A Concise International Glossary Corporate Governance Terms

of

Produced by the ATM Industry Association

Foreword

A Concise International Glossary of Corporate Governance Terms is a companion booklet to the ATM Industry Associations Corporate Governance Manual for the ATM Industryand its Training Workbook 1 An Introduction to Corporate Governance. Each text is part of ATMIAs campaign to encourage companies and organizations in the ATM industry to implement Corporate Governance systems. Corporate Governance is all about practising business ethics and accountability in management and is essential to long-term business success, risk management and general confidence in the industry. The concise Glossary in your hands provides definitions for key terms in our Corporate Governance Manual for the ATM Industry. It is a handy reference booklet for studying Corporate Governance. Should you have suggestions for adding terms not yet in the Glossary, please send your ideas to me at mike@atmia.com. I would welcome any feedback. ATMIA would like to commend to you and your company the excellent principles of Corporate Governance. May this Glossary be useful in helping you to implement them in practice.

Mike Lee CEO ATMIA January 2006

Annual training courses on Corporate Governance are presented by ATMIA at its major conferences please check www.atmiaconferences.com or enquire at mike@atmia.com
1

30/01/2006

Index of Terms
Page Reference A Accountability Accountability System Audit Committee Audit Trails B Best Practices C Commonwealth Association for Corporate Governance (CAGC) Conflict of Interests Corporate Accountability Corporate Governance Corporate Code of Conduct Corporate Discipline Corporate Fairness Corporate Independence Corporate Responsibility Corporate Transparency D Discipline Code E Ethics G Grievance Procedures I Information Security Policy Information Sensitivity Integrity O Objective Decision-Making 15 12 12 15 12 11 11 6 6 6 7 8 8 8 9 10 10 6 5 5 5 5

R Risk Assessment Risk Management 15 16

30/01/2006

S Service Level Agreements (SLAs) Social Responsibility Shareholders Stakeholders Stakeholder Forums Stakeholder Value System W Whistleblowing 19 16 17 17 17 18 18

Acknowledgments

20

30/01/2006

A
Accountability
Being accountable to someone means being answerable in some way to them. This means one is responsible for providing reasons to them for ones actions, an explanation for ones decisions and conduct. The opposite of accountable human behaviour is arbitrary or random conduct based on whims and self-centred desires, without reference either to any system of ethical standards or to how the community around one is affected by ones decisions and actions. In the context of a company or organization, being accountable is being subject not just to certain key people in management but also to a common system of values, ethics and shared interests. A company is accountable to its owners and other stakeholders in that it is obliged to answer to them by sharing with them the results of business performance and the reasons, strategies and planning behind all the companys actions.

Accountability System
A companys accountability system will cover these three elements: To which stakeholders are we going to give systematic account of our actions, decisions and performance? What system of shared values and interests will govern our thinking and actions? When and how will we give account (i.e. through which reporting and communication system will we communicate?)

Audit Committee
An Audit Committee is a largely independent group of individuals chosen to monitor the management of the company at intervals specified in an organizations constitution or by-laws. Its main task is to oversee general corporate governance of the company. It may also be empowered to oversee the annual audit of company finances and financial practices by its auditors and to develop a fraud prevention and risk management program.

Audit Trails
An audit is an independent and thorough check or inspection, usually of business accounts. An audit trail is the complete set of company documentation and paperwork required to enable the auditor to verify the accuracy and integrity of the accounts being inspected.

30/01/2006

B
Best Practices
Best practices attempt to outline collective industry wisdom about how a business can operate most effectively, efficiently, and securely to the satisfaction of all its stakeholders. Ideally, best practice guidelines should represent a broad-based consensus on the best ways to produce, market, distribute and manage products and services in a secure, safe and profitable manner.

C
Commonwealth Association for Corporate Governance (CAGC)
The CAGC has issued 15 Principles on Corporate Governance and many countries in the British Commonwealth have introduced these CAGC guidelines. Many non-profit, governmental and private sector groups are involved in promoting CG because it has become vital to business and investor confidence.

Conflict of Interests
A conflict of interests is a state of opposition between the legitimate business interests of the company and its universe of stakeholders, and an individual or individuals intent on deriving personal advantage or benefit from his or her position within, or in relation to, the company, whether or not this would be prejudicial to the company

In short, it involves any attempt to derive undue, and illegitimate, personal gains from an association or involvement with a company, often at some expense and risk to the company. It occurs any time a director, manager or employee puts individual interests and self-gain above the interests of the company and allows this expectation of gain to cloud decision-making.

Corporate Accountability
Individuals or groups in a company responsible for decision-making and executing actions need to be accountable for their decisions and actions within a Corporate Governance Accountability System. Such an Accountability System should include the rights and procedures for investors, shareholders and other interested stakeholders to query and access the actions of the companys board and management structures. If accountability means being answerable to others within a system of shared values and interests, then Corporate Accountability should entrench ways in which the whole company is answerable for all it is and all it does.

30/01/2006

The following two steps can be taken to create accountable structures which entrench the concept of being answerable to others: An Audit Committee should be established to monitor the Board and the organisation The management structure should be accountable both to the Board and to the Audit Committee

Corporate Governance
Corporate governance means governing or managing a company, or organisation, efficiently, responsibly, accountably and transparently. Governance is defined as government, control, or authoritythe action, manner or system of governing. 2 Its essence is the exercise of control and authority over all the resources and assets belonging to the company. Corporate governance is all about how a company is managed, controlled and run. The concept will include its systems, procedures, policies, identified risks, values, management structures and corporate culture. Corporate governance means there is a system in place which encourages management and employees of a company to think in an accountable way when they make decisions. What will the full impact of this or that decision be? Is the decision in keeping with company values and ethics? What reporting system is there which will communicate the reasons for this decision or that action to the appropriate stakeholders? The concept of corporate governance, then, is made up of the following four major elements: Accountability to a defined community of stakeholders and shareholders A system of shared interests and values within that broad community of stakeholders and shareholders A set of reasons or rationale for all behaviours and decisions within, and by, a company, which can be articulated when a manager or employee is called to give an account A system for communicating and reporting results of company performance and the rationale behind actions and decisions taken in the pursuit of company objectives

Corporate governance is all about creating win-win scenarios creating business value systems which have positive impacts on stakeholders and the wider society and economy. This is turn feeds back in a virtuous gain cycle in terms of business, investor and consumer confidence.

Collins English Dictionary, Millennium Edition

30/01/2006

Corporate Code of Conduct

The purpose of a Corporate Code of Conduct is to help a company develop a system for a long-term management of its resources and assets within the stakeholder universe and economy in which it operates. The key driver for a Corporate Code of Conduct is the need to establish accountability throughout the company. Critical to the existence and success of the Code is a definition of who the companys stakeholders are, and by what means the company is going to communicate its feedback, about how it is performing, to them. Answering the question to whom, and to what, is the company accountable will help the company to define its network and range of accountability.

Corporate Discipline
Corporate discipline is a commitment by a companys senior management to adhere to its Corporate Code of Conduct and to act with integrity and high ethical standards. Corporate discipline is essential to staff morale and team spirit, as well as to corporate ethics and values. It is recommended that a company adopt a positive approach to discipline. Since the goal of all discipline is self-discipline, it is important to develop a balanced system of rewards and recognition for the desired behaviour, in order to complement the penalties for undesirable behaviour. It is imperative for senior management to outline the companys desired corporate behaviour, both in terms of producing the levels of performance required to meet business objectives and in terms of the Stakeholder Value System of the company. It is recommended that this disciplinary system prescribe penalties in proportion to the seriousness of the offence as defined in the Code.

Corporate Fairness
A fair company is one which applies its system of values to everyone in equal measure without any element of personal discrimination. In this context, to discriminate means to single out a particular person or group for unfavourable treatment often because of a characteristic such as race, colour, sex, etc. 3

Collins English Dictionary, Millennium Edition.

30/01/2006

Fairness is the opposite of discrimination and involves giving all stakeholders, especially employees and customers, the consideration they deserve. The word fair means free from discrimination, dishonesty, etc.; just, impartial, in conformity with standards. 4 Corporate fairness will be reflected in the companys Stakeholder Value System, the framework for communicating with all stakeholders, and in management culture and practice. The systems that exist within the company must be balanced in taking into account all those who have an interest in the company and its future. The rights of various groups must be acknowledged and respected. 5 Corporate fairness does not mean that everyone in the company will be treated equally; rather that everyone will be treated with equal consideration, affirming their importance as human beings and employees, rewarding and recognising performance. Not everyone will receive the same pay or equal forms of recognition and reward. However, in a fair company, everyone is given equal consideration under its Stakeholder Value System, which should spell out what kind of performance and behaviour will be rewarded. A fair company is one which applies its system of values to everyone in equal measure without any element of personal discrimination.

Corporate Independence
Independence is the extent to which mechanisms have been put in place to minimise or avoid potential conflicts of interest 6 , such as dominance by a strong chief executive or large shareowner. These mechanisms range from the composition of the board to the role of auditors. A companys internal decision-making processes and its management structures can aim to exclude undue influences and conflicts of interest. Conflicts of interest occur when an individual with influence furthers his or her own private interests at the expense of the company, thus failing to uphold his or her allegiance to the company. Clearly, it is not a legal conflict for managers, directors or staff to want to increase compensation for themselves or to obtain recognition. Conflicts of interest arise when the desire for individual gain is pursued at the expense of the company and without regard to the collective interests of the company. Corporate independence is freedom from conflicts of interest and personal manipulation by individuals.
4

Collins English Dictionary, Millennium Edition. King Report on Corporate Governance for South Africa 2002, , p.11.

6 ATMIAs legal counsel define conflicts of interest as a breach of the fiduciary duty of loyalty in a way that could give rise to personal, individual liability to an officer or director who did not fully uphold his or her allegiance to the company and instead furthered his or her own private interests at the expense of the company.

30/01/2006

An independent company is one which is consistently pursuing its business objectives and fulfilling its obligations to its stakeholders, with a corporate culture and practice of objective decision-making.

Corporate Responsibility
Corporate responsibility refers to a system which ensures that there are consequences for actions and decisions within a company and that corrective action can be taken if and when mismanagement occurs. The word responsibility is derived from the Latin verb respondere meaning to respond. Being responsible does involve responding in a fitting manner to a given challenge or stimulus. The essence of responsibility within a company is decision-making and acting loyally within a zone or area of the business over which one has control or authority. Responsibility entails exercising authority with caution and proper understanding of the probable and possible consequences of taking action. Everyone in the company could be accountable for decision-making to at least one other individual or body as set out in their job description. In each relationship of accountability, there may be regular report-backs on performance and progress to date, including frank discussion on the rationale and results of decisions made during this period.

Corporate Transparency
Transparency is the ease with which an outsider would be able to make a meaningful analysis of a companys actions, its economic fundamentals and its business plan. In other words, do the company directors ensure that a full and true picture of what is happening in the company is clearly communicated to the companys stakeholders? This is a measure of how good management is at making necessary information available in a candid, accurate and timely manner. 7 Transparency is all about the communication of information for which the company is accountable to its stakeholders. The word transparent refers to the uninterrupted passage of light, the quality of being clear, easy to see through, or understand, candid, frank 8 . In the context of corporate governance, transparency means: clear disclosure of company information to stakeholders (within the constraints of strategic confidentiality). The word disclosure simply means making information known.

King 11, p.10 Collins Dictionary, Millennium Edition.

10

30/01/2006

D
Discipline Code
It is recommended that each company develop a Discipline Code (or set of disciplinary procedures) for specific transgressions of the Code of Conduct, defining different levels of offence. At the core of corporate discipline is a standard of behaviour made up of a set of desired behaviours as well as a set of unacceptable behaviours or offences. This behaviour standard can flow from the overall value system of the company. The elements of an effective corporate discipline code are: A value system underpinned by ethical standards A commitment to social and environmental responsibility A culture compatible with the value system A discipline code A reward and recognition system A positive approach to human behaviour within the company A goal of reinforcing and rewarding self-discipline

E
Ethics
Ethics is the branch of philosophy dealing with concepts and principles of morality [and] has various subfields of application, such as medical ethics and business ethics, and its meaning shades into the more everyday, descriptive sense of a set of standards. 9 Ethics is the study of the principles and rules that are thought to govern human conduct and behaviour. Morality is abiding by recognised standards of conduct.

The Cambridge Encyclopedia Fourth Edition.

11

30/01/2006

G
Grievance Procedures
A grievance is a real or imaginary wrong causing resentment and regarded as grounds for complaint. 10 Personal grievances or complaints of employees needed to be channelled through the company grievance procedures which set out a set of steps that need to be taken to address the grievance and, if required, to adjudicate on the matter. These steps will outline how grievances are to be reported, recorded and addressed.

I
Information Security Policy
As part of its communication system to its stakeholders, the company develops an information security policy which defines confidentiality and sensitivity of all types of corporate information, including: electronic information, information on paper, and information shared orally or visually, such as telephone & video conferencing. .

Information Sensitivity
All company information may be categorized into two main classifications. A Public Company Information

Information that has been declared public knowledge by someone with the authority to do so, and can freely be given to anyone without any possible damage to the company. B Confidential Company Information

Information that is not for public consumption, including information that should be protected very closely, such as trade secrets, development programs, potential acquisition targets, and other information integral to the success of the company. Also included in this category is information that is less critical, such as telephone directories, general corporate information, personnel information, etc., which does not require as stringent a degree of protection. A subset of confidential information is Third Party Confidential" information. This is confidential information belonging or pertaining to another corporation which has been entrusted to the company by that company under non-disclosure agreements and other contracts. Examples of this type of information, which can be extremely sensitive, includes everything from joint development efforts, to vendor lists, customer orders, and supplier information.

10

Collins English Dictionary Millennium Edition.

12

30/01/2006

Categorizing Confidential Company Information

Minimal Sensitivity of Information Access to the information is allowed to: Company employees, contractors, and people with a business need to know. Standard interoffice mail, approved electronic mail and electronic file transmission methods. National mail service and other public or private carriers, approved electronic mail, and electronic file transmission methods. No restrictions, except that it should be sent only to approved recipients. The information should be kept from the view of unauthorized persons; erase whiteboards, do not leave open on desks and tables, etc. Machines used to store this information should be administered with security in mind; electronic information should have individual access controls where possible and appropriate. Protect from loss. Deposit outdated or unwanted paper information in specially marked disposal bins on company premises, or shred using industrial strength shredder if available. Electronic data should be expunged/cleared; reliably erase or physically destroy media. Up to and including termination of employment. Possible civil and/or criminal prosecution to the full extent of the law.

Distribution of the information inside the company is by: Distribution of information outside the company is by:

Electronic distribution:

Storage:

Disposal/Destruction:

Penalty for deliberate or inadvertent disclosure:

More Sensitive Information Access to the information is allowed to: Company employees and non-employees with signed non-disclosure agreements who have a business need to know. Standard interoffice mail, approved electronic mail and electronic file transmission methods. National mail services or private carriers.

Distribution of the information inside the company is by: Distribution of information outside the company is by: Electronic distribution:

No restrictions to approved recipients within the company, but should be encrypted or sent via a private link to approved recipients outside the company. The information should be kept from the view

Storage:

13

30/01/2006

of unauthorized persons; erase whiteboards, do not leave open on desks and tables, etc. Individual access controls are highly recommended for electronic information. Protect from loss. Disposal/Destruction: Deposit outdated or unwanted paper information in specially marked disposal bins on company premises, or shred using industrial strength shredder if available. Electronic data should be expunged/cleared; reliably erase using DoD compliant software or physically destroy media. Up to and including termination of employment. Possible civil and/or criminal prosecution to the full extent of the law.

Penalty for deliberate or inadvertent disclosure:

Most Sensitive Information

Access to the information is allowed to:

Only those individuals, (company employees and non-employees) with approved access and with signed non-disclosure agreements. Delivered direct signature required, envelopes stamped confidential, or approved electronic file transmission methods. Delivered direct signature required; approved private carriers. No restrictions to approved recipients within the company, but is highly recommended that all information be strongly encrypted. The information should be kept from the view of unauthorized persons. Individual access controls are highly recommended for electronic information. Physical security is generally used, and information should be stored on a physically secured computer. Protect from loss. Deposit outdated or unwanted paper information in specially marked disposal bins on company premises, or shred using industrial strength shredder if available. Electronic data should be expunged/cleared; reliably erase using DoD compliant software or physically destroy media. Up to and including termination of employment. Possible civil and/or criminal prosecution to the full extent of the law.

Distribution of the information inside the company is by:

Distribution of information outside the company is by: Electronic distribution:

Storage:

Disposal/Destruction:

Penalty for deliberate or inadvertent disclosure:

14

30/01/2006

Integrity
Integrity is honesty of character. For the person of integrity, adherence to moral principles is a matter of conviction or belief.

O
Objective Decision-Making
Objective means: Existing independently of perception or an individuals conceptionsundistorted by emotion or personal bias..relating to actual and external phenomena as opposed to thoughts, feelings, etc 11 Objective decisions are fact-based ones which are not distorted by personal bias or selfinterest. They are made in the interests of the business and according to company values. Both a companys recognition and reward system and its disciplinary code may be used to reinforce behaviours which reflect the corporate interest and discourage self-centred decision-making.

R
Risk Assessment
Risks are possible losses or threats which may result from decisions, courses of action or simply from the current state of things. Risk assessments, which look ahead to possible negative events or scenarios, should address the company's exposure to the following possible losses or threats to its wellbeing, financial health and growth: physical and operational risks financial risks human resource risks technical risks business continuity and disaster recovery credit and market risks compliance risks

11

Collins English Dictionary, Millennium Edition.

15

30/01/2006

Risk Management
A company assesses on an on-going basis its risks. It also defines its controls for reducing and controlling those risks. Both the company and its stakeholders will suffer losses if risks are not identified and averted. The risk management profile identifies all risks to potential stakeholder and company value and outlines the internal controls put in place in response. Risk Management can be defined as the identification and evaluation of actual and potential risk areas as they pertain to the company as a total entity, followed by a process of either termination, transfer, acceptance(tolerance) or mitigation of each risk. Typically, ultimate responsibility for risk management lies with a companys Board. A Board should identify key risk areas and key performance indicators of the company and monitor these factors as part of a regular review of processes and procedures to ensure the effectiveness of its internal systems of control, so that its decision-making and the accuracy of its reporting are maintained at a high level at all times. Companies should develop a system of risk management and internal control that builds more robust business operations. The systems should demonstrate that the companys key risks are being managed in a way that enhances shareowners and relevant stakeholders interests. The system should incorporate mechanisms to deliver: A demonstrable system of dynamic risk identification A commitment by management to the process A demonstrable system of risk mitigation activities A system of documented risk communications A system of documenting the costs of non-compliance and losses A documented system of internal control and risk management An alignment of assurance efforts to the risk profile; and A register of key risks that could affect shareowner and relevant stakeholder interests.

S
Service Level Agreements (SLAs)
Service Level Agreements (SLAs) are contractual agreements, usually legally binding, which spell out company commitments to deliver benefits, products or services under clearly defined terms and conditions.

16

30/01/2006

Social Responsibility
A well-governed company looking for a long-term future within its chosen industry and sector, would do well to strive to build the reputation of that industry and to be responsive to wider social issues. After all, both its employees and its customers will also be citizens and consumers within this society: A good corporate citizen is increasingly seen as one that is non-discriminatory, non-exploitative, and responsible with regard to environmental and human rights issues. 12 A companys first layer of social responsibility is to its stakeholders which it defines in a Stakeholder Value System. The companys second layer of responsibility is to the industry in which it operates. The third layer of social responsibility is to the economy and environment. The watchword is: positive impact. How does the companys business improve the industry, the society, the economy?

Shareholders
Shareholders are the owners of one or more shares of a company. Shares are any of the equal parts into which the capital stock of a company is divided: ownership of shares carries the right to receive a proportion of the companys profits. 13

Stakeholders
This includes all those with a vested interest in the business performance of the company, from shareholders and investors to the employees. It also includes all those impacted by the companys existence and actions: customers, clients, business partners, suppliers, vendors. It also embraces, less directly, the regional, national or international marketplaces and sectors in which the company operates. Finally, even less directly than this, it includes the wider economy, society and environment. There are thus four levels of stakeholder to consider in defining and measuring areas of accountability and responsibility: Stakeholders within the company = Internal company accountability Stakeholders within the supply chain and business lifecycle = Business lifecycle accountability Stakeholders within the marketplace and sector = Market sector responsibility

12

King 11, p.11. Collins English Dictionary Millennium Edition.

13

17

30/01/2006

Stakeholders in the macro economy and environment = Socio-economic and environmental responsibility

It is said that investors supply capital, customers provide revenue and employees deliver the required service.

Stakeholder Forums
As part of its Corporate Governance system, a company outlines its communication channels for each level of stakeholder, including staff training programmes, Stakeholder Forums and structured, transparent feedback. Stakeholder Forums are meetings like annual general meetings or shareholder meetings, organized by the company with any or all of its stakeholders, to provide feedback and two-way communication regarding the performance and management of the company.

Stakeholder Value System

A Stakeholder Value System defines all of a companys business and ethical values for every level of stakeholder to which it has publicly committed itself to being accountable and answerable. There are two aspects of a Stakeholder Value System: An articulation of the companys corporate value system Communication of the company business plan with varying levels of confidentiality depending upon what strategic information is included

The Stakeholder Value System sets out in writing: The companys ethical and business values, as well as its medium-term and long-term business plans, and includes a set of defined desired behaviours and attitudes A definition of who its stakeholders are, at different levels, and identifies key contact persons at each level, where applicable A set of communication channels, preferably including regular Stakeholder Forums rather than just being restricted to an annual company report, so that relationships can be established between the key contact persons or groups, with communication linked to stakeholder relationships

18

30/01/2006

W
Whistleblowing
Whistleblowing is when an employee reports a suspected case of serious misconduct, irregularity or non-compliance to an authority which is of potential importance to the whole company and its reputation. The content of such a report could range from health and safety risks, potential environmental problems, fraud, corruption, cover-ups and many other problems 14 . When someone blows the whistle they are raising a concern about danger or illegality that affects others (e.g. customers, members of the public, or their employer). The person blowing the whistle is usually not directly, personally affected by the danger or illegality For this reason, the whistleblower should not be expected to prove the malpractice. He or she is a messenger raising a concern so that others can address it. It is recommended that companies set up a single, protected and anonymous whistleblowing line for reporting suspected serious non-conformances of the Corporate Code of Conduct.

14

Public Concern at Work, see http://www.pcaw.co.uk

19

30/01/2006

Acknowledgments
1. 2. 3. 4. King Report on Corporate Governance for South Africa 2002 ("King II") (The Institute of Directors of Southern Africa, March, 2002) Jeff Glassie, Pillsbury Winthrop Shaw Pittman LLP The Corporate Governance Committee of ATMIA Pat Cunningham, Chief Executive, South African Fraud Prevention Service (SAFPS) Public Concern at Work http://www.pcaw.co.uk/

5.

________________________________________________________________________________

20

30/01/2006