3-Governance

Question 1

Define governance.

Answer 1

Governance is the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.

Question 2

Give examples of (1) internal and (2) external mechanisms that influence corporate governance.

Answer 2

Internal mechanisms External mechanisms

Corporate charters Laws
Bylaws Regulations
Board of directors Government regulators
Internal audit functions

Question 3

What are the two major components of governance?

Answer 3

Strategic direction

Oversight

Question 4

Compare the responsibilities of (1) the board, (2) management, and (3) internal audit activity regarding governance.

Answer 4

Party Responsibility regarding governance
The board Oversight of governance
Management Day-to-day governance functions
Internal audit activity Assessment and improvement of governance processes

Question 5

_____________ is primarily responsible for establishing and maintaining an organizational culture.

Answer 5

Senior management.

Question 6

Compare the emphasis of the internal audit activity in a (1) less mature, and (1) more mature governance system.

Answer 6

Maturity of governance system Emphasis of internal audit activity
Less mature Compliance with policies, procedures, laws
More mature Optimization of structures and practices

Question 7

What is the responsibility of the internal audit activity in an assurance engagement for ethics-related matters?

Answer 7

The internal audit activity must evaluate the design, implementation, and effectiveness of the organization’s ethics-related objectives, programs, and activities.

Question 8

The __________ (1) and __________ (2) are responsible for the design and implementation of governance processes.

Answer 8

Board

Management

Question 9

Give examples of the areas for which the internal audit activity must assess and make recommendations to improve the organization’s governance processes.

Answer 9

Making strategic and operational decisions
Overseeing risk management and control
Promoting appropriate ethics and values within the organization
Ensuring effective organizational performance management and accountability
Communicating risk and control information to appropriate areas of the organization
Coordinating the activities of, and communicating information among, the board, external and internal auditors, other assurance providers, and management

Question 10

Corporate social responsibility (CSR) refers to __________ (1), __________ (2), __________ (3).

Answer 10

Social responsibility
Sustainable development
Corporate citizenship

Question 11

List the four responsibilities an organization must fulfill to be considered socially responsible.

Answer 11

Economic responsibility
Legal responsibility
Ethical responsibility
Philanthropic responsibility

Question 12

List and compare the two major corporate social responsibility (CSR) frameworks.

Answer 12

Framework Emphasis
Global Reporting Initiative (GRI) Reporting
ISO 26000 How to implement and manage a CSR initiative

Question 13

Compare the responsibilities of (1) the board, (2) management, and (3) internal audit activity regarding corporate social responsibility (CSR).

Answer 13

Party Responsibility
The board Overseeing CSR
Management Establishing CSR objectives
Assessing and managing risks
Measuring performance
Monitoring and reporting activities
Internal audit activity Evaluating whether controls over CSR are adequate to achieve CSR objectives

Question 14

List and describe the four alternative corporate social responsibility (CSR) strategies.

Answer 14

Strategy Description
Reaction The organization denies responsibility and tries to maintain the status quo.
Defense The organization uses legal action or public relations efforts to avoid additional responsibilities.
Accommodation The organization assumes additional responsibilities only when pressured.
Proaction The organization takes the initiative in implementing a CSR program that serves as an example
for the industry.

Question 15

Regarding corporate social responsibility (CSR), when are the internal audit activity’s independence and objectivity not impaired?

Answer 15

Independence and objectivity are not impaired when the internal audit activity:

Provides advice on the design and implementation of CSR programs or
Facilitates a management self-assessment of CSR controls and results

Question 16

List and describe the two approaches to audit corporate social responsibility (CSR).

Answer 16

Auditing approach Description
Auditing by element Separate audits of each element (e.g., governance, environment, ethics) are performed

Auditing by stakeholder group Separate audits of CSR programs related to each significant stakeholder group (e.g.,
employees, environment, suppliers) are performed that consider compliance with laws,
regulations, and contracts

Question 17

Methods of reporting corporate social responsibility (CSR) include

Answer 17

Providing a standalone CSR reporting,
Integrating the CSR report with the annual financial report, and
Providing CSR information booklets on special topics.

Question 18

What are the Three Lines of Defense?

Answer 18

First Line: Operational Management
Second Line: Risk Management and Compliance Functions
Third Line: Internal Audit

Question 19

What is the definition of organizational governance?

Answer 19

The IIA Standards Glossary defines organizational governance as the:

“combination of processes and structures implemented by the board to inform, direct, manage, and monitor the achievement of its objectives.”

Question 20

What are the cornerstones ofgood corporate governance?

Answer 20

The board of directors
Executive management
External auditors
Internal auditors

Question 21

What are major areas of responsibility of the board?

Answer 21

Monitoring the CEO and other senior executives.
Overseeing the corporation’s strategy and processes for managing the enterprise (including succession planning).
Monitoring the corporation’s risks and internal controls, including the ethical tone.

Question 22

What is an independent director, and how many shoulda company have?

Answer 22

A majority of the directors should be independent in both fact and appearance.
An independent director has no current or prior professional or personal ties to the corporation or its management other than service as a director.
Independent directors must be able and willing to be objective in their judgments.

Question 23

What are common committees that the board establishes?

Answer 23

Audit committee
Compensation committee
Governance committee

Each committee should have a charter, authorized by the board, that outlines how each will be organized, their duties and responsibilities, and how they report to the board.

Each committee should be composed of independent directors only.

Question 24

Who are stakeholders?

Answer 24

A stakeholder is an individual or entity who has a material interest in a company’s achievements, validated through some form of investment, and thereby expects a benefit in return.

Question 25

Who are internal stakeholders?

Answer 25

Directors
Senior management
Employees
Trade unions or staff associations
Shareholders

Question 26

Who are external stakeholders?

Answer 26

Customers
Suppliers
Contractors and subcontractors
Distribution networks
Communities
The general public and government

Question 27

What are four levels of relationships with stakeholdersand what is each level based on?

Answer 27

Based on the stakeholder’s interest and power, the company’s relationship will be to:
͏Ignore the stakeholder (weak power, low interest)
Keep the stakeholder informed (weak power, high interest)
Keep the stakeholder satisfied (strong power, low interest)
Treat the stakeholder as a key player (strong power, strong interest)

Question 28

What is the role of internal auditin corporate governance?

Answer 28

The IAA must assess and make appropriate recommendations to improve the organization’s governance processes for:
Making strategic and operational decisions.
Overseeing risk management and control.
Promoting appropriate ethics and values within the organization.
Ensuring effective organizational performance management and accountability.
Communicating risk and control information to appropriate areas of the organization.
Coordinating the activities of, and communicating information among, the board, external and internal auditors, other assurance providers, and management.

Question 29

What are the steps in auditinga company’s governancepractices and structure?

Answer 29

Understand the general principles and models of organizational governance.
Review existing governance-related documentation.
Develop a preliminary audit plan.
Meet with decision-makers (i.e., the board).
Execute the approved plan.
If necessary, consult legal counsel.
Complete the process, including a formal presentation to the board and have key decision-makers sign a “statement of acknowledgement.”

Question 30

How is organizational culture different thanorganizational governance?

Answer 30

Organizational culture and its related practices are not written down or codified. Organizational culture can be rooted in the distinct personalities of company leadership or more generally in the ethnic, religious, or political context in which the business operates.

Question 31

What are the six control environments elements that organizational culture may impact?

Answer 31

Integrity and ethical values
Management’s philosophy and operating style
Organizational structure
Assignment of authority and responsibility
Human resource policies and practices
Competence of personnel

Question 32

What is the internal auditor’s role in assessing organizational ethics?

Answer 32

The internal audit activity must assess the design, implementation, and effectiveness of the organization’s ethics-related objectives, programs, and activities.
(Standard 2110.A1)

Question 33

What does a review of organizational ethics focus on?

Answer 33

Policies, including the policy for reporting ethical violations
Procedures
Effectiveness
Disposition of ethical issues, including if the penalties are appropriately scaled, if there is consistent application, and if there is proper documentation.
Compliance

Question 34

What are ethics advocates and who must act as anethics advocate?

Answer 34

Ethics advocates are visible models of appropriate behavior who encourage and support the code of conduct at all times and at all levels of activity.
Management must act as ethics advocates.
All individuals in the company should be encouraged to be ethics advocates.
Internal auditors are also key ethical advocates - The IIA Code of Ethics states that the internal auditors should be an example of the ethical behavior that employees should practice.

Question 35

What is a Code of Conduct, and who is it applicable to?

Answer 35

A Code of Conduct, or Business Conduct Policy, outlines the specific behaviors that are required of or prohibited for all employees.
The Code of Conduct should be written in clear, concise language that eliminates ambiguity or contradictory interpretation.
The Code of Conduct is applicable to all people in the organization, regardless of position, department, or length of employment.

Question 36

The code of conduct includes guidance on what topics?

Answer 36

Conflicts of interest
Confidentiality of information
Acceptance of gifts
Compliance with all applicable laws, rules, and regulations
Penalties – the Code must clearly detail the consequences for any violations

Question 37

What is the role of the IAAwith the Code of Conduct?

Answer 37

The Code of Conduct needs to be periodically assessed by the IAA to ensure that it is relevant and that it reflects the company’s needs. Additionally, compliance with the Code of Conduct should also be tested periodically and may even be included as part of every engagement.

Question 38

What is corporatesocial responsibility?

Answer 38

The IIA’s Practice Guide Evaluating Corporate Social Responsibility/Sustainable Development defines CSR as:
“The way firms integrate social, environmental, and economic concerns into their values, culture, decision-making, strategy and operations in a transparent and accountable manner and thereby establish better practices within the firm, create wealth, and improve society.”

Question 39

What are the levels of responsibility for CSR in a company?

Answer 39

The board has overall responsibility for CSR.
Management is responsible for executing CSR and ensuring that there are clear objectives, performance measurement, and reporting.
Employees must integrate CSR into their everyday activities.
The internal auditors should understand the risks and controls related to CSR and may be responsible for auditing CSR.

Question 40

What are some of the risks associated with CSR?

Answer 40

Reputation
Compliance
Liability and lawsuits
Operational
Company stock valuation
Employment market
Consumer sales
External business relationships

Question 41

What are the seven core subjects in ISO 26000?

Answer 41

Organizational governance
Human rights
Labor practices
The environment
Fair operating practices
Consumer issues
Community involvement and development

Question 42

What are the five main aspectsof CSR in ISO 26000?

Answer 42

A company should operate ethically and with integrity.
A company should treat its employees fairly and with respect.
A company should demonstrate respect for human rights.
A company should be a responsible citizen in its community.
A company should do what it can to sustain the environment for future generations.

Question 43

What are the four levels of the pyramid of social responsibility?

Answer 43

Philanthropic responsibilities
Ethical responsibilities
Legal responsibilities
Economic responsibilities

Question 44

What are the seven steps in the CSR Process?

Answer 44

Set priorities and policies for areas such as ethics, labor, the environment, charity, and any other relevant CSR areas.
Set specific objectives and strategies to achieve the policies set by management.
Communicate and embed CSR into controls and decision making.
Track the activities related to CSR so that the results of the CSR policies and objectives can be measured, analyzed, and benchmarked.
Engage stakeholders to resolve any complaints and receive feedback on the CSR issues affecting them.
Audit results including controls related to CSR and any public disclosures.
Report results.

Question 45

What are different approaches that can be taken to auditing CSR?

Answer 45

By element.
By stakeholder or stakeholder group.
By subject. For example, by workplace, marketplace, environment, and community.
By department/function. Audit CSR separately for each department within the organization.
By third party. Audit third parties for compliance with CSR terms and conditions.

Question 46

What are the elements of CSRthat are commonly audited?

Answer 46

Governance
Ethics
Environment
Transparency
Healthy, Safety, and Security
Human Rights and Work Conditions

Question 47

What are the stakeholder groupsin auditing CSR?

Answer 47

Employees and their families
Environmental organizations
Customers
Suppliers
Communities
Shareholders