Corporate Governance

 What is risk? ◦ Risks are uncertain future occurrences which, left unchecked, could adversely influence the achievement of a company’s business objectives  Naidoo, Corporate Governance, 2009 page 225

 Some of the main types of risk are:  Market risk – exposure to changes in share price, interest rate etc  Credit risk – possibility that 3 rd party may fail to honour its contractual commitments to the company  Operational risk – risk of loss due to inadequate internal processes or unexpected external events

 Reputational risk – risk of event damaging company’s goodwill & reputation  Business volume risk – risk of changes in demand or supply or competition  Legal risk – risk of failure to comply with legislation or contractual requirements

 Risk management can mean attempting to avoid or reduce exposure to a particular risk  Risk management can also mean increasing exposure to a particular risk to benefit from an anticipated outcome  Company will look at possibility of risk occurring & cost of reducing exposure

 The Board will decide in consultation with management which risks to terminate, accept, reduce or transfer.

 Define the risk & identify the areas of risk  Determine the capacity to deal with risk using TART  Develop strategies to deal with the risks identified  Develop risk management documentation  Integrate risk management into business plan  Ongoing monitoring of risk

 The four approaches to risk management  Terminate – if risk is too great to control & risk exceeds benefits  Accept – if no other controls possible  Reduce – institute appropriate controls  Transfer – move risk to another party (eg: insurer)

 Internal control refers to the complex web of reporting systems present within a company in terms of which its business activities are controlled.  Naidoo, Corporate Governance, 2009 page 234

 An effective system of internal control should enable the company to: ◦ Identify key objectives & associated risks ◦ Measure overall performance in managing risk ◦ Manage the identification of risk & the mitigation process through timely & meaningful communication ◦ Monitor the effectiveness of identifying, measuing & managing risk  Naidoo, Corporate Governance, 2009 page 235

 The Companies Act lays down the requirements for the appointment of an external auditor – see section 90 of the Act  The overriding factor is independence

 King III gives the audit committee certain responsibilities relating to the external auditors: ◦ To nominate the auditor ◦ To approve the terms of engagement & remuneration ◦ To monitor & report on the auditors independence ◦ To create a policy relating to non-audit work ◦ To review the quality & effectiveness of the external audit process

 The internal audit function must be independent & objective  It may be done internally or may be outsourced  If outsourced, it should not be done by the firm doing the external audit  If done internally, it should be independent of the day-to-day operations  The audit committee is responsible to oversee the internal audit function

 To objectively evaluate the company’s risk management, internal control & corporate governance processes & provide assuarnce to the Board of the adequacy & functionality of these processes  If the Board decides not to have an internal audit function the reasons should be disclosed in the annual report (apply or explain)

 The Board should ensure that the internal audit function has the necessary status within the company to execute its functions independently and without fear or favour  This can be achieved by: ◦ Appointment of qualified personnel ◦ Head of internal audit given senior management status ◦ Head of internal audit to report to Board & CEO ◦ Board promoting independence of internal audit ◦ Internal audit given adequate funding & resources