EGC Corporate Governance Practices (May 2018)

A Survey and Related Resources PAGE D-8 Internal Audit Function The company must have an internal audit function that provides management and the audit committee with ongoing assessments of the company's risk management processes and internal controls. The company must adopt the internal audit function within one year of listing. Not required. Corporate Governance Guidelines Companies must adopt and disclose corporate governance guidelines that must address: • Director qualification standards. This should at a minimum reflect the director independence standards in Sections 303A.01 and 303A.02 and may also include other policies such as: o a limitation on the number of boards on which a director can sit; and o director tenure, retirement, and succession. • Director responsibilities, including attendance at board meetings and advance review of meeting materials. • Director access to management and, as necessary and appropriate, independent advisors. • Director compensation, including general principles for determining the form and amount of compensation. • Director orientation and continuing education. • Management succession, including policies for: o selection of the CEO; o performance review; and o succession following an emergency or retirement. • Annual performance self-evaluation of the board. Not required. Code of Conduct/Business Conduct and Ethics Companies must adopt a code of business conduct and ethics that applies to all directors, officers, and employees. The code must provide the following: • Waiver of the code for executive officers or directors can be made only by the board or a board committee. • Compliance standards and procedures for the effective operation of the code. The code should also address the following topics: • Conflicts of interest. The code must prohibit conflicts of interest and provide a means for employees, officers, and directors to report Companies must adopt a code of business conduct and ethics that applies to all directors, officers, and employees. The code must: • Comply with the definition of code of ethics in Section 406 of Sarbanes-Oxley and any related SEC regulations. This means the code must include standards reasonably necessary to promote: o ethical handling of conflicts of interest; o full and fair disclosure; and o compliance with laws, rules, and regulations.