The directors/members or trustees Responsibilities and Approval statement in most audited financial statements is phrased as follows:
“The trustees/directors/members acknowledge that they are ultimately responsible for the system of internal financial control established by the board/body corporate and place considerable importance on maintaining a strong control environment. To enable the directors/trustees/members to meet these responsibilities, the board/body corporate sets standards for internal control aimed at reducing the risk of error or loss in a cost effective manner. The standards include the proper delegation of responsibilities within a clearly defined framework, effective accounting procedures and adequate segregation of duties to ensure an acceptable level of risk. These controls are monitored throughout the business/body corporate and all employees are required to maintain the highest ethical standards in ensuring the body corporate’s /company’s business is conducted in a manner that in all reasonable circumstances is above reproach. The focus of risk management in the body corporate/board is on identifying, assessing, managing and monitoring all known forms of risk across the business/body corporate. While operating risk cannot be fully eliminated, the body corporate/board endeavours to minimise it by ensuring that appropriate infrastructure, controls, systems and ethical behaviour are applied and managed within predetermined procedures and constraints.”
It is likely that your auditors said that if you don’t/can’t sign the statement, they cannot finalise your accounts. But did you understand the obligations and full implications of what you signed?
These statements place fairly onerous responsibilities on trustees/office bearers or directors in respect of governance and risk management. Sadly in many cases despite these statements of good intent, they are overlooked, no risk management processes are implemented, governance is lacking and the risk dimension is just not taken seriously at all. In addition to placing the business unnecessarily at risk of loss or failure, by not pro-actively managing risk, employees, funders, suppliers, creditors and other stakeholders are also placed at risk.
Poor governance issues may include matters such as the owner’s greed, obscene levels of director’s remuneration in relation to workers’ pay, poor leadership, low business morality, unethical or irregular business or leadership practices, conflicts of interest, weak control processes, violating legal and policy frameworks, criminality, non compliance with rules and regulations, environmental degradation, personal conflicts, collusion, nepotism and corruption.
If an SMME business is required to make its accounts available to international parties such as banks, credit agencies, international suppliers, donors or potential buyers, it may well be in its interests to publish its accounts conforming to International Financial Reporting Standards (IFRS) applicable for SMME’s. IFRS standards for Small and Medium-sized Entities focus on aspects such as compliance with the relevant ethical requirements, including principles of integrity, objectivity, professional competence and due care. All decision making in a business should be taken with intellectual honesty around responsibility, accountability, transparency, openness and fairness to all.
The new Companies Act, Consumer Protection Act and Personal Protection of Information Act have further increased the fiduciary responsibility and onus on directors and management. The changes to the Companies Act not only aligned the Act with international best practice, but were necessary to not only improve a company’s corporate governance and efficiency, but now also include a number of protection mechanisms to safeguard the interests of the company, shareholders, employees and its stakeholders. In terms of the Companies Act it is illegal for a company to protect its directors or management if they are sued. D&O Liability Insurance provides financial protection for the Directors and Officers of a company in the event they are faced with a legal suit pertaining to the failure to perform duties as they relate to the company. Professional indemnity (PI) insurance covers the insured’s liability arising out of its business activities or professional advice and covers pure financial losses arising out of this.
A company is now legally compelled to regulate its internal affairs and procedures through its Memorandum of Incorporation (‘MOI’). The MOI provides a practical tool to guide the actions and behaviour of a company’s directors, board committees and prescribed officers. There are a number of compulsory matters that must be contained in a company's MOI. The Act’s so-called alterable provisions (i.e. provisions which can be adapted and modified by the company in its MOI) cover issues such as corporate governance, delegated power of authority and the separation of duty and limitations on the board's powers that it has under the Companies Act. The MOI of many companies may currently lack the required detail for its company officers to clearly understand their boundaries of authority, respective mandates and expected behaviour.
The Companies Act has singled out the issue of acting without authority as a particular concern. Specific statutory personal liability is created in respect of directors and other officers for knowingly acting without authority. In terms of the Act, knowingly means not only actual subjective knowledge but also captures those situations where the director ought to have reasonably known of his/her lack of authority. Directors are now personally liable for third-party losses as a result of the directors breaching the Act. Should the directors of a company see that it may be unable to repay its debts, it should apply for business rescue. If it continues to trade under insolvent conditions this may be construed as reckless trading under section 22 of the Act. This may complicates legal matters, as reckless trading may be seen as fraud. Directors must also think twice about taking loans and acquiring additional credit, because should the company not be able to pay these amounts back, creditors may try to recoup their loss directly from the directors. An important consideration is that if the courts rule that the directors traded recklessly, with gross negligence with intent to defraud any party, their Directors and Officers policy will only pick up the legal defence costs, as fraud is excluded from most D&O policies.
The introduction of POPI is a pivotal piece of legislation that directors need to consider and act on, as personal information has to be secure and treated confidentially. Directors need to approve the information security strategy and empower management to implement the strategy so as to secure any information entrusted to the organisation. Should a company suffer a cyber-attack which results in a loss of data, network downtime, misuse of hacked data and reputational damage, the directors could find themselves personally liable by stakeholders.
The Companies Act also places a heavy emphasis on anti-corruption measures. Included in these measures is a requirement for government bodies, listed and large unlisted companies to measure progress with regard to sticking to the OECD guidelines on reducing corruption.
A company can now be held liable for corruption if an outside supplier commits acts of bribery and corruption while acting on its behalf, even if the business proprietor has no knowledge that such activities are taking place. It’s essential therefore that all suppliers are brought up to speed with any and all anti-corruption steps a business takes, and that the company does not tolerate any form of bribery, collusion and corruption when a supplier acts on its behalf. A business that is complicit with or that has not exercised due care in respect of individuals associated with a contract or employees of a creditor who might request or be attempting to get the business to deviate payments due into other bank accounts, are themselves as guilty of corruption. It is also easy for a business to wittingly or unwittingly find itself colluding in money-laundering activities.
Business owners should also familiarise themselves with their suppliers’ own anti-corruption measures, and use only those suppliers who practice good governance in this regard. The declaration and disclosure of personal financial interests is also required of directors.
Listed and public companies inherently have three governance layers in the form of shareholders, then boards of directors and lastly the operational management. A small business needs to replicate these as best possible. Unlike public and government entities, private companies can voluntarily elect to have to have an audit committee comprising non-executive directors or independent parties not involved or employed in the company. Accountability and transparency is imposed on companies and objective judgement is required of directors. In terms of S218, the liability of directors extends to any other person for any loss or damage suffered by that person as a result of the contravention.
It is essential to stand back and get a bird’s eye view of your business from time to time. It is important that a business is assisted in this regard wherever possible by external parties or governance processes that can be used as bouncing boards or provide guidance. Risk management is an integral part of good governance. Assistance can take the form of mentors or part time specialists who spend time in your business focusing on governance, risk and oversight related aspects. This could also be provided by external directors, auditors or formally constituted audit and risk committees in tandem with accepted risk management and control processes such as those provided by DottRisk.