Presentation by Ebrahim Sidat 1 CONFERENCE ON BANK’S CORPORATE GOVERNANCE THE ROLE OF AUDIT COMMITTEE IN GOOD CORPORATE GOVERNANCE Presentation by EBRAHIM SIDAT COUNTRY MANAGING PARTNER/CEO FORD RHODES SIDAT HYDER & Co. A Member of Ernst & Young International Karachi, May 29, 2006 Organized by State Bank of Pakistan Pakistan Institute of Corporate Governance and International Finance Corporation 1
31
Embed
Presentation by Ebrahim Sidat 1 CONFERENCE ON BANK’S CORPORATE GOVERNANCE THE ROLE OF AUDIT COMMITTEE IN GOOD CORPORATE GOVERNANCE Presentation by EBRAHIM.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Presentation byEbrahim Sidat
1
CONFERENCE ON BANK’S CORPORATE GOVERNANCE
THE ROLE OF AUDIT COMMITTEEIN GOOD CORPORATE GOVERNANCE
Presentation byEBRAHIM SIDAT
COUNTRY MANAGING PARTNER/CEO
FORD RHODES SIDAT HYDER & Co.A Member of Ernst & Young International
Karachi, May 29, 2006
Organized byState Bank of Pakistan
Pakistan Institute of Corporate Governanceand
International Finance Corporation
1
Presentation byEbrahim Sidat
2
PRESENTATION HIGHLIGHTS
• Underlying objectives of Corporate Governance
• Certain imperatives for the Board of Directors
• SBP Prudential Regulation – G1
• Conceptual role of Audit Committee
• Audit Committee – Certain mandatory provisions under the SECP’s Code of Corporate Governance
• Functions of Audit Committee
• Audit Committee’s role as envisaged by the Basel Committee principles on bank’s internal controls
• Role of Audit Committee under the UK-CCCG
• Certain fundamental matters on which Audit Committee should focus
• Potential benefits of an effective Audit Committee
• Guidelines for judging effectiveness of Audit Committee
• Touchstone to judge quality of internal control
• Board’s obligation to review internal control is not a regulatory imposition but indeed a business imperative
• Risk based principles to assess internal control
• Risk management – a comprehensive dimension of Corporate Governance
• Overview of SBP’s guidelines on risk management
• Risk identification – a fundamental business imperative
• Guidelines on significant risk indicators
• Audit Committee - how to judge its effectiveness
It is not intended to create regulatory imposition or intervention.
The fundamental objective is to encourage and enforce self- regulation, with the ultimate goal of :
• being more responsive to the dictates of transparent and ethical• behaviour • promoting growth of the enterprise, its profitability and• maximize shareholder-value, having regard to the interest of all• stakeholders• achieving strategic goals• being socially responsible
UNDERLYING OBJECTIVES OF CORPORATE GOVERNANCE
Presentation byEbrahim Sidat
4
CERTAIN IMPERATIVES FOR THE BOARD OF DIRECTORS
Formulate corporate strategy. Adopt a set of significant policies. Identify and prioritise risks. Institute risk-management policies and control strategies Ensure to have in place sound and effective internal control
framework. Attach a high priority to status of compliance with ethical
standards and best practices of corporate governance.
Presentation byEbrahim Sidat
5
SBP PRUDENTIAL REGULATION (PR) G-I
Responsibilities of the Board inter-alia include:
Governance and oversight role related to:
Financial and Management Information Systems (MIS) Internal Control Internal Audit Compliance Risk Management Credit (Advances) including write-offs, recovery, re-scheduling/
re-structuring of debt Treasury Management Investments
Presentation byEbrahim Sidat
6
SBP Prudential Regulation (PR) G-I
Fixed assets – acquisition and disposal. Donations and charities. Prevention of frauds and forgeries. Compliance programme. KYC and anti-money laundering measures.
Presentation byEbrahim Sidat
7
CONCEPTUAL ROLE OF AUDIT COMMITTEE
CORPORATE GOVERNANCE COMPACT
INTERNAL
AUDIT
EXTERNAL AUDIT
AUDIT COMMITTEE
BOARD OF DIRECTORS
• TO OVERSEE & REPORT TO BOD NOT TO MANAGE
• TO SUPPORT/ADVISE MANAGEMENT NOT TO STIFLE OPERATIONAL PERFORMANCE
• TO HAVE MEANINGFUL, RELEVANT AND TRANSPARENT INFORMATION
NOT TO HAVE INFORMATION OVERLOAD
• TO THINK, JUDGE AND ACT ON SIGNIFICANT GOVERNANCE/RISK ISSUES
NOT TO BE TOO PROCESS - DRIVEN
• TO ENSURE CONFORMANCE FOR GOVERNANCE AND BETTER PERFORMANCE
NOT TO BE INDIFFERENT TO RESULTS
Presentation byEbrahim Sidat
8
AUDIT COMMITTEE (AC) – CERTAIN MANDATORY PROVISIONS UNDER THE SECP’s CODE OF CORPORATE GOVERNANCE
AC to perform duties as per terms of reference listed in paragraph
(xxxiii) of CCG.
AC shall have at least 3 members including the chairperson.
Majority of the members of the AC shall be non-executive directors.
Chairperson shall preferably be a non-executive director.
Names of the members of AC shall be disclosed in the annual report.
Presentation byEbrahim Sidat
9
AC shall appoint secretary of the committee.
CFO, head of internal audit and the external auditor’s representative to attend quarterly meeting with AC.
Separate meeting of AC with auditors and head of internal audit and others atleast once a year.
AC’s recommendations to normally prevail over BOD in relevant matters.
Audit Committee (AC) – Certain mandatory provisions under the SECP’S Code of Corporate Governance
Presentation byEbrahim Sidat
10
FUNCTIONS OF AUDIT COMMITTEE(as stipulated in SBP’s Handbook of Corporate Governance)
a) Determination of appropriate measures to safeguard the bank’s assets.
b) Review of preliminary announcements of results prior to publication.
c) Review of quarterly, half-yearly and annual financial statements, prior to their approval by the Board of Directors, focusing on:
major judgmental areas; significant adjustments resulting from the audit; the going-concern assumption; any changes in accounting policies and practices;
Presentation byEbrahim Sidat
11
Functions of Audit Committee(as stipulated in SBP’s Handbook of Corporate Governance)
Compliance with applicable accounting standards; and Compliance with listing regulations and other statutory and
regulatory requirements.
d) Facilitating the external audit and discussion with external auditors of major observations arising from interim and final audits and any matter that the auditors may wish to highlight (in the absence of management, where necessary).
e) Review of management letter issued by external auditors and management’s response thereto.
f) Ensuring coordination between the internal and external auditors.
Presentation byEbrahim Sidat
12
Functions of Audit Committee(as stipulated in SBP’s Handbook of Corporate Governance)
g) Review of the scope and extent of internal audit and ensuring that the internal audit function has adequate resources and is appropriately placed within the bank.
h) Consideration of major findings of internal investigations and management’s response thereto.
i) Ascertaining that the internal control system including financial and operational controls, accounting system and reporting structure are adequate and effective.
j) Review of the statement on internal control systems prior to endorsement by the Board of Directors.
Presentation byEbrahim Sidat
13
Functions of Audit Committee(as stipulated in SBP’s Handbook of Corporate Governance)
k) Instituting special projects, value for money studies or other investigations on any matter specified by the Board of Directors, in consultation with the Chief executive and to consider remittance of any matter to the external auditors or to any other external body.
l) Determination of compliance with relevant statutory requirements.
m) Monitoring compliance with the best practices of corporate governance and identification of significant violations thereof.
n) Consideration of any other issue or matter as may be assigned by the Board of Directors.
Presentation byEbrahim Sidat
14
AUDIT COMMITTEE’S (AC) ROLE AS ENVISAGED BY THE BASEL COMMITTEE PRINCIPLES ON BANK’S INTERNAL CONTROLS
Principle 19 AC assists Board of Directors’ task to ensure the existence and
maintenance of adequate system of internal controls. AC reinforces internal control system, internal and external audits. AC should have a proper written charter. AC should have at least 3 members of the Board who are not current
or former members of senior management. AC should have at least one member having a background in financial
reporting, accounting or auditing. AC should approve (“confirm”) the internal audit charter, the audit
plan and the resources required.
Presentation byEbrahim Sidat
15
ROLE OF AUDIT COMMITTEE(as set out in UK Combined Code of Corporate Governance)
To monitor integrity of the financial statements. To review the company’s internal financial controls (and its risk
management systems). To monitor and review the effectiveness of internal audit. To recommend (to the board) appointment of the external auditor,
and approve their remuneration and terms of engagement. To review and monitor the external auditor’s independence,
objectivity and the effectiveness of the audit process. To develop and implement policy on using the external auditor to
render non-audit services. To institute whistle-blowing arrangements.
Presentation byEbrahim Sidat
16
CERTAIN FUNDAMENTAL MATTERS ON WHICHAUDIT COMMITTEE (AC) SHOULD FOCUS
Ensure completeness, accuracy and fairness of financial statements, directors’ report and other corporate disclosures.
Assess conceptual validity and practical application of significant accounting policies.
Carry out independent assessment of judgmental issues and accounting estimates made by management.
Seek assurance from management about completeness and fairness of corporate disclosures, both financial and non-financial.
Enquire about material unusual transactions, events, contracts, arrangements, adjustments, related party transactions, departure from established norms/practices and such other significant issues.
Presentation byEbrahim Sidat
17
Certain fundamental matters on which AC should focus
Review periodically internal control and risk management procedures. Be alert to any indications or signals of impropriety or questionable
conduct or deficient regulatory compliance by causing to introduce “red flags” and the mitigating controls.
Address promptly all significant complaints by ensuring to have in place effective “whistle-blowing” procedures.
Presentation byEbrahim Sidat
18
POTENTIAL BENEFITS OF AN EFFECTIVEAUDIT COMMITTEE (AC)
Review of periodical and annual financial statements substantially enhances standard of financial reporting.
An environment of discipline, risk management awareness and control mitigates potential risk of fraud and irregularities.
NEDs bring to bear independent judgment on all significant matters. Financial reporting line head is provided a forum to raise and moot issues of
concern which might otherwise be difficult. Head of internal audit and external auditors have an effective, prompt and
independent line of communication on matters deemed critical or significant and for issue resolution.
Public confidence and credibility in the transparency and objectivity of financial reporting process is enhanced and reinforced.
Presentation byEbrahim Sidat
19
GUIDELINES FOR JUDGING EFFECTIVENESSOF AUDIT COMMITTEE (AC)
Composition of AC. Competence of AC members, in particular NEDs. AC Chairman’s commitment and proficiency. Conduct and duration of AC proceedings and its documentation. Quality of information and its timely dissemination. Follow-up on preceding actions and decisions. Level and frequency of inter-action with other players.
Presentation byEbrahim Sidat
20
TOUCHSTONE TO JUDGE QUALITY OF INTERNAL CONTROL
Whether for purposes of risk management, it is:
sound enough in designand
effective enough in implementationto
safeguard the shareholders’ investmentand
the Company’s assets
Whether there is a system in place to reviewing and monitoring regularly the internal control system to respond to continually evolving risks and exposures
Presentation byEbrahim Sidat
21
What the Board is expected to do to discharge its obligations in the context of internal control Recognize that reviewing the effectiveness of internal control is an
inherent part of the board’s responsibilities How should the board discharge this obligation?
– Ask discerning and relevant questions from management– Evaluate management’s information and assurance on the
soundness and implementation of internal control– Receive from management at regular intervals, reports on risk
management and internal controls embracing “all controls” to mean:– Internal financial controls– Operational controls– Compliance controls
BOARD’S OBLIGATION TO REVIEW INTERNAL CONTROL IS NOT A REGULATORY IMPOSITION BUT INDEED A BUSINESS IMPERATIVE
Presentation byEbrahim Sidat
22
RISK BASED PRINCIPLES TO ASSESS INTERNAL CONTROL (IC)
IC should emerge as a reflection of the “tone at the top”. IC is a means to an end and not an end in itself. Risk orientation should be the fundamental premises of all ICs. IC be embedded in the business processes to pursue bank’s objectives
and indeed become its culture. IC should remain relevant over time and keep pace with emerging
changes and developments. IC system and procedures should be organization – specific. IC should facilitate and promote operational effectiveness and efficiency. IC should justify cost-benefit consideration without compromising.
overall objectives. IC does not eliminate need for sound and astute business judgment. IC reduces but cannot eliminate possibility of poor judgment in decision-
making. IC provides reasonable but not absolute assurance on various aspects of
business.
Presentation byEbrahim Sidat
23
RISK MANAGEMENT - A COMPREHENSIVEDIMENSION OF CORPORATE GOVERNANCE
Risk management is a comprehensive concept.
Risk is inherent in business and is an essential concomitant of profits.
Business risk is both endemic and pervasive.
Risk management should not be visualized only in the context of an
adverse phenomenon, unfavourable happenings and circumstances.
Missed opportunities and failure to cause to happen or exploit
potential good events is also an integral part of risk management.
Presentation byEbrahim Sidat
24
Control strategies manage and mitigate risks but cannot eliminate entirely. Risk taking in business need to be differentiated with recklessness, callousness,
indifference and a cavalier attitude. Risk management inherently pre-supposes existence of an effective early warning
mechanism. Risks upon identification need to be prioritized having regard to:
1. High impact High likelihood2. High impact Low likelihood3. Low impact High likelihood4. Low impact Low likelihood
Awareness of trigger events and their frequency in relation to each significant business risk is an essential element of risk management.
Risk management - a comprehensive dimension of corporate governance
Presentation byEbrahim Sidat
25
OVERVIEW OF SBP’S GUIDELINES ON RISK MANAGEMENT(BSD Circular No.7 of August 15, 2003)
Risk Management encompasses risk identification, assessment, measurement,monitoring and mitigating / controlling all risks inherent in the business of banking.These are generally contemplated as under:
Directors’ Report Issued annually to specifically include under the heading “RiskManagement Framework” the following:
a) Overall plan to meet SBP guidelines on risk managementb) Status and details of implementation / actions takenc) Indicative time frame for full compliance and implementation
Presentation byEbrahim Sidat
26
RISK IDENTIFICATION - A FUNDAMENTAL BUSINESS IMPERATIVE
Understand the company’s products and services. Know the market place and the company’s relative status and
share therein. Identify success factors critical to the achievement of the
company’s objectives. Obtain awareness on the overall organizational structure and
delegation of authority and responsibility. Study control environment and risk assessment processes within
the company. Acquaint with the contour of:
Presentation byEbrahim Sidat
27
Risk Identification
– Information and communication system
– Monitoring and evaluation system
to form a preliminary view of their soundness, reliability and effectiveness or otherwise
Ascertain problems, impediments or near misses that may have happened or are potentially threatened to the detriment of business.
Enquire on any fraud or probity issues (including conflict of interest) in the recent history of the bank.
Apprise with the legal and regulatory environment in which the bank operates.
Presentation byEbrahim Sidat
28
GUIDELINES ON SIGNIFICANT RISK INDICATORS
Internal– Issues of integrity, ethics, propriety and probity– Defective HR policies and procedures and high personnel turnover – Improper reward and incentive system– Lack of qualified personnel at various levels– Improper delegation of authority and responsibility – Incompatibility in growth and the existing organization and infra-
structure – Impairing of control processes (preventive and detective) resulting
in a higher than reasonable incidence of loss of business, frauds, errors and irregularities
Presentation byEbrahim Sidat
29
– Liquidity crises and impaired credit worthiness– Shrinking markets denominated by declining business and
revenue and squeezing of spreads External
– Threats posed by unfair competition in the market place and changing clients’ behavior
– Technological threats posed by innovation– Litigation and underlying exposure– Health, safety and environmental issues– Regulatory and compliance exposure– Foreign currency risk and exposure – Changes in governmental policies (including political and
economic) and legal and regulatory implications arising therefrom
Significant Risk Indicators
Presentation byEbrahim Sidat
30
AUDIT COMMITTEE (AC) HOW TO JUDGE
ITS EFFECTIVENESS
See whether AC is focussed on the “FIVE Cs”
(Understand) Complexity of business and the underlying risk profile(Probe) Creativity - undue creativity in business structures,
transactions, accounting, tax planning etc. is prone todangerous consequences
(Focus) Controls - focus on the importance of controls(Watch) Coziness - Board’s relationship with CEO and senior
management, between the company and its externalauditors. Is it too close to compromise objectivity andindependence of thought
(Analyse) Choices - CEO, CFO and other senior managementexercise critical choices relevant to policies, estimates andjudgements