Governance Review - The Report Generator Small and Medium Enterprises (SME) __________________________________________________________________________________________________ ADDRESSING THE FIVE KEY GOVERNANCE RISKS IN YOUR DECISION BOOK’S GOVERNANCE SECTION Instructions: This document is for use by investment staff in: (i) conducting SME governance review; (ii) preparing a Governance section of an Investment Decision Book; (iii) responding to questions at the Investment Decision Meeting. Governance section of the Decision Book must say what client features mitigate the 5 key SME Governance Risks. This REPORT GENERATOR details the 5 risks and tells which client characteristics could mitigate these key risks. Investment staff should collect information about a client and reflect in the Decision Book’s Governance section which features are displayed by the SME and which are not. This Report Generator aids in preparing such Governance section as it indicates the data to be collected from the client and gives guidance on possible sources of information (by interviewing the client or by reviewing a corporate document). ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

1

Key Risk I. The enterprise has not demonstrated a commitment to implement good governance practices Risk Description 1. There is no tone on the top for developing governance structures

Client Feature that Mitigates CG Risk #1 Importance of and commitment to good governance is formally communicated to staff and outside stakeholders

Questions to Ask • How importance of good governance structures is communicated to employees, management and outside stakeholders? • Is management committed to good governance?

There is a plan for implementation of governance structures

• •

2. Organizational structure is not clear

3. Key policies and processes are not formalized

A clear organizational structure with clear lines of authority and reporting is in place

• •

Answer Source • Enterprise’s mission and vision • Code of ethics • Employee handbook • Interviews with: Founder, company secretary, CEO

Does the enterprise have a defined implementation plan to improve its governance? Who is leading this effort and sets the tone at the top for establishing a governance system?

•

Is the organizational structure clearly defined and understood by staff? Does it clearly define authorities of units and reporting lines?

• •

Organizational chart Interview: Founder, CEO

•

(Corporate) governance improvement implementation plan Interviews with: Founder, company secretary

TORs for key positions are in place

•

Are core positions in the enterprise hired or their functions properly outsourced to qualified persons?

• •

Management ToRs Interviews: HR, Company Secretary

A strategic plan that articulates objectives, strategic actions/initiatives, budget, KPIs, and risks and clear accountabilities is in place

•

Does the company have a documented strategic plan(s) and budget(s) that clearly define what it is trying to achieve in the near-term (i.e., 1 yr) and longer term (i.e., 2 to 3 yrs)? Who is in charge of developing/approving a strategic plan?

•

Business plans for at least three years Interviews: key senior executives/ managers

Have key corporate governance provisions been codified in company policies and procedures? Are decisions clearly communicated to the organization in the form of policy, mandate, or other formal means?

• •

•

Basic organizational policies are in place

• •

•

•

Ethics code Policy or samples of communications with key staff Interviews: key senior executives/ managers

2

Key Risk II. The decision making is highly concentrated, and there is no effective oversight of the strategy and management performance Risk Description

Client Feature that Mitigates CG Risk #2 Management committee is formed and meets periodically to provide for detailed discussions and executive decision making

Questions to Ask • How and by whom executive decisions are made? • Does the founder/CEO take decisions in consultation with other managers?

1. Decision making is concentrated on one or two individuals

Authority Matrix that defines key decisions and what individuals/bodies are authorized to make them is in place

•

• Designation of backup/deputy staff for key functions, who attend key senior management/board meetings periodically

2. No outsider views on strategy and management performance provided

3. Advisory board/board of directors do not meet their duties

Advisory board or a board of directors with outside (non-executive) directors is formed and meets periodically

• •

• • • •

Management performance is overseen by a board of directors with outside (non-executive) directors

Role of the Advisory Board/Board of Directors clearly defined and communicated to members

Work procedures of the Advisory Board/Board of Directors allow for contributing appropriately

• • • • • •

How decision-making authorities are defined between owners, management and other bodies? Are these authorities clear to all staff? Has management established effective channels for communicating key decisions to all levels of the organization? By what means? Are there succession plans in place for key staff members? Is there ‘key-person’ risk in the organization such that one or two individuals make all decisions? Do owners get strategic advice from outside of the organization? Has the enterprise formed advisory board of a board of directors? Does the advisory board/board of directors have an appropriate mix of skills and knowledge? Are there any outside (non-executive, independent) directors in the board? How the management performance is evaluated? Who decides on management remuneration and how it is linked to long-term performance of the enterprise? What is the role of the advisory board/board of directors and how it is communicated to individual members? Is there any periodic discussion on what is expected from the board (advisory or a board of directors)? Are the board procedures (e.g., meeting proceedings, frequency, and formality) effective and efficient? Do board members get sufficient information for making decisions?

Answer Source • Management committee TOR • Management committee minutes • Interview: CEO, Founder, Key management personnel Authority matrix (delegations of authority) • Management TORs • Interview: Key management personnel •

• • •

• • •

Business continuity plan or contingency plan HR personnel development plans Interviews: CEO, HR, Legal Articles of Association Directors’ profiles Interview: Owner, Advisory board or BoD Chair

• •

Management contracts, KPIs Interview: Owner, HR

•

Board charter, notices, briefing papers and minutes Interviews: Owner, Board Chair, Company secretary Board charter, notices and minutes Calendar of events Interviews: Board members, Company secretary

• • • •

3

Key Risk III. The enterprise’s risk management and internal controls are inadequate to ensure sound stewardship of the enterprise’s assets and compliance with relevant regulations Risk Description 1. The owner does not differentiate own assets with that of the business

2. The owner/ board’s oversight of internal controls, risk management and compliance is weak

3. The internal process for financial records management are flawed

Client Feature that Mitigates CG Risk #3 Bank accounts separate from owners and founders

Questions to Ask • What are the authorization approvals for signatories to bank account and financial documents for transactions and records?

Assets are appropriately recorded in the enterprises books of accounts in the name of the enterprise

• •

How are company goods, assets and services procured? Does the entity have a procurement policy in place?

• •

IA is independent and risk-based. Effectiveness of risk management and internal control is assessed periodically

•

•

• •

Does an independent internal audit function exist or it is outsourced? Is the internal audit plan risk-based and by whom it is approved? Does the company have embedded in its processes a routine means for identifying potential business risks, assessing their impact, and developing corresponding mitigation strategies?

Compliance function is in place

•

Who is responsible for compliance?

• •

•

Is the External Auditor fully independent and capable of delivering unbiased audit services to the company? Is the External Auditor a qualified firm, with proper knowledge and technical capabilities to serve the company’s industry and to scale up with the company given the company’s future growth plans? Are accounting and financial records and reports computerized with properly licensed and secured information technology? Who are the people qualified to operate accounting software and generate reports?

• •

External auditor is a recognized audit firm and is independent from owners and management

Accounting records and processes are computerized

•

• •

Answer Source • Board resolution, powers of attorney, authorization approvals • Interviews: Head of Internal Audit, Chief Compliance Officer

•

•

Procurement Policy Interviews: key management personnel Internal Control and Risk Management policies Interviews: Head of Internal Audit

Regulatory reports Interviews: Company secretary, Compliance officer, Legal External Auditor ToR Interviews: Head of Internal Audit, External Auditor, CFO

Interviews: Head of Internal Audit, External Auditor, CFO

4

Key Risk IV. The enterprise’s financial and non-financial disclosures are poor Risk Description 1. The poor quality preparation and review of financial statements do not provide confidence in the reliability of the financial statements.

2. Improper nonfinancial disclosures raise concern about the company’s governance.

Client Feature that Mitigates CG Risk #4 The company’s financial statements are prepared in accordance with locally recognized accounting standards

Consistent financial information and data used for all business and regulatory registrations, reporting and all other purposes An Annual Report is developed for the company with financial and non-financial information to help send signal to investors, business partners, customers, and other stakeholders Non-financial information is disclosed on the website, including basic governance information

Questions to Ask • Are the statements prepared in keeping with IFRS or US GAAP or as those adopted by local authorities? • Has the regulator ever required the company to provide additional information or clarification on financial statements or other disclosure? On what elements? • Please summarize the company’s policies with respect to preparation and dissemination of financial information about the company

• •

Information disclosure policy Interviews: Audit Committee Chair or CFO

•

Does the company have an effective annual report to communicate with the company’s shareholders?

• •

Annual report Interviews: Company secretary, CFO

•

Does the company ensure that relevant non-financial disclosures are made to shareholders and key stakeholders on a timely and fair basis? Does the company make effective and secure use of the internet as a means for fair and timely disclosures? Who has the system of responsibility and accountability for disclosure been assigned?

• •

Company website Interviews: Corporate Secretary

• •

Communications policy Interviews: Corporate Secretary

• Investor Relations function, possibly combined with a Compliance function, is in place

Answer Source • Financial statements • Interviews: CFO, External Auditor

•

5

Key Risk V. The enterprise’s shareholders’ rights are inadequate or abused Risk Description

1. Shareholders’ role in decision making is unequal

2. Family governance issues are not addressed

Client Feature that Mitigates CG Risk #5 Voting policy one-share, one-vote is stipulated in statutory documents

Equitable information, which includes both financial and non-financial information about the company’s performance is provided to all shareowners

Questions to Ask • What is the voting principle at AGMs? • Where this principle is stipulated?

•

•

Are Shareowners provided with useful information about the company’s performance and forward looking strategies and risks? Are AGMs well-organized and do they function effectively to allow for adequate shareholder participation in key governance decisions of the company? Does the company have a mechanism for dispute resolution? Please describe the procedure

Dispute resolution mechanism for shareholderrelated disputes is articulated

•

Family and CEO succession issues are addressed in a written policy/document

•

Has the family company formalized its governance framework with proper board and management structures?

Rules and decisions that might affect family members’ employment, dividends and other benefits are appropriately communicated

•

Formal communication channels that allow family members to share their ideas, aspirations and issues are established

•

Has the family company developed key family governance policies like family employment and dividend? How these are being communicated to family members and others? How family members can convey their ideas to the promoters and company governing bodies?

•

Answer Source • Articles of Association • Shareholders’ agreement • Interview: Legal, Corporate Secretary • Articles of Association, bylaws on shareholders meeting, shareholder information materials • Interview: Board Chair or Corporate Secretary • Shareholders agreement • Articles of Association • Interview: Corporate Secretary • Succession planning policy • Family protocol • Interviews: Key family members, CEO • Family employment policy • Dividend policy • Interviews: CEO, Company Secretary • Family governance communications • Family meeting notices, briefings and minutes • Interviews: Key family members

6