Log in



B.OVERSIGHT AND ACCOUNTABILITY


B-1 - Principle 

The governing body is responsible for maintaining oversight of the organization and is accountable to the organization, its owners, employees, clients and other stakeholders for the organization’s financial performance and how it conducts its business. Oversight and accountability engender trust and legitimacy and improve financial performance which enhances owners’ equity and value.

B-2 - Rationale

Accountability is a globally recognized corporate governance principle that ensures that an organization’s leaders are held to the highest standards expected of them. Governing bodies that are held to account by shareholders and stakeholders ensure that they perform at their best and, in turn, exercise proper oversight over those to which they have delegated responsibility. Ultimately, accountability helps to minimize or avoid potential conflicts that could arise from the mismanagement of authority.

B-3 - Key Aspects of Practice

B-3(a)Oversight

  1. The governing body’s oversight function is intended to ensure inter alia that:-

  1. assets are safeguarded;

  2. business processes are working in accordance with and within approved parameters;

  3. continuous improvement is recorded against measured objectives;

  4. risks affecting business continuity are identified, prioritised and supported with risk abatement and risk mitigation strategies; and

  5. there is effective governance of sustainability and its integration with strategy and operations.

  1. The governing body, as part of its oversight function, should:

  1. take corrective action as necessary to ensure that the organization’s strategic goals and objectives are met and for these purposes, the sources of authority and their responsibilities, must be identified in writing and provided to the persons to whom the responsibilities are directed or delegated; these sources include (but are not limited to):-

  1. laws, regulations, rules, practices and guidelines; or

  2. unanimous shareholder agreements, by-laws, charters or constitutions; or

  3. ethical and moral conventions.

  1. ensure that the persons to whom responsibility is delegated account for his/her actions by asking searching questions of and reprimanding those who fail to account or who, upon an account being taken, have not responsibly performed the tasks delegated;

  2. periodically review the organization’s financial accounting systems, internal controls, risk management and financial reporting and make improvements. Independent oversight is required from time to time through internal audit, external audit, the audit committee or risk management committee as appropriate, and risk officers;

  3. periodically review organizational performance against previously determined criteria and take corrective action to arrest and reverse declining financial performance and results;

  4. receive from executive management (or equivalent), periodic reports with recommendations which must be considered, so as to, inter alia:-

  1. improve financial performance and results;

  2. improve terms and conditions for employees;

  3. re-direct resources to where it is most required;

  4. re-prioritize risks as part of the organization’s risk framework, in particular, relating to cyber security and artificial intelligence;

  5. improve data protection and maintain pace with appropriate technological solutions;

  6. identify new stakeholders and deepen existing stakeholder relationships;

  7. improve transparency and cost-effectiveness in procurement procedures;

  8. create a positive organizational culture to facilitate the achievements of organizational strategies, goals and objectives; and

  9. establish whistleblower practices.

  1. periodically review and, if necessary, re-design the organization’s governance framework to make it more responsive and engaging and re-calibrate the levels of assurance and scrutiny required to provide the governing body, periodically, with independent assessments of its performance against measured criteria; and 

  2. periodically review the reporting lines, roles and responsibilities of those who provide assurance, internally and externally, to safeguard their independence and authority.



B-3(b) Accountability

  1. The governing body should:

    1. demonstrate its accountability to the organization as a whole and hold to account those to whom it has delegated responsibilities. Accountability engenders trust and legitimacy which improves corporate performance;

    2. exercise its powers of delegation with reasonable care, diligence and skill and remain accountable to the organization as a whole for the performance of those delegated functions;

    3. operate in a fair and transparent manner and ensure that accountability is practised throughout the organization in accordance with:-

  1. law or regulations;

  2. approved by-laws, charters or the constitution;

  3. regulatory and compliance requirements;

  4. ethical or moral conventions; and

  5. standard business and industry practices.

  1. ensure that the organization’s reports and disclosures (to stakeholders):-

  1. describe the organizational purpose, values, strategy and governance framework and the practices implemented to achieve its purpose, values, strategy and governance framework;

  2. provide information on:-

  1. the organization’s financial performance against stated objectives including key performance indicators;

  2. the way in which the organization’s performance was achieved and whether this performance was reasonable in the context of changing governance policies and values;

  3. the actual and potential impact on the resources it uses and on the natural environment and in the social and economic context within which it operates;

  4. the level of influence (if any) exercised by stakeholders and persons who have a controlling interest;

  5. aggregate remuneration for its executive management and governing body including profit related pay and allowances;

  6. any material failure of compliance, why it occurred, corrective action taken and how future compliance will be improved;

  7. conflicts of interest incidents and how they were resolved (if at all);

  8. new and emerging organizational risks which threaten the achievement of the organization’s objectives, including its business continuity, and how these risks are being mitigated and managed; and

  9. measures adopted to promote and embed the desired organizational culture.

  1. describe assurance processes that have been applied to support the integrity of the information used or reported and in so doing, express confidence in the information being relied upon;

  2. expressly identify potential and actual exposures (including litigation) and in relation to the latter, estimate the exposure in monetary terms;

  3. maintain transparency, but within the limits of business confidentiality and data privacy;

  4. report on historic actions and outcomes as well as future intentions;

  5. use the most appropriate reporting methodologies for the organization, given evolving trends and stakeholder expectations; and

  6. so far as is reasonably practicable, exceed the minimum reporting and disclosure standards as required by law or convention.

  1. determine the most appropriate reporting methods for the organization;

  2. ensure that reported information is material, reliable, understandable, complete, accurate, balanced and timely;

  3. ensure that stakeholders are able to access the reports and disclosures and have the necessary information to make informed assessments of the organization’s performance over time;

  4. be available to answer and/or provide responses to stakeholders about decisions made or actions taken; and

  5. encourage and manage stakeholder engagement to facilitate orderly participation and meaningful use of stakeholder feedback which would contribute to corporate sustainability.

B-3(c) The Audit Committee (or its equivalent)

  1. The Audit Committee (or its equivalent) is key to ensuring that the organization has robust and effective processes relating to financial reporting, internal controls and risk management and is important for:

    1. maintaining the organization’s financial stability;

    2. gaining the trust and confidence of shareholders and other stakeholders;

    3. understanding how the organization can achieve better financial results together with improved corporate governance;

    4. managing key risks; and

    5. supporting accountability within the organization.

  2. The Audit Committee should be guided by a written charter or terms of reference, approved by the governing body, which should contain inter alia the following key responsibilities:

    1. supported by management and/or independent professional advisors, review the organization’s interim and annual audited financial statements as well as its annual report and/or any other related financial disclosures, to provide assurance of its integrity, accuracy, completeness and compliance with legal and regulatory requirements;

    2. review the organization’s financial reporting processes, including an assessment of whether the organization has adopted the appropriate accounting policies and any changes thereto;

    3. oversee the organization’s relations with the external auditor including, but not limited to, reviewing the external auditor’s qualifications, resources and independence, and monitoring the performance of the external auditor and the overall effectiveness of the external audit process;

    4. conduct the tender process for an external auditor and make recommendations to the governing body for the re-appointment, appointment and removal of the external auditor as well as the terms of engagement and remuneration of the external auditor;

    5. regularly review the organization’s need for establishing an internal audit function and where there is no internal audit function, ensure that internal assurance is achieved;

    6. regularly review the organization’s internal financial, compliance and operational controls, and, where a risk committee (or equivalent) has not been established, the organization’s risk management system; 

    7. report regularly to the governing body regarding the execution of the audit committee’s duties and how it has discharged its responsibilities, activities, any issues encountered and related recommendations;

    8. satisfy itself that the quality of audits, whether internal or external, is of a sufficiently high standard, supported by evidence and provide adequate justifications for the committee’s conclusions and/or recommendations; and

    9. work and liaise with other committees as necessary to ensure adequate interaction between and among committees and with the governing body.

  3. The Audit Committee, in order to properly discharge its functions and duties, should:

    1. be given the authority to meet with and seek any information it requires from employees, officers, directors or external parties;

    2. be properly resourced and compensated; 

    3. have access to independent professional advice where it is deemed necessary;

    4. comprise a majority of non-executive members with relevant qualifications who meet the applicable standards of independence (as determined by the governing body). The Chairperson and/or the Chief Executive Officer (or its equivalent) should neither be a member nor chair of the Audit Committee. The convener of the Audit Committee should meet the applicable standards of independence;

    5. have at least one (1) member who qualifies as a financial expert;

    6. be provided with annual continuing education and training in financial reporting and other relevant subject-matter areas;

    7. meet at least quarterly, but more frequently as determined by the committee convener, who will prepare the agenda for the committee’s meeting and arrange briefing material for the committee as far in advance of the meeting as reasonably practicable;

    8. ensure that non-executive members of the committee have discussions periodically, without management;

    9. foster open communication and meet periodically with management, the director of the internal audit function and the external auditor in separate executive meetings;

    10. review with management, the organization’s finance function, including its budget, organization and quality of personnel; and

    11. periodically conduct performance assessments relative to the audit committee’s purpose, duties and responsibilities.

B-3(d) Internal Audit

  1. Where an internal audit function has been established, the governing body, through its Audit Committee or equivalent, should:

  1. review and approve the mandate of the internal audit function;

  2. monitor the performance of the internal auditor and the overall effectiveness of the internal audit process;

  3. review and advise on the selection and removal of the internal auditor;

  4. review the activities and organizational structure of the internal audit function, as well as the qualifications of its personnel, budget and staffing;

  5. annually, or at some other interval as set out in the organization’s policy framework, review and recommend changes (if any) to the internal audit charter.

  6. periodically review, with the internal auditor, any significant difficulties, disagreements with management or scope restrictions encountered in the course of administering the internal audit function;

  7. discuss with the internal auditor, the internal audit function and the extent to which changes or improvements in financial or accounting practices have been implemented.

  1. The internal audit charter should provide the organization with a blueprint for the operations of the internal audit function and help the governing body to clearly signal the value it places on the independence of the internal audit function. Ideally, the internal audit charter should contain the following:

    1. reporting lines for the internal auditor (or equivalent) that support his/her independence. The internal auditor should report functionally to the governing body and administratively to executive management;

    2. clearly defined and articulated operating orders for the governing body and executive management (or equivalent) to enable the internal audit function to operate at the highest standard; and

    3. the authority of the internal audit function which should include unfettered access to records, relevant personnel and physical property, the ability to retain advisory services to support the internal audit function and general authority to respond to emerging issues.

B-3(e) External Audit

  1. The governing body, through its Audit Committee or equivalent, should:

    1. recommend to the owners, the re-appointment, appointment and removal of an external auditor, as circumstances warrant;

    2. recommend to the owners, the terms of engagement with the external auditor, including its remuneration for the proposed period;

    3. oversee the work performed by the external auditor retained for the purpose of preparing or issuing an audit report or related work;

    4. review the performance and independence of the external auditor; 

    5. ensure that the external auditor reports to the governing body (through the audit committee or equivalent, where applicable) to permit effective oversight of the resolution of any emerging disagreements between management and the external auditor and any perceived or actual threats to auditor independence; and

    6. actively engage in dialogue with the external auditor with respect to any disclosed relationships, non-audit services and/or shareholdings that may affect the independence and objectivity of the external auditor and take appropriate actions to safeguard the independence of the external auditor, including but not limited to, approving policies restricting or prohibiting the conduct of non-audit services; requiring auditor rotation and establishing the organization’s criteria for auditor independence.

B-3(f) Financial Reporting Processes, Accounting Policies and Internal Control

  1. The governing body should:-

  1. in consultation with the external auditor and the internal audit function (if applicable), review the integrity of the organization’s financial reporting processes (both internal and external);

  2. oversee the integrity of the organization’s disclosure and reporting systems and periodically review the adequacy and effectiveness of the organization’s disclosure controls and procedures and its internal controls over financial reporting, including any significant deficiencies and significant changes in internal controls;

  3. consider the scope of the internal and external auditors’ review of internal controls over financial reporting, and obtain reports on significant findings and recommendations, together with management responses;

  4. receive and review any disclosure from the organization’s head of executive management or head of finance (howsoever called) made in connection with the certification of the organization’s quarterly and annual regulatory reports/submissions;

  5. identify significant deficiencies and material weaknesses in the design or operation of the internal controls over the financial reporting which are reasonably likely to adversely affect the organization’s ability to record, process, summarize and report financial data and report on any fraud that involves management or other employees who have a significant role in operationalising the organization’s internal controls;

  6. report on concerns regarding accounting principles and financial statement presentations, including any significant changes in the organization’s selection or application of accounting principles, issues as to the adequacy of the organization’s internal controls and any special audit steps adopted in light of material control deficiencies;

  7. review analyses prepared by management and the external auditor identifying significant financial reporting issues and judgments made in connection with the preparation of the financial statements;

  8. review the effect of regulatory and accounting initiatives as well as off-balance-sheet transactions, on the financial statements of the organization and approve all related-party transactions; and

  9. establish and oversee policies and procedures for the receipt, retention and treatment of complaints regarding accounting, internal accounting controls or auditing matters including confidential, anonymous submissions by employees regarding questionable accounting or auditing practices.

B-3(g) - Risk Governance

(i)The governing body should:

  1. oversee and be held accountable for risk governance in the organization and in so doing make the relevant risk disclosures in its annual report or other such reporting mechanisms;

  2. establish an effective enterprise-wide risk framework, including policies, to ensure that all risks facing the organization can be identified, prioritised, assessed, managed and reviewed, using proven risk management techniques;

  3. establish the organization's  risk appetite and limits and ensure that risk is being managed within approved guidelines; 

  4. ensure that preventative controls are in place to prevent an adverse risk event from occurring, that detection controls are in place to detect risk events when they occur and that corrective controls are in place for dealing with risk events that have occurred;

  5. ensure that risk governance remains a key component of its agenda;

  6. delegate risk management to independent persons, whether internal or external to the organization, with prudent care and skill; and 

  7. ensure that it is kept apprised of new and emerging risks facing the organization.

  1. The governing body may establish a separate risk management committee (or equivalent), comprising a majority of non-executive directors with relevant qualifications who meet the applicable standards of independence (as determined by the governing body), or delegate its responsibility for risk to its Audit Committee. The Chairperson and/or the Chief Executive Officer should neither be a member nor chair this committee. The convener of the committee should meet the applicable standards of independence.

  2. The risk management committee (or equivalent) should:-

    1. oversee, review and periodically update the organization’s code of business conduct and ethics and the organization’s system to monitor compliance with and enforce this code;

    2. review, with the organization’s counsel (or its equivalent), legal compliance and legal matters that could have a significant impact on the organization’s financial statements;

    3. carry out a robust assessment of the organization’s emerging and principal risks with respect to risk assessment and risk management, including appropriate guidelines and policies to govern the process of business continuity, as well as the organization’s major financial risk exposures and the steps management has undertaken to mitigate  them;

    4. consider the risk of management’s ability to override the organization’s internal controls;

    5. make recommendations for the appointment of a chief risk officer (or equivalent) reporting directly to the governing body or, alternatively, to the executive management; 

    6. monitor and propose adjustments to the organization’s risk appetite, associated risk limits and tolerance and make related recommendations to the governing body for approval;

    7. confirm adherence to risk management policies and procedures and hold individuals accountable for significant breaches;

    8. address escalated risk matters brought forth by the risk function and/or senior and executive management;

    9. Consider the following matters, when identifying, prioritising, monitoring and mitigating risk:- 

  1. data security, privacy and protection;

  2. cybersecurity;

  3. artificial intelligence;

  4. climate change;

  5. pandemics;

  6. geo-political instability; and

  7. social discontent.

B-4 Expected Outcomes

Having applied the recommendations stated here in accordance with the size, sector and complexity of the organizations, it is expected that organizations will achieve the following key outcomes:

  1. improved corporate transparency and investor confidence;

  2. improved risk management and internal controls; 

  3. auditor independence; and

  4. organizational resilience.



Powered by Wild Apricot Membership Software