Part 8: Management practices and controls

Guardians of New Zealand Superannuation: Governance and management of the New Zealand Superannuation Fund.
Key messages
  • The work programme carried out as part of the 2007 Statement of Intent has strengthened the internal control environment of the Fund and the Guardians.
  • While the Guardians have established and formalised a considerable number of operational processes, there is not yet a long-term operational strategy detailing the overall purpose of the policy framework and organisation structure.
  • The ability to attract and retain staff with the appropriate skills will remain an ongoing challenge.

In this Part, we report on the Guardians' internal management practices and controls. We set out our findings in relation to the Guardians':

  • internal controls;
  • human resources practices; and
  • business operations.

Our findings

Internal management practices and controls refer to the business operations performed by the Guardians to meet strategic and legislative objectives. This includes policies, procedures, and established processes.

The internal control framework includes:

  • the type of policies and procedures adopted;
  • the nature of delegations and to whom;
  • the structure of banking arrangements;
  • the formalisation of contracting processes;
  • the necessary management skills; and
  • the scope of assurance activities.

The importance of operational processes performed by the Custodian has required the Guardians to set up clear and measurable operational risk processes to monitor service performance. The relationship between the Custodian and the Investment Managers is equally important. Investment Managers are required to follow consistent protocols when reporting transactions and in resolving any compliance issues related to those transactions.

The Guardians' current internal control structure includes the following strengths:

  • The separation of responsibility for trading from the related transaction processing, which is an inherent risk of any investment operation. In most advanced regulatory jurisdictions, there are requirements for physical and system-based separation of these two areas. Regulators seek to manage any influence being placed by traders on how transactions are processed and reported. Outsourced custodial responsibilities enforce strict segregation of duties between transacting and settlement of investment decisions. Investing decisions are initiated by Investment Managers and processed by the Custodian.
  • Outsourced investment management provides the Guardians with access to the systems and controls of major Investment Managers. Those systems and controls provide controls throughout the investment process, such as pre-trade compliance controls.
  • Funds are dispersed to about 30 Investment Managers with a diverse range of knowledge and capability. In many asset classes there is more than one Investment Manager, which allows benchmarking (that is, analysing the performance of Investment Managers within an asset class).
  • Risks related to business continuity planning and disaster recovery are not centralised within the Guardians. Critical functions of the Fund could continue to operate if a disaster occurred. In such an event, the Guardians would temporarily lose the ability to oversee the operations of Investment Managers. However, investment activity and transaction settlement would continue to operate. The Guardians can restore their overseeing ability by gaining access to the Custodian's website from another location.

The work programme outlined in the 2007 Statement of Intent has allowed the Guardians to formalise routine processes and strengthen internal controls.

Twenty-six out of 28 of the Guardians' policies were prepared between March and August 2007. These policies are likely to be further refined as they are implemented and need to be linked to the major risks in the Risk Management Framework. This will allow management and internal audit to focus on the Guardians' major risks.

Internal controls

Corporate policies and procedures

The 2007 Statement of Intent sets out a work programme to develop and improve the governance infrastructure of the Guardians. The changes include adoption of executive committee terms of reference, and policies and procedures.

One reason that corporate policies were not developed before 2007 was that the Guardians were focused on preparing and implementing their investment strategy. The Guardians did not have a large staff and management team, reducing the need for complex and detailed corporate policies. During this period, the Board carried out detailed analysis, along with expert advice, for all material decisions (such as the appointment of Investment Managers).

The absence of formal policies before 2007 did not mean that the Guardians applied poor processes within their operations. Indeed, the current policies document the processes historically operated by the Guardians.

The risk normally associated with limited policies and procedures has been mitigated by the involvement of the Board and the use of outsourcing. Initiatives taken since February 2007 have ensured that there are adequate policies in place as the Board becomes less involved in day-to-day management decision-making. In our view, this is an appropriate approach by the Board at this stage of the Fund's development.

The Guardians have the following strategic and operational internal control guidance:

  • Annual Plan, including budgets;
  • Statement of Intent (available at;
  • Annual Report (available at;
  • an internal “roadmap” for the Statement of Intent; and
  • 28 policies approved or pending approval by the Board (see Appendix 2).

When we compared the Fund's current policies to similar organisations, we found that they were consistent in all material respects. Therefore, we conclude that the processes applied by the Guardians before 2007 were also consistent in all material respects to similar organisations. For example, we observed that sound project management, project governance, and overseeing practices had been applied during the process to change from one Custodian to another.

The work programme completed under the 2007 Statement of Intent has established and formalised a considerable number of operational processes within the Guardians. However, there is not yet a long-term operational strategy detailing the overall purpose of the policy framework and organisation structure.

The Guardians have not defined the role and purpose of each operational area and linked these to job descriptions. This makes it difficult to identify the specific contribution of individual business units to the overall objectives of the Fund.

Recommendation 18
We recommend that the Guardians of New Zealand Superannuation prepare a long-term operational strategy detailing how the Fund will be administered in the future. The purpose of the strategy is to set out the long-term operational objectives of the Guardians. This could include external provider management, overseeing of fund administration, alternative asset research, investment strategy development, and responsible investor guidance.

This is a high-priority recommendation because it sets out how operational objectives link to the long-term strategy for the Guardians. This has a flow-on effect on strategies relating to human resources, information technology, and other business processes.

Lack of policies in some areas

We found that the Guardians do not have current policies in relation to aspects of:

  • risk management;
  • staff training;
  • external provider management; or
  • legal compliance.

Although a detailed Risk Management Framework was approved in October 2007, the Guardians do not have policies covering:

  • the purpose or objectives of the Risk Management Framework;
  • roles and responsibilities in relation to setting and changing the measurement criteria for likelihood and effect, and the overall risk assessment (representing the combination of these two points);
  • reporting content and frequency to the Board and executive management; and
  • escalation of risks to the Chief Executive Officer and the Board (based on overall risk assessment).

The Guardians do not have a policy for staff training relating to business strategy, systems, corporate policies and procedures, and specialist skills and capability.

Although the Guardians have policies covering issues such as selecting external providers, there are no policies covering the following areas of external provider management (more detailed information is in Appendix 3):

  • role of the Relationship Manager;
  • periodic performance assessment of the external provider;
  • definition of outsourcing versus contracting;
  • responsibilities in relation to receipt and review of external provider reporting (as set out in the service level agreements with each external provider);
  • conflict management and management of service level agreement breaches;
  • changing and updating performance measures and arrangements for service level agreements; and
  • receipt and review of external provider assurance (for example, comfort letters1 and SAS 70 reports).

The Guardians also lack a policy with a process to measure and report how the Guardians address legislative compliance.

While the areas mentioned in paragraphs 8.17-8.21 are not covered by the Guardians' policies, this does not present a high risk to the Guardians' activities. A lack of policies does not mean that good practice processes have not been applied. However, it does mean that those good practices depend more on the skills and attitudes of the particular staff currently performing these roles.

Should staff or responsibilities change, the Guardians cannot be certain that good practice will continue to be applied. Further, the absence of a formal policy framework reduces the ability of the Guardians to set and measure expectations. Policies and procedures, once integrated with job descriptions, create an accountability framework and tone within the organisation that allows the business to be independently measured and reported against. Documentation of an acceptable standard will help to ensure that good practices are consistently applied.

Recommendation 19
We recommend that the Guardians of New Zealand Superannuation prepare policies in relation to risk management, training and development, external provider management processes, and legal compliance.

We reviewed the governance disclosures in the Annual Report and concluded that they are extensive and cover all material elements. However, the governance programme is not linked to the nine principles of corporate governance promulgated by the New Zealand Securities Commission (or similarly recognised global governance standards). While compliance with the Commission's standard is not compulsory, it is widely used as a benchmark by a number of leading New Zealand entities. Compliance would ensure that there is specific consideration of how the Guardians apply each element of the requirements and that there is broad disclosure to the public.

Recommendation 20
We recommend that the Guardians of New Zealand Superannuation link their governance processes and reporting to the principles of corporate governance promulgated by the New Zealand Securities Commission.

The development of the Guardians' governance infrastructure has largely been adequate and timely in light of the growth of the Fund and expansion of the management team. Some policy has followed, rather than preceded, the developments occurring within the Fund. For example, a number of Investment Managers were appointed before the Investment Manager Selection Policy was adopted in June 2007. While there was no formal policy until then, a formal process was consistently applied for the selection of each Investment Manager.

Delegations of authority

The Guardians have had a policy for delegation of authority since October 2002. The Delegations and Sub-Delegations Authorities Policy was reviewed in June 2007 as part of the internal management control project. We compared this policy with similar policies on delegations and noted that:

  • the policy does not contain all delegations of the Guardians;
  • it does not address sub-delegations;
  • delegations are potentially restrictive in some areas; and
  • delegations lack clarity in some areas.

The Delegations and Sub-Delegations Authorities Policy does not contain all delegations. Some delegations are not explicit and some are also included in other policies, terms of reference, legislation, or formal documents, for example:

  • set-up of bank accounts for the Guardians (covered in section 39 of the Act);
  • authority to release information to the media (including Official Information Act 1982 and Ministerial responses);
  • authority to initiate or defend legal action;
  • authority to enter into long-term agreements and contracts;
  • recruitment, appointment, and employment conditions of the Chief Executive Officer;
  • approval of relocation expenses on appointment;
  • authorisation of employment-related benefits in addition to salary outside standard employment contract terms;
  • approval of representation on external committees;
  • authorisation of timesheets and overtime for staff with a direct reporting line (direct reports);
  • approval of special leave for longer than three days;
  • approval to travel overseas and attend conferences;
  • any disciplinary procedures, including verbal and final warnings, suspension, dismissal, negotiating, and approving collective agreements; and
  • the appointment of the Internal Auditor is not restricted to the Board or the Audit and Risk Committee (although this is covered in the Audit and Risk Committee charter).

As a result, there is a risk that some actions may be taken that do not fully reflect the intention behind the delegations given.

The Delegations and Sub-Delegations Authorities Policy does not contain any process to sub-delegate temporary authority from a specific level of management when a key staff member is absent. The policy refers to sub-delegation as the further delegation of powers from the Chief Executive Officer to senior management. An example is delegation from the Chief Executive Officer covering what, to whom, and to what extent the authority can be delegated. In our experience, sub-delegations are to direct reports up to 50% of the delegation limit.

The Delegations and Sub-Delegations Authorities Policy is restrictive on management delegations in certain areas, including:

  • divesting securities for responsible investment purposes;
  • making withdrawals from Investment Managers;
  • setting or altering service level arrangements with Investment Managers; and
  • direct investments and significant shareholdings.

For all of the above areas, clear parameters need to be set for management decision-making.

The Delegations and Sub-Delegations Authorities Policy structure does not allow clear distinction between what is within the authority of the Board, the Chief Executive Officer, and executive management (that is, it is not presented in a matrix format).

The Delegations and Sub-Delegations Authorities Policy does not include the following:

  • approval for adoption of, or changes to, policies and operating procedures; and
  • authority to invest surplus funds on interest-bearing deposits.

The above areas need to be considered in the review of the Delegations and Sub-Delegations Authorities Policy. Policy development has been subject to strict control by executive management and approved by the Board.

Recommendation 21
We recommend that the Guardians of New Zealand Superannuation update their Delegations and Sub-Delegations Authorities Policy, including consolidating delegations currently recorded in other policies and governance documents into one Delegation of Authority Policy.

Expectations of behaviour

The Guardians have an Employee Code of Conduct and a Board Code of Conduct. These documents cover all material elements that we would expect, and are fully communicated to staff through a formal induction process. A project is under way to build an intranet to improve the Guardians' internal communication capability. A feature of the intranet will be a central repository for all policies.

The tone for expectations of behaviour is set through various human resources policies, which address potentially sensitive issues, such as receiving gifts, travel allowances, and employee benefits. In our view, adequate human resources policies and processes are in place.

Separation of responsibilities

Fraud risk associated with the assets of the Fund is mitigated through the separation and custody of bank accounts. The Guardians' operating bank account is separate from the Fund's bank accounts. The Fund's bank accounts are maintained by the Custodian and transactions occur only on instruction from the Guardians. Therefore, appropriate segregation of duties is achieved.

In our view, the inherent risks over the custody of operating bank accounts should be included in the risk profile for the Guardians and subject to periodic internal audit review.

Recommendation 22
We recommend that the Guardians of New Zealand Superannuation routinely monitor and test how they segregate duties, to ensure that no one person controls two or more phases of a transaction or operation. Testing of segregation of duties should be included in the Guardians' annual internal audit plan.

Human resources practices

Long-term strategic human resources planning

A priority of the 2007 Statement of Intent is to “maximise the Guardians' ability to attract, retain, motivate and manage people”. This has included development of human resources infrastructure such as position descriptions, capability matrices, and performance assessment programmes.

The Guardians have not developed a long-term human resources plan. The requirements of such a plan would be closely linked to the long-term operational strategy of the Guardians (see Recommendation 18). A long-term human resources plan would allow the Guardians to develop their long-term human capital requirements (in terms of numbers and skills). It would also allow for the development of position descriptions, training requirements, and budgets.

Recommendation 23
We recommend that the Guardians of New Zealand Superannuation prepare a long-term human resources plan consistent with their broader operational strategy.

Key Person Risk Matrix

The Guardians have put in place a Key Person Risk Matrix to confirm that all material risks are appropriately managed. We reviewed this matrix and concluded that the Guardians are managing key person risks in a practical and reasonable manner.

The Guardians' exposure to key person risk is limited because of the extent of operational outsourcing. Most critical roles within the Guardians are committed to long-term strategic planning. A loss of a key person would not be likely to lead to an immediate operational exposure, but is more likely to affect the Guardians' successful implementation of the long-term strategy. In this regard, the steps taken by the Guardians between May and October 2007 to strengthen the senior management team have lessened this risk.

Succession planning

In organisational development, succession planning is the process of identifying and preparing suitable employees through mentoring, training, and job rotation, to replace key people - such as the Chief Executive Officer - as their terms expire.

The Key Person Risk Matrix adequately addresses succession planning. The matrix identifies roles within the Guardians that present long-term key person risk and sets out how the risk is managed by having more than one person capable of performing each role. The matrix also provides a strong basis for human capital development within the Guardians.

Attracting and retaining appropriately skilled people

The human capital needs of the Guardians are difficult to manage. Human capital is a complex area for the asset management industry. These factors mean the Guardians are exposed to opportunity cost if they cannot attract and retain suitably skilled investment analysts and strategists. Because the risk is by definition an opportunity cost, it is difficult for the Guardians to establish clear cost-benefit cases for particular roles.

The competitive nature of the asset management industry makes it difficult and costly to attract and retain experienced staff. Typically, employees hold specialist roles relating to a specific product or asset class. As a global investor, the Guardians compete for global skills in specialist areas. Generally, the investment community applies a strong correlation between a fund and its portfolio management staff. The Guardians consider the reputation of an Investment Manager's staff when appointing and continuing to use an Investment Manager.

This environment has led to premium rates being paid for high-performing employees. Risks associated with human capital management are typically managed by paying commercial salaries, providing performance-based remuneration, and using structured human capital development programmes. Not all of these methods are currently available to the Guardians.

The employment environment of a Crown entity demands a high level of transparency and draws comparison with other public sector organisations. In the context of the Guardians, this could lead to situations where certain employees are paid significantly more than in other Crown entities because of the above factors. Recognising that this situation could potentially arise, the Guardians do not have a specific process agreed with stakeholders (for example, the Crown) to deal with remuneration packages that may draw wider public scrutiny.

The Guardians have introduced the first stage of a bonus system with a uniform payment to all staff if major organisation and fund return targets are met. However, this does not address individual bonus arrangements that may be necessary to attract global human capital talent.

A further dimension to this issue for the Guardians is the long-term nature of the Fund's investment horizon. While attracting appropriate skills is an issue, as discussed above, retaining the skills throughout the duration of the Fund's investment horizon is equally challenging. Accordingly, the Guardians do not currently apply performance bonuses linked to the long-term performance of the Fund except on an aggregate basis, rather than an individual basis. To do so, the Guardians would be negotiating remuneration arrangements that are unique within the public sector and could lead to widespread debate.

The risk of not being able to attract and retain appropriately qualified staff is currently managed by the Guardians in the following ways:

  • the outsourcing business operating model lessens the dependency on any one person; and
  • the long-term investment horizon of the Fund eliminates the need for considerable short-term active management to meet projected returns.

Because the Guardians are susceptible to public expectations of New Zealand salaries, they may face situations where specialist skills are required but not obtained or obtained at remuneration levels not regarded as publicly acceptable. In our view, the Guardians should formalise processes for recruitment of specialists where necessary. This should include position descriptions, a process for determining adequate remuneration and benefit arrangements, and a process to have these appropriately approved and authorised.

Recommendation 24
We recommend that the Guardians of New Zealand Superannuation put in place a transparent process that they can follow if they are required to set a level of remuneration for specialist skills outside the current approved levels.

This is a high-priority recommendation. In our view, the process should assess the extent to which the skills are critical to the Guardians, and set out a process to agree remuneration levels beyond the current delegated level where appropriate. This should include setting a maximum remuneration amount. The Guardians have an agreed funding model with the Crown, which should enable the Guardians to afford market rates for senior funds specialists as needed. However, the Guardians have yet to establish any non-standard employment contracts or bonus structures.

Recognising the unique nature of the asset management industry, we consider that it would be inappropriate and a high-risk approach for the Guardians to not employ suitably qualified employees. Given the importance of the investment strategy in delivering long-term growth for the Fund, the strength of the senior management team is crucial to achieve this objective. In this regard, we agree with the approach taken by the Guardians to attract and retain specialist funds management skills.

Business operations

Cost effectiveness

The Guardians engage a specialist independent consultant to compare the Guardians to peer organisations. The process provides the Guardians with information about relative cost structures. While meaningful, the consultant's analysis cannot be considered to be totally comparable because:

  • the Guardians are typically compared to more mature organisations that no longer need to invest in the corporate infrastructure and capability of a rapidly growing institution;
  • the geographical location of the Guardians relative to global markets means it may not be practical to adopt the business operating model of peer organisations without taking on more risk;
  • the size of the Fund relative to the New Zealand market means that the Guardians must invest a disproportionate amount in foreign markets;
  • the founding legislation places certain requirements on the Guardians that may not apply to other organisations, for example, monitoring of responsible investments and the associated cost; and
  • many similar funds allocate their overhead costs to specific asset classes, which makes comparison with the Fund difficult.

Overall, in our view, there is a high awareness by the Board and by management of the need to maintain cost-effective fund management services. The benchmarking process, along with other factors, was used as a catalyst for tendering the custodial and back-office services to a global group of potential providers. In our view, the early indications are that the tender has resulted in an appropriate outcome for the Guardians.

However, the need to maintain cost-effective services is balanced by the need to obtain expert advice in specialist areas.

Monthly management reporting

The Guardians have an appropriately qualified Accounting and Finance team. The process for finalising financial statements for the Fund and the Guardians are subject to the necessary controls. In our discussions with management, there was no indication there were issues with the content, timeliness, or accuracy of financial information produced in relation to the Fund.

Because of the nature of the investments, the Guardians may not always be able to access accurate valuations of privately held assets in a timely manner. While acknowledging that privately held assets are a recent investment class, our analysis did not highlight that the valuation of these assets has materially affected reported Fund performance.

Our conclusions

The Guardians' internal management practices and controls have been significantly affected by the work programme carried out as part of the 2007 Statement of Intent. While some elements of the work programme were still to be completed or refined, the majority of completed work has strengthened the internal control environments of the Fund and the Guardians.

While the Guardians have established and formalised a considerable number of operational processes, there is not yet a long-term operational strategy detailing the overall purpose of the policy framework and organisation structure.

The ability to attract and retain staff with the appropriate skills will remain an ongoing challenge. To the extent practical, the Guardians need to put in place an approach for setting remuneration levels outside current approved levels.

1: A general definition is that a comfort letter conveys assurance that something is or is not so, to the best of the writer's knowledge.

page top