KING REPORT ON CORPORATE GOVERNANCE FOR SOUTH AFRICA 2001
A consultation paper by the King Committee on Corporate Governance, Institute of Directors of South Africa
Comments from the Association of Chartered Certified Accountants
December 2001
Executive Summary
The Association of Chartered Certified Accountants (ACCA) is pleased to respond to the draft for public comment of the King Report on Corporate Governance for South Africa 2001 issued by the Institute of Directors of South Africa.There is much to be welcomed in this report. While the Code of Corporate Practices and Conduct (the Code) brings together best global corporate governance practices, it also represents a significant advance on current corporate governance requirements and codes of practice both in South Africa and in the rest of the world. It does so by building on several familiar issues, such as:
- the performance assessment of boards and individual
directors
- the definition of board responsibilities, including
the monitoring of key performance indicators
and
- the further definition of the roles of independent directors and internal audit.
The report usefully sets out the history and characteristics of corporate governance and makes the essential point that governance in any context reflects the value system of the society in which it operates. The report also explains why good corporate governance pays, effectively countering the view held by some that corporate governance is detrimental to business prosperity.
We also welcome the inclusion of a requirement for boards to report publicly on the effectiveness of internal control. This was one of the original recommendations of the Cadbury Committee in the UK in 1992.
ACCA is a firm supporter of monitoring and reporting environmental, social and sustainability impacts. In the UK, ACCA established the Environmental Reporting Awards in 1991 which have since been mirrored in other countries. ACCA is also a member of the steering committee of the Global Reporting Initiative (GRI). We particularly welcome, therefore, the sections on non-financial matters.
While we are generally very positive about this report, there are, nevertheless, some issues on which we would like to comment. We highlight below our view of the main areas for attention by the King Committee as it finalises its report. The references in brackets are to our specific comments.
1. We are surprised that the report does not include any requirement or guidance on the role of external auditors in reviewing or reporting on a company's compliance with the Code. External auditors can play a key part in ensuring that companies comply with corporate governance codes (36 and 52).
2. We are also surprised that the Code does not include a parallel to the UK Turnbull requirement for annual reports to disclose the processes established for assessing the effectiveness of internal control (17, 40 and 49).
3. Further guidance on assessing the effectiveness of internal control would be useful (17 and 47).
4. The Code should indicate where the non-financial reporting disclosures should be made (20).
5. We suggest that, perhaps in an appendix or separate report, further guidance should be given about applying the Code to public sector organisations (4).
6. We have some concerns regarding the proposals to allow small companies to 'opt out' of complying with International Accounting Standards (IAS). We believe it would be preferable for there to be a South African equivalent of the UK FRSSE (Financial Reporting Standard for Small Enterprises) or to provide for small companies to follow a future International Accounting Standards Board (IASB) standard. The IASB has recognised the need for a financial reporting standard for small companies (33).
We would be happy to provide further clarification of any of the points highlighted above or detailed in the specific comments.
Specific Comments
INTRODUCTION AND BACKGROUNDPage 18, Paragraph 27
1. The King Report provides a useful insight in its comments that, while a common language exists for reporting retrospectively on financial results, no common language has been developed yet for non-financial reporting. We note, however, that in a step towards a common language, the GRI has produced a set of voluntary guidelines for reporting on economic, environmental and social performance.
Page 21, Paragraph 38
2. The Introduction and Background rightly points out that governance in any context reflects the value system of the society in which it operates. There is a danger, therefore, in the view held by some that there can be some internationally accepted standard code of corporate governance.
CODE OF CORPORATE PRACTICE AND CONDUCT
3. We welcome the fact that the Code is voluntary. This approach allows organisations to develop and improve good governance practice without being straight-jacketed into a single method of compliance.
Page 23, Paragraph 1
4. The Code is intended also to apply to public sector enterprises. While much of the Code will be relevant to most public sector organisations, not all of it will be. For example, the nature, appointment and make up of boards will differ and, in some cases, the term 'board' would be inappropriate as a term for the governing body of a public sector organisation. We would welcome more guidance on how the Code could be used in the public sector, perhaps in a separate report or an annex.
Page 24, Paragraph 2.1
5. While some might consider that the amount of detail concerning the board included here is over generous, we, in fact, welcome this. Many examples of corporate governance failure and even more examples of poor management can be traced back to one of the elements described here being either missing or ineffective.
6. We suggest that the phrase at paragraph 2.1.8 "every board should consider whether its size makes it effective" should be clarified.
7. Paragraph 2.1.10 should also be made clearer (for example "the non financial aspects" of what?).
8. At paragraph 2.1.16, the statement "a board must find the correct balance between conforming to governance constraints and performing" highlights an outdated view of governance as it implies that governance is about conforming with constraints rather than about performance. The Introduction correctly affirms that good corporate governance pays and paragraph 2 of the Code concerns the board ensuring performance. Corporate governance is, therefore, established as being both about conforming with governance constraints and about performance.
Page 25, Paragraph 2.2.1
9. As regards board composition, further guidance would be helpful on what constitutes a sufficient number or proportion of independent directors.
Page 25, Paragraph 2.3
10. The roles of the chairperson and chief executive officer are not explicitly covered in the Code itself, although these roles are clearly explained in chapters 2 and 3 of Section 1. Assuming the Code is intended to stand on its own, we suggest that it should explicitly include these roles.
Page 26, Paragraphs 2.3.4 and 2.3.5
11. We welcome the requirement for appraisal of the chairperson and the chief executive officer and the requirement in paragraph 2.8 for board and director evaluation. This concept is particularly important in the light of recent events such as in Marconi, BT and Equitable Life in the UK, HIH in Australia and in Enron in the USA.
Page 26, Paragraph 2.4.3
12. Paragraph 2.4.3 needs to be redrafted. The Code categorises an executive director as an "individual who is involved in the day to day management and/or is in full time salaried employment of the company" and a non-executive director as an "individual who is not involved in the day to day management and/or is not a full time salaried employee".
The Code as presently worded implies that any individual who is neither involved in day to day management of the company nor is a full time salaried employee of the company is a non-executive director. This obviously is not the intention of the Code.
We suggest that whether an employee works full or part time is not critical to determining whether a director is executive or non-executive. Individuals who are involved in day to day management and who are also full time salaried employees are not necessarily executive directors. Furthermore, subject obviously to other criteria, it must also be possible for a part time salaried employee to be an executive director.
Page 27, Paragraph 2.4.3
13. We note the detailed criteria for an independent non-executive director. These are helpful but we suggest that the Code is amended to state that, although it is a matter for the board to decide whether a director is independent, the board should, in making that decision, have regard to the criteria given.
Page 31 Paragraph 2.8
14. We refer back to point 11 above.
Page 34, Paragraph 4
15. We welcome the section on internal audit and the requirement that companies should have an effective internal audit function. We do, however, point out that, in addition to the Institute of Internal Auditors, accounting bodies such as ACCA and the South African Institute of Chartered Accountants are also involved in internal audit.
16. We are pleased to note that in paragraph 5.2.5 the board is responsible for disclosing that there is an adequate system of internal control in place. The King Report does not specify how an organisation should assess the adequacy of such a system. We assume that the assessment criteria could include frameworks such as that of the Committee of Sponsoring Organisations in USA (known as COSO) and the Canadian Criteria on Control (known as CoCo).
17. We note that the disclosure requirements go further than those required by the Turnbull Report (UK) for the board's statement on internal control. However, whereas Turnbull requires that boards disclose a summary of the process for assessing effectiveness, King only requires the disclosure of the fact that a process is in place. We believe that there should be further guidance on the process of assessing effectiveness. We would also welcome clarification on whether or not external audit should be asked to report on the directors' statement on internal control. As noted above, we also believe that boards should be asked to summarise the process for assessing internal control.
Page 35, Paragraph 5.1.4
18. The first bullet point requires clarification. We suggest that the common understanding of risk assessment does not necessarily refer only to physical and operational risk. We wonder whether the risks listed may unintentionally limit the range of risks which will be addressed.
Page 38, Paragraph 6
19. ACCA particularly welcomes the section on non-financial matters. ACCA is a firm supporter of monitoring and reporting on environmental, social and sustainability impacts. ACCA launched the UK Environmental Reporting Awards in 1991, which has now expanded to cover social and sustainability reporting to form the ACCA Awards for Sustainability Reporting. The scheme has been mirrored by many countries world-wide and ACCA contributed significantly to the founding of the European Environmental Reporting Awards scheme. Corporate and social reporting is part of the new ACCA Corporate Governance Diploma syllabus.
20. The Code should state where such disclosures should be made. We suggest that a director is nominated to be responsible for such corporate and social reporting.
Page 40, Paragraph 8.3
21. The Code states that "reports should present a balance between the positive and negative aspects of the activities of the company". We question the openness of companies reporting on the "negative aspects" of their activities and suggest adding the word "interest" to the third line, following the word "legitimate".
Page 40, Paragraph 8.4
22. The requirements for what is to be included in the annual report should include non-financial reporting. This point relates back to paragraph 6.1 where the Code says "every company should disclose the nature and extent of its commitment to social, ethical ..." but does not state where companies should make this disclosure.
Page 41, Paragraph 9
23. We suggest that additional sub paragraphs are added to the King Code to
- require organisations to keep their codes of ethics
under review and amend them where appropriate
and
- require boards to monitor compliance with their codes of ethics and take appropriate action to ensure acceptable levels of compliance.
RECOMMENDATIONS REQUIRING STATUTORY AND OTHER ACTIONS
Page 43, Paragraph 13
24. There appears to a typographical error or a word missing at the end of the first line.
SECTION 1 - BOARDS AND DIRECTORS
Pages 45 to 73
25. The guidance for boards and directors should prove useful.
Page 45, Paragraph 3
26. The penultimate sentence implies that boards must make a choice between enterprise and control. We prefer to see control as an enabler of enterprise.
Page 47, Paragraph 8
27. There appears to be a word missing from the penultimate line.
Page 48
28. We question why the first three recommendations (concerning (1) a board charter, (2) boards determining purpose and values and monitoring implementation of strategies, and (3) boards exercising leadership, etc.) are not included in the Code.
Page 72, Paragraph 43
29. This paragraph implies that the company secretary has more authority than s/he may, in reality, have.
SECTION 2 - AUDITING AND REPORTING
Page 78, Paragraph 4.3
30. We consider that some of the points in the second bullet point may prove difficult in practice. Internal audit may jeopardise its relationship with, and duty to, management if it raises with the external auditors issues such as suspected illegal acts and disagreements with management.
Page 78, Paragraph 5.2
31. This implies that the audit committee is in some way responsible for internal control. We suggest that the word "running" is changed to "monitoring".
Page 84
32. We suggest that consideration is given to the inclusion of a recommendation that external auditors should be required to communicate matters relating to their ongoing independence to the audit committee.
Page 85, Paragraphs 5 and 8
33. The suggestion that the Companies Act is amended to require accounts to be prepared in accordance with IAS mirrors the recommendation made by the Company Law Review in the UK. Paragraph 8 suggests, however, that this requirement would not apply to small enterprises. The proposal appears to allow individual small companies to opt out of IAS, presumably to conform with the "comprehensive basis of accounting" which might be produced by the new "Smaller Enterprise Financial Reporting Council".
34. The purpose of standards is to enable comparison for the benefit of stakeholders. Allowing companies to opt out would defeat the objective. If, as suggested in paragraph 8, any shareholder could ask for accounts to be prepared in accordance with IAS, it would be cheaper and more straightforward for a single set of IAS accounts to be prepared in the first place. In the UK, FRSSE sets out the accounting standards with which small companies must comply.
Page 86, Paragraph 10
35. The proposal for the ASC structure resembles the current UK Financial Reporting Council structure, although with the addition of a "SME accounting committee". We think that the UK structure has worked well.
General (Other comment about section 2)
36. We are surprised that there is no comment about external audit review of corporate governance disclosures.
SECTION 3 - INTERNAL AUDIT
Page 92, Paragraph 4
37. All staff, including the head of internal audit, should be accountable ultimately to the chief executive officer. We believe that it is inappropriate, therefore, for the head of internal audit to report to the chairperson of the board if that person is a non-executive director. We agree that "the head of internal audit should have ready and regular access to the chairperson of the audit committee".
SECTION 4 - RISK MANAGEMENT
Page 96, Paragraph 6
38. It is often inappropriate to minimise risk. We suggest, therefore, that the phrase "controlling and minimising" be replaced by "controlling and managing".
Page 97, Paragraph 7
39. Some risks can positively affect the achievement of objectives. It follows that the options for what to do with risk should include "exploit" as well as accept, terminate, transfer, etc.
Page 97, Paragraph 10
40. This paragraph seems to call for disclosure of the risk management process in the annual report, yet the Code requires boards only to report that a process is in place (paragraph 5.2.5). The Code does not require any disclosure of risk tolerance.
41. We welcome the recommendation to make use of generally recognised risk management and internal control models and frameworks. This recommendation is not, however, supported by any guidance on models and frameworks and we suggest, therefore, that guidance on control models and examples are provided. Such models can be used to help assess the effectiveness of risk management and internal control. Contrary to what is stated on page 97, they cannot in themselves "maintain a sound system of risk management and internal control".
Page 98, Paragraph 3
42. We support the view that a dedicated committee should review the risk management process. The audit committee should have an oversight role (including high level oversight of risk management) but needs to remain independent.
Page 99
43. We refer back to point 18 above.
Pages 101 to 103
44. Section 2 is clearly based upon COSO. It would be helpful to state this and to explain that it is an example of the type of framework referred to in paragraph 5.1.3 of the Code.
Page 102, Paragraph 2.4
45. In the third bullet point, senior management will not need or wish to have "all information". We suggest that necessary information should be tested against the twin criteria of relevance and materiality.
Page 102, Paragraph 2.5 (4)
46. Key performance indicators will not affect ability, but can be indicative of the ability of the company to achieve its purpose. It is not clear whether, in this context, indicators are meant to refer to risk or performance.
Page 104, Paragraph 3
47. Paragraph 3 calls for reports from management to the board to provide "a balanced assessment of the significant risks and the effectiveness of the system of internal control". We believe that guidance should be given on how to judge effectiveness. Reference could be made to the COSO and CoCo definitions of effectiveness and their guidance on assessing the effectiveness of internal control.
Page 105, Paragraph 4
48. Paragraph 4.1 requires consideration of objectives set by the risk management process. If this really means risk management objectives, it would also be useful for the risks themselves to be assessed in the context of business objectives.
Page 102, Paragraph 5.2
49. Paragraph 5.2 requires a section within the annual report on the on-going process for identifying risk, yet (at paragraph 5.2.5) the Code only requires disclosure that a process exists.
Page 107
50. In the fourth bullet, it is obviously not possible to have a process for eliminating all possible disastrous events. We suggest the wording change from "allow" to something like 'assist' or "improve the chances of".
SECTION 5 - NON FINANCIAL MATTERS
Page 110, Paragraph 12.4
51. This refers to ISO 14000 quality standards. ISO 14000 is the Environmental Standard and ISO 9000 is the Quality Standard.
SECTION 6 - COMPLIANCE AND ENFORCEMENT
52. By saying that external audit should review certain corporate governance disclosures, Cadbury and the Combined Code made external audit part of the process of enforcement. The same opportunity should be taken here.
Page 161 - Chapter 6
53. There would appear to be a real need to encourage institutional investors to vote at company meetings, along the lines of the UK National Association of Pension Funds guidance. If there is currently no organisation for institutional investors, perhaps there should be one, so that it can play a lead role in encouraging participation by such bodies.
Page 147
54. We support the recommendation for private company accounts to be published.
55. Until shareholders take an active interest in policing governance, perhaps listed companies should make annual statements in their annual reports, to the JSE Securities Exchange South Africa or the Registrar of Companies, on the extent of their compliance with the Code.