En reprise : Dix (10) activités que les CA devraient éviter !

Voici le condensé d’un article publié par Deloitte en 2011 et que j’ai relayé à mes premiers abonnés au début de la création de mon blogue.

En revisitant mes billets, j’ai été en mesure de constater que plusieurs parutions étaient encore d’une grande pertinence. Ainsi, afin de revenir sur mes débuts comme blogueur, je vous présente un document de la firme Deloitte qui énumère dix (10) activités que les conseils d’administration doivent éviter de faire.

Les suggestions sont toujours aussi d’actualité. Bonne relecture !

Avoid presentation overload

Presentations should not dominate board meetings. If your board meetings consist of a scripted agenda packed with one presentation after another, there may not be sufficient time for substantive discussions. The majority of board meetings should be focused on candid dialogue about the critical strategic issues facing the company. The advance meeting materials should comprise information that provides the basis for the discussions held during the meeting. Management should feel confident that the board will read these pre-meeting materials, and the board must commit an adequate amount of time in advance of the meeting to do so.

Avoid understating the importance of compliance

There is no room for a culture of complacency when it comes to compliance with laws and regulations. As noted in the Deloitte publication

Avoid postponing the CEO succession discussion

CEO succession planning is one of the primary roles of the board. With the changing governance landscape and new and proposed regulations, the board has a full agenda these days. However, it is important to occasionally take a step back to ensure the board is addressing this important responsibility. During this time of rebuilding and prior to the implementation of new regulations, boards should assess where time is being spent and perhaps redirect focus on succession.

It is important to note that the succession planning process is continual and doesn’t end when a new CEO is selected. As the company evolves, its needs change, as do the skills required of the leadership team. The board needs to ensure that a leadership pipeline is developed and that its members have ample opportunity to connect with the next generation of leaders.

Avoid the trap of homogeneity

The topic of board composition and having the « right » people on the board continues to receive much attention. The SEC has proposed rules that would require more disclosure about director qualifications, including what makes each director qualified to participate on certain board committees. The shift to independent board members facilitated a move away from a « friends on the board » approach to a new mix. However, the board needs to assess whether this new mix translates into a positive and productive board dynamic. Boards should take a closer look at the expertise, experience and other qualities of each member to ensure the board that can provide the right expertise. Diversity of thought provides the perspectives needed to effectively address critical topics, which can contribute to greater productivity and ultimately a stronger board.

Avoid excessive short-term focus

Perpetual existence is one of the principal reasons for the initial development of a corporation. However, recent history offers many examples of modern corporate entities managing to reach short-term results at the expense of long-term prosperity. The board can demonstrate its leadership by being the voice of reason and openly discussing the sustainability of strategic initiatives. This can result in a well-governed company with a greater chance of achieving long-term, sustainable success.

Avoid approvals if you don’t understand the issue

Complex issues can have significant implications for the survival of an organization. It is up to directors to make sure that they understand issues that can alter the future of an enterprise before a vote is taken. This doesn’t require dissecting every detail, but it should consist of a thorough investigation and assessment of the risks and rewards of proposed transactions. If you don’t adequately understand the issue, ask for more education from management or external experts. It comes down to being able to ask the tough questions of management and probing further if things do not make sense. Consensus doesn’t mean going along with the crowd. True consensus results from a thorough debate and airing of the issues before the board, resulting in a more informed vote by directors.

Avoid discounting the value of experience

As a director, it is important to recognize the value that your experience can bring to the issues at hand. Good governance doesn’t mean checking all the right boxes. Rather, it is bringing together the diverse skills and experiences of each director to lead the company through challenges. Directors can provide greater insight by being ‘situationally aware’ when evaluating events and courses of action to take. Just as the captain of a ship needs to understand the various environmental factors that influence navigation, boards need to understand the external risks that may have an impact on the navigation of the company. Consider the context of the current issue, how it is similar to, or different from, previous experiences, what alternatives could be considered, and how outside forces may impede a successful outcome. Don’t discount the value of experience just because it was gained outside the boardroom.

Avoid stepping over the line into management’s role

A board that makes management decisions will find it difficult to hold the CEO accountable for the outcome. A director’s role is to oversee the efforts of management rather than stepping into management’s shoes. Directors must make a concentrated effort to ensure that they have clarity on management’s role, which is to operate the company. The distinction between the board and management is often blurred by directors who forget that they are not charged with running the day-to-day operations of an enterprise. This doesn’t prevent a director from getting into the details of an issue facing the company, but it does mean that directors should avoid stepping over the line.

Avoid ignoring shareholders

A company’s shareholders are among the most important and potentially vocal constituents of the enterprise. Concerns can sometimes be addressed by providing shareholders an audience with the board to air their concerns. Historically, compliance with the SEC Regulation Fair Disclosure (Reg FD) rules has been perceived as a hindrance to directors engaging in shareholder dialogue and meetings. As outlined in the Millstein Center for Corporate Governance and Performance policy briefing.

Avoid a bias to risk aversion

With the recent focus on excessive risk-taking and its impact on the credit crisis, there is concern that companies and boards may become risk-averse.

New Deloitte survey on risk management effectiveness

Dix (10) des plus importantes activités pour une gouvernance efficace*

Vous trouverez ci-dessous un checklist qui vous sera utile pour effectuer une révision de vos processus de gouvernance.

Bonne lecture. Vos commentaires sont les bienvenus.

Top Ten Steps to Improving Corporate Governance

1.      Recognise that good governance is not just about compliance

Boards need to balance conformance (i.e. compliance with legislation, regulation and codes of practice) with performance aspects of the board’s work (i.e. improving the performance of the organisation through strategy formulation and policy making). As a part of this process, a board needs to elaborate its position and understanding of the major functions it performs as opposed to those performed by management. These specifics will vary from board to board. Knowing the role of the board and who does what in relation to governance goes a long way towards maintaining a good relationship between the board and management.

2.      Clarify the board’s role in strategy

It is generally accepted today that the board has a significant role to play in the formulation and adoption of the organisation’s strategic direction. The extent of the board’s contribution to strategy will range from approval at one end to development at the other. Each board must determine what role is appropriate for it to undertake and clarify this understanding with management.

3.      Monitor organisational performance

Monitoring organisational performance is an essential board function and ensuring legal compliance is a major aspect of the board’s monitoring role. It ensures that corporate decision making is consistent with the strategy of the organisation and with owners’ expectations. This is best done by identifying the organisation’s key performance drivers and establishing appropriate measures for determining success. As a board, the directors should establish an agreed format for the reports they monitor to ensure that all matters that should be reported are in fact reported.

4.      Understand that the board employs the CEO

In most cases, one of the major functions of the board is to appoint, review, work through, and replace (when necessary), the CEO. The board/CEO relationship is crucial to effective corporate governance because it is the link between the board’s role in determining the organisation’s strategic direction and management’s role in achieving corporate objectives.

5.      Recognise that the governance of risk is a board responsibility

Establishing a sound system of risk oversight and management and internal control is another fundamental role of the board. Effective risk management supports better decision making because it develops a deeper insight into the risk-reward trade-offs that all organisations face.

6.      Ensure the directors have the information they need

Better information means better decisions. Regular board papers will provide directors with information that the CEO or management team has decided they need. But directors do not all have the same informational requirements, since they differ in their knowledge, skills, and experience. Briefings, presentations, site visits, individual director development programs, and so on can all provide directors with additional information. Above all, directors need to be able to find answers to the questions they have, so an access to independent professional advice policy is recommended.

7.      Build and maintain an effective governance infrastructure

Since the board is ultimately responsible for all the actions and decisions of an organisation, it will need to have in place specific policies to guide organisational behaviour. To ensure that the line of responsibility between board and management is clearly delineated, it is particularly important for the board to develop policies in relation to delegations. Also, under this topic are processes and procedures. Poor internal processes and procedures can lead to inadequate access to information, poor communication and uninformed decision making, resulting in a high level of dissatisfaction among directors. Enhancements to board meeting processes, meeting agendas, board papers and the board’s committee structure can often make the difference between a mediocre board and a high performing board.

8.      Appoint a competent chairperson

Research has shown that board structure and formal governance regulations are less important in preventing governance breaches and corporate wrongdoing than the culture and trust created by the chairperson. As the “leader” of the board, the chairperson should demonstrate strong and acknowledged leadership ability, the ability to establish a sound relationship with the CEO, and have the capacity to conduct meetings and lead group decision-making processes.

9.      Build a skills-based board

What is important for a board is that it has a good understanding of what skills it has and those skills it requires. Where possible, a board should seek to ensure that its members represent an appropriate balance between directors with experience and knowledge of the organisation and directors with specialist expertise or fresh perspective. Directors should also be considered on the additional qualities they possess, their “behavioural competencies”, as these qualities will influence the relationships around the boardroom table, between the board and management, and between directors and key stakeholders.

10.     Evaluate board and director performance and pursue opportunities for improvement

Boards must be aware of their own strengths and weaknesses, if they are to govern effectively. Board effectiveness can only be gauged if the board regularly assesses its own performance and that of individual directors. Improvements to come from a board and director evaluation can include areas as diverse as board processes, director skills, competencies and motivation, or even boardroom relationships. It is critical that any agreed actions that come out of an evaluation are implemented and monitored. Boards should consider addressing weaknesses uncovered in board evaluations through director development programs and enhancing their governance processes.

_________________________________________

* En reprise

Voir le site www.effectivegovernance.com.au

Document révisé de KPMG sur les bonnes pratiques de constitution d’un Board | The Directors Toolkit*

Voici la dernière version du document australien de KPMG, très bien conçue, qui répond clairement aux questions que tous les administrateurs de sociétés se posent dans le cours de leurs mandats.

On parle ici d’un formidable document électronique de 130 pages, donc long à télécharger. Voyez la table des matières ci-dessous.

J’ai demandé à KPMG de me procurer une version française du même document mais il ne semble pas en exister.

Vous trouverez, ci-dessous, une vidéo qui présente les nouveautés du guide de gouvernance telles que précédemment publiées.

The Directors’ Toolkit videos: What’s new

Bonne lecture !

The Directors Toolkit

Our business environment provides an ever-changing spectrum of risks and opportunities. The role of the director continues to be shaped by a multitude of forces including economic uncertainty, larger and more complex organisations, the increasing pace of technological innovation and digitisation along with a more rigorous regulatory environment.

At the same time there is more onus on directors to operate transparently and be more accountable for their actions and decisions.

To support directors in their challenging role KPMG has created The Directors’ Toolkit. This guide, in a user-friendly electronic format, empowers directors to more effectively discharge their duties and responsibilities while improving board performance and decision-making.

Key topics :

Duties and responsibilities of a director

Oversight of strategy and governance

Managing shareholder and stakeholder expectations

Structuring an effective board and sub-committees

Enabling key executive appointments

Managing productive meetings

Better practice terms of reference, charters and agendas

Establishing new boards.

___________________________________________

Article relié :

Le comité de gouvernance du C.A. | Élément clé d’une solide stratégie (jacquesgrisegouvernance.com)

* En reprise

Dix (10) activités que les conseils d’administration devraient toujours éviter de faire !

Voici le condensé d’un article publié par Deloitte en 2011 et que j’ai relayé à mes premiers abonnés au début de la création de mon blogue.

Les suggestions sont toujours aussi d’actualité. Bonne relecture !

Avoid presentation overload

Avoid understating the importance of compliance

There is no room for a culture of complacency when it comes to compliance with laws and regulations. As noted in the Deloitte publication

Avoid postponing the CEO succession discussion

Avoid the trap of homogeneity

Avoid excessive short-term focus

Avoid approvals if you don’t understand the issue

Avoid discounting the value of experience

Avoid stepping over the line into management’s role

Avoid ignoring shareholders

Avoid a bias to risk aversion

With the recent focus on excessive risk-taking and its impact on the credit crisis, there is concern that companies and boards may become risk-averse.

New Deloitte survey on risk management effectiveness

Guide sur les responsabilités des administrateurs au Canada

Voici un excellent guide sur les responsabilités et les obligations des administrateurs de sociétés au Canada produit par Osler.

Vous pouvez visionner la vidéo (en français) produite par Osler en cliquant su le lien suivant : Responsabilités des administrateurs au Canada

La version écrite, présentée ci-dessous, est en anglais (la version française sera bientôt disponible).

Bonne lecture !

Directors’ Responsibilities in Canada | Osler

Le guide Responsabilités des administrateurs au Canada, issu de la collaboration entre Osler et l’Institut des administrateurs de sociétés, est un outil de référence de choix dont tous les administrateurs ont besoin pour comprendre les pratiques exemplaires en matière de gouvernance et pour s’acquitter de leurs responsabilités, dans le contexte actuel des tendances commerciales en constante évolution et des changements dans le marché.

Le guide couvre :

les devoirs et l’obligation de rendre compte des administrateurs, et le rôle des actionnaires

les questions de gouvernance, y compris les conflits d’intérêts des administrateurs, les lois sur les valeurs mobilières et les exigences des marchés boursiers

les obligations d’information des sociétés ouvertes

les questions de financement, de marchés des capitaux et d’offres publiques d’achat

les responsabilités imposées par la loi, y compris les opérations d’initiés, la législation sur l’environnement et les questions d’ordre fiscal

la responsabilité pour les infractions en vertu des lois sur les sociétés

la gestion du risque

Inscrivez-vous pour obtenir un exemplaire en cliquant sur le lien ci-dessous. Il vous sera envoyé par courriel dès sa publication.

La réglementation canadienne est déficiente à plusieurs égards | Richard Leblanc

Aujourd’hui, je tiens à partager avec vous le point de vue de Richard Leblanc, expert canadien de la gouvernance corporative, professeur de droit des affaires, consultant en gouvernance et observateur attentif de la scène réglementaire canadienne.

Richard nous présente cinq domaines de la règlementation canadienne qui sont déficients, ou à tout le moins perfectibles. Ce jugement peut sembler assez sévère mais, en ce qui me concerne, je le partage entièrement, d’autant plus que plusieurs de mes billets vont dans le sens des lacunes observées par Richard.

Un document réglementaire de quatre (4) pages sur la bonne gouvernance est, en effet, un peu restreint !

La règlementation en gouvernance au Canada, laquelle date de 10 ans, est certainement désuète eu regard aux autres règlementations des pays développés.

Voici donc cinq (5) lacunes identifiées par Richard Leblanc, qui, selon plusieurs observateurs, méritent une attention particulière, sinon une révision systématique :

Déficiences au niveau des pratiques et des principes de gouvernance
Manque d’importance accordée à la gestion des risques
Manque d’une définition objective de l’indépendance des administrateurs
Manque d’importance accordée à l’expertise requise dans le domaine de l’industrie
Connaissances insuffisantes relatives aux aspects financiers et à l’audit interne.

Je vous invite à lire le compte rendu de son blogue, ci-dessous, afin de connaître les raisons invoquées.

Canada’s Corporate Governance Guidelines Are Out of Date

In my teaching, research and consulting, I no longer use “NP-58201 Corporate Governance Guidelines,” June 17, 2005 (“Guidelines”), that apply to publicly traded companies in Canada, as an example of exemplary corporate governance. I regard them as stale and dated. I cannot think of another developed country that has not updated its governance guidelines in almost 10 years. There have been more changes to governance since the financial crisis of 2008 than in a generation. And we are only about half way through all of them. Canadian regulators – including all provinces and territories – need to keep up, and step up.

Here are the deficiencies to the Guidelines as I see them:

1. Lack of principles and practices:

Our Guidelines are four pages long. The UK’s new Code (September 2014) is thirty-six pages. Australia’s Principles and Recommendations (March 2014) are forty-four. South Africa’s “King III” (2009) is sixty-six pages, to pick only three examples. Quantity is not necessarily quality, but by having such succinct guidelines, the opportunity to set out (i) best practices that (ii) achieve the objective of principles is gone. It is comply or explain against a perfunctory unitary guideline, which can be – and is – gamed by reporting management. There should be more robust guidance, where the regulator explains various ways good governance can occur, from which listed companies can pick and choose according to their circumstances.

2. Lack of focus on risk management:

Take risk for example. The Canadian Guidelines simply state that the board should identify principal risks and ensure appropriate systems are in place to manage these risks. I have no idea what this actually means, nor may directors. Risk management oversight now involves an explicit risk appetite framework, internal controls to mitigate, technology, limitations, and assurance provided directly to the board and committees by independent risk, compliance, and internal audit functions. None of these practices, which are very much addressed by other regulators, appear in the 2005 Guidelines. Consequently, many public companies have immature risk management, especially in addressing non-financial risks such as cyber security, operations, terrorism and reputation. Regulatory inaction has an effect. Even a forward-thinking director may be blocked by intransigent management to devote greater resources to mitigating risk because of inadequate regulation.

3. Lack of independence of mind:

In Canada, a board can subjectively believe a director to be independent, but this belief need not be independently validated, nor tied to any objective or reasonable standard. Nowhere else can a conflict of interest lack a perceptual foundation. As a result, directors tell me how colleagues are compromised by an office, perks, vacations, gifts, jobs for friends, social relatedness, relations to major shareholders, excessive pay, excessive tenure, interlocks, and other forms of capture. If a director or chair is captured, they are owned by management and totally ineffective. If there is a difference between regulatory independence and the independence of mind of directors, the fault lies with the regulation. Regulators should implement an objective standard of director independence, not a subjective one.

4. Lack of industry expertise:

It was admitted in open forum that the original 1994 committee did little research. Sufficient industry expertise on boards is glaringly absent from the Guidelines, and consequently in many boardrooms. We are suffering from an independence legacy, perpetuated by entrenched directors, and unsupported by academic research. For example, in Australia, two academics claim has cost their country’s decline in shareholder value between 30 and 50 billion Australian dollars (“Does “Board Independence” Destroy Corporate Value,” by Peter L. Swan and David Forsberg).

Fraud, meltdowns and underperformance such as Nortel, RIM and CP all had a paucity of industry experts on their boards, including, most recently, Tesco in the UK. JP Morgan at the time of the risk management failure did not have a single independent director with banking experience. Prior to Bill Ackman’s involvement in CP, not a single independent director had rail experience. I recently assessed a similar board and not a single director had the necessary industry experience. The Guidelines should require relevant industry expertise on boards. I recommended this to OSFI when I was retained by them to examine their earlier guidelines, and this is now the law for all federally regulated financial institutions, along with risk expertise being present on boards.

5. Lack of financial literacy and internal audit:

There is no requirement to be financially literate to sit, initially, on an audit committee of a Canadian public company. This presumes someone can acquire financial literacy as opposed to having it to begin with. There is also no requirement to have an internal audit function for a Canadian public company. This should also change so audit committee members hit the ground running, and there should be a comply or explain approach to internal audit. In many compliance failures, there is a defective or non-existent internal audit function, with a weak audit committee lacking recent and relevant expertise. Regulators are now moving towards “independent coordinated assurance,” which means that reporting to, and functional oversight by, the board and committees are fulfilled by internal and external personnel who are independent of senior and operating management, including, most importantly, an effective and independent internal audit function.

Nouvelles capsules vidéos en gouvernance : (1) le comité de gouvernance (2) l’auditeur externe

Le Collège des administrateurs de sociétés est heureux de vous dévoiler sa 3e série de capsules d’experts, formée de huit entrevues vidéo.

Pendant 3 minutes, un expert du Collège partage une réflexion et se prononce sur un sujet d’actualité lié à la gouvernance. Une capsule est dévoilée chaque semaine.

Aujourd’hui, je vous propose le visionnement des deux plus récentes capsules d’experts qui sont maintenant en ligne. Elles ont pour thèmes « le comité de gouvernance » par M. Richard Joly, président, Leaders & Cie et «l’auditeur externe» par Mme Lily Adam, associée, Services de certification, EY.

Visionnez ces deux capsules d’experts :

Le comité de gouvernance par Richard Joly

________________________________________________

L’auditeur externe par Lily Adam

Responsabilités des administrateurs au Canada | Osler

Voici un excellent guide sur les responsabilités et les obligations des administrateurs de sociétés au Canada produit par Osler.

La version présentée ici est en anglais (la version française sera bientôt disponible).

Bonne lecture !

Directors’ Responsibilities in Canada : Osler

Le guide Responsabilités des administrateurs au Canada, issu de la collaboration entre Osler et l’Institut des administrateurs de sociétés, est un outil de référence de choix dont tous les administrateurs ont besoin pour comprendre les pratiques exemplaires en matière de gouvernance et pour s’acquitter de leurs responsabilités, dans le contexte actuel des tendances commerciales en constante évolution et des changements dans le marché.

Le guide couvre :

les devoirs et l’obligation de rendre compte des administrateurs, et le rôle des actionnaires

les questions de gouvernance, y compris les conflits d’intérêts des administrateurs, les lois sur les valeurs mobilières et les exigences des marchés boursiers

les obligations d’information des sociétés ouvertes

les questions de financement, de marchés des capitaux et d’offres publiques d’achat

les responsabilités imposées par la loi, y compris les opérations d’initiés, la législation sur l’environnement et les questions d’ordre fiscal

la responsabilité pour les infractions en vertu des lois sur les sociétés

la gestion du risque

Inscrivez-vous pour obtenir un exemplaire en cliquant sur le lien ci-dessous. Il vous sera envoyé par courriel dès sa publication.

Le rôle de l’audit interne dans la compréhension de la culture organisationnelle

Vous trouverez, ci-après, un document de l’Institut de l’audit interne (IIA) du Royaume-Uni (UK) partagé par Denis Lefort, expert conseil en gouvernance, audit interne et contrôle, qui porte sur le rôle de l’audit interne sur la culture organisationnelle.

Auditer la culture organisationnelle est une activité qui peut s’avérer complexe mais qui peut apporter néanmoins une grande valeur ajoutée. Le présent guide de l’IIA UK saura vous apporter un éclairage intéressant et utile à cet égard.

Le document de l’IIA est très intéressant car il expose clairement la problématique d’intervention de l’audit interne dans ce domaine, tout en agrémentant les actions à entreprendre de plusieurs exemples concrets d’intervention.

Bonne lecture !

Culture and the role of internal audit

Looking below the surface

The approach taken by IIA report on culture is reflected in the new (September 2014) FRC Corporate Governance Code, which says « One of the key roles for the board includes establishing the culture, values and ethics of the company. It is important that the board sets the correct ‘tone from the top’. »

The accompanying FRC guidance on risk management – exercising responsibilities says “The board should establish the tone for risk management and internal control and put in place appropriate systems to enable it to meet its responsibilities effectively”

“In deciding what arrangements are appropriate the board should consider, amongst other things:

The culture it wishes to embed in the company, and whether this has been achieved.

What assurance the board requires, and how this is to be obtained.”

How should internal audit support boards in giving assuarance on culture?

Foreword

Public trust in business has ebbed and flowed over recent years but a significant minority (circa 40%) of those questioned by Ipsos MORI believe companies are ‘not very’ or ‘not at all’ ethical in the way they behave. Responsibility and ownership for addressing this lies with those who sit in the boardroom. This is supported by regulators in the way that they now monitor and review the culture of organisations.

Internal audit is a unique function within an organisation with its independence and access to give assurance to those in the boardroom. This can provide confidence that there is a strong commitment to good conduct and that it is actually being translated into everyday behaviours, but also, more importantly, where it is not. To have this information allows the board an opportunity to mitigate the risk of integrity failure.

Leaders need to send a message and show by example that culture and values matter, demonstrating this by putting in place all the necessary measures. I believe this report will support boards and audit committees to help rebuild public trust by making the best use of internal audit as they develop their thinking around how to improve ethical conduct for the benefit of customers, employees, all other stakeholders and for business itself.

Philippa Foster Back CBE
Director
Institute of Business Ethics

L’audit interne au cœur d’une grande bataille !

Je partage avec vous un récent article que Denis Lefort, expert conseil en gouvernance et audit interne, m’a fait parvenir, accompagné de ses commentaires.

Cet article de Mike Jacka* est paru dans Internal Auditor Magazine. Toute personne préoccupée par l’importance de cette fonction devrait prendre connaissance de cette mise en garde.

« En lisant ce bref article, vous saisirez rapidement que son auteur est d’avis que l’audit interne et les autres fonctions d’assurance des organisations (gestion des risques, conformité, sécurité et autres) sont entrées dans une guerre de juridiction… Et que l’audit interne ne peut agir comme si elle était comme la Suisse, neutre et inattaquable…!!!

L’auteur est ainsi d’avis que l’audit interne doit préparer à la fois sa stratégie de défense et d’attaque pour contrer les coups durs présents et à venir… »

Bonne lecture !

Internal Audit Is in the Midst of a Great War

The Harvard Law School Forum on Corporate Governance and Financial Regulation recently posted an interesting piece titled « Compliance or Legal? The Board’s Duty to Assure Compliance. » I know it all sounds a little boring, but trust me on this one — there is interesting information here. Take some time to read through it before we dive in.

(One very quick, very important aside. I came across this article as a part of The IIA’s SmartBrief — a weekly « snapshot » of news and issues internal auditors might care about. To receive the newsletter you must « opt in. » I cannot urge you enough to opt in. No puffery here. Seldom does a week go by where I don’t find at least one nugget I can use. If you aren’t receiving it, you can opt in here.)

If you have been paying attention to the discussions that are going on regarding internal audit’s evolving role you were probably gobsmacked by the similarities between those discussions and what is being said in this article. Take the opening sentence: « A series of developments threaten to blur the important distinction between the corporation’s legal and compliance functions. » Make a few changes and you are talking about the dilemma internal audit is facing. « A series of developments threaten to blur the important distinction between the organization’s internal audit department and [insert your favorite assurance provider’s name here]. »

There it is in a nutshell, the crux of the battle currently being waged over the role of internal audit and others within the organization.

Wait, let’s back up a second. Did you miss that there is a war going on? Let’s take a quick look.

I have a good friend who is a CAE. In that role he is also in charge of risk management. We often talk about the potential conflict that exists with those dual roles. He is not alone. I have talked with other audit leaders who are being approached about audit taking on the role of risk. Not a bad fit. We are risk experts, we have the communication and relationship skills, and there should be a definite meshing of gears between audit and risk.

On the other hand, I have also heard from others who face the opposite issue; they are under pressure to have internal audit placed under the jurisdiction of the risk officer. « Wait a minute, » you say, « That is a very bad idea: a serious problem, a conflict of interests, a subversion of our objectivity, an invasion on our independence. » Our list of reasons why this shouldn’t happen is quite long.

When the shoe is on the other foot the bunions become just a tad more obvious.

And it is not just the risk function. While not as common, I am hearing similar discussions around such functions as compliance, corporate security, finance, quality assurance, and, yes, even legal. In some cases the discussion is around audit taking on part of the role; in others it is about audit becoming a part of the other function.

Why are we suddenly seeing this land grab?

Governance has become an important topic at the executive and board level. (Definitely a good thing.) Assurance providers (compliance, legal, risk, et al) realize the way to raise the esteem with which the board and executives hold them is to take on a greater piece of the governance pie. The pushing and shoving starts. Escalation ensues. And we find ourselves in the midst of a jurisdictional war.

And while internal audit would like to believe we are above the fray (we are independent, we are objective, we are internal audit, hear us roar), unless we recognize the existence of this war — unless we are willing to take up arms and join in the fray — we will find ourselves trivialized, the core values we provide handed off to the victors.

We think we are Switzerland. But there is no such thing as neutrality in this battle.

So, with that background, let’s return to the article previously referenced. The contents provide a good indication of the type of arguments internal audit will encounter. Two examples:

The author states that a forced separation of compliance from under legal would jeopardize the ability of the organization to preserve attorney-client privilege. Cold chills went up my spine as I read this. I still vividly recall similar debates from 20 years ago when the legal department argued they should have more direct control over internal audit in order to preserve attorney-client privilege. We won. But it is obvious that the ugly head of that particular argument continues to rise again and again.

The article quotes compliance thought leaders as saying that the role of « guardian of corporate reputation » is exclusively reserved for the corporate compliance officer; that the compliance officer is the organizational « subject matter expert » for ethics and culture. The author of the article states that this is « contrary to long standing public discourse that frames the lawyer’s role as a primary guardian of the organizational reputation. » My first, knee-jerk reaction is that internal audit should be the guardian of reputation and the subject matter expert. But once I put my knee back where it belongs, I realize it is probably more true that the attempt to define any one department as guardian or expert is a fool’s game. Everyone with any governance role should have the protection of reputation, ethics, and culture as their No. 1 responsibility.

There is much more in the article and many more thoughtful and reasoned arguments. And it would be quite easy to say « Let them duke it out. Their arguments are not important to us. » However, that is exactly why we should be paying attention. The article contains the points that will be used in the battle — points to be used against us and points we can use in our defense.

We are in a war. And audit cannot sit back and say, « We have independence; we are safe and above the fray. » No. They will have an eye on our « turf, » also. And who’s to say that some of their turf shouldn’t be ours. I’m not saying we break out the bayonets and start going after some of the unwounded, but I am saying we have to recognize the existence of a battle and be willing to take a stand — be willing to say what it is we do, why it is important, and why we should have those responsibilities.

What are your thoughts? What is internal audit’s role regarding the organization’s approach to risk, governance, compliance, legal, etc.? If we are more involved, is there a conflict? If the lines blur, does it have a negative impact on the company? Is there really a war brewing? And what might this have to do with the future (if there is going to be a future) of internal audit?

_____________________________________

*Mike Jacka, CIA, CPA, CPCU, CLU, worked in internal audit for nearly 30 years at Farmers Insurance Group.

Deux capsules vidéos en gouvernance – Les médias sociaux et la planification stratégique

Le Collège des administrateurs de sociétés est heureux de vous dévoiler sa 3e série de capsules d’experts, formée de huit entrevues vidéos. Pendant 3 minutes, un expert du Collège partage une réflexion et se prononce sur un sujet d’actualité lié à la gouvernance. Une capsule sera dévoilée chaque semaine.

Deux nouvelles « capsules d’experts » sont maintenant en ligne; elles ont pour thèmes « Les médias sociaux » par M. Sylvain Lafrance, ASC, professeur au HEC Montréal et consultant en communications et « La planification stratégique » par M. Dominic Deneault, ASC , Trebora Conseil.

Visionnez ces deux capsules d’experts :

Les médias sociaux, par Sylvain Lafrance, ASC

_____________________________________

La planification stratégique, par Dominic Deneault

Dix pratiques exemplaires à l’intention des membres de comités d’audit

Vous trouverez ci-dessous un article publié par Naomi Snyder* dans BankDirector.com qui présente une synthèse des caractéristiques des comités d’audit performants dans le domaine bancaire.

Bien sûr, ces pratiques peuvent aussi s’appliquer à tout autre comité d’audit. Bonne lecture !

10 Best Practices for Audit Committee Members

Serving on the audit committee can be one of the toughest jobs on the board, which is why audit committee members often are paid more than what members of other committees receive. Audit committee members have more duties than ever before, thanks to heightened regulatory scrutiny that banks have received in recent years, and are under more pressure than ever to get it right.

Sal Inserra, a partner at accounting and advisory firm Crowe Horwath LLP, spoke at Bank Director’s Bank Audit Committee Conference in Chicago recently, and laid out some of the qualities of highly functioning audit committee members. This is not his list, but was created based on his talk.

Be a skeptic.
“If you notice inconsistencies, ask the question,’’ Inserra said. “It’s not necessarily wrong. You are just trying to find out.”

Understand your business.
If you enter a new business line, you must understand that new line of business. Trust departments present banks with a minefield of compliance issues, for example.

Meet with regulators.
Examiners are more likely now to have a discussion with board members than years past. Regulators are interested in learning about the audit committee’s understanding of the risks in the organization. Attend some meetings with examiners to get a flavor for the bank’s relationship with its regulators and to prepare you for any problems ahead of time.

Support the internal audit department and its findings.
Make sure the department is adequately funded and staffed. “I have seen way too many situations where internal audit was not a functional unit of the bank because no one respected them,’’ Inserra said. The internal audit chief should report directly to the audit committee chairman.

Look for red flags.
Red flags include when management delivers the audit committee book without sufficient time for members to digest it before the audit committee meetings. Other red flags include problematic findings that remain unaddressed between audits.

Take control of the audit committee meetings.
Don’t let management control the meeting agenda by burying you under a mountain of detail. It’s your meeting. Put the priorities at the beginning of the meeting, instead of starting with the easiest things. Get summaries of reports with the most important points highlighted. Who can read a 600 page audit in two nights?

Make sure every member is contributing.
Three to six people should serve on the audit committee. If it’s politically problematic to remove someone who is no longer contributing, add people you do need on the audit committee.

Hold management accountable.
Actively monitor management’s action plans. If remediation plans aren’t followed or completed on time, why not?

Communicate with internal and external auditors.
Be proactive. Have executive sessions with members of the internal auditing staff on a regular basis, as well as with external auditors.

Improve the committee’s knowledge of technology by recruiting an IT expert to be a member, or hire a consultant to advise the board.
If you are getting third party reports on your bank’s information security you don’t fully understand, then you need help.

Of course, there are many more aspects of being a great audit committee member. This is just a small sample. But at a time when audit committees have an increasing amount of responsibilities, it is important that the audit committee performs at the top of its game.

______________________________________________

*Naomi Snyder is the managing editor for Bank Director, an information resource for directors and officers of financial companies.

Pour une supervision efficace de la fonction audit interne | PwC

Vous trouverez ci-dessous un document de référence publié par PwC et paru dans la série Audit Committee Excellence. Ce document, partagé par Denis Lefort, CPA, CIA, CRMA, expert-conseil en Gouvernance, audit et contrôle, apporte des réponses très complètes à plusieurs questions que les membres de conseils d’administration se posent eu égard au rôle de la fonction audit interne dans l’organisation.

1. Pourquoi la surveillance de l’audit interne est-elle critique pour les comités d’audit ?

2. Quel est le rôle des administrateurs dans l’optimisation des activités de l’audit interne ?

3. Comment aider l’audit interne à mieux définir sa mission ?

4. Quelles sont les lignes d’autorité et les besoins en ressources de cette activité ?

5. Quel est le processus de révision des résultats de l’audit interne ?

6. Que faire si votre entreprise ne possède pas une fonction d’audit interne ?

Ce document sera donc très utile à tout administrateur soucieux de parfaire ses connaissances sur le rôle très important qu’un service d’audit interne peut jouer.

Voici une introduction au rapport de PwC . Bonne lecture ! Vos commentaires sont les bienvenus.

Effective oversight of the internal audit function | PwC

The audit committee’s role is not getting any easier, but an audit committee has a lot of resources in its arsenal to help meet today’s high expectations. One of these tools is the internal audit function. Directors can, and should, focus on maximizing the value proposition of this group to ensure their own success.

A lot goes on in companies — and a lot can go wrong, even when you have good people and thoughtfully designed processes. That’s why so many audit committees look to internal audit as their eyes and ears — a way to check whether things are working as they should. Some companies staff the function internally, while others choose to outsource some or all of the role. Some do not have an internal audit function at all.

For many audit committees, overseeing internal audit isn’t just the right thing to do, it’s a requirement. At NYSE companies, audit committees have to oversee internal audit’s performance and periodically meet in private sessions. NASDAQ is currently considering whether to require its listed companies to have an internal audit function and what role audit committees should play.

Whether a required function or not, we believe it’s critical that audit committees focus on internal audit. Why? PwC’s 2014 State of the internal audit profession study found that about one-third of board members believe internal audit adds less than significant value to the company, and only 64% of directors believe internal audit is performing well at delivering expectations. Even Chief Audit Executives (CAEs) are critical of their functions’ performance, with just two-thirds saying it’s performing well.

Le point de vue de Mary Jo White, PDG de la SEC, sur les responsabilités des administrateurs de sociétés

Aujourd’hui, je vous présente les grandes lignes de l’allocution que Mary Jo White, présidente de la US Securities and Exchange Commission (SEC), a exposé devant les membres du Stanford Directors’ College, le 23 juin 2014.

Après avoir brièvement décrit la structure et les fonctions de la SEC, Mme White a choisi d’aborder trois thèmes très importants pour les administrateurs de sociétés :

(1) Le rôle crucial que les administrateurs de sociétés jouent en tant que gardiens des intérêts des actionnaires;

(2) La divulgation des malversations et la coopération avec les investigations de la SEC;

(3) La description du programme de dénonciation (whistleblower) de la SEC, son fonctionnement et ses relations avec le programme de conformité et de contrôle interne de la firme.

Dans ce billet, je présente le point de vue de la SEC eu égard aux rôles fondamentaux que les administrateurs jouent dans la gouvernance des entreprises. Je crois, que comme moi, vous serez intéressé de savoir ce que pense la présidente du plus puissant organisme de surveillance et de régulation des marchés des capitaux au monde. Bonne lecture !

A Few Things Directors Should Know About the SEC

Directors Are Essential Gatekeepers

Those of you who are directors play a critically important role in overseeing what your company is doing, and by preventing, detecting, and stopping violations of the federal securities laws at your companies, and responding to any problems that do occur. In other words, you are the essential gatekeepers upon whom your investors and, frankly, the SEC rely. We see you as our partners in the effort to ensure that investors in our capital markets can invest with confidence and, hopefully, success.

At the SEC, we typically use the term “gatekeeper” to refer to auditors, lawyers, and others who have professional obligations to spot and prevent potential misconduct. And while there are certainly other gatekeepers who may be closer to some of the action or more familiar with the details of a transaction or a disclosure document, a company’s directors serve as its most important gatekeepers. For by law, it is ultimately the fiduciary responsibility of the board of directors to oversee the business and affairs of a company.

Seal of the U.S. Securities and Exchange Commission. (Photo credit: Wikipedia)

In discharging this important responsibility, it is essential for directors to establish expectations for senior management and the company as a whole, and exercise appropriate oversight to ensure that those expectations are met. It is up to directors, along with senior management under the purview of the board, to set the all-important “tone at the top” for the entire company.

Ensuring the right “tone at the top” for a company is a critical responsibility for each director and the board collectively. Setting the standard in the boardroom that good corporate governance and rigorous compliance are essential goes a long way in engendering a strong corporate culture throughout an organization.

How directors can most effectively instill a strong corporate culture and how challenging it is to do so will vary from company to company. CEOs come with a range of experiences and perspectives. Many, including some here in Silicon Valley, are, at heart, innovators whose day job has come to include being the business leader of a public company. As board members, one of the most important duties you have is to select the right CEO for your company and to ensure that he or she “gets it,” in terms of understanding the importance of tone at the top and a strong corporate culture. Deficient corporate cultures are often the cause of the most egregious securities law violations, and directors, both directly and through the oversight of senior management, play a key role in shaping the prevailing attitude and behaviors within a company.

As a former director and member of an audit committee of a public company, I know the heavy responsibilities you bear and the time-consuming work that is required of you. The best advice I can give for being an effective director is to learn and be engaged. As directors, you must understand your company’s business model and the associated risks, its financial condition, its industry and its competitors. You must pay attention to what senior managers say, but also listen for the things they are not saying. You have to know what is going on in your company’s industry, but also the broader market. You need to know what your company’s competitors are doing and what your shareholders are thinking.

At the risk of hearing a collective groan in response, I would also urge you to consider another outside view that would also be useful to you as a director—the view of your regulators. Listen to what they say publicly is important to them, what is problematic to them. Talk to them. Perhaps visit them. I know of an audit committee chair who visits all of his company’s major regulators once a year, including the international regulators. You may get an earful from time-to-time, but it will be invaluable input for you as a director.

To state the obvious, you must ask the difficult questions, particularly if you see something suspicious or problematic, or, simply, when you do not understand. You should never hesitate to ask more questions, and, always, insist on answers when questions arise. It also goes without saying that you should never ignore red flags. It is your job to be knowledgeable about issues, to be vigilant in protecting against wrongdoing, and to tackle difficult issues head on.

Chair Mary Jo White (Photo credit: Securities and Exchange Commission)

Of course, it is always important for you to know what your shareholders—the owners of your company—are thinking. As most boards today recognize, an open and constructive dialogue with shareholders is not only the right thing to do, but also very helpful in providing perspective on the challenges a company is facing. Many institutional shareholders have unique insights on industry dynamics, competitive challenges and how macroeconomic events are shaping the environment for your company. But it is important not to forget about your other shareholders. There is real value in listening to their views and their voice, as well.

Look thoughtfully at the proposals shareholders are submitting to your company. Ask your management team about them and about the proposals that other companies are receiving that could be relevant to your company. Look at the voting results at shareholder meetings—the percentage of votes for a shareholder– supported resolution or against a management–supported resolution are important, irrespective of whether the resolution is approved, or not.

Ethics and honesty can become core corporate values when directors and senior executives embrace them. This includes establishing strong corporate compliance programs focused on regular training of employees, effective and accessible codes of conduct, and procedures that ensure complaints are thoroughly and fairly investigated. And, it must be obvious to all in your organization that the board and senior management highly value and respect the company’s legal and compliance functions. Creating a robust compliance culture also means rewarding employees who do the right thing and ensuring that no one at the company is considered above the law. Ignoring the misconduct of a high performer or a key executive will not cut it. Compliance simply must be an enterprise-wide effort.

Obama: ‘You don’t want to mess with Mary Jo.’ Here’s why.

Bien comprendre les droits et responsabilités des actionnaires de sociétés !

Ci-dessous, l’extrait d’un article très simple sur les devoirs attendus de la part des actionnaires. Si vous avez décidé d’investir dans une entreprise, vous possédez une part de la propriété de celle-ci !

Il est donc important de lire la documentation fournie par le conseil d’administration et par la direction de l’entreprise afin de vous former une opinion sur sa gouvernance, et vous devriez vous faire un devoir d’exercer vos droits de votes.

L’article récemment publié par The Canadian Press saura-t-il éveiller chez vous le sens de la responsabilité de l’actionnaire ? En ce qui me concerne, j’ai décidé, il y a quelques années, de me faire un devoir de lire les documents préparatoires à l’AGA et de voter, par la poste, sur les items de l’ordre du jour qui sollicitent l’assentiment des actionnaires.

Understand your rights as a shareholder: experts – Business – The Telegram

Documents sent to shareholders ahead of the meeting can include the management proxy circular, annual information form and the company’s annual report. The information form and annual report give the financial statements and an update by management on the business and the direction for the company — both key documents for shareholders.

Walmart Shareholders’ Meeting 2011 (Photo credit: Walmart Corporate)

The proxy circular includes information related to the annual meeting, including the nominees for the board of directors and the appointment of the auditors. It can also include shareholder proposals or major changes at the company that require shareholder approval.

Eleanor Farrell, director of the Office of the Investor at the Ontario Securities Commission, says shareholders have the right to vote on matters that affect the company, including the election of the board of directors. “That is a very important governance piece for the company,” Farrell says.

“The board is the one that approves the strategic plan. It sets the direction of the company. They appoint the CEO, they evaluate the CEO and they also approve the compensation plan.” Farrell says if shareholders don’t approve of a nominated director they can withhold their vote and, at most large companies, if a majority of the votes cast withhold a vote for a particular director, that director would be forced to step aside.

“Shareholders in the last few years have certainly become and gotten a lot more powerful and a lot more powers, I would say,” Farrell said. “Corporate governance has been a very big concern for institutional investors, certainly, and companies are much more concerned about corporate governance.”

The information circulars also include detailed descriptions about how much the company’s directors receive in compensation and what the senior executives are paid in salary, shares or options, as well as the size of their bonuses and the value of any other perks. The circular will also include how the board arrived at that compensation as well as comparisons with previous years. Certain provisions, such as how much a chief executive will receive if the company is taken over or if they are let go, are also often included.

Modèle de supervision du management | Lignes de défense des parties prenantes

Vous trouverez ci-dessous un document de réflexion publié par Sean Lyon* et paru dans la série Executive Action du Conference Board. Ce document partagé et commenté par Denis Lefort, CPA, CA, CIA, CRMA, fait référence à cinq (5) lignes de défense interne, soit les opérations, les fonctions de surveillance tactiques comme la gestion des risques et la conformité, les fonctions d’assurance indépendante que sont le comité d’audit, l’audit interne et les autres sous-comités du conseil, et, enfin, la direction et le conseil d’administration.

Quatre lignes de défense externe sont aussi proposées, soit: les auditeurs externes, les actionnaires, les agences de notations et les organismes de réglementation.

Le modèle des 5 lignes de défense est aussi comparé au modèle traditionnel des trois lignes de défense.

Finalement, l’auteur insiste sur l’importance pour l’ensemble des lignes de défense d’agir de façon concertée, voire intégrée, pour assurer le succès global des interventions des uns et des autres pour le bénéfice de l’organisation.

Voici un extrait du document. Bonne lecture !

Corporate Oversight and Stakeholder Lines of Defense

Corporate stakeholder responsibility should take intoaccount various stakeholder groups, including shareholders, employees, customers, suppliers, special interest groups,

communities, regulators, politicians, and, ultimately, society. Consequently, a comprehensive corporate oversight framework should be multi-faceted to safeguard the diverse interests and varied expectations of all stakeholders. Increasingly, stakeholders are demanding oversight that safeguards a multitude of their interests, be they financial, economic, social, or environmental. Such an inclusive approach should include an appreciation of the symbiotic relationship that exists between business, society, and nature.

Michael Oxley , U.S. Senator from Maryland. (Photo credit: Wikipedia)

Organizations should understand the complexity of this interconnectedness to fulfill their social responsibilities. A holistic focus that includes the various lines of defense approach helps provide different stakeholders with the comfort that their interests are safeguarded, if implemented appropriately. A lines-of-defense framework provides stakeholders with a comprehensive system of “checks and balances.”

The existence of such an integrated framework means that stakeholders can reasonably rely on it to ensure that the organization is fulfilling its fiduciary duties, legal obligations, and moral responsibilities, while creating durable value and sustainable economic performance in the process. For this approach to operate effectively, however, each line of defense must play its part both individually and collectively—fulfilling its oversight duties within a holistic framework.

Accordingly, each line of defense collaborates with and challenges the other (complimentary yet antagonistic) lines of defense, as it acts in its own enlightened self-interest. Enhanced cooperation and communication between these lines of defense should be facilitated by better interaction between stakeholders through regular dialogue which is based on mutual understanding of the organization’s objectives. This, however, must be achieved without allowing respective responsibilities or accountabilities to become blurred in the process.

To strengthen corporate defense capabilities, organizations should consider fortifying the second line of defense, which provides the critical link between operational line management and executive management. For many organizations, this is still perhaps the weakest link in the chain. Unfortunately, in many organizations, the defense activities at this layer are operating in a silo; they are not in alignment with other lines, but rather, operate in isolation, with little or no interaction, sharing of information, or collaboration. The activities of an effective second line of defense must be managed in a coordinated and integrated manner.

Each of the other lines of defense requires differing degrees of fortification, but this perhaps has as much to do with best practices rather than any radical makeover. The goal is to reach a more effective balance between the spirit of guidelines based on principle and the interpretation of guidelines that are legal or more prescriptive.

____________________________________

* Sean Lyons is the principal of Risk Intelligence Security Control (R.I.S.C.) International (Ireland) and a recognized corporate defense strategist. He is published internationally and has lectured and spoken at seminars and conferences in both Europe and North America. His contributions have been acknowledged in the Walker Review ofCorporate Governance in UK Banks and Other Financial Institutions, the Financial Reporting Council (FRC)’s Review of the Effectiveness of theCombined Code and the International Corporate Governance Network (ICGN)’s ICGN Corporate Risk Oversight Guidelines. In 2010 Sean was shortlisted as a finalist in the GRC MVP 2009 Awards organized by US based GRC Group (SOX Institute) co-chaired by Senator Paul Sarbanes and Congressman Michael Oxley.

Articles d’intérêt :

Document de référence sur les bonnes pratiques de constitution d’un Board | The Directors Toolkit *

Voici un document australien de KPMG, très bien conçu, qui répond clairement aux questions que tous les administrateurs de sociétés se posent dans le cours de leurs mandats.

Même si la publication est dédiée à l’auditoire australien de KPMG, je crois que la réalité règlementaire nord-américaine est trop semblable pour se priver d’un bon « kit » d’outils qui peut aider à constituer un Board efficace. C’est un formidable document électronique de 130 pages, donc long à télécharger. Voyez la table des matières ci-dessous.

J’ai demandé à KPMG de me procurer une version française du même document mais il ne semble pas en exister. Bonne lecture en ce début d’été 2014.

The Directors Toolkit

Our business environment provides an ever-changing spectrum of risks and opportunities. The role of the director continues to be shaped by a multitude of forces including economic uncertainty, larger and more complex organisations, the increasing pace of technological innovation and digitisation along with a more rigorous regulatory environment.

At the same time there is more onus on directors to operate transparently and be more accountable for their actions and decisions.

To support directors in their challenging role KPMG has created The Directors’ Toolkit. This guide, in a user-friendly electronic format, empowers directors to more effectively discharge their duties and responsibilities while improving board performance and decision-making.

Key topics :

Duties and responsibilities of a director

Oversight of strategy and governance

Managing shareholder and stakeholder expectations

Structuring an effective board and sub-committees

Enabling key executive appointments

Managing productive meetings

Better practice terms of reference, charters and agendas

Establishing new boar

______________________________________

* En reprise

Article relié :

Les dix (10) plus importantes activités pour une gouvernance efficace *

Vous trouverez ci-dessous un checklist qui vous sera utile pour effectuer une révision de vos processus de gouvernance.

Bonne lecture. Vos commentaires sont les bienvenus.

Top Ten Steps to Improving Corporate Governance :

1.      Recognise that good governance is not just about compliance

Boards need to balance conformance (i.e. compliance with legislation, regulation and codes of practice) with performance aspects of the board’s work (i.e. improving the performance of the organisation through strategy formulation and policy making). As a part of this process, a board needs to elaborate its position and understanding of the major functions it performs as opposed to those performed by management. These specifics will vary from board to board. Knowing the role of the board and who does what in relation to governance goes a long way towards maintaining a good relationship between the board and management.

2.      Clarify the board’s role in strategy

It is generally accepted today that the board has a significant role to play in the formulation and adoption of the organisation’s strategic direction. The extent of the board’s contribution to strategy will range from approval at one end to development at the other. Each board must determine what role is appropriate for it to undertake and clarify this understanding with management.

3.      Monitor organisational performance

Monitoring organisational performance is an essential board function and ensuring legal compliance is a major aspect of the board’s monitoring role. It ensures that corporate decision making is consistent with the strategy of the organisation and with owners’ expectations. This is best done by identifying the organisation’s key performance drivers and establishing appropriate measures for determining success. As a board, the directors should establish an agreed format for the reports they monitor to ensure that all matters that should be reported are in fact reported.

4.      Understand that the board employs the CEO

In most cases, one of the major functions of the board is to appoint, review, work through, and replace (when necessary), the CEO. The board/CEO relationship is crucial to effective corporate governance because it is the link between the board’s role in determining the organisation’s strategic direction and management’s role in achieving corporate objectives.

5.      Recognise that the governance of risk is a board responsibility

Establishing a sound system of risk oversight and management and internal control is another fundamental role of the board. Effective risk management supports better decision making because it develops a deeper insight into the risk-reward trade-offs that all organisations face.

6.      Ensure the directors have the information they need

Better information means better decisions. Regular board papers will provide directors with information that the CEO or management team has decided they need. But directors do not all have the same informational requirements, since they differ in their knowledge, skills, and experience. Briefings, presentations, site visits, individual director development programs, and so on can all provide directors with additional information. Above all, directors need to be able to find answers to the questions they have, so an access to independent professional advice policy is recommended.

7.      Build and maintain an effective governance infrastructure

Since the board is ultimately responsible for all the actions and decisions of an organisation, it will need to have in place specific policies to guide organisational behaviour. To ensure that the line of responsibility between board and management is clearly delineated, it is particularly important for the board to develop policies in relation to delegations. Also, under this topic are processes and procedures. Poor internal processes and procedures can lead to inadequate access to information, poor communication and uninformed decision making, resulting in a high level of dissatisfaction among directors. Enhancements to board meeting processes, meeting agendas, board papers and the board’s committee structure can often make the difference between a mediocre board and a high performing board.

8.      Appoint a competent chairperson

Research has shown that board structure and formal governance regulations are less important in preventing governance breaches and corporate wrongdoing than the culture and trust created by the chairperson. As the “leader” of the board, the chairperson should demonstrate strong and acknowledged leadership ability, the ability to establish a sound relationship with the CEO, and have the capacity to conduct meetings and lead group decision-making processes.

9.      Build a skills-based board

What is important for a board is that it has a good understanding of what skills it has and those skills it requires. Where possible, a board should seek to ensure that its members represent an appropriate balance between directors with experience and knowledge of the organisation and directors with specialist expertise or fresh perspective. Directors should also be considered on the additional qualities they possess, their “behavioural competencies”, as these qualities will influence the relationships around the boardroom table, between the board and management, and between directors and key stakeholders.

10.     Evaluate board and director performance and pursue opportunities for improvement

Boards must be aware of their own strengths and weaknesses, if they are to govern effectively. Board effectiveness can only be gauged if the board regularly assesses its own performance and that of individual directors. Improvements to come from a board and director evaluation can include areas as diverse as board processes, director skills, competencies and motivation, or even boardroom relationships. It is critical that any agreed actions that come out of an evaluation are implemented and monitored. Boards should consider addressing weaknesses uncovered in board evaluations through director development programs and enhancing their governance processes.

Voir le site www.effectivegovernance.com.au

________________________________________

* En reprise

Le rôle de l’audit interne dans l’identification des risques émergents *

Denis Lefort, CPA, expert-conseil en Gouvernance, audit et contrôle, porte à ma connaissance un document de la firme Thomson Reuters (White Paper) très intéressant sur le rôle de l’audit interne dans l’identification des risques émergents.

EYE ON THE HORIZON : INTERNAL AUDIT’S ROLE IN IDENTIFYING EMERGING RISKS

Key elements of emerging risks

Reinsurance company Swiss Re defines emerging risks as “newly developing or changing risks which are difficult to quantify and which may have a major impact on the organisation.” This identifies their key elements.

Emerging risks may be entirely new, such as those posed by social media or technological innovation. Or they may come from existing risks that evolve or escalate – for example, the way counterparty credit risk or liquidity risk sky-rocketed during the 2008 financial crisis.

Newly developing risks lack precedent or history, and their precise form may not be immediately clear, which makes them difficult to measure or model. Changing risks are at least familiar in their shape and nature, although the rate of transformation and intensity can make them hard to quantify.

The final key element of emerging risks is their potential impact. New or changing risks can be as menacing as those the organisation deals with on a daily basis, and sometimes even more so. To give just one example, the way in which the music business failed to address the implications of digital downloads allowed a complete outsider, the computer company Apple, to step in and define and dominate the new market.

Emerging risks also threaten through their apparent remoteness or their obscurity. US Secretary of State Donald Rumsfeld distinguished between things we know we do not know (‘known unknowns’), and things we do not know we do not know (‘unknown unknowns’). In the first category are risks whose shape might be familiar, but where we do not necessarily understand all of their elements – causes, potential impact, probability or timing. Unknown unknowns are events that are so out of left field or seemingly farfetchedthat it takes great insight or a leap of the imagination to even articulate them. These include the ‘black swan’ events highlighted by the investor-philosopher Nassim Nicholas Taleb, where the human tendency is to dismiss them as improbable beforehand, then rationalise them after they occur. The 9/11 terrorist attack, or the financial crash of 2008, or the invention of the internet show that not only do black swan events happen, but they do so more frequently than is generally recognised, and they have an historically significant impact (and not always negative).

Many emerging risks are characterised by their global nature, their scale or their longer-term horizon – climate change is an example that displays all of these elements. In other cases, it is less the individual events themselves, some of which may be relatively moderate or manageable on their own, as the conflation of circumstances that creates a ‘perfect storm’.

Vous pouvez aussi consulter l’enquête de Thomson Reuters Accelus Survey on Internal Audit dont nous avons parlé dans notre billet du 7 juin.

New duties on horizon for internal auditors

“The clear message from the survey is that internal audit functions need to stop thinking about themselves as compliance specialists and start taking on a much larger, more strategic role within the organization,” Ernst & Young LLP internal audit leader Brian Schwartz said in a news release. “IA is increasingly being asked by senior management and the board to provide broader business insights and better anticipate traditional and emerging risks, even as they maintain their focus on non-negotiable compliance activities.”

New risks

As strategic opportunities emerge, internal auditors also are adjusting to new compliance duties, according to the survey. Globalization has resulted in increased revenue from emerging markets for many companies, so new regulatory, cultural, tax, and talent risks are emerging.

Thomson Reuters Messenger (Photo credit: Wikipedia)

Internal audit will play a more prominent role in evaluating these risks, according to the survey report. Although slightly more than one-fourth (27%) of respondents are heavily involved in identifying, assessing, and monitoring emerging risks now, 54% expect to be heavily involved in the next two years.

The biggest primary risks that respondents said their organizations are tracking are:

Economic stability (54%).

Cybersecurity (52%).

Major shifts in technology (48%).

Strategic transactions in global locations (44%).

Data privacy regulations (39%).

Survey respondents said the skills most often found to be lacking in internal audit functions are:

Data analytics;

Business strategy;

Deep industry experience;

Risk management; and

Fraud prevention and detection.

“As corporate leaders demand a greater measure of strategy and insight from their internal audit functions, CAEs will need to move quickly to close competency gaps and ensure that they have the right people in the right place, at the right time.” Schwartz said. “If they fail to meet organizational expectations, they risk being left behind or consigned to more transactional compliance activities.”

__________________________________________

* En reprise

Keeping Internal Auditors Up to the Challenge (forbes.com)

Internal Audit Has To STOP Focusing On Internal Controls (business2community.com)

Changement important dans la relation auditeur externe/interne | Financial Reporting Council (FRC) (jacquesgrisegouvernance.com)

Useful Internal Auditing in 4 Easy Steps (isocertificationaustralia.com)

Thomson Reuters Develops Accelus Governance, Risk and Compliance Platform (risk-technology.typepad.com)

Énoncés de principes de bonne gouvernance 2012 | Business Roundtable *

Voici un document publié par l’organisation américaire Business Roundtable qui est la plus importante association de PCD (CEO) aux É.U. et qui regroupe les plus grandes sociétés avec un total de $6 trillion en revenus annuels et plus de 12 million d’employés. Ce document présente le point de vue des hauts dirigeants de ces sociétés sur les pratiques de bonne gouvernance. Le rapport est représentatif de ce que les membres pensent que devraient être les pratiques exemplaires en matière de gouvernance. C’est une lecture vraiment très pertinente.

Principles of Corporate Governance – 2012

« Business Roundtable supports the following guiding principles:

First, the paramount duty of the board of directors of a public corporation is to select a chief executive officer and to oversee the CEO and senior management in the competent and ethical operation of the corporation on a day-to-day basis.

Second, it is the responsibility of management, under the oversight of the board, to operate the corporation in an effective and ethical manner to produce long-term value for shareholders. The board of directors, the CEO and senior management should set a “tone at the top” that establishes a culture of legal compliance and integrity. Directors and management should never put personal interests ahead of or in conflict with the interests of the corporation.

Third, it is the responsibility of management, under the oversight of the board, to develop and implement the corporation’s strategic plans, and to identify, evaluate and manage the risks inherent in the corporation’s strategy. The board of directors should understand the corporation’s strategic plans, the associated risks, and the steps that management is taking to monitor and manage those risks. The board and senior management should agree on the appropriate risk profile for the corporation, and they should be comfortable that the strategic plans are consistent with that risk profile.

Fourth, it is the responsibility of management, under the oversight of the audit committee and the board, to produce financial statements that fairly present the financial condition and results of operations of the corporation and to make the timely disclosures investors need to assess the financial and business soundness and risks of the corporation.

Fifth, it is the responsibility of the board, through its audit committee, to engage an independent accounting firm to audit the financial statements prepared by management and issue an opinion that those statements are fairly stated in accordance with Generally Accepted Accounting Principles, as well as to oversee the corporation’s relationship with the outside auditor.

Sixth, it is the responsibility of the board, through its corporate governance committee, to play a leadership role in shaping the corporate governance of the corporation and the composition and leadership of the board. The corporate governance committee should regularly assess the backgrounds, skills and experience of the board and its members and engage in succession planning for the board.

Seventh, it is the responsibility of the board, through its compensation committee, to adopt and oversee the implementation of compensation policies, establish goals for performance-based compensation, and determine the compensation of the CEO and senior management. Compensation policies and goals should be aligned with the corporation’s long-term strategy, and they should create incentives to innovate and produce long-term value for shareholders without excessive risk. These policies and the resulting compensation should be communicated clearly to shareholders.

Eighth, it is the responsibility of the corporation to engage with longterm shareholders in a meaningful way on issues and concerns that are of widespread interest to long-term shareholders, with appropriate involvement from the board of directors and management.

Ninth, it is the responsibility of the corporation to deal with its employees, customers, suppliers and other constituencies in a fair and equitable manner and to exemplify the highest standards of corporate citizenship.

These responsibilities and others are critical to the functioning of the modern public corporation and the integrity of the public markets. No law or regulation can be a substitute for the voluntary adherence to these principles by corporate directors and management in a manner that fits the needs of their individual corporations ».

___________________________

* En reprise

Articles reliés au sujet :

Related articles

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Related articles

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Looking below the surface

Foreword

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Article sur Mary Jo White :

Partagez (share) ce post

Related articles

Partagez (share) ce post

Partagez (share) ce post

Related articles

Partagez (share) ce post

Partagez (share) ce post

Articles récents sur l’audit interne :

Partagez (share) ce post

Partagez (share) ce post