Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
P1 Governance,
Risk and Ethics
基础课程
[2015 大纲]
www.caicui.com 4006-026-018
AC
CA
IN
TERN
ATIO
NA
L FINA
NC
IAL ED
UC
ATIO
N
E-class
address: http://www.caicui.com/
Hotline: 4006-026-018
Q&A Email: [email protected]
Service Email: [email protected]
Follow us on weibo:http://weibo.com/icaicui
Find us on WeChat: caicuiwang
Join us on QQ group:242211157
For more information about ACCA,
plese visit http:// http://www.accaglobal.com/gb/en.html
微信:caicuiwang
网址:www.caicui.com
电话:4006 026 018
地址:北京市海淀区北三环西路 32 号恒润国际大厦 1202 室
- 1 -
ACCA P1 CONTENTS
PART A GOVERNANCE AND RESPONSIBILITY ................................................................ 4
Chapter 1. the Scope of Governance .............................................................................................. 4
1. General introductions of corporate governance (Unitary Structure) ................................... 4
2. Defining corporate governance ................................................................................................... 8
3. Concepts in sound corporate governance ................................................................................ 8
4. Roles, interests and claims of various stakeholders involved in corporate governance 9
Chapter 2. Different Theories Related to Relationship among BOD; Shareholder and
Stakeholder 12
1. Agency theory ............................................................................................................................... 12
2. Transaction cost theory ............................................................................................................... 12
3. Stakeholder theory ....................................................................................................................... 13
Chapter 3. Different Approaches to Corporate Governance .................................................... 14
1. Rules, principles and Sarbanes–Oxley (summarized from student accountant April
2008 by David Campbell) ..................................................................................................................... 14
2. Effect of business ownership models on governance regimes .......................................... 16
3. Factors that shape the development of corporate governance structure ........................ 16
4. Development of principles-based corporate governance codes in the UK ..................... 17
5. Development of rules-based Sarbanes-Oxley Act in USA .................................................. 19
6. Universal codes ............................................................................................................................ 20
Chapter 4. the Board of Directors ................................................................................................... 22
1. Introduction .................................................................................................................................... 22
2. Role and responsibilities of the board ..................................................................................... 22
3. Unitary board versus two-tier board ......................................................................................... 22
4. Unitory board(UK、US、Outside model、Market oriented) ......................................... 24
5. The roles of Chairman and Chief Executive Officer ............................................................. 25
6. UK Combined code provision June 2010 (much more than company law) .................... 26
Chapter 5. Board committees .......................................................................................................... 28
1. Remuneration committee ........................................................................................................... 28
2. Nomination committee ................................................................................................................ 28
3. Risk committee ............................................................................................................................. 29
Chapter 6. Directors' remuneration ................................................................................................ 31
1. Basic salary ................................................................................................................................... 31
2. Performance related incentives (shorterm) ............................................................................ 32
3. Shares and share options .......................................................................................................... 32
Chapter 7. Governance: Reporting, Disclosure and Communication .................................... 34
- 2 -
1. Define transparency ..................................................................................................................... 34
2. Mandatory and voluntary disclosures ...................................................................................... 34
3. Evaluation of importance of transparency and disclosure ( specially voluntary
disclosures) 35
PART B INTERNAL CONTROL AND REVIEW .................................................................. 36
Chapter 8. Internal control system and review concepts and practices ................................ 36
Chapter 9. Internal Audit Function and Compliance in Corporate Governance .................. 41
1. The role of internal audit function: ............................................................................................ 41
2. The factors that are typically considered when deciding to establish internal audit in an
organisation: 41
3. Advantages of appointing internal auditor from outside the company: ............................ 41
4. Function of audit committee ....................................................................................................... 42
PART C RISK MANAGEMENT ........................................................................................... 43
Chapter 10. Defined risk management in the context of C.G .................................................... 43
1. Necessity of risk and risk management .................................................................................. 43
2. Why manage risk? ....................................................................................................................... 43
3. Risk management ........................................................................................................................ 43
4. Enterprise Risk Management (ERM) can be defined as the: ............................................. 44
Chapter 11. Risk identification ........................................................................................................... 46
1. Risk identification: Strategic and operational risks ............................................................... 46
Chapter 12. Risk assessment ............................................................................................................ 48
1. Assessing risks ............................................................................................................................. 48
Chapter 13. Response to assessed risk (how to manage risk?) ............................................... 49
1. The role of the board ................................................................................................................... 49
2. Role of the risk manager............................................................................................................. 49
3. Risk awareness............................................................................................................................. 50
4. Embedding risk ............................................................................................................................. 50
5. Risk management: TARA (or SARA) ....................................................................................... 52
PART D PROFESSIONAL VALUES AND ETHICS ............................................................ 57
Chapter 14. Ethical Theories ............................................................................................................. 57
1. Ethics and corporate governance ............................................................................................. 57
2. Ethical Relativism versus absolutism ....................................................................................... 57
3. Kohlberg's stages of human moral development .................................................................. 58
4. Deontological and teleological / consequentialist approach to ethics .............................. 59
Chapter 15. Different Approaches to Ethics and Social Responsibility .................................... 66
1. The social responsibility of organizations ............................................................................... 66
Chapter 16. Professions and the public interest ........................................................................... 72
1. Profession and professionalism ................................................................................................ 72
2. Accountancy profession and the public interests .................................................................. 72
3. The role of accountancy profession in the organizational context and society .............. 72
- 3 -
4. The ethical responsibilities of a professional accountant both as an employee and as a
professional 73
Chapter 17. Professional Practice and Codes of Ethics .............................................................. 74
1. Code of ethics for business conduct ........................................................................................ 74
2. Code of ethics relevant to the accounting profession .......................................................... 75
3. Fundamental principles of IFAC; ACCA code of ethic and conduct .................................. 76
4. Ethic threatens affect auditor’s independent; objective and suitable safeguard ............ 77
Chapter 18. Social and Environmental Issues in the Conduct of Business and Ethical
Behavior 83
1. The impact of economic activity on the environment and society ..................................... 83
2. Sustainability ................................................................................................................................. 83
3. Accounting for sustainability ...................................................................................................... 84
4. Environmental management and audit scheme (EMAS) .................................................... 85
5. Social and environmental audit ................................................................................................. 86
- 4 -
PART A GOVERNANCE AND RESPONSIBILITY
Chapter 1. the Scope of Governance
1. General introductions of corporate governance (Unitary Structure)
Separation Ownership and Control
Board of directors vs. Shareholders
(a) Board of directors
In simple words, BOD is responsible for managing and control the operation of company.
Before implementation of C.G. the BOD consists of the executive directors only.
Decision made by consensus (simple majority) through the meeting of BOD.
(b) Shareholders
A company’s members or equity shareholders are the owners of company.
Decision made by voting right attached to each category of shareholders, through the general meeting
(AGM; EGM)
(c) In small private companies the directors are also shareholders most likely.
However, for the large public companies especially in modern UK and US capital market the shareholders
are normally not directors, Thereby the situation of separation of ownership and control aroused.
Agency theory
The situation of ‘divorce’ of ownership and control lead to agency theory:
‘Principals’ — Shareholders
‘Agent’ — BOD
Principals delegate right or authority to agents.
Agents should act in the best interest of principals.
agency problem
However, if the agents have ‘moral hazard’, that will lead to notorious ‘agency problem’. E.g. the directors
do not act in the best interest of shareholders instead of satisfying the own self-interest as result of
sacrificing the shareholders’ interest.
- 5 -
Conflict of interest
(a) Independence of external auditor
According to Company Law, the rights of appointment external auditor lie with shareholder. However, in
practice, the executive directors make the recommend list of external auditor for shareholder’s approval.
This practice may affect the independency of external auditor.
(b) Remuneration problem
Executive directors may also pay themselves excessive remuneration.
(c) Nomination problem
Executive directors may also select the incapable candidates set in the board.
(d) There are also many types of conflicts of interest.
(1) Investment decision
(2) Tunneling effect.
How to solve the agency problem?
Introducing to the role of external auditor
The purpose of an audit is to enhance the degree of confidence of intended users in the financial
statements. This is achieved by the expression of an opinion by the auditor on whether the financial
statements are prepared, in all material respects, in accordance with an applicable financial reporting
framework.
As the basis for the auditor’s opinion, ISAs require the auditor to obtain reasonable assurance about
whether the financial statements as a whole are free from material misstatement, whether due to fraud or
error.
Finally, communicate the result to shareholder through external audit report.
Only dependence on external auditor is not enough to solve problem
(a) Financial focus
(b) A kind of ‘detection control’
Introductions the role of non-executive director (majority)
(a) Definition of NEDs
They are directors who attend to the board meetings, and committee meetings when required and do not
involve in the day-to-day running of organization.
- 6 -
In simple words, the NED represent shareholder’s interest and sit in the board helping while monitoring
the executive directors.
After introduce the role of NEDs the board consist of executives and NEDs( required majority of NEDs in
the board)
Sub-committees
(a) Remuneration committee
Consist of majority of NEDs in order to determine remuneration policy and package related to executive
directors.
(b) Nomination committee
Consist of majority of NEDs in order to select suitable candidates to sit in the board and evaluate the
individual director performance.
(c) Audit committee
Consist of only NEDs, one of them should possess current development knowledge of accounting and
auditing.
Conclusion of 1.7 and 1.8 Balance the power (structure) of Board of directors
Executive director
Non executive director
Chairman
Internal control system
The responsibility related to design, implement and monitor the internal control system lie with BOD
Nature and purposes of internal control system
Risk
Risk is any activities resulting in the organization do not achieve its objectives.
Risk consists of fraud and error.
Fraud is intentional behaviors
Error is unintentional behaviors. i.e. mistake
Reduce the risk in order to achieve corporate objective
So the overall objective of internal control system is to avoid, reduce or eliminate those risks in order to
achieve the corporate objectives.
- 7 -
Types of internal control system:
(1) Related to financial reporting
Make sure that the financial statements show true and fair view.
(2) Related to operation of entity
Make sure that the company’s operation achieves ‘3 E’ or ‘value for money’ (VFM)
Economy-least cost
Efficiency-best use of resources
Effectiveness- achieve objectives
How to establish the internal control system
Risk management
The entity’s risk assessment process:
(a) Identifying business risks
(b) Estimating the significance of the risks
(c) Assessing the likelihood of their occurrence
(d) Deciding about actions to address those risks
(e) Continuing monitoring the risk
The role of internal audit function
(a) Independent checking, examination and evaluation the internal control system established by
executive director.
(1) Internal control over financial reporting (ICFR)/Financial and internal control system
(2) F.S whether show true and fair view
(3) Internal control over operation
(4) Operational information (management information)
(5) Other areas e.g. IT audit; Fraud investigation; corporate social responsibility (CSR); compliance audit
etc.
Conclusion of corporate governance 1.7 to 1.12
Corporate governance is a system by which company is directed and controlled by shareholder and other
relevant stakeholder.
- 8 -
(a) Balance the power and structure of board
(b) Emphasis on internal control system
(c) Transparency and disclosures
2. Defining corporate governance
'Narrow' views vs. ‘Broad' views
'Agency theory' vs. 'stakeholder theory'
(a) Corporate governance is the system by which companies are directed and controlled
(Cadbury Report, 1992).
(b) The Organization for Economic Cooperation & Development (2004) describes corporate governance
as involving a set of relationships between a company's management, its board, its shareholders and
other stakeholders, and provides the structure through which the objectives of the company are set, and
the means of attaining those objectives and monitoring performance are determined.
3. Concepts in sound corporate governance
There are several concepts that apply to sound corporate governance in all countries where international
investors invest their money:
3.1 Openness, honesty and transparency;
3.2 Independence;
3.3 Accountability;
3.4 Responsibility;
3.5 Fairness;
3.6 Reputation; and
3.7 Social responsibility
3.1 Openness, honesty and transparency
(a) Openness means a willingness to provide information to individuals and groups about the company
(without giving away commercially sensitive information).
(b) Honesty might seem an obvious quality for companies to have; honest information is perhaps by no
means as prevalent as it should be.
(c) Transparency refers to the ease with which an outsider is able to make a meaningful analysis of a
company and its actions.
- 9 -
Transparency also refers to the way in which decisions are reached or processes carried out.
3.2 Independence
Independence refers to the extent to which procedures and structures are in place so as to minimize (or
avoid completely) potential conflicts of interest that could arise, such as the domination of a company by
an all-powerful chairman-cum-CEO or a major shareholder.
The term 'independence' is of particular relevance to a company's non-executive directors and its
professional advisers. They are considered independent when they can be expected to express their
honest and/or professional opinion in the best interests of the company.
3.3 Accountability
Individuals who make decisions in a company and take actions on behalf of a company on specific issues
should be accountable for the decisions they make and the actions they take. Shareholders should be
able to assess the actions of their board of directors and the committees of the board, and have the
opportunity to query them.
3.4 Responsibility
A key issue in corporate governance is to decide who should have responsibility. Executive managers are
responsible for the operations of the business, and the ultimate responsibility rests with the Chief
Executive Officer.
3.5 Fairness
Fairness refers to the principle that all shareholders should receive equal consideration.
3.6 Reputation
It will reflect the overall way in which the company is perceived by the markets and in the wider
community.
4. Roles, interests and claims of various stakeholders involved in
corporate governance
4.1 Company Secretaries
Company Secretary has a role to play in advising the board of directors in all the necessary procedures,
laws and regulations in the governance of companies.
(a) The company secretary should have the responsibility for assisting the chairman of the committees of
the board
- 10 -
(b) If he or she attends the meetings of the audit committee, the company secretary will have some
involvement with liaising the external auditors and internal auditors of the company and should be able to
offer advice on matters of risk management.
(c) In some companies, the company secretary has the responsibility for arranging insurance cover for the
group. In such cases, the company secretary is directly involved in an aspect of risk management.
4.2 Shareholders
However, in a world of dispersed shareholding we cannot rely on shareholder voting to limit managers'
discretion. This can be attributed to:
(a) Problem of collective action
The process of contacting and persuading a large group of small shareholders through the proxy
mechanism is difficult and expensive.
(b) Free rider problem
Small individual or retail investors tend not to be interested in learning about the firms they have financed,
or even participate in their governance because they could take a free ride by relying on large investors to
monitor the insiders controlling the firm.
(c) Agenda control by managers
Even though shareholders participated in the voting of resolutions affecting the company but the fact
remained that the managers are the ones who control the agenda.
4.3 Institutional investors
The role of institutional investors in corporate governance first received its attention in the Cadbury Report
(1992) which stressed that: ‘Given the weight of their votes, the way in which institutional shareholders
use their power to influence the standards of corporate governance is of fundamental importance. Their
readiness to do this turns on the degree to which they see it as their responsibility as owners, and in the
interest of those whose money they are investing, to bring about changes in companies when necessary,
rather than selling their shares.’
In UK, the four main types of institutional investors are pension funds, life insurance companies, unit
trusts and investment trusts.
However, institutional investors as shareholders in companies represent both the cause and the solution
of the agency problem. Their presence as shareholders creates a divorce of ownership and control,
whereas their increasing involvement in companies and concentration of ownership provides a means of
monitoring management and actually solving agency problems. Their influence had grown to such a
degree that monitoring by these institutions are becoming known as shareholder activism.
- 11 -
One problem with institutional investors as monitors of company management is that they are not actually
the shareholders! Their relationship with companies and with the true shareholders involves a
complicated web of ownership and accountability. The real shareholders are the clients of the institutional
investment organizations.
One of the problems arising from this complex ownership structure is that there tends to be an emphasis
on short-termism in investment.
In terms of specific recommendations on shareholder activism, the Cadbury Report suggested that
institutional investors:
(a) Should encourage regular one-to-one meetings with directors of their investee companies (a
process referred to as 'engagement and dialogue');
(b) Should make positive use of their voting rights; and
(c) Should pay attention to the composition of the board of directors in their investee companies.
4.4 The conditions under which it might be appropriate for an institutional investor to
intervene in a company whose shares it holds.
(a) The first condition is concerns about strategy, any other aspect of the company’s overall strategic
positioning.
(b) There are one or more segments that have consistently underperformed without adequate
explanation.
(c) Non-executive directors do not hold executive management to account, curious executive decisions
that are not adequately challenged by non-executive directors.
(d) Consistent or serious failure in internal controls would justify intervention, although this, in turn, may
become evident through operational underperformance.
(e) Failing to comply with the relevant code, laws or stock market rules is the next situation. inappropriate
remuneration policies, if extreme or obviously self-serving, might attract intervention
(f) Adversely affect the reputation of the company.
- 12 -
Chapter 2. Different Theories Related to Relationship among
BOD; Shareholder and Stakeholder
1. Agency theory
2. Transaction cost theory
3. Stakeholder theory
1. Agency theory
The market system in UK and USA is organized in such a way that the owners, who are principally the
shareholders of listed companies, delegate the running of the company to the company management.
There is thus a 'divorce' of ownership and control that has led to the notorious 'agency problem'.
Managers of the company in this case are 'agents' while the shareholders are 'principals'. The
shareholder who is the owner or 'principal' of the company, delegates the day-to-day decision making in
the company to the directors, who are the shareholder's 'agents’. And the agent should act in the best
interest of principle.
How to govern the relationship?
How to define the both parties’ rights and responsibilities?
‘A kind of contract’ i.e. Company law and service contract
Why? Because, agency theory bases on an assumption which believes people are rational actors.
However, people who are rational do not necessarily means that people have ethics value.
If people have ‘moral hazard’, it would lead to agency problem.
In order to rectify the agency problem, we introduce the concept of agency cost
Agency cost
The total agency cost arising from the agency problem has been summarized as comprising of:
(a) The sum of the principal's monitoring expenditure;(overall monitoring cost)
(b) Any remaining residual loss resulting from managers misusing their positions.
(c) any cost incured in rectifing the activitises the directors abusing their power.
2. Transaction cost theory
Transaction cost economics attempts to incorporate human behaviour in a more realistic way. In this
model, managers and other economic agents practice 'bounded rationality'
- 13 -
'Opportunism' i.e. opportunistic by nature
Opportunism has been defined as 'self-interest seeking with guile' and as 'the active tendency of the
human agent to take advantage, in any circumstances, of all available means to further his own
privileges'.
2.1 Transaction cost theory versus agency theory
One of the main differences between agency theory and transaction cost theory was simply the use of a
different terminology to describe essentially the same issues and problems.
Agency theory considers managers pursue perquisites whereas in transaction cost theory managers
opportunistically arrange their transactions.
Another difference is that the unit of analysis in agency theory is the individual agent, whereas in
transaction cost theory the unit of analysis is the transaction.
3. Stakeholder theory
A basis for stakeholder theory is that companies are so large, and their impact on society so pervasive
that they should discharge accountability to many more sectors of society than solely their
shareholders.
- 14 -
Chapter 3. Different Approaches to Corporate Governance
1. Rules, principles and Sarbanes–Oxley (summarized from student
accountant April 2008 by David Campbell)
This article introduces some of the main themes in relation to the control of corporate governance and
discusses how this control differs by country. In particular, the aim is to clarify the features and
characteristics of rules-based and principles-based approaches to corporate governance, how each
type of system is regulated, and to examine some of the associated benefits and drawbacks.
What is a ‘code’ and what is it for?
‘Codes’ of corporate governance are intended to specifically guide behaviour where the law is
ambiguous, or where a higher level of behavioural prescription is needed than can be provided for in
company legislation.
Principles-Based Approaches:
Many countries, including the UK and many Commonwealth countries, adopted what became known
as a ‘principles-based’ approach to the enforcement of the provisions of corporate governance codes.
Importantly, this meant that for publicly-traded companies, the stock market had to recognise the
importance of the corporate governance provisions. By including the requirement to comply with codes
within the listing rules, companies were able to adopt a more flexible approach to code provisions than
would have been the case had compliance been underpinned by law.
The principle of ‘comply or explain’ emerged. This meant that companies had to take seriously the
general principles of the relevant corporate governance codes (the number of codes increased
throughout the 1990s and beyond) but on points of detail they could be in non-compliance as long as they
made clear in their annual report the ways in which they were non-compliant and, usually, the reasons
why. This meant that the market was then able to ‘punish’ non‑compliance if investors were dissatisfied
with the explanation (ie the share price might fall). In most cases nowadays, comply or explain
disclosures in the UK describe minor or temporary non-compliance. Some companies, especially larger
ones, make ‘full compliance’ a prominent announcement to shareholders in the annual report, presumably
in the belief that this will underpin investor confidence in management, and protect market value.
- 15 -
It is important to realise, however, that compliance in principles-based jurisdictions is not voluntary in
any material sense. Companies are required to comply under listing rules but the fact that it is not legally
required should not lead us to conclude that they have a free choice. The requirement to ‘comply or
explain’ is not a passive thing – companies are not free to choose non‑compliance if compliance is
too much trouble. Analysts and other stock market opinion leaders take a very dim view of most material
breaches, especially in larger companies. Companies are very well aware of this and ‘explain’ statements,
where they do arise, typically concern relatively minor breaches. In order to reassure investors, such
statements often make clear how and when the area of non-compliance will be remedied.
The idea of the market revaluing a company as a result of technical non‑compliance tends, importantly, to
vary according to the size of the business and the nature of the non-compliance. Typically,
companies lower down the list in terms of market value, or very young companies, are allowed (by the
market, not by the listing rules) more latitude than larger companies. This is an important difference
between rules-based and principles-based approaches. Because the market is allowed to decide on the
allowable degree of non-compliance, smaller companies have more leeway than would be the case in a
rules-based jurisdiction, and this can be very important in the development of a small business where
compliance costs can be disproportionately high. The influence of the British system, partly through the
Commonwealth network, has meant that principles-based systems have become widely operational
elsewhere in the world. A quite different approach, however, has been adopted in the US.
Sarbanes–Oxley and the ‘rules‑based’ approach:
After the high-profile collapses of Enron and Worldcom in the US, the US Congress passed the
Sarbanes–Oxley Act 2002 (usually shortened to ‘Sarbox’ or ‘Sox’). Unlike in the UK and in some
Commonwealth countries, Congress chose to make compliance a matter of law rather than a rule of
listing.
Accordingly, US-listed companies are required to comply in detail with Sarbox provisions. This has given
rise to a compliance consultancy industry among accountants and management consultants, and Sarbox
compliance can also prove very expensive. One of the criticisms of Sarbox is that it assumes a ‘one size
fits all’ approach to corporate governance provisions. The same detailed provisions are required of
small and medium-sized companies as of larger companies, and these provisions apply to each
company listed in New York even though it may be a part of a company listed elsewhere. Commentators
noted that the number of initial public offerings (IPOs) fell in New York after the introduction of Sarbox,
and they rose on stock exchanges allowing a more flexible (principles-based) approach.
An example of a set of provisions judged to be inordinately costly for smaller businesses are those
contained in Sarbanes–Oxley Section 404. This section requires companies to report on the
‘effectiveness of the internal control structure and procedures of… financial reporting’. The point made by
some Sarbox critics is that gathering information on the internal controls over financial reporting
(ICFR) in a systematic and auditable form is very expensive and, arguably, less important for
smaller companies than for larger ones.
- 16 -
Accordingly, Section 404 has been criticized as being an unnecessary burden on smaller companies, and
one which disproportionately penalises them because of the fixed costs associated with the setting up of
ICFR systems. Advice in 2007 issued by the United States Securities and Exchange Commission (which,
among other things, monitors Sarbox compliance) introduced a small amount of latitude for smaller
companies, but the major criticisms of Section 404 remain.
2. Effect of business ownership models on governance regimes
Whatever the type of business ownership models, it can benefit from having a good governance structure.
2.1 Family owned firms
Family members are shareholder as well as directors.
Charactoristics of family owned firms:
have a dominent person in board, exclude non family member in decision making.
Do not have person represeting the exteral shareholders’ interest. (the power of board are not balance)
conduct the business on family relationship instead of emphasising on internal control system.
Do not have a culture in transparency and disclosure.
may hold a long term view of business and not emphasis on short term profitablity.
However, if the company seeks for extention its business and lists in the stock market
The charactoristics listed abve will become some of drawbacks in corporate governance.
Cadbury (2000) sums up the three requisites for family firms to successfully manage the impact of growth
which are:
(a) To recruit and retain the very best people for the business
(b) To develop a culture of trust and transparency; and
(c) To define logical and efficient organizational structures.
3. Factors that shape the development of corporate governance
structure
The main determinants of a company's corporate governance system are ownership structure and legal
frameworks.
- 17 -
3.1 Ownership structure
3.1.1 'Insider/outsider' model
The terms 'insider' and 'outsider' represent attempts to loosely describe two extreme forms of corporate
governance.
(a) An insider-dominated system of corporate governance: is one in which a country's publicly listed
companies are owned and controlled by a small number of major shareholders. These may be
members of the companies' founding families or a small group of shareholders, such as lending banks,
other companies (through cross-shareholding and pyramid ownership structures) or the government.
The problems endemic to the insider corporate governance system, such as those of Germany and
Japan arises from the close ties between owners and managers which at first glance would seem a
positive characteristic because of the reduced agency problem. However, other serious corporate
governance problems arise. As a result of the low level of separation of ownership and control in these
countries, there can be abuse of power. Minority shareholders may not be able to obtain information on
the company's operations. There is little transparency and frequent abuse of the company's operations
takes place.
(b) The term 'outsider' on the other hand, refers to system of finance and corporate governance where
most large firms are controlled by their managers but owned by outside shareholders, such as
financial institutions or individual shareholders. This situation results in the notorious separation, or
divorce of ownership and control. The development of agency theory arose from this separation. The UK
and the USA have been characterized traditionally in this module. This system is also referred to
frequently as Anglo-Saxon or Anglo-American system, due to the influence of the UK and US stock
markets on others around the world.
3.1.2 'Bank-oriented/market-oriented' model
A bank-oriented system implies that banks play a key role in the funding of companies and so may well be
able to exercise some control via the board structure (for example, bank representatives may have seats
on the supervisory board in German companies). On the other hand, a market-oriented system is one
where banks' influence is not prevalent in the same way and does not penetrate the corporate structure.
4. Development of principles-based corporate governance codes in the
UK
4.1 Impetus and background
in the early 1990s, institutional investors' stake in UK listed companies is expanding continuously,
amounting to about 70% at the end of the 20th century.
- 18 -
It was in part a reaction to some spectacular cases of company failure and corporate abuse of power
in the late 1980s and early 1990s. e.g Baring bank and Maxwell.
4.2 Major corporate governance codes
4.2.1 The Cadbury Code (1992)
(a) the CEO and Chairman of companies should be separated
(b) boards should have at least three non-executive directors, two of whom should have no financial or
personal ties to executives
(c) each board should have an audit committee composed of non-executive directors
4.2.2 The Greenbury Report (1995)
(a) each board should have a remuneration committee composed without executive directors, but
possibly the chairman
(b) directors should have long term performance related pay, which should be disclosed in the
company accounts and contracts renewable each year
4.2.3 The Hampel Report (1998)
A committee on corporate governance, chaired by Sir Ronald Hampel, was set up in 1996 to review the
recommendations of the Cadbury and Greenbury Committees. its recommendations should be
combined with those of the Cadbury and Greenbury Committee into a single code of corporate
governance. This suggestion led to the publication of the Combined Code, which now applies to UK
listed companies.
4.2.4 The Turnbull Report on Internal Control (1999)
The Turnbull report was produced by a working party of the Institute of Chartered Accountants in England
and Wales in 1999 to give guidance to listed companies on how to implement the provisions of the
Combined Code with special regard to internal control.
4.2.5 The Higgs Report (2003)
The fall of Enron spurred the UK and other countries into re-evaluating corporate governance issues,
such as the role and effectiveness of non-executive directors. Enron's non-executive directors were
deemed ineffective in performing their corporate governance role of monitoring the company's directors
and were subject to conflicts of interest.
4.2.6 The Smith Report (2003)
- 19 -
As an accompaniment to the Higgs Report, another review was commissioned by the UK government in
response to the Enron scandal, inter alias, with the aim of examining the role of the audit committee in
UK corporate governance. The Report was published in January 2003.
5. Development of rules-based Sarbanes-Oxley Act in USA
5.1 Impetus and background
Following directly from the financial scandals of Enron, WorldCom, and Global Crossing in which it was
perceived that the close relationship between companies and their external auditors was largely to blame,
the US Congress agreed reforms together with changes to the NYSE Listing Rules which have had a
significant impact not just in the US but around the world. The changes are embodied in the Accounting
Industry Reform Act 2002, widely known as the Sarbanes-Oxley Act.
5.2 Main provisions/contents
One of the most publicized aspects of the Act was the requirement for CEOs and CFOs to certify that
quarterly and annual reports filed on forms 10-Q, 10-K, and 20-F are fully compliance with applicable
securities laws and present a fair picture of the financial situation of the company. The penalties for
making this certification, whilst nonetheless aware that the information does not comply with the
requirements, are severe: up to $1m fine or imprisonment up to ten years or both!
The Act seeks to strengthen external auditor independence and also to strengthen the company's audit
committee. Listed companies, for example, must have an audit committee comprised only of
independent members, and must also disclose whether it has at least one 'audit committee financial
expert' on its audit committee. The 'audit committee financial expert' should be named and the company
should state whether the expert is independent of management.
The Act establishes a new regulatory body for auditors of US listed firms, the Public Company
Accounting Oversight Board (PCAOB) with which all auditors of US listed companies has to register,
including non-US audit firms. Correspondingly, the Securities Exchange Commission (SEC) has issued
separate rules which encompass the prohibition of some non-audit services to audit clients, mandatory
rotation of audit partners, and auditors' reports on the effectiveness of internal controls.
The SEC implementation of the Sarbanes-Oxley Act prohibits nine non-audit services that might
impair auditor independence. In many cases these effectively prohibit the audit firm from either
auditing accounting services provided by the audit firm's staff or providing help with systems which will
then be audited by the audit firm. These nine areas cover:
(a) Book-keeping or other services related to the accounting records or financial statements of the audited
company;
(b) Financial information system design and implementation
- 20 -
(c) Appraisal or valuation services, fairness opinion, or contribution-in-kind reports (where the firm
provides its opinion on the adequacy of consideration in a transaction);
(d) Actuarial services
(e) Internal audit outsourcing services
(f) Management function/human resources (an auditor should not be a director, officer, or employee of an
audit client nor perform any executive role for the audit client such as supervisory, decision-making, or
monitoring);
(g) Broker or dealer, investment adviser, or investment banking services
(h) Legal services or expert services unrelated to the audit;
(i) Any other services that the PCAOB decides are not permitted
6. Universal codes
Should corporate governance provisions vary by country?
Support:
corporate governance provisions vary depending on such factors as local business culture, businesses’
capital structures, the extent of development of capital funding of businesses and the openness of stock
markets.
Against:
(a) Although business cultures vary around the world, all business financed by private capital have private
shareholders
(b) ignore the needs of local investors to have their interests adequately represented. This dilution, in turn,
may allow bad practice, when present, to exist and proliferate.
(c) In terms of the effects of macroeconomic systems, ignore the need for sound governance systems to
underpin confidence in economic systems.
6.1. Organization for economic cooperation and development (OECD) Report (2004)
The principles are grouped into five broad areas, namely
(a)The rights of shareholders
(b)The equitable treatment of shareholders
(c)The role of stakeholders
(d) Disclosure and transparency
(e) The responsibilities of the board
- 21 -
6.2 International corporate governance network (ICGN) Report (2005)
The ICGN guidance emphasizes the following points in particular:
(a) Board
(b) Shareholders
(c) Audit and accounts
(d) Ethics and stakeholde
- 22 -
Chapter 4. the Board of Directors
1. Introduction
A firm's board of directors plays a very important role in reducing problems inherent in the separation of
ownership and control.
2. Role and responsibilities of the board
Legally, most jurisdictions describe the director as having two duties, namely
(a) The duty of care
Requires that a director must exercise due diligence in making decisions. He must discover as much
information as possible on the question at issue and be able to show that, in reaching a decision, he has
considered all reasonable alternatives.
(b) The duty of loyalty
Require that a director must demonstrate uncompromising loyalty to the company's shareholders. Thus, if
a director sat on the boards of two companies with conflicting interests (both trying to buy a third party
business; for example), he would be forced to resign from one board because clearly he could not
demonstrate loyalty to the shareholders of both companies at the same time.
3. Unitary board versus two-tier board
3.1 Form corporate governance perspective:
3.1.1 Unitary board(UK、US、Outside model、Market oriented)
A unitary board of directors is characterized by one single board comprising of both executive and
non-executive directors. The unitary board is responsible for all aspects of the company's activities and
all the directors are working to achieve the same ends. The shareholders elect the directors to the board
at the company's annual general meeting.
3.1.2 Two-tier board (France、Germany、Japan、inside model、bank oriented)
(a) Supervisory board: appoints, supervises and advises members of the management board. A
separate chairman co-ordinates the work and members are elected by shareholders at the AGM.
(b) Management board: responsible for managing the enterprise with the CEO to co-ordinate activity.
- 23 -
3.1.2.1 Advantages:
(a) Clear separation between those that manage the company and those own it or must control it for the
benefit of shareholders.
(b) Implicit shareholders involvement in most cases since these structures are used in countries where
insider control is prevalent.
(c) Wider stakeholder involvement implicit through the use of worker representation.
(d) Independence of thought, discussion and decision since board meetings and operation are separated.
(e) Direct power over management through the right to appoint members of the management board.
3.1.2.2 disadvantages:
(a) Dilution of power through stakeholder involvement.
(b) Isolation of supervisory board through non-participation in management meetings.
(c) Agency problems between the two boards.
(d) Added bureaucracy and slower decision making.
3.2 Form operational perspective:
3.2.1 unitory board
Bring divisional or departmental managers into strategic decision making.
Advantages:
(a) provide more feedback into the decision making process, input from more people, provide more views.
technical, detailed financial or operational details would be of benefit to the decision.
(b) may not enjoy the full support of those key departmental directors who will be required to implement
the decision.
(c) without a full understanding of operations, an inappropriate decision may be taken by the corporate
board and unworkable procedures implemented.
3.2.2 two tier board
Upper lever : small number of directors responsible for strategic decision making
Lower lever: middle line mangers responsible for strategy implementation.
Advantages:
(a) A smaller board can act quick and decisively in a way that larger and more cumbersome boards
cannot.
(b) meetings of larger numbers of people require excessive consultation, discussion and debate before a
decision can be reached.
(c) a small number of people is therefore easier, cheaper and quicker to arrange because there are fewer
diaries to match.
(d) focus on both the efficiency and effectiveness of strategic decision-making.
- 24 -
4. Unitory board(UK、US、Outside model、Market oriented)
There are in practice many types of names given in the position of directors. They are:
(a) Executive Directors -These are directors that are employed full-time with the company. They are
given a service contract that may last for five years, and are fully involved in the management and
running of the business.
(b) Non-Executive Directors -They are directors who attend to the board meetings, and committee
meetings when required and do not involve in the day-to-day management of the business.
4.1 Independent non-executive directors:
NEDs operate as a ‘corporate conscience’ and therefore need to be independent !!
(a) To provide a detached and objective view of board decisions.
(b) To provide expertise and communicate effectively.
(c) To provide shareholders with an independent voice on the board.
(d) To provide confidence in corporate governance.
(e) To reduce accusations of self-interest in the behaviour of executives.
4.2 The key functions of a NEDs: Combined Code (2003)
(a) Strategy role: this recognizes that NEDs have the right and responsibility to contribute to strategic
success, challenging strategy and offering advice on direction.
(b) Scrutinising role: NEDs are required to hold executive colleagues to account for decisions taken and
results obtained.
(c) Risk role: NEDs ensure the company has an adequate systems of internal controls and systems of
risk management in place.
(d) People role: NEDs oversee a range of responsibilities with regard to the appointment and
remuneration of executives and will be involved in contractual and disciplinary issues.
4.3 The effectiveness of NEDs: Combined Code (2003)
(a) Upholds the highest ethical standards of integrity and probity.
(b) Supports executives in their leadership of the business while monitoring their conduct.
(c) Questions intelligently, debate constructively, challenges rigorously and decide dispassionately.
(e) Listens sensitively to the views of others, inside and outside the board.
(f) Gains the trust and respect of other board members.
- 25 -
(g) Promotes the highest standards of corporate governance and seeks compliance with the previous of
the Combined Code.
5. The roles of Chairman and Chief Executive Officer
Chairman: running the board
CEO: running the company
5.1 Accountability and separation of roles
(a) Shareholders have an identified person (chairman) to hold accountable for the performance of their
investment.
(b) The chairman scrutinises the chief executive’s management performance on behalf of the
shareholders
(c) The presence of a separate chairman ensures that a system is in place to ensure NEDs have a person
to report to outside the executive structure.
5.2 benefits of the separation of the roles of chief executive and chairman
(a) expected to represent shareholders’ interests
(b) Reduces the risk of a conflict of interest
(c) removes the risks of ‘unfettered powers’ being concentrated in a single individual, lack of transparency
and accountability.
(d) fully concentrate on the management of the organisation without the necessity to report to
shareholders
(e) a conduit for the concerns of non-executive directors who, in turn, provide an important external
representation of external concerns on boards of directors.
5.3 roles of the chairman in corporate governance
(a) chairman is the leader of the board of directors
(b) ensuring the board’s effectiveness as a unit, in the service of the shareholders
(c) setting the board’s agenda and ensuring that board meetings take place on a regular basis.
(d) represents the company to investors and other outside stakeholders/constituents, ‘public face’,
communication with shareholders.
(e) co-ordinating the contributions of non-executive directors (NEDs) and facilitating good relationships
between executive and non-executive directors.
- 26 -
6. UK Combined code provision June 2010 (much more than company
law)
Section A: Leadership
Every company should be headed by an effective board which is collectively responsible for the long-term
success of the company.
There should be a clear division of responsibilities at the head of the company between the running of the
board and the executive responsibility for the running of the company’s business. No one individual
should have unfettered powers of decision.
The chairman is responsible for leadership of the board and ensuring its effectiveness on all aspects of its
role.
As part of their role as members of a unitary board, non-executive directors should constructively
challenge and help develop proposals on strategy.
Section B: Effectiveness
The board and its committees should have the appropriate balance of skills, experience, independence
and knowledge of the company to enable them to discharge their respective duties and responsibilities
effectively.
There should be a formal, rigorous and transparent procedure for the appointment of new directors to the
board.
All directors should be able to allocate sufficient time to the company to discharge their responsibilities
effectively.
All directors should receive induction on joining the board and should regularly update and refresh their
skills and knowledge.
The board should be supplied in a timely manner with information in a form and of a quality appropriate to
enable it to discharge its duties.
The board should undertake a formal and rigorous annual evaluation of its own performance and that of
its committees and individual directors.
All directors should be submitted for re-election at regular intervals, subject to continued satisfactory
performance.
Section C: Accountability
The board should present a balanced and understandable assessment of the company’s position and
prospects.
- 27 -
C 2 The board is responsible for determining the nature and extent of the significant risks it is willing to
take in achieving its strategic objectives. The board should maintain sound risk management and internal
control systems.
The board should establish formal and transparent arrangements for considering how they should apply
the corporate reporting and risk management and internal control principles and for maintaining an
appropriate relationship with the company’s auditor.
Section D: Remuneration
Levels of remuneration should be sufficient to attract, retain and motivate directors of the quality required
to run the company successfully, but a company should avoid paying more than is necessary for this
purpose.
A significant proportion of executive directors’ remuneration should be structured so as to link rewards to
corporate and individual performance.
There should be a formal and transparent procedure for developing policy on executive remuneration and
for fixing the remuneration packages of individual directors. No director should be involved in deciding his
or her own remuneration.
Section E: Relations with Shareholders
There should be a dialogue with shareholders based on the mutual understanding of objectives. The
board as a whole has responsibility for ensuring that a satisfactory dialogue with shareholders takes
place.
The board should use the AGM to communicate with investors and to encourage their participation.
- 28 -
Chapter 5. Board committees
1. Remuneration committee
Objective and independent, consists majority of NEDs.
(a) the committee is charged with determining remunerations policy on behalf of the board and the
shareholders.
(1) pay scales applied to directors’ packages
(2) proportions of different types of reward within the overall package
(3) periods in which performance related elements become payable
(b) the committee ensures that each director is fairly but responsibly rewarded for their individual
contribution in terms of levels or pay and the components of each director’s package
(1) market conditions
(2) retention needs
(3) long-term strategy
(4) market rates for a given job.
(c) the remunerations committee reports to the shareholders on the outcomes of their decisions, usually in
the corporate governance section of the annual report
(d) where appropriate and required by statute or voluntary code, the committee is required to be seen to
be compliant with relevant laws or codes of best practice. This will mean that the remunerations
committee will usually be made up of nonexecutive members of the board and will meet at regular
intervals.
2. Nomination committee
(a) It advises on the balance between executives and independent non-executive directors and
establishes the appropriate number and type of NEDs on the board. The nominations committee is
usually made up of NEDs.
(b) It establishes the skills, knowledge and experience possessed by current board and notes any gaps
that will need to be filled.
(c) It acts to meet the needs for continuity and succession planning, especially among the most senior
members of the board.
(d) It establishes the desirable and optimal size of the board, bearing in mind the current size and
complexity of existing and planned activities and strategies.
- 29 -
(e) It seeks to ensure that the board is balanced in terms of it having board members from a
diversity of backgrounds so as to reflect its main constituencies and ensure a flow of new ideas and the
scrutiny of existing strategies.
3. Risk committee
Related to risk management:
(a) Champion and promoter of enterprise risk management (i.e. risk awareness and training) across
the group.
(b) Estiblish risk management police:
(1) risk appetite
(2) how to identify risk, types of risk, source of risk
(3) how to evaluate risk
(4) how to manage risk
(c) Ensure implementation of the Risk Management Policy.
(1) risk manager
(2) ensure resources and cooperation
(d) review and evaluate departmental risk management report.
(e) Responsible for ensuring that all action plans are acted upon and addressed.
(f) Responsible for ensuring that all strategic business risks are considered.
(g) Review Enterprise Risk Profile for effectiveness of management of risks.
(h) Provide quarterly reporting and update on key risk management issues to the board
Related to investment decision:
(a) Propose to the board the monetary threshold and nature of proposed investments that require risk
committee's evaluation and endorsement before submission to the board.
(b) Review investment proposals prepared by the respective person in charged.
(c) Review and feedback on evaluation of investment proposals to the board for final decision.
The UK Combined Code, allows for risk committees to be made up of either executive or non-executive
members.
Advantages of non-executive membership:
- 30 -
(a) Separation and detachment from the content being discussed is more likely to bring independent
scrutiny.
(b) Non-executive directors often bring specific expertise that will be more relevant to a risk problem than
more operationally-minded executive directors will have.
Disadvantages of non-executive membership:
Non-executives are less likely to have specialist knowledge of products, systems and procedures
being discussed and will therefore be less likely to be able to comment intelligently during meetings.
- 31 -
Chapter 6. Directors' remuneration
Solutions to agency problems tend to fall into two categories: incentives and monitoring.
Components:
The remuneration package offered to a senior executive has to be sufficiently good to attract him or
her to accept the position.
The remuneration package for a senior executive is likely to consist of a combination of:
(a) An annual compensation; and
(b) A long-term compensation.
(a)The annual compensation could consist of:
(1) Basic salary;
(2) Possibly, a payment by the company into a personal pension scheme arrangement for the individual;
(3) A bonus, tied perhaps to the annual financial performance of the company;
(4) Various perk, such as membership of the company's health insurance scheme, private use of
company's aircraft or boats, and so on.
(b) The long-term compensation could consist of:
(1) Share options which give directors the right to purchase shares at a specified exercise price over a
specified time period; and
(2) Company shares (sometimes called 'restricted stock awards') with limits on their transferability for a
set time (usually a few years), and various performance conditions should be met.
An executive might also have a severance payment arrangement, whereby the company is committed to
giving the individual a minimum severance payment if he or she is forced to leave the company.
1. Basic salary
Basic salary is received by a director in accordance with the terms of his contract. This element is not
related either to the performance of the company nor to the performance of the individual director. The
amount will be set with due regard to the size of the company, the industry sector, the experience of the
individual director, and the level of base salary in similar companies.
Usually, salaries less than the 50th percentile are considered under market, while salaries in the 50th to
75th percentile are competitive. CEO's base salary has continuously drifted upward because CEOs
typically argue for competitive salaries.
- 32 -
2. Performance related incentives (shorterm)
Some potential performance targets are listed below:
(a) Shareholder return;
(b) Share price (and other market based measures);
(c) profit-based measures;
(d) return on capital employed;
(e) Earnings per share;
(f) Individual director performance (in contrast to corporate performance measures).
3. Shares and share options
3.1 Share options
The following list cites improperly aligned incentives involving options.
(a) Shareholder returns combine both stock price appreciation and dividends. The stock option is only
affected by price appreciation. Therefore, The CEO might forgo increasing dividends in favour of using
the cash to try to increase the stock price.
(b) The stock price is more likely to increase when the CEO accepts risky projects. Therefore, when a firm
uses option to compensate the CEO, he or she has a tendency to pick a higher risk business strategy.
In view of this, some commentators had argued that there should be controls over the sale of shares by
executives after they have exercised options in order to make a large and immediate cash gain.
3.2 Shares
Instead of share options, some companies make 'restricted stock grant' awarding share with limits on its
transferability for a set time, usually two or three years, but sometimes for the executive's tenure with the
company.
Unlike an option, restricted stock has value unless the share price goes down to zero and since executive
paid nothing for these grants, this was compensation that was all upside with little downside. They are low
in risk and are thus made by boards who do not think the share's price will go up.
3.3 Compensation for loss of office
Another area that has attracted attention, and which is addressed in joint ABI/National Association of
Pension Funds (NAPF) guidance, is the area of 'golden goodbyes'. Often the departure of
under-performing directors triggers a clause in their contract which leads to a large undeserved pay-off,
- 33 -
which is seen as inappropriate. In response to the criticism, some companies are cutting the notice period
from one year to; say six months so that a non-performing director whose contract is terminated receives
six month's salary rather than one year's salary.
- 34 -
Chapter 7. Governance: Reporting, Disclosure and
Communication
1. Define transparency
transparency means openness (say, of discussions), clarity, lack of withholding of relevant information
unless necessary and a default position of information provision rather than concealment.
1.1 Reasons for secrecy/confidentiality
(a) keep strategy discussions secret from competitors
(b) discussion often has to take place before an agreed position is announced.
2. Mandatory and voluntary disclosures
2.1 Mandatory disclosures
These are components of the annual report mandated by law, regulation or accounting standard.
Examples include (in most jurisdictions):
(a) Statement of comprehensive income,
(b) Statement of financial position (balance sheet),
(c) Statement of cashflow,
(d) statement of changes in equity,
(e) Operating segmental information,
(f) Auditors’ report,
(g) Corporate governance disclosure such as remuneration report
2.2 Voluntary disclosures
These are components of the annual report not mandated in law or regulation but disclosed nevertheless.
They are typically mainly narrative rather than numerical in nature.
Examples include (in most jurisdictions):
(a) risk information,
(b) social and environmental information
- 35 -
3. Evaluation of importance of transparency and disclosure ( specially
voluntary disclosures)
(a) Helps transparency in communicating more fully thereby better meeting the agency accountability to
investors, particularly shareholders.
(b) More information helps investors decide whether the company matches their risk, strategic and
ethical criteria, and expectations.
(c) redressing the information asymmetry
(d) Makes the annual report more forward looking (predictive) whereas the majority of the numerical
content is backward facing on what has been.
(e) Voluntary disclosure gives a more rounded and more complete view of the company, its activities,
strategies, purposes and values.
(f) Voluntary disclosure enables the company to address specific shareholder concerns as they arise.
- 36 -
PART B INTERNAL CONTROL AND REVIEW
Chapter 8. Internal control system and review concepts and
practices
FINANCIAL REPORTING COUNCIL
INTERNAL CONTROL
REVISED GUIDANCE FOR DIRECTORS ON THE COMBINED CODE
OCTOBER 2005 (The Turnbull guidance)
One – Introduction
The importance of internal control and risk management
1 A company's system of internal control has a key role in the management of risks that are significant to
the fulfilment of its business objectives. A sound system of internal control contributes to safeguarding the
shareholders' investment and the company's assets.
2 Internal controls (as referred to in paragraph 19) facilitates the effectiveness and efficiency of operations,
helps ensure the reliability of internal and external reporting and assists compliance with laws and
regulations.
3 Effective financial controls, including the maintenance of proper accounting records, are an important
element of internal control. They help ensure that the company is not unnecessarily exposed to avoidable
financial risks and that financial information used within the business and for publication is reliable. They
also contribute to the safeguarding of assets, including the prevention and detection of fraud.
4 A company's objectives, its internal organisation and the environment in which it operates are
continually evolving and, as a result, the risks it faces are continually changing. A sound system of internal
control therefore depends on a thorough and regular evaluation of the nature and extent of the risks to
which the company is exposed. Since profits are, in part, the reward for successful risk-taking in business,
the purpose of internal control is to help manage and control risk appropriately rather than to eliminate it.
Objectives of the guidance
5 This guidance is intended to:
• reflect sound business practice whereby internal control is embedded in the business processes by
which a company pursues its objectives;
• remain relevant over time in the continually evolving business environment; and
• enable each company to apply it in a manner which takes account of its particular circumstances.
- 37 -
The guidance requires directors to exercise judgement in reviewing how the company has implemented
the requirements of the Combined Code relating to internal control and reporting to shareholders thereon.
6 The guidance is based on the adoption by a company's board of a risk-based approach to establishing a
sound system of internal control and reviewing its effectiveness. This should be incorporated by the
company within its normal management and governance processes. It should not be treated as a
separate exercise undertaken to meet regulatory requirements.
Internal control requirements of the Combined Code
7 Principle C.2 of the Code states that 'The board should maintain a sound system of internal control to
safeguard shareholders' investment and the company's assets'.
8 Provision C.2.1 states that 'The directors should, at least annually, conduct a review of the
effectiveness of the group's system of internal control and should report to shareholders that they have
done so. The review should cover all material controls, including financial, operational and compliance
controls and risk management systems'.
Two - Maintaining a sound system of internal control
Responsibilities
15 The board of directors is responsible for the company's system of internal control. It should set
appropriate policies on internal control and seek regular assurance that will enable it to satisfy itself that
the system is functioning effectively. The board must further ensure that the system of internal control is
effective in managing those risks in the manner which it has approved.
16 In determining its policies with regard to internal control, and thereby assessing what constitutes a
sound system of internal control in the particular circumstances of the company, the board's deliberations
should include consideration of the following factors:
• The nature and extent of the risks facing the company;
• The extent and categories of risk which it regards as acceptable for the company to bear;
• The likelihood of the risks concerned materialising;
• The company's ability to reduce the incidence and impact on the business of risks that do materialise;
and
• The costs of operating particular controls relative to the benefit thereby obtained in managing the related
risks.
- 38 -
17 It is the role of management to implement board policies on risk and control. In fulfilling its
responsibilities management should identify and evaluate the risks faced by the company for
consideration by the board and design, operate and monitor a suitable system of internal control which
implements the policies adopted by the board.
18 All employees have some responsibility for internal control as part of their accountability for achieving
objectives. They, collectively, should have the necessary knowledge, skills, information, and authority to
establish, operate and monitor the system of internal control. This will require an understanding of the
company, its objectives, the industries and markets in which it operates, and the risks it faces.
Elements of a sound system of internal control
20 A company's system of internal control will reflect its control environment which encompasses its
organisational structure. The system will include:
• Control activities;
• Information and communications processes; and
• Processes for monitoring the continuing effectiveness of the system of internal control.
21 The system of internal control should:
• be embedded in the operations of the company and form part of its culture;
• be capable of responding quickly to evolving risks to the business arising from factors within the
company and to changes in the business environment; and
• include procedures for reporting immediately to appropriate levels of management any significant control
failings or weaknesses that are identified together with details of corrective action being undertaken.
22 A sound system of internal control reduces, but cannot eliminate, the possibility of poor
judgement in decision-making; human error; control processes being deliberately circumvented by
employees and others; management overriding controls; and the occurrence of unforeseeable
circumstances.
23 A sound system of internal control therefore provides reasonable, but not absolute, assurance that a
company will not be hindered in achieving its business objectives, or in the orderly and legitimate conduct
of its business, by circumstances which may reasonably be foreseen. A system of internal control cannot,
however, provide protection with certainty against a company failing to meet its business objectives or all
material errors, losses, fraud, or breaches of laws or regulations.
Three - Reviewing the effectiveness of internal control
Responsibilities
- 39 -
24 Reviewing the effectiveness of internal control is an essential part of the board's responsibilities. The
board will need to form its own view on effectiveness based on the information and assurances provided
to it, exercising the standard of care generally applicable to directors in the exercise of their duties.
Management is accountable to the board for monitoring the system of internal control and for providing
assurance to the board that it has done so.
25 The role of board committees in the review process, including that of the audit committee, is for the
board to decide and will depend upon factors such as the size and composition of the board; the scale,
diversity and complexity of the company's operations; and the nature of the significant risks that the
company faces. To the extent that designated board committees carry out, on behalf of the board, tasks
that are attributed in this guidance document to the board, the results of the relevant committees' work
should be reported to, and considered by, the board. The board takes responsibility for the disclosures on
internal control in the annual report and accounts.
The process for reviewing effectiveness
26 Effective monitoring on a continuous basis is an essential component of a sound system of internal
control. The board cannot, however, rely solely on the embedded monitoring processes within the
company to discharge its responsibilities. It should regularly receive and review reports on internal control.
In addition, the board should undertake an annual assessment for the purposes of making its public
statement on internal control to ensure that it has considered all significant aspects of internal control for
the company for the year under review and up to the date of approval of the annual report and accounts.
27 The board should define the process to be adopted for its review of the effectiveness of internal control.
This should encompass both the scope and frequency of the reports it receives and reviews during the
year, and also the process for its annual assessment, such that it will be provided with sound,
appropriately documented, support for its statement on internal control in the company's annual report
and accounts.
28 The reports from management to the board should, in relation to the areas covered by them, provide a
balanced assessment of the significant risks and the effectiveness of the system of internal control in
managing those risks. Any significant control failings or weaknesses identified should be discussed in the
reports, including the impact that they have had, or may have, on the company and the actions being
taken to rectify them. It is essential that there be openness of communication by management with the
board on matters relating to risk and control.
Four - The board’s statement on internal control
33 The annual report and accounts should include such meaningful, high-level information as the board
considers necessary to assist shareholders' understanding of the main features of the company's risk
management processes and system of internal control, and should not give a misleading impression.
- 40 -
34 In its narrative statement of how the company has applied Code Principle C.2, the board should,
as a minimum, disclose that there is an ongoing process for identifying, evaluating and managing the
significant risks faced by the company, that it has been in place for the year under review and up to the
date of approval of the annual report and accounts, that it is regularly reviewed by the board and accords
with the guidance in this document.
35 The disclosures relating to the application of Principle C.2 should include an acknowledgement by
the board that it is responsible for the company's system of internal control and for reviewing its
effectiveness. It should also explain that such a system is designed to manage rather than eliminate the
risk of failure to achieve business objectives, and can only provide reasonable and not absolute
assurance against material misstatement or loss.
36 In relation to Code Provision C.2.1, the board should summarise the process it (where applicable,
through its committees) has applied in reviewing the effectiveness of the system of internal
control and confirm that necessary actions have been or are being taken to remedy any significant
failings or weaknesses identified from that review. It should also disclose the process it has applied to
deal with material internal control aspects of any significant problems disclosed in the annual report and
accounts.
- 41 -
Chapter 9. Internal Audit Function and Compliance in Corporate
Governance
1. The role of internal audit function:
(a) Independent checking, examination and evaluation the internal control system established by
executive director.
(1) Internal control over financial reporting (ICFR)/Financial and internal control system
(2) F.S whether show true and fair view
(3) Internal control over operation
(4) Operational information (management information)
(5) Other areas e.g. IT audit; Fraud investigation; corporate social responsibility (CSR) ; compliance audit
etc.
2. The factors that are typically considered when deciding to establish
internal audit in an organisation:
(a) The scale, diversity and complexity of the company’s activities.
(b) The number of employees. Size.
(c) Cost-benefit considerations
(d) Changes in the organisational structures, reporting processes or underlying information systems.
(e) Changes in key risks could be internal or external in nature.
(f) Problems with existing internal control systems.
(g) An increased number of unexplained or unacceptable events.
(h) System failures or similar events are a clear demonstration of internal control weakness
3. Advantages of appointing internal auditor from outside the company:
(a) external appointment would bring detachment and independence
(b) an external appointment would help with independence and objectivity. owe no personal loyalties nor
‘favours’ from previous positions. have no personal grievances nor conflicts with other people.
- 42 -
(c) Some benefit would be expected from the ‘new broom’ effect in that the appointment would see the
company through fresh eyes
(d) come in with new ideas and expertise gained from other situations
(e) the possibility exists for the transfer of best practice in from outside
4. Function of audit committee
The audit committee possesses many important functions:
(a) Related to external auditor
(1) Increase the independence of external auditor
(2) Act as liaison person to facilitate the communication between the executive directors and external
auditors
(3) Act as coordinator to coordinate the work between external auditor and internal auditor
(4) To monitor the independence and quality of work of external auditor
(b) Related to internal audit function
(1) To approve the appointment or termination of appointment of the head of internal audit.
(2) To review the work of the internal audit function:
— Ensure that the internal auditor has direct access to the board chairman and to the audit committee
and is accountable to the audit
— Review and access the annual internal audit work plan.
— Review a report on the results of the internal auditor’s work on periodic bases.
— Review and monitor management’s responsiveness to the internal auditor’s findings and
recommendations
— Meet with the head of internal audit at least once a year without the presence of management, and
— Monitor and assess the role and effectiveness of the internal audit function in the overall context of the
company’s risk management system.
- 43 -
PART C RISK MANAGEMENT
Chapter 10. Defined risk management in the context of C.G
1. Necessity of risk and risk management
1.1 Risks are the opportunities and dangers associated with uncertain future events.
1.2 Risks can have an adverse (‘downside exposure’) or favourable impact (‘upside
potential’) on the organisation’s objectives.
2. Why manage risk?
Management needs to manage and monitor risk on an ongoing basis for a number of reasons:
2.1 To identify new risks that may affect the company so an appropriate risk
management strategy can be determined.
2.2 To identify changes to existing or known risks so amendments to the risk
management strategy can be made. For example, where there is an increased
likelihood of occurrence of a known risk, strategy may be amended from ignoring the
risk to possibly insuring against it.
2.3 To ensure that the best use is made of opportunities.
3. Risk management
3.1 Risk management is therefore the process of reducing the possibility of adverse
consequences either by reducing the likelihood of an event or its impact, or taking
advantage of the upside risk.
3.2 Management are responsible for establishing a risk management system in an
organisation
- 44 -
3.3 The process of establishing a risk management system is summarised in the
following diagram:
Risk management process:
4. Enterprise Risk Management (ERM) can be defined as the:
‘process effected by an entity’s board of directors, management and other personnel, applied in strategy
setting and across the enterprise, designed to identify potential events that may affect the entity, and
manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of
entity objectives’.
Enterprise Risk Management – Integrated Framework, the Committee of Sponsoring
Organisations, COSO, 2004
4.1. Principles of ERM
The key principles of ERM include:
consideration of risk management in the context of business strategy
risk management is everyone’s responsibility, with the tone set from the top
PROCESS OF RISK MANAGEMENT
RISK
IDENTIFICATION
LIST OF
POTENTIAL RISKS
RISK
ASSESSMENT
PRIORITISED
RISK LIST
RISK
PLANNING
RISK AVOIDANCE AND
CONTINGENCY PLANS
RISK
MONITORING
RISK
AUDIT
- 45 -
the creation of a risk aware culture
a comprehensive and holistic approach to risk management
consideration of a broad range of risks (strategic, financial, operational and compliance)
a focused risk management strategy, led by the board
4.2 Expandable text – Components of the ERM framework
The eight components are closely aligned to the risk management process addressed above, and also
reflect elements from the COSO view of an effective internal control system:
Internal environment: This is the tone of the organisation, including the risk management
philosophy and risk appetite.
Objective setting: Objectives should be aligned with the organisation’s mission and need to be
consistent with the organisation’s defined risk appetite.
Event identification: These are internal and external events (both positive and negative) which
impact upon the achievement of an entity’s objectives and must be identified.
Risk assessment: Risks are analysed to consider their likelihood and impact as a basis for
determining how they should be managed.
Risk response: Management selects risk response(s) to avoid, accept, reduce or share risk. The
intention is to develop a set of actions to align risks with the entity’s risk tolerances and risk appetite.
Control activities: Policies and procedures help ensure the risk responses are effectively carried
out.
Information and communication: The relevant information is identified, captured and
communicated in a form and timeframe that enables people to carry out their responsibilities.
Monitoring; the entire ERM process is monitored and modifications made as necessary.
- 46 -
Chapter 11. Risk identification
1. Risk identification: Strategic and operational risks
1.1 Strategic risks:
Risks arising from the possible consequences of strategic decisions taken by the organisation
also arise from the way that an organisation is strategically positioned within its environment
should be identified and assessed at senior management and board or director level.
1.2 Operational risks:
refer to potential losses that might arise in business operations
include risks of fraud or employee malfeasance, poor quality production or lack of inputs for
production
can be managed by internal control systems.
1.3 Risk identification: Business risks
Businesses face risks from a number of different sources, including those shown below.
In the exam you may be required to identify risks, or types or risk, facing a business. The risks listed
below are not exhaustive but illustrate many of the typical risks that affect a business.
Market risks. Risks which derive from the sector in which the business is operating, and from its
customers.
Product risk. The risk that customers will not buy new products (or services) provided by the
organisation, or that the sales demand for current products and services will decline unexpectedly.
Commodity price risk. Businesses might be exposed to risks from unexpected increases (or falls) in
the price of a key commodity/
Product reputation risk. Some companies rely heavily on brand image and product reputation, and
an adverse event could put its reputation (and so future sales) at risk.
RISK
CATEGORISED BY
STRATEGIC
AFFECTS THE OVERALL
MISSION OF THE
COMPANY.
OPERATIONAL
AFFECTS THE
DAY-TO-DAY ACTIVITIES
OF THE COMPANY
- 47 -
Credit risk. Credit risk is the possibility of losses due to non-payment, or late payment, by
customers.
Currency risk. Currency risk, or foreign exchange risk, arises from the possibility of movements in
foreign exchange rates, and the value of one currency in relation to another.
Interest rate risk. Interest rate risk is the risk of unexpected gains or losses arising as a
consequence of a rise or fall in interest rates.
Gearing risk. Gearing risk for non-bank companies is the risk arising from exposures to high
financial gearing and large amounts of borrowing.
Political risk. Political risk depends to a large extent on the political stability in the countries in which
an organisation operates and the attitudes of governments towards rotectionism.
Legal, or litigation risk arises from the possibility that regulations will affect the way an organisation
has to operate.
Compliance risk is the risk of losses, possibly fines, resulting from non-compliance with laws or
regulations.
Technology risk arises from the possbility that technological change will occur.
Economic risk refers to the risks facing organisations from changes in economic conditions, such as
economic growth or recession, government spending policy and taxation policy, unemployment levels and
international trading conditions.
Environmental risk arises from changes to the environment over which an organisation has no
direct control or for occurrences for which the organisation might be responsible.
Business probity risk is related to the governance and ethics of the organisation.
Derivatives risk refers to the risks due to the use of financial instruments.
- 48 -
Chapter 12. Risk assessment
1. Assessing risks
RISK
CATEGORISED BY
SEVERITY (HAZARD)
THE IMPACT OF THE
RISK ON THE
ORGANISATION
PROBABILITY
THE LIKELIHOOD OF
THE RISK ACTUALLY
OCCURRING.
IMPACT/CONSEQUENCE
LOW HIGH
H
I
G
H
L
O
W
L
I
K
E
L
I
H
O
O
D
- 49 -
Chapter 13. Response to assessed risk (how to manage risk?)
1. The role of the board
The board will generally delegate these activities to a risk committee:
Related to risk management:
(a) Champion and promoter of enterprise risk management (i.e. risk awareness and training) across the
group.
(b) Estiblish risk management police:
(1) risk appetite
(2) how to identify risk, types of risk, source of risk
(3) how to evaluate risk
(4) how to manage risk
(c) Ensure implementation of the Risk Management Policy.
(1) risk manager
(2) ensure resources and cooperation
(d) review and evaluate departmental risk management report.
(e) Responsible for ensuring that all action plans are acted upon and addressed.
(f) Responsible for ensuring that all strategic business risks are considered.
(g) Review Enterprise Risk Profile for effectiveness of management of risks.
(h) Provide quarterly reporting and update on key risk management issues to the board
1.1 Risk appetite
Risk appetite is determined by:
Risk capacity – the amount of risk that the organisation can bear, and
Risk attitude – the overall approach to risk, in terms of the board being risk averse or risk seeking.
2. Role of the risk manager
- 50 -
The risk manager is a member of the risk management committee, reporting directly to that
committee and the board.
The role focuses primarily on implementation of risk management policies.
The manager is supported and monitored by the risk management committee.
The role is more operational than strategic.
Policy is set by the board and the risk management committee and implemented by the risk manager.
3. Risk awareness
In general terms, a lack of risk awareness means that an organisation has an inappropriate risk
management strategy.
Risks affecting the organisation may not have been identified meaning there will be a lack of control
over that risk.
Risks may occur and the control over that risk is not active due to lack of monitoring and awareness.
Continued monitoring within the organisation is therefore required to ensure that risk management
strategies are updated as necessary.
4. Embedding risk
The aim of embedding risk management is to ensure that it is ‘part of the way we do business’ (to
misquote Handy)
It can be considered at two levels:
- embedding risk in systems
- embedding risk in culture
4.1 Embedding risk in systems
Embedding risk in systems applies to the concept of ensuring that risk management is included
within the control systems of an organisation.
In this context, a control system helps ensure that other systems (e.g. the accounting system) are
working correctly.
Risk management is not seen as a separate system.
In many jurisdictions, this is a statutory requirement (e.g. US) while in others it is a code of best
practice (e.g. UK).
To be successful, embedding risk management needs approval and support from the board.
RISK MANAGER
MEMBER OF RISK
COMMITTEE.
IMPLEMENTS
RISK
MANAGEMENT
POLICIES
OPERATIONAL
ROLE
- 51 -
The process of embedding risk management within an organisation’s systems and procedures can be
outlined as follows:
Identify the controls that are already operating within the organisation.
Monitor those controls to ensure that they work
Improve and refine the controls as required.
Document evidence of monitoring and control operation (using performance metrics or independent
assessment such as internal or external audit).
4.2 Embedding risk in cluture
As noted above, risk management needs to be embedded into policies and procedures in an
organisation.
However, the policy may still fail unless all workers in a company (board to employees) accept the
need for risk management.
Embedding risk into culture and values therefore implies that risk management is ‘normal’ for the
organisation.
Methods of embedding risk management in the culture and values of an organisation include:
aligning individual goals with those of the organisation
including risk management responsibilities within job descriptions
establishing reward systems which recognise that risks have to be taken in practice (e.g. not having a
‘blame’ culture)
establishing metrics and performance indicators that can monitor risks and provide an early
EMBEDDING RISK IN SYSTEMS
CONTROL
SYSTEMS
INCLUDE RISK
MANAGEMENT
RISK
MANAGEMENT
NOT A SEPARATE
SYSTEM.
NEEDS BOARD
SUPPORT.
EMBEDDING RISK IN CULTURE
IMPLIES RISK
MANAGEMENT IS
‘NORMAL’
ACTIVITY
SUCCESS
DEPENDS ON
ORGANISATIONAL
CULTURE.
MAIN EMPHASIS –
LACK OF BLAME
CULTURE.
- 52 -
warning if it is seen that risks will actually occur and affect the organisation.
Informing all staff in an organisation of the need for risk management, and publishing success
stories to show how embedding risk management in the culture has benefited both organisation and staff.
5. Risk management: TARA (or SARA)
Strategies for managing risks can be explained as TARA (or SARA): Transference (or Sharing),
Avoidance, Reduction or Acceptance.
Expandable text –Risk management using TARA
5.1 Transference.
In some circumstances, risk can be transferred wholly or in part to a third party, so that if an adverse
event occurs, the third party suffers all or most of the loss. A common example of risk transfer is insurance.
Businesses arrange a wide range of insurance policies for protection against possible losses. This
strategy is also sometimes referred to as sharing.
5.2 Avoidance.
An organisation might choose to avoid a risk altogether. However, since risks are unavoidable in
business ventures, they can be avoided only by not investing (or withdrawing from the business area
completely). The same applies to not-for-profit organisations: risk is unavoidable in the activities they
undertake.
5.3 Reduction/mitigation.
A third strategy is to reduce the risk, either by limiting exposure in a particular area or attempting to
decrease the adverse effects should that risk actually crystallise.
5.4 Acceptance.
The final strategy is to simply accept that the risk may occur and decide to deal with the consequences in
that particularly situation. The strategy is appropriate normally where the adverse effect is minimal. For
example, there is nearly always a risk of rain; unless the business activity cannot take place when it rains
then the risk of rain occuring is not normally insured against.
Changes to the study guide
Relevant to ACCA qualification paper P1
I am also introducing the possibility of bringing in some simple arithmetic calculations into Paper P1 exam
papers (again, from June 2011 onwards). This is to enable some aspects of risk to be examined that
cannot be examined in a solely narrative-based answer. This is a change to the advice I gave when the
Paper P1 Study Guide was first introduced. Students should not expect complicated calculations but
should be prepared to manipulate numerical data and accordingly, a calculator may be helpful in future
- 53 -
Paper P1 exams.
New C1(c): Explain the dynamic nature of risk assessment
This entry into the Study Guide was added to emphasise the fact that risks are not static: they change
over time and between situations. One of the key features of any business environment is that the things
that affect an organisation, either internal or external factors, are very changeable. In some situations,
environmental factors change relatively little, but in other environments, risk factors can change a great
deal. These are sometimes called
‘turbulent’ environments, shown in Figure 1.
The result of this is that the assessment of any given risk can change and, thereby, the strategy for
managing that risk. The probability or impact of a risk can change over time and this change can move a
risk on the likelihood/ impact map which is often used in risk assessment (see Figure 2).
New C1 (d): Explain the importance and nature of management responses to changing risk assessments
Following on from the discussion above about changing risks, it follows that management must tailor its
risk management to match the nature of the risk threat. In terms of policy, those organisations in more
changeable (or more dynamic) environments must make a greater investment in risk management
strategies in order to manage the range and changeability of those risks. It follows that an organisation’s
risk management must match the complexity of its risks. To fail to do this would be an incongruity between
risk and response which could, in turn, be a failure in the strategy of the organisation.
- 54 -
New C1 (e): Explain risk appetite and how this affects risk policy (2)
This addition to the Study Guide introduces the notion of risk appetite which, as its name suggests, is a
measure of the general attitude to accepting risk.
Risk appetite has an important influence on the risk controls that the organisation is likely to have in place.
Organisations that actively seek to avoid risks, perhaps found more in the public sector, charitable sector
and in some ‘process’-oriented companies, do not need the elaborate and costly systems that a risk
seeking company might have. Organisations such as those trading in financial derivatives, volatile share
funds and venture capital companies will typically have complex systems in place to monitor and manage
risk. In such companies, the management of risk is likely to be a strategic core competence of the
business.
New C2 (c): Describe and evaluate the nature and importance of business and financial risks
Business risks are strategic risks that threaten the health and survival of a whole business.
A typical way of considering business risk is to examine the probability of a period of poor earnings and
possible failure, and also to consider the potential impact of that failure.
This brings us back to the notion of stakeholders because the issue is‘impact upon whom?’
C3 (f): Explain and assess the ALARP (as low as reasonably practicable) principle in risk
assessment and how this relates to severity and probability
- 55 -
The important concept here, then, is that the actual risk carried must be as low as reasonably practicable
given the range of activities undertaken and the mitigation costs.
I understand for example (not being a transport expert), that the risk likelihood of rail accidents can be
almost eliminated with the installation of a highly elaborate electronic control equipment that over-rides
human error when it occurs (such as going through red lights and exceeding speed limits). In most
countries, however, the cost of installing this equipment is so prohibitively expensive (such that it would
significantly increase the costs of rail travel) that simpler and cheaper systems are usually installed
instead. Although these cheaper systems are not as effective and rail accidents do sometimes tragically
occur, it is a compromise solution that maintains the risk as low as reasonably practicable.
C3 (g): Evaluate the difficulties of risk perception including the concepts of objective and
subjective risk perception
One of the problems with risk assessment is the quality of the information fed into the risk assessment
‘calculation’. Given that risk assessment can be a vital and strategically important activity for many
organisations, it is important that the likelihood and impacts of a risk are accurately established.
The problem arises when it is difficult to assign accurate and reliable values to those variables.
Sometimes these tasks are straightforward and sometimes they are more problematic. This raises the
issue of measurability.
Some risks can be assessed (which involves establishing the likelihood and impact) with a very high
degree of certainty. If both can be measured with scientific accuracy then we can say that the risk can be
objectively assessed. The information going into the assessment is ‘hard’ in that there is no need for
subjective judgment. In many cases, however risk problems can be ‘messy’ and it can be difficult to
accurately assign a value to a likelihood or an impact. This is where subjective judgements can be used
although there are obvious limitations with such judgments (see Table 1).
- 56 -
Why is this important thing to appreciate in risk management? The certainty of a risk assessment and its
robustness depends upon the ‘quality’ of the information used. If the assessment is based on objective
measurement of likelihood and impact, then clearly the certainty of a risk’s assessment is more robust
than if some of the assessment is based on subjective judgement. This, in turn, might affect the risk
mitigation or risk management strategy.
C3 (h): Explain and evaluate the concepts of related and correlated risk factors
One of the interesting characteristics of risks is that groups of risks sometimes go together in that they are
often present at the same time in the same organisation. A common reason for this is that the risks are in
some way related in that they have a common cause or that one type of risk can give rise to another.
A particular type of relatedness is risk correlation (sometimes called risk covariance). While two risks can
be related in that they are often present together, in order to be correlated, they must vary together (this
being the meaning of correlated). Correlated risks can be negatively correlated (one goes up as the other
declines) or positively correlated (both go up or down together).
David Campbell is examiner for Paper P1
- 57 -
PART D PROFESSIONAL VALUES AND ETHICS
Chapter 14. Ethical Theories
1. Ethics and corporate governance
Ethical considerations are at the root of many perceived problems with corporate governance in actual
practice, by members of the board. Individuals are expected to behave in an ethical way, and ethical
issues are more difficult to be regulated. Corporate governance can only provide a system and
procedures that are seen to be 'ethical' and fair to the shareholders.
Without ethical conduct, regulations and codes of practice will not work. Individuals in positions of power
will be able to circumvent rules and break the laws, and unless they act ethically, might be tempted to do
something illegal or improper in order to obtain personal gain.
2. Ethical Relativism versus absolutism
2.1 Ethical relativism
2.1.1 Definition
Ethical relativism is the theory that, because different societies have different ethical beliefs, there is no
rational way of determining whether an action is morally right or wrong other than by asking whether the
people of this or that society believe it is morally right or wrong. To put it another way: Ethical relativism is
the view that there are no ethical standards that are absolutely true and that apply or should be applied to
the companies and people of all societies.
For example, business bribery
When in Rome, do as the Romans do.
2.2 Ethical absolutism
2.2.1 Definition
Ethical absolutism, also known as universalism, maintains that there are absolute moral truths, not
relative to culture, which all entities obey at all times without exception. According to this view, ethical
judgments are universal-which means that if an action is wrong in one country, it is also wrong in other
countries.
- 58 -
3. Kohlberg's stages of human moral development
3.1 Kohlberg's three level (six stages)
Level one: pre-conventional (the individual is focused on self-interest, external rewards and
punishment)
Stage 1: obedience and punishment
Punishment and obedience orientation where the right acts are done to avoid punishment. Obeying the
rules is a means to avoid punishment
Stage 2: instrumental purpose and exchange
Right behavior being defined by what is in one’s own best interest
Level two: conventional (the individual tends to do what is expected of them by others)
Stage 3: interpersonal accord and conformity
Actions are defined by what is expected of individuals by their peers and those close to them. Live up to
others’ expectations in order to be seen to be good and then self-regard as being good
Stage 4: social accord and system maintenance
This stage of moral development, people begin to consider society as a whole when making judgments.
Fulfils social duties in order to keep the social system going
Level three: post-conventional (the individual starts to develop autonomous decision making which is
based on internal perspectives of right/wrong ethics, etc. rather than based on any external
influences)
Stage 5: social contract and individual rights
At this stage, people begin to account for the differing values, opinions, and beliefs of other people. Right
and wrong are determined by reference to basic rights, values and contracts of society
Stage 6: universal ethical principles
- 59 -
Kohlberg’s final level of moral reasoning is based upon universal ethical principles and abstract reasoning.
Follows self-chosen ethical principles which they believe everyone should follow.
4. Deontological and teleological / consequentialist approach to ethics
Traditional ethical theories generally can be differentiated into two groups namely:
(a) Consequentialist approaches, which based the moral judgment on the outcomes of a certain
action. If these outcomes are desirable then the action, in question is morally right if the
outcomes of the action are not desire, the action is morally wrong. The moral judgment in these
theories is thus based on the intended outcomes, the aims, or the goals of a certain action. Therefore,
consequentialist ethics is often also referred to by the term teleological, based on the Greek word for
'goal'
(b) Non-consequentialist which based the moral judgment on the underlying principles of the
decision-maker's motivation. An action is right or wrong, is not because we like the
consequences they produce but because the underlying principles are morally right. These theories,
also called deontological, based on the Greek word for 'duty', look at the desirability of principles, and
based on these principles, deduce a 'duty' to act accordingly in a given situation, regardless of the
desirability of the consequences.
4.1 Teleological approach
There are two main consequentiality theories:
(a) Egoism
(b) Utilitarianism
4.1.1 Egoism
'Following the theory of egoism, an action is morally right if the decision maker freely decides in order to
pursue either their (short term) desires or their (long term) interests.'
The justification for egoism lies in the underlying concept of man: as man has only limited insight into the
consequences of his actions, the only suitable strategy to achieve a good life is to pursue his own desires
or interests. Adam Smith (1793) argued that in the economic system, this pursuit of individual self- interest
was acceptable because it produced a morally desirable outcome for society through the 'invisible hand'
of the market place. This means one is likely to find a moral outcome as the end-product of a system
based on free competition and good information.
4.1.2 Utilitarianism
Utilitarianism could be defined as follows:
- 60 -
'According to utilitarianism, an action is morally right if it results in the greatest amount of good
for the greatest amount of people affected by the action.'
This principle, also called the 'greatest happiness principle' is the ultimate consequentialist principle as it
focuses solely on the consequences of an action and weighs the good results against the bad results and
finally encourages the action which results in the greatest amount of good for all people involved. Unlike
egoism, it does not only look at each individual involved to ask whether their individual desires and
interests are met, but it focuses on the collective welfare that is produced by a certain decision.
4.2 Deontological approach
There are two main types of non-consequentialist ethical theories that have been traditionally applied to
business ethics:
(a) Ethics of duties
(b) Ethics of rights and justice
4.2.1 Ethics of duties
(a) Introduction
The main contributor of this approach is German philosopher Immanuel Kant (1724-1804) who thought
that morality and the decision about right and wrong action was not dependent on a particular situation, let
alone on the consequences of the action. For Kant, morality was a question of certain eternal, abstract,
and unchangeable principles-a set of priori moral laws-that humans should apply to all ethical
problems. He saw humans as rational actors who could decide these principles for themselves.
Hence, humans could therefore also be regarded as independent moral actors who make their own
rational decisions regarding right and wrong.
Kant subsequently developed a theoretical framework through which these principles could be derived,
called the 'categorical imperative'. By this he meant that this theoretical framework should be applied to
every moral issue regardless of who is involved, who profits, and who is harmed by the principles once
they have been applied in specific situations.
The categorical imperative consists of three parts, which Kant puts forward as follows:
Maxim 1: Act only according to that maxim by which you can at the same time view that it should become
a universal law
Maxim 2: Act so that you treat humanity, whether in your own person or in that of another, always as an
end and never as a means only.
Maxim 3: Act only so that the will through its maxims could regard itself at the same time as universally
lawgiving
- 61 -
According to Kant, these three maxims can be used as tests for every possible action, and an action is to
be regarded as morally right if it 'survives' all three tests. This suggests that morality is characterized by
three important elements, each of which is tested by one of these maxims.
(b) What do the maxims mean?
Maxim 1 checks if the action could be performed by everyone and reflects the aspect of consistency,
as in an action can only be right if everyone could follow the same underlying principle.
For example, murder is an immoral action because if we allowed everyone to murder, there would be no
possibility of human life on earth; lying is immoral, because if everybody were allowed to lie, the entire
notion of 'truth' would be impossible and an organized and stable human civilization would not be
imaginable.
Maxim 2 focuses on Kant's view that humans deserve respect as independent, rational actors, and
that this human dignity should, never be ignored.
For example, we all use people as means, as soon as we employ them or pay them to provide us with
goods or services. However, this does not mean we should only treat them as means to achieve what we
want and just forget about their own needs and goals in life, and their expectations to make their own
choices.
Maxim 3 scrutinizes the element of universality. Kant wants us to check if the principles of our
actions would be acceptable for every human being. This test therefore tries to overcome
specifically the risk of subjectivity inherent to the utilitarian analysis, since it asks us to check if other
rational actors would endorse our judgment of a certain situation as well.
For example, if you would be uncomfortable if your actions were reported in the local press, you can fairly
sure that they are of doubtful moral status:
Work ethics
- 62 -
Scenario for the AAA model
An auditor uncovers an irregular cash payment and receives an unsatisfactory explanation for it from the
client’s finance director. He suspects the cash payment is a bribe paid to someone but can’t prove it. The
client then offers to pay the auditor a large amount of money if he pretends not to have noticed the
payment. The amount of money offered by the client is large enough to make a significant difference to
the auditor’s wealth. Should the auditor take the money?
Step 1: What are the facts of the case?
The facts are that the auditor has uncovered what he believes to be a bribe and has, in turn, been offered
a bribe to ignore or overlook.
Step 2: What are the ethical issues in the case?
The ethical issue is whether or not an auditor should accept a bribe. In accepting the bribe he would be
acting illegally and would also be negligent of his professional duties.
Step 3: What are the norms, principles, and values related to the case?
The norms, principles, and values are that auditors are assumed (by shareholders and others active in
capital markets) to have impeccable integrity and to assure that the company is providing a ‘true and fair
view’ of its financial situation at the time of the audit. Auditors are entrusted with the task of assuring a
company’s financial accounts and anything that prevents this or interferes with an auditor’s objectivity is a
failure of the auditor’s duty to shareholders.
Step 4: What are the alternative courses of action?
Option 1 is to accept the bribe and ignore the irregular cash payment. Option 2 is to refuse the bribe and
take appropriate actions accordingly.
Step 5: What is the best course of action that is consistent with the norms, principles, and values
identified in Step 3?
The course of action consistent with the norms, principles, and values in Step 3 is to refuse the bribe. The
auditor would report the initial irregular payment and then also probably report the client for offering the
second bribe
Step 6: What are the consequences of each possible course of action?
Under Option 1, the auditor would accept the bribe. He would enjoy the increase in wealth and
presumably an increase in his standard of living but he would expose himself to the risk of being in both
professional and legal trouble if his acceptance of the bribe was ever uncovered. He would have to ‘live
with himself’ knowing that he had taken a bribe and would be in debt to the client, knowing that the client
could expose him at any time.
- 63 -
Under Option 2, the auditor would refuse the bribe. This would be likely to have a number of unfortunate
consequences for the client and possibly for the future of the client–auditor relationship. It would, however,
maintain and enhance the reputation and social standing of auditors, maintain public confidence in audit,
and serve the best interests of the shareholders.
Step 7: What is the decision?
The ethical decision is Option 2. The auditor should refuse the bribe.
Tucker: Scenario 1
Big Company is planning to build a new factory in a developing country. Analysis shows that the new
factory investment will be more profitable than alternatives because of the cheaper labour and land costs.
The government of the developing country has helped the company with its legal compliance, which is
now fully complete, and the local population is anxiously waiting for the jobs which will, in turn, bring much
needed economic growth to the developing country. The factory is to be built on reclaimed ‘brownfield’
land and will produce a lower unit rate of environmental emissions than a previous technology.
Is it profitable?
Yes. The investment will enable the company to make a superior return than the alternatives.
The case explains that these are ‘because of the cheaper labour and land costs’.
Is it legal?
Yes. The government of the developing country, presumably very keen to attract the investment, has
helped the company with its legal issues.
Is it fair?
As far as we can tell, yes. The only stakeholder mentioned in the scenario is the workforce of the
developing country who, we are told, is ‘anxiously waiting’ for the jobs. The scenario does not mention any
stakeholders adversely affected by the investment.
- 64 -
Is it right?
Yes. The scenario explains that the factory will help the developing country with ‘much needed economic
growth’, and no counter‑arguments are given.
Is it sustainable or environmentally sound?
Yes. The scenario specifically mentions an environmental advantage from the investment.
So in this especially simplified case, the decision is clear as it passes each decision criteria in the
5-question model. In more complex situations, it is likely to be a much more finely balanced decision.
Tucker: Scenario 2
Some more information has emerged about Big Company’s new factory in the developing country. The
‘brownfield’ land that the factory is to be built on has been forcefully requisitioned from a community (the
‘Poor Community’) considered as ‘second class citizens’ by the government of the developing country.
The Poor Community occupied the land as a slum and now has nowhere to live.
Is it profitable?
Yes. The same arguments apply as before.
Is it legal?
It appears that the government of the developing country has no effective laws to prevent the forced
displacement of the Poor Community and may be complicit in the forced removal. While the investment
may not be technically illegal, it appears that the legal structures in the host country are not particularly
robust and are capable of what amounts to the oppression of the Poor Community.
Is it fair?
While the issue of the much needed employment remains important, it must be borne in mind that the jobs
are provided at the cost of the Poor Community’s homes. This apparent unfairness to the Poor
Community is a relevant factor in this question. The answer to ‘is it fair?’ will depend on the decision
maker’s views of the conflicting rights of the parties involved.
Is it right?
The new information invites the decision maker to make an ethical assessment of the rights of the Poor
Community against the economic benefits of the investment. Other information might be sought to help to
make this assessment including, for example, the legality of the Poor Community’s occupation of the site,
and options for rehousing them once construction on the site has begun.
Is it sustainable or environmentally sound?
Yes. The same arguments apply as before.
IN SUMMARY
- 65 -
The AAA model invites the decision maker to explicitly outline their norms, principles, and values, while
Tucker’s model allows for discussion and debate over conflicting claims (eg between different beliefs of
what is ‘fair’ and ‘right’). Both are potentially useful to senior decision makers.
David Campbell is examiner for Paper P1
- 66 -
Chapter 15. Different Approaches to Ethics and Social
Responsibility
1. The social responsibility of organizations
(a) All about stakeholders part 1
(b) All about stakeholders part 2
STAKEHOLDERS
The best definition of this is by Freeman, who in 1984 defined a stakeholder as: ‘Any group or
individual who can affect or [be] affected by the achievement of an organisation’s objectives’. This
definition shows the important bi-directionality of stakeholders – that they can be both affected by –
and can affect – an organisation. Of course, some stakeholders will be in both camps.
When we think of stakeholders, it is possible to list many examples, but the ones that usually come to
mind are shareholders, management, employees, trade unions, customers, suppliers, and communities.
However, larger and more complex organizations can have many more stakeholders than these.
STAKEHOLDER ‘CLAIMS’
The reason why stakeholders are important in both business ethics and in strategic analysis is because of
the notion of stakeholder ‘claims’. A stakeholder does not simply exist (as far as the organisation is
concerned) but makes demands of it. This is where understanding stakeholding can become more
complicated. Essentially, stakeholders ‘want something’ from an organisation. Some want to influence
what the organisation does (those stakeholders who want to affect) and others are, or potentially could be,
concerned with the way they are affected by the organisation and may want to increase, decrease, or
change the way the activities of the organisation affect them.
One of the problems with identifying stakeholder claims, however, is that some stakeholders may not
even know that they have a claim against an organisation, or may know they have a claim but are
unaware of what it is. This brings us to the issue of direct and indirect stakeholder claims.
Direct stakeholder claims are made by those with their own ‘voice’. These claims are usually
unambiguous, and are often made directly between the stakeholder and the organisation. Stakeholders
making direct claims will typically include trade unions, shareholders, employees, customers, suppliers
and, in some instances, local communities.
Indirect claims are made by those stakeholders unable to make the claim directly because they are, for
some reason, inarticulate or ‘voiceless’.
- 67 -
Include the stakeholder being (apparently) powerless (eg an individual customer of a very large
organisation), not existing yet (eg future generations), having no voice (eg the natural environment), or
being remote from the organisation (eg producer groups in distant countries).
This raises the problem of interpretation. The claim of an indirect stakeholder must be interpreted by
someone else in order to be expressed, and it is this interpretation that makes indirect representation
problematic.
This lack of clarity on the reliability of spokespersons for these stakeholders makes it very difficult to
operationalise (to include in a decision-making process) their claims.
UNDERSTANDING THE INFLUENCE OF EACH STAKEHOLDER (MENDELOW)
Influence = Power x Interest
The ‘map’ generated by the analysis of power and interest (on which stakeholders are plotted
accordingly) is not static; changing events can mean that stakeholders can move around the map with
consequent changes to the list of the most influential stakeholders in an organisation.
HOW TO CATEGORISE STAKEHOLDERS
Internal and external stakeholders
Perhaps the easiest and most straightforward distinction is between stakeholders inside the
organisation and those outside. Internal stakeholders will typically include employees and
management, whereas external stakeholders will include customers, competitors, suppliers, and so on.
Some stakeholders will be more difficult to categorise, such as trade unions that may have elements of
both internal and external membership
Narrow and wide stakeholders (Evans and Freeman)
- 68 -
Narrow stakeholders are those that are the most affected by the organisation’s policies and will
usually include shareholders, management, employees, suppliers, and customers who are dependent
upon the organisation’s output. Wider stakeholders are those less affected and may typically include
government, less-dependent customers, the wider community (as opposed to the local community) and
other peripheral groups. The Evans and Freeman model may lead some to conclude that an organisation
has a higher degree of responsibility and accountability to its narrower stakeholders.
Primary and secondary stakeholders (Clarkson)
According to Clarkson: ‘A primary stakeholder group is one without whose continuing participation
the corporation cannot survive as a going concern’. Hence, whereas Evans and Freeman view
stakeholders as being (or not being) influenced by an organisation, Clarkson sees the important
distinction as being between those that do influence an organisation and those that do not. Secondary
stakeholders are those that the organization does not directly depend upon for its immediate
survival.
Active and passive stakeholders (Mahoney)
Mahoney (1994) divided stakeholders into those who are active and those who are passive. Active
stakeholders are those who seek to participate in the organisation’s activities. These stakeholders
may or may not be a part of the organisation’s formal structure. Management and employees obviously
fall into this active category, but so may some parties from outside an organisation, such as regulators (in
the case of, say, UK privatised utilities) and environmental pressure groups.
Passive stakeholders, in contrast, are those who do not normally seek to participate in an
organisation’s policy making. This is not to say that passive stakeholders are any less interested or
less powerful, but they do not seek to take an active part in the organisation’s strategy. Passive
stakeholders will normally include most shareholders, government, and local communities.
Voluntary and involuntary stakeholders
This distinction describes those stakeholders who engage with the organisation voluntarily and
those who become stakeholders involuntarily. Voluntary stakeholders will include, for example,
employees with transferable skills (who could work elsewhere), most customers, suppliers, and
shareholders. Some stakeholders, however, do not choose to be stakeholders but are so nevertheless.
Involuntary stakeholders include those affected by the activities of large organisations, local communities
and ‘neighbours’, the natural environment, future generations, and most competitors.
Legitimate and illegitimate stakeholders
- 69 -
This is one of the more difficult categorisations to make, as a stakeholder’s legitimacy depends on
your viewpoint (one person’s ‘terrorist’, for example, is another’s ‘freedom fighter’). While those with an
active economic relationship with an organization will almost always be considered legitimate, others
that make claims without such a link, or that have no mandate to make a claim, will be considered
illegitimate by some. This means that there is no possible case for taking their views into account when
making decisions.
While terrorists will usually be considered illegitimate, there is more debate on the legitimacy of the claims
of lobby groups, campaigning organisations, and non-governmental/charitable organisations.
Recognised and unrecognised (by the organisation) stakeholders
The categorisation by recognition follows on from the debate over legitimacy. If an organisation considers
a stakeholder’s claim to be illegitimate, it is likely that its claim will not be recognised. This means the
stakeholder’s claim will not be taken into account when the organisation makes decisions.
Known about and unknown stakeholders
Finally, some stakeholders are known about by the organisation in question and others are not.
This means, of course, that it is very difficult to recognise whether the claims of unknown stakeholders
(eg nameless sea creatures, undiscovered species, communities in close proximity to overseas
suppliers, etc) are considered legitimate or not. Some say that it is a moral duty for organisations to seek
out all possible stakeholders before a decision is taken and this can sometimes result in the adoption of
minimum impact policies.
David Campbell is examiner for Paper P1
Who’s who
THE STAKEHOLDER/STOCKHOLDER DEBATE
Essentially, proponents of the stockholder theory argue that because organisations are ‘owned’ by their
principals, the agents (directors) have a moral and legal duty to only take account of principals’ claims
when setting objectives and making decisions. Hence, for a joint‑stock business such as a public
company, it may be assumed that because principals (shareholders) seek to maximise their returns, the
sole duty of agents is to act in such a way as to achieve that.
Stakeholder theorists, in contrast, argue that because a business organisation is a citizen of society,
enjoying its protection, support and benefits, it has a duty to recognise a plurality of claims in the same
way that an individual might act as a ‘responsible citizen’. In effect, this means recognising claims in
addition to those of shareholders when reaching decisions and deciding on strategies
INSTRUMENTAL AND NORMATIVE MOTIVATIONS
The instrumental view of stakeholders
- 70 -
The instrumental view of stakeholder relations is that organisations take stakeholder opinions into
account only insofar as they are consistent with other, more important, economic objectives (eg profit
maximisation, gaining market share, compliance with a corporate governance standard).
If the loyalty or commitment of an important primary or active stakeholder group is threatened, it is likely
that the organisation will recognize the group’s claim because not to do so would threaten to reduce
its economic performance and profitability.
The normative view of stakeholders
The normative view argues that organisations should accommodate stakeholder concerns not because of
what the organisation can instrumentally ‘get out of it’ for its own profit, but because by doing so the
organisation observes its moral duty to each stakeholder. The normative view sees stakeholders
as ends in themselves and not just instrumental to the achievement of other ends.
SEVEN POSITIONS ALONG THE CONTINUUM: GRAY, OWEN and ADAMS
The stakeholder/stockholder debate can be represented as a continuum, with the two extremes
representing the ‘pure’ versions of each argument.
Pristine capitalists
At the extreme stockholder-end is the pristine capitalist position. The value underpinning this position is
shareholder wealth maximisation, and implicit within it is the view that anything that reduces potential
shareholder wealth is effectively theft from shareholders.
Expedients
The expedient position shares the same underlying value as that of the pristine capitalist
(That of maximising shareholder wealth), but recognises that some social responsibility expenditure
may be necessary in order to better strategically position an organisation so as to maximise
profits.
Social contract position
The notion of social contract has its roots in political theory. Democratic governments are said to
govern in a social contract with the governed. This means that a democratic government must govern
broadly in line with the expectations, norms and acceptations of the society it governs and, in exchange,
society agrees to comply with the laws and regulations passed by the government. Failure by either side
to comply with these terms will result in the social contract being broken.
The social contract position argues that businesses enjoy a licence to operate and that this licence is
granted by society as long as the business acts in such a way as to be deserving of that licence.
If an organisation acts in a way that society finds unacceptable, the licence to operate can be withdrawn
by society, as was the case with Arthur Andersen after the collapse of Enron.
Social ecologists
- 71 -
Social ecologists go a stage further than the social contractarians in recognising that
(regardless of the views of society), business has a social and environmental footprint and therefore
bears some responsibility in minimising the footprint it creates. An organisation might adopt socially
and/or environmentally responsible policies not because it has to in order to be aligned with the norms of
society (as the social contractarians would say) but because it feels it has a responsibility to do so.
Socialists
In the context of this argument, socialists are those that see the actions of business as those of a
capitalist class subjugating, manipulating, and even oppressing other classes of people. Business is a
concentrator of wealth in society (not a redistributor) and so the task of business, social, and
environmental responsibility is very large – much more so than merely adopting token policies (as
socialists would see them) that still maintain the supremacy of the capitalist classes. Business should be
conducted in a very different way – one that recognizes and redresses the imbalances in society and
provides benefits to stakeholders well beyond the owners of capital.
Radical feminists
They argue that society and business are based on values that are usually considered masculine in
nature such as aggression, power, assertiveness, hierarchy, domination, and competitiveness. It is these
emphases, they argue, that have got society and environment in the ‘mess’ that some people say they are
in.
If society and business were based instead on values such as connectedness, equality, dialogue,
compassion, fairness, and mercy (traditionally seen as feminine characteristics).
Deep ecologists
Strongly believing that humans have no more intrinsic right to exist than any other species, they argue
that just because humans are able to control and subjugate social and environmental systems does not
mean that they should.
The world’s ecosystems of flora and fauna, the delicate balances of species and systems are so valuable
and fragile that it is immoral for these to be damaged simply (as they would see it) for the purpose of
human economic growth.
A full recognition of each stakeholders’ claim would not allow business to continue as it currently does and
this is in alignment with the overall objectives of the deep ecologists or deep greens.
David Campbell is examiner for Paper P1
- 72 -
Chapter 16. Professions and the public interest
1. Profession and professionalism
1.1 Profession
A body of theory and knowledge which is used to support the public interest
A body of theory included:
(a) Ethical standard
(b) Auditing standard
(c) Examination
1.2 Professionalism
Taking action to support the public interest
Action included:
(a) Reactive approach
(b) Proactive approach
2. Accountancy profession and the public interests
(a) The public interest (‘common well-being’ or ‘general welfare’)
(b) No set of definition
(c) Concept tend to apply to providing information that society as a whole should be aware of
(d) No law to confirm this action but encourage doing so
3. The role of accountancy profession in the organizational context and
society
(a) Financial accounting
(b) Cost and Management accounting
(c) Financial management
(d) Auditing
- 73 -
4. The ethical responsibilities of a professional accountant both as an
employee and as a professional
Responsibilities to employer:
(a) An accountant’s responsibilities to his or her employer extend to acting with diligence, probity and
with the highest standards of care in all situations.
(b) accountant to observe employee confidentiality as far as possible
(c) he or she will show loyalty within the bounds of legal and ethical good practice.
Responsibilities as a professional:
(a) professional accountants are expected to observe the letter and spirit of the law in detail and of
professional ethical codes where applicable
(c) In any professional or ethical situation where codes do not clearly apply, a professional accountant
should apply ‘principles-based’ ethical standards
(c) Finally, and in common with members of other professions, accountants are required to act in the
public interest
- 74 -
Chapter 17. Professional Practice and Codes of Ethics
1. Code of ethics for business conduct
1.1 Describe the purposes of a corporate code of ethics
(a) To convey the ethical values of the company to interested audiences including employees, customers,
communities and shareholders.
(b) To control unethical practice within the organisation by placing limits on behaviour and prescribing
behaviour in given situations.
(c) To be a stimulant to improved ethical behaviour in the organisation by insisting on full compliance with
the code.
1.2 Outline of the content of a code of business practice and ethics
(a) Preface or Introduction
(signed by the Chairman or Chief Executive Officer or both)
Start with a sentence on the purpose of the Statement-mention the values that are important to the top
management in the conduct of the business such as integrity, responsibility and reputation. Describe
the leadership commitment in maintaining high standards both within the organization and in its
dealings with others. Set out the role of the company in the community and end with a personal
endorsement of the code and the expectation that the standard set out in it will be maintained by all
involved in the organization.
(b) Key areas to include:
1. The Purpose and Values of the Business
The service, which is being provided-a group of products, or set or services-financial objectives and the
business' role in society as the company sees it.
2. Employees
How the business values employees. The company's policies on working conditions, recruitment,
development and training rewards, health, safety & security, equal opportunities, diversity retirement,
redundancy, discrimination, harassment and use of company assets by employees.
3. Customer Relations
The importance of customer satisfaction and good faith in all agreements, quality; fair pricing and
after-sales service.
4. Shareholders or other providers of money
- 75 -
The protection of investment made in the company and proper 'return' on money lent. A commitment to
accurate and timely communication on achievements and prospects.
5. Suppliers
Prompt settling of bills. Co-operation to achieve quality and efficiency. No bribery or excess hospitality
accepted or given.
6. Society or the wider community
Compliance with the spirit of laws as well as the letter. The company's obligations to protect and preserve
the environment_ The involvement of the company and its staff in local affairs. The corporate policy on
sponsorship as well as giving to education and charitable appeals.
7. Implementation
The process by which the code is issued and used. Means to obtain advice. Awareness raising examples
(Q & As) Training programmes for all staff.
8. Assurance, reporting and reviews
Suggest ways of knowing if the code is effective. Report to the board or board committee at least annually.
Review procedures for updating the code
1.3 The code of ethics can be used as part of a company’s overall strategic
positioning.
(a) Strategic positioning is about the way that a whole company is placed in its environment
(b) Ethical reputation and practice can be a key part of environmental ‘fit’
(c) The ‘fit’ enables the company to more fully meet the expectations, needs and demands of its relevant
stakeholders
(d) The ‘quality’ of the strategic ‘fit’ is one of the major determinants of business performance and so is
vital to the success of the business.
2. Code of ethics relevant to the accounting profession
The IFAC Code of Ethics for Professional Accountants (the Code) establishes the fundamental principles
of ethics for professional accountants and provides a conceptual framework to assist professional
accountants to identify, evaluate and respond to threats to compliance with those principles.
2.1 The contents
The Code is divided into three parts
(a) Part A applies to all professional accountants.
(b) Part B applies to professional accountants in public practice
- 76 -
(c) Part C applies to professional accountants in business.
Part A of the Code sets out the fundamental principles and explains the framework approach. It also
sets out:
(1) The categories into which many threats to compliance with the fundamental principles may fall;
(2) Examples of safeguards created by the profession, legislation or regulation;
(3) Examples of safeguards that may increase the likelihood of identifying or deterring unethical
behavior.
This part also includes guidance regarding the resolution of ethical conflicts
Part B and C of the Code include examples that are intended to illustrate the Application of the
principles.
2.2 whether do we need a code of professional ethic
No Need:
(a) they contain descriptions of situations that accountants might encounter, they can convey the (false)
impression that professional ethics can be reduced to a set of rules contained in a code
(b) Ethical codes do not and cannot capture all ethical circumstances and dilemmas that a professional
accountant will encounter
(c) regional variations in cultural, social and ethical norms mean that such codes cannot capture important
differences in emphasis in some parts of the world
(d) professional codes of ethics are not technically enforceable in any legal manner although sanctions
exist for gross breach of the code in some jurisdictions
Need:
(a) Professional codes of ethics signal the importance, to accountants, of ethics and acting in the public
interest in the professional accounting environment
(b) profession is likely to exist only as long as the public interest is supported over and above competing
interests
(c) “the accountancy profession throughout the world operates in an environment with different cultures
and regulatory requirements. The basic intent of the Code, however, should always be respected.”
2.3 Fundamental principles
3. Fundamental principles of IFAC; ACCA code of ethic and conduct
(a) Integrity
- 77 -
A professional accountant should be straightforward and honest in all professional and business
relationships. Integrity also implies fair dealing and truthfulness.
(b) Objective
A professional accountant should not allow prejudice or bias, conflict of interest or undue influence of
others to override professional or business judgments.
(c) Professional competency and due care
(1) To maintain professional knowledge and sill at the level required to ensure that a client or employer
receives the advantage of competent professional service based on current developments in practice,
legislation and techniques; and
(2) To act diligently in accordance with applicable technical and professional standards in all professional
and business relationships.
(d) Confidentiality
A professional accountant should respect the confidentiality of information acquired as a result of
professional and business relationships and should not disclose any such information to third parties
without proper and specific authority unless there is a legal or professional right or duty to disclose.
Confidential information acquired as result of professional and business relationships should not be used
for the personal advantage of the professional accountant or third parties.
(e) Professional behaviors
A professional accountant should comply with relevant laws and regulations and should avoid any action
that discredits the profession.
Definition of independent
Independent in appearance
Independent in mind
4. Ethic threatens affect auditor’s independent; objective and suitable
safeguard
Ethical threats
the ACCA’s Code of Ethics state ethical threats generally fall into five distinct categories:
3.1 Self-Interest threat;
3.2 Self-review threat;
3.3 Familiarity threats;
- 78 -
3.4 Advocacy threats;
3.5 Intimidation threats;
3.1 Self-interest threats:
(a) Auditors receive excessive gifts or hospitality from a client
The risk here is that auditors ignore errors in the Financial Statements so as not to upset the client as this
may lead to the gifts/hospitality being withdrawn.
(b) Auditors receive a large proportion of their fees from one client
Auditors may ignore errors in the Financial Statements for fear of losing the client and the associated
income.
(c) Auditors have personal or business relationships with a client
If the auditor has a personal or business relationship with then they may ignore problems with the client’s
financial statements in order to protect this relationship.
(d) Audit fees are agreed on a contingent basis
Contingent fees are fees that are dependent on the outcome of the work performed. If audit fees are
calculated on this basis, the auditors may be tempted to give an opinion that the directors want, rather
than the correct opinion, so as to receive these fees.
(e) Auditors and clients lend each other money
This relationship is almost certain to threaten an auditor’s independence and objectivity. If the client owes
the auditor money, the auditor may not want to risk upsetting them with a qualified opinion in case this
leads to the client defaulting on the debt. Note that in a situation where there are overdue fees, the auditor
runs the risk, in effect, of making a loan to a client.
(f) Auditors set their fees at an unrealistically low level in order to secure work (also known as low-balling)
By setting audit fees at an unrealistically low level in order to win other more lucrative work such as tax
advice, auditors risk not being able to resource the audit properly. This could be perceived as negligence.
Safeguards against self-interest threats
Financial Interests (e.g. owning shares in a client)
The ACCA does not allow any of following parties to own a direct financial interest in a client or a material
indirect financial interest in a client (e.g. by investing in a pension scheme that invests in the client’s
shares):
• The audit firm;
• A member of the audit team;
- 79 -
• The immediate family of a member of the audit team.
The following safeguards should be put in place:
• Dispose of any interest as soon as it is identified;
• Remove the individual from the audit team if necessary;
• Inform the client of the situation;
• Use an independent partner to review any work already carried out.
(a) Gifts and Hospitality
Gifts and hospitality should not be accepted unless the value is clearly insignificant.
(b) High Proportion of Fees from One Client
Audit firms should avoid having any one client that makes up a significant proportion of their fee income.
(1) Listed Clients Gross recurring fees from a single listed client should not be more than 10% of audit
firm’s total income. When these fees reach 5%, the situation should be reviewed.
(2) Non Listed Clients Gross recurring fees a single non-listed client should not be more than15% of audit
firm’s total income. When these fees reach 10% the situation should be reviewed.
(c) Close Business or Personal Relationships
An auditor should not participate in a personal or business relationship with a client. If an individual team
member has such an interest they should be removed from the audit team.
An audit partner should not accept a key management position at an audit client until at least two years
have elapsed since his/her involvement in the audit.
(d) Contingent Fees
Audit firms are not allowed to enter into any fee arrangement that is contingent in nature.
(e) Loans and Overdue Fees
Audit firms or team members should not enter into any loan relationship with a client.
The only exception to this is where a loan is made to a member of an assurance team by a bank or other
lending institution. Providing this loan is on normal commercial terms, this is not perceived to be a threat
to independence.
Audit firms should guard against overdue fees and consider resigning when fees remain unpaid.
(f) Lowballing
If an audit engagement is accepted at a lower than average fee the audit firm must:
(1) Demonstrate that appropriate staff and time are spent on the work;
- 80 -
(2) Comply with the applicable professional and technical standards.
3.2 Self-review threats
This threat arises when auditors perform work/produce information for the client that they end up
reviewing themselves as part of an assurance engagement.
Self-review threats arise when auditors:
(a) Give advice on accounting or control systems and then audit them (e.g. by performing internal audit
services for the client);
(b) Prepare financial information or assist with calculations then audit this information;
(c) Provide services for the client e.g. tax, valuation, corporate finance, and then review this work as part
of the audit;
(d) Join the audit team after working for the client.
Safeguards against self-review threats:
(a) Provision of Services Other than Audit
Providing a client with services other than audit is a highly controversial issue. In most cases it is fine to
provide other services providing independence and objectivity are not affected.
Safeguards should be put in place such as:
(1) The team that performs the audit should be composed of entirely different members to the one that
performs the other service;
(2) An independent second partner review on all work performed;
(3) Refuse the other service if audit objectivity is threatened.
There are however some notable exceptions in terms of the provision of other services:
(1) Auditors should not prepare the accounts or Financial Statements for a listed or public interest client;
(2) Audit firms should not carry out valuations on matters which may be material to the Financial
Statements;
(3) Audit firms should not be involved in the design or implementation of an IT system for the client where
that IT system is an integral part of the accounting function.
(b) Client Employee Joins Audit Team
If, in the previous two years, an individual has been a director of the client or involved in any way with the
information being audited they should not be assigned to the audit team.
- 81 -
3.3 Familiarity threats
Familiarity threats arise when the auditors develop a close relationship with the client and as a result
become too sympathetic to their interests or too trusting of their work.
Examples of familiarity threats are:
(a) The auditor audits a company where friends or relatives work;
(b) The auditor has been auditing the company many years;
(c) There are people working at the client who recently worked for the audit form.
Safeguards against familiarity threats
(a) No member of the audit team should have a close personal or business relationship with the client.
(b) The engagement partner should act for no longer than five consecutive years. They should not return
to this role until a further five years have elapsed;
(c) Other key audit partners should act for no longer than seven consecutive years. They should not
return to the role until a further two years have elapsed;
(d) The person responsible for quality control review on the audit engagement should act for no longer
than seven years. They should not return to the role until a further two years have elapsed.
(e) Audit partner should not accept a key management position at an audit client until at least two years
have elapsed since his/her involvement in the audit.
3.4 Advocacy threat
This may occur when the auditor is asked to promote the client's position or represent them in some way.
In this situation the auditor would have to be biased in favour of the client and therefore cannot be
objective.
Examples of advocacy threats include:
(a) Representing an audit client in a legal case or tax enquiry;
(b) Auditor to promote their shares for a stock exchange listing
Safeguards against advocacy threats
(a) Refuse representing an audit client in a legal case or tax enquiry;
(b) Refuse promote their shares for a stock exchange listing
- 82 -
3.5 Intimidation threats
This threat is caused by a client being in a position to put pressure on an auditor to prevent them acting
objectively. This could arise from family and personal relationships, litigation or close business
relationships.
As a result, the intimidation threat is very closely related to the self-interest and the advocacy threat so the
safeguards are the same.
May communicate to audit committee if any, or otherwise withdraw engagement.
- 83 -
Chapter 18. Social and Environmental Issues in the Conduct
of Business and Ethical Behavior
1. The impact of economic activity on the environment and society
Environmental footprint
The year 2000 report published by the World watch Institute, a highly respected research group made the
following alarming environmental trends that are shaping the future of civilization. This includes:
(a) Rising temperature
(b) Falling water tables
(c) Sinking cropland per person
(d) Shrinking forest
(e) Loss of plant and animal species
2. Sustainability
According to World Commission on Environment and Development (1987), sustainable development is
defined as development that meets the needs of the present without compromising the ability of future
generation to meet their own needs.
Hence, sustainability is now regarded as comprising three components- environmental, economic, and
social i.e. the notion of a 'triple bottom line'.
2.1 Environmental perspectives
The basic principles of sustainability in the environmental perspective concern the effective management
of physical resources so that they are conserved for the future. All bio systems are regarded as having
finite resources and finite capacity and hence sustainable human activity must operate at a level that does
not threaten the health of those systems. Even at the most basic level, these concerns suggest a need to
address a number of critical business problems, such as the impacts of industrialization on biodiversity,
the continued use of non-renewable resource such as oil, steel and coal, as well as the production of
damaging environmental pollutants like greenhouse gases from industrial plants.
2.2 Economic perspectives
- 84 -
A narrow concept of economic sustainability focuses on the economic performance of the corporation
itself: the responsibility of management is to develop, produce and market those products that secure the
long-term economic performance for the corporation. This includes a focus on those strategies which, for
example, lead to a long-term rise in share price, revenues and market share rather than short-term
'explosions' of profits at the expense of long-term viability success.
A broader concept of economic sustainability would include the company's attitude towards and impacts
upon the economic framework in which it is embedded. Paying brides or building cartels, for instance,
could be regarded as economically unsustainable because these activities undermine the long-term
functioning of markets. Corporations which attempt to avoid paying corporate taxes through subtle
accounting tricks might be said in an unsustainable way: if they are not willing to fund the political
institutional environment (such as schools, hospitals, the police and the justice system), they erode one of
the key institutional bases of their corporate success.
2.3 Social perspectives
The key issue in the social perspective on sustainability is that of social justice. Despite the impressive
advances in standards of living that many of us have enjoyed, the United Nations 2005 Report on the
Wood Social Situation identified persistent and deepening inequality across the globe. With 80 percent of
the wood’s gross domestic product belonging to the 1 billion people living in the developed world and the
remaining 20 percent shared by the 5 billion people living in developing countries, the report suggested
that 'failure to address this inequality predicament will ensure that social justice and better living
conditions for all people remain elusive, and that communities, countries and regions remain vulnerable to
social, political and economic turmoil'.
3. Accounting for sustainability
3.1 Background
The policy impetus for full cost accounting (FCA) comes from the call from the European Commission's
Fifth Action Programmed (subtitled Towards Sustainability), for the accountancy profession to develop
FCA so that 'the consumption and use of environmental resources are accounted for as part of the full
cost of production and reflected in market prices'.
FCA is thus an accounting tool that seeks to identify all external environmental costs (and benefits)
associated with a particular activity and to incorporate this information in decision-making processes. The
assumption underlying the desire for FCA is that if one were to account for externalities then society could
be better informed as to which decisions would be more likely to make sustainable development
achievable.
3.2 The approach
To undertake FCA, four generic steps are necessary for each exercise. These are:
- 85 -
(a) Define the object of the FCA exercise (be it a product, process a part or whole of an organization);
(b) Determine the scope of the FCA exercise (that is, where the boundary of the analysis will be);
(c) Identify and measure external impacts in physical terms and
(d) Monetize the external impacts
3.3 The limitations
(a) FCA requires substantial amounts of physical data about the object of the exercise and requires
extensive modeling of complex real world relationships.
(b) The main conceptual issue that arises with FCA is deciding how to monetize externalities. Moreover,
different approaches to monetization may often result in different conclusions being drawn from an FCA
exercise.
3.4 The benefits of undertaking FCA
FCA highlights that some externalities can be eliminated by the redesign of production processes or by
organisations operating differently.
4. Environmental management and audit scheme (EMAS)
The European Union's EMAS was adopted in 1993 and relied on 'market forces' to encourage businesses
to improve their environmental protection measures. The idea was that companies who registered for the
scheme and who, as a result, were permitted to use the eco-logo, were rewarded by the various corporate
stakeholders. Under the EMAS scheme, companies are encouraged to:
(a) Set their own objective for environmental performance and develop management systems which
would achieve those objectives;
(b) Initiate a pattern of eco-auditing to assess their environmental performance and to provide the
information needed to develop their environmental management systems;
(c) Show commitment to externally validated assessment of their progress in meeting these objectives;
and make information available to the public in a concise, comprehensive form.
As far as making information available to the public was concerned, the EMAS regulation required that
the environmental statement should include, in particular:
(a) A description of the company's activities at the site considered
(b) An assessment of all the significant environmental issues of relevance to the activities concerned;
(c) A presentation of the company's environmental policy, program and management system implemented
at the site concerned;
- 86 -
(d) The deadline set for submission of the next statement;
(e) A summary on the figures on pollutant emissions, waste generation consumption of raw material,
energy, water, noise;
(f) Other significant environmental aspects as appropriate, as well as other factors regarding
environmental performance; and
(g) Companies were also required to draw attention to significant changes since the previous statement.
(h)The name of the accredited environmental verifier
4.2 ISO 14000 certification
The ISO 14001 2004 standard requires a company to:
(a) Develop an environmental policy for the organization
(b) Establish an environmental management system (EMS)
(c) Identify the most significant aspects of the organization's past, present and future activities, products
and services
(d) Clarify and respect the legal and other requirements that apply to the organization's environmental
aspects
(e) Set environmental objectives and targets for all relevant functions and levels within the organization
(f) Create programs to implement the organization's environmental policy and achieve the environmental
objectives and targets
(e) Evaluate the environmental management system in order to identify opportunities for improvement
5. Social and environmental audit
5.1 What is Assurance?
Assurance is an evaluation method that uses a specified set of principles and standards to assess the
qualify of an organization’s subject matter and the underlying systems, processes and competencies that
underpin its performance.
5.2 Stages in an environmental audit
Environmental auditing contains three stages:
(a) The first stage is agreeing and establishing the metrics involved and deciding on what environmental
measures will be included in the audit. This selection is important because it will determine what will be
measured against, how costly the audit will be and how likely it is that the company will be criticised for
‘window dressing’ or ‘greenwashing’.
- 87 -
(b) The second stage is measuring actual performance against the metrics set in the first stage. The
means of measurement will usually depend upon the metric being measured.
(c) The third stage is reporting the levels of compliance or variances. The issue here is how to report the
information and how widely to distribute the report.