communication of relevant
external information, and it provides
information to external parties in response to
requirements and expectations.
Page 43 of 110
Monitoring activities 16. The organization selects, develops, and performs ongoing
and/or separate evaluations to ascertain whether the
Ongoing evaluations, separate evaluations, or components of internal control are present and functioning.
some combination of the two are used to
ascertain whether each of the five 17. The organization evaluates and communicates internal control
components of internal control, including deficiencies in a timely manner to those parties responsible for
controls to effect the principles within each taking corrective action, including senior management and the
component, is present and functioning. board of directors, as appropriate.
Ongoing evaluations, built into business
processes at different levels of the entity,
provide timely information. Separate
evaluations, conducted periodically, will vary
in scope and frequency depending on
assessment of risks, effectiveness of ongoing
evaluations, and other management
considerations. Findings are evaluated against
criteria established by regulators, recognized
standard-setting bodies or management and
the board of directors, and deficiencies are
communicated to management and the board
of directors as appropriat
New areas of emphasis
Governance
Enhanced focus on oversight role of the board of directors and its committees
Board independence, skills and expertise
Ensuring competence of personnel
Board oversight of organization structure and reporting lines
Appropriateness of communication with board
Board responsibilities related to evaluating deficiencies and monitoring corrective actions
Risk assessment
Increased focus on risk assessment process, and responding to assessed level of risk
Importance of setting objectives
Involvement of appropriate level of management
Risk response evidenced by changes in control activities
Risk assessment related to fraud (Principle 8)
Assessment of changes to the external and internal business environment
Page 44 of 110
Information technology
14 of the 17 principles include IT considerations
Principle 11 focused on IT general controls
Impact of system changes on internal control effectiveness
Quality of data used to execute controls (Principle 13)
Using relevant information
Segregation of duties
Use of data analytics continuous monitoring
Information security
Outsourced service providers
12 of the 17 principles address monitoring of control activities performed by OSPs
Management retains responsibilities for controls
Inventory of OSPs with responsibilities related to key internal controls
SOC1/SOC2 report evaluation
Communication of integrity and ethical behavior requirements
Competence and performance monitoring
Accountability for internal control processes
Page 45 of 110
Possible causes of internal control failures (also limitations of Internal controls or reasons for ineffective
controls)
1. Failures in human judgement when assessing a control, or fraud in measuring or reporting a

control. Where a control relies upon human measurement, error is always a possibility either
through lack of training, incompetence, wilful negligence or having a vested interest in
control failure
2. Human error can cause failures although a well-designed internal control environment can
help control this to a certain extent.
3. Control processes being deliberately circumvented by employees and others.
4. Management overriding controls, presumably in the belief that the controls put in place are
inconvenient or inappropriate and should not apply to them.
5. Non-routine or unforeseen events can render controls ineffective if they are intended to
monitor a specific process only. Most internal controls are unable to cope with extraordinary
events and so need to be adapted or circumvented when such events occur.
6. Previous or existing controls can become obsolete because they are not updated to meet
changed conditions. A control introduced to monitor a process or risk that has changed,
reduced or been discontinued will no longer be effective. Changes to key risks, for example,
need to modified if they are to continue to remain effective in controlling the risk.
7. The control can be over or under-specified. An under-specified control is one which is not
capable of actually controlling the risk or activity intended. Conversely, an over-specified
control is one which over-controls and may have the effect of losing the confidence of
employees and others influenced by the control. An over-specified control is one which is
poor value for money and may constrain activity if the control does not adequately allow
normal levels of performance. Controls which do not enjoy the support of those affected are
sometimes ignored or bypassed, thereby rendering them less effective than they might be
Page 46 of 110
Internal Audit
Internal audit is an independent appraisal function established within an organisation to examine and evaluate its
activities as a service to that same organisation. The objective of internal audit is to assist members of the
organisation in the effective discharge of their responsibilities. To this end, internal audit furnishes them with
analyses, appraisals, recommendations, advice and information concerning the activities reviewed. The main
functions of concern to internal audit are reviews of internal controls, risk management, compliance and value for
money.
Internal auditors: can be in-house or outsourced. Should not design or implement controls as this affects their
independence!
Functions of Internal Audit Department
1. Setting the tone for internal environment: Internal audit is integral to the organisations internal control
system. Accordingly, it helps directors set the tone for the internal environment and will become part of
the culture of the organisation. The effective functioning of the audit committee and the internal audit
process leads staff to expect certain organisational norms. Internal audit signals the tone from the top and
what is expected from staff in terms of performance and the types of behaviour which are acceptable and
which are not.
2. Evaluating controls and advising managers at all levels: Internal audits role in evaluating the
management of risk is wide ranging because everyone from the mailroom to the boardroom is involved in
internal control. The internal auditors work includes assessing the tone and risk management culture of
the organisation at one level through to evaluating and reporting on the effectiveness of the
implementation of management policies at another.
3. Evaluating risks: Internal auditors will ensure that risks are regularly assessed, meaning that risks are
monitored and then assessed in terms of probability and impact. It is managements job to identify the
risks facing the organisation and to understand how they will impact the delivery of objectives if they are
not managed effectively. Managers need to understand how much risk the organisation is willing to live
with and implement controls and other safeguards to ensure these limits are not exceeded. Some
organisations will have a higher appetite for risk arising from changing trends and business/economic
conditions. The techniques of internal auditing have therefore changed from a reactive and control based
form to a more proactive and risk based approach. This enables the internal auditor to anticipate possible
future concerns and opportunities providing assurance, advice and insight where it is most needed.
4. Analysing operations and confirm information: Achieving objectives and managing valuable
organisational resources requires systems, processes and people. Internal auditors work closely with line
managers to review operations then report their findings. The internal auditor must be well versed in the
strategic objectives of their organisation and the sector in which it operates in, so that they have a clear
understanding of how the operations of any given part of the organisation fit into the bigger picture
5. Promote Ethics raise red flags when they discover improper conduct.
6. Monitor Compliance: assess the organizations compliance with applicable laws, regulations
7. Investigate Fraud: investigate possible fraudulent behavior throughout the organization
8. Other Assignments as deemed necessary by the Audit Committee
Page 47 of 110
Factors to consider when determining the need of internal audit
The scale, diversity and complexity of the companys activities.

The number of employees.
Cost-benefit considerations.
Changes in the organisational structures, reporting processes or underlying information system(as they
affect risk)
Problems with existing internal control systems.
An increased number of unexplained or unacceptable events.
Ability of current management to carry out assignments which would normally be carried out by internal
auditors
Need of special assignments that normally internal audit carries out (IT audits for example)
Independence of Internal Audit

Typically internal auditors report on the company they work for so they can never be completely independent as
they are reliant on the company for their employment.
As such, their independence is bound to be questionable. For example:
They may ignore frauds because they trust workplace colleagues, or feel sympathy for them;
They may decide not report problems for fear of upsetting their ultimate bosses, the directors;
They may decide not to report problems for fear that the company may get into trouble and they might lose
their jobs;
As internal staff, they may be pressured or intimidated into keeping quiet;
If they report to directors and directly criticise them, the report may be ignored.
As a result of the independence issues above, the internal audit function could be outsourced to experts (e.g. a
firm of accountants) although this will bring with it the need for independence in the same manner as with
external audit.
REPORTING STRUCTURE
The internal audit function should report to theAudit Committee, made up entirely of independent NEDs.
The head of the internal audit department, the Chief Internal Auditor, should have access to the Chairman
so if anything serious has been discovered, such as a material fraud then it can be quickly reported to the
top of the organisation.
Where the internal audit team are internal employees:
o They should have no operational duties, nor should they have had in the recent past to avoid the
possibility that the internal auditor may have to review work they have been responsible for (self-review
threat);
o Ideally, they should have no major family or personal ties to operational staff or departments on whom
they report (familiarity threat).
When internal audit is outsourced, independence can be improved by following similar guidelines as with
external auditors:
o The same outsource firm should not act as internal auditor for a company for too many years in a row.;
o The outsource firm should not be performing too many other services for the company (as a self-review
or self-interest threat may arise);
o Fee levels should be monitored to ensure that the outsource firm is not too dependent on a single
internal audit client.
Page 48 of 110
AUDIT COMMITTEE-ROLES
( entirely NEDs)- At least one NED with recent relevant financial experience
- monitors integrity of financial statements

1.Monitoring the integrity of the financial statements (including reviewing significant judgments)
and any formal announcements relating to financial - checks the clarity and completeness of the
performance. disclosures in the financial statements.
2.Reviewing internal financial controls and, unless there is a separate board risk committee, reviewing the
companys internal control and risk management systems.
If there are no internal auditors, the committee should

3.Monitoring and reviewing the effectiveness of the review each year whether there is a need for such a
internal audit function. service; if it concludes there is not, it should explain
why in the annual report.
Should approve the appointment and removal of the

head of internal audit.
Monitors effectiveness of Internal audit department,

review their plan and ensure their recommendations
are actioned
Ensures Internal Auditors are accountable to AC and

preserve their independence
The committee has some specific duties in relation to
4.Making recommendations to the board in relation to external auditors. It recommends the appointment of
the appointment, re-appointment and removal of the auditors to the board and approves their fees and the
external auditor and approve the remuneration and other terms on which they are retained. If there is
terms of engagement of the auditor; dissatisfaction with their performance, it may
recommend their replacement. In the very unlikely
event that the board disagrees with the committee, the
arguments on both sides need to be put forward to
shareholders in the annual report and AGM papers.
The committee must keep a close check on the external

5.Reviewing the auditors independence and auditors independence and objectivity. Is it time for a
objectivity; change, if only to get fresh thinking and a new
perspective on some old issues? Are the auditors
getting too close to management?
Where non-audit services are performed, disclosures

6.Developing and implementing the non-audit services are required in the annual report, and the committee
policy. must explain how auditor objectivity and independence
are to be preserved.
7.Whistleblowing arrangements It needs to be confident that there are opportunities

throughout the company for employees to act as
whistleblowers and report improprieties and abuses.
This may mean giving employees contact details for
committee members for use if other avenues fail.
Page 49 of 110
Benefits of Audit Committees
One of the main roles of the audit committee is to ensure compliance with external reporting obligations,
for example, compliance with the Sarbanes Oxley Act. The monitoring activities of the audit committee
help to ensure that an organization has complied with the statutory obligations, while providing assurance
to third parties of that compliance.
The committee provides a whistle blowing facility for company employees. Potential wrong doing or
illegal acts can be brought to the attention of the committee for further investigation and potential
reporting. Advertising this role in an organization helps to promote the environment of openness and
compliance with corporate governance policies. It may also provide some security for employees wishing
to make reports, hopefully removing the fear of being made unemployed simply because a report was
made.
The committee acts as a separate layer of management between the board and the external auditors. In
this sense, the committee helps to remove independence threats between the board and the auditors
(e.g. familiarity threats). However, this does not mean that the audit committee and the auditors will not
be affected by those same threats.
In terms of account preparation and checking, at least one member of the committee should have recent
and relevant financial experience (at least in terms of the UK codes). This means an independent and
professional check can be made on the accounts prior to audit, and similarly a review carried out the
auditors report prior it being issued. Again, the reviews help identify errors, check consistency in terms of
information disclosure in different sections of the annual report, ensure sufficient disclosure is made in
terms of corporate governance (e.g. information in any OFR) and enhance the assurance given to the
financial statements.
Many audit committee members are also non-executive directors (NEDs), or even executive directors, of
other companies, or have had experience working in other organizations. They will bring this experience
to their current organization, which should enhance their ability to identify problem areas and make
appropriate comments on documentation, etc. Where the audit committee has a risk management
function, this will also be enhanced by employing NEDs with business experience.
Disadvantages of an Audit Committee
The audit committee can only be effective where it receives full disclosure of all relevant information and
is allowed to act on that information. For example, where the board, the external auditors or the internal
auditors refuse or simply omit to provide the audit committee with relevant reports, then the committee
cannot, obviously, review or act on those reports.
Similarly, as recommendations of the audit committee may not be statutory in nature, and then the full
board could ignore these, thus limiting the committee's effectiveness.
Page 50 of 110
Effectiveness will also be limited by the amount of power vested in the committee and the amount of
access provided to key decision makers. There may be situations where the committee requires additional
information to understand reports (e.g. head of internal audit); denial of access will again limit the
effectiveness of the committee.
As noted above, the committee is not necessarily free of threats to independence from external auditors,
although frequent rotation of members will help to alleviate those threats. The fact that audit committee
members must be rotated on a regular basis (the normal maximum period of office being nine years at
least in the UK) may actually work against effective running of the committee. Where members resign or
are rotated after three years, it can be argued that there is insufficient time to fully understand the
company or its accounts, or to have sufficient seniority to actively influence the main board in its decision-
making role.
Audit committee overseeing internal audit
There are several reasons why internal audit is overseen by, and has a strong relationship with, the audit
committee.
The first reason is to ensure that internal audits remit matches the compliance needs of the company. The internal
audit functions terms of reference are likely to be determined by strategic level objectives and the risks associated
with them. The audit committee, being at the strategic level of the company, will frame these for implementation
by the internal audit function.
Second, the audit committee will be able to ensure that the work of the internal audit function supports the
achievement of the strategic objectives of the company. Whilst this applies to all functions of a business, the
supervisory role that the audit committee has over the internal audit function means that this responsibility rests
with the audit committee in the first instance.
Third, oversight by the audit committee provides the necessary authority for the internal audit function to operate
effectively. This means that no-one in the company can refuse to co-operate with the internal audit function and
that members of that function, whilst not being necessarily senior members of staff themselves, carry the
delegated authority of the audit committee in undertaking their important work.
Fourth, by reporting to the audit committee, internal auditors are structurally independent from those being
audited. Because they and their work is sanctioned and authorized by the audit committee, the IA function should
have no material links with other departments of similar hierarchical level which might compromise independence.
Page 51 of 110
Characteristics of effective, useful information
Good quality information is necessary so that management can monitor business performance. For this to be
possible, the information used would require certain distinguishing characteristics
Relevant: The information obtained and used should be relevant for specific decision-making rather than
producing too much information simply because the information systems can do it.
Reliable: free from errors, trustworthy (Information should come from authoritative sources to ensure its
reliability. It is good practice to quote the source used whether it be internal or external sources. If estimates or
assumptions have been applied, these should be clearly stated and explained )
Timely: Information needs to be timely for decision making if it is to be useful.
Understandable: clear, no unexplained jargon. Often, the decision makers do not have time to trawl through
masses of information, so it should be clearly presented, not too long and communicated using an appropriate
medium.
Cost beneficial: the cost of generating the information should be less than the benefits to be gained from that
information (for example a simple report may be as useful as a long complicated one!)
Reporting on Internal Controls to Shareholders
Shareholders, as owners of the company, are entitled to know whether the internal control system is sufficient to
safeguard their investment. To provide shareholders with the assurance they require, the board should, at least
annually, conduct a review of the effectiveness of the groups system of internal controls and report to
shareholders that they have done so.
The review should cover all material controls, including financial, operational and compliance controls and risk
management systems.
The annual report should also inform members of the work of the audit committee. The chair of the audit
committee should be available at the AGM to answer queries from shareholders regarding their work.
External reports on the effectiveness of internal controls are intended to convey the robustness of a companys
internal controls to an external audience (usually the shareholders). As with other reports, however, the company
must make preparations and institute systems to gather the information to report on. This in itself is capable of
controlling behaviour and constraining the professional and ethical behaviour of management.
Page 52 of 110
Contents of the Report to Shareholders on Internal Controls
1. Firstly, the report should contain a statement of acknowledgement by the board that it is responsible for the
companys system of internal control and for reviewing its effectiveness. This might seem obvious but it has
been shown to be an important starting point in recognising responsibility. The tone from the top is very
important in the development of my proposed reporting changes and so this is a very necessary component of
the report.
2. Secondly, the report should summarise the processes the board (or where applicable, through its committees)
has applied in reviewing the effectiveness of the system of internal control. These may or may not satisfy
shareholders, of course, and weak systems and processes would be a matter of discussion at AGMs for non-
executives to strengthen.
3. Thirdly, the report should provide meaningful, high level information that does not give a misleading
impression. Clearly, internal auditing would greatly increase the reliability of this information but a robust and
effective audit committee would also be very helpful.
4. Finally, the report should contain information about any weaknesses in internal control that have resulted in
error or material losses.
Reporting under SOX

In the UK, the Combined Code provides guidance on internal control, but SOX is law and therefore must be
complied with or penalties will be incurred.
Under UK guidance on internal controls directors are expected to:
Maintain a sound internal control system (Combined Code);
Regularly monitor the internal control system;
Ensure there is a full annual review of the system;
Report this process in the annual report.
The external auditors do not report on the work the directors have done on the internal control system, but they
will review the system themselves when planning their audit work and establishing the amount of testing that is
required on the system. Any weaknesses in the system will be reported to the board. There is no report to the
shareholders on internal control from the external auditors; this is the responsibility of the directors and the audit
committee.
Under the SOX, directors are expected to ensure that there is a reliable internal control system, but as this is a law
it must be documented and recorded to prove it exists. On an annual basis it must be reviewed and assessed
against performance criteria to ensure it is working. Any problems discovered as part of this review must be dealt
with. The appraisal of the system must be documented and the process is reported to the shareholders along with
the key results from the process. The companys external auditors must then report to shareholders on whether
the directors have carried out the annual review of the system properly.
This is a lot of additional work for both directors and auditors. The external auditors have two audits to run -one
on the financial statements and one on the internal control system. It is not surprising that audit costs have risen
since the introduction of SOX.
Page 53 of 110
As a result of this, directors will want to put a lot more effort into their internal control systems as they are
breaking the law if they are not in place and working properly. There has been a huge focus on complying with the
law but there may not be a cost benefit of having excellent internal control when very good controls would have
sufficed.
Advantages of an external report on internal controls
With any report required by regulation, the board must take control of the process and acknowledge its
responsibility for the companys system of, in this case, internal controls. This means that it would be unable to
knowingly circumvent or undermine the internal controls
Any reporting (including one on internal controls) creates greater accountability because stakeholders can hold to
account those making those statements. Any stakeholder can then point to what was said in the report and hold
the board to account for its performance against any given statement.
A report on the effectiveness of internal controls (such as Sarbanes Oxley s.404) typically requires the inclusion of
a statement on the processes used by the directors to assess the effectiveness of internal controls. This includes
the disclosure of any material internal control weaknesses or any significant problems which the company
encountered in its internal controls over the period under review. The value of the report as a means of reassuring
investors is to use this statement to demonstrate the robustness of the processes. An unconvincing disclosure on
this would potentially undermine investor confidence.
Because the report is subject to an auditors review (or full audit in some jurisdictions), the auditors can demand
evidence of any statement on the report and follow any claim made back along the relevant audit trail. It is a
serious and often easily detectable offence to deceive an auditor or to make a knowingly false statement in an
audited or auditor-reviewed report. Such a deceit (of the auditors) would result in an immediate loss of confidence
in management on the part of the auditors and, in consequence, also on the part of shareholders and regulators.
Page 54 of 110
Management information systems
level description Info needs

Strategic - Senior management - from internal and external sources
- Fewest members - less frequent
- strategic management of the - less precise
organisation including setting its
mission and long term objectives Examples of information
and making fundamental decisions include: the need for and availability of finance, details about
competitors, analysis of the profitability of the business
and information on external threats and opportunities facing the
organisation.
Tactical - middle management - Internal sources mainly

- develops the strategies outlined by - More frequent
strategic management and find - Slightly more detailed and precise
ways to realize them.
Examples of information required at a tactical level include:working
capital requirements, cash flow and profit forecasts and information
about business productivity.
Operational - supervisors and junior Operational information is used to make sure that specific operational
/Functional management tasks are carried out as planned. Examples
- largest group include: results of quality control checks and information about labour
- management day to day hours used to perform a certain task, process or job.
operations and implement tactical
plans
-
Page 55 of 110
IDENTIFYING, CONTROLLING & ASSESSING RISK
Risk is the chance of exposure to the adverse consequences of uncertain future events. If and when those risks
actually occur, they can have an adverse impact on the organizations objectives.
Risk awareness: Risk awareness describes the ability of an investor to recognise and measure the risk associated
with it
Risks vary by sector
Risks do not apply equally to all companies. This is because risks are associated with particular activities, and
companies in different industrial sectors are exposed to different risks because of what they do. So, for example,
banks are more exposed to a range of financial risks whilst manufacturing and mining are usually more concerned
with health and safety risks.
This is because of the different environments, and the business models, strategies and financial structures adopted
by companies in different industries.
Sectors exist in different environments. This means that the external factors which affect businesses and give rise
to risks are different. Some industries, for example, are mainly located within a certain geographical area whilst
others are international, thereby giving rise to such risks as exchange rate risk, etc. Some exist in relatively simple
and stable environments whilst others are in more turbulent and changeable environments. Thus, in more
unstable and complex environments, perhaps with greater levels of regulation, changing consumer patterns and
higher technology, companies will be subject to greater risks than those in more stable and simple environments.
Companies in different sectors adopt different business models. This means that the ways in which value is added
will differ substantially among companies in different sectors. In a service industry, for example, value is added by
the provision of intangible products, often with the direct intervention of a person. In a manufacturing company,
there will be risks associated with inventory management which a service industry will not be exposed to.
Conversely, a company in a service industry such as insurance or banking is more likely to be exposed to certain
technical skill shortages and fraud risks.
Different sectors have different financial structures, strategies and cost bases. Some companies, by virtue of their
main activity, rely heavily on short or long-term loan capital whereas others have lower structural gearing. Others
have even more complex financial structures. These financial structures give rise to different costs of capital and
differential vulnerabilities to such external factors as monetary pressure. So whereas a traditional manufacturing
company might have very little debt, a civil engineering business undertaking individual large projects might take
on large amounts of medium-term debt to finance the project. This means that risks are greater in such a business
because of the financial gearing which is lower in the traditional company funded mainly by shareholders equity
or retained surpluses. Banks rely on a range of funding sources and become vulnerable to losses when these
become difficult or the price of gaining these funds rises for any reason. Some companies have different cost
structures which make them more risky in different economic circumstances. Companies with high operational
gearing, such as those having very high fixed costs compared to variable costs, have more volatile returns simply
because of the structure of their cost base.
Page 56 of 110
IMPORTANCE OF RISK MANAGEMENT
Risk, in a business sense, is uncertainty. If uncertainty is not properly managed, then forward planning will be
almost impossible, and there is a greater risk of business catastrophe. Directors who fail to manage risk are failing
in their duty to shareholders.
Risk is not always negative. By taking on risk, organizations may increase their returns. If an organization chooses
to take no risk at all, it is unlikely that business will grow.
The amount of risk that an organization needs to take, or wants to take,will depend on a number of factors that
will be looked at in this summary!
RISK STRATEGY
A companys risk strategy will be tied into its corporate strategy - what the company is trying to achieve as an
organization. For example, if an organization is seeking rapid growth, it is likely that it will have to take more risks
than an organization that is seeking to maintain its position in the market.
RISK APPETITE
An organizations risk appetite is the amount of risk an organization is willing to accept.
The risk appetite will vary amongst organizations. Often small businesses in startup situations will be willing to
take on high levels of risk to achieve growth. Large, well established companies with a position to protect may be
less willing to take on very risky projects as they do not want to erode their position.
Risk-averse entities will tend to be cautious about accepting risk, preferring to avoid risk, to share it or to reduce it.
In exchange, they are willing to accept a lower level of return. Those with an appetite for risk will tend to accept
and seek out risk, recognising risk to be associated with higher net returns.
Risk appetite has an important influence on the risk controls that the organization is likely to have in place.
Organizations that actively seek to avoid risks, perhaps found more in the public sector, charitable sector and in
some process-oriented companies, do not need the elaborate and costly systems that a risk seeking company
might have. Organizations such as those trading in financial derivatives, volatile share funds and venture capital
companies will typically have complex systems in place to monitor and manage risk. In such companies, the
management of risk is likely to be a strategic core competence of the business.
Therefore, Risk appetite can be explained as the nature and strength of risks which an organisation is prepared to
accept or seek. It comprises two key elements:
(i) the level of risk which the companys directors consider desirable; and
(ii) the capacity of the company to actually bear the level of risk.
RISK ATTITUDE : Risk strategy is affected by the directors attitudes to risk. Some directors will be willing to take on
more risks than others. This can be down to their own personalities, but directors may take risks if they believe that
the shareholders want them to and vice versa. Shareholders may invest in companies or select directors who are
willing to take the amount of risk they wish for.
RISK CAPACITY: Risk capacity is about having the resources available to deal with risks. A company cannot always
take high risks if they do not have the resources to deal with those risks.
Page 57 of 110
EMBEDDING RISK
Risk awareness: is the knowledge of the nature, likelihood and potential costs of risks facing an organization.
Senior management will have an awareness of risks, but this awareness needs to be embedded throughout the
organization at all levels in order to manage risk effectively.
- Awareness and acceptance of risk management is needed at all levels

- Risk management is not a stand-alone activity- it is normal behavior
The methods by which risk awareness and management can be embedded in organizations are as follows:
1. Establish a visible policy on risk awareness, and have this unreservedly supported by management, trade
unions and staff. This should encourage everybody to identify risks, including those arising from the behaviour
of management, and bring them to the attention of appropriate people without fearing a negative or hostile
response. A philosophy and culture of risk awareness would be developed so that everybody recognises the
importance of all risks and seeks to address them as far as possible.
2. Linked to this is the encouragement of open communication and a supportive culture. No-one should think
themselves too junior or uninformed to raise a risk issue with management. It is often at the operational levels
where risks can have the most unfortunate effects and so many previously unnoticed risks can arise from
there. Similarly, management should welcome all discussion of risk as a normal part of their responsibilities
and should never dismiss an idea, even if it is something of which management is already aware.
3. It is always good practice to establish formal systems such as a risk committee and a risk auditing procedure.
The establishment of a risk audit forces the company to identify all risks affecting the business, both internal
and external. Once listed on a risk register, each of these can then be assessed according to their perceived
probability of being realised and their likely impact. A risk strategy can then be assigned to each risk and any
changes to the risk environment can be fed into the system to ensure that it remains current. This also
provides a reporting mechanism by which individual managers, including the most senior, can be held
accountable for their behaviour in respect of risks.
4. Human resource management: Culture is often described as the way we do things around here, so for greater
risk awareness, it needs to be instilled in all aspects of human resource management, including
- Individual job descriptions which should be drawn up with a greater emphasis on the duty of all
employees to recognize and act on risks which may arise in their area of operations.
- Induction programmes for new employees to include detail of organisations ERM initiatives so that risk
becomes ingrained in employee behaviours from the outset.
- Regular training workshops for existing staff to reinforce the key elements of the risk management
philosophy and ERM processes.
- Individual performance appraisals to evaluate objectives relating to risk. This way risk management will
be considered a key feature of staff appraisal and reward systems, and so become more important to all
of the employees.
Page 58 of 110
5. Maintain a risk register: A risk register which lists and prioritises the main risks which the company faces
can help employees decide which risks need most attention. The register can then be used as an objective
and consistent basis to manage risk, committing sufficient resources as necessary and providing a holistic
view of how risk is being managed throughout the organization.
6. Another way to embed risk awareness in general is to publicise success stories in the company and to
reward risk awareness behaviour through whatever mechanisms are appropriate. It would be welcomed if
the discovery of a new risk or a change in its assessment was something which employees thought to be
an exciting thing and something which might attract an additional days holiday, a one-off cash payment
or a weekend break away somewhere
RISK MANAGEMENT
1. Identify risk
2. Assess/analyse risk
3. Manage
4. Report
5. Monitor
Identify risks How to identify risk?

1. The use of models such as:
- SWOT analysis (strengths,weaknesses, opportunities and threats);
- PESTLE analysis (political, economic, social, technological, legal and environmental).
2. Brainstorming sessions from the board of directors and senior management.
3. The use of risk questionnaires for staff throughout the organisation who are closer to operations than the
directors.
4. The use of external risk consultants who have industry experience but can bring a fresh perspective.
Types of risk
Strategic Risk
It is the current and prospective impact on earnings or capital arising from adverse business decisions, improper
implementation of decisions, or lack of responsiveness to industry changes
These arise from the overall strategic positioning of the company in its environment. Some strategic positions give
rise to greater risk exposures than others. Because strategic issues typically affect the whole of an organization and
not just one or more of its parts, strategic risks can potentially involve very high stakes they can have very high
hazards and high returns. Because of this, they are managed at board level in an organization and form a key part of
strategic management.
The factors contributing to the strategic risks are:

-types of industry / markets within which the business operates
-competitors strategy and new products coming into the market
-political state of the economy in which the company operates
-capacity of the company to operate in a highly dynamic environment
-fluctuating prices of the inputs upon which the business is dependent
-the company readiness to adapt to changing technologies
Page 59 of 110
Operational Risk
Operational risks refer to potential losses arising from the normal business operations which are more likely to
affect a part of the business rather than the whole organisation. Accordingly, they affect the day-to-day running of
operations and business systems in contrast to strategic risks that arise from the organizations strategic
positioning.
Operational risks are managed at risk management level (not necessarily board level) and can be managed and
mitigated by internal control systems
Directors and senior management need to ensure they do not ignore operational issues because they are focusing
on higher level strategy.
Distinguishing features between strategic and operational risk
Strategic risks take time to affect the business whereas operational risks have an immediate impact.
Therefore events that lead to operational risks usually require immediate action .
Strategic events, generally provide management with time to assess the new position, choose an appropriate
strategy and implement it(although sometimes may also require an immediate response)
Although operational risks may have a combined impact on strategic risk they are usually related to day-to-day
operations such as buying, supplier logistics, manufacture, delivery of products and services, marketing and selling
and after-sales service.
Business risks ( financial, operational and compliance)
These are risks which can threaten the survival of the business as a whole and they can arise from many sources.
Essentially though, they arise because of the business model which an organisation operates and the strategies it
pursues. Some business activities, by their nature, give rise to certain risks which can threaten the business as a
whole. Some business risks can affect the going concern status and threaten the survival of the business. This is
when the continuation of a business in its present form is uncertain because of external threats to the business at a
strategic level, or a failure of the businesss strategy.
Financial risks
These are the risks which arise from the way a business is financially structured, its management of working capital
and its management of short and long-term debt financing. Cash flow can be strongly influenced by how much debt
to equity a business has, its need to service that debt and the rate at which it is borrowed. Likewise, the ability of a
business to operate on a day-to-day basis depends upon how it manages its working capital and its ability to control
payables, receivables, cash and inventories. Any change which makes its cash flow situation worse, such as poor
collection of receivables, excessive borrowing, increased borrowing rates, etc, could represent an increased
financial risk for the business.
Credit Risk : This is the risk that customers fail to pay their bills on time, or do not pay at all. This can be minimized
by not offering credit, doing credit checks on customers before giving credit, and debt factoring.
Market Risk: Market risks are those arising from any of the markets that a company operates in. Most common
examples are those risks from resource markets (inputs), product markets (outputs) or capital markets (finance).
Page 60 of 110
Financial Market Risk: Financial market risk is the risk that the fair value or cash flows of a financial instrument will
fluctuate due to changes in market prices. Market risk reflects interest rate risk, currency risk, and other price
risks.]
Liquidity Risk: Liquidity risk refers to the difficulties that can arise from an inability of the company to meet its
short-term financing needs, i.e. its ratio of short-term assets to short term liabilities. Specifically, this refers to the
organisations working capital and meeting short-term cash flow needs. The essential elements of managing
liquidity risk are, therefore, the controls over receivables, payables, cash and inventories.
Exchange rate risk: Most international transactions involve a currency exchange (unless the countries are in a single
currency trading block).Because currencies rise and fall against each other as a result of supply and demand for
those currencies, an adverse movement of one against the other can mean that the cost of a transaction in one
currency becomes more expensive because of that adverse movement. The loss incurred by that adverse
movement multiplied by the companys financial exposure is the impact of exchange rate risk.
Interest Rate Risk:This is similar to currency risk. As interest rates change, the ability to borrow cheaply and the
returns received on investments will change.
Derivative Risk :Derivative risk arises from the use of derivative financial instruments such as options, futures and
forward contracts in order to manage the business.
Legal and Compliance Risk :This is the risk of breaching laws and regulations and being fined (or even closed down)
as a result. The cost is not necessarily just financial, the time taken in dealing with an investigation can be
distracting to the board. Compliance with legal regulations also creates reputation risk.
Political Risk: Political risk refers to a potential failure on the part of the state to fulfil all or part of its functions. It
can also relate to any potential influence a government has on the business environment in the country concerned.
The states role is to legislate, to formulate and implement public policy, to enforce justice through regulation and
statutes, and to administer the functions of the state (such as education, local services, health, etc). A change in
government or sudden imposition of new laws could make it difficult for companies to operate.
Technology Risk: The risk of technological failure. Failures could be caused by weather, water damage, overheating
or a badly designed system that fails, or is corrupted. Additionally, a lack of computer controls could lead to a virus
or staff with a grudge deliberately placing false transactions on the system. Another aspect of technological risk is
that competitors could have better technology and the company falls behind. People often associate technology
with computers but it need not be so it could also be engineering, designs, etc.
Health and Safety Risk: These are risks to individuals, employees or others, arising from any failure in our
operations giving rise to compromised human welfare..
Environmental Risk : Environmental risk can be described as a loss or liability which arises from the effects of the
natural environment on an organisation, or a loss or liability arising out of the environmental effects of the
organisations operations. Risk can thus arise from natural phenomena affecting the business such as the effects of
climate change, adverse weather, resource depletion, and threats to water or energy supplies. Similarly, liabilities
can result from emissions, pollution, waste or product liability.
Fraud Risk: This is the risk of fraud by employees, customers, suppliers or other parties.
Page 61 of 110
Intellectual Property Risk: Intellectual property is the knowledge, skills and experience that a companys staff have
built up. If those staff leave the company, they may take company secrets, designs and strategies on to their new
employer.
Reputation Risk :A bad reputation can wreck a business (for example, Andersens after Enron) although sometimes
a bad reputation can actually improve profits (any song banned by the radio stations).
Business Probity Risk: This is the risk that a company is seen to be doing the wrong thing. For example company
paying bonuses to directors when the business is not performing well or company using child labour.
Entrepreneurial risk: Entrepreneurial risk is the necessary risk associated with any new business venture or
opportunity.It is expressed in terms of the unknowns of the market/customer reception of a new venture or of
product uncertainties, for example product design, construction, etc. There is also entrepreneurial risk in
uncertainties concerning the competences and skills of the entrepreneurs themselves.
Trading risk
International trade presents its own special risks due to the increased distances and times involved. The types
of trading risk include:
1. Physical risk of goods being lost, stolen or damaged in transit, or the legal documents accompanying the
goods going missing;
2. The customer refusing to accept the goods on their delivery; and
3. Cancellation of an order whilst in transit.
Analyze risks Once risks are identified the next steps are to measure and manage those risks.
There are two main variables that make a risk important its impact and its likelihood. The impact relates to the
effect it will have on the organization and the likelihood is the chance that the outcome will occur.
These can be mapped in diagrammatic form as follows:
Tools and techniques for analyzing risks
A number of tools can be used to quantify the impact of risks on the organization, some of which are described
below.
Scenario planning: in which different possible views of the future are developed, usually through a process of
discussion within the organization.
Sensitivity analysis: in which the values of different factors which could affect an outcome are changed to assess
how sensitive the outcome is to changes in those variables.
Decision trees: often used in the management of projects to demonstrate the uncertainties at each stage and
evaluate the expected value for the project based on the likelihood and cash flow of each possible outcome.
Software packages: designed to assist in the risk identification and analysis processes.
Page 62 of 110
Risk perceptions: objective and subjective risk perceptions.
Risk perception is the belief held by an individual or collectively by a group, about the chance of a risk occurring
and/or about the extent, magnitude, and timing of its effects.
Some risks can be assessed (which involves establishing the likelihood and impact) with a very high degree of
certainty.
If likelihood and/or impact can be measured with scientific accuracy then we can say that the risk can be objectively
assessed.
In many cases, however risk problems can be messy and it can be difficult to accurately assign a value to a
likelihood or an impact. This is where subjective judgements can be used although there are obvious limitations
with such judgments.
Why should risk assessment be on-going?

The first reason why there needs to be a continuous and ongoing risk assessment is because of the strategic
importance of many risks and because of the dynamic nature of those risks being assessed. Some risks reduce over
time and others increase, depending upon changes in the business environment that organizations exist in.
Accordingly, it should not be seen as a once and for all activity. If there is a risk that companies who borrow money
become less able to repay their loans than previously, this is a negative change in the business environment
(thereby affecting liquidity risk). When business recovers and bank customers ability to repay large loans improves,
the liquidity risk for the banks is reduced.
Second, it is necessary to always have accurately assessed risks because of the need to adjust risk management
strategies accordingly. The probabilities of risk occurring and the impacts involved can change over time as
environmental changes take effect. In choosing, for example, between accepting or reducing a risk, how that risk is
managed will be very important. In reducing their lending, the banks have apparently decided to reduce their
exposure to liquidity risk. This strategy could change to an accept strategy when the economy recovers.
Manage risks A useful mnemonic to remember this process is TARA,which is:

Transfer risk
Avoid risk
Reduce risk
Accept risk
TRANSFERRING RISK
This would involve the company accepting a portion of the risk and seeking to transfer a part to a third party.
- Insurance
- Joint venture to spread risk
- Franchising
- Outsourcing production can transfer risk as if there are problems with the quality of a product, the
company can refer back to the supplier with any problems.
Page 63 of 110
AVOIDING RISK
Not engage in the activity or area in which the risk is incurred. Some risks can be totally avoided. If a business has
identified that opening a subsidiary in a foreign country appears to be high risk, then not opening the subsidiary
solves the problem.
However, to totally avoid a business opportunity is often a rather extreme reaction as the company avoids the risk
and the potential returns. If no risks are taken, the chance of returns being earned is small.
REDUCING RISK
A risk reduction strategy involves seeking to retain a component of the risk (in order to enjoy the return assumed to
be associated with that risk) but to reduce it and thereby limit its ability to create liability.
- Primarily through Internal controls
- Lesser of the activity which causes risk
If it is decided that the risk cannot be transferred nor avoided, it might be asked whether or notsomething can be
done to reduce or mitigate the risk. This might mean, for example, reducing the expected return in order to
diversify the risk or re-engineer a process to bring about the reduction.
ACCEPTING RISK
A risk acceptance strategy involves taking limited or no action to reduce the exposure to risk and would be taken if
the returns expected from bearing the risk were expected to be greater than the potential liabilities.
Some businesses will accept risks as they want to receive potential returns. However others will be accepted
because there is nothing that can be done about them. In this case the organization must know the potential costs
and the probability of the risk occurring.
For example, if a profitable product has a high return rate, costing the company warranty and refund costs, they
may decide that it is worth putting up with these costs as they want to earn the profits from the product.
Risk diversification.
Diversification of risk means adjusting the balance of activities so that the company is less exposed to the risky
activities and has a wider range of activities over which to spread risk and return.
Risks can be diversified by discontinuing risky activities or reducing exposure by, for example, disposing of assets or
selling shares associated with the risk exposure.
Risk is the uncertainty caused by variable returns. One way to deal with uncertainty in the business is to diversify.
This spreads a companys risk in many areas. By operating in many different sectors, it is likely that when one sector
is performing badly, another will be doing well, leading to a smoothing of profits.
A common example of diversification is a business that sells umbrellas and ice creams. If the weather is bad,
umbrellas will sell well and if it is good ice creams will sell well.
Methods of diversifying risks are as follows:

- Diversifying risks through financial management techniques such as hedging
- Investing in different businesses and geographical locations so that the loss incurred at one location
/business can be offset by the profit made in another
- Sharing the risk by entering into partnerships and joint ventures so that risk is spread over other parties
Page 64 of 110
When is diversification appropriate?
1. Companies may diversify in various businesses that complement each other. These businesses are generally
different lines of investment in the same profession. By investing in similar businesses, companies guard against the
risk of loss from one area by the gain that will incur in another.
Companies might also diversify their business in the same line of business but in different geographical locations.
This may mitigate any risk since low results in one location might be offset by better results in another. Location-
specific marketing strategies may result in variable sales results.
2. Diversification, however, does not work in situations where two business lines are positively related. In this case,
an adverse change in one of the businesses will lead to an adverse change in the other.
3. Diversification involves a risk when it comes to diversifying into areas that are not related at all. In these
situations adverse changes in one business may coincide with either adverse or favourable changes in the other.
The outcomes are very unpredictable in each business since the products are totally unrelated. This only leads to
partial diversification of risks since risks are only reduced to a certain extent. However if each business faces
adverse change then losses increase.
The ALARP (as low as reasonably practical) principle in risk assessment

Risks and their acceptability
It is normally perceived that there is an inverse relationship between risks and their acceptability i.e. lower risk is
more acceptable as compared to a higher risk. This is demonstrated in diagram.
It would be irrational simply to say that higher risks should never be taken because higher return is often associated
with higher risk: risk and return are usually positively associated. It is also the case that many risks are unavoidable
in a given situation and must be accepted, at least in part.
ALARP relates to the level of risks which are unavoidable and so should be controlled. An example of the ALARP
principle is in incurring health and safety risk
Employees are often exposed to personal injury in work place on account of oil spillage, gas leaks, loss of limbs due
to operating unsafe machinery, etc. These are some health and safety risks (caused due to occupational hazards)
which are inherent risks faced by many entities. As the returns associated with the exposure of health and safety
risk are high, the risks cannot be totally avoided. That is why ALARP is a commonly used risk assessment technique
to mitigate health and safety risks.
Page 65 of 110
ALARP technique involves incurring certain risk mitigating costs like installation of anti-pollution equipment at the
work place, compliance costs like providing safety equipment like shoes, helmets to employees, etc. In short the
investment in health and safety risk mitigation is a trade-off between the costs incurred and assessment of the
likelihood and impact of the risk assessed.
Therefore the risk must be as low as reasonably practicable (ALARP). Here there must be a reasonable proportion
between the quantum of risk and the costs incurred for mitigating the risk. On the other hand if there is a
significant disproportion between the two variables the cost incurred cannot be considered as ALARP.
Reporting Summary:
risks
Reporting of risks
a) A summary of the measures that the board has taken to address risks such as environmental risk and corporate
social responsibility should be reported in the annual accounts.
b) Risks that result in a material error in the financial statements are reported by the auditor in the audit report.
c) The audit committee usually reports on the risks internally to management.
Details:
Process of externally reporting on internal controls and risks
The Turnbull Guidance
1. Narrative statement: How annual review of effectiveness of internal controls has been conducted
2. The board should disclose that there is an ongoing process for identifying, evaluating and managing the
significant risks faced by the company and that this process was in place for the entire year.
3. The board should take full responsibility for the maintenance and review of the internal control systems
and state that these have been installed to manage the risks
4. The steps taken to mitigate the significant failings reported in the annual report and accounts should be
reported
In the US, the Sarbanes-Oxley Act requires the company directors as well as the auditors of all the companies listed
on an exchange to report on the risk management techniques in place in the company.
Monitor risks The risk committee monitors risks.

( BODs It has the right to appoint independent external parties to identify and assess the various risks that the business
responsibility) faces. Risk committees may involve a person external to the company in the planning stage as a risk auditor who
will analyse the existing risk management processes and suggest better methods of dealing with the existing and
future risks.
RISK AUDITING
A risk audit will provide an organization with an independent, external view of the risks facing the organization and
the controls in place to mitigate those risks.
The auditor will review the identification and assessment of risks that the board undertook as part of the risk
management process and will review the controls in place over the identified risks.
There are four stages to a risk audit
Page 66 of 110
Risk audit
a) Risk identification
b) Risk assessment
c) Review of controls over risk
d) Report
1. The first stage in a risk audit is risk identification. It is especially important that all relevant risks are identified
because it is only when risks are identified that subsequent stages of the audit can be conducted. The
maintenance of a risk register is one way in which companies achieve this, with new risks being added and
obsolete ones being deleted if they no longer apply
2. Once identified, each risk must then be assessed. This requires estimating the probability of each risk
materialising and the impact of such a risk realisation. For some risks, these might be relatively straightforward
to calculate but for others, more subjective estimates must be made
3. The review of controls is the third stage of the audit. Once a risk has been identified and assessed, this stage
considers the effectiveness with which it is controlled or mitigated. Those risks with higher probabilities or
higher impacts may, for example, require more effective mitigation strategies than those assessed as less so. If
a control is found to be inadequate, this stage of the risk audit will highlight the need for strengthening the
control. If a control is currently more than is necessary (perhaps costing a disproportionate amount given the
probability or the impact), it can be reduced.
4. The final stage is to issue a report to management for future planning and decision-making. This report will
highlight the key risks, those requiring the most immediate and urgent attention, and a comment on the quality
of existing assessment procedures. Any assessment shortcomings or resource constraints will be clarified and
barriers to subsequent risk audits highlighted
Internal risk audit and external risk audit

Internal risk audit is one undertaken by employees of the company being audited and is usually carried out by the
internal audit function. It involves an identification of the risks within given frames of reference (the whole
company, a given area of activity, a given department or location) and advice on managing those risks in terms of a
risk assessment
Externally, consultants provide this service to clients. In some cases, this is a non-audit service offered by
accounting practices and other consultancies specialise more specifically on risk including the provision of risk audit
services.
External risk auditing is an independent review and assessment of the risks, controls and safeguards in an
organization by someone from outside the company.
Why is external risk auditing preferable?

Fresh pair of eyes
Unbiased view
Reassures external stakeholders
current thinking and best practice can be more effectively transferred
The process is a continuous cycle. As risks will change on a regular basis a company cannot afford to design
solutions and then relax.
Page 67 of 110
Managing the upside of risk
Historically, the focus of risk management has been on preventing loss.
However, recently, organizations are viewing risk management in a different way, so that:
risks are seen as opportunities to be seized
organizations are accepting some uncertainty in order to benefit from higher rewards associated with
higher risk
risk management is being used to identify risks associated with new opportunities to increase the
probability of positive outcomes and to maximize returns
effective risk management is being seen as a way of enhancing shareholder value by improving
performance.
COSO Has Suggested An Eight-Stage Method For Managing Risks.
The COSO Enterprise Risk Management (ERM) framework describes a way of linking a companys objectives to
what it needs to do to actually achieve them, namely manage its risks.
ERM considers risk management in the context of business strategy, but applying it to every level of the
organisation. Therefore everyone in the organisation has some responsibility for ERM, but the board is ultimately
responsible and should assume ownership of risk management. ERM is primarily designed to identify potential
events which, if they occur, could harm an organisation and to manage risk within its defined risk appetite.
ERM is process which comprises eight discrete stages:
1. Control environment: This is essentially the general tone from the top which the company adopts towards
risk management, and so provides the basis for how risk is viewed and addressed. Originating from the
top of the organisation, the control environment is embedded in the companys culture and defines its
risk appetite.
2. Objective setting: The companys risk appetite must be aligned to its business strategy, which is achieved
by the setting of suitable risk-adjusted objectives. The objectives must be agreed before management is
able to identify any potential events which may affect their achievement.
3. Event identification: These are the internal and external events, sometimes triggered by uncontrollable
sources, which can ultimately affect the companys ability to achieve its objectives. Some of the events
may present the business with positive opportunities whereas other present risks.
4. Risk assessment: Risks are analysed, considering likelihood and impact, as a basis for determining how
they should be managed. Since likelihood can be measured in terms of probabilities and impact in terms
of its financial consequences, it is possible to quantify the risk assessed and then prioritise relative
importance to the operations.
5. Risk response: Although not an automated process, management can then select an appropriate response
to the individual risks assessed. Responses include avoiding the risk altogether, reducing it to an
acceptable level, transferring it to a third party or accepting the risk if it falls within the pre-determined
appetite.
6. Control activities: The company then devises policies and procedures, which are implemented to help
ensure the risk responses are effectively carried out.
7. Information and communication: Relevant risk information must be communicated in a manner which is
readily understood, and in a timeframe which enables people throughout the company to carry out their
responsibilities.
8. Monitoring: Finally the whole process of ERM is monitored and modified as necessary. Like any system, it
requires periodic update to reflect the changing operational environment, regulatory framework and the
specific risks faced.
Page 68 of 110
RISK COMMITTEE-ROLES
The primary function of a risk committee is to recommend to the board a sound system of risk oversight,
management and internal control.
Its roles include:
1. The recommendation to the board of a risk management strategy which identifies, assesses, manages and
monitors all aspects of risk throughout the company.
2. Reviewing reports on key risks prepared by business operating units, management and the board, and then
assessing the effectiveness of the companys internal control systems in dealing with them.
3. Advising the board on risk appetite and acceptable risk tolerances when setting the companys future strategic
direction.
4. Advising the board on all high-level risk matters and monitoring overall exposure to risk and ensuring it
remains within limits set by the board.
5. Informing shareholders, and other key stakeholders, of any significant changes to the companys risk profile.
Although not a prescribed requirement in corporate governance codes and legislation, a risk committee would
ensure the robust oversight of the management of risk throughout the company. In its absence, its duties and
responsibilities would be discharged by the mandatory audit committee.
RISK MANAGER: manages the risk management process!
This role will report to the risk committee, or the audit committee if the organisation doesnt have a risk
committee.
1. Providing overall leadership, vision and direction, involving the establishment of risk management (RM)
policies, establishing RM systems etc. Seeking opportunities for improvement or tightening of systems.
2. Developing and promoting RM competences, systems, culture, procedures, protocols and patterns of
behaviour. It is important to understand that risk management is as much about instituting and
embedding risk systems as much as issuing written procedure
3. Reporting on the above to management and risk committee as appropriate. Reporting information should
be in a form able to be used for the generation of external reporting as necessary
4. Ensuring compliance with relevant codes, regulations, statutes, etc. This may be at national level (e.g.
Sarbanes Oxley) or it may be industry specific. Banks, oil, mining and some parts of the tourism industry,
for example, all have internal risk rules that risk managers are required to comply with
Page 69 of 110
COSO has suggested an eight-stage method for managing risks.
The stages involved are

1. Assessment of internal environment(attitude and actions of directors and managers regarding
internal controls)
2. Objective setting
3. Event identification(events may cause loss AND what conditions are likely to lead to these events
4. Risk assessment (risk mapping)
5. Risk response(consider risk appetite and apply TARA)
6. Control activities (controls in place to reduce risk)
7. Information and communication (at all levels)
8. Monitoring
Related and correlated risk factors
Related risks are risks that vary because of the presence of another risk or where two risks have a common cause.
This means when one risk increases, it has an effect on another risk and it is said that the two are related.
Risk correlation is a particular example of related risk. Risks are positively correlated if the two risks are positively
related in that one will fall with the reduction of the other, and increase with the rise of the other. They would be
negatively correlated if one rose as the other fell..
Correlated risks can be:
Positively correlated (i.e. both risks move Persons who suffer from high level of diabetes run the risk of the
in the same direction either upward or degeneration of eyes and the risk of kidney failure. However if the
downward). For example environmental level of diabetes is reduced, risk of eye diseases or risk of kidney
risk and reputation risk move in the same failure is reduced.
direction. Therefore risk of eye diseases or risk of kidney failure are positively
correlated.
Negatively correlated (i.e. both risks move An entity which borrows money to install anti pollution equipment
in the opposite direction one upward and will reduce its environmental risk. However if the amount of
the other downward). borrowing is high its financial risks are increased on account of high
gearing. Higher gearing exposes the company to the risk of higher
interest rates which in turn affects the cash flow. Therefore
environmental risk and financial risk are negatively correlated.
Page 70 of 110
The necessity of incurring risk as part of competitively managing a business organisation.
The risks faced by organisations present different levels of profit opportunities to the organisation. The decision to
undertake these risks depends on the risk return trade-off.
The profit opportunities that the organisation gets are known as competitive advantages. Business choices can be
aided with the help of some simple analysis using a modified version of Mendelows matrix. The matrix is used to
assess risk levels and the ensuing competitive advantages, as shown below. Each business opportunity is
categorised into a cell of the matrix and analysed accordingly.
Risk monitoring more important in larger companies than in smaller companies?
Small companies exist in different strategic environments to large companies and because of this, a number of
differences apply when it comes to corporate governance systems. There are a number of compliance issues, for
example, where large companies are required to comply with provisions that smaller companies are not. Some of
the differences in regulation and shareholder expectations are driven by differences in the legal status of the
organization (e.g. whether incorporated, whether listed, where domiciled, etc).
In the case of risk management systems in smaller companies, there will be a lower overall (aggregate) loss to
shareholders than in a large company in the event of a major risk being realised. In larger companies, especially
listed companies, a major event can affect markets around the world and this can affect the value of many funds
including pension funds, etc. This is unlikely to be the case in any given smaller company.
Many smaller companies are privately owned and they are therefore not subject to listing rules and, in some cases,
other legal regulations. In many smaller companies, any loss of value when a risk is realised is a personal loss to
owners and does not affect a high number of relatively disconnected shareholders as would be the case in a large
public company.
Risk probability and impact is often correlated with size. Smaller companies have fewer risks because of their lower
profiles, fewer stakeholders and less complex systems than larger organizations.
Accordingly, the elaborate risk management systems are less necessary in smaller companies and could be a
disproportionate use of funds.
This is not to say that smaller companies do not face risks, of course, but that the impacts, say to shareholders or
society, are less with a smaller rather than a larger company because of the totality of the losses incurred.
Page 71 of 110
The costs of risk monitoring and control may often outweigh the impacts of losses being incurred from risks, if not
in a single financial period then maybe over a period of years. There are substantial set-up fixed costs in
establishing some risk management systems and, in some cases, variable costs also (e.g. linked to production
output). With fewer total risks, there could be less value for money in having risk controls.
In summary, risk committees and risk mitigation systems are more important in larger companies than in smaller
companies.
However it is good practice for all companies, however small, to carry out some form of risk monitoring in order to
remain competitive in their environment.
Page 72 of 110
Relativism and absolutism (relate to ethical & moral beliefs in society)
Absolutism /Dogmatic/non-consequentialist
Ethical absolutism is concerned with whether an action or conduct is right or wrong. Therefore, from the
standpoint of ethical absolutes, some things are always right and some things are always wrong, no matter how
one tries to rationalise them.
Ethical absolutism requires that individuals always defer to a set of rules to guide them in the ethical decision-
making process. It holds that whether an action is ethical does not depend on the view of the person facing the
dilemma; instead it depends on whether the action conforms to the given set of ethical rules and standards.
Absolutism takes no account of who is making the ethical judgement, but defers to universal principles which
should guide anyones behaviour in the situation, regardless of their background.
Relativism /pragmatic/consequentialist
Ethical relativism is the broad acceptance that nothing is objectively right or wrong, but depends on the
circumstances of the situation and the individuality of the person facing the situation or dilemma.
It suggests that an ethical position held by one person may be viewed as right for them, but may be wholly
unacceptable to another person in the same situation. Relativism therefore insists that what is considered true by
an individual replaces the search for an absolute truth by denying the existence of objective moral standards.
Rather, according to ethical relativism, individuals must evaluate actions on the basis of what they feel is best for
themselves.
Ethical relativism takes account of who is making the ethical decision and what their psychological, cultural and
moral background is and accepts that different people will form different moral opinions of the most ethical
approach to be taken in any given situation.
Page 73 of 110
Deontological and teleological approaches to ethics
DEONTOLOGY
Deontological ethics focuses on actions and rules and lays down criteria by which these actions may be judged in
advance. In this respect it is similar to ethical absolutism, but it is primarily concerned with the decision-making
process itself rather than the broad principles underpinning it. It is also accepted that the outcome of the decision
taken is not relevant to the decision itself.
Deontological ethics is based on the idea that facts themselves are neutral; they are what they are and should not
suggest what action should be taken. The criteria by which a situation is judged should always be independent
from the facts themselves.
According to deontological theory, there are three key maxims, or tests, for any action. An action is morally 'right'
if it satisfies all three maxims:
1. Act only according to that maxim by which you can at the same time will that it should become a universal
law. This is the principle of consistency. An action can only be 'right' if everyone can follow the same
underlying principle. Therefore murder is 'wrong' because if it was 'right' then human life would have no
value.
2. Act so that you treat humanity, whether in your own person or in that of another, always as an end and
never as a means only. This is the principle of human dignity. It means that everyone should be treated
with respect and not simply as an object providing services.
3. Act only so that they will through its maxims could regard itself at the same time as universally lawgiving.
This is the principle of universality. An action is 'right' if other people also consider that action to be 'right'.
TELEOLOGY
Teleological theory is similar to relativism as it believes that ethics is driven by outcomes and not actions.
Therefore, if an action achieves a good or desirable outcome, the action is ethical.
Teleology does not focus on any action taken or how well the action adheres to a system of rules. Teleological
ethics, often referred to as consequentialism, is more concerned with the end result. The essence of all forms of
teleological ethics is best expressed using utilitarianism as the greatest good for the greatest number. This
approach differs from deontology in that there is no set of hard and fast rules in place; actions are viewed as
ethical depending on individual circumstances and the consequential effects, so is more consistent with a relativist
approach.
Egoism
An egoist believes that if the outcome is good for oneself, then the action causing the outcome is ethical.
There is a focus on self-interest but the egoist may also consider what is right in society as that makes them feel
good about themselves, which is a good outcome.
Utilitarianism
A utilitarian believes that if the outcome is good for society, then the action causing the outcome is ethical.
This seems to suggest that anything viewed to be in the public interest is ethical. An action may be viewed as
ethically right if it benefits the greatest number.
This can be difficult in practice as when a decision is made, the decision maker needs to understand:
Who would be affected by the decision?
How will they be affected?
Page 74 of 110
Kohlbergs Levels of Moral Development
Laurence Kohlberg devised a theory which explained the rationale behind human moral reasoning, where he was
less concerned about the actual decision taken but rather the cognitive process which arrived at each judgement.
Kohlberg described the development of individual moral and ethical reasoning through three discrete levels: pre-
conventional, conventional and post-conventional.
At the pre- 1.1 Pre conventional At the most basic level, individuals make decisions based
conventional level of Obedience and on punishment and reward and at this stage have not
moral reasoning, punishment developed any particular ethical beliefs. How can I avoid
morality is conceived of punishment?
in terms of rewards,
punishments and
instrumental 1.2 Pre conventional At a slightly higher level, individuals learn to do something
motivations. Those Instrumental purpose and for the promise of future benefits. Whats in it for me?
demonstrating Exchange
intolerance of norms
and regulations in
preference for self-
serving motives are
typically pre-
conventional.
2.1 At this stage, individuals start to develop behaviour
Conventional patterns that are based on their family, friends,work
At the conventional Interpersonal colleagues and peers. Good behavior is that which
level, morality is accord and conformity pleases others in the immediate group
understood in terms of
compliance with either Sometimes referred to as the good boygood girl
or both of peer orientation, this stage focuses on living up to social
pressure/social expectations and accepted roles in society. Due
expectations consideration is given to the expectations of peers with an
or regulations, laws and emphasis on conformity when arriving at an appropriate
guidelines. A high decision.
degree of compliance is
assumed to be a highly
moral position. A 2.2 The previous level expands from following the norms of a
person who is Conventional peer group into following the norms for society as a
ethically engaged at the Social accord and system whole. Laws and social norms
conventional level will maintenance
consider it important to As individuals progress towards this more advanced stage
learn the rules and of moral
expectations which development, focus shifts towards a sense of duty and
apply to them and then responsibility by observing law and order, adhering to
comply in detail. These rules and respecting authority.
can concern legal rules,
social norms and
accepted standards of
behaviour.
Page 75 of 110
At the post- 3.1 Post conventional The post conventional level recognises that individuals are
conventional level, Social contract and separate from society and that the individuals perception
morality is understood individual rights may take precedence over societys view.
in terms of Individuals start to challenge social norms. In this stage,
conformance with the individual believes that laws that do not promote
higher or universal general welfare should be changed where necessary to
ethical principles as meet the greater good for the greatest number.Laws are
perceived by the open to question but are still being upheld for the good
person being of the community and in the name of democratic values.
considered.
3.2 Post conventional At the highest level, individuals will reject social norms by
Post-conventional Universal ethical Principles behaving in the way they believe to be right, and will
assumptions often campaign to change the views of others so that their
challenge existing norms become societys norms.
regulatory regimes and Kohlberg believed that stage six existed but that very few
social norms, and so individuals operated consistently at this level. self-chosen
post-conventional ethical principals- high value is placed on justice, dignity,
behaviour is often and equality of all persons.
costly in personal
terms. The nature of
the higher ethical
principles
is subjective and
specific to the person.
Page 76 of 110
Ethical decision making models
THE AMERICAN ACCOUNTING ASSOCIATION (AAA) MODEL
The American Accounting Association (AAA) model comes from a report for the AAA written by Langenderfer and
Rockness in 1990. In the report, they suggest a logical, seven-step process for decision making, which takes ethical
issues into account.
The model begins, at Step 1, by establishing the facts of the case. While perhaps obvious, this step means that
when the decision-making process starts, there is no ambiguity about what is under consideration. Step 2 is to
identify the ethical issues in the case. This involves examining the facts of the case and asking what ethical issues
are at stake. The third step is an identification of the norms, principles, and values related to the case. This involves
placing the decision in its social, ethical, and, in some cases, professional behaviour context. In this last context,
professional codes of ethics or the social expectations of the profession are taken to be the norms, principles, and
values. For example, if stock market rules are involved in the decision, then these will be a relevant factor to
consider in this step.
In the fourth step, each alternative course of action is identified. This involves stating each one, without
consideration of the norms, principles, and values identified in Step 3, in order to ensure that each outcome is
considered, however appropriate or inappropriate that outcome might be.
Then, in Step 5, the norms, principles, and values identified in Step 3 are overlaid on to the options identified in
Step 4. When this is done, it should be possible to see which options accord with the norms and which do not. In
Step 6, the consequences of the outcomes are considered. Again, the purpose of the model is to make the
implications of each outcome unambiguous so that the final decision is made in full knowledge and recognition of
each one. Finally, in Step 7, the decision is taken.
Scenario for the AAA model

An auditor uncovers an irregular cash payment and receives an unsatisfactory explanation for it from the clients
finance director. He suspects the cash payment is a bribe paid to someone but cant prove it. The client then offers
to pay the auditor a large amount of money if he pretends not to have noticed the payment. The amount of money
offered by the client is large enough to make a significant difference to the auditors wealth. Should the auditor
take the money?
Step 1: What are the facts of the case?

The facts are that the auditor has uncovered what he believes to be a bribe and has, in turn, been offered a bribe
to ignore or overlook it.
Step 2: What are the ethical issues in the case?

The ethical issue is whether or not an auditor should accept a bribe. In accepting the bribe he would be acting
illegally and would also be negligent of his professional duties.
Step 3: What are the norms, principles, and values related to the case?
The norms, principles, and values are that auditors are assumed (by shareholders and others active in capital
markets) to have impeccable integrity and to assure that the company is providing a true and fair view of its
financial situation at the time of the audit. Auditors are entrusted with the task of assuring a companys financial
accounts and anything that prevents this or interferes with an auditors objectivity is a failure of the auditors duty
to shareholders.
Page 77 of 110
Step 4: What are the alternative courses of action?
Option 1 is to accept the bribe and ignore the irregular cash payment. Option 2 is to refuse the bribe and take
appropriate actions accordingly.
Step 5: What is the best course of action that is consistent with the norms, principles, and values identified in
Step 3?
The course of action consistent with the norms, principles, and values in Step 3 is to refuse the bribe. The auditor
would report the initial irregular payment and then also probably report the client for offering the second bribe.
Step 6: What are the consequences of each possible course of action?

Under Option 1, the auditor would accept the bribe. He would enjoy the increase in wealth and presumably an
increase in his standard of living but he would expose himself to the risk of being in both professional and legal
trouble if his acceptance of the bribe was ever uncovered. He would have to live with himself knowing that he
had taken a bribe and would be in debt to the client, knowing that the client could expose him at any time.
Under Option 2, the auditor would refuse the bribe. This would be likely to have a number of unfortunate
consequences for the client and possibly for the future of the clientauditor relationship. It would, however,
maintain and enhance the reputation and social standing of auditors, maintain public confidence in audit, and
serve the best interests of the shareholders.
Step 7: What is the decision?

The ethical decision is Option 2. The auditor should refuse the bribe.
Page 78 of 110
Tuckers 5-question model
.
The decision should be:
1. Is it profitable? This is a difficult question, because it does not address for whom the decision is profitable and it
doesnt compare the profitability of other options, which may be better.
2. Is it legal?
3. Is it fair? This is another difficult question, as the company has to consider if it is fair to all stakeholders and the
effect the decision has on them.
4. Is it right? This is also difficult, as what is right will depend on the ethical view of the organization ( is the
company a pristine capitalist or social ecologist?)
5. Is it sustainable or environmentally sound?
This model is conceptually slightly different from the AAA model but is nevertheless a powerful tool for
determining the most ethical outcome in a given situation. It might be the case that not all of Tuckers criteria are
relevant to every ethical decision. If it were used when considering the AAA model scenario above, for example,
there is no indication of the environmental relevance of the auditors decision. In addition, the reference to
profitability means that this model is often more useful for examining corporate rather than professional or
individual situations.
Applying Tuckers model requires a little more thought than when using the AAA model in some situations,
however. This is because three of the five questions (profitable, fair, and right) can only be answered by referring
to other things. So when the model asks, is it profitable?, it is reasonable to ask, compared to what? Similarly,
whether an option is fair depends on whose perspective is being adopted. This might involve a consideration of
the stakeholders involved in the decision and the effects on them. Whether an option is right depends on the
ethical position adopted. A deontological perspective may well arrive at a different answer than a teleological
perspective, for example. In order to see how Tuckers model might work in practice, we will consider two decision
scenarios, one fairly clear cut and one that is a little more complicated.
Tucker: Scenario 1
Big Company is planning to build a new factory in a developing country. Analysis shows that the new factory
investment will be more profitable than alternatives because of the cheaper labour and land costs. The
government of the developing country has helped the company with its legal compliance, which is now fully
complete, and the local population is anxiously waiting for the jobs which will, in turn, bring much needed
economic growth to the developing country. The factory is to be built on reclaimed brownfield land and will
produce a lower unit rate of environmental emissions than a previous technology.
Is it profitable?: Yes. The investment will enable the company to make a superior return than the alternatives. The
case explains that these are because of the cheaper labour and land costs.
Is it legal?: Yes. The government of the developing country, presumably very keen to attract the investment, has
helped the company with its legal issues.
Is it fair?:As far as we can tell, yes. The only stakeholder mentioned in the scenario is the workforce of the
Page 79 of 110
developing country who, we are told, is anxiously waiting for the jobs. The scenario does not mention any
stakeholders adversely affected by the investment.
Is it right?: Yes. The scenario explains that the factory will help the developing country with much needed
economic growth, and no counter - arguments are given.
Is it sustainable or environmentally sound?: Yes. The scenario specifically mentions an environmental advantage
from the investment. So in this especially simplified case, the decision is clear as it passes each decision criteria in
the 5-question model. In more complex situations, it is likely to be a much more finely balanced decision.
Tucker: Scenario 2
Some more information has emerged about Big Companys new factory in the developing country. The
brownfield land that the factory is to be built on has been forcefully requisitioned from a community (the Poor
Community) considered as second class citizens by the government of the developing country. The Poor
Community occupied the land as a slum and now has nowhere to live.
Is it profitable? Yes.The same arguments apply as before.
Is it legal? It appears that the government of the developing country has no effective laws to prevent the forced
displacement of the Poor Community and may be complicit in the forced removal. While the investment may not
be technically illegal, it appears that the legal structures in the host country are not particularly robust and are
capable of what amounts to the oppression of the Poor Community.
Is it fair? While the issue of the much needed employment remains important, it must be borne in mind that the
jobs are provided at the cost of the Poor Communitys homes. This apparent unfairness to the Poor Community is a
relevant factor in this question. The answer to is it fair? will depend on the decision makers views of the
conflicting rights of the parties involved.
Is it right? The new information invites the decision maker to make an ethical assessment of the rights of the Poor
Community against the economic benefits of the investment. Other information might be sought to help to make
this assessment including, for example, the legality of the Poor Communitys occupation of the site, and options for
rehousing them once construction on the site has begun.
Is it sustainable or environmentally sound? Yes. The same arguments apply as before.
Page 80 of 110
Kohlbergs four stages of ethical decision making
Stage 1: Recognize moral issue (lying about product can increase sales)
Stage 2: Make moral judgment (realize that lying is wrong)
Stage 3: Establish moral intent (decide to be honest)
Stage 4: Engage on moral behavior ( tell the truth)
So the salesperson could still lie about the cars being sold even though this had been recognized as immoral
behavior.
Ethical behavior(stage 3 or 4 of Kohlbergs ethical decision making model)
Ethical behavior depends on Issue related factors and Context related factors
Issue related factors Context related factors
A. Moral intensity (the importance of the issue to the decision maker.

It depends on 6 factors listed below) Situation-based
Factors affecting moral intensity If everyone in a workplace

does something in a certain
1. Concentration of effort ( is there a MAJOR impact of your action on a way, an individual is more
few people or a MINOR impact on a large number of people) likely to conform: this can
2. Proximity ( how close are you to the people being affected by the result in both higher and
decision. For e.g. you may not be very concerned about the working lower standards of ethical
conditions of an overseas factory) behaviour.
3. Temporal immediacy (speed of consequences of your action. Long time
delay decreases intensity) Key factors
4. Magnitude of consequences (sum of the harm/benefit of your action.
For example a faulty product may cause death) - Systems of reward
and punishment
5. Social consensus (is your act considered unethical by others?) - Authority
6. Probability of the effect (likelihood that harm will actually happen! If the - Org norms and
likelihood is high, the moral intensity of your action will be high as well.) culture
- National culture
B. Moral framing (the situation in which a decision is made. For
example, if you are working in an organization where ethics are not
discussed, youll ignore ethics when making a decision)
Page 81 of 110
Corporate Social Responsibility(CSR)
Definition
CSR REFERS TO ORGANISATIONS CONSIDERING AND MANAGING THEIR IMPACT ON A VARIETY OF STAKEHOLDERS.
CSR is a term used to include a series of measures concerned with an organisations stance towards ethical issues.
These include the organisations social and environmental behaviour, the responsibility of its products and
investments, its policies (over and above compliance with regulation) towards employees, its treatment of
suppliers and buyers, its transparency and integrity, how it deals with stakeholder concerns and issues of giving
and community relations.
Behaviour in all of these areas is largely discretionary and it is possible to adopt a range of approaches from being
very concerned about some or all of them, to having no such concern at all..
CSR Strategy: A strategy is a long-term plan primarily focused on delivering a prescribed outcome. To have a CSR
strategy involves making choices in support of a specific cause, and implementing policies and procedures which
will help to deliver the objectives.
This means that some causes or areas of activity are favoured over others, in line with the strategy adopted. So, for
example, a company might have a policy to invest in some communities or charitable causes and not others. The
policy or strategy may be agreed based on a number of issues: perhaps the preferences of the employees, the
preferences of senior people in a business, or the preferred outcomes may be chosen based on strategic concerns.
Strategic CSR: Since CSR normally requires the commitment of significant financial resources, many companies try
to reflect the core values and beliefs of the companys shareholders in CSR matters. Therefore, when CSR activities
are undertaken with the motive of maximising the long-term economic benefit of the company, it can be better
described as strategic CSR. The underlying assumption underpinning strategic CSR is that all company assets
belong to the shareholders and so all activities, including CSR, should be configured in such a way as to enhance
shareholder value.
So a financial company such as a bank might favour financial education causes whilst a medical supplies company
might prefer medical or nursing research causes or overseas medical efforts. It would be seen as strategically
wasteful to use CSR to support activities which are not aligned to the core activities. An assumption underpinning
strategic CSR is that all assets in
a company belong to the shareholders and so all activities, including CSR, should be configured in such a way as to
support shareholder value.
Page 82 of 110
Archie Carrolls model of social responsibility
(suggests there are 4 levels of social responsibility)
Economic responsibilities Shareholders demand a reasonable return.

Employees want safe and fairly paid jobs. Customers demand
quality at a fair price.
Legal responsibilities Since laws codify societys moral views, obeying those laws
must be the foundation of compliance with social
responsibilities.
Ethical responsibilities Businesses should act in a fair and just way even if law does not
compel them to do so.
Philanthropic responsibilities (behavior to This includes charitable donations, contributions to the local
improve the lives of others) community and providing employees with opportunities
Social responsiveness: This refers to the capacity of the corporation to respond to social pressure.
Archie Carroll suggests four possible strategies: reaction, defence, accommodation and proaction.
Reaction: The corporation denies any responsibility for social issues.
Defence: The corporation admits responsibility but fights it, doing the very least that seems to be required.
Accommodation: The corporation accepts responsibility and does what is demanded of it by relevant groups.
Proaction: The corporation seeks to go beyond industry norms.
Page 83 of 110
INSTRUMENTAL AND NORMATIVE MOTIVATIONS OF STAKEHOLDER THEORY
An debate, from an ethical perspective, is why organisations do or do not take account of stakeholder concerns in
their decision making, strategy formulation, and implementation. A parallel can be drawn between the ways in
which organisations view their stakeholders and the ways in which individual people consider (or do not consider)
the views of others. Some people are concerned about others opinions, while other people seem to have little or
no regard for others concerns. Furthermore, the reasons why individuals care about others concerns will also
vary.
In attempting to address this issue, Donaldson and Preston described two contrasting motivations: the
instrumental and the normative.
The instrumental view of stakeholders

The instrumental view of stakeholder relations is that organisations take stakeholder opinions into account only
insofar as they are consistent with other, more important, economic objectives (eg profit maximisation, gaining
market share, compliance with a corporate governance standard). Accordingly, it may be that a business
acknowledges stakeholders only because acquiescence to stakeholder opinion is the best way of achieving other
business objectives. If the loyalty or commitment of an important primary or active stakeholder group is
threatened, it is likely that the organisation will recognise the groups claim because not to do so would threaten
to reduce its economic performance and profitability. It is therefore said that stakeholders are used instrumentally
in the pursuit of other objectives.
The normative view of stakeholders

The normative view of stakeholder theory differs from the instrumental view because it describes not what is, but
what should be. The most commonly cited moral framework used in describing that which should be is derived
from the philosophy of the German ethical thinker Immanuel Kant (17241804). Kants moral philosophy centred
around the notion of civil duties which, he argued, were important in maintaining and increasing overall good in
society. Kantian ethics are, in part, based upon the notion that we each have a moral duty to each other in respect
of taking account of each others concerns and opinions. Not to do so will result in the atrophy of social cohesion
and will ultimately lead to everybody being worse off morally and possibly economically.
Extending this argument to stakeholder theory, the normative view argues that organisations should
accommodate stakeholder concerns not because of what the organisation can instrumentally get out of it for its
own profit, but because by doing so the organisation observes its moral duty to each stakeholder. The normative
view sees stakeholders as ends in themselves and not just instrumental to the achievement of other ends.
Page 84 of 110
SEVEN POSITIONS ALONG THE CONTINUUM: GRAY, OWEN AND ADAMS
The stakeholder/stockholder debate can be represented as a continuum, with the two extremes representing the
pure versions of each argument. But as with all continuum constructs, real life exists at a number of points along
the continuum itself. It is the ambiguity of describing the different positions on the continuum that makes Gray,
Owen and Adamss seven positions on social responsibility so useful.
Pristine-capitalists: At the extreme stockholder end is the pristine capitalist position. The value underpinning this
position is shareholder wealth maximisation, and implicit within it is the view that anything that reduces potential
shareholder wealth is effectively theft from shareholders. Because shareholders have risked their own money to
invest in a business, and it is they who are the legal owners, only they have any right to determine the objectives
and strategies of the business. Agents (directors) that take actions, perhaps in the name of social responsibility,
that may reduce the value of the return to shareholders, are acting without mandate and destroying value for
shareholders.
Expedients: The expedient position shares the same underlying value as that of the pristine capitalist (that of
maximising shareholder wealth), but recognises that some social responsibility expenditure may be necessary in
order to better strategically position an organisation so as to maximise profits. Accordingly, a company might
adopt an environmental policy or give money to charity if it believes that by so doing, it will create a favourable
image that will help in its overall strategic positioning.
Social-contract-position:The notion of social contract has its roots in political theory. Democratic governments are
said to govern in a social contract with the governed. This means that a democratic government must govern
broadly in line with the expectations, norms and acceptations of the society it governs and, in exchange, society
agrees to comply with the laws and regulations passed by the government. Failure by either side to comply with
these terms will result in the social contract being broken. For businesses, the situation is a little more complex
because unlike democratic governments, they are not subject to the democratic process.
The social contract position: argues that businesses enjoy a licence to operate and that this licence is granted by
society as long as the business acts in such a way as to be deserving of that licence. Accordingly, businesses need
to be aware of the norms (including ethical norms) in society so that they can continually adapt to them. If an
organisation acts in a way that society finds unacceptable, the licence to operate can be withdrawn by society, as
was the case with Arthur Andersen after the collapse of Enron.
Social-ecologists:Social ecologists go a stage further than the social contractarians in recognising that (regardless
of the views of society), business has a social and environmental footprint and therefore bears some responsibility
in minimising the footprint it creates. An organisation might adopt socially and/or environmentally responsible
policies not because it has to in order to be aligned with the norms of society (as the social contractarians would
say) but because it feels it has a responsibility to do so.
Socialists In the context of this argument, socialists are those that see the actions of business as those of a
capitalist class subjugating, manipulating, and even oppressing other classes of people. Business is a concentrator
of wealth in society (not a redistributor) and so the task of business, social, and environmental responsibility is very
large much more so than merely adopting token policies (as socialists would see them) that still maintain the
supremacy of the capitalist classes. Business should be conducted in a very different way one that recognises and
redresses the imbalances in society and provides benefits to stakeholders well beyond the owners of capital.
Page 85 of 110
Radical-feminists: Like the socialists, radical feminists (not to be confused with militants, but rather with a school
of philosophy) also seek a significant re adjustment in the ownership and structure of society. They argue that
society and business are based on values that are usually considered masculine in nature such as aggression,
power, assertiveness, hierarchy, domination, and competitiveness. It is these emphases, they argue, that have got
society and environment in the mess that some people say they are in. It would be better, they argue, if society
and business were based instead on values such as connectedness, equality, dialogue, compassion, fairness, and
mercy (traditionally seen as feminine characteristics). This would clearly represent a major challenge to the way
business is done all over the world and hence would require a complete change in business and social culture.
Deep-ecologists: Finally, the deep ecologists (or deep greens) are the most extreme position of coherence on the
continuum. Strongly believing that humans have no more intrinsic right to exist than any other species, they argue
that just because humans are able to control and subjugate social and environmental systems does not mean that
they should. The worlds ecosystems of flora and fauna, the delicate balances of species and systems are so
valuable and fragile that it is immoral for these to be damaged simply (as they would see it) for the purpose of
human economic growth.
There is (they argue) something so wrong with existing economic systems that they cannot be repaired as they are
based on completely perverted values. A full recognition of each stakeholders claim would not allow business to
continue as it currently does and this is in alignment with the overall objectives of the deep ecologists or deep
greens.
Page 86 of 110
Corporate ethical stances
1. Short term shareholder interest : only responsibility is to maximize shareholder wealth
2. Long-term shareholder interest: to maintain existence in the long term, an organization has to maintain
its reputation therefore it needs to be proactive with CSR. Orgs will comply with best practice
3. Multiple stakeholder obligations: An org does not have responsibility towards shareholders only.
Therefore, they accept greater social and environmental responsibility. It is difficult to satisfy all
stakeholder expectations
4. Shaper of society: Orgs will seek to change society. Financial considerations are secondary.
Page 87 of 110
Corporate Citizenship
Corporate citizenship is an approach which can be adopted by any business with the aim of shaping its core values
so that they more closely align the decisions made each day by its directors, managers and employees with the
needs of the society in which the business operates.
There are three principles which take into account successful corporate citizenship:
(i) Minimising any harm caused to society by the decisions and actions of a business, which could include avoiding
harm to the natural environment as well as the social infrastructure.
(ii) Maximising any benefit created for society as a consequence of normal business activity. Any successful
business will stimulate local economic activity and increase employment, but a good corporate citizen will do this
with greater sensitivity to its environmental and social impacts.
(iii) Remaining clearly accountable and responsive to a wide range of its stakeholders, thereby combining business
self-interest with a greater sense of responsibility towards society at large.
By embracing the corporate citizenship agenda, an organisation is able to recognise its fundamental rights and
acknowledge that it has responsibilities towards the wider community.
Rights of the business as a corporate citizen
A business has the right to exist as a separate legal entity and carry out its lawful business within a society
A business has the right to be protected by the law in the pursuit of its normal business activities.
It has the right to receive the support of society in the pursuit of business in terms of its investors, employees and
customers. It has the right, in other words, to have customers free to purchase products without feeling bad about
it, and have employees happy to work for the company without fear of criticism from people believing themselves
to be in a superior moral position.
Responsibilities of the business as a corporate citizen
Just as an individual has the responsibility to obey the law, fit in with the social and ethical norms of society, and
behave in an appropriate way, so does a business.
Its responsibility is to always comply with the laws and social norms which apply in each country it deals with. This
extends to being a good employer, maintaining prompt payment of payables accounts, encouraging good working
conditions at supplier companies and similar areas of good business practice.
The 3 perspectives are:
1. limited view: stakeholders considered when in business interest (main groups considered are employees and
local community)
2. Equivalent view: self interest is not primary motivation. Organization is focused on legal requirements and
ethical fulfillment.
3. Extended view: Combination of self interest promoting the power that organizations have and wider
responsibility towards society.
Page 88 of 110
Code of ethics
Corporate code of ethics Professional ethics
Purpose Fundamental principles
The first is communicating the organisations values into a 1.Integrity: Integrity requires accountants to be
succinct and sometimes memorable form. This might involve straightforward and honest in all their
defining the strategic purposes of the organisation and how this professional and business relationships.
might affect ethical attitudes and policies.
2.Objectivity: Objectivity requires that an
Second, the code serves to identify the key stakeholders and individual should not allow bias, conflicts of
the promotion of stakeholder rights and responsibilities. This interest or the undue influence of others
may involve deciding on the legitimacy of the claims of certain to compromise their professional or business
stakeholders and how the company will behave towards them. judgement, and infers independence of action
Third, a code of ethics is a means of conveying these values to 3.Professional competence & due care: All
stakeholders. It is important for internal and external accountants have a continuing duty to maintain
stakeholders to understand the ethical positions of a company their professional knowledge and skill at a level
so they know what to expect in a given situation and to know required to ensure that employers receive
how the company will behave. This is especially important with competent professional service, and at the
powerful stakeholders, perhaps including customers, suppliers same time they must act diligently in
and employees. accordance with applicable technical and
professional standards when providing
Fourth, a code of ethics serves to influence and control professional services.
individuals behaviour, especially internal stakeholders such as
management and employees. The values conveyed by the code 4.Confidentiality: Accountants must respect
are intended to provide for an agreed outcome whenever a the confidentiality of information acquired as a
given situation arises and to underpin a way of conducting result of professional and business
organisational life in accordance with those values. relationships, and shall not disclose any such
information to third parties without proper and
Fifth, a code of ethics can be an important part of an specific authority or unless there is a legal or
organisations strategic positioning. In the same way that an professional right or duty to disclose. Similarly,
organisations reputation as an employer, supplier, etc. can be a confidential information acquired as a result of
part of strategic positioning, so can its ethical reputation in professional and business relationships shall
society. Its code of ethics is a prominent way of articulating and not be used to the personal advantage of
underpinning that. members or third parties.
Contents 5.Professional behavior: Accountants must

comply with all relevant laws and regulations
Values of the company. This might include notes on the and shall avoid any action which may discredit
strategic purpose of the organisation and any underlying the profession.
beliefs, values, assumptions or principles. Values may be
expressed in terms of social and environmental perspectives,
and expressions of intent regarding compliance with best
practice, etc.
Shareholders and suppliers of finance. In particular, how the
Page 89 of 110
company views the importance of sources of finances, how it Threats/Conflict of interest
intends to communicate with them and any indications of how
they will be treated in terms of transparency, truthfulness and 1.Self-interest
honesty. 2.Self-review
3.Advocacy
Employees. Policies towards employees, which might include 4.Familiaruty
equal opportunities policies, training and development, 5.Intimidation
recruitment, retention and removal of staff.
.
Customers. How the company intends to treat its customers,
typically in terms of policy of customer satisfaction, product Safeguards
mix, product quality, product information and complaints
procedure. 1.created by profession (CPD, corporate
governance, disciplinary proceedings)
Supply chain/suppliers. This is becoming an increasingly
important part of ethical behaviour as stakeholders scrutinise 2.Work environment(code of ethics, ICS, review
where procedures)
and how companies source their products (e.g. farming
practice, fair trade issues, etc). Ethical policy on supply 3.Individual(contact professional bodies,
chain might include undertakings to buy from certain approved mentor,comply with professional standards)
suppliers only, to buy only above a certain level of quality, to
engage constructively with suppliers (e.g. for product
development purposes) or not to buy from suppliers who do
not meet
with their own ethical standards.
Community and wider society. This section concerns the

manner in which the company aims to relate to a range of
stakeholders with whom it does not have a direct economic
relationship (e.g. neighbours, opinion formers, pressure groups,
etc). It might include undertakings on consultation, listening,
seeking consent, partnership arrangements (e.g. in community
relationships with local schools) and similar.
Implementation(The process by which the code is finally issued

and then used. Implementation will also include some form of
review function so the code is revisited on an annual basis and
updated as necessary)
Page 90 of 110
Code of ethics-should there be such codes?
They provide guidance to accountants on what is, and is not, acceptable behaviour.
The principles may help to solve difficult ethical situations (ethical dilemmas).
The existence of a code sends a message to the outside world that accountants believe ethical behavior
and acting in the public interest, to be important.
For trainee accountants who do not understand acceptable professional behaviour, the code represents a
useful educational and training aid.
Codes of ethics can give the impression that professional ethics are nothing more than rules. This is not
the case as not every situation can be covered by a rule; an accountant will also have to follow ethical
principles.
If someone intends to act unethically, it is unlikely that the existence of a code of ethics will change their
behaviour, unless they genuinely did not understand that their behaviour was unethical until they saw
the code.
Culture can play a factor as, in different parts of the world, different behaviour may be considered
ethical or unethical. This means that international codes of ethics may not be applicable in every case.
Ethical codes are not enforceable, although breach of a code may mean that an accountant is not
allowed to continue to be a member of their professional body. In most cases, adherence to ethical codes
is voluntary.
Producing ethical codes, and keeping them up to date can be costly.
PRINCIPLES AND RULES BASEDAPPROACHES TO ETHICS
Ethics is a difficult area in which to try and impose prescriptive rules. For example, if a code of ethics says that
auditors cannot accept free lunches from clients as this may pose a threat to independence, does this mean that
they can accept free flights to Barbados? The ethical dilemmas accountants face will all differ in their exact detail
so it would be unrealistic to create a set of rules that covers every eventuality.
This problem is solved by having ethical codes and guidance for accountants which are based on principles, with
only a limited number of rules. There are several reasons for this:
It is hard to define rules that would be acceptable to all accountants, and appropriate in all situations;
Accountants are professionals and should have the ability to make their own behavioural decisions in most
cases they should use their professional judgment;
Where there are rules, they can be avoided by looking for loopholes. It is much harder to ignore principles.
Of course, an opposing argument is that it is easy to see when someone breaks a law, but very difficult to prove
that someone has breached a principle as the latter are less defined.
Most professional institutes use a principles-based approach to resolving ethical dilemmas.
Use of a rules-based approach is normally inappropriate as rules cannot cover every eventuality.
Page 91 of 110
Bribery and corruption
Corruption:. Corruption can be loosely defined as deviation from honest behaviour but it also implies dishonest
dealing, self-serving bias, underhandedness, a lack of transparency, abuse of systems and procedures, exercising
undue influence and unfairly attempting to influence. It refers to illegal or unethical practices which damage the
fabric of society.
Bribery: The act of taking or receiving something with the intention of influencing the recipient in some way
favorable to the party providing the bribe. In simple words, bribery is giving or receiving something of value to
influence a transaction. Bribery is a form of corruption.
Examples of form of bribery
- money
- tangible gift
- granting a privilege
- facilitation payments paid to foreign government officials in the course of routine business
Parties who may be held responsible:

- the payer
- the recipient
- those who knew about the bribe but didnt report it
- people with authority who dont take actions to prevent bribery
Why bribery and corruption are problems
Lack of honesty Those with authority and responsibility will not be acting impartially and violating a duty of
service.
Conflict of interest Their personal interest will conflict with their legitimate duties and responsibilities.
Furthermore, if they are threatened with public exposure, they might take actions that are
not in the best interest of the organization.
Economic issues Misallocation of resources will occur. Contracts will go to those who paid the bribe rather
than those who are the most efficient.
Professional It brings a bad name to the profession as a whole.
reputation
Page 92 of 110
Measures to combat bribery
1. Top-level commitment. The board must foster a culture in which bribery is never acceptable and it is understood
that the achievement of business objectives should never be at the expense of unethical and corrupt behaviour.
2. Proportionate procedures. Procedures should be implemented which are proportionate to the bribery risks
faced by the organisation and its activities. These should also be transparent, practical, accessible, effectively
implemented and enforced by management.
3. Risk assessment. A formal and documented audit of both the internal and external risks of bribery and
corruption should be periodically undertaken. This should be incorporated into the organisations generic risk
management procedures and reported upon annually to shareholders.
4. Due diligence procedures. Bribery risks can be mitigated by exercising due diligence. Any personnel operating in
sensitive areas require greater vigilance; this includes all board members and any personnel involved in
procurement and contract work.
5. Communication. Internal and external communications ensure that bribery prevention policies and associated
procedures are embedded into the organisations culture and understood by everyone. Employees at all levels
should undertake regularly anti-bribery compliance training so that they remain constantly aware of the risks.
6. Monitoring and review. Internal audit, tasked by the audit committee, should monitor and review bribery
prevention procedures and recommend improvements where necessary.
How can an anti-corruption culture be established?
- Set a zero tolerance policy and communicate the consequences that employees may face
- The senior manager should be involved in development and implementation of bribery prevention
procedures
- Training: general training on threat of bribery at the time of induction as well as specific training to those
involved in higher risk activities such as purchasing and contracting
- Do not send a conflicting message by focusing on short term profits
- Unachievable targets should not be set
- A formal code of conduct should be established
- Effective recruitment and human resource procedures in areas where bribery is more likely to be a risk.
Page 93 of 110
ENVIRONMENTAL FOOTPRINT
It is the impact that a businesss activities have on the environment including its resource environment and
pollution emissions.
A companys environmental footprint assesses its impact on the natural environment in a variety of ways,
including:
its resource and energy consumption, with particular concern for unsustainable resources;
the amount of waste produced and disposed of; and
the harm or damage caused by emissions to the environment.
Ideally every organisation, commercial or otherwise, should work towards attaining a zero environmental footprint
by conserving, restoring and replacing those natural resources used in its operations whilst at the same time taking
necessary measures to eliminate pollution and emissions.
Examples of footprints
- Consumption of exhaustible natural resources

- Pollution
- Wastage
- Use of land
- Water
Negative impacts can be reduced by:
- Better resource management(e.g.use different resources)

- green; procurement policies
- Waste management (recycling)
- Carbon neutrality
Examples of environmental costs

- waste management
- compliance costs
- permit fees
- environmental training
- R& D regarding environment
- Legal costs and fines
- Record keeping and reporting
- Public opinion
- Employee health and safety
- Risk posed by future regulatory changes
- Uncertain future compensation costs
Page 94 of 110
Internal controls and environmental footprint
One of the most obvious ways in which internal controls are necessary for controlling environmental footprints is
in the operational controls which measure and determine the input consumption and the production of emissions.
It is only by the accumulation of accurate environmental consumption and emissions data that the footprint can be
identified and therefore monitored, scrutinised and improved. Internal controls capable of making these
measurements (say in terms of energy, water and raw material consumption, and waste emissions) are therefore
essential in measuring and therefore controlling the environmental footprint.
Internal controls can also be used in the management of the plant and equipment Sound internal controls are a key
part of the normal efficient management of operations. They are also necessary for producing accurate
information upon which regular reporting is based. These make internal controls able to act as an early warning
system for any inefficiency in environmental systems which help to control the environmental footprint
SOCIAL FOOTPRINT
The term footprint is used to refer to the impact or effect that an entity (such as an organisation) can have on a
given set of concerns or stakeholder interests. A social footprint is the impact on people, society and the
wellbeing of communities. Impacts can be positive (such as the provision of jobs and community benefits) or
negative, such as when a plant closure increases unemployment or when people become sick from emissions from
a plant or the use of a product..
Examples of social footprint
Obtaining supplies from sustainable sources and companies following appropriate social and
environmental practices.
Enhancing social capital e.g. business/community relationships to provide on-the-job training to assist
some social groups 'return to work'
Allowing employees paid time off to provide community services.
Fair trade
Diversity in employees
Lesser injury rate
Page 95 of 110
SUSTAINABILITY
Ensure that development needs of the present are met without compromising the ability of the future generations
to meet their own needs.
Importantly, it refers to both the inputs and outputs of any organisational process. Inputs (resources) must only be
consumed at a rate at which they can be reproduced, offset or in some other way not irreplaceably depleted.
Outputs (such as waste and products) must not pollute the environment at a rate greater than can be cleared or
offset. Recycling is one way to reduce the net impact of product impact on the environment. The business
activities must take into consideration the carbon emissions, other pollution to water, air and local environment,
and should use strategies to neutralise these impacts by engaging in environmental practices that will replenish
the used resources and eliminate harmful effects of pollution. A number of reporting frameworks have been
developed to help in accounting for sustainability including the notion of triple-bottom-line accounting and the
Global Reporting Initiative (GRI). Both of these attempt to measure the social and environmental impacts of a
business in addition to its normal accounting
Environmental sustainability means that resources should not be taken from the environment or emissions should
not be made into the environment, at a rate greater than can be corrected, replenished or offset
Economic sustainability
This is how countries and companies use resources optimally to achieve responsible and long term economic
growth and wealth. Economic development is often put ahead of environmental sustainability as it involves
peoples standards of living. However, quality of life can decline if people live in an economic place with a poor
environmental quality because of economic development
The balance between environmental conservation and economic development is a longstanding one, and one
which applies to all parts of the world in which business activity takes place. A lot of business activity takes place at
a net cost to the environment and so the sustainability of one (environment or economy) may be achieved only at a
net cost to the other. Some believe that a lot of business activity can be made more environmentally sustainable
but the economic costs of this, possibly by accepting a lower rate of economic growth with its associated effects,
are often unpopular.
Page 96 of 110
Environmental accounting & reporting
FCA(full cost accounting) TBL (triple bottom line) EMAS(eco-management & audit scheme)
Costs and benefits of all company This refers to the growth in social and A scheme which recognizes and rewards organisations
activities (including social and environmental disclosures alongside that go beyond the minimum legal compliance and
environmental impact) ,whether financial information and is continuously improve their environmental performance.
financial or non-financial in nature sometimes referred to as reporting
are shown within a companys people, planet and profits. Key elements
performance figures. 1. Environmental reports made
This raises the following additional 2. Env reports independently verified
issues: 3. Laws and regulations complied with
Example of costs included Are there any rules on what should 4. Continuously improve env management
- Contingent liabikity costs be reported? 5. Implement ISO 14000
(fines) Will there be any comparability year (it provides guidance on:
- Cost of loss of reputation on year, or within industries?
- Costs to ensure zero Will information reported be -How to identify issues and their consequences
negative environmental balanced or will it inevitably be more -How to produce information regarding setting &
effect positive than negative? meeting targets)
Who (if anyone) will check the -EMS (environmental management systems which are
accuracy of this information? systems used to monitor and manage impact of an org
on the env)
It is encouraged by GRI, an -Audit
international body promoting -General principles and policies regarding internal and
sustainability reporting. external communication regarding environmental issues.
Page 97 of 110
Social and environmental audits
Environmental audits
Environmental audits are structured investigations which can quantify an organisations environmental
performance and position by a systematic and objective evaluation of how well the company, its management and
equipment are performing with respect to the primary aim of aiding the natural environment.
An environmental audit enables an organisation to demonstrate its commitment to the reduction of its
environmental footprint.
Environmental audits are voluntary and typically contain the following elements:
The first stage is agreeing suitable metrics for the organisation, which detail what specifically should be monitored
and the best way this is to be achieved. For example, this could be concerned with the measurement of any
chemical leakages from a companys manufacturing processes and storage facilities.
This selection is important because it will determine what will be measured against, how costly the audit will be
and how likely it is that the company will be criticised for window dressing or green washing..
The second stage is measuring actual performance against the metrics -the audit team then measures actual
performance against the agreed metrics using a representative sample related to the level of risk and the
confidence required in the results. A mixture of compliance and substantive testing will provide the necessary
evidence.
Whilst many items will be capable of numerical and/or financial measurement (such as energy consumption or
waste production), others, such as public perception of employee environmental awareness, will be less so.
The third stage is reporting the levels of compliance or variances. The auditors then compile a report to the board
on their findings, detailing the levels of compliance achieved together with any significant breaches they identified.
They would use the evidence gathered to determine and recommend improvements to the internal control
systems.
Areas which can be covered within the environment audit include:
waste management and waste minimization

emissions to air
energy and utility consumption
environmental emergencies
protection of environmentally sensitive areas
Page 98 of 110
Benefits of an environmental audit
The benefits will vary depending on the objectives and scope of the environmental audit, but include:
- Improved decision making ( as better understanding of legal obligations, environmental risks and their
assessment etc)
- Resource consumption. Understanding how the company interacts with its natural environment allows it
to more efficiently use its resource, particularly non-renewables. This clearly demonstrates that the
company is environmentally responsible
- Compliance. An environmental audit will provide independent evidence that the organisation is meeting
its specific statutory requirements
What is Environmental Reporting?
Environmental reporting: narrative and numerical info on organizations environmental footprint.

Narrative: objectives, reasons for not meeting previous targets, specific stakeholder concerns addressed etc
Numerical: report on measures such as emissions in tonnes, resources consumed in litres, land used in square
meters etc.
Ways of Reporting: as a part of annual report, a stand-alone report, on website, in advertising material
Why should a company report its footprints? Better accountability to stakeholders, can address specific
challenges through these reports (esp. oil companies), societys perception improves esp. when environmental
errors/accidents occur, helps in environmental risk assessment, encourages internal efficiency in operations as a
proper system for information communication and measurement will need to be created.
In broad terms, environmental reporting is the production of narrative and numerical information on an
organisations environmental impact or footprint for the accounting period under review.
In most cases, narrative information can be used to convey objectives, explanations, aspirations, reasons for failure
against previous years targets, management discussion, addressing specific stakeholder concerns, etc.
Numerical disclosure can be used to report on those measures that can usefully and meaningfully be conveyed in
that way, such as emission or pollution amounts (perhaps in tonnes or cubic metres), resources consumed
(perhaps kWh, tonnes, litres), land use (in hectares, square metres, etc) and similar.
Guidelines for Environmental Reporting

In most countries, environmental reporting is entirely voluntary in terms of statute or listing rules.Because it is
technically voluntary, companies can theoretically adopt any approach to environmental reporting that they like,
but in practice, a number of voluntary reporting frameworks have been adopted. The best known and most
common of these is called the Global Reporting Initiative (or GRI).
Page 99 of 110
Where does environmental reporting occur?
Environmental reporting can occur in a range of media including in annual reports, in stand alone reports, on
company websites, in advertising or in promotional media. To some extent, there has been social and
environmental information in annual reports for many years. In more recent times, however, many companies
and most large companies have produced a stand alone report dedicated just to environmental, and
sometimes, social, issues. These are often expensive to produce, and contain varying levels of detail and
information quality.
Advantages and Purposes of Environmental Reporting

Environmental reporting is a useful way in which reporting companies can help to discharge their accountabilities
to society and to future generations (because the use of resources and the pollution of the environment can affect
future generations).
In addition, it may also serve to strengthen a companys accountability to its shareholders. By providing more
information to shareholders, the companys is less able to conceal important information and this helps to reduce
the agency gap between a companys directors and its shareholders.
Academic research has shown that companies have successfully used environmental reporting to demonstrate
their responsiveness to certain issues that may threaten the perception of their ethics, competence or both.
Companies that are considered to have a high environmental impact, such as oil, gas and petrochemicals
companies, are amongst the highest environmental disclosers. Several companies have used their environmental
reporting to respond to specific challenges or concerns, and to inform stakeholders of how these concerns are
being dealt with and addressed.
One example of this is the use of environmental reporting to gain, maintain or restore the perception of legitimacy.
When a company commits an environmental error or is involved in a high profile incident, many stakeholders seek
reassurance that the company has learned lessons from the incident and so can then resume engagement with the
company. For the company, some environmental incidents can threaten its licence to operate or social contract. By
using its environmental reporting to address concerns after an environmental incident, societys perception of its
legitimacy can be managed.
In addition to these arguments based on accountability and stakeholder responsiveness, there are also two specific
business case advantages. The first of these is that environmental reporting is capable of containing comment on
a range of environmental risks. Many shareholders are concerned with the risks that face the companies they
invest in and where environmental risks are potentially significant (such as travel companies, petrochemicals, etc)
a detailed environmental report is a convenient place to disclose about the sources of these risks and the ways
that they are being managed or mitigated.
The second is that it is thought that environmental reporting is a key measure for encouraging the internal
efficiency of operations. This is because it is necessary to establish a range of technical measurement systems to
collect and process some of the information that comprises the environmental report. These systems and the
knowledge they generate could then have the potential to save costs and increase operational efficiency, including
reducing waste in a production process.
In conclusion, then, environmental reporting has grown in recent years. Although voluntary in most countries,
some guidelines such as the GRI have helped companies to frame their environmental reporting. It can take place
Page 100 of 110

in a range of media including in stand alone environmental reports, and there are a number of motivations and
purposes for it including both accountability and business case motives
Social audits
Social auditing is the process which enables an organisation to both assess the measures it is taking to limit its
negative social and economic impacts, while also demonstrating its commitment to making positive contributions
and reversing any harm it may have caused through its business activities. This can be linked to its strategy by
measuring the extent to which it has achieved those shared values and social responsibility objectives derived from
its mission statement. The social audit provides additional information on corporate activities over and above that
disclosed with the published financial statements.
Page 101 of 110

Integrated reporting<IR>
The aim is to give investors and shareholders a broader picture of how companies make their money and their
prospects in the short, medium and long term.
Designed to be an approach to reporting which accurately conveys an organisations business model and its sources
of value creation over time, the IR model recognises six types of capital, with these being consumed by a business
and also created as part of its business processes. It is the way that capitals are consumed, transformed and
created which is at the heart of the IR model.
Definition: <IR> demonstrates how organisations really create value:

It is a concise communication of an organisations strategy, governance and performance
It demonstrates the links between its financial performance and its wider social, environmental and economic
context
It shows how organisations create value over the short, medium and long term
Integrated reporting is about integrating material financial and non-financial information to enable investors and
other stakeholders to understand how an organisation is really performing. An integrated report looks beyond the
traditional time frame and scope of the current financial report by addressing the wider as well as longer-term
consequences of decisions and action and by making clear the link between financial and non-financial value. It is
important that an integrated report demonstrates the link between an organisation's strategy, governance and
business model
An Integrated Report should be a single report which is the organizations primary report in most jurisdictions
the Annual Report or equivalent.
What does integrated reporting mean for companies?
The IIRC defines the following guiding principles for preparing integrated reports which it argues should:
Convey a company's Designed to be an approach to IR is designed to make visible the capitals (resources
strategic focus reporting which accurately and relationships) on which the org depends, how
conveys an organisations business the org uses them and its impact upon them!
model and its sources of value
creation over time, the IR model Financial capital: This comprises the pool of funds
recognises six types of capital, available to the business, which includes both debt
with these being consumed by a and equity finance. This description of financial
business and also created as part capital focuses on the source of funds.
of its business processes. It is the
way that capitals are consumed, Manufactured capital. This is the human-created,
transformed and created which is production-oriented equipment and tools used in
at the heart of the IR model. production or service provision, such as buildings,
equipment and infrastructure. Manufactured capital
draws a distinction is between inventory
(as a short-term asset) and plant and equipment
(tangible capital).
Page 102 of 110

Human capital: Is understood to consist of the
knowledge, skills and experience of the companys
employees and managers, as they are relevant to
improving operational performance.
Intellectual capital. This is a key element in an

organisations future earning potential, with a close
link between investment in R&D, innovation, human
resources and external relationships, as these can
determine the organisations competitive
advantage.
Natural capital. This is any stock of natural

resources or environmental assets which provide a
flow of useful goods or services, now and in the
future.
Social and relationships capital. Comprises the

relationships within an organisation, as well as those
between an organisation and its external
stakeholders, depending on where social boundaries
are drawn. These relationships should enhance both
social and collective well-being.
Provide information Interrelatedness between the factors that affect the ability to create value
that "connects the
dots" across all types
of risk they face from
financial to
environmental and
social
Be responsive and Quality of relationships with key stakeholders and how their legitimate needs and
inclusive to interests are taken into account
stakeholders and
their concerns
Contain concise, Which should be consistent over time and comparable with other organisations
reliable and material
information.
Page 103 of 110

Benefits of <IR>
Increasingly, businesses are expected to report not just on profit but on their impact on the wider economy,
society and the environment. Integrated reporting gives a dashboard view of an organisations activities and
performance in this broader context.
Systems and Accountability. The need to report on each type of capital would create and enhance a system of
internal measurement which would record and monitor each type for the purposes of reporting. So the need to
report on human capital, for example, would mean that the company must have systems in place to measure,
according to the IIRC guidelines, competences, capabilities and experience and their motivations including
loyalties [and] ability to lead, manage and collaborate. These systems would support the companys internal
controls and make the company more accountable in that it would have more metrics upon which to report.
Decision-making. The connections made through <IR> enable investors to better evaluate the combined impact of
the diverse factors, or capitals, affecting the business. This in turn should result in better investment decisions by
the shareholders, and more effective capital allocation by the firm.
Reputation. The greater transparency and disclosure of <IR> should result in a decrease in reputation risk, which in
turn should result in a lower cost of, and easier access to, sources of finance.
Harmonisation. <IR> provides a platform for standard-setters and decision-makers to develop and harmonise
business reporting. This in turn should reduce the need for costly bureaucracy imposed by central authorities.
Communications. The information disclosed, once audited and published, would create a fuller and more detailed
account of the sources of added value, and threats to value (i.e. risks), for shareholders and others. Rather than
merely recording
financial data in an annual report, the IR guidelines would enable the company to show its shareholders and other
readers,
how it has accumulated, transferred or disposed of different types of capital over the accounting period. So it
would have
to report, for example, on the social capital it has consumed, transformed and created. It might include, for
example, the jobs it has created or sustained in its supply chain and the social value of those jobs in their
communities, or how it might operate a system of cultural values for its employees. In addition and in the same
way as for added value, IR would help the organisation to identify, assess and manage its key risks, with this
bringing further benefit to shareholders and others.
Relationships. The information will lead to a higher level of trust from, and engagement with, a wide range of
stakeholders. This emphasis on stakeholder engagement should lead to greater consultation with stakeholder
groups and enable the company to handle their concerns more effectively.
Challenges in IR
Progress towards IR will happen at different speeds in different countries as regulations and directors duties
vary across the globe
Directors liability will increase as they will be reporting on the future and on evolving issues
A balance will need to be created between benefits of reporting and the desire to avoid disclosing competitive
information
It will take time to convince management to overcome focus on short term rewards.
Page 104 of 110

Public sector governance-to be covered through the technical article
A simpler summary of the technical Article Public Sector
Public Sector: This helps to deliver goods/ services that cannot be/ should not be provided by For Profit
businesses.
Operated (at least partially) by the STATE (a self-governing autonomous region)
STATE
Executive Legislature Judiciary Secretariat
Enforces laws Administration

Forms, passes laws
Government (independent of (education, health,
(elected) defence, foreign
government)
affairs, tax collection,
immigrations, prisons)
Principal: Mainly Tax payers (funders) and Service Users (pupils in schools, patients in hospitals)
Often the two are the same! But when not, there is a debate about how much state funding is to be allocated to
which public sector organisation/ area.
Objectives: Social purpose, good VFM
Value for Money:
Economy: Budget & Time (This entails obtaining suitable quality inputs at the lowest price available.)
Efficiency: Acceptable return on money/ resources invested in a service (This involves delivering the
required works to an appropriate standard at minimum cost, time and effort.)
Effectiveness: Extent to which an organisation delivers what it intended to deliver (This criterion is
primarily concerned with delivering desired pre-determined objectives.)
3rd Sector Organisations: These organisations do not make profit and do not deliver services on behalf of the State.
They exist to provide benefits that cannot be easily provided by profit making business or the public sector.
NGO: Example Doctors without borders
Privately funded
Board of Directors is overseen by trustees
Have a stated purpose/ terms of reference
Page 105 of 110

Quasi-Autonomous NGO (QuANGO):
Funded by the Government but are semi-independent of the government

No political interference
Weak reporting
Lobby Groups:
Organised attempt to influence government policy or drafting of statute law

Try to lobby and get politicians to vote in the legislature in their favour
Best funded are best heard
Stakeholders:
Public Sector:
Tax payers do not have a choice in paying tax

Tax payers have different objectives and views
Private Sector:
Customers who willingly engage with the organisation
Stakeholder Claims: Assessment of validity depends on political stance. Therefore some may be unrecognised.
Public Sector Organisations at various levels

National Based in capital city; divided into Central Government departments such as treasury,
interior department, foreign office, defence, education
Led by a political minister of governing party. (In democratic countries, policies of
these departments will then reflect the expectations of the society)
National government policies made and co-ordinated centrally by head of government
Each departments head (the minister) ensures governments overall strategic
objectives are achieved by issuing instructions on formulation and implementation of
policies
Ministers are advised or helped by civil servants/ permanent government
employees
Sub-National Some countries are sub-divided into regional authorities/ regional assemblies/ states/
Below national municipalities/ local authorities/ department (whatever term used!)
Selected powers given by national government due to belief that these areas are best
handled by local people, due to knowledge, efficiency or cost effectiveness
E.g. of powers: panning of roads, new housing permission, utilities, local schools,
rubbish collection etc.
Local Schools: Have more statistics, can do better need analysis, budgetary
compliance, teaching quality, results monitored
Led by elected representatives and advised by permanent officials
Page 106 of 110

Supranational A multi national organisation where power is delegated to the organisation by the
government of member states
E.g. European Union, World Trade Organisation, World Bank
Strategic Objectives:
Private Sector Organisation:
Answerable to Shareholders
Objectives are therefore according to Shareholders expectations
Public Sector organisation:
Help to achieve higher government policy objectives

Autonomy given to individual organisations varies
Economy: Specified budget and time
Efficiency: As government funded, resource utilisation is important
Effectiveness: Must achieve objectives for which it was established
Criticised normally for over spending or underperforming
Governance Arrangements:
Accountability:
A reporting system
An oversight body
No market mechanism for performance measurement (like the ones listed companies have)
Oversight Body:
A board of governors, a council of reference, a board of trustees, an oversight board

Ensures organisations run for the benefit of users and protects the interest of the funders (taxpayers)
Roles:
a) Comply with government rules
b) Organisation is well run, performance targets met (audits can be done)
c) Budget negotiations and monitoring performance against budgets/ other financial measures
d) Appoint senior officials, monitor management performance
e) Reports upwards to local or central authorities
Public Sector Organisation nature of democratic control, political influence & policy implementation
Debate about: how they should be operated by law, how constituted, state size, the role of its institutions etc.
Left Leaning Government: prefer a larger state sector, more state spending, more public sector employment
Page 107 of 110

Right Leaning Government: prefer more to be achieved in private sector, less by government
Policy objectives change with governments, which affect size and importance of public sector
Health Services: some want this entirely funded by taxpayers and others think people should pay (e.g. through
insurance)
University Education: some say that state should pay it, others think students should
In some countries, economies restricted through privatisation

In some cases, a previous public sector monopoly supplier turned into a public listed company
Arguments for Privatisation:
Private sector has profit motive and competition, so it can deliver better value to customers
Arguments against Privatisation:
State should control more of the economy plus some services like utilities, airlines, transport etc. are too
important to be subject to market forces
Changes from Public Sector to Private:
Cultural changes
Structure and governance changes
Equally important and so common features between the two are: strategic leadership, clear thinking and
effective strategy implementation
Page 108 of 110

Shareholder Rights and Responsibilities
PUBLIC INTEREST
All professionals, including professional accountants, have a primary duty to the public interest. Professionals
enjoy a privileged position of high esteem in society, and in return, it is important that they act in such a way as to
maintain that position of trust. This includes a commitment to high social values such as human welfare, fairness,
justice, integrity and probity, and the wellbeing of society.
The International Federation of Accountants (IFAC) in its code of ethics states that the accountancy profession
accepts its responsibility to act in the public interest. This means that a professional accountants responsibility is
not just to meet the needs of an employer or client but to act in a manner that is for the good of the profession
and society.
Public interest does not have a set definition.
To act in the public interest is to recognise a fiduciary duty to the benefit of society rather than just a duty to one
particular party.
Public interest concerns the overall welfare of society as well as the sectional interest of the shareholders in a
particular company. It is generally assumed, for example, that all professional actions, whether by medical, legal or
accounting professionals, should be for the greater good rather than for sectional interest.
THE ROLE OF THE ACCOUNTANT IN SOCIETY
Accountants are responsible for acting in the public interest.
This means that accountants need to act in accordance with an agreed set of professional values, always maintain
the highest levels of integrity, and deal fairly with all parties they engage with. Accountants, along with other
professionals in society, are expected to demonstrate unswerving support for these professional values and be
beyond reproach, and act independently at all times.
This may involve disclosing confidential client information to the authorities if it is in the public interest to do so,
e.g. if the client is involved in fraudulent or criminal activities.
In addition, accountants have the skills to be able to provide benefit for society as a whole. This may be that they
are involved in the development of new reporting requirements that will enhance financial reporting. For
example,many governments do not require environmental and social reporting. It is the accounting profession that
has promoted this reporting as voluntary information that should be disclosed alongside the annual report.
Accountants have a role to play in influencing the distribution of power and wealth in society. They may use their
skills to help set up social security systems to distribute state benefits to those in need. They have a wealth of skills
which are readily transferable so can assist governments in designing new financial reporting rules and tax regimes
that may benefit those less well off.
Page 109 of 110

Ethical responsibilities of a professional accountant
Responsibilities to employer: An accountants responsibilities to his or her employer extend to acting with
diligence, probity and with the highest standards of care in all situations. In addition, however, an employer might
reasonably expect the accountant to observe employee confidentiality as far as possible.
The responsibilities also include the expectation that the accountant will act in shareholders interests as far as
possible and that he or she will show loyalty within the bounds of legal and ethical good practice.
Responsibilities as a professional: In addition to an accountants responsibilities to his or her employer, there is a

further set of expectations arising from his other membership of the accounting profession. In the first instance,
professional accountants are expected to observe the letter and spirit of the law in detail and of professional
ethical codes where applicable (depending on country of residence, qualifying body, etc.). In any professional or
ethical situation where codes do not clearly apply, a professional accountant should apply
principles-based ethical standards (such as integrity and probity) such that they would be happy to account for
their behaviour if so required. Finally, and in common with members of other professions, accountants are
required to act in the public interest.
The Global reporting Initiative (GRI)

It is a reporting framework which arose from the need to address the failure of the current governance structures
to respond to the changes in the global economy.
It aims to develop transparency, accountability, reporting and sustainable development.
Its vision is that reporting on economic, environmental and social importance should become as routine as
financial reporting.
Contents of such a report:
1. Vision and strategy(with regards to sustainability)

2. Profile (organizational structure and operations)
3. Governance structures and management systems
4. GRI content index ( to state where the info listed in the guidelines is located in the report)
5. Performance indicators
Shareholders have the following rights:

The right to sell their stock.
The right to vote in general meeting.
The right to certain information about the company.
The right to sue for misconduct
Certain residual rights in the case of liquidation.
Responsibilities of shareholders
The unique nature of the ownership of a share may suggest that shareholders have a limited responsibility for
corporate action. However, this responsibility still exists and can be seen in:
Shareholder democracy: the concern here is whether shareholders, particularly institutional shareholders, can use
their position to influence greater corporate accountability.
Shareholder activism: buying shares in a company gives you the right to have a voice at the AGM and so make
other shareholders aware of company policies and challenges.
Ethical investment: is the use of ethical, social and environmental criteria in the selection and management of
investment portfolios of company shares.
Page 110 of 110

p1 Notes

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

p1 Notes

Uploaded by

Copyright:

Available Formats

KNOWLEDGE SUMMARY

Private and institutional shareholders

1. Private/listed/quoted/ floated/public companies

2. Public sector organizations/ state controlled

- Goods/services that CANNOT be or SHOULD NOT be provided by for profit organizations

Public sector organisations can be at various levels:

At Sub-national level (below national)

- A multi-national organisation where power is delegated to the organisation by the government of

3. Charities and NGOs

- Not make profit; not deliver services on behalf of the state.

Public companies Public sector organisations Charities/NGOs

- Primarily to make a - Concerned with social - Support the charitable

Public companies Public sector organisations Charities/NGOs

Principal: Shareholders/Investors Principal: Taxpayers and service Principal: Donors

Public companies Public sector organisations Charities/NGOs

Charities receive recognition by a

Public companies Public sector organisations Charities/NGOs

Public companies Public sector organisations Charities/NGOs

The 3 Es framework is a way in

Economy: Budget & Time

Efficiency: Acceptable return on

Effectiveness: Extent to which an

Public companies Public sector organisations Charities/NGOs

Focus on: Focus on: Focus on:

Public companies Public sector organisations Charities/NGOs

Non-Executive Directors (NED)

Higgs Report: Summary of the role of non-executive directors

NEDs operate as a corporate conscience and therefore need to be independent.

May lack independence

The overall responsibility of the chairman is to:

The overall responsibility of the CEO is to:

Splitting the role of CEO & Chairman

Reasons for splitting the role

No unlimited power/unfettered powers with one person therefore greater transparency.

1. Oversees board appointments to maintain a balance in the board.

6. Arranges induction training of all directors

7. Arranges CPD activities for all directors

4. They may also be asked to make severance packages.

Key points to consider:

Directors can be appointed to the board by the following means:

A director may leave office in one of the following ways:

Why is insider trading unethical and often illegal?

- performance against objectives

Positive Aspects of Performance Evaluation

Criticisms of Performance Evaluation

Elements of induction training

Brief outline of the role of a director and a summary of responsibilities;

Features of effective CPD

The matrix comprises four elements:

CPD activities could include:

Benefits of Diversity in the Workplace

COSTS OF DIVERSIFYING THE BOARD

REGULATORY INITIATIVES OF BOARD DIVERSITY

Agency costs can include:

Reducing agency costs

Transaction cost theory

Search and information costs: to find the supplier.

Transaction costs can be further impacted by the following:

Transaction cost theory versus agency theory

2.NEDs are empowered(independent 4.Acts as a deterrent to management fraud.

4.Greater intellectual strength (strategies Why not?

Generic Discussion- Code of corporate governance

-they improve investor confidence -They cannot stop fraud