Corporate Governance

Week 6

Define Corporate Governance

"a process by which the owners and creditors

of an organization exert control and require
accountability for the resources entrusted to
the organization. The owners (shareholders)
elect a board of directors to provide
oversight of the organization's activities"




Board of Directors


Operating management
Primary parties involved in
corporate governance
Boards of Directors
Audit Committees of the Board
Self-Regulatory Accounting Organizations (e.g.
Other Self-Regulatory Organizations (e.g.
Regulatory Agencies (e.g. Securities Commission)
External Auditors
Internal Auditors

Shareholders – Failure in CG

 Responsibility:
 Effective oversight through election of
BOD, approve major decisions, buy/sell
 Failures:
 Focused on ST prices
 Failed to perform LT growth analysis
 Surrendered responsibilities to
management as long as share price

Board of Directors – Failure in CG

 Responsibility:
 Directly accountable to shareholders

 Failures:
 Inadequate oversight of management
 Approval of mgt’s compensation plans, esp
those which include share options
 Election of directors which are not
 Insufficient time in performing duties
 Continually repriced share options when
market price declined
Management – Failure in CG
 Responsibility:
 Operations & accountability - formulating
strategy & risk, implementing internal controls,
financial & other reports to stakeholders
 Failures:
 Earnings management to meet analysts’
 Fraudulent financial reporting
 Pushing accounting concepts to achieve
reporting objective
 Viewed accounting as a tool, not a framework,
for accurate reporting
Audit Committee – Failure in CG
 Responsibility:
 Oversight of internal & external audit
function & the preparing of annual FS &
public reports on internal control.
 Failures:
 No expertise or time to provide effective
 Were not viewed by the auditor as the “audit
client”. The power to hire/fire often rested
with the management.

Self-regulatory accounting
organisations – Failure in CG
 Responsibility:
 Setting accounting/auditing standards that
determine underlying financial reporting/
auditing concepts, set expectations of audit &
accounting quality
 Failures:
 Too rule-oriented in response to complex
economic transactions

Other self-regulatory organisations
- Failure in CG

 Responsibility:
 Ensuring efficiency of the financial markets,
including oversight of trading & companies
that are allowed to trade on the exchange
 Failures:
 Pushed for improvements for better CG by
its members, but failed to implement those
same procedures for its governing board &

Regulatory agencies – Failure in CG
 Responsibility:
 Ensuring accuracy, timeliness & fairness of
public reporting of financial & other info for
 Failures:
 Identified problems but not provided with
sufficient resources by Govt to deal with the

External auditors – Failure in CG
 Responsibility:
 Performing audits of FS to ensure that they are
free of material misstatements, including those that
may be due to fraud
 Failures:
 Pushed accounting concepts to help orgns boost
 Promoted personnel based on ability to “cross-sell”
 Failed to uncover basic frauds, e.g. Worldcom &
HealthSouth because fundamental audit
procedures were not performed

Internal auditors – Failure in CG
 Responsibility:
 Performing audits of companies for compliance
with company policies & laws, efficiency audits,
audits to determine accuracy of financial
reporting process
 Failures:
 Focused efforts on operational audits & left
financial reporting to external auditors
 Reported results to management with little
effective reporting to audit committee
 In some instances (Worldcom, HealthSouth),
did not have access to the corporate FS
What are SEC concerns regarding
the auditing profession? (US)
 Auditors were no longer willing to
confront clients over questionable
accounting practices
 Consulting fees were impairing auditor
 Accountants were using technical
interpretations of GAAP to push the
limits of accounting
What are the Public Oversight Board
(POB) concerns? (US)
 Analytical procedures used inappropriately to
replace direct tests of account balances
 Audit firms not thoroughly evaluating internal
control and applying substantive procedures to
address weaknesses in control
 Audit documentation, especially related to audit
planning, did not meet professional standards
 Auditors ignored warning signs of fraud and other
 Auditors were not providing sufficient warning
about companies that might not continue as 'going
Sarbanes-Oxley Act 2002 –
PCAOB’s authority & powers (US)
 Establishes the Public Companies Accounting Oversight Board
(PCAOB) with broad authority, including the power to set
auditing standards for audits of plcs
 Authority & powers:
 Set auditing standards - the PCAOB has chosen to set auditing
 Set financial accounting standards - the PCAOB has chosen to
let the FASB continue to set accounting standards
 Set standards for the reports on internal control and risk
 Perform quality reviews of public accounting firms and
recommend penalties if the firms fail to perform
 Establish quality control standards for the audits of public
 Require all public accounting firms that audit plcs to register
with the PCAOB and become licensed to perform such audits

SOX - auditor independence provisions?

 Prohibits audit firms from performing consulting work

for their audit clients (in most cases)
 Makes the Audit Committee the auditor's client
 Requires the Audit Committee to pre-approve any non-
audit services by the audit firm, e.g. tax planning
 Audit engagement partners, as well as other partners
and managers with significant roles in the audit, must be
rotated off the engagement every 5 years for plc’s
 A "cooling off" period before an audit partner or
manager can take a high-level position with an audit
client without jeopardizing the independence of the
public accounting firm
 Auditors must report on internal controls

SOX - Management

 Requires the CEO and CFO to certify the accuracy of

the financial statements and provides criminal
penalties for misrepresentation
 Requires management to describe whether they have
implemented a Corporate Code of Conduct
 Requires management to report on the effectiveness of
internal control over financial reporting
 Increased disclosure of "off-balance sheet"
transactions or agreements that may have a material

SOX – Audit Committees
 All PLCs must have a fully independent Audit Committee
 Is designated as the audit client
 Has oversight responsibilities over the internal audit and
financial reporting processes
 Must be comprised of "outside" directors, i.e. not members of
management or have other relationships with the organization
 Must have at least 1 person who is a financial expert. Other
members must be knowledgeable in financial accounting and
 Must report on its activities to public, including the results of
significant discussions with the external auditor

SOX - Audit committee responsibilities
 Be appraised of all significant accounting decisions
made by management
 Be appraised of all significant changes in accounting
systems and system controls
 Have authority to hire and fire the external auditor
 Review the audit plan and discuss audit results with
the auditor
 Have authority to hire and fire the head of the
internal audit function and set the budget for the
internal audit function
 Review the audit plan and discuss all significant
 Receive all regulatory audit reports and meet with
regulatory auditors to discuss findings

SOX - Required communications to the
audit committee (US)
 Auditing standards (SAS 61) require specific
communications between the audit committee and
the external auditor:
 Auditor's responsibility under Generally Accepted
Auditing Standards
 Significant Accounting Policies
 Management Judgments and Accounting
 Significant Audit Adjustments
 Other Information in Annual Reports
 Disagreements with Management

Protections for Corporate Whistleblowers
under Sarbanes- Oxley
 Civil liability whistleblower protection
 Creates civil liability for companies that retaliate against

 Protects only employees of publicly traded companies
 The employee must report the suspected misconduct to a

federal regulatory or law enforcement agency, a member

of Congress or committee of Congress, or a supervisor
 Employees are protected against retaliation for filing,

testifying in, participating in, or otherwise assisting in a

proceeding filed or about to be filed
 Protected even if the company is ultimately found not to

have committed securities fraud

Protections for Corporate Whistleblowers
under Sarbanes- Oxley
 Criminal liability whistleblower protection
 Makes it a crime to knowingly, with the intent to

retaliate, take any harmful action against a person for

providing truthful information relating to the commission
or possible commission of any federal offense
 Information must be provided to a law enforcement

officer in order for protection to be triggered

 Broader than the civil liability protections

 Protections covers all individuals regardless of where

they work

Corporate governance in Malaysia
 Establishment of Securities Commission in 1993 to
regulate the market, CG
 Financial Reporting Act, 1997 --> introduces
accountability & transparency in the regulatory
 Finance Committee on Corporate Governance
established, issued The Finance Committee Report
on CG (1999), sets out…
 The Malaysian Code on Corporate Governance 
principles & best practices for good governance by

The Finance Committee Report on
Corporate Governance
 Strengthening laws over shareholder rights,
director duties, duties of other corporate
participants (with emphasis on RPT’s)
 Enhancing disclosure & transparency
 Promoting effective enforcement
 Development of a Malaysian Code of Best
Practices in CG  restructure BOD
composition, more effective
 Identification of training & education needs of
directors, other key corporate participants &

Malaysian Code of Best Practices in CG
 Set by the Malaysian Institute of Corporate
Governance (MICG)
 MICG comprised of:
(a) The Federation of Public Listed Companies
(b) MIA
(e) The Malaysian Institute of Directors
 Improvement of BOD composition – independent
directors, independence of working
 Increase in efficiency & accountability of BOD’s –
independent & seen to be independent

Malaysian Code of Best Practices in CG
 Enforcement by Bursa Malaysia in Revamp
Listing Requirements 2001.
 Requirements for companies to disclose in
(a) How have companies applied the principles set
out in the Code?
(b) To what extent have they complied with best
practices in the Code (with justification for
(c) To set out dates when the Code would be
complied with

Recommendations of Finance
Committee Report
 Every plc should be headed by an effective BOD
which should lead & control the company
 BOD should have a balance of executive & non-exec
directors (including independent non-execs) such that
no individual or small group can dominate decision-
 Timely & high quality information should be
supplied to the BOD to enable decision making
 Formal & transparent procedures:
 For appointment of new directors
 All directors to submit themselves for re-election at
regular intervals, & at least every 3 years
 Annual Report should contain details of directors’
Recommendations of Finance
Committee Report (Contd.)
 Companies should use the AGM to
communicate with shareholders & encourage
their participation
 Audit Committees:
 Each plc to establish an AC of at least 3 non-
exec directors (majority of them independent),
with written terms of reference which deal
clearly with its authority & duties
 Chairman should be an independent non-
executive director

Recommendations of Finance
Committee Report (Contd.)
 Audit Committees – duties (Contd.):
 Consider the appointment of external auditor, audit fee,
questions of resignation/dismissal
 Discuss with external auditor before audit commences,
the nature & scope of audit. Ensure co-ordination where
more than 1 audit firm is involved.
 Review half-year & annual FS, focusing on changes in
accounting policies/practices, significant adjustments
arising from audit, going concern assumption,
compliance with standards & other legal requirements
 Discuss problems & reservations arising from interim &
final audits, and any other matter the auditor wants to
discuss (in absence of mgt where necessary)
 Review external auditor’s management letter & mgt’s
Recommendations of Finance
Committee Report (Contd.)
 Audit Committees – duties (Contd.):
 Where an internal audit function exists, to
ensure that it is adequately resourced & has
appropriate standing in the company.
 To review the IA programme
 Consider RPT’s
 Consider major findings of internal
investigations & mgt’s response
 Consider other topics as defined by the BOD

Recommendations of Finance
Committee Report (Contd.)
 Audit Committee meetings
 Shall be attended by a representative of the IA function
& external auditors
 Other BOD members may attend meetings at the
invitation of the AC
 At least once a year, the AC will meet with external
auditors without the presence of executive BOD
 Companies should consider having an IA function
 External auditors should communicate matters of
governance to those in charge (ISA 260)

Recommendations of Finance
Committee Report (Contd.)
 Directors’ Report on Internal Control
 Directors should report on internal controls
 Auditors should report on the effectiveness of
the controls
 Annual Report should contain a statement of
how the company applies CG principles &
explanation of policies. Also include
circumstances justifying departure from best

