KUALA LUMPUR: Audit committee members of public-listed companies believe a better composition of independent directors and a better understanding of the companies' strategy and related risks are crucial.
The Audit Committee Institute Malaysia (ACI), which held six roundtables in the second half of 2009 with 154 directors, has identified some vital areas which would enhance the boards' effectiveness.
The virtual ACI, initiated by KPMG, found 39% of respondents believe there was a need of better board composition in terms of the right mix of directors, relevant experience and appropriate skill sets.
'This certainly underscores the importance of constant composition assessment, vis-''-vis the complexity of the group's operations not only in terms of directors, but also their skills and potential contributions,' according to the ACI Roundtable Highlights 2009 report released last week.
Compiled from the roundtable discussions, the findings showed 25% of the participants agreed that for a board to be more effective, it was crucial for the directors to understand the company's strategy and related risks.
KPMG partner David Lim Hun Soon said the ACI was a virtual institute that organised a series of roundtable discussions every year, focusing on contemporary and challenging issues, all with the view of enhancing the audit committee processes.
The theme of the discussions held in the second half of 2009 was entitled Reassessing risks in the wake of market turmoil, in particular after the global financial crisis and the collapse of Lehman Brothers.
Lim said the survey showed 14% were supportive of the need for improved board agendas such as a greater focus on 'what's important' and less on 'use of checklist' to develop a board charter.
The charter would formalise the schedule of matters reserved for board deliberation and decision to ensure the director of the company was in the board's hands.
Lim said the highlights also showed 97% of respondents stated the economic downturn caused their boards to reconsider the adequacy and effectiveness of their companies' governance processes for managing business risks.
The survey, he said, showed all respondents were confident their management had a good understanding of the company's risk profile.
Also, 97% of participants were confident their management understood the company's exposure to key third parties, such as customers, suppliers, partners, who may be in financial distress.
The effects of the economic downturn had largely caused 86% of participants to be concerned about the risks of delinquent receivables, reduced sales growth and declining margins.
The survey also showed 99% of participants were concerned about their companies' ability to maintain levels of competitiveness, which indicated the crucial need for companies to be more resilient.
Lim said the Blue Ribbon Commission (RBC) report, which was released in October last year under the auspices of the National Association of Corporate Directors of the US, had identified several crucial factors in ensuring efficient risk oversight.
They were the importance of integrating risk and strategy and aligning responsibilities across the full board.
The RBC report also had its 10 point 'to-do' list which included understanding risks posed by cost reduction, rethinking the audit committee's riole in risk oversight and preparing for potential impact of changes in regulatory requirements.
For more details of the Audit Committee Institute Malaysia, visit www.kpmg.com.my/aci/
This article appeared in The Edge Financial Daily, July 7, 2010.
''
Appendix 1
''
Building a more comprehensive risk oversight system
The Blue Ribbon Commision (BRC) believes that the following principles provide a foundation that boards can use to build a more comprehensive risk oversight system tailored to the specific needs of their respective companies:
1. Understand the company's key drivers of success
Effective oversight of risk, including constructive discussions with Management about risk, cannot take place unless directors have a solid understanding of the company's business and industry and continue to stay abreast of the issues and developments affecting the company
2. Assess the risk in the company's strategy
The board's or Audit Committee's oversight of risk should begin with assessing the appropriateness of the company's strategy and the risk that is inherent in that strategy and establishing the company's risk appetite
3. Define the role of the full board and its standing committees with regard to risk oversight
The BRC recommends that, as a general rule, the full board should have primary responsibility for risk oversight, with the board's standing committees (i.e. including Audit Committees) supporting the board by addressing the risks inherent in their respective areas of oversight
4. Consider whether the company's risk management system, including people and processes, is appropriate and has sufficient resources;
5. Work with Management to understand and agree on types (and format) of risk information that the board requires
Many directors express concern that the quality and quantity of the risk information they receive hinders their oversight efforts
6. Encourage a dynamic and constructive risk dialogue between Management and the board, including a willingness to challenge assumptions
The important question for every board is whether it has an engaged culture. Business leaders today understand that we have reached an inflection point for corporate governance. Management and the board act as a team, yet, effective oversight requires that directors understand and test Management's strategic assumptions, as well as its core risk assumptions and assessments. An open, participatory culture is essential
7. Closely monitor the potential risks in the company's culture and its incentive structure
Among the most critical risks facing any organisation today are the risks posed by its 'tone at the top', culture and incentive structure
8. Monitor critical alignments of strategy, risk, controls, compliance incentives and people
Understanding and strengthening these critical alignments is essential to the successful execution of strategy
9. Consider emerging and interrelated risks: what's around the next corner?
Beyond current strategic decisions, the board needs to look forward to understand elements in the environment ' macroeconomic, political, technological, demographic, climatic / environmental ' that may impact the conduct and effectiveness of the business in the future; and
10. Periodically assess the board's risk oversight processes: Do they enable the board to achieve its risk objectives?
Just as the board must monitor and test the effectiveness of Management's system for managing risks, it must also look closely at its own processes and capabilities to oversee risk.
Appendix 2
10 'To-Do' items for Audit Committees' Consideration in year 2010
1. Stamp its control over the Audit Committee agenda
The challenges posed by the economic downturn and changes to regulatory requirements ' declining demand/margins, surplus capacity, counterparty risks impairment, new financial reporting standards - have dominated Audit Committee agendas. As signs of recovery emerge, take the opportunity to develop more focused (yet flexible) agendas, with an eye on the company's key financial reporting risks. To improve the efficiency of Audit Committee meetings, insist on quality pre-meeting materials, spend less time on low value or checklist activities, and engage in discussions rather than merely listening to presentations. Do not let compliance activities crowd out substantive discussions. In short, look at doing more 'Question and Answers' sessions and less PowerPoint presentations. For guidance on key questions that may be posed to Management, reference may be made to the Corporate Governance Guide ' Towards Boardroom Excellence, a publication of Bursa Malaysia aimed to provide guidance to Directors of public listed companies in the discharge of their stewardship responsibilities.
2. Understand the risks posed by cost reductions made in response to the economic downturn
Cost cutting has, invariably, been a key response of most companies to the economic downturn. Every board and Audit Committee should be asking whether the company's delivery model has been changed permanently, and whether a 'cost-reduced' business model can be sustained. Did we cut too much? How quickly can we restore critical infrastructure such as IT and sales force? As companies cut costs and reduce their workforce, the control environment becomes even more critical and vulnerable. Now is not the time to cut back on the internal audit's budget. (Please refer to #6 below).
3. Focus closely on all financial communications
Earnings releases and scripts for financial analysts often pose more issues than the audited financials because they contain important business information ' which often does not come from the financial reporting system; is not audited; and may not be subject to the same level of internal controls as numbers coming from the financial reporting systems. If you have not already done so, given the uncertainties created by the economic downturn, reconsider the types of earnings guidance the company issues. Engage early-on in reviewing 2010 financial disclosures, particularly any new disclosures becoming effective due to new or revised reporting standards.
4. Continue to monitor fair value issues, impairments, and Management's assumptions underlying critical accounting estimates
These issues, together with going-concern challenges, will continue to be a major area of focus for Audit Committees. At the same time, there are important new financial reporting developments ' including changes in accounting for financial instruments, revenue recognition, business combinations and joint ventures that may require the Audit Committee's attention. Set aside time at each Audit Committee meeting for an in-depth discussion into the specific financial reporting developments impacting the company.
5. Rethink the Audit Committee's role in risk oversight'with an eye on narrowing the scope
The tremendous focus on risk today provides an opportunity for the board to reassess the Audit Committee's (and the other standing committees') role in overseeing risk. Does the Audit Committee have the expertise and time to deal with strategic, operational, and other risks? Is the expertise of other board members being leveraged upon? Audit Committees already have a lot on their plates with oversight of financial reporting risks.
6. Ensure internal audit is properly focused and fully utilised
Now that the internal audit function has been mandated for public listed companies, there is a need to refine internal auditor's role, and focus the activities of internal audit on key areas of risk, as well as risk management in general. Internal audit is not accountable or responsible for risk management, but it should be able to provide the relevant and necessary assurance to the Audit Committee with regard to the adequacy of the company's risk management processes, apart from the usual internal control issues. Internal audit is most effective when it is focused on risk. Accordingly, the internal audit plan should be risk-based and focus on critical risks to the business, not merely on compliance and financial risks. In fact, the internal audit would do well to cover governance, risk and controls in its scope of work and the competency of the internal auditors appraised on a periodic basis (Source: International Professional Practices Framework of the Institute of Internal Auditors, Inc). Where there is a dearth in expertise to assess specialized areas, e.g. safety, health & environment; engineering & maintenance; etc, the Audit Committee should consider deploying resources independent of the process owners, in liaison with the internal audit function, to provide the necessary assurance to assist the Audit Committee discharge its responsibilities.
7. Prepare for the potential impact of changes in regulatory requirements that have an implication on compliance, risk and processes
Major regulatory changes, for example the recent Bursa Malaysia's Listing Requirements for the Main and ACE Markets; new Financial Reporting Standards adopted in Malaysia and the impending convergence of International Financial Reporting Standards, targeted on 1 January 2012, as well as the Goods and Services Tax (replacing the Sales and Services Tax) to be implemented soon, are but some of the legislative changes that Audit Committees need to be apprised, especially on the company's compliance obligations thereof. These, in turn,may require new or modified compliance, risk, and governance oversight processes.
8. The economic downturn and its after effects continue to put pressure on fraud risk management programmes - be vigilant
The economic downturn has placed tremendous pressure on Management to achieve operating results. At the same time, cost cutting and workforce reductions may have exacerbated these pressures. How has the company treated its employees? How do they think they have been treated? A comprehensive review of the company's fraud risk management program, including the formalization of whistle blowing initiatives, may be in order. Having the right 'tone at the top', and throughout the organisation, is undeniably crucial to enable the board to be perceived 'walking the talk'.
9. Help to link change and risk - monitor critical alignments
Change may create risk. During times of dramatic change, the risk of misalignment of, in particular, the company's strategy, goals, risk, controls, compliance, incentives, and people, rises exponentially. Given its role in the oversight of risk, internal controls, compliance, and ultimately the impact of significant changes to the company's financials, the Audit Committee is in a unique position to help reduce the risk of misalignment.
10. Take a fresh look at the Audit Committee's composition and leadership
The Audit Committee's effectiveness and accountability hinge on meaningful self-assessment of the Audit Committee, both as a group and as individual members. Take a hard look at the Committee's composition, independence, and leadership. Are all the members financial literate as prescribed by the Best Practice of the Malaysian Code on Corporate Governance (Revised 2007)? Do the members keep abreast of changes in regulatory requirements that may affect the discharge of the Committee's responsibilities, e.g. the latest changes in Financial Reporting Standards that have a bearing on the company? Is the Committee aware of the coming into force of the Audit Oversight Board (formed by the Securities Commission), one of whose responsibilities is to conduct inspections and monitoring programmes on auditors (of public interest entities) to assess the degree of compliance of auditing and ethical standards? Is there a need for a 'fresh set of eyes'?
The Audit Committee Institute Malaysia (ACI), which held six roundtables in the second half of 2009 with 154 directors, has identified some vital areas which would enhance the boards' effectiveness.
The virtual ACI, initiated by KPMG, found 39% of respondents believe there was a need of better board composition in terms of the right mix of directors, relevant experience and appropriate skill sets.
'This certainly underscores the importance of constant composition assessment, vis-''-vis the complexity of the group's operations not only in terms of directors, but also their skills and potential contributions,' according to the ACI Roundtable Highlights 2009 report released last week.
Compiled from the roundtable discussions, the findings showed 25% of the participants agreed that for a board to be more effective, it was crucial for the directors to understand the company's strategy and related risks.
KPMG partner David Lim Hun Soon said the ACI was a virtual institute that organised a series of roundtable discussions every year, focusing on contemporary and challenging issues, all with the view of enhancing the audit committee processes.
The theme of the discussions held in the second half of 2009 was entitled Reassessing risks in the wake of market turmoil, in particular after the global financial crisis and the collapse of Lehman Brothers.
Lim said the survey showed 14% were supportive of the need for improved board agendas such as a greater focus on 'what's important' and less on 'use of checklist' to develop a board charter.
The charter would formalise the schedule of matters reserved for board deliberation and decision to ensure the director of the company was in the board's hands.
Lim said the highlights also showed 97% of respondents stated the economic downturn caused their boards to reconsider the adequacy and effectiveness of their companies' governance processes for managing business risks.
The survey, he said, showed all respondents were confident their management had a good understanding of the company's risk profile.
Also, 97% of participants were confident their management understood the company's exposure to key third parties, such as customers, suppliers, partners, who may be in financial distress.
The effects of the economic downturn had largely caused 86% of participants to be concerned about the risks of delinquent receivables, reduced sales growth and declining margins.
The survey also showed 99% of participants were concerned about their companies' ability to maintain levels of competitiveness, which indicated the crucial need for companies to be more resilient.
Lim said the Blue Ribbon Commission (RBC) report, which was released in October last year under the auspices of the National Association of Corporate Directors of the US, had identified several crucial factors in ensuring efficient risk oversight.
They were the importance of integrating risk and strategy and aligning responsibilities across the full board.
The RBC report also had its 10 point 'to-do' list which included understanding risks posed by cost reduction, rethinking the audit committee's riole in risk oversight and preparing for potential impact of changes in regulatory requirements.
For more details of the Audit Committee Institute Malaysia, visit www.kpmg.com.my/aci/
This article appeared in The Edge Financial Daily, July 7, 2010.
''
Appendix 1
''
Building a more comprehensive risk oversight system
The Blue Ribbon Commision (BRC) believes that the following principles provide a foundation that boards can use to build a more comprehensive risk oversight system tailored to the specific needs of their respective companies:
1. Understand the company's key drivers of success
Effective oversight of risk, including constructive discussions with Management about risk, cannot take place unless directors have a solid understanding of the company's business and industry and continue to stay abreast of the issues and developments affecting the company
2. Assess the risk in the company's strategy
The board's or Audit Committee's oversight of risk should begin with assessing the appropriateness of the company's strategy and the risk that is inherent in that strategy and establishing the company's risk appetite
3. Define the role of the full board and its standing committees with regard to risk oversight
The BRC recommends that, as a general rule, the full board should have primary responsibility for risk oversight, with the board's standing committees (i.e. including Audit Committees) supporting the board by addressing the risks inherent in their respective areas of oversight
4. Consider whether the company's risk management system, including people and processes, is appropriate and has sufficient resources;
5. Work with Management to understand and agree on types (and format) of risk information that the board requires
Many directors express concern that the quality and quantity of the risk information they receive hinders their oversight efforts
6. Encourage a dynamic and constructive risk dialogue between Management and the board, including a willingness to challenge assumptions
The important question for every board is whether it has an engaged culture. Business leaders today understand that we have reached an inflection point for corporate governance. Management and the board act as a team, yet, effective oversight requires that directors understand and test Management's strategic assumptions, as well as its core risk assumptions and assessments. An open, participatory culture is essential
7. Closely monitor the potential risks in the company's culture and its incentive structure
Among the most critical risks facing any organisation today are the risks posed by its 'tone at the top', culture and incentive structure
8. Monitor critical alignments of strategy, risk, controls, compliance incentives and people
Understanding and strengthening these critical alignments is essential to the successful execution of strategy
9. Consider emerging and interrelated risks: what's around the next corner?
Beyond current strategic decisions, the board needs to look forward to understand elements in the environment ' macroeconomic, political, technological, demographic, climatic / environmental ' that may impact the conduct and effectiveness of the business in the future; and
10. Periodically assess the board's risk oversight processes: Do they enable the board to achieve its risk objectives?
Just as the board must monitor and test the effectiveness of Management's system for managing risks, it must also look closely at its own processes and capabilities to oversee risk.
Appendix 2
10 'To-Do' items for Audit Committees' Consideration in year 2010
1. Stamp its control over the Audit Committee agenda
The challenges posed by the economic downturn and changes to regulatory requirements ' declining demand/margins, surplus capacity, counterparty risks impairment, new financial reporting standards - have dominated Audit Committee agendas. As signs of recovery emerge, take the opportunity to develop more focused (yet flexible) agendas, with an eye on the company's key financial reporting risks. To improve the efficiency of Audit Committee meetings, insist on quality pre-meeting materials, spend less time on low value or checklist activities, and engage in discussions rather than merely listening to presentations. Do not let compliance activities crowd out substantive discussions. In short, look at doing more 'Question and Answers' sessions and less PowerPoint presentations. For guidance on key questions that may be posed to Management, reference may be made to the Corporate Governance Guide ' Towards Boardroom Excellence, a publication of Bursa Malaysia aimed to provide guidance to Directors of public listed companies in the discharge of their stewardship responsibilities.
2. Understand the risks posed by cost reductions made in response to the economic downturn
Cost cutting has, invariably, been a key response of most companies to the economic downturn. Every board and Audit Committee should be asking whether the company's delivery model has been changed permanently, and whether a 'cost-reduced' business model can be sustained. Did we cut too much? How quickly can we restore critical infrastructure such as IT and sales force? As companies cut costs and reduce their workforce, the control environment becomes even more critical and vulnerable. Now is not the time to cut back on the internal audit's budget. (Please refer to #6 below).
3. Focus closely on all financial communications
Earnings releases and scripts for financial analysts often pose more issues than the audited financials because they contain important business information ' which often does not come from the financial reporting system; is not audited; and may not be subject to the same level of internal controls as numbers coming from the financial reporting systems. If you have not already done so, given the uncertainties created by the economic downturn, reconsider the types of earnings guidance the company issues. Engage early-on in reviewing 2010 financial disclosures, particularly any new disclosures becoming effective due to new or revised reporting standards.
4. Continue to monitor fair value issues, impairments, and Management's assumptions underlying critical accounting estimates
These issues, together with going-concern challenges, will continue to be a major area of focus for Audit Committees. At the same time, there are important new financial reporting developments ' including changes in accounting for financial instruments, revenue recognition, business combinations and joint ventures that may require the Audit Committee's attention. Set aside time at each Audit Committee meeting for an in-depth discussion into the specific financial reporting developments impacting the company.
5. Rethink the Audit Committee's role in risk oversight'with an eye on narrowing the scope
The tremendous focus on risk today provides an opportunity for the board to reassess the Audit Committee's (and the other standing committees') role in overseeing risk. Does the Audit Committee have the expertise and time to deal with strategic, operational, and other risks? Is the expertise of other board members being leveraged upon? Audit Committees already have a lot on their plates with oversight of financial reporting risks.
6. Ensure internal audit is properly focused and fully utilised
Now that the internal audit function has been mandated for public listed companies, there is a need to refine internal auditor's role, and focus the activities of internal audit on key areas of risk, as well as risk management in general. Internal audit is not accountable or responsible for risk management, but it should be able to provide the relevant and necessary assurance to the Audit Committee with regard to the adequacy of the company's risk management processes, apart from the usual internal control issues. Internal audit is most effective when it is focused on risk. Accordingly, the internal audit plan should be risk-based and focus on critical risks to the business, not merely on compliance and financial risks. In fact, the internal audit would do well to cover governance, risk and controls in its scope of work and the competency of the internal auditors appraised on a periodic basis (Source: International Professional Practices Framework of the Institute of Internal Auditors, Inc). Where there is a dearth in expertise to assess specialized areas, e.g. safety, health & environment; engineering & maintenance; etc, the Audit Committee should consider deploying resources independent of the process owners, in liaison with the internal audit function, to provide the necessary assurance to assist the Audit Committee discharge its responsibilities.
7. Prepare for the potential impact of changes in regulatory requirements that have an implication on compliance, risk and processes
Major regulatory changes, for example the recent Bursa Malaysia's Listing Requirements for the Main and ACE Markets; new Financial Reporting Standards adopted in Malaysia and the impending convergence of International Financial Reporting Standards, targeted on 1 January 2012, as well as the Goods and Services Tax (replacing the Sales and Services Tax) to be implemented soon, are but some of the legislative changes that Audit Committees need to be apprised, especially on the company's compliance obligations thereof. These, in turn,may require new or modified compliance, risk, and governance oversight processes.
8. The economic downturn and its after effects continue to put pressure on fraud risk management programmes - be vigilant
The economic downturn has placed tremendous pressure on Management to achieve operating results. At the same time, cost cutting and workforce reductions may have exacerbated these pressures. How has the company treated its employees? How do they think they have been treated? A comprehensive review of the company's fraud risk management program, including the formalization of whistle blowing initiatives, may be in order. Having the right 'tone at the top', and throughout the organisation, is undeniably crucial to enable the board to be perceived 'walking the talk'.
9. Help to link change and risk - monitor critical alignments
Change may create risk. During times of dramatic change, the risk of misalignment of, in particular, the company's strategy, goals, risk, controls, compliance, incentives, and people, rises exponentially. Given its role in the oversight of risk, internal controls, compliance, and ultimately the impact of significant changes to the company's financials, the Audit Committee is in a unique position to help reduce the risk of misalignment.
10. Take a fresh look at the Audit Committee's composition and leadership
The Audit Committee's effectiveness and accountability hinge on meaningful self-assessment of the Audit Committee, both as a group and as individual members. Take a hard look at the Committee's composition, independence, and leadership. Are all the members financial literate as prescribed by the Best Practice of the Malaysian Code on Corporate Governance (Revised 2007)? Do the members keep abreast of changes in regulatory requirements that may affect the discharge of the Committee's responsibilities, e.g. the latest changes in Financial Reporting Standards that have a bearing on the company? Is the Committee aware of the coming into force of the Audit Oversight Board (formed by the Securities Commission), one of whose responsibilities is to conduct inspections and monitoring programmes on auditors (of public interest entities) to assess the degree of compliance of auditing and ethical standards? Is there a need for a 'fresh set of eyes'?
No comments:
Post a Comment