INTRODUCTION

Corporate governance (CG) is one of the most talked about topics in business
today.

I would note that while my presentation today focuses on corporate governance

in the private sector,the need for sound governance arrangements in the public
sector are also critically important. As the former Vice-President and Controller
of the World Bank, Jules Muis, has observed, an economy can be likened to an
aeroplane – both wings must be sound for it to fly safely. For an economy to
grow and develop, its governance structures in both the public and private
sectors must be solid. I should also note that the need for the governance of the
public sector to be sound was recognised by the Eastern Southern and Central
African Federation of Accountants a number of years ago when they urged the
Public Sector Committee of IFAC to produce its document ”insert”.

Sound corporate governance is, of course, critical to capital market development

in West Africa, in other emerging economies and around the globe. Effective
corporate governance can create safeguards against corruption and
mismanagement and promote transparency, and therefore efficiency, in
economic affairs. It is at the heart of building confidence in financial systems and
that is at the heart of sustainable economic growth. At one level it is that simple –
if sustainable economic growth is the goal, good corporate governance is
essential. As professional accountants, we understand that while corporate
governance is a concept that is presently making the headlines, it is also much
more than that. Corporate governance is about actions and behaviors -- actions
and behaviors that need to be taken by private and public enterprises, that need
to be reinforced by governments, and that must be supported by professional
accountants and all those involved in the development and disclosure of financial
information.

Good corporate governance hinges on a number of elements such as principles,

values, laws, rules, regulations, and institutions. I will touch on some of this today
as I seek, first, to provide you with an understanding of good governance from the
perspective of the International Federation of Accountants and, second, describe
the role we can all play in enhancing corporate governance practices.
First, I’d like you to take a look back with me to the not too distant past, to nearly
two- and-a-half years ago when the U.S. energy giant Enron collapsed. Back in
2001, many blamed the Enron failure almost exclusively on the auditors.
Corporate governance was not yet seen as so central to the corporate failures.
Few understood the depth of the problems. In fact, some predicted that Enron
was a storm that would soon blow over. Time has shown that rather than being
an isolated event, Enron was the leading edge of a storm front. In fact, ”Enron”
has become global shorthand for corporate greed and failed corporate
governance. WorldCom, Tyco, Adelphia, A hold, Vivendi and most recently Parmal
at have all followed, each new case tending to reinforce public cynicism towards
business in general. Reversing this trend, restoring and improving public
confidence in capital markets, in financial reporting and in the accounting
profession is the end game of the strategy I will present to you today.

There are many of you who, like me, recall financial failures in previous decades.
Scandals involving companies like BCCI, Baring, Sunbeam and Credit Lyonnaise.
What has changed? Well, the world has changed since the 1980s and 1990s.
More and more people have a stake in the performance and conduct of public
companies, through stocks, mutual funds and pension plans. Investing in public
companies has in many countries become an activity open to anyone with a
computer and a relatively few dollars.

This has greatly increased the political salience of capital market performance.
As well, the globalization of business and communications, increasing technology
and increasingly complex financial transactions, mean that a business failure
anywhere touches people everywhere. A failure in London impacts the markets in
Lagos. This is why a recent survey of business leaders by the Economist
Intelligence Unit found that the attention being paid to corporate governance is
increasing worldwide and will continue to do so into the future.Some of those
behind the scandals of the past two years were accountants. However, they were
not the only ones to blame. In fact, thousands of accountants like those of you
sitting in this room today are dedicated to providing quality work and to putting
your integrity ahead of short-term commercial interests.

Nonetheless, the scandals created a ripple effect for our profession -- accountants
who fail in London negatively affect the trust and reputation of accountants in
Lagos, and vice versa. To be sure, some of the criticism concerning auditors and
their role in these failures has been fair. Some of it was not. Part of our job, as
trained professionals, has been to see what we could learn from the events. I
want now to talk about some elements of IFAC’s response to these events,
focusing on those related to corporate governance.

IFAC took the approach of addressing this challenge on two levels: focusing on
improving the role of accountants in the governance and financial reporting chain,
and developing a plan of action to improve corporate governance as a whole. We
recognized that enhancing public trust through our commitment to the highest
standards of quality and integrity required real action as well as the ability to
effectively communicate that action to all of our stakeholders, including the
public.

While these corporate failures have placed the accounting profession under
unparalleled scrutiny, they have also provided us with unparalled opportunity to
effect reform and change. Obstacles to enhancing professional standards of
quality, integrity and independence have melted away. In a sense, Enron and its
cousins compelled us to take a hard look at our core values. What we have
relearned is that our profession is built on public trust. It’s all we have. But it’s an
awful lot. It’s what keeps the markets working. In order for the public to have
confidence in the quality and integrity of our work, we need to earn their trust
every day.

With 158 member organizations in 118 countries, representing 2.5 million

accountants worldwide, IFAC is ideally placed to effect change, and we have
seized the opportunity. Accountants play a key role in the value creation chain, in
which one link is good corporate governance. Our analysis illustrates very clearly
the connection between business failure and reporting failure. The two go hand in
hand.Even before Enron collapsed, IFAC had issued a robust new principles-based
standard on independence for public accountants as part of the Code of Ethics for
Professional Accountants. This framework is the most rigorous international
guidance ever issued, and its principles and guidance are being adopted by a
growing number of national accounting and auditing standard-setting bodies. At
the same time, we welcome oversight of the profession. For most of our national
organizations, this means the acceptance of some external oversight mechanism
or process. Internationally, IFAC undertook a wide-ranging consultative process
that resulted in a series of reforms, unanimously supported by international
regulators and approved by IFAC’s Council last November. This initiative also
received the endorsement of the Financial Stability Forum.
These reforms, currently being implemented, include the establishment of a
Public Interest Oversight Board to oversee IFAC’s standard-setting and compliance
regimes, as well as increased transparency and public participation in governance
and standard-setting activities. The end result of these reforms is that IFAC has
moved from a self-regulatory framework to a mixed or shared regulatory
structure. We have also focused on developing a more transparent standard-
setting process for the International Auditing and Assurance Standards Board
(IAASB) as well as for the Education Committee and the Ethics Committee. The
IAASB meetings are open to the public, and its papers are posted on the IFAC
website. We have increased technical support to the IAASB in order to channel
energies in areas that most seriously touch on the public interest. In the past few
months, the IAASB has released two new quality control standards. One
establishes a firm’s responsibilities to set up and maintain a system of quality
control for all audits and assurance engagements. The second establishes
standards for the specific responsibilities of firm personnel for an individual audit
engagement.

Now to the broad scope of corporate governance. As many of you know, IFAC has
taken a leadership role in responding to the crisis in corporate governance. We
regard this as a long-term challenge, one that will require long-term solutions, not
quick fixes. And we are far from alone in addressing these issues. Just last month,
the Organization for Economic Cooperation and Development – OECD – approved
a revised version of its Principles of Corporate Governance to address issues that
have undermined the confidence of investors in company management. The
revised principles include new recommendations for good practice in corporate
behavior. IFAC contributed to the process through which the OECD undertook the
revision and supports both the principles and the encouragement for
international convergence of corporate governance practices that are based on
these principles. I would encourage you all to go to the OECD website to view and
understand these principles.

The issuance of these new principles further reinforces IFAC’s position that to
rebuild and maintain public trust in companies and stock markets, action must be
taken at all points along the information supply chain.

This involves management and boards of directors, auditors, standard setters as

well as lawyers, investment bankers, credit rating agencies and the media. At
each point, individuals must take responsibility for their actions. Everyone in this
room shares this responsibility. We must succeed, because the stakes are too high
to do otherwise. All of us must be committed to high ethical standards and be
vigilant in discharging the responsibility we have for ensuring public confidence in
the markets. This must be our shared vision because, again, the stakes are so
high.

In 2002, IFAC established an independent, international Task Force that produced

a report, Rebuilding Public Confidence in Financial Reporting, released in July of
last year. This report provides a number of important recommendations
addressing a range of corporate governance issues. The report lists and explains
principles of best practices that call for specific action at all points in the
information supply chain Specific recommendations include the following:

Effective corporate ethics codes need to be in place and actively monitored; such
codes should be supported by training. Codes of conduct need to be put in place
for other participants in the financial reporting process - such as investment
analysts and lawyers - and their compliance should be monitored.

 Incentives to misstate financial information need to be reduced, and

companies must refrain from forecasting profits with an unrealistic level of
precision.
 Audit effectiveness needs to be raised, primarily through greater attention
to audit quality control processes.
 Complementing this report is a document released just this past February
by IFAC’s Professional Accountants in Business Committee, the PAIB
Committee.

This report, entitled Enterprise Governance: Getting the Balance Right,

analyzes a number of prominent recent case studies to develop
recommendations covering the range of enterprise governance. For those
of you unfamiliar with the term, enterprise governance includes both
corporate governance and corporate performance. The committee found
that four key elements underpin an organization’s success: culture and tone
at the top; the chief executive; the board of directors; and internal controls.
The report notes that governance and performance need to be in harmony
and performing well in order to enhance the chances of organizational
success. Our focus is on good governance, but as the PAIB discovered, good
governance on its own cannot make a company successful. Companies
need to balance conformance with performance. Bad governance can ruin
a company, but cannot, on its own, ensure its success.
These reports have not been issued in isolation. Instead, they are one part
of a strategy that includes IFAC reviewing and monitoring corporate
governance standards worldwide. IFAC member bodies have agreed to
encourage key stakeholders in their home countries to adopt the
recommendations from these two reports. It is a global campaign that is
gaining momentum.

In undertaking the Credibility and Enterprise Governance reports, three

new realities became apparent. I call them realities because they mark a
fundamental shift from the pre-Enron world in which we all worked, and
because they are bringing fundamental change in how we will do business
for years to come. Some elements were emerging or under development
prior to Enron, but the corporate scandals of recent years have given them
visibility and significance as never before.
The first new reality is that improving standards of corporate governance is
not only a national issue that each country must address, but it is also an
international issue.
At the national level, many countries are taking steps to improve
governance through tougher legislation and regulation, new codes of
ethics, and the establishment of oversight bodies. Our stakeholders
recognize the role that accountants and auditors play in value creation as
well as in contributing to good corporate governance. As an example, the
EU has already indicated its plans to adopt international accounting
standards and international standards on auditing by 2005. This is a very
important development, though Europe is not alone in taking this course.
Governments and regulators increasingly understand that international
standards, already established or being developed by bodies like IFAC, are
the soundest method of ensuring the reliable functioning of the global
capital markets. To this end, on the international front, IFAC seeks to work
closely with organizations like the Financial Stability Forum, which aims to
achieve stability in capital markets through dialogue amongst national
governments and financial institutions. These activities help to achieve
IFAC’s goal of convergence to international standards – a goal that is vital to
achieving comparability of financial information around the globe and
ultimately, financial stability.
IFAC also actively supports the International Accounting Standards Board’s
program of global International Financial Reporting Standards, and we
endorse countries around the world that implement regulations consistent
with IOSCO’s Principles of Securities Regulation.
The second of the three new realities I referred to is that enhanced
corporate governance is a team effort. It takes the committed effort of
accountants, executive management, the board of directors, audit
committees and regulators. Each of these groups must recognize its unique
public interest responsibility. There’s a dichotomy at work here: no one
profession or group can ensure an organization’s good corporate
governance, but the failure of one group can put good governance at risk –
thus compromising the protection offered to stakeholders.
Finally, the third, and perhaps most important reality, is that good
corporate governance cannot be established if organizations are not
committed to high standards of individual and institutional integrity. As
we’ve seen over the past two-and-a-half years, failures in integrity were
perhaps the lead factor in these corporate scandals. In order to prevent
them from occurring in the future, a culture of integrity must take hold.
While sanctions are necessary for those who do not comply with legal and
regulatory requirements, what is far more effective is building a culture of
good governance that prevents those sanctions from ever having to be
implemented. In IFAC’s recent Enterprise Governance report, the writers
describe the ideal environment as comprising a virtuous circle of integrity
and ethics, based on the conscious decision by all parties to take good
governance seriously.
I meet regularly with the international leaders of accountancy bodies and
the leaders of the accounting accounting firms, as well as regulators and
standard setters. What I have learned is that we are increasingly viewed as
a global profession with the ability to effect change that is in the public
interest. This brings with it tremendous opportunity, as well as challenge.
We can all take a leadership role in enhancing public trust not only in our
profession, but through the whole governance chain. Everyone in this room
has an equal role to play; we are all partners. Every day, we must bear in
mind we have deliberately set the bar high because we demand no less of
ourselves and because the public demands no less of us.
I urge you to pursue activities to promote good corporate governance and
to continue to explore, at a regional level, the exchange and coordination
 of ideas. It is through exchanges such as this that the accountancy
profession can become the impetus for strengthening corporate
governance policies, and in doing so, rebuild trust not only in the profession
but in the markets in which we operate. I will end by repeating what I said
earlier - at one level is very simple – if sustainable economic growth is the
goal, good corporate governance is essential.

This Closer Look takes a broad view of the topic, with the goal of addressing the
following questions:

 What are the key issues in CG, as regards business’ social and
environmental impacts and opportunities?
 How do leading thinkers perceive the issue?
 What is the current state of practice on MBA campuses?
 What teaching resources are available to business school faculty?

First of all we have to understand the meaning of CG.

Corporate governance is the set of processes, customs, policies, laws, and

institutions affecting the way a corporation (or company) is directed,
administered or controlled. Corporate governance also includes the relationships
among the many stakeholders involved and the goals for which the corporation is
governed. The principal stakeholders are the shareholders, management, and the
board of directors. Other stakeholders include employees, customers, creditors,
suppliers, regulators, and the community at large.

Corporate governance is a multi-faceted subject. An important theme of

corporate governance is to ensure the accountability of certain individuals in an
organization through mechanisms that try to reduce or eliminate the principal-
agent problem. A related but separate thread of discussions focuses on the
impact of a corporate governance system in economic efficiency, with a strong
emphasis on shareholders’ welfare. There are yet other aspects to the corporate
governance subject, such as the stakeholder view and the corporate governance
models around the world.

Principles
Key elements of good corporate governance principles include honesty, trust and
integrity, openness, performance orientation, responsibility and accountability,
mutual respect, and commitment to the organization.

Of importance is how directors and management develop a model of governance

that aligns the values of the corporate participants and then evaluate this model
periodically for its effectiveness. In particular, senior executives should conduct
themselves honestly and ethically, especially concerning actual or apparent
conflicts of interest, and disclosure in financial reports.

Corporate governance mechanisms and controls are designed to reduce the

inefficiencies that arise from moral hazard and adverse selection. For example, to
monitor managers’ behavior, an independent third party (the external auditor)
attests the accuracy of information provided by management to investors. An
ideal control system should regulate both motivation and ability.

Internal corporate governance controls

Internal corporate governance controls monitor activities and then take

corrective action to accomplish organisational goals. Examples include:

 Monitoring by the board of directors: The board of directors, with its legal
authority to hire, fire and compensate top management, safeguards
invested capital. Regular board meetings allow potential problems to be
identified, discussed and avoided. Whilst non-executive directors are
thought to be more independent, they may not always result in more
effective corporate governance and may not increase performance.[6]
Different board structures are optimal for different firms. Moreover, the
ability of the board to monitor the firm’s executives is a function of its
access to information. Executive directors possess superior knowledge of
the decision-making process and therefore evaluate top management on
the basis of the quality of its decisions that lead to financial performance
outcomes, ex ante. It could be argued, therefore, that executive directors
look beyond the financial criteria.

 Internal control procedures and internal auditors: Internal control

procedures are policies implemented by an entity’s board of directors,
audit committee, management, and other personnel to provide reasonable
 assurance of the entity achieving its objectives related to reliable financial
reporting, operating efficiency, and compliance with laws and regulations.
Internal auditors are personnel within an organization who test the design
and implementation of the entity’s internal control procedures and the
reliability of its financial reporting.

 Balance of power: The simplest balance of power is very common; require

that the President be a different person from the Treasurer. This
application of separation of power is further developed in companies
where separate divisions check and balance each other’s actions. One
group may propose company-wide administrative changes, another group
review and can veto the changes, and a third group check that the interests
of people (customers, shareholders, employees) outside the three groups
are being met.

 Remuneration: Performance-based remuneration is designed to relate

some proportion of salary to individual performance. It may be in the form
of cash or non-cash payments such as shares and share options,
superannuation or other benefits. Such incentive schemes, however, are
reactive in the sense that they provide no mechanism for preventing
mistakes or opportunistic behaviour, and can elicit myopic behaviour.

External corporate governance controls

External corporate governance controls encompass the controls external

stakeholders exercise over the organisation. Examples include:

 Competition
 debt covenants
 demand for and assessment of performance information (especially
financial statements)
 government regulations
 managerial Labour market
 media pressure
 takeovers
Many factors are influencing enterprise governance in India, and it is becoming
imperative to implement IT governance practices Here . we talk about the various
regulatory requirements that are impacting the adoption of IT governance and
take a closer look at the Control Objectives for Information and related
Technology (COBIT) framework, which is extensively used in India as an IT
governance and IT assurance framework.

Why IT Governance?
Corporate governance in India is evolving, primarily due to regulatory
requirements, but also, to some extent, due to each enterprises specific needs
and context. The objectives of corporate governance are fulfilled by setting up an
appropriate structure and functioning mechanisms for the board of directors and
audit committees, as laid down by the Companies Act, 1956. It is critical for each
enterprise to establish its own specific governance system based on its own
specific constraints and business culture.

Listed Companies

SEBI introduced a mandatory audit to ensure that this is maintained as per its
norms by all listed companies as part of corporate governance and came up with
an updated Clause 49 to address this requirement. Although Clause 49 primarily
focuses on corporate governance, there are two key sections Clause 49 IV (C) and
Clause 49 Vthat make it imperative for listed companies to implement IT
governance.

Clause 49 IV (C) Board Disclosures on Risk

Management requires every listed company to lay
down procedures to inform board members about the
risk assessment and minimization procedures. These
procedures must be periodically reviewed to ensure
that executive management controls risk through
means of a properly defined framework. Indian companies often adopt a
combination of home-grown, in-house practices and globally recognized
frameworks for risk management. The ideal approach would be to adopt a
globally accepted risk management framework such as COSO, which provides a
framework for enterprise risk management, and then integrate the local practices
as relevant.
The amendments effected in Clause 49 V (C) and (D) clearly bring out:

 The responsibility entrusted to the CEO/CFO is in relation to establishing

and maintaining internal controls for financial reporting.
 The CEO/CFO has to assert that he/she has evaluated the effectiveness of
internal control systems of the company pertaining to financial reporting.
 The CEO/CFO certificate will further state the manner in which deficiencies
(if any) in the design or operation of such internal controls have been
disclosed to the auditors and the audit committee.
 The CEO/CFO certification will also state the steps they have taken or
proposed to take to rectify these deficiencies in the design or operation of
such internal control pertaining to financial reporting.

The first step is to map the relevant business goal of an enterprise from the point
of compliance with the business goals provided in COBIT. For example, one such
business goal under the financial perspective category of such listed companies is
to improve corporate governance and establish transparency. This business goal
can be linked with two IT goal respond to governance requirements in line with
board direction and to establish clarity of business impact of risks to IT objectives
and resources. The selection of these IT goals provides the specific IT processes
(under the domains of plan and organize [PO] and monitor and evaluate [ME]) of
COBIT to be selected to meet compliance requirements:

 PO1 Define a strategic IT plan

 PO4 Define the IT processes, organization and relationships
 PO9 Assess and manage IT risks
 PO10 Manage projects
 ME1 Monitor and evaluate IT performance
 ME4 Provide IT governance

The final step would be to select the relevant control objectives under these IT
process and use them as a benchmark for adoption/evaluation as required.

The Companies Act

The statement on the Companies (Auditors Report) Order, 2003 (CARO) applies to
all companies, including foreign enterprises. Companies that are exempt from this
are insurance companies, banking companies, section 25 companies and private
companies with paid-up capital and reserves of not more than Rs 50 lakh that do
not have outstanding loans exceeding Rs 20 lakh from any bank or financial
institution, and that do not have a turnover exceeding Rs 5 crore at any point of
time during the financial year. CARO stipulates the need for companies to have an
internal control system in the key areas and also mandates that the companies
have internal audits commensurate with the size of the company and nature of
the business. Hence, even unlisted companies that require statutory audits would
need an implementation and review of internal controls.

The Institute of Chartered Accountants of India (ICAI) has started a certification

course on information systems audit. Further, ICAI has entered into a
memorandum of understanding (MOU) with ISACA to provide ISACA standards,
guidelines and procedures to all its members. This will go a long way in promoting
IT governance and IT assurance in India through the chartered accountants.

In the Government
The scope and coverage of IT in C&AG encompasses various types of information
systems audit, process approach, specialized audits, forensic audit, system
development life cycle approach, value for money (VFM) approach, financial audit
and performance audit. All of the IT audits by C&AG staff are based on COBIT as
the main audit criteria. COBIT is used as the umbrella framework under which
specific technology and business related controls are integrated.

The audit guidelines of the COBIT framework are suitably adapted to the specific
IT and business environment of the enterprise. The audit objectives are mapped
to COBIT, and the relevant high level control objectives are selected for
evaluation. C&AG has done excellent work in promoting IT governance among all
the government entities by using COBIT best practices as a benchmark for all the
IT audits it conducts.

Banking
The Reserve Bank of India (RBI) has been at the forefront of promoting IT usage in
India. It has issued regular guidelines on IT, IT security and controls, and IT
governance, and has been conducting IT audit as part of the regulatory review of
banks IT systems. RBI has used COBIT as a reference framework for issuing
guidelines to banks and also for conducting IT audits. Various components such as
pre-launch audit, post-implementation studies and regular IS audit follow
internationally accepted norms and approaches. The large scale use of IT in day-
to-day operations has also added a new dimension to the risks associated with
these activities, which has necessitated appropriate risk management systems.

In MNCs
MNCs use IT extensively for integrating their Indian operations with the global
operations. As part of the standardized global operations, these companies
mandate the implementation of global best practices. Hence, the adoption of IT
governance best practices is an accepted norm in these companies. Further, these
companies are subject not only to Indian regulatory requirements, but also to
regulatory requirements of their parent companies. Consequently, implementing
IT security and control practices based on globally accepted frameworks is
enforced.

IT Companies
Adoption of IT governance in IT companies is necessitated by a combination of
regulatory and management requirements. Most of the IT companies are at the
forefront of adopting global best practices as a business requirement, as this acts
as a differentiator in procuring clients and demonstrates the organizations
services and capabilities. Further, as the majority of Indian IT companies revenue
comes from providing software development, IT implementation and IT
consulting to companies outside India, they have to meet the relevant regulatory
requirements of their clients. These companies are also subject to regulatory
audits, such as a SAS 70 audit, which makes it imperative for them to adapt global
best practices. Many of the top IT companies have started IT governance
consulting services as one of their key offerings.

Conclusion
IT governance as a concept in India is not as widely known as it needs to be, but it
is being adopted and implemented to an extent as a result of various regulatory
requirements and effective best practices. IT governance is being implemented as
a subset of corporate governance due to the regulatory and assurance
requirements of SEBI, C&AG, RBI and the Companies Act. However, it is also
increasingly being recognized that the real benefit of IT governance is not just
implementing it from a compliance perspective, but from a performance
perspective also to ensure that the organization receives real business value from
IT.