Board Matters Quarterly - Issue 14: December 2012
Year-end issues the audit committee should consider
4. Risk management
A leading emerging practice for the AC is to challenge assumptions made by management when assessing risk, and planning for the future. The AC’s fresh perspective can ensure that the full board looks at the big picture when assessing risk and making strategic decisions.
Oversight in changing times
Events such as the earthquake in Japan, the Arab Spring uprisings, and the European sovereign debt crisis have shown how interdependent the world’s financial and consumer markets are. This global connectivity poses risks in areas such as supply chains, cyber-security and regulatory compliance, to name a few. AC should review how management has been responding to these market events.
Does management have a “battle-ready” crisis response plan that has been tested and updated? Does the company have the right talent, cultural understanding, and skills to develop credible relationships with stakeholders in new markets? A good understanding of the fundamental trends driving the changes in the global economy is important.
Evaluating internal controls
The amendments to the SGX listing rules 1207(10) and 1204(10) for Mainboard and Catalist respectively in September 2011 now require the Board to provide opinion on the adequacy of internal controls, addressing financial, operational, and compliance risks of their companies. Similarly, the revised Code also requires the Board to comment on the adequacy and effectiveness of the internal controls addressing these three areas, and its information technology controls and risk management systems.
The board and the AC should elaborate on the assessment process and key areas that they have assessed in forming the opinion, and share remediation status of key areas where there can be room for improvement. As such, additional steps may be required to establish a formal risk management framework, and integrate the risk assessment results to the existing internal controls and checking mechanism.
Companies should also refresh their approaches to evaluating internal controls every year. This effort should extend beyond testing the effectiveness of the same controls as previous years. The AC should question whether internal controls are being designed and maintained in a way that keeps up with economic and business conditions, as well as emerging financial reporting risks. This is particularly important in view of the spate of high profile accounting scandals, and unprecedented scrutiny by regulators and shareholders on fraud.
Liquidity risk and going concern
Some companies are facing difficulties securing finance, reported to have experienced reduced facilities, or more demanding covenants. Heightened liquidity risk necessitates greater attention to the key assumptions, and processes that lead to cash flow forecasts. In some cases, detailed consideration will need to be given to determine whether there are material uncertainties leading to significant doubt whether the company is a going concern.
Accordingly, the AC may want to focus on potential difficulties in accessing the debt markets, or reliance on short-term financing arrangements. The AC may also want to address whether the company’s disclosures adequately describe its sources of liquidity, impacts of the current economic environment, known trends, demands, commitments, contractual payment obligations, capital and leverage ratio, and events or uncertainties that are reasonably likely to result in a material change to liquidity.
While overseeing the assessment and disclosure of compensation-related risks is chiefly the role of the Remuneration Committee (RC) and the board, the AC can help in assessing how certain financial performance metrics, e.g., EBITDA, are employed in the company’s compensation plans. Under the revised Code, an entity is required to disclose more information on the link between performance and remuneration paid to the directors, CEO, and key management personnel. It is expected that the shareholders may challenge the basis of the compensation decisions. The revision in this area may require some AC involvement, and highlight the importance of dialogue with the RC.
The oversight of catastrophic risks should not be underestimated. This concern is even more acute for companies operating on the edge of technological advancement, and in activities with a strong public interest element, such as in oil and gas, robotics and nanotechnology, life sciences and pharmaceuticals. Even with imaginative thinking and new approaches to risk identification and oversight, no company is immune to the woes of unforeseeable events such as large-scale operational failures. The AC should ensure their companies have a robust crisis response, and business recovery plans in the event of a major catastrophe.