concepts and practices relating to corporate governance and risk management in actual. The emphasis will be on auditing the extent to which the organisation abides by its stated governance and risk management commitments, and determining whether the alignment of the commitments and practices are optimal.
Unformatted Attachment Preview
BUSN603 CORPORATE GOVERNANCE AND RISK MANAGEMENT
GOVERNANCE AND RISK MANAGEMENT AUDIT EXERCISE
Introduction and assessment task
Actions are dictated by values. Identifying organisational values – both proclaimed and
actual – will assist an organisation to ensure that most, if not all, its actions are
commensurate with these values, and enable it to put in place a robust structure to support
the â??operationalisationâ?? of its values.
Many governance and risk management problems for multinationals and companies trading
far from their home base, for example, arise because of differing value systems. A
governance and risk management audit helps an organisation to establish clear guidelines
about the limits of acceptable behaviour which are consistent world-wide, while recognising
where appropriate local social differences. In other words, a governance and risk
management audit articulates the core values of an organisation, and assesses the
consistency of their internal and external application: internal with respect to what the
company or organisation says about itself in its various documents, such as statements
about mission and conduct; external with respect to how they act in their host societies and
A governance and risk management audit always begins internally, with a review of â??paperâ??,
â??processesâ?? and â??people.â?? The findings of the audit are then tested out with stakeholder
groups, to ensure that the values base is one which is shared by, or at the least acceptable
to, key stakeholders. The results provide important management information, and can (and
ideally should) be used to report on the organisationâ??s social and/or governance
performance, either as part of the Annual Report or as a supplementary report.
In this assessment, you are asked to conduct a governance and risk management audit of
an organisation with which you have had some association. It could be a large company, a
family business, a school, a hospital, a not-for-profit organisation. It could be any
organisation that provides a service or conducts any form of social activity that involves:
In this assessment, you are asked to conduct a values and risk audit of an organisation with which
you have had some association. It could be a large company, a family business, a school, a
hospital, a not-for-profit organisation. It could be any organisation that provides a service or
conducts any form of social activity that involves:
1. Some form of statement about what it does and its commitments. This could be a company
or organisational mission statement; or marketing material; or any document in which the
organisation defines its commitment to abiding by the law, or certain moral codes, or
specific cultural or communal commitments. In other words, anything that articulates what
the company/organisation stands for with respect to governance and social responsibility. It
might be as generic as saying, as Google does, â??do no evilâ?, or as specific as BHP Billitonâ??s
commitment to observing best practice in land remediation of spent mines;
2. Some level of financial management and accountability. This can be at a very high level for
a large company, or very modest in a small family business. Either way, there has to be
some level of financial or resource accountability, and some level of responsibility for what
the organisation does in the conduct of its activities;
Page 1 of 7
3. A recognised set of risks to the organisationâ??s well-being, or to the interest of its
stakeholders, that are articulated in some way, whether in the form of an organisational risk
management strategy, or some other less formal method of assessing and addressing
organisational and/or stakeholder risks.
4. A defined set of services or products. That is, the organisationâ??s outputs â?? what it offers its
client or customers;
5. A customer or client base. There must be some customer or client base for the audit to
make sense, and this needs to be identified, namely, who the organisations serves or
6. Some level of management structure or identifiable managerial accountabilities
responsible for organisational governance and risk assessment and management.
For our purposes, an anarchic group of people just doing things for the sake of it to
help others, or themselves, but with no formal structure, is not a suitable subject for
this exercise. There must be some specific roles and accountabilities, even if poorly
What you are asked to do is to conduct a mini-audit of the organisation that describes the above
elements, analyses how well and appropriately the organisation manages its stated governance
and risk management commitments, and provide a set of recommendations on how the
organisation may enhance its governance and risk management performance.
First read the below to give you a better idea of the big picture, so to speak. Note:
you are NOT expected to conduct a full governance and risk management audit with
detailed interviews and in-depth analyses of organisational documents.
What you are asked to do is a â??mini-auditâ?? in which you select an organisation and:
1. Give an overview of the organisation â?? what it does and how it promotes itself
to its shareholder (where relevant) and stakeholders, through official
documents, policies, procedures, and advertising. Provide evidence in the form
of attachments, but only important documents, or selections that make your
point. Donâ??t go overboard with attachments and evidence; just enough to make
your point, and no more.
2. Clearly state the â??advertisedâ?? values of the organisation â?? what it says it stands
for. Where these are unclear, try to tease them out.
3. Describe the processes the organisation has in place that promote, monitor, review,
action its value commitments. Again, you canâ??t do everything, so be selective. In
your general overview of the organisationâ??s value commitments, you can state that
the organisation is committed to x, y and z, but focus only on z, for example. In other
words, donâ??t be too ambitious. You donâ??t have much time to complete what could be
quite a detailed exercise. So focus on something that is representative of the
companyâ??s values commitment (or otherwise!).
4. Review the history of the organisation over the recent past, say, 5 years. You donâ??t
have to be rigid about this. If 10 years is a more appropriate frame of reference, then
thatâ??s fine. What you are looking for here is the extent to which the company has
been true to its commitments. What evidence can you find one way or another?
Remember, corporate governance and/or CSR undertakings are major value
commitments of an organisation, and are absolutely central to this assessment.
5. If possible, interview a few key stakeholders for their views. This is not always
Page 2 of 7
possible, but may be very relevant in some circumstances. This is up to you. You do
NOT have to interview anyone. But if you can, and if it is relevant, then this would be
a good way to get more data on the organisationâ??s fulfilment or otherwise of its value
6. Draw some conclusions about the companyâ??s integrity (more on this below). In
other words, discuss what you have found. No need to be definite or definitive,
since this is only a mini-audit. But it can be indicative, and serve as the preliminary
study for a much deeper investigation. In other words, this is â??audit liteâ??, so to speak,
in which you do a fairly quick and succinct review of an organisation to see if there
is anything that would lead you to look more deeply.
7. You need to be specific about the things you find that indicate organisational
integrity, and those that indicate organisational hypocrisy. You are not asked to
solve the problems you find, but once you have identified key issues, discuss
them in light of the key issues covered in the unit.
8. You do not have to provide heavy academic referencing, but where possible, draw
on examples from the readings and unit guide, and any other sources that you
believe to be relevant. Again, no need to go overboard. Just cite those sources
and references that you have actually used; not a long list for the sake of
impressing the marker â?? the opposite will be the case. You will get good marks for
authenticity and sound analysis.
It is important to note that a full-blown governance and risk management audit is a
comprehensive and integral approach: integral, because it combines different approaches
with different methodologies, and comprehensive, because it takes the entire organisation
(including its environment) into consideration with all the different perspectives that prevail in
different functional areas. The latter especially finds expression in the values assessment
process. The fact that values and policies are discussed ensures that they are looked at
from different angles, taking various fields of interest into consideration. In a full-blown audit,
it is particularly critical that values are checked for economic viability as well, to balance
social and values aspirations, because governance and risk management policies which are
not based upon solid business economic grounds will not endure very long. In a full- blown,
large scale audit, it is essential that the social mission and the economic mission of a
company go hand in hand.
However, remember, you will not be undertaking a full-blown, comprehensive audit.
There is no specific template for the audit, because we wish to see what you come up
with as an appropriate format for the sort of organisation you are auditing.
1. Governance and risk management Audit
The reasons for examining the state of an organisationâ??s values are many and various.
They include external social pressures, risk management, stakeholder obligations, and
identifying a baseline to measure future improvements. In some cases, organisations are
driven to it by a gross failure in ethics, which may have resulted in costly legal action or
stricter government regulation. More often, however, organisations simply want to know if
they are doing the right thing with respect to their governance commitments, the law,
their shareholders and their stakeholders.
Governance and risk management auditing is a process which assesses the internal and
external consistency of an organisation’s values base. The key aspect is that it is valuePage 3 of 7
linked, and that it incorporates a stakeholder approach. Its objectives are two-fold: it is
intended for accountability and transparency towards stakeholders and it is intended for
internal control, to meet the governance objectives of the organisation.
The point of such an audit is that it enables an organisation to see itself through a variety of
lenses: it captures the organisation’s values profile. Companies recognise the importance of
their financial profile for their investors, of their service profile for their customers, and of
their profile as an employer for their current and potential employees. A values profile brings
together all of the factors which affect an organisation’s reputation, by examining the way in
which it does business. By taking a picture of the value system at a given point in time, it
clarify the actual values according to which the organisation operates;
provide a baseline by which to measure future improvement;
learn how to meet any social or governance expectations which are not currently
being met. Importantly, these are expectations that the organisation has set for
itself â?? not expectations set by others;
give stakeholders the opportunity to clarify their expectations of the organisation’s
behaviour. Importantly, it assists the organisation to better understand who its
actual stakeholders are;
identify specific problem areas within the organisation with respect to its stated
social and governance values;
learn about the issues which motivate employees and managers;
identify general areas of vulnerability, particularly related to lack of openness.
2. International business
You are not required to select an international or multinational orgnanisation, but if you do
select one, you need to be mindful of the following. Multinational companies face special
issues in relation to governance and risk management auditing. It is, though, precisely these
special issues which can make governance and risk management auditing so important to
multinationals. Executives of such companies are well aware of the added complications
which operating across a number of cultures brings. But problems tend to multiply when
differing value bases are permitted to take hold within different cultures. It may have
seemed acceptable for Shell to apply differing environmental standards to their drilling in
Ogoniland decades ago to those they applied in Europe or North America – but in an era of
acute global consciousness of the interdependence of the world ecosystem the same
standards are rightly expected in every continent.
One of the issues which most concerns multinationals is that of corruption: how to do
business in countries where backhanders are expected in the common course of events.
The United States has brought in legislation – the Foreign Corrupt Practices Act – which
forbids US companies to engage in this when dealing with the public sector in other
countries. Australian laws are also specific with respect to corruption. This, perhaps, more
than any other, is an area where executives might like to set themselves Warren Buffetâ??s
publicity test: how would I feel if my behaviour were headlined in my city’s local newspaper?
How would I feel if my family knew about it?
Working practices and human rights are other major areas of concern. Some companies
Page 4 of 7
make a principled withdrawal from countries where they could otherwise manufacture
profitably, because they are not prepared to work within that regime, as Levi Strauss did in
China. Some companies withdrew from South Africa because they would not cooperate with
apartheid; others believed that they could set an example and give opportunities to black
people they would not otherwise have had. Protest from outraged consumers may force
companies manufacturing in India or Thailand to sack the underage children they were
previously employing as machinists – but what if the 12 and 13 year old girls are then forced
into prostitution to survive?
Companies alone cannot right all the evils of society. Many of the decisions they have to
take have no ideally right or ideally good answer. What matters is that they should have a
clearly thought out framework of governance and risk management, and that these values
should be consistent wherever they operate. A multinational company must test its values
across all its areas of operation if it wants the findings of its governance and risk
management audit to be comprehensive and provide the greatest payback in terms of
identifying potential areas of vulnerability to consumer pressure.
3. Stakeholder power
Stakeholder power is increasingly being wielded to affect organisational behaviour.
Boycotts are called to protest against specific company actions: Nestle’s sales suffered
from the boycott protesting about their policy on selling baby milk in the third world, and
Shell were forced to change their plans for disposal of the Brent Spar oil platform when
German consumers stopped buying Shell petrol. A 1995 poll of 30,000 consumers in the
UK showed that one in three had boycotted stores or products in the previous because of
concerns about governance and risk management standards, and six in ten were prepared
to boycott in the future. Almost two in three of those surveyed were more concerned about
governance and risk management issues at the time of interview than they had been
Pressure groups are growing more professional and more vociferous. Where in the past
unethical or hypocritical behaviour by a company might have been kept quiet by skilled
public relations people, there is now greater likelihood that someone within a company will
alert the relevant pressure group (loyalty to employers being lessened, and concern for
the public good being greater) and that the pressure group will succeed in generating
significant publicity about the incident. One of the greatest benefits of the governance and
risk management audit is that it assists an organisation to scan its environment, to identify
the issues that are most likely to provoke action by pressure groups. It also gives the
organisation an opportunity to encourage such groups to participate in the decisionmaking process, or at the very least to inform them fully of the organisation’s position.
In the move to total quality, suppliers become key stakeholders. The quality of
components or raw materials used is crucial. Their timely delivery is crucial; their
reliability is crucial. The best suppliers want to develop long term relationships with
customers whom they can trust to deal fairly with them and to pay on time.
The picture which develops here is of an organisation/business at the centre of a network
of relationships – relationships with employees, with customers, with shareholders, with
society at large. Each organisation may have other groups of people whom it considers to
be key stakeholders. For example, a company with particular environmental concerns may
consider future generations to be key stakeholders; other companies may see their retired
employees as being important, while still others may have strong links with pressure
Page 5 of 7
groups and voluntary organisations.
Governance and risk management auditing enables organisations to better comprehend
these relationships. All relationships are based on values such as trust and an expectation
of fair dealing. Understanding these dynamics and finding out where expectations and
perceptions differ give an organisation a head start on maintaining strong and stable
In contrast to social auditing, which aims primarily at measuring the social impact of a
company on its environment, the governance and risk management audit from the outset is
value-linked. It measures the â??governance and risk management climateâ??, so to speak, of
an organisation by analysing the values on which organisational actions are based.
Essentially, it is a kind of integrity or, more cynically, a â??hypocrisyâ?? analysis â?? how faithful is
an organisation to its declared governance and/or CSR values?
A governance and risk management audit is organisation-centred. It is not an audit of the
values of individual managers or employees, although clearly individual values play an
enormous role in determining the values of an organisation and the extent to which it is true
to its values. In part these values are connected with public opinion on matters such as
respect, justice and responsibility and can, to some extent, be derived from the rights and
interests of stakeholders, but the bottom-line is that the organisation ought to adhere to its
publicly stated values.
4. Stakeholder perspective
The objectives of the governance and risk management audit are two-fold. On the one hand,
the audit is intended for accountability and transparency towards stakeholders; on the other
hand, the audit is intended for internal control in order to meet the governance and risk
management objectives of the organisation. One of the aims of the governance and risk
management audit is to give an organisation the opportunity to track progress through the
years and to find out where there is still some work to do with regard to its governance and
risk management objectives.
Accountability requires that stakeholders are provided with such information as they have a
right to. The right to information is determined by: (a) the social environment within which
the relationship between the organisation and the stakeholder is set (thus current l …
Purchase answer to see full
Why Work with Us
Top Quality and Well-Researched Papers
We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.
Professional and Experienced Academic Writers
We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.
Free Unlimited Revisions
If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.
Prompt Delivery and 100% Money-Back-Guarantee
All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.
Original & Confidential
We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.
24/7 Customer Support
Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.
No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.
Admission Essays & Business Writing Help
An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.
Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.
If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.