In late March the ASX Corporate Governance Council (the corporate governance promotion arm of the Australian Securities Exchange) released the third edition of the Corporate Governance Principles and Recommendations which commences on 1 July 2014.

As described on the ASX website, the Corporate Governance Council develops recommendations on the corporate governance practices to be adopted by ASX listed entities “designed to promote investor confidence and to assist listed entities to meet stakeholder expectations”.

ASX listed entities are obliged to benchmark corporate governance practices against these recommended practices, or justify why they do not conform.

Of course, such regulatory requirements pertaining to listed entities also demonstrate best practice corporate governance standards to other unregulated organisations.

This edition of the Corporate Governance Principles and Recommendations has strengthened the importance of risk management to good corporate governance.

Key changes relevant to risk management include:

  • That a listed entity should disclose if it has an internal audit function, and if so, how the internal audit function is structured and what roles it performs; or if it does not have an internal audit function, the entity needs to disclose what processes it employs for evaluating and continually improving the effectiveness of its risks and, if it does, how it manages those risks (Recommendation 7.3)
  • That a listed entity should disclose whether it has any material exposure to economic, environmental and social sustainability risks and, if it does, how it manages or intends to manage those risks (Recommendation 7.4)

The ASX Corporate Governance Council has indicated that the substantial enhancement of risk management in the recommendations is designed to reflect the lessons of the GFC.

Companies who do not currently have an internal audit function, often the small- and medium-sized entities, should recognise from the ASX benchmark that an upgrade to their corporate governance practices is advisable (including formalising internal audit and risk management).

Please contact QRMC for more information.