By Datuk John Zinkin

INTRODUCTION
As a result of Section 211 of the 2016 Companies Act1, it is important boundaries are reset and documented between the roles and responsibilities of the Board and management. This is done in three parts: first, by the Board formulating strategy and providing accountability; second by achieving strategic alignment with the Board-determined Mission and Vision through the setting of strategy; third; defining clear boundaries of responsibility for directors and management, with appropriate supporting documentation in the Board Charter.

Formulating strategy and providing accountability
Figure 1 shows the role of the Board in formulating strategy and providing accountability through making policy and plans and monitoring performance, while management executes and the Board supervises execution:
In his pathbreaking analysis, Professor Bob Tricker, the so-called ‘grandfather of CG’, described the board as having four responsibilities: formulating strategy; making policy and plans; monitoring and supervising; and providing accountability. This is shown in Figure 1

Boxes 1 and 2 and are forward and outward looking, reflecting the role that boards ‘govern and direct’, boxes 3 and 4 are backward and inward looking, reflecting the role that boards oversee management and are held accountable for whatever happens on their watch.

 

However, as figure 2 shows, Professor Tricker belonged to the school of thought that argues ‘boards govern and direct, management manages’2:

“The board of directors has the important role of overseeing management performance on behalf of shareholders…
[but] corporate directors are diligent monitors, but not managers, of business operations.”i

The board governs and directs in five steps: It provides accountability from the beginning (step 1), based on which the directors formulate the strategy (step 2) and its supporting policy and plans (step 3). These are then implemented by the CEO and the management team, and the board monitors performance (step 4), providing feedback to management who then take corrective action to get back on plan; the board continues to monitor (still step 4) and take accountability for any material variance from plan when answering to shareholders (step 5). Based on the outcome, they will then restart the cycle, with the reformulation of strategy based on what was or was not achieved. Indeed, nearly every code of Corporate Governance (CG) was based on the idea boards ‘govern and direct’ in this manner; and ‘managers manage’; and boards should not second-guess line management. Although the explanation below regarding the boundaries of responsibility was for NGOs, it applies equally well to for-profit organizations:

“Governance and management are not the same things. Governance is about vision and organizational direction as opposed to day-to-day management and implementation of policy and programs... In most civil society organizations, governance is provided by a board of directors, which may also be called the management committee, executive committee, board of governors, board of trustees, etc. This group oversees the organization, making sure it fulfills its mission, lives up to its values and remains viable for the future…Although by no means an exhaustive list, essentially, the board has the responsibility to:

  1. Define expectations for the organization:
    • Set and maintain vision, mission and values
    • Develop strategy (e.g., long-term strategic plan)
    • Create and/or approve the organization's policies
  2. Grant power:
    • Select, manage and support the organization’s chief executive
  3. Verify Performance:
    • Ensure compliance with the governing document (e.g., charter)
    • Ensure accountability and compliance with laws and regulations
    • Maintain proper fiscal oversight

Management takes direction from the board and implements on a day-to-day basis. Management has the responsibility to:

  1. Communicate expectations—mission, strategy, policies—to the entire staff;
  2. Manage day-to-day operations and program implementation to fulfill the expectations; and
  3. Report results to the board.
    When the balance between the responsibilities of the board and management is established and functioning well, the organization is better able to:
  4. Meet the expectations of clients, beneficiaries and other stakeholders;
    • Deliver quality programs that are effective and efficient; and
    • Comply with laws, regulations and other requirements.”ii

 

The failures of Enron in 2001 and WorldCom, Global Crossing, Tyco and Adelphia in 2002 in the US were the drivers of increasingly intense scrutiny of the board and its internal audit processes, as well as the role of external auditors, leading to the passage of the Sarbanes-Oxley Act in 2002iii.
After the collapse of Enron, the US Business Roundtable in 2002 defined the responsibilities of the board as having the following primary oversight functionsiv:

  1. Select, evaluate and if needed, replace the CEO. It should also plan succession and determine management compensation;
  2. Review, approve and monitor operating plans, budgets, major strategies and plans, including assessing risk and continuity planning;
  3. Ensure the integrity and clarity of financial statements and the independence of the appointed external auditors;
  4. Provide advice and counsel to senior management;
  5. Review and approve company actions;
  6. Nominate a recommended slate of directors for shareholder approval;
  7. Review the adequacy of systems to comply with all applicable laws and regulations.

 

No mention here of managing the business. In fact, it is still possible as late as 2005 for a director to conclude that boards ‘govern and direct, management manages’:

“In short, it is not the responsibility of the board to run the company. That is the job of management. Instead, directors have the difficult job of ensuring that those running the company run it as effectively as possible. Even before the passage of the Sarbanes-Oxley Act, there have been important discussions from many different quarters regarding how to build the most effective board of directors. The question is how best to structure a board to effectively exercise their responsibilities. The truth of the matter is that while a well-structured board will better enable more efficient oversight, it does not guarantee quality performance.”v
[Emphases mine]

While the UK Companies Act 2006 does not state that the board is responsible for running the company, it does encourage directors to adopt a proactive approach to CG, requiring INEDs to enquire into and gain an informed understanding of the conduct of the company. The standard to which they are now held is best illustrated by the words of Lord Goldsmith, the UK Attorney General, during the debate on the 2006 Companies Act:

“The duty does not prevent a director from relying on the advice of work of others, but the final judgment must be his responsibility… As with all advice, slavish reliance is not acceptable, and obtaining of outside advice does not absolve directors from exercising their judgment on the basis of such advice.”

In the Commonwealth, however, leading jurisdictions have taken a much more demanding view, stating categorically, in statute law, that directors are responsible for the management of the affairs of their companies, shown in Table 1:

Table 1: Directors are responsible for managing the company:

Jurisdiction

What the law says

Relevant Act

Australia

The business of a company is to be managed by or under the direction of the directors.vi

Corporations Act 2001, section 198a (1)

Canada

Duty to manage or supervise management 102 (1) Subject to any unanimous shareholder agreement, the directors shall manage, or supervise the management of, the business and affairs of a corporation.

Canadian Business Corporations Ac 1985, amended 2018, section 102 (1)

Malaysia

  1. The business and affairs of a company shall be managed by, or under the direction of, the board of directors (§211.1))
  2. The board of directors has all the powers necessary for managing and for directing and supervising the management of the business and affairs of the company subject to any modification, exception or limitation contained in this Act or in the constitution of the company (§211.2))

 Companies Act 2016, section 211

 New Zealand

 128 Management of company

  1. The business and affairs of a company must be managed by, or under the direction or supervision of, the board of the company.
  2. The board of a company has all the powers necessary for managing and directing and supervising the management of, the business and affairs of the company.viii

 Companies Act 1993, section 128

 South Africa

66. (1) The business and affairs of a company must be managed by or under the direction of its board, which has the authority to exercise all of the powers and perform any of the functions of the company, except to the extent that this Act or the Memorandum of Incorporation provides otherwise.xi

 Companies Act 2009, section 66 (1)

The standard to which they are held in Australia and other Commonwealth countries where Australian rulings are regarded as either precedent or ‘persuasive’ is best illustrated by the words of Justice Middleton:

“Nothing that I decide in this case should indicate that directors are required to have infinite knowledge or ability. Directors are entitled to delegate to others the preparation of books and accounts and the carrying on of the day-to-day affairs of the company. What each director is expected to do is to take a diligent and intelligent interest in the information available to him or her, to understand that information, and apply an enquiring mind to the responsibilities placed upon him or her.”

Achieving strategic alignment
Figure 3 shows how the Board-defined Mission and Vision (essential elements of effective strategy formulation) will only be achieved if the organisation’s ‘Five P’s’ are aligned properly. If any one of the ‘Five P’s” is misaligned and does not point towards the Mission and Vision, the Mission and Vision will not be achieved. This is because the ‘Five P’s’ interact with each other, either reinforcing or weakening the organisation’s ability to set priorities appropriately and allocate resources accordingly. Working together, they determine and reinforce acceptable behaviour and Values. Working separately, they will create inconsistent behaviour and undermine the Values of the organisation.

To do this, the Board is responsible for defining the strategic parameters, while management is responsible for operational execution for each of the ‘Five P’s’ as follows:

‘Purpose’: defining the businesses the company is in:

Board’s strategic responsibility:

  1. Define values in terms of desired, observable, measurable behaviour

  2. Establish standards for each category of behaviour applicable to all, including clear definitions of unacceptable behaviour


Management’s operational responsibility:

  1. Set targets for individuals and review performance regularly as part of the appraisal process

  2. Agree personal development plans with targets for improvement and agreed action plans as a result of appraisals
  3. Follow up and take corrective action if needed. Enforce sanctions, as explained, when setting KPIs and targets

The Board is responsible for defining the organisational design needed to achieve the Mission and Vision. This includes reporting relationships and whether there is the ‘courage to speak truth to power’. Hence the term Power:

‘Power’: to support the Mission and Vision structurally:

Board’s strategic responsibility:

  1. Specify organisation design and structure to meet agreed strategic objectives including resources needed and the timeline for completion

  2. Establish and protect a culture in which constructive challenge from subordinates is welcome

  3. Lay down standards for ‘speaking truth to power.


Management’s operational responsibility:

  1. Establish formal criteria and reward mechanisms to encourage bringing up bad news early rather than ‘shooting the messenger’

  2. Apply the same transparent standards regardless of position and seniority.

 

The Board then determines People needed to achieve the Mission and Vision. The Board must define not just the number of people needed to do the jobs determined by the organisation design and job evaluation exercises, but their competence and character as well:

‘People’: to get the jobs done ethically:

Board’s strategic responsibility:

  1. Based on job evaluation studies, decide on the number and type of positions needed to fulfil current and future mission and vision

  2. Review and update desired competencies

  3. Develop succession plan and talent management strategy


Management’s operational responsibility:

  1. Use succession planning and personal development plans to ensure positions are filled in a timely manner with people who have:

    • Defined competencies to do the job
    • Appropriate prior experience to step up
    • Right character with integrity and courage to speak truth to power
  2. Ensure the talent pipeline satisfies the changing needs of the organisation

Finally, the Board defines Processes - all operating systems, procedures and feedback mechanisms. They cover reward and appraisal systems, the setting and review of KPIs and scorecards, as well training and development schemes, and appropriate documentation of SOPS and SLAs:

‘Processes’: the glue that binds

Board’s strategic responsibility:

  1. Ensure ‘Processes’ (policies, procedures and feedback mechanisms) support and enhance ‘Purpose’ (Mission, Vision) and ‘Principles’ (Values)

  2. Agree ‘Processes’ recognising they affect the other four ‘Ps’ and are the glue that ensures organisational alignment to its mission and vision

  3. Approve a written, trained and attested code of conduct

  4. Ensure compliance mechanism is in place with confidential whistle-blowing procedures.


Management’s operational responsibility:

  1. Develop SOPs and SLAs in line with Board-approved policies

  2. Check for any misalignment with the Mission and Vision and amend accordingly

  3. Check for non-compliance and take corrective action including enforcement

 

Redefining the Boundaries The real question then, is what does the law regard as ‘managing’? Whenever I have explained to directors the Malaysian Companies Act 2016 holds them responsible for managing the business, and that the words ‘managed by’ precede ‘or under the direction’, which means that a judge will look into their management practices as a priority, their reaction is one of shock. The majority signed up to become directors on the assumption that ‘boards govern and direct, management manages’. The issue becomes one of redefining where the boundaries of responsibility between board and management lie. Table 2 suggests how the six core responsibilities of the board divide into actions of the board and those of line management

Table 2: Redefining the boundaries of responsibility:

Board’s Role

What the law says

Management’s Role

Sets strategy

Board as a whole:

  1. Formulates strategy, policies and plans;

  2. Challenges management’s plan assumptions, priorities and options;

  3. Reviews the business plan and budget and sets targets for management.

CEO and senior management:

  1. Coordinate the development of business plan and budget across all BUs;

  2. Execute strategy and plans for company based on board-agreed direction and executive limitations;

  3. Report to the board on progress.

Reviews strategy implementation

Board as a whole:

  1. Reviews, approves and provides feedback on corporate KPIs and targets;
  2. Reviews results quarterly, discusses material variances, and ensures corrective actions are taken if required;

  3. Follows up.

CEO and senior management:

  1. Establish corporate KPIs;

  2. Cascade KPIs throughout organisation;

  3. Monitor KPIs monthly with BUs, investigate variances and develop corrective actions if required;

  4. Report to the board on progress.

Manages risk

Board working through the AC or RMC:

  1. Sets the company’s risk parameters;

  2. Understands major risk exposures and ensures appropriate risk mitigation approach is in place;

  3. Considers the risk factors in all major decisions.

CEO and senior management:

  1. Analyze and quantify the company’s risks;

  2. Manage all risks within the boundaries set by the board;

  3. Instill risk management culture throughout organisation;

  4. Implement ERM and COSO frameworks.

Plans succession

Board working through the NRC:

  1. Selects and proactively plans CEO succession;

  2. Reviews the performance management philosophy;

  3. Evaluates CEO;

  4. Endorses the development plan of people in pivotal positions;

  5. Understands the pool of future leaders;

  6. Sets remuneration policies

CEO, HR and senior management:

  1. Develop and implement the company’s performance management system;

  2. Evaluate leadership performance and potential of all executives;

  3. Identify top talent pool and closely manage their performance and development plans;
  4. Recommend remuneration to the board for key executives.

Ensures internal controls

Board working through the AC:

  1. Ensures through the appointment of an independent, experienced external auditor that the financial statements represent a ‘fair view’ of the business;

  2. Ensures IA have the resources and credibility to carry out appropriately scoped internal audit plan;

  3. Approves code of conduct and compliance processes applying to all employees and the board;

  4. Establishes an effective whistle-blower policy and confidential reporting channels to the AC;

  5. Ensures adoption of and adherence to COSO framework.

CEO, CFO, CIO and Head of IA:

  1. Ensure written SOPs, SLAs, policies and procedures are in place and reviewed regularly;

  2. Ensure IT systems support reporting and information needs correctly;

  3. Establish written code of conduct;

  4. Train employees regularly in code of conduct;

  5. Ensure code of conduct and compliance are being followed;

  6. Identify weaknesses and take corrective action;

  7. Enforce code of conduct and compliance;

  8. Report through IA to the AC on progress and any issues

Engages shareholders and stakeholders

Chair working with company secretary, corporate affairs, PR and investor relations:

  1. Chairs general meetings (AGM and EGM)

  2. Ensures all shareholder views are represented and shareholders are treated equally;

  3. Balances and manages economic impact of stakeholder interests on shareholder value;

  4. Ensure all laws and regulations are followed correctly;

  5. Engage with the community to maximize social ‘licence to operate’

  6. Supports management in handling key stakeholders.

CEO and CFO:

  1. Understand needs of shareholders and communicate key decisions in transparent manner to all employees;

  2. Ensure all disclosures or any other regulatory or statutory requirements are fulfilled;

  3. Manage all stakeholder interests within boundaries agreed with the board;

  4. Ensure company obeys environment, safety and health laws and regulations.

 

The crucial point is not whether the demarcation above is absolutely correct, but that it, or whatever demarcation the company decides upon, must be documented in the board charter and or memorandum and articles of association. If this is done, should directors ever have the misfortune to be hauled up in front of a judge, they can show they fulfilled their responsibilities, as laid down by their company’s constitution, making it clear where their responsibilities end and management’s begin. If they can demonstrate they fulfilled their responsibilities within these boundaries, they will likely be covered by the ‘business judgment rule’ and prove they have not been negligent or of acting in bad faith.



References

2“The board should elect members who understand and respect the difference between governance and management. Choose wisely, seeking as directors individuals who bring no personal agendas, understand the role of management in large, complex organizations, and have a desire to work as part of the board-management team. Then conflicts between the board and management will be rare.” Bader, B. S., (2008), “Distinguishing Governance from Management”, http://trustees.aha.org/boardculture/archive/Great-Boards-fall-2008-reprint-distinguishing-governance-and-management.pdf, accessed on July 3, 2018

iBusiness Roundtable (2012), quoted by Useem, M., Carey, D., Charan, R., (2016), “Boards that lead” in The Handbook of Corporate Governance, edited by Leblanc, R., (Hoboken, New Jersey: John Wiley & Sons Inc), p42
iiFHI 360, USAID, Capable Partners Development Program (CAP), (2009), “Governance, Management and the Role of a Board of Directors”, NGOConnect eNews Issue number 12, May 2009, p1-2 http://www.ngoconnect.net/documents/592341/749044/Governance+-+Governance,+Management+and+the+Role+of+a+Board+of+Directors. Accessed on July 3, 2018
iiiMoeller, R. R., (2004), Sarbanes-Oxley and the New Internal Auditing Rules, (Hoboken, New Jersey: John Wiley & Sons), p2
ivThe Business Roundtable, (2002), Principles of Corporate Governance, May 2002, p4-8, cited in Green, S., (2005), Sarbanes-Oxley and the Board of Directors: Techniques and Best Practices for Corporate Governance, (Hoboken, New Jersey: John Wiley & Sons), p27
vGreen, S., (2005), op. cit., p28
viAustralian Government, Federal Register of Legislation, Corporations Act 2001, https://www.legislation.gov.au/Details/C2018C00031, accessed on July 4, 2018
viiCanada Business Corporations Act (R.S.C., 1985, c. C-44), last amended on May 1, 2018 http://laws.justice.gc.ca/eng/acts/C-44/page-15.html#h-18, accessed on July 4, 2018
viiiCompanies Act 1993, http://legislation.govt.nz/act/public/1993/0105/188.0/DLM320642.html, accessed on July 4, 2018 ixCompanies Act 2009, Government Gazette, Cape Town, volume 526, No32121 April 9, 2009 http://www.cipc.co.za/files/2413/9452/7679/CompaniesAct71_2008.pdf, accessed on July 4, 2018