Voici la troisième édition d’un document australien de KPMG, très bien conçu, qui répond clairement aux questions que tous les administrateurs de sociétés se posent dans le cours de leurs mandats.
Même si la publication est dédiée à l’auditoire australien de KPMG, je crois que la réalité réglementaire nord-américaine est trop semblable pour se priver d’un bon « kit » d’outils qui peut aider à constituer un Board efficace.
C’est un formidable document électronique interactif de 182 pages. Voyez la table des matières ci-dessous.
J’ai demandé à KPMG de me procurer une version française du même document mais il ne semble pas en exister.
Our business environment provides an ever-changing spectrum of risks and opportunities. The role of the director continues to be shaped by a multitude of forces including economic uncertainty, larger and more complex organisations, the increasing pace of technological innovation and digitisation along with a more rigorous regulatory environment.
At the same time there is more onus on directors to operate transparently and be more accountable for their actions and decisions.
To support directors in their challenging role, KPMG has created an interactive Directors’ Toolkit. Now in its third edition, this comprehensive guide is in a user friendly electronic format. It is designed to assist directors to more effectively discharge their duties and improve board performance and decision-making.
Key topics
Duties and responsibilities of a director
Oversight of strategy and governance
Managing shareholder and stakeholder expectations
Structuring an effective board and sub-committees
Enabling key executive appointments
Managing productive meetings
Better practice terms of reference, charters and agendas
Establishing new boards.
What’s New
In this latest version, we have included newly updated sections on:
Roles, responsibilities and expectations of directors of not-for-profit organisations
Risks and opportunities social media presents for directors and organisations
Key responsibilities of directors for overseeing investment governance, operations and processes.
Aujourd’hui, je vous propose la lecture d’un article paru dans la revue European Journal of Risk Regulation (EJRR) qui scrute le scandale de Volkswagensous l’angle juridique, mais, surtout, sous l’angle des manquements à la saine gouvernance.
Le texte se présente comme un cas en gouvernance et en management. Celui-ci devrait alimenter les réflexions sur l’éthique, les valeurs culturelles et les effets des pressions excessives à la performance.
Vous trouverez, ci-dessous, l’intégralité de l’article avec le consentement de l’auteure. Je n’ai pas inclus les références, qui sont très abondantes et qui peuvent être consultées sur le site de la maison d’édition lexxion.
Like some other crises and scandals that periodically occur in the business community, the Volkswagen (“VW”) scandal once again highlights the devastating consequences of corporate misconduct, once publicly disclosed, and the media storm that generally follows the discovery of such significant misbehaviour by a major corporation. Since the crisis broke in September 2015, the media have relayed endless détails about the substantial negative impacts on VW on various stakeholder groups such as employees, directors, investors, suppliers and consumers, and on the automobile industry as a whole (1)
The multiple and negative repercussions at the economic, organizational and legal levels have quickly become apparent, in particular in the form of resignations, changes in VW’s senior management, layoffs, a hiring freeze, the end to the marketing of diesel-engined vehicles, vehicle recalls, a decline in car sales, a drop in market capitalization, and the launching of internal investigations by VW and external investigations by the public authorities. This comes in addition to the threat of numerous civil, administrative, penal and criminal lawsuits and the substantial penalties they entail, as well as the erosion of trust in VW and the automobile industry generally (2).
FILE PHOTO: Martin Winterkorn, chief executive officer of Volkswagen AG, reacts during an earnings news conference at the company’s headquarters in Wolfsburg, Germany, on Monday, March 12, 2012. Volkswagen said 11 million vehicles were equipped with diesel engines at the center of a widening scandal over faked pollution controls that will cost the company at least 6.5 billion euros ($7.3 billion). Photographer: Michele Tantussi/Bloomberg *** Local Caption *** Martin Winterkorn
A scandal of this extent cannot fail to raise a number of questions, in particular concerning the cause of the alleged cheating, liable actors, the potential organizational and regulatory problems related to compliance, and ways to prevent further misconduct at VW and within the automobile industry. Based on the information surrounding the VW scandal, it is premature to capture all facets of the case. In order to analyze inmore depth the various problems raised, we will have to wait for the findings of the investigations conducted both internally by the VW Group and externally by the regulatory authorities.
While recognizing the incompleteness of the information made available to date by VW and certain commentators, we can still use this documentation to highlight a few features of the case that deserve to be studied from the standpoint of corporate governance.
This Article remains relatively modest in scope, and is designed to highlight certain organizational factors that may explain the deviant behaviour observed at VW. More specifically, it submits that the main cause of VW’s alleged wrongdoing lies in the company’s ambitious production targets for the U.S. market and the time and budget constraints imposed on employees to reach those targets. Arguably, the corporate strategy and pressures exerted on VW’s employees may have led them to give preference to the performance priorities set by the company rather than compliance with the applicable legal and ethical standards. And this corporate misconduct could not be detected because of deficiencies in the monitoring and control mechanisms, and especially in the compliance system established by the company to ensure that legal requirements were respected.
Although limited in scope, this inquiry may prove useful in identifying means to minimize, in the future, the risk of similar misconduct, not only at VW but wihin other companies as well (3). Given the limited objectives of the Article, which focuses on certain specific organizational deficiencies at VW, the legal questions raised by the case will not be addressed. However, the Article will refer to one aspect of the law of business corporations in the United States, Canada and in the EU Member States in order to emphasize the crucial role that boards in publicly-held companies must exercise to minimize the risk of misconduct (4).
II. A Preliminary Admission by VW: Individual Misconduct by a few Software Engineers
When a scandal erupts in the business community following a case of fraud, embezzlement, corruption, the marketing of dangerous products or other deviant behaviour, the company concerned and the regulatory authorities are required to quickly identify the individuals responsible for the alleged misbehaviour. For example, in the Enron, WorldCom, Tyco and Adelphia scandals of the early 2000s, the investigations revealed that certain company senior managers had acted fraudulently by orchestrating accounting manipulations to camouflage their business’s dire financial situation (5).
These revelations led to the prosecution and conviction of the officers responsible for the corporations’ misconduct (6). In the United States, the importanace of identifying individual wrongdoers is clearly stated in the Principles of Federal Prosecutions of Business Organizations issued by the U.S. Department of Justice which provide guidelines for prosecutions of corporate misbehaviour (7). On the basis of a memo issued in 2015 by the Department of Justice (the “Yatesmemo”) (8), these principles were recently revised to express a renewed commitment to investigate and prosecute individuals responsible for corporate wrongdoing.While recognizing the importance of individual prosecutions in that context, the strategy is only one of the ways to respond to white-collar crime. From a prevention standpoint, it is essential to conduct a broader examination of the organizational environment in which senior managers and employees work to determine if the enterprise’s culture, values, policies, monitoring mechanisms and practices contribute or have contributed to the adoption of deviant behaviour (9).
In the Volkswagen case, the company’s management concentrated first on identifying the handful of individuals it considered to be responsible for the deception, before admitting few weeks later that organizational problems had also encouraged or facilitated the unlawful corporate behaviour. Once news broke of the Volkswagen scandal, one of VW’s officers quickly linked the wrongdoing to the actions of a few employees, but without uncovering any governance problems or misbehaviour at the VW management level (10).
In October 2015, the President and Chief Executive Officer of the VW Group in the United States, Michael Horn, stated in testimony before a Congressional Subcommittee: “[t]his was a couple of software engineers who put this for whatever reason » […]. To my understanding, this was not a corporate decision. This was something individuals did » (11). In other words, the US CEO considered that sole responsibility for the scandal lay with a handful of engineers working at the company, while rejecting any allegation tending to incriminate the company’s management.
This portion of his testimony failed to convince the members of the Subcommittee, who expressed serious doubts about placing sole blame on the misbehaviour of a few engineers, given that the problem had existed since 2009. As expressed in a sceptical response from one of the committee’s members: « I cannot accept VW’s portrayal of this as something by a couple of rogue software engineers […] Suspending three folks – it goes way, way higher than that » (12).
Although misconduct similar to the behaviour uncovered at Volkswagen can often be explained by the reprehensible actions of a few individuals described as « bad apples », the violation of rules can also be explained by the existence of organizational problems within a company (13).
III. Recognition of Organizational Failures by VW
In terms of corporate governance, an analysis of misbehaviour can highlight problems connected with the culture, values, policies and strategies promoted by a company’s management that have a negative influence on the behaviour of senior managers and employees. Considering the importance of the organizational environment in which these players act, regulators provide for several internal and external governance mechanisms to reduce the risk of corporate misbehaviour or to minimize agency problems (14). As one example of an internal governance mechanism, the law of business corporations in the U.S., Canada and the EU Member States gives the board of directors (in a one-tier board structure, as prescribed Under American and Canadian corporation law) and the management board and supervisory board (in a two tier board structure, as provided for in some EU Member States, such as Germany) a key role to play in monitoring the company’s activities and internal dealings (15). As part of their monitoring mission, the board must ensure that the company and its agents act in a diligent and honest way and in compliance with the regulations, in particular by establishing mechanisms or policies in connection with risk management, internal controls, information disclosure, due diligence investigation and compliance (16).
When analysing the Volkswagen scandal from the viewpoint of its corporate governance, the question to be asked is whether the culture, values, priorities, strategies and monitoring and control mechanisms established by the company’s management board and supervisory board – in other words « the tone at the top »-, created an environment that contributed to the emergence of misbehaviour (17).
In this saga, although the initial testimony given to the Congressional Subcommittee by the company’s U.S. CEO, Michael Horn, assigned sole responsibility to a small circle of individuals, « VW’s senior management later recognized that the misconduct could not be explained simply by the deviant behaviour of a few people, since the evidence also pointed to organizational problems supporting the violation of regulations (18). In December 2015, VW’s management released the following observations, drawn from the preliminary results of its internal investigation:
« Group Audit’s examination of the relevant processes indicates that the software-influenced NOx emissions behavior was due to the interaction of three factors:
– The misconduct and shortcomings of individual employees
– Weaknesses in some processes
– A mindset in some areas of the Company that tolerated breaches of rules » (19).
Concerning the question of process,VW released the following audit key findings:
« Procedural problems in the relevant subdivisions have encouraged misconduct;
Faults in reporting and monitoring systems as well as failure to comply with existing regulations;
IT infrastructure partially insufficient and antiquated. » (20)
More fundamentally, VW’s management pointed out at the same time that the information obtained up to that point on “the origin and development of the nitrogen issue […] proves not to have been a one-time error, but rather a chain of errors that were allowed to happen (21). The starting point was a strategic decision to launch a large-scale promotion of diesel vehicles in the United States in 2005. Initially, it proved impossible to have the EA 189 engine meet by legal means the stricter nitrogen oxide requirements in the United States within the required timeframe and budget » (22).
In other words, this revelation by VW’s management suggests that « the end justified the means » in the sense that the ambitious production targets for the U.S. market and the time and budget constraints imposed on employees encouraged those employees to use illegal methods in operational terms to achieve the company’s objective. And this misconduct could not be detected because of deficiencies in the monitoring and control mechanisms, and especially in the compliance system established by the company to ensure that legal requirements were respected. Among the reasons given to explain the crisis, some observers also pointed to the excessive centralization of decision-making powers within VW’s senior management, and an organizational culture that acted as a brake on internal communications and discouraged mid-level managers from passing on bad news (23).
IV. Organizational Changes Considered as a Preliminary Step
In response to the crisis, VW’s management, in a press release in December 2015, set out the main organizational changes planned to minimize the risk of similar misconduct in the future. The changes mainly involved « instituting a comprehensive new alignment that affects the structure of the Group, as well as is way of thinking and its strategic goals (24).
In structural terms, VW changed the composition of the Group’s Board of Management to include the person responsible for the Integrity and Legal Affairs Department as a board member (25). In the future, the company wanted to give « more importance to digitalization, which will report directly to the Chairman of the Board of Management, » and intended to give « more independence to brand and divisions through a more decentralized management (26). With a view to initiating a new mindset, VW’s management stated that it wanted to avoid « yes-men » and to encourage managers and engineers « who are curious, independent, and pioneering » (27). However, the December 2015 press release reveals little about VW’s strategic objectives: « Strategy 2025, with which Volkswagen will address the main issues for the future, is scheduled to be presented in mid 2016 » (28).
Although VW’s management has not yet provided any details on the specific objectives targeted in its « Strategy 2025 », it is revealing to read the VW annual reports from before 2015 in which the company sets out clear and ambitious objectives for productivity and profitability. For example, the annual reports for 2007, 2009 and 2014 contained the following financial objectives, which the company hoped to reach by 2018.
In its 2007 annual report,VW specified, under the heading « Driving ideas »:
“Financial targets are equally ambitious: for example, the Volkswagen Passenger Cars brand aims to increase its unit sales by over 80 percent to 6.6 million vehicles by 2018, thereby reaching a global market share of approximately 9 percent. To make it one of the most profitable automobile companies as well, it is aiming for an ROI of 21 percent and a return on sales before tax of 9 percent.” (29).
Under the same heading, VW stated in its 2009 annual report:
“In 2018, the Volkswagen Group aims to be the most successful and fascinating automaker in the world. […] Over the long term, Volkswagen aims to increase unit sales to more than 10 million vehicles a year: it intends to capture an above-average share as the major growth markets develop (30).
And in its 2014 annual report, under the heading « Goals and Strategies », VW said:
“The goal is to generate unit sales of more than 10 million vehicles a year; in particular, Volkswagen intends to capture an above-average share of growth in the major growth markets.”
Volkswagen’s aim is a long-term return on sales before tax of at least 8% so as to ensure that the Group’s solid financial position and ability to act are guaranteed even in difficult market periods (31).
Besides these specific objectives for financial performance, the annual reports show that the company’s management recognized, at least on paper, the importance of ensuring regulatory compliance and promoting corporate social responsibility (CSR) and sustainability (31). However, after the scandal broke in September 2015, questions can be asked about the effectiveness of the governance mechanisms, especially of the reporting and monitoring systems put in place by VW to achieve company goals in this area (33). In light of the preliminary results of VW’s internal investigation (34), as mentionned above, it seems that, in the organizational culture, the commitment to promote compliance, CSR and sustainability was not as strong as the effort made to achieve the company’s financial performance objectives.
Concerning the specific and challenging priorities of productivity and profitability established by VW’s management in previous years, the question is whether the promotion of financial objectives such as these created a risk because of the pressure it placed on employees within the organizational environment. The priorities can, of course, exert a positive influence and motivate employees to make an even greater effort to achieve the objectives (35). On the other hand, the same priority can exert a negative influence by potentially encouraging employees to use all means necessary to achieve the performance objectives set, in order to protect their job or obtain a promotion, even if the means they use for that purpose contravene the regulations. In other words, the employees face a « double bind » or dilemma which, depending on the circumstances, can lead them to give preference to the performance priorities set by the company rather than compliance with the applicable legal and ethical standards.
In the management literature, a large number of theoretical and empirical studies emphasize the beneficial effects of the setting of specific and challenging goals on employee motivation and performance within a company (36). However, while recognizing these beneficial effects, some authors point out the unwanted or negative side effects they may have.
As highlighted by Ordóñez, Schweitzer, Galinsky and Bazerman, specific goal setting can result in employees focusing solely on those goals while neglecting other important, but unstated, objectives (37). They also mention that employees motivated by « specific, challenging goals adopt riskier strategies and choose riskier gambles than do those with less challenging or vague goals (38). As an additional unwanted side effet, goal setting can encourage unlawful or unethical behaviour, either by inciting employees to use dishonest methods to meet the performance objectives targeted, or to “misrepresent their performance level – in other words, to report that they met a goal when in fact they fell short (39). Based on these observations, the authors suggest that companies should set their objectives with the greatest care and propose various ways to guard against the unwanted side effects highlighted in their study. This approach could prove useful for VW’s management which will once again, at some point, have to define its objectives and stratégies.
V. Conclusion
In the information released to the public after the emissions cheating scandal broke, as mentioned above, VW’s management quickly stated that the misconduct was directly caused by the individual misbehaviour of a couple of software engineers. Later, however, it admitted that the individual misconduct of a few employees was not the only cause, and that there were also organizational deficiencies within the company itself.
Although the VW Group’s public communications have so far provided few details about the cause of the crisis, the admission by management that both individual and organizational failings were involved constitutes, in our opinion, a lever for understanding the various factors that may have led to reprehensible conduct within the company. Based on the investigations that will be completed over the coming months, VW’s management will be in a position to identify more precisely the nature of these organizational failings and to propose ways to minimize the risk of future violations. During 2016, VW’s management will also announce the objectives and stratégies it intends to pursue over the next few years.
Voici un article de Sean J. Griffith, professeur de droit à la Fordham Law School, paru sur le forum du Harvard Law School qui montre toute l’importance que revêt aujourd’hui la gouvernance de « conformité ».
Bien entendu, le rôle des autorités réglementaires, ainsi que les nombreuses législations affectant la gouvernance des entreprises, sont des facteurs contribuant à l’accroissement du fardeau de la conformité.
On peut difficilement imaginer que les pressions à la conformité iront en diminuant. Les entreprises s’adaptent donc aux nouvelles exigences en créant de nouveaux départements dirigés par des chefs de la conformité (Chief Compliance Officer). L’article analyse les effets positifs et négatifs de ce virage.
En ce qui me concerne, je pense que l’on doit faire de grands efforts pour simplifier la gestion de conformité, car il me semble que celle-ci prend une place beaucoup trop importante.
Much of what scholars and practitioners think of as core corporate governance—the oversight and control of internal corporate affairs— is now being subsumed by “compliance.” Although compliance with law and regulation is not a new idea, the establishment of an autonomous department within firms to detect and deter violations of law and policy is. American corporations are at the dawn of a new era: the era of compliance.
Over the past decade, compliance has blossomed into a thriving industry, and the compliance department has emerged, in many firms, as the co-equal of the legal department. Compliance is commonly headed by a Chief Compliance Officer (CCO) with a staff, in large firms, of hundreds or thousands. Moreover, although the CCO reports to the board, compliance is not wholly subordinate to the board. Boards cannot neglect the compliance function or choose not to install and maintain the function on par with industry peers. Furthermore, once compliance officers generate information through monitoring and surveillance, it is beyond a reasonable board’s authority to stop them. Compliance is thus under the board, but its authority comes from somewhere else.
Unlike other governance structures, the origins of compliance are exogenous to the firm. The impetus for compliance does not come from a traditional corporate constituency. It does not come from shareholders, managers, employees, creditors, or customers. It comes from the government. Compliance is a de facto government mandate imposed upon firms by means of ex ante incentives, ex post enforcement tactics, and formal signaling efforts. Moreover, in imposing compliance on firms, the government is not simply making rules that firms must follow, as it does when it passes new laws and regulations, nor is it adjusting its traditional tools—the amount of enforcement and the size of sanctions—to assure compliance with existing law and regulation. Instead, through compliance, the government dictates how firms must comply, imposing specific governance structures expressly designed to change how the firm conducts its business.
At the level of theory, the contemporary compliance function subverts the notion that corporate governance arrangements both are and ought to be the product of a bargain between shareholders and managers. Compliance rewrites Ronald Coase’s famous passage on the internal organization of firms. Compliance officers come into an organization not necessarily (or not entirely) at the behest of an “entrepreneur-co-ordinator, who directs production,” but rather pursuant to the directive of a government enforcer. Seen through the prism of compliance, the corporation no longer resembles a nexus of contracts but rather a real entity, subject to punishment and rehabilitation at the pleasure of a sovereign. Compliance thus rejects mainstream accounts of the firm in favor of a much older theoretical account.
Moreover, because government interventions in compliance come not through the traditional levers of state corporate or federal securities law, but rather through prosecutions and regulatory enforcement actions, a different set of interests and incentives are at play. Compliance questions arise over what purpose or purposes the firm should serve and revives the “other constituencies” debate. Compliance also raises the question whether the authorities pressing for corporate reforms have the right incentives and the right information to do so. If they do not, the development of compliance may merely result in the imposition of inefficient governance structures on firms.
My article, Corporate Governance in an Era of Compliance, recently published in the William & Mary Law Review, aims to provide a comprehensive account of the compliance function and the various ways in which it challenges corporate law orthodoxy. It launches compliance as a field of inquiry for scholars of corporate law and corporate governance by pairing a thorough descriptive account of the contemporary compliance function with a normative account of the ways in which compliance challenges settled theories of the firm and upsets the political economy of corporate governance.
Compliance begs foundational questions of what the firm is and who the author of corporate governance arrangements ought to be. There is a way out of these uncomfortable questions—by limiting the government’s ability to impose compliance reforms through enforcement or by mandating disclosure of firms’ compliance arrangements—but we may not want to set these issues aside so quickly. The fundamental goal of the Article is thus to start the scholarly conversation on compliance and corporate governance, to raise the issues and problems posed by the contemporary compliance function without necessarily solving them. The Article therefore seeks to provoke scholarly debate and provide a framework for prosecutors, policymakers, and scholars of corporate law and corporate governance to engage the question of compliance.
Dans ce billet, je fais référence à un très bon article de Richard Leblanc, paru récemment dans CanadianBusiness.com, qui met l’accent sur la sensibilisation du Conseil à l’importance accrue du contrôle interne dans les OBNL.
L’auteur donne quelques bons exemples d’organisations où le contrôle interne a été défaillant et il montre que les OBNL sont particulièrement vulnérables à des malversations, surtout lorsque l’on sait que le contrôle interne est à peu près inexistant !
C’est la responsabilité du conseil d’administration de s’assurer que les bons contrôles sont en place. L’intérêt public l’exige !
« Non-profit and charitable organizations have stretched resources, which makes them particularly vulnerable to fraudsters. The Salvation Army is currently going through such a situation after a whistleblower informed the organization that $2 million in donated toys had disappeared from—or wasn’t delivered to—their main warehouse in north Toronto over roughly two years ».
Voici un article récemment publié dans The Economist, qui met en évidence les énormes faiblesses de la gouvernance corporative de Valeant, l’un des « fleurons » de l’industrie pharmaceutique canadienne.
Selon le magazine, il s’agit du plus désastreux constat d’échec d’une firme cotée à la bourse de New York depuis la faillite de Lehman Brothers en 2008 !
À part un modèle d’affaires déficient et douteux, quelles sont les leçons à tirer pour les conseils d’administration de sociétés publiques ?
Les auteurs insistent sur les problèmes de contrôle interne, la faiblesse notoire du conseil d’administration, les interventions opportunistes des actionnaires activistes, notamment Jeffrey Ubben de ValueAct et Bill Ackman de Pershing Square, qui détiennent quatre des douze sièges du conseil d’administration. À lui seul Pershing Square détient 9 % des actions et son président Bill Ackman vient de joindre le CA.
Vous trouverez, ci-dessous, le paragraphe introductif de l’article paru dans The Economist.
Until recently, America hadn’t had a spectacular corporate disaster since Lehman Brothers in 2008. But Valeant, a Canadian but New York-listed drug firm, now meets all of the tests: a bad business model, accounting problems, acquisitions, debt, an oddly low tax rate, a weak board, credulous analysts, and managers with huge pay packets and a mentality of denial. The result has been a $75 billion loss for shareholders and, possibly, a default on $31 billion of debt.
Je vous invite à lire la suite de cet article, notamment les trois leçons que nous devrions en retirer.
On March 21st Valeant announced that Michael Pearson, its CEO, was leaving.
Valeant’s business model was buying other drug firms, cutting costs and yanking up prices. Since 2010 it has done $35 billion of deals, mainly financed by debt. At a time when Americans face stagnant living standards, a strategy based on squeezing customers was bound to encounter political hostility—“I’m going after them,” Hillary Clinton has vowed.
Valeant added to this mix a tendency towards evasiveness. In October investigative reporters revealed its murky relationship with a drugs dispensary, Philidor, which it consolidated into its accounts yet did not control. The relationship was severed but the Securities and Exchange Commission is still investigating. Federal prosecutors are also looking into various of the company’s practices. On Christmas Eve Michael Pearson, Valeant’s CEO and architect, went into hospital with pneumonia. On February 28th Mr Pearson (total pay awarded of $55m since 2012, according to Bloomberg) returned to work, welcomed back by the chairman for his “vision and execution”.
The facts that have emerged in March suggest that Mr Pearson should have been fired. Profit targets have been cut by 24% compared with October’s. The accounts will be restated and the filing of an annual report delayed. The results released on March 15th contain neither a full cash-flow statement nor a balance-sheet, but it appears that Valeant has been generating only just enough cash to pay its $1.6 billion interest bill this year. As suppliers and customers get wary, its cashflow may fall, leading to a default.
There are three lessons. First, boards matter: the managers should have been removed in October. Second, disasters happen in plain sight. Valeant issued $1.45 billion of shares in March 2015, when 90% of Wall Street analysts covering its shares rated them a “buy”. Yet as early as 2014 a rival firm, Allergan, had made an outspoken attack on Valeant’s finances, the thrust of which has been proved correct.
The final lesson is that “activist” investors, who aim to play a hands-on role at the firms that they invest in, have no monopoly on wisdom. Jeffrey Ubben of ValueAct and Bill Ackman of Pershing Square both own chunks of Valeant and have supported it. Mr Ackman is at present trying to consolidate America’s railway system. Mr Ubben is trying to shake up Rolls-Royce, a British aerospace firm. After Valeant, why should anyone listen to what they say?
_____________________________
Pour en connaître davantage sur la société Valeant et sur le rôle des administrateurs :
Voici la troisième édition d’un document australien de KPMG, très bien conçu, qui répond clairement aux questions que tous les administrateurs de sociétés se posent dans le cours de leurs mandats.
Même si la publication est dédiée à l’auditoire australien de KPMG, je crois que la réalité réglementaire nord-américaine est trop semblable pour se priver d’un bon « kit » d’outils qui peut aider à constituer un Board efficace.
C’est un formidable document électronique interactif de 182 pages. Voyez la table des matières ci-dessous.
J’ai demandé à KPMG de me procurer une version française du même document mais il ne semble pas en exister.
Our business environment provides an ever-changing spectrum of risks and opportunities. The role of the director continues to be shaped by a multitude of forces including economic uncertainty, larger and more complex organisations, the increasing pace of technological innovation and digitisation along with a more rigorous regulatory environment.
At the same time there is more onus on directors to operate transparently and be more accountable for their actions and decisions.
To support directors in their challenging role, KPMG has created an interactive Directors’ Toolkit. Now in its third edition, this comprehensive guide is in a user friendly electronic format. It is designed to assist directors to more effectively discharge their duties and improve board performance and decision-making.
Key topics
Duties and responsibilities of a director
Oversight of strategy and governance
Managing shareholder and stakeholder expectations
Structuring an effective board and sub-committees
Enabling key executive appointments
Managing productive meetings
Better practice terms of reference, charters and agendas
Establishing new boards.
What’s New
In this latest version, we have included newly updated sections on:
Roles, responsibilities and expectations of directors of not-for-profit organisations
Risks and opportunities social media presents for directors and organisations
Key responsibilities of directors for overseeing investment governance, operations and processes.
Le billet d’aujourd’hui nous a été soumis par Patrice Bloch, ASC, fondateur du cabinet français Conseil Independia.
L’article paru en février 2016 dans le journal électronique Les échos.fr nous invite à réfléchir sur l’utilisation de logiciels performants pour détecter des erreurs dans les informations financières communiquées dans les rapports de gestion.
Voici donc l’article en question, reproduit ici avec la permission de l’auteur.
Vos commentaires sont appréciés. Bonne lecture !
Quand les algorithmes détectent les fausses informations financières
par
Patrice Bloch*
Des logiciels sont désormais capables de repérer des anomalies dans les informations financières communiquées par les entreprises
Le Big Data au quotidien. Il est maintenant constaté et admis que l’information est partout via notamment les diverses connexions que nous utilisons : internet, objets connectés…
Il s’est affiné depuis quelques années jusqu’à la lecture des bilans pour en dégager des modèles d’opinion sur les entreprises. D’une manière générale, l’information devient de plus en plus accessible de par l’analyse « industrielle » de documents au moyen d’ algorithmes adaptés .
Cette surenchère de robots a pour conséquence une évolution des moyens de surveillance des autorités financières notamment qui tentent de prévenir et/ou de déceler les manipulations de cours de bourse par exemple. Inversement, une entreprise peut être tentée d’utiliser un logiciel pour détecter un autre logiciel censeur, et ainsi satisfaire aux normes prescrites alors que le produit n’est pas conforme.
Les affaires financières qui ont éclaté au grand jour (Enron et consorts) ont paradoxalement affiché une communication financière répondant aux critères requis dans une parfaite conformité. De même, les conseils d’administration ainsi que les contrôleurs des comptes approuvaient les fausses situations affichées. Ce sont des détails qui ont mis à jour les scandales (notamment le hors bilan de Enron, un salarié qui révèle une manipulation par ailleurs…).
(2) Déceler les informations dissimulées
L’émergence du Big Data met à l’épreuve la communication financière des sociétés, car une masse d’information circule à leurs propos et n’est pas contrôlée par les protagonistes : salariés, dirigeants, fournisseurs, banques, journalistes, actionnaires, autres parties prenantes, environnement économique, géopolitique…
L’entreprise communique ses états financiers qui seront confrontés à une masse d’information via des algorithmes qui croiseront toutes ces données. Une information dissimulée pourrait être révélée incidemment par le truchement d’événements apparemment anodins dans un contexte géopolitique par exemple.
(3) Mieux choisir ses investissements
Les gendarmes boursiers sont équipés de logiciels capables de détecter des anomalies dans les informations émises. Les investisseurs, et notamment les activistes, recherchent continuellement l’information qui orientera le choix de l’investissement et ils sont très certainement à la fine pointe de l’élaboration de l’algorithme pertinent.
Actuellement, la société Muddy Waters est particulièrement active sur le cours de Casino. Sans se prononcer sur le bien-fondé de ses déclarations, il est fort probable que ce cabinet utilise, entre autres, des moyens de recherche d’information liés au Big Data. Inversement, cette démarche peut être gratifiante pour l’entreprise « vertueuse » qui n’est pas prise en défaut et qui peut donc faire l’objet de recommandations d’achat. Le Big data sera peut-être l’épreuve de vérité pour la communication financière qui passera sous les projecteurs des algorithmes.
_____________________________________
*Patrice Bloch est fondateur et PDG du cabinet de conseil INDEPENDIA, une société française indépendante, fondée en 2000. Près de 30 années d’expérience ont amené Patrice Bloch à concilier l’approche opérationnelle et conceptuelle dans différents domaines économiques à très haut niveau auprès de dirigeants, états-majors et conseils d’administration de sociétés cotées (notamment, CAC 40), et de PME de tailles importantes. De formation finance (Institut de Haute Finance de Paris – Master), ancien auditeur IHEDN (Institut des Hautes Études de la Défense nationale – Intelligence Économique), Patrice Bloch a effectué des recherches doctorales sur la gouvernance. Il est diplômé du Collège des Administrateurs de l’Université Laval de Québec (Canada) et détient le titre d’ASC (Administrateur de sociétés certifié).
Denis Lefort, CPA, expert-conseil en gouvernance, audit et contrôle, porte à ma connaissance un rapport de recherche de l’IIA qui concerne « les indicateurs de mesure de la performance des fonctions d’audit interne ».
Encore aujourd’hui, les indicateurs utilisés sont souvent centrés sur la performance en interne de la fonction et non sur son réel impact sur l’organisation.
Par exemple, peu de services d’audit interne évaluent leur performance par la réduction des cas de fraude dans l’entreprise, par une meilleure gestion des risques, etc.
On utilise plutôt les indicateurs habituels comme le taux de recommandations implantées, la réalisation du plan d’audit, etc.
Voici, ci-dessous, l’introduction au document de l’IIA. Pour consulter le rapport détaillé, cliquez sur le titre du document.
Bonne lecture. Vos commentaires sont les bienvenus
In 2010, The IIA recognized a need to capture a simple, memorable, and straightforward way to help internal auditors convey the value of their efforts to important stakeholders, such as boards of directors, audit committees, management, and clients. To that end, the association introduced the Value Proposition for Internal Auditing, which characterizes internal audit’s value as an amalgam of three elements: assurance, insight, and objectivity.
But identifying the conceptual elements of value is only part of what needs to be done. How does that construct look in the workplace? What activities does internal audit undertake that deliver the most value? What should be measured to determine that the organization’s expectations of value are being met? How does internal audit organize and structure the information that populates the metrics? And, most critically, do the answers to all these questions align; that is, does internal audit’s perception of its value, as measured and tracked, correlate with what the organization wants and needs from the internal audit function? (Exhibit 1)
Exhibit 1
The Internal Audit Value Proposition
1. ASSURANCE = Governance, Risk, Control
Internal audit provides assurance on the organization’s governance, risk management, and control processes to help the organization achieve its strategic, operational, financial, and compliance objectives.
2. INSIGHT = Catalyst, Analyses, Assessments
Internal audit is a catalyst for improving an organization’s effectiveness and efficiency by providing insight and recommendations based on analyses and assessments of data and business process.
With commitment to integrity and accountability, internal audit provides value to governing bodies and senior management as an objective source of independent advice.
These are the kinds of questions the CBOK 2015 global practitioner survey posed to chief audit executives (CAEs) from around the world. The activities these CAEs believe bring value to the organization are consistent with the three elements of The IIA’s value proposition. In fact, the nine activities identified by CAEs as adding the most value can be mapped directly to the three elements, as shown in exibit 2
However, in looking at the performance measures and tools used by the organization and the internal audit function, a gap appears to form between value-adding activities and the ways performance is measured. This report explores that gap in greater detail and clarifies the respondents’ view of value-adding activities, preferred performance measures, and the methodologies and tools most commonly used to support internal audit’s quality and performance processes. Where appropriate, responses tabulated by geographic regions and organization types are examined.
Finally, based on the findings, the final chapter of the report provides a series of practical steps that practitioners at all levels can implement to help their internal audit department deliver on its value proposition of assurance, insight, and objectivity.
Exhibit 2
The Internal Audit Value Proposition (mapped to response options from the CBOK Survey)
ASSURANCE ACTIVITIES
Assuring the adequacy and effectiveness of the internal control system
Assuring the organization’s risk management processes
Vous trouverez ci-dessous un document de référence publié par PwC et paru dans la série Audit Committee Excellence. Ce document, partagé par Denis Lefort, CPA, CIA, CRMA, expert-conseil en Gouvernance, audit et contrôle, apporte des réponses très complètes à plusieurs questions que les membres de conseils d’administration se posent eu égard au rôle de la fonction audit interne dans l’organisation.
1. Pourquoi la surveillance de l’audit interne est-elle critique pour les comités d’audit ?
2. Quel est le rôle des administrateurs dans l’optimisation des activités de l’audit interne ?
3. Comment aider l’audit interne à mieux définir sa mission ?
4. Quelles sont les lignes d’autorité et les besoins en ressources de cette activité ?
5. Quel est le processus de révision des résultats de l’audit interne ?
6. Que faire si votre entreprise ne possède pas une fonction d’audit interne ?
Ce document sera donc très utile à tout administrateur soucieux de parfaire ses connaissances sur le rôle très important qu’un service d’audit interne peut jouer.
Voici une introduction au rapport de PwC . Bonne lecture ! Vos commentaires sont les bienvenus.
The audit committee’s role is not getting any easier, but an audit committee has a lot of resources in its arsenal to help meet today’s high expectations. One of these tools is the internal audit function. Directors can, and should, focus on maximizing the value proposition of this group to ensure their own success.
A lot goes on in companies — and a lot can go wrong, even when you have good people and thoughtfully designed processes. That’s why so many audit committees look to internal audit as their eyes and ears — a way to check whether things are working as they should. Some companies staff the function internally, while others choose to outsource some or all of the role. Some do not have an internal audit function at all.
For many audit committees, overseeing internal audit isn’t just the right thing to do, it’s a requirement. At NYSE companies, audit committees have to oversee internal audit’s performance and periodically meet in private sessions. NASDAQ is currently considering whether to require its listed companies to have an internal audit function and what role audit committees should play.
Whether a required function or not, we believe it’s critical that audit committees focus on internal audit. Why? PwC’s 2014 State of the internal audit profession study found that about one-third of board members believe internal audit adds less than significant value to the company, and only 64% of directors believe internal audit is performing well at delivering expectations. Even Chief Audit Executives (CAEs) are critical of their functions’ performance, with just two-thirds saying it’s performing well.
On me demande souvent de proposer un livre qui fait le tour de la question eu égard à ce qui est connu comme statistiquementvalide sur les relations entre la gouvernance et le succès des organisations (i.e. la performance financière !)
Le volume publié par David F. Larckeret Brian Tayan, professeurs au Graduate School de l’Université Stanford, en est à sa deuxième édition et il donne l’heure juste sur l’efficacité des principes de gouvernance.
Je vous recommande donc vivement ce volume.
Également, je profite de l’occasion pour vous indiquer que je viens de recevoir la dernière version des Principes de gouvernance d’entreprise du G20 et de l’OCDEen français et j’ai suggéré au Collège des administrateurs de sociétés (CAS) d’inclure cette publication dans la section Nouveauté du site du CAS.
Il s’agit d’une publication très attendue dans le monde de la gouvernance. La documentation des organismes internationaux est toujours d’abord publiée en anglais. Ce document en français de l’OCDE sur les principes de gouvernance est la bienvenue !
Voici une brève présentation du volume de Larcker. Bonne lecture !
This is the most comprehensive and up-to-date reference for implementing and sustaining superior corporate governance. Stanford corporate governance experts David Larcker and Bryan Tayan carefully synthesize current academic and professional research, summarizing what is known and unknown, and where the evidence remains inconclusive.
Corporate Governance Matters, Second Edition reviews the field’s newest research on issues including compensation, CEO labor markets, board structure, succession, risk, international governance, reporting, audit, institutional and activist investors, governance ratings, and much more. Larcker and Tayan offer models and frameworks demonstrating how the components of governance fit together, with updated examples and scenarios illustrating key points. Throughout, their balanced approach is focused strictly on two goals: to “get the story straight,” and to provide useful tools for making better, more informed decisions.
This edition presents new or expanded coverage of key issues ranging from risk management and shareholder activism to alternative corporate governance structures. It also adds new examples, scenarios, and classroom elements, making this text even more useful in academic settings. For all directors, business leaders, public policymakers, investors, stakeholders, and MBA faculty and students concerned with effective corporate governance.
Selected Editorial Reviews
An outstanding work of unique breadth and depth providing practical advice supported by detailed research.
Alan Crain, Jr., Senior Vice President and General Counsel, Baker Hughes
Extensively researched, with highly relevant insights, this book serves as an ideal and practical reference for corporate executives and students of business administration.
Narayana N.R. Murthy, Infosys Technologies
Corporate Governance Matters is a comprehensive, objective, and insightful analysis of academic and professional research on corporate governance.
Professor Katherine Schipper, Duke University, and former member of the Financial Accounting Standards Board
Vous trouverez, ci-dessous, un article de l’Institut de la gouvernance du Royaume-Uni (IoD) qui présente un document intitulé « The Great Governance Debate: Towards a good governance index for listed companies » dans lequel les auteurs décrivent une approche nouvelle à l’évaluation de la saine gouvernance.
Le document se distingue par la conception d’un modèle de prévision de la gouvernance, basé sur une multitude de facteurs explicatifs, et d’indices de performance.
Je vous invite à prendre connaissance du rapport de l’IoD.
In a new report published today, the leading business organisation hopes its report will kickstart the debate about how to define good governance – and recognise those companies that do it best.
The Great Governance Debate: Towards a good governance index for listed companies, launched at the IoD this morning, sets out a new framework for assessing corporate governance, moving away from a focus on compliance and towards a more complex measurement which combines public perceptions with a range of objective factors.
Téléchargez le rapport complet
Launching the report, Ken Olisa, chairman of the advisory panel for the report, warned that the current system doesn’t fully address what corporate governance is truly about.
“No one factor dictates whether a company is well run,” Olisa said. “It is simply not correct for a company to say that because they have ticked certain boxes, they show good governance.
“Now is the time for some bold thinking on how we define and measure governance, including the recognition that it is essentially an organic process involving the interaction of groups of people.”
The new report is the first stage in a move towards creating a comprehensive Good Governance Index which ranks individual companies on their corporate governance, taking into account factors beyond just compliance and looking at a company’s wider corporate behaviour and culture.
Simon Walker, director general of the IoD, said that the new framework “challenges previous ways of measuring the governance of big companies, and kicks off a new debate on how firms can improve their transparency, accountability and performance.”
On Tuesday, Director.co.uk will provide updates and video from the official launch at the IoD’s central London headquarters at 116 Pall Mall of The Great Governance Debate: Towards a good governance index for listed companies. Keep an eye on the website and our Twitter feed @DirectorIoD for updates.
Voici un article très intéressant sur l’évaluation des risques publié par H. Glen Jenkins* et paru dans Inside Counsel (IC) Magazine.
Il s’agit d’un bref exposé sur la notion de risques organisationnels et sur les principaux éléments qu’il faut considérer afin d’en faire une gestion efficace.
The scope of legal responsibilities for in-house counsel varies depending on the size and complexity of the company. For instance, an attorney located at corporate headquarters could be chiefly responsible for issues affecting the shared services that are available and used by corporate headquarters, as well as every business unit and division. And yet at other times, in-house counsel’s concerns may be restricted to matters affecting only the parent company or a specific liability issue faced by only one business unit.
In each instance, however, in-house counsel are generally concerned with specific legal tasks and proactive risk management.
What exactly does risk management mean, and what does it encompass? Furthermore, once the definition of risk management has been established and accepted by the company’s management team, how can in-house counsel efficiently and comprehensively assess all possible risks?
Merriam Webster’s dictionary defines risk as “the possibility that something bad or unpleasant will happen.” Whenever many of us in the accounting and legal profession hear the word “risk,” we inherently may succumb to the aforementioned particular negative connotation of risk. How many times have we heard the phrase, “Risk is a part of life,’ and how often have we associated those five words with an undesirable implication?”
Alternatively, A Positive View of Risk
Taking risks does not always have to be painstakingly negative. It is unlikely that many will disagree with the Institute of Risk Management’s (IRM) assertion that “avoiding all risk would result in no achievement, no progress and no reward.” This statement undoubtedly portrays a different perspective of risk, indicating the potential of a positive outcome.
IRM goes on to define risk as “the combination of the probability of an event and its consequence. Consequences can range from positive and negative.”
Therein lies the basic premise of risk management. If the consequences of risk can be both positive and negative, it would seem only prudent to try and effectively manage risk to have the highest probability of a positive outcome.
Applying IRM’s definition of risk, together with the premise that avoiding all risk would result in no achievement, no progress and no reward, we intrinsically recognize that not all risks are bad and not all risks are to be avoided.
Over the course of three successive articles on risk, we will take a closer look at how in-house counsel works with internal and external resources to help identify, evaluate and categorize risk.
Risk Assessment: The Starting Point for Successful Risk Management
Risk assessment is the identification, analysis and evaluation of risks involved in a given situation. Risk assessment also implies a comparison against benchmarks or standards, and the determination of an acceptable level of risk. The evaluation of risks should also provide management with a remediation or control for the identified hazard.
The word “risk” alone without any context is a vague and ill-defined term. There is safety risk, country risk, political risk, health risk and the ongoing list is virtually boundless and it is next to impossible to comprehensively assess all possible risks.
According to Tori Silas, privacy officer and senior counsel with Cox Enterprises, Inc., Cox uses the external resources of multinational accounting and advisory companies to assist with its risk assessments. Using best practices they have developed by analyzing business processes and assessing risk for companies on a global level, these organizations assist in the identification of risks in particular areas of the business, and provide a framework within which to rate risks and prioritize remediation efforts associated with those risks.
Assessment Begins with Knowing Who Decides Acceptable Levels of Risk
As an example of financial risk, according to a Tulane University study, the chances of getting hit by an asteroid or comet are 1,000 times greater than winning a jackpot mega millions lottery. Yet, some have accepted that level of risk and will habitually trade their money to play the lottery rather than investing their money or capital in an endeavor that has a much higher probability of building wealth. Whether right or wrong, a good or bad decision, those who make the choice of playing the lottery have intrinsically accepted the financial risk of losing their money in lieu of the near impossible odds to reap a grand reward.
No matter our opinion of playing the lottery, I think we would all agree that it would be highly unlikely to find a pragmatic business executive allotting some portion the company’s wealth and assets to invest in lottery tickets. But why not? Who decides the parameters of acceptable levels of risk for a business and against what benchmarks are those decisions made?
The business owners, board of directors and executive management define the business objectives, and establish the risk appetite and risk tolerances that are to be contemplated on an overall basis by management when making decisions and evaluating options and alternatives. Together they establish a system of rules, practices and processes by which their company is directed and controlled. This concept is often referred to as corporate governance. Businesses of all sizes embrace this concept, but small businesses may cloak this concept within the singular frame of mind of its ownership’s values, ideologies, philosophies, beliefs and individual business principles.
As the privacy officer for Cox Enterprises, Silas strives to make certain the employees of their consumer facing companies are aware of Cox’s obligations regarding data privacy and that they are appropriately trained to identify and mitigate risk related to and to protect any private consumer data they may have collected.
Corporate Governance
Since the purpose of a risk assessment is the identification, analysis, and evaluation of risks that could adversely impact the business meeting its objectives, the process of conducting a risk assessment should be integrated into existing management processes. According to Silas, Cox Enterprises also utilizes its own internal audit services department to examine functional processes and identify opportunities to strengthen controls and mitigate risks. It is recommended that risk assessments should be conducted using a top-down approach beginning with the top level of the company and filtering its way down through each division and business unit.
For example, a company may have three divisions: manufacturing, marketing and finance. Each of those divisions may operate in four global sectors. Using a top-down approach the three top divisions would conduct a risk assessment and each subdivision that is located in each global sector would conduct their own risk assessment. The top-down approach would then be complimented by bottom-up process where the risk assessments are sent up the business chain, gathered and compiled into an integrated risk assessment matrix.
Ten Tips for Conducting an Effective Risk Assessment
In quick summary, here are ten additional tips for conducting an effective risk assessment:
Create, plan and conduct a formal risk assessment;
Define the context and objectives of the risk assessment;
Define and understand the organizations acceptable risk tolerance;
Bring together the best team to conduct the risk assessment;
Employ the best risk assessment techniques for the situation;
Understand control measures to mitigate risk;
Be objective and impartial conducting the risk assessment;
Identify the environment that is conducive to risks;
Identify who could be harmed; and
Review, revisit and re-perform the risk assessment.
_________________________________________________
*H. Glen Jenkins, CPA, CVA, CFE, is Senior Manager in the Fraud & Forensic Services practice in the Atlanta, Georgia offices of Warren Averett, the 26th largest accounting firm in the U.S. Jenkins has more than 20 years of experience assisting corporate counsel in complex commercial litigation, calculation of economic damages, fraud investigations and business valuations of tangible and intangible properties.
Richard Leblanc vient de publier un excellent article, sur son blogue, qui traite des façons pour un CA d’accroître son assurance que les valeurs éthiques sont respectées. J’avais également publié un billet le 12 août intitulé : Le CA est garant de l’intégrité de l’entreprise.
Ce billet est le résultat d’une conférence que l’auteur a prononcée en se basant sur son expérience dans le domaine de la gouvernance éthique, mais aussi en s’appuyant sur les propos d’Andrew Fastow, l’ex V-P finances de Enron ainsi que sur les aveux de Conrad Black et Arthur Porter.
L’auteur a beaucoup réfléchi sur les moyens à la disposition du conseil d’administration pour superviser le comportement éthique de l’organisation et il en est arrivé à proposer dix façons pour les CA d’exercer leurs responsabilités en cette matière.
Je vous réfère à l’article afin d’obtenir plus de détails sur chacun des aspects ci-dessous :
Posez les bonnes questions eu égard aux aspects éthiques;
Ayez des lignes directes au CA afin de surveiller l’éthique, l’intégrité, la réputation et la culture;
Utilisez les réunions privées, sans la présence du management, afin d’obtenir des informations et poser les questions brûlantes;
Assurez-vous que le CA fait affaires avec un juriste indépendant de la direction;
Donnez-vous une politique de lanceur d’alerte (whistle-blowing);
Ajustez la rémunération afin de tenir compte de la conduite des dirigeants, en sus de la performance !
Surveillez vos processus de contrôle interne;
N’hésitez pas à parler pour dénoncer certaines pratiques peu, ou pas, éthiques;
Recrutez des administrateurs vraiment indépendants;
Donnez le ton en tant qu’administrateur de la société.
Je vous souhaite une bonne lecture; vos commentaires sont toujours les bienvenus.
Management is fond of explaining unethical conduct away by saying it was a “rogue” employee. Boards are fond of explaining unethical conduct by saying “we missed it.” If boards and management teams are truly honest, they know they should not have missed it and that it was not a rogue employee. It was an employee operating within the culture that was accepted.
In all of my interviews of directors over the years, including during ethical failure, when I ask about directors’ greatest regret, the answer is consistently, “I should have spoken up when I had the chance.” Speaking up is incredibly important when it comes to tone at the top. If you are uncomfortable, “speak up” is the best advice I could give a director. Chances are, several of your colleagues are thinking the exact same thing.
On me demande souvent de proposer un livre qui fait le tour de la question eu égard à ce qui est connu comme statistiquement vrai sur les relations entre la gouvernance et le succès des organisations.
Le volume publié par David F. Larckeret Brian Tayan, professeurs au Graduate School de l’Université Stanford, en est à sa deuxième édition et il donne l’heure juste sur l’efficacité des principes de gouvernance.
Si vous aviez un livre sur la gouvernance à acheter, ce serait celui-ci.
This is the most comprehensive and up-to-date reference for implementing and sustaining superior corporate governance. Stanford corporate governance experts David Larcker and Bryan Tayan carefully synthesize current academic and professional research, summarizing what is known and unknown, and where the evidence remains inconclusive.
Corporate Governance Matters, Second Edition reviews the field’s newest research on issues including compensation, CEO labor markets, board structure, succession, risk, international governance, reporting, audit, institutional and activist investors, governance ratings, and much more. Larcker and Tayan offer models and frameworks demonstrating how the components of governance fit together, with updated examples and scenarios illustrating key points. Throughout, their balanced approach is focused strictly on two goals: to “get the story straight,” and to provide useful tools for making better, more informed decisions.
This edition presents new or expanded coverage of key issues ranging from risk management and shareholder activism to alternative corporate governance structures. It also adds new examples, scenarios, and classroom elements, making this text even more useful in academic settings. For all directors, business leaders, public policymakers, investors, stakeholders, and MBA faculty and students concerned with effective corporate governance.
Selected Editorial Reviews
An outstanding work of unique breadth and depth providing practical advice supported by detailed research.
Alan Crain, Jr., Senior Vice President and General Counsel, Baker Hughes
Extensively researched, with highly relevant insights, this book serves as an ideal and practical reference for corporate executives and students of business administration.
Narayana N.R. Murthy, Infosys Technologies
Corporate Governance Matters is a comprehensive, objective, and insightful analysis of academic and professional research on corporate governance.
Professor Katherine Schipper, Duke University, and former member of the Financial Accounting Standards Board
Voici un article très intéressant sur l’évaluation des risques publié par H. Glen Jenkins* et paru dans Inside Counsel (IC) Magazine.
Il s’agit d’un bref exposé sur la notion de risques organisationnels et sur les principaux éléments qu’il faut considérer afin d’en faire une gestion efficace.
The scope of legal responsibilities for in-house counsel varies depending on the size and complexity of the company. For instance, an attorney located at corporate headquarters could be chiefly responsible for issues affecting the shared services that are available and used by corporate headquarters, as well as every business unit and division. And yet at other times, in-house counsel’s concerns may be restricted to matters affecting only the parent company or a specific liability issue faced by only one business unit.
In each instance, however, in-house counsel are generally concerned with specific legal tasks and proactive risk management.
What exactly does risk management mean, and what does it encompass? Furthermore, once the definition of risk management has been established and accepted by the company’s management team, how can in-house counsel efficiently and comprehensively assess all possible risks?
Merriam Webster’s dictionary defines risk as “the possibility that something bad or unpleasant will happen.” Whenever many of us in the accounting and legal profession hear the word “risk,” we inherently may succumb to the aforementioned particular negative connotation of risk. How many times have we heard the phrase, “Risk is a part of life,’ and how often have we associated those five words with an undesirable implication?”
Alternatively, A Positive View of Risk
Taking risks does not always have to be painstakingly negative. It is unlikely that many will disagree with the Institute of Risk Management’s (IRM) assertion that “avoiding all risk would result in no achievement, no progress and no reward.” This statement undoubtedly portrays a different perspective of risk, indicating the potential of a positive outcome.
IRM goes on to define risk as “the combination of the probability of an event and its consequence. Consequences can range from positive and negative.”
Therein lies the basic premise of risk management. If the consequences of risk can be both positive and negative, it would seem only prudent to try and effectively manage risk to have the highest probability of a positive outcome.
Applying IRM’s definition of risk, together with the premise that avoiding all risk would result in no achievement, no progress and no reward, we intrinsically recognize that not all risks are bad and not all risks are to be avoided.
Over the course of three successive articles on risk, we will take a closer look at how in-house counsel works with internal and external resources to help identify, evaluate and categorize risk.
Risk Assessment: The Starting Point for Successful Risk Management
Risk assessment is the identification, analysis and evaluation of risks involved in a given situation. Risk assessment also implies a comparison against benchmarks or standards, and the determination of an acceptable level of risk. The evaluation of risks should also provide management with a remediation or control for the identified hazard.
The word “risk” alone without any context is a vague and ill-defined term. There is safety risk, country risk, political risk, health risk and the ongoing list is virtually boundless and it is next to impossible to comprehensively assess all possible risks.
According to Tori Silas, privacy officer and senior counsel with Cox Enterprises, Inc., Cox uses the external resources of multinational accounting and advisory companies to assist with its risk assessments. Using best practices they have developed by analyzing business processes and assessing risk for companies on a global level, these organizations assist in the identification of risks in particular areas of the business, and provide a framework within which to rate risks and prioritize remediation efforts associated with those risks.
Assessment Begins with Knowing Who Decides Acceptable Levels of Risk
As an example of financial risk, according to a Tulane University study, the chances of getting hit by an asteroid or comet are 1,000 times greater than winning a jackpot mega millions lottery. Yet, some have accepted that level of risk and will habitually trade their money to play the lottery rather than investing their money or capital in an endeavor that has a much higher probability of building wealth. Whether right or wrong, a good or bad decision, those who make the choice of playing the lottery have intrinsically accepted the financial risk of losing their money in lieu of the near impossible odds to reap a grand reward.
No matter our opinion of playing the lottery, I think we would all agree that it would be highly unlikely to find a pragmatic business executive allotting some portion the company’s wealth and assets to invest in lottery tickets. But why not? Who decides the parameters of acceptable levels of risk for a business and against what benchmarks are those decisions made?
The business owners, board of directors and executive management define the business objectives, and establish the risk appetite and risk tolerances that are to be contemplated on an overall basis by management when making decisions and evaluating options and alternatives. Together they establish a system of rules, practices and processes by which their company is directed and controlled. This concept is often referred to as corporate governance. Businesses of all sizes embrace this concept, but small businesses may cloak this concept within the singular frame of mind of its ownership’s values, ideologies, philosophies, beliefs and individual business principles.
As the privacy officer for Cox Enterprises, Silas strives to make certain the employees of their consumer facing companies are aware of Cox’s obligations regarding data privacy and that they are appropriately trained to identify and mitigate risk related to and to protect any private consumer data they may have collected.
Corporate Governance
Since the purpose of a risk assessment is the identification, analysis, and evaluation of risks that could adversely impact the business meeting its objectives, the process of conducting a risk assessment should be integrated into existing management processes. According to Silas, Cox Enterprises also utilizes its own internal audit services department to examine functional processes and identify opportunities to strengthen controls and mitigate risks. It is recommended that risk assessments should be conducted using a top-down approach beginning with the top level of the company and filtering its way down through each division and business unit.
For example, a company may have three divisions: manufacturing, marketing and finance. Each of those divisions may operate in four global sectors. Using a top-down approach the three top divisions would conduct a risk assessment and each subdivision that is located in each global sector would conduct their own risk assessment. The top-down approach would then be complimented by bottom-up process where the risk assessments are sent up the business chain, gathered and compiled into an integrated risk assessment matrix.
Ten Tips for Conducting an Effective Risk Assessment
In quick summary, here are ten additional tips for conducting an effective risk assessment:
Create, plan and conduct a formal risk assessment;
Define the context and objectives of the risk assessment;
Define and understand the organizations acceptable risk tolerance;
Bring together the best team to conduct the risk assessment;
Employ the best risk assessment techniques for the situation;
Understand control measures to mitigate risk;
Be objective and impartial conducting the risk assessment;
Identify the environment that is conducive to risks;
Identify who could be harmed; and
Review, revisit and re-perform the risk assessment.
_________________________________________________
*H. Glen Jenkins, CPA, CVA, CFE, is Senior Manager in the Fraud & Forensic Services practice in the Atlanta, Georgia offices of Warren Averett, the 26th largest accounting firm in the U.S. Jenkins has more than 20 years of experience assisting corporate counsel in complex commercial litigation, calculation of economic damages, fraud investigations and business valuations of tangible and intangible properties.
Aujourd’hui, j’ai retenu un article publié par Richard Leblanc* dans le Magazine for Canadian Listed Companies (Listed) qui traite d’un sujet de grande actualité dans toutes les sphères de la vie organisationnelle : La valeur de l’intégrité.
Comme le dit si bien l’auteur, les entreprises sont portées à qualifier certains employés de pommes pourries lorsqu’elles découvrent des manquements à l’éthique. Il est vrai que certains individus sont responsables de plusieurs problèmes reliés au manque d’intégrité et d’honnêteté mais les comportements des employés sont largement dépendants de la culture de l’entreprise, des pratiques en cours, des contrôles internes …
Richard Leblanc croit que les défaillances, en ce qui a trait à l’intégrité des personnes, sont souvent du ressort du conseil d’administration lequel n’exerce pas un fort leadership éthique et n’affiche pas des valeurs claires à ce propos.
Cette affirmation implique que tous les membres d’un conseil d’administration doivent faire preuve d’une éthique exemplaire : « Tone at the Top ». Les membres sont en mesure d’évaluer cette valeur au sein de leur conseil et au sein de l’organisation.
C’est la responsabilité du conseil de veiller à ce que de solides valeurs d’intégrité soient transmises à l’échelle de toute l’organisation, que la direction et les employés connaissent bien les codes de conduites et que l’on s’assure d’un suivi adéquat à cet égard.
Les administrateurs doivent poser les bonnes questions afin de s’assurer de la transmission efficace du code de conduite de l’entreprise.
This lax control environment, where self-interest is pursued and where pressure is applied, is the heart of ethical failure.
Je vous invite à lire ce court article. Bonne lecture. Vos commentaires sont appréciés.
There is not an excuse I have not heard for ethical failure. But when I investigate a company after allegations of fraud, corruption or workplace wrongdoing, I almost always find a complacent, captured or entrenched board that did not take corrective action. In a few cases, boards actually encouraged the wrongdoing.
The first myth is that the board is a “good” board. There is no relationship between the profile of directors and whether the board is “good.” Often times, there is an inverse relationship, as trophy or legacy directors typically lack industry and risk expertise, are not really independent, are coasting and not prepared to put in the work, or they themselves may not possess integrity.
How important is integrity? Extremely. Three factors make for a good director or manager: competence, commitment and integrity, with integrity ranking first. Otherwise, you have the first two working against you.
Integrity needs to be defined, recruited for, and enforced. “Does your colleague possess integrity?” “Yes” is an answer to this perfunctory question. Full marks. But when I define integrity to include avoiding conflicts of interest, consistency between what is said and done, ethical conduct and trustworthiness—and guarantee anonymity—I get a spread of performance scores. Those who do not possess integrity in the eyes of their colleagues are poison and should be extracted from any board or a senior management team. It is a recruitment failure to elect or hire them in the first place.
When fraud, toxic workplaces, bullying, harassment and pressure do occur, the bad news needs to rise. Boards need to ensure that protected, anonymous reporting channels exist and are used—including for a director or executive to speak up in confidence, and for an in- dependent consequential investigation to occur. If a whistleblowing program has any manager as the point of contact, it is not effective.
Frequently, I find ethical design and implementation failure are the culprits, with codes of conduct, conflict of interest policies, whistleblowing procedures, culture and workplace audits, and education and communication being perfunctory at best, overridden by management at worst, and not taken seriously by employees or key suppliers, with minimal assurance and oversight by the board.
After ethical failure happens, executives argue that it is a lone rogue employee or an isolated incident. Nothing could be further from the truth. It is an employee who reflects the true and actual culture, internal control environment and practices of the organization, and who is attracted to and flourishes within them. There is no such thing as a rogue employee. It is a board that approved the conditions that management proposed within which employees operate.
This lax control environment, where self-interest is pursued and where pressure is applied, is the heart of ethical failure.
Nowhere is there a more shocking lack of internal controls over employee and agent behaviour than in some corrupt jurisdictions where Western firms do business. Not only is the potential for fraud rampant, but the costs of compliance wind up being borne by companies that do not bribe and have proper controls. They are penalized for doing things right, and forced to compete on an unequal playing field.
This is why Western governments are seeking to put their countries and companies in the most competitive position possible. They are enforcing anti-corruption laws using long arms of justice to prosecute bribery. They are also debarring companies from government contracts who commit ethical breaches. This debarment is a powerful motivator to spur investment to internalize the costs of internal controls over integrity.
Western industry will mistakenly argue that integrity laws will disadvantage them or cost their industry jobs, but the reality is the opposite. Tough integrity laws will prevent substandard competitors from offering bribes, will reduce recipients’ incentive to receive bribes, and will strengthen Western companies that compete on the basis of price, quality and service.
__________________________________
*Richard Leblanc is an associate professor, governance, law & ethics, at York University’s Faculty of Liberal Arts and Professional Studies and a member of the Ontario Bar. E-mail: rleblanc@yorku.ca.
Vous trouverez, ci-dessous, un article de l’Institut de la gouvernance du Royaume-Uni (IoD) qui présente un document intitulé « The Great Governance Debate: Towards a good governance index for listed companies » dans lequel les auteurs décrivent une approche nouvelle à l’évaluation de la saine gouvernance.
Le document se distingue par la conception d’un modèle de prévision de la gouvernance, basé sur une multitude de facteurs explicatifs, et d’indices de performance.
Je vous invite à prendre connaissance du rapport de l’IoD.
In a new report published today, the leading business organisation hopes its report will kickstart the debate about how to define good governance – and recognise those companies that do it best.
The Great Governance Debate: Towards a good governance index for listed companies, launched at the IoD this morning, sets out a new framework for assessing corporate governance, moving away from a focus on compliance and towards a more complex measurement which combines public perceptions with a range of objective factors.
Téléchargez le rapport complet
Launching the report, Ken Olisa, chairman of the advisory panel for the report, warned that the current system doesn’t fully address what corporate governance is truly about.
“No one factor dictates whether a company is well run,” Olisa said. “It is simply not correct for a company to say that because they have ticked certain boxes, they show good governance.
“Now is the time for some bold thinking on how we define and measure governance, including the recognition that it is essentially an organic process involving the interaction of groups of people.”
The new report is the first stage in a move towards creating a comprehensive Good Governance Index which ranks individual companies on their corporate governance, taking into account factors beyond just compliance and looking at a company’s wider corporate behaviour and culture.
Simon Walker, director general of the IoD, said that the new framework “challenges previous ways of measuring the governance of big companies, and kicks off a new debate on how firms can improve their transparency, accountability and performance.”
On Tuesday, Director.co.uk will provide updates and video from the official launch at the IoD’s central London headquarters at 116 Pall Mall of The Great Governance Debate: Towards a good governance index for listed companies. Keep an eye on the website and our Twitter feed @DirectorIoD for updates.
Quel doit être le rôle du conseil d’administration eu égard à la surveillance de la gestion des risques ? L’article publié par Scott Hodgkins, Steven B. Stokdyk, et Joel H. Trotter dans le forum du site du Harvard Law School présente, d’une manière très concise, les trois étapes qu’un conseil doit entreprendre en matière de gestion des risques d’une société.
Les auteurs rappellent l’utilisation d’un modèle développé par le COSO (Committee of Sponsoring Organizations de la Commission Treadway), bien connu en gouvernance, qui invite les CA à :
S’entendre avec la direction sur un niveau de risque acceptable (l’appétit pour le risque);
Comprendre les efforts de la direction dans l’exécution des pratiques de gestion des risques;
Revoir le portefeuille des risques en considérant l’appétit pour le risque;
Connaître les risques les plus importants de l’entreprise, ainsi que les stratégies de la direction pour les contrôler.
L’article discute des trois étapes que le CA doit accomplir afin de s’acquitter de son rôle en matière de gestion des risques :
Déterminer le modèle de supervision privilégié par le CA;
Convenir avec le management d’une approche appropriée à la gestion des risques et revoir l’approche retenue;
Évaluer les ressources du CA en matière de gestion de risques et éviter les biais et la pensée de groupe.
Voici donc un extrait de l’article qui précise chacune des trois étapes.
1. Determine the board’s preferred oversight model
Typically, boards either retain primary responsibility for risk oversight or delegate initial oversight duties to a committee, such as the audit committee or a risk committee. Where the board retains primary responsibility, individual committees may provide input on specific types of risk, such as compensation risk, audit and financial risk, and regulatory and compliance risk.
In selecting between the active board model and the committee model, the board should consider those directors with the necessary expertise to oversee unique market, liquidity, regulatory, innovation, cybersecurity and other risks that may require special attention. The board should also consider whether adding duties to an existing committee, such as the audit committee, may be too burdensome in light of existing workload.
These issues are unique to each company, and the key is to ensure that the model you choose is effective for your situation.
2. Develop a stated approach to risk management
Some companies may adopt a risk management statement or policy. As with other policy statements, a risk management statement can create a tone-at-the-top benchmark for assessing value-creation opportunities as they arise and provide guideposts for management’s operational decisions.
A risk management statement should separately identify:
Acceptable strategic risks
Undesirable risks
Risk tolerances or thresholds in stated categories, such as strategic, financial, operational and compliance
In developing the company’s approach, the board should consider:
Investor expectations of the company’s risk appetite
Competitors’ apparent risk appetite
Stress-tests for risk scenarios, using historical experience and sensitivity analysis
Long-term strategy versus existing core competencies
Effects of new business generation on desired risk profile
Strategic planning and operations compared to articulated risk appetite
Developing a stated approach to risk management requires good working relationships among the board members, the CEO and management, as well as active participation by all involved.
3. Assess board capabilities and effectiveness, reviewing for bias and groupthink
The board must evaluate its own capabilities and effectiveness, paying particular attention to the possible emergence of cognitive bias or groupthink.
In assessing board capabilities and effectiveness, the board should consider:
Directors’ skills and expertise compared to the company’s current and future operations
Possible director education initiatives or new directors with additional skills
Delegation of risk oversight in highly technical areas, such as cybersecurity
Retention of independent experts to evaluate specific risk management practices
Clear allocation of responsibility among the board committees and members
The balance between board-level risk oversight and management-level day-to-day ERM Boards must also guard against two types of bias:
Resistance to new ideas from outsiders, thus overlooking new opportunities or risks
Confirmation bias, incorrectly filtering information and confirming preconceptions
Maintaining contact with business realities also requires collegiality and open communication among management and directors.
Boards should consider their risk oversight in light of these three steps to assist in framing an effective approach to enterprise-level risk exposures.
Voici une liste des billets en gouvernance les plus populaires publiés sur mon blogue en 2014.
Cette liste constitue, en quelque sorte, un sondage de l’intérêt manifesté par des dizaines de milliers de personnes sur différents thèmes de la gouvernance des sociétés. On y retrouve des points de vue bien étayés sur des sujets d’actualité relatifs aux conseils d’administration.
Les dix (10) articles les plus lus du Blogue en gouvernance ont fait l’objet de plus de 1 0 000 visites.
Que retrouve-t-on dans ce blogue et quels en sont les objectifs ?
Ce blogue fait l’inventaire des documents les plus pertinents et récents en gouvernance des entreprises. La sélection des billets est le résultat d’une veille assidue des articles de revue, des blogues et sites web dans le domaine de la gouvernance, des publications scientifiques et professionnelles, des études et autres rapports portant sur la gouvernance des sociétés, au Canada et dans d’autres pays, notamment aux États-Unis, au Royaume-Uni, en France, en Europe, et en Australie.
Je fais un choix parmi l’ensemble des publications récentes et pertinentes et je commente brièvement la publication. L’objectif de ce blogue est d’être la référence en matière de documentation en gouvernance dans le monde francophone, en fournissant au lecteur une mine de renseignements récents (les billets quotidiens) ainsi qu’un outil de recherche simple et facile à utiliser pour répertorier les publications en fonction des catégories les plus pertinentes.
Quelques statistiques à propos du blogue Gouvernance | Jacques Grisé
Ce blogue a été initié le 15 juillet 2011 et, à date, il a accueilli plus de 125 000 visiteurs. Le blogue a progressé de manière tout à fait remarquable et, au 31 décembre 2014, il était fréquenté par plus de 5 000 visiteurs par mois. Depuis le début, j’ai œuvré à la publication de 1 097 billets.
En 2015, on estime qu’environ 5 500 personnes par mois visiteront le blogue afin de s’informer sur diverses questions de gouvernance. À ce rythme, on peut penser qu’environ 70 000 personnes visiteront le site du blogue en 2015.
On note que 44 % des billets sont partagés par l’intermédiaire de LinkedIn et 44 % par différents engins de recherche. Les autres réseaux sociaux (Twitter, Facebook et Tumblr) se partagent 13 % des références.
Voici un aperçu du nombre de visiteurs par pays :
Canada (64 %)
France, Suisse, Belgique (20 %)
Magreb (Maroc, Tunisie, Algérie) (5 %)
Autres pays de l’Union Européenne (2 %)
États-Unis (2 %)
Autres pays de provenance (7 %)
En 2014, le blogue Gouvernance | Jacques Grisé a été inscrit dans deux catégories distinctes du concours canadien Made in Blog (MiB Awards) : Business et Marketing et médias sociaux. Le blogue a été retenu parmi les dix (10) finalistes à l’échelle canadienne dans chacune de ces catégories, le seul en gouvernance.
Vos commentaires sont toujours grandement appréciés. Je réponds toujours à ceux-ci.
Voici une liste des billets en gouvernance les plus populaires publiés sur mon blogue en 2014.
Cette liste constitue, en quelque sorte, un sondage de l’intérêt manifesté par des dizaines de milliers de personnes sur différents thèmes de la gouvernance des sociétés. On y retrouve des points de vue bien étayés sur des sujets d’actualité relatifs aux conseils d’administration.
Les dix (10) articles les plus lus du Blogue en gouvernance ont fait l’objet de plus de 1 0 000 visites.
Que retrouve-t-on dans ce blogue et quels en sont les objectifs ?
Ce blogue fait l’inventaire des documents les plus pertinents et récents en gouvernance des entreprises. La sélection des billets est le résultat d’une veille assidue des articles de revue, des blogues et sites web dans le domaine de la gouvernance, des publications scientifiques et professionnelles, des études et autres rapports portant sur la gouvernance des sociétés, au Canada et dans d’autres pays, notamment aux États-Unis, au Royaume-Uni, en France, en Europe, et en Australie.
Je fais un choix parmi l’ensemble des publications récentes et pertinentes et je commente brièvement la publication. L’objectif de ce blogue est d’être la référence en matière de documentation en gouvernance dans le monde francophone, en fournissant au lecteur une mine de renseignements récents (les billets quotidiens) ainsi qu’un outil de recherche simple et facile à utiliser pour répertorier les publications en fonction des catégories les plus pertinentes.
Quelques statistiques à propos du blogue Gouvernance | Jacques Grisé
Ce blogue a été initié le 15 juillet 2011 et, à date, il a accueilli plus de 125 000 visiteurs. Le blogue a progressé de manière tout à fait remarquable et, au 31 décembre 2014, il était fréquenté par plus de 5 000 visiteurs par mois. Depuis le début, j’ai œuvré à la publication de 1 097 billets.
En 2015, on estime qu’environ 5 500 personnes par mois visiteront le blogue afin de s’informer sur diverses questions de gouvernance. À ce rythme, on peut penser qu’environ 70 000 personnes visiteront le site du blogue en 2015.
On note que 44 % des billets sont partagés par l’intermédiaire de LinkedIn et 44 % par différents engins de recherche. Les autres réseaux sociaux (Twitter, Facebook et Tumblr) se partagent 13 % des références.
Voici un aperçu du nombre de visiteurs par pays :
Canada (64 %)
France, Suisse, Belgique (20 %)
Magreb (Maroc, Tunisie, Algérie) (5 %)
Autres pays de l’Union Européenne (2 %)
États-Unis (2 %)
Autres pays de provenance (7 %)
En 2014, le blogue Gouvernance | Jacques Grisé a été inscrit dans deux catégories distinctes du concours canadien Made in Blog (MiB Awards) : Business et Marketing et médias sociaux. Le blogue a été retenu parmi les dix (10) finalistes à l’échelle canadienne dans chacune de ces catégories, le seul en gouvernance.
Vos commentaires sont toujours grandement appréciés. Je réponds toujours à ceux-ci.
Gouvernance | Jacques Grisé 