presentation by ebrahim sidat 1 conference on bank’s corporate governance the role of audit...

Presentation byEbrahim Sidat

1

CONFERENCE ON BANK’S CORPORATE GOVERNANCE

THE ROLE OF AUDIT COMMITTEEIN GOOD CORPORATE GOVERNANCE

Presentation byEBRAHIM SIDAT

COUNTRY MANAGING PARTNER/CEO

FORD RHODES SIDAT HYDER & Co.A Member of Ernst & Young International

Karachi, May 29, 2006

Organized byState Bank of Pakistan

Pakistan Institute of Corporate Governanceand

International Finance Corporation

1


2

PRESENTATION HIGHLIGHTS

• Underlying objectives of Corporate Governance

• Certain imperatives for the Board of Directors

• SBP Prudential Regulation – G1

• Conceptual role of Audit Committee

• Audit Committee – Certain mandatory provisions under the SECP’s Code of Corporate Governance

• Functions of Audit Committee

• Audit Committee’s role as envisaged by the Basel Committee principles on bank’s internal controls

• Role of Audit Committee under the UK-CCCG

• Certain fundamental matters on which Audit Committee should focus

• Potential benefits of an effective Audit Committee

• Guidelines for judging effectiveness of Audit Committee

• Touchstone to judge quality of internal control

• Board’s obligation to review internal control is not a regulatory imposition but indeed a business imperative

• Risk based principles to assess internal control

• Risk management – a comprehensive dimension of Corporate Governance

• Overview of SBP’s guidelines on risk management

• Risk identification – a fundamental business imperative

• Guidelines on significant risk indicators

• Audit Committee - how to judge its effectiveness


3

TRANSPARENCY - ACCOUNTABILITY - FAIRNESS - RESPONSIBILITY.

It is not intended to create regulatory imposition or intervention.

The fundamental objective is to encourage and enforce self- regulation, with the ultimate goal of :

• being more responsive to the dictates of transparent and ethical• behaviour • promoting growth of the enterprise, its profitability and• maximize shareholder-value, having regard to the interest of all• stakeholders• achieving strategic goals• being socially responsible

UNDERLYING OBJECTIVES OF CORPORATE GOVERNANCE


4

CERTAIN IMPERATIVES FOR THE BOARD OF DIRECTORS

Formulate corporate strategy. Adopt a set of significant policies. Identify and prioritise risks. Institute risk-management policies and control strategies Ensure to have in place sound and effective internal control

framework. Attach a high priority to status of compliance with ethical

standards and best practices of corporate governance.


5

SBP PRUDENTIAL REGULATION (PR) G-I

Responsibilities of the Board inter-alia include:

Governance and oversight role related to:

Financial and Management Information Systems (MIS) Internal Control Internal Audit Compliance Risk Management Credit (Advances) including write-offs, recovery, re-scheduling/

re-structuring of debt Treasury Management Investments


6

SBP Prudential Regulation (PR) G-I

Fixed assets – acquisition and disposal. Donations and charities. Prevention of frauds and forgeries. Compliance programme. KYC and anti-money laundering measures.


7

CONCEPTUAL ROLE OF AUDIT COMMITTEE

CORPORATE GOVERNANCE COMPACT

INTERNAL

AUDIT

EXTERNAL AUDIT

AUDIT COMMITTEE

BOARD OF DIRECTORS

• TO OVERSEE & REPORT TO BOD NOT TO MANAGE

• TO SUPPORT/ADVISE MANAGEMENT NOT TO STIFLE OPERATIONAL PERFORMANCE

• TO HAVE MEANINGFUL, RELEVANT AND TRANSPARENT INFORMATION

NOT TO HAVE INFORMATION OVERLOAD

• TO THINK, JUDGE AND ACT ON SIGNIFICANT GOVERNANCE/RISK ISSUES

NOT TO BE TOO PROCESS - DRIVEN

• TO ENSURE CONFORMANCE FOR GOVERNANCE AND BETTER PERFORMANCE

NOT TO BE INDIFFERENT TO RESULTS


8

AUDIT COMMITTEE (AC) – CERTAIN MANDATORY PROVISIONS UNDER THE SECP’s CODE OF CORPORATE GOVERNANCE

AC to perform duties as per terms of reference listed in paragraph

(xxxiii) of CCG.

AC shall have at least 3 members including the chairperson.

Majority of the members of the AC shall be non-executive directors.

Chairperson shall preferably be a non-executive director.

Names of the members of AC shall be disclosed in the annual report.


9

AC shall appoint secretary of the committee.

CFO, head of internal audit and the external auditor’s representative to attend quarterly meeting with AC.

Separate meeting of AC with auditors and head of internal audit and others atleast once a year.

AC’s recommendations to normally prevail over BOD in relevant matters.

Audit Committee (AC) – Certain mandatory provisions under the SECP’S Code of Corporate Governance


10

FUNCTIONS OF AUDIT COMMITTEE(as stipulated in SBP’s Handbook of Corporate Governance)

a) Determination of appropriate measures to safeguard the bank’s assets.

b) Review of preliminary announcements of results prior to publication.

c) Review of quarterly, half-yearly and annual financial statements, prior to their approval by the Board of Directors, focusing on:

major judgmental areas; significant adjustments resulting from the audit; the going-concern assumption; any changes in accounting policies and practices;


11

Functions of Audit Committee(as stipulated in SBP’s Handbook of Corporate Governance)

Compliance with applicable accounting standards; and Compliance with listing regulations and other statutory and

regulatory requirements.

d) Facilitating the external audit and discussion with external auditors of major observations arising from interim and final audits and any matter that the auditors may wish to highlight (in the absence of management, where necessary).

e) Review of management letter issued by external auditors and management’s response thereto.

f) Ensuring coordination between the internal and external auditors.


12


g) Review of the scope and extent of internal audit and ensuring that the internal audit function has adequate resources and is appropriately placed within the bank.

h) Consideration of major findings of internal investigations and management’s response thereto.

i) Ascertaining that the internal control system including financial and operational controls, accounting system and reporting structure are adequate and effective.

j) Review of the statement on internal control systems prior to endorsement by the Board of Directors.


13


k) Instituting special projects, value for money studies or other investigations on any matter specified by the Board of Directors, in consultation with the Chief executive and to consider remittance of any matter to the external auditors or to any other external body.

l) Determination of compliance with relevant statutory requirements.

m) Monitoring compliance with the best practices of corporate governance and identification of significant violations thereof.

n) Consideration of any other issue or matter as may be assigned by the Board of Directors.


14

AUDIT COMMITTEE’S (AC) ROLE AS ENVISAGED BY THE BASEL COMMITTEE PRINCIPLES ON BANK’S INTERNAL CONTROLS

Principle 19 AC assists Board of Directors’ task to ensure the existence and

maintenance of adequate system of internal controls. AC reinforces internal control system, internal and external audits. AC should have a proper written charter. AC should have at least 3 members of the Board who are not current

or former members of senior management. AC should have at least one member having a background in financial

reporting, accounting or auditing. AC should approve (“confirm”) the internal audit charter, the audit

plan and the resources required.


15

ROLE OF AUDIT COMMITTEE(as set out in UK Combined Code of Corporate Governance)

To monitor integrity of the financial statements. To review the company’s internal financial controls (and its risk

management systems). To monitor and review the effectiveness of internal audit. To recommend (to the board) appointment of the external auditor,

and approve their remuneration and terms of engagement. To review and monitor the external auditor’s independence,

objectivity and the effectiveness of the audit process. To develop and implement policy on using the external auditor to

render non-audit services. To institute whistle-blowing arrangements.


16

CERTAIN FUNDAMENTAL MATTERS ON WHICHAUDIT COMMITTEE (AC) SHOULD FOCUS

Ensure completeness, accuracy and fairness of financial statements, directors’ report and other corporate disclosures.

Assess conceptual validity and practical application of significant accounting policies.

Carry out independent assessment of judgmental issues and accounting estimates made by management.

Seek assurance from management about completeness and fairness of corporate disclosures, both financial and non-financial.

Enquire about material unusual transactions, events, contracts, arrangements, adjustments, related party transactions, departure from established norms/practices and such other significant issues.


17

Certain fundamental matters on which AC should focus

Review periodically internal control and risk management procedures. Be alert to any indications or signals of impropriety or questionable

conduct or deficient regulatory compliance by causing to introduce “red flags” and the mitigating controls.

Address promptly all significant complaints by ensuring to have in place effective “whistle-blowing” procedures.


18

POTENTIAL BENEFITS OF AN EFFECTIVEAUDIT COMMITTEE (AC)

Review of periodical and annual financial statements substantially enhances standard of financial reporting.

An environment of discipline, risk management awareness and control mitigates potential risk of fraud and irregularities.

NEDs bring to bear independent judgment on all significant matters. Financial reporting line head is provided a forum to raise and moot issues of

concern which might otherwise be difficult. Head of internal audit and external auditors have an effective, prompt and

independent line of communication on matters deemed critical or significant and for issue resolution.

Public confidence and credibility in the transparency and objectivity of financial reporting process is enhanced and reinforced.


19

GUIDELINES FOR JUDGING EFFECTIVENESSOF AUDIT COMMITTEE (AC)

Composition of AC. Competence of AC members, in particular NEDs. AC Chairman’s commitment and proficiency. Conduct and duration of AC proceedings and its documentation. Quality of information and its timely dissemination. Follow-up on preceding actions and decisions. Level and frequency of inter-action with other players.


20

TOUCHSTONE TO JUDGE QUALITY OF INTERNAL CONTROL

Whether for purposes of risk management, it is:

sound enough in designand

effective enough in implementationto

safeguard the shareholders’ investmentand

the Company’s assets

Whether there is a system in place to reviewing and monitoring regularly the internal control system to respond to continually evolving risks and exposures


21

What the Board is expected to do to discharge its obligations in the context of internal control Recognize that reviewing the effectiveness of internal control is an

inherent part of the board’s responsibilities How should the board discharge this obligation?

– Ask discerning and relevant questions from management– Evaluate management’s information and assurance on the

soundness and implementation of internal control– Receive from management at regular intervals, reports on risk

management and internal controls embracing “all controls” to mean:– Internal financial controls– Operational controls– Compliance controls

BOARD’S OBLIGATION TO REVIEW INTERNAL CONTROL IS NOT A REGULATORY IMPOSITION BUT INDEED A BUSINESS IMPERATIVE


22

RISK BASED PRINCIPLES TO ASSESS INTERNAL CONTROL (IC)

IC should emerge as a reflection of the “tone at the top”. IC is a means to an end and not an end in itself. Risk orientation should be the fundamental premises of all ICs. IC be embedded in the business processes to pursue bank’s objectives

and indeed become its culture. IC should remain relevant over time and keep pace with emerging

changes and developments. IC system and procedures should be organization – specific. IC should facilitate and promote operational effectiveness and efficiency. IC should justify cost-benefit consideration without compromising.

overall objectives. IC does not eliminate need for sound and astute business judgment. IC reduces but cannot eliminate possibility of poor judgment in decision-

making. IC provides reasonable but not absolute assurance on various aspects of

business.


23

RISK MANAGEMENT - A COMPREHENSIVEDIMENSION OF CORPORATE GOVERNANCE

Risk management is a comprehensive concept.

Risk is inherent in business and is an essential concomitant of profits.

Business risk is both endemic and pervasive.

Risk management should not be visualized only in the context of an

adverse phenomenon, unfavourable happenings and circumstances.

Missed opportunities and failure to cause to happen or exploit

potential good events is also an integral part of risk management.


24

Control strategies manage and mitigate risks but cannot eliminate entirely. Risk taking in business need to be differentiated with recklessness, callousness,

indifference and a cavalier attitude. Risk management inherently pre-supposes existence of an effective early warning

mechanism. Risks upon identification need to be prioritized having regard to:

1. High impact High likelihood2. High impact Low likelihood3. Low impact High likelihood4. Low impact Low likelihood

Awareness of trigger events and their frequency in relation to each significant business risk is an essential element of risk management.

Risk management - a comprehensive dimension of corporate governance


25

OVERVIEW OF SBP’S GUIDELINES ON RISK MANAGEMENT(BSD Circular No.7 of August 15, 2003)

Risk Management encompasses risk identification, assessment, measurement,monitoring and mitigating / controlling all risks inherent in the business of banking.These are generally contemplated as under:

CREDIT RISK MARKET RISK LIQUIDITY RISK OPERATIONAL RISK COMPLIANCE / REGULATORY RISK

Directors’ Report Issued annually to specifically include under the heading “RiskManagement Framework” the following:

a) Overall plan to meet SBP guidelines on risk managementb) Status and details of implementation / actions takenc) Indicative time frame for full compliance and implementation


26

RISK IDENTIFICATION - A FUNDAMENTAL BUSINESS IMPERATIVE

Understand the company’s products and services. Know the market place and the company’s relative status and

share therein. Identify success factors critical to the achievement of the

company’s objectives. Obtain awareness on the overall organizational structure and

delegation of authority and responsibility. Study control environment and risk assessment processes within

the company. Acquaint with the contour of:


27

Risk Identification

– Information and communication system

– Monitoring and evaluation system

to form a preliminary view of their soundness, reliability and effectiveness or otherwise

Ascertain problems, impediments or near misses that may have happened or are potentially threatened to the detriment of business.

Enquire on any fraud or probity issues (including conflict of interest) in the recent history of the bank.

Apprise with the legal and regulatory environment in which the bank operates.


28

GUIDELINES ON SIGNIFICANT RISK INDICATORS

Internal– Issues of integrity, ethics, propriety and probity– Defective HR policies and procedures and high personnel turnover – Improper reward and incentive system– Lack of qualified personnel at various levels– Improper delegation of authority and responsibility – Incompatibility in growth and the existing organization and infra-

structure – Impairing of control processes (preventive and detective) resulting

in a higher than reasonable incidence of loss of business, frauds, errors and irregularities


29

– Liquidity crises and impaired credit worthiness– Shrinking markets denominated by declining business and

revenue and squeezing of spreads External

– Threats posed by unfair competition in the market place and changing clients’ behavior

– Technological threats posed by innovation– Litigation and underlying exposure– Health, safety and environmental issues– Regulatory and compliance exposure– Foreign currency risk and exposure – Changes in governmental policies (including political and

economic) and legal and regulatory implications arising therefrom

Significant Risk Indicators


30

AUDIT COMMITTEE (AC) HOW TO JUDGE

ITS EFFECTIVENESS

See whether AC is focussed on the “FIVE Cs”

(Understand) Complexity of business and the underlying risk profile(Probe) Creativity - undue creativity in business structures,

transactions, accounting, tax planning etc. is prone todangerous consequences

(Focus) Controls - focus on the importance of controls(Watch) Coziness - Board’s relationship with CEO and senior

management, between the company and its externalauditors. Is it too close to compromise objectivity andindependence of thought

(Analyse) Choices - CEO, CFO and other senior managementexercise critical choices relevant to policies, estimates andjudgements


31

THANK YOU

presentation by ebrahim sidat 1 conference on bank’s corporate governance the role of audit...

Documents

banks corporate governance

corporate strategy

effectiveness slide

basel committee principles

business imperative

control strategies

oversight role

sbp prudential regulation