P1 Lecturer Notes

1 P1 Governance, Risk and Ethics (GLO – Global)
About P1 (Global - GLO) Syllabus
1. The syllabus is divided into the following components:

1] Corporate governance
2] Risk management
3] Internal controls
4] Ethics:
 Business ethics, including corporate social responsibility
 Professional accountants ethics
2. P1 started in the year 2007 and the first examination was in December 2007.
3. Mr David Campbell has been the P1 Examiner since 2007.
4. The exam paper consists of two sections:

Section A – Question 1 (50 marks) – compulsory
Question 1 divided into several parts which cover corporate governance, risk management, internal
controls and ethics.
Section B – Answer two out of three questions (25 marks each)
Question 2, 3 and 4 each focuses on a topic in the syllabus.
5. (i) Exam Date: 07 December 2016 (Wednesday) 3.00pm – 6.00pm (External Exam)
(ii) Exam Date: 29 December 2016 (Thursday) – 9.30am – 12.30pm (Internal Exam)
6. Lecturer:
 Name: Miss Joanne Lee Pei Juan
 Email Address: joanneleepeijuan@gmail.com
 Education: (I) BA (Hons) in Accounting (Inti International University College)
(II) BSC in Accounting (Transferring Programme – Cardiff University, The UK)
 Working experience: 6 years working in audit and assurance industry (in Singapore & KL)
PREPARED BY MISS JOANNE LEE PEI JUAN (YEAR 2016) 1

Corporate governance
Definition: (Memorize)
(1). Corporate governance is the system by which companies are directed and controlled
(Cadbury report).
(2). It involves a set of relationships between a company’s management, its board, its
shareholders and other stakeholders.
Separation of Ownership and Control:
(1). Joint stock company has become the dominant form of business organisation. The owners, i.e.
the shareholders, are typically not involved in the management of the Company that they owned.
(2). The shareholders hire management to run the business of their behalf.
(3) This gives rise to the separation of ownership in the Company in the Company and control of the
business activities.
(4) The separation of ownership and control may give rise to the following issues:-
(I) Information asymmetry

(II) Management acting in shareholders’ interest
(III) Shareholders’ monitoring
(IV) Putting in place good management
(I) Information asymmetry:-

(1) Information asymmetry refers to the imbalance between information accessible by the
management and shareholders in terms of the quantity and quality of information.
(2) Management who is involved in the daily operations of the company has more knowledge
about the business activities and performance and has access to business information and
reports.
(3) Shareholders are not involved in the daily operations have no such direct access and will
have to reply on reporting from management to know about business activities and
performance.
(4) It is because of the information asymmetry that transparency and disclosure is considered as
a good corporate governance principle. i.e., generally, management providing as much
information as reasonably possible to shareholders is good corporate governance.
(5) Thus, it is good corporate governance to provide shareholders with financial reporting which
is audited by an external auditor to ensure reliability.

(II) Management acting in shareholders’ interest:-
(1). Management has a fiduciary duty towards to all shareholders, i.e. act in the best of interest
of shareholders as a group.
(2) When making business decisions and carrying business transactions, management should:-
 Act in good faith;

 Exercise judgment with due care; and
 Act with probity (honest) and integrity
(3) Thus, probity/honesty and integrity have been considered as the underpinning principle of
good corporate governance.
(4) Management needs tools to help them to make correct business decisions in the interest of
the company and the shareholders.
(5) Thus, it is good corporate governance for management to establish appropriate risk
management system and sound internal controls to ensure business risks undertaken are
consistent with shareholders’ risk appetite and are reduced to as low as reasonably practicable.
Fiduciary （受托的） Responsibility – Definition
A fiduciary responsibility is a duty of trust and care towards one or more constituencies. It
describes direction of accountability in that one party has a fiduciary duty to another.
Fiduciary Responsibility in Corporate
The fiduciary duty of directors in public companies is to act in the economic interests of
shareholders who invest in the company, but are unable to manage the company directly.
(Past year exam paper – December 2007 Q. 4(C)
(
Conflict of Interest
A conflict of interest is a situation in which an individual has compromised independence because

of personal interest which may or may not be declared.
Directors are expected to act wholly in the shareholders’ interests whilst serving the company.
Any other factors that might challenge this sole fiduciary duty is likely to give rise to a conflict of
interest.
Declaration of Conflict of Interest
A conflict of interest should be declared to the board of directors. Appropriate action to manage
the conflict of interest can include excluding the director with a conflict of interest from
discussing and deciding on a subject matter that can be affected by the conflict of interest.

(III) Shareholders’ monitoring:-
(1). Although management is required to act with fiduciary duty, it is common that shareholders
may feel that management did not act in their interests. This give rise to the need of
shareholding monitoring.
(2). One way of monitoring is to review and scrutinise company’s performance. Thus, good
corporate governance recognises shareholders’ rights of receiving reliable financial and other
reporting and the responsibility of intervening with management action when necessary.
(3). It is also expected that non-executive directors have a role in helping shareholders to
monitor management performance.
(4). To reduce the time and cost spent in monitoring, remuneration of directors and
management is often considered to be tool in align the actions of directors and management to
the interest of shareholders.
(5). For example, the grant of share options encourages management to take action that will
result in good performance that has a positive impact on share price.
(6). Thus, good corporate governance includes putting in place an appropriate remuneration
policy and packages.
(IV) Putting in place good management:-
(1). As shareholders are not involved in the running of the business, it is imperative that the
management they hired is appropriate.
(2). Good corporate governance requires shareholders to pay attention to the following:-
≥ The duties of directors and functions of the board (including performance measurement); and
≥the composition and balance of the board (and board committees)
From the above discussion, it can be seen that corporate governance affects the following
aspects of organization life:-
(i) duties of directors and functions of the board (including performance measurement)
(ii) the composition and balance of the board (and board committees)
(iii) reliability of financial reporting and external auditing
(iv) directors’ remuneration and rewards
(v) responsibility of the board for risk management systems and internal control
(vi) the rights and responsibilities of shareholders, including institutional investors.

Corporate Social Responsibility and Business Ethics:-
(1). Increasingly, it is recognised that corporate governance is not just about shareholders. It is
broadening to include:-
Δ the impact of company’s business activities on society and environment;
Δ being fair to stakeholders other than shareholders, such as customers, suppliers and employees
(2). Thus, corporate governance includes corporate social responsibility and business ethics.
Directors and Management:
(1). Directors are appointed under the requirements of the Companies Act. Directors have legal
responsibilities under Companies Act.
(2). Business wise, directors are ultimately accountable to shareholders for the success and financial
soundness of the company. To this end, it is responsible for charting corporate strategy, monitoring
managerial performance and enhancing returns to shareholders.
Executive directors (ED) Memorize
(1). Some directors are involved in the running of the business and are also part of management.
These directors have executive responsibility. Thus, they are directors in the Board of Directors and
they are also management. These directors are known as executive directors.
(2). Executive directors are involved on a full-time basis and in essence are also employees of the
company. They are part of the company’s organisation structure.
(3) Executive directors contribute industry experience, management expertise or functional expertise
(such as production, accounting, sale and marketing).
Non-executive directors (NED)  Memorize
(1). Some directors are not involved in the daily operations of the business and they do not have
executive responsibility. They are involved in the company on a part-time basis. These directors are
known as non-executive directors (NED).
(2). Non-executive directors contribute by bringing in independent scrutiny, fresh perspective and skill
and experience to complement the executive directors.
(3). Non-executive directors contribute through the board meetings and through various board level
committees such as Audit Committee, Remuneration Committee, Nomination Committee and Risk
Committee.
 Past Year Exam Paper: December 2008 Question 2 (C) (i)

Actors in Corporate Governance:

(1). Two types of actors in corporate governance:
(a) Internal actors;
(b) External actors
(2). Internal actors consist of:-

(a) Directors;
(b) Sub-board management;
(c) Employee representatives (trade unions); and
(d) Company secretary
(3). External actors consist of:-

(a) Shareholders;
(b) Stock Exchange;
(c) Auditor; and
(d) Regulators and government
Internal Actors:
(A) Directors:
(1). Directors are collectively responsible for the company’s performance, controls, compliance and
behaviour.
(2). This means that the board of directors must discuss and agree strategies to maximise the long-
term returns to the company’s shareholders.
(3). They must also comply fully with relevant regulatory requirements that will include legal,
accounting and governance frameworks.
(B) Sub-board management:
(1). This refers to the managers below board level.
(2). Sub-board management:-

(a) Leads employees;
(b) Implements strategies;
(c) Meets compliance targets and
(d) Collects the information and data on which board-level decisions are made.
(C) Employee representatives (trade unions):
(1). Trade unions represent employees in a workplace; membership is voluntary and the influence of
the union is usually proportional to the percentage of the workplace that are members.
 Deliver “compliant workforce”
(1). In terms of governance, trade unions are able to “deliver” the compliance of a workforce.
(2). If a strategy needs a high level of commitment, a union can help to unite the workforce behind the
strategy and ensure everybody is committed to it.
(3). This can also mean that management and workforce are seen as united by external stakeholders;
this can make the achievement of strategies more likely.
(4). By collective bargaining over pay and conditions, agreement usually signifies that the workforce
“buys in” to the agreed strategy or activity.

 Provide “check and balances”
(1) A trade union can be a key actor in the checks and balances of power within a corporate
governance structure.
(2) Unions are often good at highlighting management abuses such as fraud, waste, incompetence
and greed.
 Maintain and Control “Human Assets”:
(1) Trade unions help to maintain and control one of the most valuable assets in an organisation, the
employees.
(2) Where a helpful and mutually constructive relationship is cultivated （培养，培育）between union
and employer, then, an optimally efficient industrial relations climate exists, thus reinforcing the
productivity of human resources in the organisation.
(3) In defending members’ interests and negotiating terms and conditions, the union helps to ensure
that the workforce is content and able to work with maximum efficiency and effectiveness.
Company Secretary:
(1) The Company secretary has important responsibilities in compliance, including the responsibility
for the timely filing of accounts and other legal compliance issues.
(2) The company secretary often advises directors of their regulatory and legal responsibilities and
duties.
(3) The major roles include:
(a) maintaining the statutory registers (such as the share register)
(b) ensuring the timely and accurate filing of audited accounts and other documents to statutory
authorities (e.g. government companies’ agencies and tax authorities)
(c) providing members (e.g. shareholders) and directors with notice of relevant meetings.
(d) organising resolutions for and minutes from major company meetings (like the AGM)
(e) keeping records from these and other meetings.
External actors:
Shareholders:
 Agency:
(1) In the agency relationship that exists between shareholders and directors:-
(a) Shareholders are the principles. Shareholders appoint directors to act on their behalf.
Shareholders have the right to expect agents (directors) to act in their best economic interests
and to observe a fiduciary （受信托的）duty towards them.
(b) Directors are the agents appointed by shareholders and directors are accountable to
Shareholders for the success of the company and financial return.

 Agency cost:
(1) Shareholders incur agency costs in monitoring the activities and actions of agents (directors).
(2) Theses are the costs of monitoring and checking on directors’ behaviour.
(3) Examples of agency costs are

attending relevant meetings (AGMs and EGMs);
studying company results and analysts’ reports; and
making direct contact with companies through investor relations departments.
(4) When a shareholder holds shares in many companies, the total agency costs can be prohibitive.
(5) Shareholders therefore, encourage directors’ rewards packages to be aligned with their own
interests, so that, they feel less need to continually monitor directors’ activities (i.e. align directors’
remuneration to shareholders’ interest to reduce agency cost.)
 Agency problem:
(1) Agency problem occurs when the agent did not act in the best interest of the principal.
(2) Transaction theory and stakeholder theory can be used to explain aspect of agency relationship,
i.e. why the agent’s action may not seem to be in the best interest of the principal.
Transaction Cost Theory:
(1) According to transaction theory, the role of a manager is arranging business transactions.
(2) When arranging business transactions, management attempt to act in the best interest of the
company and attempt to be as rational as possible.
(3) However, the managers are affected by “bounded rationality”.
(4) The ability of management to be rational could be affected by the lack of information, overload of
information, and the existence of imperfect contracts (i.e. not all possible business scenarios and
legal impact could possibly be prescribed into the terms and conditions of a contract).
(5) Managers are also affected by opportunism （机会主义）.
Stakeholder Theory:
(1). According to stakeholder theory, managers act in the best interest to multiple stakeholders, not
just the shareholders.
(2) The stakeholder theory recognises that businesses have a responsibility to stakeholders such as
employees, customers, suppliers, local community, environment and the society.
(3). Business decisions should be profitable and the same time should consider impact on other
stakeholders.
Agency Cost of Small shareholders and Institutional Shareholders
(1). There are two types of shareholder:

(a) Small investors
(b) Institutional investors

(a) Small Investors:
(1). Small investors are individuals who typically buy, hold or sell small volumes and tend to have
fewer sources of information on companies
than institutional investors.
(2). Small shareholders incur agency costs as the individuals themselves study the companies they
have invested in for signs of changes in strategy, governance or performance.
(b) Institutional investors:
(1). Institutional investors are pension funds, insurance companies, unit trust companies and similar
financial institutions that hold large numbers of shares in individual funds with each fund being
managed by a fund manager.
(4). Fund managers need to be aware of the performance and governance of many companies in
their funds, so agency costs can be very large indeed.
(5). To reduce these, they make use of information from several sources onthe companies and also
seek to have directors' benefit packages aligned with their own interests as much as possible.
(B) Stock exchanges:
(1). In addition to listing, pricing and transacting share buying and selling, stock exchanges can also
have a role in the governance of the companies listed on the exchange.
(2) Listing rules are sometimes imposed on listed companies and in many cases, listing rules concern
governance arrangements not covered elsewhere by company law.
(3) For example, in the UK, it is a stock exchange requirement that listed companies
comply with the Combined Code on Corporate Governance.
(C) Auditors
Financial statement audit
(1) The most obvious role of audit in corporate governance is to report to shareholders that, having
audited the company's accounts, the accounts are true and fair view.
(2) A qualified audit report, while being a serious matter for a company, is also an important signal to
markets about the company.
• Environmental and social audit
(1) In addition to a normal audit, however, auditors perform a vital service to shareholders in
highlighting issues in the governance and reporting of the company.
(2) For example, some auditors also offer additional services to clients and these sometimes include
social and environmental advice and audit.

(D) Regulators and governments
• Regulators
(1) In addition to company law and listing rules, some companies and industrial sectors are subject to
further external control by government-appointed regulators or by governments themselves.
(2) This usually applies to companies or sectors involved in areas considered strategically or
politically important by governments; these include the control of monopolies or the supply of utilities
(such as water or energy).
(3) Regulators could include corporate governance consideration in the regulation such as mandatory
environmental reporting and auditing.
• Government
(1). Governments control corporate governance through the imposition of legislation and the
enforcement (through a judiciary) of common and statute laws.
(2). For example, the Sarbanes-Oxley Act in the US includes provisions relating to corporate
governance.
The Role of the Board of Directors
Leadership
1. The board is the head of the company.
2. The board is collectively responsible for the long-term success of the company.
3. The board's role is to provide entrepreneurial leadership of the company within a framework of
prudent and effective controls which enables risk to be assessed and managed.
4. The board should set the company's strategic aims, ensure that the necessary financial and human
resources are in place for the company to meet its objectives and review management performance.
5. The board should set the company's values and standards and ensure that its obligations to its
shareholders and others are understood and met.
Accountability
1. The board should present a balanced and understandable assessment of the company's position
and prospects.
2. The board is responsible for determining the nature and extent of the significant risks it is willing to
take in achieving its strategic objectives.
3. The board should maintain sound risk management and internal control systems.
4. The board should establish formal and transparent arrangements for considering how they should
apply the corporate reporting and risk management and internal control principles and for maintaining
an appropriate relationship with the company's auditor.
Relationship with shareholders
1. The board as a whole has responsibility for ensuring that a satisfactory dialogue with shareholders
takes place.
2. The board should use the AGM to communicate with investors and to encourage their participation.

Effective Board
1. The board and its committees should have the appropriate balance of skills, experience,
independence and knowledge of the company to enable them to discharge their respective duties and
responsibilities effectively.
2. There should be a formal, rigorous and transparent procedure for the appointment of new directors
to the board.
3. All directors should be able to allocate sufficient time to the company to discharge their
4. All directors should receive induction on joining the board and should regularly update and refresh
their skills and knowledge.
5. The board should be supplied in a timely manner with information in a form and of a quality
appropriate to enable it to discharge its duties.
6. The board should undertake a formal and rigorous annual evaluation of its own performance and
that of its committees and individual directors.
7. All directors should be submitted for re-election at regular intervals/ subject to continued
satisfactory performance.
8. The board should meet sufficiently regularly to discharge its duties effectively.
9. There should be a formal schedule of matters specifically reserved for its decision.
Unitary Board vs Two-Tier Board
• A unitary board
(1). All the directors are in one board. When a board of director meeting is called, all directors
(executive directors and non-executive directors) will attend the same board meeting.
(2) In jurisdictions such as the US, UK and Singapore, a unitary board structure is commonly adopted.

• A two-tier board
(1) The directors are divided into two groups: a supervisory board which is typically made up of non-
executive directors and a management board which is typically made up of executive directors.
(2) The supervisory board has a supervising function, i.e. The supervisory board is responsible for
supervising and controlling as well as advising the management board.
(3) The supervisory board must approve the annual accounts and intervene in cases where the
company's interests are seriously affected.
(4) The management board is responsible for the management and running of the company.
(5) In jurisdictions such as Germany and Holland, a two-tier board structure is adopted.
Advantages of two-tier board:-
(1) Separation of control and management
(1) Members of supervisory board are elected by shareholders and employee representatives and will
be able to help the shareholders and employees to monitor the management.
(2). Accordingly, supervisory board members increase the likelihood of getting re-elected by fulfilling
their most important task, i.e. to monitor the management board adequately and thoroughly.
(3) At the same time, the management board members are elected by the supervisory board and will
remain in office only if the company performs well.
(2) Speed of decision making
(1). Except for those transactions that specifically require supervisory board approval, the
management does not need to consult or seek approval from the supervisory board of management
decision.
(2). This makes decision making faster in the sense that it is faster and easier to organise a
management board meeting than organising a board meeting of a unitary board (where more
members need to participate in board meeting).

Disadvantage of two-tier board:-
(1) Because the two boards organise their own meetings and discuss their own agenda, this means
the non-executive directors do not participate in the executive board's discussion and the executive
directors do not participate in the non-executive directors' discussion.
(2) The implications include:
(a) Inadequate communication between supervisory board and management board
The non-executive directors are less familiar with the management issues that the executive
directors faced. This might make it more challenging for the supervisory board to perform its
supervisory function; The executive directors are less aware of the governance issues.
(b) Less robust debate
Less debate and viewpoints are being expressed and thus less robust
decision making process (compared to a unitary board). This may affect
the feasibility of any plan discussed.
(c) Less support or lack of "buy-in"
There could be less support for each other's decision.
The executive directors are less supportive of any initiatives the supervisory board are
recommending.
The non-executive directors are less supportive of management actions.
Advantage of unitary board:-
(1) Effective Monitoring:
(1) As non-executive directors and executive directors participate in the same board meeting, they
have access to the same information used in the board.
(2) This makes it more effective for non-executive directors to monitor management decisions and
performance.
(2) Enhanced Accountability:
(1) Board accountability is enhanced by providing a greater protection against fraud and malpractice
and by holding all directors equally accountable.
(2) Unitary board arrangements reduce the likelihood of abuse of (self-

serving) power by a small number of senior directors.
(3) Robust Debate and Decision Making:
(1) The fact that the board is likely to be larger than a given tier of a two-tier board means that more
viewpoints are likely to be expressed in board deliberations and discussions.
(2) In addition to enriching the intellectual strength of the board, the inclusivity of the board should
mean that strategies are more robustly scrutinised before being implemented.
(3) Non-executive directors are empowered, being accorded equal status to, executive directors. Non-
executive directors can bring not only independent scrutiny to the board, but also experience and
expertise that may be of invaluable help in devising strategy and the assessment of risk.

Disadvantage of unitary board:
(1) Slower decision making:
(1) As compared to any one of the tiers of the two-tier structure, i.e. compare to the upper tier or the
lower tier, there are more directors in a unitary board.
(2) Organising a board meeting will be slower as more directors' timing and availability will need to be
coordinated.
(3) The discussion will take longer

as there are more directors participating in discussion and debate.
(2) Tension faced by Non-Executive Directors:
(1) As a unitary board performs both management role and monitoring role, the non-executive
directors will have to the face the dilemma of working with executive directors in making the
management decisions and at the performing the monitoring role of scrutinising management
performance.
Past Year Exam Question: December 2009 Question 2(a) & (b)
Size and Composition of the Board:-
(1). The board and its committees should have the appropriate balance of skills experience,
independence and knowledge of the company to enable them to discharge their respective duties and
Size:
(1) The board should be of sufficient size:
that the requirements of the business can be met; and
that changes to the board's composition and that of its committees can be managed without undue
disruption.
(2) The board should not be so large as to be unwieldy.（笨拙的）
Composition
The board should include an appropriate combination of executive and non-

executive directors (and, in particular, independent non-executive directors)
such that no individual or small group of individuals can dominate the board s
decision taking.
Independent Non-Executive Directors<Important in Exam>
(1) According to the UK Combined Code, the board should determine:

• whether the director is independent in character and judgement and
• whether there are relationships or circumstances which are likely to affect, or could appear to affect,
the director's judgement.

(2) The existence of the following relationships or circumstances may affect the
independence of a non-executive director:
(i). The director has been an employee of the company or group within the last
five years;
(ii). The director has, or has had within the last three years, a material business relationship with the
company either directly or indirectly (i.e. through another organisation);
(iii). The director has received or receives additional remuneration from the company apart from a
director's fee;
(iv). The director participates in the company's share option or a performance- related pay scheme, or
is a member of the company's pension scheme;
(v). The director has close family ties with any of the company's advisers, directors or senior
employees;
(vi). The director holds cross-directorships or has significant links with other directors through
involvement in other companies or bodies;
(vii). The director represents a significant shareholder; or
(vii). The director has served on the board for more than nine years from the date
of their first election.
Number of Independent NEDs
UK combined Code
• Large listed companies (FINANCIAL TIME STOCK EXCHANGE (FTSE) 350 companies)
At least half the board, excluding the chairman, should comprise executive directors determined by
the board to be independent.
• Smaller listed companies (below FTSE 350)
A smaller company should have at least two independent non-exe

directors.
 First Pilot Paper - Question 2
Cross directorship
(1). A cross directorship is said to exist when two (or more) directors sit on the boards of the other.
(2) In most cases, each director's 'second' board appointment is likely to be non-executive.
Cross directorship affects independence of directors
Cross directorships have the ability to create a disproportionately close relationship between two
directors and two companies that may undermine objectivity and impartiality in both directors.
Cross directorship affect the working of the Remuneration Committee
(1) Cross directorships undermine the roles of remunerations committees in that a director deciding
the salary of a colleague and this colleague in turn may play a part in deciding his own salary. This is
a clear conflict of interests.
(2) Neither director involved in the arrangement is impartial.

(3) There is a temptation the directors would act in a manner other than for the benefit of the
shareholders of the company on whose remunerations committee they sit.
Cross directorship between suppliers and customers
(1) Cross directorship would create too strong a link between one supplier and a
buyer to the detriment of:
• The shareholders of the buyer in that the contracts awarded may not be
the best value; and
• Other suppliers in that it is unfair and unethical.
 First Pilot Paper Question 2(a); December 2010 Question 3
Role of Non-Executive Directors
Strategy role:
Non-executive directors should constructively challenge and help develop

proposals on strategy.
Monitoring or Scrutiny role:
Non-executive directors should scrutinise the performance of management in meeting

agreed goals and objectives and monitor the reporting of performance.
Risk role:
Non-executive directors satisfy themselves on the integrity of financial information and that
financial controls anrl system of risk management are robust and defensible.
People role:
(1) Non-executive directors are responsible for determining appropriate levels of

remuneration of executive directors.
(2) Non-executive directors have a prime role in appointing and, where necessary,
removing executive directors, and in succession planning.
The main contribution of non-executive directors is their Independent views and

external experience. The non-executive directors perform the above roles
through board meetings and participation in board level committees:
Strategy role:-
• Some companies deal with strategic discussion in the board; some companies form a Business
Strategy Committee for such purpose.
Scrutiny role (monitoring role):-
• This task is achieved by a Nomination Committee (also known as Nominating Committee).
Risk role:-
• This task is achieved by an Audit Committee; some companies form a Risk Committee (to focus on
risk management) in addition to the Audit Committee (to focus on audit and financial reporting)
People Role:-

• The role of determining remuneration of directors is achieved by a Remuneration Committee and the
role of appointment and removal of director is achieved by the Nomination Committee.
Appointment and Removal of Directors:-
(1) Time-limited appointments
• All directors should be submitted for re-election at regular intervals,

subject to continued satisfactory performance.
UK Combined Code
• Large listed companies (FTSE 350)
o All directors of FTSE 350 companies should be subject to annual election by shareholders.
• Smaller listed companies (below FTSE 350)
o Directors should be subject:

■ to election by shareholders at the first annual general meeting after their appointment, and
■ to re-election thereafter at intervals of no more than three years.
o Non-executive directors who have served longer than nine years should be subject to annual re
election.
Any term beyond six years for a non-executive director should be subject to particularly rigorous
review, and should take into account the need for progressive refreshing of the board.
(2) Retirement by rotation
Retirement by rotation is an arrangement such that:
• In a director's contract that specifies his or her contract to be limited to a specific period after which
he or she must retire from the board or offer himself (being eligible) for re-election. The director must
be actively re-elected back onto the board to serve another term. The default is that the director
retires unless re-elected.
• Not all the directors' contracts expire In the same period, i.e. directors contracts are structured in
such a way at each annual general meeting,only a portion of the directors, e.g. two directors at a time,
will have their contract expires and need to be re-appointed, i.e. re-elected.
Benefits of Retirement by Rotation
• Retirement by rotation reduces the cost of contract termination for underperforming directors. They
can simply not be re-elected after their term of office expires and they will be required to leave the
service of the board.
• It encourages directors' performance (they know they are assessed by shareholders and
reconsidered every few years) and focuses their minds upon the importance of meeting objectives in
line with shareholders' aims.
• It is an opportunity, over time, to replace the board membership, i.e. progressively refreshing the
board, whilst maintaining medium-term stability of membership (one or two at a time).

(3) service contracts
UK Combined Code
o Notice or contract periods should be set at one year or less.
o If it is necessary to offer longer notice or contract periods to new directors recruited from outside,
such periods should reduce to one year or less after the initial period.
(4) Removal of directors
(1) Directors are being removed e.g. by being dismissed for disciplinary offences or gross negligence.
(2) It is relatively easy to 'prove' a disciplinary offence but much more difficult to 'prove' incompetence.
(3) The nature of disciplinary offences is usually clearly specified in the terms and conditions of
employment and company policy.
(5) Unless the contract has highly specific performance targets built in to it, it is difficult to remove a
director for incompetence. For executive directors, e.g. the chief executive, in the short-term as it is
sometimes difficult to assess the success of strategies until some time has passed.
(5) Disqualification
Directors can be banned from holding directorships by a court for a number of reasons including
personal bankruptcy and other legal issues.
(6) Death
A director automatically ceases to be a director upon death.
(7) Resignation
A director is free to withdraw his or her labour at any time but there is normally notice period required
to facilitate an orderly transition from the outgoing director to the incoming one.
(8) Agreed departure
A company may pay a director an early termination to ask a director to leave.
Chairman of the Board - Role and Responsibilities:
1) Board effectiveness
(1) The chairman is responsible for leadership of the board and ensuring the board's effectiveness on
all aspects of its role.
(2) The chairman is responsible for setting the board's agenda and ensuring that adequate time is
available for discussion of all agenda items, in particular strategic issues.
2) Effectiveness of directors:
(1) The chairman should also promote a culture of openness and debate by:
(a) facilitating the effective contribution of non-executive directors in particular and
(b) ensuring constructive relations between executive and non-executive directors.

(2) The chairman is responsible for ensuring that the directors receive accurate, clear and timely
(A.C.T) information.
(3) Under the direction of the chairman, the company secretary is responsibilities include ensuring
good information flows within the boardand its committees and between senior management and non
executive directors.
(4) The chairman should ensure that the directors continually update their skills and the knowledge
and familiarity with the company required to fulfil their role both on the board and on board
committees.
(a) The chairman should ensure that new directors receive a full, formal and tailored induction on
joining the board.
(b) The chairman should regularly review and agree with each director their training and
development needs.
(5) The chairman should act on the results of the performance evaluation by recognising the strengths
and addressing the weaknesses of the board and, where appropriate,
(a) proposing new members be appointed to the board or
(b) seeking the resignation of directors.
3) Shareholder Accountability
(1) The chairman represents the company to be accountable to shareholders on the company's
performance.
(2) The chairman holds the chief executive accountable on behalf of shareholders.
(4) Shareholder Communication:
(1) The chairman should ensure effective communication with shareholders.
(2) The chairman of the board should ensure that the company maintains contact as required with its
principal shareholders about remuneration of directors and top management.
(3) The chairman should ensure that the views of shareholders are communicated to the board as a
whole.
(4) The chairman should ensure that all directors are made aware of their major shareholders' issues
and concerns.
(5) The chairman should discuss governance and strategy with major shareholders.
(6) Methods of obtaining views from and communication with shareholders:
(a) direct face-to-face contact particularly for major shareholders;

(b) chairman's statement in annual report;
(c) analysts' or brokers' briefings;
(d) speech at AGM and EGM and
(e) surveys of shareholder opinion
(7) The chairman should arrange for the chairman of the audit, remuneration, nomination committees
to be available to answer questions at the AGM and for all directors to attend.

Importance of Chairman Statement in the Annual Report

Chairman statement is intended to convey important messages to shareholders in general,
strategic terms.
As a separate section from other narrative reporting sections of an annual report, chairman
statement offers the chairman the opportunity to inform shareholders about issues that he or she
feels it would be beneficial for them to be aware of.
This independent communication is important part of the separation of the roles of CEO and
chairman.
Chief Executive's Role
(1) The chief executive is responsible for the running of the company.
(2) Chief executive officer (CEO) is the highest ranking executive in a company whose main
responsibilities include:
(a) developing and implementing high-level strategies,
(b) making major corporate decisions,
(c) managing the overall operations and resources of a company, and
(d) acting as the main point of communication between the board of directors and the corporate
operations.
(3) The chief executive has a prime role in internal controls,
(4) The chief executive officer is ultimately responsible and should assume "ownership" of the
system.
(5) More than any other individual, the chief executive sets the "tone at the top" that affects integrity
and ethics and other factors of a positive control environment.
(6) In a large company, the chief executive fulfils this duty by providing leadership and director to
senior managers and reviewing the way they're controlling the business.
Table 1: The internal and external roles of a chief executive in an organisation
Practice: Past Year Exam: June 2011 Q.1(d)(ii)

Separation of the roles of CEO and chairman
(1) Both the UK Combined Code and the Singapore Code of Corporate Governance require the roles
of chairman and chief executive to be performed by different directors.
(2) UK Combined Code further specifies "The chairman should on appointment meet
the independence criteria.
(3) Subsequent years after initial appointment. the test of independence is not appropriate in relation
to the chairman".
UK Combined Code
(1) There should be a clear division of responsibilities at the head of the company between the
running of the board and the executive responsibility for the running of the company's business.
(2) No one individual should have unfettered （无限制的，不受约束的）powers of decision.
(3) The roles of chairman and chief executive should not be exercised by the same individual.
(1) Focus on different duties
(4) The division of responsibilities between the chairman and chief executive should be clearly
/ The chief executive is able to fully concentrate on the management of the
established, set out in writing and agreed by the board.
\fisAft organisation without the necessity to report to shareholders or otherwise
Benefits of separation of roles
(1) Focus on different duties:
(1) The chief executive is able to fully concentrate on the management of the organisation without the
necessity to report to shareholders or otherwise become distracted from his or her executive
responsibilities.
(2) The arrangement provides a position (that of chairman) that is expected to represent shareholders'
interests and that is the point of contact into the company for shareholders.
(2) Avoid concentration of power:
(1) Having two people rather than one at the head of a large organisation removes the risks of
'unfettered powers' being concentrated in a single individual.
(2) Separation of the roles of chairman and chief executive is an important safeguard for investors
concerned with excessive secrecy or lack of transparency and accountability.
(3) Communication channel for NEDs:
(1) Chairman provides a support to and act as a communication channel for the concerns of non-
(4) Increase in accountability to shareholders:
(4.1) Chief Executive 's performance:
(1) In conjunction with the remuneration committee and the nomination committee, the chairman:-
scrutinises the chief executive's management performance onbehalf of the shareholders and
approves the design of the chief executive's reward package.

(4.2) Company's performance
(1) Shareholders have an identified person (chairman) to hold accountable for the performance of
their investment.
Practice: Past Year Exam Dec 2007 Q.3(b); Dec 2011 Q.2(b)
Chief Executive Becoming Chairman
(1) According to the UK Combined Code, a chief executive should not go on to be chairman of the
same company.
(2) If, exceptionally, a board decides that a chief executive should become chairman, the board
should consult major shareholders in advance and should set out its reasons to shareholders at the
time of the appointment and In the next annual report.
Argument against CEO becoming chairman:
A new chief executive is going to have a next to impossible job if his predecessor stays as chairman,
constantly looking over his shoulder and perhaps disagreeing with any departure from past policies.
Argument for CEO becoming chairman
The CEO's many years of experience with the company can be useful to guide the new CEO,
particularly when the new CEO is recruited externally rather than promoted from within the company.
Induction and Continuing Professional Development of Directors
UK Combined Code
(1) All directors should receive induction on joining the board and should regularly update and refresh
their skills and knowledge.
(2) The chairman should ensure that new directors receive a full, formal and tailored induction on
joining the board. As part of this, directors should avail（有益于）themselves of opportunities to meet
major shareholders.
(3) The chairman should ensure that the directors continually update their skills and the knowledge
and familiarity with the company required to fulfil their role both on the board and on board
committees.
Director's induction programme
Purpose:
The overall purpose of induction is to minimise the amount of time taken for new director to become
effective in his or her new job.
Content:
There are four major aspects of a director's induction:-
1. To convey the organisation's norms, values and culture.

This is useful for a director who is from a different culture,
2. To communicate company policies and practical procedural duties

This reduces the risk that a director inadvertently breaches company's policy.

3. To convey an understanding of the nature of the company, its operations, strategy, key
stakeholders and external relationships.
For a new director, an early understanding of strategy is essential and a sound knowledge of how
the company 'works' will also ensure that he or she adapts more quickly to the new role.
4. To establish and develop the new director's relationships with colleagues, especially those with
whom he or she will interact on a regular basis. The importance of building good relationships early
on in a director's job is very important as early misunderstandings can be costly in terms of the time
needed to repair the relationship.
Performance Assessment Framework
(1) The board should undertake a formal and rigorous annual evaluation of its own performance and
that of its committees and individual directors.
Assessment of Individual Directors' Performance
According to UK Combined Code:-
(1) Individual evaluation should aim to show whether each director continues to contribute effectively
and to demonstrate commitment to the role (including commitment of time for board and committee
meetings and any other duties).
Assessment of Board's Performance
UK Combined Code
• Evaluation of the board of FTSE 350 companies, i.e. large listed companies, should be externally
facilitated at least every three years.
Assessment of Chairman's Performance
UK Combined Code:
• The non-executive directors, led by the senior independent director, should be responsible for
performance evaluation of the chairman, taking into account the views of executive directors.
Acting on Results from Performance Assessment
The chairman should act on the results of the performance evaluation by recognising the strengths
and addressing the weaknesses of the board and, where appropriate, proposing new members be
appointed to the board or seeking the resignation of directors.
Acting on Results from Performance Assessment
The chairman should act on the results of the performance evaluation by recognising the strengths
and addressing the weaknesses of the board and, where appropriate, proposing new members be
appointed to the board or seeking the resignation of directors.
Remuneration Committee - Role
(1) Determines remunerations policy on behalf of the board and the shareholders.
Remuneration Committee acts on behalf of shareholders but for the benefit of both shareholders
and the other members of the board.

Remuneration policies will typically concern the pay scales applied to directors' packages, the
proportions of different types of reward within the overall package and the periods in which
performance related elements become payable.
(2) Ensures that each director is fairly but responsibly rewarded for their individual contribution in
terms of levels or pay and the components ofeach director's package.
It is likely that discussions of this type will take place for each individual director and will take into
account issues including market conditions, retention needs, long-term strategy and market rates for a
given job.
(3) Reports to the shareholders on the outcomes of their decisions, usually in the corporate
governance section of the annual report (usually called Report of the Remunerations Committee).
This report contains a breakdown of each director's remuneration and a commentary on policies
applied to executive and non-executive remuneration.
(4) Comply with code of corporate governance. For example, disclose in the corporate governance
report the following details:
• Members of the RC
• The terms of reference of RC
• The working of the RC
Extra Notes:
Different types/components of remuneration:-
(1) Basic salary -> Fixed and does not vary until adjustment is made.
(2) Variable components:-
 Short-term: e.g. annual bonus

 Long-term: e.g. stock options
(3) Benefits: e.g. medical, company car, country club membership
(4) Pension plan
 Proportion: How many percentage of total remuneration is made-up of "basic salary + stock options
+ bonus + staff benefits"
Remuneration Committee - UK Combined Code
(1) Members:
(1) Large listed companies - The board should establish a remuneration committee of at least three
independent non-executive directors.
(2) Smaller listed companies - The board should establish a remuneration committee of at least two
independent non-executive directors.
(2) Scope:
(1) The remuneration committee should have delegated responsibility for

setting remuneration for all executive directors and the chairman.

(2) The committee should also recommend and monitor the level and structure of remuneration for
senior management, i.e. the first layer of management below board level.
(3) Process:
(1) The remuneration committee should consult the chairman and/or chief executive about their
proposals relating to the remuneration of other executive directors.
Where executive directors or senior management are involved in advising or supporting the
remuneration committee, care should be taken to recognise and avoid conflicts of interest.
The remuneration committee should also be responsible for appointing any consultants in respect of
executive director remuneration.
Who set NED'S remuneration?
The board itself or the shareholders should determine the remuneration of the
non-executive directors.
Nomination Committee:
Nomination Committee
General role of a Nomination Committee
Size:
(1) It establishes the desirable and optimal size of the board, bearing in mind the current size and
complexity of existing and planned activities and strategies.
(2) Number of executive directors and independent directors
It advises on the balance between executives and independent non-executive directors and
establishes the appropriate number and type of NEDs on the board.
 Skills and experience:
(1) It establishes the skills, knowledge and experience possessed by the current board and notes any
gaps that will need to be filled.
(2) It seeks to ensure that the board is balanced in terms of it having board members from a diversity
of backgrounds so as to reflect its main constituencies and ensure a flow of new ideas and the
scrutiny of existing strategies.
Succession planning:
(1) It acts to meet the needs for continuity and succession planning, especially among the most senior
members of the board.
Exam focus:

Nomination Committee - UK Combined Code
• Members:
(1) A majority of members of the nomination committee should be independent non-executive

directors.
(2) An independent non-executive director should chair the committee.
(3) The chairman of the board could chair the nomination committee. However, the chairman of the
board should not chair the nominationcommittee when it is dealing with the appointment of
asuccessor to the chairmanship.
• Scope:
(1) The nomination committee should lead the process for board appointments and make
recommendations to the board.
(2) The nomination committee should evaluate the balance of skills, experience, independence and
knowledge on the board and, in the light of this evaluation, prepare a description of the role and
capabilities required for a particular appointment.
(3) The nomination committee should put in place plans for orderly succession for appointments to the
board and to senior management, so as to maintain an appropriate balance of skills and experience
within the company and on the board and to ensure progressive refreshing of the
board.
(4) The nomination committee should ensure all accepting nomination are able to allocate sufficient
time to the company to discharge their responsibilities effectively.
 Process:
(1) The nomination committee should establish a formal, rigorous andtransparent procedure for the
appointment of new directors to the board.
(2) The search for board candidates should be conducted, and appointments made, on merit, against
objective criteria and with due regard for the benefits of diversity on the board, including gender.
(3) For the appointment of a chairman, the nomination committee should prepare a job specification,
including an assessment of the time commitment expected, recognising the need for availability in the
event of crises.
(4) A chairman's other significant commitments should be disclosed to the board before appointment
and included in the annual report.
(5) The terms and conditions of appointment of non-executive directors should be made available for
inspection. The letter of appointment should set out the expected time commitment. Non-executive
directors should undertake that they will have sufficient time to meet what is expected of them.
(6) Their other significant commitments should be disclosed to the board before appointment, with a
broad indication of the time involved and the board should be informed of subsequent changes.
(7) The board should not agree to a full time executive director:
• taking on more than one non-executive directorship in a FTSE 100 company; or
• taking on the chairmanship of a FTSE 100 a company.

Audit Committee - UK Combined Code
• Members
Large listed companies
• At least three independent non-executive directors.
• At least one member of the audit committee has recent and relevant financial experience.
Smaller listed companies
• At least two independent non-executive directors.
• At least one member of the audit committee has recent and relevant financial experience.
Scope/ Role
(1) To monitor the integrity of the financial statements of the company and any formal announcements
relating to the company's financial performance, reviewing significant financial reporting judgements
contained in them;
(2) To review the company's internal financial controls and, unless expressly addressed by a separate
board risk committee composed of independent directors, or by the board itself, to review the
company's internal control and risk management systems;
(3) To monitor and review the effectiveness of the company's internal audit function;
Where there is no internal audit function, the audit committee should consider annually whether
there is a need for an internal audit function and make a recommendation to the board, and the
reasons for the absence of such a function should be explained in the relevant section of the annual
report.
(4) To make recommendations to the board, for it to put to the shareholders for their approval in
general meeting, in relation to the appointment, re-appointment and removal of the external auditor
and to approve the remuneration and terms of engagement of the external auditor;
(5) To review and monitor the external auditor's independence and objectivity and the effectiveness of
the audit process, taking into consideration relevant UK professional and regulatory requirements;
(6) To develop and implement policy on the engagement of the external auditor to supply non-audit
services, taking into account relevant ethical guidance regarding the provision of non-audit services
by the external audit firm audit firm, and to report to the board, identifying any matters in respect of
which it considers that action or improvement is needed and making recommendations as to the steps
to be taken.
(7) To make a recommendation on the appointment, reappointment removal of the external auditor. If
the board does not accept the committee's recommendation, it should include in the annual report,
and in any papers recommending appointment or re-appointment, a statement from the audit
committee explaining the recommendation and should out reasons why the board has taken a
different position.

Risk Committee
The typical roles of a risk management committee are as follows:
(1) To agree and approve the risk management strategy and policies
The management and the risk manager conduct risk identification and assessment and propose risk
strategy and policy to the risk committee for approval on the board's behalf.
(2) Receiving and reviewing risk reports from affected department
Some departments will file regular reports on key risks (such as liquidity assessments from the
accounting department, legal risks from the company secretariat or product risks from the sales
manager) to the risk committee who keeps the board updated on the company's risk exposures.
(3) Monitoring overall exposure and specific risks
(1) The risk committee ensure the company's risk exposure is within the limits placed in the risk
policy.
(2) The frequency of risk monitoring depends on the risk being monitored.
(3) Strategic risks are monitored by the risk committee more closely than operational risks.
(4) Assessing the effectiveness of risk management systems
This involves getting feedback from departments and the internal audit function on the workings of
current management and risk mitigation systems.
(5) Providing general and explicit guidance to the main board on emerging risks and to report on
existing risks
(1) This will involve reporting on identified risks and their assessed probability of being realised and
their potential impact if they do.
(6) To work with the audit committee on designing and monitoring internal controls for the
management and mitigation of risks
(1) The risk committee advises the audit committee risks that may affect financial reporting and
financial controls which are of direct relevance to the audit committee.
The risk committee works with audit committee in establishing a sound system of internal controls to
reduce and manage risks.
The UK Combined Code does not specifically provide guidance on the role of the risk committee
and the membership.
However, it is good governance that majority of the risk committee members are independent non-

Non-executive directors and the board level committees
(1) The chairmanship and membership of the board level committee could be filled by executive
directors.
(2) However, the UK Combined Code recommend independent non-executive directors to be

appointed to these committees.
(3) The main contribution of non-executive directors is independent scrutiny.
(4) The main disadvantage of non-executive directors is their lack of intimate knowledge and
information about the company.
Advantages of non-executive membership
Separation and detachment from the content being discussed is more likely to
bring independent scrutiny.
Sensitive issues relating to one or more areas of executive oversight can be
aired without being affected by vested interests.
Non-executive directors often bring specific expertise that will be more relevant
to a risk problem than more operationally-minded executive directors will have.
Disadvantages of non-executive membership (advantages of executive membership)
(1) Non-executives are less likely to have specialist knowledge of products, systems and procedures
being discussed and will therefore be less likely to be able to comment intelligently during meetings.
(2) Direct input and relevant information would be available from executives working directly with the
products, systems and procedures being discussed if they were on the committee.
(3) Alternatively, instead of being a member in the committee, executive directors could be invited
attend some of the committee meetings. ---> Combined Approach
(4) Combined Approach:-

(a) Majority independent NED, but ED can be included. So that, we can have both knowledge,
information, and independent scrutiny; or
(b) EDs are invited to attend meeting (EDs are not as members) to provide information and
knowledge.
Directors' remuneration
(A) Purpose
(1) To attract, retain and motivate directors of the quality required to run the company successfully.
(2) A: Attract: Attract talent to join the company

R: Retain: To prevent talent from leaving the company and join with competitors.
M: Motivate: Motivate directors to achieve business objectives
(B) Components
1) basic salary
2) performance related, such as bonus
3) shares and share options
4) loyalty bonuses
5) benefits in kind
6) pension benefits

(C) Principle
(1) Levels of remuneration should be sufficient to attract, retain and motivate directors of the quality
required to run the company successfully
(2) Avoid paying more than is necessary for this purpose.
(3) Too High --> Waste of money -->Not maximising shareholders' interest.
Too Low -->Will not be able to attract suitably qualified candidate.
(D) Setting non-executive directors' remuneration
(1) Levels of remuneration for non-executive directors should reflect the time commitment and
responsibilities of the role.
(2) Remuneration for non-executive directors should not include share options or other performance-
related elements.
 Share options and bonus to motivate NED to behave like ED, to reduce their independence and
objectivity because they will have vested interest in meeting the target --> Less able to scrutinize
management strategy. (e.g. stop management from excessive risk-taking)
(3) If, exceptionally, options are granted, shareholder approval should be sought in advance and any
shares acquired by exercise of the options should be held until at least one year.
(4) (a) Basic directors' fee
(b) Committee Chairman's fees
(c) Committee Members' fees
(d) Directors' fees = Basic + Committee
(E) Setting executives' remuneration
(1) A significant proportion of executive directors' remuneration should be structured so as to link

rewards to corporate and individual performance.
(2) Benchmarking against peers/industry
 Market leader set the highest pay, whereas market followers set the lower pay (e.g. Microsoft,
Apple, Google are market leaders)
(3) The remuneration committee should judge where to position their company relative to other
companies.
(4) But they should use such comparisons with caution in view of the risk of an upward ratchet of
remuneration levels with no corresponding improvement in performance.
 Do not adjust remuneration just to match a market rate. Need to consider the performance of the
executives (market is a factor, but performance is a factor as well).
(5) Short-term performance related remuneration
Annual bonuses should be linked to short-term performance conditions that are relevant,
stretching and designed to promote the long-termsuccess of the company.
Remuneration incentives should be compatible with risk policies and systems.
(6) Long-term performance related remuneration

(i)Executive share options or share grants should be subject to challenging performance criteria
reflecting the company's objectives, including non-financial performance metrics where
appropriate.
(ii)Executive share options should not be offered at a discount save as permitted by the relevant
provisions of the Listing Rules.
(iii)In normal circumstances, shares granted or other forms of deferred remuneration should not
vest, and options should not be exercisable, in less than three years.
(iv)Directors should be encouraged to hold their shares for a further period after vesting or
exercise.
(v)Any new long-term incentive schemes which are proposed:
should be approved by shareholders and
should preferably replace any existing schemes or, at least, form part of a well- considered
overall plan incorporating existing schemes.
Grants under executive share option and other long-term incentive schemes should normally
be phased rather than awarded in one large block.
(7) Pension
• In general, only basic salary should be pensionable.
(8) Mitigate misstatement or misconduct
• Reclaim variable components in exceptional circumstances of misstatement or misconduct.
(9) Consistent with risk appetite
• Remuneration incentives should be compatible with risk policies and risk appetite.
Role of Institutional Investors in Corporate Governance
Institutional investors:
(1) Should encourage regular one-to-one meeting with directors of their 'investee companies this
process is known as "engagement and dialogue".
(2). Should make positive use of their voting rights
(3). Should pay attention to the composition of the board of directors in their investee companies
(4). Institution investors have a responsibility to intervene in investee companies "when necessary",
particularly in the following instances:
(i) When they have concern about the company's strategy
(ii) Non-executive directors failing to hold executive management properly to account
(iii) Internal controls failing
(iv) Inadequate succession planning
(v) An unjustifiable failure to comply with the Combined Code

(vi) Inappropriate remuneration levels and related packages
(vii) Concerns on company's approach to corporate social responsibility
(5) How to intervene:
1. Holding additional meetings with management specifically to discuss concerns
2. Expressing concern through the company's advisers
3. Meeting with the Chairman, Senior Independent Director, or with all independent directors
4. Intervening jointly with other institutions on particular issues
5. Making a public statement in advance of the AGM or EGM
6. Submitting resolutions at shareholders' meetings
7. Requesting an EGM, possibly to change the board
Chairman's role In helping shareholders to discharge their corporate governance

responsibility:
(1). To encourage voting
1.1 Separate resolution
(1) At any general meeting, the company should propose a separate resolution on each substantially
separate issue, and should in particular propose a resolution at the AGM relating to the report and
accounts.
(2) Resolution: Example -->To approve dividend of $10 per share and approve directors' bonus of
$20m --> Negative vote/negative resolution (bad corporate governance as a result of not respect to
shareholders' right).
 By right, it should be split into two resolutions respectively:
Resolution 1: to approve dividend of $10 per share;
Resolution 2: to approve directors' bonus of $20m
 To avoid bundling of resolution.
 Bad Corporate Governance: Bundling of unrelated issues in a resolution affects to the ability of
shareholders to vote according to their intention.
1.2 Proxy forms
(1) A proxy is an authorized representative to attend and vote on behalf of the shareholders. The
benefits of proxy include:
(a) Shareholders who are not able to attend general meetings (AGM and EGM) personally, e.g.
overseas shareholders, are still able to ask questions and vote according to their intention through the
use of proxy; and
(b) Shareholders are able to appoint professionals such as lawyers or accountants to attend on their
behalf when the agenda of the general meetings contain technical matters that shareholders feel they
need professional help in.

(2) For each resolution, proxy appointment forms should provide shareholders with the option to direct
their proxy to vote either:
1. for the resolution; or

2. against the resolution or
3. to withhold their vote.
(3). Proxy forms is appointed to help shareholders to reduce agency cost.
(4). In the case when there are no contentious （可能引起争论的）issues in the Annual General
Meeting (AGM), shareholders may find that attending AGM personally will not be cost effective.
Therefore, they will appoint a proxy in order to help to reduce agency cost.
(2). To encourage dialogue during AGM
The chairman should arrange for the chairmen of the audit, remuneration and nomination committees
to be available to answer questions at the AGM andfor all directors to attend.
Annual General Meetings and Extraordinary General Meetings
(1) Annual general meetings (AGMs) are a part of the normal financial calendar for all limited
companies and take place on the occasion of the year-end results presentation and the publication of
the annual report.
(2) Extraordinary general meetings are called to discuss strategic and other issues with shareholders
outside the normal financial calendar.
Purposes
(1) Both types of meetings are formal meetings between company directors and the shareholders of
the company.
(2) They typically involve presentations by the board (typically the chairman and/or CEO) and a
chance for shareholders to question the board.
Purpose - AGMs
(1) The purpose of AGM is to:
• present the year's results,
• discuss the outlook for the coming year,
• present the formal, audited accounts and
• have the final dividend and directors' emoluments approved by shareholders.
(2) Shareholder approval is signalled by the passing of resolutions in which shareholders vote in
proportion to their holdings.
(3) It is usual for the board to make a recommendation and then seek approval of that
recommendation by shareholders.
Purpose - EGMs
(1) Extraordinary meetings are called when issues need to be discussed and approved that cannot
wait until the next AGM.
(2) In some business environments when events necessitate substantial change or a major threat, an
EGM is sometimes called.

(3) Management may want a shareholder mandate for a particular strategic move such as for a
merger or acquisition.
(4) Other major issues that might threaten shareholder value may also lead to an EGM such as a
whistle blower' disclosing information that might undermine shareholders' confidence in the board of
directors.
Governance: reporting and disclosure
(1) Transparency means:
• openness,
• clarity,
• lack of withholding of relevant information unless necessary and
• adefault position of information provision rather than concealment.
(default position = basic position 基本态度)
(2) This means that unless there is an overwhelming reason not to disclose information of any kind
(perhaps for reasons of commercial sensitivity) then information should be disclosed or made
available upon request to any interested stakeholder.
Importance of transparency
(1) Transparency is one of the underlying principles of sound corporate governance.
(2) Transparency provides access for investors and other stakeholders to company information
thereby dispelling suspicion and underpinning market confidence in the company through truthful and
fair reporting.
(3) Transparency has the effect of reassuring investors that their funds are being responsibly
stewarded and used for worthwhile investments.
(4) Transparency helps the company in gaining trust with investors and regulators.
(5) Transparency helps to manage stakeholder claims and reduces the stresses caused by
stakeholders (e.g. trade unions) for whom information provision is important.
(6) Transparency informs and satisfies critics and helps protect reputation or reduce reputation
damage/risk.
Transparency VS Confidentiality
Transparency is the lack of withholding information unless necessary.
Sometimes, it is good corporate governance to withhold information. For example:
• It is necessary to keep strategy discussions secret from competitors.
• Internal issues may be private to individuals, thus justifying confidentiality.
• Confidential discussion often has to take place before an agreed position is announced.

Corporate governance report
Information on the board and its functioning
(1) The details of ail directors including brief biographies and the career information that makes them
suitable for their appointment.
(2) Information on how the board operates, such as frequency of meetings and how performance
evaluation is undertaken.
(3) Changes to board roles, including explanation of any sudden departures ofsenior management or
any significant changes in personnel at the top of the company.
Committee reports
(1) Remuneration Committee Report:

-» discloses the rewards awarded to each director including pension and bonuses.
Audit Committee Report:
(1) report on the effectiveness of internal controls
(2) report on accounting and audit issues with specific content on who is responsible for the accounts
and any issues that arose in their preparation.
Nomination Committee:
(1) The process of identifying and appointing of directors and senior executives.
(2) The process of evaluating board performance and individual director's performance, including the
use of external facilitator or human resource expert.
(3) The succession planning and any related issues.
Mandatory and voluntary disclosures in annual report
Mandatory disclosures
(1) These are components of the annual report mandated by law, regulation or accounting standard.
(2) Examples:
• Director's report
• Financial statements:
o statement of comprehensive income,

o statement of financial position,
o statement of cash flows,
o statement of changes in equity,
o operating segmental information,
• auditors' report,
• corporate governance report such as remuneration report.

(3) Features of mandatory disclosures (Limitations of mandatory disclosures)
(i) Focus on historical fact, transactions and events that have occurred in the financial year.
(ii) Heavy focus on financial information, less emphasis on qualitative information.
(iii) Incomplete and not forward looking.
Voluntary disclosures
(1) These are components of the annual report not mandated in law or regulation but disclosed
nevertheless.
(2) They are typically mainly narrative rather than numerical in nature.
(3) Examples:
• risk information,
• operating review,
• social and environmental information, and
• the chief executive's review.
Voluntary disclosure increases accountability to equity investors (Usefulness of voluntarily

disclosures):
(1) Voluntary disclosures are an effective way of redressing the information asymmetry that exists
between management and investors. In adding to mandatory content, voluntary disclosures give a
fuller picture of the state of the company.
(2) More information helps investors decide whether the company matches their risk, strategic and
ethical criteria, and expectations.
(3) Helps transparency in communicating more fully thereby better meeting the agency accountability
to investors, particularly shareholders.
(4) Voluntary disclosure gives a more rounded and more complete view of the company, its activities,
strategies, purposes and values.
(5) Voluntary disclosure enables the company to address specific shareholder concerns as they arise
(such as responding to negative publicity).
(6) Voluntary disclosures are typically mainly narrative rather than numerical in nature. This helps to:
(a) Makes the annual report more forward looking (predictive) whereas the majority of the
mandatory disclosure is numerical in content and historicalin nature.
(b) Convey qualitative information that cannot be conveyed using statutory numbers (such as
strategy, ethical content, social reporting, etc).
Consequences of Corporate Governance Failure
(1) Shareholders:
• Investors suffer financial lossas share prices crash
 Examples of financial losses: No payment, delay payment for long time.
• Unfair to shareholders especially this is due to bad corporate governance, i.e. when executives act
in self-interest instead of shareholders' interests

(2) Employees:
• Employees lost their jobs
• Unfairly low wages
• Sweatshop working conditions (Working condition is very bad such as poor lighting, working for long
hours)
• Unsafe working conditions leading to injury and fatality
(3) Suppliers:
• Consistent late payment contributing to liquidity problem in suppliers
• Non-payment resulting in financial loss even though suppliers are not at fault
(4) Society and community:
• Jobs lost in the community resulting in higher unemployment rate
• Tax revenue loss to the government and thus shifting tax burden to others
• Additional burden tax payers' money as more unemployed people use unemployment support
(benefits) funded by tax
(5) Customers:
• Unsafe products resulting in customer injury or fatality
• Sub-quality products/services
• Non-delivery of goods/services
• Misled customers
(6) Industry/regulators:
Lost in confidence
- People can lost confidence in the industry. For example: During Enron (Energy) case burse out,
people did not want to go to work as auditor. The audit firm – Anderson involved in falsifying the
accounts.
• Regulatory change and additional regulatory control over the industry.

Corporate Governance in Non-Profit Organizations - Charities and Public sector organizations
Differences between charities and listed companies:-
Particular: Listed Companies: Charities:

(1) Regulation (1) Listed companies are subject to: (1) Charities are not subject to Companies
Act or listing rules.
• Companies Act;
• Listing rules imposed by the stock (2) Charities are subject to the country's
exchange charity regulation, e.g. Charity Act.
• Code of Corporate Governance as
required by listing rules (3) Charities usually receive concessions in
form of tax concession and less stringent
financial reporting because of their status as
charities.
(2) Strategic (1) Listed companies exist primarily to For a charity, the strategic purpose is to
purpose make a financial return for their investors support the charitable cause for which the
(objectives) (shareholders). organization was set up.
(3) Stakeholders (1) Society typically expects a business to (1) A charity's social legitimacy is tied up with
and Societal be efficient in order to be profitable so the charity's achievement of benevolent aims
Expectations that, in turn, it can create jobs, wealth and
value for shareholders. (2) Most stakeholders in a charity have
claims more concerned with its benevolent
(2) Stakeholders in a business often have aims.
an economic incentive to engage with the
organization.
(4) Governance (1) In a public company, a board (1) In a charity, the operating board is usually
arrangements consisting of executive and non-executive accountable to a board of trustees.
directors is accountable to the
shareholders of the company. (2) It is the trustees who act as the
interpreters and guarantors of the fiduciary
(2) The principals are able to hold the duty of the charity.
board accountable through annual
general meetings and extraordinary (3) The trustees ensure that the board is
general meetings at which they can vote acting according to the charity's stated
on resolutions and other issues to convey purposes and that all management policy,
their collective will to the board. including salaries and benefits, are consistent
with those purposes.
Public sector organizations:-
(1) Ownership:
• Public sector organizations are typically "wholly owned by the government".
(2) Strategic objectives:
Strategic objectives are determined by the government:
• Likely to be different from purely commercial concerns.
• To implement one or more aspects of government policy.

Difficulty in setting strategic objectives:
• The millions of taxpayers and electors in a given country are likely to want completely different
things from public sector organizations.
(3) Regulation and Control:
• The focus is likely to be on value for money rather than the achievement of profits,
• The level of control from central or local government can be very high,
• They are likely to have service delivery objectives underpinned by legislation.
(4) Agency relationship:
(1) Agency relationship:
• Agent is the board of the public sector organization
(2) Principal refers to
• Immediate principal who is the government
• Ultimate principal who is the taxpayers of country and the electors of the government.
Because taxpayers and electors are diverse and heterogeneous, and because different layers of
public servants to interpret taxpayers' best interests, there is difficulty in the interpretation of their
interests.
Different approaches to corporate governance
a) "Rules' and "Principles' based approaches to corporate governance
b) "Insider' and "Outsider* system of corporate governance
c) "Local' and "International' Code of Corporate Governance
Principles-based approach
(1) In a principles-based approach (or "Comply or Explain" approach) to corporate governance, code
of corporate governance is not a set of legal rules. There is no legal penalty on the company or the
directors or the management if there is non-compliance.
(2) The code of corporate governance is a set of principles. The company should comply with the
principles in the Code of Corporate Governance.
(3) Principle-based approach is often implemented with a requirement to "Comply or Explain". When
there is non-compliance, the company should explain the rationale for non-compliance and the
reasons must be justifiable(i.e. there are good reasons for non-complying and the alternative action
(instead of compliance) is consistent with good corporate governance practice.
(4) It is up to the shareholders to evaluate the reasons for non-compliance and directors and
management are accountable if they find the reasons for non-compliance are unacceptable.
(5) Examples of "Comply or Explain" Code of Corporate Governance include the UK Combined
Code.

(6) Shareholders' role in a principles-based approach (comply or explain approach) of corporate

governance
(i) Shareholders should careful review the corporate governance report to evaluate the quality of
corporate governance practices.
(ii) Shareholders should raise concern with management and directors if:
(a) there is non-compliance with no justification
(b) when the explanation (in the case of non-compliance) is adequate,
(iii) When evaluating non-compliance and the explanations provided by management,

shareholders should consider:
(a) the specific situation;
(b) the reasonableness of management explanation;
(c) the arrangement of Alternative arrangement put in place to address;
(d) the corporate governance arising from non-compliance
(iv) Shareholders should intervene when there is no justification or when the explanation is not
satisfactory.
Rules-based approach to corporate governance:-
(1) In a rules-based approach, good corporate governance practices are codified into law.
(2) For example, the US Sarbanes-Oxley Act incorporates a number of corporate governance
practices such as having an audit committee that is entirely made up of independent directors.
(3) There will be legal penalty on the company and its director for non-compliance, which includes fine
or jail terms for certain offences.
(4) Non-compliance is a breach of law even though there might be justification.
(5) Enforcement of compliance is performed by regulatory agency.
Sarbanes-Oxlev Act (2002) – used to regulate auditors:
(1) After the high-profile collapses of Enron and Worldcom in the US, the US Congress passed the
Sarbanes-Oxley Act 2002 (usually shortened to ‘Sarbox' or 'Sox'.
(2) On July 30, 2002 President Bush signed into law the Sarbanes-Oxley Act of 2002. The law was
intended to bolster public confidence in the United States' capital markets and imposes new duties
and significant penalties for non-compliance on public companies and their executives, directors,
auditors, attorneys and securities analysts.
(3) Some important provisions include:
(a) Oversee the audit of public companies
(b) Establish audit report standards and rules
(c) Inspect, investigate and enforce compliance on the part of registered public accounting firms
andthose associated with the firms

(4) The enhancement of auditor's independence and the prohibition of certain

non-audit services to be provided by auditor.
(5) The enhancement of the audit committee’s effectiveness:
• All members must be independent directors

• At least one audit committee member is a financial expert, i.e. by qualification and also by
experience, e.g. previous financial controller or auditor of US listed companies
(6) The CEO and CFO to certify in periodic financial reports:
(i) The report does not contain untrue statements or material omissions
(ii) The financial statements fairly present, in all material respects the financial conditions and
results of operations
(iii) The CEO and CFO are responsible for internal controls designed to ensure that they receive
material information regarding the company and the group.
(iv) That the internal controls have been reviewed for their effectiveness within 90 days prior to the
report
(v) Any significant changes to the internal controls
(7) The CEO and CFO must forfeit certain bonuses and compensation received if the company is
requiredto make an accounting restatement due to the material, non-compliance.
Make an accounting restatement = claw back (money/remuneration must be paid back)  It

has become law now.
(8) Annual reports are to include an internal control report which states that the management is
responsible for the internal control structure and procedures for financial reporting and assesses the
effectiveness of the internal controls for the previous fiscal year.
Section 404 of Sarbanes-Oxley Act:
(1) Responsibility on Internal Controls
(1) Management has a duty to perform a formal assessment of its controls over financial reporting,
including tests that confirm the design and operating effectiveness of the controls.
(2) Management should include in its annual report an assessment of internal control over financial
reporting (ICFR).
(3) The external auditors to provide two opinions as part of a single integrated audit of the company:
(a). An independent opinion on the effectiveness of the system of ICFR.
(b). The traditional opinion on the financial statements.
(4) Reporting on Internal Controls
(a) The company's annual report to include an internal control report of management that
contains:
(i) A statement of management's responsibility for establishing and maintaining adequate

internal control over financial reporting for the company.

(ii) A statement identifying the framework used by management to conduct the required
evaluation of the effectiveness of the company's internal control over financial reporting, i.e.
COSO framework.
(iii) Management's assessment of the effectiveness of the company's internal control over
financial reporting as of the end of the company's most recent fiscal year, including:
A statement as to whether or not the company's internal control over financial reporting
is effective.
Disclosure of any "material weaknesses" in the company's internal control over financial
reporting identified by management.
(iv) A statement that the registered public accounting firm that audited the financial statements
included in the annual report has issued an attestation report on management's
assessment of the company's internal control over financial reporting.
(2) Effect of Introduction of Sarbanes-Oxley Act
(1) Sarbox compliance proved very expensive because it is rule-based.
(2) One of the criticisms of Sarbox is that it assumes a 'one size fits all' approach to corporate
governance provisions. The same detailed provisions are required of small and medium-sized
companies as of larger companies, and these provisions apply to each company listed in New York
even though it may be a part of a company listed elsewhere.
(3) The number of initial public offerings (IPOs) fell in New York after the introduction of Sarbox, and
they rose on stock exchanges allowing a more flexible (principles-based) approach.
(4) An example of a set of provisions judged to be very costly for smaller businesses are those
contained in Sarbanes-Oxley Section 404.
(5) This section requires companies to report on the 'effectiveness of the internal
control structure and procedures of…financial reporting'.
(6) The point made by some Sarbox critics is that gathering information on the internal controls
over financial reporting (ICFR) in a systematic and auditable form is very expensive and, arguably,
less important for smaller companies than for larger ones.
(7) Accordingly, Section 404 has been criticized as being an unnecessary burden on smaller
companies, and one which disproportionately penalizes them because of the fixed costs associated
with the setting up of ICFR systems.
(8) Smaller companies have fewer spare resources to carry out internal control.
(9) Smaller businesses tend to operate with lower levels of spare resource than larger businesses and
conducting internal reviews would be more of a challenge for them.
(10) The extra attestation fee (over and above normal audit fee) for the attestation of the internal
control report could be a constraint for many smaller companies.
(11) Smaller companies lack expertise from within existing employees to meet the Sarbanes-Oxley
Act requirements such as internal audit as well as carry out internal activities.
(12) Smaller companies will have fewer activities and less complexity, hence less need for
shareholders to require the information (less to go wrong).

Advantages of Principles-based/"Comply or Explain" Approach
(1) Flexibility
(1) Sometimes, there could be good reasons for not complying with the Code.
(2) For example, smaller listed companies, in particular those new to listing, may judge that some of
the provisions are disproportionate or less relevant in their case.
(3) In a rule-based approach, such non-compliance will not be allowed, even when there is a strong
justification for non-compliance.
(2) Encourage (compliance in spirit instead of compliance in letter
(1) The flexibility of justifiable non-compliance encourages the directors to &evaluate the rationale of
each principle in the Code and its relevance to the company.
(2) When implementing the principles, the directors will by then be convinced it is good corporate
governance given the specific nature of the company to comply with certain principles. This
encourages compliance in spirit rather than a "tick-box" approach.
(3) Self-policing
As the monitoring and enforcement of compliance is carried out by shareholders, there is no need to
set up separate regulatory agency for enforcement.
(4) Lower cost
Because of the flexibility and self-policing features described above, the compliance cost in a
principle-based approach is lower when compared to the rule-based approach.
Disadvantage of Principles-based/ "Comply or Explain" Approach
(1) Lack of legal penalty
(1) There is no legal penalty for non-compliance. Directors and management may not take the Code
of Corporate Governance seriously.
(2) This allows the opportunity for them to pick and choose compliance that suits them and avoid
compliance when it is inconvenient.
(2) Ineffective shareholder monitoring
(1) "Comply or Explain" places the responsibility on shareholders to hold directors and management
accountable for there are non-compliance that are not justifiable.
(2) The effectiveness of this approach depends on the willingness of shareholders and the knowledge
of shareholders to hold them accountable for non-compliance.
(3) Shareholders, particularly the individual small shareholders, may lack the knowledge of corporate
governance code to be able to identify non-compliance and evaluate reasons for non-compliance.
(4) Institutional shareholders may not have the time or the willingness to review corporate governance
report to identify and evaluate non-compliance and explanation.
(5) This allows the opportunity for directors and management to get away with non-compliance by
providing inadequate explanation or even without any justification.

Rules-based Approach to Corporate Governance
Advantages
• Directors and management will take the corporate governance requirements seriously as there will
be legal impact on themselves.
Disadvantages
(1) Inflexibility (Rigid)
(1) Once codified as law, corporate governance requirements apply to all companies within the scope
of the law. For example, the US Sarbanes-Oxley Act applies to all US listed companies, i.e.
companies listed on US stock exchanges.
(2) There is no tolerance for non-compliance even if there may be justification.
 Quality of corporate governance in rule-based approach depends on the quality of the law
written. If the corporate governance is badly written, e.g. good practices are not included in the
law, then, even full compliance, then, it does not result in good quality corporate governance.
(3) The code becomes one-size-fit-all approach and (does not take into account size of the entity, or
specific situations the entity is facing.
(2) Compliance in letter rather than compliance in spirit
(1) Even when the company finds it irrelevant or impractical to comply with the code, the company
has to comply with the legal code anyway.
(2) Thus, the compliance effort is merely to satisfy legal requirements rather than serving a useful
purpose.
(3) Regulatory enforcement
(1) A regulatory enforcement agency has to be set up to monitor compliance and take action against
companies that do not comply with the code.
Cost of staffing the agency and cost of monitoring will be incurred.
(4) Higher compliance cost
Because of the requirement to comply with all requirements regardless of relevance and the
regulatory enforcement cost, the compliance cost in a rule-based approach is higher than that of a
principle-based approach.
Exam Focus:
(1) Difference between:

(i) Charity VS Listed Company  Regulation;
(ii) Public sector organization VS Listed Company:
 Regulation;
 Strategic objectives – charity;

- listed company (maximize profit);
- public sector (citizen’s welfare to be focused)
 Agency relationship – listed company (shareholder = principal; director = agent)

2. Governance issues in – charity;

- listed company;
- public sector;
"Insider' and "Outsider' system of corporate governance
Characteristics of an insider system of corporate governance
(1) An insider-dominated business is one in which the controlling shareholding is held by a small
number of dominant individuals,
(2) In many cases, these individuals will also work for the business making them owner-managers,
(3) When the insiders belong to a nuclear or extended family it is common to refer to the business as
a family firm.
Characteristics of an outsider system of corporate governance
(1) An outside system is often associated with companies listed on major international established
stock markets. In a listed company:
(a) the shares are dispersed between many shareholders, the shares are publicly traded and
(b) managers are unlikely to be substantial shareholders themselves (although they may own
shares as a part of their reward packages).
Differences in Corporate Governance Issues
(I) Agency cost
(1) Compared with an outsider system, there are usually lower agency costs associated with insider-
dominated businesses owing to there being fewer agency trust issues.
(2) Less monitoring is usually necessary because the owners are often also the managers.
Principals (majority shareholders) are able to directly impose own values and principles (business or
ethical) directly on the business without the mediating effect of a board.
(II) Short term and long term profit motive
(1) A smaller base of shareholders is more likely to be flexible over when profits are realized and so
the expectations of the rates and timings of returns are likely to be longer. This gives management
more strategic flexibility as compared to a large listed company.
(III) Talent pool and succession
(1) There is a common tendency for a family business to hand the running of the business to family
members and maintain the control of the business within the family.
(2) However, succession is an issue when the insider is not equipped or not willing to develop the
business. This will constraint or have an adverse impact on business performance over a period of
time.
(IV) Conflict resolution
(1) In a larger bureaucratic business, there is capability of 'professionalising' conflict (including staff
departures and disciplinary actions).

(2) In a family business or an insider system, conflict resolution may be less formal and more
personal. Family relationships can suffer and this can intensify stress and ultimately lead to the
deterioration of family relationships^ well as business performance.
International Code of Corporate Governance
OECD Code of Corporate Governance
(1) The mission of Organization for Economic Co-operation and Development (OECD) is to promote
policies designed:
(a) to achieve the highest sustainable economic growth and employment and a rising standard of
living in member countries, while maintaining financial stability, and thus to contribute to the
development of the world economy;
(b) to contribute to sound economic expansion in member as well as non-member countries in the
process of economic development; and
(c) to contribute to the expansion of world trade on a multilateral, non-discriminatory basis in

accordance with international obligations.
(2) The OECD Principles of Corporate Governance were endorsed by OECD Ministers in 1999 and
have since become an international benchmark for policy makers, investors, corporations and other
stakeholders worldwide.
(3) They have advanced the corporate governance agenda and provided specific guidance for
legislative and regulatory initiatives in both OECD and non OECD countries.
(4) The Principles are intended to assist OECD and non-OECD governments in their efforts to
evaluate and improve the legal, institutional and regulatory framework for corporate governance in
their countries, and to provide guidance and suggestions for stock exchanges, investors,
corporations, and other parties that have a role in the process of developing good corporate
governance.
(5) The Principles focus on publicly traded companies, both financial and non-financial.
(6) However, to the extent they are deemed applicable, they might also be a useful tool to improve
corporate governance in non-traded companies, for example, privately held and state-owned
enterprises.
(7) The main principles of OECD Code are summarized as follows:
(a) The corporate governance framework should promote transparent and efficient markets, be
consistent with the rule of law and clearly articulate the division of responsibilities among different
supervisory, regulatory and enforcement authorities.
(b) The corporate governance framework should protect and facilitate the exercise of shareholders'
rights.
 Shareholders’ rights:-
- The rights to vote;
- The rights to appoint and remove directors;
- The rights to share in the financial return of the company (through the form of dividend)
(c) The corporate governance framework should/ensure the equitable(one share = one vote)
treatment of all shareholders, including minority and foreign shareholders. All shareholders should
have the opportunity to obtain effective redress for violation of their rights.

(8). The corporate governance framework should recognize the rights of stakeholders established by
law or through mutual agreements and encourage active co-operation between corporations and
stakeholders in creating wealth, jobs, and the sustainability of financially sound enterprises.
(9). The corporate governance framework should ensure that timely and accurate disclosure's made
on all material matters regarding the corporation, including the financial situation, performance,
ownership, and governance of the company.
International corporate governance network (ICGN) Report (2005)
(1) The International Corporate Governance Network (ICGN), founded in 1995 at the instigation of
major institutional investors, represents investors, companies, financial intermediaries, academics and
other parties interested in the development of global corporate governance practices.
(2) One of ICGN's objectives is to facilitate international dialogue on issues of concern to investors.
High standards of corporate governance, including effective dialogue between companies and their
shareholders, the ICGN believes, are a prerequisite for companies to compete effectively and for
economies to prosper.
(3) The ICGN also believes that it is in the public interest to encourage and enable the owners of
corporations to participate in their governance.
(4) The aim of these Principles is to assert standards of corporate governance to which ICGN
believes that all companies should aspire.
(5) The Principles intend clearly to express the expectations and concerns of international investors
with regard to the governance of companies in which they invest, and also to express their
commitment to play their role in the governance of those companies.
(6) The Principles are intended to apply to public companies predominantly, providing them with
guidance as to the behaviorwhich will influence investors' investment decisions; they will also be of
value for companies seeking investment from the international investment community.
(7) Aspects of the Principles will also be of relevance to governments, legislators, regulators,
operators of investment markets, and audit firms.
(8) The Principles are intended to be of general application around the world, irrespective of
legislative background or listing rules.
(9) As global guidelines, they need to be read with an understanding that local rules and structures
may lead to different approaches to these concepts.
(10) The main principles in the ICGN (2005) are summarized as follows:
(a) The overriding objective of the corporation should be to optimize over time the returns to its
shareholders. Corporate governance practices should focusboard attention on this objective.
(b) Corporations should disclose relevant and material information concerning the corporation on
a timely basis, in particular meeting market guidelines wherethey exist, so as to allow
investors to make informed decisions about the acquisition, ownership obligations and rights,
andsaleof shares.
(11) Annual audits of the financial statements carried out on behalf of shareholders should be
required for all corporations. The audit should be carried out by independent, external auditors who
should be proposed by or with the assistance of, the audit committee of the board (or its equivalent
where applicable) for approval by the shareholders.
(12) Boards should treat all the corporation's shareholders equitably and should ensure that the rights
of all investors, including minority and foreign shareholders, are protected.

(13) Shareholders should have the right to participate in key corporate governance decisions,
including the right to nominate, appoint and remove directors.
(14) The board's duties and responsibilities and key functions, for which they are accountable, include
those set out below:
(i) Reviewing, approving and guiding corporate strategy
(ii) Monitoring the effectiveness of the company's governance practices
(iii) Selecting, compensating, monitoring and, when necessary, replacing key executives and
overseeing succession planning.
(iv). Aligning key executive and board remuneration with the longer term interests of the company and
its shareholders.
(v). Ensuring a formal and transparent board nomination and election process.
(vi). Monitoring and managing potential conflicts of interest of management, board members,
shareholders, external advisors and other service providers, including misuse of corporate assets and
abuse in related party transactions.
(vii). Ensuring the integrity of the corporation's accounting and financial reporting systems, including
the independent audit, and that appropriate systems of control are in place, in particular, systems for
risk management, financial and operational control, and compliance with the law and relevant
standards.
(viii). Overseeing the process of disclosure and communications.
(15) The board is accountable to shareholders and responsible for managing successful and
productive relationships with the corporation's stakeholders.
(16) Corporations should adopt and effectively implement a code of ethics and should conduct their
activities in an economically, socially and environmentally responsible manner.
(17) The board is responsible for determining, implementing and maintaining a culture of integrity.
Argument for local code
(1) Different business culture leading to different accountability and governance issues
(1) Where local economies are driven more by small family businesses and less by public companies,
accountability relationships are quite different and require a different type of accounting and
governance.
(2) E.g. ensure equitable treatment to minority shareholders.
(3) International codes such as that of OECD and ICGN are meant for an outsider system of
corporate governance, emphasizes the accountability of directors and management to shareholders
and other stakeholders.
(4) Thus, adopting international codes may not address the governance issue in the local economy.
(2) Different development of capital funding
(1) There is a high compliance and monitoring cost to highly structured governance regimes that
some developing countries may deem unnecessary to incur.
(2) There is, to some extent, a link between the stage of economic development and the adoption of
formal governance codes.

(3). Some countries government may feel that an/overly demanding corporate governance regime)
may erode the countries' international comparative advantage.
(4) Some international companies seeking to minimize the effects of structured governance regimes
on some parts of their operations may seek countries with less tight structures for some
operations.
Argument for international code:
(1) Local code may be less robust than the international code. Any dilution of the robustness of
provisions will reduce in less protection for shareholders' interests.
(2) A less robust local code may allow bad practice, such as fraud and corruption to exist and
proliferate （迅速繁殖）
A more robust international code, accepted by the international business and

investment communities, underpin confidence in the economic systems and help
to attract foreign direct investment.
Chapter 2: Risk Management
Entity Risk Management
(1) Develop risk appetite (How much risk can you take it?)
(2) Identify risk (What types of risk?)
(3) Quantify risk (assess risk – Is the risk big or small?)
(4) Develop 'risk management strategy (risk strategy – How to manage the risk?)
(5) Implement risk strategy (Risk awareness + risk embedding)
(6) Monitor because risk is dynamic = risks will change because of external environment changes
and internal changes such as new product or new management strategy.
Risk appetite
(1) Risk appetite is the amount of risk that an organization is willing to take in the pursuit of its
strategic objectives.
(2) The COSO framework defines risk appetite as the amount of risk, on a broad level, an entity is
willing to accept in pursuit of value.
(3) Risk appetite reflects the entity's risk management philosophy, and in turn influences the entity's
culture and operating style.
(4) Risk appetite guides resource allocation.
(5) Risk appetite assists the organization in aligning the organization, people, and processes
necessary to effectively respond to and monitor risks.
(6) Organizations must embrace（拥有） risk in pursuing their goals. The key is to understand how
much risk they are willing to accept.
(7) An organization with an aggressive appetite for risk might set aggressive goals.
(8) An organization that is risk-averse, with a low appetite for risk, might set conservative goals.

Benefits of defining risk appetite
(1) When a board considers a strategy, it should determine whether that strategy aligns with the
organization's risk appetite.
(2) When properly communicated, risk appetite guides management in setting goals arid making
decisions so that the organization is more likely to achieve its goals and sustain its operations.
(3) By defining its risk appetite, an organization can arrive at an appropriate balance between risks
and opportunities.
(4) Risk appetite can guide people on the level of risk permitted and encourage consistency of
approach across an organization.
(5) A defined acceptable level of risk also means that resources are not spent on further reducing
risks that are already at an acceptable level.
Impact/consequence of setting an inappropriate risk appetite
(1)Risk appetite is too low avoid opportunities that are more risky, but offer greater returns.
(2) Risk appetite is too high undertake activities with excessive risk
An example of a risk appetite statement
The Organization operates within a low overall risk range.
The Organization's lowest risk appetite relates to safety and compliance

objectives, including employee health and safety, with a marginally higher risk
appetite towards its strategic, reporting, and operations objectives.
This means that reducing to reasonably practicable levels the risks originating
from various medical systems, products, equipment, and our work environment,
and meeting our legal obligations will take priority over other business
objectives.
Roles in establishing risk appetite
(1) It is management's role to develop the risk appetite and to obtain the board's agreement that the
risk appetite is suitable for the organization.
(2) The board should take into account the expectations of shareholders, regulators, and other
stakeholders.
(3) The risk appetite should also be consistent:
• with the culture of the company and
• with the capacity of the organization to manage risks inherent in its business activities.
UK Combined Code
The board is responsible for determining the nature and extent of the significant risks it is willing
to take in achieving its strategic objectives.

(4) It is the board's role to oversee management and to monitor the broader risk management
process, including whether the organization is adhering to its stated risk appetite.
(5) The board has a fiduciary responsibility:
• to question management's development and implementation of a riskappetite and
• to require changes if it believes the risk appetite is either badly communicated or inconsistent with
shareholder values.
Effective board oversight of an organization's risk appetite should include
(1) Clear discussion of the organization's objectives and risk appetite;
(2) Oversight of the organization's compensation plan for consistency with risk appetite;
(3) Oversight of management's risk identification when pursuing strategies to determine whether the
risks exceed the risk appetite;
(4) Oversight of strategies and objectives to determine whether the pursuit of some objectives may
create unintended consequences or organizational risks in other areas; and
(5) A governance structure that requires regular conversations on risk appetite, through the board and
board committees, concerning matters such as strategy formulation and execution, merger and
acquisition activity, and business cases to pursue major new initiatives.
Identify Risk
Risk categories:
(1) Strategic risk
(2) Operational risk
(3) Entrepreneurial risk
(4) Market risk
(5) Reputation risk
(6) Environmental risk
(7) Liquidity risk
(8) Health and safety risk
(9) Compliance risk
(10) Information security risk
(11) Functional currency risk
(12) Project risk
Exam Focus:
(1) Define strategic risk, operational risk, etc.
(2) Identify and evaluate the risk in the case study

Strategic risks
(1) These arise from the overall strategic positioning of the company in its environment (strategic
positioning)
(2) Strategic risks can potentially affect the entire organization.
(3) Because of this, they are managed at board level in an organization and form a key part of
strategic management.
(4) Examples of strategic risks include those affecting products, markets, reputation, supply chain
issues and other factors that can affect strategic positioning.
Operational risks
(1) Operational risks refer to potential losses arising from the normal business operations.
(2) Operational risks affect the day-to-day running of operations and business systems
(3) Operational risks are managed at-risk management level (not necessarily board level) and can be
managed and mitigated by internal control systems.
(4) Examples include those risks that, whilst important and serious, affect one part of the organization
and not the whole, such as machinery breakdown, loss of some types of data, injuries at work and
building/estates problems.
3 key points in definition of strategic and operational risks:

(1) Source – What creates strategic and operational risks?
(2) Impact
(3) Management
Strategic positioning:
(1) Market: Which market you want to compete in?
(2) Product Ansoff Model:

(i) New product + new market = High risk
(ii) Existing product + existing market = lowest risk (you know about your client & you have a
distributional channel)
(iii) New product in existing market = medium risk (E.g. KTC plans to launch a new product –
ICAEW Accounting course)
(iv) Existing product + new market = medium risk
(3) Weak business process This may cause operational risk

(E.g. Never monitor stock level  stock out, lost of revenue)

Entrepreneurial Risk
(1) Entrepreneurial risk is the necessary risk associated with any new business venture or
opportunity.
(2) Entrepreneurial risk arises from the uncertainty due to entering a new market or
developing/launching a product.
(3) Entrepreneurial risk arises from the uncertainties concerning the competences and skills of the
entrepreneurs themselves.
(4) Entrepreneurial risk is necessary because it is from taking these risks that business opportunities
arise.
(5) Any source of entrepreneurial risk but these are also the sources of future revenue streams and
hence growth in company value.
Market risk
(1) Market risks are those arising from any of the markets that a company operates in. Market risks
are risks from resource markets (inputs), product markets (outputs) or capital markets (finance).
(a) Input raw materials' increase in price; increase in salary costs
(b)Output reduction in products ‘selling price
(c) Capital depressed stock market resulting in company having to sell shares at a lower price
during an initial public offering; increase in interest rates resulting in higher borrowing costs.
Currency risk
(1) This arises from fluctuation in currency rates in an unfavorable way. For example
• Payable in foreign currency that appreciates against the local currency;
• Receivable in foreign currency that depreciates.
Information security risk
Information security risk means the loss arising from information systems from unauthorized access,
use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Reputation risk
(1) Reputation risk concern any kind of deterioration in the way in which the organization is perceived
by external stakeholders and internal stakeholders.
(2) Reputation risk arises from the occurrence of irregular behavior, compliance failure or similar
events.
Effect of Poor Reputation
(1) Generally, a poor reputation will lead to lack of confidence in the company by its stakeholders,
such as customers, suppliers, regulators, employees and potential employees.
(a) Share and investors Investor confidence is important in public companies where any
reputation risk is likely to be reflected in market value.
(b) Customers Damage to reputation can reduce confidence among customers leading to
reduced sales values and volumes and, in extreme cases, boycotts.

(c) Employees and potential employees  Poor reputation impedes the company's ability to
recruit and retain talent. The company also has to spend more on recruitment costs and perhaps pay
higher remuneration to attract staff.
(d) Auditors Poor reputation may give auditor concerns to increasescrutiny and perhaps increase
the extent of their audit work which will lead to higher audit fee.
(e) Regulators Poor reputation may give regulator concerns to increase scrutiny and perhaps
increase the extent of their oversight work which will lead to higher compliance cost
(f) Suppliers, including finance providers Poor reputation may impede（阻碍）the company's
ability to obtain supplies, especially on credit, and to obtain financing. Finance providers may demand
higher interest cost in compensation of higher perceived risk.
Environmental risk
(1) An environmental risk is an unrealized loss or liability arising from:-
• the effects on an organization from the natural environment or
For example, environmental risk can arise from the effects of climate change, adverse weather,
resource depletion, and threats to water or energy supplies.
the actions of that organization upon the natural environment.
For example, environmental risk can arise from liability due to emissions, pollution, waste or
product liability.
(2) Not all companies are subject to the same nature and extent of environmental risks. Entities
operating in the chemical industry and energy markets (such as petroleum and nuclear energy) face a
structural environmental risk in that-
• The business operations and activities have direct and greater impact on the environment; and
These industries are typically regulated for its impact on environment.
Liquidity risk
(1) Liquidity risk refers to the difficulties that can arise from an inability of the company to meet its
short-term financing needs, i.e. its ratio of short-term assets to short-term liabilities. Specifically, this
refers to the organization’sworking capital and meeting short-term cash flow needs.
(2) The extent of liquidity risk depends on:-
• the nature of the business and
the financial management expertise within the company.
(3) Cash sale businesses usually have lower liquidity risk than that of businesses that sell on credit.
(4) Companies extending long credit term to their customers usually have higher liquidity risk than
those that extend shorter credit term.
(5) Companies selling inventories with a shorter selling cycle usually have lower liquidity risk than
those that hold inventories longer, e.g. manufacturing companies.

Health and safety risk
(1) Health and safety risks are risks to individuals, employees or others, arising from any failure in the
business operations giving rise to compromised human welfare.
(2) Health and safety risk, and particularly the probability of a given health and safety risk
materializing, is generally increased by a number of factors.
• Lack of a health and safety policy
• Lack of emergency procedures or a failure to deal with hazards that arise
• Lack of health and safety culture
A poor health and safety culture can undermine an otherwise good policy if management and staff are
lax（稀松，松解） towards health and safety, or believe it to be unimportant.
Legal risk (compliance risk):
(1) Legal risk is defined as the risk of legal sanctions, material financial loss, or loss to reputation the
organization may suffer as a result of its failure to comply with laws, its own regulations, code of
conduct, and standards of best/good practice.
(2) Non-compliance with regulation or code will lead to penalty, license suspension or withdrawal.
(3) Companies operating in highly regulated industries are exposed to higher compliance risk.
(4) Legal risk increases when there is a lack of familiarity with regulation, e.g. expansion to a new
overseas market.
(5) Legal risk increases when there are changes in regulations.
Integration risk:
(1) This arises when two newly merged entities are trying to work together as a combined unit.
(2) Integration risk arises from incompatibility between the two entities in the following areas:-
Business culture, e.g. multinational vs family-owned
Business structure, e.g. centralized decision making vs decentralized decision making
Information systems, e.g. different software or incompatible systems
Project Risk:
 Inadequate design
 Insufficient budget
Insufficient time
Insufficient competence or resource
Inadequate testing

Risk arising from using sub-contractors

• Lack of direct control over sub-contractors' activities
• Difficulty in coordinating work of sub-contractors
• Budget overrun - unclear specification and agreement giving rise to the opportunity of budget
creep, i.e. rising sub-contractor cost
• Delay - especially when sub-contractors are not working exclusively on the project
Internal controls relating to project risk
• Design should be reviewed and approved to ensure the design will meet the specification.
• If design is inadequate, re-design should be conducted.
• Time budget and cost budget should be developed based on the approved to ensure that there is
sufficient time and budget to develop the product based on the design.If there is insufficient time and
budget, more time and budget should be sought.
• Testing should be performed to ensure the project works according to the specification and design.
• If testing failed, the cause of failure should be investigated and modification to the design and
product should be carried out and the modified product re-tested.
Quantify risk (also known as assess risk; risk assessment)
(1) Risk assessment is a process that involves establishing both:
• theprobability of a particular risk event happening and
• theimpact or hazard that would arise if it was realized.
(2) The most material risks are those identified as having high impact/hazard and the highest
probability of happening.
(3) Risks with low hazard and low probability will have low priority.
(4) For some risks, quantification can be made with some degree of objectivity, i.e. objective risk
assessment.
(5) Some risk quantification rely more on subjective assessment.

(6) When assessing risk, it is important to know that some risks are correlated to each other, i.e.
correlated risks.
Objective risk assessment:-
(1) A risk can be objectively assessed if we can:-
• measure probability'scientifically' measure the probability of a given outcome; or
e.g. based on past experience, predict staff turnover rate.
• predict impactpredict, with some certainty, the impact.
e.g. assess impact in terms of production loss if the factory is closed for a week.
Subjective risk assessment
(1) Subjective risk refers to the situation when:-
• It involves significant judgment (thus subject to bias and uncertainty) the probability of a risk event
occurring; or
• It is more difficult to predict accurately the impact when a risk occurred
(2) We can predict with much less certainty, the probability that the stock market will rise or fall on a
given day. In such a situation, more subjective judgment is used.
(3) In terms of impact, we could much less accurately predict the number of people hurt or injured in
an accident. Again, a more subjective figure is used for assessing that risk.
Related and correlated risk:-
(1) Related risks are risks that vary because of the presence of another risk.
(2) Related risks are likely to rise and fall along with the related one.
Positively correlated riskRisks are positively correlated if the two risks are positively related in
that one will:-
• fall with the reduction of the other and
• increase with the rise of the other.
Negatively correlated riskRisks are negatively correlated if:
• one fell as the other rose.
one fell as the other rose.
Examples of positively correlated risk:-
(1) Environmental risks and reputation risk may be positively correlated.
(2) When the business activities cause environmental damage, the entity's reputation deteriorates.
(3) Environmentally friendly business practices reduce environmental risk and also enhance
reputation (and reduce reputation risk).

(4) These two risks can have a shared cause, i.e. they can arise together and fall together because
they depend upon the same activity.
(5) Examples of negatively correlated risks:-
High stock holding increases liquidity risk but reduces stock out risk.
Why accurate risk assessment is important?
(1) Risk assessment affects resource allocation in risk management:
(1) Resources are allocated in part on the basis of our risk assessments, such as the investment in
controls to manage risk.
(2) A risk assessed as probable and of high impact would attract a significant resource allocation and
to have incorrect information could lead to the misallocation of company resources, e.g. buying too
much insurance
(2). Risk assessment affects risk exposure:
(1) Wrong assessment has two types:
• Low risk wrongly assessed as high risk
• Wrongly avoid the risk, i.e. also known as "stop" error
• Over investment in measures to reduce the risk
 High risk wrongly assessed as low risk 
• Wrongly accepted the risk, i.e. also known as "start" error
• Insufficient investment in measures to reduce risk and thus the company is still exposed to the risk
excessively as risk is not reduced to an acceptable level.
(3) Risk assessment contributes to corporate social responsibility:
(1) Business entities have an obligation to thelocal community, employees and others to ensure
that all risks are fully but accurately understood.
(2) Accurate risk assessment is necessary to the company's valued reputation as an ethical and
responsible employer and neighbor.
Extra Notes:
- Low risk wrongly communicated as high risk to community  Cause unnecessary panic
- High risk wrongly communicated as low risk to community  Expose employees and community to
high risk
Why is accurate risk assessment difficult?
(1) One of the problems with risk assessment is the quality of the information fed into the risk
assessment “calculation”.
(2) The problem arises when it is difficult to assign accurate and reliable values to those variables.
(3) Some risks can be objectively assessed.
(4) Some risks require subjective assessment and thus is affected by judgment.

(5) Some risks are correlated and thus when quantifying risk, the correlation should be taken into
account.
Risk Strategies  TARAS
Risk transference strategy:
(1) This would involve the company accepting a portion of the risk and seeking to transfer a part to a
third party.
(2) E.g. Insurance allows a portion of the financial loss to be transferred to the insurers.
(3) E.g. Outsourcing allows the "blame" or portion of liability to be transferred to contractors
Risk avoidance strategy:
(1) An avoidance strategy involves discontinuing the activity that is exposing the company to risk.
(2) When probability = High; Impact = High
(3) When a business activity is not strategic, thus it can be avoided = return is not worth the risk.
• Risk reduction strategy
(1) A risk reduction strategy involves seeking to retain a component of the risk (in order to enjoy the
return assumed to be associated with that risk) but to reduce it and thereby limit its ability to create
liability.
(2) E.g. implement controls to reduce probability of a risk occurring, such as use fire resistant
materials to reduce probability of fire occurring
(3) E.g. implement controls to reduce impact of a risk when it occurred, such as water sprinkler
system to reduce damage caused by fire
(4) reduce the extent of the business activity that gives rise to the risk to reduce probability of risk
occurring,
 Risk acceptance strategy:
(1) A risk acceptance strategy involves taking limited or no action to reduce the exposure to risk.
(2) This strategy is usually taken if the returns expected from bearing the risk were expected to be
greater than the potential liabilities.
(3) Low probability, low impact  Return is significantly higher than potential loss
(4) Not able to reduce any further, strategically important and thus, not able to avoid.
 Risk share strategy:
(1) Share = from joint venture, partnership  Share the potential loss & benefits.
(2) Example: Overseas expansion (diversification) is very risky, so, you find other partnership in that
country, transfer/share some risk to them.

ALARP (As Low As Reasonably Practicable):
(1) When evaluating the appropriateness of the different risk strategies (TARA), the cost of
implementing the strategy (e.g. cost of insurance premium) should be weighed against the benefits of
the strategy in terms of the reduction in the probability of risk event occurring or the reduction of
impact if the event occurred. In this case, the ALARP principle offers some guidance.
(2) According to the ALARP principle, risks should be "as low as reasonably practicable".
(3) There is an inverse relationship between a risk and the acceptability of that risk, i.e.
a risk is more acceptable when it is low and<memorize>

a risk is less acceptable when it is high.<memorize>
(4) The ALARP principle is that the residual risk shall be as low as reasonably practicable.
(5) For a risk to be ALARP it must be possible to demonstrate that the cost involved in reducing the
risk further would be grossly disproportionate to the benefit gained.
(6) The ALARP principle arises from the fact that eliminating risk could be impractical or impossible.
The investment in risk strategy is thus a trade-off between its cost and the benefit (in terms of reduced
risk).
(7) Thus, an organization cannot "guarantee" that a certain risk will never occur.
Risk strategy implementation:
(1) The risk strategies that meet the ALARP principle will be selected for implementation, e.g. buying
of insurance, installation of fire detection and fire fighting equipment.
(2) During the implementation stage, it is essential that risk awareness and risk embedding is created
amongst all staff and management throughout the entity.

Risk Awareness:
(1) Risk awareness is a capability of an organisation to be able to recognise risks when they arise,
from whatever source they may come.
(2) A culture of risk awareness means that this capability (or competence) is present throughout the
organisation and is woven into the normal routines, rituals, waysof thinking and is taken for granted in
all parts of the company and in all employees.
(3) Risk awareness is important because:-
(i) Risks can arise in any part of the organisation and at any level. Not all risks are at the strategic
level and can be captured by a risk assessment.
(ii) A culture of risk awareness will help ensure that all employees are capable of identifying risks
as and, when they arise.
(iii) Risks are dynamicand rise and fall with changes in the business environment and with
changes in the company's activities. Employees who are risk aware will be able to identify
changes in risks affecting the company.
(iv) A lack of risk awareness is often evidence of a lack of risk management strategy in the
organisation. A lack of effectiveness of risk management strategy leaves the company
vulnerable to unrecognised or wrongly assessed risks.
<Exam - write the definition of risk awareness>
Extra Notes:

Risk Embedding:
(1) Risk embedding refers to the way in which risk awareness and management are interwoven（编织）
into the normality of systems and culture in an organisation.
(2) Systems describe the way in which work is organised and undertaken.
(3) Culture describes the "taken-for-grantedness" of risk awareness and risk management within
the organisation.
(4) To have risk awareness and risk systems embedded implies a number of things:-
• Embedding risk means that risk management is included within the control systems of
anorganisation, e.g. when creating budget, the anticipated cost relating to a risk is being factored into
the budget.
• When risk is embedded, the reward systems would recognise the need for risk awareness in them
by including risk-related metrics. For example, accident rate could be built into an operation
manager's annual appraisal.
• When embedded, risk is interconnected with other systems so that risks must be taken into account
before other internal controls will work effectively.
• In an embedded risk system, risk is not seen as a separate part of internal control but is 'woven in' to
other internal controls and is a part of the organisation's culture.
• When risk is embedded, the management of risk is 'normal' behaviour at all levels. Behaviour
concerned with risk management is as much as part of the normal business activity as trading and
adding shareholder value.
How to Embed risk?
(1) The methods by which risk awareness and management can be embedded in organisations are
as follows:-
• Aligning individual goals with those of the organisation and building these in as part of the culture.
• Including risk responsibilities with job descriptions.
This means that employees at all levels have their risk responsibilities clearly
and unambiguously defined.
 Establishing reward systems that recognise that risks have to be taken (thus
avoiding a "blame culture').
Those employees that are expected to take risks (such as those planning investments) should have
the success of the projects included in their rewards.
• Establishing(metrics and performance indicators that monitor and feedback information on risks to
management.
This would ensure that accurate information is always available to the risk committee and/or board,
and that there is no incentive to hide relevant information or fail to disclose risky behaviour or poor
practice. A "suggestion box" is one way of providing feedback to management.
• Communicating risk awareness and risk management messages to staff and publishing success
stories.Part of the dissemination of, and creating an incentive for, good practice,
internal communications is important in developing culture and continually
reminding staff of risk messages.

Risk Auditing:
Risk audit and assessment is a systematic way of understanding the risks that an organisation faces.
What is involved in a risk audit?
There are four stages in any risk audit (internal or external): identify, assess,
review, and report.
(1) Identification:
(1) Risk audit may identify risks that were previously not identified by the company.
(2) Risk audit may find that risks previously identified by management may no longer to relevant.
(2) Assessment:
(1) Each identified risk needs to be measured against two variables:-
• the probability (or likelihood) of the risk being realised; and
• the impact or hazard (what would happen if the risk was realised).
(2) Risk audit may discover risks that were wrongly assessed by the company in terms of probability
or impact or both. For example,
• High risk wrongly assessed as low risk.
• Low risk wrongly assessed as high risk.
(3) Review:
(1) At the review stage, the auditor analyses the controls that the organisation has in the event of the
risk materialising.
(2) Risk audit may identify inappropriate risk strategy, e.g. wrongly accepted high risks or
wrongly avoided low risks.
(4) Report:
(1) A report on the review is produced and submitted to the Board of the organisation that
commissioned the audit.
(2) Management will probably want to know about:-
• the extent of the key risks (those with high probability, high impact, and especially both high impact
and high probability);
• the quality of existing assessment; and
• the effectiveness of controls currently in place.
Risk audit can be conducted using internal resources or outsourced to an

external party.

Internal risk audit - advantages
• Familiarity
Risk audit as an internal function has the advantage that those conducting the audit are likely to be
highly familiar with the organisation, its systems, procedures, regulatory environment, and culture.
• Context specific audit
By understanding how things'work' (who does what, what regulations apply and where), and also
understanding relevant technical matters, legal frameworks and control systems, an internal auditor
should be able to carry out a highly context-specific risk audit.
• Meet expectation
The audit Is likely to contain assessments that are written and structured according to the
expectations and norms of the organisation, perhaps using appropriate technical language and in a
form specifically intended for that particular organization.
Internal risk audit - disadvantages
The disadvantages are the threats of:-
• impaired independence and
• over-familiarity that are present in many internal audit situations.
External risk audit - advantages:
• Independence:
It reduces or avoids the independence and familiarity threats. It is likely that

external auditors will have no link to anybody inside the organization being
audited and so there will be fewer prior friendships and personal relationships
to consider.
 Confidence:
The fact that these threats are avoided or reduced will create a higher degree
of confidence for investors and, where applicable, regulators.
• Fresh perspective:
(1) An external auditor brings a fresh pair of eyes to the task, identifying issues that internal auditors
may have overlooked because of familiarity.
(2) When internal employees audit a system or department, they may be so familiar with the
organization's routines, procedures, culture, and norms that a key risk might be overlooked or wrongly
assessed.
• Expertise:
Best practice and current developments can be introduced if external consultants are aware of these.
Given that consultants typically promote themselves on the currency of their skills, it is often more
likely that their knowledge will be more up to date than that of internal staff, whose skills
may be geared specifically to their organization's needs and expectations.

Roles of a risk manager:
(1) Providing overall leadership, vision and direction, involving meestablishment of risk
management policies, establishing risk management systems etc.
Seeking opportunities for improvement or tightening of systems.
(2) Developing and promoting risk management competences, systems, culture, procedures, and
patterns of behaviour.
It is important to understand that risk management is as much about instituting and embedding risk
systems as much as issuing written procedure.
(3) Reporting on the above to management and risk committee as appropriate.
Reporting information should be in a form able to be used for the generateof external reporting as
necessary. Reporting should be full reporting information containing all of the information necessary
for management to
decide on risk policy.
4) Ensuring compliance with relevant codes, regulations, statutes, etc. This may be at national level
(e.g. Sarbanes Oxley) or it may be industry specific.
Banks, oil, mining and some parts of the tourism industry, for example, all have internal risk rules that
risk managers are required to comply with.
Internal Controls:
Internal control is broadly defined as a process, effected by an entity's board of directors,

management, and other personnel, designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:-
Reporting-->reliability of financial reporting (E.g. Auditors issue unqualified audit opinion -->
reliable)
Operations -->effectiveness and efficiency of operations
Compliance-->compliance with applicable laws and regulations
Safeguard -->safeguard assets' and investments
Fraud --> prevent and detect loss from fraud

Three features of good internal control (ERR):
The system of internal control should:-
(i) Embedded --> be embedded in the operations of the company and form part of its culture.
--> It becomes part of the company, so that, everybody will care about the culture & conscious about
internal control.
(ii) Risk --> be capable of responding quickly to evolving risks to the business arising from factors within the company
and to changes in the business environment; and
(iii) Reporting --> include procedures for reporting immediately to appropriate levels of management any significant
control failings or weaknesses that are identified together with details of corrective action being
undertaken.
Component of internal control:
A company's system of internal control commonly comprises:
• control environment
(1) The control environment sets the tone of an organisation, influencing the control consciousness of
its people.
(2) Control environment factors include:
the integrity, ethical values and competence of the entity's people;
management's philosophy and operating style;
the way management assigns authority and responsibility, and
organises anddevelops its people; and
the attention and direction provided by the Board of directors.
• Entity risk management system
Risk assessment is the identification and analysis of relevant risks to achievement of objectives,
forming a basis for determining how the risks should be managed.
• Control activities
Control activities are the policies and procedures that help ensure that management directives are
carried out. They help ensure that necessaryactions are taken to address risks to achievement of the
entity's objectives.
Control activities occur throughout the organisation, pt all levels and in all functions. They include a
range of activities as diverse as approvals, authorisations, verifications, reconciliations, reviews of
operating performance/security of assets)and segregation of duties.

• Information and communication
Information systems produce reports, containing operational, financial and compliance-related

information, that make it possible to run and control the business.
All personnel must receive a clear message from top management that control responsibilities must
be taken seriously. They must understand their own role in the internal control system, as well as how
individual activities relate to the work of others.
They must have a means of communicating significant information upstream.
Monitoring the effectiveness of the system of internal control internal control systems need to be
monitored - a process that assesses the quality of the system's performance over time.
Ongoing monitoring includes regular management and supervisory activities, and internal audit
testing.
Content of external report on internal controls
(1) A statement of acknowledgement by the board that it is responsible for the company's system of
internal control and for reviewing its effectiveness.
• This statement signifies the board accepts and acknowledges this responsibility.
• This statement sets "the tone from the top" which is essential for sustaining（持久的） a culture of
internal controls.
• This statement provides the impetus（推动，动力） for the collection of data and the authority for
changing internal systems.
(2) A summary of the processes the board (or where applicable, through its committees) has applied
in reviewing the effectiveness of the system of internal control
• This increases accountability to shareholders. Shareholders will be able to form an opinion on the
strengths and weaknesses of the process used by the board in managing internal controls.
• Weak systems and processes would be a matter of discussion at AGMs for non-executives to
strengthen.
(3) A statement that an assessment of internal control effectiveness has been carried out and the
results of the assessment. Expressing internal audit or external audit involvement in the review will
help to enhance credibility of the report.
(4) The report should contain information about any weaknesses in internal control that have resulted
in error or material losses.
Extra Notes:
(1) External reporting = Reporting to shareholders & regulators; being available to general public or
interested stakeholders.

(2) The differences between Turnbull & Sarbanes-Oxley:
Turnbull (Internal Control Report): Sarbanes-Oxley (Internal Control Report) -

USA:
(1) Board responsibility. (1). Management's responsibility.
(2) Process of assessment. (2). Process of assessment - using COSCO
Framework.
(3) Results of annual assessment. (3) Results of assessment.
(4) Significant weaknesses (4) Engage external auditor to form opinion in
internal control.
Benefits of external report on internal controls:
(1) Disclosure allows for accountability
(1) An external report on internal controls invites scrutiny from shareholders and others.
(2) If investors found the internal controls to be unsatisfactory, they are able to hold directors and
management accountable.
(3) Corrective action, including the extreme case of replacing the existing board, could be taken
before internal controls deteriorate further or significant failure occurred.
(2) Disclosure enhances confidence
(1) More information on internal controls would enhance shareholder confidence and satisfaction.
(2) A lack of confidence in the company's internal controls may have an adverse effect on the
company's share price.
(3) Reporting motivates improvement
(1) Reporting on internal controls will encourage good practice inside the company.
The knowledge that their work will be externally reported upon and scrutinised by investors will
encourage greater rigour in the IC function and in the auditcommittee.
Benefits of mandatory external report:
(1) Avoid selective reporting
If external reporting is voluntary, i.e. not mandatory, those with poor internal controls will be able to
avoid reporting on them.
(2) Encourage audit of internal controls
By specifying what should be disclosed on an annual basis companies will to make the audit of
internal controls an integral and ongoing part of their operations.
Limitation of Internal Control:
(1) A sound system of internal control reduces, but cannot eliminate, the possibility of:-
poor judgement in decision-making;
human error;
control processes being deliberately circumvented（绕过 - to avoid)by employees and others;

 Ccircumvented （绕过）= E.g. Employees choose to defy（藐视，反抗）control procedures/policy.

management overriding controls; and
the occurrence of unforeseeable circumstances.
Effectiveness of internal controls deteriorates over time because:-
• new and emerging risks,
• changes in the company's circumstances or business objectives ,
• unmonitored internal controls create the opportunity for complacency（自满）amongst staff who
operates the control procedures
• staff turnover resulting in unfamiliarity with the objective of control/ procedure and the proficiency in
carrying out the control procedure (note:staff training can help to reduce such problem)
Roles relating to internal controls:
UK Combined Code:
(1) The board's role is to provide entrepreneurial leadership of the company within a framework of
prudent and effective controls which enables risk to be assessed and managed.
(2) The board should maintain sound risk management and internal control systems.
(3) The board:-
should, at least annually, conduct a review of the effectiveness of the company's risk management
and internal control systems and
should report to shareholders that they have done so.
 The review should cover all material controls, including financial, operational and compliance
controls.
Internal Audit Testing
(1) Internal audit testing is the internal assessment of internal controls using an internal auditor or
internal audit function applying audit techniques to controls based on predetermined measures and
outcomes.
(2) Internal audit testing is a management control over the other internal controls in an organization
and ensures the levels of compliance and conformity of the internal controls in an organization.
Role of internal audit in ensuring effective internal controls:
Internal audit underpins the effectiveness of internal controls by performing several key tasks.
(1) Internal audit reviews and reports upon the controls put in place for the key risks that the company
faces in its operations.
This will involve ensuring that the control (i.e. mitigation measure) is capable of controlling the risk
should it materialize. This is the traditional view of internal audit. A key part of this role is to review the
design and effectiveness of internal controls.
Many organizations also require internal audit staff to conduct follow-up visits to ensure that any
weaknesses or failures have been addressed since their report was first submitted. This ensures that
staff take the visit seriously and must implement the findings.

(2) Internal audit may also involve an examination of financial and operating information to ensure its
accuracy, timeliness and adequacy.
In the production of internal management reports, for example, internal audit may be involved in
ensuring that the information in the report is correctly measured and accurate. Internal audit needs to
be aware of the implications of providing incomplete or partial information for decision-
making.
(3) Internal audit will typically undertake reviews of operations for compliance against standards.
Standard performance measures will have an allowed variance or tolerance and internal audit will
measure actual performance against this standard.
Internal compliance is essential in all internal control systems. Examples might include safety
performance, cost performance or the measurement of a key environmental emission against a target
amount (which would then be used as part of a key internal environmental control).
Internal audit is used to review internal systems and controls for compliance with relevant
regulations and externally-imposed targets.
Many industries have upper and lower limits on key indicators and it is the role of internal audit to
measure against these and report as necessary.
In financial services, banking, oil and gas, etc., legal compliance targetsare often placed on
companies and compliance data is required periodically by governments.
Factors to consider in setting up internal audit function:
There is an obvious cost involved in setting up internal audit in an organizationand so it is typical to

ask what factors signify the need for internal audit before one is established. Several factors influence
the need for internal audit:-
1. The scale, diversity and complexity of the company's activities
The larger, the more diverse and the more complex a range of activities is, the more there is to
monitor (and the more opportunity there is for certain things to go wrong).
2. The number of employees
As a proxy for size, the number of employees signifies that larger organizations are more likely to
need internal audit to underpin investor confidence than smaller concerns.
 More employees, human errors are easier to occur.
3. Changes in the organizational structures, reporting processes or underlying information systems
Any internal (or external) change is capable of changing the complexity of operations and,
accordingly, the risk.
4. Changes in key risks could be internal or external in nature
The introduction of a new product, entering a new market, a change in any of the PEST/PESTEL
factors or changes in the industry might trigger the need for internal audit.
5. Problems with existing internal control systems
Any problems with existing systems clearly signify the need for a tightening of systems and
increased monitoring.

6. An increased number of unexplained or unacceptable events:
System failures or similar events are a clear demonstration of internal control weakness.
 Unacceptable events:
- Can prevent, but did not prevent;
- Size of loss is very big
7. Cost-benefit considerations
Management must be certain of the benefits that will result from establishing internal audit and it
must obviously been seen to outweigh the costs of doing so.
Extra Notes:
(1) Audit Committee assess whether there is a need to set-up internal audit.
(2) Report to shareholders why internal audit is not set-up
Independence of Internal Auditor
(1) The internal audit function should be independent of the activities it audits, i.e. the internal audit
function should be independent from management (management = full-time executive).
(2) Independence is essential to ensure the objectivity of the internal auditor.
(3) Objectivity is a state or quality that implies detachment, lack of bias, not influenced by personal
feelings, prejudices or emotions.
(4) An internal auditor's professional objectivity will include fairness and even-handedness（公正的，
平衡的）, freedom from bias or prejudice and the avoidance of conflicts of interest (e.g. by accepting
gifts, threats to independence, etc.).
(5) The internal auditor should remember at all times that the purpose is to deliver a report on the
systems being audited to his or her principal, i.e. the audit committee (and then ultimately,
shareholders).
Maximizing the Independence of Internal Auditor:
(1) Internal audit function should report to the Audit Committee (Audit Committee made-up of NEDs)
and should not report to the management. This helps to ensure the scope of the internal audit's work
and the internal audit report will not be unduly influenced by the management.
(2) Internal audit staff should be externally recruited instead of an internal staff transfer (Internal
transfer, staff already have relationship).
(3) This could avoid the threat to independence arising from past relationships with the colleagues,
i.e. avoiding or reducing auditor capture, such as:-
• Familiarity threat arising from friendships or close working relationship;
• Intimidation threat arising from past dispute or quarrels

(4) A further disadvantage of internal transfer is the staff is unlikely to have relevant internal audit
qualification and experience.
(5) Thus, external appointment has following benefits:-
Enhanced independence (because no past relationship):
Firstly, then, an external appointment would help with independence and objectivity (avoiding the
possibility of auditor capture). The internal auditor would owe no personal loyalties nor 'favors' from
previous positions.
Similarly, the internal auditor would have no personal grievances nor conflicts with other people from
past disputes or arguments.
Fresh perspective:
Some benefit would be expected from the "new broom" effect in that the appointment would see the
company through fresh eyes.
 The internal auditor would be unaware of vested interests. The internal auditor would be likely to
come in with new ideas and expertise gained from other situations.
Expertise
Finally, as with any external appointment, the possibility exists for the transfer of best practice in from
outside - a net gain in knowledge for the company.
Principle-based approach towards internal controls
(1) Rules-based control is when internal control is prescribed by statute of the country's legislature.
(2) Compliance is therefore enforceable in law such that companies can face legal action if they fail to
comply.
(3) In a principles-based jurisdiction, compliance is required understock market listing rules but non-
compliance is allowed based on the premise of full disclosure of all areas of non-compliance.
(4) It is believed that the market mechanism is then capable of valuing the extent of non-compliance
and signaling to the company when an unacceptable level of compliance is reached.
Benefits of Principle-based approach towards internal controls
Flexibility:
(1) Companies with different sizes and natures face different types and degrees of risk and will
require different internal controls application to manage the risks.
(2) Principles-based approach allows the flexibility to ignore internal controls that are irrelevant.
Cost effective:
(1) Principles-based approach allows compliance that is less burdensome（负担沉重的） in time and
expenditure for the organization as the internal control requirements can be interpreted in context
rather than obeyed in detail.

Allowance for exceptional situation:
(1) There could be transitional situations that require a period of, temporary non- compliance with
internal control requirements. A principles-based approach allows the flexibility for such non-
compliance.
Development of company specific & industry specific internal controls:
(1) A principles-based approach allows companies to develop their own sector and situation-specific
approaches to internal control challenges.
(2) These will typically depend upon each company's interpretation of its own internal control
challenges.
Corporate governance and corporate social responsibility:
Corporate Social Responsibility:
(1) CSR is a concept whereby companies integrate social and environmental concerns in their
business operations and in their interaction with their stakeholders on a voluntary basis
(2) This phrase refers to the belief that companies must act in the general public interest as well as in
the specific interest of their shareholders.
(3) This can apply to:-
• the company's strategy and
• the way in which the company is governed.
This also refers to:-
• the specific social footprint that the company has locally
• the environmental footprint that a company has, i.e.
• the effect of company activities on resource consumption or the effect that emissions from
operations have.
Four Ethical Stance:
Definition of Ethical Stance
Ethical stance is the extent to which a company will exceed its minimum obligation to stakeholders on
ethical issues.
• Short-term shareholder interest
• Long-term shareholder interest
• Multiple stakeholder obligations
• Shaper of society

(A) Short-term shareholder interest:
(1) An organization takes the narrow view that the only responsibility of the business is the short-term
interest of the shareholders i.e. to maximize profit.
(2) The organization will meet the/minimum obligations specified by law but no more.
(3) For example, firms selling tobacco only obey the law of a country to sell cigarettes to only those 18
and above, they will not encourage people from stop smoking. They will be active in marketing within
the permit of law.
(B) Long-term shareholder:
(1) This ethical stance takes broadly the same approach as the short term shareholder interest except
that it takes a longer term view. Hence it may be appropriate to incur additional cost now so as to
achieve higher returns in the future.
(2) The main objective is to maximize shareholders' return but the organization will maintain the long-
term benefits of the shareholders through well-managed relationships with other stakeholders.
(3) The belief is in the long run unethical behavior is more likely to be punished.
(4) If you are found to have cheated, or your products harm people, then the short-term profits may be
increased, but longer-term profits will be decreased when you are found out.
(5) Organization with this ethical stance will normally assume wider responsibilities to enhance
corporate image.
(6) The cost of undertaking such responsibilities may be justified as essentially promotional
expenditure.
(7) For example, sponsorship and donation is given for publicity and is justified as marketing
expenditure to promote the company's brand name and reputation.
Multiple stakeholder obligations:
(1) This ethical stance accepts that the organization exists for more than simply making a profit.
(2) It takes the view that all organizations have a role to play in society and so they must take account
of all the stakeholders' interests. Hence they explicitly involve other stakeholders' interests in decision
making.
(3) Company with this ethical stance:
• takes into consideration the interest and expectation of wide range of stakeholders (instead of just
shareholders) in the company purposes and strategies and
• will go beyond the minimum obligations of regulation and corporate

governance.
For example, an organization will carefully consider the interest of all stakeholders and the impact of
its plan (to build a manufacturing plant) on the stakeholders to ensure most of the stakeholders are
benefited.

Shaper of society:
(1) Company with this ethical stance is ideological (ideological-driven = Driven by mission) and have
purpose that are concerned with shaping the society, i.e. where a company or organization sets
out to fundamentally change the way society is run.
(2) This type of organization will regard financial considerations as of secondary importance.
(3) The vision of the organization is the focus for all its actions. Financial and other stakeholder's
interests are secondary to the over-riding purpose of the organization.
(4) For example, some organizations may attempt to be very green and very ecologically
(environmentally) respectable.
Stakeholder:
Definition
Stakeholder is any group or individual who:

• can affect (i.e. influence) the achievement of an organization's objectives;
or
• can be affected by the achievement of an organization's objectives
Stakeholder's Claim:
(1) Stakeholder's claim refers to the fact that stakeholder wants something from the organisation.
(2) Some stakeholders want to influence the company's activities.
(3) Some stakeholders want to change the way they are being affected by the companies' activities.
Direct Stakeholder Claim:
(1) Direct stakeholder claims are made directly between the stakeholder and the organisation.
(2) Direct stakeholder claims are made by stakeholders with their own "voice".
(3) Direct stakeholder claims are usually clearly expressed.
(4) Stakeholders making direct claims will typically include:-
 trade unions,
 shareholders,
 employees,
 customers,
 suppliers and
 local communities.
Indirect Stakeholder Claims:
(1) Indirect claims are made by those stakeholders unable to make the claim directly because they
are, for some reason, inarticulate or Voiceless'.
(2) Indirect claims are from stakeholders that are unable to express their claim direct to the
organization.

(3) Examples:
• Powerless customers (e.g. an individual customer of a very large organisation),
• Natural environment (thus does not have a voice to express the claim)
• Future generations (e.g. non-existence yet to make a claim)
• Suppliers from remote countries
(4) The claim of an indirect stakeholder must be interpreted by someone else in order to be
expressed.
(5) The problem with indirect claim is the reliability of the interpreters.
(6) The lack of reliability makes it difficult for an organization to consider indirect claim in their decision
making.
Mendelow framework:
(1) Mendelow framework is used to establish which stakeholders have the most
influence by estimating each stakeholder's individual:
• power over - and

• interest in -
the organisation's affairs.
Influence = Power X Interest:
Power is the stakeholder's ability to influence objectives (how much they can), while interest is the
stakeholder's willingness (how much they care).

Top Left --> Minimal Effort
(1) Those with neither interest nor power (top left) can, according to the framework, be largely ignored
for strategic decision making. [Note: This does not take into account any moral or ethical
considerations.]
Bottom Right ---> Key Players
(1) Those in the bottom right are the high-interest and high-power stakeholders, and are the
stakeholders with the highest influence.
(2) Support from key players must be secured to reduce risk of failure or resistance.
(3) If there is only one (e.g. management) then there is unlikely to be any conflict in a given decision-
making situation.
(4) If there are several and they disagree on the way forward, there are likely to be difficulties in
decision making and ambiguity over strategic direction.
Top Right --> Keep informed
(1) Stakeholders with high interest (i.e. they care a lot) but low power can increase their overall
influence by forming coalitions with other stakeholders in order to exert a greater pressure and
thereby make themselves more powerful.
(2) By moving downwards on the map, because their power has increased by the formation of a
coalition, their overall influence is increased.
(3) The management strategy for dealing with these stakeholders is to 'keep informed' so that they will
not start forming coalitions or influence other key players.
Bottom Left --> Keep satisfied
(1) Stakeholders in the bottom left of the map are those with high power but low interest.
(2) All these stakeholders need to do to become Influential is to re-awaken their interest. This will
move them across to the right and into the high influence sector.
(3) The management strategy for these stakeholders is to 'keep satisfied' so that they remain passive
and will not increase their interest level.
Categories of stakeholders
1. Internal and external stakeholders
2. Narrow and wide stakeholders
3. Primary and secondary stakeholders
4. Active and passive stakeholders
5. Voluntary and involuntary stakeholders
6. Legitimate and illegitimate stakeholders
7. Recognized and unrecognized (by the organization) stakeholders
8. Known about and unknown stakeholders

1. Internal and external stakeholders
(1) Internal stakeholders are those inside the organisation.

• employees
• management
(2) External stakeholders are those outside the organisation.

• customers
• competitors
• suppliers
• regulators
• community
(3) Some stakeholders are both internal and external, e.g. trade union
2. Narrow and wide stakeholders
(1) Narrow stakeholders are those that are the most affected by the organization's policies or
activities.
• shareholders,
• management,
• employees,
• suppliers,
• customers who are dependent upon the organization's output
• local community
(2) Wider stakeholders are those less affected by the organization's policies or activities.
• government,
• less-dependent customers,
• the wider community (as opposed to the local community)
(3) Usually, an organization has a higher degree of responsibility and accountability to its narrower
stakeholders.
3. Primary and secondary stakeholders
(1) A primary stakeholder group is one without whose continuing participation the corporation cannot
survive as a going concern.
(2) Secondary stakeholders are those that the organization does not directly depend upon for its
immediate survival.
4. Active and passive stakeholders
(1) Active stakeholders are those who seek to participate in the organization's activities.
(2) Active stakeholders may or may not be a part of the organization's formal structure.
(3) Examples of active stakeholders:

• Management
• Employees
• Regulators
• Environmental pressure groups
(4) Passive stakeholders are those who do not normally seek to participate in an organization's policy
making or decision making.

(5) Passive stakeholders include:

1. most shareholders,
2. government, and
3. local communities.
5. Voluntary and involuntary stakeholders
(1) Voluntary stakeholders are those who choose to engage with the organization, i.e. voluntarily.
(2) Example of voluntary stakeholders:-
• employees with transferable skills (who could work elsewhere),

• most customers,
• suppliers,
• shareholders,
• environmental interest group
• trade union
(3) Involuntary stakeholders are those who did not choose to engage with the organization but are
being forced into engaging with the organization, i.e. engage with the organization involuntarily.
6. Legitimate and illegitimate stakeholders
(1) Legitimate stakeholders are those with a mandate to make a claim on the company.
(2) Stakeholders with an active economic relationship with an organization will almost always be
considered legitimate stakeholders. Views of legitimate stakeholders are considered in decision
making.
(3) Illegitimate stakeholders are those without a mandate to make a claim on the company.
(4) The views of illegitimate stakeholders are not considered in decision making.
(5) The legitimacy of the claims of lobby groups, campaigning organizations, and non-
governmental/charitable organizations depends on the view of the organization, i.e. whether the
organization chose to recognize their claims.
7. Recognized and unrecognized (by the organization) stakeholders
(1) Recognized stakeholders refer to those whose claims are considered legitimate by the company.
Thus, their views will be considered during decision making.
(2) Unrecognized stakeholders refer to those whose claims are considered illegitimate. Unrecognized
stakeholder's claim will not be taken into account when the organization makes decisions.
8. Known about and unknown stakeholders
(1) Known about stakeholders are those whom the company is aware of their existence.
(2) Unknown stakeholders are those whom the company is unaware of their existence.
(3) Example of unknown stakeholders:

• nameless sea creatures,
• undiscovered species,
• communities in close proximity to overseas suppliers,
(4) It is very difficult to recognize whether the claims of unknown stakeholders are considered
legitimate or not.

Shareholder vs Stakeholder
Shareholder's view
(1) Because organisations are 'owned' by their principals (the shareholders), the agents (directors)
have a moral and legal duty to only take account of principals' claims when setting objectives and
making decisions.
(2) Because principals (shareholders) seek to maximise their returns, the sole duty of agents is to act
in such a way as to achieve that.
Stakeholders' view
(1) Because a business organization is a citizen of society, enjoying its protection, support and
benefits, it has a duty to recognize a multiple claims in the same way that an individual might act as a
"responsible citizen".
(2) In effect, this means recognizing claims in addition to those of shareholders when reaching
decisions and deciding on strategies.
Instrumental and Normative Motivations of stakeholder theory
(1) Why organizations take account of stakeholder concerns in their decision

making? -->Two motivations:
• Instrumental view
• Normative view
The instrumental view of stakeholders:
(1) The instrumental view of stakeholder relations is that organizations take stakeholder opinions into
account only when they are consistent with economic objectives (e.g. profit maximization, gaining
market share, compliance with a corporate governance standard).
(2) Company will consent to stakeholder opinion is the best way of achieving other business
objectives.
(3) Stakeholders are used instrumentally in the pursuit of other objectives.
The normative view of stakeholders:
(1) The normative view argues that organizations should accommodate stakeholder concerns
because by doing so the organization observes its moral duty to each stakeholder.
(2) The normative view sees stakeholders as ends in themselves and not just instrumental to the
achievement of other ends.
Seven Positions Along The Continuum: Gray, Owen and Adams:
1. Pristine capitalists
2. Expedients
3. Social contracting
4. Social ecologist
6, Radical feminists
7. Deep ecologists (deep green)

Pristine capitalists
(1) Shareholder wealth maximization
(2) Anything that reduces potential shareholder wealth is effectively theft from shareholders.
(3) Shareholders have risked their own money to invest in a business, and it is they who are the legal
owners, only they have any right to determine the objectives and strategies of the business.
(4) Although pristine capitalists recognized there are social and environmental costs of doing
business, they view this as a responsibility of society, not of organizations.
Expedients
(1) Maximizing shareholder wealth, but recognizes that some social responsibility expenditure may be
necessary in order to better strategically position an organization so as to maximize profits.
(2) A company might adopt an environmental policy or give money to charity if it believes that by so
doing, it will create a favourable image that will help in its overall strategic positioning.
(3) Expedients consider CSR objectives if it contributes positively to the economic interests of the
organization.
(4) Expedients often have a long-term view that investing in CSR is good for the bottom line, returning
money to the investors based on a solid reputation and good public relations.
Social contract position:
(1) The social contract position argues that businesses enjoy a license to operate and that this license
is granted by society as long as the business acts in such a way as to be deserving of that license.
(2) Businesses need to be aware of the norms (including ethical norms) in society so that they can
continually adapt to them. For example, a company will adopt environmentally friendly measures
because of the expectation from the society.
(3) If an organization acts in a way that society finds unacceptable, the license to operate can be
withdrawn by society,
(4) Organizations fitting into this category are inclined to take into account the concerns of all those
affected by their decisions.
Social ecologists:
(1) Social ecologists believe that, regardless of the views of society, business has a social and
environmental footprint and therefore bears some responsibility in minimizing the negative footprint it
creates.
(2) An organization might adopt socially and/or environmentally responsible policies not because it
has to in order to be aligned with the norms of society (as the social contractarians would say) but
because it feels it has a responsibility to do so.
(3) Social ecologists view current organizations as wasteful, exhausting important resources and
contributing to pollution problems. As such, organizations must modify their approaches and
consciously embrace CSR as the model going forward.
(4) Social ecologists believe that commercial enterprises and large organizations are primarily
responsible for environmental destructions and should take centre stage in fixing the environmental
issues resulting from their business activities.

Socialists:
(1) Socialists believe the actions of capitalist business as exploitative, manipulating,

and even oppressing other classes of people.
(2) Socialists believe business is a concentrator of wealth in society (not a re-distributor).
(3) Socialists believe business should be conducted in a very different way - one that recognizes and
redresses the imbalances in society and provides benefits to stakeholders well beyond the owners of
capital, i.e. shares risk and reward equally.
Radical feminists:
(1) Radical feminists believe that society and business are based on masculine values such as
aggression, power, assertiveness, hierarchy, domination, and competitiveness.
(2) This results in many of the social and environmental problems.
(3) Radical feminists believe it would be better if society and business were based on feminine values
such as fairness, compassion and mercy.
(4) A radical feminist organization seeks to implement feminine values, such as cooperation in all
organizational dealings.
Deep ecologists (deep green):
(1) The position of a deep ecologist organization stresses that human beings are of no more
importance than other living organisms and therefore do not have the rights to resources or life above
those any other being.
(2) Deep ecologists often question the need for industry and commerce, instead promoting self-
sufficiency and sustainability.
Ethical Theories
• Deontologlcal vs teleological ethics
• Non-consequentialist vs consequentialist
• Absolutist vs relativist
• Kohlberg stages of moral development
Deontological ethics (also known as non-consequentialist)
(1) The deontological view is that an act is right or wrong in itself.
(2) The rightness of an action is judged by its intrinsic virtue.
(3) Morality is seen as absolute and not situational.
(4) If an action is wrong in one situation, the action is wrong in all situations.
(5) The fact that the action may cause favourable outcomes in some situations does not make it
ethically right.
(6) Deontological moral systems focused on adherence to moral rules or duties.

(7) To make the correct moral choices, we have to understand what our moral duties are and what
correct rules exist to regulate those duties.
(8) When we follow our duty, we are behaving morally. When we fail to follow our duty, we are
behaving immorally.
(9) An action is right if it would, by its general adoption, be of net benefit to society.
(10) An action that is deemed to be ethically wrong, if adopted in all situations, would lead to the
deterioration of society.
Teleological ethics (also known as consequentialist)
(1) An action is ethical/moral if it produces desirable result.
(2) Teleological moral systems are characterized primarily by a focus on the consequences which any
action might have (for that reason, they are often referred to as consequentalist moral systems).
(3) Thus, in order to make correct moral choices, we have to have some understanding of what will
result from our choices.
(4) There are two forms of teleological ethics - egoism and utilitarianism.
(5) Egoism - From the egoist perspective, the quality of the outcome refers to the individual ("what is
best for me?").
(6) Utilitarianism - Utilitarianism measures the quality of outcome in terms of the

greatest good for the greatest number of people ("what is best for the
majority?").
Consequentialist ethics
(1) The consequentialist is similar to teleological perspective which is based on utilitarian or egoist
ethics meaning that the Tightness of an action is judged by the quality of the outcome.
(2) An action is morally justified if the outcome is favourable.
(3) Consequentialist ethics are therefore situational and contingent, and not absolute.
(4) A non-consequentialist theory of value judges the Tightness or wrongness of an

action based on properties intrinsic to the action, not on its consequences.
(5) Non-consequentialists ethics are absolute and not relative or situational.
Absolutism vs Relativism (Absolutist vs Relativist)
(1) Moral absolutism refers to the position that there are absolute standards against which moral
questions can be judged, and that certain actions are good or evil, regardless of the context of the act.
(2) Moral absolutism is the ethical view that certain actions are absolutely right or wrong, regardless
of other contexts such as their consequences or the intentions behind them.
(3) Thus stealing, for instance, might be considered to be always immoral, even if done to promote
some other good (e.g., stealing food to feed a starving family), and even if it does in the end promote
such a good.

(4) According to absolutist ethics, fixed and unchanging ethical rules exist and those rules apply to all
individuals in all cultures.
(5) Ethical relativism is the theory that holds that morality is relative to the norms of one's culture.
(6) That is, whether an action is right or wrong depends on the moral norms of the society in which it
is practiced. The same action may be morally right in one society but be morally wrong in another.
Kohlberg's Three Levels And Six Stages Of Moral Development:
Level 1 - Pre-conventional Morality:
(1) The pre-conventional moral development level views the moral right as that which attracts:
• the least punishment and
• the most reward.
(2) There are two stages within the pre-conventional morality:
• Stage 1 - Obedience and punishment orientation

• Stage 2 - Instrumental relativist orientation
• Stage 1 - Obedience and Punishment Orientation.
(1) An act is immoral if there is punishment.
(2) An act is moral if there is no punishment or if one can get away with it without being punished. .
 Stage 2 - Instrumental relativist orientation
An act is moral if it results in personal reward.
Level 2 - Conventional Morality:
(1) The conventional ethical level views the moral "right" according to whether it is compliant with the
existing legal and regulatory frameworks and/or norms of the society or culture in which the decision
is taking place.
(2) There are two stages within conventional morality:-
• Stage 3 - Good boy-nice girl orientation (good interpersonal relationship)
• Stage 4 - Law and order orientation (Maintaining the Social Order)

• Stage 3 - Good boy-nice girl orientation
At this stage, an action is moral if It is according to the expectations of significant groups Such as the
family, friends and colleagues.
• Stage 4 - Law and order orientation
At stage 4, ethical behaviour becomes more broadly concerned with society as a whole. Now the
emphasis is on obeying laws, respecting authority, and performing one's duties so that the social
order is maintained.
Level 3 - Post-conventional Morality:
(1) At the post-conventional level, morality is understood in terms of conformance with social contract
or "higher or "universal" ethical principles.
(2) There are two stages within post-conventional morality:

 Stage 5 - Social contract orientation
• Stage 6 - Universal ethical principle orientation
 Stage 5 - Social Contract orientation
An action is moral if it conforms to social contract.
An action is moral if it results in social utility or is in public interest. While rules are needed to maintain
social order, law may be imperfect and should be improved by social contract for the greater good of
society.
Right action is one that protects the rights of the individual according to rules agreed upon by the
whole society.
• Stage 6 - Universal Principles orientation
An action is moral or not should be judged against universal principles. Imperfect law should be
changed, even at all cost, such as by force.
Ethical Decision Framework:
(1) Many business decisions have ethical elements to them. This is because of the impacts of those
decisions, and the fact that outcomes are likely to affect stakeholders in different ways and will
express different ethical values.
(2) Two models, namely the Tucker 5Q model and the American Accountants Association model, can
be used to ensure that ethical considerations are included when making important decisions.
(3) Both models contain distinct steps or questions that encourage the decision maker to recognise
the ethical issues in a decision.
(4) The AAA model invites the decision maker to explicitly outline their norms, principles, and values,
while Tucker's model allows for discussion and debate over conflicting claims (e.g. between different
beliefs of what is 'fair' and 'right'). Both are potentially useful to senior decision makers.
Tucker 5 Question Model
(1) Before arriving at an ethical decision when faced with ethical dilemma, the
decision maker should attempt to answer the following questions:

(2) Is the decision:-
1. profitable?
2. legal?
3. fair?
4. right?
5. sustainable or environmentally sound?
Is it profitable?
When answering this question, it is reasonable to ask, 'compared to what?'
Is it legal?
This depends on the applicable law and regulation in the specific jurisdiction
Is it fair?
Whether an option is "fair" depends on whose perspective is being adopted. This might involve a
consideration of the stakeholders involved in the decision and the effects on them.
Is it right?
Whether an option is 'right' depends on the ethical position adopted. A deontological perspective may
well arrive at a different answer than a teleological perspective.
Is it sustainable or environmentally sound?
Whether the decision has positive or negative impact on the environment
American Accountants Association 7 Step Model:
1. What are the facts of the case?

2. What are the ethical issues in the case?
3. What are the norms,(principles^ and values related to the case?
4. What are the alternative courses of action?
5. What is the best course of action that is consistent with the norms, principles, and values identified
in Step 3?
6. What are the consequences of each possible course of action?
7. What is the decision?
The following case scenarios were published in an examiner's article "Ethical Decision Making" in
March 2008.
Tucker: Scenario 1
 Big Company is planning to build a new factory in a developing country.
 Analysis shows that the new factory investment will be more profitable than alternatives because of
the cheaper labour and land costs.]The government of the developing country has helped the
company with its legal compliance, which is now fully complete, and the local population is anxiously
waiting for the jobs which will.
 In turn, bring much needed economic growth to the developing country.
 The factory is to be built on reclaimed 'brownfield' land and will produce a lower unit rate of
environmental emissions than a previous technology.

Is it profitable?
Yes. The investment will enable the company to make a superior return than the alternatives. The
case explains that these are 'because of the cheaper labor and land costs'.
Is it legal?
Yes. The government of the developing country, presumably very keen to attract the investment, has
helped the company with its legal issues.
Is it fair?
As far as we can tell, yes. The only stakeholder mentioned in the scenario is the workforce of the
developing country who, we are told, is 'anxiously waiting' for the jobs. The scenario does not mention
any stakeholders adversely affected by the investment.
Is it right?
Yes. The scenario explains that the factory will help the developing country with "much needed
economic growth", and no counter-arguments are given.
Is it sustainable or environmentally sound?
Yes. The scenario specifically mentions an environmental advantage from the investment.
Scenario for the AAA model
 An auditor uncovers an irregular cash payment and receives an unsatisfactory explanation for it
from the client's finance director.
 He suspects the cash payment is a bribe paid to someone but can't prove it. The client then offers
to pay the auditor a large amount of money if he pretends not to have noticed the payment.
 The amount of money offered by the client is large enough to make a significant difference to the
auditor's wealth. Should the auditor take the money?
Step 1: What are the facts of the case?
The facts are that the auditor has uncovered what he believes to be a bribe and has, in turn, been
offered a bribe to ignore or overlook it.
Step 2: What are the ethical issues in the case?
The ethical issue is whether or not an auditor should accept a bribe. In accepting the bribe he would
be acting illegally and would also be negligent of his professional duties.
Step 3: What are the norms, principles, and values related to the case?
 The norms, principles, and values are that auditors are assumed (by shareholders and others
active in capital markets) to have impeccable integrity and to assure that the company is providing a
'true and fair view' of its financial situation at the time of the audit.
 Auditors are entrusted with the task of assuring a company's financial accounts and anything that
prevents this or interferes with an auditor's objectivity is a failure of the auditor's duty to shareholders.
Step 4: What are the alternative courses of action?
Option 1 is to accept the bribe and ignore the irregular cash payment. Option 2
is to refuse the bribe and take appropriate actions accordingly.

Step 5: What is the best course of action that is consistent with the norms, principles, and
values identified in Step 3?
The course of action consistent with the norms, principles, and values in Step 3 is to refuse the bribe.
The auditor would report the initial irregular payment and then also probably report the client for
offering the second bribe.
Step 6: What are the consequences of each possible course of action?
 Under Option 1, the auditor would accept the bribe. He would enjoy the increase in wealth and
presumably an increase in his standard of living but he would expose himself to the risk of being in
both professional and legal trouble if his acceptance of the bribe was ever uncovered.
 He would have to 'live with himself knowing that he had taken a bribe and would be in debt to the
client, knowing that the client could expose him at any time.
 Under Option 2, the auditor would refuse the bribe. This would be likely to have a number of
unfortunate consequences for the client and possibly for the future of the client-auditor relationship. It
would, however, maintain and enhance the reputation and social standing of auditors, maintain public
confidence in audit, and serve the best Interests of the shareholders.
Step 7: What is the decision?
The ethical decision is Option 2. The auditor should refuse the bribe.
Professions and the public interest
What are "professionals? " (memorize)
 Society accords professional status to those that both possess a high level of technical knowledge
in a given area of expertise (accounting, engineering, law, dentistry, medicine) on the understanding
that the expertise is used in the public interest.
 The body of knowledge is gained through:
• passing examinations and

• gaining practical expertise over time.
What is public Interest?
(1) Public interest concerns the overall welfare of society rather than sectional interest such as the
shareholders in a particular company or a particular professional interest.
(2) It is generally assumed, for example, that all professional actions, whether by medical, legal or
accounting professionals, should be for the greater good rather than for sectional interest.
(3) Acting in the public interest means that the professional always seeks to uphold the interests of
society and the best interests of clients (subject to legal and ethical compliance).
Accounting's role as a "value-laden （主观的）" profession:
(1) This refers to the fact that the work by professional is capable of influencing the distribution of
power and wealth in society.
(2) For example, the accuracy of financial reporting enables:-
• investors to make sound investment decision and enjoy return from good investment and avoid
losses from bad investment;
• management to make sound business decisions to generate better return;

• inland revenue authority to apply taxes on businesses on a fair basis
Dual Duty of Professional Accountants
(1) Professional accountants thus have two duties:
• Duty towards employer or clients

• Duty towards public interest
(2) A professional accountant's responsibility is not exclusively to satisfy the needs of an individual
client or employer.
(3) The accountancy profession's public consists of clients, credit granters, governments, employers,
employees, investors, the business and financial community and others who rely on the objectivity
and integrity professional accountants to maintain the orderly functioning of commerce.
(4) This reliance imposes a public interest responsibility on the accountancy profession. In this aspect,
the public interest is defined as the collective well-being of the community of people and institutions
the professional accountant serves.
Responsibilities to employer:
(1) An accountant's/responsibilities to his or her employer extend to acting with diligence, probity and
with the highest standards of care in all situations.
(2) In addition, however, an employer might reasonably expect the accountant to observe employer
confidentiality as far as possible.
(3) In most situations, this will extend to absolute discretion of all sensitive matters both during and
after the period of employment.
(4) The responsibilities also include the expectation that:-
• the accountant will act in shareholders' interests as far as possible and;

• the accountant will show loyalty within the bounds of legal and ethical good practice
Responsibilities as a professional:
(1) In addition to an accountant's responsibilities to his or her employer, there is a further set of
expectations arising from his or her membership of the accounting.
(2) Professional accountants are expected to observe the letter and spirit of the law in detail and of
professional ethical codes.
(3) In any professional or ethical situation where codes do not clearly apply, a professional accountant
should apply "principles-based" ethical standards (such as integrity and probity) such that they are
able to account for their behaviour.
(4) Accountants are required to act in the public interest. In the situation where there is a conflict
between public interest duty and duty to employer, the public interest duty should prevail（主要的）.
(5) For example, in an extreme case, a professional accountant may be reporting an errant employer
to the relevant authorities.

Code of ethics:
There are two types of code of ethics:
 Corporate code of ethics; and

 Professional code of ethics
Corporate Code of Ethics
Purposes of codes of ethics
A corporate code of ethics (sometimes contrasted with a professional code) has five general
purposes.
(1). The first is communicating the organization's values into a succinct（简洁的，简明的 - simple,
short and sweet) and sometimes memorable form. This might involve defining the strategic purposes
of the organization and how this might affect ethical attitudes and policies.
(2). Second, the c6de serves to identify the key stakeholders and the promotion of stakeholder rights
and responsibilities. This may involve deciding on the legitimacy（合法性的） of the claims of certain
stakeholders and how the company will behave towards them.
(3). Third, a code of ethics is a means of conveying these values to stakeholders. It is important for
internal and external stakeholders to understand the ethical positions of a company so they know
what to expect in a given situation and to know how the company will behave. This is especially
important with powerful stakeholders, perhaps including customers, suppliers and employees.
(4) Fourth, a code of ethics serves to influence and control individuals' behaviour, especially internal
stakeholders such as management and employees. The values conveyed by the code are intended to
provide for an agreed outcome whenever a given situation arises and to underpin a way of conducting
organizational life in accordance with those values.
(5) Fifth, a code of ethics can be an important part of an organization's strategic positioning, in the
same way that an organization's reputation as an employer, supplier, etc can be a part of strategic
positioning, so can its ethical reputation in society. Its code of ethics is a prominent way of articulating
（表达 - Explain or express your thought) and underpinning（支持，巩固） that.
Contents of a corporate code of ethics
The typical contents of a corporate code of ethics are as follows:-
• Values of the company
(1) This might include notes on the strategic purpose of the organization and any underlying beliefs,
values, assumptions or principles.
(2) Values may be expressed in terms of social and environmental perspectives, and expressions of
intent regarding compliance with best practice, etc.
• Shareholders and suppliers of finance
(1) This expresses:-
• how the company views the importance of sources of finances,

• how the company intends to communicate with them and
• how they will be treated in terms of transparency, truthfulness and honesty.

 Employees
This describes the policies towards employees, which might include equal opportunities policies,
training and development, recruitment, retention and removal of staff.
• Customers
This describes how the company intends to treat its customers, typically in terms of policy of customer
satisfaction, product mix, product quality, product information and complaints procedure.
• Supplier chain/suppliers
(1) Ethical policy on supply chain might include undertakings to buy from certain approved suppliers
only, to buy only above a certain level of quality, to engage constructively with suppliers (e.g. for
product development purposes) or not to buy from suppliers who do not meet with their own ethical
standards.
(2) This is becoming an increasingly important part of ethical behaviour as stakeholders scrutinize
where and how companies source their products (e.g. farming practice, GM foods, fair trade issues,
etc).
• Community and wider society
(1) This section concerns the manner in which the company aims to relate to a range of stakeholders
with whom it does not have a direct economic relationship (e.g. neighbours, opinion formers, pressure
groups, etc).
(2) It might include undertakings on consultation, "listening", seeking consent, partnership

arrangements (e.g. in community relationships with local schools) and similar.
Code of ethics and strategic positioning:
(1) Strategic positioning is about the way that a whole company is placed in its environment as
opposed to the operational level, which considers the individual parts of the organization.
(2) Ethical reputation and practice can be a key part of environmental "fit", along with other strategic
issues such as generic strategy, quality and product range.
(3) The "fit' enables the company to more fully meet the expectations, needs and demands of its
relevant stakeholders.
(4) The "quality" of the strategic "fit" is one of the major determinants of business performance and so
is vital to the success of the business.
Professional Accountants Code of Ethics:
When carry out their professional duties, professional accountants are required
to comply professional code of Ethics issued by professional bodies such as the
IFAC, ACCA and ICPAS.
Fundamental principles (responsibilities) as a professional
(1) A professional accountant shall comply with the following fundamental principles:-
(a) Integrity - to be straightforward and honest in all professional and

business relationships.
(b) Objectivity - to not allow bias/conflict of interests undue influence of

others to override professional or business judgments.

(c) Professional Competence and Due Care - to maintain professional knowledge and skill at the
level required to ensure that a client or employer receives competent professional services based on
current developments in practice, legislation and techniques and act diligently and in accordance with
applicable technical and professional standards.
(d) Confidentiality - to respect the confidentiality of information acquired as a result of professional

and business relationships and, therefore, not disclose any such information to third parties without
proper and specific authority, unless there is a legal or professional right or duty to disclose,
nor use the information for the personal advantage of the professional accountant or third parties.
(e) Professional behaviour - to comply with law and do not bring disrepute to the profession.
Ethical Threat
Professional accountants should be aware of the presence of ethical threats that could affect their
compliance with the fundamental principles and implement safeguards to avoid and reduce the ethical
threat to an acceptable level.
(a) Self-Interest threats, which may occur as a result of the financial or other interests of a
professional accountant or of an immediate family member;
(b) Self-review threats, which may occur when a previous judgment needs to be re-evaluated by the
professional accountant responsible for that judgment;
(c) Advocacy threats, which may occur when a professional accountant promotes a position or
opinion to the point that subsequent objectivity may be compromised;
(d) Familiarity threats, which may occur when, because of a close relationship, a professional
accountant becomes too sympathetic to the interests of others; and
(e) Intimidation threats, which may occur when a professional accountant may be deterred from
acting objectively by threats, actual or perceived.
Ethical threats affecting auditor's independence:
(1) Too dependent on large fee clients will give rise to self-interest threat. The fear losing large fee
income makes the auditor less willing to challenge the audit client for misstatements in the financial
statements.
(2) Non-audit services in addition to audit give rise to the self-review threat. The work previous carried
out by auditor will then by audited by the same auditing, e.g. accounting work or valuation work.
(3) Many years of working relationship (i.e. long association) with the senior personnel of the audit
client give rise to familiarity threat.
(4) Some of the non-audit services may require the auditor to promote the audit client's position, for
example, as expert witness or helping the audit client to negotiate a business transaction. Such
services will give rise to an advocacy threat.
(5) Large clients may use their position and threaten auditor with dismissal to influence the auditor'
opinion. This will give rise to intimidation threat.
Unethical Behaviour - Bribery and Insider Trading:-
Insider Trading
(1) Insider trading is the buying or selling of company shares based on knowledge not publicly
available.

(2) Directors and accountants are often in possession of market-sensitive information ahead of its
publication and they would therefore know if the current share price is under or over-valued given
what they know about forthcoming events.
(3) If, for example, they are made aware of a higher than expected performance, it would be classed
as insider dealing to buy company shares before that information was published.
(4) Similarly, selling shares in advance of results publication indicating previous over-valuation, would
also be considered as insider dealing.
Why is insider trading unethical and often illegal?
Impact on shareholders (agency relationship)
(1) By accepting a directorship, each director agrees to act primarily in the interests of shareholders.
This means that decisions taken must always be for the best long-term value for shareholders.
(2) If insider dealing is allowed, then it is likely that some decisions would have a short-term effect
which would not be of the best long-term value for shareholders.
(3) For example, businesses which are about to be taken-over often see a significant rise in their
share price. In this situation directors might purchase shares in their own companies, seek potential
buyers for the company and recommend the sale to shareholders, in order to make a profit on their
own share investments.
(4) For this reason, a blanket ban on insider dealing ensures that such short-term measures are not
taken.
Impact on society (capital market):
There is also the potential damage that insider trading does to the reputation and integrity of the
capital markets in general which could put off investors who would have no such access to privileged
information and who would perceive that such market distortions might increase the risk and
variability（可变性） of returns beyond what they should be.
Bribery and Corruption:
(1) Bribery, is an act of implying money or gift giving that alters the behaviour of the recipient.
(2) One must be careful of differing social and cultural norms when examining bribery.
(3) Expectations of when a monetary transaction is appropriate can differ from place to place. Political
campaign contributions in the form of cash, for example, are considered criminal art£ of bribery in
some countries, while in the United States, provided they adhere to election law, are legal.
Bribery is unethical
(1) Bribery is being unfair to competitors who refused to offer inducement.
(2) Bribery induces the decision maker to make decision for personal interest instead of the interest of
the company and the shareholders.
(3) On a macro-basis, bribery will result in misallocation of resources. Money will be spent on areas
not necessary giving the best return that represents the best use of money.

Anti-Bribery - Good Practice Guidance for Companies:
(1) Effective internal controls, ethics, and compliance programmes or measures for preventing and
detecting foreign bribery should be developed on the basis of a risk assessment addressing the
individual circumstances of a company, in particular the foreign bribery risks facing the company
(such as its geographical and industrial sector of operation). Such circumstances and risks should be
regularly monitored, re-assessed, and adapted as necessary to ensure the continued effectiveness of
the company's internal controls, ethics, and compliance programme or measures.
(2) Companies should consider the following good practices for ensuring effective internal controls,
ethics, and compliance programmes or measures for the purpose of preventing and detecting foreign
bribery:
(i) strong, explicit and visible support and commitment from senior management to the company's
internal controls, ethics and compliance programmes or measures for preventing and detecting
foreign bribery;
(ii) a clearly articulated and visible corporate policy prohibiting foreign bribery;
(iii). compliance with this prohibition and the related internal controls, ethics, and compliance
programmes or measures is the duty of individuals at all levels of the company;
(iv). oversight of ethics and compliance programmes or measures regarding foreign bribery, including
the authority to report matters directly to independent monitoring bodies such as internal audit
committees of boards of directors or of supervisory boards, is the duty of one or more senior
corporate officers, with an adequate level of autonomy from management, resources, and authority;
(v) ethics and compliance programmes or measures designed to prevent and detect foreign bribery,
applicable to all directors, officers, and employees, and applicable to all entities over which a
company has effective control, including subsidiaries, on, inter alia, the following areas:
i) gifts;
ii) hospitality, entertainment and expenses;
iii) customer travel;
iv) political contributions;

considered as bribery
v) charitable donations and sponsorship;
vi) facilitation payments; and
vii) solicitation （请求，征求） and

extortion （勒索，抢夺 - coercion or pressure)
Social and environmental issues in the conduct of business and ethical behaviour:
Sustainability and sustainable development
(1) Sustainability is the ability of the business to continue to*exist and conduct operations with no
effects on the environment that cannot be offset or made good in some other way.
(2) Sustainable development is activity that, 'meets the needs of the present without compromising
the ability of future generations to meet their own needs'.
(3) Inputs (resources) must only be consumed at a rate at which they can be reproduced, offset or in
some other way not irreplaceably depleted.

"Outputs (such as waste and products) must not pollute the environment at a rate greater than can be
cleared or offset.
Environmental Footprint:
(1) The environmental footprint refers to the size of an entity's impact on the environment in two
respects.
(a) Firstly, concerning the company's resource consumption where resources are
defined in terms of inputs such as energy, feedstock, water, land use, etc.
(b) Second, concerning any harm to the environment brought about by pollution emissions. These
include emissions of carbon and other chemicals, local emissions, spillages (leakage溢出物）, etc.
Positive environment footprint:
Positive environment footprint refers to the situation when the company's business activities result in:
• Resource replenishment exceeds resource consumption;
• Emission of carbon and other pollutants is lower than the rate the nature environment capacity to
absorb.
Negative environment footprint:
(1) Negative environment footprint refers to the situation when the company's business activities
result in:
• Resource consumption exceeds resource replenishment
• Emission exceeds the capacity that can be absorbed by the natural environment
(2) The footprint of any organisation includes the sum total of its positive and negative interactions
with the environment. Both sides need to be taken into account before an evaluation of the
environmental footprint can be established.
(3) Whilst this sometimes involves negative impacts such as carbon emissions and accidental
pollution, it also takes into account the positive impacts such as social benefit, through such things as
job creation, and positive environmental impacts.
(4) Both 'sides' need to be taken into account before an overall evaluation of the social and
environmental footprint can be established.
Social footprint
Social footprint refers to the impact of a company's activity on the well-being of the society.
Examples of positive social footprint include:

• Job creation
• Improve economic well-being of the community
• Donations
Examples of negative social footprint include:

• Labour exploitation
• Child labour
 Sweatshop conditions
• Unsafe working environment

The footprint of any organisation includes the sum total of its positive and negative interactions with
the society. Both sides need to be taken into account before an evaluation of the social footprint can
be established.
Financial Accounting and Environmental Impact
(1) The conventional financial accounting does not take into account the business' impact on
environment that does not need to be paid for by the company.
(2) For example, emission and pollution would cause damage to the environment.
(3) The expenditure in ensuring environment is not over-polluted, e.g. by green effort (such as
planting of trees in cities) is not borne by the businesses, but by government.
(4) Thus, the financial accounting will not capture such cost and the financial reporting does not show
the company's environmental impact.
Triple P Reporting
The advocate of triple P reporting believes company should report the impact of
the businesses in three aspects:-
• Profit - which is the focus of the current financial reporting;

• People - which is to report the company's social footprint, i.e. impact on job creation, well-being of
staff, etc.
 Planet - which is to report the company's environmental footprint
Full Cost Accounting
A framework has been suggested to take into account the full cost of business activities:-
1. Actual cost
This refers to the actual expenditure incurred by a company is pursuing its business objectives. These
are often reported as expenses in the income statement.
2. Hidden cost
This refers to cost that are usually not reported as expenses, but capitalised as asset, such as the
environmental management system and safety system.
3. Potential cost
Such cost refers to the fines, future clean-up costs and regulatory costs associated with the
environmental impact of business activities.
4. Intangible cost
This refers to reputation loss and loss of goodwill due to environmental
5. Environmentally focused cost
This refers to cost that is necessary so that the business activities have zero impact on the
environment.

Why full cost accounting?
Current prices underestimate the environmental damage caused by products, processes and
services.
If the market price of a product were to reflect accurately the relative environmental cost of that
product, then consumers would be encouraged to switch their consumptions to less damaging
products because there would be a financial incentive for them
The knock-on effect is to cause the producers to reduce environmental impact to remain competitive.
Why Environmental Reporting?
1. Risk
There is a growing belief that environmental issues represent a source of risk in terms of unforeseen
(or foreseen) liabilities, reputational damage, or similar.
2. Stakeholders' expectation
The ethical performance of a business, such as its social and environmental behaviour, is a factor in
some people's decision to engage with the business in its resource and product markets.
Some consumers will not buy from companies with unfavourable ethical reputations (i.e. in product
markets).
Potential employees may use ethical performance as a criterion in their choice of potential employer.
An increasing number of investors are using social and environmental performance as a key criterion
for their investment decisions.
There is a need to explain environmental strategy to investors and other interested

stakeholders.
Contribution to sustainability
It is important to recognise the existence and size of its environment footprint and take initiatives to
reduce the footprint, and reporting is a useful means if doing this.
The production of an environmental report, enables an organisation to demonstrate its

responsiveness to all the sources of concern outlined above.
The production of such a report ensures that an organisation has systems in place for the collection of
data that can also be used in its environmental reporting.
Environmental Audit:
An environmental audit typically contains three elements:-
• agreed metrics (what should be measured and how),
• performance measured against those metrics, and
• reporting on the levels of compliance or variance,
Stage 1-agree metrics
The first stage is agreeing and establishing the metrics involved and deciding on
what environmental measures will be included in the audit.

This selection is important because it will determine what will be measured against, how costly the
audit will be and how likely it is that the company will be criticised for 'window dressing' or 'green-
washing'.
In practice, the metrics used in an environmental audit tend to be context specific and somewhat
contested. Typical measures, however, include measures of emissions (e.g. pollution, waste and
greenhouse gases) and consumption (e.g. of energy, water, non-renewable resources). Together,
these comprise the organisation's environmental footprint.
Stage 2 - measure performance:
The second stage is measuring actual performance against the metrics set in the first stage.
The means of measurement will usually depend upon the metric being measured:-
• Quantitative measurement - many items will be capable of numerical and/or financial measurement
(such as energy consumption or waste production)
• Qualitative measurement - other items, such as public perception of employee environmental

awareness, will be less capable of numerical or financial measurement.
Stage 3 - report compliance/variance:
The third stage is reporting the levels of compliance or variances.
The issue here is how to report the information and how widely to distribute the report. If the board
aim is to provide as much information as possible 'in the interests of transparency', the publication of a
public document rather than just a report for the board is likely.
The type of information and level of details to be reported depends on the intended recipients of the
report.
Problem with environmental reporting and auditing
As an environmental audit is not compulsory, there are no mandatory audit standards and no
compulsory auditable activities.
So an organisation can engage with a social and environmental audit at any level it chooses
(excepting those in regulated industries for which it is mandatory).
Environmental Management System (e.g. EMAS or ISO 14000)
Policy:
The company should first establish an appropriate environmental policy

e.g. to develop clean fuel
e.g. to reduce emission
e.g. to increase recycling
The company should then determine key performance targets that are in line with the environmental
policy
e.g. to increase recycling of waste paper by 10,000 tonnes per year
System
The company should implement a system to record the company's environmental performance.
Reporting

The company should report its performance against the targets.
The company should engage independent auditor to audit the environmental report.

P1 Lecturer Notes

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

P1 Lecturer Notes

Uploaded by

Copyright:

Available Formats

1 P1 Governance, Risk and Ethics (GLO – Global)

About P1 (Global - GLO) Syllabus

1. The syllabus is divided into the following components:

3. Mr David Campbell has been the P1 Examiner since 2007.

4. The exam paper consists of two sections:

Section B – Answer two out of three questions (25 marks each)

Question 2, 3 and 4 each focuses on a topic in the syllabus.

PREPARED BY MISS JOANNE LEE PEI JUAN (YEAR 2016) 1

Separation of Ownership and Control:

(I) Information asymmetry

(I) Information asymmetry:-

PREPARED BY MISS JOANNE LEE PEI JUAN (YEAR 2016) 2

(II) Management acting in shareholders’ interest:-

 Act in good faith;

Fiduciary （受托的） Responsibility – Definition

Fiduciary Responsibility in Corporate

(Past year exam paper – December 2007 Q. 4(C)

A conflict of interest is a situation in which an individual has compromised independence because

Declaration of Conflict of Interest

PREPARED BY MISS JOANNE LEE PEI JUAN (YEAR 2016) 3

(III) Shareholders’ monitoring:-

(IV) Putting in place good management:-

≥the composition and balance of the board (and board committees)

(iii) reliability of financial reporting and external auditing

(iv) directors’ remuneration and rewards

(vi) the rights and responsibilities of shareholders, including institutional investors.

PREPARED BY MISS JOANNE LEE PEI JUAN (YEAR 2016) 4

Corporate Social Responsibility and Business Ethics:-

Δ the impact of company’s business activities on society and environment;

Directors and Management:

Executive directors (ED) Memorize

Non-executive directors (NED)  Memorize

 Past Year Exam Paper: December 2008 Question 2 (C) (i)

PREPARED BY MISS JOANNE LEE PEI JUAN (YEAR 2016) 5

Actors in Corporate Governance:

(2). Internal actors consist of:-

(3). External actors consist of:-

(B) Sub-board management:

(1). This refers to the managers below board level.

(2). Sub-board management:-

(C) Employee representatives (trade unions):

 Deliver “compliant workforce”

PREPARED BY MISS JOANNE LEE PEI JUAN (YEAR 2016) 6

 Provide “check and balances”

 Maintain and Control “Human Assets”:

(3) The major roles include:

(a) maintaining the statutory registers (such as the share register)

(e) keeping records from these and other meetings.

PREPARED BY MISS JOANNE LEE PEI JUAN (YEAR 2016) 7

(3) Examples of agency costs are

Transaction Cost Theory:

(3) However, the managers are affected by “bounded rationality”.

(5) Managers are also affected by opportunism （机会主义）.

Agency Cost of Small shareholders and Institutional Shareholders

(1). There are two types of shareholder:

(b) Institutional investors

PREPARED BY MISS JOANNE LEE PEI JUAN (YEAR 2016) 8

(a) Small Investors:

(b) Institutional investors:

(B) Stock exchanges:

Financial statement audit

• Environmental and social audit

PREPARED BY MISS JOANNE LEE PEI JUAN (YEAR 2016) 9