Governance requires ongoing development and focus to ensure the company, and those that run it, comply with their obligations. This presentation focuses on corporate governance, risk management, financial performance and accountability and provides some insights into best practice for organisations, including non-financial statutory reporting and internal audit functions.
Russell Kennedy and Pitcher Partners NFP Seminar - 12 July 2016
1. [Insert image
here to
match your
presentation –
contact Meg in
BD to obtain
images]
Governance
& Legal Risk
Management
12 July 2016
Michael Gorton AM
Principal
[
2. The information contained in this
presentation is intended as general
commentary and should not be regarded
as legal advice. Should you require
specific advice on the topics or areas
discussed please contact the presenter
directly.
Disclaimer
2
6. > Vision/Mission
> Strategy – Strategic Plan
> Review/monitor Business Plan
> Appoint and monitor CEO (and operations)
> Share Stakeholder Engagement
> Review and monitor Risk Framework and
Plan
Role of the Board
6
7. > Manage the business
> Accept delegations
> Responsible for staff
> Implement Strategic Plan and Business Plan
> Share Stakeholder Engagement
> Manage risks
> Report to the Board
Role of CEO (Management)
7
8. > Internal / External
> Short term / Long term
> Strategic / Micromanaging
What type of Board are you?
8
9. > Personal negligence
> Vicarious liability – authorised to act on behalf of
(agent)
> Indirect (vicarious liability)
> Employees
> Agents (some contractors may be “agents”)
> Agency
> Real authority
> Ostensible authority
> Authorised
> “Branded”
Liability
9
10. > Directors Liability
> Negligence/duty of care
> Exercise due care and diligence (“Business Test”) – in
good faith/for a proper purpose / informed / rationally
believe in the best interests of the company
> Cannot be inactive
> Must read, question, understand
> Cannot just rely on management/auditors/lawyers
(Centro)
Liability continued
10
11. > Directors Liability
> Responsible for statements/misstatements (James
Hardie)
> Shadow directors/officers (James Hardie)
> Not gain from improper use of position
> Not gain from improper use of information
> Conflict of interest
> Insolvent Trading
Liability continued
11
12. > Common Law
> Actual
> Perceived
> Declare/notice
> Do not vote if any direct or indirect benefit
> Corporations Act (s.191-194)
> Material personal interest
> Declare/notice
> Do not vote
> Must not be present while matter considered
Conflict of Interest
12
13. > Directors
> Corporate manslaughter and other crimes –
authorised, personal involvement
> O H & S
> Environmental law
> Insurance
> Public liability
> Professional indemnity
> D & O
(Ensure coverage for all people and all risks)
Liability continued
13
14. > Levels of delegation
> Systems of Accountability and Reporting Regimes
> Risk Register/Risk Management Framework
> Policies
> Quality of care and service
> Safety (including emergency)
> Legal risks
> Education and Training
> Notice Requirements/Compliance Checklist/ Sign-off
> Incident Monitoring/Complaint Handling
> Audit
Key Governance Issues
14
15. > Charter
> Role and responsibilities of Board
> Role and responsibilities of CEO
> Decision making process
> Setting “expectations”
> Decision making checklist
> Proposal clear?
> In the company’s interest
> Fit with strategic plan/business plan?
> Pros & cons considered
> Affect on legal/financial risk?
Governance
15
16. > Code of Conduct (behaviour/conflict/etc)
> Board Process
> Meetings
> Minutes/Papers/Reports
> Committees
> Time for strategy
> Link to compliance/risk management
Governance continued
16
17. > Avoiding Liability
> Good care and service
> Protocols, policies and procedures
> Risk Management systems
> Checklist and reporting
> COMMUNICATION!!
> Complaint handling procedures – timely, sensitive,
communicative
> NOTES AND RECORDS
> Insurance
Legal Risk
17
19. CONTACT
Michael W Gorton AM
Principal
Russell Kennedy Lawyers
Level 12, 469 LaTrobe Street, Melbourne
Tel: (03) 9609 1625
Email: mgorton@rk.com.au
Not For Profit
Legal Risk Management
19
20. Level 12, 469 La Trobe Street, Melbourne, VIC 3000 P: +61 3 9609 1555
Level 8, 28 University Avenue, Canberra, ACT 2601 P: +61 2 6171 9900
Liability limited by a scheme approved under Professional Standards Legislation
22. 22
10 Principles for Good Governance
We believe the following ten principles provide a useful starting
point for NFP boards when considering what constitutes good
governance in an organisation’s particular circumstances:
1. Roles and Responsibilities
2. Board Composition
3. Purpose and Strategy
4. Risk – Recognition and Management
5. Organisational performance
6. Board Effectiveness
7. Integrity and Accountability
8. Organisation Building
9. Culture and Ethics
10. Engagement
23. Risk – Recognition and Management
23
“By putting in place an appropriate system of risk oversight and internal
controls, boards can help increase the likelihood that their organisation will
deliver on its purpose.”
“Risk is another board
responsibility, no matter
how big or small the NFP.
Organisations should
establish a sound system of
determining risk appetite,
oversight, recognition,
management, treatment
and control.”
24. 24
Why is Risk Management Important?
Protect
assets
Protect
People
Cost
efficiency
Improve
planning
Reduced
exposure
Regulatory
compliance
And many
others…
Common benefits of risk management:
25. 25
Why is Risk Management Important?
We want
to think
about…
The future
(proactive
attitude)
Common
language
Creating opportunities
26. Building a Risk Register
26
In theory as this is a simple process. All that is needed is to
capture:
The risks;
Causes of risk;
Rating;
Controls;
Further actions; and
Treatments.
27. How to do it?
27
Employ a risk
manager?
Hold a workshop?
Engage the team?
28. OH&S
IT systems
Service
delivery
Economic
changes
Changes in
funding
Social
changes
Legal &
compliance
changes
OH&S
IT systems
Service
delivery
Economic
changes
Changes in
funding
Social
changes
Legal &
compliance
changes
OH&S
IT systems
Service
delivery
Economic
changes
Changes in
funding
Social
changes
Legal &
compliance
changes
How to do it – Start with your objectives
28
Don’t start in heavy detail
StrategicObjectives
Loss of Contracts
Loss of Key
Relationships
Market Place
Competition
Major Asset
Failure
OH&S
IT systems
Service
delivery
Economic
changes
Changes in
funding
Social
changes
Legal &
compliance
changes
Bring it up and look top down – Strategic risks
29. Gaining Comfort
29
Now that we have a risk register, how do we know it works
Payroll
Accounts
Payable
Accounts
Receivable
Human
Resources
Procurement
Donations OH&S
Accreditation &
Regulatory
compliance
Capital
Planning Privacy
Digital
engagement
NDIS &
Consumer
Directed Care
Community
Engagement Agency Staff
Volunteer
Recruitment
& Training
…… and many more.
30. Risk Assurance Mapping
30
What assurance
activities are in
place?
Comfort that
risks are being
managed as
required?
Prior Internal
Audits
Assurance &
Monitoring
Activities
External/Financial
Audit Coverage
Accreditation
Activities
Management
Monitoring Activities
Internal Quality
Program
Strategic Risks
Internal Audit Plan
Risk & Control Map
31. How Internal Audit can help
31
Structure, Support &
Training
Control Environment
Strong
Strong
Poor
Poor
Basic Developing Established Advanced Leading
Subjective Assessment of Process
Maturity
Overall Subjective Assessment
of Core Process Elements
Overall we have assessed that there
is a Medium risk exposure in relation
to payroll.
Basic Developing Established Advanced Leading
Subjective Assessment of Process
Maturity
Focus on compliance?
Focus on process effectiveness and efficiency?
32. Align internal audit activities with your
Risk Management Framework.
Recommendations rated against your
risk appetite
Internal Audit & Risk Integration
32
Process Risks
Fraud
Error
Medium
Process Impact
Committee
Monitoring
Associated Risks or
Opportunity (can be
one or multiple)
Impact that this
recommendation is
expected to have on
the relevant process
Suggested level of
monitoring of
implementation
33. Data Mining and Analysis
-
5
10
15
20
25
30
35
-
500
1,000
1,500
2,000
2,500
3,000
3,500
201107 201108 201109 201110 201111 201112 201201 201202 201203 201204 201205 201206
NumberofExceptions
Hours
Period
Unusually High Hours
Variation to Median Hours Worked
Number of Exceptions
0
50
100
150
200
250
Within 1st
Payment Cycle
Within 2nd
Payment Cycle
Within 3rd
Payment Cycle
Within 4th
Payment Cycle
Within 5th
Payment Cycle
Within 6th
Payment Cycle
After 6th Payment
Cycle
Termination Payments
Payment After Termination
Date
Number of Payments Percentage (%)
Net Payment
($)
Percentage
(%)
Within 1st Payment Cycle 235 55% 257,443 38%
Within 2nd Payment Cycle 159 37% 400,396 58%
Within 3rd Payment Cycle 14 3% 11,694 2%
Within 4th Payment Cycle 6 1% 2,342 0%
Within 5th Payment Cycle 1 0% 348 0%
Within 6th Payment Cycle 3 1% 1,998 0%
After 6th Payment Cycle 7 2% 10,736 2%
Total 425 100% 684,957 100%
Depth
Risk
Mitigation
Business
Insight
Data mining and analysis is a
powerful technique which greatly
increases the coverage of audit
focused activities and is used with
the following objectives in mind:
Highlight potential business
process risks;
Provide added insight into the
nature of activities undertaken
within the business process
and various trends; and
Assist in the detection of
inappropriate organisational
practices.
33
34. Wrap up
34
Started with risk management and covered
Being future focused
Creating a common language
Gaining comfort
How Internal Audit can help