IN many companies, there’s a conflict between operating management and the various corporate assurance functions.
The management often rails at regulators for imposing ever more rules to follow, reports to produce, standards to abide by.
“Compliance costs money and adds nothing to the bottom line, ” is a common complaint from the CFO.
In today’s economic climate, where business models are challenged and revenue streams are severely stressed, managing the bottom line is one of the few weapons left to limit damage.
Debt levels are difficult to manage if operating cash flows are insufficient even to service existing debts.
So how can outflows be limited?
Staff reductions are a blunt instrument, and can make eventual recovery a longer process.
At least in the interim period of the Covid-19 pandemic, the government offers some help.
What else can be tried?
Compliance is characterised as a luxury even when things are going well, but the board insists on the company being an example of corporate governance (CG) best practices.
However, the board is also worried about the struggle to generate a profit. So, why not suggest combining support functions?
After all, it doesn’t mean compromising standards; it’s simply a more efficient way of complying with regulations. The CEO’s presentation to the board will list the advantages:
> no more functional overlaps or duplications
> multi-functional staff
> overall costs contained and considerably reduced
> clearer, more straightforward reporting lines and
> consistent and better quality reporting to the board
What does a “combined CG assurance office” look like? This is management bliss.
All under one roof, the unit can cover:
> internal audit
> compliance/governance (including legal and company secretary)
> ethics and integrity
> health and safety
> regulatory compliance and
The head of the combined CG assurance office will be one of the most senior executives, and report directly to the board (with a dotted line, of course, to the CEO).
This executive will have KPIs, and be assessed annually in line with normal management processes.
Eventually, when better times return, there will be a chance for top-end employee benefits.
The argument from a management perspective is compelling. From a board perspective it is less so.
The new structure consolidates into a single channel almost all independent reporting functions. That means the executive controls what the board sees and hears, not the board.
Transparency of issues is diluted and lost in many cases.
The ability of the board to learn from hearing different answers to the same questions, asked of a variety of direct reports, disappears.
Consolidating matters into one pair of hands is a considerable risk. If the executive were to become corrupted, it could corrupt the entire structure and all its functions.
A reduction in non-compliance reports may well be presented as evidence of success in embedding an ethical corporate culture.
In reality, it could be the non-reporting of issues to meet KPI targets, or collusion with management to avoid reporting misdeeds (or suspected misdeeds) of management peers.
To ordinary staff, the combined CG assurance office will be perceived as a barrier to openness and transparency. Certainly, a confidential whistle blower channel which funnels upward to a senior executive would not be trusted. The “see something, say something” guidance in a corporate code of conduct will seem nothing more than a “Tone from the Top” soundbite.
The proper working of the process rests on the ability to channel concerns to a senior independent director, without the possibility of management intervention.
Silence is the likely result, and silence will mean all is not well.
Embarrassing revelations and reputation damage will become more likely.
Internal audit will be another challenge. If direct reporting to the audit committee is filtered through a combined CG assurance office, it will not meet the Institute of Internal Auditors standards.
The natural management instinct is to address issues before they become problems, and report success to the board only in significant cases.
In some cases it is to conceal.
The board wants to know all the process and control issues, large and small, to identify patterns and the possibility of larger concerns and to be able to question management on its plan to deal with issues.
That benefit is potentially lost without an independent internal audit function, especially if information is filtered, sanitised and synchronised to express only the management view.
Governance, the province of the company secretary and legal department, is the key to the boardroom. The custodian of that key has to be independent of management; the integrity of the board’s private deliberations depends on that.
Does this mean the advantages of combined CG assurance are not achievable if independent direct reporting by some functions is retained?
The answer lies not in the independence of the functions, but in the common skill sets required in some of the functions.
For instance, investigation skills cultivated in the internal audit function do not need to be used exclusively within internal audit. Independence is linked to the issue being raised by the reporting function, not the skill.
It does make sense that such skills should be available across various functions, with the benefit of reducing duplication and lowering cost. The board’s oversight role is compromised and can be challenged if independent reporting of key functions is consolidated within a single management office, no matter the grand label attached.
However, if independent functional reporting remains in place wherever the Board determines it is necessary, then a form of combined CG assurance office is possible, based on administration and delivery of shared skills.
Ideally, the senior independent director and the audit committee chair should lead a dialogue with management.
The reporting lines they agree should meet the board’s requirements of independence and the integrity of the data it receives.
The “new normal” needs thinking through.
David Berry is the managing director of Fidelius Sdn Bhd and the deputy president of the Malaysian Institute of Corporate Governance. The views expressed here are his own.
Did you find this article insightful?