Key Risk Areas of Audit Committee

Nik Mohd Hasyudeen Yusoff17 November 2016

Managing risks starts with the construct of

the whole board

RegulatorsShareholders Lenders

Stakeholders

Corporate governance Business governance

Internal control

Assurance

Strategy

People

Process

Finance

SustainableEnterprise

Board and management

Conscience Competence

Role and structure

Risk management

Customers

Compliance

Stewardship

Board sets tone and oversees management with division of

responsibilities based on the delegation made by the board

Culture

Business development

Business and Governance: A snapshot of the views from the boardroom

While audit committee has its own mandate, its effectiveness is

influenced by the overall effectiveness of governance

within the company

Board

Corporate Governance in practice: Setting up an effective board

Nomination and remuneration

committeeAudit

committee

Nomination and

successionRemunerati

onPerformanc

eEvaluation

Riskmanageme

ntInternalcontrol

Financialreporting

and audit

Purpose, values and

risk appetite

Strategy and

business models

Disclosure and

communication

Performance targets

and assessment

s

Conduct and

compliance

Human potential

development

Capital structure

and dividend

policy

Delegation, key policies

and procedures

Performance is driven by having the right balance of competent and conscientious members who lead and

make decisions based on quality information in compliance with robust process and having adequate

check and balance

Effectiveness of audit committee is interdependent

on the effectiveness of management in discharging its

responsibilities

Role in financial reporting

Role in financial reporting

Assess control

Engage auditors

Apply policyControl effectiveness

Prepare financial statementsFacilitate audit process

Set policy

Review financial statements

Audit Committee Management

Set the tone on financial reportingApproves financial statements based on the recommendations of audit committee

Clear division of responsibilitiesbased on delegation by the board

Board

Corporate Governance in practice: Getting Financial Reporting Right

Role in acquisition of business

Role in acquisition of business

Assess conflicts

Prepare business case

Identify source of finance

Ensure compliance with regulation

Assess risks

Review disclosure

Audit Committee

Management

Set the general policy on acquisitionApproves acquisition after considering and challenging recommendation of management

Board

Within strategy and risk appetite

Viability of financingBusiness case proven

Perform due diligence

Prepare disclosure

Corporate Governance in practice: Dealing with Business Acquisitions

The modus operandi of most fraud remains

the same

Company Third party 1

Money gets transferred back to into the director’s or management’s account

Director/Management

General MO of fraud: Merry Go Round

Third party 2

Third party 3

Induces

Enters into transactions with a third party controlled/friendlyto the director or management, normally cash is paid upfrontfor benefits which may be received way later in the future

Money gets transferred to series of other entities within or outside Malaysia

The regulator is responding using S

317A of CMSA - “causing wrongful loss”

S 317A of CMSA

• A director or an officer of a listed corporation or any of its related corporations shall not do or cause anyone to do anything with the intention of causing wrongful loss to the listed corporation or any of its related corporations irrespective of whether the conduct causes actual wrongful loss.

• A person who contravenes subsection (1) commits an offence and shall, on conviction, be punished with imprisonment for a term which shall not be less than two years but not exceeding ten years and be liable to a fine not exceeding ten million ringgit.

• A former ED and CEO was reprimanded and fined RM200,000 for remitting more than US$1 million (RM4.19 million) to foreign parties without the authorisation of the board. The monies were later used to purchase assets in the name of the director. Another former ED and CFO was reprimanded and fined RM150,000 for approving the vouchers for the remittances. The amount remitted was eventually refunded to the company.

• A former MD and three former EDs were charged for causing wrongful loss in the second case. The charges are related to payments totalling RM5.1 million purportedly for the development of various software for the company which were allegedly used for other purposes.

• A suit was filed by the SC against a deputy MD of a listed company. A sum of more than RM11 million non-refundable deposits were paid to several local representatives of 23 foreign companies for the exclusive rights to market and promote their products in Malaysia and Singapore. The amount was then allegedly paid by the local representatives into the deputy MD’s personal account. The SC had managed to obtain an injunction to restrain the deputy MD from dealing with the monies in the person’s bank accounts and is also seeking various orders, including for the amount to be restituted, the director concerned be barred from being a director of a listed company for five years and a civil penalty of RM1 million.

• Can read the article about the implications of causing wrongful loss: http://themalaysianreserve.com/new/story/implications-wrongful-loss-directors#overlay=node/164027/edit

Possible contributory factors

• Board members were part of the scheme

• Independent directors becoming dependent

• Inadequate understanding of the industry and business

• Inadequate due diligence done to assess the integrity of the counter-party

• Did not apply professional scepticism

• Decision required at the last minute

Responding to risks

• Adequate skills and competency around the table

• Adequate time and information provided

• Culture in the boardroom

• Sought expert advice

• Having an effective internal audit function, seek their assistance

• Having external auditors who understand the industry and able to challenge management decisions

• Don’t be shy to ask simple questions

• Ensure minute of meetings reflect the substance of discussions, rationale of decisions and dissenting views, if any

Concluding thoughts

• Audit committee functions within the overall construct of the governance structure of the company, right structure matters

• Adequate skills and competency around the table are important, not forgetting people with conscience

• The role play between board and management must be clearly defined, board has to also defines its risks appetite

• Internal control and its effectiveness must be in place and reviewed regularly

• Effective and independent internal and external audit functions support audit committees, provide them with the air cover and remunerate them appropriately

• For every transaction, ask “would I do this if this is my own company?”