King IV Code: Risk Governance

Questions and Answers

According to King IV, how should the governing body approach risk?

• By focusing solely on minimizing potential negative impacts of risk.
• By delegating all risk management responsibilities to external consultants.
• By avoiding all risks to ensure stability.
• By governing risk in a way that supports the organization in setting and achieving its strategic objectives. (correct)

In the context of technology and information governance according to King IV, what is the role of the governing body?

• To manage the day-to-day operations of the IT department.
• To focus primarily on the technical aspects of information systems.
• To delegate all technology decisions to the IT department without oversight.
• To govern technology and information in a way that supports the organization in setting and achieving its strategic objectives. (correct)

What is the primary focus of Principle 13 regarding compliance governance under King IV?

• Ensuring the organization adheres to all applicable laws and ethical standards. (correct)
• Avoiding transparency in compliance matters to protect competitive advantage.
• Minimizing the cost of compliance regardless of ethical considerations.
• Focusing solely on compliance with financial regulations.

According to King IV, how should remuneration be structured within an organization?

It should be fair, responsible, and transparent to promote the achievement of strategic objectives and positive outcomes. (A)

What is the purpose of assurance services and functions as emphasized in Principle 15 of King IV?

To enable an effective control environment and support the integrity of information for decision-making and external reporting. (D)

How does King IV suggest the board should approach stakeholder relationships?

By adopting a stakeholder-inclusive approach that balances the needs, interests, and expectations of material stakeholders. (B)

What does King IV stipulate regarding responsible investment for institutional investors?

They should ensure that responsible investment is practiced to promote good governance and the creation of value by the companies in which they invest. (C)

According to King IV, when developing a strategy for risk governance, what consideration should be included?

Considering opportunities and risks, and the potential positive and negative effects of each risk on achieving objectives. (A)

According to King IV, what should the governing body delegate to management regarding risk?

Risk management implementation. (B)

What does King IV recommend regarding technology and information governance?

Delegate to management effective technology and information implementation. (B)

According to King IV, what is the responsibility of management regarding compliance?

To delegate to management the responsibility for implementing compliance management. (B)

What is one recommendation from King IV regarding a Renumeration policy?

Set out all elements of remuneration. (B)

According to King IV, what must remuneration be voted upon in accordance with?

Legislative provisions (D)

What should the governing body ensure regarding assurance services and functions, according to King IV?

Enable an effective control environment and support the integrity of information. (D)

According to King IV, who should have oversight of the audit committee?

The assurance services and functions. (B)

When ensuring an internal audit function conforms to a code of ethics, how often should this be confirmed with the CAE?

Annually. (B)

According to King IV, what should the board adopt to balance the needs, interests and expectations of material stakeholders?

A stakeholder-inclusive approach. (A)

According to King IV, what is the responsibility of the Board regarding stakeholder relationship management?

Implementation and execution of effective stakeholder management. (B)

In an institutional investor organization, what should the governing body ensure regarding responsible investment according to King IV?

Responsible investment is practiced to promote good governance and the creation of value. (A)

According to King IV, what should institutional investors disclose regarding their responsible investment code?

The responsible investment code adopted and its application thereof. (D)

Flashcards

Principle 11

The governing body should govern risk to support the organization in setting and achieving strategic objectives.

Principle 12

The governing body should govern technology and information to support the organization in setting and achieving strategic objectives.

Principle 13

The governing body should ensure compliance with laws and ethical standards, supporting the organization as a good corporate citizen.

Principle 14

The governing body should ensure fair, responsible, and transparent remuneration to promote strategic objectives and positive outcomes.

Principle 15

The governing body should ensure assurance services enable effective control, supporting the integrity of internal decision-making and external reports.

Principle 16

Adopt a stakeholder-inclusive approach that balances stakeholder needs, interests, and expectations.

Principle 17

Ensure that responsible investment is practiced to promote good governance and value creation in invested companies.

Study Notes

Outcomes of Studying the Topic

• Understand the Principles of the King IV Code.
• Apply the Principles practically.

Overview of the Study Topic

• Focus on each Principle of King IV with key practices, in terms of achieving governance outcomes.

Course Material

• Lecture notes.
• Video 4 on King IV – Corporate Governance.

Risk Governance

• Principle 11 states that the governing body should govern risk to support the organization in achieving its strategic objectives.
• Risk governance approach, encompassing opportunities and risks during strategy development should be set. It should also consider potential positive and negative effects on objective achievement.
• Risk should be treated as part of decision-making and adherence to duties.
• Risk policy should be approved.
• Risks that the organization decides to take, including risk appetite and tolerance levels, should be evaluated and agreed upon.
• Management should be delegated with risk management implementation.
• Risk management should be overseen.
• Assessment of risks and opportunities in relation should be done alongside the triple context and use of 6 capitals.
• Periodic and independent assurance on the effectiveness of risk management should be considered.
• Disclosure is recommended on the nature and extent of risks/opportunities, the risk management system/focus areas/key risks, any unexpected or outside-tolerance-level risks, and actions taken to monitor/address risk management.

Technology and Information Governance

• Principle 12 states that the governing body should govern technology and information to support the organization in achieving its strategic objectives.
• Recommended practices include setting the approach and approving the policy for technology and information governance, and adopting appropriate frameworks/standards.
• Management should be delegated with effective technology and information implementation.
• The results of managements’ implementation should be overseen along with management information and technology.
• Periodic and independent assurance on the effectiveness of technology and information should be considered.
• Disclosure on governance and management, areas of current/future focus, significant changes, acquisitions, incident management, monitoring, and responses is recommended.

Compliance Governance

• Principle 13 states that the governing body should govern compliance with applicable laws and non-binding codes/standards to support the organization in being ethical and a good corporate citizen.
• Directing governance of compliance to laws and adopted non-binding rules/codes/standards is recommended.
• Policy that directs compliance should be approved.
• Management should be delegated the responsibility for compliance management implementation.
• Compliance management should be overseen to ensure it relates holistically and responds to changes in the regulatory environment, following continuous monitoring.
• Disclosing an overview of compliance management, current/future focus areas, actions taken to monitor/address compliance management, material/repeated sanctions, fines/penalties, officer actions, environmental regulator inspections, incidents of non-compliance, and consequences is recommended.

Remuneration Governance

• Principle 14 states that the governing body should ensure fair, responsible, and transparent remuneration to promote achievement of strategic objectives and positive outcomes term.

Remuneration Policy

• Setting the direction and approach for remuneration and approving a policy that aspires to fairness, responsibility, and transparency is a recommended practice.
• Designing the policy to attract/retain human capital, promote strategic objective achievement, drive positive outcomes and promote ethical culture/responsible corporate citizenship are recommended.
• Setting out all remuneration elements and overseeing policy implementation to ensure objectives are achieved are best practices.

Remuneration Report

• This report should be disclosed in three parts: background statement, main policy provisions, and an implementation report of all remuneration to members/executive management.

Voting on Remuneration

• Remuneration should be voted upon in accordance with legislative provisions, such as the Companies Act.

Assurance Governance

• Principle 15 states that the governing body should ensure that assurance services and functions enable an effective control environment and support the integrity of information for decision-making and external reports.

Combined Assurance

• Disclosing assurance services/functions and delegating oversight to the audit committee to ensure internal control and integrity of information for decision-making/reporting is recommended.
• Applying a combined assurance model that covers significant risks/material matters through a combination is recommended. This should use the organisation’s line functions, risk and compliance functions, internal/external auditors, fraud examiners, assessors and actuaries.
• Assessing the output of the combined assurance and forming an opinion on the integrity of information/reports and effectiveness of the control environment.

Assurance of External Reports

• Directing how assurance of external reports should be done, taking into account legal requirements is recommended.
• Satisfying itself as to the effectiveness of the combined assurance approach as a basis for statements on the integrity of external reports is a recommended practice.
• Disclosing in external reports the type of assurance applied and a statement on the integrity of the report is also recommended.

Internal Audit

• Directing internal audit and delegating oversight to the audit committee is recommended.
• Approving an internal audit charter and ensuring sufficient/adequate skills (including specialists) is important.
• If there is a chief audit executive (CAE) and internal audit function, their independence from management should be ensured.
• Approving the appointment, contract, and remuneration of the CAE should be done while ensuring suitability.
• Ensuring the CAE has access to the audit committee chair, but is not a member of executive management, is important, while clarifying who the CAE is if the internal audit is outsourced .
• The CAE should report to the chair of the audit committee on internal audit duties/other matters to a designated executive.
• Responsibility for CAE removal rests with the organisation.
• Monitoring that internal audit follows a risk-based plan, reviews the risk profile regularly, and adapts the plan accordingly is a recommended practice.
• Ensuring internal audit makes an annual statement on the effectiveness of governance, risk management, and controls is crucial.
• Ensuring that internal audit is externally/independently reviewed every 5 years is also necessary.
• Confirming annually with the CAE that the internal audit function conforms to a code of ethics is recommended.

Stakeholder Relationships

• Principle 16 states that, in the execution of its governance role/responsibilities, the board should adopt a stakeholder-inclusive approach that balances the needs/interests/expectations of stakeholders in the organization's best interests.
• The board should assume responsibility for the governance of stakeholder relationships, setting the direction for how they are approached and conducted.
• The board should approve policy that articulates stakeholder relationships.
• The board should delegate management the responsibility for implementing and executing effective stakeholder relationship management.
• The board must exercise ongoing oversight of stakeholder relationship management and oversee that it results in appropriate stakeholder methodologies, identification, risk management, communication mechanisms, and relationship-quality measurement.
• An overview of stakeholder management, current/future focus areas, and actions taken should be disclosed.

Responsibilities of Institutional Investors

• Principle 17 states that the governing body of an institutional investor organization should ensure responsible investment is practiced to promote good governance and value creation by the companies in which it invests.
• Directing how responsible investing will take place and approving a policy for responsible investing is recommended.
• Management of the policy should be delegated to improve implementation.
• Ensuring that accountability for complying with the formal mandate is adhered to.
• Disclosing the responsible investment code and its application are also important.