© 2012 deloitte touche tohmatsu apac corporate governance: its applicability to the public sector...
TRANSCRIPT
© 2012 Deloitte Touche Tohmatsu
APACCorporate Governance: Its Applicability to the Public Sector
August 2012*The Eastern Cape town of Butterworth, where the Mquma Council does not collect garbage and can't pay for its water to be purified
©2012 Deloitte LLP. All rights reserved.
What is Corporate Governance?
Why is it important for companies to implement good governance
The areas of King III
Governance requirements in the Public Sector
The differences between governance in the public and private sectors
The inter-relationship between the Board and Management in implementing good governance
Conclusion
© 2012 Deloitte Touche Tohmatsu
Definition – Corporate Governance“The system by which corporations are directed and controlled”
“Corporate governance is all those structures, systems, processes, procedures, and controls within an organisation, at both board of directors level and within the management structures of the organisation, that are designed to ensure that this organisation achieves its business objectives. That it does so within sensible risk management parameters; and that it does so efficiently, effectively, ethically and equitably”
“Corporate governance is concerned with holding the balance between economic goals and between individual and communal goals…the aim is to
align as nearly as possible the interests of individuals, corporations and society.”
Sir Adrian CadburyCorporate Governance Overview, 1999
[World Bank Report]
© 2012 Deloitte Touche Tohmatsu
Corporate failures led to questioning:
Which has resulted in:
• Increasing transparency and accountability
• Demands of “corporate citizenship”
• Expectations of protection and growth of shareholder value
These issues are true of the public sector today!
Effectiveness of boards Accountability of directors
Directors’ remuneration White collar crime
Risk assessment and management processes Financial reporting
Effectiveness of audits
Why Focus on Corporate Governance?
© 2012 Deloitte Touche Tohmatsu
History of Corporate Governance
Collapse of the Maxwell publishing empire in the late 1980s - direct catalyst for the publication of the Cadbury Report on Corporate Governance in the UK in 1992
Corporate Governance in South was first institutionalised 1994 - the first King Report on Governance
SA Constitution promulgated 1996 – protection of Human Rights and rights of Citizens
The collapse of Enron and WorldCom in 2002 precipitated the enactment of the Sarbanes-Oxley Act (SOX) in the US later that year
King III published 2002 placing South Africa at the forefront of countries regulating in favour of a superior governance standards
Protocol on Corporate Governance in the Public Sector released 2002
PFMA, MFMA and Treasury Regulations included governance principles
King III was released was released by the Institute of Directors in September 2009, and became effective for Companies from March 2010
JSE listing requirements require compliance with King III
Companies Act, 2008 released 1 May 2011
© 2012 Deloitte Touche Tohmatsu
Objectives – Corporate Governance
An Inclusive approach:
• Good business/ organisational management
• Good performance/delivery
• Good relations with shareholders
• Good consideration for staff
• Good relations with trading partners
• Good social and environmental practices
• Good compliance with laws & regulations
© 2012 Deloitte Touche Tohmatsu
Corporate Governance Pillars
Primary characteristics to be embedded
Discipline – universally accepted behaviourTransparency – candid, accurate, timely informationIndependence – no board/committee conflicts (of interest)Accountability – by law/statute to companyResponsibility – to relevant stakeholdersFairness – current & future interests/minoritiesSocial responsibility – not discriminatory or exploitive
environmentally and personally
© 2012 Deloitte Touche Tohmatsu
Corporate Governance
Other essential elements:
• STRUCTURE
Beyond structure, towards:
• PROCESS
….
© 2012 Deloitte Touche Tohmatsu
Evolution of Corporate Governance
From : Structures, … Basics and Appearances
To : Processes and Procedures … Effectiveness and Value
To : Ethics, Values, Culture and Corporate Integrity
© 2012 Deloitte Touche Tohmatsu
So What is Corporate Governance?
Corporate Governance is essentially about:
• Best business practice• Enhancing organisational performance and
wellbeing• Adding shareholder and stakeholder value
These principles can be and are applied in the public sector!
© 2012 Deloitte Touche Tohmatsu
Corporate Governance Framework
Governance
Assurance
Str
ateg
y P
erform
ance &
Re
po
rting
Risk aligned, integrated, efficient, effective, sustainable
Administration Operating Framework
Risk management
Control frameworkProgram management Financial Operational IT infrastructure
Legal & regulatory compliance IT applications & data management
Framework
Strategic risk Financial risks
Reputational risk
Technology / Data risk Project risk
Regulatory / Legal risks Tax riskFraud risk
Tools Culture ReportingMonitoring
Charters
Operating model
Delegated Authority
CommitteesPolicies
Structure / composition Ethics / Conduct Reporting
Response
Risk mitigation strategies
Council & Oversight Mayoral Committee &monitoring
Monitoring & Evaluation
© 2012 Deloitte Touche Tohmatsu
King III requires corporate institutions to ‘apply or explain’ – Code of governance
principles for corporate institutions (not only companies)
King II provided for ‘comply or explain’
King III does not follow the Sarbanes-Oxley approach of ‘comply or else’
Directors need to apply the best practice principles, or explain to shareholders
why they opted not to
‘Must’ and ‘Should’
Result: Every decision counts!
Liability in terms of Companies Act
OR
Explain decision to shareholders
Shareholder/stakeholder activism
King III - Compliance with Corporate Governance Principles
© 2012 Deloitte Touche Tohmatsu
• Applies to all entities regardless of the manner and form of incorporation or establishment
and whether in the public, private sectors or non-profit sectors.
• Drafted so that every entity can apply the principles and, in doing so, achieve good
governance.
King III provides guidance to all corporate entities on various governance related aspects,
including different chapters on:
Ethical leadership and corporate citizenship (3 Principles)
Boards and directors (27)
Audit committees (10)
The governance of risk (10)
The governance of information technology (IT) (7)
Compliance with laws, rules, codes and standards (4)
Internal audit (5)
Governing stakeholder relationships (6)
Integrated reporting and disclosure (3)
King III - Overview of Chapters
© 2012 Deloitte Touche Tohmatsu
King III emphasises sustainability
Natural Capital: Environmental sustainability (resource
management with an eye on future needs)
Social Capital: Social responsibility (ensuring a positive impact
on the community within which the company operates)
Human Capital: Respect for human rights
Financial Capital: Economic Performance
Profit , people and planet
King III - Key Focus Area
© 2012 Deloitte Touche Tohmatsu
King III - Key Focus Areas
Effective management of stakeholder relationships (including alternative dispute resolution)
Business sustainability
Integration of strategy, sustainability and governance
Strategy, risks, performance and sustainability have
become intrinsically linked ... governance
Hence ... Integrated reporting and disclosure
© 2012 Deloitte Touche Tohmatsu
King III - Ethical Leadership and Corporate Citizenship
• The Board should provide effective leadership based on an ethical foundation.Good corporate governance is essentially about effective, responsible leadership. Responsible leadership is characterised by the ethical values of responsibility, accountability, fairness and transparency.
• The board should ensure that the company is and is seen to be a responsible corporate citizen.Responsibility to also ensure performance is within the triple context in which the organization operates: economic, social and environmental.
• The board should ensure that the company’s ethics are managed effectively.Building and sustaining an ethical corporate culture requires ethical leadership. An ethical leader is a role model for the company’s stakeholders by making ethics explicit, legitimising ethics discourse, encouraging ethical conduct in others, and holding others accountable for the ethics of their conduct.
© 2012 Deloitte Touche Tohmatsu
King III – The Board
Board is the focal point and custodian of good governance
27 principles relating to Boards and Directors
11 of these principles cross reference to other Chapters
Sound ethics, good corporate citizen, effective independent audit
committee, governance of risk, incl IT risk and governance, compliance
with laws, codes, etc., effective risk based internal audit, stakeholder
relations and management, integrity of integrated reporting,
effectiveness of internal controls
Independent non-executive chairman ... Not the CEO
CEO appointment and delegation of authority
© 2012 Deloitte Touche Tohmatsu
King III - Boards and Directors
Composition of the board (execs, non-execs, independent non-
execs)
Minimum 2 execs
Majority non-execs ... Majority independent
Board appointment process formalised ... Nominations committee
Director orientation and induction, ongoing development and
learning
Assisted by competent company secretary
Mandatory for public and state owned companies ... Companies Act
Board, committees and director performance assessment
© 2012 Deloitte Touche Tohmatsu
Accountability Structures
“Corporate governance is all those structures, systems, processes, procedures, and controls within an organisation, at both oversight/monitoring level and within the management structures of the organisation, that are designed to ensure that this organisation achieves its business objectives. That it does so within sensible risk management parameters; and that it does so efficiently, effectively, ethically and equitably.”
Oversight accountability
Direction, leadership, guidance, independence, objectivity, external experience, policy, strategy, review, monitor, oversee
Management accountability
Execute, do, deliver, manage, evaluate, implement, run operations, performance, output,Results
Practical Realities and Challenges
• Role of Board of Directors• Role of Executive Management• Role of Chairman of the Board• Role of Chief Executive Officer
© 2012 Deloitte Touche Tohmatsu
The concept of Board oversight is and can be applied in the Public Sector
• National Government - Parliament (legislature), Cabinet (executive arm) and National Departments.
• Provincial Government – Provincial Legislatures (law making), Premier and Provincial Cabinet (executive) and Provincial Departments.
• Local Government – Council (legislature), Mayoral Committee (executive), Administration.
• Legislative Arm – key responsibilities are make laws, exercise oversight and ensure the involvement of the citizens in legislative processes.Whilst incorporating accountability, transparency, and representivity.
• Executive Arm – key responsibilities are enforcing laws made by legislature, implementation of policies, preparing budgets, responsible for all executive functions.
State owned Companies/Entities – most aligned to private sector governance models.
©2009 Deloitte LLP. All rights reserved.21
What does “separation of powers” mean?
• The Legislative, Executive and Judicial branches are equal because they derive their powers from the same common sovereign through the Constitution.
• The 3 branches are coordinate because they cannot simply ignore the acts done by the other branches as nugatory and not binding.
• “Checks and Balances” which are created by the separation of powers can be explained as follows:• The terms “checks” refers to the ability, right and responsibility of each
branch to monitor the activation of the other. • “Balances” refers to the ability of each branch to use Constitutional authority
to limit or restrain the power of the others.• Our Constitution establishes 3 independent and co-equal branches (Legislature,
Executive and Judicial) balancing each others power and authority.
Legislative branch Executive branch Judicial branch
CONSTITUTION Supreme law of RSA
© 2012 Deloitte Touche Tohmatsu
Portfolio Committees and the role of the Public Accounts Committee
The Standing Committee on Public Accounts (SCOPA) fulfils the responsibility of reviewing the audit reports of the Auditor General. This Committee plays an important and specialised role of being the protector of public monies. In fulfilling this role the Committee focuses on the following:
• Issues raised in the General Report of the Auditor-General on Audit outcomes;• Issues of financial probity as highlighted in the audit report or disclosed in the
management report or notes to the financial statements;• Compliance with the PFMA, Treasury Regulations, the Audit Committee and the
management report of the accounting officer;• Interrogation and evaluation of instances of over-expenditure and instances of
unauthorised expenditure;• Interrogation of instances relating to irregular, fruitless and wasteful expenditure;• The functioning of risk management systems; and• Corporate governance of departments, public entities, and constitutional institutions.
© 2012 Deloitte Touche Tohmatsu
King III - Audit Committee
All companies should appoint an effective audit committee, comprising at
least 3 independent, non-executive, suitable skilled and experienced
directors
Public Companies and State Owned Companies: appointed by shareholders (in
terms of Companies Act) ... Nominations committee
All other companies: Board may appoint, not regulated in terms of the Companies
Act
Clearly defined role and functions of the audit committee, as per Companies Act
Recommend external auditor and verify independence
Determine the terms of reference and fee of the external auditor
Ensure appointment of external auditor complies with relevant legislation
Differentiate between audit and non-audit services and pre-approve any agreement for non-audit
services
Report in AFS as prescribed (its function, independence of auditor, comment on AFS, accounting
practices and internal financial controls)
Deal with internal and external complaints
© 2012 Deloitte Touche Tohmatsu
King III - Audit Committee
Other functions as per King Report
Committee should be responsible for
Financial risks and reporting
Review of internal financial controls
Fraud risks and IT risks as it relates to financial reporting
Combined assurance model – management, internal assurance providers and
external assurance providers
Oversee integrated reporting (both financial and sustainability reporting)
Satisfied re expertise, resources and experience of finance function
Oversee internal audit
Integral to risk management process
Oversee external audit process
Report to Board and shareholders on discharging its duties
© 2012 Deloitte Touche Tohmatsu
Governance in the Public Sector – Audit Committee
• must consist of at least three persons of whom, in the case of a department-
(i) one must be from outside the public service;
(ii)the majority may not be persons in the employ of the department, except with the approval of the relevant treasury; and
(iii) the chairperson may not be in the employ of the department;
• The AC must meet at least twice a year.
•A system of internal audit under the control and direction of an audit committee, complying with and operating in accordance with regulations prescribed in terms of sections 76 and 77 .
•Internal audit should report at the audit committee meetings, and have unrestricted access to the chairperson of the audit committee.
© 2012 Deloitte Touche Tohmatsu
King III - Governance of Risk
Risk management intrinsically linked to company’s strategy, performance
and sustainability ... Board responsible for governance of risk
The Board: consider the risk policy and plan determination of the company’s risk appetite and risk tolerance ensure risk assessments performed monitor the whole risk management process receive assurance (combined and the three lines of defence) regarding the
effectiveness of the risk management process Management:
design, implementation and effectiveness of risk management continual risk monitoring
The Board may assign its responsibility for risk management to the risk
committee, or audit committee, but consider carefully.
© 2012 Deloitte Touche Tohmatsu
Governance of Risk in the Public Sector
The Accounting Officer must ensure that the institution has and maintains:
• Effective, efficient and transparent systems of financial and risk management and internal control;
• Guidelines from Treasury have been issued!
• The Corporate plan must cover 3 years and must include (amongst others) a risk management plan.
• The accounting officer must ensure that a risk assessment is conducted regularly to identify emerging risks of the institution. A risk management strategy, which must include a fraud prevention plan, must be used to direct internal audit effort and priority, and to determine the skills required of managers and staff to improve controls and to manage these risks. The strategy must be clearly communicated to all officials to ensure that the risk management strategy is incorporated into the language and culture of the institution.
© 2012 Deloitte Touche Tohmatsu
©2009 Deloitte LLP. All rights reserved.
Risk Maturity Assessment
© 2012 Deloitte Touche Tohmatsu
King III - IT governance
Board to ensure: proper IT governance
proper alignment of IT with the strategy, performance and sustainability
objectives of the company
responsibility for implementation of IT governance framework, management of
operational IT risk, including security, delegated to management
Information assets managed effectively, monitor and evaluate significant
investments and expenditure
IT risks an integral part of company’s risk management
The risk committee may be assigned responsibility to oversee the
management of IT risk
The audit committee should consider IT as it relates to financial risk and
reporting
© 2012 Deloitte Touche Tohmatsu
King III - Risk based internal audit
Board should ensure an effective risk based internal audit Strategically positioned within the company to understand the strategy Internal auditor must take account of the company’s strategy Identify risks and opportunities relating to the strategy, assess controls Inclusive approach – all risks and opportunities, all controls to achieve
strategy
Audit committee to oversee internal audit As an internal assurance provider internal audit should form an integral
part of the combined assurance model Internal audit to provide written assessment of internal financial controls to
the audit committee
Internal audit to provide written assessment of effectiveness of
internal controls and risk management to the Board
© 2012 Deloitte Touche Tohmatsu
Governance in the Public Sector
PFMAA system of internal audit under the control and direction of an audit committee, complying with and operating in accordance with regulations prescribed in terms of sections 76 and 77.
Treasury Regulations• All Public Entities to which regulations apply to have an internal audit function.• Risk management and fraud prevention plans to guide internal audit effort and priority.• Purpose, responsibility and authority of internal audit to be defined in a charter that is
aligned to the Institute of Internal Auditors (IIA) definition of internal audit.• Internal audit to be conducted according to the IIA Standards.• IA must in consultation with the Audit Committee prepare a three year rolling plan and an
annual plan for internal audit coverage.• IA to be independent, report to accounting authority and audit committee, unlimited access
to information.• IA must co-ordinate with other internal and external providers of assurance to ensure
proper coverage and to minimise duplication of effort.
© 2012 Deloitte Touche Tohmatsu
King III - Compliance with laws, rules, codes and standards
Board to ensure company complies with applicable laws, and considers
adherence to codes, rules and standards Board/directors to have working understanding of impact of laws, rules,
codes and standards
Compliance risk an integral part of risk management
Management to implement effective compliance framework and processes
© 2012 Deloitte Touche Tohmatsu
Ethics and compliance programs
2
Foundational elements of an “effective” program
Management and board
Corporate ethics and compliance program
Board oversight and management responsibility
Written standards and procedures
Risk assessments
Communication and training
Monitoring and auditing
Laws, rules, regulations, conventions
Incident reporting process
Corrective actions and discipline
Source: United States Sentencing Commission
© 2012 Deloitte Touche Tohmatsu
Board committees
Customary: Audit committee oversight of compliance
• Compliance & Ethics
• Risk management and legal commonly included in audit committee charters
Emerging: Compliance oversight separated from audit committee
• Audit committee workloads
• Emergence of risk or governance or compliance committees of the board
Compliance program oversight
Role of the board
7
Management
Two models of compliance leadership
• Dedicated senior executive
• “Dual-Hat” executive
• No one-size-fits-all solution
• Compliance Officer
• Key considerations: authority, stature, character, integrity, technical excellence
Board of directors
• Tone at the top
• Independence
• Oversight
• Advice and guidance
• “Last line of defense” for the company-guardian of shareholder value
© 2012 Deloitte Touche Tohmatsu
King III - Governing stakeholder relationships
Stakeholder perceptions affect the company’s reputation and performance
Board should delegate to management to proactively manage stakeholder
relations
Strive to achieve balance between the interest of various stakeholders, the
best interest of the company
Board should ensure disputes are resolved effectively, efficiently and
expeditiously
Alternative dispute resolution – conciliation, mediation, negotiation and
arbitration
ADR clauses in contracts
© 2012 Deloitte Touche Tohmatsu
Governance in the Public Sector
Constitution• Rights of Citizens to participate
PFMA and MFMA• Public participation in terms of IDP, Budget, Annual Reports and other
communication.
Government has the responsibility to allow the public to participate through various mechanisms:• Various issues on which it must inform the community, • Certain times it must consult the community, and• In others it must involve the community.
Public Participation and Engagement
© 2012 Deloitte Touche Tohmatsu
King III - Integrated reporting and disclosure
Allows all stakeholders to assess the economic value of the company
Integration of the company’s financial reporting with sustainability reporting
and disclosure
The Board should ensure the integrity of the company’s integrated report
The Board may delegate oversight of the integrated report to the audit
committee
The audit committee should oversee the provision of independent
assurance
The audit committee should assist the Board by reviewing the integrated
reporting and disclosure to ensure that it does not contradict financial
reporting
© 2012 Deloitte Touche Tohmatsu
Governance in the Public Sector
PFMA and MFMA• Requirements regarding Annual Reports and submission deadlines
• Public sector operates with a social mandate• Annual Reports include achievement of financial and non-financial
information• Performance reports
• The conversations on whether an Integrated Report is required are starting to happen.
Annual Reports
© 2012 Deloitte Touche Tohmatsu
Corporate Governance issues in the Public Sector – What’s in the news
Auditor-General warns about dire situation in SA
ANC to pursue objective of professional public service
'The people voted into power are slow in taking responsibility for what they have been voted in for'
Auditor-General Terence Nombembe has criticised the government and public servants for a weakening of the pillars of governance protecting South Africa’s democracy, Business Day reported on Monday.He also expressed concern about the vulnerability of his office because of growing lack of support from the government to his warning about this deterioration.Nombembe said the management supply chains, service delivery, the security of government information and accuracy of government reports were deteriorating.
“Things are serious, and they are even more serious than we thought they are,” he said at the opening of Deloitte’s new building in Pretoria on Thursday.“They are more serious because the people that are employed by government to do work are least prepared and equipped to do it. The situation is dire.“We are equally vulnerable as those countries where the auditor-general has limited scope to do its work because what we are saying is not taken seriously, not by the government, not by ourselves and those who need to do something about it.”
He said his office would soon release the audit results for local municipalities, and he expressed his dismay at them.The people voted into power were slow in taking responsibility for what they had been voted in for, he said.“The accountability for the results is not taken as serious as it should be. Bad results are regarded as a norm and when people get a disclaimer or qualified reports, little happens to them to show that this is unacceptable. This is the culture we need to be concerned about,” he said.
07-May-2012 | Sapa, Business Day
ANC WELCOMES THE AUDITOR - GENERAL'S REPORT
The African National Congress welcomes the 2010-2011 local government report released by the Auditor-General, Terence Nombembe, on the 23rd July 2012. This report is important for the ANC and we remain committed in ensuring that all municipal managers and senior management in municipalities are appropriately qualified.
We note with disappointment that out of 283 municipalities only 13 manage to get clean audits. This is indeed a matter of serious concern in the ANC. In this regard the ANC will strengthen its existing capacity to monitor government performance through the introduction of early warning mechanism. We will also as we will indicate below, deal distinctively with recurrent problems as identified in the AG's report.
In line with the intervention measures introduced by government to reverse the negative performance by municipalities, the ANC will pursue the objective of a professional public service that is accountable and responsive to public needs and the need to accelerate service delivery. We also call on government to use existing government prescripts to ensure that compliance and enforcement of accountability measures are strengthen.
We also call on government to accelerate the solution of non- viable municipalities through a funding model that will afford all municipalities the requisite capacity.
As the ANC, we firstly extend our congratulations to the Ehlanzeni, Steve Tshwete, Victor Khanye and the Fatakgomo municipalities for being the best performance according to the report. We urge all other municipalities who did not perform well to learn from their counter-parts who did well as contained in the AG's report. The people of South Africa expect nothing but accountability and service delivery.
The ANC will use the forthcoming ANC Lekgotla, to get an analysis of the AG's report and the state of municipalities on this regard.
Statement issued by Jackson Mthembu, ANC National Spokesperson, July 25 2012Politicsweb
© 2012 Deloitte Touche Tohmatsu
Conclusion
• Led to more awareness of the need for and value of good governance
• Challenged directors and Board competency (those charged with oversight)
• Elevated the role of the Compliance Officer and Chief Audit Executive
• Enhanced the Company Secretary role regarding governance custodianship
• Given auditors a serious wake up call regarding quality and independence
“The Rules of the Game have Changed”
© 2012 Deloitte Touche Tohmatsu