Chapter 4 - Governance Processes Flashcards
It is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Internal auditing
Designed to promote the development of a strong corporate governance culture and keep abreast with recent developments in corporate governance, the Commission in its en banc meeting resolved to approve the _____.
Code of Corporate Governance for Publicly-Listed Companies
OECD means
Organization for Economic Cooperation and Development
It is the premier forum for global economic co-operation. It brings together leaders and policymakers form the world’s major economies to discuss key economic, development and social issues.
G20 (Group 20)
What are the six (6) principles of corporate governance?
i. Ensuring the basis for an effective corporate governance framework
ii. The rights and equitable treatment of shareholders and key ownership functions.
iii. Institutional investors, stock markets, and other intermediaries
iv. Disclosure and transparency
v. The responsibilities of the board
vi. Sustainability and resilience
It provides guidance to help policy makers evaluate and improve the legal, regulatory and institutional framework for corporate governance, with a view to supporting market confidence and integrity, economic efficiency, sustainable growth and financial stability.
G20/OECD Principles of Corporate Governance
It is the main international benchmark for good corporate governance
Principles
These have a global reach and reflect the experiences and ambitions of a wide variety of jurisdictions with varying legal systems and at different stages of development.
principles
They are also one of the Financial Stability Board’s Key Standards for Sound Financial Systems
G20/OECD Principles of Corporate Governance
What are the five (5) principles of COSO?
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring Activities
This was developed as guidance to help improve confidence in all types of data and information.
COSO Internal Control-Integrated Framework
It helps organizations connect their internal control to their business process.
COSO Framework
The Standards are now acceptiong not only that internal control processes are amongst the risk management processes of an organization but that the risk management processes are amongst the governance processes of an organization.
True
The internal audit activity must evaluate and contribute to the improvement of the organization’s governance, risk management, and control processes using a systematic, disciplined, and risk based approach. Internal audit credibility and value are enhanced when auditors are proactive and their evaluations offer new insights and consider future impact.
Standard 2100 - nature of Internal audit work
The internal audit activity must assess and make appropriate recommendations to improve the organization’s governance processes for:
▪ Making strategic and operational decisions.
▪ Overseeing risk management and control.
▪ Promoting appropriate ethics and values within the organization.
▪ Ensuring effective organizational performance management and accountability.
▪ Communicating risk and control information to appropriate areas of the organization.
▪ Coordinating the activities of, and communicating information among, the board, external and internal auditors, other assurance providers, and management.
Determining whether risk management processes are effective is a judgment resulting from the internal auditor’s assessment that:
- Organizational objectives support and align with the organization’s mission
- Significant risks are identified and assessed
- Appropriate risk responses are selected that align risks with the organization’s risk appetite
- Relevant risk information is captured and communicate in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities.
The internal audit activity must evaluate _____ relating to the organization’s governance, operations, and information systems.
Risk exposures
The internal audit activity must evaluate the _________ in responding to risks within the organization’s governance, operations, and information systems.
Adequacy and effectiveness of controls
Risk management processes are monitored through _____
ongoing management activities, separate evaluations, or both
It is a process effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
Enterprise risk management
COSO’s objectives of risk management:
Strategic - high-level goals, aligned with and supporting its mission
Operations - effective and efficient use of its resources
Reporting - reliability of reporting
Compliance - compliance with applicable laws and regulations
Scope of Internal Audit’s Role in Risk Management
Extends beyond providing assurance on risk management processes to an internal audit responsibility to evaluate all sorts of risk exposures facing the organizations.
Implication: Internal audit must advise the board and management on the adequacy of risk management processes and also draw their attention to significant risks that they may be overlooking or focusing upon inadequately in the estimation of internal audit.
It is the broad-based amount of risk the organization is willing to accept in pursuit of its mission or vision.
Risk Appetite
It is the risk that the organization is exposed to after taking account of the active and passive controls that, fortuitously or by design, are in place.
Gross Risk