Le rôle du secrétaire général d’une société


Plusieurs personnes se questionnent sur le rôle d’un secrétaire général (corporatif) dans la gouvernance des entreprises.

Simon Osborne, directeur général de l’ICSA (Institute of Chartered Secretaries and Administrators), explique en quoi les tâches des secrétaires corporatifs sont importantes pour tous les types d’organisations, même quand celles-ci sont de petites tailles. Le secrétaire a essentiellement un rôle-conseil auprès des administrateurs et du président du conseil.

Même si les PME n’ont pas l’obligation d’avoir un secrétaire à leur service, Osborne souligne les nombreux avantages pour celles-ci d’embaucher une personne qui fera le lien entre la gouvernance du conseil et la direction de l’entreprise.

Quelles sont les qualifications des personnes qui occupent de telles fonctions ? L’extrait ci-dessous résume assez bien leurs profils.

There is a qualification standard in the 2006 Companies Act and that includes barristers, solicitors, someone from a regulated accountancy body or, if you’re from Scotland, an advocate. Ideally, the individual will be a chartered secretary. A business should appoint someone with emotional intelligence and the ability to form good working relationships – the person needs to be able to negotiate, listen and influence. It’s not a role for prima donnas. They need resilience and fortitude because the pressures under which they will work are significant. Choose someone with the ability to give wise advice without upsetting people.

L’article présente également une petite vidéo sur le rôle du secrétaire d’entreprise.

Que pensez-vous de l’importance de cette fonction trop souvent mal comprise, ou carrément négligée ?

Bonne lecture !

The company secretary

 

Private businesses don’t have a legal duty to appoint a company secretary, yet many astute firms still fill the position. Simon Osborne, chief executive of qualifying body ICSA, explains why the job is crucial to companies of all sizes

Following the Companies Act 2006, private businesses are no longer legally required to employ a company secretary, but with British firms facing ongoing regulatory change and corporate governance pressures, many still fill the role.

Following the Companies Act 2006, private businesses are no longer legally required to employ a company secretary, but with British firms facing ongoing regulatory change and corporate governance pressures, many still fill the role.

This, says Simon Osborne, chief executive of the Institute of Chartered Secretaries and Administrators (ICSA), is because the burden of duties that was previously undertaken by a company secretary has not eased: “Private companies that have abolished the role have suffered the loss of an independent thinker – someone with a sharp focus on the way the company does business,” he says.

Osborne has spent more than two decades as a company secretary for public and private businesses. He took over the helm of ICSA, which has 33,000 members across 72 countries, in 2011. Here, he explains what the role of company secretary entails – and why it can be vital to small businesses…

 

Résultats de recherche d'images pour « corporate secretary job description »

 

Director What does the role of the company secretary involve?

The company secretary is an adviser to the chair and the board on a company’s values, purpose, and governance framework. It involves strategic thinking around why and how the company is doing business and the compliance procedures needed to ensure it operates in accordance with its values. Duties include maintaining company registers, ensuring filings are made promptly and on time with Companies House, keeping the minutes of board and committee meetings, and ensuring director service contracts are up to date. But a company secretary can also be involved with HR, pensions, risk management and insurance.

Why do some private companies still employ a company secretary even though there is no longer a legal requirement? And who does the burden fall on if a firm doesn’t have one?

The burden falls on the directors. Despite the requirement being abolished for private businesses [it still exists for public companies], the work hasn’t gone away and there are liabilities that directors face if particular work isn’t undertaken. Companies House is vigilant in chasing up directors if, for example, accounts aren’t filed on time. There is a much more serious risk of fixed penalties being levied these days, so it doesn’t pay to cut corners. It’s important that SMEs understand that as they grow they will have to move away from ‘kitchen table governance’ to a more mature form of governance, and that means having access to someone who can be a wise friend to members of the board.

What about small businesses that can’t afford to employ a full-time company secretary?

It’s very important that small companies have access to someone who can assist them with the duties that a company secretary in a bigger business would undertake. SMEs don’t necessarily have to employ someone full time – they could, for instance, have an arrangement with a freelance chartered secretary or hire on a part-time basis. There is evidence that shows good governance and better financial performance go hand-in-hand, and a company secretary can help with that.

What are the biggest benefits of employing a company secretary?

Having access to a governance, risk and compliance professional – someone with a grounding in finance, risk, strategy and law, and an understanding of the law of meetings. It’s easy to think of some meetings as a doddle, but sometimes they go wrong or unexpected things happen. Agenda-setting can be viewed as a bureaucratic function but it actually needs some thought, and so do meeting minutes – it’s important to remember that one day those minutes may be read by a judge in a court of law.

What qualifications does a company secretary need and what should business leaders look for when appointing?

There is a qualification standard in the 2006 Companies Act and that includes barristers, solicitors, someone from a regulated accountancy body or, if you’re from Scotland, an advocate. Ideally, the individual will be a chartered secretary. A business should appoint someone with emotional intelligence and the ability to form good working relationships – the person needs to be able to negotiate, listen and influence. It’s not a role for prima donnas. They need resilience and fortitude because the pressures under which they will work are significant. Choose someone with the ability to give wise advice without upsetting people.

What advice would you give to business leaders who might not have a great understanding of the importance of the role, particularly new or young directors?

Good chief executives recognise the value of a company secretary, but ICSA did some research with Henley Business School [The Company Secretary: Building trust through corporate governance report] and discovered that there is still a need to educate some non-executive directors and head-hunting firms. Increasingly, search firms are being used for recruitment purposes and I’m not sure they understand what the role involves. Younger directors have more humility on the matter. Most new directors would be able to see the value of having a wise adviser. The role of a director is becoming increasingly professionalised – you wouldn’t go to a doctor, dentist or accountant who doesn’t keep up to date so it shouldn’t be any different with boards. A company secretary is a valuable employee so should be cherished.

_________________________________________

Simon Osborne, Chief executive of the Institute of Chartered Secretaries and Administrators (ICSA)

Pour télécharger le rapport de l’ICSA et de la Henley Business School, visitez le site icsa.org.uk

Le rôle du secrétaire général d’une société


Plusieurs personnes se questionnent sur le rôle d’un secrétaire général (corporatif) dans la gouvernance des entreprises.

Simon Osborne, directeur général de l’ICSA (Institute of Chartered Secretaries and Administrators), explique en quoi les tâches des secrétaires corporatifs sont importantes pour tous les types d’organisations, même quand celles-ci sont de petites tailles. Le secrétaire a essentiellement un rôle-conseil auprès des administrateurs et du président du conseil.

Même si les PME n’ont pas l’obligation d’avoir un secrétaire à leur service, Osborne souligne les nombreux avantages pour celles-ci d’embaucher une personne qui fera le lien entre la gouvernance du conseil et la direction de l’entreprise.

Quelles sont les qualifications des personnes qui occupent de telles fonctions ? L’extrait ci-dessous résume assez bien leurs profils.

There is a qualification standard in the 2006 Companies Act and that includes barristers, solicitors, someone from a regulated accountancy body or, if you’re from Scotland, an advocate. Ideally, the individual will be a chartered secretary. A business should appoint someone with emotional intelligence and the ability to form good working relationships – the person needs to be able to negotiate, listen and influence. It’s not a role for prima donnas. They need resilience and fortitude because the pressures under which they will work are significant. Choose someone with the ability to give wise advice without upsetting people.

L’article présente également une petite vidéo sur le rôle du secrétaire d’entreprise.

Que pensez-vous de l’importance de cette fonction trop souvent mal comprise, ou carrément négligée ?

Bonne lecture !

The company secretary

 

Private businesses don’t have a legal duty to appoint a company secretary, yet many astute firms still fill the position. Simon Osborne, chief executive of qualifying body ICSA, explains why the job is crucial to companies of all sizes

Following the Companies Act 2006, private businesses are no longer legally required to employ a company secretary, but with British firms facing ongoing regulatory change and corporate governance pressures, many still fill the role.

This, says Simon Osborne, chief executive of the Institute of Chartered Secretaries and Administrators (ICSA), is because the burden of duties that was previously undertaken by a company secretary has not eased: “Private companies that have abolished the role have suffered the loss of an independent thinker – someone with a sharp focus on the way the company does business,” he says.

Osborne has spent more than two decades as a company secretary for public and private businesses. He took over the helm of ICSA, which has 33,000 members across 72 countries, in 2011. Here, he explains what the role of company secretary entails – and why it can be vital to small businesses…

 

Résultats de recherche d'images pour « secrétaire administratif »

 

Director What does the role of the company secretary involve?

The company secretary is an adviser to the chair and the board on a company’s values, purpose, and governance framework. It involves strategic thinking around why and how the company is doing business and the compliance procedures needed to ensure it operates in accordance with its values. Duties include maintaining company registers, ensuring filings are made promptly and on time with Companies House, keeping the minutes of board and committee meetings, and ensuring director service contracts are up to date. But a company secretary can also be involved with HR, pensions, risk management and insurance.

Why do some private companies still employ a company secretary even though there is no longer a legal requirement? And who does the burden fall on if a firm doesn’t have one?

The burden falls on the directors. Despite the requirement being abolished for private businesses [it still exists for public companies], the work hasn’t gone away and there are liabilities that directors face if particular work isn’t undertaken. Companies House is vigilant in chasing up directors if, for example, accounts aren’t filed on time. There is a much more serious risk of fixed penalties being levied these days, so it doesn’t pay to cut corners. It’s important that SMEs understand that as they grow they will have to move away from ‘kitchen table governance’ to a more mature form of governance, and that means having access to someone who can be a wise friend to members of the board.

What about small businesses that can’t afford to employ a full-time company secretary?

It’s very important that small companies have access to someone who can assist them with the duties that a company secretary in a bigger business would undertake. SMEs don’t necessarily have to employ someone full time – they could, for instance, have an arrangement with a freelance chartered secretary or hire on a part-time basis. There is evidence that shows good governance and better financial performance go hand-in-hand, and a company secretary can help with that.

What are the biggest benefits of employing a company secretary?

Having access to a governance, risk and compliance professional – someone with a grounding in finance, risk, strategy and law, and an understanding of the law of meetings. It’s easy to think of some meetings as a doddle, but sometimes they go wrong or unexpected things happen. Agenda-setting can be viewed as a bureaucratic function but it actually needs some thought, and so do meeting minutes – it’s important to remember that one day those minutes may be read by a judge in a court of law.

What qualifications does a company secretary need and what should business leaders look for when appointing?

There is a qualification standard in the 2006 Companies Act and that includes barristers, solicitors, someone from a regulated accountancy body or, if you’re from Scotland, an advocate. Ideally, the individual will be a chartered secretary. A business should appoint someone with emotional intelligence and the ability to form good working relationships – the person needs to be able to negotiate, listen and influence. It’s not a role for prima donnas. They need resilience and fortitude because the pressures under which they will work are significant. Choose someone with the ability to give wise advice without upsetting people.

What advice would you give to business leaders who might not have a great understanding of the importance of the role, particularly new or young directors?

Good chief executives recognise the value of a company secretary, but ICSA did some research with Henley Business School [The Company Secretary: Building trust through corporate governance report] and discovered that there is still a need to educate some non-executive directors and head-hunting firms. Increasingly, search firms are being used for recruitment purposes and I’m not sure they understand what the role involves. Younger directors have more humility on the matter. Most new directors would be able to see the value of having a wise adviser. The role of a director is becoming increasingly professionalised – you wouldn’t go to a doctor, dentist or accountant who doesn’t keep up to date so it shouldn’t be any different with boards. A company secretary is a valuable employee so should be cherished.

_________________________________________

Simon Osborne, Chief executive of the Institute of Chartered Secretaries and Administrators (ICSA)

Pour télécharger le rapport de l’ICSA et de la Henley Business School, visitez le site icsa.org.uk

Un guide utile pour bien évaluer les risques organisationnels | En reprise


Voici un article très intéressant sur l’évaluation des risques publié par H. Glen Jenkinset paru dans Inside Counsel (IC) Magazine.

Il s’agit d’un bref exposé sur la notion de risques organisationnels et sur les principaux éléments qu’il faut considérer afin d’en faire une gestion efficace.

Je vous invite à prendre connaissance des autres publications sur le site de IC, notamment Evaluating and managing litigation risk.

Bonne lecture !

Risk assessment: A primer for corporate counsel

 

The scope of legal responsibilities for in-house counsel varies depending on the size and complexity of the company. For instance, an attorney located at corporate headquarters could be chiefly responsible for issues affecting the shared services that are available and used by corporate headquarters, as well as every business unit and division. And yet at other times, in-house counsel’s concerns may be restricted to matters affecting only the parent company or a specific liability issue faced by only one business unit.

 

risk management flow chart concept handwritten by businessman

In each instance, however, in-house counsel are generally concerned with specific legal tasks and proactive risk management.

What exactly does risk management mean, and what does it encompass? Furthermore, once the definition of risk management has been established and accepted by the company’s management team, how can in-house counsel efficiently and comprehensively assess all possible risks?

Merriam Webster’s dictionary defines risk as “the possibility that something bad or unpleasant will happen.” Whenever many of us in the accounting and legal profession hear the word “risk,” we inherently may succumb to the aforementioned particular negative connotation of risk. How many times have we heard the phrase, “Risk is a part of life,’ and how often have we associated those five words with an undesirable implication?”

 

Alternatively, A Positive View of Risk

Taking risks does not always have to be painstakingly negative. It is unlikely that many will disagree with the Institute of Risk Management’s (IRM) assertion that “avoiding all risk would result in no achievement, no progress and no reward.” This statement undoubtedly portrays a different perspective of risk, indicating the potential of a positive outcome.

IRM goes on to define risk as “the combination of the probability of an event and its consequence. Consequences can range from positive and negative.”

Therein lies the basic premise of risk management. If the consequences of risk can be both positive and negative, it would seem only prudent to try and effectively manage risk to have the highest probability of a positive outcome.

Applying IRM’s definition of risk, together with the premise that avoiding all risk would result in no achievement, no progress and no reward, we intrinsically recognize that not all risks are bad and not all risks are to be avoided.

Over the course of three successive articles on risk, we will take a closer look at how in-house counsel works with internal and external resources to help identify, evaluate and categorize risk.

 Risk Assessment: The Starting Point for Successful Risk Management

Risk assessment is the identification, analysis and evaluation of risks involved in a given situation. Risk assessment also implies a comparison against benchmarks or standards, and the determination of an acceptable level of risk. The evaluation of risks should also provide management with a remediation or control for the identified hazard.

The word “risk” alone without any context is a vague and ill-defined term. There is safety risk, country risk, political risk, health risk and the ongoing list is virtually boundless and it is next to impossible to comprehensively assess all possible risks.

According to Tori Silas, privacy officer and senior counsel with Cox Enterprises, Inc., Cox uses the external resources of multinational accounting and advisory companies to assist with its risk assessments. Using best practices they have developed by analyzing business processes and assessing risk for companies on a global level, these organizations assist in the identification of risks in particular areas of the business, and provide a framework within which to rate risks and prioritize remediation efforts associated with those risks.

Assessment Begins with Knowing Who Decides Acceptable Levels of Risk

As an example of financial risk, according to a Tulane University study, the chances of getting hit by an asteroid or comet are 1,000 times greater than winning a jackpot mega millions lottery. Yet, some have accepted that level of risk and will habitually trade their money to play the lottery rather than investing their money or capital in an endeavor that has a much higher probability of building wealth. Whether right or wrong, a good or bad decision, those who make the choice of playing the lottery have intrinsically accepted the financial risk of losing their money in lieu of the near impossible odds to reap a grand reward.

No matter our opinion of playing the lottery, I think we would all agree that it would be highly unlikely to find a pragmatic business executive allotting some portion the company’s wealth and assets to invest in lottery tickets. But why not? Who decides the parameters of acceptable levels of risk for a business and against what benchmarks are those decisions made?

The business owners, board of directors and executive management define the business objectives, and establish the risk appetite and risk tolerances that are to be contemplated on an overall basis by management when making decisions and evaluating options and alternatives. Together they establish a system of rules, practices and processes by which their company is directed and controlled. This concept is often referred to as corporate governance. Businesses of all sizes embrace this concept, but small businesses may cloak this concept within the singular frame of mind of its ownership’s values, ideologies, philosophies, beliefs and individual business principles.

As the privacy officer for Cox Enterprises, Silas strives to make certain the employees of their consumer facing companies are aware of Cox’s obligations regarding data privacy and that they are appropriately trained to identify and mitigate risk related to and to protect any private consumer data they may have collected.

Corporate Governance

Since the purpose of a risk assessment is the identification, analysis, and evaluation of risks that could adversely impact the business meeting its objectives, the process of conducting a risk assessment should be integrated into existing management processes. According to Silas, Cox Enterprises also utilizes its own internal audit services department to examine functional processes and identify opportunities to strengthen controls and mitigate risks. It is recommended that risk assessments should be conducted using a top-down approach beginning with the top level of the company and filtering its way down through each division and business unit.

For example, a company may have three divisions: manufacturing, marketing and finance. Each of those divisions may operate in four global sectors. Using a top-down approach the three top divisions would conduct a risk assessment and each subdivision that is located in each global sector would conduct their own risk assessment. The top-down approach would then be complimented by bottom-up process where the risk assessments are sent up the business chain, gathered and compiled into an integrated risk assessment matrix.

Ten Tips for Conducting an Effective Risk Assessment

In quick summary, here are ten additional tips for conducting an effective risk assessment:

  1. Create, plan and conduct a formal risk assessment;
  2. Define the context and objectives of the risk assessment;
  3. Define and understand the organizations acceptable risk tolerance;
  4. Bring together the best team to conduct the risk assessment;
  5. Employ the best risk assessment techniques for the situation;
  6. Understand control measures to mitigate risk;
  7. Be objective and impartial conducting the risk assessment;
  8. Identify the environment that is conducive to risks;
  9. Identify who could be harmed; and
  10. Review, revisit and re-perform the risk assessment.

Les entreprises sont-elles sujettes à trop de règles de conformité ?


Voici un article de Sean J. Griffith, professeur de droit à la Fordham Law School, paru sur le forum du Harvard Law School qui montre toute l’importance que revêt aujourd’hui la gouvernance de « conformité ».

Bien entendu, le rôle des autorités réglementaires, ainsi que les nombreuses législations affectant la gouvernance des entreprises, sont des facteurs contribuant à l’accroissement du fardeau de la conformité.

On peut difficilement imaginer que les pressions à la conformité iront en diminuant. Les entreprises s’adaptent donc aux nouvelles exigences en créant de nouveaux départements dirigés par des chefs de la conformité (Chief Compliance Officer). L’article analyse les effets positifs et négatifs de ce virage.

En ce qui me concerne, je pense que l’on doit faire de grands efforts pour simplifier la gestion de conformité, car il me semble que celle-ci prend une place beaucoup trop importante.

Bonne lecture !

Corporate Governance in an Era of Compliance

 

conseil_strategie_si-conformite_reglementaire

 

Much of what scholars and practitioners think of as core corporate governance—the oversight and control of internal corporate affairs— is now being subsumed by “compliance.” Although compliance with law and regulation is not a new idea, the establishment of an autonomous department within firms to detect and deter violations of law and policy is. American corporations are at the dawn of a new era: the era of compliance.

Over the past decade, compliance has blossomed into a thriving industry, and the compliance department has emerged, in many firms, as the co-equal of the legal department. Compliance is commonly headed by a Chief Compliance Officer (CCO) with a staff, in large firms, of hundreds or thousands. Moreover, although the CCO reports to the board, compliance is not wholly subordinate to the board. Boards cannot neglect the compliance function or choose not to install and maintain the function on par with industry peers. Furthermore, once compliance officers generate information through monitoring and surveillance, it is beyond a reasonable board’s authority to stop them. Compliance is thus under the board, but its authority comes from somewhere else.

Unlike other governance structures, the origins of compliance are exogenous to the firm. The impetus for compliance does not come from a traditional corporate constituency. It does not come from shareholders, managers, employees, creditors, or customers. It comes from the government. Compliance is a de facto government mandate imposed upon firms by means of ex ante incentives, ex post enforcement tactics, and formal signaling efforts. Moreover, in imposing compliance on firms, the government is not simply making rules that firms must follow, as it does when it passes new laws and regulations, nor is it adjusting its traditional tools—the amount of enforcement and the size of sanctions—to assure compliance with existing law and regulation. Instead, through compliance, the government dictates how firms must comply, imposing specific governance structures expressly designed to change how the firm conducts its business.

At the level of theory, the contemporary compliance function subverts the notion that corporate governance arrangements both are and ought to be the product of a bargain between shareholders and managers. Compliance rewrites Ronald Coase’s famous passage on the internal organization of firms. Compliance officers come into an organization not necessarily (or not entirely) at the behest of an “entrepreneur-co-ordinator, who directs production,” but rather pursuant to the directive of a government enforcer. Seen through the prism of compliance, the corporation no longer resembles a nexus of contracts but rather a real entity, subject to punishment and rehabilitation at the pleasure of a sovereign. Compliance thus rejects mainstream accounts of the firm in favor of a much older theoretical account.

Moreover, because government interventions in compliance come not through the traditional levers of state corporate or federal securities law, but rather through prosecutions and regulatory enforcement actions, a different set of interests and incentives are at play. Compliance questions arise over what purpose or purposes the firm should serve and revives the “other constituencies” debate. Compliance also raises the question whether the authorities pressing for corporate reforms have the right incentives and the right information to do so. If they do not, the development of compliance may merely result in the imposition of inefficient governance structures on firms.

My article, Corporate Governance in an Era of Compliance, recently published in the William & Mary Law Review, aims to provide a comprehensive account of the compliance function and the various ways in which it challenges corporate law orthodoxy. It launches compliance as a field of inquiry for scholars of corporate law and corporate governance by pairing a thorough descriptive account of the contemporary compliance function with a normative account of the ways in which compliance challenges settled theories of the firm and upsets the political economy of corporate governance.

Compliance begs foundational questions of what the firm is and who the author of corporate governance arrangements ought to be. There is a way out of these uncomfortable questions—by limiting the government’s ability to impose compliance reforms through enforcement or by mandating disclosure of firms’ compliance arrangements—but we may not want to set these issues aside so quickly. The fundamental goal of the Article is thus to start the scholarly conversation on compliance and corporate governance, to raise the issues and problems posed by the contemporary compliance function without necessarily solving them. The Article therefore seeks to provoke scholarly debate and provide a framework for prosecutors, policymakers, and scholars of corporate law and corporate governance to engage the question of compliance.

The full article is available here.

En rappel | Le C.A. doit clarifier les rôles de chef de la conformité (CCO) et de chef des affaires juridiques (General Counsel)


On note une ambigüité de rôle croissante entre les fonctions de chef de la conformité (CCO) et de chef du contentieux (General Counsel).  Cet article de Michael W. Peregrine, associé de la firme McDermott Will & Emery vise à souligner les responsabilités réciproques de chaque poste ainsi qu’à montrer que celles-ci ont intérêt à être mieux définies afin d’éviter les risques de conflits associés à leur exécution.

L’auteur suggère que le rôle de chef de la conformité prend une place de plus en plus prépondérante dans la structure des organisations, en vertu du caractère « d’indépendance » rattaché à cette fonction. Les deux postes doivent donc être dissociés, le chef du contentieux se rapportant au PDG et le chef de la conformité se rapportant au conseil d’administration !

L’article insiste sur une meilleure description de ces deux postes et sur le rôle que doit jouer le conseil d’administration à cet égard.

Je vous invite à lire ce court article paru sur le blogue du Harvard Law School Forum on Corporate Governance afin de mieux connaître la nature des arguments invoqués. Bonne lecture !

Compliance or Legal? The Board’s Duty to Assure Clarity

Key Developments

Government Positions. The first, and perhaps most pronounced, of these developments has been efforts of the federal government to encourage (and, in some cases, to require) that the positions of compliance officer and general counsel be separate organizational positions held by separate officers; that the compliance officer not report to the general counsel; and that the compliance officer have a direct reporting relationship to the governing board.

There also appears to be a clear trend—while certainly not universal—among many corporations to follow the government’s lead and adopt the “separate relationship” structure, for a variety of valid and appropriate reasons. Yet, the focus on compliance officer “independence” obscures the need for compliance programs to have leadership from, coordination of or other connection to, the general counsel.P1030083

Another concern arises from the (dubious) perspective that the compliance officer should not have a reporting relationship to the general counsel. One of the underlying premises here is that the general counsel somehow has at least a potential, if not actual, conflict of interest with respect to advice that the compliance officer may provide to management or the board. However, this perspective ignores critical professional responsibility obligations of the general counsel (e.g., Rules 1.6, 1.7 and 1.13).

The third, and potentially most significant of these potential concerns relates to the preservation of the attorney-client privilege when the chief compliance officer is not the general counsel. In a recent published article, a leading corporate lawyer argues persuasively that the forced separation of the compliance and legal functions jeopardizes the ability to preserve the privilege in connection with corporate compliance based investigations.

Corporate Guardian. A second, and more subtle, development has been a series of public comments by compliance industry thought leaders suggesting that the role of “guardian of the corporate reputation” is exclusively reserved for the corporate compliance officer; that the compliance officer is the organizational “subject matter expert” for ethics and culture, as well as compliance. This “jurisdictional claim” appears to be premised on the questionable perspective that “lawyers tell you whether you can do something, and compliance tells you whether you should”.

This perspective ignores the extent to which the general counsel is specifically empowered to provide such advice by virtue of the rules of professional responsibility; principally Rule 2.1 (“Advisor”). It is also contrary to long standing public discourse that frames the lawyer’s role as a primary guardian of the organizational reputation. For example, the estimable Ben Heineman, Jr. has described the role of the general counsel as the “lawyer-statesman”, the essence of which is the responsibility to “move beyond the first question—‘is it legal?’—to the ultimate question—‘is it right?’”

Job Descriptions. The third significant development is efforts by compliance industry commentators to extend the portfolio of the CCO, to a point where it appears to conflict with the expanding role of the general counsel. As one prominent compliance authority states, “The CCO mandate is ambitious, broad, and complex; no less than to oversee the organization’s ability to ‘prevent and detect misconduct’”.

This point of view is being used to justify greater compliance officer involvement in matters such as internal investigations, corporate governance, conflict of interest resolution, the development of codes of ethics, and similar areas of organizational administration.

The debate over roles and responsibilities is exacerbated by the extent to which the term “compliance” continuously appears in the public milieu in the form of “shorthand”. In this way, the term appears to reference some sort of broad organizational commitment to adherence with applicable law; i.e., more as a state of corporate consciousness than as an executive-level job description. To the extent that “compliance” is used loosely in the business and governance media, it serves to confuse corporate leadership about the real distinctions between accepted legal and compliance components.

Expansive definitions of the compliance function are also at odds with new surveys that depict the expanding organizational prominence of the general counsel. These new surveys lend empirical support to the view that the general counsel of a sophisticated enterprise (such as a health care system) has highly consequential responsibilities, and thus should occupy a position of hierarchical importance within the organization.

The Board’s Role

As developments cause the roles and responsibilities of the compliance officer and the general counsel to become increasingly blurred, the board has an obligation to establish clarity and reduce the potential for organizational risk. The failure to clearly delineate the respective duties of these key corporate officers can create administrative waste and inefficiency; increase internal confusion and tension; jeopardize application of the attorney-client privilege, and “draw false distinctions between organizational and legal risk”.

An effective board response would certainly include directing the compliance officer and general counsel, with the support of the CEO and outside advisors, to prepare for board consideration a set of mutually acceptable job descriptions for their respective positions. This would include a confirmation of the board reporting rights of both officers. It would also include the preparation of a detailed communication protocol that would address important GC/CCO coordination issues.

The perceptive board may also wish to explore, with the support of external advisors, the very sensitive core issues associated with compliance officer independence, and with the hierarchical position of the compliance officer; i.e., should that position be placed in the corporate hierarchy on an equal footing with the corporate legal function, or in some subordinate or other supporting role.

The board can and should be assertive in adopting measures that support the presence of a vibrant, effective compliance program that teams productively with the general counsel.

 

Un guide utile pour bien évaluer les risques | En reprise


Voici un article très intéressant sur l’évaluation des risques publié par H. Glen Jenkinset paru dans Inside Counsel (IC) Magazine.

Il s’agit d’un bref exposé sur la notion de risques organisationnels et sur les principaux éléments qu’il faut considérer afin d’en faire une gestion efficace.

Je vous invite à prendre connaissance des autres publications sur le site de IC, notamment Evaluating and managing litigation risk.

Bonne lecture !

Risk assessment: A primer for corporate counsel

 

The scope of legal responsibilities for in-house counsel varies depending on the size and complexity of the company. For instance, an attorney located at corporate headquarters could be chiefly responsible for issues affecting the shared services that are available and used by corporate headquarters, as well as every business unit and division. And yet at other times, in-house counsel’s concerns may be restricted to matters affecting only the parent company or a specific liability issue faced by only one business unit.

risk management flow chart concept handwritten by businessmanIn each instance, however, in-house counsel are generally concerned with specific legal tasks and proactive risk management.

What exactly does risk management mean, and what does it encompass? Furthermore, once the definition of risk management has been established and accepted by the company’s management team, how can in-house counsel efficiently and comprehensively assess all possible risks?

Merriam Webster’s dictionary defines risk as “the possibility that something bad or unpleasant will happen.” Whenever many of us in the accounting and legal profession hear the word “risk,” we inherently may succumb to the aforementioned particular negative connotation of risk. How many times have we heard the phrase, “Risk is a part of life,’ and how often have we associated those five words with an undesirable implication?”

 

Alternatively, A Positive View of Risk

Taking risks does not always have to be painstakingly negative. It is unlikely that many will disagree with the Institute of Risk Management’s (IRM) assertion that “avoiding all risk would result in no achievement, no progress and no reward.” This statement undoubtedly portrays a different perspective of risk, indicating the potential of a positive outcome.

IRM goes on to define risk as “the combination of the probability of an event and its consequence. Consequences can range from positive and negative.”

Therein lies the basic premise of risk management. If the consequences of risk can be both positive and negative, it would seem only prudent to try and effectively manage risk to have the highest probability of a positive outcome.

Applying IRM’s definition of risk, together with the premise that avoiding all risk would result in no achievement, no progress and no reward, we intrinsically recognize that not all risks are bad and not all risks are to be avoided.

Over the course of three successive articles on risk, we will take a closer look at how in-house counsel works with internal and external resources to help identify, evaluate and categorize risk.

 Risk Assessment: The Starting Point for Successful Risk Management

Risk assessment is the identification, analysis and evaluation of risks involved in a given situation. Risk assessment also implies a comparison against benchmarks or standards, and the determination of an acceptable level of risk. The evaluation of risks should also provide management with a remediation or control for the identified hazard.

The word “risk” alone without any context is a vague and ill-defined term. There is safety risk, country risk, political risk, health risk and the ongoing list is virtually boundless and it is next to impossible to comprehensively assess all possible risks.

According to Tori Silas, privacy officer and senior counsel with Cox Enterprises, Inc., Cox uses the external resources of multinational accounting and advisory companies to assist with its risk assessments. Using best practices they have developed by analyzing business processes and assessing risk for companies on a global level, these organizations assist in the identification of risks in particular areas of the business, and provide a framework within which to rate risks and prioritize remediation efforts associated with those risks.

Assessment Begins with Knowing Who Decides Acceptable Levels of Risk

As an example of financial risk, according to a Tulane University study, the chances of getting hit by an asteroid or comet are 1,000 times greater than winning a jackpot mega millions lottery. Yet, some have accepted that level of risk and will habitually trade their money to play the lottery rather than investing their money or capital in an endeavor that has a much higher probability of building wealth. Whether right or wrong, a good or bad decision, those who make the choice of playing the lottery have intrinsically accepted the financial risk of losing their money in lieu of the near impossible odds to reap a grand reward.

No matter our opinion of playing the lottery, I think we would all agree that it would be highly unlikely to find a pragmatic business executive allotting some portion the company’s wealth and assets to invest in lottery tickets. But why not? Who decides the parameters of acceptable levels of risk for a business and against what benchmarks are those decisions made?

The business owners, board of directors and executive management define the business objectives, and establish the risk appetite and risk tolerances that are to be contemplated on an overall basis by management when making decisions and evaluating options and alternatives. Together they establish a system of rules, practices and processes by which their company is directed and controlled. This concept is often referred to as corporate governance. Businesses of all sizes embrace this concept, but small businesses may cloak this concept within the singular frame of mind of its ownership’s values, ideologies, philosophies, beliefs and individual business principles.

As the privacy officer for Cox Enterprises, Silas strives to make certain the employees of their consumer facing companies are aware of Cox’s obligations regarding data privacy and that they are appropriately trained to identify and mitigate risk related to and to protect any private consumer data they may have collected.

Corporate Governance

Since the purpose of a risk assessment is the identification, analysis, and evaluation of risks that could adversely impact the business meeting its objectives, the process of conducting a risk assessment should be integrated into existing management processes. According to Silas, Cox Enterprises also utilizes its own internal audit services department to examine functional processes and identify opportunities to strengthen controls and mitigate risks. It is recommended that risk assessments should be conducted using a top-down approach beginning with the top level of the company and filtering its way down through each division and business unit.

For example, a company may have three divisions: manufacturing, marketing and finance. Each of those divisions may operate in four global sectors. Using a top-down approach the three top divisions would conduct a risk assessment and each subdivision that is located in each global sector would conduct their own risk assessment. The top-down approach would then be complimented by bottom-up process where the risk assessments are sent up the business chain, gathered and compiled into an integrated risk assessment matrix.

Ten Tips for Conducting an Effective Risk Assessment

In quick summary, here are ten additional tips for conducting an effective risk assessment:

  1. Create, plan and conduct a formal risk assessment;
  2. Define the context and objectives of the risk assessment;
  3. Define and understand the organizations acceptable risk tolerance;
  4. Bring together the best team to conduct the risk assessment;
  5. Employ the best risk assessment techniques for the situation;
  6. Understand control measures to mitigate risk;
  7. Be objective and impartial conducting the risk assessment;
  8. Identify the environment that is conducive to risks;
  9. Identify who could be harmed; and
  10. Review, revisit and re-perform the risk assessment.

Guide destiné à mieux évaluer les risques


Voici un article très intéressant sur l’évaluation des risques publié par H. Glen Jenkinset paru dans Inside Counsel (IC) Magazine.

Il s’agit d’un bref exposé sur la notion de risques organisationnels et sur les principaux éléments qu’il faut considérer afin d’en faire une gestion efficace.

Je vous invite à prendre connaissance des autres publications sur le site de IC, notamment Evaluating and managing litigation risk.

Bonne lecture !

Risk assessment: A primer for corporate counsel

The scope of legal responsibilities for in-house counsel varies depending on the size and complexity of the company. For instance, an attorney located at corporate headquarters could be chiefly responsible for issues affecting the shared services that are available and used by corporate headquarters, as well as every business unit and division. And yet at other times, in-house counsel’s concerns may be restricted to matters affecting only the parent company or a specific liability issue faced by only one business unit.

risk management flow chart concept handwritten by businessmanIn each instance, however, in-house counsel are generally concerned with specific legal tasks and proactive risk management.

What exactly does risk management mean, and what does it encompass? Furthermore, once the definition of risk management has been established and accepted by the company’s management team, how can in-house counsel efficiently and comprehensively assess all possible risks?

Merriam Webster’s dictionary defines risk as “the possibility that something bad or unpleasant will happen.” Whenever many of us in the accounting and legal profession hear the word “risk,” we inherently may succumb to the aforementioned particular negative connotation of risk. How many times have we heard the phrase, “Risk is a part of life,’ and how often have we associated those five words with an undesirable implication?”

 

Alternatively, A Positive View of Risk

Taking risks does not always have to be painstakingly negative. It is unlikely that many will disagree with the Institute of Risk Management’s (IRM) assertion that “avoiding all risk would result in no achievement, no progress and no reward.” This statement undoubtedly portrays a different perspective of risk, indicating the potential of a positive outcome.

IRM goes on to define risk as “the combination of the probability of an event and its consequence. Consequences can range from positive and negative.”

Therein lies the basic premise of risk management. If the consequences of risk can be both positive and negative, it would seem only prudent to try and effectively manage risk to have the highest probability of a positive outcome.

Applying IRM’s definition of risk, together with the premise that avoiding all risk would result in no achievement, no progress and no reward, we intrinsically recognize that not all risks are bad and not all risks are to be avoided.

Over the course of three successive articles on risk, we will take a closer look at how in-house counsel works with internal and external resources to help identify, evaluate and categorize risk.

 Risk Assessment: The Starting Point for Successful Risk Management

Risk assessment is the identification, analysis and evaluation of risks involved in a given situation. Risk assessment also implies a comparison against benchmarks or standards, and the determination of an acceptable level of risk. The evaluation of risks should also provide management with a remediation or control for the identified hazard.

The word “risk” alone without any context is a vague and ill-defined term. There is safety risk, country risk, political risk, health risk and the ongoing list is virtually boundless and it is next to impossible to comprehensively assess all possible risks.

According to Tori Silas, privacy officer and senior counsel with Cox Enterprises, Inc., Cox uses the external resources of multinational accounting and advisory companies to assist with its risk assessments. Using best practices they have developed by analyzing business processes and assessing risk for companies on a global level, these organizations assist in the identification of risks in particular areas of the business, and provide a framework within which to rate risks and prioritize remediation efforts associated with those risks.

Assessment Begins with Knowing Who Decides Acceptable Levels of Risk

As an example of financial risk, according to a Tulane University study, the chances of getting hit by an asteroid or comet are 1,000 times greater than winning a jackpot mega millions lottery. Yet, some have accepted that level of risk and will habitually trade their money to play the lottery rather than investing their money or capital in an endeavor that has a much higher probability of building wealth. Whether right or wrong, a good or bad decision, those who make the choice of playing the lottery have intrinsically accepted the financial risk of losing their money in lieu of the near impossible odds to reap a grand reward.

No matter our opinion of playing the lottery, I think we would all agree that it would be highly unlikely to find a pragmatic business executive allotting some portion the company’s wealth and assets to invest in lottery tickets. But why not? Who decides the parameters of acceptable levels of risk for a business and against what benchmarks are those decisions made?

The business owners, board of directors and executive management define the business objectives, and establish the risk appetite and risk tolerances that are to be contemplated on an overall basis by management when making decisions and evaluating options and alternatives. Together they establish a system of rules, practices and processes by which their company is directed and controlled. This concept is often referred to as corporate governance. Businesses of all sizes embrace this concept, but small businesses may cloak this concept within the singular frame of mind of its ownership’s values, ideologies, philosophies, beliefs and individual business principles.

As the privacy officer for Cox Enterprises, Silas strives to make certain the employees of their consumer facing companies are aware of Cox’s obligations regarding data privacy and that they are appropriately trained to identify and mitigate risk related to and to protect any private consumer data they may have collected.

Corporate Governance

Since the purpose of a risk assessment is the identification, analysis, and evaluation of risks that could adversely impact the business meeting its objectives, the process of conducting a risk assessment should be integrated into existing management processes. According to Silas, Cox Enterprises also utilizes its own internal audit services department to examine functional processes and identify opportunities to strengthen controls and mitigate risks. It is recommended that risk assessments should be conducted using a top-down approach beginning with the top level of the company and filtering its way down through each division and business unit.

For example, a company may have three divisions: manufacturing, marketing and finance. Each of those divisions may operate in four global sectors. Using a top-down approach the three top divisions would conduct a risk assessment and each subdivision that is located in each global sector would conduct their own risk assessment. The top-down approach would then be complimented by bottom-up process where the risk assessments are sent up the business chain, gathered and compiled into an integrated risk assessment matrix.

Ten Tips for Conducting an Effective Risk Assessment

In quick summary, here are ten additional tips for conducting an effective risk assessment:

  1. Create, plan and conduct a formal risk assessment;
  2. Define the context and objectives of the risk assessment;
  3. Define and understand the organizations acceptable risk tolerance;
  4. Bring together the best team to conduct the risk assessment;
  5. Employ the best risk assessment techniques for the situation;
  6. Understand control measures to mitigate risk;
  7. Be objective and impartial conducting the risk assessment;
  8. Identify the environment that is conducive to risks;
  9. Identify who could be harmed; and
  10. Review, revisit and re-perform the risk assessment.

Mieux contrôler les risques de litiges | Un guide en 4 étapes à l’intention des administrateurs


Les administrateurs de sociétés doivent accomplir leurs devoirs de diligence et de vigilance dans la surveillance des organisations. Les situations litigieuses sont de plus en plus fréquentes et les conséquences peuvent, non seulement affecter le succès des entreprises, mais aussi les intérêts des administrateurs.

L’article qui suit propose un cadre de référence très utile pour aider les administrateurs à s’acquitter de leurs responsabilités eu égard à la supervision des situations litigieuses.

Il a récemment été publié dans le Harvard Law School Forum on Corporate Governance par Jeff G. Hammel, associé de la firme Latham & Watkins, LLP.

bail-commercial
Les litiges organisationnels et les responsabilités des administrateurs

L’auteur explique les devoirs et les responsabilités des administrateurs en matière de litige, notamment en faisant ressortir les quatre étapes suivantes :

1. Suivre les cas litigieux susceptibles d’avoir de lourdes conséquences pour l’entreprise;

2. S’assurer de recevoir des rapports réguliers de la direction;

3. Poser les bonnes questions afin de s’assurer que la direction a pris les bonnes actions;

4. Être bien informé des polices d’assurance-responsabilité de la compagnie.

Voici un extrait de cet article. Bonne lecture !

Boardroom Perspectives: Oversight of Material Litigation in Four Practical Steps

1. Get Involved in the Right Cases

While public company directors need not be briefed on every claim or potential claim facing the company, management should consider involving the board in the important cases—and early on. Board involvement will depend upon various factors, including whether the adverse party is a competitor or customer, or former senior employee or executive; the amount of damages sought; the subject matter of the litigation; and the level of publicity a case has generated or is expected to generate.

2. Receive Regular Reports from Management

In order to be adequately prepared to give strategic advice, approve a settlement or take other necessary action, it is important for boards to stay adequately informed about the material litigation facing the company. Litigation reports to the board are typically prepared by the company’s general counsel or outside counsel, and include, as appropriate:

A general status update

A discussion of strategy

An assessment of risk

Budget information

Insurance coverage

Next steps

Reports preferably have the appropriate level of detail to inform the board without being unduly burdensome. In addition, reports are ideally provided in the context of the attorney-client privilege to protect the company. Minutes serve to reflect the discussion and create the record of director oversight.

3. Ask the Right Questions

Staying on top of material litigation involves frequent and open communication among management and directors. The board’s job is to ask the right questions to hold management accountable. For example, directors might ask:

What are the goals/objectives of the litigation?

What is the impact of the litigation on company resources?

Will the litigation require reliance on expert testimony?

Does the litigation subject the company to adverse publicity, and if so, what steps does the company plan to take to address this issue?

Does the litigation require a critical evaluation of one of the company’s business processes?

What is the company’s tolerance for risk, and to what extent should the company consider more adversarial or cooperative strategies?

Is settlement advisable, and what is the timing to broach settlement?

4. Keep Abreast of the Company’s Liability Insurance Policies

Comprehensive liability insurance policies help reduce the exposure to litigation risks, damages and expenses, but can vary widely in coverage, exclusions and limitations. To use liability insurance policies effectively in litigation risk management, directors may wish to review the policies the company maintains for itself and its directors and officers. For example, directors could:

Confirm that systems are in place to provide for timely notification to insurers of all claims, including potential claims

Verify that applications for new and renewal insurance policies are properly vetted (to ensure that misstatements or omissions in an application do not serve as a basis for rescission or denial of coverage); and

Understand coverage exclusions in director and officer insurance policies which, if invoked, could result in the denial of coverage for individual directors and officers

By following these steps in appropriate cases, board members can provide oversight to help management teams protect their companies from potentially damaging material litigation.

Le C.A. doit clarifier les rôles de chef de la conformité (CCO) et de chef des affaires juridiques (General Counsel)


On note une ambigüité de rôle croissante entre les fonctions de chef de la conformité (CCO) et de chef du contentieux (General Counsel).  Cet article de Michael W. Peregrine, associé de la firme McDermott Will & Emery vise à souligner les responsabilités réciproques de chaque poste ainsi qu’à montrer que celles-ci ont intérêt à être mieux définies afin d’éviter les risques de conflits associés à leur exécution.

L’auteur suggère que le rôle de chef de la conformité prend une place de plus en plus prépondérante dans la structure des organisations, en vertu du caractère « d’indépendance » rattaché à cette fonction. Les deux postes doivent donc être dissociés, le chef du contentieux se rapportant au PDG et le chef de la conformité se rapportant au conseil d’administration !

L’article insiste sur une meilleure description de ces deux postes et sur le rôle que doit jouer le conseil d’administration à cet égard.

Je vous invite à lire ce court article paru sur le blogue du Harvard Law School Forum on Corporate Governance afin de mieux connaître la nature des arguments invoqués. Bonne lecture !

Compliance or Legal? The Board’s Duty to Assure Clarity

Key Developments

Government Positions. The first, and perhaps most pronounced, of these developments has been efforts of the federal government to encourage (and, in some cases, to require) that the positions of compliance officer and general counsel be separate organizational positions held by separate officers; that the compliance officer not report to the general counsel; and that the compliance officer have a direct reporting relationship to the governing board.

There also appears to be a clear trend—while certainly not universal—among many corporations to follow the government’s lead and adopt the “separate relationship” structure, for a variety of valid and appropriate reasons. Yet, the focus on compliance officer “independence” obscures the need for compliance programs to have leadership from, coordination of or other connection to, the general counsel.P1030083

Another concern arises from the (dubious) perspective that the compliance officer should not have a reporting relationship to the general counsel. One of the underlying premises here is that the general counsel somehow has at least a potential, if not actual, conflict of interest with respect to advice that the compliance officer may provide to management or the board. However, this perspective ignores critical professional responsibility obligations of the general counsel (e.g., Rules 1.6, 1.7 and 1.13).

The third, and potentially most significant of these potential concerns relates to the preservation of the attorney-client privilege when the chief compliance officer is not the general counsel. In a recent published article, a leading corporate lawyer argues persuasively that the forced separation of the compliance and legal functions jeopardizes the ability to preserve the privilege in connection with corporate compliance based investigations.

Corporate Guardian. A second, and more subtle, development has been a series of public comments by compliance industry thought leaders suggesting that the role of “guardian of the corporate reputation” is exclusively reserved for the corporate compliance officer; that the compliance officer is the organizational “subject matter expert” for ethics and culture, as well as compliance. This “jurisdictional claim” appears to be premised on the questionable perspective that “lawyers tell you whether you can do something, and compliance tells you whether you should”.

This perspective ignores the extent to which the general counsel is specifically empowered to provide such advice by virtue of the rules of professional responsibility; principally Rule 2.1 (“Advisor”). It is also contrary to long standing public discourse that frames the lawyer’s role as a primary guardian of the organizational reputation. For example, the estimable Ben Heineman, Jr. has described the role of the general counsel as the “lawyer-statesman”, the essence of which is the responsibility to “move beyond the first question—‘is it legal?’—to the ultimate question—‘is it right?’”

Job Descriptions. The third significant development is efforts by compliance industry commentators to extend the portfolio of the CCO, to a point where it appears to conflict with the expanding role of the general counsel. As one prominent compliance authority states, “The CCO mandate is ambitious, broad, and complex; no less than to oversee the organization’s ability to ‘prevent and detect misconduct’”.

This point of view is being used to justify greater compliance officer involvement in matters such as internal investigations, corporate governance, conflict of interest resolution, the development of codes of ethics, and similar areas of organizational administration.

The debate over roles and responsibilities is exacerbated by the extent to which the term “compliance” continuously appears in the public milieu in the form of “shorthand”. In this way, the term appears to reference some sort of broad organizational commitment to adherence with applicable law; i.e., more as a state of corporate consciousness than as an executive-level job description. To the extent that “compliance” is used loosely in the business and governance media, it serves to confuse corporate leadership about the real distinctions between accepted legal and compliance components.

Expansive definitions of the compliance function are also at odds with new surveys that depict the expanding organizational prominence of the general counsel. These new surveys lend empirical support to the view that the general counsel of a sophisticated enterprise (such as a health care system) has highly consequential responsibilities, and thus should occupy a position of hierarchical importance within the organization.

The Board’s Role

As developments cause the roles and responsibilities of the compliance officer and the general counsel to become increasingly blurred, the board has an obligation to establish clarity and reduce the potential for organizational risk. The failure to clearly delineate the respective duties of these key corporate officers can create administrative waste and inefficiency; increase internal confusion and tension; jeopardize application of the attorney-client privilege, and “draw false distinctions between organizational and legal risk”.

An effective board response would certainly include directing the compliance officer and general counsel, with the support of the CEO and outside advisors, to prepare for board consideration a set of mutually acceptable job descriptions for their respective positions. This would include a confirmation of the board reporting rights of both officers. It would also include the preparation of a detailed communication protocol that would address important GC/CCO coordination issues.

The perceptive board may also wish to explore, with the support of external advisors, the very sensitive core issues associated with compliance officer independence, and with the hierarchical position of the compliance officer; i.e., should that position be placed in the corporate hierarchy on an equal footing with the corporate legal function, or in some subordinate or other supporting role.

The board can and should be assertive in adopting measures that support the presence of a vibrant, effective compliance program that teams productively with the general counsel.