Le rôle du conseil d’administration dans les procédures de conformité
Voici un cas de gouvernance, publié en décembre sur le site de Julie Garland McLellan* qui illustre comment la direction d’une société publique peut se retrouver en situation d’irrégularité malgré une culture du conseil d’administration axée sur la conformité.
L’investigation du vérificateur général (VG) a révélé plusieurs failles dans les procédures internes de la société. De ce fait, Kyle le président du comité d’audit, risque et conformité, est interpellé par le président du conseil afin d’aider la direction à trouver des solutions durables pour remédier à la situation.
Même si Kyle est conscient qu’il ne possède pas l’autorité requise pour régler les problèmes constatés par le VG, il comprend qu’il est impératif que son message passe.
Le cas présente la situation de manière assez succincte, mais explicite ; puis, trois experts en gouvernance se prononcent sur le dilemme qui se présente aux personnes qui vivent des situations similaires.
Bonne lecture ! Vos commentaires sont toujours les bienvenus.
Kyle is chairman on the Audit, Risk and Compliance committee of a government authority board which is subject to a Public Access to Information Act. The auditor general has just completed an audit of several authorities bound by that Act and Kyle’s authority was found to have several breeches of the Act, in particular;
– some contracts valued at $150,000 or more were not recorded in the contracts register
– some contracts were not entered into the register within 45 working days of the contracts becoming effective
– there were instances where inaccurate information was recorded in the register when compared with the contracts, and
– additional information required for certain classes of contracts was not disclosed in some registers.
The Board Chairman is rightly concerned that this has happened in what all directors believed to be a well governed authority with a strong culture of compliance. The Board Chairman has asked Kyle to oversee management’s response to the Auditor General and the development of systems to ensure that these breeches do not reoccur. Kyle is mindful that he remains a non-executive and has no authority within the chain of management command. He is keen to help and knows that the CEO is struggling with the complexity of her role and will need assistance with any increase in workload.
How can Kyle help without getting embroiled in management affairs?
The issue I spot here, is one which I’ve encountered myself – as a seasoned professional, you have the internal urge to roll your sleeves and get right into it, and solve the problem. From the details disclosed in this dilemma, there’s evidence that the authority’s internal culture is compliant, therefore it’s hard to believe there’s foul play which caused these discrepancies in the reports. I would have guessed that there are some legacy processes, or even old technology, which needs to be looked at and discover where the gap is.
The CEO is under immense pressure to fix this issue, being exposed to public scrutiny, but with the government’s limited resources at her disposal, the pressure is even higher. Making decisions under such pressure, especially when a board member, the chair of the Audit, Risk and Compliance Committee is looking over her shoulder, will likely to force her to make mistakes.
Kyle’s dilemma is simple to explain, but more delicate to handle: « How do I fix this, without sticking my nose into the operations? »
As a NED, what Kyle needs to be is a guide to the CEO, providing a calm and supportive environment for the CEO to operate in. Kyle needs to consult with the CEO, and get her on side, to ensure she’ll devote whichever resources she does have, to deal with this issue. This won’t be a Band-Aid solution, but a solution which will require collaboration of several parts of the organisations, orchestrated by the CEO herself.
Raz Chorev is Partner at Orange Sky and Managing Director at CXC Global. He is based in Sydney, Australia.
The Auditor General has asked management to respond and board oversight of management should be done by and through the CEO.
Kyle cannot help without putting his fingers (or intellect) into the organisation. To do that without causing upset he will need to inform the CEO of the Chairman’s request, offer to help and make sure that he reports to her before he reports elsewhere. Handled sensitively the CEO, who appears to be struggling, should welcome any assistance with the task. Handled insensitively this could be a major issue because the statutory definitions of directors’ roles in public sector companies are less fluid than those in the private sector.
Kyle should also take this as a wake-up call – he assumes a culture of compliance and good governance but that is obviously not correct. The audit committee should regularly review the regulatory and legislative compliance framework and verify that all is as it should be; that has clearly not happened and Kyle should work with the company secretary or chief compliance/legal officer to review the entire framework and make sure nothing else is missing from the regular schedule of reviews. The committee must ask for what it needs to oversight effectively not just read what they are given.
The prevailing attitude should be one of thankfulness that the issue has been found and can be corrected. If Kyle detects a cultural rejection of the need to comply and cooperate with the AG in establishing good governance then Kyle must report to the whole board so remedial action can be planned.
Once management have responded to the AG with their proposed actions to remedy the matter. The audit committee should review to check that the actions have been implemented and that they effectively lead to compliance with the requirements. Likely remedies include amending the position descriptions of staff doing tendering or those setting up vendors in the payments system to include entry of details to the register, training in compliance, design of an internal audit system for routine review of registers and comparison to workloads to ensure that nothing has ‘dropped between the cracks’, and regular reporting of register completion and audit to the board audit committee.
The Audit Risk and Compliance Committee (« Committee ») is to assist the Board in fulfilling its corporate governance and oversight responsibilities in relation to the bodies’ financial reporting, internal control structure, risk management systems, compliance and the external audit function.
The external auditors are responsible for auditing the bodies’ financial reports and for reviewing the unaudited interim financial reports. The Financial Management and Accountability Act 1997 calls for auditing financial statements and performance reviews by the Auditor General.
As Committee Chairman Kyle must be independent and must have leadership experience and a strong finance, accounting or business background. So too must the CEO and CFO have appropriate and sufficient qualifications, knowledge, competence, experience and integrity and other personal attributes to undertake their roles.
It should be the responsibility of the Committee to maintain free and open communication between the Committee, external auditors and management. The Committee’s function is principally oversight and review.
The appointment and ongoing assessment, mentoring and discipline of the CEO rests with the board but the delegation of this authority in relation to compliance often rests with the Committee and Board Chairs.
Kyle may invite members of management (CFO and maybe the CEO) or others to attend meetings and the Committee should have authority, within the scope of its responsibilities, to seek information it requires, and assistance from any employee or external party. Inviting the CFO and or CEO to the Committee allows visibility and a holistic and independent forum where deficiencies may be isolated and functions (but not responsibility) delegated to others.
There is a disconnect or deficiency in one or more functions; Kyle should ensure that the Committee holistically review its own charter, discuss with management and the external auditors the adequacy and effectiveness of the internal controls and reporting functions (including the Bodies’s policies and procedures to assess, monitor and manage these controls), as well as a review of the internal quality control procedures (because these are also suspected to be deficient).
It will rapidly become apparent to management, the Committee, Kyle, the board and the Chairman where the deficiencies lie or did lie, and how they have been corrected. Underlying behavioural problems and or abilities to function will also become apparent and with these appropriately addressed similar deficiencies in other areas of the body may be contemporaneously corrected and all reported to the Auditor General.
Sean Rothsey is Chairman and Founder of the Merkin Group. He is based in Cooroy, Queensland, Australia.