Appendix 5A: Identifying Risks and Implementing Controls

5A.10. Corporate Governance Risk and Controls

Corporate governance management encompasses the frameworks, policies, and processes by which corporations are controlled and directed. It balances the interests of an organization’s many stakeholders, such as shareholders, management, customers, suppliers, financiers, government, and the community. Effective corporate governance management ensures accountability, fairness, and transparency in a company’s relationship with its stakeholders. The primary activities in this process include:

  1. Establishing Governance Frameworks: This involves setting up structures and policies that define the distribution of rights and responsibilities among different participants in the corporation, including the board of directors, managers, shareholders, and other stakeholders. It includes the creation of bylaws, corporate ethics codes, and policies on corporate social responsibility.
  2. Board Composition and Development: Selecting, educating, and evaluating the board of directors to ensure they possess the skills, knowledge, and experience necessary to oversee the company’s affairs. This includes ensuring a diverse and independent board composition that provides strategic guidance and oversight.
  3. Strategic Oversight: The board’s role in developing and implementing the organization’s strategic plans. This includes setting corporate objectives and risk management policies and ensuring strategies align with stakeholders’ interests.
  4. Risk Management and Internal Controls: Establishing processes to identify, manage, and mitigate organizational risks. This involves implementing internal controls to safeguard the company’s assets, ensuring accurate financial reporting, and compliance with laws and regulations.
  5. Financial and Operational Reporting: Ensuring the accuracy, completeness, and timeliness of corporate reporting. This includes financial reporting and reporting on the company’s operations, governance practices, and environmental and social impacts.
  6. Shareholder and Stakeholder Engagement: Developing and maintaining effective communication and engagement with shareholders and other stakeholders. This involves regular communication of the company’s performance and governance practices and how they address various economic, environmental, and social issues.
  7. Executive Compensation: Designing compensation policies for senior executives and board members that align their interests with the company’s and its shareholders’ long-term objectives. This includes salary, bonuses, stock options, and other benefits tied to performance metrics.
  8. Ensuring Legal and Ethical Integrity: Implementing policies and practices that promote legal compliance and ethical behaviour throughout the organization. This includes compliance programs, whistleblower policies, and ethics training for employees.
  9. Monitoring and Evaluation: Regularly reviewing and assessing the effectiveness of governance policies and practices. This includes evaluating the performance of the board, its committees, and individual directors and the effectiveness of governance practices in achieving strategic objectives and compliance.

Let’s review the top risk related to corporate governance and its impact on the organization. We will also take an inventory of the top preventive, detective, corrective, and accounting controls related to this risk.

Regulatory Non-Compliance

Risk Impact

Legal sanctions, fines, reputational damage, and loss of stakeholder trust. Non-compliance with corporate governance regulations, such as SOX, GDPR, or SEC requirements, can result in financial penalties, legal liabilities, and damage to the organization’s reputation and credibility, undermining stakeholder trust and investor confidence in the company’s governance practices and leadership.

Preventive Controls

  • Regulatory Compliance Program: Establishing a comprehensive regulatory compliance program, including policies, procedures, and controls, to monitor, assess, and ensure adherence to applicable corporate governance regulations, standards, and reporting requirements to mitigate risks of non-compliance, penalties, and reputational harm.
  • Compliance Training and Awareness: Providing regular training, awareness programs, and educational resources to board members, executives, and employees on corporate governance principles, regulatory obligations, and ethical standards to promote a culture of compliance, accountability, and moral conduct throughout the organization and enhance the effectiveness and integrity of a company’s governance practices.

Detective Controls

  • Compliance Monitoring and Reporting: Implementing monitoring mechanisms, reporting processes, and governance frameworks to track and report on compliance with corporate governance regulations, guidelines, and best practices, including regular board oversight, committee reviews, and management certifications to provide transparency, accountability, and assurance to stakeholders and regulatory authorities regarding the organization’s governance practices and compliance efforts.
  • Whistleblower Hotline and Reporting: Establishing a confidential whistleblower hotline, reporting channels, or anonymous reporting mechanisms for employees, stakeholders, and third parties to raise concerns, report misconduct, or disclose violations of corporate governance standards, laws, or ethical principles and facilitate prompt investigation, resolution, and remediation of reported issues to prevent potential non-compliance, misconduct, or governance failures.

Corrective Controls

  • Compliance Risk Mitigation: Implementing risk mitigation strategies, controls, and measures to address identified compliance risks, vulnerabilities, or gaps in corporate governance practices, including policy enhancements, process improvements, or technology solutions, to reduce the likelihood and impact of non-compliance incidents, regulatory violations, or governance failures and uphold the organization’s reputation, integrity, and trustworthiness.
  • Governance Oversight and Review: Strengthening governance oversight mechanisms, board structures and committee charters to enhance governance effectiveness, independence, and transparency, including regular board evaluations, committee assessments, and director independence reviews, to ensure proper governance practices, ethical conduct and accountability throughout the organization and foster stakeholder confidence and trust in the governance process.
  • Regulatory Remediation and Enforcement Response: Developing and implementing remediation plans, corrective actions, and enforcement response strategies to address regulatory findings, violations, or enforcement actions related to corporate governance matters, including corrective measures, process improvements, or governance reforms, to mitigate legal, financial, and reputational risks and restore compliance with regulatory requirements and expectations.

Accounting Controls

  • Regulatory Compliance Reporting: Documenting and reporting on activities dealing with compliance with corporate governance, outcomes of regulatory filings, annual reports, and governance disclosures to provide stakeholders, investors, and regulatory authorities with transparency, insight, and assurance regarding the organization’s commitment to excellence in corporate governance, compliance with accountability regulations, and ethical leadership standards.
  • Governance Risk Disclosure: Disclosing material governance risks, uncertainties, and vulnerabilities in regulatory filings, risk management reports, and investor communications to enhance transparency, risk awareness, and governance oversight and facilitate informed decision-making by stakeholders and investors regarding governance-related matters and risks impacting the organization’s performance, reputation, and long-term value creation.
  • Compliance Certification and Attestation: Obtaining independent certifications, attestations, or assurance reports from external auditors or regulatory agencies regarding compliance with corporate governance controls and adherence to ethical standards provide assurance, validation, and credibility to stakeholders, investors, and regulators regarding the organization’s governance practices, integrity, and commitment to regulatory compliance and ethical conduct.

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Internal Auditing: A Practical Approach Copyright © 2024 by Amit M. Mehta is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book