 |
|||
 |
|||
  |
|||||
 |
 |
 |
 |
 |
 |
 |
|
| Speeches & Papers |  |
|
Home > About Us > Speeches & Papers |
 |
|
RISK MANAGEMENT AND GOVERNANCE Presentation to By Wayne Cameron, 13 November 2003 Much has been written in recent times about the nature of corporate governance and why it is important. It would be presumptuous therefore of me to traverse in my presentation to you this afternoon what is available in an ever increasing range of publications and from numerous websites. Yet despite the prevalence of this material, instances come to the surface repeatedly highlighting the difficulties some have in applying these straightforward principles in practice. So why all the focus on governance? • Corporate failures • The pressure to perform • Emergence of new risks • Regulators and standard setters are increasingly requiring organisations to adopt best corporate governance standards • Changes in the way the public sector conducts its business How many of you, for example, are involved in outsourcing? What were some of the first things that you found you had to do? Clearly define your service requirements? But how many of you gave enough attention to your changed business relationships? How did you ensure that the core public service ethical, informational, consultative and collaborative arrangements remained effective? Corporate governance in the public sector is more complex, having to satisfy a broader range of political, economic, environmental and social objectives, according to a greater variety of requirements, influences and public expectations, than do businesses in the private sector. What then is corporate governance? Much of the public debate has centred on the corporate sector and on issues unique to that sector – such as incentivised remuneration arrangements, related party abuse and conflict of interest issues. But we should not dismiss the debate as irrelevant. I am here to tell you that we have our share of governance issues to be concerned about as well. We should take this opportunity to make sure that we all learn from the debate and ensure that we in the VPS apply best governance practice at all times. “Governance is concerned with structures and processes for decision making, accountability, control and behaviour at the top of an entity.” (IFAC) “It influences how the objectives of an organisation are set and achieved, how risk is monitored and assessed and how performance is optimised.” (ASX) It is generally understood to encompass authority, stewardship, leadership, behaviour, direction and control. Good governance will result from behaviour rather than process Good governance will not guarantee good practice, but it does provide a discipline around which to frame quality processes and relationships. “If nobody makes the rules then it turns into a game without rules – and nobody wins that kind of game.” (John Macdonald) Counsel assisting the HIH Royal Commission was recently reported as saying that corporate Australia should aspire to improved moral and ethical standards rather than tick-in-a-box corporate governance. Processes are important as the means to the end - not the end in itself! Governance framework This diagram is a modification of my Office’s 2003-04 Annual Plan. I will now discuss each of the 4 pillars.  Leadership, stewardship, management control and risk management are included at the centre to ensure they are not overlooked by those holding Governance responsibility. Minister of Finance Directions require that: “A Public sector agency has a financial code of practice setting out a cohesive statement of the agency’s internal processes to ensure probity in the agency’s management.” The guide goes on to set out agency code of practice requirements: Each agency is to maintain appropriate structures and responsibilities to ensure compliance with the code and must cover areas such as tendering, conflict of interest, confidentiality, and unlawful or unethical behaviour. Strategy and direction Those with governance responsibilities must establish the entity’s strategy and direction.  Both long and short term goals and objectives need to be supported by specific strategies for their achievement. Goals should be explicit about performance objectives supported by plans covering finance (budget), assets, technology and personnel requirements. It is important that strategy, policies and other directions be clearly specified, communicated and understood by those parties responsible for their implementation. Responsibilities and accountabilities must be clear. Departments – S&D will be developed by the respective secretaries/ministers in the context of government’s goals and desired outcomes. Statutory Boards – S&D will be developed in the context of enabling statute having regard for government goals and desired outcomes. These principles are reflected in a recently released report on governance review of hospitals. An example: Statutory bodies Parliament has established boards to oversee the management of the entity. Board is responsible for setting corporate objectives, developing policies governing day-to-day operations, and overseeing the implementation of those policies through the CEO. The Crown has retained certain rights, usually espoused in legislation, which are exercised through the responsible minister: • To exercise control over the entity and determine its direction, as expressed in legislation • To appoint and dismiss members of the board • To approve the size, shape and scope of the entity’s operations • Exercise other rights contained in legislation. The board is immediately accountable to the responsible minister for the performance of the entity. The minister is responsible for ensuring the entity is managed in the Crown’s interests, and so plays a key part in the governance framework for the entity. Structures and relationships
Effective governance requires explicit role definition of key participants in the governance process. It must include the control, reporting and accountability arrangements established to facilitate communication, action and monitoring. Governing body members need a proper induction process to ensure they are clear about their role and about that of management, the nature of the relationship with government (usually the responsible minister) and the department. The nature, timing and method of information flows need to be defined. A clear view is needed about what must be referred to owners (minister) for consideration or information: • Business plan (including financial plans) – define nature, scope and location of business (termed Statement of Priorities in the VP Reform Governance Panel report) • Strategy, policy and performance monitoring information • Regular assessment of relevant risks and proposals with potential to impact on the risk profile of the organisation • Investment/divestment considerations • Information about the public profile. Business structures A clear view is required of: • purpose of business structure – nature and scope • expectations of stakeholders • determination of powers/delegations – must be done in the context of the governing legislation • information flows. Structures reinforce the organisation’s interests, values and accountabilities. Failure of effective governance puts the business at risk. Boards “Governing board members are accountable for their conduct and the strategic direction and performance of the agency as well as the agency’s compliance with other requirements.” (WA Public Service guide) They must have a full understanding of the organisation, the environment in which it operates and the issues it faces. (Refer to AICD Checklist for guidance on what prospective directors ought to do before accepting appointment to a board body.) Changing delivery arrangements There is no doubt that the development of alternative service delivery models in the public service will continue out into the future just as it has in the recent past. At times of such change clear and explicit consideration, decision and communication must be given to the impacts of these changes on maintaining effective governance arrangements. Whenever services are performed by other providers – whether they be on contract, through franchising arrangements or partnerships or joint ventures – the governance arrangements must be accorded priority. Boards Appointment and membership • Requisite skills, tidy and transparent appointment process, induction and review • Mixed board membership: Ø confuses accountability and roles Ø distorts information flows. • Should CEO be on the board? Obligations of being a public body • Board members to understand public sector legislation, conventions and practices and an awareness of the importance of following acceptable standards of conduct and behaviour • Identification and management of conflicting interests • Understand relationship with government. Explicit record of the relationship between the board, and responsible minister re shared understanding between the two about what the board is there to do • Clear lines of accountability and authority between board, CEO and responsible minister. Committees Advisory committees to: • Minister – ensure objective advice – perception of independence • CEO and board/councils. Any advisory committee structure (eg, economic development, audit etc) needs to be mandated explicitly with a clearly set out charter, powers, functions and duties. Management committee – what are they but a form of internal communication and method of achieving consensus? They must not undermine primary accountabilities. Audit committee • Established feature of corporate governance is having an effective audit and risk committee with an independent chair to oversee compliance and risk management • Members must have a knowledge of the business • Allows specific focus – including on risk management • Staff actions can put the organisation at risk. Minister of Finance Directions: • At least 2 members must be independent and appear as such in annual report • Must have a charter • Must be fully accountable to the responsible body • Accountable officer and CFO not to be members • Chair to be independent and can’t be chair of governing body unless exempted • Set out requisite skills • Set out functions, powers and responsibilities • Oversight of risk management framework • Issues: staff on the committee. Minister-board-management relationships I want to talk briefly about minister-board-management relationships as they require careful management. Role of the responsible minister Each minister is free to determine how best to undertake their responsibilities but core features should include: • regular communication • formal reporting arrangements by the board against agreed objectives. Role of advisors – just that, needs explicit understanding by all the parties about the role of advisors – best dealt with formally in writing. Ministerial directives – such directives should be transparent. Need to be explicit – affects accountabilities. Board/management relationships: The relationship between the board and management is critical to an organisation’s long-term success. However problems do arise when the different interests of the board and management are not defined. Some common problems: • interference by board members in operational matters • managers become hesitant to make decisions • managers delegate difficult decisions upward which lead to a risk averse or conservative culture • boards spend too much time on minor matters and thus overlook the major ones. Governing board relationships with responsible minister – see WA Better Practice Guide. Codes of conduct Minimum standards of corporate behaviour Cue is taken from the top – shared vision, collaboration/openness, ethical values and respect for different views. Examples: • compliance with law • treatment of employees – fair and reasonably • unbiased tendering and purchasing • control over sensitive expenditures – e.g. travel, hospitality, sponsorship • management of potential or actual conflicts of interest • use of transparent/open processes to distribute funds • provision of public access to information about the organisation and its operations. Conflict of interest Conflict of interest takes many forms and is worthy of a separate discussion on its own merits. Examples of conflict of interest e.g. ENRON, HIH Insurance. “ENRON board’s worst failure, governance experts say, was to overlook the dual role of the Company’s CFO who reaped $30m by simultaneously running limited partnerships that did business with ENRON. Should have been a red flag to the board. Having your CFO on both sides of a transaction reflected badly on the judgment of management.” A person can’t serve two masters! There should be explicit guidelines about what constitutes a conflict of interest and what to do about it whenever the possibility occurs or might occur. A register of conflicts of interest should be maintained for all board members. We don’t allow consulting by our audit contractors – I am prohibited from other work. The risk (real or perceived) is too great. I don’t deny the difficulty. I recently attended a forum on the changing arrangements for auditing standards and the subject of independence was traversed – in the context of the HIH Royal Commission findings. I was intrigued to hear the speaker refer to the difficulty people have in grasping the notion of conflict of interest. That too is my experience. People may understand the notion as it applies to others (especially competitors) but just don’t see it when they are involved! Public servants on the board – conflict of roles; not the best of positions, observer status may be a better compromise. The common practice in the public sector arena of having a senior departmental official on the board of a statutory agency is one such issue, as is the practice of one’s CEO also being on the board. These practices work well when they work well, but when they don’t the tension that exists when the person seeks to fulfil the dual or multiple role rapidly comes to the surface. I believe we still have a way to go here in the Victorian public service to simplify these lines of responsibility and accountability. Nominee directors: • Nominee directors face conflict between their responsibilities to the entity and the board to which they were primarily appointed. Elected representatives are responsible for promoting community interests which may conflict with the commercial objectives of the commercial entity • Nominee directors should not be a substitute for formal monitoring arrangements between subsidiaries and the board • CEOs should not be put in a position of conflict between their roles as advisors to the board and their obligations as company directors. Performance monitoring  “Facts do not cease to exist because they are ignored.” Aldus Huxley Determine what should come to the board – content and frequency – governing bodies should be monitoring the big things. Track against agreed goals, money, tasks and risk management activities. Monitoring and reporting systems need to be timely for senior management and the governing body when things begin to divert from planned outcomes. This means coherent data collection and reporting systems that need to be coordinated, integrated and accurate. There is some evidence that some entities continue to struggle in this area post-amalgamation. In my experience, the lack of discipline about information requirements would rank as the single most common reason why difficulties develop and may frequently become terminal in organisations. The lack of complete information denies timely intervention to turn adverse circumstances around. May be an area for future audit attention. Monitoring of risks needs to be targeted Different types of risk in the public sector i.e. more than merely financial risk. For example political risk – community confidence, social risk, environmental risk and public safety risk. Monitoring arrangements for an entity needs to reflect an assessment of the risks and opportunities facing the business, with a view to protecting and promoting the owners’ interests. Our recent report on RISK Management in the public service – there has been some progress, but still a way to go – especially in internal awareness about what constitutes risk, and in reporting procedures. It is a best seller publication, but more about this later. When do you need to alert the minister about matters, which may materially affect the Crown’s interests? Compliance and accountability  Important to monitor compliance. Need proper reporting processes for surfacing non-compliance. Public Sector Management and Employment Act 1998 Sets out obligations of agency head – supported by a “Code of Conduct” published by the Commissioner for Public Employment. S13: Department Heads are responsible to Agency Minister or Ministers for the general conduct and the effective, efficient and economical management of the functions and activities of the Department. Financial Management Act 1994 S42 requires that there be an accountable officer for each department and public body. An accountable officer has certain obligations/responsibilities mainly related to financial management and maintenance of proper systems, compliance with directions issued by the Minister of Finance, and which includes reporting performance and preparing financial statements and a report on operations each year. New compliance framework requires a disciplined approach. It will apply to hospitals. Our auditors have been briefed on the requirements. I continue to be amazed at the number of those with governance responsibilities NOT familiarising themselves with the primary legislation of their organisation. Important to recognise trade offs between performance and compliance BUT don’t be risk averse. Public sector is under the public gaze, all the more reason to invest in explicit processes so that our talented people can seek innovative solutions. Disclosure of corporate governance practices: • In ex ante documents and ex post reports • APRA winners of good governance disclosures – Melbourne Health, CSR Ltd Research shows that in the corporate world openness and transparency in reporting is rewarded (market capitalisation). Yet corporates continue to fight it! Managing Risk Risk management today: • Improved understanding • Guidance and standards available e.g. CPA practice guides • Insurable risk is limited • Strategic risk management is more helpful/useful • Risk is developing and broadening Need for broader view: • Essential to see risk management holistically • Need rewards as well as threats • Total enterprise basis. 10 KPIs for best practice in risk management – see report. Where are the risks? • Different types of risk e.g. new policy • Need to protect the owner’s interests, therefore, need to inform the owners. Risk Management in public sector Audit phases: • Examination of risk management structures and processes at a state-sector level • Detailed risk management case studies: Ø Kangan Batman TAFE Ø State Trustees Ø Western Metropolitan Health Services Ø Water quality (DS&E, DHS, ESC, Water Authorities). Conclusions: Improved understanding of what risk is and how (who) to manage it • Complex environment – every one is different – see our case studies in March report • Guidance is available • Keep risk management on the radar • Strategies need to be responsive to change • Link risk management to strategic planning framework. Benefits of risk management • 70% adopt a formal approach • Roles that lead and manage strategic risk management 
• An organisation’s success increased about 50% where the audit committee was involved in a direct leadership role. Key prerequisites • Clear roles and responsibilities • Constructive relationships and accountabilities • Effective governing body • Effective monitoring • Effective communication • Good external reporting • Sound risk management practices. In bringing this presentation to a close, in my view, the prerequisites for effective governance are: • Establishing clear roles for each of the parties, and ensuring that all parties understand their own roles and those of the other parties • Constructive relationships and accountabilities based on those roles • An effective governing body • Effective monitoring arrangements which reflect the balance between the interests of parliament, executive oversight and the autonomy of the governing body and/or management • Effective communications • Good external reporting • Sound risk management practices. Organisations frequently fail when there is: • Lack of sound goals • Inadequate internal control and non-disclosure • Dominance of individuals • Deficiency of values and ethics • Absence of arm’s length approach to some transactions • Lack of action by other directors to scrutinize/challenge the financial information • Poor risk management and poor reporting to the board. Not to know is bad; not to wish to know is worse. (West African proverb) Good governance Fundamental to achieving effective, efficient and economical outcomes The purpose of my presentation to you this afternoon has been to provide my perspective on what constitutes good governance. Good governance has been the subject of much consideration and public debate in recent times. And for good reason. The community is entitled to be assured that practices in the public and private sectors are as they should be, in order to maintain confidence. Where confidence is eroded, governments must act to re-establish confidence in our institutions – hence the Sarbanes/Oxley legislation in the USA, CLERP 9 here in Australia and, of course, the recently released report of the reform panel on governance in the health sector. The public sector – as we are all too aware – is not immune from these winds of change and must collectively and individually re-examine its own practice to ensure that community trust is maintained. There is much more guidance available now: • PAEC Report on examination of corporate governance issues in Victoria – checklist • WA and Queensland public service guidance • ANAO better practice guide • New MOF directions effective 1/7/03 and the compliance framework • Victorian Auditor-Generals Report – March 2003 • John Uhrig’s review of corporate governance of Commonwealth statutory authorities and office holders. Much of the governance debate has been about the rules and principles BUT it’s not just about applying good governance principles, it’s also about the PRINCIPLED application of those principles. |
Overwhelmingly, greater corporate benefits arise.