King IV Report: Risk, Compliance and Assurance

The following points are taken from the King IV report copyrighted to The Institute of Directors Southern Africa NPC.

Introduction to King IV

The definition of corporate governance for the purposes of King IV, is defined as the exercise of ethical and effective leadership by the governing body towards the achievement of the following governance outcomes:

• Ethical culture
• Good performance
• Effective control
• Legitimacy

Ethical Leadership is exemplified by integrity, competence, responsibility, accountability, fairness and transparency. It involves the anticipation and prevention, or otherwise amelioration, of the negative consequences of the organisation’s activities and outputs on the economy, society and the environment and the capitals that it uses and affects.

Effective leadership is results-driven. It is about achieving strategic objectives and positive outcomes. Effective leadership includes, but goes beyond, an internal focus on effective and efficient execution.

Ethical and effective leadership should complement and reinforce each other.

The underpinning philosophies of King IV relating to sustainable development are:

• Integrated thinking
• The organisation as an integral part of society
• Stakeholder inclusivity and
• Corporate citizenship.

Sustainable development is understood as: ‘development that meets the needs of the present without compromising the ability of future generations to meet their needs’. It is a fitting response to the organisation being an integral part of society, its status as a corporate citizen and its stakeholders’ needs, interests and expectations.

The objectives of King IV are to:

• Promote corporate governance as integral to running an organisation and delivering governance outcomes such as ethical culture, good performance, effective control and legitimacy.
• Broaden the acceptance of the King IV by making it accessible and fit for implementation across a variety of sectors and organisational types.
• Reinforce corporate governance as a holistic and interrelated set of arrangements to be understood and implemented in an integrated manner.
• Encourage transparent and meaningful reporting to stakeholders.
• Present corporate governance as concerned with not only structure and process, but also with an ethical and consciousness and conduct.

Key changes in King IV
Changes worth noting in the King IV report include:

• King IV has been simplified with 17 principles as opposed to 75 principles in King III.
• King IV makes a clear definition between principles and practices.
• King IV is now ‘Apply and Explain’ as opposed to ‘Apply or Explain’.
• King IV advocates an outcomes based approach which means that it is expected of companies to consider the impact of their operations on the six capitals being Financial, Manufactured, Intellectual, Human, Social and Relationship, Natural. Please see https://api.barnowl.co.za/event/barnowl-information-sharing-session-29th-july-2016-on-the-integrated-report-and-integrated-thinking-in-the-reign-of-king-iv-by-leigh-roberts/ for more information on integrated reporting.
• King IV now requires the governing bodies of organisations to ensure that “active opportunity identification” is conducted. These are the stand-alone opportunities that are not necessarily aligned with any downside risk. Please see https://api.barnowl.co.za/insights/risk-and-opportunity-a-new-paradigm-or-old-news/ written by Gert Christiaan Cruywagen.
• King IV talks to broader base including the private, public, other sectors and organisational types referring now to ‘governing bodies’.
• King IV includes supplements to help organisations across a variety of sectors and organisational types to interpret and implement King IV as is suited to their particular circumstances.
• You can download the King IV report on corporate governance at: https://iodsa.co.za/page/KingIVReport .

Risk Management, Compliance and Assurance in King IV
The following are the key areas where King IV addresses risk management, compliance and assurance (including combined assurance and internal audit):

Strategy, Performance and Reporting: Principle 4: The governing body should appreciate that the organisation’s core purpose, its risk and opportunities, strategy, business model, performance and sustainable development are all inseparable elements of the value creation process.

Risk Governance: Principle 11: The governing body should govern risk in a way that supports the organisation in setting and achieving its strategic objectives.

Compliance Governance: Principle 13: The governing body should govern compliance with applicable laws and adopted, non-binding rules, codes and standards in a way that supports the organisation being ethical and good corporate citizen.

Assurance: Principle 15: The governing body should ensure that the assurance services and functions enable an effective control environment, and that these support the integrity of information for internal decision-making and of the organisation’s external reports. The governing body should ensure that the assurance services and functions enable an effective control environment, and that these support the integrity of information for internal decision-making and of the organisation’s external reports.

Combined Assurance:
40. The governing body should assume responsibility for assurance by setting the direction concerning the arrangements for assurance services and functions. The governing body should delegate to the audit committee, if in place, the responsibility for overseeing that those arrangements are effective in achieving the following objectives:

1. Enabling an effective internal control environment.
2. Supporting the integrity of information used for internal decision-making by management, the governing body and its committees.
3. Supporting the integrity of external reports.

42. The governing body should oversee that the combined assurance model is designed and implemented to cover effectively the organisation’s significant risks and material matters through a combination of the following assurance service providers and functions as is appropriate for the organisation:

1. The organisation’s line functions that own and manage risks.
2. The organisation’s specialist functions that facilitate and oversee risk management and compliance.
3. Internal auditors, internal forensic fraud examiners and auditors, safety and process assessors, and statutory actuaries.
4. Independent external assurance service providers such as external auditors.
5. Other external assurance providers such as sustainability and environmental auditors, external actuaries, and external forensic fraud examiners and auditors.
6. Regulatory inspectors.

Internal Audit:
48. The governing body should assume responsibility for internal audit by setting the direction for the internal audit arrangements needed to provide objective, relevant assurance that contributes to the effectiveness of governance, risk management and control processes.
58. The governing body should monitor on an ongoing basis that internal audit:

1. Follows an approved risk-based internal audit plan; and
2. Reviews the organisational risk profile regularly, and proposes adaptions to the internal audit plan accordingly.

59. The governing body should ensure that internal audit provides an overall statement annually as to the effectiveness of the organisation’s governance, risk management and control processes.

BarnOwl: an effective enabler of King IV risk, compliance and assurance

BarnOwl is one of the few software solutions on the market that provides a single, fully integrated governance, risk management, compliance and audit solution.

Risk Management

The BarnOwl Risk Management module facilitates:

• step by step enablement of Risk Management in your organisation
• best practice risk methodology (e.g. ISO31000, COSO) within your organisation
• an up-to-date view of your risk universe
• continuous monitoring of your risk universe
• improved quality and consistency of your information
• extremely powerful and flexible reporting at the click of a button including graphical drill-down reporting, trend reporting, combined assurance reporting etc.
• accountability and ownership of risk throughout your organisation
• a culture of risk and control within your organisation
• the coordinated achievement of your strategic vision (objectives)

Compliance:

The BarnOwl Compliance Management module facilitates:

• step by step enablement of Compliance Management in your organisation (e.g. Phase I – compliance risk identification, Phase II – compliance risk assessment, Phase III – compliance risk management (control optimisation) and Phase IV – compliance risk monitoring)
• best practice risk methodology (Generally Accepted Compliance Practice Framework (GACP) developed by The Compliance Institute Southern Africa) within your organisation
• an up-to-date regulatory universe
• the management of your regulatory universe by rating and monitoring compliance to the acts, regulations and provisions at every level of your organisation, where applicable.
• the importing of acts, sections, headings and provisions from 3rd party compliance content providers or using your own compliance content
• the creation of compliance risk management plans automatically
• the publishing of compliance checklists automatically
• the automatic generation of compliance reports including up-to-date dashboard of your compliance universe, scorecards, trends, heat map etc.
• the monitoring and tracking of non-compliance and remedial action via BarnOwl’s online action plans
• Director/Accounting officer protection (formalised approach to risk management and compliance)

Audit:

The BarnOwl Audit Management module facilitates:

• the full internal audit life cycle (e.g. planning, execution, reporting, monitoring, follow-up audits) with integration (audit alignment) back into risk management
• best practice audit methodology (International Professional Practice Framework (IPPF)) within your organisation.
• true risk and control based auditing ensuring that risks that matter to the organisation are audited and that the results are updated back into risk management.
• increased audit coverage with reduced audit time and cost
• simplified and standardised audit processes and reporting across all types of audit: risk & control, ad hoc, forensic, compliance etc.
• final audit reports, audit committee reporting, combined assurance reporting at the click of a button
• monitoring and tracking of findings via BarnOwl’s online action plans
• compliance with the IIA  standards supporting your quality assurance review

You can read more on risk-based auditing at: https://api.barnowl.co.za/insights/6-ways-risk-based-auditing-adds-value-to-your-organisation/

BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by over 200 organisations in Africa, Europe and the UK. BarnOwl supports best practice risk management, compliance and audit frameworks (e.g. COSO, ISO31000, Compliance Institute’s handbook, International Professional Practice Framework), whilst offering a highly flexible and configurable parameter-driven system allowing you to configure BarnOwl to meet your specific requirements.

BarnOwl is the preferred risk management solution for the South African public sector endorsed by the OAG (Office of the Accounting General).

Being a locally developed, owned and supported software solution, BarnOwl guarantees superior product support as well as on-going product development to meet localised requirements.

For more information see https://api.barnowl.co.za

Written by: Jonathan Crisp
Director: BarnOwl GRC

Acknowledgements to The Institute of Directors in Southern Africa NPC.