Establishing the Governance System
JAA has developed an excellent governance system by using many different metrics as described later. The Governance Framework is depicted in Exhibit 22.1. The board consists of external directors, including Sally Hendrix, who serves as chair of the Audit Committee. The Audit Committee members have served for periods
Exhibit 22.1 Governance Framework
ranging from two to seven years. All committee members, in addition to their professional qualifications and experience, are well versed in risk management. They have all attended formal training in this subject matter at leading risk organizations and have received training by both the Internal Audit and Risk Management groups of JAA as well.
The company's risk governance framework illustrates the governance arrangements for the board, management, independent control functions, and ongoing business operations that exercise governance over risk.
JAA's board is responsible for the governance processes that it requires management to execute. The company understands that effective oversight by its board and senior management is critical to the overall governance effort. It protects its shareholders and other stakeholders by ensuring sustainability of the business through achievement of superior performance. The board provides leadership to JAA by understanding and accepting its responsibilities for the adoption of strategic plans, monitoring of operational performance and management, determining the philosophy and effectiveness of the approach for managing risk (including internal controls for managing the day-to-day operations), and compliance with all relevant laws and regulations.
The directors of JAA Inc. have applied the principles of discipline, transparency, independence, accountability, responsibility, fairness, and social responsibility to ensure that sound governance is practiced consistently throughout the company. Being listed on the New York Stock Exchange and subjected to its listing requirements emanating from the Securities Exchange Act, the company requires:
• An independent board of directors with a majority of nonexecutive directors (NEDs)
• An Audit Committee
• Compensation and Nominating Committees
• That board members must gain approval prior to undertaking any other board assignments and in no event can any board member serve on more than three other boards
• Attendance of at least 75 percent of board meetings and its subcommittees annually
• Strong continuing education in various areas, including risk management, governance, and internal control
• Presence and functioning of an Executive Risk Oversight Committee (EROC)
• Presence and functioning of a Risk and Strategy Committee (RSC)
JAA continually seeks to improve its knowledge of international frameworks and standards to augment its governance processes. As such, it has incorporated best practices from South Africa (King III), Canada (Criteria of Control), United Kingdom (Combined Code, Risk Management Consultation Draft – FRC), and Australia (ASX and HB 436) to update its risk management and governance frameworks.
The board of directors has delegated certain functions to the various committees. The board is kept up to date on:
• Business performance relative to strategy, budgets, business plans, risk criteria, capital adequacy and preservation, and earnings volatility
• Noncompliance with board policies, regulations, statutes, and accounting policies
• Significant breakdowns in operations, unsatisfactory financial performance, noncompliance with laws and regulations, ineffective management supervision and monitoring, internal controls or process failure, and organizational system or structure failure
• Effectiveness of the corporate governance process
• Corrective actions implemented in respect of these
Specific responsibilities of different committees are discussed next in the following subsections, namely Compensation Committee, Risk and Strategy Committee, and Executive Risk Oversight Committee.
The Compensation Committee
• Reviews and approves remuneration policy throughout the business
• Ensures that the remuneration policies adopted do not result in excessive risk taking
• Ensures that the compensation plans and compensation awarded to senior management are based on the achievement of objectives as a result of managing risks effectively
• Designs and approves the principles to be used in the performance agreements of management to ensure that key performance indicators (KPIs) of management encourage prudent risk taking and the management thereof
The Risk and Strategy Committee
• Sets and reviews JAA's risk criteria
• Oversees the risks to which the company is exposed, and monitors the activities of the Executive Risk Oversight Committee (EROC)
• Approves the risk management policy on behalf of the board
• Reviews the design, completeness, and effectiveness of the risk management framework to ensure that changes and updates to risk management are performed in accordance with processes approved by the board as documented in the risk management policy and that oversight of it is effective
• Ensures that infrastructure, resources, and systems exist to adequately oversee and monitor JAA's risks (this is done to ensure that risk taking is consistent with the risk criteria set by the board; at all times the board is aware of the comprehensiveness, accuracy, and status of the risk attitude)
• Reviews the effectiveness of risk reporting (including timeliness and events that could impact business objectives and the company's risk profile)
• Ensures that all strategic transactions undergo appropriate review and due diligence before submission to the board, particular focus being accorded to the risk criteria
• Reviews and challenges capital and liquidity stress testing
The Executive Risk Oversight Committee (EROC)
• Scrutinizes and challenges the risks identified to which the company is exposed and evaluates the assessment of these risks
• Assists the board in defining JAA's risk criteria that align with the objectives and strategies of the organization and monitors that risks are managed within the risk criteria
• Establishes the risk management policy
• Ensures that the framework for managing risk continues to remain effective
• Ensures that the necessary resources are allocated to manage risk
• Determines that the risk management performance indicators are aligned with KPIs of management performance of the organization
• Ensures and monitors legal and regulatory compliance
• Reviews results of stress and scenario testing for JAA's strategic objectives and attainment of them
• Assigns accountabilities and responsibilities at appropriate levels within the organization
• Reports on how managing risk is performed to provide assurance to stakeholders
-  The Institute of Directors in Southern Africa (IoDSA) formally introduced the King Code of Governance Principles and the King Report on Governance (King III) in September 2009. Like its 56 commonwealth peers, King ΠΙ has been written in accordance with the "comply or explain" principle based approach of governance, but specifically the "apply or explain" regime. This regime is unique in the Netherlands and now in South Africa. While this approach remains a hotly debated issue globally, the King ΙΠ Committee continues to believe it should be a nonlegislative code on principles and practices.
-  In 1995, the Criteria of Control Board of the Canadian Institute of Chartered Accountants (CIC A) had written this guidance for people who are responsible for or concerned about control in organizations. Conceptually, it was considered a leader in thinking about control but was later abandoned by the CICA and ultimately overtaken in popularity by COSO's Internal Control Framework.
-  The UK Corporate Governance Code (formerly the Combined Code) sets out standards of good practice in relation to board leadership and effectiveness, remuneration, accountability, and relations with shareholders. The latest edition was issued in September 2012.
-  In November 2013, the Financial Reporting Council issued its Risk Management, Internal Control and the Going Concern Basis of Accounting Consultation on Draft Guidance to the directors of companies applying the UK Corporate Governance Code, and associated changes to the code.
-  "Risk Management Guidelines: Companion to AS/NZS 4360:2004." The Risk Management Guidelines companion to the AS/NZS ISO 31000:2009 handbook provides guidance for establishing and implementing effective risk management processes in any organization.