Proposed changes to UK Corporate Governance Code - http://www.chaordicsolutions.co.uk/blog/from-our-grc-consultants/proposed-changes-to-uk-corporate-governance-code/

http://www.chaordicsolutions.co.uk/blog/from-our-grc-consultants/proposed-changes-to-uk-corporate-governance-code/

Proposed changes to UK Corporate Governance Code: risk management now one of the most important board responsibilities.

 

Extract from Financial Reporting Council (FRC) Press Release – 6 November 2013:

The Financial Reporting Council (FRC) has published for consultation changes to the UK Corporate Governance Code, guidance for boards of listed companies and standards for auditors covering risk management and reporting. Supplementary guidance for directors of all banks is also being issued.
 
The proposals build on the FRC’s work on “Boards and risk” and aim to raise the bar for risk management by boards and communication to the providers of risk capital about the risks faced by companies in which they invest and how they are managed or mitigated.
 
In response to concerns expressed on earlier proposals issued in January, these new proposals set out afresh how the FRC will  implement the recommendations of Lord Sharman’s 2012 Inquiry ‘Going Concern and Liquidity Risks: Lessons for companies and auditors’. The Inquiry looked at the corporate governance and reporting lessons to be learnt from the failure of ostensibly healthy businesses in the financial crisis.
 
The FRC has made a key change in these proposals by bringing together its previous guidance on risk management and internal control with the assessment of the going concern basis of accounting; so encouraging the integrated assessment and reporting recommended by Lord Sharman.
 
Melanie McLaren, Executive Director, Codes and Standards, said: 

“Risk management is one of the most important responsibilities of the board. Understanding the principal risks facing the company is essential for the development of strategic objectives, and the ability to seize new opportunities.  For investors, as providers of risk capital, knowing how the board is managing and mitigating risks is an important indicator when judging whether the company will be able to deliver the value that investors seek. The new guidance, and the proposed changes to the Code, highlight the issues that boards need to consider when assessing and managing risk, crucially including risks to solvency and liquidity. We have placed considerable emphasis on the need for robust assessment by boards and on the important role of auditors in ensuring reliable communication to investors.”

 Broader Risk Considerations and Role of the Auditor
 
The draft guidance sets out boards’ responsibilities for setting the company’s risk appetite, ensuring there is an appropriate risk culture throughout the organisation, and assessing and managing the principal risks facing the company, including risks to its solvency and liquidity. As now, boards should summarise the process applied in reviewing the effectiveness of the system of risk management and internal control.  There is a new encouragement to explain what actions have been or are being taken to remedy any significant failings or weaknesses identified from that review.
 
Under the proposals, auditors will be required, in meeting their current requirement to consider whether reporting is fair, balanced and understandable, to consider and report if they are aware of any material matter in connection with the disclosure of principal risks that should be disclosed.
 
Solvency and Liquidity Risks and Going Concern
 
In response to the recommendations made by Lord Sharman the FRC proposes a new Corporate Governance Code provision and related guidance. They establish the need for a robust assessment by companies of how they manage or mitigate their principal risks, including risks to solvency and liquidity, and to explain which if any of those risks have also given rise to material uncertainties for the purposes of reporting on the company’s going concern basis of accounting.  The FRC is, therefore, proposing to remove the current Code provision requiring listed companies to make a “going concern” statement. That statement is focussed on the narrow meaning of assessing the going concern basis of accounting, and so detracts from the broader integrated assessment and description of solvency and liquidity risks envisaged by Lord Sharman.
 
Banking considerations
 
The Sharman Inquiry also looked at whether a special disclosure regime is required for banks and concluded that this should not be necessary.  The Inquiry considered it important that the FRC should clarify that a conclusion that a bank is or would be reliant, in stressed circumstances, on access to liquidity support from central banks that is reasonably assured, does not necessarily mean that the bank is not a going concern or that material uncertainty disclosures or an auditor’s emphasis of matter paragraph are required.
 
The FRC issued guidance for banks along those lines in January which found general support. Accordingly, the FRC is also now consulting on supplementary guidance to directors of banks updated only in respect of the proposed integrated guidance and developments in the regulatory regime.
 
Feedback Statement and Other Companies
 
 A detailed feedback statement on the FRC’s January proposals is also being published today. Those proposals extended to unlisted entities other than banks and met with considerable adverse feedback. The FRC plans to consult in 2014 separately on draft guidance for directors of such companies and is currently considering the development of simpler and more proportionate guidance.
 
The consultation announced today closes on 24 January 2014.  The FRC expects to issue the final Code, guidance and standards in the middle of 2014 with application for financial years beginning on or after 1 October 2014.

More … http://frc.org.uk/Our-Work/Publications/FRC-Board/Consultation-Paper-Risk-Management,-Internal-Contr.aspx

Running workshop for Jersey branch of ICSA - http://www.chaordicsolutions.co.uk/blog/from-our-grc-consultants/running-workshop-for-jersey-branch-of-icsa/

http://www.chaordicsolutions.co.uk/blog/from-our-grc-consultants/running-workshop-for-jersey-branch-of-icsa/

Running workshop for Jersey branch of ICSA: about value of establishing culture which supports ethical behaviour.

 

 

Our Senior Partner, Robert J Toogood, is running a workshop session for the Jersey branch of the Institute of Chartered Secretaries and Administrators (ICSA) on 1 October, about the value of establishing a culture which supports ethical behaviour and established ‘self discipline’.

For the last five years, the ICSA Jersey Branch has organised a popular series of one hour evening workshops for its members, students and non-members … and this session is the first in the 2013/2014 series.

Robert will be presenting the workshop in conjunction with Helen Hatton from Sator Regulatory Consulting.  Helen will provide an introduction on the regulatory intervention role ‘regulatory discipline’ arising when ‘self discipline’ fails.  Robert will then talk about the value of establishing a culture which supports ethical behaviour and established ‘self discipline’, thus improving governance, compliance and effectiveness.

More … http://www.icsajersey.org.je/ICSA-Jersey-Branch-Seminars/evening-workshops-2013-2014.php

NEWSFLASH: Our Senior Partner, Robert J Toogood, just been awarded MSc in Risk Management (Distinction) - http://www.chaordicsolutions.co.uk/blog/news/newsflash-our-senior-partner-robert-j-toogood-just-been-awarded-msc-in-risk-management-distinction/

http://www.chaordicsolutions.co.uk/blog/news/newsflash-our-senior-partner-robert-j-toogood-just-been-awarded-msc-in-risk-management-distinction/

NEWSFLASH: Our Senior Partner, Robert J Toogood, has just been awarded a MSc in Risk Management (Distinction), fantastic independent endorsement of his significant real-life experience/expertise gained over twenty-five years in the areas of governance, risk management and compliance … visit his companion site to see how he can help you overcome your current challenges.

More … www.robertjtoogood.com - currently optimised for normal laptop/desktop viewing, but will be made more mobile-friendly over the coming months.

 

Companies and regulators in emerging markets must improve corporate governance - http://www.chaordicsolutions.co.uk/blog/from-our-governance-consultants/companies-and-regulators-in-emerging-markets-must-improve-corporate-governance/

http://www.chaordicsolutions.co.uk/blog/from-our-governance-consultants/companies-and-regulators-in-emerging-markets-must-improve-corporate-governance/

Companies and regulators in emerging markets must improve corporate governance: collaboration key to success.

 

Extract from Global Corporate Governance Forum website:

Key Corporate Governance Issues in Emerging Markets: Theory and Practical Execution – June 11-12, 2012. Leipzig, Germany

The HHL Center for Corporate Governance, in collaboration with the Global Corporate Governance Forum, brought together senior representatives from academia, development institutions, companies and investors to provide a future-oriented assessment of the governance situations in three important regions of the world – Africa, Asia and Southern Europe.

While the conditions in the countries representing the three regions – Nigeria, Indonesia, and Croatia, respectively – are quite different, there were be many over-arching topics that are relevant to all regions.

Each regional session started with a presentation on the key issues and challenges for corporate governance reform in the selected country, followed by an assessment on how this experience reflects the regional trends and conditions. A panel discussion on how to advance corporate governance in the region concluded each session.

Important sessions of the conference focused on two key governance issues:

- The performance value of ‘good governance’ in emerging markets, based on the latest academic research and practical insights from large international investors.

- Corruption and practical ways of dealing with this major governance problem.

Full conference report (pdf)

For more detailed information, please visit the conference website. 

Background: 

The Handelshochschule Leipzig was founded 1898 and is Germany’s oldest university for business administration studies. In 2010, the Center for Corporate Governance was established at the HHL. Apart from research and educational projects, the Center promotes professional exchange between research and practice. Its research activities are focused on the relevance of good governance for performance, diversity and the development of governance in emerging countries.

 http://www.hhl.de/ccg

More … http://www.ifc.org/wps/wcm/connect/topics_ext_content/ifc_external_corporate_site/global+corporate+governance+forum/events/hhl_conference

Audit faces increasing pressures - http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/audit-faces-increasing-pressures/

http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/audit-faces-increasing-pressures/

Audit faces increasing pressures: opportunities to anticipate and address challenges to increase trust and stability.

 

Extract from Protiviti - Joel Kramer, MIS Training Institute:

New regulations, technologies and risks are upon us. The business environment is continuously changing, but changes these days may be happening faster than ever before. Internal audit’s responsibilities have been growing just as fast, and they are expected to keep growing as new challenges emerge.

With this in mind, we asked participants in two separate panel discussions I moderated at a MIS SuperStrategies conference what they think will be the greatest challenges internal audit leaders will face over the next three to five years. We also asked how such challenges could be effectively addressed. The participants were internal audit executives from the Metropolitan Transit Authority of New York, U.S. House of Representatives, Vanguard Group, Protiviti Inc., Clear Channel Communications, Metropolitan Atlanta Rapid Transit Authority, Talbots Inc., Georgia-Pacific LLC, and Coca-Cola Co.

Participants stressed that they have noticed the rate of change in the profession is so rapid that some risks (and their impacts) have substantially changed in the recent past. They also noted, almost universally, that chief audit executives (CAEs) are being asked to do more audits and address more risks without commensurate increases in resources.

More … http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/HIInternalAuditRatchetsupforaDemandingFuture!OpenDocument

(c) Copyright Protiviti Inc. 2013. EOE All Rights Reserved

Increasing corporate governance opportunities in developing arab world - http://www.chaordicsolutions.co.uk/blog/from-our-governance-consultants/increasing-corporate-governance-opportunities-in-developing-arab-world/

http://www.chaordicsolutions.co.uk/blog/from-our-governance-consultants/increasing-corporate-governance-opportunities-in-developing-arab-world/

Increasing corporate governance opportunities in developing Arab world: contributing to better strategic decision making.

 

Extract from Insead Knowledge - Jane Williams:

As they shift towards more market-based economies, Arab companies can no longer afford to neglect demands for greater accountability and transparency in the boardroom.

© 2012 INSEAD Knowledge

More … http://knowledge.insead.edu/csr/corporate-governance/corporate-governance-in-a-developing-world-2481

Our recent research has identified key GRC implementation barriers - http://www.chaordicsolutions.co.uk/blog/from-our-business-transformation-consultants/our-recent-research-has-identified-key-grc-implementation-barriers/

http://www.chaordicsolutions.co.uk/blog/from-our-business-transformation-consultants/our-recent-research-has-identified-key-grc-implementation-barriers/

Our recent research has identified key GRC implementation barriers: also best practice guidance on how to address them.

 

From Robert J Toogood, Senior Partner – Chaordic Solutions:

We live in exciting but unchartered and dangerous times.

For these reasons, it is vitally important we learn how to more effectively manage the dynamic and complex interrelationships between the areas of governance, risk and compliance.

Unfortunately, the current global economic climate is partly due to a significant number of corporate failures which have challenged the foundations of the global economic system.  These failings could be argued as evidence of an ineffective approach to managing governance, risk management and compliance activities within the modern-day corporation.

An integrated approach to managing this complexity makes sound sense and in isolation, on paper, can be easily justified.  However, the barriers to effective implementation are many and need to be better understood.  The realities of the new world in which we all now live and work are such that we can no longer accommodate inefficiencies in our critical functions and processes.

So the time has come for us to look at our organisations and society in general in a different, much more holistic, and sustainable way.  An integrated approach to managing governance, risk management and compliance provides us with a way of achieving this … provided we learn from the past and provide the correct environment for our efforts to succeed.

Recent research conducted by Chaordic Solutions has identified some of the implementation barriers and offers best practice guidance on how to address them.  If you would like to discuss how the findings from this research might help you with some of your current challenges, then contact Robert J Toogood at on +44 (0)1983 617241 or at robert_toogood@chaordicsolutions.com to schedule some time … on a strictly confidential and non-obligation basis

More … www.robertjtoogood.com … this site is best viewed from a laptop or desktop as it is not currently optimised for mobile viewing.

Chaordic Solutions is a trading name of Project Systems Support © Copyright 2013. All Rights Reserved

Latest Protiviti SOX survey show growing reliance on internal audit functions and control automation - http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/latest-protiviti-sox-survey-show-growing-reliance-on-internal-audit-functions-and-control-automation/

http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/latest-protiviti-sox-survey-show-growing-reliance-on-internal-audit-functions-and-control-automation/

Latest Protiviti SOX survey: key trends show growing reliance on internal audit functions and control automation.

 

Extract from Protiviti Press Release:

Demand for added attention to high-risk processes, growing costs and the increasing role of IT controls and testing reports are some of the key changes and challenges companies faced over the last year as they worked to meet Sarbanes-Oxley (SOX) requirements, according to findings in the 2013 Sarbanes-Oxley Compliance Survey (www.protiviti.com/soxsurvey) by global consulting firm Protiviti (www.protiviti.com).

When executives and professionals involved in SOX compliance were asked what was driving the most change in their SOX compliance processes, 66 percent said there was at least moderate change due to demand for increasing process and control documentation for high-risk processes. Additionally, 60 percent of respondents indicated that the increased amount of time required for walkthroughs and documentation around processes was also driving moderate change.

“To continue to improve their SOX compliance efforts, companies need to intensify their scrutiny of high-risk processes such as financial reporting, accrual processes, stock options and equity, and taxes,” said Brian Christensen, Protiviti’s executive vice president for global internal audit. “The study shows that companies are beginning to adjust in that direction and the shift aligns with guidance from the SEC and PCAOB.”

“It’s important to note that SOX compliance programs and processes should remain agile and ready to change course if public companies are to adhere to the law in an effective and cost-efficient manner,” said Christensen. “As demonstrated by regulators, providers of ongoing guidance (e.g. COSO) and rapidly changing business conditions, the achievement of sustainable, cost-effective and value-enhancing compliance processes remains an ongoing journey that requires continual vigilance.”

With regard to the new COSO internal control framework, nearly two-thirds (66 percent) of the Protiviti survey respondents were aware of the revision process. Not surprisingly, the vast majority (85 percent) were against early implementation in 2013. If given an adoption option, respondents were fairly evenly split across several potential implementation schedules, including fiscal year 2014 and adoption after 2014.

Shifting Responsibility to the Internal Audit Function

Year-over-year findings about which area within an organization is responsible for overseeing SOX compliance showed a sizeable shift toward the internal audit function and away from project management. In 2012, the survey found that 30 percent of organizations housed this responsibility with the internal audit function, while 25 percent handled SOX compliance through their project management office. However, in this year’s survey, 45 percent of respondents said internal auditing managed SOX compliance (up 15 percent), while only 10 percent said it was handled by project management (down 15 percent).

One reason for this shift is the willingness of external auditors to rely on the work of internal audit departments rather than other functions. In 2013, only 25 percent of respondents said there was an increase in external auditors’ reliance on documentation, walkthroughs and testing performed outside of the internal audit function, while 39 percent said there was an increase from external auditors in having the same work done by internal audit departments.

Additional Survey Findings

Other key findings from Protiviti’s 2013 Sarbanes Oxley Compliance Survey include:

1. Eighty percent of respondents indicating they have seen improvements in internal control over financial reporting structure since Sarbanes-Oxley Section 404(b) was first required for large accelerated and accelerated filers in 2004. This is especially true for large accelerated filers, with 87 percent saying there have been improvements

2. More than one-third of companies (38 percent) reporting a year-over-year increase (from 2011 to 2012) in SOX costs. Nearly half of the companies surveyed (47 percent) also reported a year-over-year increase in external audit fees during the same period. That said, on average the costs for SOX compliance are not extraordinarily high relative to the objective of quality financial reporting to investors through improved internal controls. For most organizations, the cost of SOX compliance remains at a manageable level

3. Automation of controls continues to be an area of increased focus, with 90 percent of companies surveyed this year indicating that they have plans to automate IT processes and controls for SOX compliance, up from 83 percent in 2012

About the Survey:  In its fourth edition, Protiviti’s 2013 Sarbanes-Oxley Compliance Survey gathered insights from 297 executives and professionals at companies with gross annual revenues ranging from less than $100 million to more than $20 billion. The survey was conducted in late 2012 and early 2013, and respondents included chief audit executives, chief financial officers, corporate Sarbanes-Oxley and Project Management Office leaders, chief compliance officers and others involved with SOX. The survey is available for complimentary download at: www.protiviti.com/soxsurvey.

About Protiviti

Protiviti (www.protiviti.com)is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through its network of more than 70 offices in over 20 countries, Protiviti has served more than 35 percent of FORTUNE 1000® and FORTUNE Global 500® companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.

More … http://www.protiviti.com/SOXsurvey

Value of CCOs at board level - http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/value-of-ccos-at-board-level/

http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/value-of-ccos-at-board-level/

Value of CCOs at board level: to convince how governance, risk and compliance management can improve bottom line.

 

Extract from Corruption, Crime & Compliance Blog – Michael Volkov:

Chief Compliance Officers are basically optimists.  In the face of a mountain of worst case scenarios (typically referred to as “risks”), CCOs keep smiling and work incredibly hard.  They are “religious” zealots in business clothing.  CCOs indoctrinate their staff to fight the same cause and they spread the word on the importance of ethics and compliance.

The perception of CCOs is far different.  Management and employees often view CCOs and their staff as “law” enforcers or “sheriffs.”  If that is the perception, the CCOs have an important task – to change this perception and turn into important business partners.

CCOs are often challenged to make the business case for compliance.  It should be an easy argument – an integrated approach to risk and compliance directly translates into bottom-line increases in profits.  In this context, it is a mistake to argue that legal and regulatory requirements dictate that a compliance program follow certain policies and procedures, or else the company will suffer big fines and reputational damage.  A singular focus on negative consequences is a limited (albeit partially effective) message.

There are significant operational advantages to integrating governance, risk and compliance issue – namely that effective compliance is good for business.  What do I mean by this?  A CCO has unique visibility of an entire organization.  CCOs have to become familiar with all of the business operations.  They have a view of the company that few others in the C-Suite have.  And they can provide important insights into the governance, risk and compliance mix.

CCOs often report to the Board on common metrics of compliance program effectiveness – number of complaints, risk assessments, audit reviews and disciplinary actions taken.  There are other important operations that CCOs can identify, including a lack of oversight, organizational silos, wasted resources and information, lack of data integrity.  CCOs can then assist in identifying effective oversight programs, integrated risk and control policies, quality data and information, resource and personnel improvements, and streamlined business processes.

CCOs can bring about a good marriage of compliance and operational goals.  With a fundamental understanding of the business operations, CCOs can make valuable contributions to key business decisions relating to organizing people, process and technology, and projecting future benefits and costs from key business decisions.  CCOs can make the case that strong risk and compliance processes can increase revenues, reputation and brand protection, customer attraction and retention, improve workforce performance and asset protection.

To transform CCOs into effective business partners requires one significant change – CCOs have to be elevated to the C-Suite.  This is occurring more frequently but companies still have a long way to go.   Assuming they have a seat at the table, CCOs can advance the importance of the compliance function by communicating ways in which governance, risk and compliance management can improve the bottom line for everyone.

© 2011 – 2013 · Corruption, Crime & Compliance, All Rights Reserved.

More … http://corruptioncrimecompliance.com/2013/05/turning-ccos-into-business-partners/

Possible ways to measure "tone at top" - http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/possible-ways-to-measure-tone-at-top/

http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/possible-ways-to-measure-tone-at-top/

Possible ways to measure “tone at top”: worthwhile exercise to improve effectiveness of compliance activities.

 

Extract from Corruption, Crime and Compliance – Michael Volkov:

Compliance professionals have a lot of demands on their time. By definition, they are spread thin across a number of competing demands.  As a result, companies do not spend much time on “tone-at-the-top.”

In reality, compliance officers are relieved when they get the support of the CEO, and the ability to cite the CEO’s commitment to compliance.  Often the CEO’s support translates into resources and a compliance priority in the organization.

The importance of tone-at-the-top is significant.  A 2009 research report conducted by the National Business Ethics Survey found that in strong ethical cultures, the pressure to commit misconduct was reduced from 16 percent to 4 percent; rates of misconduct were reduced from 77 percent to 40 percent; failure to report misconduct was reduced from 44 to 27 percent.

The question then is how do you measure the internal perception of your company’s tone at the top?

There are a number of possible measurements:

Internal auditor survey.  Internal auditors are starting to measure the perception of tone at the top.  Companies that measure their own tone at the top, and report the results tend to have higher perceptions of ethical conduct at the higher levels of corporate management.

Anonymous reporting.  Companies should examine the percentage of complaints which are made by anonymous employees.  The higher the percentage of anonymous complaints could reflect a lower perception of the importance of compliance.

Benchmarking.  Companies can examine the rates of misconduct against companies of comparable size.  If the benchmarking data shows the company is under or over the benchmarking rate, this may reflect a positive or negative perception of the tone at the top.

Employee surveys.  Many companies conduct annual surveys of employees, which reveal employee perceptions of senior management and their commitment to compliance.

Review of senior management communications. Reading communications by senior management to employees on compliance issues can provide insight into compliance commitment and attitudes.

Interviews and focus groups.  Compliance officers have used employee interviews and focus groups to unearth perceptions of senior management’s compliance commitment.

Employee exit interviews.  Compliance officers and human resource officers can coordinate exit interviews with departing employees to inquire on perception of tone at the top.

Management’s commitment to compliance is a critical factor in a company’s internal controls and corporate governance.  It is important to measure the perception of a company’s commitment to compliance.  It permeates every aspect of a corporate compliance program.

While the measurement of tone at the top is subject to “soft” measurements, it is still a worthwhile exercise which can uncover important information which can be used by compliance professionals to improve the company’s compliance program.

Author: Michael Volkov

© 2011 – 2013 · Corruption, Crime & Compliance, All Rights Reserved.

More … http://corruptioncrimecompliance.com/2013/04/measuring-tone-at-the-top/

Taking GRC beyond the conventional enterprise - http://www.chaordicsolutions.co.uk/blog/from-our-grc-consultants/taking-grc-beyond-the-conventional-enterprise/

http://www.chaordicsolutions.co.uk/blog/from-our-grc-consultants/taking-grc-beyond-the-conventional-enterprise/

Taking GRC beyond the conventional enterprise: entire regulatory system in desperate need for disruptive innovation.

 

Extract from Business Finance Magazine – Eric Krell:

Is anybody happy with our current approach to business regulation and regulatory compliance?

My anecdotal research suggests not. On a recent vacation, I met many folks working in a wide range of professions. When I responded to their “what do you do?” question by explaining that I write about business ethics, risk management, governance and compliance, half of them groaned something along the lines of “Does business have any ethics?” or “Why bother?” The other 50 percent of my questioners seemed to work in private industry, and they also groaned – about the sorry state of business regulations – when they heard what I write about.

Both views over-simplify, and both views are correct (or, at the very least, understandable).

As a semi-retired management consultant recently confided to me: “Our whole system of business regulation is basically a big pile of [garbage].” His argument is that our current regulatory “system” (“pile of rules” is more accurate) represents the accumulation of many, many small victories: some by corporate interests and their lobbyists, and some by those who seek to rein in indecent corporate behavior.

Despite the rules, the misbehavior continues, spurring new rules — and adding burdensome compliance costs and work. These costs are borne by all companies, including those who have demonstrated honorable behavior for decades. Worse, many people outside the business realm group these honorable companies with the irresponsible enterprises. My vacation reading helps explain why.

One of the juiciest Spring Break reads in the April issue of Vanity Fair is Willam Cohan’s feature on a battle of hedge fund managers over the fate of Herbalife and its own corporate character. The article is populated with several villains (truly, none of the main characters come across as remotely likeable or even altogether human) and not one hero.

For GRC enthusiasts, this article contains prime examples of practices used to exploit the gray areas surrounding rules. One technique involves “talking your book,” the practice of broadcasting a hedge fund’s positions (long or short on a particular company) after the positions have been purchased in an effort to move the market (the stock prices of the company) in a way that is favorable to the position. “Talking your book, as it’s known on Wall Street, is not exactly kosher, but it’s done all the time,” notes Cohan.

Changing risk models to shrink losses, exceeding risk limits and hiding trading losses from risk managers are not exactly kosher practices, but they took place frequently enough within JP Morgan Chase to enable the $6 billion-plus London Whale loss to occur. (The U.S. Senate’s recent tome on the loss is getting all the news right now, but JP Morgan’s own reports — two of them — on the incident are equally enlightening.)

This is a familiar string of events:
– Bad corporate behavior (more specifically, bad behavior by employees within a company);
– Major losses (including some that require taxpayer help);
– CSI-esque investigative reports into how the bad behavior occurred (usually concluding that there was a *gasp* “risk management failure”);
– Congressional scolding; and
– New regulations (including some that cost companies exhibiting excellent behavior millions).

The retired management consultant I spoke with argues that this system – the entire regulatory system (including lobbying) — screams out for disruptive innovation.

For example, what if companies in certain highly regulated industries invited regulators, customers and other key stakeholders into the product development process earlier to get a green light or red light on a new idea well before investing years and tens of millions of dollars in its development? In other words, what if GRC extended beyond the four walls of the enterprise (via collaborations beyond traditional lobbying efforts)?

There would no doubt be numerous and significant obstacles to contend with. But solving those problems seems much more enticing and more cost-efficient than continuing to cope with a growing pile of rules that continues to make all stakeholders wrinkle their noses.

More … http://businessfinancemag.com/article/grc-desperate-disruptive-innovation-0319

Compliance and ethics is separate profession with distinct competencies and expertise - http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/compliance-and-ethics-is-separate-profession-with-distinct-competencies-and-expertise/

http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/compliance-and-ethics-is-separate-profession-with-distinct-competencies-and-expertise/

Compliance and ethics is separate profession with distinct competencies and expertise: needs autonomy from management.

 

Extract from Corporate Counsel, The Compliance Strategist –  Donna Boehme:

In January/February 2013, the Society of Corporate Compliance and Ethics (SCCE) polled 800 compliance and ethics professionals on the topic of whether the chief compliance officer should report to the general counsel, and 80 percent said: “No.” The same group overwhelmingly said that the GC should not attempt to also serve as the CCO—a whopping 88 percent.

Here is my shocked face :-0

No doubt some will dismiss these results as the C&E profession questing for power, a turf battle between GC and CCO—a kind of Hunger Games competition with each trying to convince top management and boards of their primacy. But such blithe cynicism would be overlooking the complexity of issues, common-sense reasoning, and wealth of settlement agreements, government guidance, regulatory action, and anecdotal data in support of separating the two roles.

I’ve also heard some complain that the momentum for CCO independence is being driven by non-lawyers. Nonsense. A large percentage of CCOs are lawyers (although the significant number of successful CCOs without legal backgrounds testifies to the fact that compliance is not a legal function). Also, as illustrated by the SCCE survey, CCOs regard their in-house legal colleagues as close and valued allies with whom they enjoy a positive working relationship.

But none of that changes the fact that compliance and ethics is an entirely separate profession that requires distinct competencies and expertise—and autonomy from management—to do its job well. As some of the survey comments specifically noted, it is pretty hard to make a case for that autonomy when the CCO reports to the GC, and essentially impossible where the CCO is the GC.

Having spent years on the ground in both camps (as both in-house counsel and chief compliance officer) and hearing countless anecdotal stories on the topic, I can say with absolute conviction that a “turf battle” is the least of the C&E profession’s concerns. These are the folks that former federal prosecutor Michael Volkov has called the “unsung heroes” of the workplace and his 2011 Person of the Year.

Compliance officers are often the least political, least power-hungry folks at the company holiday party. It may sound cliché, but most CCOs are driven by their own internal desire to “do the right thing,”—i.e., just what they ask their company colleagues to do every day. And they do this, more often than not, without personal recognition, career protection, or understanding of the job by others whose support they need to do the job well. Many work under extraordinarily difficult circumstances—under so much stress, in fact, that in a 2012 survey 60 percent pondered leaving their jobs.

Does that sound like a power-hungry professional profile to you? I’d say there are safer ways to get ahead in life, like bank robbery. Because at least then you have a gun and a getaway car . . .

The CCO mandate is ambitious, broad, and complex: no less than to oversee their organization’s ability to “prevent and detect” misconduct. It requires, as its basic platform, an appropriate reporting structure, access to top management and the board, and resources that will enable the CCO to discharge that mission. The SCCE survey results show that most CCOs do not believe that either a double-hatted GC/CCO role or a reporting line through the legal department meet these standards, as further illustrated by the following comments by participants:

- “The GC and the CO must be separate but equal.”

- “The great majority of GC’s do not have the background, worldview, and experience to be, or be in a position to veto/filter, the CCO.”

- “Compliance should be independent of Legal to ensure that information flow is not interrupted or ‘spun.’ ”

- “GC tends to have a defensive outlook and approaches issues differently than Compliance.”

- “If the (Ethics) and Compliance officer is to be most effective they must feel confident to speak truth to power and be the disruptive thinker when necessary.”

That last “truth-to-power” comment takes on dramatic real-life significance when viewed against the alleged “vast” Wal-Mart Mexican bribery scheme that hit media headlines in 2012 . Evidently, the compliance-reporting-to-legal structure didn’t work out so well for Wal-Mart. According to the exhaustive 8,000-word New York Times investigative report on that case, the general counsel is alleged to have had a key role in advising the CEO to “hush up” an internal investigation by referring it to the local counsel who had approved the bribes in the first place.

An independent CCO voice in the C-suite may have helped the company to choose a very different path. As the government noted in 2009’s record-breaking $2.3 billion Pfizer corporate integrity agreement [PDF]: “The lawyers tell you whether you can do something, and compliance tells you whether you should. We think upper management should hear both arguments.” Recent reports indicate that Wal-Mart is already paying the price for its bad C-suite decisions—over $600,000 a day in legal costs and expenses (not to mention reputational damage), to be exact.

The SCCE survey results also track developments in the healthcare and finance sectors, two highly regulated industries that have helped to define the meaning of modern “compliance.” In the former, the heavy hand of government has regularly resulted in a mandatory separation of legal and compliance. In the latter, after years of subordinating the CCO to the GC, at least four big banks have now separated the functions and elevated their CCOs to a more impactful position. At least one of those firms also boosted its CCO to the ranks of its top 50 managers.

Developments like these are what led Deloitte and Touche Director Tom Rollauer to declare the CCO “an official member of the C-suite.”

The SCCE survey results confirm that Volkov’s “unsung heroes” are more than ready to emerge from under the shadow of the GC, a result that boards, regulators, investors, and other stakeholders are increasingly demanding.

Author: Donna Boehme is an internationally recognized authority and practitioner in the field of organizational compliance and ethics, designing and managing compliance and ethics solutions within the U.S. and worldwide. As principal of Compliance Strategists LLC, Boehme is the former group compliance and ethics officer for two leading multinationals and currently advises a wide spectrum of private, public, governmental, academic, and nonprofit entities through her NJ-based consulting firm. She was named by ComplianceX to its list of “Who Compliance Professionals Should Follow on Twitter in 2013,” so follow her on Twitter @DonnaCBoehme.

More … http://www.law.com/corporatecounsel/PubArticleCC.jsp?id=1202592518804&Making_the_CCO_an_Independent_Voice_in_the_CSuite

Boards must be proactive to execute governance responsibilities - http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/boards-must-be-proactive-to-execute-governance-responsibilities/

http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/boards-must-be-proactive-to-execute-governance-responsibilities/

Boards must be proactive to execute governance responsibilities: five issues which every company should examine.

 

Extract from Corruption, Crime & Compliance – Michael Volkov:

Life is full of anxieties.  We all know that.  Some suffer worse anxieties than others.  As I often say, anxiety comes and goes.  Anxiety cannot be measured but is something that everyone experiences on their own terms.

Corporate boards suffer anxiety.  When a group or organi ation suffers anxiety, the possible damage to an organi ation can be significant.  In some respects the whole of the anxieties can be more than the sum of the parts.  As a result, corporate boards, like individuals, have to take affirmative steps to manage their anxieties, respond to them and protect themselves from poor decision-making.

When identifying and measuring issues of concern for corporate boards, there are at least five major and basic worries that every board has to address, no matter what their industry or where they are located.  The global economy has now set in motion global anxieties.

I am not talking about issues of concern which are obvious – of course, every board has to focus on the obvious issues like: How will the economy perform? Will Congress address the sequester and bring about meaningful tax reform?  We all know about these issues, read about them every day, and listen to our politicians’ bloviate on them during 24-hour news presentations.

Instead, I want to focus on five issues which every company should examine, which may not be so obvious.  Or as I like to say do not require a profound grasp of the obvious.

Corporate governance means just that – governance.  And corporate boards need to be proactive if they want to carry out their duties and responsibilities.

1.  The rise of social media and mobile technology.  The story of our economy for the next few years will be written on social media and mobile communications.  Today there are more mobile devices connected to the Internet than the world’s population.  Nearly 300,000 tweets are sent every minute.

Companies have been slow to recogni e this reality and the implications of our Twitter nation.  It has been estimated that only five percent of US companies have embraced social media across all of its stakeholders (consumers, managers, employees, board members).

Companies are starting to communicate through social media.  Consumers interact with companies through mobile technologies.  Government regulators are rapidly starting to focus on corporate policies, practices and issues which occur in the social media space.  Companies have to embrace social media and analy e the implications for risks and competitive advantages.

2.  Cybersecurity.  The government and companies recogni e that cybersecurity is now an imperative.  Companies need to act to assess the risk of an attack, the cost of an attack, the direct harm to the company, the reputational risk and the need to protect the company from potential economic devastation.

3.  Information Management.  We are all suffering from information overload.  Social media and the internet have made us aware of too much information.   It is estimated that information overload costs US businesses nearly $1 trillion each year in reduced worker productivity.  The new trend, which is rapidly developing, is how to manage information overload so that companies and individuals access the proper amount of information.

Google is developing new and more effective algorithms for search results.  Information filters will become even more important as consumers and citi ens are bombarded with information which can cause overload and inefficiency.

Corporate boards suffer from the same phenomena.  Too much information means ineffective governance.  Key issues are lost in thick and useless reports which only waste time and energy.  Corporate boards need to address information efficiency – the new term for corporate governance.

4.  Government Enforcement and Regulation.  One of the legacies of the Obama Administration will be its commitment to increased government regulation and enforcement.  It has been a long time since the government has played such an active role in regulating business and enforcing the laws and regulations.  This trend will not end when the Obama Administration leaves in 2016.  The American public is comfortable with the current balance between economic freedom and regulation.  If anything, it can be argued that the public wants even more enforcement.  Companies have to recogni e this trend, prepare for it and refrain from delusional desires of deregulation.

5.  Creative Compliance.  One sure way to put a damper on a corporate board meeting is to invite the Chief Compliance Officer to make a compliance presentation to the board.  Traditionally, board members like to focus on the “fun” issues – financial performance, high-level strategy, business expansion plans and market assessments.

When it comes to compliance, board members like to brush those issues to the side.  The challenge for compliance professionals is how to make compliance integral to corporate performance.  Scary enforcement stories are usually just a teaser for more important discussions and strategies.

How does a compliance officer communicate the importance of compliance, the need for compliance to play a greater role in the business operation, and the importance of board commitment, focus and support?  This is the challenge for the profession over the next five years.

More … http://corruptioncrimecompliance.com/2013/02/high-anxiety-five-basic-worries-for-every-corporate-board/?

Value of proactive audits in anti-corruption compliance - http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/value-of-proactive-audits-in-anti-corruption-compliance/

http://www.chaordicsolutions.co.uk/blog/from-our-compliance-consultants/value-of-proactive-audits-in-anti-corruption-compliance/

Value of proactive audits in anti-corruption compliance: similar to transaction testing but focused on high-risks.

 

Extract from Corporate Compliance Insights – Michael Volkov:

This article originally appeared in Michael Volkov’s Corruption Crime & Compliance blog and is reprinted with permission.

The FCPA world is fast-becoming the leader in new compliance strategies.  The Justice Department and the SEC have embraced the requirement for conducting “proactive audits.”

Recent settlements have included new compliance program requirements for a company to conduct proactive audits of high-risk areas.  It is a new and growing area for anti-corruption compliance.

The concept of a “proactive” audit, however, is nothing new.  The strategy has been employed for years in other contexts but now has gained traction in the anti-corruption area.

The importance of proactive audits is even more significant in the anti-corruption context.  As everyone knows, financial audits are not designed to identify illegal bribes because they hinge on “materiality.”  Numerous bribery schemes have been carried out underneath the “materiality” radar screen because they do not involve significant amounts of money.  On the other hand, “forensic audits” are designed to identify illegal bribes, and often incorporate transaction testing and other techniques.

A proactive audit is akin to transaction testing but with a big difference – it is focused on a high-risk operation.

The first step in the proactive audit is to identify those “high-risk” operations.  It is easy to rely on the annual Corruption Perceptions Index to identify those high risk operations but a broader focus is needed.

For each “high-risk” country of operation, it is important to consider:

- how much business is conducted in the country;

- the nature and extent of government interactions;

- the business and compliance history of the company’s operations in the area;

- local business regulation and enforcement in the country; and

- the compliance and ethics reputation and performance of key personnel in each country.

A risk-ranking matrix based on all of these factors should be developed to prioritize those operations for audits.

While it may be desirable to audit almost every office, the available resources (time and money) will dictate how many offices can be audited.  It is unlikely that a company will be able to audit every “high-risk” operation.

The high risk audit program has to be dynamic.  It has to adjust as new risks and factors are identified.  New information has to be incorporated into the analysis.  As audits are completed, new information will be learned and factors may be re-assessed.

Proactive audits require a team approach – lawyers, auditors and compliance personnel need to be included in each audit team.  A coordinated audit requires careful coordination among these personnel.  A detailed protocol needs to be adopted and followed in each audit.

The process needs to be supervised from the top down in the company.  The Compliance Committee needs to sign off on the program, the compliance office needs to manage and design the process with the assistance of the legal and auditing offices.

About the Author:

Michael Volkov is a shareholder at the national law firm of LeClairRyan. His practice focuses on white collar defense, corporate compliance, internal investigations and regulatory enforcement matters, and he is a former federal prosecutor with almost 30 years of experience in a variety of government positions and private practice. He can be reached at michael.volkov@leclairryan.com

.More … http://www.corporatecomplianceinsights.com/the-cutting-edge-of-anti-corruption-compliance-proactive-audits/

Opportunity to participate in new GRC implementation barrier research

http://www.chaordicsolutions.co.uk/blog/from-our-grc-consultants/opportunity-to-participate-in-new-grc-implementation-barrier-research/ Opportunity to participate in new GRC implementation barrier research   From Robert J Toogood, Senior Partner – Chaordic Solutions: Some of you may already know me through my work with the Institute of Risk Management (IRM) and the recent setting up of the new GRC Special Interest...

Compliance culture has major impact on ethical performance

EU modernising company law and corporate governance

EU modernising company law and corporate governance: in attempt to ensure companies are competitive and sustainable.

 

Extract from EU Europa Press Release – 12 December 2012:

European company law and corporate governance should make sure that companies are competitive and sustainable. The Commission’s analysis and consultations over the last two years clearly indicate that further improvements can be made, by encouraging and facilitating long-term shareholder engagement, by increasing the level of transparency between companies and their shareholders and by simplifying cross-border operations of European undertakings.

On the basis of its reflection and the results of the consultations, the Commission identified several lines of action in the area of company law and corporate governance that are fundamental to putting in place modern legislation for sustainable and competitive companies.

Internal Market and Services Commissioner Michel Barnier said: “This Action Plan on company law and corporate governance sets out the way forward: shareholders should receive additional rights, but also fully assume their responsibilities to make sure that the company remains competitive over the longer term. Companies should also become more transparent in several respects. This will contribute to effective governance of companies.”

Key elements of the action plan:

1. Increasing the level of transparency between companies and their shareholders in order to improve corporate governance. This will include in particular:

1.1 Increasing companies’ transparency as regards their board diversity and risk management policies;

1.2 Improving corporate governance reporting;

1.3 Better identification of shareholders by issuers;

1.4 Strengthening transparency rules for institutional investors on their voting and engagement policies.

2. Initiatives aimed at encouraging and facilitating long-term shareholder engagement, such as:

2.1 More transparency on remuneration policies and individual remuneration of directors, as well as a shareholders’ right to vote on remuneration policy and the remuneration report;

2.2 Better shareholders’ oversight on related party transactions, i.e. dealings between the company and its directors or controlling shareholders;

2.3 Creating appropriate operational rules for proxy advisors (i.e. firms providing services to shareholders, notably voting advice), especially as regards transparency and conflicts of interests;

2.4 Clarification of the ‘acting in concert’ concept to make shareholder cooperation on corporate governance issues easier;

2.5 Investigating whether employee share ownership can be encouraged.

3. Initiatives in the field of company law to support European businesses and encourage their growth and competitiveness:

3.1 Further investigation on a possible initiative on the cross-border transfer of seats for companies;

3.2 Facilitating cross-border mergers;

3.3 Clear EU rules for cross-border divisions;

3.4 Follow-up of the European Private Company statute proposal (IP/08/1003) with a view to enhancing cross-border opportunities for SMEs;

3.5 An information campaign on the European Company/European Cooperative Society Statute;

3.6 Targeted measures on groups of companies, i.e. recognition of the concept of the interest of the group and more transparency regarding the group structure.

In addition, the action plan foresees merging all major company law directives into a single instrument. This would make EU company law more accessible and comprehensible and reduce the risk of future inconsistencies.

Background

The Commission’s ‘Europe 2020’ Strategy (see IP/10/225) calls for improvement of the business environment in Europe. EU company law and corporate governance rules for companies, investors and employees must be adapted to the needs of today’s society and to the changing economic environment. European company law and corporate governance should make sure that companies are competitive and sustainable.

With its 2011 Green Paper on EU corporate governance (IP/11/404) the Commission initiated an in-depth reflection to evaluate the effectiveness of the current corporate governance rules for European companies. It also carried out an on-line public consultation on the future of European company law which generated a large number of responses by a wide variety of stakeholders (IP/12/149).

See also MEMO/12/972

More ... http://europa.eu/rapid/press-release_IP-12-1340_en.htm?locale=en