Identifying and implementing an effective programme to ensure you, as an SME are compliant with the new Companies Act and the impact of non-compliance.
The hype surrounding the implementation of corporate governance must be very daunting for any small medium enterprise (SME) and ultimately the business owner. Just the jargon around legislation, codes of practice and internationally recognised standards can be confusing – not to mention ensuring compliance.
Understanding the concepts
Firstly, business owners need to differentiate between and understand these:
- Legislation/Compliance
Compliance by entities with the New Companies Act no. 71 of 2008 is mandatory for all entities and non-compliance with the Act will have serious repercussions for SME’s and ultimately for the directors and officers of the entity.
- Codes of practice
There are a number of codes by which business should operate. These have been adopted by countries based on the best business practice and benchmarked in their country. They include the United Nations Code, the Global Business Standards Codex and the King Code.
In terms of acceptable codes of practice, the King III report released in 2009 is seen internationally as the forefront of corporate governance and in all likelihood will be deemed as the benchmark for best business practice by the courts in any cases presented to the courts in South Africa.
- Measurement
The ISO31000, set by the International Standards Organisation, is the standard measurement for compliance and risk management. This measurement standard needs to be applied in order to evaluate whether or not an entity complies with the parameters set as the benchmark for compliance.
Why the new legislative requirements?
In terms of the legislative process in South Africa, The New Companies Act has placed a greater emphasis on all companies to constantly review both their Compliance Management (CM) and Enterprise Risk Management (ERM) as an integral part of the continuity, sustainability and success of the enterprise. The Act has made legal many of the recommendations of the various King reports. Compliance with the Act is mandatory and failure to comply may result in penalties and or prosecution of the guilty party.
What is Compliance Management and Enterprise Risk Management?
Compliance Management
- Financial Controls Management, including audit management
- Compliance and Governance
- Survey, measurement and reporting
- Ongoing development
Enterprise Risk Management
- Operational Risk Management
- Information Security Risk Management
- Project Risk Management
- Risk Modeling Structure
- Continuity Management
What are the recognized standards and measurement?
The International Standards Organisation’s ISO 31000 is the global standardisation for implementation of risk management within an enterprise. It was published in 2009 with the main purpose of being the global standard in providing best practice guidance and structure for all operations concerned and affected by risk management.
How do SME’s ensure they comply?
In terms of implementing an acceptable program, an SME needs to focus on the two aspects in terms of complying with the Companies Act and the King III Code. The first being the legislative or compliance management (CM) aspect and secondly the enterprise risk management (ERM). These two components may be included into a single process within the company, but will maintain specific accountable areas.
Who is responsible for compliance?
It is important to stress that the responsibility for creating a compliant culture within an enterprise cannot be delegated to management and staff. The accountability remains the responsibility of the board of directors.
How does an SME implement this?
Currently there are many suitable software programs which may be utilised to implement a CM and ERM program. However, a comprehensive understanding of the requirements and components is needed first. Implementing a program without proper understanding could be costly and also ineffective for an SME.
It is not a prerequisite to have a specific type of program, but rather:
- That the person accountable clearly understands their obligations
- Applies their mind to the implementation of an effective CM and ERM process
- Maintains the compliance once it has been implemented
- Ensure the company lives the culture so that this permeates throughout the enterprise and is recognized by all staff as being the manner in which they operate and do business
Why is it so important?
Proper analysis, implementation and on-going application of the CM and ERM process will help protect the Directors against personal liability. They will not be protected in terms of liability as a result of their negligence and non-compliance of the Companies Act.
Is it beneficial for an SME to implement such a process and program?
The law
In view of the requirement of the Act, all entities must comply. For this reason alone, it is preferential that SME’s take the trouble to understand and implement an integrated process within their entity which will be considered as complying with the corporate governance and best practice approach of the King III code.
Efficacy and Profit
- It has also been argued that entities which have applied a code of practice within their organisation are better perceived and more highly valued than those who do not
- While an independent CM and ERM are not mandatory, the implementation of such a process, albeit a simple system, may reduce the costs of identifiable transferable risks within the SME, thus increasing profit
- Finally, the implementation of a process will definitely assist an SME in addressing aspects of the process properly and timeously thereby protecting the business and assuring continuity and sustainability for all of the business stakeholders.