This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Corporate governance is related to creating wealth for shareholders in both the near and long term. It requires a complex system of checks and balances. There are three key actors in the screen of corporate governance: shareholders, management, and the board of directors. The aim of corporate governance is to ensure corporations follow the law and regulations. In addition, there is a public relations benefit to being a good corporate citizen. At a more micro level, governance is all about making sure the organization delivers on its promises to both employees and customers and that both groups end up satisfied.
What follows is a broad overview of governance issues. It's not meant to be comprehensive, nor provide legal guidance. Laws vary from jurisdiction to jurisdiction.
The Corporation and Its Control
A corporation is formal legal entity that is publicly registered for doing business. The privileges and liabilities of a corporation are separate from those of its members. There are many forms of corporations and most of them are used to do business. They are governed by corporate law, which is designed to protect the interests of management, employees, and shareholders.
Under the law, corporations are afforded limited liability. In the case of bankruptcy, for example, shareholders may lose their investments and employees may lose their jobs. But neither will be personally liable to company creditors except in rare cases. Like human beings, corporations have rights and responsibilities under the legal system. They can be booked for criminal offenses like fraud. Corporate shares are also are freely transferable.
Corporations also have centralized management under a board of directors. Such features make corporations a very attractive business entity. A corporation can exist beyond the lifetime of its investor and shareholders, for example. This feature provides corporations much required stability, as well as the capability of accumulating wealth and doing mega projects.
A corporation can have voting and nonvoting members. The company is usually controlled by a board of directors elected by the shareholders. The CEO, President, CFO and other top officers are usually appointed by the board of directors to manage the strategic and operational affairs of the corporation. While shareholders naturally have some influence-some say not enough in publicly held companies-big creditors like banks and other financial institutions can also have a control over the affairs of corporations. In some cases, these creditors may have one or more members on the board, which can influence the decision making. When the board makes a decision to liquidate or dissolve a for-profit corporation, shareholders get whatever is left over after paying off creditors and others with interests in the corporation.
In the case of liability, shareholders benefit by the limited liability provisions of the law. Publicly traded corporations are required to publish the annual report and other financial data for the protection of investors and creditors. In many cases of poor corporate governance, the published annual reports and financial data were seriously flawed. There are many standards, like GAAP (Generally Accepted Accounting Principles) in the United States, that have stringent guidelines for accounting as well as publishing annual financial statements and other data.
The structure of the corporation is continuously evolving in response to new government regulations and market conditions. In the case of irregularities, fixing the responsibility of shareholders or management becomes a big challenge. Different jurisdictions vary significantly on this topic.
Board of Directors
The members of the board are elected or appointed by the shareholders. They oversee the activities of a corporation. They appoint members of the executive management; they make and approve strategic decisions. The powers, duties, and responsibilities of the board are determined by the company bylaws. The bylaws also tell how many directors there should be on the board, election procedures, and frequency of their meetings.
The board of directors is the highest management decision-making body in a corporation. It is accountable to shareholders for the performance of the corporation. Directors establish high-level policies and direction for the organization, and they ensure adequate financial resources for operations. The board approves the annual budget for a corporation. As board members they also have some legal responsibilities. They appoint the members of executive management like the CEO and CFO. The whole of executive management is answerable to the board of directors. The Board takes more of a supervisory role and day-to-day management is left to key executive team members.
In theory, the control of the company is divided between the board of governors or directors and the shareholders in the General Body Meeting (GM). (In the U.S., it's the annual meeting.) In practice, control varies from company to company. Another feature of boards of directors in large public corporations is that it tends to have more de facto power. The board can encompass a voting alliance that is difficult to overcome. One reason is that some institutional shareholders such as pension funds and banks grant their voting rights (proxies) to the board at general body meetings.
Members of the board may come both from inside the company and from outside. Insiders are usually senior members of the executive management team like senior vice presidents of large business departments. Board members, who are insiders from the executive management team, are generally not paid anything extra for serving on the board. External members may be eminent business and social personalities, who receive compensation for serving on the board. Company laws require that a certain percentage of board members are external. Directors who are not owners or managers are often called outside directors, disinterested directors, independent directors, or non-executive directors. External board members may, and often do, serve on the board of several companies simultaneously as long there are no conflicts of interests. A board member is expected to be ethical enough and honor the laws and practices with respect to conflict of interest, corporate property, opportunity, and or information. He or she is expected not to work under pressure and all the time vote only for what aligns to conscience, knowledge, and belief.
Powers and Obligations of Board of Directors
The board of directors is given the power to ensure the company is managed properly. Most of the time, the board exercises its power in meetings. Legally sufficient notice must be given to the board members for these meetings. Meetings without sufficient notice may still be valid provided all the members attend. The board of directors, in most cases, has power when it acts as a whole and not in individual capacities. There can be exceptions to this rule, though. The board of directors can appoint any of the directors or any other employee as its representative and delegate any or all power to him/her to be exercised jointly or singly. The board also has the power to appoint the managing director (CEO) and other executive members of management.
Directors exercise full control over the management policies of the company, but the companies are run for the benefit of its shareholders. Laws therefore impose strict controls over the board in relation to exercising its powers. Directors at all times must act honestly and in good faith. All their powers must be exercised for proper purposes and may not be misused. While taking other positions, directors can't place themselves where their duties and interests conflict with their current position. If a director enters into a transaction with another company, where his own interests conflict with company, he needs to ensure the company gets the maximum out of that transaction and that his own interests are not given preference. A director can't use the company property, opportunity, and information for his gain without the written consent of the company. A director may not serve on the board of other, directly competitive companies. A director must disclose his shareholdings and notify the stock exchange of this information. Directors can't bind themselves (fetter) with regard to exercising their powers in a particular way at future board meetings. Directors may be held liable if an act of negligence is proved on their part.
The powers and liabilities of the board of directors vary in every jurisdiction, but general provisions to safeguard the interests of shareholders and customers remain the same.
Powers and Obligations of Shareholders
By registering a company as a corporation, one must accept certain legal responsibilities that are imposed by the underlying laws. These laws operate to protect the interests of company as well as shareholders, society, and creditors. If a company fails, shareholder liability is limited to the amounts they have invested in the company. If directors and officers of a company provide personal loan guarantees, they may, however, lose personal assets in the case of a loan default. Shareholder powers include changing shareholder rights, hiring and dismissing members of the board, approving mergers and acquisitions, approving major financial transactions and decisions related to liquidation of the company. A company can, further, adopt a constitution for corporate governance.
As mentioned, a company may continue to exist even if its shareholders, officials, and directors die, leave, or sell their shares. A company's assets belong to the company as a separate legal entity. At the same time, it is shareholders that own the company. They can pass ordinary or special resolutions that can affect the company. These resolutions must be in accordance with the company constitution. Special resolutions can affect the company as a whole, or the interests of some or all of its investors. Appointing and removing Directors is generally done by an ordinary resolution that is nothing but a majority vote. A special resolution may require a 75% majority or higher. Shareholders are most active at annual meetings that are conducted to adopt financial reports, appoint of auditors, elect of directors, and other business that requires such general body resolutions. Special general body meetings can be called anytime on an as-need basis.
Shareholders are required to inform the company if their shareholding pattern exceeds a certain percentage of company's share capital. In some case, for example, if the shareholding exceeds 2% of the company's share capital, the shareholder must inform the company within fifteen days.
Why Corporate Governance?
Governance always relates to an area of responsibility. Effective management, processes, policies, and decisions are required to supervise expectations, power, and performance in the area of responsibility. At the department level, governance might involve implementing these policies. At the corporate level, governance might take the form of developing policies on investment, use of information, staffing, and so on. Governance is basically a process of decision making and a process by which the decisions are implemented in an area of responsibility.
Governance can be defined at different levels, like corporate governance, project governance, and information technology governance and so on. For now, we will be mainly concerned with the corporate governance.
At its core, good governance is all about good corporate leadership. To help in achieving its goal, every organization makes strategic and operational plans that are in line with the vision set at the top level. Good governance continuously steers the organization towards the set vision through strategic and operational plans. It makes sure the day-to-day operations are always aligned with the vision, thus creating a strong future for the organization.
The board of directors and the members of executive management have the main responsibility for driving good governance practices across the ranks. An effective board will make sure shareholder assets and funds are used wisely and appropriately to maximize wealth and profits while maintaining all the social responsibilities for the organization. Good governance will reduce the risks of financial failure and greatly reduce the legal hassles while steering the organization towards a total all-round success.
There is increasing evidence that companies with good corporate governance practices have higher market valuations. Improved corporate governance structures and superior business processes help ensure quality decision-making and smooth and effective succession planning. They also contribute positively to the long-term success of companies-irrespective of the industry segment and its sources of finance.
Corporate Governance Codes
Corporate governance is a priority for many corporations because it gives them a way to manage their risks and add value to shareholders and customers. Improved corporate governance gives corporations a way to reduce their own internal organizational risks and, as a result, improve their ability to operate in high-risk business environments. It's a general concusion that the existence of good governance practices could have avoided the worst part of many recent financial failures.
Poor standards of corporate governance, particularly in the area of transparency and disclosure, have hampered the growth of many companies and even made them unstable. Poor corporate governance practices have contributed to the spread of corruption and fraud in the ranks that led to the dramatic failure of many corporations in the United States, Western Europe, and India (like Enron and Satyam Computers for example). In many cases, investor pressures for performance are fierce, and management sometimes takes undue risks or violates compliance rules, acts that are simply not in the long-term interest of the organization. Governance still looks voluntary in practice, even if it's strictly enforced by the law. The responsibility of directors is almost unlimited compared to the time they can spend in overseeing business. In many cases, the quality and rigor of internal audits may be questionable as internal auditors are not independent and they report to the same business managers that are being reviewed. There is also too much dependence on external audits, which may be a cause of worry sometimes, as the amount of time external auditors spend in auditing a corporation may not justify the mammoth size and volume of the problem being audited. In any case, the board is largely dependent upon the executive management to do the right thing. Board members have to rely upon the data and information that is supplied to them. In this regard boards must be given total control to oversee and implement the code of corporate governance.
For information purposes I am listing the requirements of some major corporate governance codes (please refer to the reference  for this chapter in Appendix C). There are multiple codes provided by European and U.S. agencies. Below are the some important points culled from various sources just to give you a flavor of the nature of corporate governance in various countries and industries. Not all apply in all situations, nor do all carry the force of law. Readers are encouraged to refer to the reference on this chapter if they are interested in more details.
Codes suggest either a majority of non-executive directors in the board or a balance of non-executive and executive directors.
Codes suggest non-executive directors meet alone occasionally without the presence of executive directors.
Codes insist on a transparent process of appointment of directors that is not under the sole control of executive management.
Codes suggest a compensation or remuneration committee to decide on the remunerations of board members, including executive members and other members of executive management.
Codes require an audit committee.
Codes require corporations to conduct annual internal audits overseen by the audit committee.
All codes envisage the need for conducting performance audits of individual board members, the board itself, and its committees.
Codes suggest the board needs to approve the equity compensation plans of the directors and executive members of the management.
Codes say corporations must develop and publish an appropriate code of business ethics and conduct. The board must certify that the code is being followed.
Codes suggest that the roles of chairman and CEO must be separated. It's the chairman who will provide the directors with necessary pieces of information about the affairs of the company that may be required for their effective functioning.
In European codes, the directors are subject to periodic elections and required to report certain things, like the buying and selling of stock, to the markets.
Codes often also discuss the role of institutional investors and how they can help maintain good corporate governance in corporations
A French code requires that the directors represent all the investors rather than small interest groups. Independent directors are to fulfill that role.
It's the job of CEO and senior management to assess and manage the risk exposure of the organization. An audit committee will only see the guidelines and processes that are used to handle the risks.
Every company must be equipped with reliable procedures to assess the organization's risks and commitments, including off-balance sheet risks.
The board should maintain and review a sound system of internal controls to safeguard shareholders interests. Risk management and internal control are treated as two separate streams. Risk management related to financial reporting processes is further differentiated from the above two.
Common observations regarding risk include:
Risks are frequently not linked to strategy
Risk definitions are often poorly expressed
The organization must develop intelligent responses to risks
Risk analysis must take into account stakeholders
How to Implement Corporate Governance
Effective corporate governance demands proper internal controls. Internal controls are policies and procedures, put in place by management to ensure important goals and objectives will be met while following the principles of good corporate governance. Internal controls promote operational efficiencies and effectiveness while ensuring adherence to prescribed policies and other regulations. They also help provide reliable financial information and protect relevant records and assets. In the chapter on Service Delivery Management, also we discussed how overall IT governance helps in achieving the desired service levels. It's the effectiveness of internal controls implemented within the overall governance framework that determines the levels of operational efficiency. It's management, and not the auditors, who set and exercise internal controls. Internal controls should provide an assurance that financial reports and data are reliable and accurate enough for business and regulatory requirements. Internal controls are applicable to manual as well as computerized systems. Internal controls must ensure the timeliness and validity of transactions. All transactions must be properly recorded, authorized, valued, classified and reconciled to relevant subsidiary records.
Any internal control system is a complex environment. At the top level, it starts with the basic management philosophy and operating style of an organization. Then there are management structures like separation of duties and lines of reporting. It's very important that everyone in the hierarchy understands his or her authority and responsibility. Personnel need to be trained with latest updates in trade, regulations, and organizational policies and procedures. Communication and information systems play an important role in implementing internal audit controls. They need to be foolproof and comply with the control requirements. A competent internal audit function is important as well.
For the effective design of an internal control system, the first step is to do a comprehensive risk assessment. It may cover mission, transactions, compliance, and assets. Risk management and controls must be in line with organizational objectives and strategies. An internal control system is designed to manage the risks that may involve the strategies for risk avoidance, risk transfer, risk mitigation, and risk acceptance. All the control points are identified, and potential exposures are analyzed. Technology, processes, and organization structure must be linked in order to design effective internal controls. Internal controls start by deploying the proper personnel, policies, and procedures to manage the identified risks. Independent checks are maintained along with rigorous records and documentation. Physical controls are placed over assets and records. Policies and procedures are relevant, complete, and well documented at any given point in time. Ensuring consistency in policy compliance is equally important. Good controls ensure a smooth flow of financial information and overall coordination in a decentralized environment. Proper escalation and problem resolution processes are set in place. Setting up of accountabilities may be the single most important element in any internal control system. Whistle blowers, monitoring, and early warning systems play an important role in effective functioning internal controls.
Internal audits are important tools to ensure, consult, and implement corporate governance. They is a systematic and disciplined approach to evaluate and improve the effectiveness of governance processes, risk management, and internal controls. Company insiders act as internal auditors, who are given proper power and authority to carry out their work independently. The scope of internal audits may cover operations, finance, fraud analysis, detection and prevention, asset management, and compliance with laws and regulations. Internal auditing involves measuring compliance with company's policies and procedures, and auditors may advise executive management and the board of directors on better executing their responsibilities. But the audit doesn't cover execution of the organization's activities. Publicly held companies generally have an internal audit department led by a chief audit executive who reports to the Audit Committee of the board of directors. The CEO may be the administrative chief of the internal audits department.
Besides conducting audits, internal auditors also have a role in risk management and implementing corporate governance. In internal audits, the charter is to measure efficacy of operations, reliability of financial reports, and compliance with professional standards and laws of the land. In the risk management process, internal audits need to chart how the organization identifies, analyzes, and responds to risks. They need to ensure the effectiveness of the overall risk management process. Internal auditors are often quoted as being the fourth pillar of corporate governance. (The other three being management, external auditors, and the board of directors.) Internal auditors help the audit committee of the board of directors perform its duties effectively. Internal auditors inform the board's audit committee on the effectiveness of internal controls, set the agenda for meetings, identify capabilities of key managers, and ensure the audit committee receives reliable information. Internal auditors also coordinate the external audits.
Consulting auditors, who are seasoned corporate professionals, can also help management implement corporate governance. Their level of independence is in between internal and external auditors. Consulting auditors are used in some areas where the company lacks sufficient expertise for auditing certain areas, or they are also sometimes used to augment the existing internal auditing staff. Consulting auditors can work independently or they can team with internal auditors for their work.
External Auditors are also used to independently assess the effectiveness of corporate governance within a company.
An external auditor's report is considered an important salutary financial document for any business. Auditors certify the information in financial statements that can be used to attract investors and obtain financial loans. So it's in the interest of the business to get a clean audit report from external auditors. The auditor's report is only an opinion (and not an evaluation) on whether the information presented is correct and free from material misstatements. Everything else is left for users to decide. Actual journal entries may not be evaluated by the auditors.
Unqualified audit reports are issued by auditors when they think the entries are free from any material misstatements and entries are prepared fairly in accordance with Generally Accepted Accounting Principles (GAAP). To a user this would mean company's financial position and the state of business affairs are represented fairly in the report. This is the best report a business can get from an auditor. A qualified report is issued when a couple of situations in financial statements don't comply with GAAP but largely follow the principals of GAAP. A disclaimer is issued when the auditors are unable to form any opinion on the financial statements and as a result refuse to issue any opinion. This may be a situation in which auditors start the audit work on an entity but couldn't complete it due to various reasons. Auditors can also comment on the state of internal controls for a public company. These types of opinions (COSO- Committee of Sponsoring Organizations Opinions) are now required along with the opinion on financial statements.
Sarbanes-Oxley is a US law passed in 2002 to reinforce the practices of corporate governance and regain investor confidence that had been shaken due to a number of major corporate and accounting scandals reported in the US. SOX was sponsored by US Senator Paul Sarbanes and US Representative Michael Oxley. SOX legislation has wide implications and it establishes new or enhanced standards for all United States publicly listed company boards, executive management, and public accounting firms. It contains eleven titles, or sections, that legislate additional responsibilities for corporate boards and mandate criminal penalties for certain infractions. The law requires the Security and Exchange Commission (SEC) to implement the rulings so that companies comply with the requirements of the new legislation.
SOX broadly covers the following topics:
Defines new standards and guidelines for corporate boards and audit committees.
Provides new guidelines for accountability standards and also fixes criminal penalties for the mismanagement of corporations.
Defines new independent standards and guidelines for external auditors.
Introduces a new Public Company Accounting Oversight Board (PCAOB) to work under the SEC. The PCAOB will oversee public accounting firms and also work on accounting standards.
Generally Accepted Accounting Principles (GAAP)
Here's what Investopedia says about GAAP:
The common set of accounting principles, standards and procedures that companies use to compile their financial statements. GAAP are a combination of authoritative standards (set by policy boards) and simply the commonly accepted ways of recording and reporting accounting information. GAAP are imposed on companies so that investors have a minimum level of consistency in the financial statements they use when analyzing companies for investment purposes.
The US has its own version of GAAP that is called American GAAP. Either way, GAAP is a standard and guidelines that companies are expected to follow while compiling their financial statements. Still, there is a lot of opportunity for those who want to play with data for own advantage. So even if accounts are maintained as per GAAP, auditors can't assume anything. Even financial statements prepared as per GAAP may need a close scrutiny and professional judgment by the auditors. Please refer to the reference  for this chapter in Appendix C.
More recently, GAAP is slowly getting phased out and giving way to the International Accounting Standards (more precisely - International Financial Reporting Standards [IFRS] as global business becomes more widespread. IFRS is established and maintained by the International Accounting Standards Board. In some parts of the world, local accounting standards are applied for small companies, but all publicly listed or large corporations must comply with the more comprehensive IFRS. This way, statutory financial reporting is compatible internationally, across jurisdictions.
Information Technology Governance
IT governance focuses on risk management and performances of IT systems. It's needed for greater accountability in decision making using IT systems in the best interest of shareholders. Investments in IT systems are increasing day by day, something that has long-term implications for investors. IT governance forms a system in which all relevant stakeholders, including the board members, senior managers, clients, and employees are responsible (for their parts) for decision making that affects IT. This makes decision making regarding IT issues more responsible as each decision is judged on its alignment with organization's strategic objectives. While managing risk and ensuring the right compliance levels are essentials of good governance, it is sometimes more important to get our focus on delivering value and measuring performance.
There are many supporting references for the implementation of IT governance. Some of them are:
AS8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology. AS8015 was adopted as ISO/IEC 38500 in May 2008
ISO/IEC 38500:2008 Corporate governance of information technology, (very closely based on AS8015-2005)
Control Objectives for Information and related Technology (COBIT) is regarded as the world's leading IT governance and control framework.
The IT Infrastructure Library (ITIL)
ISO27001 - it focuses on IT security
CMM - The Capability Maturity Model - focus on software engineering (Software Engineering Institute)
TickIT is a quality-management certification program for software development
Corporate Governance vs. IT Governance
Corporate governance is a way to control and manage a corporate entity. It consists of a set of policies, processes, customs and traditions, laws, business practices, and institutional practices that are applicable or adopted by the entity. Corporate governance helps an organization to meet it's goals in the most effective and efficient manner possible. It's a strategy that allows a corporate entity to manage all aspects of its business so that it can meet its goals while complying with all applicable laws and code of business ethics.
IT governance is a subset discipline of corporate governance that deals with risk management and performances of IT systems. The aim of IT governance is to ensure that the investments in IT organization are in line with business strategies and generate desired business value while keeping associated risks under control. This is done by implementing a well-defined IT organization structure that assigns clearly the roles and responsibilities that are related to information systems, data, business processes, and associated IT infrastructure.
Corporate governance can be defined many ways. One such definition, which we used in the previous sections is this: "Governance is basically a process of decision making and process by which the decisions are implemented in an area of responsibility." It is a process that revolves around decision making and its implementation by the management and staff of an organization. We can have hundreds of checks and balances in place as a part of internal control systems. But after all, it is humans who must intend to follow them. Controls can be bypassed or overruled, as typically happens in high growth phases of the business. Corporate governance can be implemented only by leading through example. When the top management is very serious about it and practices governance to the core, only then can the staff be expected to follow.
Society at large has a very big role in making corporations follow the principles of corporate governance. Internal auditors are the paid employees of any corporation. So there is a limit to how much they can go against the will of executive management in implementing corporate governance. In an infamous case from India that made the headlines the world over in 2008, external auditors signed inflated and overstated accounts for continuous seven years in a row. Fake certificate of bank deposits were used by top management that showed a cash reserve of over one billion dollars. Actually it was only a few million. This was in spite of a full-fledged internal audit department and reasonably good information systems. The computer systems were tampered at the point where the final financial statements are taken out for the review of auditors. So it's the intention to implement corporate governance that comes first to any system of internal or external controls. Corporations are a section of society and in case after case we see that it is the individual moral and the ethical standards of society at large that will make any system of corporate governance work in the true sense.