Skip to content
News update

Q&A with Governance Institute

Each month in our News Update, the Governance Institute will answer some common questions about governance and risk management.

Q) How do companies manage digital execution of documents under section 127 of the Corporations Act?

Many companies now use DocSign for digital execution of documents which is supported by a variety of internal processes. Some companies have adopted a process of emailing the signatories with a summary of risks and supporting information and then notifying the signatories through DocuSign that the documents are ready for execution.  It is also possible to include background information relevant to the documents in DocuSign. Where commercial areas of the company are involved it is important to obtain sign-off from these areas before contacting the signatories. Legal sign-off may also be required. Larger companies will have more complex processes and frequently involve their legal team in relation to execution under section 127. Financial institutions frequently execute documents using powers of attorney.


Q) How usual is it to combine a Governance Committee with a Remuneration and Nomination Committee in an ACNC registered company limited by guarantee.

Combining these committees will depend on the remit of each committee, particularly the Governance Committee. It is an unusual combination and will depend on the skills at the company’s disposal. It will also be important to draft the charter for the combined committee carefully to ensure that no areas of responsibility are omitted.


Q) Where can charities and not-for-profits find information about cyber security?

The Australian Cyber Security Centre (ACSC) has recently released its top tips on cyber security defence for charities and not-for-profits. They are:

  1. Turn on multi-factor authentication where possible.
  2. Check automatic updates are on and install updates as soon as possible.
  3. Back up important files and device configurations often. Test your backups on a regular basis.
  4. Use a reputable password manager to create strong, unique passwords or passphrases for your accounts.
  5. Provide cyber security training, particularly on how to recognise scams and phishing attempts.
  6. Use access controls and review them often so staff can only access what they need for their duties. This will reduce potential damage caused by malware or unauthorised access to systems.
  7. Use only reputable and secure cloud services and managed service providers.
  8. Test cyber security detection, incident response, business continuity and disaster recovery plans often.
  9. Review the cyber security posture of remote workers and connections. Make sure staff are aware of secure ways to work remotely such as not accessing sensitive information in public.
  10. Report a cybercrime, incident or vulnerability to protect yourself from further harm.
  11. Join ASD’s Cyber Security Partnership Program as a business or network partner. This free program provides advice and insights on the cyber security landscape.

The ACSC also reminds charities and not-for-profits that cyber security protection is an ongoing process and should be reviewed frequently to strengthen resilience.

Vital insights for boards from national gender pay gap data

Next article