On Target | JAMAR | Volume

December 2006-January 2007 will be Vol. 10, No.3

On Target commences another series of Snapshots on a particular theme over many issues.

Corporate Governance and Enterprise Risk Management

Corporate scandals and diminished confidence in financial reporting among investors and creditors have renewed corporate governance as a top-of-mind priority for boards of directors, management, auditors, and stakeholders. This paper considers the role of management accounting in integrating the various stakeholder issues.

The Board of Directors governs on behalf and for the benefit of the company's stakeholders, who include shareholders, employees, customers, suppliers, and others. The specific board committees to which corporate governance responsibilities are assigned vary among companies.

Corporate governance is a process a board carries out to provide direction, authority, and oversight of management for the company's stakeholders. The Boards of directors must then rely on the senior management, internal auditors, and external auditors who are the cornerstones of the foundation on which effective corporate governance must be built.

Unfortunately, directors, management, internal and external auditors, and risk managers do not understand corporate governance well - especially from a day-today perspective. They sometimes consider it a nebulous topic, i.e. it means different things to different people. Moreover, while the board of directors is the owner of the governance process, day-to-day guidance and oversight by the board clearly is not feasible. Thus, the board must rely on other parties--executives, managers, and auditors--to help it fulfill its governance responsibilities. Often these people do not communicate with each other, staying within these silos. The management accountant can act as an ‘honest broker’ in providing communication and guidance for executives, managers, and auditors who are involved in corporate governance on a day-to-day basis.

Enterprise Risk Management

Business risks arises due to the uncertainties that can impinge on a company's ability to achieve its objectives and can result in many interdependent outcomes - some negative, some positive. Risks is a function of probability (or likelihood) of an expected state of the world, which may or may not manifest itself. If it does, a variety of risk exposures are possible.

Business risks relate to business objectives because risk taking is a prerequisite to success - without risk, there is no reward. Accordingly, some risks must be exploited to take advantage of strategic opportunities. Conversely, risks that threaten success must be mitigated. These risks include threats of problems occurring, such as misappropriation of assets, or opportunities not occurring, such as a failure to achieve strategic goals.

Enterprise Risk Management (ERM) is a structured and disciplined approach to help management understand and manage business risk. ERM encompasses all business risks using an integrated and holistic approach.

The number of companies trying to manage risk across the entire enterprise is rising sharply and the professional literature indicates that ERM is relatively well understood, especially by the companies striving to implement it.

Although clearly the board of directors "owns" the corporate governance process, much of this literature indicates that the board is not directly responsible for ERM. This is seen as management’s responsibility. The board should, however, assume ultimate responsibility for corporate governance within which ERM falls.

Senior management, on the other hand, “owns” the ERM process. Typically, senior management is responsible for designing and implementing a structured and disciplined approach to managing risks. Under senior management's supervision, risk owners develop, implement, perform, and monitor risk management capabilities and activities. Overall, risk management is most effective when:

·          the chief executive officer is truly committed to the process

·          other officers such as the chief financial officer and chief legal officer manage the risks under their jurisdiction, and

·          business unit executives and managers assume everyday responsibility for managing the risks under their control.

Internal and external auditors are also involved in both governance and ERM. However, professional auditing standards and increasing requirements of independence preclude auditors from assuming management responsibilities such as making ERM decisions. Auditors may not, for example, dictate how key risks should be managed. They may, however, provide consultancy services ( if not considered as being an integral part of the corporate governance process) in the ERM process by educating management about risk and controls, facilitating risk and control self-assessment sessions, serving on information system and other steering committees, recommending ERM process improvements, and performing other ERM related services.

The role of auditors in the corporate governance process is to provide independent, objective assurance to senior management and the board of directors about the effectiveness of risk management, control, and governance processes. Such assurance may take different forms, as reflected in the following examples:

·          When risk owners self-report upstream their assertions about ERM process performance, internal auditors may attest to the accuracy of the assertions.

·          Internal auditors may directly evaluate ERM performance based on appropriate criteria and report their conclusions to senior management and the board of directors.

·          Public accountants may uncover performance anomalies and/or control deficiencies during their examinations of a client's financial statements or during their examination of a client's internal control over financial reporting that must be reported to senior management and the board.

In the next issue of On Target we will explore the Role of the Chief Risk Officer in integrating these two areas.

BOOKSHELF

I saw a comment on an English grammar book recently which indicated that it would resonate with “grumpy old people” and immediately thought of an article I was interested to read: “The Happiness Guide” by Mike Hanley in AFR Boss magazine for September 2006 (pp. 34-36).  Hanley refers to a number of books which recommend less economic rationalism and more thoughtfulness in economic and social policy.  Indeed, he describes “a whole new industry devoted to our pursuit of happiness”.

If you are like me and becoming more concerned about the impact on our bodies of stress and anxiety, a new book looks at the neuroscience and psychology behind happiness might be of interest: The Science of Happiness: How our brains make us happy – and what we can do to get happier by Stefan Klein (Scribe Publications, 2006).  A new book promoting the idea that “happy companies are winning companies” is What Happy Companies Know: How the New Science of Happiness Can Change Your Company for the Better by Dan Baker, Cathy Greenberg and Collins Hemingway (Pearson, 2006).  Apparently, happy companies innovate more effectively, change faster and see reality with exceptional clarity but know how to address it positively.  (Is the corollary of this proposition that bureaucracies are unhappy?)

Those interested in shareholder value concepts might be interested in an article by Alfred Rappaport in the Harvard Business Review for September 2006: “Ten ways to create shareholder value” (pp. 66-69).  (Did I mention economic rationalism above?)

- Bill Richardson