Governance, Business Ethics, Risk Management, and Internal Control PDF
Document Details
Uploaded by IllustriousCthulhu
Polytechnic University of the Philippines
Gerwin M. Ortega, Catherine D. Sotto, Ruth P. Carlos, Edith A. Peralta, Richard Ibarra, John Carlo G. Abillonar, Jonald P. Binaluyol, Jonathan P. Binaluyol, Lyra Victoria V. Lascano, Geno C. San Jose, Jeffrey R. Ebiol, James Robert D. Aguila
Tags
Related
- Governance, Business Ethics, Risk Management, and Internal Control PDF
- Corporate Governance Study Text PDF
- St. Vincent College Good Governance, Business Ethics, Risk Management, and Internal Control PDF
- Introduction To Governance, Business Ethics, Risk Management, And Internal Control PDF
- ACC 112 Corporate Governance, Business Ethics, Risk Management, and Internal Control Practice Set PDF
- St. Vincent College COO Form 12: Good Governance Module - PDF
Summary
This instructional material covers governance, business ethics, risk management, and internal control. It is intended for BSA and BSMA students at the Polytechnic University of the Philippines. Topics include internal auditing, conceptual frameworks, SEC codes, and more.
Full Transcript
GOVERNANCE BUSINESS ETHICS RISK MANAGEMENT INTERNAL CONTROL GERWIN M. ORTEGA JONALD P. BINALUYO CATHERINE D. SOTTO JONATHAN P. BINALUYO RUTH P. CARLOS LYRA VICTORIA V. LASCANO EDITH A. PERALTA GENO C. SAN JOSE RICHARD IBARRA JEFFREY...
GOVERNANCE BUSINESS ETHICS RISK MANAGEMENT INTERNAL CONTROL GERWIN M. ORTEGA JONALD P. BINALUYO CATHERINE D. SOTTO JONATHAN P. BINALUYO RUTH P. CARLOS LYRA VICTORIA V. LASCANO EDITH A. PERALTA GENO C. SAN JOSE RICHARD IBARRA JEFFREY R. EBIO JOHN CARLO G. ABILLONAR JAMES ROBERT D. AGUILA COLLEGE OF ACCOUNTANCY AND FINANCE Polytechnic University of the Philippines All rights reserved. This instructional material is for the exclusive use of PUP College of Accountancy and Finance. This is not for sale. No part of this instructional material may be reproduced or transmitted in any form or by any means, electronic or mechanical, without the express written permission of the copyright holder. Any person who directly commits an infringement, benefits from the infringing activity of another person who commits an infringement, or induces or materially contributes to the infringing conduct of another, such as, but not limited to, the unauthorized reproduction, distribution, sale, or other communication to the public of the work, shall be made liable for criminal, civil, and administrative penalties under the Intellectual Property Code of the Philippines (Republic Act No. 8293, as amended). GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT, AND CONTROL Overview This course is designed to prepare BSA and BSMA students to become professionals who provide value to the organization and who serve as the catalyst for improving organization governance, risk management, and internal control. In Certified Public Accountant Licensure Examination, this subject will cover: SEC Code of Corporate Governance under Regulatory Framework for Business Transactions; Planning Phase of the Audit Process particularly Understanding the Entity and its Environment including its Internal Control and Test of Control under Auditing; and Consultancy under Management Advisory Services. This subject, “Governance, Risk Management, and Control,” makes up thirty-five percent (35%) of the 2019 CIA Exam Syllabus, Part 1 – Essentials of Internal Auditing, covering the foundation of internal auditing; independence and objectivity; proficiency and due professional care; quality assurance and improvement programs; governance, risk management, and control; and fraud risk. Course Objectives At the end of the semester, students are expected to: Possess current knowledge of professional standards that are expected from a professional accountant and demonstrate appropriate use; Demonstrate knowledge of corporate governance, risk management, and internal control; Apply knowledge in business acumen, IT, and management needed for internal auditing; Be able to apply tools and technique to evaluate risks and internal controls; Be able to perform an audit engagement with minimal supervision in conformance with acceptable professional standards; Course Materials Module 1 Internal Auditing Module 2 Conceptual Framework of Corporate Governance Module 3 SEC Code of Corporate Governance Module 4 Business Ethics, Corporate Social Responsibility and Sustainability Module 5 Fundamental Concepts of Risk and the Risk Management Process Module 6 Enterprise Risk Management Module 7 Basic Concepts and Elements of Internal Control Module 8 Evaluating the Design and Effectiveness of Internal Control Module 9 Fraud Risks References Reading materials you may use in this course are the following: The IIA’s International Standards for the Professional Practice of Internal Auditing Philippine Framework for Assurance Engagements SEC Code of Corporate Governance G20/OECD Principles of Corporate Governance Revised Corporation Code Sustainability Reporting Guidelines Code of Business Conduct and Ethics Corporate Governance Manual COSO’s Enterprise Risk Management – Integrating with Strategy and Performance ISO 31000:2018 Philippine Standards on Auditing COSO Internal Control – Integrated Framework Any other books or e-books on Governance, Business Ethics, Risk Management, and Control Module 1 INTERNAL AUDITING Overview Governance, Risk Management, and Internal Control add value to the organization by placing a mechanism that provides reasonable assurance that organization's objectives will be achieved. Governance, risk management, and control are related. Their relationships can be summarized as follows: Governance provides overall direction for risk management activities. Effective governance considers risk when setting strategy, and risk management relies on effective governance (e.g., tone at the top, risk appetite and tolerance, risk culture, and the oversight of risk management). Effective governance relies on controls, and communication to the board relies on their effectiveness. Controls within governance processes often are significant in managing multiple risks. For example, controls related to the code of conduct may be relied upon to manage compliance and fraud risks. Internal control implements the organization’s risk management strategies. The Board sets the organization’s risk appetite. The Board delegates to the CEO and senior management primary ownership and responsibility for operating risk management and control. Then the Board sets mechanism to review and assures itself on an ongoing basis whether the senior management is responding appropriately to these risks by relying on adequate line functions. As a professional accountant, the concepts related to Governance, Risk Management, and Internal Control will be fully utilized in the field of Auditing, particularly Internal Auditing, being the third line of defense. Three Line of Defense model shows that management control is the first line of defense. The various risk control and compliance oversight functions established by management are the second line of defense. Lastly, Internal Audit is the third line of defense. 1 As the third line of defense, Internal Audit Activity must assess and make appropriate recommendations to improve organization’s governance, must evaluate the effectiveness and contribute to improve risk management processes, and must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement. Clearly, the function of Internal Auditing encompasses the entirety of this subject. And as we tackle each topic under this subject, we will always encounter Internal Auditing. For this reason, it would be better if we study Governance, Risk Management, and Internal Control from the point of view of an Internal Auditor. So for this module, let's have a quick overview of the essentials of Internal Auditing. The discussion here is based on the Revised 2019 CIA Syllabus, Part 1. Course Objectives After studying this module, you should be able to Interpret The IIA's Mission of Internal Audit and the principles-based, mandatory requirements which are essentials in the conduct of internal audit activity; Distinguish assurance and consulting services provided by the internal audit activity; Demonstrate conformance with the IIA Code of Ethics; Describe the required elements of the quality assurance and improvement program (internal assessments, external assessments, etc.); Understand the role of internal audit in Governance, Risk Management, and Internal Control; and Identify elements of Fraud Risk. 2 Course Materials Foundations of Internal Auditing Internal Audit Activity is defined as a department, division, team of consultants, or other practitioner(s) that provides independent, objective assurance and consulting services designed to add value and improve an organization’s operations. The International Standards for the Professional Practice of Internal Auditing (Standards) requires that the purpose, authority, and responsibility of the internal audit activity must be consistent with the following: Mission of Internal Audit Mandatory Elements of the International Professional Practices Framework. The Mission of Internal Audit articulates what internal audit aspires to accomplish within an organization: “To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.” The Mandatory Elements of the International Professional Practices Framework are Definition of Internal Auditing. The Core Principles for the Professional Practice of Internal Auditing, International Standards for the Professional Practice of Internal Auditing (the Standards) Code of Ethics Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Assurance services involve the internal auditor’s objective assessment of evidence to provide opinions or conclusions regarding an entity, operation, function, process, system, or other subject matters. On the other hand, Consulting services are advisory in nature and are generally performed at the specific request of an engagement client. The International Internal Audit Standards Board released the revision to the Standards following consideration and approval by the International Professional Practice Framework Oversight Council. The Revised Standard took effect on 3 January 1, 2017. The Standards are a set of principles-based, mandatory requirements consisting of: Statements of core requirements for the professional practice of internal auditing and for evaluating the effectiveness of performance that are internationally applicable at organizational and individual levels. Interpretations clarifying terms or concepts within the Standards. The Core Principles, taken as a whole, articulate internal audit effectiveness. For an internal audit function to be considered effective, all Principles should be present and operating effectively. How an internal auditor, as well as an internal audit activity, demonstrates achievement of the Core Principles may be quite different from organization to organization, but failure to achieve any of the Principles would imply that an internal audit activity was not as effective as it could be in achieving internal audit’s mission Demonstrates integrity. Demonstrates competence and due professional care. Is objective and free from undue influence (independent). Aligns with the strategies, objectives, and risks of the organization. Is appropriately positioned and adequately resourced. Demonstrates quality and continuous improvement. Communicates effectively. Provides risk-based assurance. Is insightful, proactive, and future-focused. Promotes organizational improvement. The Institute’s Code of Ethics states the principles and expectations governing the behavior of individuals and organizations in the conduct of internal auditing. It describes the minimum requirements for conduct, and behavioral expectations rather than specific activities. The purpose of The Institute’s Code of Ethics is to promote an ethical culture in the profession of internal auditing. It includes two essential components: Principles that are relevant to the profession and practice of internal auditing Rule of Conduct that describe behavior norms expected of internal auditors. These rules are an aid to interpreting the Principles into practical applications and are intended to guide the ethical conduct of internal auditors. 4 Internal auditors are expected to apply and uphold the following principles: Integrity. The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment. Objectivity. Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Confidentiality. Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so. Competency. Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services. Independence and Objectivity The internal audit activity must be independent, and internal auditors must be objective in performing their work. Independence is the freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner. To achieve the degree of independence necessary to effectively carry out the responsibilities of the internal audit activity, the chief audit executive has direct and unrestricted access to senior management and the board. This can be achieved through a dual-reporting relationship. Objectivity is an unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no quality compromises are made. Objectivity requires that internal auditors do not subordinate their judgment on audit matters to others. Proficiency and Due Professional Care Engagements must be performed with proficiency and due professional care. Proficiency is a collective term that refers to the knowledge, skills, and other competencies required of internal auditors to effectively carry out their professional responsibilities. It encompasses consideration of current activities, trends, and emerging issues, to enable relevant advice and recommendations. Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility. 5 Quality Assurance and Improvement Program Quality assurance and improvement program (QAIP) is an ongoing and periodic assessment of the entire spectrum of audit and consulting work performed by the internal audit activity. The assessment can be internal or external. Internal assessments must include: Ongoing monitoring of the performance of the internal audit activity Periodic self-assessments or assessments by other persons within the organization with sufficient knowledge of internal audit practices. External assessments provide an independent and objective evaluation of the internal audit activity’s compliance with the Standards and Code of Ethics. External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization. Governance, Risk Management, and Control The internal audit activity must evaluate and contribute to the improvement of the organization’s governance, risk management, and control processes using a systematic, disciplined, and risk-based approach. Internal audit credibility and value are enhanced when auditors are proactive, and their evaluations offer new insights and consider future impact. Governance is the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives. Risk Management is a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives. Control is any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. Fraud The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk. It is not the role of the Internal 6 auditors to identify fraud, but it is the primary responsibility of management and those charged with governance to prevent and detect fraud. Fraud is any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage. The elements of Fraud are Pressure, Opportunity, and Rationalization. Pressure or incentive (also called motive) incites actions. It is the moving force which impels a person to commit fraud. It can also be defined as the need a person tries to satisfy by committing the fraud. It should be distinguished from intent, which is the use of a particular means to commit fraud, a mental state demonstrated by the overt acts of a person. Opportunity is the ability to commit fraud. An opportunity for fraud is more likely in companies where there is a weak internal control system. Poor control over cash, merchandise, and other organizational property, as well as a lack of compensating accounting controls, are enabling factors. Moreover, management can always override existing controls. Rationalization is the justification for the act. Some people may rationalize fraudulent action as necessary, harmless, excusable, or acceptable. References Reading materials you may use in this course are the following: SEC Code of Corporate Governance 2019 CIA Syllabus Part 1 - Essentials of Internal Auditing The Institute of Internal Auditor The IIA’s International Standards for the Professional Practice of Internal Auditing IIA Code of Ethics Philippine Framework for Assurance Engagements Governance, Risk, and Compliance Any other books or e-books on Governance, Business Ethics, Risk Management, and Control 7 Activity Internal audit activity must evaluate and contribute to the improvement of the organization’s governance, risk management, and control processes. Discuss how internal audit activity adds value and improves the company's operations. 8 Module 2 CONCEPTUAL FRAMEWORK OF CORPORATE GOVERNANCE Overview The purpose of corporate governance is to help build an environment of trust, transparency and accountability necessary for fostering long-term investment, financial stability and business integrity, thereby supporting stronger growth and more inclusive societies. There is no single authority regulating corporate governance. Its principles evolve overtime addressing the needs of the industry which may vary among jurisdictions. Globalization, the treatment of investors and major corporate scandals have been major driving forces behind corporate governance developments. The accepted principles of corporate governance are scattered among various sources such as Law; Revised Corporation Code, Sarbanes-Oxley Act 2002 Codes or Standards; SEC Code of Corporate Governance, UK Corporate Governance Code, The King Report, Organization for Economic Co- operation and Development (OECD), International Standards for the Professional Practice of Internal Auditing Corporate governance theories; Transaction costs theory, Stewardship Theory, Stakeholder theory, Stockholder Theory, Agency Theory Other Publications; The Essential Books of Corporate Governance (G.N Bajpai), Corporate Governance Matters (David Larcker) Course Objectives After studying this module, you should be able to Define and explain the meaning of corporate governance; Discuss the implications of the separation of ownership and control; Analyze the purposes and objectives of corporate governance; Describe the decision authority and incentives of shareholders, boards of directors, and top management; Recognize the impact of organizational culture on the overall control environment and individual engagement risks and controls; 9 Describe and compare the essentials of rules and principles-based approaches to corporate governance, including the comply or explain principle; and Explore the objectives, content, and limitation of various codes of corporate governance intended to apply to multiple national jurisdictions. Course Materials Definition Corporate governance means to steer an organization. Governance comes from the Latin word “gubanare” which means “to steer.” Today, corporate governance is given various meanings as follows: Corporate governance is the system by which businesses are directed and controlled. Corporate governance is the system of stewardship and control to guide organizations in fulfilling their long-term economic, moral, legal and social obligations towards their stakeholders. Corporate governance is a system of direction, feedback and control using regulations, performance standards and ethical guidelines to hold the Board and senior management accountable for ensuring ethical behavior – reconciling long- term customer satisfaction with shareholder value – to the benefit of all stakeholders and society. Corporate Governance is a set of relationships between a company's directors, its shareholders and other stakeholders. It also provides the structure through which the objectives of the company are set, and the means of achieving those objectives and monitoring performance, are determined. The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives. Corporate Governance is about promoting corporate fairness, transparency and accountability. Corporate governance deals with laws, procedures, practices and implicit rules that determine a company’s ability to take informed managerial decisions vis-à- 10 vis its claimants - in particular, its shareholders, creditors, customers, the State and employees. Corporate governance is a system of organizational control that defines and establishes the responsibility and accountability of the major participants in an organization. Simply put, corporate governance is the road map of an organization in order to maximize shareholders’ wealth and protect stakeholders’ interests. Based on the above definitions, corporate governance best fits in an organization where the following are present: Separation of ownership and control Stakeholders who have legitimate interests in the organization Underlying principles of corporate governance Separation of Ownership and Control Corporate governance has partly developed in response to the issues arising from the corporate structure which separates ownership and control. But what determines structure? “Structure follows the strategy,” former president of a big water firm espoused. For example, under transaction costs theory, the way the company is organized or governed determines its control over transactions. The strategy also sets the legal structure of an organization. Such legal structure, in turn, sets the framework and governing rules under which it operates. Lascano, et. al., in his book Fundamentals of Financial Markets, discussed the forms of organization in this wise: Sole proprietorship is a type of business organization which an individual personally owns a business. The Sole proprietorship has no distinct personality from the owner; thus, the owner is responsible for all debts and obligations. The owner has full control regarding decision making of the business. Partnership is formed when two or more persons bind themselves to contribute money, property, or industry to a common fund with the intention of dividing the profits and ownership among themselves. Though the partnership is a separate legal entity from the partners, the partners are still personally obliged to pay for the debts of the partnership. 11 In case of bankruptcy, creditors can compel the partners to pay up to the extent of their personal assets. Corporation is a legal entity with a personality separate and distinct from the owners/shareholders. Limited liability exists. This means that even if the corporation goes bankrupt, shareholders will only lose his investments equivalent to the amount of his shareholdings. This separation of ownership and control has led to agency problem since corporation is managed by agents who may not operate it in the best interest of the shareholders. In finance theory, the basic assumption is that the primary objective for companies is shareholders wealth maximization. Agency theory takes the stance that management is likely to pursue their own personal interests, rather than act as stewards. Transactions cost theory considers that managers’ decisions are limited by the understanding of alternatives that they have, that managers are opportunistic, that they will organize their transactions to pursue their own convenience. Corporate governance counters this conflict by providing a system that aligns the interest of the owners and managers and putting in place a system of oversight. Stakeholders Stakeholders are persons or groups that have a legitimate interest in a business's conduct and whose concerns should be addressed as a matter of principle. A stakeholder can be anyone who has any type of stake in a business. There are several ways to classify stakeholders such as by Proximity, Legitimacy, Claims, Voice, How much affected, How much affects, Degree of Participation, Engagement, and Public Knowledge. Each stakeholder has different claims from the organization. For example, customers demand low price but high quality goods and services; employees seek higher compensation and good working conditions and environment; trade unions protect the interest of the employees; Investors require high financial return, government enforces taxes, imposes laws, and protects public interest; and the society in general is conscious on the effect of the business to health of inhabitants, peace and security of the community, jobs creation, economic development, and preservation of environment. Which of these conflicting interests are legitimate? 12 Stockholder theory (shareholder theory) argues that shareholders (as principals) own the company. As owners, they alone have a legitimate claim to influence over the company. It is the directors’ sole duty to maximize the wealth of the shareholders. Under stakeholder theory, management has a duty of care, not just to the owners of the company in terms of maximizing shareholder value, but also to the wider community of interest, or stakeholders. Stakeholder theory proposes corporate accountability to a broad range of stakeholders. In case of conflict of interest, the managers are responsible to mediate between these different stakeholders’ interest. Fernando Zobel De Ayala, President & COO of Ayala Corporation said, “We do not work in isolation. [It is] important to support the very ecosystem that makes us successful.” Mendelow classifies stakeholders on a matrix whose axes are power held and likelihood of showing an interest in the organization’s activities. Key players are found in Segment D. The organization’s strategy must be acceptable to them, at least. An example would be a major customer. These stakeholders may participate in decision-making. Stakeholders in Segment C must be treated with care. They are capable of moving to Segment D. They should therefore be kept satisfied. Large institutional shareholders might fall into Segment C. Stakeholders in Segment B do not have great ability to influence strategy, but their views can be important in influencing more powerful stakeholders, perhaps by lobbying. They should therefore be kept informed. Community representatives and charities might fall into Segment B. Minimal effort is expended on Segment A. An example might be a contractor's employees. Underlying Principles of Corporate Governance Good corporate governance allows company to reap the full benefits of international and local capital markets, improve investors’ confidence, reduce cost of capital, and induce stable sources of financing. However, there is no one size fits all framework of corporate governance. Rather, it must be principles-based to allow a company certain degree of flexibility in shaping its own best practices based on the company’s age, size, complexity, 13 extent of internal operations, and other factors. Smaller companies may consider the cost and benefit of implementing certain policies and procedures or decide that those are less relevant in their case. According to Teresita J. Herbosa, Chairperson of Securities and Exchange Commission, “strong corporate governance is founded on the principles of fairness, accountability, and transparency.” Fairness means equal treatment. This principle requires that everyone who has legitimate interest in the company must be taken into account and their rights and views be respected. For example, the Revised Corporation Code protects minority shareholders by precluding shareholders to remove directors elected by minority shareholders without cause. Corporate accountability means acceptance of full responsibility for the powers and authority granted to those charged with governance and of obligation to explain one’s action in carrying out its responsibilities. It requires the board to present assessment of the company’s position and how the company is achieving its objectives. Transparency means open and clear, timely and accurate disclosure of relevant information, financial or non-financial, to shareholders and other stakeholders, as well as not concealing material information. Transparency reduces the information gap between directors and stakeholders. It ensures that stakeholders can have confidence in the decision-making and management processes of a company. It can come in the form of annual report or well-documented policies that reader can understand. Guided by these principles, the SEC adopted the Code of Corporate Governance for Public Companies and Registered Issuers (the Code) to promote the developments of a strong corporate governance culture and keep abreast with recent developments in corporate governance best practices. The Code is consistent with the G20/OECD Principles of Corporate Governance and other internationally recognized corporate governance principles. The G20/OECD Principles of Corporate Governance laid down the six building blocks for a sound corporate governance framework. Ensuring the basis for an effective corporate governance framework The rights and equitable treatment of shareholders and key ownership functions Institutional investors, stock markets, and other intermediaries The role of stakeholders Disclosure and transparency 14 The responsibilities of the board The author submits the principle of shared responsibility and accountability among shareholders, board directors, and other stakeholders. Corporate governance is primarily about how the board steers the company. However, the shareholders have the power to elect directors and remove them when directors contravene their duties or act contrary to the principles, values, and ethics of the company. The shareholders must exert effort and be held accountable in the long- term value creation for all shareholders. The shareholders’ role cannot be undermined. In addition, the interests of the stakeholders create the ecosystem within which the company operates. Hence, their role is to raise their voices to the company, and their voices should be heard. And while corporate governance is a flexible concept, it must always adhere to principles consistent with the wide interests of stakeholders. In this manner, each stakeholder’s action is guided by common principles, which action balances shareholders’ interests. Finally, it is the view of the author that corporate governance should address the issues arising from separation of ownership and control, balancing stakeholders’ interest, and the adoption itself of corporate governance principles. References Reading materials you may use in this course are the following: Revised Corporation Code SEC Code of Corporate Governance G20/OECDPrinciples of Corporate Governance The IIA Guiding Principle of Corporate Governance Any other books or e-books on Governance, Business Ethics, Risk Management, and Control Activity Module 2 explains the three reasons (separation of ownership and control, Stakeholders, and corporate governance principles) why corporate governance becomes a widely used and accepted concept in the corporate world. Give another reason why corporation must implement corporate governance. Moreover, you may opt to provide underlying principles that corporations may consider or adopt in the implementation of corporate governance. 15 Module 3 SEC CODE OF CORPORATE GOVERNANCE Overview The Securities and Exchange Commission (SEC) adopted the following: Code of Corporate Governance for Publicly Listed Companies (SEC Memorandum Circular No. 19, series of 2016) Code of Corporate Governance for Public Companies and Registered Issuers (SEC Memorandum Circular No. 24, series of 2019) The above Codes were adopted to promote the developments of a strong corporate governance culture and keep abreast with recent developments in corporate governance best practices. The Code is consistent with the G20/OECD Principles of Corporate Governance and other internationally recognized corporate governance principles. The Principles of the above Codes are applicable to all companies. Consistent with the principle of proportionality, Recommendations (objective criteria) on how the Principles are applied vary among different types of companies such as publicly listed companies, public companies, and registered issuers. These differences, if any, are highlighted as the Principles and Recommendations are discussed. Publicly listed companies shall cover only those companies whose equity securities are listed on the Philippines Stock Exchange. Public company refers to a company with assets of at least P50 million and having 200 or more shareholders holding at least 100 shares of equity securities. Registered issuer refers to a company that (1) issues proprietary and/or non- proprietary shares/certificates; (2) issues equity securities to the public that are not listed in an Exchange; or (3) issues debt securities to the public that are required to be registered to the SEC, whether or not listed in an Exchange. Comply or Explain The adoption of comply or explain approach is to address the perceived overregulation of SEC. Under the “comply or explain” operative principle, compliance with the Code is not mandatory. But it is mandatory to submit to SEC the company’s annual 16 corporate governance reports and disclose any deviations from the Recommendations of the SEC. Such reports that shall be available to the public, including the company’s shareholders and other stakeholders. This approach combines voluntary compliance with mandatory disclosure. It is not a rigid set of rules. Rather, it is principles-based which allows company to implement alternative corporate governance practices, which are justified in particular circumstances. When a Recommendation is not complied with, the company must disclose and describe this non-compliance, and explain how the overall Principle is being achieved. The alternative should be consistent with the overall Principle. The Code is designed to allow companies some flexibility in establishing their own corporate governance practices. This is consistent with the principle of proportionality where the SEC addresses specific segments of the corporate sector, which may be differentiated on the basis of company type, size, access to public funds and risk profile, among others. Smaller companies may decide that the costs of some of the provisions outweigh the benefits or are less relevant in their case. Course Objectives After studying this module, you should be able to Explore the objectives, content, and limitations of SEC Code of Corporate Governance intended to apply to domestic corporations; Explain the underlying principles adopted by SEC Code of Corporate Governance towards a more effective corporate governance framework; Explain and evaluate the roles and responsibilities of those charged with governance, the importance of board committees in corporate governance Course Materials The SEC Code of Corporate Governance espouses 16 principles under four broad categories. The board’s governance responsibilities Establishing a competent board Establishing clear roles and responsibilities of the board Establishing board committees Fostering commitment Reinforcing board independence Assessing board performance 17 Strengthening board ethics Disclosure and transparency Enhancing company disclosure policies and procedures Strengthening the external auditor’s independence and improving audit quality Increasing focus on non-financial and sustainability reporting Promoting a comprehensive and cost-efficient access to relevant information Internal control system and risk management frameworks Strengthening the internal control system and risk management systems Cultivating a synergic relationship with shareholders/ members Promoting shareholder/member rights Duties to stakeholders Respecting rights of stakeholders and effective redress for violation of stakeholder’s rights Encouraging employees’ participation Encouraging sustainability and social responsibility Establishing a Competent Board The company should be headed by a competent, working board to foster the long- term success of the corporation, and to sustain its competitiveness and profitability in a manner consistent with its corporate objectives and the long- term best interests of its shareholders and other stakeholders. This can be achieved by implementing the following Recommendations: The Board should – be composed of directors with a collective working knowledge, experience or expertise that is relevant to the company’s industry/sector. be headed by a competent and qualified Chairperson provide a policy on the training of directors have a policy on board diversity be assisted by a Corporate Secretary and a Compliance Officer It is the shareholders’ duty to elect competent board of directors and remove those who failed to maintain their qualifications. The Revised Corporation Code 18 prescribed the legal qualifications of a director (see p.59). In addition, the corporation may provide in its By-laws additional directors' or trustees' qualifications consistent with the good corporate governance practices. The Board should be headed by a competent and qualified Chairperson. The Chairman shall possess all the qualifications and none of the disqualifications of a director. The Company should provide a policy on the training aimed to promote effective board performance and continuing qualification of the directors in carrying-out their duties and responsibilities. It is suggested that the orientation program for first-time directors, in any company, be for at least eight hours, while the annual continuing training be for at least four hours. New directors shall undergo at least eight-hour orientation program on the Corporation’s business and corporate structure, vision and mission, corporate strategy, Governance Codes and Policies, Articles, By-Laws, Company’s Manual of Corporate Governances, the Charters, the SEC-mandated topics on governance matters and other matters essential for the effective performance of their duties and responsibilities. Incumbent directors shall attend a four-hour annual continuing training program involving courses on corporate governance at least once a year. It involves courses on corporate governance matters relevant to the company, including audit, internal controls, risk management, sustainability and strategy. For the conduct of traying, variety of approaches to training may be appropriate, including lectures, case studies and networking groups. The Board should have a policy on board diversity. Diversity is the variation of social and cultural identities among people existing together in a defined employment or market setting. A board diversity policy considers diversity in gender, age, ethnicity, culture, skills, competence and knowledge. On gender diversity policy, a good example is to increase the number of female directors, including female independent directors. The Board should be assisted in its duties by a Corporate Secretary, who should be a resident and citizen of the Philippines. not be a member of the Board of Directors 19 be a separate individual from the Compliance Officer annually attend a training on corporate governance have a working knowledge of the operations of the Company possess appropriate administrative, interpersonal and legal skills, be aware of the laws, rules and regulations necessary in the performance of his duties or responsibilities, and have at least an understanding of basic financial and accounting matters. The Board should ensure be assisted in its duties by a Compliance Officer. The Compliance Officer should not be a member of the Board of Directors should annually attend a training on corporate governance. have a rank of Senior Vice President or an equivalent position with adequate stature and authority in the corporation Establishing Clear Roles and Responsibilities of the Board The fiduciary roles, responsibilities and accountability of the Board as provided under the law, the company’s articles and by-laws, and other legal pronouncements and guidelines should be clearly made known to all directors as well as to stockholders and other stakeholders. The Board is collectively responsible for the sustainable long-term shareholder value of the institution, sustain its competitiveness, profitability and industry leading position in a manner consistent with its corporate objectives. The Board members should act on a fully informed basis, in good faith, with due diligence and care, and in the best interest of the company and all shareholders. The elements of fiduciary duty of board members are the duty of care (which includes the duty of obedience and duty of diligence) and the duty of loyalty. Duty of obedience requires compliance with law, rules, and court orders. The directors or trustees elected shall perform their duties as prescribed by law, rules of good corporate governance, and bylaws of the corporation. Directors, trustees, and officers have the duty to act intra vires and within authority. Under duty of diligence, directors, trustees, and officers are required to exercise good faith and due care in the performance of their functions, otherwise, they shall be held liable. 20 The duty of loyalty mandate that directors/trustees should not give preference to their own personal amelioration by taking the opportunity belonging to the corporation. The Board should oversee the development of and approve the company’s business objectives and strategy, and monitor their implementation, in order to sustain the company’s long-term viability and strength. The Board should be responsible for ensuring and adopting an effective succession planning program for directors, key officers and management. The smooth and efficient transition of company leadership to highly competent and qualified individuals is the goal of succession planning. This will ensure growth and a continued increase in the shareholders’ value. Directors shall not receive any compensation, as such, except for reasonable per diem, unless such compensation is provided in the By-Laws or granted by a vote of the stockholders representing at least a majority of the outstanding capital stock of the Company. The Directors shall not decide on their own compensation, other than per diem. The Board should have a formal and transparent board nomination and election policy. The Committee may use external sources, such as professional search firms, director databases and/or other reputable external sources to further enhance the search for and widen the base of potential nominees. The Committee shall assist the Board in making an assessment of the effectiveness of the processes and procedures in the nomination, election and replacement of a director. The Board should have the overall responsibility in ensuring that there is a group- wide policy and system governing related party transactions (RPTs) and other unusual or infrequently occurring transactions, particularly those which pass certain thresholds of materiality. The policy should include the appropriate review and approval of material or significant RPTs, which guarantee fairness and transparency of the transactions. The policy should encompass all entities within the group, taking into account their size, structure, risk profile and complexity of operations. The Management is primarily accountable to the Board for the operations of the Company. In the selection process, fit and proper standard should be applied. In this regard, the following shall be considered: integrity, probity, physical and mental fitness, competence, relevant education or training; possession of competencies relevant to the job, such as technical expertise and experience in the company, skills, diligence and independence of mind, and sufficiency of time to fully carry out responsibilities. 21 The Board shall appoint the executive officers who are the President or the Chief Executive Officer, the Vice-Presidents (or their equivalent roles in the Company structure), the Treasurer and/or the Chief Finance Officer (CFO), Chief Risk Officer, Chief Compliance Officer, the Corporate Secretary, and Chief Audit Executive. The Board should establish an effective performance management framework that will ensure that the Management, including the Chief Executive Officer, and personnel’s performance is at par with the standards set by the Board and Senior Management. The Board should oversee that an appropriate internal control system is in place, including setting up a mechanism for monitoring and managing potential conflicts of interest of Management, board members, and shareholders. The Board should also approve the Internal Audit Charter. The Board should oversee that a sound enterprise risk management (ERM) framework is in place to effectively identify, monitor, assess and manage key business risks. The risk management framework should guide the Board in identifying units/business lines and enterprise-level risk exposures, as well as the effectiveness of risk management strategies. The Board should have a Board Charter that formalizes and clearly states its roles, responsibilities and accountability in carrying out its fiduciary duties. The Board Charter should serve as a guide to the directors in the performance of their functions and should be publicly available and posted on the company’s website. Establishing Board Committees The Revised Corporation Code allows the Board to create Executive Committee and other special committees, which it can delegate its functions but not its responsibilities. It is a good governance practice to establish board committees that focus on specific board functions to aid in the optimal performance of its roles and responsibilities. The Board may establish the following committees: Audit Committee Corporate Governance Committee Board Risk Oversight Committee Related Party Transactions Committee Nomination Committee Remuneration Committee Committee of Inspectors of Ballots and Proxies Finance Committee 22 Technology Strategy Committee Technical Support to Committees If the bylaws so provide, the board may create an executive committee. In the absence of a provision in the by-laws, the board, by itself, cannot create an executive committee. If the executive committee was not validly constituted, the members thereof maybe considered de facto officers. The Board should establish an Audit Committee to enhance its oversight capability over the company’s financial reporting, internal control system, internal and external audit processes, and compliance with applicable laws and regulations. The Board should establish a Corporate Governance Committee that should be tasked to assist the Board in the performance of its corporate governance responsibilities, including the functions that were formerly assigned to a Nomination and Remuneration Committee. It should be composed of at least three members, all of whom should be independent directors, including the Chairman. Subject to a corporation’s size, risk profile and complexity of operations, the Board should establish a separate Board Risk Oversight Committee (BROC) that should be responsible for the oversight of a company’s Enterprise Risk Management system to ensure its functionality and effectiveness. Subject to a corporation’s size, risk profile and complexity of operations, the Board should establish a Related Party Transaction (RPT) Committee, which should be tasked with reviewing all material related party transactions of the company and should be composed of at least three non-executive directors, two of whom should be independent, including the Chairman. The Nomination Committee shall be primarily tasked with the duty of implementing a formal and transparent board nomination and election policy that should include how it accepts nominations from the shareholders, including minority and non-controlling, and how it reviews the qualifications of nominated candidates. The Remuneration Committee is primarily tasked with the establishment and implementation of a formal and transparent procedure and policy for determining the remuneration of directors and officers that is consistent with the Company’s culture and strategy as well as the business environment in which it operates. The Board shall appoint three (3) persons (who need not be stockholders) to act as the Committee of Inspectors of Ballots and Proxies which shall be empowered 23 to pass on the validity of proxies. The Committee of Inspectors of Ballots and Proxies shall be guided by existing laws, and rules and regulations of the SEC regarding proxies. The term of office of the Committee members shall be fixed by the Board. In the event of vacancy in the Committee membership, the Board may appoint another member to fill such vacancy. The Finance Committee shall have the principal oversight responsibility with respect to the company’s capital allocation process, financial operation, and its treasury-related activities and policies. The Finance Committee shall define its own charter and fix its own rules of procedures. The Finance Committee shall be responsible for reviewing and evaluating the financial affairs of the Corporation from time to time. All established committees should be required to have Committee Charters stating in plain terms their respective purposes, memberships, structures, operations, reporting standards for evaluating the performance of the Committees. It should also be fully disclosed on the company’s website. The Committee Charter clearly defines the roles and accountabilities of each committee to avoid any overlapping functions, which aims at having a more effective board for the company. This can also be used as basis for the assessment of committee performance. Fostering Commitment The Board shall hold regular meetings on the date and time schedules in the by- laws. Otherwise, the meetings shall be held monthly. The Board shall convene for special meetings when required by business exigencies. Independent and non-executive directors may concurrently serve in Boards of other companies, provided, at any given time, it will not exceed Five publicly listed companies, Ten public companies and/or registered issuers, or Five public companies and/or registered issuers if the director also sits in at least three publicly listed companies A company may provide a policy for the directorship limits of executive directors. A company may also consider directorship in related companies such as subsidiaries, affiliates, parent corporation, and affiliates and subsidiaries of the parent corporation as one or exclude those from the limitations in the number of directorships. 24 Reinforcing Board Independence The Board should endeavor to exercise objective and independent judgment on all corporate affairs. Independence of the board rests on the proper mix of executive and non-executive directors, on the separation of the positions of Chairperson and Chief Executive Officers, and on the proper disclosure of adverse interests of directors affecting the corporation. The right combination of non-executive directors, which include independent directors, and executive directors, ensures that no director or small group of directors can dominate the decision-making process. Executive director is a director who has executive responsibility of day-to-day operations of a part or the whole of the organization. Non-executive director is a director who has no executive responsibility and does not perform any work related to the operations of the corporation. Independent director is a person who is independent of management and the controlling shareholder and is free from any business or other relationship which could, or could reasonably be perceived to, materially interfere with his exercise of independent judgment in carrying out his responsibilities as a director. The position of Chairman of the Board and President/CEO shall be held by separate individuals, who are not related to each other, and each shall have clearly defined responsibilities. A director with a material or potential interest in any transaction affecting corporation should fully disclose his adverse interest, abstain from taking part in deliberations for the same and recuse from voting on the approval of the transaction. The contract of the corporation with a self-dealing director/trustee, his spouse, or relative within fourth civil degree of consanguinity or affinity is voidable. However, the contract is perfectly valid if all the following conditions are present. The presence of such director or trustee in the board meeting in which the contract was approved was not necessary to constitute a quorum for such meeting; The vote of such director or trustee was not necessary for the approval of the contract; The contract is fair and reasonable under the circumstances; 25 In case of corporations vested with public interest, material contracts are approved by at least a majority of the independent directors voting to approve the material contract; and In case of an officer, the contract has been previously authorized by the board of directors. If any of the above conditions are not present, the corporation, through its board of directors/trustees, can annul the contract in a judicial proceeding within the prescriptive period, otherwise, the contract remains in force. However, even if the corporation decides to annul the contract, the stockholders/members can ratify the contract with self-dealing director/trustee: By stockholders representing at least two-thirds (2/3) of the outstanding capital stock or of at least two-thirds (2/3) of the members in a meeting called for the purpose Full disclosure of the adverse interest of the directors or trustees involved is made at such meeting and The contract is fair and reasonable under the circumstances. Fairness typically requires that the transaction reflect terms one would expect in an arm’s length transaction. For contracts with self-dealing officers, stockholders/members ratification is not required. It is within the power of the board to ratify the subject contracts. Contracts with interlocking directors are likewise subject to limitations. Interlocking directorship by itself is not prohibited. But the by-laws may prohibit interlocking directorship. There is an interlocking director when one of the directors in one corporation is also a director in another corporation. The contract entered between such corporation is valid but subject to the following rules: 1. the contract is valid or shall not be invalidated on the sole ground of interlocking directorship; provided that: contract is not fraudulent and the contract is fair and reasonable 2. if the interest of the interlocking director in one (1) corporation is substantial and the interest in the other corporation or corporations is merely nominal, the rules on self-dealing directors shall apply. Stockholding exceeding twenty percent (20%) of the outstanding capital stock shall be considered substantial for purposes of interlocking directors. Each director has a duty of loyalty to the corporation. Breach of this loyalty will subject the director to liability. Under the Doctrine of Corporate Opportunity, 26 unless ratified by stockholders, a director shall refund to the corporation all the profits he realizes on a business opportunity which: The corporation is financially able to undertake; From its nature, is in line with corporation’s business and is of practical advantage to it; and The corporation has an interest or a reasonable expectancy. The rule applies even if the director risked one's own funds in the venture. If the act has been ratified by a vote of the stockholders owning or representing at least two-thirds (2/3) of the outstanding capital stock, the director is excused from remitting the profit realized. The doctrine is not applicable to the following instances: When a director engages in a distinct enterprise of the same general class of business as that which his corporation is engaged in, so long as he acts in good faith; The opportunity is one which is not essential to the corporation’s business, or employment of company’s resources, or where the director or officer embracing opportunity personally is not brought into direct competition with the corporation; or When the property or business opportunity has ceased to be a “corporate opportunity” and has transformed into a “personal opportunity”. In such a case the corporation is definitely no longer able to avail itself of the opportunity, which may “arise from financial insolvency”, or from legal restrictions, or from any other factor which prevents it from acting upon the opportunity for its own advantage. If the action was made after the resignation of the director. When two related corporations are involved even if there is interlocking directorship. Assessing Board Performance The best measure of the Board’s effectiveness is through an assessment process. The Board should regularly carry out evaluations to appraise its performance as a body and assess whether it possesses the right mix of backgrounds and competencies. The Board should conduct an annual self-assessment of its performance, including the performance of the Chairman, individual members and committees. For publicly listed companies, the annual self-assessment shall, as practicable, be supported by an external facilitator every three years. 27 Strengthening Board Ethics Members of the Board are duty-bound to apply high ethical standards, taking into account the interests of all stakeholders. The Company shall adopt, implement and monitor compliance with: (A) a Code of Business Conduct and Ethics that provides the general standards for professional and ethical behavior for the Company, its Directors, Officers, Executives and employees in their internal and external dealings, and (B) policies implementing the Code of Business Conduct and Ethics, governing, among others: Conflict of Interest; Gift-Giving and Anti-Corruption; Gifts, Entertainment and Sponsored Travel; Whistleblowing; and Suppler/Contractor Relations. Enhancing Company Disclosure Policies and Procedures The company should establish corporate disclosure policies and procedures that are practical and in accordance with best practices and regulatory expectations. All corporations are required to submit to SEC the reportorial requirements required under SEC Memorandum Circular No. 2, series of 2020. In addition to the SEC requirements, publicly listed companies are required to comply with the PSE Disclosure Rules. Section 23 of the Securities Regulation Code prescribed that a director or an officer of the issuer of the security, shall file, at the time either such requirement is first satisfied or within ten (10) days after he becomes such a beneficial owner, director, or officer, a statement with the SEC and to the PSE and the PDEX (if the security is listed for trading) of the amount of all equity securities of such issuer of which he is the beneficial owner, and within ten (10) days after the close of each calendar month thereafter, if there has been a change in such ownership during such month. The company’s corporate governance policies, programs and procedures should be contained in its Manual on Corporate Governance, which should be submitted to the regulators and posted on the company’s website. In addition, publicly listed companies should fully disclose all relevant and material information on individual board members and key executives to evaluate 28 their experience and qualifications and assess any potential conflicts of interest that might affect their judgment. Strengthening the External Auditor’s Independence and Improving Audit Quality The company should establish standards for the appropriate selection of an external auditor, and exercise effective oversight of the same to strengthen the external auditor’s independence and enhance audit quality. It is the responsibility of the Audit Committee to recommend the appointment, reappointment, removal, and fees of the external auditor assessing the integrity and independence of external auditors disclose the nature of non-audit services performed by its external auditor Financial Statements covered by SRC Rule 68 shall be audited by independent auditors who are duly registered with the Board of Accountancy (BOA) of the Professional Regulation Commission (PRC) in accordance with the rules and regulations of said professional regulatory bodies. A corporation with financial statements audited by an independent auditor who is not registered with the BOA shall be subject to appropriate fines. Increasing Focus on Non-Financial and Sustainability Reporting The company should ensure that material and reportable non-financial and sustainability issues are disclosed. The Board should have a clear and focused policy on the disclosure of non- financial information, with emphasis on the management of economic, environmental, social and governance (EESG) issues of its business, which underpin sustainability. Companies should adopt a globally recognized standard/framework in reporting sustainability and non-financial issues. On February 15, 2019, SEC issued the Sustainability Reporting Guidelines for Publicly Listed Companies (Memorandum Circular No. 4, series of 2019). The Board shall be instrumental in maintaining the standards espoused in the Corporation’s sustainability framework and the policies thereof. Promoting a Comprehensive and Cost-Efficient Access to Relevant Information The company should maintain a comprehensive and cost-efficient communication channel for disseminating relevant information. This channel is 29 crucial for informed decision-making by investors, stakeholders and other interested users. Companies should have a website, at the very least. A company website should contain, among others, the Manual on Corporate Governance, Annual Corporate Governance Report, Board Charter, Committee Charters, the company’s Code of Business Conduct and Ethics. Publicly listed companies should include media and analysts’ briefings as channels of communication. Companies may also utilize participation in investor conferences, adhoc briefings, roadshows, conference calls and one-on-one meetings; and timely official disclosures via PSE EDGE. The Corporation may also use other available media channels to extend communication to stakeholders, as applicable. Strengthening the Internal Control System and Enterprise Risk Management Framework To ensure the integrity, transparency and proper governance in the conduct of its affairs, the company should have a strong and effective internal control system and enterprise risk management framework. The Company should have an adequate and effective internal control system and an enterprise risk management framework in the conduct of its business, taking into account its size, risk profile and complexity of operations. Promoting Shareholder Rights The company should treat all shareholders fairly and equitably, and also recognize, protect and facilitate the exercise of their rights. It is the duty of the Board to promote stockholder rights, remove impediments to the exercise of stockholder rights and provide effective redress for violation of their rights. The Board should ensure that basic shareholder rights are disclosed in the Manual on Corporate Governance and on the company’s website. It is the responsibility of the Board to adopt a policy informing the shareholders of all their rights. Shareholders’ rights relate to the following, among others: A. Right to participate in the management by exercising the right to vote. 30 Corollary, the right to vote carries the following rights of stockholders: Right to nominate candidates to the Board of Directors; Right to be informed of the nomination and removal process; Right to be informed of the voting procedures that would govern the Annual and Special Shareholders’/Members Meeting. Right to elect directors Right to remove directors Right to participate in the approval of certain corporate acts Right to notice of meetings and right to attend meetings Right to appoint a proxy Right to Propose the Holding of Meetings and to Propose Agenda Items B. Appraisal Rights C. Right to income and assets of the corporation Right to Dividend; Proportionate participation in the distribution of assets in liquidation D. Right to protect/transfer ownership Right to issuance of stock certificate for fully paid shares Right to transfer of stock in corporate books Pre-emptive rights; Right of first refusal, if granted E. Right to information Right to inspect books and records Right to be furnished of the most recent financial statement/financial report Right to be notified of certain corporate acts F. Remedies for infringement of Shareholder rights such as individual suit, representative suit, derivative suit, or alternative dispute resolution 31 Respecting Rights of Stakeholders and Effective Redress for Violation of Stakeholder’s Rights The rights of stakeholders established by law, by contractual relations and through voluntary commitments must be respected. Where stakeholders’ rights and/or interests are at stake, stakeholders should have the opportunity to obtain prompt effective redress for the violation of their rights. The Board should identify the company’s various stakeholders and promote cooperation between them and the company in creating wealth, growth and sustainability. Stakeholders in corporate governance include, but are not limited to, customers, employees, suppliers, shareholders, investors, creditors, the community the company operates in, society, the government, regulators, competitors, external auditors, etc. In formulating the company’s strategic and operational decisions affecting its wealth, growth and sustainability, due consideration is given to those who have an interest in the company and are directly affected by its operations. The Board should adopt a transparent framework and process that allow stakeholders to communicate with the company and to obtain redress for the violation of their rights. Encouraging Employees’ Participation A mechanism for employee participation should be developed to create a symbiotic environment, realize the company’s goals and participate in its corporate governance processes. Encouraging Sustainability and Social Responsibility The company should be socially responsible in all its dealings with the communities where it operates. It should ensure that its interactions serve its environment and stakeholders in a positive and progressive manner that is fully supportive of its comprehensive and balanced development. The company should recognize and place an importance on the interdependence between business and society and promote a mutually beneficial relationship that allows the company to grow its business, while contributing to the advancement of the society where it operates. The company’s value chain consists of inputs to the production process, the production process itself and the resulting output. Sustainable development means that the company not only complies with existing regulations, but also 32 voluntarily employs value chain processes that takes into consideration economic, environmental, social and governance issues and concerns. In considering sustainability concerns, the company plays an indispensable role alongside the government and civil society in contributing solutions to complex global challenges like poverty, inequality, unemployment and climate change. References Reading materials you may use in this course are the following: SEC Code of Corporate Governance for Publicly Listed Companies SEC Code of Corporate Governance for Public Companies and Registered Issuers Revised Corporation Code Sustainability Reporting Guidelines Code of Business Conduct and Ethics Corporate Governance Manual Any other books or e-books on Governance, Business Ethics, Risk Management, and Control Activity The purpose of the SEC Code of Corporate Governance is to promote the developments of a strong corporate governance culture and keep abreast with recent developments in corporate governance best practices. In line with this, when the SEC knew that you have studied this module, the SEC hired you to assess whether the Code of Corporate Governance is aligned with its objectives. Give a principle that you want to add to or remove from the Code of Corporate governance and explain why it should be added or removed. 33 Module 4 BUSINESS ETHICS, CORPORATE SOCIAL RESPONSIBILITY, AND SUSTAINABILITY Overview Ethics derives from the Greek word ethos – meaning “character.” Ethics is concerned with understanding right and wrong and how conduct should be judged to be good or bad. Three general areas constitute a framework for understanding ethical theories: metaethics, normative ethics, and descriptive ethics. Metaethics is the study of the nature of ethics. It considers where one’s ethical principles “come from, and what they mean.” Metaethical focuses on issues of universal truths, the will of God, the role of reason in ethical judgments, and the meaning of ethical terms themselves. Normative ethics is the study of ethical action. It deals on the practical side of the ethics. It tells the people what to do and what not to do. Descriptive ethics is the study of people’s views about moral beliefs. It also relates to presenting – describing but not interpreting or evaluating – facts, events, and ethical actions in specific situations and places. When the ethical principles and methods of analysis are applied to business, it is called business ethics. Laura Nash defined business ethics as “the study of how personal moral norms apply to the activities and goals of commercial enterprise. It is not a separate moral standard, but the study of how the business context poses its own unique problems for the moral person who acts as an agent of this system.” Business ethics is an organization’s policies and standards established to ensure certain kinds of behavior by its members. It must be a fundamental aspect of mission, since everything the organization does flows from that. Managers responsible for strategic decision-making should consciously apply ethical rules to all their decisions in order to filter out potentially undesirable developments. 34 Course Objectives After studying this module, you should be able to Define the components of business ethics. Formulate ethical decision in business Understand the concept, applicability, and reporting in respect to Corporate Social Responsibility and Sustainability. Explain the concept of corporate citizen and intergenerational responsibility. Course Materials Business Ethics The Board should adopt a Code of Business Conduct and Ethics and ensure its proper and efficient implementation and monitoring of compliance. Code of Business Conduct and Ethics provides standards for professional and ethical behavior, as well as articulate acceptable and unacceptable conduct and practices in internal and external dealings. It explains what behavior is expected of all employees and provides the standards that guide the work of the company and how the employees should relate to customers, competitors, vendors, and to other employees. The Code of Business Conduct and Ethics shall cover and apply equally to all employees. Failure to comply with the standards contained in the Code will result in disciplinary action, including termination of employment. In some cases, civil and criminal actions are warranted. Most large companies adhere to the following ethical principles and values described as follows: Accountability. Taking full responsibility for business decisions, actions/inactions, and conduct. Integrity. Acting righteously, morally and legally and under the highest standards of ethics. Fairness. Uphold the value of justice and fair play amongst everyone we deal with, both internally and externally. Transparency. Uphold the value of truthfulness in everything we do coupled with the quality of being open to scrutiny as we provide and disclose accurate material information in a timely manner. 35 Some of the commitments of the Company, its directors, officers and employees in their behavior and various business dealings are relate to the following: Honesty and Fair Dealing. Compliance with laws Conflicts of Interest and Corporate Opportunities. Corporate Entertainment/Gifts Creditor Rights Conduct Towards Colleagues Confidential Information Accounting of Funds Proper Use of Property Ethical reasoning is required in business for at least three reasons. First, many times laws do not cover all aspects or “gray areas” of a problem. Second, free- market and regulated- market mechanisms do not effectively inform owners and managers how to respond to complex issues that have far reaching ethical consequences. A third argument holds that ethical reasoning is necessary because complex moral problems require “an intuitive or learned understanding and concern for fairness, justice, [and] due process to people, groups, and communities. Corporate Social Responsibility Corporate Social Responsibility or CSR is defined by the World Bank as the commitment of business to behave ethically and to contribute to sustainable economic development by working with all relevant stakeholders to improve their lives in ways that are good for businesses, the sustainable developments agenda, and society at large. CSR-related activities include the following: Charitable programs and projects, Scientific research, Youth and sports development, Cultural or educational promotion, Services to veterans and senior citizens, Social welfare, Environmental sustainability, Health development, Disaster relief and assistance, Employees and worker welfare related activities. CSR activities becomes strategic when they are concerned with the long-term success of the business and should therefore be beneficial to the business as well as to society. Examples of strategic CSR initiatives might include: A pharmaceutical company funding the training of medical staff, in the hope that when qualified they will source drugs from that company. 36 A bank providing free internet training for senior customers, who might then be disposed to buying financial products. Encouraging employees to nominate and get involved in good causes, in order to develop loyalty to the company. Sponsoring sports teams in return for advertising space on shirts, other merchandise, and at the ground. CSR is a broad concept of corporate citizenship, which provides that as a citizen, a corporation has social, cultural, and environmental responsibilities to the community where is operates, as well as economic and financial ones to its shareholders and immediate stakeholders. House Bill 9061 seeks to institutionalize corporate social responsibility in corporations, whether domestic or foreign, partnership and other establishment performing business in the country. It also allows corporation to retain surplus profits in excess of 100 percent of their paid-in capital stock for corporate social responsibility projects and programs approved by the board of directors. Sustainability SEC issued Sustainability Reporting Guidelines for Publicly Listed Companies (Memorandum Circular No. 4, series of 2019) to promote sustainability reporting in the Philippines. The Guidelines adopted the comply or explain approach for the first three years upon implementation. Based on the Guidelines, Sustainability is defined as “development that meets the needs of the present without compromising the ability of future generations to meet their own needs.” It focuses on how a company manages its economic, environmental and social impacts, risks and opportunities. Sustainability is not the ability of the business to continue as a going concern. Rather, it involves developing strategies so that the organization only uses resources (inputs) at a rate that allows them to be replenished (in order to ensure that they will continue to be available). At the same time emissions of waste (outputs) are confined to levels that do not exceed the capacity of the environment to absorb them. Sustainability has three pillars: economic, environmental, and social. These pillars are also referred to as people, planet, and profits. 37 The phrase “the triple bottom line” was first coined in 1994 by John Elkington, the founder of a British consultancy called Sustainability. His argument was that companies should be preparing three different (and quite separate) bottom lines. People means balancing up the interests of different stakeholders and not automatically prioritizing shareholder needs. Planet means ensuring that the business's activities are environmentally sustainable. Profit is the accounting measure of the returns of the business. The aim of the triple bottom line is to measure the financial, social and environmental performance of the corporation over a period of time. Only a company that produces a TBL is taking account of the full cost involved in doing business. The Reporting Principles for defining report quality guide choices on ensuring the quality of information in a sustainability report, including its proper presentation. The quality of information is important for enabling stakeholders to make sound and reasonable assessments of an organization, and to take appropriate actions. The Guidelines provides a Sustainability Reporting Framework for Philippine PLCs that builds upon four of the globally accepted frameworks, which companies use to report on sustainability and non-financial information, namely: Global Reporting Initiative’s (GRI) Sustainability Reporting Standards International Integrated Reporting Council’s (IIRC) Integrated Reporting (IR) Framework Sustainability Accounting Standards Board’s (SASB) Sustainability Accounting Standards Task Force on Climate-related Financial Disclosure (TCFD). Broadly, sustainability performance is measured in the way the corporation conducts its business, and how it manages its key economic, environmental and social impacts. Disclosures should reflect these impacts. Disclosure are also required on how companies are able to contribute to the United Nations Sustainable Development Goals (SDGs) through their products and services. SDGs are a universal call to action, to end poverty, protect the planet and ensure that all people enjoy peace and prosperity and includes seventeen (17) goals. Under the Doctrine of Intergenerational Responsibility, minors have personality to sue on behalf of the succeeding generations insofar as the right to a balanced 38 and healthful ecology is concerned. Such a right considers the "rhythm and harmony of nature." Nature means the created world in its entirety. Such rhythm and harmony indispensably include, inter alia, the judicious disposition, utilization, management, renewal and conservation of the country's forest, mineral, land, waters, fisheries, wildlife, off-shore areas and other natural resources to the end that their exploration, development and utilization be equitably accessible to the present as well as future generations. Needless to say, every generation has a responsibility to the next to preserve that rhythm and harmony for the full enjoyment of a balanced and healthful ecology. Put a little differently, the minors' assertion of their right to a sound environment constitutes, at the same time, the performance of their obligation to ensure the protection of that right for the generations to come. References Reading materials you may use in this course are the following: SEC Code of Corporate Governance Sustainability Reporting Guidelines Code of Business Conduct and Ethics Any other books or e-books on Governance, Business Ethics, Risk Management, and Control Activity One2Three Corporation hired you as internal auditor. Your first engagement is to evaluate the environmental, social, and governance landscape of the company. During the internal audit, you raised to the management the issue that the company had no code of business conduct and ethics nor policies on corporate social responsibility and sustainability. The management, then, asked your advice so they can at least improve these areas. Provide at least one recommendation. Your recommendation may be in the form of a provision to be added to the code of business conduct and ethics, a policy or activity regarding corporate social responsibility and sustainability. 39 Module 5 FUNDAMENTAL CONCEPTS OF RISK AND THE RISK MANAGEMENT PROCESS Overview Various publications view risk as a by-product of setting objectives, whether for profit or not for profit. Risk is the effect of uncertainty on objectives. Risk is the combination of the probability of occurrence of harm and the severity of that harm. Risk is the possibility that events will occur and affect the achievement of business objectives. Risk is the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood. Simply put, risk is the deviation from expectations. It can be positive or negative. Note that risk is not the harm itself. Rather, risk is merely a possibility that harm will occur. What causes harm is hazard. For example, the slippery floor at 5th floor, PUP Main Building after the janitor applies the floor wax can be considered hazard to some students and teachers. The probability that someone might be harmed by slipping and failing is the risk. Hazard can be qualified in order to define the origin of the hazard or the nature of the expected harm (e.g. “electric shock hazard”, “crushing hazard”, “cutting hazard”, “toxic hazard”, “fire hazard”, “drowning hazard”). Moreover, the concept of risk does not always relate to harm. Risk can likewise create opportunities. Investing in stocks presents a speculative risk where either a gain or loss can result. The concept of risk must be distinguished from uncertainty. Frank Knight (1921) distinguished two types of uncertainty. First type is called uncertainty risk or not knowing the potential outcomes and the probability of these outcomes. Second type is called Genuine uncertainty where the potential outcomes and their probabilities are unknown. 40 Betting in a game of chance is an example of risk because you would know the possible outcomes and their probabilities. For example, a game of Cara y Cruz has two possible outcomes (head or tails); you have 50% chance of winning. A color game at perya during fiesta in your hometown with three colorful dice has twenty color combinations; which means you have 1/20 or 5% change of winning. But if you bet in a color game with unknown number of dice, this would not be a risk. It is an example of Genuine uncertainty. Courting a lady is a risk or uncertainty? You bet. Course Objectives After studying this module, you should be able to Interpret fundamental concepts of risk and the risk management process; Identify and assess the impact on the stakeholders involved in business risk Explain the dynamic nature of risk assessment; Identify the types of risk facing an organization; Identify and asses how business organizations use policies and techniques to mitigate various types of business and financial risks; Explain and assess the importance of risk transfer, avoidance, reduction, and acceptance. Course Materials Classification of Risks Risks can be classified based on its effect, controllability, correlation, impact, and drivers. Risks can be fundamental, particular, speculative, and pure. Fundamental risks are those that affect society in general. It is beyond the control of any one e.g. risk of atmospheric pollution. Particular risks are risks over which an individual may have some measure of control. For example, there is a risk attached to smoking and we can mitigate that risk by refraining from smoking. Speculative risks are those from which either good or harm may result. Investing in stocks as discussed earlier presents a speculative risk because either a gain or loss can result. Pure risks are those whose only possible outcome is harmful e.g., risk of loss due to fire. Controllable vs. Uncontrollable. Risk may be classified according to controllability, i.e., Controllable (unsystematic) and Uncontrollable (systematic). 41 Positive vs. Negative Correlation. Where positive correlation exists, the risks will increase or decrease together. If there is negative correlation, one risk will increase as the other decreases and vice versa. The relationship between the risks is measured by the correlation coefficient. A figure close to +1 shows high positive correlation, and a figure close to –1 high negative correlation. Financial vs. Non-Financial. Financial Risk has some direct financial impact on the entity is treated as financial risk. This risk may be Market risk, Credit risk, Liquidity risk, Operational Risk, Legal Risk and Country Risk. Non-Financial Risks do not usually have direct and immediate financial impact on the business. Nonfinancial risk may have a significant financial impact if left uncontrolled. Examples are Business/Industry & Service Risk, Strategic Risk, Compliance Risk, Industry Fraud Risk, Reputation Risk, Transaction risk, Disaster Risk. Strategic vs Operational. Operational risks relate to matters that can go wrong on a day-to-day basis while the organization is carrying out its business. It is the risk of loss from a failure of internal business and control processes. Strategic risk is the potential volatility of profits caused by the nature and type of the business strategies. It relates to the business long-term effect of key strategic decisions. Impact of Risk to Stakeholders Shareholders. When the company’s risk profile changes, shareholders may sell their shares resulting to a lower share price, or they may replace directors depending on their level of risk tolerance. Risk averse shareholders can tolerate risks up to a point where the receive acceptable return. Risk-seeking shareholders likely enjoy investing in risk ventures. Risk neutral focus on maximizing return notwithstanding the level of risk. Creditors. Creditors are concerned whether the company can fulfil its obligation and limit the risk of default; otherwise, they can deny credit, charge higher interest, file actions in court that could lead the company into liquidation, ask for collateral. The long-term strategic objectives of the company may be unacceptable to potential creditors because of the differences in their risk appetite. Creditors may place restrictive provisions in the debt covenant. 42 Employees. Employees are concerned about threats to their job e.g. salary, promotion, benefits, satisfaction, job itself. If the business fails, employees may lose their jobs. Hence, employees pursue their own goals rather than shareholder interests. Customers and suppliers. Suppliers are concerned about the risk of making unprofitable sales; while customers are concerned on getting the value from the goods or services that they expect. The wider community. The risks that the wider community are concerned about are less easy to predict. In general, the community is concerned with risks that the company does not act as a good corporate citizen. Otherwise, pressure groups tactics can include publicity, direct action, sabotage or pressure on government. As a result, Government can impose tax increases or tighten regulation. Risks Faced by Organizations There are different types of risk faced by organizations. These risks may include the following. Business risks. Simply, the risk associated in doing business. It includes the risk of inadequate profits or even losses due to uncertainties arising from increased competition, changes in government policy, changes in preferences of consumers, or obsolescence of products and services, etc. Business risk is borne by both the firm's equity holders and providers of debt, as it is the risk associated with investing in the firm in whatever capacity. The only way that either party can get rid of the business risk is to withdraw its investment in the firm. Financial risk, on the other hand, is borne entirely by equity holders. This is due to the fact that payment to debt holders (ie interest) takes precedence over dividends to shareholders. The more debt there is in the firm's capital structure, the greater the financial risk to equity holders, as the increased interest burden coming out of earnings reduces the likelihood that there will be sufficient funds remaining from which to pay a dividend. Debt holders however know there is a legal obligation on the firm to meet their interest commitments. Financial Risk. This relates to the effect of company’s capital structure or the mix of equity and debt capital. Financial risk can be long term or short term. Shorter-term financial risks include liquidity risk and credit risk. And longer-term risks include gearing, currency, and interest rate risks, among others. 43 Market risk. Market risk is another type of financial risk. However, market risk is hardly controllable. It is also a good example of a speculative risk. Businesses can benefit from favorable price movements as well as lose from adverse changes. Product risks. Product risks include risks of financial loss due to producing a poor-quality product. It may be in the form of compensation to dissatisfied customers, loss of sales due to loss reputation, or expenses on improving quality control procedures. Legal risk. Companies are subject to the police power of the country where it seeks to operate. Legislation in a country may have very serious consequences for the company. For example, the government may impose liquor ban during the pandemic. Political risk. Political risk is the risk that political action will affect the position and value of an organization. A political policy that encourages private sector participation will benefit the private corporations in privatization of certain public functions. Changes in this policy would have adverse effect on the corporation. For example, the water concessionaires in Metro Manila faced consecutive arbitration proceedings against the government in relation to their contracts with the government. Technological risk. Technological risk is the failure of system caused due to tampering of data access to critical information, non-availability of data and lack of controls. Technological risks can be strategic and operational, physical damage, data and systems integrity, fraud, internet, denial of service attack risks. Strategic and operational technological risks. The company may force a new system for strategic reasons but is impractical for operational purposes. If in the end the system has to be abandoned, the write-off costs can be large and the damage to operational efficiency significant. Environmental risk. This refers to the potential liability of the company arising out of the environmental effects of the company’s operation, for example, pollution caused to bodies of water if waste materials are toxic. Probity risk is the risk of unethical behavior by one or more participants in a particular process. Being the victims of bribery or corruption or being pressurized into it are obvious examples of probity risk. Reputation risk. This type of risk arises from the negative public opinion. Reputation risk is strongly correlated to other risks. For example, product risk arising from poor customer service and failure to innovate may lead to increased 44 number of complaints followed inevitably by loss of business. Probity risk and environmental risk increase reputation risk. Fraud risk. Fraud is perpetrated through the abuse of systems, controls, procedures and working practices. It may be perpetrated by an outsider or insider. Fraud may not be usually detected immediately and thus the detection should be planned for on a proactive basis rather than on a reactive basis. Risk Management Risk Management is a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives. Commonly used standards in managing risks include: COSO 2017 Enterprise Risk Management – Integrating with Strategy and Performance COSO 2004 Enterprise Risk Management – Integrated Framework ISO 31000:2018 – Risk Management Principles and Guidelines A Risk Management Standard – IRM/Alarm/AIRMIC 2002 – developed