The Taskforce employed a multi-disciplinary approach to its governance review, including document review and interviews with directors and officers.
The initial stage was a document-based review. ASIC used its compulsory information–gathering powers, issuing notices on all companies pursuant to s33 of the Australian Securities and Investments Commission Act 2001 (ASIC Act). In total the Taskforce received more than 29,000 documents for review (which included some documents to assist the Taskforce’s review of executive remuneration).
The material included agendas, papers and minutes of selected BRC meetings and board meetings.
This material was reviewed with the assistance of a hypothesis-led review methodology. Deloitte provided ASIC with a methodology, which was adapted by ASIC for the purposes of the review.
This methodology focused on several governance themes and helped the Taskforce to identify good and poor governance practices across the documents being reviewed.
These themes covered board structure for monitoring and supervising; risk governance; board and management accountability; reporting and information flows; and risk resourcing.
The review was conducted by ASIC. Deloitte were not otherwise involved in the review and did not participate in any inspection of documents or interviews of participants.
The Taskforce also conducted 60 voluntary interviews with executive officers and directors of companies, to deepen our understanding of the practices the Taskforce had identified from the document review.
Interviews with officers and executives included companies’ CROs, chief audit executives and secretaries. Interviews with directors included the CEOs, BRC chairs and board chairs.
The Taskforce’s report looked at the oversight of non-financial risk, specifically issues regarding the use of risk appetite statements as an oversight tool; information flows between management and directors; and the role of the BRC in the oversight of non-financial risk and root cause analysis.
Behavioural interactions between members of the board and between board and management are relevant to the effectiveness of this oversight.
To assess how board behaviours enhance or impede their oversight and monitoring role, the Taskforce commissioned behavioural analysis from behavioural experts, Kiel Advisory Group.
Kiel Advisory Group interviewed directors and officers of six large listed companies including financial services and non-financial services companies; observed five board meetings and three board committee meetings; and undertook a targeted document review in relation to these companies. Survey responses from a wider cohort of 19 companies (including the six ‘deep dive’ companies) also assisted in informing the analysis. The behavioural analysis included the preparation of a thematic report by Kiel Advisory Group on board behaviours and how these can influence board oversight of management of non-financial risk. This report is set out in Attachment A. The purpose of this report is to provide additional guidance and insight to boards, and to highlight strategies they could implement to address the effectiveness of their oversight.
ASIC procured research from Deloitte into international governance practices relating to director and officer oversight of non-financial risk in the United Kingdom, the United States, Canada and Germany. This research identified global trends in corporate governance, next to which we could compare the practices we observed in our review of Australian organisations.
Deloitte provided comparative (publicly available) data across a sample of 40 large listed companies within these jurisdictions, along with insights on jurisdictional better practices from its international subject matter experts.
Individual company feedback
At the conclusion of the Taskforce’s review, individual written feedback was given to the CEO and chair of each company that participated in this review to directly drive improvement of the company’s practices.
The Taskforce provided feedback on good practices and those that boards should change to improve their oversight of non-financial risk. Individual feedback sessions with the CEO and chair of each company will also be undertaken.