Study Unit 1: E.1.

Governance Principles
The internal controls of a company are an important part of its overall operations. A strong intimal
control system will provide many benefits to a company including:
 Lower external audit costs.
 Better control over the assets of the company.
 Reliable information for use in decision-making.

A company with weak internal controls is putting itself at risk for employee theft, loss of control over the
information relating to operations, and other inefficiencies in operations and decision-making that can
dam age its business.

Corporate Governance

Good corporate governance is basic to internal control. The term "governance" will be used frequently
in this section of the textbook. What is corporate governance, why is it important, and how is it related
to internal control, risk assessment, and risk management?

What is Corporate Governance?

Corporate governance includes all the means by which businesses are directed and controlled, including
the rules, regulations, processes, customs, policies, procedures, institutions and laws that affect the way
the business is administered.

Corporate governance is the joint responsibility of the organization's board of directors and
management. However, the board of directors is the primary direct stakeholder influencing corporate
governance. The board makes the important decisions, including electing corporate officers, establishing
executive compensation, and setting dividend policy.

Directors are elected by shareholders to represent the interests of the shareholders. While profitability
is the primary concern of shareholders, many shareholders care about more than profits. They want the
company to also demonstrate good corporate citizenship with ethical behavior, environmental
awareness, and good corporate governance practices. Good corporate governance involves creating a
set of transparent rules and controls so that the incentives of shareholders, directors, and managers are
all aligned. Therefore, the board of directors needs to make sure that the company's corporate
governance policies incorporate not only the company's corporate strategy and risk management
objectives but also accountability, transparency, and ethical business practices.

ISO 26000, Guidance on Social Responsibility, an international standard that aids organizations in
structuring, evaluating, and improving their social responsibility including their stakeholder relationships
and community impacts, defines organizational governance as the "system by which an organization
makes and implements decisions in pursuit of its objectives."

Thus, corporate governance spells out the rules and procedures to be followed in making decisions for
the corporation for the purpose of meeting its various stakeholders' objectives. A corporation's
stakeholders include all those who are affected by its actions: its board of directors, its shareholders, its
management, its employees, its customers, its suppliers, its creditors, the community, and the
government.
An organization's governance is a byproduct of
 the values or principles to which the organization adheres,
 the strategies it employs to achieve its objectives,
 the policies it sets to establish the boundaries of acceptable behavior, and
 the procedures it applies in conducting its operations

Good corporate governance ensures transparency and accountability in the organization's

relationships w its stakeholders.

Corporate Governance and the Agency Problem

Corporate governance involves the relationships between and among the various participants and stake
holders in the corporation. It is concerned with what is known as the "agency problem." Agency issues
arise from the fact that the owners of the corporation (the shareholders) and the managers of the
corporation (the agents of the shareholders) are different people. The priorities and concerns of the
managers, the agents, are different from the priorities and concerns of the owners, the shareholders.
The managers are concerned with what will benefit them personally and lead to increased salary,
bonuses, power, and prestige. The shareholders' priorities lie with seeing the value of their investments
in the corporation increase. The priorities of the shareholders and the priorities of the managers can
easily conflict with one another because what benefits the managers may not benefit the owners.

Therefore, corporate governance specifies the distribution of rights and responsibilities among the
various parties with conflicting priorities and concerns to mitigate the agency problem and bring about
congruence between the goals of the shareholders and the goals of the agents. 32 Incentives are
needed so the agents will take actions that are consistent with shareholder benefit. At the same time,
however, monitoring mechanisms are needed to control any activities of the agents that would benefit
them while hurting the shareholders.

Example: Management compensation policies that tie managers' bonuses to stock price increases can
lead to actions on the part of management that will cause the stock price to increase and will thus be
good for all shareholders. However, if managers conceal poor financial performance to keep the stock
price going up so their own bonuses remain intact, those same incentives can lead to fraudulent
financial reporting, which obviously is not good for the shareholders or any other stakeholders.
Prevention of unintended consequences such as fraudulent financial reporting is the responsibility of
the board of directors and should be implemented through compensation policies and internal controls.
Why is Corporate Governance Important?
Corporate governance has always been an important topic for shareholders, management, and the
board of directors. However, the topic took on greater importance following the dramatic downfalls of
companies such as Enron, WorldCom, Adelphia, and others back in 2001-02. More recently, the world
financial crisis that began in 2008 raised again the issue of good corporate governance. AIG (American
International Group) went from being the 18th largest public company in the world in 2008 to needing
an $85 billion U.S. government bailout. The Lehman Bros. bankruptcy in September 2008 was the largest
bankruptcy in U.S. history. The lesson from these events is that good governance is not just a U.S. issue.
It is a global issue.
Good governance is not just a good idea for a company-it is an absolute must. Considering just Enron,
more than sixty billion dollars of shareholder wealth was erased from investors' books. Good corporate
governance is not only important for company shareholders, but it is vital for the general health and
well- being of a country's economy as well.
Corporate governance does not exist as a set of distinct and separate processes and structures. It is
inter- connected with the company's internal control and enterprise risk management.

How is Corporate Governance Related to Risk Assessment, Risk Management, and Internal
Control?
As stated, corporate governance specifies the distribution of rights and responsibilities among the
various participants in the corporation.
 The board of directors and executive management are responsible for developing and
implement- ing business strategies.
 In setting business strategies, the board and executive management must consider risk.
 To consider risk, the company must have an effective process for identifying, assessing, and
man- aging risk.
 For a company to have an effective risk management process, the company must have an
effective internal control system, because an effective internal control system is necessary in
order to communicate and manage risk.

Therefore, governance, risk management and internal control all rely on each other.

The internal audit activity serves as the "eyes and ears" of management and the audit committee and
thus has an important role in the governance function of the organization. Internal audit's primary role
is assessing internal controls over the reliability of financial reporting, the effectiveness and efficiency of
operations, and the organization's compliance with applicable laws and regulations. According to IIA
(Institute of Internal Auditors) Internal Auditing Standard 2110, this primary role of internal audit
includes assessing and making appropriate recommendations for improving the governance process in
its accomplishment of the following objectives:

 Promoting appropriate ethics and values within the organization.

 Ensuring effective organizational performance, management, and accountability.

  Communicating risk and control information to appropriate areas of the organization.

 Coordinating the activities of and communicating information between and among the board,
external and internal auditors, and management.

Principles of Good Governance

A set of governance principles, called 21st Century Governance Principles for U.S. Public Companies, was
published in 2007 by a group of leading academic experts from four universities. The principles were
developed by Paul D. Lapides, Joseph V. Carcello, Dana R. Hermanson and James G. Tompkins of
Kennesaw State University; Mark S. Beasley of North Carolina State University, F. Todd DeZoort of The
University of Alabama; and Terry L. Neal of University of Tennessee. The authors stated that the purpose
of the principles was "to advance the current dialogue and to continue to promote investor, stakeholder
and financial statement user interests."

The principles are (some explanatory footnotes have been added):

1. Board Purpose The board of directors should understand that its purpose is to promote and
protect the interests of the corporation's stockholders while considering the interests of other
external and internal stakeholders such as creditors, employees, and so forth.

2. Board Responsibilities - The board's major areas of responsibility should be monitoring the CEO
and other senior executives, overseeing the corporation's strategy and processes for managing
the enterprise, including succession planning; and monitoring the corporation's risks and
internal controls, including the ethical tone. 33 Directors should employ healthy skepticism³ in
meeting their responsibilities.

3. Interaction - Sound governance requires effective interaction among the board, management,
the external auditor, the internal auditor, and legal counsel.

4. Independence - An "independent" director has no current or prior professional or personal ties

to the corporation or its management other than service as a director. Independent directors
must be able and willing to be objective in their judgments. The vast majority of the directors
should be independent in both fact and appearance.

5. Expertise and Integrity The directors should possess relevant business, industry, company, and
governance expertise. The directors should reflect a mix of backgrounds and perspectives and
have unblemished records of integrity. All directors should receive detailed orientation and
continuing education to assure they achieve and maintain the necessary level of expertise.

6. Leadership - The roles of Board Chair and CEO should be separate. 35 If the roles are not
separate, then the independent directors should appoint an independent lead director. The lead
director and committee chairs should provide leadership for agenda setting, meetings, and
executive sessions.
7. Committees -The audit, compensation and governance committees of the board should have
charters, authorized by the board, that outline how each committee will be organized, the
committees' duties and responsibilities, and how they report to the board. Each of these
committees should be composed of independent directors only, and each committee should
have access to independent outside advisors who report directly to the committee.

8. Meetings and Information - The board and its committees should meet frequently for extended
periods of time and should have unrestricted access to the information and personnel they need
to perform their duties. The independent directors and each of the committees should meet in
executive session on a regular basis.

9. Internal Audit All public companies should maintain an effective, full-time internal audit
function that reports directly to the audit committee of the board of directors through the Chief
Audit Executive, 36 Companies also should consider providing an internal audit report to
external stake- holders to describe the internal audit function, including its composition,
responsibilities, and activities.

10. Compensation - The compensation committee and full board should carefully consider the
compensation amount and mix (e.g., short-term vs. long-term, cash vs. equity) for executives
and directors. The compensation committee should evaluate the incentives and risks associated
with a heavy emphasis on short-term performance-based incentive compensation for executives
and di- rectors.

11. Disclosure - Proxy statements37 and other communications (required filings and press releases)
should reflect board and corporate activities and transactions in a transparent and timely
manner (e.g., financial performance, mergers and acquisitions, executive compensation,
director compensation, insider trades, related-party transactions). Companies with anti-
takeover provisions should disclose why such provisions are in the best interests of their
shareholders.

12. Proxy Access The board should have a process for shareholders to nominate director
candidates, including access to the proxy statement for long-term shareholders with significant
ownership stakes.

13. Evaluation - The board should have procedures in place to evaluate on an annual basis the CEO,
the board committees, the full board, and individual directors. The evaluation process should be
a catalyst for change in the best interests of the shareholders.