Assessment Task 1 

Assessment Criteria: 

∙ Demonstration of knowledge of the issues 

∙ High quality written communication of corporate governance concepts ∙ Structure and professional presentation of the report 

Required: 

Assume you are employed in a management consulting firm and have expertise as a  corporate governance specialist. Your client is a public company listed on the  Australian Stock Exchange that has requested a one page brief (maximum 250 words)  specifying the essential criteria for a non-executive director to be appointed to the  company's board.  

The client has said; 'Make it brief, I'm too busy to read a long document. You should  follow the ideas of former UK Prime Minister Winston Churchill who stated: 

'To do our work, we all have to read a mass of papers. Nearly all of them are  far too long. This wastes time, while energy has to be spent in looking for the  essential points. I ask my colleagues and their staff to see to it that their reports  are shorter. The aim should be reports which set out the main points in a series  of short, crisp paragraphs…' 

Winston Churchill, Memo to UK War Cabinet, 9 August 1940, During the Battle of  Britain 

Assessment Task 2 

Assessment Criteria: 

∙ Demonstration of knowledge of the issues and evidence of wide  reading to support your analysis 

∙ Demonstration of your ability to apply the knowledge to identify keys  issues leading to your recommendations 

∙ Evidence of sound reasoning and the exercise of professional  judgement to support your recommendations 

∙ Development and statement of concise recommendations for  presentation to the AICD 

∙ Overall structure and professional presentation of the report to the  AICD  

∙ High quality written communication of concepts and terms in ordinary  English as not all readers of the report can be assumed to be specialists  competent in corporate governance  

Case Study 

'As a separate legal person, a corporation has two basic objectives: To survive and to  thrive. Shareholder value is not the objective of the corporation; it is an outcome of  the corporation's activities. While shareholders entrust their stakes in a corporation  to the board of directors, shareholders are just one audience among others that the  board may consider when making decisions on behalf of the corporation. 

These audiences, typically called stakeholders, may also include other financial  stakeholders, such as bondholders, and nonfinancial stakeholders, such as employees,  customers, suppliers, and NGOs representing various concerns of civil society. In the  face of limited resources, no matter how large the corporation, directors must make  choices regarding the significance of the corporation's many audiences.' 

Required 

Assume you have been employed as a corporate governance consultant by the  Australian Institute of Company Directors (AICD). The AICD is concerned that many  company directors hold the opinion that the company's board of directors has a  responsibility to place the interests of shareholders above all other stakeholder  interests.  

Your assignment is to prepare a report to be submitted to the AICD evaluating the  evidence that the responsibility of a company director is to place shareholder interests  above those of other stakeholders. Specifically, the AICD has requested that your  report contain evidence, examples and recommendations for company directors that  will guide them when making board decisions so they are responsive to diverse  stakeholder audiences. The AICD has advised you that they intend to make your  report a public document and it will be uploaded to the website so it can be read by  both corporate governance specialists and non-specialists.

Assessment Task 3 

Assessment Criteria: 

∙ Demonstration of knowledge of the issues and evidence of wide  reading to support your analysis 

∙ Demonstration of your ability to apply the knowledge to identify keys  issues leading to your recommendations 

∙ Evidence of sound reasoning and the exercise of professional  judgement to support your recommendations 

∙ Development and statement of concise recommendations for  presentation to the Chairman 

∙ Overall structure and professional presentation of your report to the  Chairman 

∙ High quality written communication of concepts and terms as the  Chairman can be assumed to be professionally competent in corporate  governance  

Case Study 

'Countering cyber risk presents a significant strategic challenge to leaders across  industries and sectors but one that they must surmount in order to take advantage of  the opportunities presented by the vast technological advances in networked  technology that are currently in their early stages. Over the past decade, we have  significantly expanded our understanding of how to build secure and resilient digital  networks and connected devices. However, board-level capabilities for strategic  thinking and governance in this area have failed to keep pace with both the  technological risks and the solutions that new innovations provide. 

…. 

Boards have a vital governance function, determining overall company behaviour and  setting a company's risk appetite. For boards, action means effectively exercising  oversight by asking managers the right questions to ensure that the boards' strategic  objectives are met. This function is no different in the area of cyber resilience. By  offering the following principles and tools, the Forum hopes to facilitate useful  dialogue between boards and the managers they entrust with the operation of the  companies to which they owe their fiduciary obligations.'

Required 

Assume you have been employed as a corporate governance consultant by a company  listed on the Australian Stock Exchange and ranked within the ASX 200. The Chairman  of the company has decided to address the issue of cyber security at the company board level.  

As an initial step in the process of improving the cyber resilience of the company the  Chairman has employed you to prepare a report that critically analyses how the  company can best integrate its cyber security and resilience protocols to ensure  continued corporate survival and improved business performance. The Chairman has  requested that you submit a report providing examples of best practice and a clear set  of recommendations on how the company should initiate a cyber resilience policy at  the corporate board level. Your report will be tabled at the next board meeting for  board members to review and evaluate your recommendations. 

INTRODUCTION

Beyond the key principles of information technology, cybersecurity is more of a matter of corporate governance. With digitization and innovative technology on the rise, the value of the assets of a company, both tangible and intangible, are also increasing significantly. Also growing rapidly are the number of cyber risks and associated crimes, directly targeting the company's assets (Wealth & Finance International 2017). Finding the right balance between business growth and combating security issues is what is vital to organizations today. A robust cybersecurity governance model will not only aid the company to deliver better to their customers but also provide reasonable assurance that the cyber risks are well-dealt with. Good corporate governance on cybersecurity is driven towards protecting value in the company – covering both technical and financial perspectives (Binwal 2015). By taking a holistic approach towards the cybersecurity risks, as proposed in this report, the Board and the associated Risk functions will be able to tackle cybersecurity issues more effectively and prepare them to react with heightened defence to any cyber security incident.

CYBERSECURITY AND CORPORATE GOVERNANCE 

Cyber security can be targeted by the Board by following the five key ideologies as listed below. Each ideology is further supported by the risks associated with not meeting those principles. Also provided are certain key controls and recommendations, which, when followed and evaluated, would help mitigate the risks and result in effective cyber resilience in the company.

(Some parts of the solution has been blurred due to privacy protection policy)