orangeblock
Menu

Final King III Code confronts ‘the devil in the detail’

02 September 2009 | | KPMG International

More detailed focus on IT governance

Greater clarity on corporate risk management responsibilities

Key recommendations which impact on audit committees

New requirements to disclose management and directors’ remuneration

The highly-anticipated final version of the King III Code of Governance Principles for South Africa 2009 (‘King III’) was released yesterday and addresses some of the areas seen to be inadequately covered in the draft recommendations.

“Although at first glance King III appears to be similar to the King II report, there are significant differences, many of them aspirational, which will have practical implications for boards, directors, management, assurance providers and stakeholders,” says Kerry Jenkins, Director, Corporate Governance, KPMG in South Africa

Applicable to “all entities regardless of the manner and form of incorporation or establishment and whether in the public, private sectors or non- profit sectors”, the King Committee on Governance has tightened its focus on key areas including, amongst others, IT governance, risk management, the role and function of audit committees and the declaration of directors’ and management remuneration.

An extensive set of principles and recommendations has been devised on IT governance and related responsibilities of the board, an aspect of the draft code that received much public comment and criticism. The code places responsibility on directors to ensure the development of an IT charter for a company and that suitable policy is developed and implemented in alignment with the charter.

In addition, directors need to ensure that IT governance becomes part of their agenda in order to monitor internal control frameworks and ensure that independent assurance mechanisms are in place to monitor the effectiveness of such frameworks.

“This is a new and expanded area for King,” says Jenkins. “More resources, management and director time will be required to address IT governance and the related procedures and practices. IT governance will impact on the risk management, assurance and reporting frameworks.”

In relation to corporate risk management, King III provides more detailed guidance on how it is to be accomplished. While the board is responsible for the governance of risk and disclosure, management is responsible for the risk management design and the implementation and monitoring of the risk management plan. In addition, it is recommended that the board appoints a risk committee which may comprise a minimum of three members from executive and non-executive directors, senior management and independent risk experts. While the committee should meet at least twice annually, it is recommended that the directors monitor risk continually, with at least an annual meeting to monitor the implementation of the risk management plan.

“Directors will have to spend more time on risk management,” says Jenkins. “Management will have to integrate risk management more fully into the running of a business. The disclosure of key risks will also require sharper articulation as will stakeholder management.”

Thingle Pather, Director, Department of Professional Practice, KPMG in South Africa, says that much of the implementation and monitoring of the new recommendations at an operational level will fall into the hands of the audit committee whose role has been expanded and redefined, bringing new dimensions of complexity to business processes.

Audit Committees will be responsible for integrated reporting, external audit, internal audit, the risk management process and assessing the effectiveness of the finance function. Part of its function in relation to risk management is to oversee the IT risks and internal financial controls.

“We anticipate that audit committees will start looking more carefully at their composition in order to have sufficient proficiency in all the areas for which they are now responsible,” says Pather. “More specialists may be co-opted as attendees and advisors onto audit committees, who, whilst not being directors, will have all the responsibilities and liabilities of being directors in terms of the new Companies Act.”

This is likely to create a need for support for some audit committees in key areas such as integrated reporting and independent assurance, the combined assurance framework and risk, and institutional arrangements between the risk committee and the audit committee, she says.

In a recommendation widely expected to be unpopular, King III requires disclosure of the remuneration of each individual director and the top three most highly paid employees of an entity. Guidance is given on remuneration policy and practices, including that non executive directors do not receive share options. King III recommends that the remuneration policy be put to the shareholders for a non-binding advisory vote, and that the board should determine the remuneration of the executive directors in line with the policy.

“Companies may be concerned about the effect of disclosure on executive remuneration negotiations,” says Jenkins. “Disclosure might also impact on competitiveness and global standards of remuneration for highly mobile executive talent. Locally, it could have negative repercussions on labour relations.”

Although King III supports the principle of a unitary board, it seems to point at a new dispensation in terms of governance, says Pather. “It appears as though this might be the beginning of a move towards a two-tiered governance structure with boards and audit committees both being appointed by shareholders and having statutory responsibilities. This is pertinent where in the event of conflict, the audit committee’s decisions will prevail over those of the board in areas where the former has legislative responsibility.”

Because of its broad applicability we should expect that entities and stakeholders will have to start to develop a deeper understanding of governance issues says Jenkins. “This will enhance their ability to decide how governance principles and practices should be adopted and implemented in their particular entity. In other words, the ‘one size fits all’ approach will have to be discarded. This will necessitate education, dialogue, decisions and disclosure amongst those affected.”

“It is likely that entities could take several years to progress their application of all the principles and best practice recommendations,” says Pather. “The challenges will lie in deciding the optimal level of application required, balancing the costs and benefits to all stakeholders, and then being able to disclose such principles and practices in a manner that is fair and clear to stakeholders.”

For a summary of some of the key recommendations of the King III Code, visit http://www.kpmg.co.za/

quick poll
Question

COFI is coming, bringing a wave of change for financial planners. Which one of the following disruptors will have the biggest impact on your business?

Answer
View the Results arrow
FAnews April 2025
THE LATEST EDITION FANEWS MAGAZINE
  • Outlook 2025: insurers must embrace collaboration beyond their lane
  • From grudge to necessity: the true value of insurance
  • Next-level broking: How to advise clients on rampant exclusions and un-insurability
  • SA’s healthcare crisis: systemic misalignment, not public vs private
  • Prioritising employee wellness: a sustainable approach
  • The default option: managing retirement fund investment
Products & Services
Useful Links
Important Links
Jobs

© FAnews | Privacy Policy | Site Map | Website Design by Online Innovations

close button