Home
A Primer on the Nuts and Bolts of Effective Corporate Governance and Oversight: Part One

A Primer on the Nuts and Bolts of Effective Corporate Governance and Oversight: Part One

by Bruce Ortwine

A hot topic of today is effective corporate governance and oversight. The importance of effective corporate governance and oversight is indisputable, both to promote the best attributes of an organization as a good “corporate citizen,” as well as to protect the organization in the event that something goes wrong.

But what exactly are the specifics of “corporate governance and oversight?”  How can companies ensure that both the board of directors and senior management exercise effective corporate governance and oversight over their organization and its employees? This is an attempt to provide some of the required specifics. This Part One will focus on the requirements of both corporate boards of directors (references to “board of directors” include the comparable governing body of another type of legal entity) and senior management, but also of all employees within the organization.  Part Two, discussed in a separate entry, will focus on the independent legal, regulatory compliance, risk management and internal audit functions within the overall corporate governance and oversight framework.

Section I: Board of Director Oversight and Governance:

Effective governance and oversight by an organization’s board of directors include the responsibility to provide the following:

  1. Setting a strong culture of for establishing and sustaining an effective regulatory compliance and risk management framework (together, the “Organizational Framework”) within the organization as a whole;
  2. Having an appropriate understanding of U.S. regulatory compliance and risk management requirements that the organization faces (as well as the requirements of other jurisdictions in which the organization conducts its activities);
  3. Establishing clear policies for effective regulatory compliance and risk management practices and ensuring adherence to these policies;
  4. Having an appropriate knowledge of the documents that articulate the organization’s Organizational Framework, including the organization’s written Code of Conduct and Ethics;
  5. Ensuring that its expectations concerning compliance with applicable regulatory compliance and risk management requirements are properly communicated to the organization’s employees, including through appropriate and ongoing training;
  6. Ensuring that the organization’s senior management is capable, qualified and properly motivated to manage the organization’s Organizational Framework in a manner that is consistent with the board’s expectations;
  7. Overseeing the organization’s senior management’s formulation and implementation of the Organizational Framework;
  8. Ensuring that the organization’s senior management has established appropriate incentives to integrate the board of director’s regulatory compliance and risk management objectives into its overall management goals and compensation structure for employees, and that appropriate disciplinary actions and other measures are taken when regulatory compliance or risk management  failures are identified;
  9. Ensuring that the legal, regulatory compliance, risk management and internal audit functions have an appropriately prominent status within the organization;
  10. Reviewing relevant reports of and issues identified by the legal, regulatory compliance, risk management and internal audit functions concerning the Organizational Framework as measurements of its overall effectiveness and overseeing the appropriate and timely resolution of those identified issues;
  11. Appropriately delegating authority and overseeing the establishment and implementation of effective policies for the proper segregation of duties and to avoid or manage actual or potential conflicts of interest;
  12. Receiving and reviewing appropriate reporting and informational flows from within the organization to ensure both a thorough understanding of regulatory compliance and risk management-related issues and effective governance and oversight;
  13. At least annually, assessing the extent to which the organization is managing effectively its Organizational Framework; and
  14. Approving annually the organization’s Organizational Framework.

Section II: Senior Management Oversight and Governance:

Effective oversight and governance by senior management within an organization include the responsibility to provide the following:

  1. Setting the “proper tone” relating to the organization’s Organizational Framework through communicating and reinforcing the overall regulatory compliance and risk management culture that is established by the organization’s board of directors;
  2. Establishing effective oversight, including through overseeing the implementation of measures to promote the overall culture within the organization, and overseeing the implementation, adherence and enforcement of controls and standards in the Organizational Framework to reinforce the principle that the organization must conduct its activities in accordance with applicable regulatory compliance and risk management-related rules and standards, and to encourage employees to conduct their activities with both the letter and the spirit of applicable regulatory compliance and risk management-related rules and standards, as set forth in the organization’s Code of Conduct and Ethics;
  3. Having sufficient information to be able to understand and manage the regulatory compliance and risk management-related requirements that the organization faces;
  4. Providing appropriate leadership, expertise, managerial effectiveness and support to the organization’s regulatory compliance and risk management functions;
  5. Appropriately delegating authority through the selection of qualified staff comprising the organization’s regulatory compliance and risk management functions;
  6. Ensuring the independence, authority, credibility, adequacy of resources and reporting lines of the regulatory compliance and risk management functions;
  7. Approving significant regulatory compliance and risk management-related strategies and controls;
  8. Ensuring adequate reporting and informational flows to the organization’s board of directors so that the board maintains a thorough understanding of the risks and controls environment within the organization;
  9. Ensuring the timely resolution of issues identified by legal, regulatory compliance, risk management and internal audit; and
  10. Assessing the effectiveness of established governance and control mechanisms on an ongoing basis, including the processes for reporting and escalating areas of concerns and implementation of prompt corrective actions, as necessary.

Section III: Responsibilities of All Employees:

All employees of an organization have, at a minimum, the following three responsibilities in fulfillment of an effective Organizational Framework:

  1. Understanding and adhering to the organization’s Code of Conduct and Ethics;
  2. Monitoring, identifying and reporting regulatory compliance and risk management-related issues to the appropriate regulatory compliance or risk management functions; and
  3. Attending all regulatory compliance and risk management-related seminars, taking and passing all related tests and signing periodic acknowledgements through which employees acknowledge their regulatory compliance and risk management-related responsibilities, including those discussed in items 1 and 2 above.

Section IV: Other Critical Functions

Of course, other functions within an organization also play critical roles in fulfilling an effective Organizational Framework. These include the legal, regulatory compliance, risk management and internal audit functions. All of these functions need to be viewed as independent from the organization’s management and free from any potential managerial interference or conflicts. The specific importance of each of these independent functions will be examined in Part Two of this paper.

In conclusion, effective corporate governance and oversight cannot be viewed in merely general or aspirational themes. Rather, they require specific undertakings and responsibilities from both the organization’s board of directors and senior management, as well as from its employees. A combined and cooperative undertaking by all parties concerned is required to effectuate the “effective” component of an overall corporate governance and oversight structure.