3-Governance Flashcards
Define governance.
Governance is the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.
Give examples of (1) internal and (2) external mechanisms that influence corporate governance.
Internal mechanisms External mechanisms
Corporate charters Laws
Bylaws Regulations
Board of directors Government regulators
Internal audit functions
What are the two major components of governance?
Strategic direction
Oversight
Compare the responsibilities of (1) the board, (2) management, and (3) internal audit activity regarding governance.
Party Responsibility regarding governance
The board Oversight of governance
Management Day-to-day governance functions
Internal audit activity Assessment and improvement of governance processes
_____________ is primarily responsible for establishing and maintaining an organizational culture.
Senior management.
Compare the emphasis of the internal audit activity in a (1) less mature, and (1) more mature governance system.
Maturity of governance system Emphasis of internal audit activity
Less mature Compliance with policies, procedures, laws
More mature Optimization of structures and practices
What is the responsibility of the internal audit activity in an assurance engagement for ethics-related matters?
The internal audit activity must evaluate the design, implementation, and effectiveness of the organization’s ethics-related objectives, programs, and activities.
The __________ (1) and __________ (2) are responsible for the design and implementation of governance processes.
Board
Management
Give examples of the areas for which the internal audit activity must assess and make recommendations to improve the organization’s governance processes.
Making strategic and operational decisions
Overseeing risk management and control
Promoting appropriate ethics and values within the organization
Ensuring effective organizational performance management and accountability
Communicating risk and control information to appropriate areas of the organization
Coordinating the activities of, and communicating information among, the board, external and internal auditors, other assurance providers, and management
Corporate social responsibility (CSR) refers to __________ (1), __________ (2), __________ (3).
Social responsibility
Sustainable development
Corporate citizenship
List the four responsibilities an organization must fulfill to be considered socially responsible.
Economic responsibility
Legal responsibility
Ethical responsibility
Philanthropic responsibility
List and compare the two major corporate social responsibility (CSR) frameworks.
Framework Emphasis
Global Reporting Initiative (GRI) Reporting
ISO 26000 How to implement and manage a CSR initiative
Compare the responsibilities of (1) the board, (2) management, and (3) internal audit activity regarding corporate social responsibility (CSR).
Party Responsibility
The board Overseeing CSR
Management Establishing CSR objectives
Assessing and managing risks
Measuring performance
Monitoring and reporting activities
Internal audit activity Evaluating whether controls over CSR are adequate to achieve CSR objectives
List and describe the four alternative corporate social responsibility (CSR) strategies.
Strategy Description
Reaction The organization denies responsibility and tries to maintain the status quo.
Defense The organization uses legal action or public relations efforts to avoid additional responsibilities.
Accommodation The organization assumes additional responsibilities only when pressured.
Proaction The organization takes the initiative in implementing a CSR program that serves as an example
for the industry.
Regarding corporate social responsibility (CSR), when are the internal audit activity’s independence and objectivity not impaired?
Independence and objectivity are not impaired when the internal audit activity:
Provides advice on the design and implementation of CSR programs or
Facilitates a management self-assessment of CSR controls and results
List and describe the two approaches to audit corporate social responsibility (CSR).
Auditing approach Description
Auditing by element Separate audits of each element (e.g., governance, environment, ethics) are performed
Auditing by stakeholder group Separate audits of CSR programs related to each significant stakeholder group (e.g.,
employees, environment, suppliers) are performed that consider compliance with laws,
regulations, and contracts
Methods of reporting corporate social responsibility (CSR) include
Providing a standalone CSR reporting,
Integrating the CSR report with the annual financial report, and
Providing CSR information booklets on special topics.
What are the Three Lines of Defense?
First Line: Operational Management
Second Line: Risk Management and Compliance Functions
Third Line: Internal Audit
What is the definition of organizational governance?
The IIA Standards Glossary defines organizational governance as the:
“combination of processes and structures implemented by the board to inform, direct, manage, and monitor the achievement of its objectives.”
What are the cornerstones ofgood corporate governance?
The board of directors
Executive management
External auditors
Internal auditors
What are major areas of responsibility of the board?
Monitoring the CEO and other senior executives.
Overseeing the corporation’s strategy and processes for managing the enterprise (including succession planning).
Monitoring the corporation’s risks and internal controls, including the ethical tone.
What is an independent director, and how many shoulda company have?
A majority of the directors should be independent in both fact and appearance.
An independent director has no current or prior professional or personal ties to the corporation or its management other than service as a director.
Independent directors must be able and willing to be objective in their judgments.
What are common committees that the board establishes?
Audit committee
Compensation committee
Governance committee
Each committee should have a charter, authorized by the board, that outlines how each will be organized, their duties and responsibilities, and how they report to the board.
Each committee should be composed of independent directors only.
Who are stakeholders?
A stakeholder is an individual or entity who has a material interest in a company’s achievements, validated through some form of investment, and thereby expects a benefit in return.
Who are internal stakeholders?
Directors Senior management Employees Trade unions or staff associations Shareholders
Who are external stakeholders?
Customers Suppliers Contractors and subcontractors Distribution networks Communities The general public and government
What are four levels of relationships with stakeholdersand what is each level based on?
Based on the stakeholder’s interest and power, the company’s relationship will be to:
͏Ignore the stakeholder (weak power, low interest)
Keep the stakeholder informed (weak power, high interest)
Keep the stakeholder satisfied (strong power, low interest)
Treat the stakeholder as a key player (strong power, strong interest)
What is the role of internal auditin corporate governance?
The IAA must assess and make appropriate recommendations to improve the organization’s governance processes for:
Making strategic and operational decisions.
Overseeing risk management and control.
Promoting appropriate ethics and values within the organization.
Ensuring effective organizational performance management and accountability.
Communicating risk and control information to appropriate areas of the organization.
Coordinating the activities of, and communicating information among, the board, external and internal auditors, other assurance providers, and management.
What are the steps in auditinga company’s governancepractices and structure?
Understand the general principles and models of organizational governance.
Review existing governance-related documentation.
Develop a preliminary audit plan.
Meet with decision-makers (i.e., the board).
Execute the approved plan.
If necessary, consult legal counsel.
Complete the process, including a formal presentation to the board and have key decision-makers sign a “statement of acknowledgement.”
How is organizational culture different thanorganizational governance?
Organizational culture and its related practices are not written down or codified. Organizational culture can be rooted in the distinct personalities of company leadership or more generally in the ethnic, religious, or political context in which the business operates.
What are the six control environments elements that organizational culture may impact?
Integrity and ethical values
Management’s philosophy and operating style
Organizational structure
Assignment of authority and responsibility
Human resource policies and practices
Competence of personnel
What is the internal auditor’s role in assessing organizational ethics?
The internal audit activity must assess the design, implementation, and effectiveness of the organization’s ethics-related objectives, programs, and activities.
(Standard 2110.A1)
What does a review of organizational ethics focus on?
Policies, including the policy for reporting ethical violations
Procedures
Effectiveness
Disposition of ethical issues, including if the penalties are appropriately scaled, if there is consistent application, and if there is proper documentation.
Compliance
What are ethics advocates and who must act as anethics advocate?
Ethics advocates are visible models of appropriate behavior who encourage and support the code of conduct at all times and at all levels of activity.
Management must act as ethics advocates.
All individuals in the company should be encouraged to be ethics advocates.
Internal auditors are also key ethical advocates - The IIA Code of Ethics states that the internal auditors should be an example of the ethical behavior that employees should practice.
What is a Code of Conduct, and who is it applicable to?
A Code of Conduct, or Business Conduct Policy, outlines the specific behaviors that are required of or prohibited for all employees.
The Code of Conduct should be written in clear, concise language that eliminates ambiguity or contradictory interpretation.
The Code of Conduct is applicable to all people in the organization, regardless of position, department, or length of employment.
The code of conduct includes guidance on what topics?
Conflicts of interest
Confidentiality of information
Acceptance of gifts
Compliance with all applicable laws, rules, and regulations
Penalties – the Code must clearly detail the consequences for any violations
What is the role of the IAAwith the Code of Conduct?
The Code of Conduct needs to be periodically assessed by the IAA to ensure that it is relevant and that it reflects the company’s needs. Additionally, compliance with the Code of Conduct should also be tested periodically and may even be included as part of every engagement.
What is corporatesocial responsibility?
The IIA’s Practice Guide Evaluating Corporate Social Responsibility/Sustainable Development defines CSR as:
“The way firms integrate social, environmental, and economic concerns into their values, culture, decision-making, strategy and operations in a transparent and accountable manner and thereby establish better practices within the firm, create wealth, and improve society.”
What are the levels of responsibility for CSR in a company?
The board has overall responsibility for CSR.
Management is responsible for executing CSR and ensuring that there are clear objectives, performance measurement, and reporting.
Employees must integrate CSR into their everyday activities.
The internal auditors should understand the risks and controls related to CSR and may be responsible for auditing CSR.
What are some of the risks associated with CSR?
Reputation Compliance Liability and lawsuits Operational Company stock valuation Employment market Consumer sales External business relationships
What are the seven core subjects in ISO 26000?
Organizational governance Human rights Labor practices The environment Fair operating practices Consumer issues Community involvement and development
What are the five main aspectsof CSR in ISO 26000?
A company should operate ethically and with integrity.
A company should treat its employees fairly and with respect.
A company should demonstrate respect for human rights.
A company should be a responsible citizen in its community.
A company should do what it can to sustain the environment for future generations.
What are the four levels of the pyramid of social responsibility?
Philanthropic responsibilities
Ethical responsibilities
Legal responsibilities
Economic responsibilities
What are the seven steps in the CSR Process?
Set priorities and policies for areas such as ethics, labor, the environment, charity, and any other relevant CSR areas.
Set specific objectives and strategies to achieve the policies set by management.
Communicate and embed CSR into controls and decision making.
Track the activities related to CSR so that the results of the CSR policies and objectives can be measured, analyzed, and benchmarked.
Engage stakeholders to resolve any complaints and receive feedback on the CSR issues affecting them.
Audit results including controls related to CSR and any public disclosures.
Report results.
What are different approaches that can be taken to auditing CSR?
By element.
By stakeholder or stakeholder group.
By subject. For example, by workplace, marketplace, environment, and community.
By department/function. Audit CSR separately for each department within the organization.
By third party. Audit third parties for compliance with CSR terms and conditions.
What are the elements of CSRthat are commonly audited?
Governance Ethics Environment Transparency Healthy, Safety, and Security Human Rights and Work Conditions
What are the stakeholder groupsin auditing CSR?
Employees and their families Environmental organizations Customers Suppliers Communities Shareholders
