The ASX Corporate Governance Council, chaired by the Australian Securities Exchange (ASX), has released a second edition of Corporate Governance Principles and Recommendations (see here for the ASX announcement and related resources, or here if you want to go directly to the document).
Whether you are in Australia or not, this document includes materials useful to anybody seeking to understand or improve corporate governance principles and best practices.
The authors believe their guidance is flexible and principles-based, rather than a strict set of rules, and Australia has an “if not, why not” reporting requirement that is similar to the “comply or explain” approach popular around the world (although not in the US).
Under ASX Listing Rule 4.10.3, companies are required to provide a statement in their annual report disclosing the extent to which they have followed the Recommendations in the reporting period. Where companies have not followed all the Recommendations, they must identify the Recommendations that have not been followed and give reasons for not following them.”
The guidance has 8 principles and a number of recommendations for each. Many of the recommendations are common to other guidance and practices, so I will only show here the 8 principles and the recommendations I found most interesting (in some cases because they make requirements of actions that many companies -- especially in the US -- have not taken).
Principle 1: Lay Solid Foundations for Management & Oversight
Companies should establish and disclose the respective roles and responsibilities of board and management.
Recommendation 1.2: Companies should disclose the process for evaluating the performance of senior executives.
Principle 2: Structure the Board to Add Value
Companies should have a board of an effective composition, size and commitment to adequately discharge its responsibilities and duties.
Recommendation 2.1: A majority of the board should be independent directors.
Recommendation 2.2: The chair should be an independent director.
Recommendation 2.3: The roles of chair and chief executive officer should not be exercised by the same individual.
Recommendation 2.4: The board should establish a nomination committee.
Recommendation 2.5: Companies should disclose the process for evaluating the performance of the board, its committees and individual directors.
Principle 3: Promote Ethical & Responsible Decision-Making
Companies should actively promote ethical and responsible decision-making.
Recommendation 3.1: Companies should establish a code of conduct and disclose the code or a summary of the code as to:
- the practices necessary to maintain confidence in the company’s integrity
- the practices necessary to take into account their legal obligations and the reasonable expectations of their stakeholders
- the responsibility and accountability of individuals for reporting and investigating reports of unethical practices.
Principle 4: Safeguard Integrity in Financial Reporting
Companies should have a structure to independently verify and safeguard the integrity of their financial reporting.
Principle 5: Make Timely & Balanced Disclosure
Companies should promote timely and balanced disclosure of all material matters concerning the company.
Recommendation 5.1: Companies should establish written policies designed to ensure compliance with ASX Listing Rule disclosure requirements and to ensure accountability at a senior executive level for that compliance and disclose those policies or a summary of those policies.
Principle 6: Respect the Rights of Shareholders
Companies should respect the rights of shareholders and facilitate the effective exercise of those rights.
Principle 7: Recognize & Manage Risk
Companies should establish a sound system of risk oversight and management and internal control.
Recommendation 7.1: Companies should establish policies for the oversight and management of material business risks and disclose a summary of those policies.
Recommendation 7.2: The board should require management to design and implement the risk management and internal control system to manage the company’s material business risks and report to it on whether those risks are being managed effectively. The board should disclose that management has reported to it as to the effectiveness of the company’s management of its material business risks.
Recommendation 7.3: The board should disclose whether it has received assurance from the chief executive officer (or equivalent) and the chief financial officer (or equivalent) that the declaration provided in accordance with section 295A of the Corporations Act is founded on a sound system of risk management and internal control and that the system is operating effectively in all material respects in relation to financial reporting risks.
Comment: I really like these. I would go further and ask that the internal audit function provide an annual, formal assessment of management’s risk management framework and processes.
Principle 8: Remunerate Fairly & Responsibly
Companies should ensure that the level and composition of remuneration is sufficient and reasonable and that its relationship to performance is clear.
The guidance has a lot of detail that merits review, including:
- Suggested guidelines for determining whether a director is independent.
- A discussion of the role of the nominating committee.
- Possible content for a code of conduct.
- Content for a policy on trading by directors or employees in the company’s shares.
- The responsibilities of the audit committee relative to financial reporting, including their reporting to the full board their “assessment of whether external reporting is consistent with committee members’ information and knowledge and is adequate for shareholder needs.”
- A definition of risk management as “the culture, processes and structures that are directed towards taking advantage of potential opportunities while managing potential adverse effects.”
- A statement that “the board is responsible for reviewing the company’s policies on risk oversight and management and satisfying itself that management has developed and implemented a sound system of risk management and internal control.”
- Another statement, that “failure to consider the reasonable expectations of stakeholders can threaten a company’s reputation and the success of its business operations. Effective risk management involves considering factors which bear upon the company’s continued good standing with its stakeholders.”
- A very clear line between internal audit and external audit: “The internal audit function should be independent of the external auditor.”
- An equally clear assignment of responsibility for risk management: “Ultimate responsibility for risk oversight and risk management rests with the full board, whether or not a separate risk management committee exists.”
- Guidance that non-executive directors should NOT receive options, retirement benefits or bonuses.
By the way, I am pleased to say that the Institute of Internal Auditors Australia is represented on the ASX Corporate Governance Council.
Editor's Note: To read more articles by Norman Marks:
- How Governance and Risk Management Failures Contributed to the Fall of Major UK Bank
- Mobile Risks and Opportunities: Is Your Company's Strategy Optimized?
- Information Security Study Shows Increased Risk, Insufficient Spending