Chapter 4 - Governance Processes Flashcards
It is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Internal auditing
Designed to promote the development of a strong corporate governance culture and keep abreast with recent developments in corporate governance, the Commission in its en banc meeting resolved to approve the _____.
Code of Corporate Governance for Publicly-Listed Companies
OECD means
Organization for Economic Cooperation and Development
It is the premier forum for global economic co-operation. It brings together leaders and policymakers form the world’s major economies to discuss key economic, development and social issues.
G20 (Group 20)
What are the six (6) principles of corporate governance?
i. Ensuring the basis for an effective corporate governance framework
ii. The rights and equitable treatment of shareholders and key ownership functions.
iii. Institutional investors, stock markets, and other intermediaries
iv. Disclosure and transparency
v. The responsibilities of the board
vi. Sustainability and resilience
It provides guidance to help policy makers evaluate and improve the legal, regulatory and institutional framework for corporate governance, with a view to supporting market confidence and integrity, economic efficiency, sustainable growth and financial stability.
G20/OECD Principles of Corporate Governance
It is the main international benchmark for good corporate governance
Principles
These have a global reach and reflect the experiences and ambitions of a wide variety of jurisdictions with varying legal systems and at different stages of development.
principles
They are also one of the Financial Stability Board’s Key Standards for Sound Financial Systems
G20/OECD Principles of Corporate Governance
What are the five (5) principles of COSO?
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring Activities
This was developed as guidance to help improve confidence in all types of data and information.
COSO Internal Control-Integrated Framework
It helps organizations connect their internal control to their business process.
COSO Framework
The Standards are now acceptiong not only that internal control processes are amongst the risk management processes of an organization but that the risk management processes are amongst the governance processes of an organization.
True
The internal audit activity must evaluate and contribute to the improvement of the organization’s governance, risk management, and control processes using a systematic, disciplined, and risk based approach. Internal audit credibility and value are enhanced when auditors are proactive and their evaluations offer new insights and consider future impact.
Standard 2100 - nature of Internal audit work
The internal audit activity must assess and make appropriate recommendations to improve the organization’s governance processes for:
▪ Making strategic and operational decisions.
▪ Overseeing risk management and control.
▪ Promoting appropriate ethics and values within the organization.
▪ Ensuring effective organizational performance management and accountability.
▪ Communicating risk and control information to appropriate areas of the organization.
▪ Coordinating the activities of, and communicating information among, the board, external and internal auditors, other assurance providers, and management.
Determining whether risk management processes are effective is a judgment resulting from the internal auditor’s assessment that:
- Organizational objectives support and align with the organization’s mission
- Significant risks are identified and assessed
- Appropriate risk responses are selected that align risks with the organization’s risk appetite
- Relevant risk information is captured and communicate in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities.
The internal audit activity must evaluate _____ relating to the organization’s governance, operations, and information systems.
Risk exposures
The internal audit activity must evaluate the _________ in responding to risks within the organization’s governance, operations, and information systems.
Adequacy and effectiveness of controls
Risk management processes are monitored through _____
ongoing management activities, separate evaluations, or both
It is a process effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
Enterprise risk management
COSO’s objectives of risk management:
Strategic - high-level goals, aligned with and supporting its mission
Operations - effective and efficient use of its resources
Reporting - reliability of reporting
Compliance - compliance with applicable laws and regulations
Scope of Internal Audit’s Role in Risk Management
Extends beyond providing assurance on risk management processes to an internal audit responsibility to evaluate all sorts of risk exposures facing the organizations.
Implication: Internal audit must advise the board and management on the adequacy of risk management processes and also draw their attention to significant risks that they may be overlooking or focusing upon inadequately in the estimation of internal audit.
It is the broad-based amount of risk the organization is willing to accept in pursuit of its mission or vision.
Risk Appetite
It is the risk that the organization is exposed to after taking account of the active and passive controls that, fortuitously or by design, are in place.
Gross Risk
(s)he is the most senior person (or committee) with overall responsibility for overseeing the mitigation of the threat.
Risk Sponsor
(S)he is the member of staff to whom day to day management of the risk has been assigned.
Risk Owner
COSO’s view on being risk averse
No entity operates in a risk-free environment, and enterprise risk management does not seek to move towards such an environment. Rather, enterprise risk management enables management to operate more effectively in environments filled with risk.
Control objectives for Risk Management Processes
a. Organizational objectives support and align with the organization’s mission
b. Significant risks are identified and assessed
c. Appropriate risk responses are selected that align risks with the organization’s risk appetite.
d. Relevant risk information, enabling staff, management, and the board to carry out their responsibilities, is captured and communicated in a timely manner across the organization.
They set the direction of the organization and oversees that management implements the direction set. They have an accountability obligation to the shareholders and other stakeholders of the organization.
Board of Directors
It is the internal and external processes, with the board between
Corporate Governance
BOD’s role in corporate governance
- Fiscal responsibility - refers to the ethical and prudent management of financial resources
- Legal responsibility - refers to the obligation to follow and comply with laws, regulations, and legal standards
- Social responsibility - refers to the duty of individuals, businesses, or organizations to act in ways that benefit society as a whole.
It refers to the ethical and prudent management of financial resources.
Fiscal responsibility
It refers to the obligation to follow and comply with laws, regulations, and legal standards.
Legal responsibility
It refers to the duty of individuals, businesses, or organizations to act in ways that benefit society as a whole.
Social responsibility
Primary Responsibilities of BoD
- Set Policies - define company direction and policies
- Key decisions - approve major business actions
- Ensure financial stability - oversee financial health
- Fiduciary duty - act in the best interest of shareholders
Fiscal responsibilities of BoD
- Financial oversight: approve budgets, review financial reports
- Establish financial controls: internal controls, fraud prevention
- Ensure financial sustainability: monitor cash flow, debt management
- Accountability and transparency: clear financial information to stakeholders
- Engage with auditors: external audit reviews
Legal responsibilities of BoD
- Ensure compliance with laws: corporate laws, securities laws, industry-specific regulations
- Monitor and report legal compliance: audits, internal controls
- Risk Management: create framework, crisis preparation
- Fiduciary duties: duty of care, duty of loyalty, duty of obedience
Social responsibilities of BoD
- Corporate Social Responsibility (CSR)
- Stakeholder Engagement: employees, customers, community
- Ethical Conduct: code of ethics, transparency
- Environmental Sustainability: sustainability practices
- Social Impact: working conditions, education, community support
Role of the Board in Strategic Management
- Strategy Formulation - shape the company’s direction and long-term goals
- Board Involvement - can range from indirect to infrequent (some are hands-on, while other provide input only when necessary)
- Analyzing, Strategic Gaps & Advising - help analyze strengths, weaknesses, and strategic gaps to offer insights that help steer the company towards success.
Board Involvement form Active to Passive
Catalyst
Active participation
Nominal participation
Minimal Review
Rubber Stamp
Phantom
Roles and Responsibilities of Audit Committee
- Oversight and Assistance
- Risk Management
- Internal Control Evaluation
- Audit Interface
It is a group in charge of managing its leadership. They evaluate the BoD and determine the qualifications needed for new members. Their primary role is to ensure the board and leadership team have the right mix of skills, experience, and diversity to guide the company effectively.
Nomination Committee
Roles and Responsibilities of Nomination Committee (4)
- board member selection and succession process
- Annual board evaluations
- Linking company strategy to recruitment
- Induction, training, and development of new directors
It is in charge of creating and managing executive compensation packages which is made up of independent board members.
Compensation committee
Roles and Responsibilities of Compensation Committee (5)
- Establishing Compensation Philosophy
- Understanding Employee well-being
- reflecting organization values
- seeking external advice
- Providing oversight to the Board
Control Objectives for Internal Governance Processes
a. To promote appropriate ethics and values within the organization
b. To ensure effective organizational performance management and accountability
c. To communicate risk and control information to appropriate areas of the organization
d. To coordinate the activities of and communication information among the board, external and internal auditors, and management.
Control Objectives for the Board
a. To ensure the board set the direction of the organization
b. To ensure the board effectively oversees management
c. To ensure that appropriate policies are in place to fully support the achievement of the objectives of the organization.
d. To ensure that the composition and functioning of the board fully support the achievement of the objectives of the organization.
Control Objectives for External Governance Processes
a. To ensure that the organization is mindful of the interests of its owners and other stakeholders
b. To ensure that the organization’s accountability to its stakeholders is transparent
c. To ensure, so far as is possible, that stakeholders exercise well-informed control over their stakes in the organization.
The internal audit activity must evaluate risk exposure and the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations, and information systems regarding the:
▪Achievement of the organization’s strategic objectives.
▪Reliability and integrity of financial and operational information.
▪Effectiveness and efficiency of operations and programs.
▪Safeguarding of assets.
▪Compliance with laws, regulations, policies, procedures, and contracts.
