Audi alteram partem is a principle of natural justice which prohibits a judicial decision which impacts upon individual rights without giving all parties in the dispute a right to be heard.
Monday, August 30, 2010
Audi Alteram Partem
Audi alteram partem means that the employee has the right to defend himself/herself by stating his/her defense. The accused employee will also have the right to adequate notice of the proceedings, right to information, the right to call witnesses, the right to a translator, and above all: the right to a procedurally and substantively fair hearing. The employee also has the right to appeal a finding, or to take the matter to the CCMA or the Labor Court.
Audi alteram partem is a principle of natural justice which prohibits a judicial decision which impacts upon individual rights without giving all parties in the dispute a right to be heard.
Audi alteram partem is a principle of natural justice which prohibits a judicial decision which impacts upon individual rights without giving all parties in the dispute a right to be heard.
Onus of Proof
Onus of proof: A duty placed upon a civil or criminal defendant to prove or disprove a disputed fact.
Burden of proof can define the duty placed upon a party to prove or disprove a disputed fact, or it can define which party bears this burden. In criminal cases, the burden of proof is placed on the prosecution, who must demonstrate that the defendant is guilty before a jury may convict him or her. But in some jurisdiction, the defendant has the burden of establishing the existence of certain facts that give rise to a defense, such as the insanity plea. In civil cases, the plaintiff is normally charged with the burden of proof, but the defendant can be required to establish certain defenses.
The different onuses of proof for the Criminal and Civil Courts:
• Criminal Courts require proof beyond all reasonable doubt, meaning it has to be 99% factual evidence or proof.
• Civil Courts only require proof which has a balance of probability, meaning the evidence or proof has more than a 50% probability.
Burden of proof can define the duty placed upon a party to prove or disprove a disputed fact, or it can define which party bears this burden. In criminal cases, the burden of proof is placed on the prosecution, who must demonstrate that the defendant is guilty before a jury may convict him or her. But in some jurisdiction, the defendant has the burden of establishing the existence of certain facts that give rise to a defense, such as the insanity plea. In civil cases, the plaintiff is normally charged with the burden of proof, but the defendant can be required to establish certain defenses.
The different onuses of proof for the Criminal and Civil Courts:
• Criminal Courts require proof beyond all reasonable doubt, meaning it has to be 99% factual evidence or proof.
• Civil Courts only require proof which has a balance of probability, meaning the evidence or proof has more than a 50% probability.
Follow-up and Remedial Action
Analysis:
Analysis means that after every fraudulent loss, the victim should examine the entire situation of the fraud, carefully taking into account which internal controls failed to either prevent the fraud, or failed to identify the fraud earlier.
The purpose of this stage is to learn from prior mistakes, and to ensure that the same mistakes aren’t made in the future, to protect the organization from further losses. If this step isn’t taken into consideration, the aftermath would be that the organization exposes itself to similar, re-occurring fraud. It is recommended to maximize the analysis stage, that after every fraud, all the parties involved should brainstorm new fraud prevention methods, ensuring a greater success rate.
Publication:
It can be beneficial to publicize details of fraud, if the delicate details and names of offenders are left out, except if the entire disciplinary process has been completed up to the final appeal or CCMA resolution, to ensure that no person’s reputation is slandered.
The advantages of publication are:
• Managing the negative rumors that always arise.
• Visible signs that decisive action is taken.
• Sending a clear message about zero tolerance towards fraudulent activity.
• And lastly, the deterrent effect it has if a person has been “named and blamed”.
Implement controls:
As stated in the analysis stage, fraud occurs if internal controls aren’t effective enough, and the ideas that were brainstormed should now be implemented to ensure that internal controls are effective enough to identify and prevent fraud.
Implementing controls consists of better segregation of duties, greater supervisory controls, and better custodial controls.
Testing and training:
After implementing controls, the new internal controls have to be tested, and staff members need to be trained on their new and improved responsibilities regarding the new internal controls.
This stage is used to maximize the efficiency and effectiveness of the implemented controls, and to ensure that the whole process is a success.
Proactive fraud auditing:
The best way to protect an organization against fraud is by identifying it as soon as possible, making sure that the losses are minimal, and the perpetrator is caught, and in effect, not suffering devastating long term fraud. Actively seeking out fraud is better than accidental discovery, and should be performed by suitably qualified people who should carefully identify and consider all red flags. After every fraud in a department, all other departments should be tested for similar frauds, based on red flags identified during the analysis stage. Basically the proactive fraud auditing stage is to get all the bad apples out of the tree.
Analysis means that after every fraudulent loss, the victim should examine the entire situation of the fraud, carefully taking into account which internal controls failed to either prevent the fraud, or failed to identify the fraud earlier.
The purpose of this stage is to learn from prior mistakes, and to ensure that the same mistakes aren’t made in the future, to protect the organization from further losses. If this step isn’t taken into consideration, the aftermath would be that the organization exposes itself to similar, re-occurring fraud. It is recommended to maximize the analysis stage, that after every fraud, all the parties involved should brainstorm new fraud prevention methods, ensuring a greater success rate.
Publication:
It can be beneficial to publicize details of fraud, if the delicate details and names of offenders are left out, except if the entire disciplinary process has been completed up to the final appeal or CCMA resolution, to ensure that no person’s reputation is slandered.
The advantages of publication are:
• Managing the negative rumors that always arise.
• Visible signs that decisive action is taken.
• Sending a clear message about zero tolerance towards fraudulent activity.
• And lastly, the deterrent effect it has if a person has been “named and blamed”.
Implement controls:
As stated in the analysis stage, fraud occurs if internal controls aren’t effective enough, and the ideas that were brainstormed should now be implemented to ensure that internal controls are effective enough to identify and prevent fraud.
Implementing controls consists of better segregation of duties, greater supervisory controls, and better custodial controls.
Testing and training:
After implementing controls, the new internal controls have to be tested, and staff members need to be trained on their new and improved responsibilities regarding the new internal controls.
This stage is used to maximize the efficiency and effectiveness of the implemented controls, and to ensure that the whole process is a success.
Proactive fraud auditing:
The best way to protect an organization against fraud is by identifying it as soon as possible, making sure that the losses are minimal, and the perpetrator is caught, and in effect, not suffering devastating long term fraud. Actively seeking out fraud is better than accidental discovery, and should be performed by suitably qualified people who should carefully identify and consider all red flags. After every fraud in a department, all other departments should be tested for similar frauds, based on red flags identified during the analysis stage. Basically the proactive fraud auditing stage is to get all the bad apples out of the tree.
Thursday, August 19, 2010
Five Phases of an Investigation
1. First receipt of allegation and mandate to investigate:
Internal and external forensic auditors have to ensure that a mandate for an investigation is obtained. Internal auditors need a signed letter of instructions from their employers, to obtain clarity in an investigation and protect the forensic auditor, and it can be presented to a witness to prove the identification of the forensic auditor. External auditors obtain mandate to investigate through an engagement letter from a client. If a forensic auditor receives an allegation of possible economic crime, the auditor needs to evaluate the given information about the possible crime and if there is sufficient evidence, the auditor can proceed to the planning and execution phase, but if there is only a limited amount of evidence, the auditor has to start a preliminary investigation. A preliminary is also needed to determine if a crime was committed, the extent of the crime, and who the perpetrators are.
2. The preliminary investigation:
Purpose:
• To determine whether allegations that a crime has been committed can be proven or disproven.
• To determine the nature of the crime.
• To determine who the perpetrators are.
• To determine what resources will be needed to investigate the crime.
• To compare the expenditure of the investigation with the success of an investigation.
A preliminary investigation is a fact finding mission to asses whether or not a full scale investigation should be conducted, and might not necessarily lead to prima facie proof of a crime.
Preliminary investigation focuses on:
• The lifestyle of the accountant (person in question).
• Other possible sources of income.
• Further indications that the person in question is living beyond his/her means.
• The sources of money that the person is receiving.
• A cursory evaluation of the company’s books in order to determine if there are any obvious shortages or manipulations.
If large electronic transfers were made from the company’s bank account by a person in question, or VAT or tax statements seem to have been manipulated by the accountant, or the accountant has a sudden change in spending patterns that can’t be explained, a full scale investigation has to be conducted.
The preliminary investigation ends as soon as soon as it is confirmed that there are objective reasons that a crime has been committed and that the accountant’s income is questionable. The mandatory must then be informed of all the findings by the forensic auditor, and the mandatory is then responsible for requesting a full scale investigation.
The main objective of a preliminary investigation is thus to determine if a full scale investigation is necessary.
3. Assessment, preliminary reporting and planning:
As previously stated, the mandatory is responsible for requesting a full scale investigation. This decision is based on a preliminary report where the forensic auditor has to report all facts that where discovered during the preliminary investigation pointing to the commission of a crime, and/or facts that prove the innocence of suspects and indicators that may point to the suspension of the investigation. If the preliminary report shows that further investigation is needed, and the mandatory decides that further investigation is necessary, the execution phase of the investigation is continued.
4. The execution phase:
The forensic auditor must perform all procedures in accordance with the investigation plan, and gather all evidence necessary for a successful prosecution. Two of the procedures that will always be performed are taking of affidavits and the gathering and interpretation of documentary evidence. The compilation of a case docket and the maintenance of an investigation diary are also important elements of all investigations.
There are numerous procedures that may be performed during an investigation, but there are no definitive blueprints that will fit all investigations. Some procedures may apply in some cases, and some may not. It is crucial to also know the law relating to investigation as described in the Criminal Procedure Act and other legislation. If the forensic auditor has no knowledge of the law, he or she would not know that the Police may apply for a search warrant in terms of the Criminal Procedure Act for the searching of premises and the seizure of evidence, or that a subpoena in terms of section 205 of the Criminal Procedure Act can grant the Police access to important information held by private persons and entities such as the banks, that would otherwise not be accessible for investigation purposes.
It should be noted that it is often beneficial for the forensic auditor to work and co-operate with the Police. It should be borne in mind that all evidence collected by the Police in terms of powers extended to them in the Criminal Procedure Act or other legislation are for the use of the Police in a criminal trial only. There are certain exceptions and permission may be obtained from the Director of Public Prosecution to utilize information in a police case docket for the purposes such as disciplinary hearings, etc.
A forensic auditor’s mandate very often includes assisting the Police with the investigation in order to prepare the matter for submission to the prosecutor.
5. Reporting:
The reporting phase could be regarded as the most important phase of a forensic audit. Regardless of how well the work was done, if the report is not written properly, the perception of the reader will be that the audit was not a success. The report must reflect the quality of an investigation.
Internal and external forensic auditors have to ensure that a mandate for an investigation is obtained. Internal auditors need a signed letter of instructions from their employers, to obtain clarity in an investigation and protect the forensic auditor, and it can be presented to a witness to prove the identification of the forensic auditor. External auditors obtain mandate to investigate through an engagement letter from a client. If a forensic auditor receives an allegation of possible economic crime, the auditor needs to evaluate the given information about the possible crime and if there is sufficient evidence, the auditor can proceed to the planning and execution phase, but if there is only a limited amount of evidence, the auditor has to start a preliminary investigation. A preliminary is also needed to determine if a crime was committed, the extent of the crime, and who the perpetrators are.
2. The preliminary investigation:
Purpose:
• To determine whether allegations that a crime has been committed can be proven or disproven.
• To determine the nature of the crime.
• To determine who the perpetrators are.
• To determine what resources will be needed to investigate the crime.
• To compare the expenditure of the investigation with the success of an investigation.
A preliminary investigation is a fact finding mission to asses whether or not a full scale investigation should be conducted, and might not necessarily lead to prima facie proof of a crime.
Preliminary investigation focuses on:
• The lifestyle of the accountant (person in question).
• Other possible sources of income.
• Further indications that the person in question is living beyond his/her means.
• The sources of money that the person is receiving.
• A cursory evaluation of the company’s books in order to determine if there are any obvious shortages or manipulations.
If large electronic transfers were made from the company’s bank account by a person in question, or VAT or tax statements seem to have been manipulated by the accountant, or the accountant has a sudden change in spending patterns that can’t be explained, a full scale investigation has to be conducted.
The preliminary investigation ends as soon as soon as it is confirmed that there are objective reasons that a crime has been committed and that the accountant’s income is questionable. The mandatory must then be informed of all the findings by the forensic auditor, and the mandatory is then responsible for requesting a full scale investigation.
The main objective of a preliminary investigation is thus to determine if a full scale investigation is necessary.
3. Assessment, preliminary reporting and planning:
As previously stated, the mandatory is responsible for requesting a full scale investigation. This decision is based on a preliminary report where the forensic auditor has to report all facts that where discovered during the preliminary investigation pointing to the commission of a crime, and/or facts that prove the innocence of suspects and indicators that may point to the suspension of the investigation. If the preliminary report shows that further investigation is needed, and the mandatory decides that further investigation is necessary, the execution phase of the investigation is continued.
4. The execution phase:
The forensic auditor must perform all procedures in accordance with the investigation plan, and gather all evidence necessary for a successful prosecution. Two of the procedures that will always be performed are taking of affidavits and the gathering and interpretation of documentary evidence. The compilation of a case docket and the maintenance of an investigation diary are also important elements of all investigations.
There are numerous procedures that may be performed during an investigation, but there are no definitive blueprints that will fit all investigations. Some procedures may apply in some cases, and some may not. It is crucial to also know the law relating to investigation as described in the Criminal Procedure Act and other legislation. If the forensic auditor has no knowledge of the law, he or she would not know that the Police may apply for a search warrant in terms of the Criminal Procedure Act for the searching of premises and the seizure of evidence, or that a subpoena in terms of section 205 of the Criminal Procedure Act can grant the Police access to important information held by private persons and entities such as the banks, that would otherwise not be accessible for investigation purposes.
It should be noted that it is often beneficial for the forensic auditor to work and co-operate with the Police. It should be borne in mind that all evidence collected by the Police in terms of powers extended to them in the Criminal Procedure Act or other legislation are for the use of the Police in a criminal trial only. There are certain exceptions and permission may be obtained from the Director of Public Prosecution to utilize information in a police case docket for the purposes such as disciplinary hearings, etc.
A forensic auditor’s mandate very often includes assisting the Police with the investigation in order to prepare the matter for submission to the prosecutor.
5. Reporting:
The reporting phase could be regarded as the most important phase of a forensic audit. Regardless of how well the work was done, if the report is not written properly, the perception of the reader will be that the audit was not a success. The report must reflect the quality of an investigation.
Thursday, August 5, 2010
Motivation for Internal Control
• The effectiveness and efficiency of operations.
• Safeguarding of the company’s assets.
• Safeguarding of the company’s information.
• Compliance with applicable laws, regulations, and supervisory requirements.
• Supporting business sustainability under normal as well as adverse operating conditions.
• The reliability of reporting.
• Behaving responsibly to stakeholders.
• Safeguarding of the company’s assets.
• Safeguarding of the company’s information.
• Compliance with applicable laws, regulations, and supervisory requirements.
• Supporting business sustainability under normal as well as adverse operating conditions.
• The reliability of reporting.
• Behaving responsibly to stakeholders.
Five Components of Internal Control
• Control environment - The control environment provides the company with the discipline and structure required for all aspects of risk management and control. It includes integrity, ethical values, organizational culture, and competence of employees, management’s philosophy and operating style, assignment of authority.
• Risk assessment - The risk assessment process involves the identification, evaluation, and management of risks that are significant to the achievement of an organization’s objective. The forensic auditor should obtain an understanding of the significant fraud risks and identify the implications of any such risks for the organization.
• Information and communication - All organizations should have information systems that measure process results and compare them with objectives. They should also have communication practices to ensure that senior management promptly receives all such information, both positive and negative.
• Control activities - These are the policies and procedures established by management as a response to internal and external risks.
• Monitoring - Management’s monitoring procedures involve the assessment of actual performance and the comparison of actual and anticipated performance. The board must fully understand the business risk issues and key performance indicators that could affect the ability of the organization to achieve its purpose in the long term. Business risk and key performance indicators should be benchmarked against industry norms and best practice.
• Risk assessment - The risk assessment process involves the identification, evaluation, and management of risks that are significant to the achievement of an organization’s objective. The forensic auditor should obtain an understanding of the significant fraud risks and identify the implications of any such risks for the organization.
• Information and communication - All organizations should have information systems that measure process results and compare them with objectives. They should also have communication practices to ensure that senior management promptly receives all such information, both positive and negative.
• Control activities - These are the policies and procedures established by management as a response to internal and external risks.
• Monitoring - Management’s monitoring procedures involve the assessment of actual performance and the comparison of actual and anticipated performance. The board must fully understand the business risk issues and key performance indicators that could affect the ability of the organization to achieve its purpose in the long term. Business risk and key performance indicators should be benchmarked against industry norms and best practice.
Limitations of Internal Control
• Cost versus budget - The cost of an implemented control should not exceed its anticipated benefit. In circumstances where management has assessed the risk of loss and has decided to “accept” the risk as insignificant, this could lead to an absence of controls in areas where they could have prevented fraud.
• Routine versus non-routine transactions - Most controls are directed at routine rather than non-routine transaction processes, for example a business where thousands of sales transactions occur daily, such transactions are likely to be tightly controlled, with specific approval, processing, and monitoring controls in place. On the other hand, infrequent transactions such as the purchase of fixed assets for high values, usually formally approved by directors’ minutes may not have formalized procedures in place to identify, capture, and communicate the transactions. As a result, the completeness and measurement or accuracy of the recorded transactions may be in doubt.
• Human error - This relates to the potential for human error due to carelessness, distractions, poor judgment, and the misunderstanding of instructions. Temporary or permanent changes in personnel, systems, or procedures may contribute to human errors.
• Collusion - This refers to the possibility that a member of management or an employee colludes with parties inside or outside the organization to circumvent internal controls. An example of internal collusion is collusion between a staff member in human resources and a staff member dealing with funds transfers: The human resources staff member adds fictitious employees and/or additional employee back accounts onto the standing data files of the payroll, and the other staff member then authorizes the electronic fund transfers to these fictitious bank accounts.
• Management override - This revolves around the possibility that a person responsible for exercising a control could abuse that responsibility, for example, when a member of management overrides a control. Management override may be associated with aggressive earning policies, personal expenses processed through the business, the improper authorization of transactions, and deliberately misleading representations to secure financial benefits. These actions may be associated with deliberate attempts by management to mislead the auditors.
• Changes in conditions - This relates to the possibility that procedures may become inadequate owing to changes in conditions, and that compliance with control procedures may deteriorate. Examples are changes in the IT environment, and changes in the entity owing to large acquisitions, reorganizations, the development of new products or services operations in regions that are economically unstable, the application of new accounting standards, off-balance sheet finance, etc.
• Routine versus non-routine transactions - Most controls are directed at routine rather than non-routine transaction processes, for example a business where thousands of sales transactions occur daily, such transactions are likely to be tightly controlled, with specific approval, processing, and monitoring controls in place. On the other hand, infrequent transactions such as the purchase of fixed assets for high values, usually formally approved by directors’ minutes may not have formalized procedures in place to identify, capture, and communicate the transactions. As a result, the completeness and measurement or accuracy of the recorded transactions may be in doubt.
• Human error - This relates to the potential for human error due to carelessness, distractions, poor judgment, and the misunderstanding of instructions. Temporary or permanent changes in personnel, systems, or procedures may contribute to human errors.
• Collusion - This refers to the possibility that a member of management or an employee colludes with parties inside or outside the organization to circumvent internal controls. An example of internal collusion is collusion between a staff member in human resources and a staff member dealing with funds transfers: The human resources staff member adds fictitious employees and/or additional employee back accounts onto the standing data files of the payroll, and the other staff member then authorizes the electronic fund transfers to these fictitious bank accounts.
• Management override - This revolves around the possibility that a person responsible for exercising a control could abuse that responsibility, for example, when a member of management overrides a control. Management override may be associated with aggressive earning policies, personal expenses processed through the business, the improper authorization of transactions, and deliberately misleading representations to secure financial benefits. These actions may be associated with deliberate attempts by management to mislead the auditors.
• Changes in conditions - This relates to the possibility that procedures may become inadequate owing to changes in conditions, and that compliance with control procedures may deteriorate. Examples are changes in the IT environment, and changes in the entity owing to large acquisitions, reorganizations, the development of new products or services operations in regions that are economically unstable, the application of new accounting standards, off-balance sheet finance, etc.
The King Report II on Good Corporate Governance
Introduction
In 1994 the King Report on Corporate Governance (King I) was published by the King Committee on Corporate Governance, headed by former High Court judge, Mervyn King S.C. King I, incorporating a Code of Corporate Practices and Conduct, was the first of its kind in the country and was aimed at promoting the highest standards of corporate governance in South Africa.
Over and above the financial and regulatory aspects of corporate governance, King I advocated an integrated approach to good governance in the interests of a wide range of stakeholders. Although groundbreaking at the time, the evolving global economic environment together with recent legislative developments, have necessitated that King I be updated. To this end, the King Committee on Corporate Governance developed the King Report on Corporate Governance for South Africa, 2002 (King II).
King II acknowledges that there is a move away from the single bottom line (that is, profit for shareholders) to a triple bottom line, which embraces the economic, environmental and social aspects of a company’s activities. In the words of the King Committee:
Directors and their Responsibilities
1. Who should be on the Board?
It is recommended that South African companies have a unitary board structure. This should comprise executive and non-executive directors, preferably with a majority of non-executive directors, of whom a sufficient number should be independent of management in order to ensure the protection of minority shareholders’ interests.
2. Functions of the Board
2.1 The board must retain full and effective control over the company and be responsible for monitoring management in respect of implementation of board plans and strategies. The board, with the guidance of the company secretary, has the duty of ensuring that the company complies with all the relevant laws, regulations and codes of business practice.
2.2 The board is ultimately responsible for the affairs of the company. The delegation of authority to any committee does not discharge the responsibility
of the board in respect of the actions and decisions of a committee.
2.3 The board must give strategic direction to the company.
2.4 The board is responsible for the appointment of the chief executive officer and the succession process.
2.5 It is recommended that the board has an agreed procedure whereby directors are able to seek independent professional advice, should the need arise. The professional services procured should be at the company’s expense.
2.6 The board should develop a corporate code of conduct that addresses issues that relate, inter alia, to conflicts of interest, particularly relating to directors and management.
2.7 Insofar as it is practical, the board is responsible for assessing and rectifying issues in respect of the size, diversity and demographics of the company.
2.8 The board is responsible for identifying risk areas and performance indicators in respect of the company. The board must regularly monitor these issues.
2.9 The board is also responsible for the monitoring and assessment of the non-financial aspects pertaining to the company.
2.10 The board should aim to conform to the governance constraints while simultaneously performing in an innovative and entrepreneurial way.
3. Is there a distinction between the Chairperson and Chief Executive Officer?
3.1 The chairperson is responsible for the effective functioning of the board and the chief executive officer is responsible for the running of the company’s business. There should be a clear distinction between these roles.
3.2 The chairperson’s primary function is to preside over meetings of directors and ensure the smooth functioning of the board. The chairperson usually presides over the company shareholders’ meetings. The core functions performed by the chairperson include, inter alia:
• the overall leadership of the board;
• participating in the selection of board members;
• monitoring and evaluating board and director appraisals;
• formulating an annual work plan for the board;
• acting as the main informal link between the board and management;
• maintaining relations with the company’s shareholders.
3.3 The chief executive officer’s task is to run the business and to implement the policies and strategies adopted by the board.
3.4 Where the roles of the chairperson and the chief executive officer are combined, there should be an independent non-executive director serving as the deputy chairperson. Alternatively, there should be a strong independent non-executive director element on the board. Any decision to combine roles must be justified each year in the company’s annual report.
3.5 The chairperson or sub-committee appointed by the board should appraise the performance of the chief executive officer. Such appraisal should be performed on an annual basis.
4. Directors
4.1 In the company’s annual report, the capacity of the directors of the board should be categorised as follows:
• Executive Director: A director involved in the day to day management and/or in the full time employ of the company, and/or any of its subsidiaries;
• Non-Executive Director: A director not involved in the day to day management of the company and not a full time salaried employee of the company or any of its subsidiaries;
• Independent Director: A non-executive director who is not a representative of a shareholder, has not been employed by the company in any executive capacity for the preceding three financial years and has no significant contractual relationship or interest in the company or group.
4.2 Shadow directors are discouraged.
4.3 A formal orientation program is recommended to familiarise new directors with the company’s structure, operations and policies.
4.4 Directors should be regularly updated on any new or pending legislation, regulations and codes of best business practice.
4.5 New directors must receive developmental and educational training in respect of their duties and responsibilities to the company.
4.6 An executive director’s fixed term service contract should not exceed three years. Should it exceed such period, full disclosure of the reasons pertaining to such decision must be provided to the shareholders, and the shareholders’ consent must be obtained.
4.7 A formal and transparent remuneration policy must be developed by the company in respect of director remuneration. A Statement of Remuneration Philosophy published in the annual report must support this policy.
5. Remuneration Committee
5.1 The company should appoint a remuneration committee. This committee should consist mainly of independent non-executive directors.
5.2 The function of this committee should be to make recommendations to the board in respect of remuneration packages for executive directors.
5.3 Membership of the remuneration committee must be disclosed in the annual report.
5.4 Companies should also provide full disclosure of director remuneration on an individual basis in their annual reports.
5.5 Shareholders must approve any granting of share options to non-executive directors having regard to the provisions of the Companies Act. It must be noted that in some global markets the trend is to grant non-executive directors shares as opposed to share options.
6. Allocation of Share Options
6.1 A vesting period should be applied in respect of the allocation of share options to non-executive directors in order to dissuade short-term decision making.
6.2 Boards should have regard to the possibilities and the consequences of the removal or resignation of directors prior to the maturing of the vesting period. The impact on a director’s independence must be considered.
6.3 Any re-pricing of share options must be subject to shareholder approval. The shareholders must be provided with all necessary details in respect of the directors, executive or non-executive, that stand to benefit from such proposal.
6.4 In the event that share options are issued at a discount to the ruling share price, a separate vote must be cast by the shareholders in respect of this clause in the trust deed creating the share scheme. Any amendments proposed to the trust deed that would authorise allocations of share options at discounts must be approved by the shareholders.
6.5 Full disclosure by directors on an individual basis must be made in respect of all share schemes and incentive schemes.
7. Committees
7.1 Board committees should be established to aid the board and its directors in giving detailed attention to specific areas of the directors’ duties and responsibilities. The board of directors is solely responsible for the actions and decisions of these committees.
7.2 The board of directors should determine a policy for the frequency, purpose, conduct and duration of its meetings and those of the formally established committees, such as the audit committee and the remuneration committee.
7.3 There must be transparency and full disclosure from the committee to the board except where the committee has been mandated otherwise by the board.
7.4 It is recommended that all board committees be chaired by an independent non-executive director.
7.5 Board committees should be empowered to take independent professional advice where circumstances dictate, at the company’s expense. This policy must be agreed to at board level.
7.6 The composition of the committees (especially the remuneration, audit and nomination committees) should be detailed in the annual report, together with information containing a description of the committees’ responsibilities, the number of meetings held and any other information that may be of relevance to shareholders.
7.7 It is recommended that these committees be subject to regular evaluation and monitoring by the board in order to ensure that the committees’ duties and responsibilities are being effectively carried out.
8. Evaluation of the Directors
The nomination committee or a committee appointed for the fulfilment of a similar purpose should regularly review and assess the board, the committees and the individual directors in order to assess the effectiveness of the board and committees as a whole and to evaluate performance on a personal and individual level. It is recommended that these evaluations take place on an annual basis.
9. Dealing in Securities
9.1 A listed company must have a policy and practice restricting its directors, officers and other employees from dealing in the company’s securities prior to any formal announcement in respect of its financial results or during any other period where such dealings may be considered sensitive.
9.2 A listed company should also have a practice in place where the dealings of directors, as required by the listing requirements of the JSE Securities Exchange South Africa (JSE), are regulated and monitored.
9.3 The policy and practice referred to above, should be established by the board and implemented and monitored by the company secretary.
10. Annual Reports and General Meetings
10.1 Every board should have a charter that sets out the responsibilities and duties of the board. The charter should be disclosed in the company’s annual report.
10.2 The board must ensure that each item of special business included in the notice of the annual general meeting or any shareholders’ meeting is accompanied by a full explanation of the justification for and the effects of the proposed resolution.
10.3 Shareholders should be encouraged by the board to attend annual general meetings. All directors should be present at the annual general meeting, and particularly the chairpersons of the various committees.
11. Who is the Company Secretary?
11.1 In terms of section 268A of the Companies Act, the appointment of a company secretary in public companies with a share capital is mandatory.
11.2 The Companies Act makes provision for the appointment, removal and duties of the company secretary. The board is responsible for the appointment of the company secretary and should ensure that the company secretary is empowered to enable him or her to perform the duties effectively.
11.3 The company secretary must guide the board in respect of its duties and responsibilities and update the board on all new and pending legislation and regulations that may have an effect on the operation of the company.
11.4 The company secretary should play a role in the induction of new or inexperienced directors.
11.5 The company secretary assists the chairperson and the chief executive officer in determining the annual board plan.
11.6 The company secretary provides the main source of guidance in respect of matters of ethics and good governance.
11.7 It is recommended that the company secretary be subjected to a fit and proper test and evaluation.
Risk Management
1. What is Risk Management?
1.1 Risk management is the identification and evaluation of actual and potential areas of risk as they pertain to a company, followed by a procedure of termination, transfer, acceptance (tolerance) or mitigation of each risk.
1.2 Risk management is therefore a process that utilizes internal controls as a measure to mitigate and control risk.
2. Who is responsible for Risk Management?
2.1 The board is responsible for ensuring that the company has implemented an effective ongoing process to identify risk, measure its potential impact against a set of assumptions, and then activate what it believes is necessary to proactively manage these risks.
2.2 The board should therefore decide on what risk the company is prepared to take and what risks it will not take in pursuance of its goals and objectives.
2.3 The risk management process requires an inclusive team based approach which is effective across the company. A committee comprising of executive directors and members of senior management, who are accountable to the board, are best placed to evaluate risk in the company and report to the board.
3. What should Risk Assessment address?
Risk assessment should address the company’s exposure to the following:
• physical and operational risks;
• human resource risks;
• technical risks;
• business continuity and disaster recovery;
• credit and market risks;
• compliance risks.
4. What is the role of the Internal Audit Function in Risk Management?
The internal audit function should be used to provide independent assurance in relation to the board’s assertion surrounding the effectiveness of risk management and internal control.
5. Assimilating Risk to the Control Environment
5.1 The board should implement a comprehensive system of controls to ensure that risks are mitigated and that the company’s objectives are attained.
5.2 The control environment should set the tone of the company and cover ethical values, management’s philosophy and the competence of employees.
5.3 Five essential aspects of control are identified, namely:
• control environment;
• risk assessment;
• control activities;
• information and communications;
• monitoring.
5.4 Any vulnerability in the achievement of the company’s objectives, whether caused by internal or external risk factors, should be detected in good time, reported by the systems of control in place and met with appropriate intervention. Not only will this improve the company’s risk profile, thereby enhancing the company’s attraction as a worthwhile investment, but it will also enhance the positive influences of risk on the business.
5.5 The company should also consider the need for a confidential reporting process (whistle-blowing) covering fraud and other risks.
6. How is Risk Management applied?
6.1 The board is responsible for setting risk tolerance and related strategies and policies. It is also the board’s responsibility to review the effectiveness of these policies on a regular basis and in a manner in which its objectives are clearly defined for the benefit of management to guide them in carrying out their responsibilities.
6.2 In reviewing the reports on risk management and internal control in the course of a financial year, the board should:
• consider what the company’s risks are and how they have been identified, evaluated and controlled;
• assess the effectiveness of the related process of risk management and particularly reports of significant failings or weaknesses in the process;
• consider if the necessary action is being taken timely to rectify any significant failings or weaknesses;
• consider whether the results obtained from the review process indicate that more extensive monitoring is required.
7. Where should a Company’s Policy on Risk Management be reported?
7.1 The board should disclose how the company has dealt with risk and control in its annual report.
7.2 At a minimum, the board should disclose:
• that it is accountable for the process of risk management and the system of internal control, which is regularly reviewed for effectiveness and for establishing appropriate risk and control policies and communicating these throughout the company;
• that there is an ongoing process for identifying, evaluating and managing the significant risks faced by the company, which has been in place for the year under review and up to the date of approval of the annual report and financial statements;
• that there is an adequate and effective system of internal control in place to mitigate the significant risks faced by the company to an acceptable level;
• that there is a documented and tested process in place that will allow the company to continue its critical business processes in the event of a disastrous incident impacting on its activities;
• where material joint ventures and associates have not been dealt with as par t of the group for the purposes of applying these recommendations;
• any additional information in the annual report to assist in the understanding of the company’s risk management processes and system of internal control.
7.3 Where the board cannot make any of the disclosures set out above, it should state this fact and provide a suitable explanation.
8. Summary of Risk Management
8.1 The risk management review processes may identify areas of opportunity, such as where effective risk management can be turned into a competitive advantage for the company, and it should therefore not only be viewed from a negative perspective.
8.2 Risk management goes beyond the control of financial risks. Reputation and a company’s future survival are also at stake.
8.3 Companies must ensure that the governance surrounding risk management is transparent and disclosed to its stakeholders.
8.4 Risk management is a continuous process of identifying, evaluating and managing risk. Unless companies see risk management as more than just an act of compliance, they are unlikely to reap the benefits it can offer.
Internal Audit
1. What is Internal Audit?
According to the Institute of Internal Auditors: “Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.”
2. Is there a need for Internal Audit?
2.1 King II requires that companies have an effective internal audit function that has the respect and co-operation of both the board and management. Where the board decides not to establish an internal audit function, full reasons must be disclosed in the company’s annual report, with an explanation as to how assurance of effective internal controls, processes and systems will be obtained. Criteria to be considered in assessing the need for an internal audit function include:
• whether the existing management processes are adequate to identify and monitor the significant risks facing the company, and whether the established internal control system operates effectively;
• whether those who are responsible for managing risks and operating controls take a wholly objective and systematic view of their own performance;
• whether the board receives the right quality of assurance and information from management.
2.2 If the board decides that there is a need for an internal audit function, it must approve an “internal audit charter” which, inter alia, formally defines the purposes, authority and responsibility of the internal audit activity.
3. What is the status of Internal Audit?
3.1 The board must ensure that the internal audit team has a standing that commands respect in the company and that the internal audit operates at a level within the company that allows it fully to accomplish its responsibilities. In addition, the head of the internal audit should report administratively to the chief executive officer and should have ready access to the chairperson of the company and the chairperson of the audit committee.
3.2 If the external and internal audit functions are carried out by the same accounting firm, the audit committee and the board should satisfy themselves that there is adequate segregation between the two functions in order to ensure that their independence is not impaired.
4. Can Internal Auditors be Employees of the Company?
4.1 King II recognises that the fact that internal auditors may be employees of the company does not of itself impair their objectivity.
4.2 The internal audit activity should be independent of the activities audited and internal auditors should be objective in performing their work.
5. What is the role and function of Internal Audit?
5.1 The objective of internal audit is to assist members of executive and senior management in the effective discharge of their duties and responsibilities. To this end, internal audit furnishes them with analyses, appraisals, recommendations, counsel and information regarding the activities reviewed.
5.2 An effective internal audit function should provide:
• assurance that the management processes are adequate to identify and monitor significant risks;
• confirmation of the effective operation of the established internal control systems;
• credible processes for feedback on risk management and assurance;
• objective confirmation that the board receives the right quality of assurance and information from management and that this information is reliable.
5.3 Adherence to the standards proposed will ensure a common framework and understanding of the requirements for internal auditing.
6. What should the scope of Internal Audit be?
6.1 Internal audit should consider relevant strategic, business and operational risks and their significance, taking account of the board’s, senior management’s and its own professional judgment.
6.2 The internal audit plan, which should be approved by the audit committee, should be based on risk assessment as well as issues highlighted by the audit committee and senior management. The risk assessment process should be of a continuous nature so as to identify not only residual or existing risks but also emerging risks.
6.3 The internal audit function should co-ordinate with other internal and external providers of assurance to ensure proper coverage of financial, operational and compliance controls and to minimize duplication of effort.
7. How often should Internal Audits be conducted?
Internal audits should be conducted formally at least annually but more often in complex organizations.
Integrated Sustainability Reporting
1. What is Integrated Sustainability Reporting?
1.1 The concept of sustainability has recently been recognized and adopted in a business context to mean the achievement of balanced and integrated economic, social and environmental performance (“triple bottom line”).
1.2 King II seeks to provide indicative, inspirational guidelines to South African companies who are seeking to improve on their disclosure practices and recognize the importance of the relationship between an enterprise and the community in which it exists.
2. How is Integrated Sustainability Reporting achieved?
2.1 Every company should report at least annually on the nature and extent of its social, transformation, ethical, safety, health and environmental management policies and practices.
2.2 The board of directors should, in determining what is relevant for disclosure, take into account the environment in which the company operates.
2.3 A South African board should disclose:
• the HIV/Aids strategy plan and policies the company has in place to address and manage the potential impact of HIV/Aids on the company;
• the company’s formal procurement policies that take into account black economic empowerment;
• whether it has developed and implemented a definitive set of standards and practices in the company based on a clearly articulated code of ethics.
2.4 Principles of reliability, relevance, clarity, comparability, timeliness and verifiability should govern a company’s public disclosure of non-financial information.
3. What is meant by Organizational Integrity/Code of Ethics?
3.1 A company should demonstrate its commitment to organizational integrity by qualifying its standards in a code of ethics.
3.2 Each company should demonstrate its commitment to its code of ethics by:
• creating systems and procedures to introduce, monitor and enforce its ethical code;
• assigning high level individuals to oversee compliance with the ethical code;
• assessing the integrity of new appointees in selection and promotion procedures;
• exercising due care in delegating discretionary authority;
• communicating with and training all employees regarding enterprise values, standards and compliance procedures;
• providing, monitoring and auditing safe systems for reporting of unethical or risky behavior;
• consistently enforcing appropriate discipline;
• responding to offences and preventing reoccurrences.
3.3 The disclosure of the code of ethics should include a statement of the extent to which the directors believe the ethical standards and above criteria are being met.
4. What is “SHE”?
SHE stands for Safety, Health and Environment. King II has recognized that companies should have, as part of their objectives, the integration of SHE issues into their sustainability policies and procedures. This assists companies in achieving the triple bottom line goals.
5. Society and Transformation Requirements
5.1 Companies should value the diversity of approach, values and contribution which women and black people bring to the table and should develop mechanisms positively to reinforce the richness of diversity.
5.2 Companies should disclose the nature of policies and practices in place to promote equal opportunities for the previously disadvantaged in terms of realizing their full potential and reaching executive levels in the company.
6. Human Capital and what is required by King II?
6.1 Human capital indicates the latent or potential value that employees at all levels represent for a company. It has been recognized that the development of human capital serves not only the economic interests of the company itself, but also the requirements of the society within which the company operates.
6.2 Companies should disclose in their annual reports the criteria by which they propose to measure human capital developments and their performance in terms of such criteria.
6.3 Good corporate governance requires that business practice should reflect human capital development in areas such as the number of staff, with a particular focus on demographics (race, gender, people with disabilities), age, corporate training initiatives, employee development etc.
6.4 Reporting on the development of human capital is important because it provides both a public account of past performance and, more importantly, an indication of future prospects of the company.
External Audit
1. How important is an External Audit?
In addition to being a statutory requirement, an external audit provides an independent and objective check on the way in which the financial statements have been prepared and presented by the directors. An annual audit is an essential part of the checks and balances required and are one of the cornerstones of corporate governance.
2. What qualities should the External Auditors have?
The external auditors should:
• observe the highest level of business and professional ethics and, in particular, their independence should not be impaired in any way;
• be objective and consciously aware of their accountability to the shareholders.
3. Can the External Auditors also perform non-audit services for the Company?
3.1 The audit committee should set the principles for recommending use of the accounting firm of the external auditors for non-audit services, such as management consultancy and corporate finance services.
3.2 Audit committees should have the necessary business acumen to address external auditor independence on a case-by-case basis, thereby preserving the company’s ability to select its external auditor for non-audit services if that is in the best interests of the company and its investors.
3.3 In considering the external auditors’ independence, the board should consider, inter alia, the structure and ownership of the accounting firm. Management should encourage consultation between the internal and external auditors.
3.4 In addition to the Companies Act requirements, there should be separate disclosure of the amount paid for non-audit services with a detailed description in the notes to the annual financial statements of the nature thereof, together with the amounts paid for each of the services described.
4. Must Interim Reports be independently reviewed?
4.1 This is not mandatory, although the audit committee should consider whether an independent review of the interim reports is in the best interests of the company.
4.2 King II recommends that, at a minimum, the audit committee should request that an independent review of the interim report is performed if the auditors have qualified or disclaimed their opinion, or produced an adverse opinion, in the latest annual financial statements.
4.3 Where an independent review is conducted, the audit committee’s report commenting on the independent report, together with the auditor’s review report, should be tabled at the board meeting to adopt the interim report.
4.4 Where an independent review was not conducted, a comprehensive statement of the reasons why the audit committee concluded that a review was not required should be tabled at the board meeting.
4.5 Where an independent review was not conducted, any publication of the interim results should be labeled “unaudited”.
5. What is the Board’s responsibility regarding Going Concern Statements?
5.1 South African Statements of Generally Accepted Accounting Practice (GAAP) state that, when preparing financial statements, management should make an assessment of the company’s ability to continue as a going concern. In addition, these statements of GAAP require that, in assessing going concern, management should take into consideration all available information for the foreseeable future. This should be at least, but not limited to, 12 months from the balance sheet date.
5.2 Financial statements should be prepared on a going concern basis, unless management either intends to liquidate the company or to cease trading, or has no realistic alternative but to do so. When management is aware of material uncertainties relating to events or conditions that may cast doubt upon the company’s ability to continue as a going concern, those uncertainties should be disclosed.
5.3 When the financial statements are not prepared on a going concern basis, that fact should be disclosed, together with the basis on which the financial statements are prepared and the reason why the company is not considered to be a going concern.
5.4 Directors should consider the position at the previous year end, and determine whether any of the significant factors identified at that time have changed in a way that affects the going concern assumption at the interim reporting stage.
6. Who should be on the Audit Committee?
6.1 King II does not specify the size of the audit committee. The board should appoint an audit committee that has a majority of independent non-executive directors. The majority of the members of the audit committee should be financially literate.
6.2 The chairperson should be an independent non-executive director and not the chairperson of the board. The chairperson should have the requisite business, financial and leadership skills and should be a good communicator. King II recommends that the board chairperson should not be a member of the audit committee and that the board should consider if it is desirable for the chief executive officer to be a member or to attend only by invitation.
6.3 Membership of the audit committee should be disclosed in the annual report and the chairperson of the committee should be available to answer questions at the annual general meeting.
7. What is the role and function of the Audit Committee?
7.1 The appointment of the audit committee gives the board a means to monitor an effective internal control system. In addition, the audit committee reinforces both the internal control system and the internal audit function.
7.2 The audit committee should have written terms of reference dealing adequately with its membership, authority and duties. The terms of reference of the audit committee should be confirmed by the board and reviewed every year. Companies should disclose in their annual reports whether or not the audit committee has adopted formal terms of reference and, if so, whether or not the committee has satisfied its responsibilities for the year, in compliance with its terms of reference.
7.3 The audit committee should review:
• the functioning of the internal control system;
• the functioning of the internal audit department;
• the risk areas of the company’s operations to be covered in the scope of the external and internal audits;
• the reliability and accuracy of the financial information provided to management and other users of financial information, and whether the company should continue to use the services of the current internal and external auditors;
• any accounting or auditing concerns identified as a result of the internal or external audits;
• the company’s compliance with legal and regulatory provisions, its articles of association, code of conduct, by-laws and the rules established by the board.
7.4 The audit committee should, inter alia, also:
• encourage communication between members of the board, senior executive management, the internal audit department and the external auditors;
• confirm the internal audit department’s charter and internal audit plan;
• develop a direct, strong and candid relationship with the external auditors;
• review the scope and results of the external audit, its cost effectiveness and the independence and objectivity of the external auditors (and in so doing should review the nature and extent of any non-audit services provided to the company by the external auditors);
• place the minutes of its meetings before the board at the next board meeting;
• consider the rotation policy of the external auditors and whether there is a need to change the audit partner or senior staff engaged in the audit;
• draw up a recommendation to the board for the appointment and removal of the external auditors;
• investigate any matters within its terms of reference and safeguard all information supplied to it.
Compliance and Enforcement
1. How will King II be enforced?
1.1 The legal mechanisms to be relied on for enforcement of King II and the Code of Corporate Practices and Conduct (the Code) are:
• existing legal remedies, principally under the Companies Act (such as section 424, dealing with liability of directors and others for the fraudulent or reckless conduct of a company’s business) and the common law;
• the provisions of the amended listing requirements of the JSE.
1.2 In order to prevent the Code from becoming too burdensome and because King II is largely non-prescriptive in nature, compliance is for the most part treated as a matter between boards and the stakeholders of companies. King II encourages greater activism by shareholders, business and the financial press and relies heavily on disclosure as a regulatory mechanism.
1.3 In this regard it is important to note that King II recommends a number of changes and developments to existing legislation and enforcement processes so as to ensure that role-players do not merely pay lip service to the Code and the provisions of King II. Boards should implement effective measures to achieve compliance with the Code and the provisions of King II and should monitor corporate governance issues closely in order to ensure that they are not caught unawares by changes and developments.
2. To whom will King II apply?
2.1 King II, including the Code, applies to the following business enterprises:
• all companies with securities listed on the JSE;
• banks, financial and insurance entities;
• certain public sector enterprises and agencies.
2.2 King II recommends that all companies, in addition to those falling within the prescribed categories, give due consideration to the application of King II.
2.3 King II is effective in respect of the specified business enterprises whose financial years commence on or after 1 March 2002.
In 1994 the King Report on Corporate Governance (King I) was published by the King Committee on Corporate Governance, headed by former High Court judge, Mervyn King S.C. King I, incorporating a Code of Corporate Practices and Conduct, was the first of its kind in the country and was aimed at promoting the highest standards of corporate governance in South Africa.
Over and above the financial and regulatory aspects of corporate governance, King I advocated an integrated approach to good governance in the interests of a wide range of stakeholders. Although groundbreaking at the time, the evolving global economic environment together with recent legislative developments, have necessitated that King I be updated. To this end, the King Committee on Corporate Governance developed the King Report on Corporate Governance for South Africa, 2002 (King II).
King II acknowledges that there is a move away from the single bottom line (that is, profit for shareholders) to a triple bottom line, which embraces the economic, environmental and social aspects of a company’s activities. In the words of the King Committee:
"...successful governance in the world in the 21st century requires companies to adopt an inclusive and not exclusive approach. The company must be open to institutional activism and there must be greater emphasis on the sustainable or non-financial aspects of its performance. Boards must apply the test of fairness, accountability, responsibility and transparency to all acts or omissions and be accountable to the company but also responsive and responsible towards the company’s identified stakeholders. The correct balance between conformance with governance principles and performance in an entrepreneurial market economy must be found, but this will be specific to each company."
Directors and their Responsibilities
1. Who should be on the Board?
It is recommended that South African companies have a unitary board structure. This should comprise executive and non-executive directors, preferably with a majority of non-executive directors, of whom a sufficient number should be independent of management in order to ensure the protection of minority shareholders’ interests.
2. Functions of the Board
2.1 The board must retain full and effective control over the company and be responsible for monitoring management in respect of implementation of board plans and strategies. The board, with the guidance of the company secretary, has the duty of ensuring that the company complies with all the relevant laws, regulations and codes of business practice.
2.2 The board is ultimately responsible for the affairs of the company. The delegation of authority to any committee does not discharge the responsibility
of the board in respect of the actions and decisions of a committee.
2.3 The board must give strategic direction to the company.
2.4 The board is responsible for the appointment of the chief executive officer and the succession process.
2.5 It is recommended that the board has an agreed procedure whereby directors are able to seek independent professional advice, should the need arise. The professional services procured should be at the company’s expense.
2.6 The board should develop a corporate code of conduct that addresses issues that relate, inter alia, to conflicts of interest, particularly relating to directors and management.
2.7 Insofar as it is practical, the board is responsible for assessing and rectifying issues in respect of the size, diversity and demographics of the company.
2.8 The board is responsible for identifying risk areas and performance indicators in respect of the company. The board must regularly monitor these issues.
2.9 The board is also responsible for the monitoring and assessment of the non-financial aspects pertaining to the company.
2.10 The board should aim to conform to the governance constraints while simultaneously performing in an innovative and entrepreneurial way.
3. Is there a distinction between the Chairperson and Chief Executive Officer?
3.1 The chairperson is responsible for the effective functioning of the board and the chief executive officer is responsible for the running of the company’s business. There should be a clear distinction between these roles.
3.2 The chairperson’s primary function is to preside over meetings of directors and ensure the smooth functioning of the board. The chairperson usually presides over the company shareholders’ meetings. The core functions performed by the chairperson include, inter alia:
• the overall leadership of the board;
• participating in the selection of board members;
• monitoring and evaluating board and director appraisals;
• formulating an annual work plan for the board;
• acting as the main informal link between the board and management;
• maintaining relations with the company’s shareholders.
3.3 The chief executive officer’s task is to run the business and to implement the policies and strategies adopted by the board.
3.4 Where the roles of the chairperson and the chief executive officer are combined, there should be an independent non-executive director serving as the deputy chairperson. Alternatively, there should be a strong independent non-executive director element on the board. Any decision to combine roles must be justified each year in the company’s annual report.
3.5 The chairperson or sub-committee appointed by the board should appraise the performance of the chief executive officer. Such appraisal should be performed on an annual basis.
4. Directors
4.1 In the company’s annual report, the capacity of the directors of the board should be categorised as follows:
• Executive Director: A director involved in the day to day management and/or in the full time employ of the company, and/or any of its subsidiaries;
• Non-Executive Director: A director not involved in the day to day management of the company and not a full time salaried employee of the company or any of its subsidiaries;
• Independent Director: A non-executive director who is not a representative of a shareholder, has not been employed by the company in any executive capacity for the preceding three financial years and has no significant contractual relationship or interest in the company or group.
4.2 Shadow directors are discouraged.
4.3 A formal orientation program is recommended to familiarise new directors with the company’s structure, operations and policies.
4.4 Directors should be regularly updated on any new or pending legislation, regulations and codes of best business practice.
4.5 New directors must receive developmental and educational training in respect of their duties and responsibilities to the company.
4.6 An executive director’s fixed term service contract should not exceed three years. Should it exceed such period, full disclosure of the reasons pertaining to such decision must be provided to the shareholders, and the shareholders’ consent must be obtained.
4.7 A formal and transparent remuneration policy must be developed by the company in respect of director remuneration. A Statement of Remuneration Philosophy published in the annual report must support this policy.
5. Remuneration Committee
5.1 The company should appoint a remuneration committee. This committee should consist mainly of independent non-executive directors.
5.2 The function of this committee should be to make recommendations to the board in respect of remuneration packages for executive directors.
5.3 Membership of the remuneration committee must be disclosed in the annual report.
5.4 Companies should also provide full disclosure of director remuneration on an individual basis in their annual reports.
5.5 Shareholders must approve any granting of share options to non-executive directors having regard to the provisions of the Companies Act. It must be noted that in some global markets the trend is to grant non-executive directors shares as opposed to share options.
6. Allocation of Share Options
6.1 A vesting period should be applied in respect of the allocation of share options to non-executive directors in order to dissuade short-term decision making.
6.2 Boards should have regard to the possibilities and the consequences of the removal or resignation of directors prior to the maturing of the vesting period. The impact on a director’s independence must be considered.
6.3 Any re-pricing of share options must be subject to shareholder approval. The shareholders must be provided with all necessary details in respect of the directors, executive or non-executive, that stand to benefit from such proposal.
6.4 In the event that share options are issued at a discount to the ruling share price, a separate vote must be cast by the shareholders in respect of this clause in the trust deed creating the share scheme. Any amendments proposed to the trust deed that would authorise allocations of share options at discounts must be approved by the shareholders.
6.5 Full disclosure by directors on an individual basis must be made in respect of all share schemes and incentive schemes.
7. Committees
7.1 Board committees should be established to aid the board and its directors in giving detailed attention to specific areas of the directors’ duties and responsibilities. The board of directors is solely responsible for the actions and decisions of these committees.
7.2 The board of directors should determine a policy for the frequency, purpose, conduct and duration of its meetings and those of the formally established committees, such as the audit committee and the remuneration committee.
7.3 There must be transparency and full disclosure from the committee to the board except where the committee has been mandated otherwise by the board.
7.4 It is recommended that all board committees be chaired by an independent non-executive director.
7.5 Board committees should be empowered to take independent professional advice where circumstances dictate, at the company’s expense. This policy must be agreed to at board level.
7.6 The composition of the committees (especially the remuneration, audit and nomination committees) should be detailed in the annual report, together with information containing a description of the committees’ responsibilities, the number of meetings held and any other information that may be of relevance to shareholders.
7.7 It is recommended that these committees be subject to regular evaluation and monitoring by the board in order to ensure that the committees’ duties and responsibilities are being effectively carried out.
8. Evaluation of the Directors
The nomination committee or a committee appointed for the fulfilment of a similar purpose should regularly review and assess the board, the committees and the individual directors in order to assess the effectiveness of the board and committees as a whole and to evaluate performance on a personal and individual level. It is recommended that these evaluations take place on an annual basis.
9. Dealing in Securities
9.1 A listed company must have a policy and practice restricting its directors, officers and other employees from dealing in the company’s securities prior to any formal announcement in respect of its financial results or during any other period where such dealings may be considered sensitive.
9.2 A listed company should also have a practice in place where the dealings of directors, as required by the listing requirements of the JSE Securities Exchange South Africa (JSE), are regulated and monitored.
9.3 The policy and practice referred to above, should be established by the board and implemented and monitored by the company secretary.
10. Annual Reports and General Meetings
10.1 Every board should have a charter that sets out the responsibilities and duties of the board. The charter should be disclosed in the company’s annual report.
10.2 The board must ensure that each item of special business included in the notice of the annual general meeting or any shareholders’ meeting is accompanied by a full explanation of the justification for and the effects of the proposed resolution.
10.3 Shareholders should be encouraged by the board to attend annual general meetings. All directors should be present at the annual general meeting, and particularly the chairpersons of the various committees.
11. Who is the Company Secretary?
11.1 In terms of section 268A of the Companies Act, the appointment of a company secretary in public companies with a share capital is mandatory.
11.2 The Companies Act makes provision for the appointment, removal and duties of the company secretary. The board is responsible for the appointment of the company secretary and should ensure that the company secretary is empowered to enable him or her to perform the duties effectively.
11.3 The company secretary must guide the board in respect of its duties and responsibilities and update the board on all new and pending legislation and regulations that may have an effect on the operation of the company.
11.4 The company secretary should play a role in the induction of new or inexperienced directors.
11.5 The company secretary assists the chairperson and the chief executive officer in determining the annual board plan.
11.6 The company secretary provides the main source of guidance in respect of matters of ethics and good governance.
11.7 It is recommended that the company secretary be subjected to a fit and proper test and evaluation.
Risk Management
1. What is Risk Management?
1.1 Risk management is the identification and evaluation of actual and potential areas of risk as they pertain to a company, followed by a procedure of termination, transfer, acceptance (tolerance) or mitigation of each risk.
1.2 Risk management is therefore a process that utilizes internal controls as a measure to mitigate and control risk.
2. Who is responsible for Risk Management?
2.1 The board is responsible for ensuring that the company has implemented an effective ongoing process to identify risk, measure its potential impact against a set of assumptions, and then activate what it believes is necessary to proactively manage these risks.
2.2 The board should therefore decide on what risk the company is prepared to take and what risks it will not take in pursuance of its goals and objectives.
2.3 The risk management process requires an inclusive team based approach which is effective across the company. A committee comprising of executive directors and members of senior management, who are accountable to the board, are best placed to evaluate risk in the company and report to the board.
3. What should Risk Assessment address?
Risk assessment should address the company’s exposure to the following:
• physical and operational risks;
• human resource risks;
• technical risks;
• business continuity and disaster recovery;
• credit and market risks;
• compliance risks.
4. What is the role of the Internal Audit Function in Risk Management?
The internal audit function should be used to provide independent assurance in relation to the board’s assertion surrounding the effectiveness of risk management and internal control.
5. Assimilating Risk to the Control Environment
5.1 The board should implement a comprehensive system of controls to ensure that risks are mitigated and that the company’s objectives are attained.
5.2 The control environment should set the tone of the company and cover ethical values, management’s philosophy and the competence of employees.
5.3 Five essential aspects of control are identified, namely:
• control environment;
• risk assessment;
• control activities;
• information and communications;
• monitoring.
5.4 Any vulnerability in the achievement of the company’s objectives, whether caused by internal or external risk factors, should be detected in good time, reported by the systems of control in place and met with appropriate intervention. Not only will this improve the company’s risk profile, thereby enhancing the company’s attraction as a worthwhile investment, but it will also enhance the positive influences of risk on the business.
5.5 The company should also consider the need for a confidential reporting process (whistle-blowing) covering fraud and other risks.
6. How is Risk Management applied?
6.1 The board is responsible for setting risk tolerance and related strategies and policies. It is also the board’s responsibility to review the effectiveness of these policies on a regular basis and in a manner in which its objectives are clearly defined for the benefit of management to guide them in carrying out their responsibilities.
6.2 In reviewing the reports on risk management and internal control in the course of a financial year, the board should:
• consider what the company’s risks are and how they have been identified, evaluated and controlled;
• assess the effectiveness of the related process of risk management and particularly reports of significant failings or weaknesses in the process;
• consider if the necessary action is being taken timely to rectify any significant failings or weaknesses;
• consider whether the results obtained from the review process indicate that more extensive monitoring is required.
7. Where should a Company’s Policy on Risk Management be reported?
7.1 The board should disclose how the company has dealt with risk and control in its annual report.
7.2 At a minimum, the board should disclose:
• that it is accountable for the process of risk management and the system of internal control, which is regularly reviewed for effectiveness and for establishing appropriate risk and control policies and communicating these throughout the company;
• that there is an ongoing process for identifying, evaluating and managing the significant risks faced by the company, which has been in place for the year under review and up to the date of approval of the annual report and financial statements;
• that there is an adequate and effective system of internal control in place to mitigate the significant risks faced by the company to an acceptable level;
• that there is a documented and tested process in place that will allow the company to continue its critical business processes in the event of a disastrous incident impacting on its activities;
• where material joint ventures and associates have not been dealt with as par t of the group for the purposes of applying these recommendations;
• any additional information in the annual report to assist in the understanding of the company’s risk management processes and system of internal control.
7.3 Where the board cannot make any of the disclosures set out above, it should state this fact and provide a suitable explanation.
8. Summary of Risk Management
8.1 The risk management review processes may identify areas of opportunity, such as where effective risk management can be turned into a competitive advantage for the company, and it should therefore not only be viewed from a negative perspective.
8.2 Risk management goes beyond the control of financial risks. Reputation and a company’s future survival are also at stake.
8.3 Companies must ensure that the governance surrounding risk management is transparent and disclosed to its stakeholders.
8.4 Risk management is a continuous process of identifying, evaluating and managing risk. Unless companies see risk management as more than just an act of compliance, they are unlikely to reap the benefits it can offer.
Internal Audit
1. What is Internal Audit?
According to the Institute of Internal Auditors: “Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.”
2. Is there a need for Internal Audit?
2.1 King II requires that companies have an effective internal audit function that has the respect and co-operation of both the board and management. Where the board decides not to establish an internal audit function, full reasons must be disclosed in the company’s annual report, with an explanation as to how assurance of effective internal controls, processes and systems will be obtained. Criteria to be considered in assessing the need for an internal audit function include:
• whether the existing management processes are adequate to identify and monitor the significant risks facing the company, and whether the established internal control system operates effectively;
• whether those who are responsible for managing risks and operating controls take a wholly objective and systematic view of their own performance;
• whether the board receives the right quality of assurance and information from management.
2.2 If the board decides that there is a need for an internal audit function, it must approve an “internal audit charter” which, inter alia, formally defines the purposes, authority and responsibility of the internal audit activity.
3. What is the status of Internal Audit?
3.1 The board must ensure that the internal audit team has a standing that commands respect in the company and that the internal audit operates at a level within the company that allows it fully to accomplish its responsibilities. In addition, the head of the internal audit should report administratively to the chief executive officer and should have ready access to the chairperson of the company and the chairperson of the audit committee.
3.2 If the external and internal audit functions are carried out by the same accounting firm, the audit committee and the board should satisfy themselves that there is adequate segregation between the two functions in order to ensure that their independence is not impaired.
4. Can Internal Auditors be Employees of the Company?
4.1 King II recognises that the fact that internal auditors may be employees of the company does not of itself impair their objectivity.
4.2 The internal audit activity should be independent of the activities audited and internal auditors should be objective in performing their work.
5. What is the role and function of Internal Audit?
5.1 The objective of internal audit is to assist members of executive and senior management in the effective discharge of their duties and responsibilities. To this end, internal audit furnishes them with analyses, appraisals, recommendations, counsel and information regarding the activities reviewed.
5.2 An effective internal audit function should provide:
• assurance that the management processes are adequate to identify and monitor significant risks;
• confirmation of the effective operation of the established internal control systems;
• credible processes for feedback on risk management and assurance;
• objective confirmation that the board receives the right quality of assurance and information from management and that this information is reliable.
5.3 Adherence to the standards proposed will ensure a common framework and understanding of the requirements for internal auditing.
6. What should the scope of Internal Audit be?
6.1 Internal audit should consider relevant strategic, business and operational risks and their significance, taking account of the board’s, senior management’s and its own professional judgment.
6.2 The internal audit plan, which should be approved by the audit committee, should be based on risk assessment as well as issues highlighted by the audit committee and senior management. The risk assessment process should be of a continuous nature so as to identify not only residual or existing risks but also emerging risks.
6.3 The internal audit function should co-ordinate with other internal and external providers of assurance to ensure proper coverage of financial, operational and compliance controls and to minimize duplication of effort.
7. How often should Internal Audits be conducted?
Internal audits should be conducted formally at least annually but more often in complex organizations.
Integrated Sustainability Reporting
1. What is Integrated Sustainability Reporting?
1.1 The concept of sustainability has recently been recognized and adopted in a business context to mean the achievement of balanced and integrated economic, social and environmental performance (“triple bottom line”).
1.2 King II seeks to provide indicative, inspirational guidelines to South African companies who are seeking to improve on their disclosure practices and recognize the importance of the relationship between an enterprise and the community in which it exists.
2. How is Integrated Sustainability Reporting achieved?
2.1 Every company should report at least annually on the nature and extent of its social, transformation, ethical, safety, health and environmental management policies and practices.
2.2 The board of directors should, in determining what is relevant for disclosure, take into account the environment in which the company operates.
2.3 A South African board should disclose:
• the HIV/Aids strategy plan and policies the company has in place to address and manage the potential impact of HIV/Aids on the company;
• the company’s formal procurement policies that take into account black economic empowerment;
• whether it has developed and implemented a definitive set of standards and practices in the company based on a clearly articulated code of ethics.
2.4 Principles of reliability, relevance, clarity, comparability, timeliness and verifiability should govern a company’s public disclosure of non-financial information.
3. What is meant by Organizational Integrity/Code of Ethics?
3.1 A company should demonstrate its commitment to organizational integrity by qualifying its standards in a code of ethics.
3.2 Each company should demonstrate its commitment to its code of ethics by:
• creating systems and procedures to introduce, monitor and enforce its ethical code;
• assigning high level individuals to oversee compliance with the ethical code;
• assessing the integrity of new appointees in selection and promotion procedures;
• exercising due care in delegating discretionary authority;
• communicating with and training all employees regarding enterprise values, standards and compliance procedures;
• providing, monitoring and auditing safe systems for reporting of unethical or risky behavior;
• consistently enforcing appropriate discipline;
• responding to offences and preventing reoccurrences.
3.3 The disclosure of the code of ethics should include a statement of the extent to which the directors believe the ethical standards and above criteria are being met.
4. What is “SHE”?
SHE stands for Safety, Health and Environment. King II has recognized that companies should have, as part of their objectives, the integration of SHE issues into their sustainability policies and procedures. This assists companies in achieving the triple bottom line goals.
5. Society and Transformation Requirements
5.1 Companies should value the diversity of approach, values and contribution which women and black people bring to the table and should develop mechanisms positively to reinforce the richness of diversity.
5.2 Companies should disclose the nature of policies and practices in place to promote equal opportunities for the previously disadvantaged in terms of realizing their full potential and reaching executive levels in the company.
6. Human Capital and what is required by King II?
6.1 Human capital indicates the latent or potential value that employees at all levels represent for a company. It has been recognized that the development of human capital serves not only the economic interests of the company itself, but also the requirements of the society within which the company operates.
6.2 Companies should disclose in their annual reports the criteria by which they propose to measure human capital developments and their performance in terms of such criteria.
6.3 Good corporate governance requires that business practice should reflect human capital development in areas such as the number of staff, with a particular focus on demographics (race, gender, people with disabilities), age, corporate training initiatives, employee development etc.
6.4 Reporting on the development of human capital is important because it provides both a public account of past performance and, more importantly, an indication of future prospects of the company.
External Audit
1. How important is an External Audit?
In addition to being a statutory requirement, an external audit provides an independent and objective check on the way in which the financial statements have been prepared and presented by the directors. An annual audit is an essential part of the checks and balances required and are one of the cornerstones of corporate governance.
2. What qualities should the External Auditors have?
The external auditors should:
• observe the highest level of business and professional ethics and, in particular, their independence should not be impaired in any way;
• be objective and consciously aware of their accountability to the shareholders.
3. Can the External Auditors also perform non-audit services for the Company?
3.1 The audit committee should set the principles for recommending use of the accounting firm of the external auditors for non-audit services, such as management consultancy and corporate finance services.
3.2 Audit committees should have the necessary business acumen to address external auditor independence on a case-by-case basis, thereby preserving the company’s ability to select its external auditor for non-audit services if that is in the best interests of the company and its investors.
3.3 In considering the external auditors’ independence, the board should consider, inter alia, the structure and ownership of the accounting firm. Management should encourage consultation between the internal and external auditors.
3.4 In addition to the Companies Act requirements, there should be separate disclosure of the amount paid for non-audit services with a detailed description in the notes to the annual financial statements of the nature thereof, together with the amounts paid for each of the services described.
4. Must Interim Reports be independently reviewed?
4.1 This is not mandatory, although the audit committee should consider whether an independent review of the interim reports is in the best interests of the company.
4.2 King II recommends that, at a minimum, the audit committee should request that an independent review of the interim report is performed if the auditors have qualified or disclaimed their opinion, or produced an adverse opinion, in the latest annual financial statements.
4.3 Where an independent review is conducted, the audit committee’s report commenting on the independent report, together with the auditor’s review report, should be tabled at the board meeting to adopt the interim report.
4.4 Where an independent review was not conducted, a comprehensive statement of the reasons why the audit committee concluded that a review was not required should be tabled at the board meeting.
4.5 Where an independent review was not conducted, any publication of the interim results should be labeled “unaudited”.
5. What is the Board’s responsibility regarding Going Concern Statements?
5.1 South African Statements of Generally Accepted Accounting Practice (GAAP) state that, when preparing financial statements, management should make an assessment of the company’s ability to continue as a going concern. In addition, these statements of GAAP require that, in assessing going concern, management should take into consideration all available information for the foreseeable future. This should be at least, but not limited to, 12 months from the balance sheet date.
5.2 Financial statements should be prepared on a going concern basis, unless management either intends to liquidate the company or to cease trading, or has no realistic alternative but to do so. When management is aware of material uncertainties relating to events or conditions that may cast doubt upon the company’s ability to continue as a going concern, those uncertainties should be disclosed.
5.3 When the financial statements are not prepared on a going concern basis, that fact should be disclosed, together with the basis on which the financial statements are prepared and the reason why the company is not considered to be a going concern.
5.4 Directors should consider the position at the previous year end, and determine whether any of the significant factors identified at that time have changed in a way that affects the going concern assumption at the interim reporting stage.
6. Who should be on the Audit Committee?
6.1 King II does not specify the size of the audit committee. The board should appoint an audit committee that has a majority of independent non-executive directors. The majority of the members of the audit committee should be financially literate.
6.2 The chairperson should be an independent non-executive director and not the chairperson of the board. The chairperson should have the requisite business, financial and leadership skills and should be a good communicator. King II recommends that the board chairperson should not be a member of the audit committee and that the board should consider if it is desirable for the chief executive officer to be a member or to attend only by invitation.
6.3 Membership of the audit committee should be disclosed in the annual report and the chairperson of the committee should be available to answer questions at the annual general meeting.
7. What is the role and function of the Audit Committee?
7.1 The appointment of the audit committee gives the board a means to monitor an effective internal control system. In addition, the audit committee reinforces both the internal control system and the internal audit function.
7.2 The audit committee should have written terms of reference dealing adequately with its membership, authority and duties. The terms of reference of the audit committee should be confirmed by the board and reviewed every year. Companies should disclose in their annual reports whether or not the audit committee has adopted formal terms of reference and, if so, whether or not the committee has satisfied its responsibilities for the year, in compliance with its terms of reference.
7.3 The audit committee should review:
• the functioning of the internal control system;
• the functioning of the internal audit department;
• the risk areas of the company’s operations to be covered in the scope of the external and internal audits;
• the reliability and accuracy of the financial information provided to management and other users of financial information, and whether the company should continue to use the services of the current internal and external auditors;
• any accounting or auditing concerns identified as a result of the internal or external audits;
• the company’s compliance with legal and regulatory provisions, its articles of association, code of conduct, by-laws and the rules established by the board.
7.4 The audit committee should, inter alia, also:
• encourage communication between members of the board, senior executive management, the internal audit department and the external auditors;
• confirm the internal audit department’s charter and internal audit plan;
• develop a direct, strong and candid relationship with the external auditors;
• review the scope and results of the external audit, its cost effectiveness and the independence and objectivity of the external auditors (and in so doing should review the nature and extent of any non-audit services provided to the company by the external auditors);
• place the minutes of its meetings before the board at the next board meeting;
• consider the rotation policy of the external auditors and whether there is a need to change the audit partner or senior staff engaged in the audit;
• draw up a recommendation to the board for the appointment and removal of the external auditors;
• investigate any matters within its terms of reference and safeguard all information supplied to it.
Compliance and Enforcement
1. How will King II be enforced?
1.1 The legal mechanisms to be relied on for enforcement of King II and the Code of Corporate Practices and Conduct (the Code) are:
• existing legal remedies, principally under the Companies Act (such as section 424, dealing with liability of directors and others for the fraudulent or reckless conduct of a company’s business) and the common law;
• the provisions of the amended listing requirements of the JSE.
1.2 In order to prevent the Code from becoming too burdensome and because King II is largely non-prescriptive in nature, compliance is for the most part treated as a matter between boards and the stakeholders of companies. King II encourages greater activism by shareholders, business and the financial press and relies heavily on disclosure as a regulatory mechanism.
1.3 In this regard it is important to note that King II recommends a number of changes and developments to existing legislation and enforcement processes so as to ensure that role-players do not merely pay lip service to the Code and the provisions of King II. Boards should implement effective measures to achieve compliance with the Code and the provisions of King II and should monitor corporate governance issues closely in order to ensure that they are not caught unawares by changes and developments.
2. To whom will King II apply?
2.1 King II, including the Code, applies to the following business enterprises:
• all companies with securities listed on the JSE;
• banks, financial and insurance entities;
• certain public sector enterprises and agencies.
2.2 King II recommends that all companies, in addition to those falling within the prescribed categories, give due consideration to the application of King II.
2.3 King II is effective in respect of the specified business enterprises whose financial years commence on or after 1 March 2002.
Wednesday, August 4, 2010
Fraud Risk Assessment
Risk assessment and fraud susceptibility assessments are the largest contributors of active fraud prevention. Fraud can be prevented by assessing which departments in an organization are exposed to fraud, and using limited resources to restrict exposures in an organization. Fraud risk assessments are non-stop processes; therefore the intelligence keeps on increasing in an organization to prevent future frauds.
Four components of a fraud risk assessment:
1. Identify areas of exposures:
This is a process where the audit team identifies areas where fraud has been committed based on current trends within the industry, rumors, allegations, or it may be triggered by discoveries in other locations. The audit team needs to identify the types of fraud committed, such as cheque fraud, procurement fraud, and computer fraud. The frauds need to be evaluated to facilitate a process of prioritizing fraud risk. Managers of each department are responsible for evaluating their own departments in terms of their department’s fraud risk. The evaluation can consist of either atop-down or pyramid fashion, making all departments aware of fraud risk and recognize proactive steps taken by the board of directors to restrict the organization’s exposure to fraud as set out in the fraud policy. With this step everyone is made aware of fraud and has to contribute to the fight against fraud. After all the evaluations from each department is received, the fraud team has to assess the priorities of each department and start a planning process.
2. Grade positions in the exposed areas:
Further assessments are necessary to determine if there has been any fraud committed or if there is any fraud in progress in the exposed areas. This is a very subjective test and should be used as a guideline for prioritization purposes only. If the assessment has revealed exposure to a particular fraud, the positions which are the most exposed, and where the heaviest reliance is placed must be determined. Internal controls must then be assessed, as well as the segregated duties in this section. To be able to assess the problems, internal and external auditors should rethink previous problems in terms of controls, which may give good indications of where the problem areas are.
Risk Priorities:
• Low Risk
Internal controls = very good.
Segregation of duties = more than adequate.
Supervisory and custodial controls = effective.
There should be no known or rumored losses in that section.
• Medium Risk
Internal controls = good.
Segregation of duties = adequate.
There should be no audit queries relating to control issues.
There should be an assessment that there is heavy reliance on trust, but that it is not an issue.
• High Risk
Internal controls = deficient.
Supervisory and custodial controls = inadequate.
There will be heavy reliance on trust.
There will be historical audit queries.
There may be previous losses.
• Critical Risk
Includes all of the factors considered under High Risk (above).
There will be known shortages.
The incumbent can do a considerable amount of damage to the organization.
3. Grade employees:
Employees that fall under the High Risk and Critical Risk profiles must be graded as low, medium, high, or red, based on the reviews. Low and Medium Risk employees do not match the description of fraudsters, but still, fraudsters often appear to be above suspicion.
High risk employees are the ones who fit a fraudster’s profile.
Red risk employees are the ones who fit a fraudster’s profile, and have been named in actual fraud alerts such as anonymous tip-offs, a track record of indiscretions, or repeated warnings. Red risk employees are those who previously got off on a technicality, have prior criminal records, or have been dismissed for dishonesty from previous jobs. They are usually the ones talked about like: “we know he is stealing, but we haven’t caught him yet”.
To grade employees and test whether the allegations are true, test will have to be performed to profile the alleged fraudster.
Profiling consists of:
• All personal details.
• Previous employment.
• Personal habits.
• Background checks.
• Qualifications.
• Financial profile.
• Behavioral profile.
• Access in the different departments of the organization.
• Asset tracing.
• Links with suppliers.
4. Proactive tests for fraud:
Proactive fraud auditing is justified for all sectors which are exposed to any type of fraud. The testing for fraud is very open-ended and requires a number of complementary skills. When elements of fraud are discovered, a fraud response plan should be followed.
Four components of a fraud risk assessment:
1. Identify areas of exposures:
This is a process where the audit team identifies areas where fraud has been committed based on current trends within the industry, rumors, allegations, or it may be triggered by discoveries in other locations. The audit team needs to identify the types of fraud committed, such as cheque fraud, procurement fraud, and computer fraud. The frauds need to be evaluated to facilitate a process of prioritizing fraud risk. Managers of each department are responsible for evaluating their own departments in terms of their department’s fraud risk. The evaluation can consist of either atop-down or pyramid fashion, making all departments aware of fraud risk and recognize proactive steps taken by the board of directors to restrict the organization’s exposure to fraud as set out in the fraud policy. With this step everyone is made aware of fraud and has to contribute to the fight against fraud. After all the evaluations from each department is received, the fraud team has to assess the priorities of each department and start a planning process.
2. Grade positions in the exposed areas:
Further assessments are necessary to determine if there has been any fraud committed or if there is any fraud in progress in the exposed areas. This is a very subjective test and should be used as a guideline for prioritization purposes only. If the assessment has revealed exposure to a particular fraud, the positions which are the most exposed, and where the heaviest reliance is placed must be determined. Internal controls must then be assessed, as well as the segregated duties in this section. To be able to assess the problems, internal and external auditors should rethink previous problems in terms of controls, which may give good indications of where the problem areas are.
Risk Priorities:
• Low Risk
Internal controls = very good.
Segregation of duties = more than adequate.
Supervisory and custodial controls = effective.
There should be no known or rumored losses in that section.
• Medium Risk
Internal controls = good.
Segregation of duties = adequate.
There should be no audit queries relating to control issues.
There should be an assessment that there is heavy reliance on trust, but that it is not an issue.
• High Risk
Internal controls = deficient.
Supervisory and custodial controls = inadequate.
There will be heavy reliance on trust.
There will be historical audit queries.
There may be previous losses.
• Critical Risk
Includes all of the factors considered under High Risk (above).
There will be known shortages.
The incumbent can do a considerable amount of damage to the organization.
3. Grade employees:Employees that fall under the High Risk and Critical Risk profiles must be graded as low, medium, high, or red, based on the reviews. Low and Medium Risk employees do not match the description of fraudsters, but still, fraudsters often appear to be above suspicion.
High risk employees are the ones who fit a fraudster’s profile.
Red risk employees are the ones who fit a fraudster’s profile, and have been named in actual fraud alerts such as anonymous tip-offs, a track record of indiscretions, or repeated warnings. Red risk employees are those who previously got off on a technicality, have prior criminal records, or have been dismissed for dishonesty from previous jobs. They are usually the ones talked about like: “we know he is stealing, but we haven’t caught him yet”.
To grade employees and test whether the allegations are true, test will have to be performed to profile the alleged fraudster.
Profiling consists of:
• All personal details.
• Previous employment.
• Personal habits.
• Background checks.
• Qualifications.
• Financial profile.
• Behavioral profile.
• Access in the different departments of the organization.
• Asset tracing.
• Links with suppliers.
4. Proactive tests for fraud:
Proactive fraud auditing is justified for all sectors which are exposed to any type of fraud. The testing for fraud is very open-ended and requires a number of complementary skills. When elements of fraud are discovered, a fraud response plan should be followed.
Tuesday, August 3, 2010
Process of Evidence
Most of the time when crimes are committed, the criminal leaves physical evidence behind, for example, documents, fingerprints, DNA, etc. Documents are the most probable evidence when it comes to forensic auditing.
The best opportunity to collect evidence is at a crime scene, sometimes giving the investigator the only opportunity to recognize, collect, and record physical evidence.
Investigators should recognize, collect, and record evidence as they see logical or relevant to a case, as there are no rules to what may be collected as evidence, but the evidence collected has to have scientific and legal value. Because physical evidence is extremely important in a legal proceeding, investigators should be familiar with the basic principles and procedures surrounding physical evidence and should be able to collect and preserve this evidence competently.
Experts are needed to process some evidence such as fingerprints or any other laboratory related processes, documents on the other hand need little or no processing, and it is crucial that an investigator collect, package and mark, and identify all the relevant evidence needed to investigate a case successfully. The evidence collected has to be given in court, if called upon to do so.
The following process is used by the South African Police Service, although its not the only acceptable process to collect evidence and present it to court, it is a good guideline to forensic auditors:
1. Recognition:
According to the Locard principle, all crime scenes have evidence, and as soon as a forensic investigator arrives at a crime scene, he/she should start looking for any physical evidence related to a crime. It is crucial to collect and package all evidence for storage, as the original files should be copied and the copies should be used in an investigation instead of the originals. The reason for this is that dockets get lost and stolen, and if the original evidence was included in the docket, the originals will be gone, and the case will most likely be lost.
2. Protection:
It is crucial to ensure that evidence is preserved and protected by safeguarding it until it is necessary to provide the collected evidence in court, so that no evidential losses are suffered in a case. The steps taken to preserve evidence from being tampered with must also be recorded as it may be required in court.
3. Recording:
Examples of recording physical evidence are by use of photographs, sketches, video tapes, voice recordings, and written notes. The recordings of physical evidence of a crime scene are an assurance that the evidence is reliable and can be presented successfully in court. Recordings must contain a date, location, time, and the persons at present.
4. Packaging:
Packaging evidence depends on the type of evidence, for instance, documents can be preserved by placing it in a plastic sleeve, evidence such as fire arms can be preserved in a paper folder, and small evidence can be placed in small plastic zip-lock bags, ensuring that the evidence does not get tampered with or contaminated.
Samples that have to be compared should be separate from examples that have to be analyzed, for example hair samples. A piece of hair should be sent to a laboratory for analysis to determine what specie the hair is from (dog, cat, human) and what other substances are found on the hair (chemicals, fibers, dirt). Another sample of hair should be preserved to be compared with the hair of suspects or victims.
The less people handle evidence, the better it is preserved. The less people handle samples before and during packaging, the better the sample will be preserved, giving clearer indications during analysis or comparison.
Evidence should be kept in storage for a minimum of five years after the case has been closed, because the case can be reopened due to new evidence found or a new investigation related to the stored evidence. Stored evidence should have an index number with a detailed description about the inclusive exhibits for easy referencing.
5. Marking physical evidence:
All evidence should be marked with an exhibit number, as soon as it is discovered, in such a way that it does not deteriorate or harm the value of the evidence. The exhibit number should also be documented so that you can refer back to it, with regards to the location it was found and how it fits into the puzzle pieces of an investigation, when the exhibits are presented in court.
Personally, I think all evidence should be placed in a folder or plastic sheet or zip-lock bag with an exhibit number tagged or labeled on the container. Writing an exhibit number on a document might influence the evidential value, and should rather be done on a copy of an evidence document.
6. Preservation of integrity:
Constantly safeguarding evidence assures the court that evidence or exhibits have not been tampered with, keeping the evidential value in tact is a high priority from when it is collected until the time it needs to be presented in court and accepted as evidence. Convincing the court that the evidence has not been tampered with, I think, can be gained by documenting where evidence has been stored or locked up.
7. Maintenance of continuity of possession:
It is crucial in a court proceeding that evidence is not questionable but reliable. By making sure that a minimum amount of people handle evidence, and that all persons who handled the evidence in question are recorded, the evidence stays highly reliable.
Although evidence may be collected, marked, packaged, and sealed in accordance to court standards, doubt in the persons who handled the evidence may make the evidence questionable, which is why the integrity of physical evidence is so crucially important to a forensic investigator.
All persons who handled evidence have to appear in court and testify about the condition of the exhibit whilst they handled it.
8. Presentation in court:
The forensic investigator who collected evidence will be asked questions in court by the court and the defense about the evidence presented. The investigator will also have to identify and confirm the evidence and the relevance to the case.
When the evidence is presented successfully and the questioning has gone successfully, then only will the court accept the evidence as reliable and relevant.
The best opportunity to collect evidence is at a crime scene, sometimes giving the investigator the only opportunity to recognize, collect, and record physical evidence.
Investigators should recognize, collect, and record evidence as they see logical or relevant to a case, as there are no rules to what may be collected as evidence, but the evidence collected has to have scientific and legal value. Because physical evidence is extremely important in a legal proceeding, investigators should be familiar with the basic principles and procedures surrounding physical evidence and should be able to collect and preserve this evidence competently.
Experts are needed to process some evidence such as fingerprints or any other laboratory related processes, documents on the other hand need little or no processing, and it is crucial that an investigator collect, package and mark, and identify all the relevant evidence needed to investigate a case successfully. The evidence collected has to be given in court, if called upon to do so.
The following process is used by the South African Police Service, although its not the only acceptable process to collect evidence and present it to court, it is a good guideline to forensic auditors:
1. Recognition:
According to the Locard principle, all crime scenes have evidence, and as soon as a forensic investigator arrives at a crime scene, he/she should start looking for any physical evidence related to a crime. It is crucial to collect and package all evidence for storage, as the original files should be copied and the copies should be used in an investigation instead of the originals. The reason for this is that dockets get lost and stolen, and if the original evidence was included in the docket, the originals will be gone, and the case will most likely be lost.
2. Protection:
It is crucial to ensure that evidence is preserved and protected by safeguarding it until it is necessary to provide the collected evidence in court, so that no evidential losses are suffered in a case. The steps taken to preserve evidence from being tampered with must also be recorded as it may be required in court.
3. Recording:
Examples of recording physical evidence are by use of photographs, sketches, video tapes, voice recordings, and written notes. The recordings of physical evidence of a crime scene are an assurance that the evidence is reliable and can be presented successfully in court. Recordings must contain a date, location, time, and the persons at present.
4. Packaging:
Packaging evidence depends on the type of evidence, for instance, documents can be preserved by placing it in a plastic sleeve, evidence such as fire arms can be preserved in a paper folder, and small evidence can be placed in small plastic zip-lock bags, ensuring that the evidence does not get tampered with or contaminated.
Samples that have to be compared should be separate from examples that have to be analyzed, for example hair samples. A piece of hair should be sent to a laboratory for analysis to determine what specie the hair is from (dog, cat, human) and what other substances are found on the hair (chemicals, fibers, dirt). Another sample of hair should be preserved to be compared with the hair of suspects or victims.
The less people handle evidence, the better it is preserved. The less people handle samples before and during packaging, the better the sample will be preserved, giving clearer indications during analysis or comparison.
Evidence should be kept in storage for a minimum of five years after the case has been closed, because the case can be reopened due to new evidence found or a new investigation related to the stored evidence. Stored evidence should have an index number with a detailed description about the inclusive exhibits for easy referencing.
5. Marking physical evidence:All evidence should be marked with an exhibit number, as soon as it is discovered, in such a way that it does not deteriorate or harm the value of the evidence. The exhibit number should also be documented so that you can refer back to it, with regards to the location it was found and how it fits into the puzzle pieces of an investigation, when the exhibits are presented in court.
Personally, I think all evidence should be placed in a folder or plastic sheet or zip-lock bag with an exhibit number tagged or labeled on the container. Writing an exhibit number on a document might influence the evidential value, and should rather be done on a copy of an evidence document.
6. Preservation of integrity:
Constantly safeguarding evidence assures the court that evidence or exhibits have not been tampered with, keeping the evidential value in tact is a high priority from when it is collected until the time it needs to be presented in court and accepted as evidence. Convincing the court that the evidence has not been tampered with, I think, can be gained by documenting where evidence has been stored or locked up.
7. Maintenance of continuity of possession:
It is crucial in a court proceeding that evidence is not questionable but reliable. By making sure that a minimum amount of people handle evidence, and that all persons who handled the evidence in question are recorded, the evidence stays highly reliable.
Although evidence may be collected, marked, packaged, and sealed in accordance to court standards, doubt in the persons who handled the evidence may make the evidence questionable, which is why the integrity of physical evidence is so crucially important to a forensic investigator.
All persons who handled evidence have to appear in court and testify about the condition of the exhibit whilst they handled it.
8. Presentation in court:
The forensic investigator who collected evidence will be asked questions in court by the court and the defense about the evidence presented. The investigator will also have to identify and confirm the evidence and the relevance to the case.
When the evidence is presented successfully and the questioning has gone successfully, then only will the court accept the evidence as reliable and relevant.
Monday, August 2, 2010
Fraud
Fraud is the unlawful and intentional making of a misrepresentation which causes actual prejudice or which is potentially prejudicial to another.
There are four elements of the crime of fraud, namely:
1. A misrepresentation;
2. Prejudice or potential prejudice;
3. Unlawfulness and;
4. Intention.
The crime of fraud is originally known in Roman law as stellionatus and crimina falsi. Stellionatus was the criminal-law equivalent of the delict dolus, and developed from the actio de dolo in private law. It involved intentional misrepresentations resulting in harm or prejudice to others. Crimina falsi was the collective term for a number of crimes relating to falsification, almost all of which were derived from the rex Cornelia de Falsis. These different forms of falsification were, however, never unified into one generic crime. Examples of the crimina falsi are the falsification of will, of weights and measures, and of evidence. In the crimina falsi it was not required that somebody should necessarily have been prejudiced by X’s conduct. In stellionatus there seems to have been some form of prejudice in most of the examples mentioned in the sources, but it doubtful whether the prejudice necessarily had to be actual or of a proprietary nature: potential or non-proprietary prejudice seems to have been sufficient.
Roman-Dutch writers did not differentiate clearly between stellionatus and crimina falsi. At the beginning of this century the distinction between these two crimes became blurry; the courts combined stellionatus and crimina falsi and formed a new crime known as fraud. In fact, fraud has sometimes even been referred to as falsitas or “falsiteit”. The most important result of this merging has been that fraud may now be committed even where there is no actual proprietary prejudice: even non-proprietary or potential prejudice may be sufficient to result in a conviction.
Because the prejudice need not necessarily be proprietary in a character it follows that the interest protected by the crime is not exclusively property; it may sometimes be an interest of another nature, such as legal certainty.
1. Misrepresentation:
The form of misrepresentation can be in writing, the spoken word, or any gesture like the nodding of the head.
The conduct of the perpetrator will also imply the misrepresentation by his action.
When a person books into a hotel, he thereby implies that he will be/or is in a position to pay for accommodation. When he disappears without paying, his conduct by booking in, was a misrepresentation by implication.
The misrepresentation can be made by either the commission or omission.
Another form could be a promise about the future. When a person pays for goods with a post dated cheque, and there is good faith that he would have sufficient funds by then, it would not be a misrepresentation. But if a person was fired from his workplace and he is without income, then it would be a misrepresentation.
2. Prejudice or potential prejudice:
There must be real or potential prejudice. The mere telling of a lie would be the difference when as result of the lie could lead to the harm of another. The lie would be the misrepresentation, and the harm would be the prejudice. An example of prejudice would be when you buy goods with a stolen cheque, and get away with it.
Potential prejudice is when the harm was avoided by any type of intervention. When there was a possibility that you could have suffered any loss, but it did not manifest, that is when it is a potential loss or prejudice. An example of potential prejudice would be when you buy goods with a stolen cheque, and the store owner verifies the validity of the cheque, and you did not obtain any benefit.
The question is not if someone would suffer any loss, but rather if someone could suffer any loss.
3. Unlawfulness:
In the case of fraud, unlawfulness means making a misrepresentation with the intention of prejudicing another person. The state must prove this element beyond reasonable doubt. Here one should ascertain what the law prescribes. “Fraud is the unlawful and intentional…” To profit from someone by means of a misrepresentation is unlawful.
4. Intention:
The perpetrator must be aware of the fact that that the representation is false. The investigator must make sure that the intention was to defraud and not to deceive.
Negligence can not be equated with intention.
The intention will always be to profit from another by means of a misrepresentation.
5. Casualty:
Casualty is the relationship of cause and effect between two incidents: if one incident leads to another, there is a “casual relationship” between the two. In the case of fraud, the misrepresentation must cause actual or potential prejudice, in other words there must be a casual relationship between the misrepresentation and the prejudice.
There are four elements of the crime of fraud, namely:
1. A misrepresentation;
2. Prejudice or potential prejudice;
3. Unlawfulness and;
4. Intention.
The crime of fraud is originally known in Roman law as stellionatus and crimina falsi. Stellionatus was the criminal-law equivalent of the delict dolus, and developed from the actio de dolo in private law. It involved intentional misrepresentations resulting in harm or prejudice to others. Crimina falsi was the collective term for a number of crimes relating to falsification, almost all of which were derived from the rex Cornelia de Falsis. These different forms of falsification were, however, never unified into one generic crime. Examples of the crimina falsi are the falsification of will, of weights and measures, and of evidence. In the crimina falsi it was not required that somebody should necessarily have been prejudiced by X’s conduct. In stellionatus there seems to have been some form of prejudice in most of the examples mentioned in the sources, but it doubtful whether the prejudice necessarily had to be actual or of a proprietary nature: potential or non-proprietary prejudice seems to have been sufficient.
Roman-Dutch writers did not differentiate clearly between stellionatus and crimina falsi. At the beginning of this century the distinction between these two crimes became blurry; the courts combined stellionatus and crimina falsi and formed a new crime known as fraud. In fact, fraud has sometimes even been referred to as falsitas or “falsiteit”. The most important result of this merging has been that fraud may now be committed even where there is no actual proprietary prejudice: even non-proprietary or potential prejudice may be sufficient to result in a conviction.
Because the prejudice need not necessarily be proprietary in a character it follows that the interest protected by the crime is not exclusively property; it may sometimes be an interest of another nature, such as legal certainty.
1. Misrepresentation:
The form of misrepresentation can be in writing, the spoken word, or any gesture like the nodding of the head.
The conduct of the perpetrator will also imply the misrepresentation by his action.
When a person books into a hotel, he thereby implies that he will be/or is in a position to pay for accommodation. When he disappears without paying, his conduct by booking in, was a misrepresentation by implication.
The misrepresentation can be made by either the commission or omission.
Another form could be a promise about the future. When a person pays for goods with a post dated cheque, and there is good faith that he would have sufficient funds by then, it would not be a misrepresentation. But if a person was fired from his workplace and he is without income, then it would be a misrepresentation.
2. Prejudice or potential prejudice:There must be real or potential prejudice. The mere telling of a lie would be the difference when as result of the lie could lead to the harm of another. The lie would be the misrepresentation, and the harm would be the prejudice. An example of prejudice would be when you buy goods with a stolen cheque, and get away with it.
Potential prejudice is when the harm was avoided by any type of intervention. When there was a possibility that you could have suffered any loss, but it did not manifest, that is when it is a potential loss or prejudice. An example of potential prejudice would be when you buy goods with a stolen cheque, and the store owner verifies the validity of the cheque, and you did not obtain any benefit.
The question is not if someone would suffer any loss, but rather if someone could suffer any loss.
3. Unlawfulness:
In the case of fraud, unlawfulness means making a misrepresentation with the intention of prejudicing another person. The state must prove this element beyond reasonable doubt. Here one should ascertain what the law prescribes. “Fraud is the unlawful and intentional…” To profit from someone by means of a misrepresentation is unlawful.
4. Intention:
The perpetrator must be aware of the fact that that the representation is false. The investigator must make sure that the intention was to defraud and not to deceive.
Negligence can not be equated with intention.
The intention will always be to profit from another by means of a misrepresentation.
5. Casualty:
Casualty is the relationship of cause and effect between two incidents: if one incident leads to another, there is a “casual relationship” between the two. In the case of fraud, the misrepresentation must cause actual or potential prejudice, in other words there must be a casual relationship between the misrepresentation and the prejudice.
Perjury
Perjury consists in the unlawful and intentional making of a false statement in the course of a judicial proceeding by a person who has taken the oath or made an affirmation before, or who has been admonished by, somebody competent to administer or accept the oath, affirmation or admonition.
There are six elements of the crime of perjury, namely:
1. The making of a declaration;
2. Which is false;
3. Under oath or in a form equivalent to an oath;
4. In the course of a juridical proceeding;
5. Unlawfulness and;
6. Intention.
Perjury can only be committed when;
• The statement is false. The deponent must be aware that his statement is not the truth.
• Statement need not to be material. The statement can be in the form of verbal evidence. Since 1935 it is no longer necessary for the prosecution to allege or proof the materiality of the statement. .must have been administered by a person who is competent to administer the oath or in a form equivalent to an oath
• The statement must form part of a judicial proceeding. The judicial proceeding could either be in a criminal matter or civil matter.
• Court need not have jurisdiction. No decision could be found that perjury can only be committed before a court having jurisdiction. One can accept that if a false statement is made before a ‘tribunal’ which does not have the same powers of a court of law, no perjury is committed.
• On oath, affirmation or admonition. The deponent must be under oath or in a form equivalent to an oath.
• Unlawfulness: It is unlawful to make a false statement in the course of a judicial proceeding. The norm will be to prosecute witnesses who falsely testify to mislead the proceedings. When the accused has made a false statement in order to benefit him, but he is convicted on the original charge against him, he would not be charged for perjury. His conviction and sentence would generally deem to be sufficient punishment for the perjury itself.
• Intention: The deponent must have the intention in the form of mens rea to mislead the judicial proceeding by giving a false statement.
There are six elements of the crime of perjury, namely:
1. The making of a declaration;
2. Which is false;
3. Under oath or in a form equivalent to an oath;
4. In the course of a juridical proceeding;
5. Unlawfulness and;
6. Intention.
Perjury can only be committed when;
• The statement is false. The deponent must be aware that his statement is not the truth.
• Statement need not to be material. The statement can be in the form of verbal evidence. Since 1935 it is no longer necessary for the prosecution to allege or proof the materiality of the statement. .must have been administered by a person who is competent to administer the oath or in a form equivalent to an oath
• The statement must form part of a judicial proceeding. The judicial proceeding could either be in a criminal matter or civil matter.
• Court need not have jurisdiction. No decision could be found that perjury can only be committed before a court having jurisdiction. One can accept that if a false statement is made before a ‘tribunal’ which does not have the same powers of a court of law, no perjury is committed.
• On oath, affirmation or admonition. The deponent must be under oath or in a form equivalent to an oath.
• Unlawfulness: It is unlawful to make a false statement in the course of a judicial proceeding. The norm will be to prosecute witnesses who falsely testify to mislead the proceedings. When the accused has made a false statement in order to benefit him, but he is convicted on the original charge against him, he would not be charged for perjury. His conviction and sentence would generally deem to be sufficient punishment for the perjury itself.
• Intention: The deponent must have the intention in the form of mens rea to mislead the judicial proceeding by giving a false statement.
Culpability
The Latin expression mens rea means “guilty mind”. The Latin expression culpa means “punishable”. If you take the two Latin expressions in mind it could ascertain what the intentions of the perpetrator was.
The whole question of culpability may be reduced to one simple question namely “could one in all fairness have expected X to avoid the wrongdoing?”
Culpability arises only once it has been established that there was an unlawful act. It would be nonsensical to attach blame to lawful conduct.
The unlawfulness of the act is determined by the criteria which are applicable to everybody in society, whether rich or poor, young or old, clever or stupid. The law also refers to these criteria as “the reasonable man”. This is the reason why it is just as unlawful for somebody who is poor to steal as for somebody who is rich and why it is just as unlawful for psychopaths, who find it very difficult to control their sexual desires, to commit sexual offences as it is for normal people. Criteria employed to determine unlawfulness do not relate to the perpetrator’s personal characteristics.
However, when the question of culpability arises, the picture changes, the focus now shifts to the perpetrator as a person and as an individual, and the question here is whether a particular person, in the light of his personal aptitudes, gifts, short comings and knowledge, and of what the legal order may fairly expect of him, can be blamed for his wrongdoing. If this is the case, it means that the wrongdoing can be attributed to X personally, he is charge with the account arising from the wrongdoing. The question to be asked is what the reasonable man would do in the same circumstances.
Culpability could be simply described as the punitive consequences when committing an offence.
The whole question of culpability may be reduced to one simple question namely “could one in all fairness have expected X to avoid the wrongdoing?”
Culpability arises only once it has been established that there was an unlawful act. It would be nonsensical to attach blame to lawful conduct.
The unlawfulness of the act is determined by the criteria which are applicable to everybody in society, whether rich or poor, young or old, clever or stupid. The law also refers to these criteria as “the reasonable man”. This is the reason why it is just as unlawful for somebody who is poor to steal as for somebody who is rich and why it is just as unlawful for psychopaths, who find it very difficult to control their sexual desires, to commit sexual offences as it is for normal people. Criteria employed to determine unlawfulness do not relate to the perpetrator’s personal characteristics.
However, when the question of culpability arises, the picture changes, the focus now shifts to the perpetrator as a person and as an individual, and the question here is whether a particular person, in the light of his personal aptitudes, gifts, short comings and knowledge, and of what the legal order may fairly expect of him, can be blamed for his wrongdoing. If this is the case, it means that the wrongdoing can be attributed to X personally, he is charge with the account arising from the wrongdoing. The question to be asked is what the reasonable man would do in the same circumstances.
Culpability could be simply described as the punitive consequences when committing an offence.
Unlawfulness
The mere fact that there is an act which complies with the definitional elements does not mean that the person who performs the act is liable for the particular crime. Satisfying the definitional elements is not the only general requirement for liability. The next step in the determination of liability is to enquire whether the act which complies with the definitional elements is also unlawful.
An act which complies with the definitional elements is not necessarily unlawful. This will immediately become clear if one considers the following example:
The definitional elements of murder: Nevertheless a person is not guilty if he/she kills somebody in self-defense; the act is then justified and therefore not unlawful.
It is a common phenomenon that an act which presumably falls within the letter of the law (in other words, which corresponds to the definitional element) proves upon closer scrutiny not to be contrary to the law as The Law tolerates the violation of the legal norm, because the law does not consist merely of commands and prohibitions contained in the definitional elements but also of rules or criteria which is contrary to such command or prohibition. An act is unlawful if it is in conflict with the rules or criteria of the legal order as a whole, and not merely with the particular definitional elements.
In Criminal Law the definition of a crime normally comprises of the following introduction “…the unlawful and intentional…” It is clearly defined in the act that a certain transgression is punishable due to the action of a perpetrator.
An act which complies with the definitional elements is not necessarily unlawful. This will immediately become clear if one considers the following example:
The definitional elements of murder: Nevertheless a person is not guilty if he/she kills somebody in self-defense; the act is then justified and therefore not unlawful.
It is a common phenomenon that an act which presumably falls within the letter of the law (in other words, which corresponds to the definitional element) proves upon closer scrutiny not to be contrary to the law as The Law tolerates the violation of the legal norm, because the law does not consist merely of commands and prohibitions contained in the definitional elements but also of rules or criteria which is contrary to such command or prohibition. An act is unlawful if it is in conflict with the rules or criteria of the legal order as a whole, and not merely with the particular definitional elements.In Criminal Law the definition of a crime normally comprises of the following introduction “…the unlawful and intentional…” It is clearly defined in the act that a certain transgression is punishable due to the action of a perpetrator.
Conduct
The unlawfulness of an act will be the conduct of the perpetrator. It will either be the positive conduct “commission” or negative conduct “omission” that would be a transgression of the law. Commission is when you act willfully in a positive manner against a certain law that prohibits your action. You will be guilty of contravening the law when your commission is unlawful. We can use assault as a good example, or theft of cash. Omission is your conduct where you fail to act when you were supposed to act as set out in a specific law. This means it is to neglect a prescribed act of the law. Here we can think of a mother neglecting to care for her sick child, or a person failing to submit his revenue to SARS when it is obligated to do so.
The act of your conduct means the type of act described in the definitional elements.
Criminal law does not prohibit a mere act in /abstract to /. Put differently, there is no rule of law declaring “you may not act”. At every conscious moment of a person’s existence he/she performs some act or another, such as walking, opening a door, or simply sitting and staring etc.
It stands to reason that “act” as the word is use in criminal law does not refer to the “events” just mentioned, it refers only to the type of act mentioned in definition of the crime with which X is charged, an more specifically the type of act set out in the definitional elements of the relevant crime. The law does not concern itself with any other possible “act” committed by X (i.e. an act other than the one mentioned in the definitional elements). Thus if X is charged with arson, the act required- is setting a fire to a certain type of structure.
The act of your conduct means the type of act described in the definitional elements.
Criminal law does not prohibit a mere act in /abstract to /. Put differently, there is no rule of law declaring “you may not act”. At every conscious moment of a person’s existence he/she performs some act or another, such as walking, opening a door, or simply sitting and staring etc.
It stands to reason that “act” as the word is use in criminal law does not refer to the “events” just mentioned, it refers only to the type of act mentioned in definition of the crime with which X is charged, an more specifically the type of act set out in the definitional elements of the relevant crime. The law does not concern itself with any other possible “act” committed by X (i.e. an act other than the one mentioned in the definitional elements). Thus if X is charged with arson, the act required- is setting a fire to a certain type of structure.
The difference between intention and negligence
In crimes of intention the accused is blameworthy because he knew or foresaw that his conduct was forbidden and that is was unlawful but nevertheless proceeded to engage in the conduct. In crimes of negligence, on the other hand, the accused is blameworthy because he did not know or foresee something or did not do something, although according to the standards of the law he should have known or foreseen something or should have performed an act.
Intention therefore always has a positive character: the accused willed or knew or foresaw something. Negligence, on the other hand, always has a negative character: the accused did not will or know or foresee something, although according to the standards of the law he should have known or foreseen it.
Intention therefore always has a positive character: the accused willed or knew or foresaw something. Negligence, on the other hand, always has a negative character: the accused did not will or know or foresee something, although according to the standards of the law he should have known or foreseen it.
Roles of the different disciplines involved in fraud investigations
The auditor/accountant:
The auditor plays a vital role in fraud prevention with regard to fraud risk assessments, surprise audits and other auditing-related activities.
The role of the auditor in the fraud detection process is even more wide-ranging. Studies have concluded that internal auditing and internal controls are responsible for the majority of fraud detection. In forensic investigation process the auditor is the one likely to end up on the witness stand to present testimony on his/her findings.
In fraud and other economic crime that often involve complex financial transactions the auditor’s role is to analyze and investigate these transactions and to reach certain conclusions about them.
The auditor gathers documentary evidence that is relevant to the investigation and the auditor’s report, forms part of the case docket that is ultimately prepared for the criminal trail. Auditors usually testify about facts only gain on their findings on relevant transactions.
The role of the forensic auditor is to gather evidence. They deal almost exclusively with facts. The forensic auditor must therefore remain objective and allow the facts to lead to the correct conclusions. For a forensic auditor to perform his/her function properly, it should have certain skills and knowledge that auditors would not necessarily have. The ability to draft a proper affidavit is an example a workable knowledge of law. Be familiar with law of evidence and rules pertaining to admissibility.
The legal specialist:
The role of the legal specialist is to ensure that the teams function within the parameters of the law and to ensure that fundamental rights remain protected. He must be aware of the complexity of the criminal and civil process that contains many pitfalls.
He must ensure that the case is prepared within the parameters of the law and that the evidence is obtained in a manner that will not render it inadmissible in a court of law. He should be accessible to all other team members for any assistance they may require.
He should review all working papers and other documents in order to ensure that it complies with legal requirements. He is the watchdog, who has to ensure total compliance by the team with all relevant rules, regulations, legislation, ethical boundaries etc. It is of utmost importance that the legal specialist should ensure throughout the investigation that the team operates within the terms of reference.
The investigator:
He brings the investigative skills learned from being a former or current member of the SAPS or other investigative agencies. He will typically conduct the interviews, take down the witness statements, gather documentary and physical evidence, and keep the investigation diary update an compile the case docket and/or working papers.
Most of the physical field work is conducted by the forensic investigator, who will also conduct background searches and checks, do tracing of persons, compile warrants and subpoenas etc.
An unlimited number of other experts may also be included in a forensic auditing team. Examples are computer specialists, handwriting and contested document specialists, independent consultants of various disciplines, valuators, engineers, medical experts etc.. The nature of the investigation and the particular industry in which the audit is conducted will dictate the special skills that are required. In some cases these specialists may be required to give expert testimony with regard to their findings in court.
The auditor plays a vital role in fraud prevention with regard to fraud risk assessments, surprise audits and other auditing-related activities.
The role of the auditor in the fraud detection process is even more wide-ranging. Studies have concluded that internal auditing and internal controls are responsible for the majority of fraud detection. In forensic investigation process the auditor is the one likely to end up on the witness stand to present testimony on his/her findings.
In fraud and other economic crime that often involve complex financial transactions the auditor’s role is to analyze and investigate these transactions and to reach certain conclusions about them.
The auditor gathers documentary evidence that is relevant to the investigation and the auditor’s report, forms part of the case docket that is ultimately prepared for the criminal trail. Auditors usually testify about facts only gain on their findings on relevant transactions.
The role of the forensic auditor is to gather evidence. They deal almost exclusively with facts. The forensic auditor must therefore remain objective and allow the facts to lead to the correct conclusions. For a forensic auditor to perform his/her function properly, it should have certain skills and knowledge that auditors would not necessarily have. The ability to draft a proper affidavit is an example a workable knowledge of law. Be familiar with law of evidence and rules pertaining to admissibility.
The legal specialist:
The role of the legal specialist is to ensure that the teams function within the parameters of the law and to ensure that fundamental rights remain protected. He must be aware of the complexity of the criminal and civil process that contains many pitfalls.
He must ensure that the case is prepared within the parameters of the law and that the evidence is obtained in a manner that will not render it inadmissible in a court of law. He should be accessible to all other team members for any assistance they may require.
He should review all working papers and other documents in order to ensure that it complies with legal requirements. He is the watchdog, who has to ensure total compliance by the team with all relevant rules, regulations, legislation, ethical boundaries etc. It is of utmost importance that the legal specialist should ensure throughout the investigation that the team operates within the terms of reference.
The investigator:
He brings the investigative skills learned from being a former or current member of the SAPS or other investigative agencies. He will typically conduct the interviews, take down the witness statements, gather documentary and physical evidence, and keep the investigation diary update an compile the case docket and/or working papers.
Most of the physical field work is conducted by the forensic investigator, who will also conduct background searches and checks, do tracing of persons, compile warrants and subpoenas etc.
An unlimited number of other experts may also be included in a forensic auditing team. Examples are computer specialists, handwriting and contested document specialists, independent consultants of various disciplines, valuators, engineers, medical experts etc.. The nature of the investigation and the particular industry in which the audit is conducted will dictate the special skills that are required. In some cases these specialists may be required to give expert testimony with regard to their findings in court.
Subscribe to:
Posts (Atom)
