Risk & Risk Management

1. RISK AND
RISK MANAGEMENT
Stephen Ong
BSc(Hons) Econs (LSE),
MBA International Business(Bradford)
Visiting Fellow, Birmingham City University
Visiting Professor, Shenzhen University
MSC ACCOUNTANCY & FINANCE :
CORPORATE GOVERNANCE
& OPERATIONS RISK ANALYSIS AND CONTROL

2. • Video : Pretty Slick
• Discussion : Corporate
Governance Research in
Accounting and Auditing
1
•Risk and Risk
Management
2
• Case Presentation:
GENERAL MOTORS3
Today’s Overview

3. VIDEO : PRETTY SLICK

4. 1. Open Discussion
• Carcello, Joseph V., Hermanson, Dana R. & Ye,
Zhongxia (Shelly) (2011) Corporate
Governance Research in Accounting and
Auditing: Insights, Practice Implications, and
Future Research Directions, Auditing Vol.30
No.3 (Aug 2011): 1-31.

6. 1. Risks,
Business Objectives
& the
Assurance Agenda

7. Learning from the future
“There are known knowns. These are things
we know that we know.
There are known unknowns. That is to say,
there are things that we know we don't know.
But there are also unknown unknowns.
There are things we don't know we don't
know."
Donald Rumsfeld 2003
US Defence Secretary of State

8. Learning from the past
“Risk management is an increasingly
important business driver and
stakeholders have become much
more concerned about risk.”
Source: A structured approach to Enterprise Risk Management (ERM) and the
requirements of ISO 31000 IRM, Alarm, Airmic (2010)

9. Categories of Risk
• Fundamental risks (community)
• Particular risks (individual)
• Speculative risks (upside & downside risks of
business ventures)
• Pure risks (harmful or act of God)

10. Strategic & Operational Risks
STRATEGIC RISKS
• Industries/Markets
• Economy
• Competitors
• Product life cycle
• Inputs/Resources
• Operating gearing (Fixed
Costs/Total Costs)
• Production Process
flexibility
• R&D and Innovation
• New Technology
OPERATIONAL RISKS
• Internal control system/
audit losses
• Regulations/ internal
procedures non-compliance
• IT failures
• Human error
• Key-person loss
• Fraud
• Business interruptions

11. Types of Organisational Risks
1. Competitor risks
2. Product risks
3. Commodity risks(supply /price)
4. Stakeholder risks
(investors/suppliers/ employees/
customers)
5. Environmental & social risks
6. Financial risks
(credit/ liquidity/ cash management/
currency/ interest rate/ market/ reporting/
finance provider)
7. Investment risks
8. Legal, political & cultural risks
9. IT risks
10. Knowledge management risks
11. Property risks
12. Health & Safety risks
13. Trading risks
(physical/trade/ credit/liquidity)
14. Event risks
15. Cost & resource wastage risks
16. Organisational risks
17. Inadequate systems risks
18. Fraud & employee malfeasance
risks
19. Probity risks (unethical
behaviour)
20. Reputation risks

12. Board – Essential roles?
• Develop strategy
• Establish and monitor policy
• Ensure compliance with governing
documents
• Ensure accountability
• Compliance with law
• Maintain effective board performance
• Promote the organisation
• Proper fiscal oversight
• Respect role of staff
• Set up employment procedures
• Select and support CEO
R
I
S
K

13. Recognising critical business issues
• Is progress of the business in line with
expectations
• Are we achieving objectives
- within profit centres
- in terms of quality
• Are our operations sufficiently transparent?
• Do we recognise barriers to progress?
• Is customer and supplier feedback
appropriate?
• All reflect degrees of risk?

14. Governance aspects of risk
• Decide on key business objectives
• Financial and Non Financial
• Identify inherent risks to non achievement
of objectives
• Agree risk appetite or tolerance limits
• Access controls and assurance available
• Focus on materiality of gaps and
implications for all stakeholders
• Treat and review

15. Question : When is a risk not a risk?
When it’s too late – it’s reality!

16. Overview of risk management process
Source: ISO 31000

17. The Risk Management process(1)
The risk management process involves:[3]
• Establishing Context: This includes an understanding of
the current conditions in which the organization
operates on an internal, external and risk management
context.
• Identifying Risks: This includes the documentation of
the material threats to the organization’s achievement
of its objectives and the representation of areas to the
organization may exploit for competitive advantage.
• Analyzing/Quantifying Risks: This includes the
calibration and, if possible, creation of probability
distributions of outcomes for each material risk.

18. The Risk Management Process (2)
• Integrating Risks: This includes the aggregation of all
risk distributions, and the formulation of the results in
terms of impact on the organization’s key performance
metrics, through communication and consultation.
• Assessing/Prioritizing Risks: This includes the
determination of the contribution of each risk to the
aggregate risk profile, and appropriate prioritization.
• Treating/Exploiting Risks: This includes the
development of strategies for controlling and exploiting
the various risks.
• Monitoring and Reviewing: This includes the continual
measurement and monitoring of the risk environment
and the performance of the risk management
strategies.

19. Or in other words
• recognition or identification of risks
• ranking or evaluation of risks
• responding to significant risks
• resourcing controls
• reaction planning
• reporting and monitoring risk performance
• reviewing the risk management framework

20. The wider assurance agenda
• Can Board agree risk appetite
• What we will accept
• What we will not accept
• Consider and agree tolerance allowed
• Implement effective dashboard of key
measures
• Agree assurance actions required
- to manage short term impact
- to ensure longer term viability

21. Sharing understanding
• What does impact mean
• Its not just financial!
• What does likelihood mean
• Certain reflects doomsday
situation!

22. Components of appetite relating to
impact
• Quality of services
• Customer complaints
• Health and Safety
• Regulator feedback
• Legislation
• Staff morale
• Finance
• Information governance & security

23. Components of appetite relating to
likelihood
• Has happened in our organisation
• Has happened in our industry
• Has happened in this country
• Global experience
• Use of statistical analysis and
probability scoring

24. Formal Risk Rating
Corporate Risk Rating must reflect a transparent
understanding of the risk appetite of the Board
IMPACTONBUSINESS
Critical
4
4 8 12 16
Unacceptable level of risk exposure,
which requires extensive management
Major
3
3 6 9 12
Moderate
2
2 4 6 8
4 – 8: Risk management measures need
to be put in place and monitored
Minor
1
1 2 3 4
Almost
Never
1
Unlikely
2
Likely
3
Almost
Certain
4 1 – 3: Acceptable level of risk subject to
regular monitoring
LIKELIHOOD OF OCCURING

25. Informal Risk Rating – by concensus
Corporate Risk Rating must reflect a transparent
understanding of the risk appetite of the Board
IMPACTONBUSINESS
Critical
Unacceptable level of risk
exposure, which requires extensive
management
Major
Moderate
Risk management measures need to be
put in place and monitored
Minor
Almost
Never
Unlikely
Likely Almost
Certain
Acceptable level of risk subject to
regular monitoring
LIKELIHOOD OF OCCURING
1
2
4
3

26. Set Business &
Department
objectives
Business
Plan
Consider Risk and
performance Targets
Agree Assurance
Framework
Role for Internal
Audit
Review, Feedback
and follow up
Assurance
Cycle
Assurance Cycle Overview

27. So whose responsibility
Question 1: Top down vs Bottom up?
• Board should lead
• Executive Management
• Risk Managers
• Operational Management
• Employees
Question 2: Internal or External?
• Stakeholder involvement

28. Implementation of controls assurance
Board Action Plan
Board Reports
Assurances on Controls
Key Controls
Principal Risks
Principal Objectives
Close gaps
Positive Assurance, gaps in control, gaps in assurance
Sources of Assurance
Map Controls
Risk Appetite
Business Plan

29. A question
• Can executive management do this alone?
• The need for a second pair of eyes!

30. Three lines of defence
• Executive Management
• Internal Control
• Independent Assurance
Reliance on use of standard management systems
- Management Accounts
- Appraisal and Development
- Staff surveys
- Customer feedback

31. Summary
“If you are going to play know
three things first, ‘the rules of
the game, the stakes, and the
quitting time”
(Chinese proverb)

32. 2. Risk
Response

33. Effective Risk Management
Stages
• Establishing Context within
Corporate Objectives
• Identifying and recording
Risks
• Analyzing/Quantifying Risks
• Integrating Risks to a whole
organisation level
• Assessing/Prioritizing Risks
• Treating/Exploiting Risks
• Monitoring and Reviewing
Practical considerations
• Need to embed
throughout the
organisation
• Common vision and
mission
• Definition of risk
appetite
• Reporting and
communication

34. Components of appetite relating to
IMPACT
• Quality of services
• Customer complaints
• Health and Safety
• Regulator feedback
• Legislation
• Staff morale
• Finance
• Information governance & security

35. Components of appetite relating to
LIKELIHOOD
• Has happened in our
organisation
• Has happened in our
industry
• Has happened in this
country
• Global experience
• Use of statistical analysis
and probability scoring

36. Formal Risk Rating
Corporate Risk Rating must reflect a
transparent understanding of the risk appetite
of the Board
IMPACTONBUSINESS
Critical
4
4 8 12 16
Unacceptable level of risk exposure,
which requires extensive management
Major
3
3 6 9 12
Moderate
2
2 4 6 8
4 – 8: Risk management measures
need to be put in place and monitored
Minor
1
1 2 3 4
Almost
Never
1
Unlikely
2
Likely
3
Almost
Certain
4 1 – 3: Acceptable level of risk subject to
regular monitoring
LIKELIHOOD OF OCCURING

37. Informal Risk Rating – by concensus
Corporate Risk Rating must reflect a transparent
understanding of the risk appetite of the Board
IMPACTONBUSINESS
Critical
Unacceptable level of risk exposure, which
requires extensive management
Major
Moderate
Risk management measures need to be put
in place and monitored
Minor
Almost
Never
Unlikely
Likely Almost
Certain
Acceptable level of risk subject to regular
monitoring
LIKELIHOOD OF OCCURING
1
2
4
3

39. Risk response options
Is your glass half full or half MT?
The 4M
• Mitigate
• Manage
• Monitor
• Move it
Internal Audit
speak
The 4T
• Terminate
• Treat
• Tolerate
• Transfer
Risk Management
speak

40. Where there is an action....
• Recognise real issues within
in organisation
• Focus appropriate
management attention
• Delivery of assurance
through review and closure
• Need to recognise
relationship to achievement
of corporate and
operational targets.
• Relevance to Governance
Statements in Annual
Reports
High
Medium
Low
Low Medium High
S
I
G
N
I
F
I
C
A
N
C
E
PROBABILITY
Requires
close
monitoring
Manage and
monitor
Significant
focus and
action
Accept but
monitor
Management
effort
worthwhile
Manage
and
monitor
Accept risks
Accept but
periodically
review
Accept but
monitor

41. Summary
• No right answer
• Often needs an agreed approach
within leadership style
• Needs follow up
• Review
• Action
• Part of continuous assurance cycle.

42. 3. Risk Monitoring,
Reporting
&
Assurance

43. Formal Risk Rating
Corporate Risk Rating must reflect a
transparent understanding of the risk appetite
of the Board
IMPACTONBUSINESS
Critical
4
4 8 12 16
Unacceptable level of risk exposure,
which requires extensive management
Major
3
3 6 9 12
Moderate
2
2 4 6 8
4 – 8: Risk management measures need
to be put in place and monitored
Minor
1
1 2 3 4
Almost
Never
1
Unlikely
2
Likely
3
Almost
Certain
4
1 – 3: Acceptable level of risk subject to
regular monitoring
LIKELIHOOD OF OCCURING

44. So we agree what is a risk?
• We have a risk
register
• A list of actions
• A timeframe
• A responsible
manager
Does it stop there?

45. Real time review
• Monitoring and review ensures that the
organisation monitors risk performance and
learns from experience.
• Communication and consultation ensures that
the organisation is aware of what measures
are being taken so that everyone concerned
can consider whether the actions being taken
might effect them or their part of the
organisation
• All part of a continuous process

46. Real time review allows
• Follow up of known issues and actions
• Consideration of emerging and new risk
through effective identification
• Aligned with routine management
procedures
• Operations level
• Management level
• Board level

47. Hierarchy of risk reporting
Board
Executive
Management
Operational
Management
• Continuous examination of
operational risks
• Consideration of material risks
within risk definitions
• Consideration at meetings
• Review of performance against business
expectations at EMT
• View to risk horizon through effective
scanning and intelligence
• Relationship with middle management
• Commitment to upwards reporting
• Review of business critical risks and
actions to manage
• Relationship with Executive
Management
• Focus on annual business performance
data link to Governance Statement
• Setting risk appetite

48. The big questions therefore:
• From where does the Board get assurance?
• Is assurance just financial?
• To what extent should the Board reveal
significant risk exposures to the outside
world particularly in Governance
Statements?
• Provision of confidence to investors and
customers?
• Where are the primary sources of
assurance?

49. Using technology
• Allows continuous update in line with
identification
• Instant notification
• Joint review of position including impact and
likelihood features for upwards reporting
• Recording of risk related decisions and actions: -
tolerate, treat, transfer or terminate
• Reminders regarding actions and overdue
closure
• ‘Encourages’ buy-in throughout the organisation

50. The assurance agenda - the providers
• Management
Executive, Health and Safety,
Purchasing, IT, Quality,
• Surveys
Staff, customers, partners
• Regulator
Monitoring returns, inspections
• Third parties
IIE, IIP, Social Enterprise Mark,
• Professional advisors
Insurers, External Audit, Lawyers,
Bankers
• Internal Audit

51. Introducing independence
– A role for non executive directors
• Guardians of Stakeholder interest
• More than just financial
• Provision of assurance
- Annual Report and Accounts
- Sustainability reports
- Health and Safety
• But in a Non quoted company?
- Use of independent advisors
• Engagement of third parties including trade unions
and the media
• Use an assurance framework and internal audit

52. The role of transparency
• Governance Statements/Statements of Internal
Control
• Role of the Audit Committee
• Stakeholder assurance requirements
• The focus on risk, good governance and effective
reporting
• Assurance Frameworks
• Risk Management
• Role of Internal Audit?

53. The supporting role of internal audit
2050 Coordination
The chief audit executive should share information
and coordinate activities with other internal and
external providers of assurance and consulting
services to ensure proper coverage and minimise
duplication of efforts.
2060 Reporting to Senior Management and the
Board
The chief audit executive must report periodically
to senior management and the board on the
internal audit activity’s
purpose, authority, responsibility and
performance relative to its plan. Reporting must
also include significant risk exposures and control
issues, including fraud risks, governance issues
and other matters needed or requested by senior
management and the board.
Source: IIA Performance standard (IPPF)

54. Role of internal audit in practice
The frequency and content of reporting
should be determined in discussion
with board and senior management and
depend on the importance of the
information to be communicated and
the urgency of the related actions to be
taken by senior management or the
board.
The link to the Governance Statement
of the organisation is unequivocal.

55. Negative assurance
Internal Audit should agree nature and basis on
which opinions will be provided
• Anything that isn’t positive – full, substantial
are usual.
• Adequate or limited means something is
wrong.
Otherwise look for use of wording – “nothing
came to the attention of the internal auditor
that would….”

56. Frequency of periodic reporting
• Formal reporting linked to Board agenda –
Quarterly, Half yearly or Annually?
• Role for Audit Committee
• Audit Committee Chair access – two way?
• Consideration by Executive Management
• Meeting of specialist risk group
• Risk Champions
• Informal reporting

57. Summary
• Is finance the only language the organisation
understands
• Increasing attention to risk as part of the
governance agenda
• Relevance to both Shareholders and stakeholders
• Linked to continuous assurance cycle and the need
for an Assurance Framework.
• Must be live within organisational environment!

58. 4.
Transparency,
Internal
Control
&
Risk
Management

59. The Role of Transparency in
Corporate Governance
• How does corporate
transparency contribute to
corporate governance
• What mechanisms contribute to
transparency

60. Learning Outcomes
By the end of this lecture, students should be able to:
• emphasise the essential role played by corporate
disclosure in corporate governance
• define internal control, risk and risk management
• appreciate the importance of the audit function
• introduce the emerging areas of governance
reporting and forward-looking narrative reporting

61. Internal Control and Corporate
Governance
• "The whole system of controls, financial and
otherwise, established in order to provide
reasonable assurance of: effective and
efficient operations; internal financial
control; and compliance with laws and
regulations"

62. The Turnbull Framework

63. Revised Guidance on Internal
Control (FRC, 2005)
• Confirmed flexible, principles-based
approach
• Endorsed original Turnbull Report

64. Summary of the Main Revisions to the
Turnbull Guidance in 2005 (1)
• A new preface was added to encourage
boards to review on a continuing basis their
application of the guidance and consider the
internal control statement as an opportunity
to communicate to their shareholders how
they manage risk and internal control.

65. Summary of the Main Revisions to
the Turnbull Guidance in 2005 (2)
• The introduction was reorganized to reinforce
the message that the guidance aims to reflect
sound business practice as well as to aid
companies in complying with the internal
control requirements of the Combined Code.
• Changes to the Combined Code and Listing Rules
since 1999 were incorporated.
• The new guidance emphasized the need for
directors to apply the same standard of care
when reviewing the effectiveness of internal
control as when exercising their general duties.

66. Summary of the Main Revisions to
the Turnbull Guidance in 2005 (3)
• The section of the guidance relating to the Code
provision on internal audit was removed and
incorporated into the Smith guidance on audit
committees.
• The revised guidance requires boards to confirm in
their annual report that they have taken the action
necessary to remedy any significant failings or
weaknesses identified from their review of the
effectiveness of the internal control system.
• They are also required to include in the annual
report information considered necessary to aid
shareholders in understanding the main features of
the company's risk management processes and
system of internal control.

67. Review of Turnbull recommended:
• Self-evaluative disclosure of how board has
dealt with any weaknesses or failings
identified from their review of the internal
control system

68. Corporate Risk Disclosure Framework
• Ideal framework for risk disclosure (Solomon,
Norton and Joseph, 2000,2002)
• Operating and Financial Review (OFR)
– Environment
– Level of Risk Disclosure
– Location
– Risk Disclosure preference
– Forum of Risk Disclosure
– Investors’ Attitudes

69. Abraham and Cox (2006)
• Companies with a higher proportion of
ownership by in-house managed pension
funds were characterized by lower levels of
risk disclosure

70. Sarbanes-Oxley: The Impact
• All US companies forced to submit an annual
assessment of the effectiveness of their
internal control systems to the Security
Exchange Council (SEC)
• Companies' independent auditors forced to
audit and report on the internal control reports
produced by management, in the same way as
they audit the financial statements
• All listed companies must have a disclosure
committee with the remit of overseeing the
process by which disclosures are created and
reviewed
• emphasized the need for auditor independence

71. Significant Impact on Audit Fees
• Big four accounting firms have doubled their
audit fees with US clients

72. Disclosure and Corporate Governance
“The lifeblood of markets is information
and barriers to the flow of relevant
information represent imperfections in
the market . . .
The more the activities of companies
are transparent, the more accurately
will their securities be valued. “
(Cadbury Report, 1992, p. 33)

73. Developments in Governance
Reporting
• Largely neglected until now
• Independent Audit Limited (2006) provides:
– empirical evidence on users’ attitudes towards
the current state of governance reporting
• a practical framework for corporate
governance disclosure

74. Leadership, Direction & Control
“. . . Most long-term investors do think seriously
about governance. They are increasingly
recognizing that good governance is about
good leadership, direction and control,
and should be taken into account in the
assessment of management performance . . . “
(Independent Audit limited, 2006, p.2)

75. The Report found that investors
unanimously require: (1)
1. less boilerplate disclosures, with the focus
on quality not quantity
2. inclusion of illustrative examples to provide
insight
3. governance reporting that reflects each
individual company's approach to
corporate governance, reflecting its
strategy and culture
4. a focus on current, relevant issues to avoid
year-on-year repetition of themes

76. The Report found that investors
unanimously require: (2)
5. a focus on the role boards play and a link with
performance rather than a description of what it does
6. discussion of how board membership contributes to
corporate strategy
7. information about the effectiveness of the non-
executive directors' role in challenging executive
management and complementing the skills of the
executives
8. The report also highlighted the potential for better
governance reporting to contribute to the growing
dialogue between companies and their investors

77. The reporting framework is based on
recommended questions for boards
• What is the board's role and what did it do?
• What gives the board confidence it has the right
people?
• How did the board work together?
• How did management support the workings of the
board?
• How did the board ensure it was fully effective?
• How did dialogue with investors help the board to
meet its objectives?

78. The Report found that investors
unanimously require: (3)
9. need for greater self-
evaluation and reflexivity in
the board's reporting of
their own effectiveness

79. BP's (2005) annual report comments
"The board continued its ongoing evaluation processes to
assess its performance and identified areas in which its
effectiveness, policies or processes might be enhanced. A
formal evaluation of board process and effectiveness was
undertaken, drawing on internal resources, individual
questionnaires and interviews were completed; no
individual performance problems were
identified. The results showed an improvement
from the previous evaluation, particularly in board
committee process and activities, while also identifying
areas for further improvement. Regular evaluation of
board effectiveness underpins our confidence in BP's
governance policies and processes and affords opportunity
for their development" (BP, 2005, p.161).

80. BP's (2005) annual report
• Report does not mention STAKEHOLDERS!
• Promotes long-term shareholder interest
• May encourage 'cherry picking' not critical
self-evaluation

81. The Operating and Financial Review
Fiasco
• narrative disclosure
• forward-looking
• makes information accessible to broad range
of report users
• Solomon, J. F. and C. R. P. Edgley (2008) "The
Abandoned Mandatory OFR: A Lost
Opportunity for SER?", Social Responsibility
Journal, Vol.4, No.3, pp.324-348.

82. Business Review requirements:
• fair review of the business
• description of principal risks and uncertainties
facing the company
• balanced and comprehensive analysis of the
development and performance of the business
during the financial year and the position of the
business at the end of the year
• requirement (to the extent necessary) to include
financial key performance indicators and (where
appropriate) non-financial key performance
indicators.
• Far less effective for stakeholder accountability

83. Timeline of OFR Events: Solomon and
Edgley (2007)
5 May2004:Thegovernmentannouncesitsplansfora mandatoryOFR

1 April2005:NewprovisionswereinsertedintotheCompaniesAct1985 requiringquotedcompaniesto producea
statutoryOFRforreportingperiodscommencingonorafter1 April2005

10May2005: TheASBpublishedReportingStandard1 (RS1)

28Nov2005:(i)GordonBrownannouncedthatthemandatoryOFRwouldbescrapped. HetoldCBImembersthat
whileSER reflectedbestpractice,heunderstoodconcernsabouttheextraadministrativecostsofthe"gold-plated
regulatoryrequirement"andthatwaswhyhewasabolishingtheOFR.
(ii)Allcompaniesmuststill complywiththeextendedBusinessReview(BR)requirementsoriginallyintroducedat
thesametimeastheOFR.TheBRformspartoftheDirectors’ Report, andcomplieswiththeminimumrequirements
oftheEUAccountsModernisationDirective.

84. 14Dec2005:Ethicalinvestors,charities,academicinstitutionsandfaithgroupswrotetoGordonBrowncriticisinghis
decisiontoabolishtheOFR

15Dec2005:TheDTIMinisterAlunMichaelinvitedviewsonnarrativereportingby15February2006

11Jan2006:FriendsofTheEarth(FoE)filedanapplicationforajudicialreviewofthedecision

12Jan2006:AgroupofmajorassetmanagementgroupswrotetotheDTIconcernedthatcompanies’reporting
effortscouldbedestabilizedbyalackofgovernmentguidancefollowingtheendofthemandatoryOFR.
LegislationpassedtowithdrawtheOFRrequirement.

85. 26 Jan 2006: The ASB converted RS1 into non statutory best practice guidance (Reporting Statement 1)

1 Feb 2006: Alun Michael announced renewed consultation on how the Company Law Reform (CLR) Bill might be
amended. The consultation on the BR, which had been due to close on 14 February was extended until 24 March.

2 Feb 2006: FoE claimed victory and issued a press release stating that the Government has been forced into a
dramatic climb down over abolition of the mandatory OFR following an imminent legal challenge by FoE. The
Treasury had also agreed to pay FoE's legal costs in order to avoid the group taking the judicial review to Court

24 Mar 2006: The CBI issued an official response to the DTI supporting the Government’s decision to abolish the OFR
but retain BRs.

3 May 2006: Amendments were made to the CLR Bill to give effect to changes to the content of companies' BRs. Alun
Michael announced “Quoted companies will need to ensure that…their business review includes: (a) the main trends
and factors likely to affect the future development, performance and position of the company's business; and(b)
information about:
(i) environmental matters (including the impact of the company's business on the environment),
(ii) the company's employees, and
(iii) social and community issues, including information about any policies of the company in relation
to those matters and the effectiveness of those policies. Directors will need to state in their Review if they do not
think it necessary to include information about (i), (ii) or (iii) above.
FoE issued a press release attacking the Government's announcement that it would not be re-instating the OFR. FoE
welcomed new reporting requirements which stated companies must provide information on environmental matters
but warned that the amendments to the CLR Reform Bill would fail to remedy companies' worst abuses of the
environment both here and overseas.

86. 
26July2006:FoEissuedapressrelease.“FriendsoftheEarthwilltoday…challengetheGovernmenttostrengthen
itsCompaniesBillwhenitreturnstotheHouseofCommonsintheautumn,aftertherevelationthatitscurrent
proposalsforannualenvironmentreportswouldaffectjustoneofthetoptenpollutingcompaniesfromlastyear.”

87. The Role of Audit in Corporate
Governance
“The annual audit is one of the
cornerstones of corporate governance
. . . The audit provides an external and
objective check on the way in which
the financial statements have been
prepared and presented.”
(Cadbury Report, 1992, p. 36, para. 5.1)

88. Auditor Independence
• Balance between close relationship and
preserving independence
• Provision of non-audit services
• “. . . we do not believe it would be right to
seek to impose specific restrictions on the
auditor’s supply of non-audit services
through the vehicle of Code guidance. We are
sceptical of a prescriptive approach, since we
believe that there are no clear-cut, universal
answers . . . there may be genuine benefits to
efficiency and effectiveness from
auditors doing non-audit work. “ (Smith
Report, 2003, p. 27, para. 35)

89. Audit Committee
• Rotation of auditors
• Smith Report
• Audit committees
• Cadbury Report recommended that all
companies should establish audit committees

90. Audit Committee
• Recent research has shown that there is
convergence in corporate governance within
Europe in the area of audit committees.
• Collier and Zaman (2005) found wide
adoption by European countries of the audit
committee concept

91. Effectiveness of the Audit Function
“We do have—not officially, not publicly—concerns
about their independence overall . . . you would be
amazed at how, when you speak to auditors, from big
firms as well as little firms, at drinks parties, at non-
official events, and when they are in isolation (you
would never get this if you had an audit conference),
they often say that they are amazed that more does
not come to light or that they often get their arm
twisted by management—not from their own practice
but of the companies they are auditing—to not worry
about it, it is under control. I do find that quite
alarming. What do you do about it? You cannot go out
and say, ’Investment management believes that the
auditing profession is completely corrupt!’.

93. CASE DISCUSSION :
GOLDMAN SACHS
AND ITS
REPUTATION

94. Cases - Goldman Sachs and Its
Reputation
• Goldman Sachs is a bank, but it does not take
deposits, issue credit cards, make mortgage
loans, or interact with consumers
• Goldman was the most prestigious and most
profitable of the investment banks
• Goldman Sachs had been a major participant in
the events leading up to the financial crisis
• During the financial crisis Goldman performed
much better than other banks

95. The Nonmarket Environment of the
Financial Services Industry
Issues
Interests
Institutions
Information

96. Casestudy 2 : General Motors
1. Read and prepare the Casestudy on General
Motors (Monks & Minow (2011)) for
discussion. Identify the corporate
governance issues faced.

97. Casestudy Exercise
In groups of four members you are required to:
1. Allocate responsibility to – a non executive director, a CEO,
A Health and Safety Manager and a Risk Manager
2. Analyse the scenario’s in the case study and discuss which
are the most critical risks that the organisation faces.
3. Plot the resulting risk analysis on an appropriate risk map.
4. Decide what is your groups response.

98. Further Reading
• Solomon, Jill (2010) Corporate Governance
and Accountability 3rd Edition, Wiley, UK.
Ch.6
• Goergen, Marc (2012) International
Corporate Governance, Pearson. Ch.15
• Larker & Tayan (2011) Ch.6
• CIMA - Performance Strategy: Study Text
(2012) BPP Learning Media Ltd. Part B : 1-2

99. Additional Readings (1)
• Solomon, J. F., Solomon, A., Norton, S. D. and Joseph, N.
L. (2000) ‘A conceptual framework for corporate risk
disclosure emerging from the agenda for corporate
governance reform’, British Accounting Review, 32(4),
December, 447–478.
• Collier, P. and M. Zaman (2005) "Convergence in
European Corporate Governance: The Audit Committee
Concept", Corporate Governance: An International
Review, Vol.13, No.6, November, pp.753-768.
• Independent Audit Limited (2006) Better Governance
Reporting, Independent Audit Limited, London, UK.
• Solomon, J. F. and C. R. P. Edgley (2008) "The
Abandoned Mandatory OFR: A Lost Opportunity for
SER?", Social Responsibility Journal, Vol.4, No.3, pp.324-
348.

100. NEXT Ideas for Discussion
• Mayer, Colin (2002) “Corporate Cultures
and Governance: Ownership, Control and
Governance of European and US
Corporations”, TRANSATLANTIC
PERSPECTIVES ON US-EU ECONOMIC
RELATIONS:CONVERGENCE, COOPERATION
AND CONFLICT ,Conference paper, JFK
School of Government, Harvard University,
April 11-12

101. QUESTIONS?