GOVERNANCE & INTERNAL CONTROLS: THE TOUCHSTONE OF SUSTAINABLE BUSINESS – PART I

‘Barings Bank
collapsed by rogue trader’, screamed media headlines in February, 1995,
shocking the world. Is this even possible? How can one person bring down a
two-century-old reputed bank and a banker to the Queen of England? But it did
happen. And not isolated, though – closer home, the country opened 2009 reading
the confession of the Satyam Chairman, Mr. Ramalinga Raju, saying ‘It was like
riding a tiger, not knowing how to get off without being eaten’. Mr Raju
admitted to inflating profits with fictitious positions in the balance sheet,
including inflated (non-existent) cash and bank balances, overstated debtors,
understated liabilities and accrued interest which was non-existent¹.
He confessed to manipulating the books for several years which attained
unmanageable proportions to the tune of Rs. 14,162 crores through these devious
methods. Ironically, Satyam had just received the Golden Peacock Global Award
for Excellence in Corporate Governance in September, 2008! But this was revoked
soon after Mr. Raju’s confession.

Quite a few major
debacles have followed since – Enron, Tyco, Lehman Brothers, Kingfisher,
Café  Coffee Day, PMC Bank… Regrettably,
we are witnessing this not just in business ventures, but scams, or at least
alleged ones, are also surfacing in diverse spheres such as government spends,
sports arena and so on. That we live in a VUCA world dogged with volatility,
uncertainty, complexity and ambiguity only compounds the
issue.

Why do these occur?
Many factors could propel such events or behaviour including arrogance, power (nasha)
and greed. But what I would like to share here is my learning on two
fundamental drivers to a sustainable business – Governance and Internal
Controls. Broadly speaking, the former is all about ethos, culture, mind-set
and a way of life embedded in individuals, leaders and enterprises. Internal
Controls encompass the practices, processes and procedures which serve to
auto-generate and instil self-correcting operating mechanisms, thereby
functioning as a secure preventive measure. While effective internal controls
are integral to running operations, good governance is the edifice on which
great organisations are built. Leaders, therefore, while ensuring adequate
controls need to exhibit personal integrity and uphold high governance
standards to establish a sustainable business.

In recent times, a
lot has been written on these subjects and regulatory frameworks and awareness
levels have improved considerably. Yet, we witness cases of deceit cropping up
in numbers and magnitude which are discomforting. And at the core seems to be
intent and character. Given the ingenuity of the human race, if there is
a chosen intent to defraud, person/s acting unilaterally and / or in collusion will
find a way to do it. This ends up in a curative process and the learning from
each episode then gets calibrated in the system for improvements.
Investigations post the Barings Bank debacle revealed that a trader, Mr.
Nicholas Leeson’s greed and inadequate operational risk controls at Barings
made the bank collapse under a $1.4 billion debt. In Satyam’s case, Mr. Raju
wanted to divert funds to real estate which eventually fell through. It was, inter
alia, found that the cash and bank verification procedures were lacking. It
is customary now for auditors to seek balance certification from banks. The
Companies Act, 2013² has made corporate fraud a criminal offence and
lays out the responsibilities on fraud reporting. The Act also provides for a
rigorous framework for related party transactions. A Serious Fraud
Investigation Office (SFIO) which was set up under the Act has a statutory
status and now has the power to arrest as well. The SFIO has been actively
investigating cases relating to corporate fraud. The Securities and Exchange
Board of India published detailed disclosure requirements in 2015, applicable
to all listed companies³. This sets out stringent guidelines relating
to reporting / disclosure of material events and actual and suspected fraud.
The Institute of Chartered Accountants of India⁴ came out with a
Guidance Note on Reporting on Fraud.

HOW
IT PLAYS OUT: ENRON, A CLASSIC CASE

Enron was a company
headquartered in Houston, Texas which was dealing in commodities, energy and
services and ranked as America’s fifth largest company. In 2001, the company
filed for bankruptcy leading to shareholders losing $74 billion, thousands of
employees and investors losing their retirement accounts and many employees
losing their jobs. The CEO, Mr. Jeffrey Skilling, and the former CEO, Mr,
Kenneth Lay, kept huge debts off balance sheets. An internal whistle-blower, Ms
Sherron Watkins, helped to bring them to book as high stock prices stoked
external suspicions. How unfortunate! This company was named by Fortune
Magazine as ‘America’s Most Innovative Company’ six years in a row prior to
the scandal and lost its sheen overnight. A Committee entrusted to examine the
role of the auditors, Arthur Andersen, assessed that the firm did not fulfil
its professional responsibilities in connection with its audits of Enron’s
financial statements. Moreover, in 2002, Andersen was convicted of obstruction
of justice for shredding documents related to its audit of Enron. The Supreme
Court in 2005, however, reversed Andersen’s conviction but serious damage had
been done which practically wrecked the firm. Consequent to this scandal, new
regulations were designed to strengthen the accuracy of financial reporting for
publicly-traded companies, the most important being the Sarbanes-Oxley Act
(2002) which imposed criminal penalties for destruction, falsification or
fabricating financial records.

Having good
governance as the DNA complemented by sound internal controls are, hence, the
hallmarks of world-class enterprises. Let us examine each of them. This is
covered in two parts – Part I: Governance, and Part II: Internal Controls.

GOVERNANCE

Governance or
Corporate Governance comprises the suite of principles and processes by which
an enterprise is controlled, directed or governed in a manner balancing the
interests of the stakeholders, creating long-term sustainable value.
Stakeholders include customers, investors, workforce, suppliers, funders, the
government and the society at large. It is based on policies such as commitment
to conducting business with all integrity and fairness, being transparent by making
all the necessary disclosures and decisions, complying with the laws of the
land and discharging responsibility towards all the stakeholders.

Corporate Governance provides the structure for a company to achieve its
aspirations and hence encompasses every aspect of management, from operations
and internal controls to performance measurement and corporate disclosure. Most
companies strive to establish a high standard of Corporate Governance. For many
investors, it is not enough for a company to be just profitable; it also needs
to demonstrate good corporate citizenship through ethical behaviour, respect
for the environment and sound Corporate Governance practices. It is about
balancing individual and social purpose, as well as economic and sustainability
goals.

Clearly, there is a
level of confidence that is attached to a company practising good Corporate
Governance. Foreign investors accord weightage to this aspect, too. It is not
surprising, therefore, that the markets have demonstrated a positive approach
towards companies reputed for upholding good governance standards.

INSTILL
GOVERNANCE

Some people
consider that governance is an innate quality – you either have it or you
don’t! While this is true in some ways, great corporations also have a systematic
way of nurturing and reinforcing good Corporate Governance. Here, I draw upon
my experience associated over decades with the Unilever and Tata Groups to
highlight some codified best-in-class practices – Unilever Code of Business
Principles (CoBP⁵) and Tata Code of Conduct (TCoC⁶).

Both CoBP and TCoC
bring out clearly the way these world-class enterprises conduct their
businesses as well as expect their business collaborators to respect and behave
in dealings with their companies. It is expressly communicated that violations
to the Code are unacceptable. They go a step further to clarify that no grudge
will be held against any employee who may even give up a business benefit for
the sake of upholding the Code and not compromising it.

Instilling this culture
is a continuous process and also requires review and updation to reflect the
changing environment. Some of the building blocks to make this a living
document are:

(i)            
The Code Document: Publishing a written Code is an important step which helps as a good
reference point for all the enterprise stakeholders to guide their behaviour.
CoBP which was launched in 1995 now has 14 clauses in the Code supported by 24
policies. TCoC was first formalised in 1998 and the amended version of 2015
comprises detailed guidelines for all stakeholders. These Codes address varied
aspects from ethics to compliance to diversity to environment.

(ii)  Putting
to Work: A practice manual is quite useful wherein
live situations are enumerated explaining how one applies the Code in
day-to-day working, including Musts / Must nots and Q&A. Case
studies are shared. A fascinating format used is through performing skits.
These skits are done innovatively in town hall meetings or annual family day
functions through short engaging stories which convey the essence of the Code.
An impactful variation is the use of contests with several groups competing for
prizes with creative skits bringing out the ethos through interesting
sequences.

(iii)  Monitoring and Review: These entities have robust mechanisms to ensure that the Code is
communicated, explained and implemented. Apart from imparting training, some
simple steps such as a written annual confirmation from every employee, an
appropriate clause in contracts with business associates, feedback surveys, a
strong whistle-blowing mechanism, etc. facilitate to monitor the Code in
action.

(iv) Completing the Loop: An important
component is to Walk the Talk. A policy should spell out the
consequences for breach of the Code and the process followed to investigate any
allegation of Code violation. Once established, it is vital to implement the
outcome in an objective manner. Finally, sharing of such instances including
action taken is critical not only to demonstrate seriousness but also to raise
awareness levels within the organisation. However, communication is handled
sensitively given the personal ramifications of each case.

VALUE SYSTEMS AND BOARD ENGAGEMENT

Governance also
comprises not only voicing core beliefs but also making them integral to the
ways of doing business. The aspect of beliefs and value systems is tested right
upfront at the time of recruitment, assessing business collaborations, or in
acquiring businesses. In acquisitions, finding the right pedigree and therefore
cultural fit becomes the first filter even before business
considerations are put to play. I can quote Safety and Sustainability as great
examples of mettles of governance. These beliefs are embedded into the core of
the strategy rather than appearing on the periphery. Some simple but effective
actions of institutionalising behaviour are listed in the box below.

Beyond operations,
I had the privilege of experiencing governance at a Board level. Many years
ago, we had introduced a practice of Board evaluation in a rather structured
manner. All Board members including independent directors were asked to share
their perceptions on a simple two-page questionnaire annually, with due ratings
followed by comments. As the Managing Director, I, too, filled in one and here
I put forth the management viewpoint on the functioning of the Board. I had the
privilege along with the Company Secretary to tabulate the forms both for the
rating as well as other comments. The summary showed the average rating score
against each question as well as comments on what went well and where we could
do better as a Board. We followed a ritual of a Board dinner post every Annual
General Meeting. But prior to the dinner, we had a chat session for about an
hour debating on progress from the previous year and the outcome of the
evaluation to decide on what to focus on going forward.  Actions such as expediting the Board meeting
agenda papers and minutes, field familiarisation for directors, exposure of key
personnel with the Board, etc. came out of such interactions. I found this
entire process delightful and this created a good bonhomie, too, amongst the
Directors. Of course, some of these actions and the Board evaluation processes
have become mandatory in recent years.

ESTABLISHING GOOD GOVERNANCE IS NON- NEGOTIABLE

The topic of
governance is wide and encompasses many other aspects – for instance, insider
trading, competitive intelligence, peer dynamics, compensation structures,
workforce conduct, etc. Every element has not been dealt with in this article.
There are legislative pronouncements, too, covering these. One can study the
Codes referred to above to comprehend the various ramifications of this
critical subject. Other companies, such as Johnson & Johnson, Google, Ford
Motor Company, IKEA, Starbucks, Toyota, etc., have their Codes available
publicly on their websites.

In sum,
establishing good governance is non-negotiable for any entity striving to
create sustained value while balancing and meeting the interests of multiple
stakeholders. A one-size-fits-all approach, however, may not work with
the modalities and structure varied to suit every enterprise given its ethos
and culture.

Do the right thing is what we see as the belief of great institutions. Even if it
means, in many situations, not just sticking to regulations but going beyond
the rule book and what is mandated! And… that is the test of good governance.

This is the second article in the series by V. Shankar
(The first in this series appeared in our issue of January, 2020)

_______________________________________

1.  7 January 2009: Satyam Chairman, Mr.
Ramalinga Raju’s letter to his Board of Directors

2.  The Companies Act, 2013: Sections 143,
211, 447

3.  Securities and Exchange Board of India (Listing
Obligations and Disclosure Requirements) Regulations, 2015

4.    The Institute of Chartered Accountants of
India: ICAI Guidance Note on Reporting on Fraud Under Section 143(12), 2016

5. Unilever.com: About | Who we are | Our Values & Principles |
Code of Business

Principles and related Code policies

6. Tata.com: About Us| Values & Purpose | Tata Code
of Conduct)