G is for good governance

How do businesses identify potential governance weaknesses? What are the red flags?

There is no question that ESG considerations are towards – if not at – the top of the agenda for many organisations with conversations around corporate direction, culture and strategy all invariably involving ESG considerations.

And whilst each element of ESG requires diligent attention, there is no doubting the fundamental importance of good governance. Indeed, arguably, when considering recent corporate failures and scandals, weak governance was a common feature in each one.

At the heart of good governance is a desire to create the right corporate culture. Too often problems (either financial or non-financial) occur because organisations get the culture part of their business wrong. Typical red flags include:

  • One or two dominant executives who drive the strategy, with little challenge from non-executive directors and/or internal audit and/or external auditors.
  • Lack of technical experience on the board (e.g., a lack of risk and/or compliance expertise).
  • An unhealthy focus on profit, remuneration and targets, which drives particular behaviours.
  • A failure to put in place appropriate operational controls and procedures, which provide opportunities for individuals to expose weaknesses.
  • A failure to take whistleblowing seriously (e.g., seeking to establish the identity of an anonymous whistle-blower rather than investigating the concern identified).
  • A belief that particular behaviour/approach is necessary for the company to succeed (‘everything I did was for the benefit of the company’).
  • Weak compliance policies and procedures.
  • A defensive – sometimes aggressive – response to criticism (e.g., in the Wirecard scandal, the company spent significant sums on attempting to discredit reporters who were trying to expose the fraud that had taken place).
  • A failure to respond in the right way to poor behaviour (e.g., overlooking poor behaviour because of financial considerations). A failure to question the foundations of success.
  • A failure to investigate issues in the supply chain (e.g., third party suppliers being implicated in practices that amount to modern slavery).

At the heart of good governance is a desire to create the right corporate culture.

Effective governance

Effective governance can take many forms and there is no ‘one size fits all’ approach. What might, for example, be appropriate for a large multi-national company may be wholly inappropriate for a small to medium size business.

There are various sources of information that organisations can consider when assessing governance arrangements – such as the UK Corporate Governance Code and the Wates Corporate Governance Principles. The starting point, however, is the identification of potential risks that a business might face and the proportionate steps that can be taken to mitigate those risks.

We set out below a non-exhaustive checklist of the issues that businesses may wish to consider when determining whether governance structures are appropriate and effective:

Governance checklist

1. The board / governing body – roles and responsibilities:

  • Is the Board comprised of individuals with the necessary skills and expertise to fulfil its function?
  • Is the Board sufficiently diverse and does it promote diversity and inclusion?
  • Do senior managers set the correct tone from the top?
  • Do all board members / senior executives understand their legal and regulatory duties?
  • Do non-executive directors provide constructive challenge to the executive?
  • Is the board provided with management information which enables it to understand the key issues within the business?
  • Does the board / governing body fully understand the business model, the products and services sold?
  • Does the board consider ESG issues when making business decisions?
  • Is there a conflict of interest policy?
  • Is there a head of risk on the board? If not, how are risk and compliance issues reported to the board?
  • Does the board understand the operational, risk and compliance challenges in the business?
  • Does the board set the risk appetite for the business? If not, who determines the risk appetite?
  • Does the board receive and sign off business risk assessments?
  • Do board members receive regular training?

2. Committees – roles and responsibilities:

  • Are there board committees (e.g., audit committee, risk and compliance committee, remuneration committee, nomination committee)?
  • If so, are the terms of reference for each committee clear and aligned with the culture and business strategy of the business?

3. Risk and internal controls:

  • Does the business have a compliance programme? Or a clear compliance framework?
  • Does the organisation have a business-wide risk assessment?
  • Is there a risk register? If so, is it kept up to date?
  • Is there a code of conduct / ethics?
  • Are there anti-bribery and corruption policies and procedures?
  • Are there whistle-blowing procedures?
  • Does the business operate a three lines of defence model? If not, does the business have an effective framework comprising internal controls and oversight?
  • Does the business have an internal audit function?
  • Does the business have effective financial controls? And if so, are those controls independently tested and verified?
  • Do remuneration policies support the right behaviours?
  • To what extent does the business undertake monitoring of its risk and compliance policies and procedures?
  • Are compliance breaches fully investigated?
  • Does the business have crisis management plans?
  • Does the business undertake due diligence on third parties (e.g., parties in the supply chain, joint venture partners or contractors)?

4. Training / awareness:

  • Is training – induction and ongoing – provided to all levels within the business (including board members) to effectively communicate the culture, approach to risk and the compliance procedures?
  • Does the firm seek to test staff awareness?

5. Human resources:

  • Does the organisation undertake screening on new recruits, temporary or agency staff?
  • Does the organisation have a clear process for handling behaviour that falls below expected standard?

Taking it seriously

In considering ESG, the focus of the debate – perhaps not surprisingly  – tends to be on E and S. The importance of G, however, cannot be overstated. Good governance is, of course, not a guarantee that problems will not arise. It will, however, mitigate the risks identified and is likely to provide a degree of confidence to investors and key stakeholders that the business takes good governance seriously.

 

Author

Daren Allen, Partner - Shoosmiths

 

Read the next article in the ESG series

Disclaimer

This information is for general information purposes only and does not constitute legal advice. It is recommended that specific professional advice is sought before acting on any of the information given. Please contact us for specific advice on your circumstances. © Shoosmiths LLP 2024.

 


Insights

Read other articles from issue three or you can explore the full report here.