Summary of Themes. The following are highlights from members discussions.

Similar documents
A. Independence/Composition. The Committee shall be comprised of not less than three members. The members of the Committee:

InSights FOR AUDIT COMMITTEE MEMBERS

AUDIT COMMITTEE CHARTER AS AMENDED AS OF MAY 6, 2015

EY Center for Board Matters. Leading practices for audit committees

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF COMPUTER TASK GROUP, INCORPORATED

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK CHARTER

GOVERNANCE POLICY. Adopted January 4, 2018

AUDIT COMMITTEE CHARTER

CATERPILLAR INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS (adopted by the Board of Directors on February 11, 2015)

AUDIT COMMITTEE CHARTER APRIL 30, 2018

GARMIN LTD. Audit Committee Charter. (Amended and Restated as of July 25, 2014)

Evolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

GROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER

Discovery Children s Museum Document Retention and Destruction Policy

Non-SEC Regulated Charter. Organization. Statement of Policy. Responsibilities

Records Retention and Destruction

Your committee: Evaluates the "tone at the top" and the company's culture, understanding their relevance to financial reporting and compliance

Nido Petroleum Limited Audit & Risk Management Committee Charter (AS APPROVED 24 MAY 2011)

SOUTHWEST AIRLINES CO. AUDIT COMMITTEE CHARTER

Audit Committee Charter

5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

B. The Committee assists the Board in its oversight of: D. The Committee is entitled to place reasonable reliance on:

Audit and Risk Management Committee Charter

Corporate Governance Guidelines

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF DROPBOX, INC.

SMITH & NEPHEW PLC TERMS OF REFERENCE OF THE AUDIT COMMITTEE

OLD DOMINION FREIGHT LINE, INC. AUDIT COMMITTEE CHARTER. A. The Audit Committee shall be comprised of a minimum of three directors.

SEMPRA ENERGY. Corporate Governance Guidelines. As adopted by the Board of Directors of Sempra Energy and amended through December 15, 2017

STANDARD MOTOR PRODUCTS, INC. CORPORATE GOVERNANCE GUIDELINES. (Amended as of January 30, 2018)

ViewPoints. Evaluating the CFO and the finance organization

AUDIT COMMITTEE CHARTER

Audit Committee Performance Evaluation

DTE ENERGY COMPANY AUDIT COMMITTEE CHARTER

VantagePoint. Enhancing audit committee effectiveness

EASTMAN CHEMICAL COMPANY. Corporate Governance Guidelines

THORNEY OPPORTUNITIES LTD ACN AUDIT & RISK COMMITTEE CHARTER

Guide for the Preservation of Records For Public Water Utilities

CALLEGUAS MUNICIPAL WATER DISTRICT JOB DESCRIPTION

AUDIT COMMITTEE CHARTER

W. R. GRACE & CO. CORPORATE GOVERNANCE PRINCIPLES

PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES

F5 NETWORKS, INC. AUDIT COMMITTEE CHARTER AS AMENDED AND RESTATED BY THE BOARD OF DIRECTORS OF F5 NETWORKS, INC. APRIL 21, 2017

IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS

APERGY CORPORATION CORPORATE GOVERNANCE GUIDELINES

Audit Committee Charter

CTI INDUSTRIES CORPORATION AUDIT COMMITTEE CHARTER (Amended and Restated) As Approved by the Board of Directors on April 27, 2007

CITIZENS BANCORP CITIZENS BANK BOARD AUDIT COMMITTEE CHARTER

ABCANN GLOBAL CORPORATION CORPORATE GOVERNANCE POLICIES AND PROCEDURES

CORPORATE GOVERNANCE GUIDELINES

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

AXT, INC. CORPORATE GOVERNANCE GUIDELINES

THORNEY TECHNOLOGIES LTD ABN: AUDIT & RISK COMMITTEE CHARTER

AUDIT COMMITTEE CHARTER (updated as of August 2016)

CB&I SUPERVISORY BOARD CORPORATE GOVERNANCE GUIDELINES

Audit and Risk Committee Charter

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF MULESOFT, INC.

BIG LOTS, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER

Corporate Governance Policy. (Amended and Restated as of 31 March 2011)

CABOT OIL & GAS CORPORATION AUDIT COMMITTEE CHARTER

BOARD CHARTER JUNE Energy Action Limited ABN

Industry insight and global experience: the intelligent connection

The most commonly applied model for designing and auditing internal

4.5 discuss with the external auditor the auditor s judgments about the quality and acceptability of the Group s accounting principles;

AXALTA COATING SYSTEMS LTD. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS

The Vodafone Code of Conduct. Doing what s right

Governance Committee Terms of Reference

MALIN CORPORATION PLC CORPORATE GOVERNANCE GUIDELINES. Adopted on 3 March 2015 and Amended on 26 May 2015

BIOSCRIP, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

HUMAN RESOURCES AND COMPENSATION COMMITTEE CHARTER

(the Company) The Committee also monitors the processes which are undertaken by management and auditors.

BIG LOTS, INC. CODE OF BUSINESS CONDUCT AND ETHICS

TEVA PHARMACEUTICAL INDUSTRIES LIMITED AUDIT COMMITTEE CHARTER

GUIDE TO SMALL BUSINESS RECORDKEEPING. To make your business #CPAPOWERED, call today and let s get started.

Fair Housing Human Rights Department Records Retention Schedules

GR Government Records

Introduction. Composition of the Board

Fraud Investigation & Dispute Services. Forensic analysis and global experience: the intelligent connection

NEW YORK LIFE INSURANCE COMPANY AUDIT COMMITTEE MISSION STATEMENT

RELM WIRELESS CORPORATION (the Company ) CODE OF BUSINESS CONDUCT AND ETHICS

Adopted on February 3, 2015 and amended on September 7, CORPORATE GOVERNANCE GUIDELINES of GENESIS HEALTHCARE, INC.

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

BEST BUY CO., INC. AUDIT COMMITTEE CHARTER

Introduction. Composition of the Board

White Paper. Managing Your Documents Before They Manage You A Beginner s Guide to Document Retention

Leading the Board, challenging the effectiveness of the group as a whole, and each director individually

Corporate Governance Principles 2015

CIRCOR International, Inc. Principles of Corporate Governance

STARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

TG Therapeutics, Inc. Audit Committee Charter

CRESCENT CAPITAL BDC, INC. AUDIT COMMITTEE CHARTER

SMITH & NEPHEW PLC TERMS OF REFERENCE OF THE AUDIT COMMITTEE

NVENT ELECTRIC PLC AUDIT AND FINANCE COMMITTEE CHARTER

AUDIT COMMITTEE CHARTER

Governance Committee Terms of Reference

Audit Committee of the Board of Directors Charter CNL HEALTHCARE PROPERTIES II, INC.

Audit quality a director s guide

AUDIT COMMITTEE CHARTER

Audit and Risk Committee Charter

ASSOCIATED BANC-CORP CODE OF BUSINESS CONDUCT AND ETHICS

Audit Committee Charter Amended September 3, Tyco International plc

Transcription:

February 15, 2016 Members of the Central Audit Committee Network convened in Chicago on January 26, 2016, where they were joined by EY s Jon Feig, Partner, and David Wetmore, Executive Director, Fraud Investigation & Dispute Services, for a discussion on information governance practices. Mr. Feig also joined members for a session on corporate culture and compliance. 1 Over dinner, members heard about trends in executive compensation from Ryan Harvey of Meridian Compensation Partners. The following are highlights from members discussions. As company records have digitized, managing information has become more complex. Members heard from Mr. Feig and Mr. Wetmore how records are now dispersed across the company and across devices with no overarching governance framework for their storage, retention, and disposal. Moreover, the roles previously responsible for these practices have not evolved. You still have the mentality in which records management professionals are seen as librarians. Librarians are worried about hard copy record storage. We care much less now about hard copy records than we do with the huge volume of electronic records, Mr. Feig said. As a result, companies may be vulnerable to a number of risks including litigation or cyber theft. There are a lot of records that an opponent may want. Many of these records are older and can be destroyed by following a retention schedule. If you destroy records then you reduce your risk. We can t eliminate risks but records management can reduce it, Mr. Feig said. Even at the board-level, members observed that board documents have moved to digital channels, and notes board members take on the platforms as well as issues such as listing in agendas the time dedicated to a subject may expose the board or the company to litigation risks. I tell my clients, anything you write down, assume the opponent is going to look at it, Mr. Feig said. When it comes to instituting more effective information governance across the company, the experts noted that simplifying in the face of past complexity is key to success. Mr. Wetmore said that companies should focus on truly high value or high risk documents, which they offered may be only 3% of the total volume of information. Once these are identified, they advised companies to categorize these documents into broad areas, taking a big bucket approach. You have limited time and limited people, so focus only where you need to. You might have in the past had 700 to 800 record types. Now you are trying to consolidate those 1 The Central Audit Committee Network is a select group of audit committee chairs from leading public companies committed to improving the performance of audit committees and enhancing trust in financial markets. The network is organized and led by Tapestry Networks with the support of EY as part of its continuing commitment to board effectiveness and good governance. Summary of Themes is produced to stimulate timely, substantive board discussions as audit committee members, management, and their advisers endeavor to fulfill their respective responsibilities to the investing public. This document reflects the network s use of a modified version of the Chatham House Rule whereby names of members and their company affiliations are a matter of public record, but comments are not attributed to individuals or corporations. Italicized quotations reflect comments made in connection with the meeting by network members and other meeting participants. Mr. Wetmore, Mr. Feig, and Mr. Harvey have permitted their remarks to be attributed.

to 30 to 50, Mr. Wetmore told members. Companies can then assess which types need to be retained and for how long, and which can be destroyed immediately. Cross-discipline teams comprising people from records management, information technology, cybersecurity, legal, governance, and other areas of the business can then administer on ongoing information governance program. You need a governance culture in which all areas are working together toward interdependent goals and identifying overlaps, Mr. Wetmore said. He added that any program that is too complex to adhere to is not the right program: The records management we are talking about now is about simplicity. Don t boil the ocean. The audit committee generally has oversight of the implementation and ongoing monitoring of information governance programs, Mr. Feig said. Although some members raised the question of whether audit committees should be tasked with this oversight given their already full agendas, many members said it makes sense for the audit committee to be the oversight body given the role it plays in overseeing cybersecurity. Defining, assessing, and monitoring the company s culture, particularly across different geographies, can be difficult for directors because they are not part of the day-to-day life of the company. Members and Mr. Feig mentioned a number of methods boards can use both to assess if the company has a strong culture that promotes ethical and compliant behavior and to support such a culture: Make sure strong controls are in place. Members and Mr. Feig emphasized the need for strong controls to protect the company and its culture. We all think about internal controls as protecting the company. But good internal controls protect the people. Faith as an audit tool doesn t work very well. If controls are in place, people can t stray, a member said. Reward and support good behavior. Of particular concern to members are geographies where corruption is more commonplace in the business environment and potential violations of the Foreign Corrupt Practices Act (FCPA) may arise. Mr. Feig said highlighting and rewarding good behavior can help push employees in the right direction. He also said companies need to be willing to accept the consequences of ethical behavior in some geographies. For instance, if an official threatens to impound a truck full of merchandise if a driver doesn t pay a bribe, the company has to be willing to bear the cost of losing that product if the driver refuses. This also includes partners such as entering into a joint venture with a company in particular geographies. Mr. Feig said companies have to be willing to walk away from a joint venture if the partner isn t willing to abide by compliance and ethics. If they don t agree, then you have to ask, how important is this? Mr. Feig said. Get out of the boardroom. Members agreed it is important for board members to meet with employees regularly to get a sense of the culture at the company. You really don t know how the company works sitting in the boardroom. You need to go out into the field. You need to talk to the people, get a sense of how they do their jobs and go about the business, a member said.

Survey employees. Members said surveys can give them an indication of how people below management are feeling about the culture of the company. I think engagement surveys are good; they point out areas. We did one recently and had a lot of happiness in leadership, and the middle was all negative. I can t tell why that was, but I can tell something is not working, and we need to dive down and figure it out, a member said. Test the effectiveness of compliance programs. Mr. Feig said offering training on FCPA or ethics is not enough. Companies need to regularly monitor employees to make sure the training resonates in their jobs. He offered the example of how employees in an area where bribery is common place can be tasked with figuring out ways to prevent people from getting a hold of bribe money through such means as false travel and expense forms. Training should be specific to what employees will be challenged with in their country, he said. He also said companies need to make it clear to people what the consequences of violations of company policy or the law will be to them, including prosecution. Get feedback from third parties. Mr. Feig said customers, suppliers, and internal and external auditors can all provide feedback on how employees are conducting business. For example, Mr. Feig pointed out that internal audit can help assess the effectiveness of ethics programs. When talking about ethics, how people think, how effective programs are, it s not a check-the-box issue. If [there is] somewhere where you suspect you have a problem, have the auditors gather information for you. They can provide feedback on if people understood the training or if they did not, he said. Ask about issues at the board level. Members commented that the board is often removed from many of the issues that may lead to compliance problems or breaches of ethics. Mr. Feig emphasized that the board, particularly the audit committee, can spur action in a company simply by asking about an issue. When the audit committee asks about something, then an issue moves forward. When the audit committee asks, everything shudders, he said. He recommended board members raise issues like how management is following up on ethics training, what types of compliance programs are in place in areas where there could be problems, and other issues to make sure they get proper attention. One of the things we take for granted with all these dashboards is it looks good on paper but how do you know how effective it is? How do we know how effective our compliance and ethics programs are? I m going to be asking those questions, a member said. Mr. Feig said boards should ask why a compliance team thinks training was effective. How do they know? Ask what buttons they have their fingers on that lead them to believe it s effective, he said. Among the trends that have defined the executive compensation landscape the past five years are say-on-pay proxy requirements, the rise in influence of proxy advisers, and a focus on pay for performance, Mr. Harvey told members. Compensation committees are looking at how proxy advisers will look at a pay deal. Proxy advisers aren t controlling the outcome, but they are a factor considered, he said. He noted that the pay ratio between what an executive earns and what an average employee earns will be a point of focus in the 2017 proxy season. He said that many companies and analysts don t see the ratio as being meaningful from a management point of view, due to differences in industries and other issues, but he and members

acknowledged it will be an issue in public opinion. It s a reputational issue, and it will have an impact, a member said. Another trend is the homogenization of executive compensation designs. Companies don t want to be outliers. You are now seeing similar processes and designs of pay plans among companies, Mr. Harvey said. Members agreed that boards must consider these issues carefully, given that executive pay has become a point of contention for the public. Members said the audit committee has a role to play in the process: it should validate the numbers and help the compensation committee align package design with performance outcomes. We wanted to change outcomes and built improving safety into the plan, a member said, describing a performance-based pay plan at one of the member s companies. The perspectives presented in this document are the sole responsibility of Tapestry Networks and do not necessarily reflect the views of network members or participants, their affiliated organizations, or EY. Please consult your counselors for specific advice. EY refers to the global organization and may refer to one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Tapestry Networks and EY are independently owned and controlled organizations. This material is prepared and copyrighted by Tapestry Networks with all rights reserved. It may be reproduced and redistributed, but only in its entirety, including all copyright and trademark legends. Tapestry Networks and the associated logos are trademarks of Tapestry Networks, Inc., and EY and the associated logos are trademarks of EYGM Ltd.

The following members attended all or part of the meeting: Howard Carver, Assurant Cheryl Francis, Morningstar John Holland, Cooper Tire & Rubber Rick Navarre, Civeo Neil Novich, Beacon Roofing Supply Donna Zarcone, CDW EY was represented by: Rich Bonahoom, Business Development Leader, Central Region

Jon Feig and David Wetmore from EY offered the following for audit committees who are seeking to better understand management s approach to information governance. Systems that should receive focus and priority: Management systems Financial systems (e.g. accounts receivable, journal) HR systems (e.g. employee information) Legal systems (e.g. contracts) Information systems Intellectual property systems (e.g. business solutions) Repositories that maintain compliance and/or business records Questions for boards to ask management about information governance practices: How mature is our information governance program? How are we compared to our competitors? Who owns information governance? Are the right parties involved? Are we protecting our information assets and making sure the wrong people can t access them? Do we know what information is being retained or is it unknown/unmanaged? Are we responding to regulatory requests in a timely, accurate, and cost-efficient manner? How are we managing legal holds and monitoring compliance with them? Are we actively reviewing retention schedules and monitoring if disposition is being enforced? Do we have a defensible disposition strategy?

EY s Jon Feig and David Wetmore also offered the following examples of big bucket categories of records. Accounts receivable records, including invoices, accruals, check requests, cancelled checks, expense reports, journal entry support Banking records including statements, cash books, check stubs, deposit slips, wire transfers Petty cash vouchers, including supporting receipts and documentation Budget related records, including planning, implementing, tracking accruals, and monitoring Financial transaction reports, including general ledgers, account reconciliations, subsidiary ledgers, journals Capital/asset records, including purchase, depreciation, disposal Records related to office motor vehicles, including purchasing/disposal, title papers, registration, licensing, maintenance, insurance, drives logs Financial statements and audits Income tax records such as tax returns, tax advice, work papers, documentation supporting tax returns Foundation tax records including contributions received and grants made Unclaimed property reports and supporting documentation Entity governance records, including: charter, articles of incorporation, bylaws, shareholder lists, delegations of authority, officer appointments, executive compensation, stock compensation, permanent corporate secretary records, minutes, and resolutions Board of directors meeting records, corporate management committee meeting records, shareholder meeting records Records indicating the authority/authorization to conduct business transactions Business permits, licenses, or registrations to do business Communication and disclosures to shareholders Communication and disclosures to the public Physical location materials, including inventories, appraisals, valuations, maps, diagrams Corporate policies, procedures, standards Legal and regulatory compliance records, including reports, filings, submission to regulators, and evidence of compliance Records management documentation, including schedules, inventories, legal hold, disposition approvals

Business continuity records, including emergency procedures, contact list, disaster plan Audit records, including supporting work papers and risk management reports Employee benefit records, including payroll, employment tax, benefits, retirement plans Employee travel records, including guidelines, requests, and authorizations Personnel records, including applications, hiring contracts, performance assessments, training records, policy forms Recruiting records Consultant records, including records related to the management of consultants and other temporary employees Accident and incident reports Hazardous exposure records Facilities management and maintenance records Insurance policy and claims records Records relating to intellectual property, including trademarks, copyrights, and patents Records relating to IT system design, hardware/software procurement and maintenance Information security records Telephone record logs Legal related records, including subpoenas, responses, filings, motions, judgments, settlements Outside counsel management records, including engagement letters and guidelines Procurement records, including request for proposals, bids, and purchasing supplies Information security records

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback