P1 Governance,

Risk and Ethics

基础课程

[2015 大纲]

www.caicui.com 4006-026-018

AC

CA

IN

TERN

ATIO

NA

L FINA

NC

IAL ED

UC

ATIO

N

E-class

address: http://www.caicui.com/

Hotline: 4006-026-018

Q&A Email: accastudy@caicui.com

Service Email: service@caicui.com

Follow us on weibo:http://weibo.com/icaicui

Find us on WeChat: caicuiwang

Join us on QQ group：242211157

For more information about ACCA,

plese visit http:// http://www.accaglobal.com/gb/en.html

微信：caicuiwang

网址：www.caicui.com

电话：4006 026 018

地址：北京市海淀区北三环西路 32 号恒润国际大厦 1202 室

- 1 -

ACCA P1 CONTENTS

PART A GOVERNANCE AND RESPONSIBILITY ................................................................ 4

Chapter 1. the Scope of Governance .............................................................................................. 4

1. General introductions of corporate governance (Unitary Structure) ................................... 4

2. Defining corporate governance ................................................................................................... 8

3. Concepts in sound corporate governance ................................................................................ 8

4. Roles, interests and claims of various stakeholders involved in corporate governance 9

Chapter 2. Different Theories Related to Relationship among BOD; Shareholder and

Stakeholder 12

1. Agency theory ............................................................................................................................... 12

2. Transaction cost theory ............................................................................................................... 12

3. Stakeholder theory ....................................................................................................................... 13

Chapter 3. Different Approaches to Corporate Governance .................................................... 14

1. Rules, principles and Sarbanes–Oxley (summarized from student accountant April

2008 by David Campbell) ..................................................................................................................... 14

2. Effect of business ownership models on governance regimes .......................................... 16

3. Factors that shape the development of corporate governance structure ........................ 16

4. Development of principles-based corporate governance codes in the UK ..................... 17

5. Development of rules-based Sarbanes-Oxley Act in USA .................................................. 19

6. Universal codes ............................................................................................................................ 20

Chapter 4. the Board of Directors ................................................................................................... 22

1. Introduction .................................................................................................................................... 22

2. Role and responsibilities of the board ..................................................................................... 22

3. Unitary board versus two-tier board ......................................................................................... 22

4. Unitory board（UK、US、Outside model、Market oriented） ......................................... 24

5. The roles of Chairman and Chief Executive Officer ............................................................. 25

6. UK Combined code provision June 2010 (much more than company law) .................... 26

Chapter 5. Board committees .......................................................................................................... 28

1. Remuneration committee ........................................................................................................... 28

2. Nomination committee ................................................................................................................ 28

3. Risk committee ............................................................................................................................. 29

Chapter 6. Directors' remuneration ................................................................................................ 31

1. Basic salary ................................................................................................................................... 31

2. Performance related incentives (shorterm) ............................................................................ 32

3. Shares and share options .......................................................................................................... 32

Chapter 7. Governance: Reporting, Disclosure and Communication .................................... 34

- 2 -

1. Define transparency ..................................................................................................................... 34

2. Mandatory and voluntary disclosures ...................................................................................... 34

3. Evaluation of importance of transparency and disclosure ( specially voluntary

disclosures) 35

PART B INTERNAL CONTROL AND REVIEW .................................................................. 36

Chapter 8. Internal control system and review concepts and practices ................................ 36

Chapter 9. Internal Audit Function and Compliance in Corporate Governance .................. 41

1. The role of internal audit function: ............................................................................................ 41

2. The factors that are typically considered when deciding to establish internal audit in an

organisation: 41

3. Advantages of appointing internal auditor from outside the company: ............................ 41

4. Function of audit committee ....................................................................................................... 42

PART C RISK MANAGEMENT ........................................................................................... 43

Chapter 10. Defined risk management in the context of C.G .................................................... 43

1. Necessity of risk and risk management .................................................................................. 43

2. Why manage risk? ....................................................................................................................... 43

3. Risk management ........................................................................................................................ 43

4. Enterprise Risk Management (ERM) can be defined as the: ............................................. 44

Chapter 11. Risk identification ........................................................................................................... 46

1. Risk identification: Strategic and operational risks ............................................................... 46

Chapter 12. Risk assessment ............................................................................................................ 48

1. Assessing risks ............................................................................................................................. 48

Chapter 13. Response to assessed risk (how to manage risk?) ............................................... 49

1. The role of the board ................................................................................................................... 49

2. Role of the risk manager............................................................................................................. 49

3. Risk awareness............................................................................................................................. 50

4. Embedding risk ............................................................................................................................. 50

5. Risk management: TARA (or SARA) ....................................................................................... 52

PART D PROFESSIONAL VALUES AND ETHICS ............................................................ 57

Chapter 14. Ethical Theories ............................................................................................................. 57

1. Ethics and corporate governance ............................................................................................. 57

2. Ethical Relativism versus absolutism ....................................................................................... 57

3. Kohlberg's stages of human moral development .................................................................. 58

4. Deontological and teleological / consequentialist approach to ethics .............................. 59

Chapter 15. Different Approaches to Ethics and Social Responsibility .................................... 66

1. The social responsibility of organizations ............................................................................... 66

Chapter 16. Professions and the public interest ........................................................................... 72

1. Profession and professionalism ................................................................................................ 72

2. Accountancy profession and the public interests .................................................................. 72

3. The role of accountancy profession in the organizational context and society .............. 72

- 3 -

4. The ethical responsibilities of a professional accountant both as an employee and as a

professional 73

Chapter 17. Professional Practice and Codes of Ethics .............................................................. 74

1. Code of ethics for business conduct ........................................................................................ 74

2. Code of ethics relevant to the accounting profession .......................................................... 75

3. Fundamental principles of IFAC; ACCA code of ethic and conduct .................................. 76

4. Ethic threatens affect auditor’s independent; objective and suitable safeguard ............ 77

Chapter 18. Social and Environmental Issues in the Conduct of Business and Ethical

Behavior 83

1. The impact of economic activity on the environment and society ..................................... 83

2. Sustainability ................................................................................................................................. 83

3. Accounting for sustainability ...................................................................................................... 84

4. Environmental management and audit scheme (EMAS) .................................................... 85

5. Social and environmental audit ................................................................................................. 86

- 4 -

PART A GOVERNANCE AND RESPONSIBILITY

Chapter 1. the Scope of Governance

1. General introductions of corporate governance (Unitary Structure)

Separation Ownership and Control

Board of directors vs. Shareholders

(a) Board of directors

In simple words, BOD is responsible for managing and control the operation of company.

Before implementation of C.G. the BOD consists of the executive directors only.

Decision made by consensus (simple majority) through the meeting of BOD.

(b) Shareholders

A company’s members or equity shareholders are the owners of company.

Decision made by voting right attached to each category of shareholders, through the general meeting

(AGM; EGM)

(c) In small private companies the directors are also shareholders most likely.

However, for the large public companies especially in modern UK and US capital market the shareholders

are normally not directors, Thereby the situation of separation of ownership and control aroused.

Agency theory

The situation of ‘divorce’ of ownership and control lead to agency theory:

‘Principals’ — Shareholders

‘Agent’ — BOD

Principals delegate right or authority to agents.

Agents should act in the best interest of principals.

agency problem

However, if the agents have ‘moral hazard’, that will lead to notorious ‘agency problem’. E.g. the directors

do not act in the best interest of shareholders instead of satisfying the own self-interest as result of

sacrificing the shareholders’ interest.

- 5 -

Conflict of interest

(a) Independence of external auditor

According to Company Law, the rights of appointment external auditor lie with shareholder. However, in

practice, the executive directors make the recommend list of external auditor for shareholder’s approval.

This practice may affect the independency of external auditor.

(b) Remuneration problem

Executive directors may also pay themselves excessive remuneration.

(c) Nomination problem

Executive directors may also select the incapable candidates set in the board.

(d) There are also many types of conflicts of interest.

(1) Investment decision

(2) Tunneling effect.

How to solve the agency problem?

Introducing to the role of external auditor

The purpose of an audit is to enhance the degree of confidence of intended users in the financial

statements. This is achieved by the expression of an opinion by the auditor on whether the financial

statements are prepared, in all material respects, in accordance with an applicable financial reporting

framework.

As the basis for the auditor’s opinion, ISAs require the auditor to obtain reasonable assurance about

whether the financial statements as a whole are free from material misstatement, whether due to fraud or

error.

Finally, communicate the result to shareholder through external audit report.

Only dependence on external auditor is not enough to solve problem

(a) Financial focus

(b) A kind of ‘detection control’

Introductions the role of non-executive director (majority)

(a) Definition of NEDs

They are directors who attend to the board meetings, and committee meetings when required and do not

involve in the day-to-day running of organization.

- 6 -

In simple words, the NED represent shareholder’s interest and sit in the board helping while monitoring

the executive directors.

After introduce the role of NEDs the board consist of executives and NEDs( required majority of NEDs in

the board)

Sub-committees

(a) Remuneration committee

Consist of majority of NEDs in order to determine remuneration policy and package related to executive

directors.

(b) Nomination committee

Consist of majority of NEDs in order to select suitable candidates to sit in the board and evaluate the

individual director performance.

(c) Audit committee

Consist of only NEDs, one of them should possess current development knowledge of accounting and

auditing.

Conclusion of 1.7 and 1.8 Balance the power (structure) of Board of directors

Executive director

Non executive director

Chairman

Internal control system

The responsibility related to design, implement and monitor the internal control system lie with BOD

Nature and purposes of internal control system

Risk

Risk is any activities resulting in the organization do not achieve its objectives.

Risk consists of fraud and error.

Fraud is intentional behaviors

Error is unintentional behaviors. i.e. mistake

Reduce the risk in order to achieve corporate objective

So the overall objective of internal control system is to avoid, reduce or eliminate those risks in order to

achieve the corporate objectives.

- 7 -

Types of internal control system:

(1) Related to financial reporting

Make sure that the financial statements show true and fair view.

(2) Related to operation of entity

Make sure that the company’s operation achieves ‘3 E’ or ‘value for money’ (VFM)

Economy-least cost

Efficiency-best use of resources

Effectiveness- achieve objectives

How to establish the internal control system

Risk management

The entity’s risk assessment process:

(a) Identifying business risks

(b) Estimating the significance of the risks

(c) Assessing the likelihood of their occurrence

(d) Deciding about actions to address those risks

(e) Continuing monitoring the risk

The role of internal audit function

(a) Independent checking, examination and evaluation the internal control system established by

executive director.

(1) Internal control over financial reporting (ICFR)/Financial and internal control system

(2) F.S whether show true and fair view

(3) Internal control over operation

(4) Operational information (management information)

(5) Other areas e.g. IT audit; Fraud investigation; corporate social responsibility (CSR); compliance audit

etc.

Conclusion of corporate governance 1.7 to 1.12

Corporate governance is a system by which company is directed and controlled by shareholder and other

relevant stakeholder.

- 8 -

(a) Balance the power and structure of board

(b) Emphasis on internal control system

(c) Transparency and disclosures

2. Defining corporate governance

'Narrow' views vs. ‘Broad' views

'Agency theory' vs. 'stakeholder theory'

(a) Corporate governance is the system by which companies are directed and controlled

(Cadbury Report, 1992).

(b) The Organization for Economic Cooperation & Development (2004) describes corporate governance

as involving a set of relationships between a company's management, its board, its shareholders and

other stakeholders, and provides the structure through which the objectives of the company are set, and

the means of attaining those objectives and monitoring performance are determined.

3. Concepts in sound corporate governance

There are several concepts that apply to sound corporate governance in all countries where international

investors invest their money:

3.1 Openness, honesty and transparency;

3.2 Independence;

3.3 Accountability;

3.4 Responsibility;

3.5 Fairness;

3.6 Reputation; and

3.7 Social responsibility

3.1 Openness, honesty and transparency

(a) Openness means a willingness to provide information to individuals and groups about the company

(without giving away commercially sensitive information).

(b) Honesty might seem an obvious quality for companies to have; honest information is perhaps by no

means as prevalent as it should be.

(c) Transparency refers to the ease with which an outsider is able to make a meaningful analysis of a

company and its actions.

- 9 -

Transparency also refers to the way in which decisions are reached or processes carried out.

3.2 Independence

Independence refers to the extent to which procedures and structures are in place so as to minimize (or

avoid completely) potential conflicts of interest that could arise, such as the domination of a company by

an all-powerful chairman-cum-CEO or a major shareholder.

The term 'independence' is of particular relevance to a company's non-executive directors and its

professional advisers. They are considered independent when they can be expected to express their

honest and/or professional opinion in the best interests of the company.

3.3 Accountability

Individuals who make decisions in a company and take actions on behalf of a company on specific issues

should be accountable for the decisions they make and the actions they take. Shareholders should be

able to assess the actions of their board of directors and the committees of the board, and have the

opportunity to query them.

3.4 Responsibility

A key issue in corporate governance is to decide who should have responsibility. Executive managers are

responsible for the operations of the business, and the ultimate responsibility rests with the Chief

Executive Officer.

3.5 Fairness

Fairness refers to the principle that all shareholders should receive equal consideration.

3.6 Reputation

It will reflect the overall way in which the company is perceived by the markets and in the wider

community.

4. Roles, interests and claims of various stakeholders involved in

corporate governance

4.1 Company Secretaries

Company Secretary has a role to play in advising the board of directors in all the necessary procedures,

laws and regulations in the governance of companies.

(a) The company secretary should have the responsibility for assisting the chairman of the committees of

the board

- 10 -

(b) If he or she attends the meetings of the audit committee, the company secretary will have some

involvement with liaising the external auditors and internal auditors of the company and should be able to

offer advice on matters of risk management.

(c) In some companies, the company secretary has the responsibility for arranging insurance cover for the

group. In such cases, the company secretary is directly involved in an aspect of risk management.

4.2 Shareholders

However, in a world of dispersed shareholding we cannot rely on shareholder voting to limit managers'

discretion. This can be attributed to:

(a) Problem of collective action

The process of contacting and persuading a large group of small shareholders through the proxy

mechanism is difficult and expensive.

(b) Free rider problem

Small individual or retail investors tend not to be interested in learning about the firms they have financed,

or even participate in their governance because they could take a free ride by relying on large investors to

monitor the insiders controlling the firm.

(c) Agenda control by managers

Even though shareholders participated in the voting of resolutions affecting the company but the fact

remained that the managers are the ones who control the agenda.

4.3 Institutional investors

The role of institutional investors in corporate governance first received its attention in the Cadbury Report

(1992) which stressed that: ‘Given the weight of their votes, the way in which institutional shareholders

use their power to influence the standards of corporate governance is of fundamental importance. Their

readiness to do this turns on the degree to which they see it as their responsibility as owners, and in the

interest of those whose money they are investing, to bring about changes in companies when necessary,

rather than selling their shares.’

In UK, the four main types of institutional investors are pension funds, life insurance companies, unit

trusts and investment trusts.

However, institutional investors as shareholders in companies represent both the cause and the solution

of the agency problem. Their presence as shareholders creates a divorce of ownership and control,

whereas their increasing involvement in companies and concentration of ownership provides a means of

monitoring management and actually solving agency problems. Their influence had grown to such a

degree that monitoring by these institutions are becoming known as shareholder activism.

- 11 -

One problem with institutional investors as monitors of company management is that they are not actually

the shareholders! Their relationship with companies and with the true shareholders involves a

complicated web of ownership and accountability. The real shareholders are the clients of the institutional

investment organizations.

One of the problems arising from this complex ownership structure is that there tends to be an emphasis

on short-termism in investment.

In terms of specific recommendations on shareholder activism, the Cadbury Report suggested that

institutional investors:

(a) Should encourage regular one-to-one meetings with directors of their investee companies (a

process referred to as 'engagement and dialogue');

(b) Should make positive use of their voting rights; and

(c) Should pay attention to the composition of the board of directors in their investee companies.

4.4 The conditions under which it might be appropriate for an institutional investor to

intervene in a company whose shares it holds.

(a) The first condition is concerns about strategy, any other aspect of the company’s overall strategic

positioning.

(b) There are one or more segments that have consistently underperformed without adequate

explanation.

(c) Non-executive directors do not hold executive management to account, curious executive decisions

that are not adequately challenged by non-executive directors.

(d) Consistent or serious failure in internal controls would justify intervention, although this, in turn, may

become evident through operational underperformance.

(e) Failing to comply with the relevant code, laws or stock market rules is the next situation. inappropriate

remuneration policies, if extreme or obviously self-serving, might attract intervention

(f) Adversely affect the reputation of the company.

- 12 -

Chapter 2. Different Theories Related to Relationship among

BOD; Shareholder and Stakeholder

1. Agency theory

2. Transaction cost theory

3. Stakeholder theory

1. Agency theory

The market system in UK and USA is organized in such a way that the owners, who are principally the

shareholders of listed companies, delegate the running of the company to the company management.

There is thus a 'divorce' of ownership and control that has led to the notorious 'agency problem'.

Managers of the company in this case are 'agents' while the shareholders are 'principals'. The

shareholder who is the owner or 'principal' of the company, delegates the day-to-day decision making in

the company to the directors, who are the shareholder's 'agents’. And the agent should act in the best

interest of principle.

How to govern the relationship?

How to define the both parties’ rights and responsibilities?

‘A kind of contract’ i.e. Company law and service contract

Why? Because, agency theory bases on an assumption which believes people are rational actors.

However, people who are rational do not necessarily means that people have ethics value.

If people have ‘moral hazard’, it would lead to agency problem.

In order to rectify the agency problem, we introduce the concept of agency cost

Agency cost

The total agency cost arising from the agency problem has been summarized as comprising of:

(a) The sum of the principal's monitoring expenditure;(overall monitoring cost)

(b) Any remaining residual loss resulting from managers misusing their positions.

(c) any cost incured in rectifing the activitises the directors abusing their power.

2. Transaction cost theory

Transaction cost economics attempts to incorporate human behaviour in a more realistic way. In this

model, managers and other economic agents practice 'bounded rationality'

- 13 -

'Opportunism' i.e. opportunistic by nature

Opportunism has been defined as 'self-interest seeking with guile' and as 'the active tendency of the

human agent to take advantage, in any circumstances, of all available means to further his own

privileges'.

2.1 Transaction cost theory versus agency theory

One of the main differences between agency theory and transaction cost theory was simply the use of a

different terminology to describe essentially the same issues and problems.

Agency theory considers managers pursue perquisites whereas in transaction cost theory managers

opportunistically arrange their transactions.

Another difference is that the unit of analysis in agency theory is the individual agent, whereas in

transaction cost theory the unit of analysis is the transaction.

3. Stakeholder theory

A basis for stakeholder theory is that companies are so large, and their impact on society so pervasive

that they should discharge accountability to many more sectors of society than solely their

shareholders.

- 14 -

Chapter 3. Different Approaches to Corporate Governance

1. Rules, principles and Sarbanes–Oxley (summarized from student

accountant April 2008 by David Campbell)

This article introduces some of the main themes in relation to the control of corporate governance and

discusses how this control differs by country. In particular, the aim is to clarify the features and

characteristics of rules-based and principles-based approaches to corporate governance, how each

type of system is regulated, and to examine some of the associated benefits and drawbacks.

What is a ‘code’ and what is it for?

‘Codes’ of corporate governance are intended to specifically guide behaviour where the law is

ambiguous, or where a higher level of behavioural prescription is needed than can be provided for in

company legislation.

Principles-Based Approaches:

Many countries, including the UK and many Commonwealth countries, adopted what became known

as a ‘principles-based’ approach to the enforcement of the provisions of corporate governance codes.

Importantly, this meant that for publicly-traded companies, the stock market had to recognise the

importance of the corporate governance provisions. By including the requirement to comply with codes

within the listing rules, companies were able to adopt a more flexible approach to code provisions than

would have been the case had compliance been underpinned by law.

The principle of ‘comply or explain’ emerged. This meant that companies had to take seriously the

general principles of the relevant corporate governance codes (the number of codes increased

throughout the 1990s and beyond) but on points of detail they could be in non-compliance as long as they

made clear in their annual report the ways in which they were non-compliant and, usually, the reasons

why. This meant that the market was then able to ‘punish’ non‑compliance if investors were dissatisfied

with the explanation (ie the share price might fall). In most cases nowadays, comply or explain

disclosures in the UK describe minor or temporary non-compliance. Some companies, especially larger

ones, make ‘full compliance’ a prominent announcement to shareholders in the annual report, presumably

in the belief that this will underpin investor confidence in management, and protect market value.

- 15 -

It is important to realise, however, that compliance in principles-based jurisdictions is not voluntary in

any material sense. Companies are required to comply under listing rules but the fact that it is not legally

required should not lead us to conclude that they have a free choice. The requirement to ‘comply or

explain’ is not a passive thing – companies are not free to choose non‑compliance if compliance is

too much trouble. Analysts and other stock market opinion leaders take a very dim view of most material

breaches, especially in larger companies. Companies are very well aware of this and ‘explain’ statements,

where they do arise, typically concern relatively minor breaches. In order to reassure investors, such

statements often make clear how and when the area of non-compliance will be remedied.

The idea of the market revaluing a company as a result of technical non‑compliance tends, importantly, to

vary according to the size of the business and the nature of the non-compliance. Typically,

companies lower down the list in terms of market value, or very young companies, are allowed (by the

market, not by the listing rules) more latitude than larger companies. This is an important difference

between rules-based and principles-based approaches. Because the market is allowed to decide on the

allowable degree of non-compliance, smaller companies have more leeway than would be the case in a

rules-based jurisdiction, and this can be very important in the development of a small business where

compliance costs can be disproportionately high. The influence of the British system, partly through the

Commonwealth network, has meant that principles-based systems have become widely operational

elsewhere in the world. A quite different approach, however, has been adopted in the US.

Sarbanes–Oxley and the ‘rules‑based’ approach:

After the high-profile collapses of Enron and Worldcom in the US, the US Congress passed the

Sarbanes–Oxley Act 2002 (usually shortened to ‘Sarbox’ or ‘Sox’). Unlike in the UK and in some

Commonwealth countries, Congress chose to make compliance a matter of law rather than a rule of

listing.

Accordingly, US-listed companies are required to comply in detail with Sarbox provisions. This has given

rise to a compliance consultancy industry among accountants and management consultants, and Sarbox

compliance can also prove very expensive. One of the criticisms of Sarbox is that it assumes a ‘one size

fits all’ approach to corporate governance provisions. The same detailed provisions are required of

small and medium-sized companies as of larger companies, and these provisions apply to each

company listed in New York even though it may be a part of a company listed elsewhere. Commentators

noted that the number of initial public offerings (IPOs) fell in New York after the introduction of Sarbox,

and they rose on stock exchanges allowing a more flexible (principles-based) approach.

An example of a set of provisions judged to be inordinately costly for smaller businesses are those

contained in Sarbanes–Oxley Section 404. This section requires companies to report on the

‘effectiveness of the internal control structure and procedures of… financial reporting’. The point made by

some Sarbox critics is that gathering information on the internal controls over financial reporting

(ICFR) in a systematic and auditable form is very expensive and, arguably, less important for

smaller companies than for larger ones.

- 16 -

Accordingly, Section 404 has been criticized as being an unnecessary burden on smaller companies, and

one which disproportionately penalises them because of the fixed costs associated with the setting up of

ICFR systems. Advice in 2007 issued by the United States Securities and Exchange Commission (which,

among other things, monitors Sarbox compliance) introduced a small amount of latitude for smaller

companies, but the major criticisms of Section 404 remain.

2. Effect of business ownership models on governance regimes

Whatever the type of business ownership models, it can benefit from having a good governance structure.

2.1 Family owned firms

Family members are shareholder as well as directors.

Charactoristics of family owned firms:

have a dominent person in board, exclude non family member in decision making.

Do not have person represeting the exteral shareholders’ interest. (the power of board are not balance)

conduct the business on family relationship instead of emphasising on internal control system.

Do not have a culture in transparency and disclosure.

may hold a long term view of business and not emphasis on short term profitablity.

However, if the company seeks for extention its business and lists in the stock market

The charactoristics listed abve will become some of drawbacks in corporate governance.

Cadbury (2000) sums up the three requisites for family firms to successfully manage the impact of growth

which are:

(a) To recruit and retain the very best people for the business

(b) To develop a culture of trust and transparency; and

(c) To define logical and efficient organizational structures.

3. Factors that shape the development of corporate governance

structure

The main determinants of a company's corporate governance system are ownership structure and legal

frameworks.

- 17 -

3.1 Ownership structure

3.1.1 'Insider/outsider' model

The terms 'insider' and 'outsider' represent attempts to loosely describe two extreme forms of corporate

governance.

(a) An insider-dominated system of corporate governance: is one in which a country's publicly listed

companies are owned and controlled by a small number of major shareholders. These may be

members of the companies' founding families or a small group of shareholders, such as lending banks,

other companies (through cross-shareholding and pyramid ownership structures) or the government.

The problems endemic to the insider corporate governance system, such as those of Germany and

Japan arises from the close ties between owners and managers which at first glance would seem a

positive characteristic because of the reduced agency problem. However, other serious corporate

governance problems arise. As a result of the low level of separation of ownership and control in these

countries, there can be abuse of power. Minority shareholders may not be able to obtain information on

the company's operations. There is little transparency and frequent abuse of the company's operations

takes place.

(b) The term 'outsider' on the other hand, refers to system of finance and corporate governance where

most large firms are controlled by their managers but owned by outside shareholders, such as

financial institutions or individual shareholders. This situation results in the notorious separation, or

divorce of ownership and control. The development of agency theory arose from this separation. The UK

and the USA have been characterized traditionally in this module. This system is also referred to

frequently as Anglo-Saxon or Anglo-American system, due to the influence of the UK and US stock

markets on others around the world.

3.1.2 'Bank-oriented／market-oriented' model

A bank-oriented system implies that banks play a key role in the funding of companies and so may well be

able to exercise some control via the board structure (for example, bank representatives may have seats

on the supervisory board in German companies). On the other hand, a market-oriented system is one

where banks' influence is not prevalent in the same way and does not penetrate the corporate structure.

4. Development of principles-based corporate governance codes in the

UK

4.1 Impetus and background

in the early 1990s, institutional investors' stake in UK listed companies is expanding continuously,

amounting to about 70% at the end of the 20th century.

- 18 -

It was in part a reaction to some spectacular cases of company failure and corporate abuse of power

in the late 1980s and early 1990s. e.g Baring bank and Maxwell.

4.2 Major corporate governance codes

4.2.1 The Cadbury Code (1992)

(a) the CEO and Chairman of companies should be separated

(b) boards should have at least three non-executive directors, two of whom should have no financial or

personal ties to executives

(c) each board should have an audit committee composed of non-executive directors

4.2.2 The Greenbury Report (1995)

(a) each board should have a remuneration committee composed without executive directors, but

possibly the chairman

(b) directors should have long term performance related pay, which should be disclosed in the

company accounts and contracts renewable each year

4.2.3 The Hampel Report (1998)

A committee on corporate governance, chaired by Sir Ronald Hampel, was set up in 1996 to review the

recommendations of the Cadbury and Greenbury Committees. its recommendations should be

combined with those of the Cadbury and Greenbury Committee into a single code of corporate

governance. This suggestion led to the publication of the Combined Code, which now applies to UK

listed companies.

4.2.4 The Turnbull Report on Internal Control (1999)

The Turnbull report was produced by a working party of the Institute of Chartered Accountants in England

and Wales in 1999 to give guidance to listed companies on how to implement the provisions of the

Combined Code with special regard to internal control.

4.2.5 The Higgs Report (2003)

The fall of Enron spurred the UK and other countries into re-evaluating corporate governance issues,

such as the role and effectiveness of non-executive directors. Enron's non-executive directors were

deemed ineffective in performing their corporate governance role of monitoring the company's directors

and were subject to conflicts of interest.

4.2.6 The Smith Report (2003)

- 19 -

As an accompaniment to the Higgs Report, another review was commissioned by the UK government in

response to the Enron scandal, inter alias, with the aim of examining the role of the audit committee in

UK corporate governance. The Report was published in January 2003.

5. Development of rules-based Sarbanes-Oxley Act in USA

5.1 Impetus and background

Following directly from the financial scandals of Enron, WorldCom, and Global Crossing in which it was

perceived that the close relationship between companies and their external auditors was largely to blame,

the US Congress agreed reforms together with changes to the NYSE Listing Rules which have had a

significant impact not just in the US but around the world. The changes are embodied in the Accounting

Industry Reform Act 2002, widely known as the Sarbanes-Oxley Act.

5.2 Main provisions/contents

One of the most publicized aspects of the Act was the requirement for CEOs and CFOs to certify that

quarterly and annual reports filed on forms 10-Q, 10-K, and 20-F are fully compliance with applicable

securities laws and present a fair picture of the financial situation of the company. The penalties for

making this certification, whilst nonetheless aware that the information does not comply with the

requirements, are severe: up to $1m fine or imprisonment up to ten years or both!

The Act seeks to strengthen external auditor independence and also to strengthen the company's audit

committee. Listed companies, for example, must have an audit committee comprised only of

independent members, and must also disclose whether it has at least one 'audit committee financial

expert' on its audit committee. The 'audit committee financial expert' should be named and the company

should state whether the expert is independent of management.

The Act establishes a new regulatory body for auditors of US listed firms, the Public Company

Accounting Oversight Board (PCAOB) with which all auditors of US listed companies has to register,

including non-US audit firms. Correspondingly, the Securities Exchange Commission (SEC) has issued

separate rules which encompass the prohibition of some non-audit services to audit clients, mandatory

rotation of audit partners, and auditors' reports on the effectiveness of internal controls.

The SEC implementation of the Sarbanes-Oxley Act prohibits nine non-audit services that might

impair auditor independence. In many cases these effectively prohibit the audit firm from either

auditing accounting services provided by the audit firm's staff or providing help with systems which will

then be audited by the audit firm. These nine areas cover:

(a) Book-keeping or other services related to the accounting records or financial statements of the audited

company;

(b) Financial information system design and implementation

- 20 -

(c) Appraisal or valuation services, fairness opinion, or contribution-in-kind reports (where the firm

provides its opinion on the adequacy of consideration in a transaction);

(d) Actuarial services

(e) Internal audit outsourcing services

(f) Management function/human resources (an auditor should not be a director, officer, or employee of an

audit client nor perform any executive role for the audit client such as supervisory, decision-making, or

monitoring);

(g) Broker or dealer, investment adviser, or investment banking services

(h) Legal services or expert services unrelated to the audit;

(i) Any other services that the PCAOB decides are not permitted

6. Universal codes

Should corporate governance provisions vary by country?

Support:

corporate governance provisions vary depending on such factors as local business culture, businesses’

capital structures, the extent of development of capital funding of businesses and the openness of stock

markets.

Against:

(a) Although business cultures vary around the world, all business financed by private capital have private

shareholders

(b) ignore the needs of local investors to have their interests adequately represented. This dilution, in turn,

may allow bad practice, when present, to exist and proliferate.

(c) In terms of the effects of macroeconomic systems, ignore the need for sound governance systems to

underpin confidence in economic systems.

6.1. Organization for economic cooperation and development (OECD) Report (2004)

The principles are grouped into five broad areas, namely

(a)The rights of shareholders

(b)The equitable treatment of shareholders

(c)The role of stakeholders

(d) Disclosure and transparency

(e) The responsibilities of the board

- 21 -

6.2 International corporate governance network (ICGN) Report (2005)

The ICGN guidance emphasizes the following points in particular:

(a) Board

(b) Shareholders

(c) Audit and accounts

(d) Ethics and stakeholde

- 22 -

Chapter 4. the Board of Directors

1. Introduction

A firm's board of directors plays a very important role in reducing problems inherent in the separation of

ownership and control.

2. Role and responsibilities of the board

Legally, most jurisdictions describe the director as having two duties, namely

(a) The duty of care

Requires that a director must exercise due diligence in making decisions. He must discover as much

information as possible on the question at issue and be able to show that, in reaching a decision, he has

considered all reasonable alternatives.

(b) The duty of loyalty

Require that a director must demonstrate uncompromising loyalty to the company's shareholders. Thus, if

a director sat on the boards of two companies with conflicting interests (both trying to buy a third party

business; for example), he would be forced to resign from one board because clearly he could not

demonstrate loyalty to the shareholders of both companies at the same time.

3. Unitary board versus two-tier board

3.1 Form corporate governance perspective:

3.1.1 Unitary board（UK、US、Outside model、Market oriented）

A unitary board of directors is characterized by one single board comprising of both executive and

non-executive directors. The unitary board is responsible for all aspects of the company's activities and

all the directors are working to achieve the same ends. The shareholders elect the directors to the board

at the company's annual general meeting.

3.1.2 Two-tier board (France、Germany、Japan、inside model、bank oriented)

(a) Supervisory board: appoints, supervises and advises members of the management board. A

separate chairman co-ordinates the work and members are elected by shareholders at the AGM.

(b) Management board: responsible for managing the enterprise with the CEO to co-ordinate activity.

- 23 -

3.1.2.1 Advantages:

(a) Clear separation between those that manage the company and those own it or must control it for the

benefit of shareholders.

(b) Implicit shareholders involvement in most cases since these structures are used in countries where

insider control is prevalent.

(c) Wider stakeholder involvement implicit through the use of worker representation.

(d) Independence of thought, discussion and decision since board meetings and operation are separated.

(e) Direct power over management through the right to appoint members of the management board.

3.1.2.2 disadvantages:

(a) Dilution of power through stakeholder involvement.

(b) Isolation of supervisory board through non-participation in management meetings.

(c) Agency problems between the two boards.

(d) Added bureaucracy and slower decision making.

3.2 Form operational perspective:

3.2.1 unitory board

Bring divisional or departmental managers into strategic decision making.

Advantages:

(a) provide more feedback into the decision making process, input from more people, provide more views.

technical, detailed financial or operational details would be of benefit to the decision.

(b) may not enjoy the full support of those key departmental directors who will be required to implement

the decision.

(c) without a full understanding of operations, an inappropriate decision may be taken by the corporate

board and unworkable procedures implemented.

3.2.2 two tier board

Upper lever : small number of directors responsible for strategic decision making

Lower lever: middle line mangers responsible for strategy implementation.

Advantages:

(a) A smaller board can act quick and decisively in a way that larger and more cumbersome boards

cannot.

(b) meetings of larger numbers of people require excessive consultation, discussion and debate before a

decision can be reached.

(c) a small number of people is therefore easier, cheaper and quicker to arrange because there are fewer

diaries to match.

(d) focus on both the efficiency and effectiveness of strategic decision-making.

- 24 -

4. Unitory board（UK、US、Outside model、Market oriented）

There are in practice many types of names given in the position of directors. They are:

(a) Executive Directors -These are directors that are employed full-time with the company. They are

given a service contract that may last for five years, and are fully involved in the management and

running of the business.

(b) Non-Executive Directors -They are directors who attend to the board meetings, and committee

meetings when required and do not involve in the day-to-day management of the business.

4.1 Independent non-executive directors:

NEDs operate as a ‘corporate conscience’ and therefore need to be independent !!

(a) To provide a detached and objective view of board decisions.

(b) To provide expertise and communicate effectively.

(c) To provide shareholders with an independent voice on the board.

(d) To provide confidence in corporate governance.

(e) To reduce accusations of self-interest in the behaviour of executives.

4.2 The key functions of a NEDs: Combined Code (2003)

(a) Strategy role: this recognizes that NEDs have the right and responsibility to contribute to strategic

success, challenging strategy and offering advice on direction.

(b) Scrutinising role: NEDs are required to hold executive colleagues to account for decisions taken and

results obtained.

(c) Risk role: NEDs ensure the company has an adequate systems of internal controls and systems of

risk management in place.

(d) People role: NEDs oversee a range of responsibilities with regard to the appointment and

remuneration of executives and will be involved in contractual and disciplinary issues.

4.3 The effectiveness of NEDs: Combined Code (2003)

(a) Upholds the highest ethical standards of integrity and probity.

(b) Supports executives in their leadership of the business while monitoring their conduct.

(c) Questions intelligently, debate constructively, challenges rigorously and decide dispassionately.

(e) Listens sensitively to the views of others, inside and outside the board.

(f) Gains the trust and respect of other board members.

- 25 -

(g) Promotes the highest standards of corporate governance and seeks compliance with the previous of

the Combined Code.

5. The roles of Chairman and Chief Executive Officer

Chairman: running the board

CEO: running the company

5.1 Accountability and separation of roles

(a) Shareholders have an identified person (chairman) to hold accountable for the performance of their

investment.

(b) The chairman scrutinises the chief executive’s management performance on behalf of the

shareholders

(c) The presence of a separate chairman ensures that a system is in place to ensure NEDs have a person

to report to outside the executive structure.

5.2 benefits of the separation of the roles of chief executive and chairman

(a) expected to represent shareholders’ interests

(b) Reduces the risk of a conflict of interest

(c) removes the risks of ‘unfettered powers’ being concentrated in a single individual, lack of transparency

and accountability.

(d) fully concentrate on the management of the organisation without the necessity to report to

shareholders

(e) a conduit for the concerns of non-executive directors who, in turn, provide an important external

representation of external concerns on boards of directors.

5.3 roles of the chairman in corporate governance

(a) chairman is the leader of the board of directors

(b) ensuring the board’s effectiveness as a unit, in the service of the shareholders

(c) setting the board’s agenda and ensuring that board meetings take place on a regular basis.

(d) represents the company to investors and other outside stakeholders/constituents, ‘public face’,

communication with shareholders.

(e) co-ordinating the contributions of non-executive directors (NEDs) and facilitating good relationships

between executive and non-executive directors.

- 26 -

6. UK Combined code provision June 2010 (much more than company

law)

Section A: Leadership

Every company should be headed by an effective board which is collectively responsible for the long-term

success of the company.

There should be a clear division of responsibilities at the head of the company between the running of the

board and the executive responsibility for the running of the company’s business. No one individual

should have unfettered powers of decision.

The chairman is responsible for leadership of the board and ensuring its effectiveness on all aspects of its

role.

As part of their role as members of a unitary board, non-executive directors should constructively

challenge and help develop proposals on strategy.

Section B: Effectiveness

The board and its committees should have the appropriate balance of skills, experience, independence

and knowledge of the company to enable them to discharge their respective duties and responsibilities

effectively.

There should be a formal, rigorous and transparent procedure for the appointment of new directors to the

board.

All directors should be able to allocate sufficient time to the company to discharge their responsibilities

effectively.

All directors should receive induction on joining the board and should regularly update and refresh their

skills and knowledge.

The board should be supplied in a timely manner with information in a form and of a quality appropriate to

enable it to discharge its duties.

The board should undertake a formal and rigorous annual evaluation of its own performance and that of

its committees and individual directors.

All directors should be submitted for re-election at regular intervals, subject to continued satisfactory

performance.

Section C: Accountability

The board should present a balanced and understandable assessment of the company’s position and

prospects.

- 27 -

C 2 The board is responsible for determining the nature and extent of the significant risks it is willing to

take in achieving its strategic objectives. The board should maintain sound risk management and internal

control systems.

The board should establish formal and transparent arrangements for considering how they should apply

the corporate reporting and risk management and internal control principles and for maintaining an

appropriate relationship with the company’s auditor.

Section D: Remuneration

Levels of remuneration should be sufficient to attract, retain and motivate directors of the quality required

to run the company successfully, but a company should avoid paying more than is necessary for this

purpose.

A significant proportion of executive directors’ remuneration should be structured so as to link rewards to

corporate and individual performance.

There should be a formal and transparent procedure for developing policy on executive remuneration and

for fixing the remuneration packages of individual directors. No director should be involved in deciding his

or her own remuneration.

Section E: Relations with Shareholders

There should be a dialogue with shareholders based on the mutual understanding of objectives. The

board as a whole has responsibility for ensuring that a satisfactory dialogue with shareholders takes

place.

The board should use the AGM to communicate with investors and to encourage their participation.

- 28 -

Chapter 5. Board committees

1. Remuneration committee

Objective and independent, consists majority of NEDs.

(a) the committee is charged with determining remunerations policy on behalf of the board and the

shareholders.

(1) pay scales applied to directors’ packages

(2) proportions of different types of reward within the overall package

(3) periods in which performance related elements become payable

(b) the committee ensures that each director is fairly but responsibly rewarded for their individual

contribution in terms of levels or pay and the components of each director’s package

(1) market conditions

(2) retention needs

(3) long-term strategy

(4) market rates for a given job.

(c) the remunerations committee reports to the shareholders on the outcomes of their decisions, usually in

the corporate governance section of the annual report

(d) where appropriate and required by statute or voluntary code, the committee is required to be seen to

be compliant with relevant laws or codes of best practice. This will mean that the remunerations

committee will usually be made up of nonexecutive members of the board and will meet at regular

intervals.

2. Nomination committee

(a) It advises on the balance between executives and independent non-executive directors and

establishes the appropriate number and type of NEDs on the board. The nominations committee is

usually made up of NEDs.

(b) It establishes the skills, knowledge and experience possessed by current board and notes any gaps

that will need to be filled.

(c) It acts to meet the needs for continuity and succession planning, especially among the most senior

members of the board.

(d) It establishes the desirable and optimal size of the board, bearing in mind the current size and

complexity of existing and planned activities and strategies.

- 29 -

(e) It seeks to ensure that the board is balanced in terms of it having board members from a

diversity of backgrounds so as to reflect its main constituencies and ensure a flow of new ideas and the

scrutiny of existing strategies.

3. Risk committee

Related to risk management:

(a) Champion and promoter of enterprise risk management (i.e. risk awareness and training) across

the group.

(b) Estiblish risk management police:

(1) risk appetite

(2) how to identify risk, types of risk, source of risk

(3) how to evaluate risk

(4) how to manage risk

(c) Ensure implementation of the Risk Management Policy.

(1) risk manager

(2) ensure resources and cooperation

(d) review and evaluate departmental risk management report.

(e) Responsible for ensuring that all action plans are acted upon and addressed.

(f) Responsible for ensuring that all strategic business risks are considered.

(g) Review Enterprise Risk Profile for effectiveness of management of risks.

(h) Provide quarterly reporting and update on key risk management issues to the board

Related to investment decision:

(a) Propose to the board the monetary threshold and nature of proposed investments that require risk

committee's evaluation and endorsement before submission to the board.

(b) Review investment proposals prepared by the respective person in charged.

(c) Review and feedback on evaluation of investment proposals to the board for final decision.

The UK Combined Code, allows for risk committees to be made up of either executive or non-executive

members.

Advantages of non-executive membership:

- 30 -

(a) Separation and detachment from the content being discussed is more likely to bring independent

scrutiny.

(b) Non-executive directors often bring specific expertise that will be more relevant to a risk problem than

more operationally-minded executive directors will have.

Disadvantages of non-executive membership:

Non-executives are less likely to have specialist knowledge of products, systems and procedures

being discussed and will therefore be less likely to be able to comment intelligently during meetings.

- 31 -

Chapter 6. Directors' remuneration

Solutions to agency problems tend to fall into two categories: incentives and monitoring.

Components:

The remuneration package offered to a senior executive has to be sufficiently good to attract him or

her to accept the position.

The remuneration package for a senior executive is likely to consist of a combination of:

(a) An annual compensation; and

(b) A long-term compensation.

(a)The annual compensation could consist of:

(1) Basic salary;

(2) Possibly, a payment by the company into a personal pension scheme arrangement for the individual;

(3) A bonus, tied perhaps to the annual financial performance of the company;

(4) Various perk, such as membership of the company's health insurance scheme, private use of

company's aircraft or boats, and so on.

(b) The long-term compensation could consist of:

(1) Share options which give directors the right to purchase shares at a specified exercise price over a

specified time period; and

(2) Company shares (sometimes called 'restricted stock awards') with limits on their transferability for a

set time (usually a few years), and various performance conditions should be met.

An executive might also have a severance payment arrangement, whereby the company is committed to

giving the individual a minimum severance payment if he or she is forced to leave the company.

1. Basic salary

Basic salary is received by a director in accordance with the terms of his contract. This element is not

related either to the performance of the company nor to the performance of the individual director. The

amount will be set with due regard to the size of the company, the industry sector, the experience of the

individual director, and the level of base salary in similar companies.

Usually, salaries less than the 50th percentile are considered under market, while salaries in the 50th to

75th percentile are competitive. CEO's base salary has continuously drifted upward because CEOs

typically argue for competitive salaries.

- 32 -

2. Performance related incentives (shorterm)

Some potential performance targets are listed below:

(a) Shareholder return;

(b) Share price (and other market based measures);

(c) profit-based measures;

(d) return on capital employed;

(e) Earnings per share;

(f) Individual director performance (in contrast to corporate performance measures).

3. Shares and share options

3.1 Share options

The following list cites improperly aligned incentives involving options.

(a) Shareholder returns combine both stock price appreciation and dividends. The stock option is only

affected by price appreciation. Therefore, The CEO might forgo increasing dividends in favour of using

the cash to try to increase the stock price.

(b) The stock price is more likely to increase when the CEO accepts risky projects. Therefore, when a firm

uses option to compensate the CEO, he or she has a tendency to pick a higher risk business strategy.

In view of this, some commentators had argued that there should be controls over the sale of shares by

executives after they have exercised options in order to make a large and immediate cash gain.

3.2 Shares

Instead of share options, some companies make 'restricted stock grant' awarding share with limits on its

transferability for a set time, usually two or three years, but sometimes for the executive's tenure with the

company.

Unlike an option, restricted stock has value unless the share price goes down to zero and since executive

paid nothing for these grants, this was compensation that was all upside with little downside. They are low

in risk and are thus made by boards who do not think the share's price will go up.

3.3 Compensation for loss of office

Another area that has attracted attention, and which is addressed in joint ABI/National Association of

Pension Funds (NAPF) guidance, is the area of 'golden goodbyes'. Often the departure of

under-performing directors triggers a clause in their contract which leads to a large undeserved pay-off,

- 33 -

which is seen as inappropriate. In response to the criticism, some companies are cutting the notice period

from one year to; say six months so that a non-performing director whose contract is terminated receives

six month's salary rather than one year's salary.

- 34 -

Chapter 7. Governance: Reporting, Disclosure and

Communication

1. Define transparency

transparency means openness (say, of discussions), clarity, lack of withholding of relevant information

unless necessary and a default position of information provision rather than concealment.

1.1 Reasons for secrecy/confidentiality

(a) keep strategy discussions secret from competitors

(b) discussion often has to take place before an agreed position is announced.

2. Mandatory and voluntary disclosures

2.1 Mandatory disclosures

These are components of the annual report mandated by law, regulation or accounting standard.

Examples include (in most jurisdictions)：

(a) Statement of comprehensive income,

(b) Statement of financial position (balance sheet),

(c) Statement of cashflow,

(d) statement of changes in equity,

(e) Operating segmental information,

(f) Auditors’ report,

(g) Corporate governance disclosure such as remuneration report

2.2 Voluntary disclosures

These are components of the annual report not mandated in law or regulation but disclosed nevertheless.

They are typically mainly narrative rather than numerical in nature.

Examples include (in most jurisdictions):

(a) risk information,

(b) social and environmental information

- 35 -

3. Evaluation of importance of transparency and disclosure ( specially

voluntary disclosures)

(a) Helps transparency in communicating more fully thereby better meeting the agency accountability to

investors, particularly shareholders.

(b) More information helps investors decide whether the company matches their risk, strategic and

ethical criteria, and expectations.

(c) redressing the information asymmetry

(d) Makes the annual report more forward looking (predictive) whereas the majority of the numerical

content is backward facing on what has been.

(e) Voluntary disclosure gives a more rounded and more complete view of the company, its activities,

strategies, purposes and values.

(f) Voluntary disclosure enables the company to address specific shareholder concerns as they arise.

- 36 -

PART B INTERNAL CONTROL AND REVIEW

Chapter 8. Internal control system and review concepts and

practices

FINANCIAL REPORTING COUNCIL

INTERNAL CONTROL

REVISED GUIDANCE FOR DIRECTORS ON THE COMBINED CODE

OCTOBER 2005 (The Turnbull guidance)

One – Introduction

The importance of internal control and risk management

1 A company's system of internal control has a key role in the management of risks that are significant to

the fulfilment of its business objectives. A sound system of internal control contributes to safeguarding the

shareholders' investment and the company's assets.

2 Internal controls (as referred to in paragraph 19) facilitates the effectiveness and efficiency of operations,

helps ensure the reliability of internal and external reporting and assists compliance with laws and

regulations.

3 Effective financial controls, including the maintenance of proper accounting records, are an important

element of internal control. They help ensure that the company is not unnecessarily exposed to avoidable

financial risks and that financial information used within the business and for publication is reliable. They

also contribute to the safeguarding of assets, including the prevention and detection of fraud.

4 A company's objectives, its internal organisation and the environment in which it operates are

continually evolving and, as a result, the risks it faces are continually changing. A sound system of internal

control therefore depends on a thorough and regular evaluation of the nature and extent of the risks to

which the company is exposed. Since profits are, in part, the reward for successful risk-taking in business,

the purpose of internal control is to help manage and control risk appropriately rather than to eliminate it.

Objectives of the guidance

5 This guidance is intended to:

• reflect sound business practice whereby internal control is embedded in the business processes by

which a company pursues its objectives;

• remain relevant over time in the continually evolving business environment; and

• enable each company to apply it in a manner which takes account of its particular circumstances.

- 37 -

The guidance requires directors to exercise judgement in reviewing how the company has implemented

the requirements of the Combined Code relating to internal control and reporting to shareholders thereon.

6 The guidance is based on the adoption by a company's board of a risk-based approach to establishing a

sound system of internal control and reviewing its effectiveness. This should be incorporated by the

company within its normal management and governance processes. It should not be treated as a

separate exercise undertaken to meet regulatory requirements.

Internal control requirements of the Combined Code

7 Principle C.2 of the Code states that 'The board should maintain a sound system of internal control to

safeguard shareholders' investment and the company's assets'.

8 Provision C.2.1 states that 'The directors should, at least annually, conduct a review of the

effectiveness of the group's system of internal control and should report to shareholders that they have

done so. The review should cover all material controls, including financial, operational and compliance

controls and risk management systems'.

Two - Maintaining a sound system of internal control

Responsibilities

15 The board of directors is responsible for the company's system of internal control. It should set

appropriate policies on internal control and seek regular assurance that will enable it to satisfy itself that

the system is functioning effectively. The board must further ensure that the system of internal control is

effective in managing those risks in the manner which it has approved.

16 In determining its policies with regard to internal control, and thereby assessing what constitutes a

sound system of internal control in the particular circumstances of the company, the board's deliberations

should include consideration of the following factors:

• The nature and extent of the risks facing the company;

• The extent and categories of risk which it regards as acceptable for the company to bear;

• The likelihood of the risks concerned materialising;

• The company's ability to reduce the incidence and impact on the business of risks that do materialise;

and

• The costs of operating particular controls relative to the benefit thereby obtained in managing the related

risks.

- 38 -

17 It is the role of management to implement board policies on risk and control. In fulfilling its

responsibilities management should identify and evaluate the risks faced by the company for

consideration by the board and design, operate and monitor a suitable system of internal control which

implements the policies adopted by the board.

18 All employees have some responsibility for internal control as part of their accountability for achieving

objectives. They, collectively, should have the necessary knowledge, skills, information, and authority to

establish, operate and monitor the system of internal control. This will require an understanding of the

company, its objectives, the industries and markets in which it operates, and the risks it faces.

Elements of a sound system of internal control

20 A company's system of internal control will reflect its control environment which encompasses its

organisational structure. The system will include:

• Control activities;

• Information and communications processes; and

• Processes for monitoring the continuing effectiveness of the system of internal control.

21 The system of internal control should:

• be embedded in the operations of the company and form part of its culture;

• be capable of responding quickly to evolving risks to the business arising from factors within the

company and to changes in the business environment; and

• include procedures for reporting immediately to appropriate levels of management any significant control

failings or weaknesses that are identified together with details of corrective action being undertaken.

22 A sound system of internal control reduces, but cannot eliminate, the possibility of poor

judgement in decision-making; human error; control processes being deliberately circumvented by

employees and others; management overriding controls; and the occurrence of unforeseeable

circumstances.

23 A sound system of internal control therefore provides reasonable, but not absolute, assurance that a

company will not be hindered in achieving its business objectives, or in the orderly and legitimate conduct

of its business, by circumstances which may reasonably be foreseen. A system of internal control cannot,

however, provide protection with certainty against a company failing to meet its business objectives or all

material errors, losses, fraud, or breaches of laws or regulations.

Three - Reviewing the effectiveness of internal control

Responsibilities

- 39 -

24 Reviewing the effectiveness of internal control is an essential part of the board's responsibilities. The

board will need to form its own view on effectiveness based on the information and assurances provided

to it, exercising the standard of care generally applicable to directors in the exercise of their duties.

Management is accountable to the board for monitoring the system of internal control and for providing

assurance to the board that it has done so.

25 The role of board committees in the review process, including that of the audit committee, is for the

board to decide and will depend upon factors such as the size and composition of the board; the scale,

diversity and complexity of the company's operations; and the nature of the significant risks that the

company faces. To the extent that designated board committees carry out, on behalf of the board, tasks

that are attributed in this guidance document to the board, the results of the relevant committees' work

should be reported to, and considered by, the board. The board takes responsibility for the disclosures on

internal control in the annual report and accounts.

The process for reviewing effectiveness

26 Effective monitoring on a continuous basis is an essential component of a sound system of internal

control. The board cannot, however, rely solely on the embedded monitoring processes within the

company to discharge its responsibilities. It should regularly receive and review reports on internal control.

In addition, the board should undertake an annual assessment for the purposes of making its public

statement on internal control to ensure that it has considered all significant aspects of internal control for

the company for the year under review and up to the date of approval of the annual report and accounts.

27 The board should define the process to be adopted for its review of the effectiveness of internal control.

This should encompass both the scope and frequency of the reports it receives and reviews during the

year, and also the process for its annual assessment, such that it will be provided with sound,

appropriately documented, support for its statement on internal control in the company's annual report

and accounts.

28 The reports from management to the board should, in relation to the areas covered by them, provide a

balanced assessment of the significant risks and the effectiveness of the system of internal control in

managing those risks. Any significant control failings or weaknesses identified should be discussed in the

reports, including the impact that they have had, or may have, on the company and the actions being

taken to rectify them. It is essential that there be openness of communication by management with the

board on matters relating to risk and control.

Four - The board’s statement on internal control

33 The annual report and accounts should include such meaningful, high-level information as the board

considers necessary to assist shareholders' understanding of the main features of the company's risk

management processes and system of internal control, and should not give a misleading impression.

- 40 -

34 In its narrative statement of how the company has applied Code Principle C.2, the board should,

as a minimum, disclose that there is an ongoing process for identifying, evaluating and managing the

significant risks faced by the company, that it has been in place for the year under review and up to the

date of approval of the annual report and accounts, that it is regularly reviewed by the board and accords

with the guidance in this document.

35 The disclosures relating to the application of Principle C.2 should include an acknowledgement by

the board that it is responsible for the company's system of internal control and for reviewing its

effectiveness. It should also explain that such a system is designed to manage rather than eliminate the

risk of failure to achieve business objectives, and can only provide reasonable and not absolute

assurance against material misstatement or loss.

36 In relation to Code Provision C.2.1, the board should summarise the process it (where applicable,

through its committees) has applied in reviewing the effectiveness of the system of internal

control and confirm that necessary actions have been or are being taken to remedy any significant

failings or weaknesses identified from that review. It should also disclose the process it has applied to

deal with material internal control aspects of any significant problems disclosed in the annual report and

accounts.

- 41 -

Chapter 9. Internal Audit Function and Compliance in Corporate

Governance

1. The role of internal audit function:

(a) Independent checking, examination and evaluation the internal control system established by

executive director.

(1) Internal control over financial reporting (ICFR)/Financial and internal control system

(2) F.S whether show true and fair view

(3) Internal control over operation

(4) Operational information (management information)

(5) Other areas e.g. IT audit; Fraud investigation; corporate social responsibility (CSR) ; compliance audit

etc.

2. The factors that are typically considered when deciding to establish

internal audit in an organisation:

(a) The scale, diversity and complexity of the company’s activities.

(b) The number of employees. Size.

(c) Cost-benefit considerations

(d) Changes in the organisational structures, reporting processes or underlying information systems.

(e) Changes in key risks could be internal or external in nature.

(f) Problems with existing internal control systems.

(g) An increased number of unexplained or unacceptable events.

(h) System failures or similar events are a clear demonstration of internal control weakness

3. Advantages of appointing internal auditor from outside the company:

(a) external appointment would bring detachment and independence

(b) an external appointment would help with independence and objectivity. owe no personal loyalties nor

‘favours’ from previous positions. have no personal grievances nor conflicts with other people.

- 42 -

(c) Some benefit would be expected from the ‘new broom’ effect in that the appointment would see the

company through fresh eyes

(d) come in with new ideas and expertise gained from other situations

(e) the possibility exists for the transfer of best practice in from outside

4. Function of audit committee

The audit committee possesses many important functions:

(a) Related to external auditor

(1) Increase the independence of external auditor

(2) Act as liaison person to facilitate the communication between the executive directors and external

auditors

(3) Act as coordinator to coordinate the work between external auditor and internal auditor

(4) To monitor the independence and quality of work of external auditor

(b) Related to internal audit function

(1) To approve the appointment or termination of appointment of the head of internal audit.

(2) To review the work of the internal audit function:

— Ensure that the internal auditor has direct access to the board chairman and to the audit committee

and is accountable to the audit

— Review and access the annual internal audit work plan.

— Review a report on the results of the internal auditor’s work on periodic bases.

— Review and monitor management’s responsiveness to the internal auditor’s findings and

recommendations

— Meet with the head of internal audit at least once a year without the presence of management, and

— Monitor and assess the role and effectiveness of the internal audit function in the overall context of the

company’s risk management system.

- 43 -

PART C RISK MANAGEMENT

Chapter 10. Defined risk management in the context of C.G

1. Necessity of risk and risk management

1.1 Risks are the opportunities and dangers associated with uncertain future events.

1.2 Risks can have an adverse (‘downside exposure’) or favourable impact (‘upside

potential’) on the organisation’s objectives.

2. Why manage risk?

Management needs to manage and monitor risk on an ongoing basis for a number of reasons:

2.1 To identify new risks that may affect the company so an appropriate risk

management strategy can be determined.

2.2 To identify changes to existing or known risks so amendments to the risk

management strategy can be made. For example, where there is an increased

likelihood of occurrence of a known risk, strategy may be amended from ignoring the

risk to possibly insuring against it.

2.3 To ensure that the best use is made of opportunities.

3. Risk management

3.1 Risk management is therefore the process of reducing the possibility of adverse

consequences either by reducing the likelihood of an event or its impact, or taking

advantage of the upside risk.

3.2 Management are responsible for establishing a risk management system in an

organisation

- 44 -

3.3 The process of establishing a risk management system is summarised in the

following diagram:

Risk management process:

4. Enterprise Risk Management (ERM) can be defined as the:

‘process effected by an entity’s board of directors, management and other personnel, applied in strategy

setting and across the enterprise, designed to identify potential events that may affect the entity, and

manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of

entity objectives’.

Enterprise Risk Management – Integrated Framework, the Committee of Sponsoring

Organisations, COSO, 2004

4.1. Principles of ERM

The key principles of ERM include:

consideration of risk management in the context of business strategy

risk management is everyone’s responsibility, with the tone set from the top

PROCESS OF RISK MANAGEMENT

RISK

IDENTIFICATION

LIST OF

POTENTIAL RISKS

RISK

ASSESSMENT

PRIORITISED

RISK LIST

RISK

PLANNING

RISK AVOIDANCE AND

CONTINGENCY PLANS

RISK

MONITORING

RISK

AUDIT

- 45 -

the creation of a risk aware culture

a comprehensive and holistic approach to risk management

consideration of a broad range of risks (strategic, financial, operational and compliance)

a focused risk management strategy, led by the board

4.2 Expandable text – Components of the ERM framework

The eight components are closely aligned to the risk management process addressed above, and also

reflect elements from the COSO view of an effective internal control system:

Internal environment: This is the tone of the organisation, including the risk management

philosophy and risk appetite.

Objective setting: Objectives should be aligned with the organisation’s mission and need to be

consistent with the organisation’s defined risk appetite.

Event identification: These are internal and external events (both positive and negative) which

impact upon the achievement of an entity’s objectives and must be identified.

Risk assessment: Risks are analysed to consider their likelihood and impact as a basis for

determining how they should be managed.

Risk response: Management selects risk response(s) to avoid, accept, reduce or share risk. The

intention is to develop a set of actions to align risks with the entity’s risk tolerances and risk appetite.

Control activities: Policies and procedures help ensure the risk responses are effectively carried

out.

Information and communication: The relevant information is identified, captured and

communicated in a form and timeframe that enables people to carry out their responsibilities.

Monitoring; the entire ERM process is monitored and modifications made as necessary.

- 46 -

Chapter 11. Risk identification

1. Risk identification: Strategic and operational risks

1.1 Strategic risks:

Risks arising from the possible consequences of strategic decisions taken by the organisation

also arise from the way that an organisation is strategically positioned within its environment

should be identified and assessed at senior management and board or director level.

1.2 Operational risks:

refer to potential losses that might arise in business operations

include risks of fraud or employee malfeasance, poor quality production or lack of inputs for

production

can be managed by internal control systems.

1.3 Risk identification: Business risks

Businesses face risks from a number of different sources, including those shown below.

In the exam you may be required to identify risks, or types or risk, facing a business. The risks listed

below are not exhaustive but illustrate many of the typical risks that affect a business.

Market risks. Risks which derive from the sector in which the business is operating, and from its

customers.

Product risk. The risk that customers will not buy new products (or services) provided by the

organisation, or that the sales demand for current products and services will decline unexpectedly.

Commodity price risk. Businesses might be exposed to risks from unexpected increases (or falls) in

the price of a key commodity/

Product reputation risk. Some companies rely heavily on brand image and product reputation, and

an adverse event could put its reputation (and so future sales) at risk.

RISK

CATEGORISED BY

STRATEGIC

AFFECTS THE OVERALL

MISSION OF THE

COMPANY.

OPERATIONAL

AFFECTS THE

DAY-TO-DAY ACTIVITIES

OF THE COMPANY

- 47 -

Credit risk. Credit risk is the possibility of losses due to non-payment, or late payment, by

customers.

Currency risk. Currency risk, or foreign exchange risk, arises from the possibility of movements in

foreign exchange rates, and the value of one currency in relation to another.

Interest rate risk. Interest rate risk is the risk of unexpected gains or losses arising as a

consequence of a rise or fall in interest rates.

Gearing risk. Gearing risk for non-bank companies is the risk arising from exposures to high

financial gearing and large amounts of borrowing.

Political risk. Political risk depends to a large extent on the political stability in the countries in which

an organisation operates and the attitudes of governments towards rotectionism.

Legal, or litigation risk arises from the possibility that regulations will affect the way an organisation

has to operate.

Compliance risk is the risk of losses, possibly fines, resulting from non-compliance with laws or

regulations.

Technology risk arises from the possbility that technological change will occur.

Economic risk refers to the risks facing organisations from changes in economic conditions, such as

economic growth or recession, government spending policy and taxation policy, unemployment levels and

international trading conditions.

Environmental risk arises from changes to the environment over which an organisation has no

direct control or for occurrences for which the organisation might be responsible.

Business probity risk is related to the governance and ethics of the organisation.

Derivatives risk refers to the risks due to the use of financial instruments.

- 48 -

Chapter 12. Risk assessment

1. Assessing risks

RISK

CATEGORISED BY

SEVERITY (HAZARD)

THE IMPACT OF THE

RISK ON THE

ORGANISATION

PROBABILITY

THE LIKELIHOOD OF

THE RISK ACTUALLY

OCCURRING.

IMPACT/CONSEQUENCE

LOW HIGH

H

I

G

H

L

O

W

L

I

K

E

L

I

H

O

O

D

- 49 -

Chapter 13. Response to assessed risk (how to manage risk?)

1. The role of the board

The board will generally delegate these activities to a risk committee:

Related to risk management:

(a) Champion and promoter of enterprise risk management (i.e. risk awareness and training) across the

group.

(b) Estiblish risk management police:

(1) risk appetite

(2) how to identify risk, types of risk, source of risk

(3) how to evaluate risk

(4) how to manage risk

(c) Ensure implementation of the Risk Management Policy.

(1) risk manager

(2) ensure resources and cooperation

(d) review and evaluate departmental risk management report.

(e) Responsible for ensuring that all action plans are acted upon and addressed.

(f) Responsible for ensuring that all strategic business risks are considered.

(g) Review Enterprise Risk Profile for effectiveness of management of risks.

(h) Provide quarterly reporting and update on key risk management issues to the board

1.1 Risk appetite

Risk appetite is determined by:

Risk capacity – the amount of risk that the organisation can bear, and

Risk attitude – the overall approach to risk, in terms of the board being risk averse or risk seeking.

2. Role of the risk manager

- 50 -

The risk manager is a member of the risk management committee, reporting directly to that

committee and the board.

The role focuses primarily on implementation of risk management policies.

The manager is supported and monitored by the risk management committee.

The role is more operational than strategic.

Policy is set by the board and the risk management committee and implemented by the risk manager.

3. Risk awareness

In general terms, a lack of risk awareness means that an organisation has an inappropriate risk

management strategy.

Risks affecting the organisation may not have been identified meaning there will be a lack of control

over that risk.

Risks may occur and the control over that risk is not active due to lack of monitoring and awareness.

Continued monitoring within the organisation is therefore required to ensure that risk management

strategies are updated as necessary.

4. Embedding risk

The aim of embedding risk management is to ensure that it is ‘part of the way we do business’ (to

misquote Handy)

It can be considered at two levels:

- embedding risk in systems

- embedding risk in culture

4.1 Embedding risk in systems

Embedding risk in systems applies to the concept of ensuring that risk management is included

within the control systems of an organisation.

In this context, a control system helps ensure that other systems (e.g. the accounting system) are

working correctly.

Risk management is not seen as a separate system.

In many jurisdictions, this is a statutory requirement (e.g. US) while in others it is a code of best

practice (e.g. UK).

To be successful, embedding risk management needs approval and support from the board.

RISK MANAGER

MEMBER OF RISK

COMMITTEE.

IMPLEMENTS

RISK

MANAGEMENT

POLICIES

OPERATIONAL

ROLE

- 51 -

The process of embedding risk management within an organisation’s systems and procedures can be

outlined as follows:

Identify the controls that are already operating within the organisation.

Monitor those controls to ensure that they work

Improve and refine the controls as required.

Document evidence of monitoring and control operation (using performance metrics or independent

assessment such as internal or external audit).

4.2 Embedding risk in cluture

As noted above, risk management needs to be embedded into policies and procedures in an

organisation.

However, the policy may still fail unless all workers in a company (board to employees) accept the

need for risk management.

Embedding risk into culture and values therefore implies that risk management is ‘normal’ for the

organisation.

Methods of embedding risk management in the culture and values of an organisation include:

aligning individual goals with those of the organisation

including risk management responsibilities within job descriptions

establishing reward systems which recognise that risks have to be taken in practice (e.g. not having a

‘blame’ culture)

establishing metrics and performance indicators that can monitor risks and provide an early

EMBEDDING RISK IN SYSTEMS

CONTROL

SYSTEMS

INCLUDE RISK

MANAGEMENT

RISK

MANAGEMENT

NOT A SEPARATE

SYSTEM.

NEEDS BOARD

SUPPORT.

EMBEDDING RISK IN CULTURE

IMPLIES RISK

MANAGEMENT IS

‘NORMAL’

ACTIVITY

SUCCESS

DEPENDS ON

ORGANISATIONAL

CULTURE.

MAIN EMPHASIS –

LACK OF BLAME

CULTURE.

- 52 -

warning if it is seen that risks will actually occur and affect the organisation.

Informing all staff in an organisation of the need for risk management, and publishing success

stories to show how embedding risk management in the culture has benefited both organisation and staff.

5. Risk management: TARA (or SARA)

Strategies for managing risks can be explained as TARA (or SARA): Transference (or Sharing),

Avoidance, Reduction or Acceptance.

Expandable text –Risk management using TARA

5.1 Transference.

In some circumstances, risk can be transferred wholly or in part to a third party, so that if an adverse

event occurs, the third party suffers all or most of the loss. A common example of risk transfer is insurance.

Businesses arrange a wide range of insurance policies for protection against possible losses. This

strategy is also sometimes referred to as sharing.

5.2 Avoidance.

An organisation might choose to avoid a risk altogether. However, since risks are unavoidable in

business ventures, they can be avoided only by not investing (or withdrawing from the business area

completely). The same applies to not-for-profit organisations: risk is unavoidable in the activities they

undertake.

5.3 Reduction/mitigation.

A third strategy is to reduce the risk, either by limiting exposure in a particular area or attempting to

decrease the adverse effects should that risk actually crystallise.

5.4 Acceptance.

The final strategy is to simply accept that the risk may occur and decide to deal with the consequences in

that particularly situation. The strategy is appropriate normally where the adverse effect is minimal. For

example, there is nearly always a risk of rain; unless the business activity cannot take place when it rains

then the risk of rain occuring is not normally insured against.

Changes to the study guide

Relevant to ACCA qualification paper P1

I am also introducing the possibility of bringing in some simple arithmetic calculations into Paper P1 exam

papers (again, from June 2011 onwards). This is to enable some aspects of risk to be examined that

cannot be examined in a solely narrative-based answer. This is a change to the advice I gave when the

Paper P1 Study Guide was first introduced. Students should not expect complicated calculations but

should be prepared to manipulate numerical data and accordingly, a calculator may be helpful in future

- 53 -

Paper P1 exams.

New C1(c): Explain the dynamic nature of risk assessment

This entry into the Study Guide was added to emphasise the fact that risks are not static: they change

over time and between situations. One of the key features of any business environment is that the things

that affect an organisation, either internal or external factors, are very changeable. In some situations,

environmental factors change relatively little, but in other environments, risk factors can change a great

deal. These are sometimes called

‘turbulent’ environments, shown in Figure 1.

The result of this is that the assessment of any given risk can change and, thereby, the strategy for

managing that risk. The probability or impact of a risk can change over time and this change can move a

risk on the likelihood/ impact map which is often used in risk assessment (see Figure 2).

New C1 (d): Explain the importance and nature of management responses to changing risk assessments

Following on from the discussion above about changing risks, it follows that management must tailor its

risk management to match the nature of the risk threat. In terms of policy, those organisations in more

changeable (or more dynamic) environments must make a greater investment in risk management

strategies in order to manage the range and changeability of those risks. It follows that an organisation’s

risk management must match the complexity of its risks. To fail to do this would be an incongruity between

risk and response which could, in turn, be a failure in the strategy of the organisation.

- 54 -

New C1 (e): Explain risk appetite and how this affects risk policy (2)

This addition to the Study Guide introduces the notion of risk appetite which, as its name suggests, is a

measure of the general attitude to accepting risk.

Risk appetite has an important influence on the risk controls that the organisation is likely to have in place.

Organisations that actively seek to avoid risks, perhaps found more in the public sector, charitable sector

and in some ‘process’-oriented companies, do not need the elaborate and costly systems that a risk

seeking company might have. Organisations such as those trading in financial derivatives, volatile share

funds and venture capital companies will typically have complex systems in place to monitor and manage

risk. In such companies, the management of risk is likely to be a strategic core competence of the

business.

New C2 (c): Describe and evaluate the nature and importance of business and financial risks

Business risks are strategic risks that threaten the health and survival of a whole business.

A typical way of considering business risk is to examine the probability of a period of poor earnings and

possible failure, and also to consider the potential impact of that failure.

This brings us back to the notion of stakeholders because the issue is‘impact upon whom?’

C3 (f): Explain and assess the ALARP (as low as reasonably practicable) principle in risk

assessment and how this relates to severity and probability

- 55 -

The important concept here, then, is that the actual risk carried must be as low as reasonably practicable

given the range of activities undertaken and the mitigation costs.

I understand for example (not being a transport expert), that the risk likelihood of rail accidents can be

almost eliminated with the installation of a highly elaborate electronic control equipment that over-rides

human error when it occurs (such as going through red lights and exceeding speed limits). In most

countries, however, the cost of installing this equipment is so prohibitively expensive (such that it would

significantly increase the costs of rail travel) that simpler and cheaper systems are usually installed

instead. Although these cheaper systems are not as effective and rail accidents do sometimes tragically

occur, it is a compromise solution that maintains the risk as low as reasonably practicable.

C3 (g): Evaluate the difficulties of risk perception including the concepts of objective and

subjective risk perception

One of the problems with risk assessment is the quality of the information fed into the risk assessment

‘calculation’. Given that risk assessment can be a vital and strategically important activity for many

organisations, it is important that the likelihood and impacts of a risk are accurately established.

The problem arises when it is difficult to assign accurate and reliable values to those variables.

Sometimes these tasks are straightforward and sometimes they are more problematic. This raises the

issue of measurability.

Some risks can be assessed (which involves establishing the likelihood and impact) with a very high

degree of certainty. If both can be measured with scientific accuracy then we can say that the risk can be

objectively assessed. The information going into the assessment is ‘hard’ in that there is no need for

subjective judgment. In many cases, however risk problems can be ‘messy’ and it can be difficult to

accurately assign a value to a likelihood or an impact. This is where subjective judgements can be used

although there are obvious limitations with such judgments (see Table 1).

- 56 -

Why is this important thing to appreciate in risk management? The certainty of a risk assessment and its

robustness depends upon the ‘quality’ of the information used. If the assessment is based on objective

measurement of likelihood and impact, then clearly the certainty of a risk’s assessment is more robust

than if some of the assessment is based on subjective judgement. This, in turn, might affect the risk

mitigation or risk management strategy.

C3 (h): Explain and evaluate the concepts of related and correlated risk factors

One of the interesting characteristics of risks is that groups of risks sometimes go together in that they are

often present at the same time in the same organisation. A common reason for this is that the risks are in

some way related in that they have a common cause or that one type of risk can give rise to another.

A particular type of relatedness is risk correlation (sometimes called risk covariance). While two risks can

be related in that they are often present together, in order to be correlated, they must vary together (this

being the meaning of correlated). Correlated risks can be negatively correlated (one goes up as the other

declines) or positively correlated (both go up or down together).

David Campbell is examiner for Paper P1

- 57 -

PART D PROFESSIONAL VALUES AND ETHICS

Chapter 14. Ethical Theories

1. Ethics and corporate governance

Ethical considerations are at the root of many perceived problems with corporate governance in actual

practice, by members of the board. Individuals are expected to behave in an ethical way, and ethical

issues are more difficult to be regulated. Corporate governance can only provide a system and

procedures that are seen to be 'ethical' and fair to the shareholders.

Without ethical conduct, regulations and codes of practice will not work. Individuals in positions of power

will be able to circumvent rules and break the laws, and unless they act ethically, might be tempted to do

something illegal or improper in order to obtain personal gain.

2. Ethical Relativism versus absolutism

2.1 Ethical relativism

2.1.1 Definition

Ethical relativism is the theory that, because different societies have different ethical beliefs, there is no

rational way of determining whether an action is morally right or wrong other than by asking whether the

people of this or that society believe it is morally right or wrong. To put it another way: Ethical relativism is

the view that there are no ethical standards that are absolutely true and that apply or should be applied to

the companies and people of all societies.

For example, business bribery

When in Rome, do as the Romans do.

2.2 Ethical absolutism

2.2.1 Definition

Ethical absolutism, also known as universalism, maintains that there are absolute moral truths, not

relative to culture, which all entities obey at all times without exception. According to this view, ethical

judgments are universal-which means that if an action is wrong in one country, it is also wrong in other

countries.

- 58 -

3. Kohlberg's stages of human moral development

3.1 Kohlberg's three level (six stages)

Level one: pre-conventional (the individual is focused on self-interest, external rewards and

punishment)

Stage 1: obedience and punishment

Punishment and obedience orientation where the right acts are done to avoid punishment. Obeying the

rules is a means to avoid punishment

Stage 2: instrumental purpose and exchange

Right behavior being defined by what is in one’s own best interest

Level two: conventional (the individual tends to do what is expected of them by others)

Stage 3: interpersonal accord and conformity

Actions are defined by what is expected of individuals by their peers and those close to them. Live up to

others’ expectations in order to be seen to be good and then self-regard as being good

Stage 4: social accord and system maintenance

This stage of moral development, people begin to consider society as a whole when making judgments.

Fulfils social duties in order to keep the social system going

Level three: post-conventional (the individual starts to develop autonomous decision making which is

based on internal perspectives of right/wrong ethics, etc. rather than based on any external

influences)

Stage 5: social contract and individual rights

At this stage, people begin to account for the differing values, opinions, and beliefs of other people. Right

and wrong are determined by reference to basic rights, values and contracts of society

Stage 6: universal ethical principles

- 59 -

Kohlberg’s final level of moral reasoning is based upon universal ethical principles and abstract reasoning.

Follows self-chosen ethical principles which they believe everyone should follow.

4. Deontological and teleological / consequentialist approach to ethics

Traditional ethical theories generally can be differentiated into two groups namely:

(a) Consequentialist approaches, which based the moral judgment on the outcomes of a certain

action. If these outcomes are desirable then the action, in question is morally right if the

outcomes of the action are not desire, the action is morally wrong. The moral judgment in these

theories is thus based on the intended outcomes, the aims, or the goals of a certain action. Therefore,

consequentialist ethics is often also referred to by the term teleological, based on the Greek word for

'goal'

(b) Non-consequentialist which based the moral judgment on the underlying principles of the

decision-maker's motivation. An action is right or wrong, is not because we like the

consequences they produce but because the underlying principles are morally right. These theories,

also called deontological, based on the Greek word for 'duty', look at the desirability of principles, and

based on these principles, deduce a 'duty' to act accordingly in a given situation, regardless of the

desirability of the consequences.

4.1 Teleological approach

There are two main consequentiality theories:

(a) Egoism

(b) Utilitarianism

4.1.1 Egoism

'Following the theory of egoism, an action is morally right if the decision maker freely decides in order to

pursue either their (short term) desires or their (long term) interests.'

The justification for egoism lies in the underlying concept of man: as man has only limited insight into the

consequences of his actions, the only suitable strategy to achieve a good life is to pursue his own desires

or interests. Adam Smith (1793) argued that in the economic system, this pursuit of individual self- interest

was acceptable because it produced a morally desirable outcome for society through the 'invisible hand'

of the market place. This means one is likely to find a moral outcome as the end-product of a system

based on free competition and good information.

4.1.2 Utilitarianism

Utilitarianism could be defined as follows:

- 60 -

'According to utilitarianism, an action is morally right if it results in the greatest amount of good

for the greatest amount of people affected by the action.'

This principle, also called the 'greatest happiness principle' is the ultimate consequentialist principle as it

focuses solely on the consequences of an action and weighs the good results against the bad results and

finally encourages the action which results in the greatest amount of good for all people involved. Unlike

egoism, it does not only look at each individual involved to ask whether their individual desires and

interests are met, but it focuses on the collective welfare that is produced by a certain decision.

4.2 Deontological approach

There are two main types of non-consequentialist ethical theories that have been traditionally applied to

business ethics:

(a) Ethics of duties

(b) Ethics of rights and justice

4.2.1 Ethics of duties

(a) Introduction

The main contributor of this approach is German philosopher Immanuel Kant (1724-1804) who thought

that morality and the decision about right and wrong action was not dependent on a particular situation, let

alone on the consequences of the action. For Kant, morality was a question of certain eternal, abstract,

and unchangeable principles-a set of priori moral laws-that humans should apply to all ethical

problems. He saw humans as rational actors who could decide these principles for themselves.

Hence, humans could therefore also be regarded as independent moral actors who make their own

rational decisions regarding right and wrong.

Kant subsequently developed a theoretical framework through which these principles could be derived,

called the 'categorical imperative'. By this he meant that this theoretical framework should be applied to

every moral issue regardless of who is involved, who profits, and who is harmed by the principles once

they have been applied in specific situations.

The categorical imperative consists of three parts, which Kant puts forward as follows:

Maxim 1: Act only according to that maxim by which you can at the same time view that it should become

a universal law

Maxim 2: Act so that you treat humanity, whether in your own person or in that of another, always as an

end and never as a means only.

Maxim 3: Act only so that the will through its maxims could regard itself at the same time as universally

lawgiving

- 61 -

According to Kant, these three maxims can be used as tests for every possible action, and an action is to

be regarded as morally right if it 'survives' all three tests. This suggests that morality is characterized by

three important elements, each of which is tested by one of these maxims.

(b) What do the maxims mean?

Maxim 1 checks if the action could be performed by everyone and reflects the aspect of consistency,

as in an action can only be right if everyone could follow the same underlying principle.

For example, murder is an immoral action because if we allowed everyone to murder, there would be no

possibility of human life on earth; lying is immoral, because if everybody were allowed to lie, the entire

notion of 'truth' would be impossible and an organized and stable human civilization would not be

imaginable.

Maxim 2 focuses on Kant's view that humans deserve respect as independent, rational actors, and

that this human dignity should, never be ignored.

For example, we all use people as means, as soon as we employ them or pay them to provide us with

goods or services. However, this does not mean we should only treat them as means to achieve what we

want and just forget about their own needs and goals in life, and their expectations to make their own

choices.

Maxim 3 scrutinizes the element of universality. Kant wants us to check if the principles of our

actions would be acceptable for every human being. This test therefore tries to overcome

specifically the risk of subjectivity inherent to the utilitarian analysis, since it asks us to check if other

rational actors would endorse our judgment of a certain situation as well.

For example, if you would be uncomfortable if your actions were reported in the local press, you can fairly

sure that they are of doubtful moral status:

Work ethics

- 62 -

Scenario for the AAA model

An auditor uncovers an irregular cash payment and receives an unsatisfactory explanation for it from the

client’s finance director. He suspects the cash payment is a bribe paid to someone but can’t prove it. The

client then offers to pay the auditor a large amount of money if he pretends not to have noticed the

payment. The amount of money offered by the client is large enough to make a significant difference to

the auditor’s wealth. Should the auditor take the money?

Step 1: What are the facts of the case?

The facts are that the auditor has uncovered what he believes to be a bribe and has, in turn, been offered

a bribe to ignore or overlook.

Step 2: What are the ethical issues in the case?

The ethical issue is whether or not an auditor should accept a bribe. In accepting the bribe he would be

acting illegally and would also be negligent of his professional duties.

Step 3: What are the norms, principles, and values related to the case?

The norms, principles, and values are that auditors are assumed (by shareholders and others active in

capital markets) to have impeccable integrity and to assure that the company is providing a ‘true and fair

view’ of its financial situation at the time of the audit. Auditors are entrusted with the task of assuring a

company’s financial accounts and anything that prevents this or interferes with an auditor’s objectivity is a

failure of the auditor’s duty to shareholders.

Step 4: What are the alternative courses of action?

Option 1 is to accept the bribe and ignore the irregular cash payment. Option 2 is to refuse the bribe and

take appropriate actions accordingly.

Step 5: What is the best course of action that is consistent with the norms, principles, and values

identified in Step 3?

The course of action consistent with the norms, principles, and values in Step 3 is to refuse the bribe. The

auditor would report the initial irregular payment and then also probably report the client for offering the

second bribe

Step 6: What are the consequences of each possible course of action?

Under Option 1, the auditor would accept the bribe. He would enjoy the increase in wealth and

presumably an increase in his standard of living but he would expose himself to the risk of being in both

professional and legal trouble if his acceptance of the bribe was ever uncovered. He would have to ‘live

with himself’ knowing that he had taken a bribe and would be in debt to the client, knowing that the client

could expose him at any time.

- 63 -

Under Option 2, the auditor would refuse the bribe. This would be likely to have a number of unfortunate

consequences for the client and possibly for the future of the client–auditor relationship. It would, however,

maintain and enhance the reputation and social standing of auditors, maintain public confidence in audit,

and serve the best interests of the shareholders.

Step 7: What is the decision?

The ethical decision is Option 2. The auditor should refuse the bribe.

Tucker: Scenario 1

Big Company is planning to build a new factory in a developing country. Analysis shows that the new

factory investment will be more profitable than alternatives because of the cheaper labour and land costs.

The government of the developing country has helped the company with its legal compliance, which is

now fully complete, and the local population is anxiously waiting for the jobs which will, in turn, bring much

needed economic growth to the developing country. The factory is to be built on reclaimed ‘brownfield’

land and will produce a lower unit rate of environmental emissions than a previous technology.

Is it profitable?

Yes. The investment will enable the company to make a superior return than the alternatives.

The case explains that these are ‘because of the cheaper labour and land costs’.

Is it legal?

Yes. The government of the developing country, presumably very keen to attract the investment, has

helped the company with its legal issues.

Is it fair?

As far as we can tell, yes. The only stakeholder mentioned in the scenario is the workforce of the

developing country who, we are told, is ‘anxiously waiting’ for the jobs. The scenario does not mention any

stakeholders adversely affected by the investment.

- 64 -

Is it right?

Yes. The scenario explains that the factory will help the developing country with ‘much needed economic

growth’, and no counter‑arguments are given.

Is it sustainable or environmentally sound?

Yes. The scenario specifically mentions an environmental advantage from the investment.

So in this especially simplified case, the decision is clear as it passes each decision criteria in the

5-question model. In more complex situations, it is likely to be a much more finely balanced decision.

Tucker: Scenario 2

Some more information has emerged about Big Company’s new factory in the developing country. The

‘brownfield’ land that the factory is to be built on has been forcefully requisitioned from a community (the

‘Poor Community’) considered as ‘second class citizens’ by the government of the developing country.

The Poor Community occupied the land as a slum and now has nowhere to live.

Is it profitable?

Yes. The same arguments apply as before.

Is it legal?

It appears that the government of the developing country has no effective laws to prevent the forced

displacement of the Poor Community and may be complicit in the forced removal. While the investment

may not be technically illegal, it appears that the legal structures in the host country are not particularly

robust and are capable of what amounts to the oppression of the Poor Community.

Is it fair?

While the issue of the much needed employment remains important, it must be borne in mind that the jobs

are provided at the cost of the Poor Community’s homes. This apparent unfairness to the Poor

Community is a relevant factor in this question. The answer to ‘is it fair?’ will depend on the decision

maker’s views of the conflicting rights of the parties involved.

Is it right?

The new information invites the decision maker to make an ethical assessment of the rights of the Poor

Community against the economic benefits of the investment. Other information might be sought to help to

make this assessment including, for example, the legality of the Poor Community’s occupation of the site,

and options for rehousing them once construction on the site has begun.

Is it sustainable or environmentally sound?

Yes. The same arguments apply as before.

IN SUMMARY

- 65 -

The AAA model invites the decision maker to explicitly outline their norms, principles, and values, while

Tucker’s model allows for discussion and debate over conflicting claims (eg between different beliefs of

what is ‘fair’ and ‘right’). Both are potentially useful to senior decision makers.

David Campbell is examiner for Paper P1

- 66 -

Chapter 15. Different Approaches to Ethics and Social

Responsibility

1. The social responsibility of organizations

(a) All about stakeholders part 1

(b) All about stakeholders part 2

STAKEHOLDERS

The best definition of this is by Freeman, who in 1984 defined a stakeholder as: ‘Any group or

individual who can affect or [be] affected by the achievement of an organisation’s objectives’. This

definition shows the important bi-directionality of stakeholders – that they can be both affected by –

and can affect – an organisation. Of course, some stakeholders will be in both camps.

When we think of stakeholders, it is possible to list many examples, but the ones that usually come to

mind are shareholders, management, employees, trade unions, customers, suppliers, and communities.

However, larger and more complex organizations can have many more stakeholders than these.

STAKEHOLDER ‘CLAIMS’

The reason why stakeholders are important in both business ethics and in strategic analysis is because of

the notion of stakeholder ‘claims’. A stakeholder does not simply exist (as far as the organisation is

concerned) but makes demands of it. This is where understanding stakeholding can become more

complicated. Essentially, stakeholders ‘want something’ from an organisation. Some want to influence

what the organisation does (those stakeholders who want to affect) and others are, or potentially could be,

concerned with the way they are affected by the organisation and may want to increase, decrease, or

change the way the activities of the organisation affect them.

One of the problems with identifying stakeholder claims, however, is that some stakeholders may not

even know that they have a claim against an organisation, or may know they have a claim but are

unaware of what it is. This brings us to the issue of direct and indirect stakeholder claims.

Direct stakeholder claims are made by those with their own ‘voice’. These claims are usually

unambiguous, and are often made directly between the stakeholder and the organisation. Stakeholders

making direct claims will typically include trade unions, shareholders, employees, customers, suppliers

and, in some instances, local communities.

Indirect claims are made by those stakeholders unable to make the claim directly because they are, for

some reason, inarticulate or ‘voiceless’.

- 67 -

Include the stakeholder being (apparently) powerless (eg an individual customer of a very large

organisation), not existing yet (eg future generations), having no voice (eg the natural environment), or

being remote from the organisation (eg producer groups in distant countries).

This raises the problem of interpretation. The claim of an indirect stakeholder must be interpreted by

someone else in order to be expressed, and it is this interpretation that makes indirect representation

problematic.

This lack of clarity on the reliability of spokespersons for these stakeholders makes it very difficult to

operationalise (to include in a decision-making process) their claims.

UNDERSTANDING THE INFLUENCE OF EACH STAKEHOLDER (MENDELOW)

Influence = Power x Interest

The ‘map’ generated by the analysis of power and interest (on which stakeholders are plotted

accordingly) is not static; changing events can mean that stakeholders can move around the map with

consequent changes to the list of the most influential stakeholders in an organisation.

HOW TO CATEGORISE STAKEHOLDERS

Internal and external stakeholders

Perhaps the easiest and most straightforward distinction is between stakeholders inside the

organisation and those outside. Internal stakeholders will typically include employees and

management, whereas external stakeholders will include customers, competitors, suppliers, and so on.

Some stakeholders will be more difficult to categorise, such as trade unions that may have elements of

both internal and external membership

Narrow and wide stakeholders (Evans and Freeman)

- 68 -

Narrow stakeholders are those that are the most affected by the organisation’s policies and will

usually include shareholders, management, employees, suppliers, and customers who are dependent

upon the organisation’s output. Wider stakeholders are those less affected and may typically include

government, less-dependent customers, the wider community (as opposed to the local community) and

other peripheral groups. The Evans and Freeman model may lead some to conclude that an organisation

has a higher degree of responsibility and accountability to its narrower stakeholders.

Primary and secondary stakeholders (Clarkson)

According to Clarkson: ‘A primary stakeholder group is one without whose continuing participation

the corporation cannot survive as a going concern’. Hence, whereas Evans and Freeman view

stakeholders as being (or not being) influenced by an organisation, Clarkson sees the important

distinction as being between those that do influence an organisation and those that do not. Secondary

stakeholders are those that the organization does not directly depend upon for its immediate

survival.

Active and passive stakeholders (Mahoney)

Mahoney (1994) divided stakeholders into those who are active and those who are passive. Active

stakeholders are those who seek to participate in the organisation’s activities. These stakeholders

may or may not be a part of the organisation’s formal structure. Management and employees obviously

fall into this active category, but so may some parties from outside an organisation, such as regulators (in

the case of, say, UK privatised utilities) and environmental pressure groups.

Passive stakeholders, in contrast, are those who do not normally seek to participate in an

organisation’s policy making. This is not to say that passive stakeholders are any less interested or

less powerful, but they do not seek to take an active part in the organisation’s strategy. Passive

stakeholders will normally include most shareholders, government, and local communities.

Voluntary and involuntary stakeholders

This distinction describes those stakeholders who engage with the organisation voluntarily and

those who become stakeholders involuntarily. Voluntary stakeholders will include, for example,

employees with transferable skills (who could work elsewhere), most customers, suppliers, and

shareholders. Some stakeholders, however, do not choose to be stakeholders but are so nevertheless.

Involuntary stakeholders include those affected by the activities of large organisations, local communities

and ‘neighbours’, the natural environment, future generations, and most competitors.

Legitimate and illegitimate stakeholders

- 69 -

This is one of the more difficult categorisations to make, as a stakeholder’s legitimacy depends on

your viewpoint (one person’s ‘terrorist’, for example, is another’s ‘freedom fighter’). While those with an

active economic relationship with an organization will almost always be considered legitimate, others

that make claims without such a link, or that have no mandate to make a claim, will be considered

illegitimate by some. This means that there is no possible case for taking their views into account when

making decisions.

While terrorists will usually be considered illegitimate, there is more debate on the legitimacy of the claims

of lobby groups, campaigning organisations, and non-governmental/charitable organisations.

Recognised and unrecognised (by the organisation) stakeholders

The categorisation by recognition follows on from the debate over legitimacy. If an organisation considers

a stakeholder’s claim to be illegitimate, it is likely that its claim will not be recognised. This means the

stakeholder’s claim will not be taken into account when the organisation makes decisions.

Known about and unknown stakeholders

Finally, some stakeholders are known about by the organisation in question and others are not.

This means, of course, that it is very difficult to recognise whether the claims of unknown stakeholders

(eg nameless sea creatures, undiscovered species, communities in close proximity to overseas

suppliers, etc) are considered legitimate or not. Some say that it is a moral duty for organisations to seek

out all possible stakeholders before a decision is taken and this can sometimes result in the adoption of

minimum impact policies.

David Campbell is examiner for Paper P1

Who’s who

THE STAKEHOLDER/STOCKHOLDER DEBATE

Essentially, proponents of the stockholder theory argue that because organisations are ‘owned’ by their

principals, the agents (directors) have a moral and legal duty to only take account of principals’ claims

when setting objectives and making decisions. Hence, for a joint‑stock business such as a public

company, it may be assumed that because principals (shareholders) seek to maximise their returns, the

sole duty of agents is to act in such a way as to achieve that.

Stakeholder theorists, in contrast, argue that because a business organisation is a citizen of society,

enjoying its protection, support and benefits, it has a duty to recognise a plurality of claims in the same

way that an individual might act as a ‘responsible citizen’. In effect, this means recognising claims in

addition to those of shareholders when reaching decisions and deciding on strategies

INSTRUMENTAL AND NORMATIVE MOTIVATIONS

The instrumental view of stakeholders

- 70 -

The instrumental view of stakeholder relations is that organisations take stakeholder opinions into

account only insofar as they are consistent with other, more important, economic objectives (eg profit

maximisation, gaining market share, compliance with a corporate governance standard).

If the loyalty or commitment of an important primary or active stakeholder group is threatened, it is likely

that the organisation will recognize the group’s claim because not to do so would threaten to reduce

its economic performance and profitability.

The normative view of stakeholders

The normative view argues that organisations should accommodate stakeholder concerns not because of

what the organisation can instrumentally ‘get out of it’ for its own profit, but because by doing so the

organisation observes its moral duty to each stakeholder. The normative view sees stakeholders

as ends in themselves and not just instrumental to the achievement of other ends.

SEVEN POSITIONS ALONG THE CONTINUUM: GRAY, OWEN and ADAMS

The stakeholder/stockholder debate can be represented as a continuum, with the two extremes

representing the ‘pure’ versions of each argument.

Pristine capitalists

At the extreme stockholder-end is the pristine capitalist position. The value underpinning this position is

shareholder wealth maximisation, and implicit within it is the view that anything that reduces potential

shareholder wealth is effectively theft from shareholders.

Expedients

The expedient position shares the same underlying value as that of the pristine capitalist

(That of maximising shareholder wealth), but recognises that some social responsibility expenditure

may be necessary in order to better strategically position an organisation so as to maximise

profits.

Social contract position

The notion of social contract has its roots in political theory. Democratic governments are said to

govern in a social contract with the governed. This means that a democratic government must govern

broadly in line with the expectations, norms and acceptations of the society it governs and, in exchange,

society agrees to comply with the laws and regulations passed by the government. Failure by either side

to comply with these terms will result in the social contract being broken.

The social contract position argues that businesses enjoy a licence to operate and that this licence is

granted by society as long as the business acts in such a way as to be deserving of that licence.

If an organisation acts in a way that society finds unacceptable, the licence to operate can be withdrawn

by society, as was the case with Arthur Andersen after the collapse of Enron.

Social ecologists

- 71 -

Social ecologists go a stage further than the social contractarians in recognising that

(regardless of the views of society), business has a social and environmental footprint and therefore

bears some responsibility in minimising the footprint it creates. An organisation might adopt socially

and/or environmentally responsible policies not because it has to in order to be aligned with the norms of

society (as the social contractarians would say) but because it feels it has a responsibility to do so.

Socialists

In the context of this argument, socialists are those that see the actions of business as those of a

capitalist class subjugating, manipulating, and even oppressing other classes of people. Business is a

concentrator of wealth in society (not a redistributor) and so the task of business, social, and

environmental responsibility is very large – much more so than merely adopting token policies (as

socialists would see them) that still maintain the supremacy of the capitalist classes. Business should be

conducted in a very different way – one that recognizes and redresses the imbalances in society and

provides benefits to stakeholders well beyond the owners of capital.

Radical feminists

They argue that society and business are based on values that are usually considered masculine in

nature such as aggression, power, assertiveness, hierarchy, domination, and competitiveness. It is these

emphases, they argue, that have got society and environment in the ‘mess’ that some people say they are

in.

If society and business were based instead on values such as connectedness, equality, dialogue,

compassion, fairness, and mercy (traditionally seen as feminine characteristics).

Deep ecologists

Strongly believing that humans have no more intrinsic right to exist than any other species, they argue

that just because humans are able to control and subjugate social and environmental systems does not

mean that they should.

The world’s ecosystems of flora and fauna, the delicate balances of species and systems are so valuable

and fragile that it is immoral for these to be damaged simply (as they would see it) for the purpose of

human economic growth.

A full recognition of each stakeholders’ claim would not allow business to continue as it currently does and

this is in alignment with the overall objectives of the deep ecologists or deep greens.

David Campbell is examiner for Paper P1

- 72 -

Chapter 16. Professions and the public interest

1. Profession and professionalism

1.1 Profession

A body of theory and knowledge which is used to support the public interest

A body of theory included:

(a) Ethical standard

(b) Auditing standard

(c) Examination

1.2 Professionalism

Taking action to support the public interest

Action included:

(a) Reactive approach

(b) Proactive approach

2. Accountancy profession and the public interests

(a) The public interest (‘common well-being’ or ‘general welfare’)

(b) No set of definition

(c) Concept tend to apply to providing information that society as a whole should be aware of

(d) No law to confirm this action but encourage doing so

3. The role of accountancy profession in the organizational context and

society

(a) Financial accounting

(b) Cost and Management accounting

(c) Financial management

(d) Auditing

- 73 -

4. The ethical responsibilities of a professional accountant both as an

employee and as a professional

Responsibilities to employer:

(a) An accountant’s responsibilities to his or her employer extend to acting with diligence, probity and

with the highest standards of care in all situations.

(b) accountant to observe employee confidentiality as far as possible

(c) he or she will show loyalty within the bounds of legal and ethical good practice.

Responsibilities as a professional:

(a) professional accountants are expected to observe the letter and spirit of the law in detail and of

professional ethical codes where applicable

(c) In any professional or ethical situation where codes do not clearly apply, a professional accountant

should apply ‘principles-based’ ethical standards

(c) Finally, and in common with members of other professions, accountants are required to act in the

public interest

- 74 -

Chapter 17. Professional Practice and Codes of Ethics

1. Code of ethics for business conduct

1.1 Describe the purposes of a corporate code of ethics

(a) To convey the ethical values of the company to interested audiences including employees, customers,

communities and shareholders.

(b) To control unethical practice within the organisation by placing limits on behaviour and prescribing

behaviour in given situations.

(c) To be a stimulant to improved ethical behaviour in the organisation by insisting on full compliance with

the code.

1.2 Outline of the content of a code of business practice and ethics

(a) Preface or Introduction

(signed by the Chairman or Chief Executive Officer or both)

Start with a sentence on the purpose of the Statement-mention the values that are important to the top

management in the conduct of the business such as integrity, responsibility and reputation. Describe

the leadership commitment in maintaining high standards both within the organization and in its

dealings with others. Set out the role of the company in the community and end with a personal

endorsement of the code and the expectation that the standard set out in it will be maintained by all

involved in the organization.

(b) Key areas to include:

1. The Purpose and Values of the Business

The service, which is being provided-a group of products, or set or services-financial objectives and the

business' role in society as the company sees it.

2. Employees

How the business values employees. The company's policies on working conditions, recruitment,

development and training rewards, health, safety & security, equal opportunities, diversity retirement,

redundancy, discrimination, harassment and use of company assets by employees.

3. Customer Relations

The importance of customer satisfaction and good faith in all agreements, quality; fair pricing and

after-sales service.

4. Shareholders or other providers of money

- 75 -

The protection of investment made in the company and proper 'return' on money lent. A commitment to

accurate and timely communication on achievements and prospects.

5. Suppliers

Prompt settling of bills. Co-operation to achieve quality and efficiency. No bribery or excess hospitality

accepted or given.

6. Society or the wider community

Compliance with the spirit of laws as well as the letter. The company's obligations to protect and preserve

the environment_ The involvement of the company and its staff in local affairs. The corporate policy on

sponsorship as well as giving to education and charitable appeals.

7. Implementation

The process by which the code is issued and used. Means to obtain advice. Awareness raising examples

(Q & As) Training programmes for all staff.

8. Assurance, reporting and reviews

Suggest ways of knowing if the code is effective. Report to the board or board committee at least annually.

Review procedures for updating the code

1.3 The code of ethics can be used as part of a company’s overall strategic

positioning.

(a) Strategic positioning is about the way that a whole company is placed in its environment

(b) Ethical reputation and practice can be a key part of environmental ‘fit’

(c) The ‘fit’ enables the company to more fully meet the expectations, needs and demands of its relevant

stakeholders

(d) The ‘quality’ of the strategic ‘fit’ is one of the major determinants of business performance and so is

vital to the success of the business.

2. Code of ethics relevant to the accounting profession

The IFAC Code of Ethics for Professional Accountants (the Code) establishes the fundamental principles

of ethics for professional accountants and provides a conceptual framework to assist professional

accountants to identify, evaluate and respond to threats to compliance with those principles.

2.1 The contents

The Code is divided into three parts

(a) Part A applies to all professional accountants.

(b) Part B applies to professional accountants in public practice

- 76 -

(c) Part C applies to professional accountants in business.

Part A of the Code sets out the fundamental principles and explains the framework approach. It also

sets out:

(1) The categories into which many threats to compliance with the fundamental principles may fall;

(2) Examples of safeguards created by the profession, legislation or regulation;

(3) Examples of safeguards that may increase the likelihood of identifying or deterring unethical

behavior.

This part also includes guidance regarding the resolution of ethical conflicts

Part B and C of the Code include examples that are intended to illustrate the Application of the

principles.

2.2 whether do we need a code of professional ethic

No Need:

(a) they contain descriptions of situations that accountants might encounter, they can convey the (false)

impression that professional ethics can be reduced to a set of rules contained in a code

(b) Ethical codes do not and cannot capture all ethical circumstances and dilemmas that a professional

accountant will encounter

(c) regional variations in cultural, social and ethical norms mean that such codes cannot capture important

differences in emphasis in some parts of the world

(d) professional codes of ethics are not technically enforceable in any legal manner although sanctions

exist for gross breach of the code in some jurisdictions

Need:

(a) Professional codes of ethics signal the importance, to accountants, of ethics and acting in the public

interest in the professional accounting environment

(b) profession is likely to exist only as long as the public interest is supported over and above competing

interests

(c) “the accountancy profession throughout the world operates in an environment with different cultures

and regulatory requirements. The basic intent of the Code, however, should always be respected.”

2.3 Fundamental principles

3. Fundamental principles of IFAC; ACCA code of ethic and conduct

(a) Integrity

- 77 -

A professional accountant should be straightforward and honest in all professional and business

relationships. Integrity also implies fair dealing and truthfulness.

(b) Objective

A professional accountant should not allow prejudice or bias, conflict of interest or undue influence of

others to override professional or business judgments.

(c) Professional competency and due care

(1) To maintain professional knowledge and sill at the level required to ensure that a client or employer

receives the advantage of competent professional service based on current developments in practice,

legislation and techniques; and

(2) To act diligently in accordance with applicable technical and professional standards in all professional

and business relationships.

(d) Confidentiality

A professional accountant should respect the confidentiality of information acquired as a result of

professional and business relationships and should not disclose any such information to third parties

without proper and specific authority unless there is a legal or professional right or duty to disclose.

Confidential information acquired as result of professional and business relationships should not be used

for the personal advantage of the professional accountant or third parties.

(e) Professional behaviors

A professional accountant should comply with relevant laws and regulations and should avoid any action

that discredits the profession.

Definition of independent

Independent in appearance

Independent in mind

4. Ethic threatens affect auditor’s independent; objective and suitable

safeguard

Ethical threats

the ACCA’s Code of Ethics state ethical threats generally fall into five distinct categories:

3.1 Self-Interest threat;

3.2 Self-review threat;

3.3 Familiarity threats;

- 78 -

3.4 Advocacy threats;

3.5 Intimidation threats;

3.1 Self-interest threats:

(a) Auditors receive excessive gifts or hospitality from a client

The risk here is that auditors ignore errors in the Financial Statements so as not to upset the client as this

may lead to the gifts/hospitality being withdrawn.

(b) Auditors receive a large proportion of their fees from one client

Auditors may ignore errors in the Financial Statements for fear of losing the client and the associated

income.

(c) Auditors have personal or business relationships with a client

If the auditor has a personal or business relationship with then they may ignore problems with the client’s

financial statements in order to protect this relationship.

(d) Audit fees are agreed on a contingent basis

Contingent fees are fees that are dependent on the outcome of the work performed. If audit fees are

calculated on this basis, the auditors may be tempted to give an opinion that the directors want, rather

than the correct opinion, so as to receive these fees.

(e) Auditors and clients lend each other money

This relationship is almost certain to threaten an auditor’s independence and objectivity. If the client owes

the auditor money, the auditor may not want to risk upsetting them with a qualified opinion in case this

leads to the client defaulting on the debt. Note that in a situation where there are overdue fees, the auditor

runs the risk, in effect, of making a loan to a client.

(f) Auditors set their fees at an unrealistically low level in order to secure work (also known as low-balling)

By setting audit fees at an unrealistically low level in order to win other more lucrative work such as tax

advice, auditors risk not being able to resource the audit properly. This could be perceived as negligence.

Safeguards against self-interest threats

Financial Interests (e.g. owning shares in a client)

The ACCA does not allow any of following parties to own a direct financial interest in a client or a material

indirect financial interest in a client (e.g. by investing in a pension scheme that invests in the client’s

shares):

• The audit firm;

• A member of the audit team;

- 79 -

• The immediate family of a member of the audit team.

The following safeguards should be put in place:

• Dispose of any interest as soon as it is identified;

• Remove the individual from the audit team if necessary;

• Inform the client of the situation;

• Use an independent partner to review any work already carried out.

(a) Gifts and Hospitality

Gifts and hospitality should not be accepted unless the value is clearly insignificant.

(b) High Proportion of Fees from One Client

Audit firms should avoid having any one client that makes up a significant proportion of their fee income.

(1) Listed Clients Gross recurring fees from a single listed client should not be more than 10% of audit

firm’s total income. When these fees reach 5%, the situation should be reviewed.

(2) Non Listed Clients Gross recurring fees a single non-listed client should not be more than15% of audit

firm’s total income. When these fees reach 10% the situation should be reviewed.

(c) Close Business or Personal Relationships

An auditor should not participate in a personal or business relationship with a client. If an individual team

member has such an interest they should be removed from the audit team.

An audit partner should not accept a key management position at an audit client until at least two years

have elapsed since his/her involvement in the audit.

(d) Contingent Fees

Audit firms are not allowed to enter into any fee arrangement that is contingent in nature.

(e) Loans and Overdue Fees

Audit firms or team members should not enter into any loan relationship with a client.

The only exception to this is where a loan is made to a member of an assurance team by a bank or other

lending institution. Providing this loan is on normal commercial terms, this is not perceived to be a threat

to independence.

Audit firms should guard against overdue fees and consider resigning when fees remain unpaid.

(f) Lowballing

If an audit engagement is accepted at a lower than average fee the audit firm must:

(1) Demonstrate that appropriate staff and time are spent on the work;

- 80 -

(2) Comply with the applicable professional and technical standards.

3.2 Self-review threats

This threat arises when auditors perform work/produce information for the client that they end up

reviewing themselves as part of an assurance engagement.

Self-review threats arise when auditors:

(a) Give advice on accounting or control systems and then audit them (e.g. by performing internal audit

services for the client);

(b) Prepare financial information or assist with calculations then audit this information;

(c) Provide services for the client e.g. tax, valuation, corporate finance, and then review this work as part

of the audit;

(d) Join the audit team after working for the client.

Safeguards against self-review threats:

(a) Provision of Services Other than Audit

Providing a client with services other than audit is a highly controversial issue. In most cases it is fine to

provide other services providing independence and objectivity are not affected.

Safeguards should be put in place such as:

(1) The team that performs the audit should be composed of entirely different members to the one that

performs the other service;

(2) An independent second partner review on all work performed;

(3) Refuse the other service if audit objectivity is threatened.

There are however some notable exceptions in terms of the provision of other services:

(1) Auditors should not prepare the accounts or Financial Statements for a listed or public interest client;

(2) Audit firms should not carry out valuations on matters which may be material to the Financial

Statements;

(3) Audit firms should not be involved in the design or implementation of an IT system for the client where

that IT system is an integral part of the accounting function.

(b) Client Employee Joins Audit Team

If, in the previous two years, an individual has been a director of the client or involved in any way with the

information being audited they should not be assigned to the audit team.

- 81 -

3.3 Familiarity threats

Familiarity threats arise when the auditors develop a close relationship with the client and as a result

become too sympathetic to their interests or too trusting of their work.

Examples of familiarity threats are:

(a) The auditor audits a company where friends or relatives work;

(b) The auditor has been auditing the company many years;

(c) There are people working at the client who recently worked for the audit form.

Safeguards against familiarity threats

(a) No member of the audit team should have a close personal or business relationship with the client.

(b) The engagement partner should act for no longer than five consecutive years. They should not return

to this role until a further five years have elapsed;

(c) Other key audit partners should act for no longer than seven consecutive years. They should not

return to the role until a further two years have elapsed;

(d) The person responsible for quality control review on the audit engagement should act for no longer

than seven years. They should not return to the role until a further two years have elapsed.

(e) Audit partner should not accept a key management position at an audit client until at least two years

have elapsed since his/her involvement in the audit.

3.4 Advocacy threat

This may occur when the auditor is asked to promote the client's position or represent them in some way.

In this situation the auditor would have to be biased in favour of the client and therefore cannot be

objective.

Examples of advocacy threats include:

(a) Representing an audit client in a legal case or tax enquiry;

(b) Auditor to promote their shares for a stock exchange listing

Safeguards against advocacy threats

(a) Refuse representing an audit client in a legal case or tax enquiry;

(b) Refuse promote their shares for a stock exchange listing

- 82 -

3.5 Intimidation threats

This threat is caused by a client being in a position to put pressure on an auditor to prevent them acting

objectively. This could arise from family and personal relationships, litigation or close business

relationships.

As a result, the intimidation threat is very closely related to the self-interest and the advocacy threat so the

safeguards are the same.

May communicate to audit committee if any, or otherwise withdraw engagement.

- 83 -

Chapter 18. Social and Environmental Issues in the Conduct

of Business and Ethical Behavior

1. The impact of economic activity on the environment and society

Environmental footprint

The year 2000 report published by the World watch Institute, a highly respected research group made the

following alarming environmental trends that are shaping the future of civilization. This includes:

(a) Rising temperature

(b) Falling water tables

(c) Sinking cropland per person

(d) Shrinking forest

(e) Loss of plant and animal species

2. Sustainability

According to World Commission on Environment and Development (1987), sustainable development is

defined as development that meets the needs of the present without compromising the ability of future

generation to meet their own needs.

Hence, sustainability is now regarded as comprising three components- environmental, economic, and

social i.e. the notion of a 'triple bottom line'.

2.1 Environmental perspectives

The basic principles of sustainability in the environmental perspective concern the effective management

of physical resources so that they are conserved for the future. All bio systems are regarded as having

finite resources and finite capacity and hence sustainable human activity must operate at a level that does

not threaten the health of those systems. Even at the most basic level, these concerns suggest a need to

address a number of critical business problems, such as the impacts of industrialization on biodiversity,

the continued use of non-renewable resource such as oil, steel and coal, as well as the production of

damaging environmental pollutants like greenhouse gases from industrial plants.

2.2 Economic perspectives

- 84 -

A narrow concept of economic sustainability focuses on the economic performance of the corporation

itself: the responsibility of management is to develop, produce and market those products that secure the

long-term economic performance for the corporation. This includes a focus on those strategies which, for

example, lead to a long-term rise in share price, revenues and market share rather than short-term

'explosions' of profits at the expense of long-term viability success.

A broader concept of economic sustainability would include the company's attitude towards and impacts

upon the economic framework in which it is embedded. Paying brides or building cartels, for instance,

could be regarded as economically unsustainable because these activities undermine the long-term

functioning of markets. Corporations which attempt to avoid paying corporate taxes through subtle

accounting tricks might be said in an unsustainable way: if they are not willing to fund the political

institutional environment (such as schools, hospitals, the police and the justice system), they erode one of

the key institutional bases of their corporate success.

2.3 Social perspectives

The key issue in the social perspective on sustainability is that of social justice. Despite the impressive

advances in standards of living that many of us have enjoyed, the United Nations 2005 Report on the

Wood Social Situation identified persistent and deepening inequality across the globe. With 80 percent of

the wood’s gross domestic product belonging to the 1 billion people living in the developed world and the

remaining 20 percent shared by the 5 billion people living in developing countries, the report suggested

that 'failure to address this inequality predicament will ensure that social justice and better living

conditions for all people remain elusive, and that communities, countries and regions remain vulnerable to

social, political and economic turmoil'.

3. Accounting for sustainability

3.1 Background

The policy impetus for full cost accounting (FCA) comes from the call from the European Commission's

Fifth Action Programmed (subtitled Towards Sustainability), for the accountancy profession to develop

FCA so that 'the consumption and use of environmental resources are accounted for as part of the full

cost of production and reflected in market prices'.

FCA is thus an accounting tool that seeks to identify all external environmental costs (and benefits)

associated with a particular activity and to incorporate this information in decision-making processes. The

assumption underlying the desire for FCA is that if one were to account for externalities then society could

be better informed as to which decisions would be more likely to make sustainable development

achievable.

3.2 The approach

To undertake FCA, four generic steps are necessary for each exercise. These are:

- 85 -

(a) Define the object of the FCA exercise (be it a product, process a part or whole of an organization);

(b) Determine the scope of the FCA exercise (that is, where the boundary of the analysis will be);

(c) Identify and measure external impacts in physical terms and

(d) Monetize the external impacts

3.3 The limitations

(a) FCA requires substantial amounts of physical data about the object of the exercise and requires

extensive modeling of complex real world relationships.

(b) The main conceptual issue that arises with FCA is deciding how to monetize externalities. Moreover,

different approaches to monetization may often result in different conclusions being drawn from an FCA

exercise.

3.4 The benefits of undertaking FCA

FCA highlights that some externalities can be eliminated by the redesign of production processes or by

organisations operating differently.

4. Environmental management and audit scheme (EMAS)

The European Union's EMAS was adopted in 1993 and relied on 'market forces' to encourage businesses

to improve their environmental protection measures. The idea was that companies who registered for the

scheme and who, as a result, were permitted to use the eco-logo, were rewarded by the various corporate

stakeholders. Under the EMAS scheme, companies are encouraged to:

(a) Set their own objective for environmental performance and develop management systems which

would achieve those objectives;

(b) Initiate a pattern of eco-auditing to assess their environmental performance and to provide the

information needed to develop their environmental management systems;

(c) Show commitment to externally validated assessment of their progress in meeting these objectives;

and make information available to the public in a concise, comprehensive form.

As far as making information available to the public was concerned, the EMAS regulation required that

the environmental statement should include, in particular:

(a) A description of the company's activities at the site considered

(b) An assessment of all the significant environmental issues of relevance to the activities concerned;

(c) A presentation of the company's environmental policy, program and management system implemented

at the site concerned;

- 86 -

(d) The deadline set for submission of the next statement;

(e) A summary on the figures on pollutant emissions, waste generation consumption of raw material,

energy, water, noise;

(f) Other significant environmental aspects as appropriate, as well as other factors regarding

environmental performance; and

(g) Companies were also required to draw attention to significant changes since the previous statement.

(h)The name of the accredited environmental verifier

4.2 ISO 14000 certification

The ISO 14001 2004 standard requires a company to:

(a) Develop an environmental policy for the organization

(b) Establish an environmental management system (EMS)

(c) Identify the most significant aspects of the organization's past, present and future activities, products

and services

(d) Clarify and respect the legal and other requirements that apply to the organization's environmental

aspects

(e) Set environmental objectives and targets for all relevant functions and levels within the organization

(f) Create programs to implement the organization's environmental policy and achieve the environmental

objectives and targets

(e) Evaluate the environmental management system in order to identify opportunities for improvement

5. Social and environmental audit

5.1 What is Assurance?

Assurance is an evaluation method that uses a specified set of principles and standards to assess the

qualify of an organization’s subject matter and the underlying systems, processes and competencies that

underpin its performance.

5.2 Stages in an environmental audit

Environmental auditing contains three stages:

(a) The first stage is agreeing and establishing the metrics involved and deciding on what environmental

measures will be included in the audit. This selection is important because it will determine what will be

measured against, how costly the audit will be and how likely it is that the company will be criticised for

‘window dressing’ or ‘greenwashing’.

- 87 -

(b) The second stage is measuring actual performance against the metrics set in the first stage. The

means of measurement will usually depend upon the metric being measured.

(c) The third stage is reporting the levels of compliance or variances. The issue here is how to report the

information and how widely to distribute the report.