russell kennedy and pitcher partners nfp seminar - 12 july 2016
TRANSCRIPT
[Insert image here
to match your presentation – contact Meg in BD to obtain images]
Governance & Legal Risk Management12 July 2016
Michael Gorton AM
Principal
[
The information contained in this presentation is intended as general commentary and should not be regarded as legal advice. Should you require specific advice on the topics or areas discussed please contact the presenter directly.
Disclaimer
2
3
NOT FOR PROFIT
GOVERNANCE & LEGAL RISK
MANAGEMENT
> Liability> Entity> Individuals> Vicarious Liability
> Accountability> Delegation> Reporting
> Risk Management> Legal Risk> Financial Risk> Business Risk
> Compliance
Governance & Management
4
Governance Structures
5
C O M M IT T E E S O F F IC E R S
B O A R D O F M A N A G E M E N T
O W N E R S
> Vision/Mission> Strategy – Strategic Plan> Review/monitor Business Plan> Appoint and monitor CEO (and operations)> Share Stakeholder Engagement> Review and monitor Risk Framework and
Plan
Role of the Board
6
> Manage the business> Accept delegations> Responsible for staff> Implement Strategic Plan and Business Plan> Share Stakeholder Engagement> Manage risks> Report to the Board
Role of CEO (Management)
7
> Internal / External> Short term / Long term> Strategic / Micromanaging
What type of Board are you?
8
> Personal negligence> Vicarious liability – authorised to act on behalf of
(agent)> Indirect (vicarious liability)
> Employees
> Agents (some contractors may be “agents”)
> Agency
> Real authority
> Ostensible authority> Authorised> “Branded”
Liability
9
> Directors Liability> Negligence/duty of care
> Exercise due care and diligence (“Business Test”) – in good faith/for a proper purpose / informed / rationally believe in the best interests of the company
> Cannot be inactive
> Must read, question, understand
> Cannot just rely on management/auditors/lawyers (Centro)
Liability continued
10
> Directors Liability> Responsible for statements/misstatements (James
Hardie)
> Shadow directors/officers (James Hardie)
> Not gain from improper use of position
> Not gain from improper use of information
> Conflict of interest
> Insolvent Trading
Liability continued
11
> Common Law> Actual> Perceived> Declare/notice> Do not vote if any direct or indirect benefit
> Corporations Act (s.191-194)> Material personal interest> Declare/notice> Do not vote> Must not be present while matter considered
Conflict of Interest
12
> Directors> Corporate manslaughter and other crimes –
authorised, personal involvement> O H & S> Environmental law
> Insurance> Public liability> Professional indemnity> D & O
(Ensure coverage for all people and all risks)
Liability continued
13
> Levels of delegation
> Systems of Accountability and Reporting Regimes
> Risk Register/Risk Management Framework
> Policies> Quality of care and service> Safety (including emergency)> Legal risks
> Education and Training
> Notice Requirements/Compliance Checklist/ Sign-off
> Incident Monitoring/Complaint Handling
> Audit
Key Governance Issues
14
> Charter> Role and responsibilities of Board
> Role and responsibilities of CEO
> Decision making process
> Setting “expectations”
> Decision making checklist> Proposal clear?
> In the company’s interest
> Fit with strategic plan/business plan?
> Pros & cons considered
> Affect on legal/financial risk?
Governance
15
> Code of Conduct (behaviour/conflict/etc)> Board Process
> Meetings> Minutes/Papers/Reports> Committees> Time for strategy> Link to compliance/risk management
Governance continued
16
> Avoiding Liability> Good care and service
> Protocols, policies and procedures
> Risk Management systems
> Checklist and reporting
> COMMUNICATION!!
> Complaint handling procedures – timely, sensitive, communicative
> NOTES AND RECORDS
> Insurance
Legal Risk
17
18
QUESTIONS
CONTACT
Michael W Gorton AMPrincipal
Russell Kennedy LawyersLevel 12, 469 LaTrobe Street, Melbourne
Tel: (03) 9609 1625Email: [email protected]
Not For Profit Legal Risk Management
19
Level 12, 469 La Trobe Street, Melbourne, VIC 3000 P: +61 3 9609 1555Level 8, 28 University Avenue, Canberra, ACT 2601 P: +61 2 6171 9900
Liability limited by a scheme approved under Professional Standards Legislation
Not For Profit Risk ManagementJuly 2016
Michal Jozwik
22
10 Principles for Good Governance We believe the following ten principles provide a useful starting point for NFP boards when considering what constitutes good governance in an organisation’s particular circumstances:
1. Roles and Responsibilities2. Board Composition3. Purpose and Strategy 4. Risk – Recognition and Management5. Organisational performance6. Board Effectiveness7. Integrity and Accountability8. Organisation Building9. Culture and Ethics10. Engagement
Risk – Recognition and Management
23
“By putting in place an appropriate system of risk oversight and internal controls, boards can help increase the likelihood that their organisation will deliver on its purpose.”
“Risk is another board responsibility, no matter how big or small the NFP. Organisations should establish a sound system of determining risk appetite, oversight, recognition, management, treatment and control.”
24
Why is Risk Management Important?
Protect assets
Protect People
Cost efficiency
Improve planning
Reduced exposure
Regulatory compliance
And many others…
Common benefits of risk management:
25
Why is Risk Management Important?
We want to think about…
The future (proactive attitude)
Common language
Creating opportunities
Building a Risk Register
26
In theory as this is a simple process. All that is needed is to capture:The risks;Causes of risk;Rating;Controls;Further actions; andTreatments.
How to do it?
27
Employ a risk manager?
Hold a workshop?
Engage the team?
OH&S
IT systems
Service delivery
Economic changes
Changes in funding
Social changes
Legal & compliance
changes
OH&S
IT systems
Service delivery
Economic changes
Changes in funding
Social changes
Legal & compliance
changesOH&S
IT systems
Service delivery
Economic changes
Changes in funding
Social changes
Legal & compliance
changes
How to do it – Start with your objectives
28
Don’t start in heavy detail
Stra
tegi
c O
bjec
tives Loss of Contracts
Loss of Key Relationships
Market Place Competition
Major Asset Failure
OH&S
IT systems
Service delivery
Economic changes
Changes in funding
Social changes
Legal & compliance
changes
Bring it up and look top down – Strategic risks
Gaining Comfort
29
Now that we have a risk register, how do we know it works
Payroll Accounts Payable
Accounts Receivable
Human Resources
Procurement
Donations OH&SAccreditation &
Regulatory compliance
Capital Planning
Privacy
Digital engagement
NDIS & Consumer
Directed CareCommunity Engagement Agency Staff
Volunteer Recruitment & Training
…… and many more.
Risk Assurance Mapping
30
What assurance activities are in place?
Comfort that risks are being managed as required?
Prior Internal Audits
Assurance & Monitoring Activities
External/Financial Audit Coverage
Accreditation Activities
Management Monitoring Activities
Internal Quality Program
Strategic Risks
Internal Audit Plan
Risk & Control Map
How Internal Audit can help
31
Structure, Support & Training
Control Environment
Strong
Strong
Poor
Poor
Basic Developing Established Advanced Leading
Subjective Assessment of Process Maturity
Overall Subjective Assessment of Core Process Elements
8Overall we have assessed that there is a Medium risk exposure in relation
to payroll.;
Basic Developing Established Advanced Leading
Subjective Assessment of Process MaturityFocus on compliance?
Focus on process effectiveness and efficiency?
Align internal audit activities with your Risk Management Framework.
Recommendations rated against your risk appetite
Internal Audit & Risk Integration
32
Process Risks
Fraud
Error
MediumProcess Impact
CommitteeMonitoring
Associated Risks or Opportunity (can be
one or multiple)
Impact that this recommendation is
expected to have on the relevant process
Suggested level of monitoring of
implementation
Data Mining and Analysis
-
5
10
15
20
25
30
35
-
500
1,000
1,500
2,000
2,500
3,000
3,500
201107 201108 201109 201110 201111 201112 201201 201202 201203 201204 201205 201206
Num
ber o
f Exc
eptio
ns
Hour
s
Period
Unusually High HoursVariation to Median Hours Worked
Number of Exceptions
0
50
100
150
200
250
Within 1stPayment Cycle
Within 2ndPayment Cycle
Within 3rdPayment Cycle
Within 4thPayment Cycle
Within 5thPayment Cycle
Within 6thPayment Cycle
After 6th PaymentCycle
Termination Payments
Payment After Termination Date Number of Payments Percentage (%) Net Payment
($)Percentage
(%)
Within 1st Payment Cycle 235 55% 257,443 38%
Within 2nd Payment Cycle 159 37% 400,396 58%
Within 3rd Payment Cycle 14 3% 11,694 2%
Within 4th Payment Cycle 6 1% 2,342 0%
Within 5th Payment Cycle 1 0% 348 0%
Within 6th Payment Cycle 3 1% 1,998 0%
After 6th Payment Cycle 7 2% 10,736 2%
Total 425 100% 684,957 100%
Depth
Risk Mitigation
Data mining and analysis is a powerful technique which greatly increases the coverage of audit focused activities and is used with the following objectives in mind:
Highlight potential business process risks;
Provide added insight into the nature of activities undertaken within the business process and various trends; and
Assist in the detection of inappropriate organisational practices.
33
Wrap up
34
Started with risk management and covered Being future focused Creating a common language Gaining comfort How Internal Audit can help
35
Questions & Answers
36
Thank you!