Calling the Steinhoff fraud scandal an accounting irregularity effectively depersonalises the misconduct. Corporate governance is fundamentally about human behaviour, attitude, mindset and responsible leadership of institutions. It places emphasis on the rules and constraints on decision-making, specifically the need to constrain ‘managers’ to act in the best interest of the institution, especially public ones. Law and regulation will never be able to improve governance practices. You cannot legislate ethics. Unethical individuals will always find ways to subvert laws, regulations and good governance practices such as the King Code. King IV defines corporate governance as the exercise of ethical and effective leadership by the governing body towards the achievement of the following governance outcomes: ethical culture; good performance; effective control and legitimacy.
Corporate governance is typically thought to be the exclusive domain of board of directors. But not necessarily so as Leon Kirkinis, former CEO of African Bank cautioned me in 2006 when I did my MBA research on ‘Factors affecting female representation on boards of directors.’ He thought I was overzealous and over-estimating the role of boards in leading organisations. Kirkinis said: “The individual you must focus on is the CEO. The character and values of the CEO are critical in setting the tone and they play a greater part in running an organisation, not the board.” Gill Marcus, the former Governor of the Reserve Bank, as part of the same research shared that as a Chair of a board; she prefers to have three Executive Directors minimum, including the CEO, being on the board. She observes their individual contributions and sees whether they are always in agreement which would be a symptom of collusion or being under duress that can indicate a deeper problem. With all these corporate scandals ranging from Enron, Regal Bank and now Steinhoff, Kirkinis’ warning was inside wisdom which must be heeded, especially in view of how things turned out at African Bank. All these companies had boards. There had Audit Committee members skewed towards Chartered Accountants. And yet the shenanigans of the CEOs were not detected by these boards.
The question being increasingly asked is, “What is the value of boards?” We must remember that boards of directors are a structure that was created to overcome the agency theory which assumes that those tasked with the control of an institution are motivated by self-interest at the expense of shareholders and stakeholders. The belief was that when given decision rights, managers may act in ways that maximise their own welfare at the expense of the organisational good. In many instances of bad governance, this assumption has proven to be true. So in practical terms, how does a board that meets four times a year, with working board committees in between, really know what is happening in the organisations they are accountable for and monitor. That is what should be keeping every board member awake at night. Sitting on boards is no longer a status symbol or for prestige. Risk oversight is an imperative for boards and gained increased focus in the aftermath of the global financial crisis. I would venture to say that the oversight role of boards itself is a critical risk that needs more efficient and effective ways to exercise, especially as they are at the mercy of the information being prepared and provided by the executives with gatekeeping by the CEO.
King IV sees combined assurance as a model to optimise the assurance services and functions to facilitate effective control environment with the outcome being information with integrity to support decision making and for external reporting. Combined assurance is safeguarding a co-ordinated (combined) approach to assurance on whether key risks are managed appropriately within an organisation. The first line of defence is management. The second is internal auditors. The third is the external auditors. However if risk is defined as a probability or threat of damage, injury, liability, loss or any other negative occurrence that is caused by external or internal vulnerabilities and that may be avoided through pre-emptive action, in my eighteen years of sitting on boards, I have never seen CEO integrity risk on any risk register or audit plan. Yet the lack of a CEO’s integrity has the ability to destroy billions of dollars of a company’s share price in less than a week. If there are board members even in organisations that have not had governance scandals as yet who are not feeling vulnerable or that their useful days are numbered, then they need a reality check.