Building the foundations for investment management: The governance framework

How should companies invest their cash? The world of cash and short-term investments is a challenging one. Managing investments efficiently, while continually adapting to changes in global markets, risk and the regulatory environment, requires a robust investment policy. The foundation for a solid investment policy lies in the building of a well-grounded governance framework to guide the planning and implementation of the organisation’s cash management programme. In the manner of a blueprint, the governance framework will promote a consistent, proportional, long-term, decision-making discipline across the entire organisation, capable of guiding the business through dynamic market conditions.

Key practicalities

  • Clear definition and alignment of the organisation’s strategic, financial objectives and risk management guidelines for coherent investment performance;
  • Formal documentation and regular reviews of policies, procedures and performance to ensure compliance with the board’s intentions; and
  • Full integration of the organisation’s financial risk management objectives, reflecting goals, risk appetite, sources of risk for the specific business and the economic environment in which it operates.

Governance components


The treasurer’s primary role is to ensure that cash is available to meet the company’s obligations to pay suppliers and employees, to make debt repayments and to meet the company’s many strategic objectives. The treasurer’s task in the context of the governance framework is to protect and preserve any cash (surpluses) within the business via an effective investment process. To do so, the treasurer needs insight into the value and location of the cash, plus the currencies in which it is denominated.

Board of directors

The key body for the ownership of relevant business information is the board of directors. The board oversees the overall management of the company, sets the policies and general strategic direction, and assigns the delivery thereof to the executive directors. Furthermore, they are the independent check on the executive directors, to ensure delivery against objectives. Depending on organisation size, complexity and impact of associated risk, boards will often have a number of subcommittees, covering areas such as: remuneration, nomination, audit, investment and/or risk. An investment committee will have the following remit:

  • To provide a focused environment to consider and debate risks to the investment portfolio and look at detailed reporting;
  • Provision of external specialists and/or investment advisers; and
  • Report back to the main board with proposals, recommendations or updates.
Risk framework

One of the roles of treasury is to optimise the liquidity position of the business along with managing financial risks. As such, treasurers must develop and implement policies, processes and procedures designed to protect the organisation from fraudulent and/or other unethical activities, while facilitating the alignment of shareholder, stakeholder, board, management and staff goals.

Treasury controls are the framework of procedures, which are established to minimise risk, such as losses through error or fraud. Controls are established over most treasury activities and will often include:

  • Segregation of duties;
  • Line and senior manager monitoring; and
  • Internal and external audit.
"A governance framework doesn’t just cover investment management – it also covers a whole range of treasury risks, and clearly doesn’t just sit within treasury, as it covers activities such as payments, procurement and environmental, social and governance challenges across the organisation. It serves as a guide as to how we engage internally, as well as externally"
Naresh Aggarwal
Association of Corporate Treasurers, associate director – policy and technical
Systems and technology

Integrated systems can function as a control, though only as a supporting role to the governance framework. By means of access limitation and built-in audit controls, an organisation’s systems architecture allows for effective, preventative and detective controls. Subject to the level of systems integration and the level of straight-through processing, it is possible to reduce (or even eliminate) any manual keying of data – improving the governance framework by limiting the opportunity for error or fraud.


Effective reporting is a critical part of the governance framework. It provides assurance to senior management (and the board) that board-determined risk appetites, key controls and culture are being followed, and that if any breaches do occur, how they are being dealt with both tactically as well as strategically. Ideally, reporting should be system-generated to reduce opportunity for overrides, potentially hiding breaches that may have occurred. Increasing use of third-party data-visualisation applications, such as Tableau, Power BI and QlikView, help provide improved data access for senior management.


People represent both the biggest opportunity for an organisation, but so, too, the biggest risk. Having the technical skills – and keeping those skills updated as the corporate ecosystem develops – is key. Through continuous engagement, controls and processes, a culture that is receptive to risk management can be developed. Changes through system developments or business activities need to be reflected either in the governance framework or the operational activities themselves. Along with controls, organisations must have a culture of transparency, ensuring people are able to report errors preventing potential cover-ups.

Codes of conduct

Codes of conduct have been developed to address deficiencies that arise in corporate governance. They can be legislated (such as the Sarbanes-Oxley Act in America) or form part of a regulatory test (such as the UK’s Financial Reporting Council application of the Corporate Governance Code). They may also be specific to a particular area of activity (such as the Money Markets Code) or support an industry approach to culture (such as the Association of Corporate Treasurers’ Code of Ethics).

Case Study: Diageo governance framework

According to Diageo, its risk management framework is relatively ‘simple’. Accountability for managing risk is ‘embedded’ into its overall business management structures, where each market and function undertakes an annual risk assessment, establishes mitigation plans and monitors its respective risks. The executive audit and risk committee regularly receives reports on the risks faced by the business and the effectiveness of risk management efforts. The committee updates the group’s risk assessment annually and is independently reviewed by the board. Significant business risks are considered and escalated, where appropriate, to the Diageo executive directors and board, cross-functional working groups established and leverage experts to ensure significant risks are effectively managed.

Diageo prospects are considered over the long term, but the Diageo directors believe that a three-year assessment is most appropriate to align with their strategic business-planning processes. According to the annual report, the plan has been extensively stress-tested by modelling severe but plausible downside scenarios and, crucially, combinations of scenarios linked to principal risks. Key scenarios considered include:

  • Severe marketing and/or route-to-market restrictions or fiscal changes introduced by local governments;
  • Material negative changes in the macroeconomic environment that could impact both developed and emerging markets;
  • Unfavourable exchange movements in foreign currencies, mainly the euro and US dollar against sterling;
  • Failure to adapt to or participate fully in critical industry developments; and
  • Increased potential tax rate due to changes in the international tax environment.

None of these scenarios individually threaten the viability of Diageo; therefore, it is the combined impact of these scenarios that is evaluated as the most severe stress scenario. Stress testing considers the effectiveness of mitigation actions and internal control systems, making certain assumptions about temporary reductions in discretionary spending including capital expenditure and dividend payments, and considers whether additional financing facilities would be required.

Our Performance Ambition calls on us to be bold and to act like owners. Well-managed risk taking lies at the heart of this. Great risk management drives better commercial decisions, creating a growing, resilient and sustainable business” Diageo Annual Report 2018

Share this post