ETHICS IN CORPORATE GOVERNANCE DAVID HALL PRESIDENT IIA JAMAICA - - PowerPoint PPT Presentation

ETHICS IN CORPORATE GOVERNANCE

DAVID HALL PRESIDENT IIA JAMAICA SEPTEMBER 30, 2013

AGENDA

• Definition of Corporate Governance
• Cornerstone of Corporate Governance
• Roles and responsibilities of the board
• Roles and responsibilities of the Audit Committee
• Roles and responsibilities of Executive Management
• Roles and responsibilities of the External Auditors
• Roles and responsibilities of Internal Auditors
• Definition of Ethics
• Why should the Board lead in Ethics
• Role of the Board specific to Ethics
• Auditors responsibilities as it relates to Ethics

AGENDA

• Questions for the Board
• Questions for management
• Audit Checklist

DEFINITION OF CORPORATE GOVERNANCE The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the Organization towards the achievement of its

• bjectives.

CORNERSTONES OF CORPORATE GOVERNANCE

ROLES AND RESPONSIBILITIES OF THE BOARD

• Set strategic values, ethics and direction
• Ensure sufficient human and financial

resources

• Appoint CEO
• Set compensation levels and framework
• Approve operating, fraud and risk

management policies

• Review management compliance to policies
• Monitor the performance of the company
• Public communication and disclosure

The board is responsible for determining, articulating and communicating the values and standards of the business, and for ensuring that the policies, procedures and controls in place act to embed, rather than hinder, ethical values throughout the business. Boards should demonstrate that they are committed to ethical standards and their application by the way they govern and conduct themselves. Members of boards should have personal integrity, as well as being champions of the company’s values.

The continual expression, communication and demonstration of ethical values and practice are essential if a board wishes its organisation to

• perate in line with its core values, and to enjoy the

benefits which doing business ethically can bring. At every opportunity, all directors should be encouraged to communicate the values and the importance of their application to the company. Communication is not just about words: “walking the talk” is important too.

The link has yet to be unequivocally made in corporate governance discourse that what is ethical is very often good for business, or at least that what is unethical generally impacts negatively on business. But for a company to be truly ethical, board members must also ensure that the board itself is governed with ethics in its mindset and at its heart

But new research from the Institute for Business Ethics – A Review of the Ethical Aspects of Corporate Governance Regulation and Guidance in the EU – has found that explicit reference to ethical principles and terminology has generally been absent from corporate governance guidance and regulation both at the EU level and within most member states

ROLES AND RESPONSIBILITIES OF THE AUDIT COMMITTEE

The Audit Committee is a sub-committee of the Board The Audit Committee exists to assist the board To maintain the organization‟s overall integrity, financial credibility and long term viability.

ROLE AND RESPONSIBILITIES OF EXECUTIVE MANAGEMENT The Executive Management Team prepares and guides the development of the company‟s processes and business

• perations and the company‟s common functions.

The Executive Management Team handles, in particular, the company's strategy, budget, major procurements and projects, the company‟s structure and organization as well as major policies of administration and the HR policy issues. Implement the Ethics program The Executive Management Team consists of the company's CEO/General Manager/Executive Director and senior management in charge of the functions of the company.

ROLES AND RESPONSIBILITIES OF EXTERNAL AUDITORS The external auditor's responsibility is to provide assurance to the general public regarding the truth and fairness of the information presented in the audit client's financial statements. Since the public relies heavily upon an audit opinion published by a public accounting firm to make investment decisions, it is imperative that they view accounting firms as being independent,

• bjective and free from the influence of

the audit client or any other parties.

INTERNAL AUDITING: AN OVERVIEW

THE IIA’S DEFINITION OF INTERNAL AUDITING

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an

• rganization‟s operations.

THE IIA’S DEFINITION OF INTERNAL AUDITING

It helps an organization accomplish its objectives by bringing :

• a systematic,
• disciplined approach to evaluate and improve
• the effectiveness of risk management,
• control,
• and governance processes.

TWO GOVERNING BODIES

Information Systems Audit & Control Association (ISACA) Institute of Internal Auditors (IIA)

INFORMATION TECHNOLOGY GOVERNANCE

• IT governance has been defined by the

Information Systems Audit & Control Association ( ISACA ) as:

• …the responsibility of executives and the board
• f directors.

It consists of the leadership,

• rganizational structures and processes that

ensure that the enterprise’s IT sustains and extends the organisation’s strategies and

• bjectives.

IT Governance : (i) Primarily determines how IT decisions are made, (ii) Who makes the decisions, (iii) Who is held accountable, and (iv) How the results of decisions are measured and monitored

ROLE AND RESPONSIBILITIES OF INTERNAL AUDIT

The Institute of Internal Auditors (IIA) International Professional Practices Framework (or known as the „Red Book‟) in its Standards states the following: Standard 2130: Role of the Internal Audit Activity and Internal Auditor in the Ethical Culture of an Organization The internal audit activity should assess and make appropriate recommendations for improving the governance process.

ROLE AND RESPONSIBILITIES OF INTERNAL AUDIT Internal auditors and the internal audit function should take an active role in support of the organization‟s ethical culture. Internal auditors possess a high level of trust and integrity within the organization They have the competence and capacity to appeal to the enterprise‟s leaders, managers, and other employees to comply with the legal, ethical, and societal responsibilities of the organization

DEFINITION OF ETHICS

Code of Ethics The Code of Ethics states the principles and expectations governing the behavior of individuals and organizations in the conduct of internal auditing. It describes the minimum requirements for conduct, and behavioral expectations rather than specific activities

DEFINITION OF ETHICS

The Professional Practices Framework

• 1. Integrity

Internal auditors: 1.1. Shall perform their work with honesty, diligence, and responsibility. 1.2. Shall observe the law and make disclosures expected by the law and the profession. 1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization. 1.4. Shall respect and contribute to the legitimate and ethical

• bjectives of the organization.

Objectivity Internal auditors 2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization. 2.2. Shall not accept anything that may impair or be presumed to impair their professional judgment. 2.3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review

Confidentiality Internal auditors: 3.1. Shall be prudent in the use and protection of information acquired in the course of their duties. 3.2. Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

Competence 4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience. 4.2. Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing (Standards). 4.3. Shall continually improve their proficiency and the effectiveness and quality of their services

Why Companies must set an appropriate tone at the top There was a time when a code of ethics was seen as a “nice to have” rather than a “must have,” that time is past. In today‟s complex business environment, companies must commit to building a culture of ethics and compliance – or risk censure from the market.

“Good corporate governance is predicated on the behaviour and ethics of every staff member,” asserts Jim Goodfellow, vice-chair and senior partner in charge of Deloitte‟s Corporate Governance practice. “While a code of ethics isn‟t mandated, several rulings recognize the necessity of fostering a culture of integrity by requiring that every public company disclose whether it has developed a code of ethics for its principal executives and senior financial officers.”

In encouraging this culture

• f integrity, both boards of

Directors and management play a key role.

The board’s role in developing a code of ethics Canadian Securities Administrators (CSA) national policy 58-201 recommends that boards adopt a written code of business conduct and ethics, which should apply to all directors,

• fficers and employees. The CSA suggests that

codes of ethics address: Conflicts of interest, including transactions and agreements in respect of which a director or executive officer has a material interest

• Protection and proper use of corporate assets and
• pportunities
• Confidentiality of corporate information
• Fair dealing with the issuer‟s security holders,

customers, suppliers, competitors and employees

• Compliance with laws, rules and regulations, and
• Reporting of any illegal or unethical behaviour
• The guidelines also recommend that boards be

responsible for monitoring compliance with the code.

Deloitte‟s – Centre for Corporate Governance Boards of directors have a lead responsibility for setting the “tone at the top” and ensuring that their

• rganizations establish ethical cultures supported by

strong compliance programs since compliance not only makes for good business, but in certain instances may also be required by law.

The board‟s oversight of organizational ethics and compliance programs should include :

• bserving the organization and its culture

reviewing the company‟s compliance and commitment to ethical behaviour confirming that ethics policies and procedures are communicated and accessible to all employees assessing compliance with the organization‟s ethics policies, and, defining an investigatory policy

Management’s role in implementing a code

• f ethics

To be effective, an ethics and compliance program requires senior management involvement, organization-wide commitment, an effective communications system and an

• ngoing monitoring system.

Management has a role to play in putting these elements into place.

.

What to include in a code of ethics Although there are no rules regarding elements to include in a code of ethics, best practices suggest including: An introductory letter from the senior leadership team that sets the “tone at the top” and stresses the importance of compliance The company‟s mission statement, vision, values and guiding principles

.

What to include in a code of ethics An ethical decision framework to help employees make choices A listing of available resources for obtaining guidance and for good faith reporting of suspected misconduct A listing of any additional ethics and compliance resources Enforcement and implementation mechanisms that address the notion of accountability and discipline for unethical behaviour

. Generic examples of what constitutes acceptable and unacceptable behaviour Key areas of risk unique to the organization and its industry

CISCO ‘s website Governance & Ethics Drawing on the experience and expertise of employees across Cisco, we promote responsible business practices at every level of the company. We strive to conduct business ethically, honestly, and in accordance with our Code of Business Conduct and we expect all partners to meet our high ethical standards. The message for each employee is clear: any success that is not achieved ethically is no success at all.

Intel Corporate Governance and Ethics

Doing what’s right

At Intel, we hold ourselves to the highest standards of corporate governance and business ethics. Our Intel Code of Conduct serves as a compass that guides the actions of our employees, directors, and business partners, ensuring consistent and uncompromising integrity as we build trusted relationships around the world.

The Group is committed to delivering the highest standards in boardroom practice and financial transparency through:

• Clear and open communications with investors
• Maintaining accurate financial records which

transparently and honestly reflect the financial position

• f our business
• Endeavouring to maximise shareholder returns
• Fostering an open, co-operative relationship with our

regulators. LONDON STOCK EXCHANGE GROUP

Visa has adopted a comprehensive Code of Business Conduct and Ethics, which serves as the foundation for how we conduct everyday business activities around the world. The code, available online, applies to all directors, officers, employees, and contingent staff and covers a wide range of business practices and standards. The Code requires personnel to engage in honest and ethical conduct in performing their duties, sets forth guidelines for the ethical handling of actual or apparent conflicts of interest between personal and professional relationships, and provides a mechanism for anyone inside or outside the company to report a suspected violation of the Code

VISA

QUESTIONS FOR THE BOARD AND MANAGEMENT

Yes No NA Yes No NA Yes No NA Yes No NA Yes No NA Yes No NA

Questions for Board Members 1.Are you satisfied that the CEO and management team imitate and practice the company‟s code of conduct? 2, Does the board oversee management‟s communication, monitoring, reinforcement and enforcement of the company‟s code of conduct?

• 3. Does the board have its eye on the warning signs
• 4. Is there a corporate governance code for the board setting forth its mission,

roles and responsibilities, charter, committees, rights of shareholders, and other relevant , matters?

• 5. Does the company operate in environments that might increase the exposure

to violations and issues, e.g., foreign operations or an industry that is struggling?

Questions for Management

• 1. Are you satisfied with the tone at the top? 2. Are the right messages being sent?
• 3. Do employees see clear evidence that management “walks the talk” with respect

to the company‟s code of conduct? How do you know?

• 4. Does the company have a written code of conduct? 5. Has it been updated recently?
• 6. If there is no written code, does management intend to create a code to address

applicable Sarbanes-Oxley and exchange listing requirements? Comment:

• 7. If the code has not been updated recently, has management considered the

requirements of the rules of Sarbanes-Oxley? Comment:

• 8. Is there an effective compliance infrastructure in place to reinforce and enforce the

code of conduct as well as ensure satisfactory follow-up on code violations?

AUDIT CHECKLIST

This checklist contains a set of questions that can be used when performing an ethics audit. Topics include: policies and procedures, communication, training, change management, violations, penalties and enforcement.

:

New Hire Policies Employee Handbook Code of Conduct/Ethics Policy IT and Internet Ethics Policy What are the duties of the Ethics Coordinator? Does a formal job description exist?

AUDIT CHECKLIST

(1) Policies and Procedures ( Do these exist ? )

AUDIT CHECKLIST

(2) Communication How are ethics policies communicated to new employees? Do employees sign to acknowledge that they read the policies? How are updated policies distributed to current employees? Are ethics policies available online ? How does the company ensure employee commitment to comply with ethics policies? Is there any link of ethical values and goals into the company mission and/or vision statement to show that values are integral to all company operations and planning?

AUDIT CHECKLIST

(3) Training Who is trained on the ethics policy (new employees, current employee and Board Members)? How is training conducted? How often is the training conducted for current employees and the Board? Is special training scheduled when policies change or a new policy is implemented? How is training tracked and monitored to ensure all employees are covered? How is training compliance enforced? What happens if employees miss scheduled trainings?

AUDIT CHECKLIST

(4) Change Management Who writes and updates policies? Who is responsible for the approval of new and updated policies? Code of Conduct/Ethics Policy/Employee Handbook Do all new or updated policies go to the Board for review and approval? Are the policies reviewed at least annually for necessary updates?

AUDIT CHECKLIST

(5) Violations

How can violations be reported? (state commission on ethics, internal means, fraud hotline). How are violations classified and prioritized for follow-up? (i.e. citizen vs. employee complaints, fraud versus non-fraud, EOE/Discrimination, use of company assets for personal gain, etc) How are violations tracked? Ask to see list of ALL open complaints/potential violations received during the past year through all channel. What is the process for handling complaints and violations? When is the Board informed of violations? How are whistleblowers given protection? Which components of the ethics policy are flexible and which are not?

AUDIT CHECKLIST

(6) Penalties/Enforcement How penalties are established for ethics violations? Are the penalties applied consistently? Have there been violations in the past where penalties were enforced? What are specific examples? Are there any state legal requirements for reporting violations?

DEFINITION OF ETHICS

“

THANK YOU

FRAUD DETECTIO

David Hall, BSc., MBA, CISA, CISM, CGEIT, JP President IIA, Jamaica