IIASA Governance Review (Summary Report) 09 May 2017 Faranah Osman
IIASA Governance Review Corporate Governance underpins ethical and efficient leadership by the Governing Body through a system of rules (aligned to the rules of law) that support the creation of effective controls thus ensuring: good performance; radical transparency; an ethical culture; and legitimacy Corporate Governance attempts to set up a system of rules that enable a business to provide assurance, and account for holistic value creation beyond financial performance. 2
IIASA Governance Review The scope of the review includes the structure and compliance of the governance system of the institution and how it extends to supporting: The oversight and accountability of the Council (Governing Body); The combined assurance framework and the quality of assurance provided to the Governing Body; The organisational structure and the different assurance streams provided through the various ‘divisions’; The additional sources of assurance. 3
Governance Review The review recommendations set out in this document are based on an analysis of global best practice which sets a benchmark against which governance system of the organisation are assessed. In this regard the following frameworks were considered: The Austrian Code of Corporate Governance 2002 , as amended January 2015 The King Reports (1- IV) on Corporate Governance for South Africa which is a set of principles and practices that considers: The Cadbury Report (UK) and most recently the UK governance code i.e. The Combined Code; The United Nations Code; and The US based Sarbanes- Oxley Act (SOX) while being mindful of the pitfalls of codifying governance as legislation to the extent of SOX. The King Reports are built on a code of principles in the manner that has been accepted by 56 countries in the Commonwealth, including South Africa, and the 27 states of the EU, as well as the United Kingdom.
Governance Review Assessment of the efficacy of the IIASA governing body using globally accepted principles Review of the assurance provided to the CEO/ DG and Governing body - assurance is the positive declaration intended to provide confidence Appropriate assurance is provided if the following is in place: Delegations of authority; Operational policies -control environment; Enterprise Risk Management; Risk based internal Audit; External Audit that includes performance; External assurance Governing Bodies Combined Assurance
Governance Review The Austrian Code of Corporate Governance – constitution of a ‘Supervisory Board’ i.e. Council/ Governing Body. The Supervisory Board is responsible for a system of rules of procedure that: Define and establish sub-committees of the Governing Body; Supports the appointment of a ‘Managing Board’; Supports the execution of the organisational mandate including rules regarding disclosures and reporting obligations of the business through the ‘management board’. OUTCOMES GOVERNING BODY LEADERSHIP RESPONSIBILITY STRATEGY POLICY OVERSIGHT DISCLOSURE Steers and sets strategic direction Approves rules of procedure and planning Oversees and monitors the business through oversight of business risk management and performance outcomes Ensures accountability through the delegation of authority Ethical Culture Good Performance Effective Control Legitimacy
Current Governing Body Structure STRATEGIC OPERATIONAL
Proposed Governing Body Structure Expand the mandate to fulfil the requirements of the Supervisory Board which will be to have oversight of the business Programme Committee should continue as mandated with the appropriate delegations of authority Global standards prescribe that it is an audit & risk committee’s responsibility to ensure Governing Body oversight with regard to the integrity of the financial statements; the process of reporting; compliance to legislation; disclosures; as well as the performance of the organisation in relation to pre-determined objectives Membership Committee should continue as mandated with the appropriate delegations of authority The Austrian Code advocates the establishment of a ‘remuneration’ committee responsible for the contents of employment contracts with the Management Board members including policies and procedures related to human resource management Considering the scope of the HR Committee to include human capacity development, this committee should look exclusively at science engagement.
Combined Assurance Policies and processes; Strategy Implementation plans; Reporting on objectives through the use of performance management Enterprise Risk Management Regulatory Compliance Internal Audit Legal Company Secretary Health and Safety Other External Audit ISO Standards (if applicable) Sustainability Review Panels External Advisory Committees
Combined Assurance Framework THREE LINES OF DEFENCE – ASSURANCE PROVIDERS First Line - Management Based Assurance Second Line – Internal Assurance Third line - Independent Assurance Objectives Implement and maintain the risk management plan, internal controls (policies and procedures) and governance principles Provide a formal and robust compliance universe against which decisions are made in support of planning and prioritization of business decisions. The provision of independent assurance of the overall adequacy and effectiveness of the governance, risk and control environments within the organisation. Reporting Lines Supervisors and line managers The Division Heads via the Compliance Manager The Management Board Assurance Providers Line Management Risk Management Compliance Management Legal Advisors Internal Audit External Audit Advisory Board External Reviewers Other (e.g. Insurance)
Combined Assurance Assessment THREE LINES OF DEFENCE – ASSURANCE PROVIDERS First Line - Management Based Assurance Second Line – Internal Assurance Third line - Independent Assurance Outcome of Review ENTERPRISE RISK MANAGEMENT: there is no system of enterprise risk management; INTERNAL CONTROLS: Policies and procedures i.e. IIASA Operating Procedures and Policies, are not clear and specific and do not establish a control environment BUSINESS PLANNING: The IIASA strategic plan titled “Research for a Changing World 2011 – 2020”. is a high level research agenda and does not meet the definition of a strategic plan. PERFORMANCE MANAGEMENT: An integrated performance management system should monitor the performance at the organisational; divisional; and individual levels to ensure that resources are aligned to the strategic priorities of the business. There is no system of enterprise risk management and compliance oversight at this time. At this time IIASA does not have an independent internal audit function either as in-house capacity or an outsourced contractual arrangement. IIASA does engage an external audit firm to validate the Annual Financial Statements (AFS). The external auditors in line with Austrian Generally Accepted Auditing Principles (GRAP), have a narrow scope in that they only confirm the financial statements only.
Current Organisational Structure
Proposed Organisational Structure IIASA Management Board
Science Engagement Committee Governance Framework STRATEGY & DIRECTION Strategic Plan – 5 Year Horizon Business Plan – 3 Year Horizon Staff Plan Budget ICT Plan Performance Objectives PERFORMANCE PERFORMANCE MONITORING Quarterly Performance Reports against objectives Integrated Performance Management Systems Financial Management systems Stewardship MANAGEMENT BOARD HR Committee COUNCIL/ GOVERNING BODY Membership Committee OPERATIONAL POLICIES INCLUDING: Consolidated Human Resources Policy Consolidated Financial Policy Consolidated IT Policy Communications Policy Intellectual Property Knowledge Management Etc. Risk Mitigation Strategies Business Continuity Plans Business Intelligence System Leadership Control Science Engagement Committee Programme Committee Audit & Risk Committee STRUCTURE & RELATIONSHIPS Code of Conduct Organisational Structure Capacity Development Plans ACCOUNTABILITY & COMPLIANCE Annual Integrated Report Policies and Procedures CEO’s instructions Combined Assurance including internal audit Risk Management Framework CONFORMANCE Financial management and accountability
Discussion