Reported By:
| Edited By: Neville M Dumasia & Ganesh Ramamurthy |Source: DNA |Updated: Mar 16, 2018, 03:27 AM IST
Since the turn of the century, we have witnessed a range of corporate failures and scandals ranging from the dramatic collapse of Enron, Arthur Anderson and Worldcom to the more recent subprime mortgage crisis that has thrown the financial markets into disarray.
Even before the dust has settled on the mayhem caused by the subprime mortgage crisis, a corporate governance crisis has hit the Indian shores.
Is regulation the answer? The Sarbanes Oxley Act of 2002 (SOX) was introduced to restore credibility to financial reporting by making it mandatory for companies listed in the US to certify annually that they have effective internal controls over financial reporting.
Post Enron and Andersen, the audit community became extremely cautious, resulting in companies having to undertake an enormous amount of work to achieve SOX compliance. Somewhere along the way, this led to a “tick box” approach to compliance. The sheer volume of work involved to comply with SOX also resulted in companies throwing external resources at the problem. Consequently, the importance of compliance was not always embedded in the mindset of people.
To compound matters further, the costs of implementing SOX were unsustainable in comparison to the benefits. With businesses becoming increasingly global and with the myriad of regulations, companies have increasingly used their assurance functions (risk management, internal audit, etc) to meet their compliance objectives.
This excessive focus on compliance has resulted in such functions struggling to provide effective and efficient oversight of risk management across key strategic, operational, financial and compliance risks.
Regulations such as SOX may have helped companies avoid damage to reputation resulting from inaccurate reporting. However, such regulations have failed to improve the standards of corporate governance overall. This is illustrated by the fact that the worst offenders in the recent financial crisis have been the companies that have been SOX-compliant for a few years now.
It is important to understand that board governance is only one of the components of governance. The effectiveness of corporate governance hinges not only on the functioning of the board but also largely on how well the various inter-connected building blocks of governance gel together.
These inter-connected building blocks are:
Building block 1— Board operations and oversight
The competence and strength of character of the board members is crucial. The board should be diligent at all times and be prepared to commit quality time to the company’s affairs. They should be prepared to explore and seek information from independent sources and not just rely on the board books.
Building block 2— Business ethics framework
Most importantly, the board should be committed to ethical practices and keep a close watch on how ethical management’s practices are with all stakeholders.
Building block 3— Risk and controls framework
The risk management processes should be designed to periodically assess the impact that changes in strategies have on the risks that matter and consequently the mitigation strategies and controls. The company’s control framework should ensure that there are appropriate policies and procedures governing the operation of processes and functions including internal controls to mitigate risks, clarity of roles, responsibilities and authority, segregation of duties, manpower planning and succession planning, training and development of people and a remuneration system that is aligned to performance.
The proliferation of regulations and corporate governance codes has resulted in there being a few doubts regarding the “who” and “what” of governance.The “how” of governance can often decide between success and failure. Often boards assume that senior managers know their job and have the best interests of companies they manage in their heart. This results in boards failing to ask the difficult questions to senior managers until there is a crisis.
More often than not, failed decisions result from errors in judgement by the management as opposed to gross negligence or incompetence. For instance, at one of the global oil companies, failure to adhere to safety standards resulted in accidents and loss of lives. In this particular instance, the board chose to accept the management’s explanation that there were no issues despite there being evidence to the contrary.
To govern effectively, the board needs to be prepared to challenge itself and its practices and in the process shake the management out of its comfort zone. It is not as if this is not the case. However, the extent of such active governance is significantly less than what one would expect.In the process of challenging its existing practices and those of the senior management and the board, organisations need to deal with and address the “softer” issues of governance.
At the board level, this involves evaluating the practices to appoint the board members and assessing their competence; the conduct of board meetings and agenda setting; balance of time that the board spends between compliance oriented issues and performance related strategic issues; the ability of the independent directors to function as one unit and the amount of time they are able to devote to company affairs outside the board meetings; the processes that the board follows to assess its professional development needs; the processes that the board follows to set its objectives and measure its performance both as a unit and individually; CEO performance evaluation and most importantly CEO succession planning.
At the senior management level, this involves evaluating existing practices relating to management’s commitment to ethical values in their dealings with internal and external stakeholders and how these are articulated in policies and processes, how the risk of fraud and senior management override is addressed, the independence and competence of oversight functions such as internal audit and the role of the human resources function in achieving effective governance through robust manpower hiring processes, aligning compensation to performance, training and performance evaluation.
Neville M Dumasia is executive director and head — governance, risk and compliance services, and Ganesh Ramamurthy the director, centre of excellence — governance, risk and compliance services at KPMG. Views are personal.
