Role of Management & Internal Control

Corporate Governance

Introduction• Discussion so far !!!!!• Role of Management • Different Corporate Officers (CEO, CFO, CS)• Internal control:– The whole system of controls, established by the

management in order to carry on the business of the company in an orderly manner, to safeguard its assets, and secure as far as possible, the accuracy and reliability of its records.

– Includes financial and operational controls

2

Objectives of internal control

• Ensuring the recording of the accounts• Assets management• Assuring that the company operations are

streamlined and according to the policies and procedures

3

Tools of internal control

• The different tools through which internal control can be developed in the company are;– Basic controls (developing accounting procedures)– Supervisory controls (to provide a check over

basic controls-officer checking sub-ordinate, final approval, reconciliation, pre-audits etc )

– Internal check (segregation of duties…. Well defined division of roles and responsibilities, job rotations, other precautions)

4

Tools of internal control (cont’d)

– Internal audit- a way difficult and expensive but can be very effective• Difference from the account dept• Answerable to the CEO and Chairman of the audit

committee• Duties and responsibilities • Limitations • Difference of the internal and external auditors

5

Setting internal controls

• At board level drawing up internal control policy– Management designs and board approves the internal

controls mechanism

• Documentation! documentation! documentation!

• Training of the staff• Ensuring that policies are followed (internal

checks/audit)• Curb exceptions, and discretions

6

Setting internal controls (cont’d)

Monitoring internal controls

Reporting!!!!!

Reporting by Board on Internal Control• Pak CG code is silent• UK CG code recommends that boards should cover in

their statements about the different areas of internal controls such as; risk assessment, control environment; information and communication and monitoring

7

Whistle blowing• What is it?

• Definition!!!!

• The disclosure by an employee (or a professional) of confidential information which relates to some danger, fraud or other illegal or unethical conduct connected with the workplace, be it of the employer or of a fellow employees (Lord Borrie)

• In the United Kingdom, the Public Interest Disclosure Act 1998 provides a framework of legal protection for individuals who disclose information so as to expose malpractice and matters of similar concern. In the vernacular, it protects whistleblowers from victimization and dismissal.

8

Whistle blowing

• Whistle blowing is a deliberate non-obligatory act of disclosure which gets unto public record and is made by a person who has or had privileged access to data or information of an organization, about non-trivial illegality or other wrong doing whether actual, suspected or anticipated which implicates and is under the control of that organization, to external entity having potential to rectify the wrong doing (Peter, Jubb)

9

Classification of Whistle blowing

• Tipster: – An anonymous person who simply sends a tip or

piece of information about an alleged wrongdoing • Squealer– A person who has a direct knowledge of mainly

because he participated in it and is now exposing it

• Witness:– A person who formally supplies information under

an oath

10

Classification of Whistle blowing (cont’d)• Complainant – A person who is aggrieved by an incidence of wrong

doing and is willing to provide info on it• Mischief maker– A person who alleges wrong doing without having any

substantive evidence- usually to settle personal scores• Reporter – An outsider who has the profession of reporting on

wrong doing s in the various orgns• Watchdogs– Group of whistleblowers

11

Importance of handling whistle blowing• Don’t ignore the whistle blowing • International chamber of commerce has

issued guidelines to establish a formal system of whistle blowing management in the companies to improve the internal controls http://www.managementpractices.com/publications/ICC_Guidelines_Whistleblowing.pdf

• Some examples of Whistle blowers:– http://www.toptenz.net/top-10-whistle-

blowers.php

12

Setting up a whistle blowing system

• Defining and clarifying the integrity policy of the company– Developing a code of ethics and a good corporate

culture– Develop procedural system for whistle blowing

management• Who should the whistle-blower report to?• The format of the report• Procedure of handling the report/investigation• Confidentiality • Sticks and carrots

• Advantages of whistle-blowing system

13

Reference

• Chapter 09, Corporate governance (Second Edition)

• Watch “the insider” (1999)- Al Pacino & Russell Crowe

14

Organizational strategy, business models and risk management

Introduction

• As discussed in the earlier classes too:– CORPROATE GOVERNANCE frameworks suggest that the

board should provide the guidance and oversight over the management

– Management is basically responsible for the planning, organizing and leading the company

• In this lecture we will review the issues related with the organizational strategy, business models and risk management and analyze it from the CG perspective

16

Introduction (cont’d)

• The board is expected to scrutinize the strategy to make sure that it is appropriate for the company’s shareholders and stakeholders, and then to monitor the contribution of corporate activities to the strategic plan

17

Organizational strategyDiscuss the strategy development process

18

Organizational Strategy (Cont’d)

• The implementation and evaluation process of the strategy– The role of the management • Developing the strategy

– Developing the business model– Business model?????

• Implementing the strategy• Performance management

– Development of the indicators/measures (KPI)– Measures include tangible/intangibles – Financials or non-financials

19

Organizational Strategy (Cont’d)

• The implementation and evaluation process of the strategy– The role of Board • Developing the strategy……. No• Implementing the strategy….. No• They are suppose to test the business model and also

evaluate the performance of the organization on the defined performance indicators i.e., KPIs

20

Business Model

21

Organizational Strategy (Cont’d)

• Nowadays more companies are using combination of financial and non-financial KPIs.

• Although nonfinancial measures are important, boards must be aware of the risks involved in using them. By their nature, nonfinancial measures are more easily subject to measurement error or manipulation. Others are difficult to track with precision.

• Following are some of the key factors for the board to consider when relying on performance measures:

– Sensitivity, precision, verifiability, objectivity, dimension and interpretation

22

Evidence from research• Research evidence supports the importance of these efforts:• Ittner and Larcker (2003) found that companies that develop a

causal business model based on KPIs exhibit significantly higher returns on assets and returns on equity during five-year periods than those that do not.

• The authors identified three benefits of this process:– enhanced internal communication on strategic assumptions, better

identification and measurement of strategic value drivers, and improved resource allocation and target setting.

• Gates (1999) found that companies with a formal set of strategic performance measures tend to exhibit superior stock price returns compared to companies that do not have such measures

23

How Well Are Boards Doing with PerformanceMeasures and Business Models?

• Deloitte undertook one of the most detailed analyses of this subject in a two-part study.

• Findings are:– Based on a sample of 250 directors and executives at large

international corporations, the report found a surprising disconnect between the metrics that board members and executives say are important drivers of firm performance and the KPIs that the companies actually use to track results.

– Majority of the respondents primarily emphasized or allocated more weightage to the financial measures as compared with the other non-financial measure, but at the same time acknowledged the importance of the non-financial measures as well.

24

Risk and Risk Management• The risk facing an organization represents the likelihood and severity of loss from

unexpected or uncontrollable outcomes.

• This includes both the typical losses that occur during the course of business and losses from extremely unlikely and unpredictable events (so-called black swans).

• Risk arises naturally, both from the nature of the activities that the corporation participates in and from the manner in which it pursues its objectives.

• Risk cannot be separated from the strategy and operations of the firm but instead is an integral feature of organizational decision making.

• Each company must decide how much risk it is willing to assume through its choice of strategy. It is not possible to pursue a risk-free strategy, nor is risk management about removing all risk from the firm.

• Risk tolerance – should be consensus among the mgt and the board

25

Risk and Risk Management (Cont’d)• Boards and executives commonly focus on generic risks facing the firm.• However, the real risks are extensive and relate to all its activities,

including these:– Operational risks– Financial risks– Reputational risks– Compliance risks

• To understand the risks associated with the organizational strategy, the board must probe deeper than generic risk categories.

• Survey data suggests that companies are aware of the financial, political, regulatory, and economic risks facing their organizations and the risks

• associated with loss of human capital.

• However, they exhibit some what lower awareness of the risks that are inherent to their business models.

26

Risk Management

27

Risk and risk management (Cont’d)• Risk management is the process by which a company evaluates and

reduces its risk exposure. This includes actions, policies, and procedures that management implements to reduce the likelihood and severity of adverse outcomes and to increase the likelihood and benefits of positive outcomes.

• To accomplish this, the organization must define and develop a risk culture. A risk culture involves setting the tone for risk tolerance in the organization and ensuring that risk consideration is a key part of all decisions. Survey data suggests that strong leadership, clear parameters surrounding corporate risk taking, and access to information about potential risks are necessary for this to occur.

• Please read the Eight step process of Risk Management on PP 191 of the reading material

28

Oversight of the Risk Management • The risk oversight responsibilities of the board can be roughly divided into

four categories:

– First, the board is responsible for the determining the risk profile of the company (includes macro, industry related and firm specific risks)

– Second, the board is responsible for evaluating the company’s strategy and business model, to determine whether they are appropriate, given the firm’s appetite for risk. The board should be satisfied that the company has identified risks to the strategy and business model and is effectively managing them.

– Third, the board is responsible for ensuring that the company is committed to operating at an appropriate risk level on an ongoing basis.

– Finally, the board should determine that management has developed the necessary internal controls to ensure that risk-management procedures remain effective.

29

The Question is!!!

• If we have so effective systems in place,– What was the role of Board, CG mechanisms and

Management in the financial crisis of 2008?

– Are they because of the BLACK SWANS?– Black Swans?– HAVE U HEARD ABOUT NASSIM N TALEB????

– http://en.wikipedia.org/wiki/Black_swan_theory

30