The Combined Code on Corporate Governance, published on 23 July 2003 will affect companies in respect of their reporting years beginning on or after 1 November 2003 How should you manage risk under th

A recent seminar held by lawyers Davenport Lyons addressed the major governance issues that UK companies and their directors must now consider. Speakers stressed that it was important to adopt a common sense approach in evaluating compliance. 'It is not a box ticking exercise.

Departures from the Code should not automatically be treated as breaches.' Two important features of the Code are:

- an emphasis on the quality and role of the non-executive directors, with clarification of the roles of various board members and new provisions on the recruitment, appraisal and education of non-executive directors
- independence - the role of the non-executive director is to bring wider experience and a fresh perspective to the deliberations of the board, and to be dispassionate. In this respect, the independence of the director is key.

Managing risk

In addition to discussing the new provisions, the seminar focused on managing risk under the new regime, both from a company's perspective and that of its directors. The starting point for the company must be to adhere to the guidelines set out in the Combined Code, and the various reports and guidelines that have been put in place in support of it, including Turnbull.

The Code requires that every company should be headed by an effective board, which is collectively responsible for its success. The board's role is to provide entrepreneurial leadership within a framework of prudent and effective controls that enable risks to be assessed and managed. Although the board may delegate responsibility for implementing the board's policy on risk and control to management, it must be satisfied that those to whom it delegates such tasks have the necessary skills and knowledge.

The Code gives no specific guidance on what are acceptable risks for a company - that is a matter for the board to assess and judge. The board is responsible for ensuring that risks which it decides are unacceptable are conveyed to, and understood by, management and others within the company.

Davenport Lyons consider that an appropriate control system is one which weighs up cost against benefit, is appropriate to the size and nature of the business, and is not a one-off initiative.

It is also important to keep the control system under review. Regular management reports enable the board to

- focus on significant risks and assess how they have been managed
- assess the system's effectiveness
- consider whether actions are being taken promptly and whether further monitoring is needed.

Boards are also required to undertake a specific annual assessment for the statement in their accounts. This review should cover:

- changes in the extent and significance of risks since last assessment
- the company's ability to respond to change
- the scope and quality of management's monitoring of the system
- the extent and frequency of communications to the board
- any significant control weaknesses and the extent to which they have materially affected the company's financial performance or condition
- the effectiveness of the company's public reporting processes.

Such a review will help the company to fulfil its obligations to make a statement of compliance in its accounts.

Directors' perspective

The new Code continues the shift of emphasis away from a company's obligation to disclose purely financial information in its annual statement towards covering all aspects of its business. Here, responsibility for ensuring compliance rests firmly with the directors.

The emphasis on the need for listed companies to find and retain high calibre non-executives has increased significantly. Davenport Lyons warned that the legal duties to the company and third parties are the same for executive and non-executive directors, irrespective of the fact that non-executives may have less knowledge of the company. These duties are principally to act in good faith in the best interests of the company, to exercise proper skill and care in doing so, and to comply with various statutory duties and the Code.

Davenport Lyons stressed that it was important for directors to do their job! 'Once you have accepted the position, it is up to you and other board members to ensure that an effective risk management system is put in place.'

The lawyers suggested that directors should approach the new regime in the spirit in which it was intended - as an aid to risk management, a guideline as to what they should expect from their non-executive directors, and as an incentive to broaden their horizons.