LEARNING PACK

Qualification Programme

Module C
Business Assurance
 First edition 2010
Sixth edition 2017

ISBN 9781 5097 1407 0

Previous 9781 4727 3604 8

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the
British Library

Published by

BPP Learning Media Ltd

BPP House, Aldine Place
142-144 Uxbridge Road
London W12 8AA

[Link]/learningmedia

The copyright in this publication is jointly owned by

BPP Learning Media Ltd and HKICPA.

Printed in China

Your learning materials, published by BPP Learning

Media Ltd, are printed on paper obtained from
traceable sustainable sources.

All rights reserved. No part of this publication may be

reproduced, stored in a retrieval system or transmitted in
any form or by any means, electronic, mechanical,
photocopying, recording or otherwise, without the prior
written permission of the copyright holders.

The contents of this publication are intended as a guide

and not professional advice. Although every effort has been
made to ensure that the contents of this publication are
correct at the time of going to press, BPP Learning Media
makes no warranty that the information in this publication
is accurate or complete and accepts no liability for any loss
or damage suffered by any person acting or refraining from
acting as a result of the material in this publication.

Every effort has been made to contact the copyright

holders of any material reproduced within this publication.
If any have been inadvertently overlooked, BPP Learning
Media will be pleased to make the appropriate credits in
any subsequent reprints or editions.

We are grateful to the HKICPA for permission to reproduce

the Learning Outcomes and past examination questions,
the copyright of which is owned by the HKICPA.

©
HKICPA and BPP Learning Media Ltd
2017

ii
Contents

Page
Director's message v
Introduction vi
Module overview vii
Chapter features viii
Learning outcomes ix

Module C Business Assurance

Part A Corporate governance

1 Scope of corporate governance 3
2 Corporate governance reports and practice 33

Part B Internal assurance

3 Internal assurance 71

Part C Professional standards and guidance

4 Code of Ethics 99
5 Framework for assurance engagements 155

Part D Assurance engagements

6 Quality control 175
7 Changes in auditor appointment 195
8 Planning, materiality and risk assessment 223
9 Audit evidence, procedures, audit methodologies and audit sampling 257
10 Fraud and irregularities 287
11 Internal control and tests of controls 315
12 Substantive procedures, including analytical procedures 345
13 Specific audit procedures 365
14 Using the work of others 429
15 Accounting estimates, opening balances and comparatives 445
16 Overall audit review and finalisation 473
17 Audit reporting 523

Introduction iii
 Page

Part E Other audit matters

18 Group audits 573
19 Audit-related services and other assurance engagements 593

Part F Computerised business systems

20 Information technology 643

Answers to exam practice questions 677

Question bank – questions 709

Question bank – answers 763

Glossary of terms 843

Index 857

iv Business Assurance
Director's message

Welcome to the Qualification Programme (QP) of the Hong Kong Institute of Certified Public
Accountants (HKICPA).
You have made the decision to complete the HKICPA's QP which entails completing the training
programme, passing professional examinations and acquiring practical experience under an
authorised employer or supervisor. This marks a further step on your pathway to a successful
business career as a CPA and becoming a valued member of the HKICPA.
The QP comprising four core modules and a final examination will provide you with a foundation for
life-long learning and assist you in developing your technical, intellectual, interpersonal and
communication skills. You will find this programme challenging with great satisfaction that will open
a wide variety of career opportunities bringing in attractive financial rewards.
A module of the QP involves approximately 120 hours of self-study over fourteen weeks,
participation in two full-day workshops and a three-hour open-book module examination at the
module end. We encourage you to read this Learning Pack which is a valuable resource to guide
you through the QP.
The four core modules of the QP are as follows:
Module A: Financial Reporting
Module B: Corporate Financing
Module C: Business Assurance
Module D: Taxation

Should you require any assistance at any time, please feel free to contact us on (852) 2287 7228.
May I wish you every success in your QP!

Shanice Tsui
Director of Education and Training
Hong Kong Institute of Certified Public Accountants

Introduction v
 Introduction

This is the sixth edition of the Learning Pack for Module C Business Assurance of the HKICPA
Qualification Programme.
The Institute is committed to updating the content of the Learning Pack on an annual basis to keep
abreast of the latest developments. This edition has been developed after having consulted and
taken on board the feedback received from different users of the previous edition. Some of the
examples and self-test questions have been rewritten to better reflect current working practices in
industry and facilitate the learning process for users of the Learning Pack.
The Learning Pack has been written specifically to provide a complete and comprehensive
coverage of the learning outcomes devised by HKICPA, and has been reviewed and approved by
the HKICPA Qualification and Examinations Board for use by those studying for the qualification.
The HKICPA Qualification Programme comprises two elements: the examinations and the
workshops. The Learning Pack has been structured so that the order of the topics in which you
study is the order in which you will encounter them in the workshops. There is a very close inter-
relationship between the module structure, the Learning Pack and the workshops. It is important
that you have studied the chapters of the Learning Pack relevant to the workshops before you
attend the workshops, so that you can derive the maximum benefit from them.
On page (ix) you will see the HKICPA learning outcomes. Each learning outcome is mapped to the
chapter in the Learning Pack in which the topic is covered. You will find that your diligent study of
the Learning Pack chapters and your active participation in the workshops will prepare you to
tackle the examination with confidence.
One of the key elements in examination success is practice. It is important that not only you fully
understand the topics by reading carefully the information contained in the chapters of the Learning
Pack, but it is also vital that you take the necessary steps to practise the techniques and apply the
principles that you have learned.
In order to do this, you should:
 Work through all the examples provided within the chapters and review the solutions,
ensuring that you understand them;
 Complete the self-test questions within each chapter, and then compare your answer with
the solution provided at the end of the chapter; and
 Attempt the exam practice questions that you will find at the end of the chapter. Many of
these are HKICPA past examination questions, which will give an ideal indication of the
standard and type of question that you are likely to encounter in the examination itself. You
will find the solutions to exam practice questions at the end of the book.
In addition, you will find at the end of the Learning Pack a bank of past HKICPA case-study style
questions. These are past 'Section A' examination questions, which present a case study testing a
number of different topics within the syllabus. These questions will provide you with excellent
examination practice when you are in the revision phase of your studies, bringing together, as they
do, the application of a variety of different topics to a scenario.
Please note that the Learning Pack is not intended to be a 'know-it-all' resource. You are required
to undertake background reading including standards, legislation and recommended texts for the
preparation for workshop and examination.

vi Business Assurance
Module overview
This module enables you to perform effective assurance and related assignments. You will also
learn the importance of corporate governance in an organisation. Please refer to the QP Learning
Centre for the cut-off rule on examinable standards.
Overall Structure of Module C (Business Assurance)
External Function Internal Function
Part C Professional Standards and Guidance
Part D Assurance Engagements Part A
Corporate
I. Engagement Acceptance Governance
II. Audit Planning
Part B
III. Audit Execution
Internal
IV. Audit Completion Assurance

Part E Other Audit Matters

Part F Computerised Business Systems

Introduction vii
 Chapter features

Each chapter contains a number of helpful features to guide you through each topic.

Topic list Tells you what you will be studying in the chapter. The topic items form the
numbered headings within the chapter.

Learning focus Puts the chapter topic into perspective and explains why it is important, both
within your studies and within your practical working life.

Learning The list of Learning Outcomes issued for the Module by HKICPA,
Outcomes referenced to the chapter in the Learning Pack within which coverage will be
found.

Topic recap Reviews and recaps on the key areas covered in the chapter.

Bold text Throughout the Learning Pack you will see that some of the text is in bold
type. This is to add emphasis and to help you to grasp the key elements
within a sentence or paragraph.

Topic highlights Summarise the key content of the particular section that you are about to
start. They are also found within sections, when an important issue is
introduced other than at the start of the section.

Key terms Definitions of important concepts. You really need to know and understand
these before the examination, and understanding will be useful at the
workshops too.

Examples Illustrations of particular techniques or concepts with a worked solution or

explanation provided immediately afterwards.

Case study/ An example or illustration not requiring a solution, designed to enrich your
Illustration understanding of a topic and add practical emphasis. Often based on real
world scenarios and contemporary issues.

Self-test questions These are questions that enable you to practise a technique or test your
understanding. You will find the answer at the end of the chapter.

Formula to learn You may be required to apply financial management formulae in Module B,
Corporate Financing.

Exam practice A question at the end of the chapter to enable you to practise the
techniques that you have learned. In most cases this will be a past HKICPA
examination question, updated as appropriate. You will find the answers in a
bank at the end of the Learning Pack entitled Answers to Exam Practice
Questions.
Further reading In Modules B and D you will find references to further reading that will help
you to understand the topics and put them into the practical context. The
reading suggested may be books, websites or technical articles.

viii Business Assurance

Learning outcomes

HKICPA's learning outcomes for the Module are set out below. They are cross-referenced to the
chapter in the Learning Pack where they are covered.
Fields of competency
The items listed in this section are shown with an indicator of the minimum acceptable level of
competency, based on a three-point scale as follows
1 Awareness
To have a general professional awareness of the field with a basic understanding of relevant
knowledge and related concepts.
2 Knowledge
The ability to use knowledge to perform professional tasks competently without assistance in
straightforward situations or applications.
3 Application
The ability to apply comprehensive knowledge and a broad range of professional skills in a
practical setting to solve most problems generally encountered in practice.
Topics
Chapter
where
Competency covered

LO1. Professional standards and guidance

Identify and where appropriate apply ethical standards,
legislation and professional guidance:
LO1.01 The Institute's Code of Ethics for Professional 3
Accountants:
1.01.01 Explain the fundamental principles and the 4
conceptual framework approach
1.01.02 Identify, evaluate and respond to threats to 4
compliance with the fundamental principles
1.01.03 Discuss and evaluate the effectiveness of 4
available safeguards
1.01.04 Recognise and advise on conflicts in the 4
application of fundamental principles for
Professional Accountants in practice and in
business
LO1.02 Professional standards and guidance: 3
1.02.01 Explain the importance of adherence to 5
professional standards and guidance
LO1.03 Legal and regulatory framework governing the profession: 3
1.03.01 Explain the regulatory framework for assurance 5
and non-assurance engagements in Hong Kong
1.03.02 Explain the nature and purpose of assurance and 5
non-assurance engagements

Introduction ix
 Chapter
where
Competency covered

LO2. Assurance engagements

Apply relevant Hong Kong Standards on Quality Control,
Auditing, Assurance and Related Services, guidance and
legislation to plan, perform and complete assurance
engagements including the audits of financial statements with
emphases on:
LO2.01 Audit requirements for a complete set of general purpose 3
financial statements
LO2.02 Other assurance engagement requirements: 2
2.02.01 Identify the level of assurance and the issues 19
relating to other assurance and non-
assurable engagements, including:
[Link] Reviews 19
[Link] Agreed-upon procedures 19
[Link] Pro-forma financial information 19
[Link] Investment circular reporting 19
engagements
[Link] Preliminary announcements of 19
annual results
[Link] Comfort letters 19
[Link] Due diligence work 19
LO2.03 Client and engagement acceptance procedures: 3
2.03.01 Explain the reasons why entities change 7
their auditors/professional accountants
2.03.02 Explain the requirements relating to the 7
appointment of auditors under the Hong
Kong Companies Ordinance
2.03.03 Explain the procedure for a change of 7
auditors
2.03.04 Explain the rights of the auditors in the 7
process of a change of auditors
2.03.05 Explain the professional clearance 7
procedures
2.03.06 Explain the matters to be considered and the 7
procedures that an audit firm/professional
accountant should carry out before accepting
a specified new client/engagement including:
[Link] Client acceptance 7
[Link] Engagement acceptance 7
[Link] Agreement of the terms of 7
engagement
2.03.07 Identify the issues relating to the agreement 7
of the scope and terms of an engagement
with a client

x Business Assurance
 Chapter
where
Competency covered

2.03.08 Explain the procedures for the transfer of books, 7

papers and information following a new
appointment
LO2.04 Audit methodologies: 3
2.04.01 Describe the key features of the following audit 3
methodologies:
[Link] Risk-based auditing 9
[Link] Top-down auditing 9
[Link] System-based auditing 9
[Link] Systems audit 9
[Link] Balance sheet approach 9
[Link] Transaction cycle approach 9
[Link] Directional testing 9
2.04.02 Understand the cost and performance efficiency 2
of different audit methodologies
LO2.05 Planning and risk assessment: 3
2.05.01 Identify and explain:
[Link] The need for planning an audit 8
[Link] The contents of the overall audit 8
strategy and the audit plan
[Link] The relationship between the 8
overall audit strategy and the
audit plan
2.05.02 Develop and document an audit plan 8
2.05.03 Explain how auditors obtain an initial 8
understanding of the entity and its environment
including the use of preliminary analytical review
procedures
2.05.04 Explain the components of audit risk 8
2.05.05 Assess the risk of material misstatement at the 8
financial statement level and assertion level
2.05.06 Recognise and suggest overall responses to 8
assessed risk
2.05.07 Recognise and suggest specific procedures to 8
respond to assessed risks
2.05.08 Explain the effect of fraud and misstatements on 10
audit planning and work
2.05.09 Explain the effect of law and regulations, and 10
non-compliance therewith, on audit planning and
procedures

Introduction xi
 Chapter
where
Competency covered

LO2.06 Quality control considerations: 3

2.06.01 Explain the principles and purposes of quality 6
control of audit and other assurance
engagements
2.06.02 Identify the features of a system of quality control 6
relevant to a specific firm
2.06.03 Choose and explain quality control procedures 6
that are relevant to a specific audit engagement
2.06.04 Assess and explain whether an engagement has 6
been performed in line with professional
standards and whether reports issued are
appropriate
LO2.07 Documentation: 3
2.07.01 Document an audit plan 8
2.07.02 Explain the need for and the importance of audit 9
documentation
LO2.08 Materiality: 3
2.08.01 Define materiality and demonstrate how it should 8
be applied in the context of financial reporting and
auditing
LO2.09 Audit procedures: 3
2.09.01 Define audit sampling 9
2.09.02 Explain the need for sampling 9
2.09.03 Apply the basic principles of sampling 9
2.09.04 Assess and explain the results of sampling 9
2.09.05 Explain the importance of internal control to 3,11
auditors and the execution of tests of control
2.09.06 Explain how auditors identify weaknesses in 11
internal control systems and how those
weaknesses limit the extent of auditors' reliance
on those systems
2.09.07 Explain the types of substantive procedures and 12
the issues in evaluating the results obtained
2.09.08 Explain what is meant by analytical review and 12
how analytical review procedures are used in an
audit
2.09.09 Explain the appropriate audit tests for:
[Link] Tangible non-current assets 13
[Link] Intangible non-current assets 13
[Link] Inventory 13
[Link] Receivables 13
[Link] Bank and cash 13

xii Business Assurance

 Chapter
where
Competency covered

[Link] Trade payables and accruals 13

[Link] Non-current liabilities 13
[Link] Provisions and contingencies 13
[Link] Capital and other issues 13
[Link] Long-term investments 13
[Link] Segment information 13
[Link] Revenue 13
[Link] Purchases 13
[Link] Wages and salaries 13
[Link] Financial instruments 13
2.09.10 Discuss the audit problems and identify
procedures for the audit of:
[Link] Accounting estimates 15
[Link] Fair values 15
[Link] Opening balances 15
[Link] Comparatives 15
[Link] Related party transactions 16
2.09.11 Recognise and explain the issues relating to the 18
audit of a group of companies
LO2.10 Audit evidence: 3
2.10.01 Explain the procedures by which audit evidence 3 9
may be obtained
2.10.02 Assess the appropriateness and sufficiency 3 9
(relevance and reliability) of different sources of
audit evidence
2.10.03 Explain the assertions contained in the financial 3 9
statements and their use in obtaining evidence
2.10.04 Explain the need to modify the audit strategy and 3 11
audit plan following the results of tests of control
2.10.05 Discuss why auditors may rely on the work of 2 14
others, including internal audit, experts and
service organisations
LO2.11 Internal audit: 2
2.11.01 Explain the relationship between internal auditors 3
and external auditors
2.11.02 Discuss why auditors may rely on the work of 3, 14
others, including internal audit, experts and
service organisations

Introduction xiii
 Chapter
where
Competency covered

LO2.12 Completion procedures: 3

2.12.01 Explain the purpose of and procedures to be
used in:
[Link] A subsequent events review 16
[Link] A going concern review 16
[Link] Obtaining written 16
representations from
management
[Link] Review of report by other 18
auditors to principal auditors of a
group of companies
[Link] Overall review of the financial 16
statements
[Link] Review of other published 16
information
2.12.02 Explain the procedures required to identify and 16
audit related party transactions
2.12.03 Explain the need to evaluate misstatements 16
identified during the audit
2.12.04 Explain the follow up on illegal act or fraud found 10, 16
while performing an audit especially in the case of
money laundering or corruption
LO2.13 Reporting: 3
2.13.01 Discuss and provide examples of how the 11
reporting of internal control weaknesses and
recommendations to overcome those
weaknesses are provided to management
2.13.02 Explain the requirement for an auditor to report to 16
management or those charged with governance
2.13.03 Explain and analyse the format and content of 17
unmodified audit reports
2.13.04 Explain and analyse the format and content of 17
modified audit reports
LO3. Corporate governance
Describe current developments and issues in corporate
governance and explain the impact that it will have on
management, assurance engagements and auditors'
responsibilities:
LO3.01 Background to corporate governance developments: 2
3.01.01 Explain the objectives, concepts, relevance and 1
importance of corporate governance

3.01.02 Discuss the provisions of international codes of 1

corporate governance (such as OECD) that are
most relevant to auditors

xiv Business Assurance

 Chapter
where
Competency covered

3.01.03 Explain corporate governance developments in 2

Hong Kong and the structure of the Corporate
Governance Code and Corporate Governance
Report in Hong Kong
LO.3.02 Key issues relating to corporate governance including 2
directors' remuneration, board composition, audit
committee and non-controlling interests:
3.02.01 Explain the concept of stakeholder theory in 1
corporate governance
3.02.02 Describe the corporate governance requirements 2
as set out in the new Companies Ordinance
(Cap. 622) and Hong Kong Stock Exchange
Listing Requirements relating to directors'
responsibilities (for example, risk management
and internal control) and the reporting
responsibilities of auditors
LO3.03 Management's responsibilities to comply with corporate 3
governance requirements and to implement related
practices:
3.03.01 Explain the responsibilities of management within 2
the corporate governance framework
3.03.02 Analyse the structure and roles of board 2
committees and discuss their drawbacks and
limitations
LO3.04 Auditors' responsibilities to consider and address 3
corporate governance requirements:
3.04.01 Explain the auditor's responsibility to consider 2
and address corporate governance requirements
LO3.05 Implications of overseas legislation such as the Sarbanes- 2
Oxley Act 2002 on Hong Kong companies and auditors:
3.05.01 Explain the effect of the Sarbanes-Oxley Act on 3
Hong Kong companies and their auditors
LO4. Computerised business systems
Discuss the features of computerised business systems and
assess and advise on risk and control frameworks:
LO4.01 Key features of a computerised business system: 3
4.01.01 Explain the characteristics of an entity operating a 20
networked computer system
4.01.02 Explain the characteristics of an entity operating 20
with standalone PCs
LO4.02 Categories and types of controls: 3
4.02.01 State examples of controls in a computerised 11, 20
system
4.02.02 Define and give examples of general and 11, 20
application controls

Introduction xv
 Chapter
where
Competency covered

LO4.03 Impact of increasing use and share of ownership by 2 20

accountants in corporate information system
LO4.04 Impact of e-commerce: 3
4.04.01 Recognise and discuss the importance of e- 20
commerce to a business
4.04.02 Identify and explain the effect of e-commerce on 20
the auditor's risk assessment and audit approach
4.04.03 Identify the knowledge and skills required to audit 20
an entity's e-commerce activities
LO4.05 Opportunities and threats to corporate information system 2 20
including capabilities in data treatment and analysis, data
integrity, system security and issues in access restriction,
and business contingency/continuity
LO4.06 Risk and control framework: 3
4.06.01 Explain the audit problems of an entity operating 20
a networked computer system
4.06.02 Explain the audit problems of an entity operating 20
with standalone PCs
LO4.07 Internal audit: 3
4.07.01 Explain the ways in which internal audit is of 20
particular significance in a computerised
accounting system
4.07.02 Identify the procedures that an auditor may have 20
to undertake to assess the role of internal audit
LO4.08 System change processes: 2
4.08.01 Explain the potential impact on the auditor where 20
an entity changes its computerised system
LO4.09 Risk assessment and evaluation of IT processes: 2
4.09.01 Identify what factors the auditor may need to 20
consider in assessing the audit risk of a
computerised environment
4.09.02 Describe the use of computer-assisted audit 20
techniques (CAAT) in an audit

xvi Business Assurance

Part A
Corporate governance

This part explains the importance and implication of corporate governance in an assurance
process.
Practical situations and requirements for good corporate governance are also discussed and
presented.

1
 Business Assurance

2
chapter 1

Scope of corporate
governance
Topic list

1 Codes of corporate governance 4 Major issues in corporate governance

1.1 What is corporate governance? 4.1 Duties of directors
1.2 Contribution of corporate governance 4.2 Composition and balance of the board
codes 4.3 Reliability of financial reporting and
1.3 Elements of corporate governance external auditors
1.4 Organisation for Economic Co-operation 4.4 Directors' remuneration and rewards
and Development (OECD) Principles of 4.5 Responsibility of the board for risk
Corporate Governance management and internal control
1.5 Corporate governance concepts 4.6 Rights and responsibilities of
1.6 HKICPA Guide on corporate shareholders
governance 4.7 Corporate social responsibility and
2 Corporate governance and agency business ethics
2.1 Nature of agency 4.8 Public and non-governmental bodies'
2.2 Accountability and reasonable care, skill corporate governance
and diligence 4.9 The driving forces underlying the
2.3 The agency problem governance code development
2.4 Resolving the agency problem: 4.10 Development of corporate governance
alignment of interests codes
3 Stakeholders in corporate governance 5 Corporate social responsibility
3.1 Stakeholders 5.1 Significance of corporate social
3.2 Stakeholder theory responsibility
3.3 Classifications of stakeholders 5.2 Corporate social responsibility and
3.4 Reconciling viewpoints of different stakeholders
stakeholders 5.3 Impact of corporate social responsibility
3.5 Stakeholder and agency theory on strategy and corporate governance
5.4 Ownership and corporate social
responsibility
5.5 Corporate social responsibility guidance
in Hong Kong

Learning focus

Corporate governance is the system by which a company is directed and controlled. There are
a number of separate codes of corporate governance with which companies must be familiar.

3
 Business Assurance

Learning outcomes

In this chapter you will cover the following learning outcomes:

Competency
level
3.01 Background to corporate governance developments 2

3.01.01 Explain the objectives, concepts, relevance and importance of

corporate governance
3.01.02 Discuss the provisions of international codes of corporate
governance (such as the OECD) that are most relevant to
auditors
3.02 Key issues relating to corporate governance including 2
directors' remuneration, board composition, audit
committee and non-controlling interests
3.02.01 Explain the concept of stakeholder theory in corporate
governance

4
 1: Scope of corporate governance | Part A Corporate governance

1 Codes of corporate governance

Topic highlights
There is no single definition of what corporate governance really means. The most widely accepted
definition is defined by the UK Cadbury Committee Report (1992) as the 'system by which a
company is directed and controlled'. It can also be considered as the 'set of relationships between
the management, the Board of Directors (BOD), the shareholders as well as other stakeholders to
the corporation' (HKICPA, 2006). It is needed because of the agency problem: this arises due to
the separation of ownership and control of the company, ie the owners of a company and the
people who manage it are not always the same.

1.1 What is corporate governance?

Key terms
Corporate governance is the system by which companies are directed and controlled. Linked to
corporate governance is Stewardship, which refers to taking care of something (the company and
its assets) which is owned by someone else (shareholders).

Corporate governance includes managing the relationships among the many parties interested in
an entity and providing transparent, responsible management practices to meet the entity's
objectives. The first corporate governance code was the Cadbury Report, published in the UK in
1992. This identified a number of internal and external parties who hold an interest in the effective
corporate governance of an entity:
 Directors: responsible for corporate governance
 Shareholders: linked to the directors as users of the financial statements and as individuals
who stand to directly benefit financially from the activities of the entity
 Other relevant parties: these may be numerous but include employees, customers,
suppliers, the tax authorities and any special interest groups, regulators, and the wider
public.

1.1.1 The importance of corporate governance

Companies differ in the degree of shareholder involvement; in some companies, shareholders are
well informed about the direction of and management of the business because they hold
positions as directors and directly influence day-to-day management such as 'insider company'. But
in companies where the shareholders are not employed to manage the business (ie 'outsider
company'), they may only have a limited opportunity to find out about the management of the
company, usually at the AGM (annual general meeting).
AGMs are notoriously poorly attended which adds to the agency problem discussed in more
detail later. This arises when shareholders, who are actually the owners of the company (the
principals), delegate decision-making authority for the day-to-day operations to the directors
and other senior management (the agents). Since the interests of management may not always
be in line with those of shareholders, management may act in a way that is detrimental to the
interests of the shareholders. Even though management submit the company's results for
shareholders' approval at the AGM, poor turnout and little involvement in day-to-day matters means
this is usually only a matter of rubber stamping the proposals put forward by management. It is also
very unusual for the directors to be challenged on any key areas such as compensation packages.

5
 Business Assurance

As a result, there is the potential for conflicts of interest between management and
shareholders.
The current framework of corporate governance in Hong Kong and China lays down both statutory
and non-statutory requirements as to how directors should run a business to best enhance and
keep in balance stakeholders' interests. Statutory requirements consist of the new Companies
Ordinance (Cap. 622), Securities (Disclosure of Interests) Ordinance, Securities (Insider Dealing)
Ordinance, and Takeover Codes. Non-statutory requirements are those specified by the Hong
Kong Stock Exchange relating to Listing Rules and Corporate Governance Code. The Hong Kong
Code is based on the UK Combined Code of July 2003, which was renamed as the UK Corporate
Governance Code in 2010, with additional rules on connected transactions and non-controlling
interests, together with changes that tailor the approach to the Hong Kong environment (family
control and Mainland Enterprises).
There are a number of different facets to corporate governance:
 Commitment to ethical values
 Transparency in company activities
 Managing stakeholders' interests
 Safeguarding of the company's assets
 Establishing strong internal controls to deter and detect fraud
 Ensuring the efficient use of resources to create and enhance shareholder value
 Accountability, which ultimately rests with the directors and those charged with governance.
Good corporate governance is essential in today's global business environment, and especially so
in Hong Kong, if the Territory is to maintain its competitive status as one of the world's major
financial centres, in addition to acting as a premier international capital market for mainland China
and the region.
In summary, it is necessary for processes to be in place in every entity to ensure that the interests
of every stakeholder are safeguarded. It is a fiduciary duty of management that they act in the best
interests of the shareholders, employees and the external parties to whom they are accountable.

1.2 Contribution of corporate governance codes

Investors are often prepared to pay a premium to invest in a company with good corporate
governance practices in place. The individual provisions of the Codes have undoubtedly made a
number of contributions to the corporate environment:
(a) The reports have highlighted the contributions good corporate governance can make to
companies.
(b) The codes have emphasised certain risks that have contributed to corporate governance
failure, for example individual directors having too great an influence.
(c) The provisions have provided benchmarks that can be used to judge the effectiveness of
internal controls and risk management systems.
(d) The guidelines have promoted specific good practice in a number of areas, for example
non-executive directors, performance-related pay and disclosure.
(e) The recommendations have highlighted the importance of basic concepts and highlighted
how these can be put into practice, for example accountability through recommendations
about organisation-stakeholder relationships and transparency by specifying disclosure
requirements.
In Hong Kong
In Hong Kong, the Code on Corporate Governance Practices ('HK Code') sets out the principles of
good corporate governance. It refers to the companies subject to the Code as 'issuers'. The HK
Code was launched in January 2005 and requires listed issuers to report regularly their corporate
governance performance in their financial reports. With the collective and concerted efforts made

6
 1: Scope of corporate governance | Part A Corporate governance

by all market participants, the overall standard of corporate governance in Hong Kong has been
improving.
There are two levels of recommendations:
(a) Code provisions
(b) Recommended best practices
Hong Kong listed companies are expected to comply with the provisions of the Code, but may
choose to deviate from them. If they deviate then they need to explain why in the annual report, this
is called the 'comply or explain approach'. The recommended best practices are for guidance
only, although companies are encouraged to comply. Hong Kong companies may also devise their
own code on corporate governance practices on such terms as they may consider appropriate.

1.3 Elements of corporate governance

There are a number of elements in corporate governance:
(a) The management, awareness, evaluation and mitigation of risk is fundamental in all
definitions of good governance. This includes the operation of an adequate and
appropriate system of control.
(b) The notion that overall performance is enhanced by good supervision and management
within set best practice guidelines underpins most definitions.
(c) Good governance provides a framework for an organisation to pursue its strategy in an
ethical and effective way and offers safeguards against misuse of resources, human,
financial, physical or intellectual.
(d) Good governance is not just about externally established codes, it also requires a willingness
to apply the spirit as well as the letter of the law.
(e) Good corporate governance can attract new investment into companies, particularly in
developing nations.
(f) Accountability is generally a major theme in all governance frameworks, including
accountability not just to shareholders but also other stakeholders.
(g) Corporate governance underpins capital market confidence in companies and in the
government/regulators/tax authorities that administer them.

1.4 Organisation for Economic Co-operation and Development

(OECD) Principles of Corporate Governance

Topic highlights
The OECD Principles of Corporate Governance set out the rights of shareholders, the
importance of disclosure and transparency and the responsibilities of the board of directors.

An important question to consider is 'will the same way of managing companies be the best method
for all companies?' The answer is likely to be no. Companies are different from each other, and
globally, they operate in different legal systems with different institutions, frameworks and
traditions. It would not be possible to construct one single approach to operating companies that
could be described as best practice for all.
The key issue in corporate governance is that 'a high degree of priority [is] placed on the interests
of shareholders, who place their trust in corporations to use their investment funds wisely and
effectively'. Shareholders in a company might be a family, they might be the general public or they

7
 Business Assurance

might be institutional investors representing, in particular, people's future pensions. These

shareholders will vary in their degree of interaction with the company and their directors.
Codes such as the OECD Code have been developed from best practice in a number of
jurisdictions. As such, they can be seen as representing an international consensus on common
elements that underlie good corporate governance. They stress global issues that are important to
companies operating in a number of jurisdictions. The OECD Code, for example, emphasises the
importance of eliminating impediments to cross-border shareholdings and treating overseas
shareholders fairly.
In the context of this great variety in the basic element of these companies, the OECD has
established a number of Principles of Corporate Governance, which were issued in 1999 and
reviewed in 2004, and which serve as a reference point for countries (to develop corporate
governance codes if they wish) and companies. They were developed in response to a mandate
given to the OECD to develop a set of standards and guidelines on good corporate governance.
The OECD is currently conducting a review of the Principles to ensure their continuing high quality,
relevance and usefulness, taking into account recent developments in the corporate sector and
capital markets.

OECD Principles of Corporate Governance

(i) The corporate governance framework should promote transparent and efficient markets,
be consistent with the rule of law and clearly articulate the division of responsibilities
among different supervisory, regulatory and enforcement authorities.
(ii) The corporate governance framework should protect and facilitate the exercise of
shareholders' rights.
(iii) The corporate governance framework should ensure the equitable treatment of all
shareholders, including minority and foreign shareholders. All shareholders should have
the opportunity to obtain effective redress for violation of their rights.
(iv) The corporate governance framework should recognise the rights of stakeholders
established by law or through mutual agreements and encourage active co-operation
between corporations and stakeholders in creating wealth, jobs and the sustainability of
financially sound enterprises.
(v) The corporate governance framework should ensure that timely and accurate disclosure
is made on all material matters regarding the corporation, including the financial
situation, performance, ownership, and governance of the company.
(vi) The corporate governance framework should ensure the strategic guidance of the
company, the effective monitoring of management by the board, and the board's
accountability to the company and the shareholders.

The above Principles are non-binding on countries and companies. Rather they seek to identify
objectives and various means for achieving them. Their purpose is to serve as a reference point
that can be used by policy makers to analyse and develop their own legal and regulatory
frameworks for corporate governance, given their individual mixes of economic, social and legal
circumstances.
In order to obtain the best of the advantages and avoid the worst disadvantages, countries may
take a hybrid approach and make some elements of corporate governance mandatory and some
voluntary.

Self-test question 1
Keepalive Life Assurance Company is a mutual organisation, owned by its policyholders. Owing to
changes in capital adequacy requirements imposed by the regulator and pressure from lobby
groups, it has decided to convert to a public limited company and float on the stock exchange.

8
 1: Scope of corporate governance | Part A Corporate governance

The board of directors is anxious to ensure that the very highest standards of governance are
adopted in the transition to the new corporate form. It has decided to review the scope of its
policies in this respect.
The policyholders, who own the voting rights in the company, have expressed concerns about the
company's plans for several reasons. First, some doubt that the existing directors have the
experience necessary to manage the company in the new form. Many of the directors only have
experience in the life assurance industry and have been with the company for a long time. The two
previous chief executives remain on the board. Second, the company had to increase its provisions
for losses last year, causing an embarrassing admission by the board that the financial statements
were 'distorted'. One major investor has accused the board of a 'clear lack of probity'. Third, when
the company is floated it is likely that its shares will be purchased by a few very large institutional
investors who may force the company to adopt a less 'customer friendly' approach to business. At
the moment, the company offers many investment products that are highly valued by smaller, less
wealthy customers but apparently make little profit for the company.
Requirements
(a) With reference to an appropriate framework, such as the one proposed by the OECD,
explain the matters that the board of directors of Keepalive Life Assurance Company should
consider in its review of corporate governance arrangements.
(b) Explain what is meant by 'lack of probity' and why probity is important.
(The answer is at the end of the chapter)

1.5 Corporate governance concepts

1.5.1 Fairness
The directors' deliberations and also the systems and values that underlie the company must be
balanced by taking into account everyone who has a legitimate interest in the company, and
respecting their rights and views. In many jurisdictions, corporate governance guidelines reinforce
legal protection for certain groups, for example minority shareholders.

1.5.2 Openness and transparency

Key term
Transparency means open and clear disclosure of relevant information to shareholders and
other stakeholders, and not concealing information which may affect decision-making. It means
open discussion, with a default position of information provision rather than concealment.

Disclosure in this context obviously includes information in the financial statements, not just the
numbers and notes to the financial statements but also narrative statements such as the directors'
report and the operating and financial review. It also includes all voluntary disclosure, that is
disclosure above the minimum required by law or regulation. Voluntary corporate communications
include management forecasts, analysts' presentations, press releases, information placed on
websites and other reports such as stand-alone environmental or social reports.
The main reason why transparency is so important relates to the agency problem (the potential
conflict between owners and managers). This will be discussed further in section 2 of this chapter.
Without effective disclosure the position could be unfairly weighted towards managers, since they
have far more knowledge of the company's activities and financial situation than owner/investors.
Avoiding the creation of an information asymmetry between managers and owners requires not
only effective disclosure rules, but strong internal controls that ensure the reliability of information
disclosures.

9
 Business Assurance

Linked with the agency issue, publication of relevant and reliable information underpins stock
market confidence in how companies are being governed and thus significantly influences
market prices. International Financial Reporting Standards (IFRSs), Hong Kong Financial
Reporting Standards (HKFRSs), and stock market regulations based on corporate governance
codes require published financial statements to present a true and fair view. Information can only
fulfil this requirement if adequate disclosure is made of uncertainties and adverse events.
Circumstances where restricted disclosure may be justified include discussions about future
strategy (knowledge of which would benefit competitors), confidential issues relating to
individuals and discussions leading to an agreed position that is then made public.

1.5.3 Independence
Independence is an important concept in relation to directors. Corporate governance reports have
increasingly stressed the importance of independent non-executive directors; directors who are
not primarily employed by the company and who have very strictly controlled other links with it. As
a result they should be free from conflicts of interest and in a better position to promote the
interests of shareholders and other stakeholders. Freed from pressures that could influence
their activities, independent non-executive directors should be able to carry out effective
monitoring of the company in conjunction with equally independent external auditors on behalf of
shareholders.
Non-executive directors' lack of links and limits on the time that they serve as non-executive
directors should promote avoidance of managerial capture – accepting executive managers'
views on trust without analysing and questioning them.
In the Hong Kong context, the Hong Kong Stock Exchange Listing Rules specify that there must be
at least three independent non-executive directors on the main board for listed companies,
representing at least one third of the board. The rules are the same for the companies listed on the
Growth Enterprise Market (GEM).

1.5.4 Probity and honesty

Hopefully this should be the most self-evident of the principles, relating not only to telling the truth,
but also not misleading shareholders and other stakeholders by presenting information in a biased
way.
Probity can be defined in terms of receipt of gifts or hospitality by trustees. They should certainly
not accept gifts or hospitality which may seem likely to influence their decisions.
1.5.5 Responsibility
Responsibility means management accepting the credit or blame for governance decisions.
Management theories stress that for management to be held properly responsible, there must be a
system in place that allows for corrective action and penalising mismanagement. Responsible
management should act in the best interests of the company and take the necessary steps to
ensure the company stays on the right path.
The board of directors must act responsively to, and with responsibility towards, all stakeholders of
the company. However, the responsibility of directors to other stakeholders, both in terms of to
whom they are responsible and the extent of their responsibility, remains a key point of contention
in corporate governance debates. We shall discuss the importance of stakeholders later in this
chapter.

10
 1: Scope of corporate governance | Part A Corporate governance

1.5.6 Accountability

Key term
Accountability (corporate) refers to whether an organisation (and its directors) are answerable in
some way for the consequences of their actions.

Accountability of directors to shareholders has always been an important part of company law, well
before the development of the corporate governance codes. For example, companies have been
required to provide financial information to shareholders on an annual basis and hold annual
general meetings. However, particularly because of the corporate governance scandals of the last
30 years, investors have demanded greater assurance that directors are acting in their interests.
This has led to the development of corporate governance codes, which we shall consider in the
next chapter. The UK Cadbury Report stresses that making the accountability work is the
responsibility of both parties. Directors, as we have seen, do so through the quality of information
that they provide whereas shareholders do so through their willingness to exercise their
responsibility as owners, which means using the available mechanisms to query and assess the
actions of the board.
As with responsibility one of the biggest debates in corporate governance is the extent of
management's accountability towards other stakeholders such as the community within which
the organisation operates. This has led on to a debate about the contents of financial statements
themselves; for what should financial statements actually account.

1.5.7 Reputation
An organisation's reputation depends on how likely other risks are to crystallise. In the same way
directors' concern for an organisation's reputation will be demonstrated by the extent to which they
fulfil the other principles of corporate governance. There are purely commercial reasons for
promoting the organisation's reputation, that the price of publicly traded shares is often dependent
on reputation and hence reputation is often a very valuable asset of the organisation.
1.5.8 Judgment
Judgment means the board making decisions that enhance the prosperity of the organisation.
This means that board members must acquire a broad enough knowledge of the business and its
environment to be able to provide meaningful direction to it. This has implications not only for the
attention directors have to give to the organisation's affairs, but also the way the directors are
recruited and trained.
The complexities of senior management mean that the directors have to bring multiple
conceptual skills to management that aim to maximise long-term returns. This means that
corporate governance can involve balancing many competing people and resource claims against
each other; although, as we shall see, risk management is an integral part of corporate
governance, corporate governance is not just about risk management.

1.5.9 Integrity

Key term
Integrity means straightforward dealing and competence. Financial reporting should be honest
and should present a balanced picture of the state of the company's affairs. The integrity of reports
depends on the integrity of those who prepare and present them.

Integrity can be taken as meaning someone of high moral character, who sticks to principles no
matter the pressure to do so otherwise. In working life this means adhering to principles of
professionalism and probity. Straightforward dealing in relationships with the different people

11
 Business Assurance

and constituencies whom you meet is particularly important; trust is vital in relationships and belief
in the integrity of those with whom you are dealing underpins this. The Cadbury Report definition
highlights the need for personal honesty and integrity of preparers of financial statements. This
implies qualities beyond a mechanical adherence to accounting or ethical regulations or guidelines.
At times accountants will have to use judgment or face financial situations which aren't covered by
regulations or guidance, and on these occasions integrity is particularly important.
Integrity is an essential principle of the corporate governance relationship, particularly in
relationship to representing shareholder interests and exercising agency. As with financial reporting
guidance, ethical codes don't cover all situations and therefore depend for their effectiveness on
the qualities of the accountant. In addition, we have seen that a key aim of corporate governance is
to inspire confidence in participants in the market and this significantly depends upon a public
perception of competence and integrity.

Self-test question 2
Excellent Limited is a company listed on the Hong Kong Stock Exchange. Excellent Limited is
engaged in construction projects contracted by certain reputable real estate developers. Recently,
the directors of Excellent Limited were aware that one of its key construction projects may face a
significant delay in completion. In accordance with the terms as set out in the respective
construction contract, the customer has the right to claim against Excellent Limited for any loss
arising from such delay. Based on the project team's estimation, the claim may amount to HK$100
million.
Required
From the corporate governance perspective, suggest actions that the directors of Excellent Limited
should take.
(8 marks)
HKICPA June 2015 (amended)
(The answer is at the end of the chapter)

1.6 HKICPA Guide on Corporate Governance

The HKICPA has published several study reports and practice guidance on corporate governance.
The following are some of the more recent of these.
In March 2001, HKICPA issued the Guide Corporate Governance Disclosure in Annual
Reports for the purpose to promote high standards of corporate governance disclosure in annual
reports of Hong Kong companies, focusing especially on listed companies.
The Guide provided practical guidance and examples of corporate governance disclosures that
would fulfil the regulatory requirements at that time in Hong Kong. It also included additional
recommended disclosures that went beyond the rules and regulations of the time and provided
illustrations and examples to show how such voluntary disclosures might be presented. Some of
the Guide's recommendations have now been overridden following the development of the
Corporate Governance Code published by the Hong Kong Stock Exchange.

12
 1: Scope of corporate governance | Part A Corporate governance

The following is the summary of the major recommendations:

Statement on Listed companies and other companies are encouraged to include a

corporate statement of corporate governance in their annual report for
governance communicating to stakeholders.
The content includes information on directors and committees, investor
relations and other matters such as corporate social responsibility.
(Note that the Corporate Governance Code has extended this
requirement and listed companies are now required to include a
Corporate Governance Report in their annual report.)
Directors' In order to enhance comparability and transparency of directors'
remuneration remuneration, detailed disclosure is required for directors'
remunerations such as performance-related pay and non-performance
related pay. The remuneration should be disclosed by individual name
of director.
Disclosure of Directors' standard remuneration should be analysed and details of
standard directors' share options should be disclosed such as value of the share
remuneration and options.
directors' share
options

Non-audit fees paid Disclosure of any non-audit fees should be disclosed as this would
to the auditors affect auditor's independence.

In May 2004, HKICPA issued the Guide Corporate Governance for Public Bodies – a Basic
Framework for the purpose of providing a basic framework for public sector corporate governance
and providing recommendation on good corporate governance.
It outlines a basic framework of corporate governance principles and recommended best practice
for such organisations to adopt, as appropriate.
The Guide aims to assist governing boards, councils and management of public sector bodies to
establish and maintain a clear focus on performance, transparency and accountability. It identifies
certain fundamental principles expected of an organisation, namely openness, integrity and
accountability, and key personal qualities required of governing board members, namely
selflessness, integrity, objectivity, accountability, openness, honesty and leadership, and applied
these principles and qualities to four dimensions of the governance of public sector organisations.

Standards of Ethical conduct – governing board members should endeavour to

behaviour exemplify the personal qualities in their entirety
Codes of conduct – a formal code of ethical conduct should be in place
to define standards of acceptable conduct for governing board
members and employees
Organisational (i) Accountability to stakeholders – directors are accountable to
structures and stakeholders for complying with statutory and regulatory
processes requirements, safeguarding funds and taking proper stewardship
of assets and resources
(ii) Commitment to openness and transparency – the governing
board in all of the main activities of the organisation
(iii) Roles and responsibilities of the board, committees, chairman,
non-executive directors should be clearly disclosed in the annual
report
(iv) Overall human resources policy – there should be effective
policies and procedures to recruit, retain and train suitable staff

13
 Business Assurance

Risk management (i) An effective system of internal control should be in place and
and control operating effectively
(ii) The governing board should have risk management and should
consider the need of contingency plans as risk responses
(iii) An effective internal audit function should be part of the
framework of control
(iv) An effective audit committee should be established
(v) External auditor should be appointed to conduct an audit of
financial statements for public sector organisations
(vi) The governing board should maintain adequate oversight to
ensure there are efficient budgeting and financial management
Accountability, (i) Committees should have regular and informative reporting to the
reporting and governing board
disclosure (ii) Any major issues should be brought to the attention of the board
on a timely basis
(iii) An annual report incorporating financial statement should be
published on a timely basis after the end of the financial year
(iv) Appropriate accounting policies and standards should be adopted
in preparation of financial statements
(v) Financial and non-financial performance measures should be
established and reported.

The Guide draws reference from important overseas studies to provide a set of recommendations
that are suitable for the public sector environment in Hong Kong. It should be applicable to
most types of organisations in the public sector, and the recommendations contained therein can
be tailored to the circumstances of individual organisations, depending on their size, complexity
and resources.
In June 2005, HKICPA issued a Guide Internal Control and Risk Management – a Basic
Framework for the purpose of providing a basic conceptual framework, general principles and
recommendations for a system of internal control and risk management. It also outlines the
responsibilities of the board and senior management in this regard, and the role that other parties,
such as the audit committee and internal auditors, can play. It should help listed companies to
understand and fulfil the requirements on internal controls contained in the Code on Corporate
Governance Practices and the disclosure requirements of the new Corporate Governance Report
(Main Board and the GEM Listing Rules, respectively).
The Guide also emphasises that establishing effective internal controls should not be seen as an
exercise in compliance but is about putting in place processes that will help a business to achieve
its corporate objectives and to identify, assess and manage the significant risks that could
otherwise prevent it from doing so. It is also a question of being more transparent and
accountable to shareholders and other stakeholders about how the business is being run.
In producing this Guide, the Institute has looked at conditions in Hong Kong and has drawn on
important international benchmarks in this field, such as the report published in the US by the
Committee of Sponsoring Organisations of the Treadway Commission, commonly known as
COSO, and the Turnbull Guidance, which formed part of the Combined Code, now known as the
UK Corporate Governance Code.
While the Guide is not intended to be exhaustive or prescriptive in nature, the Institute believes that
the principles and recommendations contained therein will provide a useful reference for listed and
group companies, as well as other companies that aim to implement or enhance their system of
internal control.

14
 1: Scope of corporate governance | Part A Corporate governance

In December 2008, HKICPA published a Guide Defining and Developing an Effective Code of
Conduct for Organisations.
This was originally produced by the International Federation of Accountants (IFAC). Acknowledging
its value to listed companies, public interest and other organisations, the Institute, together with the
Hong Kong Stock Exchange, the Hong Kong Institute of Directors and the Hong Kong Ethics
Development Centre, Independent Commission Against Corruption republished the guide with the
addition of an explanatory foreword by the four bodies.
The Guide is designed to assist professional accountants, and the organisations in which they
work, to develop a code of conduct of their own or to improve an existing code. While it does not
aim to provide detailed and prescriptive terms that are applicable to all organisations, it sets out key
principles and general guidance that should help all types of organisation to develop a more
detailed code of conduct that takes account of their own individual circumstances.
The following are the key principles in the guide, demonstrating widely accepted good practice:

Values-based The organisation's overarching objective should be to develop a values-

organisation based organisation and a values-driven code, to promote a culture that
and culture encourages employees to internalise the principle of integrity and
practise it, and encourages employees to 'do the right thing' by allowing
them to make appropriate decisions.
Code of conduct A code of conduct reflects organisational context. The nature, title and
reflects content of an effective code will vary between organisations, as will the
organisation approach to its development.
context

Commitment from Ultimately, ethical responsibility lies with the board of directors (or its
board of directors equivalent), the body that has power to influence an organisation's
culture and behaviour.
Boards should specifically oversee the development of the code of
conduct (and a wider initiative to achieve a values-based organisation),
and formally appoint a senior manager to supervise that development.
Personnel A multi-disciplinary and cross-functional group including international
personnel should lead code development where organisational size
permits.
Groups of employees and other key stakeholders can help to identify
risks to corporate culture and business conduct and consider potential
vulnerabilities arising from these risks and can usefully assist in defining
and reviewing code content.
Process for Clearly identifying the established process for defining, developing and
defining, reviewing a code will promote understanding of, and agreement on, the
developing and key stages and activities.
reviewing the code

Application across A code of conduct should apply across all jurisdictions in which an
jurisdictions organisation operates, unless contrary to local laws and regulations.

Continuous Continuous awareness and promotion of the code and the wider approach
awareness to ethics and compliance is an important part of conveying management's
and promotion commitment to their underlying principles. A continuous awareness
programme should sustain interest in and commitment to the code.
Employees and others should be made aware of the consequences of not
adhering to the code.

15
 Business Assurance

In March 2014, HKICPA published A Guide on Better Corporate Governance Disclosure following
the development of the Corporate Governance Code of the Hong Kong Stock Exchange from a
relatively short document into extensive rules, requirements and recommendations over the years.
It was felt that some important areas of the Corporate Governance Code were not self-explanatory
and warranted extra explanation. The Guide therefore serves as a practical tool to use alongside
existing guidelines and does not impose any new corporate governance requirements on listed
companies. It is expected that these topics will be further expanded and refined over time.
The aim of the Guide is to encourage meaningful corporate governance disclosures by Hong
Kong listed companies under the revised Code. It contains four parts and within each part, a
number of 'themes' are addressed. The themes cover key areas that disclosures should address.
These are as follows:
(1) The board: its role, what it did during the year and how
Theme A: The board's key roles are setting the issuer's strategy and monitoring the
management's performance.
Theme B: A good board process facilitates the operation of the board.
Theme C: The board's work during the year and how it is linked to the issuer's strategy and
focus.
(2) Accountability and audit: internal controls – sound and effective controls
Theme A: The issuer has to maintain a sound internal controls.
Theme B: The board is responsible for the issuer's maintaining sound internal controls and
should acknowledge this in the Corporate Governance report.
Theme C: The board has to review the system's effectiveness and report to the shareholders
at least on an annual basis.
Theme D: Report users, including investors, would also appreciate a high level description of
key risks facing the issuer, their impact and the mitigating measures taken.
(3) Accountability and audit: audit committee – rigorous and effective oversight
Theme A: Audit committee members, in particular its chairman, must possess the right skills
and experience to effectively carry out their responsibilities.
Theme B: A good process facilitates the working of the audit committee.
Theme C: The audit committee should carry out its responsibilities in an objective and
conscientious manner, to effectively monitor the integrity of the company's financial reporting
and maintain oversight of its internal control and risk management systems and other
relevant internal processes, as stated in its terms of reference.
Theme D: In fulfilling its responsibilities, the audit committee should engage with and assess
the effectiveness of the work of external and internal auditors.
Theme E: In addition, investors would also be interested to know how the audit committee's
focus, including new areas of focus, during the year link to the issuer's strategy, development
and changing risks.
(4) Communication with shareholders: encouraging participation by shareholders
Theme A: The board should maintain effective on-going dialogue with shareholders.
Theme B: AGMs are a special focus of the shareholders' communication policy and should
be treated as an opportunity to enhance two-way communication with shareholders.

16
 1: Scope of corporate governance | Part A Corporate governance

2 Corporate governance and agency

Topic highlights
Agency is extremely important in corporate governance as often the directors/managers are acting
as agents for the owners (principals). Corporate governance frameworks aim to ensure directors/
managers fulfil their responsibilities as agents by requiring disclosure and suggesting they are
rewarded on the basis of performance.

2.1 Nature of agency

Key term
Agency relationship is a contract under which one or more persons (the principals) engage
another person (the agent) to perform some service on their behalf that involves delegating some
decision-making authority to the agent. In other words, in a company, the shareholders are actually
the owners (the principal) of the company, who delegate decision-making authority to the senior
management (the agents). Since the interests of the managers are not always in line with those of
shareholders, they may act in a way that is detrimental to the company as a whole.

There are a number of specific types of agent. These have either evolved in particular trades or
developed in response to specific commercial needs. Examples include factors, brokers, estate
agents, del credere agents, bankers and auctioneers.

2.2 Accountability and reasonable care, skill and diligence

2.2.1 Accountability

Key term
In the context of agency, accountability (agency) means that the agent is answerable under the
contract to his principal and must account for the resources of his principal and the money he has
gained working on his principal's behalf.

Two problems potentially arise with this:

 How does the principal enforce this accountability (the agency problem see below)?
As we shall see, the corporate governance systems developed to monitor the behaviour of
directors have been designed to address this issue; and
 What if the agent is accountable to parties other than his principal – how does he
reconcile possibly conflicting duties?
2.2.2 Reasonable care, skill and diligence
In Hong Kong, the general duties of directors are mainly found in case law (leaving aside certain
specific obligations imposed by the new Companies Ordinance (Cap. 622) and by the articles of
association of a company).
Under section 465 of the new Hong Kong Companies Ordinance (Cap. 622), a director of a
company must exercise reasonable care, skill and diligence. Reasonable care, skill and diligence
mean the care, skill and diligence that would be exercised by a reasonably diligent person with:
(a) The general knowledge, skill and experience that may reasonably be expected of a person
carrying out the functions carried out by the director in relation to the company; and
(b) The general knowledge, skill and experience that the director has.

17
 Business Assurance

The duty is owed by a director of a company to the company. The duty has effect in place of the
common law rules and equitable principles as regards the duty to exercise reasonable care, skill
and diligence, owed by a director of a company to the company. Any breach of duty to exercise
reasonable care, skill and diligence from the director, civil consequences such as penalties would
be imposed.

2.2.3 Fiduciary relationship with stakeholders

Some management theorists have argued that management bears a fiduciary relationship to
stakeholders and to the corporation as an abstract entity. It must act in the interests of the
stakeholders as their agent, and it must act in the interests of the corporation to ensure the
survival of the firm, safeguarding the long-term stakes of each group. Adoption of these principles
would require significant changes to the way corporations are run. Some theorists, for example
Silvia Ayuso, go on to propose a 'stakeholder board of directors', with one representative for
each of the stakeholder groups and one for the company itself. Each stakeholder representative
would be elected by a stakeholder assembly. Companies law would have to develop to protect the
interests of stakeholders.

2.3 The agency problem

Topic highlights
The agency problem arises from separation of ownership from management of the entity and
can cause a conflict of interests if there is a breach of trust by directors by intentional action,
omission, neglect or incompetence.

The agency problem arises when a principal hires an agent to perform in the interest of principal.
In listed companies the agency problem derives from the principals (shareholders) not being able
to run the business themselves and therefore having to rely on agents (board of directors) to do so
for them. This separation of ownership from management can cause a conflict of interest or
moral hazard if there is a breach of trust by directors by intentional action, omission, neglect or
incompetence. This breach may arise because the directors are pursuing their own interests
rather than the shareholders (conflict of interest). Alternatively, the board of directors may
undertake a risky project without considering carefully the full consequences as they have a
different attitude to risk-taking to the shareholders (moral hazard).
For example, if managers hold none or very little of the equity shares of the company they work for,
what is to stop them from working inefficiently, concentrating too much on achieving short-term
profits and hence maximising their own bonuses? Without the incentive of equity ownership the
agent may not look for profitable new investment and growth opportunities, or may over-consume
perquisites such as high salaries and other benefits.
There are two possible approaches to aligning the interests between agent and principal, in order
to remedy this agency problem. One would be to offer incentive plans such as stock options or
equity in the company; the alternative would be to curb managerial controlling powers within the
firm. Ultimately shareholders do possess the right to remove the directors from office. But
shareholders have to take the initiative to do this, and in many companies they may lack the energy
and organisation to take such a step. As a last resort, they can vote in favour of a takeover or
removal of individual directors or entire boards, but this may be undesirable for other reasons.

2.4 Resolving the agency problem: alignment of interests

Agency theory sees employees of businesses, including managers, as individuals, each with his or
her own objectives. Within a department of a business, there are departmental objectives. If
achieving these various objectives leads also to the achievement of the objectives of the
organisation as a whole, there is said to be alignment of interests.

18
 1: Scope of corporate governance | Part A Corporate governance

Key term
Alignment of interests is accordance between the objectives of agents acting within an
organisation and the objectives of the organisation as a whole. Alignment of interests is sometimes
referred to as goal congruence, although goal congruence is used in other ways.

Alignment of interests may be better achieved and the 'agency problem' better dealt with by giving
managers the appropriate incentives, such as profit-related pay, or by providing more longer-term
incentives that are related to the overall company performance. Examples of such remuneration
incentives are:
 Profit-related/economic value-added pay
 Rewarding managers with shares
 Executive share option plans
Such measures might merely encourage management to adopt more 'creative accounting'
methods which will distort the reported performance of the company in the service of the managers'
own ends.
An alternative approach is to attempt to monitor managers' behaviour, for example by
establishing 'management audit' procedures, to introduce additional reporting requirements, or
to seek assurances from managers that shareholders' interests will be foremost in their priorities.
The most significant problem with monitoring is likely to be the agency costs involved, as they
may imply significant shareholder engagement with the company.

3 Stakeholders in corporate governance

Topic highlights
Directors and managers need to be aware of the interests of stakeholders in governance issues.
Governance reports have emphasised the role of institutional investors (insurance companies,
investment houses, or pension funds such as CalPers) in directing companies towards good
corporate governance.

3.1 Stakeholders

Key term
Stakeholders are any entity (person, group or possibly non-human entity) that can affect or be
affected by the achievements of an organisation's objectives. It is a bi-directional relationship.
Each stakeholder group has different expectations about what it wants and different claims upon
the organisation.

3.2 Stakeholder theory

Traditionally, the management of a company has a fiduciary duty to put the shareholders' interests
first. The company converts the input from the investors, employees, and suppliers into goods to
sell to the customer (output). By this model, companies only address the needs and wishes of
those four parties: investors, employees, suppliers and customers.
Stakeholder theory proposes corporate accountability to a broad range of stakeholders. It is
based on companies being so large, and their impact on society being so significant that they
cannot just be responsible to their shareholders. Stakeholders should be seen not as just existing,

19
 Business Assurance

but as making legitimate demands upon an organisation. The relationship should be seen as a
two-way relationship.
What stakeholders want from an organisation will vary. Some will actively seek to influence what
the organisation does; others may be concerned with limiting the effects of the organisation's
activities upon themselves.
There is considerable dispute about whose interests should be taken into account. The legitimacy
of each stakeholder's claim will depend on your ethical and political perspective on whether
certain groups should be considered as stakeholders. Should, for example, distant (developing
world) communities, other species, the natural environment in general or future generations be
considered as legitimate stakeholders?

3.3 Classifications of stakeholders

Stakeholders can be classified by their proximity to the organisation:

Stakeholder group Members

Internal stakeholders Employees, management
Connected stakeholders Shareholders, customers, suppliers, bankers, lenders, trade
unions, competitors
External stakeholders The government, local government (such as the council for a local
district), the public, pressure groups, opinion leaders

There are other ways of classifying stakeholders.

3.4 Reconciling viewpoints of different stakeholders

Enlightened long-term value maximisation offers the best, fairest, method of reconciling the
competing interests of stakeholders. Enlightened long-term value maximisation means pursuing
profit maximisation, but with regard to business ethics and the social consequences of the
organisation's actions. It is argued that the problem with traditional stakeholder theory is that it
gives no indication of how to trade off competing interests; lacking measurable targets, managers
are left unaccountable for their actions.

3.5 Stakeholder and agency theory

It is argued that agency theory does not allow managers to avoid their normal moral obligations,
particularly avoiding harm to others, respecting the autonomy of others, telling the truth and
honouring agreements. Only after fulfilling these can they maximise shareholder wealth. The
agency-principal relationship can only be meaningful if managers attend to the moral principles.
An alternate view, supported by Classical Economics, is that managers are solely responsible for
maximising the value of the firm for the owners. If managers are argued to have social
responsibilities, then they have to act in some ways that are not in the best interests of the owners,
their principals, and in ways that may reduce the value of the firm. They therefore are not acting
properly as agents; instead they are in effect raising taxes and deciding how these taxes should be
spent, which is the proper function of government, not agents.

20
 1: Scope of corporate governance | Part A Corporate governance

4 Major issues in corporate governance

Topic highlights
Key issues in corporate governance reports have included the role of the board, the quality of
financial reporting and auditing, directors' remuneration, risk management and corporate
social responsibility.

We shall examine the major areas that have been affected by corporate governance.

4.1 Duties of directors

The corporate governance reports have aimed to build on the directors' duties as defined in
statutory and case law. These include the fiduciary duties to act in the best interests of the
company, use their powers for a proper purpose, avoid conflicts of interest and exercise a
duty of care.
The new Companies Ordinance (Cap. 622) has introduced a statutory statement to provide clear
guidance in respect of the directors' duty of skill, care and diligence. The old ordinance did not
contain any provisions on this area, and the common law position in Hong Kong was not entirely
clear. The new Companies Ordinance (Cap. 622) now states that a director must exercise
reasonable care, skill and diligence, and it sets out a mixed objective and subjective test to be
applied in determining the standard required. The objective test refers to the general degree of
knowledge, skill and experience that may reasonably be expected of a person carrying out the
functions of the director in question.

4.2 Composition and balance of the board

A feature of many corporate governance scandals has been boards that are dominated by a single
senior executive with other board members merely acting as a rubber stamp. Sometimes the
single individual may bypass the board to further his own interests. Even if an organisation is not
dominated by a single individual, there may be other weaknesses in board composition.
The organisation may be run by a small group centred round the chief executive and chief financial
officer, where appointments may be made by personal recommendation rather than a formal,
objective process.
Hong Kong is quite unique in some respects in that family-owned enterprises compose the major
part of the region's businesses. This poses challenges for the composition and balance of the
board, as family members tend to dominate. A 2001 study by the OECD indicated that around 80%
of listed companies in Hong Kong are controlled by family members.
4.2.1 Independent Non-Executive Directors (INEDs) required to form one-
third of board
One of the new rules from the Consultation paper (see Chapter 2, section 2) is that at least one-
third of an issuer's board should be independent non-executive directors (INEDs).

4.3 Reliability of financial reporting and external auditors

Issues concerning financial reporting and auditing are seen by many investors as crucial
because of their central importance in ensuring management accountability. They have therefore
been the focus of much debate and litigation. While focusing the corporate governance debate
solely on accounting and reporting issues is inadequate, the greater regulation of practices such as
off-balance sheet financing has led to greater transparency and a reduction in risks faced by
investors.

21
 Business Assurance

External auditors may not carry out the necessary questioning of senior management because of
fears of losing the audit, and internal auditors do not ask awkward questions because the chief
financial officer determines their employment prospects. Often corporate collapses are followed
by criticisms of external auditors, where poorly planned audit work failed to identify illegal use of
client monies.

4.4 Directors' remuneration and rewards

Directors being paid excessive salaries and bonuses has been seen as one of the major corporate
abuses for a large number of years. It was therefore inevitable that the corporate governance
codes have targeted this issue.

4.5 Responsibility of the board for risk management and internal

control
Boards that meet irregularly or fail to consider systematically the organisation's activities and risks
are clearly not fulfilling their responsibilities. Sometimes the failure to carry out proper oversight is
due to a lack of information being provided, which in turn may be due to inadequate systems
being in place for the measurement and reporting of risk.

4.6 Rights and responsibilities of shareholders

It is important to know shareholders' rights and the role of shareholders, particularly institutional
shareholders and it has been the subject of much debate. Shareholders should have the right to
receive all material information that may affect the value of their investment and to vote on
measures affecting the organisation's governance.
The Code Provisions state that an issuer must disclose the following 'shareholder rights'
information in its Corporate Governance Report:
 The way in which shareholders can convene an extraordinary general meeting;
 The procedures for sending enquiries to the board (with sufficient contact details); and
 The procedures for making proposals at shareholders' meetings (with sufficient contact
details).

4.7 Corporate social responsibility and business ethics

The lack of consensus about the issues for which businesses are responsible and the stakeholders
to whom they are responsible has inevitably made corporate social responsibility and business
ethics an important part of the corporate governance debate.
The relationship between a company and its stakeholders should be mutually beneficial and this is
the way to create sustained business success and steady long-term growth in corporate value.

4.8 Public and non-governmental bodies' corporate governance

Many of the principles that apply to company corporate governance also apply to government
bodies or other major entities such as charities. Boards will be required to act with integrity, to
supervise the body's activities properly and to ensure appropriate control and risk
management and reporting systems are being maintained.
However, there are certain ways in which companies might differ from other types of organisation,
such as in their ownership (principals), lack of competition and their legal/regulatory environment
within which they operate.

22
 1: Scope of corporate governance | Part A Corporate governance

4.8.1 Composition of boards

This may be determined by regulation or may be tailored by the body's constitution. There may be
more than one board; possibly an executive board for overseeing operations, and a stakeholder
board containing representatives of all major stakeholder groups, which determines objectives and
ensures stakeholder interests are being represented.

4.8.2 Conduct of directors

Directors may be subject to organisation or sector-specific controls to ensure that they act in the
public interest.

4.8.3 Compulsory regulations versus voluntary best practice

Certain guidelines that are voluntary best practice in the corporate sector may be compulsory for
some other sorts of organisation, for example maintenance of an internal audit function.
4.8.4 Disclosure of internal control
Certain types of organisations are required to make disclosures about specific controls such as risk
registers, training, key performance indicators and reporting systems. Regulations such as the
Sarbanes Oxley Act 2002, section 404: Assessment of Internal Controls, have made this a
mandatory disclosure requirement in certain jurisdictions, such as the USA.

4.9 The driving forces underlying the governance code

development
Corporate governance issues came to prominence in the USA during the 1970s and in the UK and
Europe from late 1980s. The main, but not the only, drivers associated with the increasing demand
for the development of governance were as follows:
(a) Increasing internationalisation and globalisation meant that investors, and institutional
investors in particular, began to invest outside their home countries. The King report in South
Africa (1994 and revised in 2002) highlights the role of the free movement of capital,
commenting that investors are promoting governance in their own self-interest.
(b) The differential treatment of domestic and foreign investors, (both in terms of reporting
and associated rights/dividends) and the excessive influence of majority shareholders in
insider jurisdictions, caused many investors to call for parity of treatment.
(c) Issues concerning financial reporting were raised by many investors and were the focus of
considerable debate and litigation. Shareholder confidence in what was being reported in
many instances was eroded. While corporate governance development isn't just about better
financial reporting requirements, the regulation of practices such as off-balance sheet
financing has led to greater transparency and a reduction in risks faced by investors.
(d) The characteristics of individual countries may have a significant influence in the way
corporate governance has developed. The King report in South Africa (1994 and revised in
2002) emphasises the importance of qualities that are fundamental to the South African
culture such as collectiveness, consensus, helpfulness, fairness, consultation and religious
faith in the development of best practice.
(e) An increasing number of high profile corporate scandals and collapses including Maxwell
Communications Corporation (refer to the case study below) and the Enron scandal
prompted the development of governance codes. However, the scandals since then have
raised questions about further measures that may be necessary.

Case study
Robert Maxwell was a Czech refugee who came to the UK in 1940. He served in the British Army
and was awarded the Military Cross. After the war, he built up a massive publishing empire that

23
 Business Assurance

included at various times the Pergamon Press, Mirror Group Newspapers, the Berlitz language
guides and the New York Daily News. He was a famous celebrity, well-known to millions as a
flamboyant Member of Parliament and was heavily involved in professional football as the owner of
Oxford United Football Club and a director of Derby County Football Club.
Maxwell's success meant that at its peak Maxwell Communications plc was one of the largest
publicly quoted companies in the UK.
Like many publishing companies it was necessary to borrow to lever future growth. Maxwell
appeared to have no difficulty in financing his businesses. Although over time there were many
rumours about his business affairs, he adopted a highly litigious approach to his critics and took
several successful libel actions against popular magazines.
As it happened, Maxwell borrowed significant funds from the pensions funds run on behalf of his
companies' employees. Although this practice is subject to rigorous controls today, it was both
unregulated and quite common practice in the 1980s. In the same period he bought and sold
companies frequently in order to disguise the true financial position of his businesses.
In 1991 it was reported that Maxwell's companies were not meeting the statutory reporting
requirements in respect of the pension schemes. Members of these schemes made complaints in
both the UK and the USA. Maxwell's situation was worsened by the fact that he had used his
shares in his own companies to secure long-term borrowings. When the creditors sold these
shares it caused their prices to fall in the market. Maxwell responded by using borrowed funds,
including some of the operating balances of his companies and pension funds, to purchase shares
in order to support the share price.
Maxwell died by drowning in 1991. The official verdict was accidental death, though inevitably there
have been numerous conspiracy theories surrounding the accident even since. As is often the
case, the true situation concerning his businesses did not emerge immediately. It transpired that he
had used many millions of pounds belonging to occupational pension schemes to support his
businesses. Many employees lost their pensions as a result.
In 1995 several directors of Maxwell companies, including his two sons, were tried for fraud but
were acquitted.
The Maxwell scandal and the resultant consequences led to the enactment of stringent new
legislation imposing strict controls on pension funds and their relationships with employers
contributing to the schemes.

4.10 Development of corporate governance codes

To combat these problems codes of best practice were developed in many jurisdictions. Some of
the main provisions of codes have been clear attempts to deal with difficult situations. The problem
of an overbearing individual dominating a company has been countered by recommendations in
many codes that different individuals occupy the position of chief executive and chairman as the
head of a company.
The development of codes has been also prompted by the need to clarify ambiguities in the law, or
require a higher standard of behaviour than local legislation requires. Codes have also been
developed to ensure local companies comply with international best practice.

5 Corporate social responsibility

Topic highlights
Debates on organisations' social responsibilities focus on what these responsibilities are, how
organisations should deal with stakeholders and what aspects of an organisation's environment,
policies and governance are affected.

24
 1: Scope of corporate governance | Part A Corporate governance

5.1 Significance of corporate social responsibility

Businesses, particularly large and high profile ones, are subject to increasing expectations that
they will exercise corporate social responsibility.

5.1.1 Economic responsibilities

Companies have economic responsibilities to shareholders demanding a good return, to
employees wanting fair employment conditions and customers who are seeking good-quality
products at a fair price. Businesses are set up to be properly functioning economic units and so this
responsibility forms the basis of all others.

5.1.2 Legal responsibilities

Since laws codify society's moral views, obeying those laws must be the foundation of
compliance with social responsibilities. Although in all societies corporations will have a minimum
of legal responsibilities, there is perhaps more emphasis on them in some European economies
where the focus of discussion has been whether many legal responsibilities constitute excessive
red tape.

5.1.3 Ethical responsibilities

These are responsibilities that require corporations to act in a fair and just way even if the law
does not compel them to do so.

5.1.4 Philanthropic responsibilities

These are desired rather than being required of companies. They include charitable donations,
contributions to local communities and providing employees with the chances to improve their own
lives.

5.2 Corporate social responsibility and stakeholders

Inevitably discussion on corporate social responsibilities has been tied in with the stakeholder view
of corporate activity, the view that since businesses benefit from the goodwill and other tangible
aspects of society, they therefore owe society certain duties in return, particularly towards those
affected by its activities.

5.2.1 Problems of dealing with stakeholders

Whatever the organisation's view of its stakeholders, certain problems in dealing with them on
corporate social responsibility may have to be addressed.

(a) Collaborating with stakeholders may be time-consuming and expensive

(b) There may be culture clashes between the company and certain groups of stakeholders, or
between the values of different groups of stakeholders with companies caught in the middle
(c) There may be conflict between company and stakeholders on certain issues when they
are trying to collaborate on other issues
(d) Consensus between different groups of stakeholders may be difficult or impossible to
achieve, and the solution may not be economically or strategically desirable
(e) Influential stakeholders' independence (and hence ability to provide necessary criticism)
may be compromised if they become too closely involved with companies
(f) Dealing with certain stakeholders (eg public sector organisations) may be complicated by
their being accountable in turn to the wider public

25
 Business Assurance

5.3 Impact of corporate social responsibility on strategy and

corporate governance
Social responsibilities can impact on what companies do in a number of ways.

5.3.1 Objectives and mission statements

If the organisation publishes a mission statement to inform stakeholders of strategic objectives,
mention of social objectives is a sign that the board believes that they have a significant impact
on strategy.

5.3.2 Ethical codes of conduct

As part of their guidance to promote good corporate behaviour among their employees, some
organisations publish a business code of ethics.

5.3.3 Corporate social reporting and social financial statements

Some organisations, as part of their reporting on operational and financial matters, report on
ethical or social conduct. Some go further, producing social financial statements showing
quantified impacts on each of the organisation's stakeholder constituencies.

5.3.4 Corporate governance

Impacts on corporate governance could include representatives from key stakeholder groups on
the board, or perhaps even a stakeholder board of directors. It also implies the need for a
binding corporate governance code that regulates the rights of stakeholder groups.

5.4 Ownership and corporate social responsibility

Having raised the issue of the social responsibilities of companies, we also need to consider the
responsibilities of shareholders in companies. One view is that shareholders, by buying shares in a
company in the hope of greater returns, buy a responsibility; they should be insisting that those
managing the company carry out a policy that is consistent with the public welfare.
One of the main problems with this view in relation to large corporations is the wide dispersion of
shareholders. This means that shareholders with small percentage holdings have negligible
influence on managers. In addition, the ease with which shareholders can dispose of shares on
the stock markets arguably loosens their feeling of obligation in relation to their property. This then
raises the question of why the speculative (and possibly short-term) interests of shareholders
should prevail over the longer-term interests of other stakeholders.
In corporate governance discussions, the idea of ownership responsibilities have had a significant
influence because of the importance of institutional shareholders. Not only do they have the level
of shareholdings that can be used as a lever to pressure managers, but they themselves have
fiduciary responsibilities as trustees on behalf of their investors.

5.5 Corporate social responsibility guidance in Hong Kong

In August 2012, the Hong Kong Stock Exchange (HKEx) published an Environmental, Social and
Governance Reporting Guide. The Guide is currently recommended practice for all listed
companies with financial years ending on or after 31 December 2012. Subject to future
consultation, HKEx plans to raise the obligation level of some of the disclosures to 'comply or
explain' by 2015.
The Guide encourages listed companies to disclose Environmental, Social or Governance (ESG)
information either in their annual report or in a separate report which can be printed or published on
the company website. It splits ESG information into four subject areas: workplace quality,
environmental protection, operating practices and community involvement. For each subject area

26
 1: Scope of corporate governance | Part A Corporate governance

the Guide suggests KPIs and general disclosures, but does not prescribe how these KPIs are
calculated. Not all subject areas may be relevant for every company, and companies are
encouraged to prioritise those subject areas that are material in the context of their corporate
strategy.

Self-test question 3
Omnipower is an energy producer selling electricity and gas to private and business consumers.
It is a newly-established company, owned by a consortium of energy companies from different
countries.
The production of energy is a topical and controversial issue in the country in which Omnipower
operates. The country is very beautiful and rich in natural resources, so tourism is vital to the
national economy. The inhabitants of the country are fiercely protective of the environment and
their quality of life.
Anxious to build a positive relationship with the communities in which it will operate, Omnipower
has decided to produce a corporate social responsibility statement that will guarantee certain
principles to which it will adhere.
Greenspace, a local environmental pressure group, has already resisted the entry of new energy
companies to the country and has pledged that it will relentlessly pressurise Omnipower to adopt
environmentally friendly policies.
Requirements
(a) Identify the stakeholders in relation to Omnipower. Compare and contrast their respective
needs.
(b) Set out the matters that should be included in Omnipower's corporate social responsibility
(CSR) statement, including details of commitments that the company should make to its
stakeholders.
(The answer is at the end of the chapter)

27
 Business Assurance

Topic recap

Rights of shareholders
Treatment of stakeholders
Disclosure/transparency Code Recommended
Board responsibility provisions best practices

UK Corporate
Governance Code OECD Principles Hong Kong Code

International impact

Agency problem CORPORATE GOVERNANCE Stakeholder theory

Corporate governance reports Main concepts

Role of board Fairness

Quality of financial reporting Transparency
and auditing Independence
Probity
CSR: Directors’ remuneration Responsibility
Economic Risk management Accountability
Legal Reputation
Corporate social
Ethical Judgment
responsibility (CSR) Integrity
Philanthropic
Innovation
Scepticism

28
 1: Scope of corporate governance | Part A Corporate governance

Answers to self-test questions

Answer 1
(a) The OECD Framework proposes that corporate governance be considered in relation to five
areas:
Rights of shareholders
The corporate governance framework should protect shareholders and facilitate their rights
in the company. Companies are obliged to generate investment returns for the risk capital
put up by the shareholders. Directors should be accountable to shareholders in this respect.
Equitable treatment of shareholders
All shareholders should be treated equitably (fairly), including those who constitute a
minority, individuals and foreign shareholders. Shareholders should have redress when their
rights are contravened or where an individual shareholder or group of shareholders is
oppressed by the majority.
Stakeholders
The corporate governance framework should recognise the legal rights of stakeholders.
The company should facilitate co-operation with stakeholders in order to create wealth,
employment and sustainable enterprises.
Disclosure and transparency
Companies should make relevant and timely disclosures on matters affecting financial
performance, management and ownership of the business.
Board of directors
The board of directors is responsible for setting the direction of the company and monitoring
the management of the company in order to achieve its stated objectives. The corporate
governance framework should underpin the board's accountability to the company and its
members.
(b) The term 'probity' relates to honesty but goes further than simply telling the truth. Being
dishonest implies telling lies. A lack of probity, on the other hand, is not giving the true
picture of a situation, or acting in a manner that is misleading to others.
For example, giving raw data or incomplete financial information that may lead to inaccurate
conclusions demonstrates a lack of probity.
The term has been used by several judges in cases of wrongful trading. Often, a business
person may not intend to defraud creditors but may present an over-optimistic view of the
business based on a belief that its fortunes can be turned around.

Answer 2
In Hong Kong, the Code on Corporate Governance Practices ("HK Code") sets out the principles of
good corporate governance. It refers to the companies subject to the Code as "issuers".
The HK Code promotes transparency and openness. Transparency means open and clear
disclosure of relevant information to shareholders and other stakeholders, and not concealing
information, which may affect decision-making. It means open discussion, with a default position of
information provision rather than concealment.
Directors should also hold responsibilities to their stakeholders. Directors should act in the best
interests of the company and take the necessary steps to ensure that the company stays on the
right path.

29
 Business Assurance

Directors are accountable to stakeholders for complying with statutory and regulatory requirements,
safeguarding funds and taking proper stewardship of assets and resources. Any major issues
should be brought to the attention of the board on a timely basis. Financial and non-financial
performance measures should be established and reported.
In this regard, the directors should understand thoroughly the status of the construction with the
operational personnel, in order to evaluate if a significant delay in the completion is likely to arise.
They should consider seeking expert advice from internal or external sources.
Concurrently, the directors should establish measures to respond to the possible losses. For
example, making every effort to negotiate with their customer aiming to minimise the loss and
damage to the company.
The directors should also assess the significance of the impact arising from the delay of the
construction project and consider if a disclosure of the event is required. The impact can be a
financial loss, which may cause a significant loss arising in profit or loss, and a non-financial loss,
which is a reputation risk.

Answer 3
(a) The stakeholders in this situation are:
 Customers of Omnipower
 Owners of Omnipower
 The community and the local environment
 Residents who are not customers
 The government
 Greenspace (whose members may also be customers, residents or both)
 Employees of Omnipower
Using a table for simple presentation:

Stakeholder category Needs

Customers Low prices and good quality service.

Owners of Omnipower Capital growth and dividends. Payback on
investment.
Community and environment No adverse effects on landscape. No
depletion of natural resources if avoidable.
Development of new sources of renewable
energy. As little pollution as possible.
Residents who are not customers Same as community.
Government Compliance with laws. Operations to be
consistent with environmental policy.
Greenspace Same as community and environment.
Employees Stable salary, job satisfaction and future
employment development.

It can be seen from the table that the needs polarise into two sets of stakeholders. The first
set wants the company to be efficient and deliver energy as cost-effectively as possible.
A secondary concern here might be environmental impact. The second set are more
concerned with the impact on the environment as a primary need.
Energy companies are in an almost impossible position in relation to reconciling the needs of
stakeholders when there is polarisation of views.

30
 1: Scope of corporate governance | Part A Corporate governance

(b) A CSR statement should address all major concerns in relation to social responsibilities.
In the case of Omnipower, it should address both social and environmental concerns.
One example of CSR policy is the stakeholder analysis that forms the basis of CSR in CLP
Holdings Ltd, an energy company listed on the Hong Kong Stock Exchange which provides
energy to Hong Kong, mainland China, India, Southeast Asia, Taiwan and Australia.
The company has developed what it terms a 'sustainability framework' under which 15 'goals'
are grouped under four main 'sustainability pillars'.
People - Meet the evolving expectations of our stakeholders
 Zero injuries
 Support a healthy workforce
 Develop committed and motivated employees
 Meet customer expectations
 Earn and maintain community acceptance
 Operate our business ethically
Environment - Minimise environmental impacts
 Move towards zero emissions
 Move towards a more sustainable rate of resource use
 Move towards no net loss of biodiversity
Energy Supply – Deliver world-class products and services
 Supply energy reliably
 Operate efficiently
 Adopt emerging technology in a timely manner
Business Performance – Continually increase business value
 Create long-term shareholder return
 Proactively adapt to a changing business environment
 Enhance individual and organisational capability
It will be apparent from the above list that most of the concerns of the stakeholders of
Omnipower fall into one or more categories.
(Note: Sustainability Framework taken from CLP Holdings 2014 Sustainability Report
[Link]
site/Report%20Archive%20%20Year%20Document/SR_Full_2014_en.pdf)

31
 Business Assurance

Exam practice

Corporate governance 16 minutes

Trading & Factory Limited ('T&F') has been producing and selling outdoor furniture and garden
ornaments to North America for about ten years. T&F's founder, Mr. Lee, has occupied the roles of
Chairman and Chief Executive for three years, and has largely dominated its board of directors.
T&F struggled financially during 20X8-X9, but it has managed to survive through the recession and
has recently presented the unaudited management accounts for the year ended 31 December
20Y0 to its auditor. Extracted below are certain key financials for the years 20X9 and 20Y0.
Extracts from Extracts from
unaudited management audited financial statements
accounts for the year ended for the year ended
31 December 20Y0 31 December 20X9
HK$'000 HK$'000
Sales 482,100 254,300
Gross margin 30% 29%
Net profit before 98,100 16,200
tax
Current ratio 0.9 1.2
Following the recent revival in performance, Mr. Lee has expressed T&F's desire to go for a listing
within a year or two.
Due to the lack of financial expertise on the board and without a separate audit committee, T&F's
board has been relying on the management letter from its auditor to monitor the operating
effectiveness of its internal controls.
Required
Make three recommendations to improve T&F's corporate governance. (9 marks)
HKICPA June 2011 (amended)

32
chapter 2

Corporate governance
reports and practice
Topic list

1 Significance of international codes 4 Board committees

1.1 Limitations of international codes 4.1 Audit committees
2 Corporate Governance Code in Hong Kong 4.2 Nomination committee
and the UK Corporate Governance Code 4.3 Remuneration committee
2.1 Corporate Governance Code in Hong 5 Management's responsibilities to comply
Kong and the UK Corporate with corporate governance requirements
Governance Code 5.1 Duties of directors
3 Corporate governance developments in 5.2 Composition and balance of the board
Hong Kong 5.3 Reliability of financial reporting and
3.1 Similarities between the Code in Hong external auditors
Kong and the UK Corporate 5.4 Directors' remuneration and rewards
Governance Code
3.2 Comply or explain approach
(principles-based approach)
3.3 Application of principles-based
approaches by investors
3.4 Current issues
3.5 Structure of the Code in Hong Kong
3.6 Corporate Governance Report (CGR) in
Hong Kong
3.7 The New Hong Kong Companies
Ordinance (Cap. 622)

Learning focus

You may well have to discuss the implications of basing governance guidance on principles.
Knowledge of the main features and advantages and disadvantages of corporate governance
codes in general is important, but line-by-line knowledge is not required. Questions normally
require assessment of the strength of corporate governance arrangements in a particular
organisation.
As regards specific codes, the main themes of Sarbanes-Oxley may be tested. The UK
Corporate Governance Code (formerly known as the Combined Code) sets out good practice
but students should be aware of Hong Kong local codes of practice.
The existence of wider social responsibilities is likely to be a theme in questions.

33
 Business Assurance

Learning outcome

In this chapter you will cover the following learning outcomes:

Competency
level
3.01 Background to corporate governance developments 2
3.01.03 Explain corporate governance developments in Hong Kong
and the structure of the Corporate Governance Code and
Corporate Governance Report in Hong Kong
3.02 Key issues relating to corporate governance including 2
directors' remuneration, board composition, audit
committee and non-controlling interests
3.02.02 Describe the corporate governance requirements as set out in
the new Companies Ordinance (Cap. 622) and Hong Kong
Stock Exchange Listings Requirements relating to directors'
responsibilities (for example, risk management and internal
control) and the reporting responsibilities of auditors
3.03 Management's responsibilities to comply with corporate 3
governance requirements and to implement related
practices
3.03.01 Explain the responsibilities of management within the
corporate governance framework
3.03.02 Analyse the structure and roles of board committees and
discuss their drawbacks and limitations
3.04 Auditor's responsibilities to consider and address 3
corporate governance requirements
3.04.01 Explain the auditor's responsibility to consider and address
corporate governance requirements

34
 2: Corporate governance reports and practice | Part A Corporate governance

1 Significance of international codes

Topic highlights
Codes such as the OECD Code mentioned in the previous chapter have been developed from best
practice in a number of jurisdictions. As such, they can be seen as representing an international
consensus. They stress global issues that are important to companies operating in a number of
jurisdictions. The OECD Code for example, emphasises the importance of eliminating
impediments to cross-border shareholdings and treating overseas shareholders fairly.

Although the OECD Code (mentioned in Chapter 1) is non-binding and voluntary, its principles
have been incorporated into national guidance by a number of countries. The OECD Principles
have also been used by world-wide organisations as a basis for assessing the corporate
governance frameworks and practices in individual countries. These assessments are used to
determine the level of policy dialogue with, and technical assistance given to, these countries.
The fact that the local codes of different countries are based on the same international code means
that compliance costs for companies who are operating in many jurisdictions will be reduced.
It also gives investors some confidence about the application of governance rules.
The development of international codes should also be seen in the context of the development of
robust financial reporting rules, since investors' concerns with unreliable accounting information
has meant that they have questioned corporate governance arrangements. Developments in
international accounting standards aim to promote greater international harmony in accounting
practice, and international convergence on corporate governance is consistent with this.

1.1 Limitations of international codes

A number of problems have been identified with international codes.
(a) International principles represent a lowest common denominator of general, fairly bland,
principles.
(b) Any attempt to strengthen the principles will be extremely difficult because of global
differences in legal structures, financial systems, structures of corporate ownership, culture
and economic factors.
(c) As international guidance has to be based on best practice in a number of regimes,
development will always lag behind changes in the most advanced regimes.
(d) The codes have no legislative power.
(e) The costs of following a very structured international regime (such as one based on
Sarbanes-Oxley) may be very burdensome for companies based in less developed
countries that are not used to such regulation.

35
 Business Assurance

2 Corporate Governance Code in Hong Kong and the

UK Corporate Governance Code
2.1 Corporate Governance Code in Hong Kong and the UK
Corporate Governance Code

Topic highlights
The Hong Kong Stock Exchange published the Code on Corporate Governance Practices (the HK
Code) and the Corporate Governance Report (CGR) in November 2004, which is included in the
Appendices (Appendix 14) of the Main Board Listing Rules, and the (Appendix 15) Growth
Enterprise Market (GEM) Listing Rules. The HK Code and CGR became effective in 2005.
Commencing in 2012, amendments were made to the code provisions ('CP'), recommended best
practices ('RBP') and rules.
The HK Code is broken down into six main areas which will be examined later in this chapter:
1 Directors
2 Remuneration of Directors and Senior Management and Board Evaluation
3 Accountability and Audit
4 Delegation by the Board
5 Communication with Shareholders
6 Company Secretary
The UK Corporate Governance Code (formally known as the Combined Code) similarly contains
detailed guidance on good corporate governance, and strongly influences the corporate
governance requirements in other jurisdictions around the world including Hong Kong.

2.1.1 A history of corporate governance

Before we discuss the provisions of the HK Code, there is a history of corporate governance in
other countries, especially in the UK, that affects Hong Kong companies.
As a result of several accounting scandals in the 1980s and 1990s, the Cadbury Code in the UK
was the first code of corporate governance produced, for UK listed companies. Subsequently, in
1995, the Greenbury report added a set of principles on the remuneration of executive directors
for UK listed companies. The Hampel report in 1998 brought the Cadbury and Greenbury reports
together to form the first Combined Code, adding requirements relating to internal control and risk
management. In 1999, Turnbull produced a report explaining how the risk management and
internal control requirements should be applied.
In 2002, the Higgs report (Review of the role and effectiveness of non-executive directors) and the
Smith report on the role of audit committees were produced, and a new Combined Code was
issued.
In 2010, a new Stewardship Code for investment institutions was issued by the Financial
Reporting Council, providing guidelines on the role of investment institutions (as shareholders of
listed companies) in promoting good corporate governance practices. The Combined Code was
also revised in 2010 and renamed as the UK Corporate Governance Code. The amendments
included a clearer statement of the board's responsibilities relating to risk, a greater emphasis on
the importance of getting the right mix of skills and experience on the board, and recommendation
that all directors of FTSE 350 companies be put up for re-election every year. The Code was
revised again in 2012.
The development of corporate governance in Hong Kong is considered on the following pages.

36
 2: Corporate governance reports and practice | Part A Corporate governance

1998
The Hong Kong Stock Exchange issued its guidance of the Code of Best Practice for the Hong
Kong listed companies in 1998, to form the skeleton of a code of best practice to which listed
companies in Hong Kong should aim to adhere. Companies listed on the Main Board were required
to devise their own codes of practice in the interest of both non-executive directors and the
board of directors as a whole. Whereas, for companies listed on the Exchange's Growth Enterprise
Market (GEM) Board, the company had to establish an audit committee with at least three
independent non-executive directors and should appoint competent personnel for some specified
management positions.
2004 – 2005
In 2004, the Hong Kong Stock Exchange issued its draft Code on Corporate Governance Practices
(the Code) and the associated Corporate Governance Report (CGR) to help to strengthen the overall
standard of corporate governance of Hong Kong issuers. The Code on corporate governance
provided a detailed approach to various areas of corporate governance in Hong Kong. The HK
Code replaced the previous Listing Rules (the Code of Best Practice) related to corporate
governance whilst the Rules on the Corporate Governance Report set out the requirements in
respect of the preparation and issuance of a Corporate Governance Report (CGR). The new rules
required the board of directors to prepare an additional report (CGR), for inclusion in the annual
report.
The HK Code and the CGR considered the principles and guidelines set out in the revised UK
Corporate Governance Code and the proposals set by the Standing Committee on Company Law
Reform in June 2003.
The HK Code and the Rules on the CGR were effective for accounting periods commencing on or
after 1 January 2005. The Hong Kong Stock Exchange issued the HK Code and the CGR as
Appendices to the Listing Rules for Main Board issuers and GEM issuers.
As mentioned in Chapter 1, the HKICPA Corporate Governance Committee (the CG Committee)
has issued several publications on corporate governance such as Corporate Governance for Public
Bodies – A Basic Framework in 2004 and Internal Control and Risk Management – A Basic
Framework in 2005 respectively.
2007 – 2009
In February 2009 the Hong Kong Stock Exchange issued its major findings of the third annual
review (2007) of listed issuers' compliance with the Code (the Third Review).
To develop or enhance an in-house code, the Hong Kong Institute of Certified Public Accountants,
The Hong Kong Institute of Directors, the Hong Kong Stock Exchange and the Hong Kong Ethics
Development Centre, Independent Commission Against Corruption (ICAC) sought permission from
the International Federation of Accountants (IFAC) to reproduce 'The International Good Practice
Guide, entitled Defining and Developing an Effective Code of Conduct for Organisations', in Hong
Kong. (We have already discussed the key principles of this guidance in Chapter 1.)
2010 – 2012
Following the financial crisis outbreak in late 2008, the Hong Kong Stock Exchange published a
consultation paper on proposed changes to the HK Code and certain Listing Rules to corporate
governance to enhance the corporate governance in Hong Kong in December 2010. The
consultation period ended in March 2011 where the Hong Kong Stock Exchange adopted most of
the proposals outlined in the Consultation Paper, subject to certain modifications as set out in the
Consultation Conclusions.
The amendments kept the Corporate Governance Code in line with international best practices. In
its first interim/half year or annual report covering a period after 1 April 2012, the issuer had to state,
in that report, whether it had, for that period, complied with the Code Provisions (CPs) in the
revised Code as well as those of the former Code. Issuers were able to adopt the revised Code at
an earlier date than 1 April 2012.

37
 Business Assurance

HKEx's Consultation on Board Diversity

On 7 September 2012, Hong Kong Exchanges and Clearing Limited (the 'HKEx') published its
'Consultation Paper – Board Diversity' (the Consultation Paper) to set out the proposed
amendments concerning board diversity to Appendix 14 (Corporate Governance Code (the Code)
and Corporate Governance Report) to the Rules Governing the Listing of Securities on the Hong
Kong Stock Exchange.
The major purposes of the proposed amendments were to promote effective decision-making and
better governance, and monitoring through diversity in the boardroom. It was proposed that
diversity was to be given a wide interpretation and no criteria was to be prescribed to define its
meaning. An issuer was to take into account various factors to achieve boardroom diversity
depending on its own business model and circumstances, including gender, age, cultural and
educational background and professional experience.
On 13 December 2012, the HKEx published the consultation conclusions on board diversity.
Having received broad support to promote board diversity within listed issuers, the HKEx then
decided to implement new measures. In brief, the measures include a Code Provision ("CP") which
required the issuer to:
 Have a Board Diversity policy
 Disclose the policy or its summary in the issuer's corporate governance report
 Disclose any measurable objectives for implementing the policy and progress on achieving
those objectives
In addition, a note was added under the CP to clarify how the HKEx intended diversity to be
understood. The measures were effective on 1 September 2013. The conclusions were as follows:
(i) Board composition
The board should have a balance of skills, experience and diversity of perspectives
appropriate to the requirements of the issuer's business. It should ensure that changes to its
composition can be managed without undue disruption. It should include a balanced
composition of executive and non-executive directors (including independent non-executive
directors) so that there is a strong independent element on the board, which can effectively
exercise independent judgment. Non-executive directors should be of sufficient calibre and
number for their views to carry weight.
(ii) Appointments, re-election and removal
There should be a formal, considered and transparent procedure for the appointment of
new directors. There should be plans in place for orderly succession for appointments. All
directors should be subject to re-election at regular intervals. An issuer must explain the
reasons for the resignation or removal of any director.
(iii) Nomination Committee
The nomination committee (or the board) should have a policy concerning diversity of board
members, and should disclose the policy or a summary of the policy in the corporate
governance report which is included in the annual report.
Board diversity will differ according to the circumstances of each issuer.
Diversity of board members can be achieved through consideration of a number of factors,
including but not limited to gender, age, cultural and educational background, or
professional experience. Each issuer should take into account its own business model and
specific needs, and disclose the rationale for the factors it uses for this purpose.
2014 – 2015
In December 2014, HKEx published Consultation Conclusions on Risk Management and Internal
Control: Review of the Corporate Governance Code and Corporate Governance Report following
the publication of a consultation paper seeking comments in June 2014.

38
 2: Corporate governance reports and practice | Part A Corporate governance

Amendments to the HK Code following the consultation were effective for accounting periods
ending on or after 1 January 2016. Amendments were made to both the Main Board Listing Rules
and the GEM Rules.
In summary, the main changes to the Code included:
 Incorporating risk management into the Code where appropriate
 Defining the roles and responsibilities of the board and management
 Clarifying that the board has an ongoing responsibility to oversee the issuer's risk
management and internal control
 Upgrading to Code Provisions (CPs) the recommendations in relation to the annual review of
the effectiveness of the issuer's risk management and internal control and disclosures in the
Corporate Governance Report
 Upgrading to a CP the recommendation that issuers should have an internal audit function,
and those without to review the need for one on an annual basis
In December 2015, HKEx published Consultation Conclusions: Review of the Environmental,
Social and Governance Reporting Guide. This followed the publication of a consultation paper
seeking comments in July 2015. Consequently, amendments were made to the Environmental,
Social and Governance Guide and related GEM Listing Rules. In summary, the main changes
included:
 Adding a requirement that issuers must state in their annual report or a separate
environmental, social and governance (ESG) report whether they have complied with the
'comply or explain' provisions set out in the ESG Guide and if not, the reason why
 Revising the introductory section to provide more guidance on reporting and to be more in
line with international standards
 Re-arranging the Guide into two Subject Areas: Environmental and Social
 Upgrading the General Disclosures under each Aspect of the Guide to 'comply or explain'
 Revising the wording of the General Disclosures (where relevant) to be consistent with the
directors' report requirements under the Companies Ordinance (Cap. 622 of the Laws of
Hong Kong) (CO)
 Revising the wording of the recommended (ie voluntary) disclosures of the Guide to bring it
more in line with international standards of ESG reporting by incorporating disclosure of
gender diversity
 Upgrading the Key Performance Indicators (KPIs) under the 'Environmental' Subject Area to
'comply or explain'
The implementation date for the upgrade of the Environmental KPIs to 'comply or explain' was for
issuers' financial years commencing on or after 1 January 2017. All other amendments were
effective for issuers with financial years commencing on or after 1 January 2016.

2.1.2 Principles of the HK Code and the UK Corporate Governance Code

The HK Code lays down standards of good practice for entities on issues such as the composition
of the board, directors' remuneration, accountability and audit, relations with shareholders
communication with shareholders and the role of company secretary.
The HK Code contains a combination of:
 Broad principles
 More specific provisions (Code provisions (CP)
 Recommended best practices (RBPs).

39
 Business Assurance

Companies are required to conduct their corporate governance in accordance with the principles
and to apply the detailed code provisions. They are also encouraged to follow recommended best
practices.
The HK Code applies a 'comply or explain' approach, and listed companies in Hong Kong have
to disclose that they have applied the Code provisions, or if they have not, to provide an
explanation why.
The HK Code refers to companies as 'issuers'. The main principles of the Code are set out
below.

Section A: Directors
The Board
An issuer should be headed by an effective board, which should assume responsibility for
leadership and control of the issuer, and be collectively responsible for promoting the success of
the issuer by directing and supervising the issuer's affairs. Directors should take decisions
objectively and in the best interests of the issuer.
The board should regularly review the contribution required from a director to perform his
responsibilities to the issuer, and whether he is spending sufficient time performing them.
Chairman and Chief Executive
There are two key aspects of the management of every issuer – the management of the board, and
the day-to-day management of the issuer's business. There should be a clear division of these
responsibilities at the board level so that power is not concentrated in any one individual.
Board composition
The board should have a balance of skills, experience and diversity of perspectives appropriate for
the requirements of the business of the issuer. The board should ensure that changes to its
composition can be managed without undue disruption.
It should include a balanced composition of executive and non-executive directors including
independent non-executive directors (INEDs) so that there is a strong independent element on the
board, which can effectively exercise independent judgment. Non-executive directors should be of
sufficient calibre and number for their views to carry weight.
Appointments, re-election and removal
There should be a formal, considered and transparent procedure for the appointment of new
directors. There should be plans in place for orderly succession for appointments. All directors
should be subject to re-election at regular intervals. An issuer must explain the reasons for the
resignation or removal of any director. Non-executive directors should be appointed for a specific
term, subject to re-election.
Nomination committee
In carrying out its responsibilities, the nomination committee should give adequate consideration to
the Principles under board composition and appointments, re-election and removal.
Responsibilities of directors
Every director must always know his responsibilities as a director of an issuer and in conducting its
business activities and development. Given the essential unitary nature of the board, non-executive
directors have the same duties of care and skill, and fiduciary duties as executive directors.
Supply of and access to information
Directors should be provided in a timely manner with appropriate information in the form and of
quality to enable them to make an informed decision and perform their duties and responsibilities.

40
 2: Corporate governance reports and practice | Part A Corporate governance

Section B: Remuneration of directors and senior management and board

evaluation
The level and make-up of remuneration and disclosure
An issuer should disclose its directors' remuneration policy and other remuneration related matters.
The procedure for setting policy on executive directors' remuneration and all directors'
remuneration packages should be formal and transparent. Remuneration levels should be sufficient
to attract and retain the directors needed to run the company successfully, but companies should
avoid paying more than is necessary for this purpose. No director should be involved in deciding
his own remuneration.

Section C: Accountability and audit

Financial reporting
The board should present a balanced, clear and comprehensible assessment of the company's
performance, position and prospects.
Risk management and internal control
The board is responsible for evaluating and determining the nature and extent of the risks it is
willing to take in achieving the issuer's strategic objectives, and ensuring that the issuer
establishes and maintains appropriate and effective risk management and internal control
systems. The board should oversee management in the design, implementation and monitoring of
the risk management and internal control systems, and management should provide a
confirmation to the board on the effectiveness of these systems.
Audit committee
The board should establish formal and transparent arrangements to consider how it will apply
financial reporting, risk management and internal control principles and maintain an appropriate
relationship with the company's auditors. The audit committee established under the Listing Rules
should have clear terms of reference.

Section D: Delegation by the board

Management functions
An issuer should have a formal schedule of matters specifically reserved for board approval. The
board should give clear directions to management as to the matters that must be approved by it
before decisions are made on the issuer's behalf.
Board committees
Board committees should be formed with specific written terms of reference which deal clearly
with their authority and duties.

Section E: Communication with shareholders

Effective communication
The board should be responsible for maintaining an on-going dialogue with shareholders and in
particular, use annual general meetings or other general meetings to communicate with them and
encourage their participation.
Voting by poll
The issuer should ensure that shareholders are familiar with the detailed procedures for conducting
a poll.

41
 Business Assurance

Section F: Company Secretary

The company secretary plays an important role in supporting the board by ensuring good
information flow within the board and that board policy and procedures are followed. The company
secretary is responsible for advising the board through the Chairman and/or the Chief Executive on
governance matters and should also facilitate induction and professional development of directors.
In comparison, the UK Corporate Governance Code sets out standards of good practice in
relation to board leadership and effectiveness, remuneration, accountability and relations with
shareholders.
All companies with a premium listing of equity shares in the UK ('premium listed companies') are
required under the Listing Rules to report on how they have applied the UK Corporate Governance
Code in their annual report and accounts.
The UK Code contains broad principles and more specific provisions, but does not contain
recommended best practices. Listed companies are required to report on how they have applied
the main principles of the Code, and either to confirm that they have complied with the Code's
provisions or – where they have not – to provide an explanation ('comply or explain').
Compared with the HK Code, the UK Corporate Governance Code is substantially more detailed.

2.1.3 Auditors and the Code

The Hong Kong Stock Exchange in October 2011 amended the Main Board/GEM Listing Rules
relating to the Corporate Governance Code ('the revised Code') and associated Listing Rules. One
of the amendments was that the management of a company should ensure the company's auditor
attends the annual general meeting ('AGM') to answer questions relevant to:
(i) The conduct of the audit – responses to questions about the conduct of the audit
(ii) The preparation and content of the auditor's report
(iii) The accounting policies adopted by the company in relation to the preparation of the
financial statements
(iv) The independence of the auditor in relation to the conduct of the audit
(v) Modification to the independent auditor's report, if any.
In response to this new requirement, HKICPA published a Technical Bulletin AATB 2 Guidance to
the Auditor when Responding to Questions at an Annual General Meeting in March 2012. Amongst
other matters, guidance is provided on the auditor's responsibilities in responding to questions,
responses to questions where there is a modification to the auditor's report and how to respond
where the auditor cannot provide an immediate response.
The Rules also require shareholders' approval at a general meeting of any proposal to appoint or
remove an auditor before the end of the term of his office. The Rules require the issuer to send a
circular containing any written representation from the auditor to shareholders and the auditor must
be allowed to make a written and/or verbal representation at the general meeting to remove him.

2.1.4 Executive directors

Executive directors are usually responsible for setting an entity's strategy, formulating policies and
identifying systems and controls and monitoring performance. Let's break this down further:
Setting strategy and guiding policy
Executive directors are ultimately responsible for the safe stewardship of the company, and this
includes all aspects of its management: formulating strategic plans, and translating this into
budgets, HR plans, developing and maintaining assets, investing in technology and ensuring
corporate governance rules or any industry regulation or tax rules are complied with. One important
area in formulating strategy is identifying and controlling risks. Internal audit may have a very
important role to play in this area, although it is a decision made by the executive directors as to

42
 2: Corporate governance reports and practice | Part A Corporate governance

whether to set up an internal audit function, and if so, to direct relevant work activity to that
department.
In an effective board, there should be a balance of power as well as a balance of skills and
experience, and a single individual should not be able to dominate the board. One way of achieving
this is to comply with the provision in the HK Code that the roles of Chairman of the board and
Chief Executive should be separate and should not be performed by the same individual. This
means that no one individual should have unfettered powers of decision.
The board should also take responsibility for monitoring its own fitness to manage the company.
This means an assessment of the knowledge, experience, and skills of the executive directors in
areas core to the entity's business as well as the directors' personal characteristics, such as
integrity, judgment and available energy and time to invest in the business. It also involves
decisions as to new members, good induction procedures and personal development.
The board relies on reliable, timely information from the entity's systems in order to make decisions
and should review the availability and quality of the information available and set up procedures to
improve any deficiencies.
Setting up systems, controls and monitoring
Executive directors are also responsible for the systems used to fulfil the company objectives and
the controls put in place to safeguard against risks, a point we will return to later in this chapter. It
was previously Recommended Best Practice in the HK Code for the boards of listed Hong Kong
companies to consider annually whether an internal audit function is required (HK Code Section
C.2.6). However this requirement was upgraded to a CP for accounting periods beginning on or
after 1 January 2016 following the publication of Consultation Conclusions on Risk Management
and Internal Control: Review of the Corporate Governance Code and Corporate Governance
Report in December 2014.
Executive directors are also responsible for monitoring the effectiveness of the system of
internal control and risk management. An internal audit function can support the board in
ensuring adequate oversight of internal systems and controls and therefore has a primary role to
play in an entity's corporate governance framework.

In the UK, the Turnbull report on the review by the board of the effectiveness of internal control
and risk management made the following recommendations:

Turnbull Guidelines
Have a defined process for the effectiveness of internal control
Review regular reports on internal control
Consider key risks and how they have been managed
Check the adequacy of action taken to remedy weaknesses and incidents
Consider the adequacy of monitoring
Conduct an annual assessment of risks and the effectiveness of internal control; and
Make a statement on this process in the annual report

2.1.5 Non-executive directors

Key term
Non-executive directors are directors who do not have day-to-day operational responsibility for
the company. They are not employees of the company or affiliated with it in any other way.

Non-executive directors may be independent or they may not be independent. When a non-
executive director is considered 'not independent', this means that the individual may be subject to

43
 Business Assurance

the views and influence of others. For example a non-executive director may represent the
interests of a major shareholder, or the director may be subject to the influence of the executive
management team, especially after serving as a non-executive director many years.
The Listing Rules provide guidelines on how the 'independence' of a non-executive director may be
assessed. The HK Code also specifies that if an independent non-executive director has been on
the board for more than nine years, this would be a factor to consider when judging whether he is
still independent.
Board composition has a significant impact on corporate performance. The importance of
independent non-executive directors is their detachment from the day to day operational
responsibility of the company, in other words they are 'objective'. As already stated in Section 2.1.2,
at least one-third of an issuer's board should be independent non-executive directors (INEDs).
A company should also maintain on its website an up-to-date list of all its directors, indicating their
function or role and whether they are INEDs.
Non-executive directors may be appointed to oversee a particular sensitive area such as company
reporting, nomination of directors and remuneration of executive directors. Often entities establish
sub-committees of board members to deal with these issues. We will consider one such sub-
committee, the audit committee, in more detail in Section 4.1.

Self-test question 1
The HK Corporate Governance Code is a Hong Kong Stock Exchange requirement for listed
companies. It is recommended for other companies. Some argue that the HK Code should be
mandatory for all companies.
Requirements
(a) Discuss the benefits of the HK Code to shareholders and other users of financial statements.
(b) Discuss the merits and drawbacks of having such provisions in the form of a voluntary code.
(The answer is at the end of the chapter)

3 Corporate governance developments in Hong Kong

Topic highlights
Listed companies are required to confirm their compliance with the HK Code or, where they do not
comply, to provide explanations for any variation in practice.

3.1 Similarities between the Code in Hong Kong and the

UK Corporate Governance Code
When introducing the revised HK Code and the Rules on the CGR in Hong Kong, the Hong Kong
Stock Exchange noted that the HK Code represents a significant move towards the adoption of
international benchmarks of corporate governance, best practice and disclosure for Hong Kong
listed entities. The HK Code has taken into account the UK Corporate Governance Code.
In contrast to other corporate governance reporting regimes, the Hong Kong Code is broader in
coverage but less onerous in terms of required management action and attestation. This should
translate into a corporate governance framework that empowers business to succeed, while not
having a significant financial impact.
The Hong Kong Stock Exchange has adopted a 'comply or explain' approach, (which we discuss
in the next Section 3.2) to both Main Board and GEM corporate governance provisions. However,
where an issuer chooses not to comply with the relevant Code, the issuer must give considered

44
 2: Corporate governance reports and practice | Part A Corporate governance

reasons for any deviation, although such deviation may not necessarily constitute a breach of
Hong Kong Stock Exchange Listing Rules. In addition, the Hong Kong Stock Exchange requires
Main Board and GEM listed companies to include a Corporate Governance Report (CGR) in the
annual report. The Hong Kong Stock Exchange sets out mandatory and recommended
disclosures (discussed in Section 3.6) for inclusion in the CGR. Failure to include any of the
mandatory disclosures in the CGR will be regarded by the Hong Kong Stock Exchange as a breach
of the Listing Rules.

3.2 Comply or explain approach (principles-based approach)

Topic highlights
Many governance codes have adopted a principles-based approach allowing companies
flexibility in interpreting the codes' requirements and to explain if they have departed from the
provisions of the code.
A continuing debate on corporate governance is whether the guidance should predominantly be in
the form of principles, or whether there is a need for detailed laws or regulations.

Hong Kong has adopted a non-statutory approach for its corporate governance framework, based
on the UK's Corporate Governance Code. This means that the Code is voluntary in nature, with
Hong Kong companies being asked to 'comply or explain' any deviation from the code. The Hong
Kong Stock Exchange requires that disclosures be made as to whether it has been complied with,
but there are no statutory requirements to comply.
Principles-based approaches have often been adopted in jurisdictions where the governing bodies
of stock markets have had the prime role in setting standards for companies to follow. By
comparison the USA has adopted a more rules-based approach in their corporate governance
framework.

3.2.1 Benefits of comply or explain approach (principles-based approach)

Possible benefits of basing corporate governance codes on a series of principles are as follows:
(a) The approach focuses on objectives (for example, the objective that shareholders holding a
minority of shares in a company should be treated fairly) rather than the mechanisms by
which these objectives will be achieved. Possibly therefore, principles are easier to
integrate into strategic planning.
(b) Principles-based approaches can be applied across different legal jurisdictions rather than
being founded in the legal regulations of one country. The OECD Principles are a good
example of guidance that is applied internationally. This will increase global harmonisation.
(c) Where principles-based approaches have been established in the form of corporate
governance codes, the specific recommendations that the codes make are generally
enforced on a comply or explain basis. Listing Rules include a requirement to comply with
codes, but because the guidance is in a form of a code, companies have more flexibility
than they would if the code was underpinned by legal requirements.
(d) The disclosure requirements ensure that shareholders are aware of the position and they
can make any points they want to about compliance with the code at the AGM.
(e) It has been argued that making such a code obligatory would have punitive effects on
some companies, due to their size or investor make up and that legislation would create a
burden of requirement which could be excessive in many cases. Therefore, it is less
burdensome in terms of time and expenditure.
(f) A principles-based approach allows companies to develop their own approach to
corporate governance that is appropriate for their circumstances within the limits laid down
by stock exchanges.

45
 Business Assurance

(g) Enforcement on a comply or explain basis means that businesses can explain why they
have departed from the specific provisions if they feel it is appropriate. In many instances
now, the departures from best practice described in reports are of a minor or temporary
nature. Explanations of breaches have generally included details of how and when non-
compliance will be remedied.

3.2.2 Criticisms of comply or explain approach

(a) A principles-based approach can lay stress on those elements of corporate governance to
which rules cannot easily be applied. These include overall areas such as the requirement
to maintain sound systems of internal control, and 'softer' areas such as organisational
culture and maintaining good relationships with shareholders and other stakeholders.
(b) Disclosure of non-compliance is insufficient as the AGM is still not sufficient protection for
shareholders.
(c) Having a voluntary code allows some companies not to comply freely, to the detriment of
their shareholders.
(d) The requirement to disclose is only a Stock Exchange requirement, and there are many
unlisted companies who should be encouraged to apply the codes.
(e) There may be confusion over what is compulsory and what isn't. Although codes may
state that they are not prescriptive, their adoption by the local stock exchange means that
specific recommendations in the codes effectively become rules, which companies have to
obey in order to retain their listing.
(f) Some companies may perceive a principles-based approach as non-binding and fail to
comply without giving an adequate or perhaps any explanation. Not only does this
demonstrate a failure to understand the purpose of principles-based codes but it also
casts aspersions on the integrity of the companies' decision-makers.

3.3 Application of principles-based approaches by investors

In practice, comply or explain has not led to lots of companies treating compliance as being
voluntary. Analysts and investors have taken breaches, particularly by larger listed companies, very
seriously. The reputation of companies has been adversely affected if they have tried to justify non-
compliance on the grounds of excessive trouble or cost. However the value of smaller or recently
listed companies has been less affected by non-compliance; stock markets have effectively
allowed these companies more latitude even though they have breached the governance codes.
The governments have shown concerns for this area in the past and it is believed that they might
take actions in the future to regulate this area more heavily.
However, at the moment, having a voluntary code is a compromise based on the points made
above.

3.4 Current issues

Some observers attributed the global economic downturn from 2008 to a failure of those in
corporate governance, such as non-executive directors and audit committees, to manage risk
effectively. In particular, several banks in the USA and Europe were criticised for poor governance
and a failure to understand the risk exposures the banks are facing. Other observers argue that it is
not fair to blame directors who, due to rigorous independence requirements, may only have a
limited knowledge of the business or industry and are only allocated a few days a month to their
role. There seems to be an expectations gap between what is expected of those in corporate
governance and the tasks they can reasonably be required to do.
It is likely that corporate governance regulation will be reviewed as regulators react to the situation.
However, it is important that any changes are carefully considered and not just quickly
implemented regulations to appease public opinion.

46
 2: Corporate governance reports and practice | Part A Corporate governance

While it stressed that a different code may not have prevented the current economic conditions, it is
thought that it is an appropriate time to examine its effectiveness.

3.5 Structure of the Code in Hong Kong

Over the years, HKEx has undertaken a series of initiatives to raise the standards of corporate
governance in Hong Kong, improving the quality of disclosures and fostering corporate governance
culture amongst issuers in Hong Kong.
As stated earlier, the HK Code sets out the principles of good corporate governance, and two
levels of recommendations: (a) code provisions; and (b) recommended best practices. Hong Kong
listed companies are expected to comply with the code provisions (or explain any non-compliance).
The recommended best practices are for guidance only. Issuers may also devise their own code on
corporate governance practices on such terms as they may consider appropriate.
For the deviations the listed company must provide reasons in the annual reports and interim
reports.
As we have seen when examining the Code Principles in Section 2.1.2, the Code is structured in
the following sections:
A Directors
B Remuneration of directors and senior management and board evaluation
C Accountability and audit
D Delegation by the board
E Communication with shareholders
F Company secretary

The main Code Provisions in the HK Code are set out below.

Section A Directors
The Board
 The board should meet regularly and board meetings should be held at least four times a
year at approximately quarterly intervals. Director can attend either in person or through
electronic means of communication.
 Arrangements should be in place to ensure that all directors are given an opportunity to
include matters in the agenda for regular board meetings.
 At least 14 days notice should be given of regular board meetings to give all directors an
opportunity to attend. For all other board meetings, reasonable notice should be given.
 Minutes of board meetings and board committee meetings should be kept and should be
open for inspection at any reasonable time on reasonable notice by any director.
 Minutes should record in sufficient detail the matters considered and decisions reached.
Draft and final versions of minutes should be sent to all directors within a reasonable time
after the board meeting is held.
 There should be a procedure to enable directors, upon reasonable request, to seek
independent professional advice in appropriate circumstances, at the issuer's expense.
 Issuers should arrange insurance cover in respect of legal action against its directors.
Chairman and Chief Executive
 The roles of Chairman and Chief Executive should be separate and should not be performed
by the same individual. The division of responsibilities between the Chairman and Chief
Executive should be clearly established and set out in writing.

47
 Business Assurance

 The Chairman should ensure that all directors are properly briefed on issues arising at board
meetings.
Board composition
 An issuer should maintain on its website and on the Exchange's website an updated list of its
directors identifying their role and function and whether they are INEDs.
Appointments, re-election and removal
 Non-executive directors should be appointed for a specific term, subject to re-election.
 If an INED serves more than nine years, his further appointment should be subject to a
separate resolution to be approved by shareholders. Shareholders should be informed of the
reasons why the board believes he is still independent and should be re-elected.
Nomination committee (See Section 4.2 for more details on nomination committees)
 Issuers should establish a nomination committee chaired by the Chairman of the board or an
INED.
Responsibilities of directors
 Every newly appointed director of an issuer should receive a comprehensive, formal and
tailored induction on appointment. Subsequently he should receive any briefing and
professional development necessary to ensure that he has a proper understanding of the
issuer's operations and business and is fully aware of his responsibilities under statute and
common law, the Exchange Listing Rules, legal and other regulatory requirements and the
issuer's business and governance policies.
 Every director should ensure that he can give sufficient time and attention to the issuer's
affairs and should not accept the appointment if he cannot do so.
 All directors should participate in continuous professional development to develop and
refresh their knowledge and skills. This is to ensure that their contribution to the board
remains informed and relevant. The issuer should be responsible for arranging and funding
suitable training, placing an appropriate emphasis on the roles, functions and duties of a
listed company director. Note: Directors should provide a record of the training they received
to the issuer.
Supply of and access to information
 For regular board meetings, and as far as practicable in all other cases, an agenda and
accompanying board papers should be sent, in full, to all directors. These should be sent in a
timely manner and at least three days before the intended date of a board or board
committee meeting (or other agreed period).
 Management has an obligation to supply the board and its committees with adequate,
complete and reliable information, in a timely manner, to enable it to make informed
decisions. Where any director requires more information than is volunteered by
management, he should make further enquiries where necessary.

Section B Remuneration of directors and senior management and board

evaluation
 The remuneration committee should be provided with sufficient resources to perform its
duties.
(See section 4.3 in this Chapter for further information on remuneration committees.)

48
 2: Corporate governance reports and practice | Part A Corporate governance

Section C Accountability and audit

Financial reporting
 Management should provide sufficient explanation and information to the board to enable it
to make an informed assessment of financial and other information put before it for approval.
 Management should provide all members of the board with monthly updates giving a
balanced and understandable assessment of the issuer's performance, position and
prospects in sufficient detail to enable the board as a whole and each director to discharge
their duties.
 The directors should acknowledge in the Corporate Governance Report (CGR) their
responsibility for preparing the accounts. There should be a statement by the auditors about
their reporting responsibilities in the auditor's report on the financial statements.
 Unless it is inappropriate to assume that the company will continue in business, the directors
should prepare the accounts on a going concern basis, with supporting assumptions or
qualifications as necessary.
 Where the directors are aware of material uncertainties relating to events or conditions that
may cast significant doubt on the issuer's ability to continue as a going concern, they should
be clearly and prominently disclosed and discussed at length in the Corporate Governance
Report. The Corporate Governance Report should contain sufficient information for investors
to understand the severity and significance of matters.
Risk management and internal control (see section 1.2 and 1.3 of Chapter 3 for further
information)
 The board should oversee the issuer's risk management and internal control systems on an
ongoing basis, ensure that a review of the effectiveness of the issuer's and its subsidiaries'
risk management and internal control systems has been conducted at least annually and
report to shareholders that it has done so in its Corporate Governance Report. The review
should cover all material controls, including financial, operational and compliance controls.
 The board's annual review should, in particular, ensure the adequacy of resources, staff
qualifications and experience, training programmes and budget of the issuer's accounting,
internal audit and financial reporting functions.
 The issuer should have an internal audit function. Issuers without an internal audit function
should review the need for one on an annual basis and should disclose the reasons for the
absence of such a function in the Corporate Governance Report.
Internal controls
 The directors should at least annually conduct a review of the effectiveness of the issuers' and
its subsidiaries' internal control and report to shareholders that they have done so in their
Corporate Governance Report. The review should cover all material controls, including
financial, operational and compliance controls and risk management functions.
 The board's annual review should, in particular, consider the adequacy of resources, staff
qualifications and experience, training programmes and budget of the issuer's accounting
and financial reporting function.
Audit committee (see section 4.1 for further information on audit committees)
 Full minutes of audit committee meetings should be kept by a duly appointed secretary. Draft
and final versions of minutes of the meetings should be sent to all committee members
within a reasonable time after the meeting.

49
 Business Assurance

Section D Delegation by the board

Management functions
 When the board delegates aspects of its functions to management, it must give clear
directions as to the management's powers, in particular, where management should report
back and obtain prior board approval before making decisions or entering into any
commitments on the issuer's behalf.
 The board should not delegate matters to a board committee, executive directors or
management to an extent that would significantly hinder or reduce the ability of the board as
a whole to perform its functions.
 An issuer should formalise the functions reserved to the board and those delegated to
management.
 An issuer should disclose the respective responsibilities, accountabilities and contributions of
the board and management.
 Directors should clearly understand delegation arrangements in place. Issuers should have
formal letters of appointment for directors setting out the key terms and conditions of their
appointment.
Board Committees
 Where board committees are established to deal with matters, the board should give them
sufficiently clear terms of reference to enable them to perform their functions properly.
 The terms of reference of board committees should require them to report back to the board
on their decisions or recommendations, unless there are legal or regulatory restrictions on
their ability to do so.
Corporate Governance Functions
 The board should be responsible for performing the corporate governance duties set out in
the terms of reference or it may delegate the responsibility to a committee or committees.

Section E Communications with shareholders

Effective communication
 For each substantially separate issue at a general meeting, a separate resolution should be
proposed by the Chairman of that meeting. Issuers should avoid 'bundling' resolutions unless
they are interdependent and linked forming one significant proposal. Where the resolutions
are 'bundled', issuers should explain the reasons and material implications in the notice of
meeting.
 The Chairman of the board should attend the annual general meeting. He should also invite
the Chairmen of the audit, remuneration, nomination and any other committees (as
appropriate) to attend.
 The issuer should arrange for the notice to shareholders to be sent for annual general
meetings at least 20 clear business days before the meeting and to be sent at least 10 clear
business days for all other general meetings.
 The board should establish a shareholders' communication policy and review it on a regular
basis to ensure its effectiveness.
Voting by Poll
 The chairman of a meeting should ensure that an explanation is provided of the detailed
procedures for conducting a poll and answer any questions from shareholders on voting by
poll.

50
 2: Corporate governance reports and practice | Part A Corporate governance

Section F Company Secretary

 The Company Secretary should be an employee of the issuer and have day-to-day
knowledge of the issuer's affairs.
 Where an issuer engages an external service provider as its company secretary, it should
disclose the identity of a person with sufficient seniority (e.g. chief legal counsel or chief
financial officer) at the issuer whom the external provider can contact.
 The board should approve the selection, appointment or dismissal of the Company
Secretary.
 The Company Secretary should report to the board Chairman and/or the Chief Executive.
 All directors should have access to the advice and services of the Company Secretary to
ensure that board procedures, and all applicable law, rules and regulations, are followed.

3.6 Corporate Governance Report (CGR) in Hong Kong

As stated, listed companies are required to include a CGR in each annual report and summary
financial report (if any). The rules on the CGR set out two levels of disclosure:
 Mandatory disclosure requirements: Failure to include these mandatory disclosure in the
CGR will be regarded by the Hong Kong Stock Exchange as a breach of the Listing Rules.
 Recommended disclosures: The Hong Kong Stock Exchange notes that the list of
recommended disclosures is provided for listed companies' references and is not intended to
be exhaustive or mandatory. The level of detail needed varies with the nature and complexity
of issuers' business activities. Issuers are encouraged to include the recommended
disclosure information in their Corporate Governance Report.

Mandatory disclosure requirements

(i) Corporate Governance Practices

A narrative statement explaining how the issuer has applied the principles in the Code, enabling its
shareholders to evaluate how the principles have been applied and a statement as to whether the
issuer meets the code provisions.
If an issuer has adopted its own code that exceeds the code provisions, it may draw attention to
this fact in its annual report and for any deviation from the code provisions, details of the deviation
during the financial year (including considered reasons).
(ii) Directors' Securities Transactions
Whether the issuer has adopted a code of conduct regarding directors' securities transactions on
terms no less exacting than the required standard.
Whether the directors of the issuer have complied with its code of conduct regarding directors'
securities transactions. For any non-compliances, details of these and an explanation of the
remedial steps taken by the issuer to address them.
(iii) Board of Directors
Composition of the board, by category of directors, including name of Chairman, executive
directors, non-executive directors and INEDs.
The number of board meetings held during the financial year.
Attendance of each director, by name, at the board and general meeting. For each named director,
the number of board or committee meetings he attended and separately the number of board or
committee meetings attended by his alternate. Attendance at board or committee meetings by an
alternate director should not be counted as attendance by the director himself.

51
 Business Assurance

A statement of the respective responsibilities, accountabilities and contributions of the board and
management. In particular, a statement of how the board operates, including a high level statement
on the types of decisions taken by the board and those delegated to management.
Details of any non-compliance with appointment of a sufficient number INEDs and appointment of
an INED with appropriate professional qualifications, or accounting or related financial
management expertise.
Reasons why the issuer considers an INED to be independent where he/she fails to meet one or
more of the guidelines for assessing independence.
Relationship (including financial, business, family or other material/relevant relationship(s)), if any,
between board members and in particular, between the Chairman and the Chief Executive.
How each director, by name, complied with the Principle and Code Provisions relating to
'Responsibilities of directors'.
(iv) Chairman and Chief Executive
The identity of the Chairman and Chief Executive and whether the roles of the Chairman and Chief
Executive are separate and exercised by different individuals.
(v) Non-executive directors
The term of appointment of non-executive directors.

Mandatory disclosure requirements

(vi) Board Committees

The role and function of the committee.
The composition of the committee and whether it comprises INEDs, non-executive directors and
executive directors (including their names and identifying the Chairman of the committee).
The number of meetings held by the committee during the year to discuss matters and the record
of attendance of members, by name, at meetings held during the year; and a summary of the work
during the year.
(vii) Auditor's remuneration
An analysis of remuneration in respect of audit and non-audit services provided by the auditors to
the issuer. The analysis must include, in respect of each significant non-audit service assignment,
details of the nature of the services and the fees paid.
(viii) Company secretary
Where an issuer engages an external service provider as its company secretary, its primary
corporate contact person at the issuer including his/her name and position.
(ix) Shareholders' rights
How shareholders can convene an extraordinary general meeting.
The procedures by which enquiries may be put to the board and sufficient contact details to enable
these enquiries to be properly directed.
The procedures and sufficient contact details for putting forward proposals at shareholders' meetings.
(x) Investor relations
Any significant changes in the issuer's constitutional documents during the year.

52
 2: Corporate governance reports and practice | Part A Corporate governance

For the following recommended disclosures, the Code allows issuers to choose to include some or
all of this information:
(a) On its website and highlight to investors where they can access the soft copy by giving a
hyperlink direct to the relevant webpage and/or collect a hard copy of the relevant
information free of charge; or
(b) Where the information is publicly available, by stating where the information can be found.
Any hyperlink should be direct to the relevant webpage.
This choice has been allowed in response to the fact that some issuers may consider that the
recommended disclosure to be too lengthy and detailed to be included in the Corporate
Governance Report.
(xi) Risk management and internal control
Where an issuer includes the board's statement that it has conducted a review of its risk
management and internal control systems in the annual report, it must disclose the following:
(a) Whether the issuer has an internal audit function;
(b) How often the risk management and internal control systems are reviewed, the period
covered, and where an issuer has not conducted a review during the year, an explanation
why not; and
(c) A statement that a review of the effectiveness of the risk management and internal control
systems has been conducted and whether the issuer considers them effective and adequate.
Section C of the Code also requires issuers to include, as part of their Corporate Governance
Report, a narrative statement about how they have complied with the Code provisions on risk
management and internal control during the reporting period. This statement should include:
(a) The processes used by the issuer for identifying, evaluating and managing the significant
risks that it faced
(b) The main features of the issuer's risk management and internal control systems
(c) An acknowledgement by the board that it is responsible for the risk management and internal
control systems and reviewing their effectiveness. It should also explain that such systems
are designed to manage rather than eliminate the risk of failure to achieve business
objectives, and can only provide reasonable and not absolute assurance against material
misstatement or loss
(d) The process used to review the effectiveness of the risk management and internal control
systems and to resolve material internal control defects
(e) The procedures and internal controls for the handling and dissemination of inside information

Recommended disclosures

(i) Share interests of senior management

The number of shares held by senior management (i.e. those individuals whose biographical
details are disclosed in the annual report).
(ii) Investor relations
Details of shareholders by type and aggregate shareholding.
Details of the last shareholders' meeting, including the time and venue, major items discussed and
voting particulars.
Indication of important shareholders' dates in the coming financial year and public float
capitalisation at the year end.

53
 Business Assurance

Recommended disclosures

(iii) Risk management and internal control

 The board may disclose in the Corporate Governance Report that it has received a
confirmation from management on the effectiveness of the issuer's risk management and
internal control systems.
 The board may disclose in the Corporate Governance Report details of any significant areas
of concern.
(iv) Management functions
The division of responsibility between the board and management.
A CP states that the annual report should include an explanation of the basis on which the
company generates or preserves value over the longer term and the strategy for delivering the
objectives of the company.

Self-test question 2
There are several provisions in Section C of the Code on Corporate Governance Practices ("the
Code") about the annual review of the risk management and internal control system of listed
companies. The Code states that the board should conduct a review of the effectiveness of the
company's risk management and internal control system, and report to the shareholders that they
have done so in the Corporate Governance Report.
During the year under review, the Chief Financial Officer ("CFO") of Green Limited reported to its
board that since the second quarter of the financial year, more than half of its information
technology ("IT") staff had left the company. The IT support to Green Limited was intermittent
because only part-time non-IT staff could be employed. The lack of IT support was the cause of
various discrepancies found between Green Limited's sales and inventory ledgers. Hence, the
financial statements closing process has been delayed.
Required
(a) With respect to the board's annual assessment of the listed companies' risk management
and internal control effectiveness, advise as to what information should be included in a
Corporate Governance Report required by the Code. (5 marks)
(b) What are the possible consequences arising from the above incident? Advise as to what
actions the board should consider in order to ensure the internal control of the IT system is
effective in the upcoming financial year. (5 marks)
HKICPA June 2016 (amended)
(The answer is at the end of the chapter)

54
 2: Corporate governance reports and practice | Part A Corporate governance

3.7 The New Hong Kong Companies Ordinance (Cap. 622)

A comprehensive exercise to rewrite the Companies Ordinance (Cap. 32) was launched in mid-
2006 with the aim of modernising Hong Kong's company law and further enhancing Hong Kong's
status as a major international business and financial centre. The Companies Bill was finalised
and introduced into the Legislative Council ("the LegCo") on 26 January 2011. On 12 July 2012,
the Companies Bill was passed by the LegCo.
The new Companies Ordinance (Cap. 622) ("the new CO"), which consists of more than 900
sections and 11 schedules, provides a modernised legal framework for the incorporation and
operation of companies in Hong Kong. It aims to achieve four main objectives, namely, to enhance
corporate governance, ensure better regulations, facilitate business and modernise the law.
To facilitate implementation of the new CO, over ten regulations will have to be made in 2013-14.
In parallel, the Companies Registry will enhance its information system and carry out an overall
review of its procedures and forms for the implementation of the new legislation. The new CO
commenced operation on 3 March 2014.
Under the new CO, there are new measures for enhancing corporate governance and the following
are some of the major measures for the enhancement:
(a) Strengthening the accountability of directors
Restricting the appointment of corporate directors by requiring every private company to
have at least one natural person to act as director, to enhance transparency and
accountability.
Clarifying in the statute the directors' duty of care, skill and diligence with a view to providing
clear guidance to directors.
(b) Enhancing shareholder engagement in the decision-making process
Introducing a comprehensive set of rules for proposing and passing a written
resolution.
Requiring a company to bear the expenses of circulating members' statements relating to the
business of, and proposed resolutions for, Annual General Meetings, if they are received in
time to be sent with the notice of the meeting.
Reducing the threshold requirement for members to demand a poll from 10% to 5% of the
total voting rights.
(c) Improving the disclosure of company information
Requiring public companies and the larger (i.e., companies that do not qualify for simplified
reporting) private companies and guarantee companies to prepare a more comprehensive
directors' report which includes an analytical and forward-looking 'business review', whilst
allowing private companies to opt out by special resolution. The business review will provide
useful information for shareholders. In particular, the requirement to include information
relating to environmental and employee matters that have a significant effect on the
company is in line with international trends to promote corporate social responsibility.
(d) Fostering shareholder protection
Introducing more effective rules to deal with directors' conflicts of interests, including
expanding the requirement for seeking shareholders' approval to cover directors'
employment contracts which exceed three years.
Requiring disinterested shareholders' approval in cases where shareholders' approval is
required for transactions of public companies and their subsidiaries.
Requiring the conduct of directors to be ratified by disinterested shareholders' approval to
prevent conflicts of interest and possible abuse of power by interested majority shareholders
in ratifying the unauthorised conduct of directors.

55
 Business Assurance

Replacing the 'headcount test' with a not more than 10% disinterested voting requirement for
privatisations and specified schemes of arrangement, while giving the court a new discretion
to dispense with the test (in cases where it is retained) for members' schemes.
Extending the scope of the unfair prejudice remedy to cover 'proposed acts and omissions',
so that a member may bring an action for unfair prejudice even if the act or omission that
would be prejudicial to the interests of members is not yet effected.
(e) Strengthening auditors' rights
Empowering an auditor to require a wider range of persons, to provide information or
explanation reasonably required for the performance of the auditor's duties. This includes the
officers of a company's Hong Kong subsidiary undertakings and any person holding or
accountable for the company or its subsidiary undertakings' accounting records. The offence
for failure to provide the information or explanation is extended to cover officers of the
company and the wider range of persons.

4 Board committees
Topic highlights
Many companies operate a series of board sub-committees responsible for supervising specific
aspects of governance. Operation of a committee system does not clear the main board of its
responsibilities for the areas covered by the board committees.
Good use of committees seems to have had a positive effect on the governance of many
companies. It is found that committees had given assurance that important board duties were being
discharged rigorously.

The main board committees are:

 Audit committee – arguably the most important committee, responsible for liaising with
external audit, supervising the internal audit function and reviewing the annual financial
statements and internal controls
 Nomination committee – responsible for recommending the appointments of new directors
to the board
 Remuneration committee – responsible for advising on executive director remuneration
policy and the specific package for each director
 Risk committee – responsible for overseeing the organisation's risk response and
management strategies
Corporate governance guidance has concentrated on the work of the audit, remuneration and
nomination committees. The corporate governance report recommends that no one individual
should serve on all committees; most reports recommend that the committees should be staffed by
non-executive directors and preferably INEDs. We shall now consider the role of committees to see
why their role is deemed to be so significant.

4.1 Audit committees

Topic highlights
An audit committee can help a company maintain objectivity with regard to financial reporting and
the audit of financial statements.

56
 2: Corporate governance reports and practice | Part A Corporate governance

Appendix 14, Section C.3 of the HK Code sets the minimum duties for the audit committee. The
HK Code further determines the role of the audit committee and its role in monitoring the integrity of
the company's financial statements as well as being primarily responsible for the company's
relationship with the external auditors, reviewing the internal controls and recommending the
appointment of external auditors. The company should provide sufficient resources to the audit
committee to discharge its duties.
A former partner of the company's existing auditing firm should be prohibited from acting as a
member of the company's audit committee for a period of one year commencing on the date of
ceasing to be partner of the auditing firm or ceasing to have any financial interest in the auditing
firm (whichever is later).
4.1.1 Role and function of audit committees
An audit committee should be set up. It should consist entirely of non-executive directors and there
should be at least three non-executive directors on the committee. The board should satisfy
itself that at least one member of the audit committee is an INED who has appropriate professional
qualifications, or accounting or related financial management expertise.
The majority of the audit committee members must be INEDs, and the chairman of the audit
committee must be an INED as well.
The exact role of an audit committee will vary from entity to an entity. The audit committee terms of
reference should be set out in writing and publicly available on HKEx and the issuer's websites.
The Code requires that the board should establish formal and transparent arrangements for
considering how it should apply the financial reporting and internal control principles for maintaining
an appropriate relationship with the company's auditors. The provisions relating to this principle are
set out below.

Code provisions relating to the audit committee in Hong Kong

Chapter 3, section 3.21 of the Main Board Listing Rules requires:
'Every listed issuer must establish an audit committee comprising non-executive directors only. The
audit committee must comprise a minimum of three members, at least one of whom is an INED
with appropriate professional qualifications or accounting or related financial management
expertise as required under rule 3.10(2). The majority of the audit committee members must be
independent non-executive directors of the listed issuer. The audit committee must be chaired by
an independent non-executive director.'
The GEM Board (Growth Enterprise Market) has similar requirements in Chapter 5, Section 5.28
covering Audit Committees.
For further assistance the HKICPA (formerly known as the Hong Kong Society of Accountants)
published in February 2002, 'A Guide for Effective Audit Committees'. Listed issuers may refer to
the terms of reference set out in this Guide, or they may adopt any other comparable terms of
reference for the establishment of an audit committee.
The main role and responsibilities should be set out in written terms of reference and should
include:
(a) To monitor the integrity of the financial statements of the company and any formal
announcements relating to the company's financial performance, reviewing significant
financial reporting issues and judgments contained in them.
The audit committee should review arrangements by which staff of the company may, in
confidence, raise concerns about possible improprieties in matters of financial reporting or
other matters. The audit committee's objective should be to ensure that arrangements are in
place for the proportionate and independent investigation of such matters and for
appropriate follow-up action.
The terms of reference of the audit committee, including its role and the authority delegated
to it by the board, should be made available. A separate section of the annual report should
describe the work of the committee in discharging those responsibilities.

57
 Business Assurance

(b) To review the company's internal financial controls and, unless expressly addressed by a
separate board risk committee composed of independent directors or by the board itself, the
company's internal control and risk management systems.
(c) To monitor and review the effectiveness of the company's internal audit function.
Where there is no internal audit function, the audit committee should consider annually
whether there is a need for an internal audit function and make a recommendation to the
board, and the reasons for the absence of such a function should be explained in the
relevant section of the annual report.
(d) To make recommendations to the board on the appointment, reappointment and removal of
the external auditors, to approve the remuneration and terms of engagement of the external
auditors and any questions of resignation or dismissal of the external auditors (section
C.3.3(a) of Appendix 14).
If the board does not accept the audit committee's recommendation, it should include in the
annual report, and in any papers recommending appointment or re-appointment, a statement
from the audit committee explaining the recommendation and should set out reasons why
the board has taken a different position.
(e) To monitor and review the external auditors' independence, objectivity and effectiveness of
the audit process in accordance with applicable standards (section C.3.3(b) of Appendix 14).
To seek information from the external auditors on an annual basis on the external auditors'
processes for maintaining independence and monitoring compliance with relevant
requirements, including any applicable requirement on rotation of engagement team
members.
(f) To develop and implement policy on engagement of the external auditor to supply non-audit
services, taking into account relevant ethical guidance regarding the provisions of non-audit
services by the external audit firm and to report to the board, identifying any matters in
respect of which it considers that action or improvement is needed, and making
recommendations as to the steps to be taken (section C.3.3(c) of Appendix 14).
(g) An audit committee should meet the external auditor at least twice a year.
(h) To ensure co-ordination between the internal audit function (where it exists) and the external
auditors.
(i) To review the external auditors' management letter, any material queries raised by the
external auditors to management in respect of the accounting records, financial statements
or systems of control and management's response.
(j) An audit committee's terms of reference should include arrangements for employees to raise
concerns about financial reporting improprieties.
(k) A RBP recommends the audit committee establish a whistleblowing policy and system.

4.1.2 Advantages and drawbacks of audit committees

The advantages of having an audit committee are as follows:
(a) To improve the quality of financial reporting, by reviewing the financial statements on behalf
of the board.
(b) To create an ethical environment and establish controls which will act as a deterrent and
reduce the opportunity for fraud.
(c) To enable the non-executive directors to inject their experience, expertise and an
independent judgment into the entity's affairs.
(d) To help the Chief Financial Officer, by providing a forum in which he can raise matters of
concern, and a mechanism for resolving potentially difficult issues.

58
 2: Corporate governance reports and practice | Part A Corporate governance

(e) To work with and improve the quality and efficiency of the external auditor, by providing a
means of communication and apparatus to resolve issues of concern.
(f) To provide a framework within which the external auditor can assert his position in the event
of a dispute with management.
(g) To strengthen the status of the internal audit function, by providing a greater degree of
independence from management.
(h) To increase public confidence in the reliability and objectivity of financial statements.
Opponents of audit committees argue the following:
(a) The executive directors may not understand the purpose of an audit committee and may
perceive that it detracts from their authority.
(b) There may be difficulty selecting sufficient non-executive directors with the necessary
competence in auditing matters for the committee to be really effective.
(c) The establishment of such a formalised reporting procedure may dissuade the auditors
from raising matters of judgment and limit them to reporting only on matters of fact; and
(d) Costs may be increased.

4.2 Nomination committee

4.2.1 Role and function of nomination committee
In order to ensure that balance of the board is maintained, corporate governance codes recommend
the board should set up a nomination committee, to oversee the process for board appointments
and make recommendations to the board. The nomination committee needs to consider:
 The skills, knowledge and experience possessed by the current board
 The need for continuity and succession planning
 The desirable size of the board
 The need to attract board members from a diversity of backgrounds
Code Provisions state that a listed company should:
(a) Establish a nomination committee with a majority of INEDs, chaired by an INED or the board
Chairman
(b) Establish a nomination committee with written terms of reference that performs the duties
described
(c) Include, as one of the nomination committee's duties, a review of the structure, size and
composition of the board at least annually to complement the issuer's corporate strategy
(d) Make the nomination committee's terms of reference available on both the issuer's and the
HKEx websites
(e) Ensure a nomination committee has sufficient resources
(f) Enable a nomination committee to seek independent professional advice at the issuer's
expense

4.3 Remuneration committee

4.3.1 Role and function of remuneration committee
In Hong Kong, the key objectives of establishing a remuneration committee are to assist the board
of directors in maintaining a formal and transparent procedure for setting policy on directors'
remuneration, and to determine an appropriate remuneration package for all directors. The
remuneration committee should ensure that remuneration arrangements support the strategic aims
of the business, and enable the recruitment, motivation and retention of senior executives while

59
 Business Assurance

complying with all rules and regulations. According to the HK Code, issuers should establish a
remuneration committee with specific written terms of reference which deal clearly with its authority
and duties. A majority of the members of the remuneration committee should be INEDs. The
Chairman of the remuneration committee should be an INED.
There should be written terms of reference for the remuneration committee. Any listed company
that fails to comply with these rules should immediately announce its reasons for not doing so and
any other relevant details. The listed company will have a three-month period to rectify its non-
compliance.
The remuneration committee should consult the Chairman and/or Chief Executive about their
proposals relating to the remuneration of other executive directors. Where necessary it adds that
professional advice can be sought by the remuneration committee, however any professional
advice made available to a remuneration committee should be independent;
The remuneration committee should only perform an advisory role to the board, with the board
retaining the final authority to approve executive directors' and senior management's remuneration.
It should ensure that its terms of reference are available on both the issuer's and the Hong Kong
Stock Exchange websites.
Overall, the remuneration committee plays the key role in establishing remuneration arrangements.
In order to be effective, the committee needs both to determine the organisation's general policy on
the remuneration of executive directors and specific remuneration packages for each director.

Self-test question 3
Peace Limited is a company listed on the Hong Kong Stock Exchange and has entered into an
agreement with Mr. Chan, an executive director of Peace Limited, for consultancy services.
Pursuant to the agreement, Peace Limited will pay HK$10 million to Mr. Chan for general
consultancy services such as promoting the image of Peace Limited in the market.
Required
Suggest the corporate governance measures required (ignoring the Hong Kong Listing Rules
requirements on connected transactions) to enhance the transparency of transactions with
directors in Peace Limited.
(8 marks)
HKICPA June 2014 (amended)
(The answer is at the end of the chapter)

5 Management's responsibilities to comply with

corporate governance requirements
The powers of directors to run the company are set out in the company's constitution or articles
of association.
Under corporate governance best practice there is a distinction between the role of executive
directors, who are involved full-time in managing the company, and the non-executive
directors, who primarily focus on monitoring. However, under Companies Law, in most
jurisdictions the legal duties of directors apply to both executive and non-executive directors.
Section A of Appendix 14 covers the issues relating to directors.

5.1 Duties of directors

The corporate governance reports have aimed to build on the directors' duties as defined in
statutory and case law duties of directors. These include the fiduciary duties to act in the best

60
 2: Corporate governance reports and practice | Part A Corporate governance

interests of the company, use their powers for a proper purpose, avoid conflicts of interest
and exercise a duty of care.

5.2 Composition and balance of the board

A feature of many corporate governance scandals has been boards dominated by a single senior
executive with other board members merely acting as a rubber stamp. Sometimes the single
individual may bypass the board to action his own interests. Even if an organisation is not dominated
by a single individual, there may be other weaknesses in board composition. The organisation may
be run by a small group centred round the Chief Executive and Chief Financial Officer, and
appointments may be made by personal recommendation rather than a formal, objective process.
As we shall see, the board must also be balanced in terms of skills and talents from several
specialisms relevant to the organisation's situation.

5.3 Reliability of financial reporting and external auditors

Issues concerning financial reporting and auditing are seen by many investors as crucial because
of their central importance in ensuring management accountability. They have therefore been the
focus of much debate and litigation. While focusing the corporate governance debate solely on
accounting and reporting issues is inadequate, the greater regulation of practices such as off-balance
sheet financing has led to greater transparency and a reduction in risks faced by investors.
External auditors may not carry out the necessary questioning of senior management because of
fears of losing the audit, and the internal audit function do not ask awkward questions because
the Chief Financial Officer determines their employment prospects. Often corporate collapses
are followed by criticisms of external auditors, where poorly planned and focused audit work failed
to identify illegal use of client monies.

5.4 Directors' remuneration and rewards

Packages will need to attract, retain and motivate directors of sufficient quality, while at the
same time taking into account shareholders' interests as well. However, assessing executive
remuneration in an imperfect market for executive skills may prove problematic. The remuneration
committee needs to be mindful of the implications of all aspects of the package, also the
individual contributions made by each director.
Directors being paid excessive salaries and bonuses has been seen as one of the major corporate
abuses for a large number of years. It is therefore inevitable that the corporate governance codes
have targeted this issue, with such measures as:
(a) Directors' remuneration should be set by independent members of the board
(b) Any form of bonus should be related to measurable performance or enhanced shareholder
value
(c) There should be full transparency of directors' remuneration, including pension rights, in
the annual financial statements
In order for readers of the financial statements to achieve a fair picture of remuneration
arrangements, the annual report would need to disclose:
 Remuneration policy
 Arrangements for individual directors
Other disclosures that may be required by law or considered as good practice include the duration
of contracts with directors, and notice periods and termination payments under such
contracts. Details of external remuneration consultants employed by the remuneration
committee to advise on determining remuneration should be provided.

61
 Business Assurance

Topic recap

Listed companies Compliance responsibility

required to 'comply of the Board (possibly
or explain' supervised by sub-committees)

Influenced by OECD Corporate Governance

Code and UK HONG KONG CODE Report (CGR)
Corporate Governance
Code
Six main areas: Distinction betweetn role
1. Directors of executive and
2. Remuneration of directors non-executive directors
and senior managers and board
evaluation
3. Accountability and audit Board responsible for
4. Delegation by the board effectiveness of controls
5. Communication with shareholders
6. Company secretary

62
 2: Corporate governance reports and practice | Part A Corporate governance

Answers to self-test questions

Answer 1
(a) Benefits of the HK Code
Shareholders
Of key importance to the shareholders are the suggestions that the HK Code makes in
respect of the annual general meeting. In the past, particularly for large listed companies,
AGMs have sometimes been forbidding and unhelpful to shareholders. The result has been
poor attendance and low voting on resolutions.
The HK Code requires that separate resolutions are made for identifiably different items
which should assist shareholders in understanding the proposals laid before the meeting.
It also requires that director members of various important board committees (such as the
remuneration committee) be available at AGMs to answer shareholders' questions.
Internal controls
Another important area for shareholders is the emphasis placed on directors monitoring and
assessing internal controls in the business on a regular basis. While it is a statutory
requirement that directors safeguard the investment of the shareholders by instituting
internal controls, this additional emphasis on quality should increase shareholders'
confidence in the business.
Directors re-election
The requirements of the HK Code also make the directors more accessible to the
shareholders. They are asked to submit to re-election every three years. They are also
asked to make disclosure in the financial statements about their responsibilities in relation to
preparing financial statements and going concern.
Audit committee
Last, some people would argue that the existence of an audit committee will lead to
shareholders having greater confidence in the reporting process of an entity.
Other users
The key advantage to other users is likely to lie in the increased emphasis on internal
controls as this will assist the company in operating smoothly and increasing viability of
operations, which will be of benefit to customers, suppliers and employees.
(b) Voluntary code
Adherence to the HK Code is not a statutory necessity, although it is possible that in the
future, such a code might become part of company law.
Advantages
The key merit of the HK Code being voluntary for most companies is that it is flexible.
Companies can review the Code and make use of any aspects which would benefit their
business.
If they adopt aspects of the HK Code, they can disclose to shareholders what is being done
to ensure good corporate governance, and what aspects of the HK Code are not being
followed, with reasons.
This flexibility is important, for there will be a cost of implementing such a Code, and this
cost might outweigh the benefit for small or owner-managed businesses.

63
 Business Assurance

Disadvantages
Critics would argue that a voluntary code allows companies that should comply with the
Code to get away with non-compliance unchallenged.
They would also argue that the type of disclosure made to shareholders about degrees of
compliance could be confusing and misleading to shareholders and exacerbate the
problems that the Code is trying to guard against.

Answer 2
(a) The report should comprise an assessment of risk management and internal control and
should confirm that the board has considered all significant aspects of internal control based
on its identification of business risks. In particular, the report should include the following:
(i) Any changes since the last assessment in the nature and extent of the significant risks
faced by the company, and the company's ability to respond to changes in its business
environment.
(ii) The scope and quality of the monitoring by management of risk and internal control,
and the scope and quality of the work of the internal audit function, if such a function
exists in the company.
(iii) The extent and frequency of reporting to the board (or board committee) on the results
of this ongoing monitoring activity. This regular reporting enables the board or
committee to build up a cumulative assessment of the state of internal control and the
effectiveness of risk management.
(iv) The incidence of any significant control failings or deficiencies that have been
identified which have a material impact on the company's financial performance or
position, or might have a material impact in the future.
(v) The effectiveness of the company's processes for compliance with financial reporting
rules and Listing Rules.
In addition, a narrative statement about how they have complied with the Code provisions on
risk management and internal control during the reporting period. In particular, they should
disclose:
(i) The process used to identify, evaluate and manage significant risks;
(ii) The main features of the risk management and internal control systems;
(iii) An acknowledgement by the board that it is responsible for the risk management and
internal control systems and reviewing their effectiveness;
(iv) The process used to review the effectiveness of the risk management and internal
control systems; and
(v) The procedures and internal controls for the handling and dissemination of inside
information.
As a listed company, Green Limited should have an internal audit function. If the company
does not have such a function they should review the need for one on an annual basis and
the report should also disclose the reasons for the absence of an internal audit function.
(b) During the year under review, Green Limited had experienced significant control failings with
regard to its IT system. The IT system has a material impact on the company's sales and
inventory processes and its financial reporting.
The discrepancies found in the company's sales and inventory ledgers may cause material
misstatements in its financial statements.
The lack of IT support may also cause a failure to safeguard Green Limited's assets if sales
and inventories are not properly recorded.

64
 2: Corporate governance reports and practice | Part A Corporate governance

The board of Green Limited should consider in particular:

 The resources in the accounting and financial reporting function may not be adequate
because reconciliation of these discrepancies is required;
 The qualifications and experience of the staff of the IT-related financial reporting
function do not meet requirements because only part-time and non-IT staff are
employed;
 Increasing the budget to recruit more qualified staff to remediate the existing control
failure; and
 Implementing the remediation plan to ensure the internal control of the IT system is
effective.

Answer 3
The Hong Kong Stock Exchange sets out the principles of good corporate governance in the
Corporate Governance Code ('the Code') included in the Appendix of the Main Board Listing Rules.
The recommended corporate governance measures Peace Limited should consider include:
Composition and balance of the board of directors
A single individual may bypass the board to action his own interest. The board should include
directors with proper knowledge and experience in assessing the reasonableness of material
transactions entered into by Peace Limited. The mix between executive and independent non-
executive director should also be balanced to allow a proper review of management activities.
Audit committee
Peace Limited is a company listed on the Hong Kong Stock Exchange. It must establish an audit
committee according to the listing rules. An audit committee should be established to review Peace
Limited's internal financial controls. The Code has already a requirement that the Audit Committee
should be independent from the management. The committee should also be kept abreast of the
information and developments in Peace Limited's as a monitoring measure against contract with
directors.
Remuneration Committee
The Code requires the establishment of a Remuneration Committee, consisting of the majority of
independent executive directors, to approve the remuneration of directors and executives. A
reasonable remuneration package for the management is usually a general measure to prevent
senior management from acting for self-interest or committing wrong-doings at the expense of the
company's interest.
Other measures
Typical corporate governance measures also include an employee whistle-blowing scheme where
employees are encouraged to report exceptional or suspicious related party activities e.g. fraud or
collusion and corporate governance issues. Peace Limited should consider establishing such a
communication channel.

65
 Business Assurance

Exam practice

DREIT 25 minutes
Dummy Real Estate Investment Trust (DREIT) is a mid-size real estate investment trust listed in
Hong Kong. With a portfolio of 50 real estates comprising retail malls, commercial premises and
car park facilities, DREIT was established by a trust deed (Trust Deed).
DREIT has a manager (Manager) who has the general power to manage DREIT's assets in the
interests of its unitholders (Unitholders) in accordance with the Trust Deed. A Board of Directors is
responsible for the Manager's overall governance, including establishing targets for executive
management and monitoring the achievement of these targets. DREIT's trustee (Trustee) is
responsible under the Trust Deed for the safe custody of DREIT's assets and holds the same for
and on behalf of the Unitholders. The Manager is independent of the Trustee.
DREIT aims to produce a sustainable stream of income from its portfolio and to maximise the value
through the enhancement of its physical built structure, trade-mix, marketing and customer service.
As these enhancement projects progress, the portfolio offers customers better shopping facilities
with more choices at reasonable prices, whilst improving returns for the Unitholders.
Since its listing on the Hong Kong Stock Exchange in December 20X8, DREIT has been paying the
Unitholders at about 90% of its net income and has demonstrated consistent growth in distribution
per unit. A substantial portion of the remuneration of DREIT's senior executives is closely linked to
the growth rate of the distribution per unit.
Certain DREIT's financial and operating data are set out as follows:

Year ended Year ended

31 December 20Y0 31 December 20X9

Revenue HK$404 million HK$385 million

Net property income margin 35% 35%
Distribution per unit 49 cents 43 cents
Average monthly unit rent HK$26 per square foot HK$26 per square foot
Occupancy rate 91% 87%
Gearing 20% 18%

Mr Kwok is the audit director of a CPA incorporated practice in charge of the audit of DREIT's
financial statements for the year ended 31 December 20Y0.
In April 20Y0, DREIT made an acquisition of a block of low-rise commercial premises in the New
Territories. Part of the premises suddenly collapsed in December 20Y0. There was no casualty
reported and DREIT's manager believed that the damages are fully covered by its group insurance
policy. However, emerging evidence indicates that there was an illegal extension built on the
premises which might have caused the collapse. If it is the case, the damage could be an
uninsured loss.
(Note. DREIT is a collective investment scheme in the form of a unit trust established by a trust
deed, authorised by the Securities and Futures Commission under the Securities and Futures
Ordinance and regulated by the provisions of the Code on Real Estate Investment Trusts.)

66
 2: Corporate governance reports and practice | Part A Corporate governance

DREIT has established an audit committee to comply with the Listing Rules of the Hong Kong
Stock Exchange.
Required
(a) To what extent can the establishment of an effective audit committee improve DREIT's
corporate governance in the context of external auditing, financial reporting and internal
control? (8 marks)
(b) Describe some ways to gauge the effectiveness of DREIT's audit committee. (6 marks)
(Total = 14 marks)
HKICPA December 2011

67
 Business Assurance

68
Part B
Internal assurance

Internal assurance is an important concept linked to a good corporate governance

environment.
A discussion of internal assurance helps students to perform the environmental consideration
for assurance purposes. Internal assurance is also an input to the audit risk assessment
process.

69
 Business Assurance

70
chapter 3

Internal assurance
Topic list

1 Internal control effectiveness 3 Sarbanes-Oxley Act 2002

1.1 Importance of internal control and risk 3.1 The Enron scandal
management 3.2 The Sarbanes-Oxley Act 2002
1.2 Directors' responsibilities for risk 3.3 Detailed provisions of the Sarbanes-
management and internal control Oxley Act
1.3 Annual assessment of the effectiveness 3.4 Impact of Sarbanes-Oxley in America
of risk management and internal control 3.5 International impact of Sarbanes-Oxley
systems 3.6 Impact of Sarbanes-Oxley in Hong Kong
1.4 Auditors' responsibilities for internal 3.7 Criticisms of Sarbanes-Oxley
control 4 Internal auditors
2 Internal audit and corporate governance 4.1 Using the work of internal auditors
2.1 Introduction 4.2 Relationship between HKSA 315
2.2 Internal audit and corporate governance (Revised 2016) and HKSA 610 (Revised
2.3 The role of internal audit in risk 2013)
management 4.3 Internal audit function
2.4 Outsourcing the internal audit function 4.4 Evaluating the internal audit function
2.5 Managing an outsourced department 4.5 Using the work of the internal audit
function
4.6 Using internal auditors to provide direct
assistance
4.7 Documentation
4.8 Distinction between internal and external
audit
4.9 Responsibility for fraud and error
4.10 Limitations of the internal audit function

Learning focus

Internal assurance can be regarded as a key concept that underpins the whole of business
assurance. As we shall see in this chapter, internal assurance relates both to the wider
principles of corporate governance that we have discussed in the first two chapters of this
Learning Pack and also to the role of the internal audit function within the context of an
individual entity.

71
 Business Assurance

Learning outcome

In this chapter you will cover the following learning outcomes:

Competency
level
2.09 Audit procedures 3
2.09.05 Explain the importance of internal control to auditors and the
execution of tests of control
2.11 Internal audit 2
2.11.01 Explain the relationship between internal auditors and external
auditors
2.11.02 Discuss why auditors may rely on the work of others, including
internal audit, experts and service organisations
3.05 Implications of overseas legislation such as the Sarbanes- 2
Oxley Act 2002 on Hong Kong companies and auditors
3.05.01 Explain the effect of the Sarbanes-Oxley Act 2002 on Hong
Kong companies and their auditors

72
 3: Internal assurance | Part B Internal assurance

1 Internal control effectiveness

Topic highlights
It is the directors of a company who are ultimately responsible for ensuring that a company's
system of controls is effective.

1.1 Importance of internal control and risk management

The role of internal controls are to:
 Safeguard the company's assets
 Help to prevent and detect fraud
 Protect the shareholders' investment
Good internal control is designed to reduce identified risks to the business. It helps deter and
detect fraud. Good internal control also helps to ensure reliability of reporting, and compliance with
laws.

1.2 Directors' responsibilities for risk management and internal

control
The board is responsible for:
 Evaluating and determining the nature and extent of the risks it is willing to take in achieving
the issuer's strategic objectives;
 Ensuring the issuer establishes and maintains appropriate and effective risk management
and internal control systems; and
 Overseeing management in the design, implementation and monitoring of the risk
management and internal control systems; management should provide a confirmation to the
board on the effectiveness of these systems.

1.2.1 Setting up internal control

Setting up internal controls necessitates assessing the risks faced by the business, so that the
system can be constructed to ensure that those risks are mitigated.
Internal control will always have inherent limitations. No system of internal control is tight enough
to eliminate totally the possibility of human error, or the chance that employees will collude in fraud
to override the controls in place which might prevent the fraudulent intentions of an employee
working alone.

1.2.2 Monitoring risk management and internal control

The board should:
 Oversee the issuer's risk management and internal control systems on an ongoing basis;
 Ensure a review of the effectiveness of the issuer's and its subsidiaries' risk management
and internal control systems has been conducted at least annually. The review should cover
all material controls, including financial, operational and compliance controls; and
 Report to shareholders that it has done so in its Corporate Governance Report.

73
 Business Assurance

The board monitors risk management and internal control systems through an internal audit
function. Code provision C.2.5 states the issuer should have an internal audit function. Issuers
without an internal audit function should:
 Review the need for one on an annual basis; and
 Disclose the reasons for the absence of such a function in the Corporate Governance
Report.
The annual review of the effectiveness of the issuer's risk management and internal control
systems is explained in more detail in section 1.3.

1.3 Annual assessment of the effectiveness of risk management

and internal control systems
There are several provisions in section C of the Code about the annual review of the risk
management and internal control systems.
The Code states that the annual review should consider in particular:
 The adequacy of resources in the accounting, internal audit and financial reporting functions
 The qualifications and experience of the staff in the accounting, internal audit and financial
reporting functions
 Their training programmes and budget.
The annual review should consider in particular:
(a) Any changes since the last annual review in the nature and extent of the significant risks
faced by the company, and the company's ability to respond to changes in its business
and external environment.
(b) The scope and quality of the ongoing monitoring of the risks and internal control systems by
management, and the scope and quality of the work of the internal audit function, if such a
function exists in the company.
(c) The extent and frequency of reporting to the board (or board committee) on the results of
this ongoing monitoring activity. This regular reporting enables the board or board committee
to assess control and the effectiveness of risk management.
(d) The incidence of any significant control failings or weaknesses that have been identified
during the period, and the extent to which they have a material impact on the company's
financial performance or condition, or might have a material impact in the future.
(e) The effectiveness of the company's processes for compliance with financial reporting
rules and Listing Rules.
Refer to section 3.6 of Chapter 2 for details of the disclosure requirements in the Corporate
Governance Report.

1.4 Auditors' responsibilities for internal control

The Corporate Governance Code (Appendix 14 of the Listing Rules) does not mention specifically
that the auditors have a responsibility for internal control. However, in the UK guidance is given in
Bulletin 2009/4.
The auditors should concentrate on the review carried out by the board. The objective of the
auditors' work is to ascertain whether the entity's reporting of its internal control processes is
consistent with the financial statements for the year and is supported by the documentation
prepared by the directors.
The auditors should review the statement made by the board in the financial statements and the
supporting documentation and make appropriate inquiries.

74
 3: Internal assurance | Part B Internal assurance

Auditors will have obtained some understanding of the entity's controls from their work on the financial
statements; however, what they are required to do by auditing standards is narrower in its scope than
the review performed by the directors. The auditors should review the statements made on internal
control in the annual report to ensure that they appear true and are not in conflict with the audited
financial statements.
The auditors are not required to consider whether the board's statements on internal control cover
all risks and controls, or form an opinion on the effectiveness of the company's corporate
governance procedures or its risk and control procedures.
However, it is very important for auditors to communicate quickly to the directors any material
deficiencies they do uncover, because of the requirements for the directors to make a statement on
internal control.
The directors are required to consider the material internal control aspects of any significant
problems disclosed in the financial statements. Auditors' work on this is the same as on other
aspects of the statements; the auditors are not required to consider whether the internal control
processes will remedy the problem.
The auditors may report by exception if problems such as the following arise:
(a) The board's report of the process of review of internal control effectiveness does not
reflect the auditors' understanding of that process.
(b) The processes that deal with material internal control aspects of significant risk areas do
not reflect the auditors' understanding of those processes.
(c) The board has not made an appropriate disclosure if it has failed to conduct an annual
review, or the disclosure made is not consistent with the auditors' understanding.

Self-test question 1
The Corporate Governance Code in Hong Kong ("the Code") clearly states the responsibilities of
the board of directors relating to internal controls.
Required
Explain the responsibilities of the board of directors relating to internal controls in the context of
principle and code provisions under the Code.
(3 marks)
HKICPA December 2012 (amended)
(The answer is at the end of the chapter)

2 Internal audit and corporate governance

Topic highlights
The internal audit function assists management in achieving the entity's corporate objectives,
particularly in establishing good corporate governance.

75
 Business Assurance

2.1 Introduction
Key term
The internal audit function is a function of an entity that performs assurance and consulting
activities designed to evaluate and improve the effectiveness of the entity's governance, risk
management and internal control processes.

The internal audit function is generally a feature of large companies. It is a function, provided either
by employees of the entity or sourced from an external organisation, to assist management in
achieving corporate objectives. An entity's corporate objectives will vary from company to
company, and will be found in a company's mission statement and strategic plan.

2.2 Internal audit and corporate governance

Established codes of corporate governance such as the Corporate Governance Code and
Corporate Governance Report (Appendix 14) in Hong Kong and the UK's Corporate Governance
Code highlight the need for boards to maintain good systems of internal control to manage the
risks the company faces. The internal audit function can play a key role in assessing and
monitoring internal control policies and procedures.
The internal audit function can assist the board in other ways as well:
 By, in effect, acting as auditors for board reports not audited by the external auditors
 By being the experts in fields such as auditing and accounting standards in the company and
assisting in implementation of new standards
 By liaising with external auditors, particularly where external auditors can use the internal
audit function's work and reduce the time and therefore the cost of the external audit
Section C.3 of the Corporate Governance Code (Appendix 14 of the Listing Rules) in Hong Kong
states that the key principle for the Audit Committee is that: 'The board should establish formal and
transparent arrangements for considering how it will apply financial reporting and internal control
principles and maintain an appropriate relationship with the issuer's auditors. The audit committee
established under the Listing Rules should have clear terms of reference.'
This implies that the board should establish formal and transparent arrangements for considering
how they should apply the financial reporting and internal control principles for maintaining an
appropriate relationship with the company's auditors.
Part of achieving this principle requires the audit committee to monitor and review the effectiveness
of the internal audit function's activities.
In addition, in order for the board to comply with the requirements of the Code where there is no
internal audit function:
 The audit committee should consider annually whether there is a need for this function and
make a recommendation to the board.
 To explain in the Corporate Governance Report the absence of such a function.
The following summarises the key responsibilities of the board in relation to internal control:
 Assess the scope and effectiveness of the internal control being established by the
management
 Ensure appropriate internal control in place for monitoring compliance with related laws and
regulations
 Monitoring the process of internal audit
 Ensure the internal audit function has sufficient resources and empowerment to perform their
work
 Approving the appointment or dismissal of the head of the internal audit function
 Considering the management response to the suggestions made by the internal audit
function

76
 3: Internal assurance | Part B Internal assurance

Role of the internal audit function in corporate governance

The internal audit function is placed perfectly to assist management in the assessment of risks and
internal controls. The UK Guidance on Risk Management, Internal Control and Related Financial
and Business Reporting (which contains what used to be called the Turnbull guidance) in particular
highlights the role the internal audit function can have in providing objective assurance and advice
on risk and control. The following summarises the key role of the internal audit function, which is to
assist the board in practice:
 An objective evaluation of the existing risk and internal control framework
 Analysis of business processes and associated internal controls
 Reviews of existence and the value of assets
 Information on frauds and irregularities
 Ad hoc reviews on any other area for which the risk level is unacceptable
 Reviews on the financial and operational activities of the company
 Reviews of the compliance framework and specific compliance issues
 Recommendations for more effective and efficient uses of the company's resources
 Assessment on the accomplishment on the company's goals and objectives

The UK Guidance on Risk Management, Internal Control and Related Financial and Business
Reporting sets out some key guidelines for the board in relation to risk management and internal
control.
 Ensuring the design and implementation of appropriate risk management and internal
controls that identify the risks facing the company and enable the board to make a robust
assessment of the principal risks
 Determining the nature and extent of the principal risks faced and those risks which the
organisation is willing to take in achieving its strategic objectives (determining its 'risk
appetite')
 Ensuring that appropriate culture and reward systems have been embedded throughout the
organisation
 Agreeing how the principal risks should be managed or mitigated to reduce the likelihood of
their incidence or their impact
 Monitoring and reviewing the risk management and internal controls, and the management's
process of monitoring and reviewing, and satisfying itself that they are functioning effectively
and that corrective action is being taken where necessary
 Ensuring sound internal and external information and communication processes and taking
responsibility for external communication on risk management and internal control
All companies face risks arising from their operational activities. Risks arise in different areas.
 Risk the company will go bankrupt
 Risks arising from regulations and law
 Risks arising from publicity
The guidelines require that risk be managed. This gives rise to another role for the internal audit
function, risk management.
Risk awareness and management should be the role of everyone in the organisation. The
extended role of the internal audit function with regard to risk is the monitoring of integrated risk
management within a company, and the reporting of results to the board to enable them to report to
shareholders.
Internal auditor relationships
Internal auditors have relationships with the following people:
 Management: by whom they are employed and may report to
 Audit committee: to whom they report; and
 External auditors: who may make use of their work

77
 Business Assurance

Reliance on the work of internal auditors by external auditors

HKSA The external auditors may make use of the work of the internal audit function. The guidance over
610.13 when this is appropriate is given to them in HKSA 610 (Revised 2013) Using the Work of Internal
Auditors.
The HKSA states that the external auditors must determine whether the work of the internal audit
function can be used, and if so, in which areas and to what extent. If external auditors do use the
work of the internal audit function, they must determine whether the work is adequate for the
purposes of the audit.
In evaluating the internal audit function the following factors must be considered:
 The objectivity of the internal audit function
 Technical competence of the internal auditors
 Whether the work is likely to be carried out with due professional care
 Whether there is likely to be effective communication between the internal and external
auditors
 Nature and scope of the work
 Assessed risk of material misstatement
 Degree of subjectivity involved in the evaluation of the audit evidence gathered by the
internal auditors
We will look at HKSA 610 (Revised 2013) in detail in section 4 of this chapter.

2.3 The role of internal audit in risk management

Topic highlights
The internal audit function has two key roles to play in relation to organisational risk management:
 Ensuring the company's risk management system operates effectively
 Ensuring that strategies implemented in respect of business risks operate effectively

The internal audit function has a two-fold role in relation to risk management.
 It monitors the company's overall risk management policy to ensure it operates
effectively
 It monitors the strategies implemented to ensure that they continue to operate effectively
A significant risk management policy in companies is to implement internal controls, and here the
internal audit function has a key role in assessing systems and testing controls.
The internal audit function may assist in the development of systems. However, its key role will be
in monitoring the overall process and in providing assurance that the systems which the
departments have designed meet objectives and operate effectively.
It is important that the internal audit function retains its objectivity towards these aspects of its
role, which is another reason why the internal audit function would generally not be involved in the
assessment of risks and the design of the system.
The UK guidance and the internal audit function's role in relation to risk management was touched
on. In response to this, directors need to ensure three steps are taken in their business.
 Identify risks
 Control risks
 Monitor risks

78
 3: Internal assurance | Part B Internal assurance

It is not the internal audit function's primary role to manage risk in a company. It is the responsibility
of the directors, usually delegated to individual managers in various departments.
The risks are identified and assessed, and a policy is taken in respect of each of them. This policy
is usually one of four:
(i) Accept risk (if it is low impact and likelihood)
(ii) Reduce risk (by setting up a system of internal control)
(iii) Avoid risk (by not entering market, accepting contract etc)
(iv) Transfer risk (by taking out insurance)
With their skills in business systems, internal auditors are ideally placed to monitor this process
and add value to it. They can:
 Give advice on the best design of systems and monitor their operation
 Be involved in a process that continually improves internal control
 Provide assurance on systems set up in each department
The involvement of the internal audit function as a monitoring unit will help to ensure that the
process of risk identification and management in a business is a continual process rather than a
one-off exercise.

2.4 Outsourcing the internal audit function

Topic highlights
Internal audit functions may consist of employees of the company, or may be outsourced to
external service providers. The advantages of outsourcing the internal audit function include
speed, cost and a tailored answer to internal audit requirements. One of the main disadvantages
may include threats to independence and objectivity if the external audit service is provided by the
same firm.

2.4.1 What is outsourcing?

Key term
Outsourcing is the use of external suppliers as a source of finished products, components or
services. It is also known as sub-contracting.

While the scope of the internal auditor's work is different to that of the external auditor, there are
many features that can link them. One of the key factors is that the techniques which are used to
carry out audits are the same for internal and external auditors.
It can be expensive to maintain an internal audit function consisting of employees of the company.
It is possible that the monitoring and review required by a certain company could be done in a
small amount of time and full-time employees cannot be justified.
It is also possible that a number of internal audit staff are required, but the cost of recruitment is
prohibitive, or the directors are aware that the need for an internal audit function is only short-term.
In such circumstances, it is possible to outsource the internal audit function, that is, purchase the
service from outside.
In this respect, many of the larger accountancy firms offer internal audit services. It is likely that the
same firm might offer one client both internal and external audit services. In such circumstances
the firm would have to be aware of the independence issues this would raise for the external
engagement team and implement safeguards to ensure that its independence and objectivity
were not impaired.

79
 Business Assurance

2.4.2 Advantages and disadvantages of outsourcing

The advantages and disadvantages of outsourcing the internal audit function are set out in the
following table:

Advantages of outsourcing Disadvantages of outsourcing

 Staff do not need to be recruited, as the  There will be independence and
service provider has good quality objectivity issues if the company uses the
staff. same firm to provide both internal and
 The service provider has different external audit services.
specialist skills and can assess what  The cost of outsourcing the internal audit
management require them to do. function might be high enough to make the
 Outsourcing can provide an immediate directors choose not to have an internal
internal audit function. audit function at all.

 Associated costs, such as staff  Company staff may oppose outsourcing if

training, are eliminated. it results in redundancies.

 The service contract can be for the  There may be a high staff turnover of
appropriate time scale. internal audit staff.

 Because the time scale is flexible, a  The outsourced staff may only have a
team of staff can be provided if limited knowledge of the company.
required.  The company will lose existing or
 It can be used on a short-term basis or developing in-house skills.
on a 'as needed basis'.

2.5 Managing an outsourced department

A company will need to establish controls over the outsourced internal audit function. These would
include the following:
(a) Setting performance measures in terms of cost and areas of the business reviewed and
investigating any variances

(b) Ensuring appropriate audit methodology (working papers/reviews) is maintained

(c) Reviewing working papers on a sample basis to ensure they meet internal
standards/guidelines

(d) Agreeing internal audit work plans in advance of work being performed

(e) If external auditor is used, ensuring the firm has suitable controls to keep the two functions
separate so that independence and objectivity is not impaired

3 Sarbanes-Oxley Act 2002

Topic highlights
The Sarbanes-Oxley legislation requires directors to report on the effectiveness of the
controls over financial reporting, limits the services auditors can provide and requires listed
companies to establish an audit committee. It adopts a rules-based approach to governance.

80
 3: Internal assurance | Part B Internal assurance

3.1 The Enron scandal

The most significant scandal in America in recent years has been the Enron scandal, when one
of the country's biggest companies filed for bankruptcy. The scandal also resulted in the
disappearance of Arthur Andersen, one of the Big Five accountancy firms who had audited Enron's
financial statements. The main reasons why Enron collapsed were over-expansion in energy
markets, eventually too much reliance on derivatives trading which eventually went wrong,
breaches of federal law, and misleading and dishonest behaviour. Inquiries into the scandal
exposed a number of weaknesses in the company's governance structure.
The following case study describes the details of the scandal:

Case study
The Enron case is perhaps the best-known failure of a large American corporation.
Enron Corporation was an energy company based in Houston, Texas. At its peak it was one of the
world's largest producers of electricity and gas as well as having large-scale pulp, paper and
communications businesses. At the time it filed for Chapter 11 bankruptcy (protection from
creditors' claims under US law) in 2001, Enron employed over 20,000 personnel. By the end of that
year, it had been revealed that Enron had been used as a vehicle for systematic accounting fraud,
with its major executives directly involved in the criminal activities.
Prior to the disaster, Enron had been highly successful and reputable. It had been voted America's
most innovative company on several occasions. The company's business model was one of
integration and diversification. In addition to marketing energy, Enron actually built the pipelines
and power plants (backward integration). To spread its risks beyond the energy industry, it moved
successfully into telecommunications and e-commerce as well as trading derivatives.
Once the problems were uncovered, it emerged that Enron's financial statements were completely
misleading. Its recorded assets were inflated in value and in some cases non-existent. The
company had placed debts and other obligations with offshore entities, thereby not consolidating
them in the group financial statements.
The systematic false accounting that had taken place led to a criminal investigation and the arrest
and indictment of several senior figures in the company. Several of the directors paid significant
sums of money to settle law suits against them. Jeffrey Skilling, the former Chief Executive, was
sentenced to 24 years in prison on numerous charges, including fraud.
The ramifications of the Enron case were not confined to the company. Serious questions were
raised about the failure of Arthur Andersen, the external auditors of the company, to identify the
inconsistencies in the Enron financial statements. This led to the subsequent break up and
dissolution of the accounting firm.
Enron's successor company, Enron Creditors Recovery Corporation, survives today with less than
500 personnel.
The Enron scandal, together with other high profile corporate failures, led to a reappraisal of
standards of corporate governance in the USA and further afield. The Enron case was the prime
mover for the introduction in 2002 of the Sarbanes-Oxley Act in the USA, which established a
Public Company Accounting Oversight Board ('PCAOB') to oversee the auditors of public
companies. Its stated purpose is to 'protect the interests of investors and further the public interest
in the preparation of informative, fair, and independent audit reports'. The formation of the PCAOB
greatly reinforced the laws on senior executive accountability. The Act also influenced the stock
exchanges of many countries and accelerated the creation of codes of practice to which all listed
companies are now expected to adhere.

81
 Business Assurance

3.1.1 Lack of transparency in the financial statements

This particularly related to certain investment vehicles that were kept off balance sheet. Various
other methods of inflating revenues, offloading debt, massaging quarterly figures and avoiding
taxes were employed.

3.1.2 Inadequate scrutiny by the external auditors

Arthur Andersen failed to spot or failed to question dubious accounting treatments. Since
Andersen's consultancy arm did a lot of work for Enron, there were allegations of conflicts of
interest.

3.1.3 Information asymmetry

That is the agency problem of the directors/managers knowing more than the investors. The
investors included Enron's employees. Many had their personal wealth tied up in Enron shares,
which ended up being worthless. They were actively discouraged from selling them. Many of
Enron's directors, however, sold the shares when they began to fall, potentially profiting from them.
It is alleged that the Chief Financial Officer of Enron, concealed the gains he made from his
involvement with affiliated companies.

3.1.4 Executive compensation methods

These were meant to align the interests of shareholders and directors, but seemed to encourage
the overstatement of short-term profits. Particularly in the USA, where the tenure of Chief
Executives is fairly short, the temptation is strong to inflate profits in the hope that share options will
have been cashed in by the time the problems are discovered.

3.2 The Sarbanes-Oxley Act 2002

3.2.1 The history of the Sarbanes-Oxley Act 2002
The Oxley Bill, composed by House Representative Michael Oxley, was passed in April 2002,
which was related to the accountability, responsibility and transparency of stating financial status of
the company. At the same time Senator Paul Sarbanes had another proposal on the similar lines.
He presented the bill to the Senate Banking Committee which passed the Bill with a majority.
Thereafter both the proposals made by House Representative Oxley and Senator Paul Sarbanes
were reconciled to be formed into one Act, which is now popularly known as the Sarbanes-Oxley
Act.
Sarbanes-Oxley came into force mainly due to the financial scandals committed by corporate
giants like Enron, WorldCom, etc, showing inadequacies in corporate government arrangements
causing breakdown of stock market trust. Since then the Sarbanes-Oxley Act has been the most
important piece of legislation to seriously affect the corporate governance, financial disclosures and
total accounting practice in companies.
Most companies focus their attention on Sarbanes-Oxley work in 13 specific areas. These 13 areas
are the ones where most of the financial impact is felt. Section 404 of the Sarbanes-Oxley Act is
the one that has caused most concern in the financial sector as it requires the corporate body to
enforce stricter controls over financial reporting by internal accounting personnel.

3.2.2 Application of the Sarbanes-Oxley Act

It has now become mandatory for US listed companies to have Sarbanes-Oxley compliance, and
to meet Sarbanes-Oxley compliance deadlines. Sarbanes-Oxley states that smaller companies and
foreign companies should meet the mandates for statements filed.

82
 3: Internal assurance | Part B Internal assurance

The Act applies to all companies that are required to file periodic reports with the Securities and
Exchange Commission (SEC). The Act was the most far-reaching US legislation dealing with
securities in many years and has major implications for public companies. Rule-making authority
was delegated to the SEC on many provisions.
Sarbanes-Oxley shifts responsibility for financial probity and accuracy to the board's audit
committee which typically comprises three independent directors, one of whom has to meet
certain financial literacy requirements (equivalent to non-executive directors in other jurisdictions).
Along with rules from the Securities and Exchange Commission, Sarbanes-Oxley requires
companies to increase their financial statement disclosures, to have an internal code of ethics
and to impose restrictions on share trading by, and loans to, corporate officers.

3.3 Detailed provisions of the Sarbanes-Oxley Act

3.3.1 Public Oversight Board
The Act set up a new regulator, The Public Company Accounting Oversight Board (PCAOB), to
oversee the audit of public companies that are subject to the securities laws.
The Board has powers to set auditing, quality control, independence and ethical standards for
registered public accounting firms to use in the preparation and issue of audit reports on the
financial statements of listed companies. In particular, the Board is required to set standards for
registered public accounting firms' reports on listed company statements on their internal control
over financial reporting. The Board also has inspection and disciplinary powers over firms.
The Public Company Accounting Oversight Board (PCAOB) has powers include setting
auditing, quality control, ethics, independence and other standards relating to the preparation of
audit reports by issuers. It also has the authority to regulate the non-audit services that audit firms
can offer.

3.3.2 Auditing standards

Audit firms should retain working papers for at least seven years, and have quality control
standards in place such as second partner review. As part of the audit they should review internal
controls to ensure that they reflect the transactions of the client and provide reasonable
assurance that the transactions are recorded in a manner that will permit preparation of the
financial statements in accordance with generally accepted accounting principles. They
should also review records to check whether receipts and payments are being made only in
accordance with management's authorisation.

3.3.3 Non-audit services

Auditors are expressly prohibited from carrying out a number of services including internal audit,
bookkeeping, systems design and implementation, appraisal or valuation services, actuarial
services, management functions and human resources, investment management, legal and expert
services. Provision of other non-audit services is only allowed with the prior approval of the
audit committee.

3.3.4 Quality control procedures

There should be rotation of lead or reviewing audit partners every five years and other procedures
such as independence requirements, consultation, supervision, professional development, internal
quality review and engagement acceptance and continuation.

3.3.5 Auditors and the audit committee

Auditors should discuss critical accounting policies, possible alternative treatments, the
management letter and unadjusted differences with the audit committee.

83
 Business Assurance

3.3.6 Audit committees

Audit committees should be established by all listed companies.
All members of audit committees should be independent and should therefore not accept any
consulting or advisory fee from the company or be affiliated to it. At least one member should be
a financial expert. Audit committees should be responsible for the appointment, compensation
and oversight of auditors. Audit committees should establish mechanisms for dealing with
complaints about accounting, internal controls and audit.

3.3.7 Corporate responsibility

The Chief Executive and Chief Finance Officer should certify the appropriateness of the financial
statements and that those financial statements fairly present the operations and financial condition
of the issuer. If the company has to prepare a restatement of financial statements due to material
non-compliance with standards, the Chief Finance Officer and Chief Executive should forfeit their
bonuses.

3.3.8 Off-balance sheet transactions

There should be appropriate disclosure of material off-balance sheet transactions and other
relationships (transactions that are not included in the financial statements but that impact upon
financial conditions, results, liquidity or capital resources).

3.3.9 Internal control reporting

Annual reports should contain internal control reports that state the responsibility of management
for establishing and maintaining an adequate internal control structure and procedures for
financial reporting. Annual reports should also contain an assessment of the effectiveness of
the internal control structure and procedures for financial reporting. Auditors should report on
this assessment.
Companies should also report whether they have adopted a code of conduct for senior financial
officers and the content of that code.

3.3.10 Whistleblowing provisions

Employees of listed companies and auditors will be granted whistleblower protection against
their employers if they disclose private employer information to parties involved in a fraud claim.

3.4 Impact of Sarbanes-Oxley in America

After the Sarbanes-Oxley Act came into force, accounting systems and financial statements
disclosed by the companies made tremendous progress. This improvement has been possible due
to rigorous requirements stated in the Sarbanes-Oxley Act, which helps to protect investor
confidence in companies and the US legislature as well. Moreover, it also helps in establishing a
Public Company Accounting Oversight Board, auditor independence, corporate responsibility and
enhanced financial disclosures.
The biggest expense as a result of compliance that companies are incurring is fulfilling the
requirement to ensure their internal controls are properly documented and tested. US companies
had to have efficient controls in the past, but they are now having to document them more
comprehensively than before, and then have the external auditors report on what they have done.
The Act also formally stripped accountancy firms of almost all non-audit revenue streams that they
used to derive from their audit clients, for fear of conflicts of interest.
For lawyers, the Act strengthens requirements on them to whistleblow internally on any wrongdoing
they uncover at client companies, right up to board level.

84
 3: Internal assurance | Part B Internal assurance

3.5 International impact of Sarbanes-Oxley

The Act also has a significant international dimension. About 1,500 non-US companies, including
many of the world's largest, list their shares in the US and are covered by Sarbanes-Oxley. There
were complaints that the new legislation conflicted with local corporate governance customs, and
following an intense round of lobbying from outside the US, changes to the rules were secured.
As America wields such significant influence worldwide, arguably Sarbanes-Oxley may influence
certain jurisdictions to adopt a more rules-based approach.

3.6 Impact of Sarbanes-Oxley in Hong Kong

There are a number of companies listed on both the Hong Kong Stock Exchange and the New
York Stock Exchange, these companies are subject to applicable Hong Kong laws and regulations,
including the Hong Kong Listing Rules, the Hong Kong Companies Ordinance, as well as
applicable US federal securities laws, including the US Securities Exchange Act of 1934, as
amended, and the Sarbanes-Oxley Act. In addition, these companies are subject to the listing
standards of the New York Stock Exchange to the extent they apply to non-US issuers. As a non-
US issuer, these companies are not required to comply with all of the corporate governance listing
standards of the New York Stock Exchange.
However, the Act has marked a new era in the Hong Kong regulatory regime which is
commensurate with international securities regulatory standards starting in 2003. Consequently,
Hong Kong and London are the places where companies are finding it easier and cheaper to list
their shares and raise capital.

3.7 Criticisms of Sarbanes-Oxley

Many commentators have criticised Sarbanes-Oxley for not being strong enough on some
issues, for example the selection of external auditors by the audit committee, and at the same time
being over-rigid on others. Directors may be less likely to consult lawyers in the first place if they
believe that legislation could override lawyer-client privilege.
In addition, they allege a Sarbanes-Oxley compliance industry has sprung up focusing companies'
attention on complying with all aspects of the legislation, significant or much less important. This
has distracted companies from improving information flows to the market and then allowing the
market to make well-informed decisions. The Act has also done little to address the temptation
provided by generous stock options to inflate profits, other than requiring possible forfeiture if
financial statements are subsequently restated.
Most significantly perhaps there is recent evidence of companies turning away from the US stock
markets and towards other markets such as London and Hong Kong. The number of initial public
listings fell in New York after the introduction of Sarbanes-Oxley and rose in stock exchanges
allowing a more flexible, principles-based, approach. An article in the Financial Times suggested
that this was partly due to companies tiring of the increased compliance costs associated with
Sarbanes-Oxley implementation.
In particular, directors of smaller listed companies have been unhappy with the requirement for
companies to report on the effectiveness of their internal control structure and procedures for financial
reporting. They have argued that gathering sufficient evidence for auditors on the internal controls
over financial reporting is expensive and less important for small companies than for large ones.
In addition, the nature of the regulatory regime may be an increasingly significant factor in listing
decisions. A rules-based approach means compliance must be absolute; the comply or explain
choice is not available.

85
 Business Assurance

4 Internal auditors

Topic highlights
External auditors may make use of the work of an internal audit function when carrying out audit
procedures.

4.1 Using the work of internal auditors

HKSA 610. Although the responsibilities of internal and external auditors are different (we explore how in the
13-24 paragraphs that follow), the external auditor may be able to make use of the work of internal
auditors in forming an opinion. Often the respective roles employ the same techniques but to
different ends. HKSA 610 (Revised 2013) Using the Work of Internal Auditors requires that external
auditors should take into account the internal audit function when planning their audit, but bear in
mind that internal auditors work for management and those charged with governance so they are
not independent. Therefore, the external auditors hold sole responsibility for the audit opinion
expressed on the financial statements. The standard was revised in December 2012 and then
revised again in May 2013 with additional provisions added where internal auditors are used to
provide direct assistance.

4.2 Relationship between HKSA 315 (Revised 2016) and HKSA

610 (Revised 2013)
HKSA 315 (Revised 2016) addresses how the knowledge and experience of the internal audit
function can inform the external auditor's understanding of the entity and its environment, as well
as the identification and assessment of risks of material misstatement. HKSA 315 (Revised 2016)
also explains how effective communication between the internal and external auditors creates an
environment in which the external auditor can be informed of significant matters that may affect the
external auditor's work.
HKSA 610 (Revised 2013) addresses the external auditor's responsibilities when, based on the
external auditor's preliminary understanding of the internal audit function, obtained as a result of
procedures performed under HKSA 315 (Revised 2016), the external auditor expects to use the
work of the internal audit function as part of the audit evidence obtained.
The External Auditor's Responsibility for the Audit
The external auditor has sole responsibility for the audit opinion expressed, and that responsibility
is not reduced by the external auditor's use of the work of the internal audit function on the
engagement.

4.3 Internal audit function

4.3.1 Objectives and scope of internal functions
The objectives and scope of the internal audit function typically include assurance and consulting
activities designed to evaluate and improve the effectiveness of the entity's governance processes,
risk management and internal control, such as the following:
 Activities relating to governance
 Activities relating to risk management
 Activities relating to internal control

86
 3: Internal assurance | Part B Internal assurance

Performance of activities similar to those performed by an internal audit function may be

conducted by functions with other titles within an entity.
While the objectives of the entity's internal audit function and the external auditor differ, the internal
audit function may perform audit procedures similar to those performed by the external auditor in
an audit of financial statements.

4.4 Evaluating the internal audit function

The external auditor shall determine whether the work of the internal audit function can be used for
purposes of the audit by evaluating the following:
(a) The extent to which the internal audit function's organisational status and relevant
policies and procedures support the objectivity of the internal auditors.
The external auditor exercises professional judgment in determining whether the work of the
internal audit function can be used for the purposes of the audit, and the nature and extent
to which the work of the internal audit function can be used in the circumstances.
Objectivity refers to the ability to perform those tasks without allowing bias, conflict of
interest or undue influence of others to override professional judgments. Factors that may
affect the external auditor's evaluation include the following:
 Whether the organisational status of the internal audit function, including the
function's authority and accountability, supports the ability of the function to be free
from bias, conflict of interest or undue influence of others to override professional
judgments, e.g. whether the internal audit function reports to those charged with
governance or an officer with appropriate authority, or if the function reports to
management, whether it has direct access to those charged with governance.
 Whether the internal audit function is free of any conflicting responsibilities e.g.
having managerial or operational responsibilities outside the internal audit function.
 Whether those charged with governance oversee employment decisions related to
the internal audit function, e.g. determining the appropriate remuneration policy.
 Whether there are any constraints or restrictions placed on the internal audit
function by management or those charged with governance e.g. in communicating
findings to the external auditor.
 Whether the internal auditors are members of relevant professional bodies and
their memberships obligate their compliance with relevant professional standards
relating to objectivity.
(b) The level of competence of the internal audit function;
 Whether the internal audit function is adequately and appropriately resourced
relative to the size of the entity and the nature of its operations.
 Whether there are established policies for hiring, training and assigning internal
auditors to internal audit engagements.
 Whether the internal auditors have adequate technical training and proficiency in
auditing.
 Whether the internal auditors possess the required knowledge relating to the
entity's financial reporting.
 Whether the internal auditors are members of relevant professional bodies that
oblige them to comply with the relevant professional standards including continuing
professional development requirements.

87
 Business Assurance

(c) Whether the internal audit function applies a systematic and disciplined approach,
including quality control.
Factors that may affect the external auditor's determination of whether the internal audit
function applies a systematic and disciplined approach include the following:
 The existence, adequacy and use of documented internal audit procedures or
guidance covering such areas as risk assessments, work programs, documentation
and reporting, the nature and extent of which is commensurate with the size and
circumstances of an entity.
 Whether the internal audit function has appropriate quality control policies and
procedures, for example, such as those policies and procedures in HKSQC 1
(Clarified) that would be applicable to an internal audit function (such as those relating
to leadership, human resources and engagement performance) or quality control
requirements in standards set by the relevant professional bodies for internal auditors.

4.4.1 Determining the nature and extent of work that can be used
The external auditor considers the nature and scope of the work that has been performed or is
planned to be performed by the internal audit function and assesses its relevance to the overall
strategy and plan for the external audit.
The external audit must make all significant judgments in relation to the audit and must prevent
undue use of the work of the internal auditor by performing more of the work directly. Examples of
internal audit work that might be used by the external auditor include:
 Testing of the operating effectiveness of controls
 Substantive procedures involving limited judgment
 Observations of inventory controls
 Tracing transactions through the information system relevant to financial reporting
 Testing of compliance with regulatory requirements

4.5 Using the work of the internal audit function

If the external auditor plans to use the work of the internal audit function, the external auditor shall
discuss the planned use of its work with the function as a basis for coordinating their respective
activities.
(a) Discussion and coordination with the internal audit function
In discussing the planned use of their work with the internal audit function as a basis for
coordinating the respective activities, it may be useful to address the following:
 The timing of such work
 The nature of the work performed
 The extent of audit coverage
 Materiality for the financial statements as a whole and performance materiality
 Proposed methods of item selection and sample sizes
 Documentation of the work performed
 Review and reporting procedures
Coordination between the external auditor and the internal audit function is effective
when, for example:
 Discussions take place at appropriate intervals throughout the period.
 The external auditor informs the internal audit function of significant matters that may
affect the function.
 The external auditor is advised of and has access to relevant reports of the internal
audit function and is informed of any significant matters that come to the attention of

88
 3: Internal assurance | Part B Internal assurance

the function when such matters may affect the work of the external auditor so that the
external auditor is able to consider the implications of such matters for the audit
engagement.
 The external auditor shall read the reports of the internal audit function relating to the
work of the function that the external auditor plans to use to obtain an understanding
of the nature and extent of audit procedures it performed and the related findings.
(b) Adequacy of the work of internal auditors
The external auditor shall perform sufficient audit procedures on the body of work of the
internal audit function as a whole that the external auditor plans to use to determine its
adequacy for purposes of the audit, including evaluating whether:
 The work of the function had been properly planned, performed, supervised, reviewed
and documented
 Sufficient appropriate evidence had been obtained to enable the function to draw
reasonable conclusions
 Conclusions reached are appropriate in the circumstances and the reports prepared
by the function are consistent with the results of the work performed
The procedures the external auditor may perform to evaluate the quality of the work
performed and the conclusions reached by the internal audit function include:
 Making inquiries of appropriate individuals within the internal audit function
 Observing procedures performed by the internal audit function
 Reviewing the internal audit function's work program and working papers
(c) Nature and extent of the external auditor's audit procedures
The nature and extent of the external auditor's audit procedures shall be responsive to the
external auditor's evaluation of:
 The amount of judgment involved.
 The assessed risk of material misstatement.
 The extent to which the internal audit function's organisational status and relevant
policies and procedures support the objectivity of the internal auditors.
 The level of competence of the function. This shall include reperformance of some of
the work. Reperformance involves the external auditor's independent execution of
procedures to validate the conclusions reached by the internal audit function.
Reperformance provides more persuasive evidence regarding the adequacy of
internal audit as compared to other procedures.
The requirement to reperform some of the internal audit work is a new requirement
included in the revised HKSA.

HKSA
610.26-35 4.6 Using internal auditors to provide direct assistance
HKSA 610 (Revised 2013) includes guidance for situations where the external auditor uses the
internal auditors to provide direct assistance.

Key term
Direct assistance. The use of internal auditors to perform audit procedures under the direction,
supervision and review of the external auditor

89
 Business Assurance

4.6.1 Determining whether internal auditors can be used to provide direct

assistance
If the external auditor wishes to use the internal audit function to provide direct assistance, and this
is not prohibited by law or regulation the external auditor is required to evaluate the existence and
significance of threats to objectivity and the level of competence of the internal auditors. In making
this assessment the external auditor will consider the following:
 The extent to which the internal audit function's organisational status and relevant policies
and procedures support the objectivity of the internal auditors
 Family and personal relationships with an individual working in, or responsible for, the aspect
of the entity to which the work relates
 Association with the division or department in the entity to which the work relates
 Significant financial interests in the entity (other than remuneration on terms consistent with
those applicable to other employees at a similar level of seniority
HKSA 610 (Revised 2013) also specifies instances where use of internal auditors to provide direct
assistance is prohibited:
 Where there are significant threats to the objectivity of the internal auditor
 Where the internal auditor lacks sufficient competence to perform the proposed work

4.6.2 Nature and extent of work that can be assigned

When determining the nature and extent of the work that can be assigned to the internal auditors
the external auditor must consider:
 The amount of judgment involved in planning and performing the procedures and evaluating
the evidence gathered
 The assessed risk of material misstatement and
 The external auditor's evaluation of the existence and significance of threats to the objectivity
and level of competence of the internal auditors
HKSA 610 (Revised 2013) prohibits the use of internal auditors to provide direct assistance to
perform the following procedures:
(a) Those that involve making significant judgments in the audit
(b) Those that relate to work with which the internal auditors have been involved and which has
been/will be reported to management/those charged with governance
(c) Those that relate to decisions the external auditor makes regarding the internal audit function
and the use of its work or direct assistance
It would not be appropriate for the internal auditors to provide direct assistance in respect of the
following:
 Discussion of fraud
 Determination of unannounced audit procedures in accordance with HKSA 240
 Responsibilities regarding external confirmation requests and evaluation of results of
external confirmation procedures
The HKSA also makes the point that excessive use of internal auditors to provide direct assistance
may affect perceptions regarding the independence of the external audit.

90
 3: Internal assurance | Part B Internal assurance

4.6.3 Using internal auditors to provide direct assistance

Before using the internal auditors to provide direct assistance the external auditor is required to
obtain written agreement from the entity that the internal auditors will be allowed to follow
instruction from the external auditor. Written agreement from the internal auditors that they will
keep information confidential must also be obtained. The external auditor is then responsible for
ensuring that the internal auditors' work is properly directed, supervised and reviewed.

HKSA
610.36-37 4.7 Documentation
If the external auditor uses the work of the internal audit function, the external auditor shall include
in the audit documentation:
(a) The evaluation of:
 Whether the function's organisational status and relevant policies and procedures
adequately support the objectivity of the internal auditors
 The level of competence of the function
 Whether the function applies a systematic and disciplined approach, including quality
control.
(b) The nature and extent of the work used and the basis for that decision.
(c) The audit procedures performed by the external auditor to evaluate the adequacy of the
work used.
If the internal auditors provide direct assistance the external auditors must document the following:
(a) The evaluation of the existence and significance of threats to objectivity
(b) The basis for the decision regarding the nature and extent of the work performed by the
internal auditors
(c) Who reviewed the work performed and the date and extent of that review
(d) The written agreements required (see section 4.6.3 above)
(e) The working papers prepared by the internal auditors

Self-test question 2
As the external auditors for Union Bank, you are considering relying on the work of the internal
audit function for testing the internal control. The internal audit function is part of the accounting
and finance division and reports to the Chief Financial Officer.
Being the audit senior, you have been assigned to review the work of internal auditors prior to the
commencement of this year's audit. The following issues are discovered:
(1) For most of the audit tests, there is no detailed documentation of the work by the internal
auditors that has been completed.
(2) There is a high staff turnover within the internal audit function. There are five staff in the
function responsible to undertake internal control testing. The new staff employed have no
audit and accounting experience.
(3) Union Bank's audit plan and programme are developed based on the firm's standard audit
plan. However, the testing of wages is not selected. Upon discussion with the internal
auditors, the auditors reveal that the financial controller has altered the instructions as he
recognises that the risk of non-compliance in the wages area is minimal.
(4) For those areas that have been documented, the results are quite clear and competently
completed. However, three compliance errors are detected in the loan approvals and there
are no follow up procedures, as the entity believes these incidents are immaterial.

91
 Business Assurance

Requirement
Demonstrate the weaknesses in the internal audit function and your consideration whether you
consider the audit firm should rely on Union Bank's internal audit function.
(The answer is at the end of the chapter)

4.8 Distinction between internal and external audit

Topic highlights
Although many of the techniques internal and external auditors use may be similar, the basis and
reasoning of their work is different.

The external audit is focused on the financial statements, whereas the internal audit function
is focused on the operations of the entire business.
The following table highlights the differences between internal and external audit:

Internal audit External audit

Objective Designed to add value and improve An exercise to enable auditors to

an entity's operations. express an opinion on the financial
statements.
Reporting Reports to the board of directors, or Reports to the shareholders or members
other people charged with of an entity on the truth and fairness of
governance, such as the audit the financial statements. Audit report is
committee. Reports are private and publicly available to the shareholders
for the directors and management of and other interested parties.
the entity.
Scope Work relates to the operations of the Work relates to the financial statements.
entity.
Relationship Often employees of the organisation, Independent of the entity and its
although sometimes the function is management. Usually appointed by the
outsourced. shareholders.

The table demonstrates that the whole basis and reasoning of internal audit work is
fundamentally different to that of external audit work.

4.9 Responsibility for fraud and error

Topic highlights
It is the responsibility of management and those charged with governance to prevent and detect
fraud, and in this respect, the internal audit function may have a role to play.

Fraud is a significant business risk. It is the responsibility of the directors to prevent and detect
fraud. However, as the internal audit function plays an important role in the management of risk so
it is by implication involved in the process of managing the risk of fraud. It is not the responsibility of
the external auditors to prevent and detect fraud, although they may uncover fraud while carrying
out their audit of the financial statements, which will be undertaken with the possibility of material
misstatement through fraud in mind. We will study the external auditor's responsibilities for the
detection of fraud and error in more detail in Chapter 10.

92
 3: Internal assurance | Part B Internal assurance

The internal audit function can help to prevent fraud by carrying out timely reviews on the
adequacy and effectiveness of control systems and making appropriate recommendations. The
internal audit function may be able to detect fraud by being mindful to the possibility when
carrying out its work and reporting any suspicions.
Establishing an internal audit function and investing it with appropriate authority and stature
may act as a powerful deterrent to fraud in itself. Management may require the internal auditors to
undertake special projects to investigate any reported suspicions.

4.10 Limitations of the internal audit function

Although the presence of an internal audit function within an entity is indicative of good internal
control, by its very nature, there are some limitations of the internal audit function.
Internal auditors are employed by the entity and this can impair their independence and
objectivity and ability to report fraud/error to senior management because of perceived threats to
their continued employment within the entity.
To ensure transparency, best practice indicates that the internal audit function should have a dual
reporting relationship, i.e. report both to management and those charged with governance (the
audit committee). If this reporting structure is not in place, management may be able to unduly
influence the internal audit plan, scope, and whether issues are reported appropriately. This results in
serious potential conflict, and limits the scope and compromises the effectiveness of the internal audit
function.
Internal auditors are not required to be professionally qualified (as accountants are) and so there
may be limitations in their knowledge and technical expertise.

93
 Business Assurance

Topic recap

Prevention and Effective system of May be outsourced

detection of fraud internal controls

Sarbanes-Oxley requires:
Assists management · Directors to report on
internal control effectiveness
·· Limits on non-audit services
Listed companies to establish
audit committees

Part of corporate
INTERNAL AUDIT FUNCTION
governance framework

Work performed may be Organisational risk

used by external auditor management

Evaluate internal Similar Different Internal auditor Risk management Risk strategies
audit work and techniques basis and may provide direct system operates operate effectively
assess adequacy reasoning assistance effectively

Reperformance
of procedures

94
 3: Internal assurance | Part B Internal assurance

Answer to self-test questions

Answer 1
The general principle of the Corporate Governance Code ('the Code') in Hong Kong requires the
board of directors to maintain a sound and effective system of internal control to safeguard the
shareholder's investment and the issuer's assets.
In Section C of the Code, the board is required to conduct a review of the effectiveness of the
company's system of internal controls and report to the shareholders that they have done so in
their Corporate Governance Report at least annually.
The review should cover all material controls, including financial, operational and compliance
controls and risk management functions; and consider the adequacy of resources, qualifications
and experience of staff of the company's accounting and financial reporting functions, and their
training programmes and budget.

Answer 2
The weaknesses in the internal audit function may be identified as follows:
(1) The new staff are not competent and do not have any professional qualifications or
accounting experience. More competent staff should be engaged.
(2) The internal audit function reporting to the chief financial officer is not an independent act.
The internal auditors should report to the highest level of management such as the board or
the audit committee.
(3) There is no documentation of work performed and this is inadequate. Proper documentation
should be in place.
(4) Errors in the compliance tests have not been followed up and this shows lack of competence
and professional due care.
(5) The audit programme has been altered by the Financial Controller. Internal auditors should
not be influenced by any other management person.
Under HKSA 610 (Revised 2013), external auditors should consider the following before relying on
the work of the internal audit function:
 The extent to which the internal audit function's organisational status and relevant policies
and procedures support the objectivity of the internal auditors.
 The level of competence of the internal audit function.
 Whether the internal audit function applies a systematic and disciplined approach, including
quality control.
Overall, it seems that it is not desirable to rely on internal auditing work.

95
 Business Assurance

Exam practice

Stone Company Limited 23 minutes

You are the audit manager of a CPA firm and are responsible for the audit of Stone Company
Limited ('Stone') for the year ended 31 December 20X3. The Chief Finance Officer of Stone,
Mr Chan, has informed you that at the beginning of the year the company set up an internal audit
function. He has asked you to use extensively Stone's internal audit function resources for the
purpose of carrying out the forthcoming audit. In particular, Mr Chan has suggested you rely on the
internal audit function for the following audit procedures:
(a) Attendance of year-end inventory count
(b) Determining the sample sizes; and selecting and arranging confirmation of the
company's receivables balances.
At 31 December 20X3, the inventory and receivables balances were approximately 25% and 30%
of the company's total assets, respectively. The head of the internal audit function will report to
you directly the findings of the year-end inventory count and the results of the confirmation.
Required
(a) If you plan to use the internal audit function's work, how would you assess Stone's
internal audit function before deciding to use their work? (7 marks)
(b) Explain whether you would use the work of Stone's internal audit function in the specific
ways suggested by Mr Chan. (8 marks)

(Total = 15 marks)
HKICPA February 2004 (amended)

96
Part C
Professional standards and
guidance

Professional standards and guidance are a must to have a job done properly in any
accountancy and auditing engagement. The practice of arbitrary techniques and scandals
developed from creative procedures are damaging the accountancy profession. Students are
expected to learn the Code of Ethics by heart and become a CPA of the highest calibre. They
are then more ready to face ethical dilemmas and carry out their responsibilities in a creditable
way.

97
 Business Assurance

98
 chapter 4

Code of Ethics
Topic list

1 Fundamental principles and the conceptual 5 Specific guidance: Conflicts of interest

framework approach 5.1 Conflicts between professional
1.1 The importance of ethics accountants' and entities' interests
1.2 The fundamental principles 5.2 Conflicts between the interests of
1.3 The conceptual framework different entities
1.4 Threats to compliance with the 6 Conflicts in application of the fundamental
fundamental principles principles
1.5 Available safeguards 6.1 Matters to consider
2 Specific guidance: Independence 6.2 Unresolved conflict
2.1 Objective of the guidance 7 Code of ethics applicable to professional
2.2 What is independence? accountants in business
2.3 Self-interest threat 7.1 Examples of threats for professional
2.4 Self-review threat accountants in business
2.5 Advocacy threat 7.2 Safeguards to comply with the
2.6 Familiarity threat fundamental principles for professional
2.7 Intimidation threat accountants in business
2.8 Other assurance engagements 7.3 Potential conflicts
2.9 HKSQC 1: Quality control: Independence 7.4 Preparation and reporting of information
3 Specific guidance: Responding to Non- 7.5 Acting with sufficient expertise
Compliance with Laws and Regulations 7.6 Financial interests
3.1 Professional accountants in public 7.7 Inducements
practice 8 Other issues
3.2 Professional accountants in business 8.1 Client acceptance
4 Specific guidance: Confidentiality 8.2 Engagement acceptance
4.1 Duty of confidence 8.3 Changes in professional appointment
4.2 Recognised exceptions to the rule of 8.4 Marketing professional services
confidentiality 8.5 Custody of entity's assets
4.3 Disclosure in the public interest 8.6 Integrity, objectivity and independence in
insolvency

Learning focus

Professional accountants are sometimes faced by ethical dilemmas. Codes of ethics, such as
that issued by the Hong Kong Institute of Certified Public Accountants, give guiding principles
to help professional accountants carry out their responsibilities to both their profession and the
wider public.
There are also a number of practical measures (safeguards) that a firm may implement to
ensure that these ethical principles are not breached.

99
 Business Assurance

Learning outcomes

In this chapter you will cover the following learning outcomes:

Competency
level
1.01 The Institute's Code of Ethics for Professional Accountants 3
1.01.01 Explain the fundamental principles and the conceptual framework
approach
1.01.02 Identify, evaluate and respond to threats to compliance with the
fundamental principles
1.01.03 Discuss and evaluate the effectiveness of available safeguards
1.01.04 Recognise and advise on conflicts in the application of fundamental
principles for Professional Accountants in practice and in business

The following summary illustrates the main parts of the chapter:

ETHICAL REQUIREMENTS
Code of Ethics

INDEPENDENCE CONFLICT OF INTEREST CONFIDENTIALITY

OBJECTIVITY INTEGRITY
THE FIRM CLIENT OBLIGATION FREEDOM
V V TO TO
THE CLIENT DISCLOSE DISCLOSE
CLIENT
IDENTIFY THREATS TO
INDEPENDENCE

Self-Interest Threat
Self-Review Threat
Familiarity Threat
Advocacy Threat
Intimidation Threat Provide Obligated Protect
safeguard by law the firm's
to reduce interests
the conflict
SAFEGUARDS AGAINST
THREATS TO INDEPENDENCE
By legislation and regulation
Firm wide
Engagement specific Decline the Accept
engagement client

100
 4: Code of ethics | Part C Professional standards and guidance

It is important that you understand the topic well. Auditors are subject to ethical requirements
imposed by the accountancy bodies; in Hong Kong, it is the HKICPA.
Code of Ethics for Professional Accountants Revised June 2010; February 2012; November
2013; March 2014, January 2015 and December 2016
This Code of Ethics for Professional Accountants (the Code) is effective on 1 January 2011
(although the several subsequent amendments to bring it into line with the IESBA Code of Ethics
are effective from different dates indicated within each amendment). All subsequent amendments
to the Code have been incorporated into this Learning Pack.
All Professional Accountants are required to comply with the Code.
Section A – GENERAL APPLICATION OF THE CODE
Section B – PROFESSIONAL ACCOUNTANTS IN PUBLIC PRACTICE
Section C – PROFESSIONAL ACCOUNTANTS IN BUSINESS
Section D – ADDITIONAL ETHICAL REQUIREMENTS
Section E – SPECIALISED AREAS OF PRACTICE
Professional Accountant in Professional Accountant in
Public Practice Business
Definition: Professional accountant in a Professional accountant
firm that provides professional employed or engaged in an
services executive or non-executive
capacity ie commerce,
industry, service etc
Adoption of which Parts of the Code: A,B,D,E of the Code A,C D,E of the Code

SECTION A: General application of the Code

Section A provides guidance on fundamental ethical principles where professional accountants
are required to apply this conceptual framework to identify threats to compliance with the
fundamental principles, to evaluate the significance of such threats and the safeguards to
eliminate them or reduce the threats to acceptable levels.

SECTION B: Professional accountants in public practice

Section B provides specific ethical guidance for professional accountants in public practice.

1 Fundamental principles and the conceptual

framework approach

Topic highlights
Professional accountants rely on the guidance of an ethical code because they hold positions of
trust, and people rely on them. In their business dealings they may encounter situations or be put
under pressure to act in ways that further their own advantage, or that of an entity, against the
wider public interest or the interest of their profession.

101
 Business Assurance

1.1 The importance of ethics

Professional accountants are expected to demonstrate the highest standards of ethical behaviour
and to act in the public interest. Around the world accountancy bodies have produced ethical
guidance in the form of codes of ethics in order to help professional accountants carry out their
responsibilities both to their profession and to the wider public.
In Hong Kong this guidance is given in the HKICPA's Code of Ethics for Professional Accountants
(the Code) which states the following about the particular responsibilities of the professional
accountant:

'A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in
the public interest. Therefore, a professional accountant's responsibility is not exclusively to satisfy
the needs of an individual entity or employer.
The public interest is considered to be the collective well-being of the community of people and
institutions the professional accountant serves, including entities, lenders, governments,
employers, employees, investors, the business and financial community and others who rely on the
work of professional accountants.'

Two points are very clear from this: first, the key reason that professional accountants must
behave ethically is that a very wide range of people rely on them and their expertise. The
second is that the accountant has a duty to serve not only the entity who has engaged his services
or his employer, but the wider public interest – that is, he must be, and must be seen to be,
independent.
Professional accountants hold positions of trust by the entities whom they serve, and the users of
the information they provide through statutory reporting. They have access to sensitive financial
and strategic information which may have a significant impact on the future direction of the
business and its stakeholders.
Undertaking these professional obligations may give rise to ethical dilemmas and conflicts of
interest; when it does the professional accountant may turn to the guidance laid down by the
accountancy bodies, such as the Hong Kong Institute of Certified Public Accountants. As it is
impossible to anticipate the very many scenarios which may give rise to these difficulties the
guidance is given in the form of fundamental principles, guidance and explanatory notes. The
professional accountant is given the freedom to use his own judgment as to how to apply the
principles or may seek advice from the HKICPA.

1.2 The fundamental principles

HKICPA Code of Ethics

Integrity. A professional accountant should be honest and straightforward in all professional

and business relationships. Integrity also implies fair dealing and truthfulness. Professional
accountants should not be associated with information that contains a materially false and
misleading statement or the information has been furnished recklessly.
Objectivity. A professional accountant should not be biased nor have conflicts of interest or
undue influence to override professional or business judgment. The professional accountant
should not compromise professional or business judgment due to bias. In addition, they should
avoid being exposed to situations that may impair objectivity.
Professional competence and due care. A professional accountant should be competent to
perform professional services and should act diligently and in accordance with applicable
technical and professional standards when providing professional services.
Professional competence requires both attainment and maintenance of professional competence
which requires continuing awareness and understanding of relevant technical professional and
business development.

102
 4: Code of ethics | Part C Professional standards and guidance

HKICPA Code of Ethics

Diligence includes the responsibility to act in accordance with the requirements of an

assignment, carefully, thoroughly and on a timely basis.
The engagement team should have appropriate training and supervision and if there are any
inherent limitations, the professional accountant should notify the entity or users of the financial
statements.
Confidentiality. A professional accountant should respect the confidentiality of information
acquired as a result of professional and business relationships and should not disclose any
information to third parties without proper and specific authority unless there is a legal or
professional right or duty to disclose. Confidential information should not be used for personal
advantage or for any third parties.
There is a need to maintain confidentiality of information within the firm or within an employing
organisation.
The duty of confidentiality continues even after the end of the relationship between the
professional accountant and the entity.
Disclosure of information is allowed only when:
 Permitted by law and authorised by the entity or employer
 Required by law in the course of legal proceedings or to appropriate public authorities
 There is a professional duty or right to disclose, i.e.
– To comply with technical standard and professional standards, including ethical
requirements
– To protect professional interests of the accountant in legal proceedings
– To comply with a HKICPA practice review
– To deal with an inquiry or investigation by HKICPA or other regulatory bodies.
Additional requirements are set out in section 225 Responding to Non-Compliance with Laws
and Regulations, section 410 'Unlawful Acts or Defaults by Clients of Members' and section 411
'Unlawful Acts or Defaults by or on Behalf of a Member's Employer'.
Professional behaviour. A professional accountant should comply with relevant laws and
regulations and avoid any conduct that discredits the profession.
Professional accountants should not bring the profession into disrepute during its promotion.
Professional accountants should not exaggerate claims for their services that they offer, the
qualifications they possess or experience they have gained.
Professional accountants should not make disparaging references or unsubstantiated
comparisons to the work of others.

1.3 The conceptual framework

The conceptual framework in the Code requires a professional accountant to identify, evaluate and
address threats to compliance with the fundamental principles.
A professional accountant has an obligation to evaluate any threats to compliance with the
fundamental principles. They should take into account both qualitative and quantitative factors
when considering the significance of a threat.
When the threats are identified and the threats are clearly significant, a professional accountant
should where appropriate, apply safeguards to eliminate the threats or reduce them to an
acceptable level.
A professional accountant should decline or discontinue the service if no safeguards can be
implemented.
A professional accountant shall use professional judgment in applying this conceptual framework.

103
 Business Assurance

1.4 Threats to compliance with the fundamental principles

There are five general sources of threat:
(a) Self-interest threats – may occur as a result of the financial or other interests of a
professional accountant or of an immediate or close family member (for example, having a
financial interest in an entity)
(b) Self-review threats – may occur when a previous judgment needs to be reviewed by the
professional accountant responsible for that judgment (for example, auditing financial
statements prepared by the firm)
(c) Advocacy threats – may occur when a professional accountant promotes a position or
opinion that subsequently objectivity may be compromised (for example, promoting shares in
a listed entity when that entity is a financial statement audit entity)
(d) Familiarity threats – may occur when due to a close relationship, a professional accountant
becomes too sympathetic to the interests of others (for example, an engagement team
member having family member at the entity)
(e) Intimidation threats – may occur when a professional accountant may be deterred from
acting objectivity by threats, actual or perceived (for example, threats of replacement due to
disagreement)

1.5 Available safeguards

There are three general categories of safeguards:
 Safeguards created by the profession, legislation or regulation
 Safeguards in the work environment
 Safeguards created by the individual

Examples of safeguards created by the profession, legislation or regulation:

(a) Educational training and experience requirements for entry into the profession
(b) Continuing professional development requirements
(c) Corporate governance code
(d) Professional standards
(e) Professional or regulatory monitoring and disciplinary procedures
(f) External review by a legally empowered third party of the reports, returns, communication or
information produced by a professional accountant

HKICPA issues ethical standards, quality control standards and auditing standards which work
together to ensure independence is safeguarded and quality audits are carried out.
Examples of safeguards in the work environment:
(a) Strong firm leadership to emphasise the importance of compliance with the fundamental
principles and their expectation that members of the assurance team will act in the public
interest
(b) Establish policies and procedures to implement and monitor quality control of assurance
engagement
(c) Document the firm's independence policies including identification and evaluation of threats
(d) Document the internal policies and procedures requiring compliance with the fundamental
principles

104
 4: Code of ethics | Part C Professional standards and guidance

(e) Establish policies and procedures to identify interests or relationships between the firm or
assurance team members, to monitor and manage the undue dependence on fee from a
single entity
(f) Rotate senior audit staff, partners with separate reporting lines of the provision of non-
assurance services to an entity
(g) Establish policies and procedures to prohibit non-team members influence the outcome of
the engagement
(h) Update all partners and professional staff of firm's policies and procedures including giving
appropriate training
(i) Senior management should review the adequate functioning of the safeguarding system
(j) Advise partners and professional staff to be independent
(k) Establish disciplinary mechanism to promote compliance with the firm's policies and
procedures
(l) Involve an additional professional accountant to review the work done or otherwise advise as
necessary

(m) Consult an independent third party, such as a committee of independent directors, a

professional regulatory body or another professional accountant

(n) Use different partners and engagement teams with separate reporting lines for the provision
of non-assurance services to entities

(o) Discuss ethical issues with those in charge of entity governance

(p) Disclose to those charged with governance the nature of services provided and extent of
fees charged
(q) Involve another firm to perform or reperform part of the engagement
Example of safeguards created by the individual:
(a) Comply with continuing professional development requirements
(b) Keep records of contentious issues and approach to decision-making
(c) Maintain a broader perspective on how similar organisations function through establishing
business relationships with other professionals
(d) Use an independent mentor
(e) Maintain contact with legal advisers and professional bodies

105
 Business Assurance

2 Specific guidance: Independence

Professional accountants in public practice should not engage in any activities that impair or might
impair integrity, objectivity or the good reputation of the profession.

2.1 Objective of the guidance

Stage 1
Identify threats to independence
 Self-Interest Threat  Advocacy Threat
 Self-Review Threat  Intimidation Threat
 Familiarity Threat

Stage 2
Evaluate the significance of those threats
Significant or not?

Stage 3
Identify and apply safeguards to eliminate the threats

ABLE TO REDUCE TO AN UNABLE TO REDUCE TO AN

ACCEPTABLE LEVEL ACCEPTABLE LEVEL

CONTINUE OR ACCEPT DECLINE THE

THE ENGAGEMENT ENGAGEMENT

The guidance states its purpose in a series of steps. It aims to help firms and members:
Step 1
Identify threats to independence.
Step 2
Evaluate whether the threats are insignificant.
Step 3
If the threats are not insignificant, identify and apply safeguards to eliminate risk, or reduce it to
an acceptable level.
It also recognises that there may be occasions where no safeguard is available. In such a
situation, it is only appropriate to:
 Eliminate the interest or activities causing the threat
 Decline the engagement, or discontinue it

106
 4: Code of ethics | Part C Professional standards and guidance

2.2 What is independence?

A provider of assurance services must be, and be seen to be, independent. What is meant by
independence?

Key terms
Independence of mind: The state of mind that permits the expression of a conclusion without
being affected by influences that compromise professional judgment, thereby allowing an individual
to act with integrity, and exercise objectivity and professional scepticism.
Independence in appearance: The avoidance of facts and circumstances that are so significant
that a reasonable and informed third party would be likely to conclude weighing all the specific facts
and circumstances that a firm's or a member of the engagement team's integrity, objectivity or
professional scepticism has been compromised.

Firms must evaluate the significance of any threats to independence and then put safeguards in
place, where this is possible, to reduce the threat to acceptable levels. If it is not possible to put
adequate safeguards in place, it may be better to withdraw services than to risk a conflict of
interest. Certain entities, listed companies or those deemed to be of significant public interest due
to the wide range of stakeholders involved may be subject to more stringent rules.

Section 290 Independence – Audit and review engagements

This section addresses the independence requirements for audit engagements and review
engagements, which are assurance engagements in which a professional accountant in public
practice expresses a conclusion on financial statements.
Such engagements comprise audit and review engagements to report on a complete set of
financial statements and a single financial statement. Independence requirements for assurance
engagements that are not audit or review engagements are addressed in Section 291.
Degree of independence:
The degree of independence required is less rigid for a low level assurance engagement to non-
audit clients than for audit. For example:

Audit client Non audit assurance client

Audit Must be independent * N/A

Non audit, general use Must be independent * Only the assurance team and
the firm must be independent.
Non audit, restricted use Must be independent * The assurance team and the
firm must have no material
financial interest in the client.

* Applicable to the assurance team, the firm and the network firm

Topic highlights
HKICPA's Code of Ethics gives examples of a number of situations where independence might be
threatened and suggests safeguards to protect independence.

HKICPA's Code gives extensive lists of examples of threats to independence and applicable
safeguards. In the rest of this chapter, these threats and some relevant factors and potential
safeguards are outlined. Definite rules are shown in bold. You should learn these.

107
 Business Assurance

2.3 Self-interest threat

The HKICPA Code of Ethics highlights a great number of areas in which a self-interest threat might
arise.
Employment with entity