market capitalisation 8 total

Size: px

Start display at page:

Download "market capitalisation 8 total"

Grant Bishop
5 years ago
Views:

5 table 1: market capitalisation of companies (as at 30 Dec 2011) 7 market capitalisation 8 (companies with market cap of S$1 billion and above) number of samples selected % breakdown 9 30 12% report

3 5 table 1: market capitalisation of companies (as at 30 Dec 2011) 7 market capitalisation 8 (companies with market cap of S$1 billion and above) number of samples selected % breakdown % report legend to assist the reader distinguish between key categories of data we have adopted the following symbols: = market capitalisation (companies with market cap of S$300 million to less than S$1 billion) 30 12% = sector (companies with market cap of less than S$300 million) % % = government linked companies (GLCs) /non-government linked companies (non-glcs)

4 6 7 9 % 40 % 17 % 3 % manufacturing services real estate commerce transport /storage /communications others SGX population as at 6 sep % 19 % 17 % 6 % 6 % 5 % sample selection 35 % 21 % 18 % 8 % 2 % 3 % more than S$1 billion between S$500 million to S$1 billion between S$100 million and less than S$500 million less than S$100 million 10 % 37 % 40 % more than S$1 billion between S$500 million to S$1 billion between S$100 million and less than S$500 million less than S$100 million

5 8 9 table 2: comparison of requirements regarding adequacy and effectiveness of risk management and internal control systems code 2005 guidelines on CG 2010 SGX 1207(10) code 2012 internal controls: adequacy effectiveness risk management: adequacy effectiveness state of adoption 1. annual report disclosure SGX LR 1207(10) and PN opinion on the adequacy of internal controls 1.2 basis for opinion on internal controls revised Code 2012 (principle 11) 1.3 comment on adequacy and effectiveness of: internal controls risk management systems 1.4 assurance to the board by CEO & CFO basis for board opinion risk management capabilities 2. risk governance and oversight structures 3. risk management systems 3.1 risk management frameworks 3.2 whistle-blowing policies

7 12 13

8 15

9 16 17

10 18 19 table 3: 10 risk management practices risk management practice code of corporate governance 2012 risk governance guidelines SGX LR 1207(10) other references board assumes responsibility for risk management established BRC to manage risks principle 11 principle 11.4 appendix M appendix A appointed CRO or equivalent appendix A established MRC to manage risks 17 figure 6: has the board commented on risk management and internal controls as per the SGX LRs and CG Code (2005 and 2012)? SGX LRs and PN 12.2 revised code P11 code P12 80 % 12 % 23 % established IA function established risk management framework explained risk management framework principle 13 principle 11.1 principle 11.1 appendix L appendix C & L appendix M 87 % 17 % 43 % established whistleblowing policy principle 12.7 appendix L 83 % 7 % 17 % 78 % 12 % 21 % positive opinion with basis assurances from CEO and CFO principle 11.3 principle 11.3(b) appendix G & H appendix M 1207(10) & PN 12.2

11 20 21 figure 7: risk management practices compliance and adoption rates across market caps board assumes responsibility for risk management figure 8: risk management practices compliance and adoption rates by GLCs and non-glcs GLCs (n=22) non-glcs (n=228) 33 % 33 % 34 % 41 % 33 % board assumes responsibility for risk management commerce (n=46) 22 % 67 % manufacturing (n=88) 35 % real estate (n=33) 42 % services (n=51) 39 % transport/storage /communications 21 % others (n=7) 29 % established BRC to manage risks 63 % 4 % 27 % 55 % 10 % established BRC to manage risks 9 % 67 % 8 % 15 % 10 % 42 % 29 % appointed CRO or equivalent 37 % 3 % 7 % 32 % 5 % appointed CRO or equivalent 67 % 3 % 3 % 4 % 5 % 29 % established MRC to manage risks 53 % 5 % 17 % 45 % 9 % established MRC to manage risks 67 % 6 % 9 % 6 % 32 % 43 % established IA function 100 % 93 % 100 % 100 % 94 % established IA function 96 % 100 % 92 % 97 % 96 % 95 % 100 % established risk management framework 84 % 37 % 53 % 73 % 42 % established risk management framework 48 % 83 % 47 % 42 % 29 % 53 % 71 % explained risk management framework 67 % 27 % 30 % 45 % 31 % explained risk management framework 33 % 83 % 35 % 36 % 12 % 32 % 71 % established whistleblowing policy 83 % 91 % 90 % 91 % 90 % established whistle-eblowing policy 89 % 100 % 88 % 94 % 96 % 84 % 86 % positive opinion with basis 87 % 76 % 83 % 86 % 78 % positive opinion with basis 78 % 100 % 76 % 79 % 80 % 74 % 86 % assurances from CEO and CFO 16 % 14 % 15 % assurances from CEO and CFO 20 % 17 % 11 % 24 % 12 % 21 % 0 % Note: Leading practices identified by filled in shapes

12 % 20 % 87 % 83 % 17 % 79 % 21 % internal controls adequate - with basis provides reasonable assurance - with basis 1 % 78 % 78 % finance (n=6) commerce (n=46) services (n=51) real estate (n=33) 100 % 0 % 85 % 15 % 82 % 18 % 79 % 21 % CG report - Principle 11 (risk management and internal controls) directors report 92 % 10 % negative opinion - with basis internal control adequate - contrary to the absence of evidence 1 % 12 % 87 % manufacturing (n=88) transport/service /communications 77 % 23 % 74 % 26 % CG report - Principle 12/13 (AC and IA) 2.4 % internal control adequate - no basis 6 % 83 % others (n=7) 86 % 14 % other sections of the annual report 0.4 % provides reasonable assurance - no basis not stated Note: Statistics do not add up to 100% due to rounding 2 % 1 % 76 % GLCs (n=22) non-glcs (n=228) 86 % 80 % 14 % 20 % not stated 1.2 % Note: Figures add up to more than 100% as companies may report in more than one location.

13 24 25 figure 15: whether the board commented or opined on the adequacy and effectiveness of the company s internal control and risk management systems (by market cap) SGX LRs and PN 12.2 revised code P11 code P12 internal controls - adequacy 98 % internal controls - adequacy internal controls - effectiveness risk management - adequacy risk management - effectiveness comply with all 4 aspects 98 % 55 % 23 % 20 % 12 % 80 % 12 % 23 % commerce (n=46) 83 % 7 % 20 % internal controls - effectiveness 55 % 97 % 57 % 43 % 20 % 17 % 100 % 0 % 50 % risk management - adequacy 23 % 100 % 47 % 17 % 23 % 7 % manufacturing (n=88) 77 % 15 % 28 % risk management - effectiveness 20 % 98 % 56 % 21 % 19 % 12 % real estate (n=33) 79 % 12 % 18 % services (n=51) 82 % 12 % 16 % figure 16: adoption and compliance rates (GLCs and non-glcs) SGX LRs and PN 12.2 revised code P11 code P12 transport/ storage/ communications 74 % 11 % 21 % 80 % 23 % 12 % others (n=7) 86 % 14 % 29 % GLCs (n=22) 86 % 14 % 23 % non-glcs (n=228) 79 % 11 % 23 %

14 26 27 figure 21: assurance from CEO and CFO when there is an IA function yes 15 % no 85 % 15 % 85 % 87 % in-house IA function 87 % 87 % IA function outsourced 16 % 84 % finance (n=6) commerce (n=46) services (n=51) real estate (n=33) manufacturing (n=88) transport/service /communications 16 % 17 % 20 % 12 % 24 % 11 % 21 % 84 % 83 % 80 % 88 % 76 % 89 % 79 % figure 19: assurance from CEO and CFO when the BRC or AC oversees risk management when BRC oversees risk management (n=35) when AC oversees risk management (n=73) when there is no board committee to oversee risk (n=142) 15 % 85 % 11 % 16 % 15 % 89 % 84 % 85 % figure 20: assurance from CEO and CFO when there is a CRO relies on group IA no IA function 0 % 23 % 100 % 77 % process 4 th line of defence: board oversight 3 rd line of defence: independent assurance internal/external audit 2 nd line of defence: management and assurance risk management compliance 1 st line of defence: business governance / policy management systems operational governance financial governance policy management others (n=7) 0 % 100 % 15 % 85 % GLCs (n=22) non-glcs (n=228) 14 % 15 % 86 % 85 % when there is a CRO when CRO not stated in annual report (n=231) 11 % 16 % 89 % 84 % people

15 28 29 figure 26: companies with BRC (by sector) 14 % figure 24: which board committee helps the board to oversee risks? audit committee board risk committee not stated finance (n=6) transport/storage/ communications 67 % 42 % 29 % 14 % 57 % real estate (n=33) 15 % 30 % 63 % 7 % services (n=51) 10 % 43 % 27 % 30 % commerce (n=46) 9 % 27 % 4 % 69 % manufacturing (n=88) 8 % figure 23: who is responsible for governance of risk? board board committees (including AC and BRC) senior management (including MRC) not stated Note: For the purpose of this study, BRCs and ARCs are collectively referred to as BRCs others (n=7) 29 % 34 % 26 % 19 % 22 % figure 25: companies with BRC (GLCs and non-glcs) 33 % 40 % 20 % 7 % GLCs (n=22) 14 % 55 % 33 % 30 % 10 % 27 % non-glcs (n=228) 10 % 34 % 14 % 29 % 23 % Note: Statistics do not add up to 100% due to rounding. Also a number of annual reports did not identify those responsible for risk governance clearly. The researchers have coded the information using their best judgment.

16 30 31 figure 28: proportion of independent directors on the BRC figure 29: average BRC size and number of meetings held (n=35) 100% more than 50% to less than 100% 50% more than 0% to less than 50% 0% BRC size - FY11/12 BRC size - FY10/11 BRC meetings - FY11/12 BRC meetings - FY10/11 (n=35) 29 % 43 % 9 % 14 % 6 % (n=35) figure 27: is the BRC chairman independent? 37 % 42 % 5 % 11 % 5 % (n=35) 80 % 20 % (n=8) (n=8) (n=8) 79 % 75 % 88 % 21 % 25 % 12 % (n=8) (n=8) 25 % 50 % 25 % 38 % Note: Statistics do not add up to 100% due to rounding 0 % (n=8) % 25 % figure 30: percentage of BRC members who are also AC members on the same board % more than 50% to less than 100% % more than 0% to less than 50% % (n=35) 29 % 11 % 20 % 26 % 14 % 16 % 37 % 11 % 26 % 11 % figure 31: do companies with a BRC disclose having a separate CRO? yes not stated (n=8) 38 % 25 % companies with a BRC (n=35) 34 % 66 % (n=8) 50 % 0 % 25 % companies without a BRC (n=215) 3 % 97 % Note: Statistics do not add up to 100% due to rounding

17 32 33 figure 35: AC size number of directors by sector in-house IA function companies with BRC (n=35) 69 % companies without BRC (n=215) 27 % 2 directors 3 directors 4 directors 5 directors 6 directors 7 directors 72 % 23 % 4 % 0 % 0 % 0 % relies on group IA outsourced IA function 0% 28 % 2% 65 % commerce (n=46) 61 % 30 % 7 % 2 % 0 % 0 % no IA function 3% 6% finance (n=6) 83 % 17 % 0 % 0 % 0 % 0 % figure 33: do companies with a BRC disclose their risk management framework? companies with a BRC (n=35) yes 71 % not stated 29 % 73 % 23 % 4 % 0 % 0 % manufacturing (n=88) 78 % 18 % 3 % 0 % 0 % 0 % companies without a BRC (n=215) 40 % 60 % 43 % 43 % 10 % 0 % 3 % real estate (n=33) 67 % 30 % 3 % 0 % 0 % 0 % service (n=51) 2 % 78 % 18 % 2 % 0 % 0 % 67 % 30 % 3 % 0 % 0 % transport/storage /communications 63 % 37 % 0 % 0 % 0 % 0 % 78 % Note: Statistics do not add up to 100% due to rounding 19 % 3 % 0 % 0 % others (n=7) 71 % 14 % 14 % 0 % 0 % 0 % Note: Statistics do not add up to 100% due to rounding

18 34 35 figure 36: average AC size and number of meetings held figure 38: who is responsible for risk management at the C-suite level? (n=35) AC size - FY11/12 AC size - FY10/12 AC meetings - FY11/12 AC meetings - FY10/ CFO CRO CEO others [including executive directors, chief operating officer (COO)] 6 % 5 % 3 % 1 % not stated 85 % % 0 % 50 % 7 % (n=8) (n=8) % 3 % 0 % 3 % 80 % figure 37: comparison of ACs with and without risk management responsibilities 4 % 1 % 2 % 2 % 91 % (n=35) AC in charge of risk - average size AC not in charge of risk - average size AC in charge of risk - average meetings AC not in charge of risk - average meetings figure 39: companies with a CRO 5 % figure 40: companies with a CAE 14 % % 77 % (n=8) % (n=8) % 5 %

19 % 53 % 17 % 5 % transport/ storage/ communications commerce (n=46) real estate (n=33) manufacturing (n=88) services (n=51) others (n=7) 67 % 6 % 43 % 32 % 9 % 6 % GLC (n=22) non-glc (n=228) % 43 6 %

20 38 39 figure 42: IA function 32 % 60 % 2 % 6 % 90 % 3 % 7 % 0 % figure 45: disclosure of risk management framework in the annual report (by sector) 45 % 30 % 67 % 3 % 0 % finance (n=6) 83 % 24 % 68 % 1 % 7 % transport/storage/ communications 53 % real estate (n=33) 42 % services (n=51) 29 % commerce (n=46) 48 % (n=237) 39 % 77 % 32 % 55 % 67 % 30 % 17 % 23 % 16 % 47 % manufacturing (n=88) others (n=7) 47 % 71 % (n=177) 43 % 32 % 27 % 11 % 63 % Note: Statistics do not add up to 100% due to rounding

21 40 41 figure 46: is the whistle-blowing policy disclosed? figure 48: who discloses whistleblowing channels? 90 % 1 % 8 % 36 % 50 % figure 49: top three whistle-blowing channels (n=90) 83 % 17 % 0 % 40 % audit commitee internal audit management 90 % 0 % 10 % 33 % (n=90) 73 % 21 % 16 % 91 % 2 % 7 % finance (n=6) transport/storage/ communications 83 % 37 % (n=15) 47 % 73 % 7 % Note: Statistics do not add up to 100% due to rounding real estate (n=33) services (n=51) 48 % 35 % (n=12) 75 % 33 % 33 % 36 % 54 % 10 % commerce (n=46) 26 % (n=63) 79 % 6 % 14 % 50 % 40 % 33 % 50 % 17 % 10 % manufacturing (n=88) others (n=7) 32 % 57 % Note: Figures add up to more than 100% as companies may have multiple channels 33 % 58 % 9 % GLCs (n=22) 64 % non-glcs (n=228) 33 %

22 42 43 figure 52: who addresses whistle-blowing reports or cases? (n=40) figure 51: proportion of companies stating that internal controls are adequate with basis SGX LR 1207(10) and PN 12.2 (n=40) 65 % 20 % 20 9 % 5 % 8 % companies with whistleblowing policies and BRC (n=32) 91 % (n=7) 57 % 29 % 14 % 0 % 0 % audit committee 73 % companies with whistleblowing policies and AC to manage risks (n=68) 79 % (n=9) 56 % 22 % 33 % 0 % 0 % internal audit 21 % management 16 % companies withwhistleblowing policies but no BRC/AC to manage risk (n=126) 78 % (n=24) 71 % 17 % 17 % Note: Figures do not add up to 100% as companies may state multiple options 8 % whistle-blowing committee /coordinator HR/company secretary/inhouse legal counsel 7 % 10 % companies withwhistleblowing policies and no BRC/AC to manage risk (n=16) 69 % 6 % independent /non-independant board directors board chairman 4 % companies with AC to manage risks but without whistle-blowing policies (n=5) 60 % board members 1 % designated external parties 1 % companies with BRC to manage risks but without whistle-blowing policies (n=3) 33 %

23 44

24 46 47 appendix 1: sector classification appendix 3a: types of board opinions: examples from annual reports (with basis) SGX classification 31 classification used in the study type of opinion actual wording in annual report manufacturing service commerce manufacturing services commerce internal controls adequate (with basis) hotels properties real estate construction transport/ storage /communications finance transport/ storage /communications finance provides reasonable assurance (with basis) agriculture electricity/ gas/ water multi-industry others appendix 2: additional sector breakdown by number of companies negative opinion

25 48 49 appendix 3b: types of board opinions: examples from annual reports (without basis) abbreviation description AC Audit Committee ID Independent Director type of opinion actual wording in annual report ACFE BRC Association of Certified Fraud Examiners Board Risk Committee IFC IIA International Finance Corporation Institute of Internal Auditors internal controls adequate (contrary to the absence of evidence) CAE CEO CFO CG Chief Audit Executive Chief Executive Officer Chief Financial Officer Corporate Governance IMF ISCA LR MAS International Monetary Fund Institute of Singapore Chartered Accountants Listing Rule Monetary Authority of Singapore Code Code of Corporate Governance MRC Management Risk Committee COO Chief Operating Officer Non-GLC Non Government - Linked Companies CRO Chief Risk Officer P Principle internal controls adequate (no basis) GFC GLC IA Global Financial Crisis Government - Linked Companies Internal Audit PN RM SAC Practice Note Risk Mangement Singapore Accountancy Commission IC Internal Control SGX Singapore Exchange provides reasonable assurance (no basis)

Analysis of Corporate Governance Disclosures in Annual Reports. Annual Reports

Analysis of Corporate Governance Disclosures in Annual Reports Annual Reports 2012-2013 December 2014 Contents Executive Summary 1 Principle 1: Establish Clear Roles and Responsibilities 10 Principle 2: