Anda di halaman 1dari 97

ACCA APPROVED CONTENT PROVIDER

ACCA Passcards
Paper P1
Governance, Risk and Ethics
Passcards for exams
up to June 2015

ACP1PC14.indd 1

29/05/2014 17:29

(000)ACP1PC14_FP(Ho).qxp

5/28/2014

12:38 AM

Page i

Professional Paper P1
Governance, Risk and Ethics

(000)ACP1PC14_FP(Ho).qxp

5/28/2014

12:38 AM

First edition 2007, Eighth edition June 2014


ISBN 9781 4727 1129 8
e ISBN 9781 4727 1185 4
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the
British Library
Published by
BPP Learning Media Ltd,
BPP House, Aldine Place,
142144 Uxbridge Road,
London W12 8AA

Printed in Singapore by
Ho Printing
31 Changi South Street 1
Changi South Industrial Estate
Singapore
486769

www.bpp.com/learningmedia
Your learning materials, published by BPP Learning
Media Ltd, are printed on paper obtained from traceable
sustainable sources.

Page ii

All rights reserved. No part of this publication may be


reproduced, stored in a retrieval system or transmitted, in
any form or by any means, electronic, mechanical,
photocopying, recording or otherwise, without the prior
written permission of BPP Learning Media.

BPP Learning Media Ltd


2014

(000)ACP1PC14_FP(Ho).qxp

5/28/2014

12:38 AM

Page iii

Preface

Contents

Welcome to BPP Learning Medias ACCA Passcards for Professional Paper P1 Governance, Risk and Ethics.
 They focus on your exam and save you time.
 They incorporate diagrams to kick start your memory.
 They follow the overall structure of the BPP Learning Media Study Texts, but BPP Learning Medias ACCA
Passcards are not just a condensed book. Each card has been separately designed for clear presentation.
Topics are self contained and can be grasped visually.
 ACCA Passcards are just the right size for pockets, briefcases and bags.
Run through the Passcards as often as you can during your final revision period. The day before the exam, try to
go through the Passcards again! You will then be well on your way to passing your exams.
Good luck!

Page iii

(000)ACP1PC14_FP(Ho).qxp

5/28/2014

12:38 AM

Page iv

Preface

1
2
3
4
5
6
7
8
9
10

Scope of corporate governance


Approaches to corporate governance
Corporate governance practice and reporting
Internal control systems
Risk attitudes and internal environment
Risks
Risk assessment and response
Information, communication and monitoring
Personal ethics
Professional ethics

11

Corporate social responsibility

Contents

Page
1
11
21
31
39
47
53
61
69
75
83

(001)ACP1PC14_CH01.qxp

5/28/2014

12:39 AM

Page 1

1: Scope of corporate governance

Topic List
Definition
Concepts
Agency
Stakeholders
Main issues

This chapter sets out the foundations of good corporate


governance, defining what corporate governance is, the
key concepts, and the stakeholders whom good
corporate governance serves.You may need to consider
the conflicting interests of stakeholders and how
stakeholders can control managers/directors. We also
summarise major issues in corporate governance.

(001)ACP1PC14_CH01.qxp

Definition

5/28/2014

12:39 AM

Concepts

Page 2

Agency

Stakeholders

Main issues

Corporate governance is the system by which organisations are directed and controlled. It is a set of
relationships between directors, shareholders and other stakeholders.
Risk management
and reduction

Appropriate control
systems

Framework to
pursue strategy

Corporate governance

Guards against
misuse of resources

Spirit of codes

Accountability to
stakeholders

(001)ACP1PC14_CH01.qxp

Definition

Fairness
Transparency
Independence
Innovation
Scepticism
Probity
Responsibility
Accountability
Reputation
Judgement
Integrity
Page 3

5/28/2014

12:39 AM

Concepts

Page 3

Agency

Stakeholders

Main issues

Take into account all stakeholders with legitimate interests


Openness, disclosure in financial statements, press releases, websites
Being free from constraints or influences that would prevent a correct course of
action being taken
Recognise that the needs of businesses and stakeholders can change over time
NEDs, auditors and audit committees should adopt an air of scepticism and an
enquiring mind
Truth-telling/not misleading
Management responsible for organisation, means of corrective action and
penalising mismanagement
Directors and companies answerable for consequences of actions to shareholders,
professionals to values, public sector to stakeholders
Jeopardised by poor risk management/corporate governance ethical behaviour,
may impact commercially
Taking decisions that enhance organisations prosperity
Straightforward dealing, honesty and completeness, basis of trust
1: Scope of corporate governance

(001)ACP1PC14_CH01.qxp

5/28/2014

Definition

12:39 AM

Concepts

Page 4

Agency

Stakeholders

Main issues

Agency

Agency in corporate governance

Agency is acting on behalf of another (principal) in


dealing with others.

Directors (agents) run company on behalf of


shareholders (principals).

Agency costs are the monies and resources


expended by principal in monitoring agent.

Agency problem how to prevent directors excessively


rewarding themselves/
underperforming.

Agents responsibilities









Accountability
Fiduciary duty (trust and care)
Personal performance
Obedience
Skill
No conflict of interest
Confidentiality
Handing over benefits

Main solution is to link reward with company


performance:
 Profit related pay
 Shares
 Share option plans

Transaction costs theory


Companies seek to keep business dealings in-house,
managers act opportunistically in their own interests.

(001)ACP1PC14_CH01.qxp

Definition

5/28/2014

12:39 AM

Page 5

Concepts

Stakeholders

Level of interest
Low

Stakeholder theory

Power

A broad range of stakeholders have claims on an


organisation. Stockholder/Shareholder view that
company just responsible to shareholders is
wrong as modern corporations are very large and
social/political/legal impact is therefore great.

A:
B:
C:
D:

 Normative view ethical/philanthropic


responsibilities as well as economic/legal
Page 5

Main issues

Stakeholder power mapping

Stakeholders are groups or individuals whose


interests can affect or are directly affected by the
activities of a firm or organisation.

 Instrumental view mainly economic


responsibilities with aim of maximising profits

Stakeholders

Agency

Low
High

High
A

minimal effort
keep informed, as can influence more powerful stakeholders
keep satisfied
strategy must be acceptable

Results of mapping





Corporate governance accommodates views


Repositioning of stakeholders
Identify change blockers/facilitators
Assess legitimacy/urgency
1: Scope of corporate governance

(001)ACP1PC14_CH01.qxp

5/28/2014

Definition

12:39 AM

Concepts

Page 6

Agency

Stakeholders

Main issues

Proximity to organisation

Primary and secondary stakeholders

Internal employees/management

Primary need participation to continue as going


concern (customers, suppliers, government)

Connected shareholders, customers, suppliers,


lenders, trade unions, competitors
External government, local government, public,
pressure groups, opinion leaders

Narrow and wide stakeholders

Secondary their ceasing to participate wont affect


continued existence (government, managers)

Active and passive stakeholders

Narrow most affected by organisations strategy


(shareholders, employees, suppliers, major customers)

Active seek to participate in organisation's


activities (managers, shareholders, regulators,
pressure groups)

Wide less affected by organisations strategy


(government, less significant customers, community)

Passive dont seek to participate in policy-making


(shareholders, local communities, government)

(001)ACP1PC14_CH01.qxp

5/28/2014

12:39 AM

Page 7

Voluntary and involuntary stakeholders

Legitimacy of stakeholders

Voluntary those who of their own choice have


involvement with the organisation employees,
customers, suppliers, shareholders

Legitimate valid claims

Involuntary engage with the organisation without


choosing to do so neighbours, wider public

Who decides legitimacy? Basis?

Illegitimate invalid claims

Knowledge of stakeholders
Known Existence known to organisation

Recognition of stakeholders
Recognised Managers consider interests and views
when deciding strategy
Unrecognised Managers don't consider claims when
deciding strategy

Page 7

Unknown Existence unknown to organisation


(wildlife, communities affected by suppliers)
Direct stakeholders know effect/how affected by
Indirect unaware of claims or cannot express them
directly

1: Scope of corporate governance

(001)ACP1PC14_CH01.qxp

Definition

Directors
Secretary
Sub-board management
Employees
Trade unions
Suppliers
Customers

5/28/2014

12:39 AM

Concepts

Page 8

Agency

Stakeholders

Main issues

Executive full-time managers, non-executive monitoring


Arranges board meetings, plans agenda, deals with documents and registers, general
administration, reports to chairman
Concerned with impact of board upon position, supervise and co-ordinate
implementation of business strategy and risk management, provide data for board
Commitment, interest in pay and conditions, need to implement control systems, adopt
culture and provide feedback
Pay and working conditions, concerned with poor board communication, lax risk and
control environment, can be used to harness employee support
Co-operation needed for just-in-time supply, poor payment record leads to credit
restriction and poor service
Increased expectations, power to shop elsewhere, ability to make views known, ethical
requirements

(001)ACP1PC14_CH01.qxp

5/28/2014

12:39 AM

Page 9

External auditors

Highlight governance and reporting issues, independence required to supply


confidence in information, need for audit committee to reinforce position

Regulators

Establish rules and standards, carry out inspections. May be enforcement costs or
regulatory capture, domination of regulator by regulated

Government

Establish overall climate, encourage private shareholdings, provide subsidies,


nationalise poorly performing industries, run public sector organisations

Stock exchanges

Companies raise money, investors transfer shares, supply data about company
value and provide regulatory framework for governance

Institutional investors

Can influence prices, avoid speculative shares, want short-term profits, can influence
companies through meetings and voting, able to take direct action if dissatisfied

Small investors

Hold small numbers of shares in companies, trusts and funds. Likely to be


undiversified and concerned with information asymmetry

Recipients
Donors

Services from public sector, aid from charities

Page 9

Provide funds to charities, want them well-spent


1: Scope of corporate governance

(001)ACP1PC14_CH01.qxp

Definition

5/28/2014

12:39 AM

Concepts

Page 10

Agency

Stakeholders

Main issues

Duties of directors

Directors' remuneration

Corporate governance guidelines reinforce legal and


fiduciary duties to act in companys best interests,
use powers for proper purpose, avoid conflicts of
interest and exercise duty of care.

Directors being paid undeserved and excessive


remuneration and bonuses. Allegations that directors
have been rewarded for making losses.

Board composition

Board supervision

Need to avoid domination by single individual/small


group of executive directors.

Need for board to meet regularly to consider effectively


organisations activities, risks and control systems.

Accounting and auditing

Corporate social responsibility

Greater transparency and reliability of accounts,


decreasing investor risks. Tougher auditing standards
and requirements for auditors to avoid conflicts of
interest.

Builds on stakeholders' debate, what responsibilities


should organisation and board fulfil.

(002)ACP1PC14_CH02.qxp

5/28/2014

12:39 AM

Page 11

2: Approaches to corporate governance

Topic List
Development of guidance
Basis of guidance
Major governance codes
Sarbanes-Oxley
Corporate social responsibility
Public sector governance

In this chapter we summarise the factors that have


influenced the ways corporate governance has
developed, including the important rules v principles
debate.You may be asked about these in part (a) of a
question before you consider specific corporate
governance arrangements later in the question. We also
give details of the major worldwide codes, particularly
those that have international impact.
Corporate social responsibility is a major topic in this
exam, and the themes we cover here and in Chapter 11
will occur in many questions.

(002)ACP1PC14_CH02.qxp

Development of
guidance

Internationalisation

5/28/2014

Basis of
guidance

12:39 AM

Major
governance codes

Investor treatment

Page 12

Sarbanes-Oxley

Financial reporting
weaknesses

Corporate social
responsibility

Individual country
characteristics

Public sector
governance

Corporate scandals

Governance development

Openness

Integrity

Accountability

(002)ACP1PC14_CH02.qxp

Development of
guidance

5/28/2014

Basis of
guidance

12:39 AM

Major
governance codes

Page 13

Sarbanes-Oxley

Principles-based approach
Most corporate governance codes use a principlesbased approach with broad guidelines supplemented by
limited specific requirements. Encourage companies to
comply or explain.

Rules-based approach
Rules-based approach focuses on regulations and
targets that must be met without any leeway. It should be
easy to ascertain compliance, but in practice there may
be questionable situations which are not fully covered by
the rules.

Corporate social
responsibility

Public sector
governance

Key Principles










Fulfil strategic objectives


Reinforce governance regulation
Minimise risk
Promote ethical behaviour
Underpin investor confidence
Fulfil stakeholder responsibilities
Establish management accountability
Maintain NED/auditor independence
Provide accurate reporting

 Encourage owner involvement


 Direct behaviour
Page 13

2: Approaches to corporate governance

(002)ACP1PC14_CH02.qxp

Development of
guidance

5/28/2014

Basis of
guidance

12:39 AM

Major
governance codes

Page 14

Sarbanes-Oxley

Advantages of principles






Avoids inflexible rules


Less burdensome
Allows scope for development
Comply or explain
Emphasis on investor judgement

Corporate social
responsibility

Public sector
governance

Problems with principles








Principles too broad


Lack of consistency
Confusion over what is compulsory
Companies treat as non-binding
Markets don't understand disclosures

Insider systems

Outsider systems

Most companies listed on stock exchange are controlled


by a few individuals, for example family companies.

Shareholdings are widely dispersed, manager/owner


separation.

Outsider
Advantages/Disadvantages
 Robust governance regime
 Strong owner-manager links
 Hostile takeover threat constrains management
 Longer-term view
 Agency problem
 Discrimination v minority
 Short-term priorities
 Lack of monitoring/governance
Insider

(002)ACP1PC14_CH02.qxp

Development of
guidance

5/28/2014

Basis of
guidance

12:39 AM

Major
governance codes

Page 15

Sarbanes-Oxley

Corporate social
responsibility

Public sector
governance

UK Corporate Governance Code

OECD principles

Code derived originally from Cadbury, Greenbury and


Hampel reports, supplemented by:

Organisation for Economic Co-operation and


Development produced non-binding principles to
address the interests of global investors. Companies
should work towards achieving principles, and
principles are guidelines for individual countries to
develop own codes.

 Turnbull report risk and internal control


 Smith report audit committees
 Higgs report non-executive directors

Principles

ICGN report
International Corporate Governance Network has
provided practical guidance for boards to operate
efficiently and compete for scarce capital.

Page 15







Shareholder/stakeholder rights
Equitable treatment of all shareholders
Stakeholders rights protected
Timely/accurate disclosure of material matters
Board responsible for strategy and monitoring
2: Approaches to corporate governance

(002)ACP1PC14_CH02.qxp

Development of
guidance

5/28/2014

Basis of
guidance

12:39 AM

Major
governance codes

Page 16

Sarbanes-Oxley

Sarbanes-Oxley
The Sarbanes-Oxley Act was a response to the
collapse of Enron, one of America's biggest companies.
The Act is more prescriptive than codes in other
jurisdictions, impacting on review of controls,
disclosures, audits, ethics and directors share trading.

Auditing requirements
The non-audit services auditors can provide are
significantly restricted and auditors are subject to
various other rules:
 Compulsory partner rotation
 Retention of audit papers
 Quality control standards
 Review internal control systems

Corporate social
responsibility

Public sector
governance

Weaknesses at Enron






Lack of transparency in accounts


Non-executive directors weak
Lack of external audit scrutiny
Directors use of inside information
Dishonesty and law-breaking

Corporate responsibility
Chief executive/chief finance officer certify:
 Appropriateness of accounts
 Accounts fairly reflect operations and financial
condition
If accounts have to be restated, they forfeit their
bonuses.

(002)ACP1PC14_CH02.qxp

5/28/2014

12:39 AM

Page 17

Audit committees

Internal control reports (s404)

Every listed company should have an audit


committee consisting of independent directors, with
member(s) with financial expertise. Audit committee
should be responsible for:

Annual accounts must contain internal control reports


that:

 Appointment, compensation and oversight of


auditors
 Discussing key accounting policies with auditors
 Setting up complaints mechanisms

 State management responsibility for control


structure/financial reporting procedures
 Assess effectiveness of control structure/financial
reporting procedures (with audit report)
 State whether code of conduct for senior financial
officers has been adopted

Whistleblowing

Off-balance sheet transactions

Employees/auditors will be granted whistleblowing


protection if they disclose private employer
information to parties involved in a fraud claim.

There should be appropriate disclosure of material offbalance sheet transactions.

Page 17

2: Approaches to corporate governance

(002)ACP1PC14_CH02.qxp

Development of
guidance

5/28/2014

Basis of
guidance

12:39 AM

Major
governance codes

Page 18

Sarbanes-Oxley

Corporate social
responsibility

Public sector
governance

Significance of responsibility

CSR and stakeholders

Large businesses in particular face expectations that


they will act in a socially responsible fashion.

Businesses benefit from goodwill and other aspects


of society and therefore owe those particularly
affected by their activities certain duties in return.

Carroll's model
Four levels of responsibilities:





Economic shareholders/employees/customers
Legal comply with laws
Ethical act in fair and just way
Philanthropic generosity to employees/
community

Problems with stakeholder view


 Collaboration time-consuming and expensive
 Culture clashes with certain stakeholders
 Collaboration on some issues, conflict on
others
 Lack of consensus between different
stakeholders

(002)ACP1PC14_CH02.qxp

5/28/2014

12:39 AM

Page 19

Ownership responsibilities
By buying shares, shareholders buy a responsibility to
ensure that company is managed efficiently and in ways
consistent with public welfare. Responsibilities of institutional shareholders have been stressed, institutional
shareholders' large % shareholdings meaning they
should be actively involved and pressure managers.
Ownership view problems
 Shareholders with small % holdings arent
influential
 Shareholders can easily dispose of shares and
this loosens feelings of obligation

Page 19

Impact of CSR

 Objectives
 Mission statements
 Ethical codes
 Governance codes
 Stakeholder board representation
 Corporate social reporting

2: Approaches to corporate governance

(002)ACP1PC14_CH02.qxp

Development of
guidance

5/28/2014

Basis of
guidance

12:39 AM

Major
governance codes

Public sector
Purposes and objectives Public service

Page 20

Sarbanes-Oxley

Private sector
Profit

Corporate social
responsibility

Charitable status

Public sector
governance

NGOs/quasi NGOs

Relief of poverty,
research, etc

As defined by owners

Performance

Central regulation Financial reporting


standards

SORP

Set outcomes

Ownership

Government

Donors

Government

Stakeholders
(including lobby groups)

The public, central Shareholders,


Service users
government,
regulators, taxation
service users
authorities

Partners/
shareholders

Government,
lobbying groups

(003)ACP1PC14_CH03.qxp

5/28/2014

12:40 AM

Page 21

3: Corporate governance practice


and reporting
Topic List
Role of board
Board membership
Non-executive directors
Directors' remuneration
Stakeholder relationships
Reporting

Corporate governance practice is a key area in this


syllabus, and you can expect to be asked whether an
organisation is following good practice. The role and
activities of the board will be significant elements in
many questions. How corporate governance practice
serves the interests of stakeholders will also be
important.

(003)ACP1PC14_CH03.qxp

Role of board

5/28/2014

Board
membership

12:40 AM

Page 22

Directors'
remuneration

Non-executive
directors

Scope of board's role


The board should have a formal schedule of matters
reserved to it for decisions. Board is also responsible
for overseeing strategy, monitoring risk, control
systems and management, and ensuring effective
communication.

Stakeholder
relationships

Reporting

Advantages of diversity






Maximise talent pool


Broader range of knowledge
Access stakeholder constituencies
Greater independence
Corporate citizen

Nomination of directors
Nomination committee should oversee appointments
and make recommendations to the board. Needs to
consider:
 Executives/non-executives
 Gaps in current board's skills
 Expanding board diversity (age, gender, race,
ethnicity, education, background)
 Continuity and succession planning

Legal and regulatory frameworks









Legal responsibilities
Avoidance of conflict of interest
Time limits on appointments
Limits on service contracts
Retirement by rotation
Insider dealing

(003)ACP1PC14_CH03.qxp

5/28/2014

12:40 AM

Page 23

CPD and appraisals


All board members should have training covering
strategy, management, legal responsibilities and
company related issues.
There should be annual appraisals of the performance
of the whole board and of individual directors.

Multi-tier boards
Companies in some countries are run by two or more
boards, often with supervisory/management role split.

Board appraisal









Performance against objectives


Contribution to strategy/environment
Response to problems
Considering right matters
Communication
Effectiveness of board committees
Quality of feedback
Adequacy of decision-making

Advantages of multi-tier boards

Disadvantages of multi-tier boards











Supervisors/supervised separation
Deters management fraud
Better links with stakeholders
Better use of non-executive time

Page 23

Lack of accountability
Don't receive information from managers
Supervisory board decision-making restricted
Less effective at questioning managers
3: Corporate governance practice and reporting

(003)ACP1PC14_CH03.qxp

Role of board

5/28/2014

Board
membership

12:40 AM

Non-executive
directors

Page 24

Directors'
remuneration

Stakeholder
relationships

Reporting

Board membership

Division of responsibilities

Companies need to consider optimum


size, balance of executive and nonexecutive directors, and diversity of
membership.

No one individual should have unfettered control. Ideally chairman and


chief executive should be different people; if not there should be a strong
independent element on the board with a recognised senior member.
Responsibilities of CEO

Responsibilities of chairman

Board committees
Board committees supervise specific
areas, doesn't absolve main board
from overall responsibilities. Key
committees:

 Running board
 Accurate board information
 Shareholder communication
(Chairman's Statement)











Nomination
Audit
Remuneration
Risk management

(this chapter)
(Chapter 8)
(this chapter)
(Chapter 5)

New director induction


Board appraisal
Board development
Signing off accounts






Strategic development
Investment analysis
Risk management
Recommendations to
board committees

 Control systems
enforcement

(003)ACP1PC14_CH03.qxp

Role of board

5/28/2014

Board
membership

12:40 AM

Page 25

Directors'
remuneration

Non-executive
directors

Stakeholder
relationships

Reporting

Non-executive directors (NEDs)

Number of NEDs

NEDs have no executive (managerial) responsibilities.


They should provide balance and help to reduce
conflict between executive directors and shareholders.
Majority of NEDs should be independent.

USA/UK Independent NEDs at least half of board,


others sufficient for views to carry weight.

Independence of NEDs

Role:
 Strategy
 Scrutiny






 Risk management
 Board personnel

No business/financial/other connection
No share options/pensions
Appointment for specified term
Ability to take independent advice

Advantages of NEDs

Disadvantages of NEDs

 External experience and knowledge


 Wider perspective
 Comfort for investors
 Confidant/enabler
 Board members but objective







Page 25

Independence?
Restricted recruitment
Difficult to impose views
Cant prevent problems
Limited time
3: Corporate governance practice and reporting

(003)ACP1PC14_CH03.qxp

Role of board

5/28/2014

Board
membership

12:40 AM

Page 26

Non-executive
directors

Principles
 Directors' remuneration set by independent board
members
 Bonuses related to measurable performance/enhanced
long-term shareholder value
 Full transparency in annual accounts

Remuneration committee
 Remuneration policy
 Specific remuneration packages

Stakeholder
relationships

Reporting

Remuneration statement

UK's Greenbury committee suggests:

Committee of independent NEDs determining:

Directors'
remuneration

Consider and disclose:


 Remuneration policy
 Arrangements for individual directors
Consider allowing members to vote on
remuneration statement in accounts.

Service contracts
If service contracts are too long, premature termination
may mean significant payments. Service contracts
shouldn't be >12 months normally.

(003)ACP1PC14_CH03.qxp

5/28/2014

12:40 AM

Elements of remuneration package


Basic salary in contract of employment
Performance-related bonuses limited possibly
to maximum % of pay, shouldn't be given for
transactions, or if excessive risks taken?
Shares granted on condition can't be sold
Share options purchased at specified exercise
price, encouragement to improve company's
performance and hence share prices, options
(and shares) to be held for certain length of time
Benefits-in-kind is cost excessive and how
comparable are they with what employees are
given?
Pensions best practice to make only basic
salary pensionable
Page 27

Page 27

Factors affecting remuneration levels









Need to attract and retain directors


Interests of stakeholders
Weighting and phasing of different parts of package
Director/manager differentials
Impact of director/manager resigning
Performance measures
Performance measures






Variety of financial/non-financial measures


Focus on current not historic performance
Avoid short-termism
Reward individual effort
3: Corporate governance practice and reporting

(003)ACP1PC14_CH03.qxp

Role of board

5/28/2014

Board
membership

12:40 AM

Page 28

Directors'
remuneration

Non-executive
directors

Stakeholder
relationships

Relationships with shareholders

Relationships with stakeholders

Directors should be required to submit to regular


re-election (every year/every three years). Boards should
consider relationships with all shareholders, particularly
institutional shareholders. Annual general meetings normal part of calendar, other general meetings discuss
issues of immediate/serious concern.

OECD stresses role of:

Proxy voting
Myners report recommends:
 Clear agreements between beneficial owners
and investment managers
 Stock lending shouldn't happen
 Electronic voting
 Poll (including proxies) for all resolutions







Reporting

Employees
Creditors
Suppliers
Investors
Government

Position of stakeholders should be:


 Protected by law
 Enhanced by participation (eg employees share
ownership, profit-sharing arrangements, seat on
board)

(003)ACP1PC14_CH03.qxp

5/28/2014

Notice > 20 days


before

12:40 AM

Page 29

Business
presentation

Question and
answer sessions

Annual general meetings

Shareholders vote on
substantially
separate issues
Page 29

Shareholders vote on
report and accounts

3: Corporate governance practice and reporting

(003)ACP1PC14_CH03.qxp

Role of board

5/28/2014

Board
membership

12:40 AM

Page 30

Directors'
remuneration

Non-executive
directors

Reporting

Reporting

Major disclosures

London Stock Exchange requires:


 Narrative statement of how principles in UK
Corporate Governance Code have been applied
 Statement of compliance/details of reasons for
non-compliance

Voluntary disclosures
Disclosures above statutory/best practice minimum.
Disclosures should follow certain principles:






Stakeholder
relationships

Planned process
Transparency in disclosures made
Consultation with users
All relevant information considered
Disclosures subject to review

 Board composition, directors, NEDs, evaluation


of board performance
 Committee reports
 Relations with auditors and shareholders
 Review of internal controls
 Going concern
 Sustainability reporting
 Business review
Benefits





Wider information provision


Different forms of information
Greater assurance about management
Reflect investor interests

(004)ACP1PC14_CH04.qxp

5/28/2014

12:42 AM

Page 31

4: Internal control systems

Topic List
Control systems
Nature of risks
Control framework
Control limitations
Enterprise risk management
Assessment of systems

In this chapter we look at the key elements of sound


control systems. The overall environment and ethos of
organisation is as important as the specific procedures.
The risks organisations face should have a significant
impact upon the control frameworks they adopt.You may
need to assess the effectiveness of control systems and
the difficulties of implementing sound systems.

(004)ACP1PC14_CH04.qxp

Control
systems

5/28/2014

Nature of
risks

12:42 AM

Control
framework

Internal management control


Management planning, organising and directing so
that organisational objectives are achieved.
Turnbull report listed key aims:
 Facilitate effective and efficient operation
 Ensure quality of reporting
 Ensure compliance with laws and regulations

Cybernetic control system


Process of control within system.
 Identification of system objectives
 Setting targets for system objectives
 Measuring system achievements/outputs
 Comparing achievements with targets
 Identifying corrective action
 Implementing corrective action

Page 32

Control
limitations

Enterprise risk
management

Assessment of
systems

Features of control systems


 Ease of target
achievement
 Qualitative/
quantitative
measures
 Short/long-term
measures

 Consistency of
measures
 Management
intervention
 Automatic control
mechanisms
 Reliance on social
relationships

Characteristics of control systems


 Embedded in operations
 Form part of culture
 Capable of quick response

(004)ACP1PC14_CH04.qxp

Control
systems

Nature of
risks

5/28/2014

12:42 AM

Control
framework

Page 33

Control
limitations

Risk classification
Risks can be classified in various ways:
Fundamental affects society in general
Particular individual in control
Speculative good or bad consequences
Pure only outcomes harmful

Risk and uncertainty


Uncertainty means possible outcomes and/or chances
of each occurring are unknown.

Risk and return


Businesses have to take some risks to trade
(entrepreneurship). Businesses may tolerate higher
risk levels provided they receive higher returns.
Page 33

Enterprise risk
management

Assessment of
systems

Benefits of risk management







Predictability of cash flows


Limitation of effects of bad events
Increased shareholder confidence
Weigh costs

Risk and corporate governance


Corporate governance reports aim to address
shareholder concerns that directors are not
achieving adequate returns for risks incurred and
provide mechanisms for controlling directors who
are taking excessive risks. Directors' responsibility
for monitoring and disclosing risk management is
stressed.
4: Internal control systems

(004)ACP1PC14_CH04.qxp

Control
systems

5/28/2014

Nature of
risks

12:42 AM

Control
framework

Page 34

Control
limitations

Enterprise risk
management

Assessment of
systems

CONTROL FRAMEWORK
Control environment
Purposes







Orderly conduct of business


Adherence to internal policies and laws
Safeguarding assets
Prevention/detection of fraud
Accuracy/completeness of accounting records
Quality of information and reporting

Control activities
Control systems and risks
 Objectives
 Nature/extent of
risks
 Acceptable risks
 Likelihood risks
materialise

 Ability to reduce
risks
 Costs/benefits of
controls
 Changes in risk
conditions

(004)ACP1PC14_CH04.qxp

Control
systems

Nature of
risks

Costs > benefits

5/28/2014

12:42 AM

Control
framework

Page 35

Control
limitations

Human error/Fraud

Enterprise risk
management

Assessment of
systems

Employee collusion

LIMITATIONS OF CONTROLS

Management
bypass

Page 35

Designed for routine


transactions

Depend on method
of data processing

4: Internal control systems

(004)ACP1PC14_CH04.qxp

Control
systems

Nature of
risks

5/28/2014

12:42 AM

Control
framework

Page 36

Control
limitations

Enterprise risk management (ERM)


ERM is framework suggested by COSO for dealing
with risk. It is a fundamental process, operated at
organisation level, that helps staff understand risks,
responsibilities and authority levels. ERM should:







Apply in strategy setting


Apply in all areas and over whole organisation
Identify events affecting entity
Manage risk according to risk appetite
Provide reasonable assurance
Support organisational objectives

Enterprise risk
management

Assessment of
systems

ERM benefits







Align risk appetite and strategy


Link growth, risk and return
Choose best risk response
Minimise surprises and losses
Manage risks over whole organisation
Allows organisation to seize opportunities

(004)ACP1PC14_CH04.qxp

5/28/2014

12:42 AM

Page 37

COSO's Enterprise Risk Management framework

SUBSIDIARY
BUSINESS UNIT
DIVISION
ENTITY LEVEL

E
S
ING
GIC TION
NC
T
E
A
I
R
T
L
A
O
RA
ER
MP
EP
P
ST
O
R
O
C
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information & Communication
Monitoring

Page 37

4: Internal control systems

(004)ACP1PC14_CH04.qxp

Control
systems

Objectives

Nature of
risks

5/28/2014

12:42 AM

Control
framework

Risk links

Page 38

Control
limitations

Compatibility

Enterprise risk
management

Control mix

Assessment of
systems

Human
resources

ASSESSMENT

Framework

Review

Information

Feedback

Costs/benefits

(005)ACP1PC14_CH05.qxp

5/28/2014

12:43 AM

Page 39

5: Risk attitudes and internal environment

Topic List
Risk attributes
Stakeholders and risk
Internal environment
Risk management responsibilities
Objective setting

This chapter covers the underlying factors that help


determine how organisations respond to the risks they
face. These factors include attitudes to risk, the
environment and culture, and the organisational structure
including responsibilities for dealing with risks.

(005)ACP1PC14_CH05.qxp

5/28/2014

Risk attributes

12:43 AM

Stakeholders
and risk

Page 40

Internal
environment

Risk management
responsibilities







 Emotional satisfaction
 Risk-averse or riskseeking

Personal views

Objective
setting

Size
Structure
Development
Past experience
Focus on avoiding
risk

Organisational influences
Risk attributes

National influences

Shareholder requirements

 Government protection

 Risk/return

(005)ACP1PC14_CH05.qxp

5/28/2014

Risk attributes

Shareholders
Debt providers
Employees
Suppliers
Customers
Wider community
Page 41

12:43 AM

Page 41

Internal
environment

Stakeholders
and risk

R
I
S
K
C
O
N
C
E
R
N
S



















Risk management
responsibilities

Objective
setting

Dividend impact
Capital gain impact
Dependent on their risk appetite/diversification
Threat to repayment
Security imposed
Threat of other debts
Job threats
Health and safety worries
Ability to take action
Losses on sales
Unwilling credit suppliers
Disruption of relationships
Delivery failures
Lack of value
Poor quality
Poor employment policies
Adverse impact on the environment
5: Risk attitudes and internal environment

(005)ACP1PC14_CH05.qxp

5/28/2014

Risk attributes

12:43 AM

Stakeholders
and risk

Page 42

Internal
environment

Internal/control environment
The control environment is the attitude, awareness and
actions of management in relation to internal controls,
providing the background for the operation of other
controls.

Risk management
responsibilities

Elements of internal environment








Management's philosophy and operating style


Control culture
Organisational structure
Methods of imposing control
Integrity, ethical values and competence

Strong internal environment


Risk environment







Clear risk management strategies


Culture/code of conduct/HRM/reward systems support
objectives and risk limitation
Senior management commitment to competence,
integrity and trust
Clear authority and responsibility
Communication procedures
Staff have knowledge, skills and tools

Objective
setting







Risk management philosophy


Risk appetite
Integrity
Ethics
Organisational environment

(005)ACP1PC14_CH05.qxp

5/28/2014

12:43 AM

Page 43

Embedding risk awareness

Risk register

Risk assessment should evolve into a consistent activity


embedded across all processes, focus on:

Formal collection of risk and response information.


Register lists and prioritises risks, and specifies
responsible individuals and action taken.

 Threats to shareholders/stakeholders (future growth


opportunities/core business)
 Consistent action-orientated risk assessment
Changing risk culture







Internal communications programme


Training
Involvement in risk identification
Incentives
Key personnel persuasion
Infrastructure support

Page 43

Risk policy statement












Definitions and objectives


Regulatory requirements
Links to strategic decision-making
Key areas
Risk classification
Risk responsibilities
Important controls
Assurance reporting
Training

5: Risk attitudes and internal environment

(005)ACP1PC14_CH05.qxp

5/28/2014

Risk attributes

12:43 AM

Stakeholders
and risk

Page 44

Internal
environment

Risk management
responsibilities

Objective
setting

Board

Determines risk management strategy and monitors overall risks, sets


and reviews internal control

Senior managers

Build on overall framework, specifying risk management methods and


co-ordinate responses, may staff risk management group

Internal audit

Audit risk management process/key risk area controls

External audit

Audit risk areas that impact materially on financial statements

Line managers

Identify and evaluate risks in their areas, use performance


indicators for monitoring, implement responses

Staff

Follow risk management procedures, have good understanding,


report dangers

(005)ACP1PC14_CH05.qxp

5/28/2014

12:43 AM

Page 45

Risk committee

Risk management personnel

Committee of directors, separate from audit


committee, responsible for monitoring and
supervising risk identification and management.

Risk specialist consultant called in to advise on particular


aspects of risk management
Risk manager employee with specific responsibility for
dealing appropriately with risks
Risk management function employees in larger
organisations

 Can be staffed by executive directors


 Allows audit committee to concentrate on
financial risks

Role of RM function

Role of RM committee
 Determine risk management
strategy/policy
 Review reports on risk
 Monitor overall exposure
 Monitor changes in circumstances
 Assess effectiveness of RM systems
 Review statement on internal control
Page 45









Helping determine risk management strategies


Champions of risk management
Building risk awareness culture
Establishing risk policy and structures
Developing and reviewing risk management processes
Co-ordinating functional responses
Preparing report for board/shareholders
5: Risk attitudes and internal environment

(005)ACP1PC14_CH05.qxp

5/28/2014

Risk attributes

12:43 AM

Internal
environment

Stakeholders
and risk

Mission
A general objective, visionary, often unwritten and
very open-ended, without any time limit for
achievement.

Objective setting and risk


Strategic objectives and mission will influence risk
management.
However businesses should also determine risk
appetite (willingness to take risks) and risk
strategy.
These in turn should influence business objectives.
Businesses should take a portfolio view of risks,
looking at relevant risks over the whole organisation.

Page 46

Risk management
responsibilities

Objective
setting

COSO model





Strategic high level goals, support mission


Operational effectiveness and efficiency
Reporting reliability
Compliance with applicable laws
Corporate objectives









Profitability
Market share
Growth
Cash flow
Customer satisfaction
Quality
Added value

(006)ACP1PC14_CH06.qxp

5/28/2014

12:43 AM

Page 47

6: Risks

Topic List
Strategic and operational risks
Types of risks
Risk identification

In this chapter we look at the risks that organisations


face. We draw various important distinctions between
different kinds of risk, and emphasise the link between
risk and return. We also look at examples of the key risks
that organisations have to counter.

(006)ACP1PC14_CH06.qxp

5/28/2014

12:43 AM

Page 48

Strategic and
operational risks

Types of risks

Risk identification

Strategic risks

Operational risks

Fundamental risks to organisation's profits/existence


arising from the sector its in and the nature of what it
does. Strategic risks arise out of decisions about
resources, products, acquisitions and investments.

Risks of loss from failures in internal business and


control processes.

Factors affecting strategic risks











Stakeholders
State of economy
Nature of industries/markets
Level of competition
Availability/price of resources
Flexibility of production
Ability to innovate/R&D
Stage of product life cycle

Examples







IT failures
Human error
Loss of key staff
Fraud
Business interruptions
Internal audit weaknesses

(006)ACP1PC14_CH06.qxp

5/28/2014

12:43 AM

Page 49

Strategic and
operational risks

Types of risks

Risk identification

Entrepreneurial risks

Product risks

Risks from carrying out business activities.


Entrepreneurial risks must be taken if business is to
make profits.

Risks of financial loss due to producing a poor


quality product. They include need to compensate
dissatisfied customers, possible loss of sales and
need for expenditure on quality control procedures.

Financial risks
Threats to organisations continued existence
through lack of available funds or taking on
excessive or unsuitable commitments. Risks also
include credit risk from non-paying debtors and
currency/interest rate risks.

Market risks
Risks arising from markets within which a company
operates, risks arising from movements in market
value of asset.
Page 49

Legal risks
Risks of fines or threats of closedown, or incurring
costs to fight legal actions.

Political risks
Political risk is the risk that political action will affect
organisation. Examples include quotas, tariffs,
exchange controls and nationalisation.

6: Risks

(006)ACP1PC14_CH06.qxp

5/28/2014

12:43 AM

Page 50

Strategic and
operational risks

Types of risks

Risk identification

Technological risks

Fraud risks

Risks of loss through the inadequacies/disruption of


IT systems and resources, risks arising from
information strategy pursued.

Risks of loss through fraudulent activities of employees


or managers. Fraud risks are often increased by poor
corporate governance procedures, allowing senior staff
to commit fraud because mechanisms to challenge
their behaviour are ineffective.

Health and safety risks


Risks include loss of employees' time and having to
pay compensation or legal costs. Risks arise
because of lack of policy, poor culture, lack of
emergency procedures.

Environmental risks
Risk arising out of environmental effects of
operations. Organisations can suffer fines, bad
publicity, non-co-operation.

Knowledge management risks


Risks of losses due to failure to secure knowledge
resources adequately. Risks include abuse of
intellectual property, power failures leading to loss of
information, loss of key staff.

Property risks
Risks from damage, destruction or theft of property.
Dangers include fire, wind, water leakage and
vandalism.

(006)ACP1PC14_CH06.qxp

5/28/2014

12:43 AM

Page 51

Trading risks

Organisational risks

Risks of disruption in the course of trade.

Risks that members/employees of an organisation


will behave in ways detrimental to the organisation,
eg failure to adapt to change.

 Physical goods/documentation lost/stolen


 Trade customer refuses goods/cancels order
 Liquidity inability to finance activities

Disruption risks
Risk of disruption to operations caused by IT
failures, employee problems, supplier loss, legal
action.

Resource wastage risks


Risks include incurring excessive costs or waste of
employees' time and resources.

Page 51

Reputation risks
Risk of loss of reputation arising from adverse
consequences of another risk.
Poor reputation





Crystallisation of risks
Poor customer service
Failure to innovate
Poor ethics
6: Risks

(006)ACP1PC14_CH06.qxp

5/28/2014

12:43 AM

Page 52

Strategic and
operational risks

Types of risks

Risk
identification

Risk identification
Need to know whether likely perils are present and be aware of possibility of unlikely risks. Identification can
focus on targeting unacceptable risks or risk levels.

Risk condition identification

Event identification

 Physical inspection

 External events eg economic conditions

 Enquiries

 Internal events eg human errors

 Brainstorming

 Conditions resulting in risks

 Checklists

 Trends and root causes

 Benchmarking

 Event interdependencies

(007)ACP1PC14_CH07.qxp

5/28/2014

12:43 AM

Page 53

7: Risk assessment and response

Topic List
Risk assessment
Risk responses
Control activities

In this very important chapter, we deal with how risks are


managed, in particular how risks are reduced by control
activities.

(007)ACP1PC14_CH07.qxp

5/28/2014

12:43 AM

Page 54

Risk
assessment

Risk management
effectiveness

Control
activities

Risk
responses

Stakeholder
pressures

Risk management
costs

Risk assessment

Comprehensive
coverage

Accurate analysis

Responsive to
changing risks

(007)ACP1PC14_CH07.qxp

5/28/2014

12:43 AM

Page 55

Likelihood/Consequences matrix

Risk quantification

Use Likelihood/Consequences matrix as basis for


setting priorities for risk management.

Need an idea of possible results or losses, together


with distributions and confidence limits.

Consequences

Low
Low
L
i
k
e
l
i
h
o
o
d

Loss of suppliers

Loss of lower-level
staff
High

Page 55

Key calculations

High

Loss of key customers


Failure of computer systems

Loss of senior or specialist


staff
Loss of sales to competitor
Loss of sales due to
macroeconomic factors






Average or expected result or loss


Frequency of losses
Chances of losses
Largest predictable loss

Sensitivity analysis
Examine impact of key variable changes, such as
sales price + volume, initial + operating costs, cost of
capital.
7: Risk assessment and response

(007)ACP1PC14_CH07.qxp

5/28/2014

12:43 AM

Page 56

Risk
assessment

Control
activities

Objective/subjective risks

Accounting ratios

Objective risks can be assessed with high accuracy.

Ratios can demonstrate risks to companies and


shareholders, particularly liquidity or solvency risks.

Key ratios







Risk
responses

Debt ratio
Gearing
Interest cover
Cash flow ratio
Current ratio
Quick ratio

Subjective risks cannot be quantified easily,


assessment depends on knowledge and skills of
assessor.

Related risks
Risks may be related/correlated because their
causes are the same, or one risk links to another.

Consolidation of risk
Need to aggregate at organisation levels risks
identified and quantified at operational level.
Need also to consider impact of correlated risks,
where two or more different risks vary together.

(007)ACP1PC14_CH07.qxp

5/28/2014

12:43 AM

Page 57

Risk
assessment

Risk
responses

Control
activities

Likelihood/Consequences matrix
Consequences

L
i
k
e
l
i
h
o
o
d

Low

High

Low

High

Accept

Transfer

Cost of action/benefits

Insurance/contingency planning

Reduce

Avoid

Controls to limit risk


occurrence/impact

Immediate action required,


possible abandonment of activities

Stop/Drop Not taking profitable opportunity on grounds of excessive risk


Go Going ahead with activity and incurring losses
ALARP Reducing risks to as low as reasonably practicable levels

Page 57

7: Risk assessment and response

(007)ACP1PC14_CH07.qxp

5/28/2014

12:43 AM

Page 58

Risk
assessment

Risk
responses

Control
activities

 Natural hedging

 Debt/equity mix

 Internal netting

 International

 Working capital management

Diversification

Internal strategies
Financial risk management

Risk transfer

Risk sharing
 Forwards

 Joint ventures

 Options

 Futures

 Swaps

 Insurance

 Securitisation

(007)ACP1PC14_CH07.qxp

5/28/2014

12:43 AM

Page 59

Risk
assessment

Classification of controls
Corporate are general policy, culture, values, overall
monitoring
Management include planning, performance monitoring,
risk evaluation
Administrative include organisation structure, authority
and reporting lines, communication channels
Accounting are recording of transactions and
safeguarding records, transactions and assets
Prevent stop errors happening including checks of
documentation before payment/deliveries made
Detect pick up errors
Correct minimise or negate errors eg back-up
Non-discretionary can't be bypassed
General relate to environment
Page 59

Risk
responses

Control
activities

Types of control procedure


 Approval and control of documents
 Controls over computerised applications and IT
environment
 Checking arithmetical accuracy
 Control accounts
 Trial balances
 Reconciliations
 Physical counts
 Comparing internal and external data
 Limiting direct physical access
7: Risk assessment and response

(007)ACP1PC14_CH07.qxp

5/28/2014

12:43 AM

Page 60

Risk
responses

Risk
assessment

Control
activities

Assurance from internal controls

Benefits of controls

Internal controls can only provide


reasonable assurance that management
objectives will be achieved, because of their
limitations.

Benefits may be financial


(less costs)
Benefits may be non-financial
(efficiency and effectiveness improvements, less internal
audit resource required)

Costs of controls
Costs include direct costs (salary), opportunity
costs (time) and perhaps reduced flexibility,
responsiveness and creativity.

Benefits v costs
 Difficult to estimate risk exposure
 Difficult to estimate impact of controls
 Comparison of financial costs v non-financial benefits

(008)ACP1PC14_CH08.qxp

5/28/2014

12:44 AM

Page 61

8: Information, communication and monitoring

Topic List
Internal communication
Monitoring
Internal audit
Audit committee
Board review and reporting

This chapter emphasises the importance of information


flows and communication between managers and staff.
The principles of good communication also apply to
formal reports in the accounts on risk and internal
control. We also cover the monitoring activities required
to ensure control systems remain effective.

(008)ACP1PC14_CH08.qxp

Internal
communication

5/28/2014

12:44 AM

Monitoring

Page 62

Internal audit

Audit committee

Board review
and reporting

Directors' information requirements

Communication of policies

Directors need information about risks linked to


achievement of organisation's objectives and
control mechanisms that should respond to
changes in business environment.
Directors should:

Turnbull report recommends policies are communicated in


following areas:
 Customer relations
 Service levels
 Health, safety and environment
 Asset security and business continuity
 Expenditure
 Accounting, financial and other reporting

 Compare different sources of data


 Consider adequacy of communication
channels
 Provide feedback
 Review management/information systems

Communication methods






Guidance from chief executive


Circulation of risk policies
Staff involvement in policy development
Workshops and training
Whistleblowing procedures

(008)ACP1PC14_CH08.qxp

Internal
communication

5/28/2014

12:44 AM

Monitoring

Page 63

Internal audit

Audit committee

Board review
and reporting

Monitoring ensures that internal controls continue to operate effectively. This process involves
assessment by appropriate personnel of the design and operation of controls on a timely basis and
taking necessary actions.

Elements of monitoring
Ongoing monitoring includes routine, day-to-day
reviews.
Separate evaluation includes annual review of
controls plus internal audit evaluations.
Effective/efficient monitoring
 Strong control environment
 Prioritisation
 Communication structure/reporting
Page 63

Monitoring procedures








Audit committee liaison with auditors


Internal audit work on control
Monitoring programs in information systems
Reports of potential failures
Supervisory controls
Management self-assessment
Quality control on internal audit

8: Information, communication and monitoring

(008)ACP1PC14_CH08.qxp

Internal
communication

5/28/2014

12:44 AM

Monitoring

Page 64

Internal audit

Audit committee

Board review
and reporting

Internal audit
Internal audit is an independent appraisal activity established within an organisation which examines and
evaluates the adequacy and effectiveness of other controls.

Need for internal audit


Need depends on complexity of activities, employee
numbers, cost-benefit considerations. Necessary when:





Changes in organisational structure


Changes in key risks
Problems with internal control systems
Increased number of unexplained or unacceptable
events
Objectives depend on information and recommendations
required by organisation, also state of organisation's risk
management.

Internal audit areas











Accounting and internal control systems


Financial and operating information
Economy, efficiency and effectiveness
Compliance with laws and regulations
Safeguarding of assets
Implementation of organisation's objectives
Risk auditing
Special investigations

(008)ACP1PC14_CH08.qxp

5/28/2014

12:44 AM

Independence
IA should be independent of activities and
management being audited.

Page 65

Objectivity

Impartiality

Threats to independence
Threats include involvement in systems design and
consultancy, familiarity with other staff and reporting
to finance director whose activities are being audited.

Unbiased views
Valid opinion

Dealing with threats








IA staff don't audit their previous departments


IA staff don't audit systems they designed
Unrestricted access to records, staff, personnel
Report to audit committee
Rotation of IA staff

Page 65

Access to all areas


Relevant skills
Audit senior managers

I
n
d
e
p
e
n
d
e
n
c
e

8: Information, communication and monitoring

(008)ACP1PC14_CH08.qxp

Internal
communication

5/28/2014

12:44 AM

Monitoring

Role of audit committee


The audit committee's work should improve public
confidence in corporate governance, by helping to
create a climate of control and improving the quality of
financial reporting. The committee should also:
 Enable NEDs to play positive role
 Help finance director
 Strengthen position and independence of external
auditors

Audit committee membership


Audit committee should consist of independent nonexecutive directors and should include member(s)
with significant and recent financial experience.

Page 66

Internal audit

Audit committee

Board review
and reporting

Duties of audit committee


Review of financial statements including changes
in policies, judgemental areas, compliance
Relationship with external auditors including
appointment/removal, independence, scope, liaison
Review of internal audit including standards,
independence, scope, resources, reporting, work
plans, liaison with external auditors, results
Review of internal control including systems
adequacy, legal compliance, fraud risk, auditors'
reports, disclosures
Review of risk management
Investigations

(008)ACP1PC14_CH08.qxp

5/28/2014

Internal
communication




Monitoring

Strategic
Identifying,
Consequences/likelihoods evaluating and

Risks

12:44 AM

Page 67

Audit committee

Internal audit

Control system
effectiveness

Board review
and reporting

Actions to
reduce risk

Need for more


monitoring

managing risks

Regular review
Risk assessment




Control
environment/activities

Clear objectives
Assessment of significant 
risks

Acceptable risks

understood



Page 67

Risk management policy


Effective culture
Senior management
commitment
Clear authority lines
Communication

Information and
communication





Quality of reports
Changing information needs
Balanced reporting?
Whistleblowing channels

Monitoring





Effective processes
Flexibility
Follow-up
Significant event
reporting

8: Information, communication and monitoring

(008)ACP1PC14_CH08.qxp

5/28/2014

Internal
communication

12:44 AM

Monitoring

Page 68

Internal audit

Audit committee

Board review
and reporting

Annual review of controls

External reporting on risk management

Review should be wider-ranging than normal review:


 Changes in risks faced
 Changes in organisation's ability to respond to risks
 Scope and quality of managements monitoring
 Work of/need for internal audit
 Extent and frequency of reports to board
 Significant controls, failings and weaknesses

Board should disclose existence of process for


managing risks, how the board reviewed the
effectiveness of the process and whether the
process accords with the Turnbull guidance.



Needs to be comprehensive and carried out systematically 
and regularly. Most serious risks may need to be reported 
daily. Reports should show:

 Risk levels before controls implemented

 Actual risks vs predicted risks

 Feedback on action taken
 Level of residual risks

Internal risk reporting

Contents of report
Responsibility for internal control
Responsibility for review of effectiveness
System manages, not eliminates, risk
System provides reasonable assurance v
loss
Summary of review
Process for dealing with problems
Weaknesses resulting in material losses

(009)ACP1PC14_CH09.qxp

5/28/2014

12:46 AM

Page 69

9: Personal ethics

Topic List
Ethical theories
Individual influences
Situational influences
Approaching ethical problems

Dont think of this chapter as too theoretical.You may see


questions where you have to determine what would
influence an individual's ethical decision-making, or use
Tucker or the AAA model to assist the decision-making
process.

(009)ACP1PC14_CH09.qxp

5/28/2014

12:46 AM

Ethical theories

Page 70

Individual
influences

Situational
influences

Approaching
ethical problems

Lack of objective standards

Objective standards

Non-cognitivism no possibility of acquiring objective


knowledge of moral principles.
Moral relativism right and wrong are culturally
determined.

Cognitivism objective, universal principles exist and


can be known, ethics can be regarded as absolute.

Deontological ethics

Teleological Consequentalist ethics

Kant stated that acts can be judged in advance by


moral criteria:

Moral judgements based on outcomes or


consequences. Utilitarianism means acting for the
greatest good to the greatest number.

 Do what others should be doing


 Treat people as autonomous beings and not as
means to an end
 Act as if acting in accordance with universal laws

Egoism
Act is ethically justified if decision-makers pursue
short-term desires or long-term interests (justification
for free market).

Pluralism
Different views may exist but it should be possible to
reach a consensus; morality is a social phenomenon.

(009)ACP1PC14_CH09.qxp

5/28/2014

12:46 AM

Ethical theories

Page 71

Individual
influences

Situational
influences

Approaching
ethical problems

National and cultural beliefs

Psychological factors

Differences lie in four main areas.


 Role of individual v collective good
 Acceptance of power distribution
 Desire to avoid uncertainty
 Masculinity v femininity (money/possessions v
people/relationships)

Focus is on how people think and how they decide


what is morally right and wrong.

Education and employment

Locus of control
Influence individuals believe they have over their own
lives.
 Internal individuals have significant influence
 External lives shaped by luck/circumstances

People's education/work background seems to be more


significant with globalisation.

Moral development

Morality

Kohlberg's three levels ethics determined by:


1 Rewards/punishments (Pre-conventional)

Actions are influenced not only by people's own


integrity but also how much awareness they have of
their actions' moral consequences.
Page 71

Others' expectations/law (Conventional)

Individual's own decisions (Post-conventional)


9: Personal ethics

(009)ACP1PC14_CH09.qxp

5/28/2014

12:46 AM

Page 72

Ethical theories

Individual
influences

Situational
influences

Approaching
ethical problems

Moral intensity

Moral framing

Can be used to decide how ethically significant an


issue is.

How issues are perceived in organisations. Use of


language can be important (fairness/honesty), but also
significant is the degree to which managers are willing
to frame issues in moral terms.

Criteria







Magnitude of consequences
Society's view of problem
Probability of effect
Speed consequences will occur
Nearness of those affected
Level of suffering of those affected

National/cultural context
Ethical decision may be shaped by nation in which it
happens.

Organisational culture
Basic assumptions that define organisation's view of
itself and its environment.
Components of organisational culture





Values
Beliefs
Behaviours
Taken for granted assumptions

(009)ACP1PC14_CH09.qxp

5/28/2014

12:46 AM

Page 73

Systems of reward

Bureaucracy

Ethical positions can be affected for better or worse by


remuneration.
 Basis of reward may encourage undesirable practices
 Failing to reward/punishing ethical behaviour may
deter it

A system including detailed rules and procedures,


that underpins reward and authority systems.

Authority
Managers can encourage good or bad behaviour by the
example they set, whether they set targets that encourage
poor behaviour, or fail to stop unethical behaviour.

Work roles
The work role individuals have will determine what they
believe to be ethical.
Page 73

Bureaucracy characteristics





Rules override individual beliefs


Morality in terms of following procedures
Distancing individuals from consequences
Denial of individuals moral status

Organisational field
Organisations share a common business
environment, and hence common norms and
values.
9: Personal ethics

(009)ACP1PC14_CH09.qxp

5/28/2014

12:46 AM

Ethical theories

How to gain marks


Marks will be awarded for:
 Analysis of the situation
 Recognition of ethical issues
 Explanations of relevant ethical guidance
 Making clear, logical and appropriate
recommendations
 Justifying recommendations in practical business
and ethical terms

Page 74

Individual
influences

Situational
influences

Approaching
ethical problems

Tucker's model of decision-making


 Profitable
 Legal
 Fair

 Right
 Sustainable

American Accounting Association


 Facts
 Ethical issues
 Norms/principles/
values
 Alternative courses
of action

 Best course of
action
 Consequences
 Decision

(010)ACP1PC14_CH10.qxp

5/28/2014

12:48 AM

Page 75

10: Professional ethics

Topic List
Company codes
Professional codes
Ethical threats and safeguards
Accountants in business
Public interest

In this chapter we focus on professional and business


ethics. Knowledge of the ethical threats is as important
as it was in earlier auditing papers, and you need to
adopt a logical approach to solving ethical dilemmas.
However, in this paper its also important to understand
why codes take the form they do and how much impact
they have. Independence will be a key issue in many
questions.

(010)ACP1PC14_CH10.qxp

5/28/2014

Company codes

12:48 AM

Professional
codes

Page 76

Ethical threats and


safeguards

Code of conduct

Public interest

Contents of codes

Code seeks to establish organisation's values, promote


business objectives, emphasise responsibilities to
stakeholders, control individuals' behaviour.
However, issuing a code isn't enough, a code needs to
be backed by:
 Commitment of senior management
 Staff understanding of importance of ethics
 Staff commitment to ethics
Other measures







Accountants
in business

Detailed guidance
Recruitment/Selection/Induction
Training
Reward schemes
Whistle-blowing procedures
Ethical departments/audits











Ethical principles
Commitment required from employees
Compliance with law
Treatment of customers
Treatment of suppliers
Commitment to fair competition
Commitment to environment
Commitment to community
Corporate citizenship

Problems with codes


Codes may be seen as inflexible and unfair sets of
rules, that are not relevant to the ethical situations
employees encounter.

(010)ACP1PC14_CH10.qxp

5/28/2014

Company codes

12:48 AM

Professional
codes

Page 77

Ethical threats and


safeguards

Accountants
in business

Public interest

Professional codes

Fundamental principles

Professional codes stress the


importance of the public interest.
Most then set out:
 Fundamental principles
 Conceptual framework
 Threats to compliance
 Safeguards

Professional competence/due care maintain knowledge/comply with


standards
Integrity straightforwardness/honesty
Professional behaviour avoid actions discrediting profession
Confidentiality don't disclose to third parties unless legal/professional
duty
Objectivity avoid influence by bias/conflicts of interest/undue influence

Advantages

Professional codes
Disadvantages

 Emphasise public interest/confidence


 Onus on active thought
 International application
 Can include detailed guidance/prohibitions
 Prescribe minimum behaviour
Page 77







Lack of focus
Permit box-ticking
Don't capture regional variations
Not legally enforceable
Examples interpreted as rules
10: Professional ethics

(010)ACP1PC14_CH10.qxp

5/28/2014

Company codes

T
H
R
E
A
T
S

12:48 AM

Professional
codes

Page 78

Ethical threats
and safeguards

Self-interest
Self-review
Advocacy
Familiarity
Intimidation

Public interest

Professional safeguards








Importance of independence
Independence promotes:
 Reliability of financial information
 Credibility of financial information
 Value for money of audit
 Credibility of profession

Accountants
in business

Entry requirements
Training requirements
CPD requirements
Professional standards
Professional monitoring
Disciplinary procedures
External review
Safeguards in practice







Peer review
Independent consultation
Partner/staff rotation
Discussion/disclosure to audit committee
Reperformance by another firm

(010)ACP1PC14_CH10.qxp

5/28/2014

12:48 AM

Page 79

Employment with assurance client


Close business
relationships
Partner on client board

Financial
interests

Family and personal relationships

Recruitment

SELF-INTEREST THREAT

Gifts and hospitality

Loans and guarantees


Lowballing
High %
of fees
Recent service
with assurance
client

% or contingent
fees

Overdue fees

General other
services

Preparing accounting records


and financial statements

SELF- REVIEW THREAT

Other services

Corporate
finance

Page 79

Internal audit
services

Valuation services

Tax services

10: Professional ethics

(010)ACP1PC14_CH10.qxp

Company codes

5/28/2014

12:48 AM

Professional
codes

Page 80

Ethical threats
and safeguards

Accountants
in business

Public interest

Familiarity threat

Advocacy threat
Where accountants take client's part, act as their
advocate or will only earn fees from client if
successful outcome is achieved (contingent fees).
Examples include provision of legal service and
corporate finance advice.







Intimidation threat

Conflicts of interest
These can arise from accountants acting for clients
with whom they are in dispute, eg over quality of
work. It can also arise through disputes between two
clients for whom accountants are acting.

Family relationships between client and firm


Personal relationships between client and firm
Long association with client
Recent service with client
Future employment with client







Close business relationships


Family relationships
Personal relationships
Staff employed by client
Litigation

(010)ACP1PC14_CH10.qxp

Company codes

5/28/2014

12:48 AM

Professional
codes

Page 81

Ethical threats and


safeguards

Accountants
in business

Public interest

Preparation and reporting of information

Bribery and corruption

Information should describe clearly nature of


business transactions, classify and record information
in timely and proper manner, and represent facts
accurately.

Bribery is giving value in return for influence,


corruption also includes systems abuse, bid giving
and cartels.
Problems with bribery

Acting with expertise


Competent performance by accountant may be
threatened by lack of time, lack of information,
insufficient training, inadequate resources.

Financial interests
Share ownership, share options and profit-related
bonuses provide incentives to manipulate
information. Accountants may be offered
inducements to act illegally.
Page 81







Lack of honesty/good faith


Conflicts of interest
Misallocation of resources
Poor international risk management
Loss of reputation

Measures to combat bribery include code of conduct,


risk assessment, conduct of business rules and
whistleblowing questionable transactions.
10: Professional ethics

(010)ACP1PC14_CH10.qxp

Company codes

5/28/2014

12:48 AM

Professional
codes

Page 82

Ethical threats and


safeguards

Accountants
in business

Public interest

Public interest

Professionalism

The collective well-being of the community of people


and institutions the accountant serves. But lack of
statutory definition can make it difficult to enforce.
Critics have claimed profession acts against public
interest in a number of ways.

Compliance with relevant laws and regulations, and


avoidance of actions that may bring discredit on
profession.

Influence of profession
Against public interest
 Accounting standards allow excessive leeway
 Ineffective auditing standards
 Emphasise confidentiality over public interest

Critics have accused the profession of:


 Getting the numbers wrong
 Failing to realise the assumptions used in
preparing accounts support a capitalistauthoritarian view of society

(011)ACP1PC14_CH11.qxp

5/28/2014

12:49 AM

Page 83

11: Corporate social responsibility

Topic List
Corporate citizenship
Ethical stances
Social responsibility
Social and environmental impacts
Environmental audits

In this chapter we examine organisations' impact upon


the natural and human environment. This has been
highlighted as an important topic and it illustrates how
various aspects of control systems (management
systems, internal audit and external reporting) are
applied.

(011)ACP1PC14_CH11.qxp

5/28/2014

Corporate
citizenship

Ethical
stances

12:49 AM

Corporate citizenship

Page 84

Social
responsibility

Social and
environmental impacts

Environmental
audits

Core principles

The business strategy shaping the values underpinning mission and choices made as the
corporation engages with society. Corporate
social responsibility discussions are often in
terms of corporate citizenship, focusing on rights
(carrying on business lawfully) as well as
responsibilities.

 Minimising harm
 Maximising benefit
 Accountability and responsiveness to stakeholders

Limited view

Voluntary philanthropy, corporate citizen engages with local communities and


employees, mainly for self-interest.

Equivalent view

Focus on a broad range of stakeholders and response to demands of society and


legal requirements.

Extended view

Active social and political citizenship, promotion of social, civil and political rights,
filling void caused by lack of government action.

(011)ACP1PC14_CH11.qxp

5/28/2014

Corporate
citizenship

Ethical
stances

12:49 AM

Page 85

Social
responsibility

Social and
environmental impacts

Environmental
audits

 Wider view of ethical responses


 Better for reputation
 Prevents more legal regulation

 Minimum compliance
 Government imposes wider constraints

Short-term shareholder
interest

Long-term shareholder
interest
Ethical stance

Multiple stakeholder
 Building relationships
 Which stakeholders?
 Which obligations?
Page 85

Shaper of society
 Constitution requirements
 Accountability
 Financial viability
11: Corporate social responsibility

(011)ACP1PC14_CH11.qxp

5/28/2014

Corporate
citizenship

Ethical
stances

12:49 AM

Page 86

Social
responsibility

Social and
environmental impacts

Environmental
audits

Pristine capitalists

Private property rights paramount, companies exist to make profits


and achieve economic efficiency

Expedients

Acknowledgement of business excesses, acceptance of limited social


and moral responsibilities

Social contract proponents

Survival depends on delivery of benefits to society/groups that


determine its power, behaviour adheres to society norms

Social ecologists

Modification needed of economic processes, resulting in resource


exhaustion, waste, pollution

Socialists

Society's framework should promote equality, not requirements of


capitalism

Radical feminists

Need for emphasis on feminine values such as co-operation and


reflection, fundamental readjustment of society required

Deep ecologists

Human rights to existence don't exceed other species' rights.


Economic systems should not trade species survival v economic
imperatives

(011)ACP1PC14_CH11.qxp

Corporate
citizenship

5/28/2014

Ethical
stances

12:49 AM

Page 87

Social
responsibility

Social and
environmental impacts

Depletion of
natural resources

Adverse visual and


aural impacts

Indirect impacts
through supply
chain

How organisations affect


the environment

Waste
disposal
Page 87

Positive/negative
health impacts

Environmental
audits

Air and water


emissions

Contribution to
climate change

Raising/lowering
local quality of life
11: Corporate social responsibility

(011)ACP1PC14_CH11.qxp

Corporate
citizenship

5/28/2014

12:49 AM

Social
responsibility

Ethical
stances

Environmental costs
Waste management
Remediation
Compliance activities
Permit fees
Environmental training
R&D
Maintenance
Legal costs
Environmental assurance bonds
Environmental certification
Natural resource inputs
Record keeping and reporting

Page 88

Social and
environmental impacts

Environmental
audits

Contingencies

X
X
X
X
X
X
X
X
X
X
X
X
__
X
__
__









Remediation/compensation
Future regulatory impacts
Essential product improvements
Employee health and safety
Environmental knowledge acquisition
Non-sustainable inputs
Impaired assets

Stakeholders and reputation risk


Increasingly stakeholders are aware of environmental
impacts and require businesses to do more to deal
with them. Being known as a poor corporate citizen
can pose a serious reputation risk.

(011)ACP1PC14_CH11.qxp

5/28/2014

12:49 AM

Sustainability
Sustainability is ensuring that economic
development meets the needs of the present
without compromising the future.
Sustainability for organisations means
developing strategies by which an organisation only uses resources at rate that can be
replenished, and emissions of waste don't
exceed environments ability to absorb them.

For whom?
 Other species
 % of current population
In what way?
 Natural/social/economic
How long?
 Availability of raw materials
 Dependent on climate change
At what cost?
 Presentation
 Substitution/compensation possible
Weak sustainability

Strong sustainability





Fundamental change in perceptions required


Harmony with natural world
Sustain all species
Continue to pursue economic growth?

Page 89

Page 89






Catastrophe prevention
Sustaining humanity
Regulate resource usage
Maintenance of existing system
11: Corporate social responsibility

(011)ACP1PC14_CH11.qxp

Corporate
citizenship

5/28/2014

12:49 AM

Ethical
stances

Page 90

Social
responsibility

Social and
environmental impacts

Environmental
audits

The Global Reporting Initiative aims to develop Sustainability Reporting Guidelines for organisations to use
when reporting on economic, environmental and social dimensions of their activities, products and services.

Full cost accounting

GRI indicators

Full cost accounting ultimately allows the incorporation of all costs/benefits into accounting equation,
including environmental and social externalities.




Sustainability report







Vision and strategy


Profile
Governance structure and management
systems
GRI content index
Performance indicators





Direct economic impact on key stakeholders


Environmental use of natural resources, emissions,
transport usage, compliance with standards
Labour practices employment practices, health and
safety, training, diversity
Human rights strategy, non-discrimination, workers
rights, low-paid labour
Society community contribution, political activities,
competitive attitudes
Products customer health and safety, advertising,
privacy

(011)ACP1PC14_CH11.qxp

5/28/2014

12:49 AM

Advantages of external reporting








Enhances transparency and accountability


Promotes improvement in control systems
Addresses investor worries about risk
Enhances reputation
Limits damage if incidents occur

EMAS
Emphasis on verified improvement and disclosure.
Requirements include:
 Environmental policy statement
 On-site environmental review
 Environmental management system
 Environmental audits and actions
 Public environmental statement
Page 91

Page 91

Integrated reporting
Integrated reporting links reporting on sustainability
issues with reporting on financial results and operations.
It emphasises reporting on goals and strategies as well
as issues and impacts. Businesses should show their
relationships with capitals used (financial, manufactured,
human, intellectual, natural, social).

Environmental control systems


Control systems should cover relevant functions and
activities:
 Policy development and objectives
 Life-cycle assessment
 Compliance
 Waste and pollution minimisation
 R&D
 Performance reporting
11: Corporate social responsibility

(011)ACP1PC14_CH11.qxp

5/28/2014

Corporate
citizenship

12:49 AM

Ethical
stances

Page 92

Social
responsibility

Social and
environmental impacts

Environmental
audits

Environmental audit

Audit review

Assesses how organisation is safeguarding the


environment. It should enhance management control
of environmental practice and compliance with
internal policies and external reputation.

Auditors will concentrate on a number of aspects that


affect environmental impact:

Types of audit
 Environmental impact assessment of major
projects
 Surveys of organisation's impact on targets
 SWOT analysis
 Quality management programme
 Eco-audit
 BS7750 compliance
 Supplier audits








Board knowledge
Compliance procedures
Environmental information systems
Performance targets and review
Implementation of previous recommendations
True and fair reporting
Audit work

 Establish metrics
 Compare planned/desirable and actual
performance
 Report results