Chapter 3: Corporate governance

Chapter learning objectives

Upon completion of this chapter you will be able to:

  • Discuss the objective, relevance and importance of corporate governance;
  • Discuss the provisions of international codes of corporate governance that are most relevant to auditors;
  • Describe good corporate governance requirements relating to directors' responsibilities and the reporting responsibilities of auditors;
  • Analyse the structure and roles of audit committees and discuss their benefits and limitations; and
  • Explain the importance of internal control and risk management.

1 Introduction

In the year 2000 Enron, a US based energy company, employed 22,000people and reported revenues of $101 billion. In late 2001 they filedfor bankruptcy protection. After a lengthy investigation it was revealedthat Enron's financial statements were sustained substantially bysystematic, and creatively planned, accounting fraud.

In the wake of the fraud case the shares of Enron fell from over$90 each to just a few cents each, a number of directors were prosecutedand jailed and their auditors, Arthur Andersen, were accused ofobstruction of justice and forced to stop auditing public companies.This ruling against Arthur Andersen was overturned at a later date butthe damage was done and the firm ceased trading soon after.

This was just one of a number of high profile frauds to occur at the turn of the millennium.

The Enron scandal is an example of the abuse of the trust placed inthe management of publicly traded companies by investors. This abuse oftrust usually takes one of two forms:

  • the direct extraction from the company of excessive benefits by management, e.g. large salaries, pension entitlements, share options, use of company assets (jets, apartments etc.); and
  • manipulation of the share price by misrepresenting the company's profitability, usually so that shares in the company can be sold or options 'cashed in'.

In response regulators sought to change the rules surrounding thegovernance of companies, particularly publically owned ones. In the USthe Sarbanes Oxley Act (2002) introduced a set of rigorous corporategovernance laws and at the same time the Combined Code introduced a setof best practice corporate governance initiatives into the UK.

What is corporate governance?

Corporate governance is the means by which a company is operated and controlled.

The aim of corporate governance initiatives is to ensure thatcompanies are run well in the interests of their shareholders and thewider community. It concerns such matters as:

  • the responsibilities of directors;
  • the appropriate composition of the board of directors;
  • the necessity for good internal control;
  • the necessity for an audit committee; and
  • relationships with the external auditors.

It is particularly important for publicly traded companies becauselarge amounts of money are invested in them, either by 'small'shareholders, or from pension schemes and other financial institutions.The wealth of these companies significantly affects the health of theeconomies where their shares are traded.

The OECD Principles of Corporate Governance

Although there have always been well run companies as well as thosewhere scandals have occurred, the fact that scandals do occur has ledto the development of codes of practice for good corporate governance.

Often this is due to pressures exerted by stock exchanges. In 1999the Organisation for Economic Co-operation and Development, OECD,assisted with the development of their 'Principles of CorporateGovernance.' These were intended to:

  • Assist member and non-member governments in their efforts to evaluate and improve the legal, institutional and regulatory framework for corporate governance in their countries
  • Provide guidance and suggestions for stock exchanges, investors, corporations, and other parties that have a role in the process of developing good corporate governance.

The OECD principles were first published in 1999 and were revisedin 2004. Their focus is on publicly traded companies. However, to theextent they are deemed applicable, they are a useful tool to improvecorporate governance in non-traded companies.

There are six principles, each backed up by a number of subprinciples. The principles, and those sub-principles relevant to theauditor, are reproduced below.

The principles in detail

Structure of the Principles

The six Principles:

(i)Ensuring the basis for an effective corporate governance framework

The corporate governance framework should promote transparent andefficient markets, be consistent with the rule of law and clearlyarticulate the division of responsibilities among different supervisory,regulatory and enforcement authorities. In other words, making sureeveryone involved is aware of their individual responsibilities so noparty is in doubt as to what they are accountable for.

(ii) The rights of shareholders and key ownership functions

The corporate governance framework should protect and facilitatethe exercise of shareholders' rights. As we saw in chapter 1, thedirectors are the stewards of the company and should be acting in thebest interests of the shareholders. However, the existence of thecorporate collapses mentioned above proves that this isn't always thecase and shareholders need protecting from such people.

(iii)The equitable treatment of shareholders

The corporate governance framework should ensure the equitabletreatment of all shareholders, including minority and foreignshareholders. All shareholders should have the opportunity to obtaineffective redress for violation of their rights.

(iv)The role of stakeholders in corporate governance

The corporate governance framework should recognise the rights ofstakeholders established by law or through mutual agreements andencourage active co-operation between corporations and stakeholders increating wealth, jobs, and the sustainability of financially soundenterprise.

(v) Disclosure and transparency

The corporate governance framework should ensure that timely andaccurate disclosure is made on all material matters regarding thecorporation, including the financial situation, performance, ownershipand governance of the company. Therefore, the annual financialstatements should be produced on a timely basis and include all mattersof interest to the shareholders. For any matters of significance arisingduring the year, these should be communicated to the shareholders asappropriate.

(vi)The responsibilities of the board

The corporate governance framework should ensure the strategicguidance of the company, the effective monitoring of management by theboard, and the board's accountability to the company and theshareholders. The introduction of audit committees and non executivedirectors on the board is the usual way for monitoring management. Nonexecutive directors are not involved in the day to day running of thecompany and are therefore more independent. They can evaluate theeffectiveness of the executive board on its merits and make sure theyare carrying out their duties properly.

The OECD principles and the audit

Sub principle VC

'An annual audit should be conducted by an independent, competentand qualified auditor in order to provide an external and objectiveassurance to the board and shareholders that the financial statementsfairly represent the financial position and performance of the companyin all material respects.'

Sub principle VD

'External auditors should be accountable to the shareholders andowe a duty to the company to exercise due professional care in theconduct of the audit.'

The OECD principles and the board

Sub principle VI.D

  • Reviewing and guiding corporate strategy, major plans of action, risk policy, annual budgets and business plans; setting performance objectives; monitoring implementation and corporate performance, and overseeing major capital expenditures, acquisitions and divestitures.
  • Monitoring the effectiveness of the company's governance practices and making changes as needed.
  • Selecting, compensating, monitoring and, when necessary, replacing key executives and overseeing succession planning.
  • Aligning key executive and board remuneration with the longer term interests of the company and its shareholders ensuring a formal and transparent board nomination and election process.
  • Monitoring and managing potential conflicts of interest of management, board members and shareholders, including misuse of corporate assets and abuse in related party transactions.
  • Ensuring the integrity of the corporation's accounting and financial reporting systems, including the independent audit, and that appropriate systems of control are in place, in particular, systems for risk management, financial and operational control, and compliance with the law and relevant standards.
  • Overseeing the process of disclosure and communications.

The status of the OECD principles

  • The Principles represent a common basis that OECD Member countries consider essential for the development of good governance practice.
  • They are intended to be concise, understandable and accessible to the international community.
  • They are not intended to be a substitute for government or private sector initiatives to develop more detailed 'best practice' in governance.

2 Corporate governance in action

There are a number of principles of corporate governance that areglobally accepted as essential to the effective management of companies,particularly publically owned ones. These are:

  • Segregation between the roles of chairman and chief executive officer (CEO);
  • Non-executive directors;
  • Audit (and other) committees;
  • Risk management; and
  • Internal audit.

The roles of the board members

Segregation of Roles

Best practice recommends that the roles of Chairman and ChiefExecutive Officer should be held be different people to reduce the powerof prominent board members.

The chairman's role

  • Head of the non-executive directors.
  • Enables flow of information and discussion at board meetings.
  • Ensures satisfactory channels of communication with the external auditors.
  • Ensures the effective operation of sub-committees of the board.

The Chief executive's role

  • Ensures the effective operation of the company.
  • Head of the executive directors.

Non-executive directors

Non-executive directors are usually employed on a part-time basisand do not take part in the routine executive management of the company.Their role is as follows.

  • Participation at board meetings.
  • Provision of experience, insight and contacts to assist the board.
  • Membership of sub-committees as independent, knowledgeable parties.

Advantages of participation by non-executive directors

  • Oversight of the whole board.
  • Often act as a 'corporate conscience'.
  • They bring external expertise to the company.


  • They, and the sub-committees, may not be sufficiently well-informed or have time to fulfil the role competently.
  • They are subject to the accusation that they are staffed by an 'old boy' network and may fail to report significant problems and approve unjustified pay rises.

Enron provides a cautionary note as its audit committee provedincapable of preventing the wrongdoing of the executive directors.

Audit Committees

An audit committee is a committee consisting of non-executivedirectors which is able to view a company's affairs in a detached andindependent way and liaise effectively between the main board ofdirectors and the external auditors.

Best practice for listed companies:

  • The company should have an audit committee of at least three non-executive directors (or, in the case of smaller companies, two).
  • At least one member of the audit committee should have recent and relevant financial experience.

The objectives of the audit committee

  • Increasing public confidence in the credibility and objectivity of published financial information (including unaudited interim statements).
  • Assisting directors (particularly executive directors) in meeting their responsibilities in respect of financial reporting.
  • Strengthening the independent position of a company's external auditor by providing an additional channel of communication.

The function of the audit committee

  • Monitoring the integrity of the financial statements.
  • Reviewing the company's internal financial controls.
  • Monitoring and reviewing the effectiveness of the internal audit function.
  • Making recommendations in relation to the appointment and removal of the external auditor and their remuneration.
  • Reviewing and monitoring the external auditor's independence and objectivity and the effectiveness of the audit process.
  • Developing and implementing policy on the engagement of the external auditor to supply non-audit services.
  • Reviewing arrangements for confidential reporting by employees and investigation of possible improprieties ('Whistleblowing').

Benefits of having an audit committee

  • It provides the internal audit department with an independent reporting mechanism compared to reporting to the directors who may wish to hide or amend unfavourable internal audit reports.
  • The audit committee will assist the internal auditor by ensuring that recommendations in internal audit reports are actioned.
  • Shareholder and public confidence in published financial information is enhanced because it has been reviewed by an independent committee.
  • The committee helps the directors fulfil any obligations under corporate governance to implement and maintain an appropriate system of internal control within the company.
  • The committee should assist in providing better communication between the directors, external auditors and management arranging meetings with the external auditor.
  • Strengthens the independence of company's external auditor by providing a clear reporting structure and separate appointment mechanism from the board.


Audit committees may lead to:

  • fear that their purpose is to catch management out
  • non-executive directors being over-burdened with detail
  • a 'two-tier' board of directors
  • additional cost in terms, at least, of time involved.

The audit committee and internal audit

Clearly, the functions of the audit committee are quitewide-reaching, therefore, it may be necessary to establish an internalaudit function in order to help them fulfil their responsibilities.

Best practice is that the audit committee should:

  • Ensure that the internal auditor has direct access to the board chairman and to the audit committee and is accountable to the audit committee.
  • Review and assess the annual internal audit work plan.
  • Receive periodic reports on the results of internal audit work.
  • Review and monitor management's responsiveness to the internal auditor's findings and recommendations.
  • Meet with the head of internal audit at least once a year without the presence of management.
  • Monitor and assess the effectiveness of internal audit in the overall context of the company's risk management system.

3 Risk management

Risk management

Companies face many risks, for example:

  • The risk that products may become technologically obsolete.
  • The risk of losing key staff.
  • The risk of a catastrophic failure of IT systems.
  • The risk of changes in government policy.
  • The risk of fire or natural disaster.

Companies therefore need to:

  • Identify potential risks and
  • Decide on appropriate ways to minimise those risks.

Risk management in practice

Risks can arise from many sources and be of various natures, e.g. operational, financial, legal.

Companies need mechanisms in place to identify and then assessthose risks. In so doing companies can rank risks in terms of theirrelative importance by scoring them with regard to their likelihood andpotential impact. This could take the form of a 'risk map':

A risk that ranked as highly likely to occur and high potentialimpact on the business would be prioritised as requiring immediateaction. A risk that was considered both low likelihood and low impactmight simply be ignored or, simply insured against.

Ways of managing exposure to risk include:

  • insuring against it;
  • implementing internal procedures and controls (e.g. training) to minimise the risk of occurrence;
  • discontinuing especially risky activities; and
  • simply accepting the risk as inevitable but trivial.

Internal controls and risk management

One way of minimising risk is to incorporate internal controls into a company's systems and procedures.

It is the director's responsibility to implement internal controls and monitor their application and effectiveness.

Auditors are not responsible for the design and implementation oftheir clients' control systems. Auditors have to assess theeffectiveness of controls for reducing the risk of material misstatementof the financial statements. They incorporate this into their overallrisk assessment, which allows them to design their further auditprocedures. This concept of audit risk assessment is considered in detail in later chapters.

In addition to this auditors are required, in accordance with ISA 265,to report significant deficiencies in client controls identified duringthe audit to those charged with governance. This is discussed ingreater detail in the reporting chapter.

Risk management and internal controls

The risks considered by management are numerous. They come fromboth external environmental sources and internal operational ones. Themain aim of risk management is to protect the business from unforeseencircumstances that could negatively impact the profitability of thecompany and stop it achieving its strategic goals.

However, the main controls considered throughout this text andthose in relation to the financial frauds discussed earlier arefinancial ones. The main aims of financial controls are to:

  • reduce the risk that the financial statements contain misstatement, whether due to fraud or error; and
  • reduce the risk of theft, or misuse, of the company's assets.

UK Syllabus Focus

FSA Listing Rules

The 'UK Corporate Governance Code' (formerly "the Combined Code"and last updated in June 2010) adopts what is commonly referred to asthe comply or explain approach. It is not a rigid (or enforced) setof rules. Instead it consists of principles (main and supporting) andprovisions.

In the UK all companies quoted on the stock exchange have to complywith the FSA listing rules. These include a requirement that allcompanies include in their annual report:

  • a statement of how the company has applied the main principles set out in the Code; and
  • a statement as to whether the company has complied with all relevant provisions set out in the Code.

The main provisions of the Code are:


  • Every company should be headed by an effective board with collective responsibility;
  • There should be a clear division of responsibilities between the Chairman and the Chief Executive;
  • No one individual should have unfettered powers of decision; and
  • Non-executive directors should constructively challenge and help develop proposals on strategy.


  • The board should have the appropriate balance of skills, experience, independence and knowledge;
  • There should be a formal, rigorous and transparent procedure for the appointment of new directors;
  • All directors should receive induction and should regularly update and refresh their skills and knowledge;
  • The board should be supplied with quality and timely information to enable it to discharge its duties;
  • The board and individuals should be subject to a formal and rigorous annual evaluation of performance; and
  • All directors should be submitted for re-election at regular intervals.


  • The board should present a balanced and understandable assessment of the company's position and prospects;
  • The board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives;
  • The board should maintain sound risk management and internal control systems; and
  • The board should establish formal and transparent arrangements for corporate reporting and risk management and internal control principles and for maintaining an appropriate relationship with the company's auditor.


  • This should be sufficient to attract, retain and motivate directors of the quality required to run the company successfully, but should not be excessive;
  • A significant proportion this should be structured so as to link rewards to corporate and individual performance;
  • There should be a formal and transparent procedure for developing policy on executive remuneration; and
  • No director should be involved in deciding his or her own remuneration.

Relations with Shareholders

  • There should be a dialogue with shareholders based on the mutual understanding of objectives;
  • The board as a whole has responsibility for ensuring that a satisfactory dialogue with shareholders takes place; and
  • The board should use the AGM to communicate with investors and to encourage their participation.

Test your understanding 1

(1)What is meant by corporate governance?

(3 marks)

(2)Why are external auditors interested in corporate governance?

(3 marks)

(3)What are the key things the OECD principles are intended to deliver?

(5 marks)

(4)Explain the difference between a unitary board of directors and a two-tier board.

(2 marks)

(5)Who should make up a typical audit committee?

(1 mark)

(6)What is the committee's role?

(2 marks)

(7)Why would a company need an audit committee if it has a good relationship with its external auditors?

(4 marks)

(8)A company has identified one of its major risks as loss of key staff. Explain:

(a)what they should do as a result of this?

(b)how they might reduce or even eliminate the risk?

(c)why the auditor is interested in this, given that it is not a direct financial risk?

(5 marks)

(Total: 25 marks)

4 Chapter summary

Test your understanding answers

Test your understanding 1

Created at 5/24/2012 2:34 PM  by System Account  (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
Last modified at 5/25/2012 12:54 PM  by System Account  (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London

Rating :

Ratings & Comments  (Click the stars to rate the page)


Recent Discussions

There are no items to show in this view.