GBERMIC.pdf

Full Transcript

GOVERNANCE
BUSINESS ETHICS
RISK MANAGEMENT
INTERNAL CONTROL

GERWIN M. ORTEGA JONALD P. BINALUYO
CATHERINE D. SOTTO JONATHAN P. BINALUYO
RUTH P. CARLOS LYRA VICTORIA V. LASCANO
EDITH A. PERALTA GENO C. SAN JOSE
RICHARD IBARRA JEFFREY R. EBIO
JOHN CARLO G. ABILLONAR JAMES ROBERT D. AGUILA
COLLEGE OF ACCOUNTANCY AND FINANCE
Polytechnic University of the Philippines

All rights reserved.

This instructional material is for the exclusive use of PUP College of
Accountancy and Finance. This is not for sale.

No part of this instructional material may be reproduced or transmitted in any
form or by any means, electronic or mechanical, without the express written
permission of the copyright holder.

Any person who directly commits an infringement, benefits from the infringing
activity of another person who commits an infringement, or induces or materially
contributes to the infringing conduct of another, such as, but not limited to, the
unauthorized reproduction, distribution, sale, or other communication to the
public of the work, shall be made liable for criminal, civil, and administrative
penalties under the Intellectual Property Code of the Philippines (Republic Act
No. 8293, as amended).
 GOVERNANCE, BUSINESS ETHICS,
RISK MANAGEMENT, AND CONTROL

Overview

This course is designed to prepare BSA and BSMA students to become
professionals who provide value to the organization and who serve as the catalyst
for improving organization governance, risk management, and internal control.

In Certified Public Accountant Licensure Examination, this subject will cover:

SEC Code of Corporate Governance under Regulatory Framework for
Business Transactions;
Planning Phase of the Audit Process particularly Understanding the
Entity and its Environment including its Internal Control and Test of
Control under Auditing; and
Consultancy under Management Advisory Services.

This subject, “Governance, Risk Management, and Control,” makes up thirty-five
percent (35%) of the 2019 CIA Exam Syllabus, Part 1 – Essentials of Internal
Auditing, covering the foundation of internal auditing; independence and
objectivity; proficiency and due professional care; quality assurance and
improvement programs; governance, risk management, and control; and fraud
risk.

Course Objectives

At the end of the semester, students are expected to:

Possess current knowledge of professional standards that are expected
from a professional accountant and demonstrate appropriate use;
Demonstrate knowledge of corporate governance, risk management, and
internal control;
Apply knowledge in business acumen, IT, and management needed for
internal auditing;
Be able to apply tools and technique to evaluate risks and internal
controls;
Be able to perform an audit engagement with minimal supervision in
conformance with acceptable professional standards;
Course Materials

Module 1 Internal Auditing
Module 2 Conceptual Framework of Corporate Governance
Module 3 SEC Code of Corporate Governance
Module 4 Business Ethics, Corporate Social Responsibility and
Sustainability
Module 5 Fundamental Concepts of Risk and the Risk
Management Process
Module 6 Enterprise Risk Management
Module 7 Basic Concepts and Elements of Internal Control
Module 8 Evaluating the Design and Effectiveness of Internal
Control
Module 9 Fraud Risks

References

Reading materials you may use in this course are the following:

The IIA’s International Standards for the Professional Practice of
Internal Auditing
Philippine Framework for Assurance Engagements
SEC Code of Corporate Governance
G20/OECD Principles of Corporate Governance
Revised Corporation Code
Sustainability Reporting Guidelines
Code of Business Conduct and Ethics
Corporate Governance Manual
COSO’s Enterprise Risk Management – Integrating with Strategy and
Performance
ISO 31000:2018
Philippine Standards on Auditing
COSO Internal Control – Integrated Framework
Any other books or e-books on Governance, Business Ethics, Risk
Management, and Control
 Module 1

INTERNAL AUDITING

Overview

Governance, Risk Management, and Internal Control add value to the
organization by placing a mechanism that provides reasonable assurance that
organization's objectives will be achieved.

Governance, risk management, and control are related. Their relationships can be
summarized as follows:

Governance provides overall direction for risk management activities.
Effective governance considers risk when setting strategy, and risk
management relies on effective governance (e.g., tone at the top, risk
appetite and tolerance, risk culture, and the oversight of risk
management).
Effective governance relies on controls, and communication to the board
relies on their effectiveness.
Controls within governance processes often are significant in managing
multiple risks. For example, controls related to the code of conduct may
be relied upon to manage compliance and fraud risks.
Internal control implements the organization’s risk management
strategies.

The Board sets the organization’s risk appetite. The Board delegates to the CEO
and senior management primary ownership and responsibility for operating risk
management and control. Then the Board sets mechanism to review and assures
itself on an ongoing basis whether the senior management is responding
appropriately to these risks by relying on adequate line functions.

As a professional accountant, the concepts related to Governance, Risk
Management, and Internal Control will be fully utilized in the field of Auditing,
particularly Internal Auditing, being the third line of defense.

Three Line of Defense model shows that management control is the first line of
defense. The various risk control and compliance oversight functions established
by management are the second line of defense. Lastly, Internal Audit is the third
line of defense.

1
As the third line of defense, Internal Audit Activity must assess and make
appropriate recommendations to improve organization’s governance, must
evaluate the effectiveness and contribute to improve risk management processes,
and must assist the organization in maintaining effective controls by evaluating
their effectiveness and efficiency and by promoting continuous improvement.

Clearly, the function of Internal Auditing encompasses the entirety of this subject.
And as we tackle each topic under this subject, we will always encounter Internal
Auditing. For this reason, it would be better if we study Governance, Risk
Management, and Internal Control from the point of view of an Internal
Auditor. So for this module, let's have a quick overview of the essentials of
Internal Auditing. The discussion here is based on the Revised 2019 CIA
Syllabus, Part 1.

Course Objectives

After studying this module, you should be able to

Interpret The IIA's Mission of Internal Audit and the principles-based,
mandatory requirements which are essentials in the conduct of internal
audit activity;
Distinguish assurance and consulting services provided by the internal
audit activity;
Demonstrate conformance with the IIA Code of Ethics;
Describe the required elements of the quality assurance and improvement
program (internal assessments, external assessments, etc.);
Understand the role of internal audit in Governance, Risk Management,
and Internal Control; and
Identify elements of Fraud Risk.

2
Course Materials

Foundations of Internal Auditing

Internal Audit Activity is defined as a department, division, team of consultants,
or other practitioner(s) that provides independent, objective assurance and
consulting services designed to add value and improve an organization’s
operations.

The International Standards for the Professional Practice of Internal Auditing
(Standards) requires that the purpose, authority, and responsibility of the internal
audit activity must be consistent with the following:

Mission of Internal Audit
Mandatory Elements of the International Professional Practices
Framework.

The Mission of Internal Audit articulates what internal audit aspires to
accomplish within an organization: “To enhance and protect organizational value
by providing risk-based and objective assurance, advice, and insight.”

The Mandatory Elements of the International Professional Practices Framework
are

Definition of Internal Auditing.
The Core Principles for the Professional Practice of Internal Auditing,
International Standards for the Professional Practice of Internal Auditing
(the Standards)
Code of Ethics

Internal auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organization’s operations. It helps an
organization accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control,
and governance processes. Assurance services involve the internal auditor’s
objective assessment of evidence to provide opinions or conclusions regarding an
entity, operation, function, process, system, or other subject matters. On the other
hand, Consulting services are advisory in nature and are generally performed at
the specific request of an engagement client.

The International Internal Audit Standards Board released the revision to the
Standards following consideration and approval by the International Professional
Practice Framework Oversight Council. The Revised Standard took effect on

3
January 1, 2017. The Standards are a set of principles-based, mandatory
requirements consisting of:

Statements of core requirements for the professional practice of internal
auditing and for evaluating the effectiveness of performance that are
internationally applicable at organizational and individual levels.
Interpretations clarifying terms or concepts within the Standards.

The Core Principles, taken as a whole, articulate internal audit effectiveness. For
an internal audit function to be considered effective, all Principles should be
present and operating effectively. How an internal auditor, as well as an internal
audit activity, demonstrates achievement of the Core Principles may be quite
different from organization to organization, but failure to achieve any of the
Principles would imply that an internal audit activity was not as effective as it
could be in achieving internal audit’s mission

Demonstrates integrity.
Demonstrates competence and due professional care.
Is objective and free from undue influence (independent).
Aligns with the strategies, objectives, and risks of the organization.
Is appropriately positioned and adequately resourced.
Demonstrates quality and continuous improvement.
Communicates effectively.
Provides risk-based assurance.
Is insightful, proactive, and future-focused.
Promotes organizational improvement.

The Institute’s Code of Ethics states the principles and expectations governing
the behavior of individuals and organizations in the conduct of internal auditing.
It describes the minimum requirements for conduct, and behavioral expectations
rather than specific activities. The purpose of The Institute’s Code of Ethics is to
promote an ethical culture in the profession of internal auditing. It includes two
essential components:

Principles that are relevant to the profession and practice of internal
auditing
Rule of Conduct that describe behavior norms expected of internal
auditors. These rules are an aid to interpreting the Principles into practical
applications and are intended to guide the ethical conduct of internal
auditors.

4
Internal auditors are expected to apply and uphold the following principles:

Integrity. The integrity of internal auditors establishes trust and thus
provides the basis for reliance on their judgment.
Objectivity. Internal auditors exhibit the highest level of professional
objectivity in gathering, evaluating, and communicating information
about the activity or process being examined.
Confidentiality. Internal auditors respect the value and ownership of
information they receive and do not disclose information without
appropriate authority unless there is a legal or professional obligation to
do so.
Competency. Internal auditors apply the knowledge, skills, and
experience needed in the performance of internal audit services.

Independence and Objectivity

The internal audit activity must be independent, and internal auditors must be
objective in performing their work.

Independence is the freedom from conditions that threaten the ability of the
internal audit activity to carry out internal audit responsibilities in an unbiased
manner. To achieve the degree of independence necessary to effectively carry out
the responsibilities of the internal audit activity, the chief audit executive has
direct and unrestricted access to senior management and the board. This can be
achieved through a dual-reporting relationship.

Objectivity is an unbiased mental attitude that allows internal auditors to perform
engagements in such a manner that they believe in their work product and that no
quality compromises are made. Objectivity requires that internal auditors do not
subordinate their judgment on audit matters to others.

Proficiency and Due Professional Care

Engagements must be performed with proficiency and due professional care.

Proficiency is a collective term that refers to the knowledge, skills, and other
competencies required of internal auditors to effectively carry out their
professional responsibilities. It encompasses consideration of current activities,
trends, and emerging issues, to enable relevant advice and recommendations.

Internal auditors must apply the care and skill expected of a reasonably prudent
and competent internal auditor. Due professional care does not imply infallibility.

5
Quality Assurance and Improvement Program

Quality assurance and improvement program (QAIP) is an ongoing and periodic
assessment of the entire spectrum of audit and consulting work performed by the
internal audit activity. The assessment can be internal or external.

Internal assessments must include:

Ongoing monitoring of the performance of the internal audit activity
Periodic self-assessments or assessments by other persons within the
organization with sufficient knowledge of internal audit practices.

External assessments provide an independent and objective evaluation of the
internal audit activity’s compliance with the Standards and Code of
Ethics. External assessments must be conducted at least once every five years by
a qualified, independent assessor or assessment team from outside the
organization.

Governance, Risk Management, and Control

The internal audit activity must evaluate and contribute to the improvement of the
organization’s governance, risk management, and control processes using a
systematic, disciplined, and risk-based approach. Internal audit credibility and
value are enhanced when auditors are proactive, and their evaluations offer new
insights and consider future impact.

Governance is the combination of processes and structures implemented by the
board to inform, direct, manage, and monitor the activities of the organization
toward the achievement of its objectives.

Risk Management is a process to identify, assess, manage, and control potential
events or situations to provide reasonable assurance regarding the achievement of
the organization’s objectives.

Control is any action taken by management, the board, and other parties to
manage risk and increase the likelihood that established objectives and goals will
be achieved. Management plans, organizes, and directs the performance of
sufficient actions to provide reasonable assurance that objectives and goals will
be achieved.

Fraud

The internal audit activity must evaluate the potential for the occurrence of fraud
and how the organization manages fraud risk. It is not the role of the Internal

6
auditors to identify fraud, but it is the primary responsibility of management and
those charged with governance to prevent and detect fraud.

Fraud is any illegal act characterized by deceit, concealment, or violation of trust.
These acts are not dependent upon the threat of violence or physical force. Frauds
are perpetrated by parties and organizations to obtain money, property, or
services; to avoid payment or loss of services; or to secure personal or business
advantage.

The elements of Fraud are Pressure, Opportunity, and Rationalization.

Pressure or incentive (also called motive) incites actions. It is the moving force
which impels a person to commit fraud. It can also be defined as the need a person
tries to satisfy by committing the fraud. It should be distinguished from intent,
which is the use of a particular means to commit fraud, a mental state
demonstrated by the overt acts of a person.

Opportunity is the ability to commit fraud. An opportunity for fraud is more likely
in companies where there is a weak internal control system. Poor control over
cash, merchandise, and other organizational property, as well as a lack of
compensating accounting controls, are enabling factors. Moreover, management
can always override existing controls.

Rationalization is the justification for the act. Some people may rationalize
fraudulent action as necessary, harmless, excusable, or acceptable.

References

Reading materials you may use in this course are the following:

SEC Code of Corporate Governance
2019 CIA Syllabus Part 1 - Essentials of Internal Auditing
The Institute of Internal Auditor
The IIA’s International Standards for the Professional Practice of Internal
Auditing
IIA Code of Ethics
Philippine Framework for Assurance Engagements
Governance, Risk, and Compliance
Any other books or e-books on Governance, Business Ethics, Risk
Management, and Control

7
Activity

Internal audit activity must evaluate and contribute to the improvement of the
organization’s governance, risk management, and control processes. Discuss how
internal audit activity adds value and improves the company's operations.

8
 Module 2

CONCEPTUAL FRAMEWORK OF
CORPORATE GOVERNANCE

Overview

The purpose of corporate governance is to help build an environment of trust,
transparency and accountability necessary for fostering long-term investment,
financial stability and business integrity, thereby supporting stronger growth and
more inclusive societies.

There is no single authority regulating corporate governance. Its principles evolve
overtime addressing the needs of the industry which may vary among
jurisdictions. Globalization, the treatment of investors and major corporate
scandals have been major driving forces behind corporate governance
developments.

The accepted principles of corporate governance are scattered among various
sources such as

Law; Revised Corporation Code, Sarbanes-Oxley Act 2002
Codes or Standards; SEC Code of Corporate Governance, UK Corporate
Governance Code, The King Report, Organization for Economic Co-
operation and Development (OECD), International Standards for the
Professional Practice of Internal Auditing
Corporate governance theories; Transaction costs theory, Stewardship
Theory, Stakeholder theory, Stockholder Theory, Agency Theory
Other Publications; The Essential Books of Corporate Governance (G.N
Bajpai), Corporate Governance Matters (David Larcker)

Course Objectives

After studying this module, you should be able to

Define and explain the meaning of corporate governance;
Discuss the implications of the separation of ownership and control;
Analyze the purposes and objectives of corporate governance;
Describe the decision authority and incentives of shareholders, boards of
directors, and top management;
Recognize the impact of organizational culture on the overall control
environment and individual engagement risks and controls;

9
 Describe and compare the essentials of rules and principles-based
approaches to corporate governance, including the comply or explain
principle; and
Explore the objectives, content, and limitation of various codes of
corporate governance intended to apply to multiple national
jurisdictions.

Course Materials

Definition

Corporate governance means to steer an organization. Governance comes from
the Latin word “gubanare” which means “to steer.”

Today, corporate governance is given various meanings as follows:

Corporate governance is the system by which businesses are directed and
controlled.

Corporate governance is the system of stewardship and control to guide
organizations in fulfilling their long-term economic, moral, legal and social
obligations towards their stakeholders.

Corporate governance is a system of direction, feedback and control using
regulations, performance standards and ethical guidelines to hold the Board and
senior management accountable for ensuring ethical behavior – reconciling long-
term customer satisfaction with shareholder value – to the benefit of all
stakeholders and society.

Corporate Governance is a set of relationships between a company's directors, its
shareholders and other stakeholders. It also provides the structure through which
the objectives of the company are set, and the means of achieving those objectives
and monitoring performance, are determined.

The combination of processes and structures implemented by the board to inform,
direct, manage, and monitor the activities of the organization toward the
achievement of its objectives.

Corporate Governance is about promoting corporate fairness, transparency and
accountability.

Corporate governance deals with laws, procedures, practices and implicit rules
that determine a company’s ability to take informed managerial decisions vis-à-

10
vis its claimants - in particular, its shareholders, creditors, customers, the State
and employees.

Corporate governance is a system of organizational control that defines and
establishes the responsibility and accountability of the major participants in an
organization.

Simply put, corporate governance is the road map of an organization in order to
maximize shareholders’ wealth and protect stakeholders’ interests.

Based on the above definitions, corporate governance best fits in an organization
where the following are present:

Separation of ownership and control
Stakeholders who have legitimate interests in the organization
Underlying principles of corporate governance

Separation of Ownership and Control

Corporate governance has partly developed in response to the issues arising from
the corporate structure which separates ownership and control. But what
determines structure?

“Structure follows the strategy,” former president of a big water firm espoused.
For example, under transaction costs theory, the way the company is organized
or governed determines its control over transactions.

The strategy also sets the legal structure of an organization. Such legal structure,
in turn, sets the framework and governing rules under which it operates.

Lascano, et. al., in his book Fundamentals of Financial Markets, discussed the
forms of organization in this wise:

Sole proprietorship is a type of business organization which an individual
personally owns a business. The Sole proprietorship has no distinct
personality from the owner; thus, the owner is responsible for all debts
and obligations. The owner has full control regarding decision making of
the business.
Partnership is formed when two or more persons bind themselves to
contribute money, property, or industry to a common fund with the
intention of dividing the profits and ownership among themselves.
Though the partnership is a separate legal entity from the partners, the
partners are still personally obliged to pay for the debts of the partnership.

11
 In case of bankruptcy, creditors can compel the partners to pay up to the
extent of their personal assets.
Corporation is a legal entity with a personality separate and distinct from
the owners/shareholders. Limited liability exists. This means that even if
the corporation goes bankrupt, shareholders will only lose his
investments equivalent to the amount of his shareholdings.

This separation of ownership and control has led to agency problem since
corporation is managed by agents who may not operate it in the best interest of
the shareholders.

In finance theory, the basic assumption is that the primary objective for
companies is shareholders wealth maximization. Agency theory takes the stance
that management is likely to pursue their own personal interests, rather than act
as stewards. Transactions cost theory considers that managers’ decisions are
limited by the understanding of alternatives that they have, that managers are
opportunistic, that they will organize their transactions to pursue their own
convenience.

Corporate governance counters this conflict by providing a system that aligns the
interest of the owners and managers and putting in place a system of oversight.

Stakeholders

Stakeholders are persons or groups that have a legitimate interest in a business's
conduct and whose concerns should be addressed as a matter of principle. A
stakeholder can be anyone who has any type of stake in a business.

There are several ways to classify stakeholders such as by Proximity, Legitimacy,
Claims, Voice, How much affected, How much affects, Degree of Participation,
9 Engagement, and Public Knowledge.

Each stakeholder has different claims from the organization. For example,
customers demand low price but high quality goods and services; employees seek
higher compensation and good working conditions and environment; trade unions
protect the interest of the employees; Investors require high financial return,
government enforces taxes, imposes laws, and protects public interest; and the
society in general is conscious on the effect of the business to health of
inhabitants, peace and security of the community, jobs creation, economic
development, and preservation of environment.

Which of these conflicting interests are legitimate?

12
Stockholder theory (shareholder theory) argues that shareholders (as principals)
own the company. As owners, they alone have a legitimate claim to influence
over the company. It is the directors’ sole duty to maximize the wealth of the
shareholders.

Under stakeholder theory, management has a duty of care, not just to the owners
of the company in terms of maximizing shareholder value, but also to the wider
community of interest, or stakeholders. Stakeholder theory proposes corporate
accountability to a broad range of stakeholders. In case of conflict of interest, the
managers are responsible to mediate between these different stakeholders’
interest.

Fernando Zobel De Ayala, President & COO of Ayala Corporation said, “We do
not work in isolation. [It is] important to support the very ecosystem that makes
us successful.”

Mendelow classifies stakeholders on a matrix whose axes are power held and
likelihood of showing an interest in the organization’s activities.

Key players are found in Segment D. The organization’s strategy must be
acceptable to them, at least. An example would be a major customer. These
stakeholders may participate in decision-making.

Stakeholders in Segment C must be treated with care. They are capable of moving
to Segment D. They should therefore be kept satisfied. Large institutional
shareholders might fall into Segment C.

Stakeholders in Segment B do not have great ability to influence strategy, but
their views can be important in influencing more powerful stakeholders, perhaps
by lobbying. They should therefore be kept informed. Community representatives
and charities might fall into Segment B.

Minimal effort is expended on Segment A. An example might be a contractor's
employees.

Underlying Principles of Corporate Governance

Good corporate governance allows company to reap the full benefits of
international and local capital markets, improve investors’ confidence, reduce
cost of capital, and induce stable sources of financing.

However, there is no one size fits all framework of corporate governance. Rather,
it must be principles-based to allow a company certain degree of flexibility in
shaping its own best practices based on the company’s age, size, complexity,

13
extent of internal operations, and other factors. Smaller companies may consider
the cost and benefit of implementing certain policies and procedures or decide
that those are less relevant in their case.

According to Teresita J. Herbosa, Chairperson of Securities and Exchange
Commission, “strong corporate governance is founded on the principles of
fairness, accountability, and transparency.”

Fairness means equal treatment. This principle requires that everyone who has
legitimate interest in the company must be taken into account and their rights and
views be respected. For example, the Revised Corporation Code protects minority
shareholders by precluding shareholders to remove directors elected by minority
shareholders without cause.

Corporate accountability means acceptance of full responsibility for the powers
and authority granted to those charged with governance and of obligation to
explain one’s action in carrying out its responsibilities. It requires the board to
present assessment of the company’s position and how the company is achieving
its objectives.

Transparency means open and clear, timely and accurate disclosure of relevant
information, financial or non-financial, to shareholders and other stakeholders, as
well as not concealing material information. Transparency reduces the
information gap between directors and stakeholders. It ensures that stakeholders
can have confidence in the decision-making and management processes of a
company. It can come in the form of annual report or well-documented policies
that reader can understand.

Guided by these principles, the SEC adopted the Code of Corporate Governance
for Public Companies and Registered Issuers (the Code) to promote the
developments of a strong corporate governance culture and keep abreast with
recent developments in corporate governance best practices. The Code is
consistent with the G20/OECD Principles of Corporate Governance and other
internationally recognized corporate governance principles.

The G20/OECD Principles of Corporate Governance laid down the six building
blocks for a sound corporate governance framework.

Ensuring the basis for an effective corporate governance framework
The rights and equitable treatment of shareholders and key ownership
functions
Institutional investors, stock markets, and other intermediaries
The role of stakeholders
Disclosure and transparency

14
 The responsibilities of the board

The author submits the principle of shared responsibility and accountability
among shareholders, board directors, and other stakeholders. Corporate
governance is primarily about how the board steers the company. However, the
shareholders have the power to elect directors and remove them when directors
contravene their duties or act contrary to the principles, values, and ethics of the
company. The shareholders must exert effort and be held accountable in the long-
term value creation for all shareholders. The shareholders’ role cannot be
undermined.

In addition, the interests of the stakeholders create the ecosystem within which
the company operates. Hence, their role is to raise their voices to the company,
and their voices should be heard.

And while corporate governance is a flexible concept, it must always adhere to
principles consistent with the wide interests of stakeholders. In this manner, each
stakeholder’s action is guided by common principles, which action balances
shareholders’ interests.

Finally, it is the view of the author that corporate governance should address the
issues arising from separation of ownership and control, balancing stakeholders’
interest, and the adoption itself of corporate governance principles.

References

Reading materials you may use in this course are the following:

Revised Corporation Code
SEC Code of Corporate Governance
G20/OECDPrinciples of Corporate Governance
The IIA Guiding Principle of Corporate Governance
Any other books or e-books on Governance, Business Ethics, Risk
Management, and Control

Activity

Module 2 explains the three reasons (separation of ownership and control,
Stakeholders, and corporate governance principles) why corporate governance
becomes a widely used and accepted concept in the corporate world. Give another
reason why corporation must implement corporate governance.

Moreover, you may opt to provide underlying principles that corporations may
consider or adopt in the implementation of corporate governance.

15
 Module 3

SEC CODE OF CORPORATE GOVERNANCE

Overview

The Securities and Exchange Commission (SEC) adopted the following:

Code of Corporate Governance for Publicly Listed Companies (SEC
Memorandum Circular No. 19, series of 2016)
Code of Corporate Governance for Public Companies and Registered
Issuers (SEC Memorandum Circular No. 24, series of 2019)

The above Codes were adopted to promote the developments of a strong corporate
governance culture and keep abreast with recent developments in corporate
governance best practices. The Code is consistent with the G20/OECD Principles
of Corporate Governance and other internationally recognized corporate
governance principles.

The Principles of the above Codes are applicable to all companies. Consistent
with the principle of proportionality, Recommendations (objective criteria) on
how the Principles are applied vary among different types of companies such as
publicly listed companies, public companies, and registered issuers. These
differences, if any, are highlighted as the Principles and Recommendations are
discussed.

Publicly listed companies shall cover only those companies whose equity
securities are listed on the Philippines Stock Exchange.

Public company refers to a company with assets of at least P50 million and having
200 or more shareholders holding at least 100 shares of equity securities.

Registered issuer refers to a company that (1) issues proprietary and/or non-
proprietary shares/certificates; (2) issues equity securities to the public that are
not listed in an Exchange; or (3) issues debt securities to the public that are
required to be registered to the SEC, whether or not listed in an Exchange.

Comply or Explain

The adoption of comply or explain approach is to address the perceived
overregulation of SEC.

Under the “comply or explain” operative principle, compliance with the Code is
not mandatory. But it is mandatory to submit to SEC the company’s annual

16
corporate governance reports and disclose any deviations from the
Recommendations of the SEC. Such reports that shall be available to the public,
including the company’s shareholders and other stakeholders.

This approach combines voluntary compliance with mandatory disclosure. It is
not a rigid set of rules. Rather, it is principles-based which allows company to
implement alternative corporate governance practices, which are justified in
particular circumstances. When a Recommendation is not complied with, the
company must disclose and describe this non-compliance, and explain how the
overall Principle is being achieved. The alternative should be consistent with the
overall Principle.

The Code is designed to allow companies some flexibility in establishing their
own corporate governance practices. This is consistent with the principle of
proportionality where the SEC addresses specific segments of the corporate
sector, which may be differentiated on the basis of company type, size, access to
public funds and risk profile, among others. Smaller companies may decide that
the costs of some of the provisions outweigh the benefits or are less relevant in
their case.

Course Objectives

After studying this module, you should be able to

Explore the objectives, content, and limitations of SEC Code of
Corporate Governance intended to apply to domestic corporations;
Explain the underlying principles adopted by SEC Code of Corporate
Governance towards a more effective corporate governance framework;
Explain and evaluate the roles and responsibilities of those charged with
governance, the importance of board committees in corporate governance

Course Materials

The SEC Code of Corporate Governance espouses 16 principles under four broad
categories.

The board’s governance responsibilities

Establishing a competent board
Establishing clear roles and responsibilities of the board
Establishing board committees
Fostering commitment
Reinforcing board independence
Assessing board performance

17
 Strengthening board ethics

Disclosure and transparency

Enhancing company disclosure policies and procedures
Strengthening the external auditor’s independence and improving audit
quality
Increasing focus on non-financial and sustainability reporting
Promoting a comprehensive and cost-efficient access to relevant
information

Internal control system and risk management frameworks

Strengthening the internal control system and risk management systems

Cultivating a synergic relationship with shareholders/ members

Promoting shareholder/member rights

Duties to stakeholders

Respecting rights of stakeholders and effective redress for violation of
stakeholder’s rights
Encouraging employees’ participation
Encouraging sustainability and social responsibility

Establishing a Competent Board

The company should be headed by a competent, working board to foster the long-
term success of the corporation, and to sustain its competitiveness and
profitability in a manner consistent with its corporate objectives and the long-
term best interests of its shareholders and other stakeholders. This can be achieved
by implementing the following Recommendations: The Board should –

be composed of directors with a collective working knowledge,
experience or expertise that is relevant to the company’s industry/sector.
be headed by a competent and qualified Chairperson
provide a policy on the training of directors
have a policy on board diversity
be assisted by a Corporate Secretary and a Compliance Officer

It is the shareholders’ duty to elect competent board of directors and remove those
who failed to maintain their qualifications. The Revised Corporation Code

18
prescribed the legal qualifications of a director (see p.59). In addition, the
corporation may provide in its By-laws additional directors' or trustees'
qualifications consistent with the good corporate governance practices.

The Board should be headed by a competent and qualified Chairperson. The
Chairman shall possess all the qualifications and none of the disqualifications of
a director.

The Company should provide a policy on the training aimed to promote effective
board performance and continuing qualification of the directors in carrying-out
their duties and responsibilities.

It is suggested that the orientation program for first-time directors, in any
company, be for at least eight hours, while the annual continuing training be for
at least four hours.

New directors shall undergo at least eight-hour orientation program on the
Corporation’s business and corporate structure, vision and mission, corporate
strategy, Governance Codes and Policies, Articles, By-Laws, Company’s Manual
of Corporate Governances, the Charters, the SEC-mandated topics on governance
matters and other matters essential for the effective performance of their duties
and responsibilities.

Incumbent directors shall attend a four-hour annual continuing training program
involving courses on corporate governance at least once a year. It involves
courses on corporate governance matters relevant to the company, including
audit, internal controls, risk management, sustainability and strategy.

For the conduct of traying, variety of approaches to training may be appropriate,
including lectures, case studies and networking groups.

The Board should have a policy on board diversity. Diversity is the variation of
social and cultural identities among people existing together in a defined
employment or market setting.

A board diversity policy considers diversity in gender, age, ethnicity, culture,
skills, competence and knowledge. On gender diversity policy, a good example
is to increase the number of female directors, including female independent
directors.

The Board should be assisted in its duties by a Corporate Secretary, who should

be a resident and citizen of the Philippines.
not be a member of the Board of Directors

19
 be a separate individual from the Compliance Officer
annually attend a training on corporate governance
have a working knowledge of the operations of the Company
possess appropriate administrative, interpersonal and legal skills,
be aware of the laws, rules and regulations necessary in the performance
of his duties or responsibilities, and
have at least an understanding of basic financial and accounting matters.

The Board should ensure be assisted in its duties by a Compliance Officer. The
Compliance Officer should

not be a member of the Board of Directors
should annually attend a training on corporate governance.
have a rank of Senior Vice President or an equivalent position with
adequate stature and authority in the corporation

Establishing Clear Roles and Responsibilities of the Board

The fiduciary roles, responsibilities and accountability of the Board as provided
under the law, the company’s articles and by-laws, and other legal
pronouncements and guidelines should be clearly made known to all directors as
well as to stockholders and other stakeholders.

The Board is collectively responsible for the sustainable long-term shareholder
value of the institution, sustain its competitiveness, profitability and industry
leading position in a manner consistent with its corporate objectives.

The Board members should act on a fully informed basis, in good faith, with due
diligence and care, and in the best interest of the company and all shareholders.

The elements of fiduciary duty of board members are the duty of care (which
includes the duty of obedience and duty of diligence) and the duty of loyalty.

Duty of obedience requires compliance with law, rules, and court orders. The
directors or trustees elected shall perform their duties as prescribed by law, rules
of good corporate governance, and bylaws of the corporation. Directors, trustees,
and officers have the duty to act intra vires and within authority.

Under duty of diligence, directors, trustees, and officers are required to exercise
good faith and due care in the performance of their functions, otherwise, they
shall be held liable.

20
The duty of loyalty mandate that directors/trustees should not give preference to
their own personal amelioration by taking the opportunity belonging to the
corporation.

The Board should oversee the development of and approve the company’s
business objectives and strategy, and monitor their implementation, in order to
sustain the company’s long-term viability and strength.

The Board should be responsible for ensuring and adopting an effective
succession planning program for directors, key officers and management. The
smooth and efficient transition of company leadership to highly competent and
qualified individuals is the goal of succession planning. This will ensure growth
and a continued increase in the shareholders’ value.

Directors shall not receive any compensation, as such, except for reasonable per
diem, unless such compensation is provided in the By-Laws or granted by a vote
of the stockholders representing at least a majority of the outstanding capital stock
of the Company. The Directors shall not decide on their own compensation, other
than per diem.

The Board should have a formal and transparent board nomination and election
policy. The Committee may use external sources, such as professional search
firms, director databases and/or other reputable external sources to further
enhance the search for and widen the base of potential nominees. The Committee
shall assist the Board in making an assessment of the effectiveness of the
processes and procedures in the nomination, election and replacement of a
director.

The Board should have the overall responsibility in ensuring that there is a group-
wide policy and system governing related party transactions (RPTs) and other
unusual or infrequently occurring transactions, particularly those which pass
certain thresholds of materiality. The policy should include the appropriate
review and approval of material or significant RPTs, which guarantee fairness
and transparency of the transactions. The policy should encompass all entities
within the group, taking into account their size, structure, risk profile and
complexity of operations.

The Management is primarily accountable to the Board for the operations of the
Company. In the selection process, fit and proper standard should be applied. In
this regard, the following shall be considered: integrity, probity, physical and
mental fitness, competence, relevant education or training; possession of
competencies relevant to the job, such as technical expertise and experience in
the company, skills, diligence and independence of mind, and sufficiency of time
to fully carry out responsibilities.

21
The Board shall appoint the executive officers who are the President or the Chief
Executive Officer, the Vice-Presidents (or their equivalent roles in the Company
structure), the Treasurer and/or the Chief Finance Officer (CFO), Chief Risk
Officer, Chief Compliance Officer, the Corporate Secretary, and Chief Audit
Executive.

The Board should establish an effective performance management framework
that will ensure that the Management, including the Chief Executive Officer, and
personnel’s performance is at par with the standards set by the Board and Senior
Management.

The Board should oversee that an appropriate internal control system is in place,
including setting up a mechanism for monitoring and managing potential conflicts
of interest of Management, board members, and shareholders. The Board should
also approve the Internal Audit Charter.

The Board should oversee that a sound enterprise risk management (ERM)
framework is in place to effectively identify, monitor, assess and manage key
business risks. The risk management framework should guide the Board in
identifying units/business lines and enterprise-level risk exposures, as well as the
effectiveness of risk management strategies.

The Board should have a Board Charter that formalizes and clearly states its roles,
responsibilities and accountability in carrying out its fiduciary duties. The Board
Charter should serve as a guide to the directors in the performance of their
functions and should be publicly available and posted on the company’s website.

Establishing Board Committees

The Revised Corporation Code allows the Board to create Executive Committee
and other special committees, which it can delegate its functions but not its
responsibilities. It is a good governance practice to establish board committees
that focus on specific board functions to aid in the optimal performance of its
roles and responsibilities. The Board may establish the following committees:

Audit Committee
Corporate Governance Committee
Board Risk Oversight Committee
Related Party Transactions Committee
Nomination Committee
Remuneration Committee
Committee of Inspectors of Ballots and Proxies
Finance Committee

22
 Technology Strategy Committee
Technical Support to Committees

If the bylaws so provide, the board may create an executive committee. In the
absence of a provision in the by-laws, the board, by itself, cannot create an
executive committee. If the executive committee was not validly constituted, the
members thereof maybe considered de facto officers.

The Board should establish an Audit Committee to enhance its oversight
capability over the company’s financial reporting, internal control system,
internal and external audit processes, and compliance with applicable laws and
regulations.

The Board should establish a Corporate Governance Committee that should be
tasked to assist the Board in the performance of its corporate governance
responsibilities, including the functions that were formerly assigned to a
Nomination and Remuneration Committee. It should be composed of at least
three members, all of whom should be independent directors, including the
Chairman.

Subject to a corporation’s size, risk profile and complexity of operations, the
Board should establish a separate Board Risk Oversight Committee (BROC) that
should be responsible for the oversight of a company’s Enterprise Risk
Management system to ensure its functionality and effectiveness.

Subject to a corporation’s size, risk profile and complexity of operations, the
Board should establish a Related Party Transaction (RPT) Committee, which
should be tasked with reviewing all material related party transactions of the
company and should be composed of at least three non-executive directors, two
of whom should be independent, including the Chairman.

The Nomination Committee shall be primarily tasked with the duty of
implementing a formal and transparent board nomination and election policy that
should include how it accepts nominations from the shareholders, including
minority and non-controlling, and how it reviews the qualifications of nominated
candidates.

The Remuneration Committee is primarily tasked with the establishment and
implementation of a formal and transparent procedure and policy for determining
the remuneration of directors and officers that is consistent with the Company’s
culture and strategy as well as the business environment in which it operates.

The Board shall appoint three (3) persons (who need not be stockholders) to act
as the Committee of Inspectors of Ballots and Proxies which shall be empowered

23
to pass on the validity of proxies. The Committee of Inspectors of Ballots and
Proxies shall be guided by existing laws, and rules and regulations of the SEC
regarding proxies. The term of office of the Committee members shall be fixed
by the Board. In the event of vacancy in the Committee membership, the Board
may appoint another member to fill such vacancy.

The Finance Committee shall have the principal oversight responsibility with
respect to the company’s capital allocation process, financial operation, and its
treasury-related activities and policies. The Finance Committee shall define its
own charter and fix its own rules of procedures. The Finance Committee shall be
responsible for reviewing and evaluating the financial affairs of the Corporation
from time to time.

All established committees should be required to have Committee Charters
stating in plain terms their respective purposes, memberships, structures,
operations, reporting standards for evaluating the performance of the
Committees. It should also be fully disclosed on the company’s website. The
Committee Charter clearly defines the roles and accountabilities of each
committee to avoid any overlapping functions, which aims at having a more
effective board for the company. This can also be used as basis for the assessment
of committee performance.

Fostering Commitment

The Board shall hold regular meetings on the date and time schedules in the by-
laws. Otherwise, the meetings shall be held monthly. The Board shall convene
for special meetings when required by business exigencies.

Independent and non-executive directors may concurrently serve in Boards of
other companies, provided, at any given time, it will not exceed

Five publicly listed companies,
Ten public companies and/or registered issuers, or
Five public companies and/or registered issuers if the director also sits in
at least three publicly listed companies

A company may provide a policy for the directorship limits of executive directors.
A company may also consider directorship in related companies such as
subsidiaries, affiliates, parent corporation, and affiliates and subsidiaries of the
parent corporation as one or exclude those from the limitations in the number of
directorships.

24
Reinforcing Board Independence

The Board should endeavor to exercise objective and independent judgment on
all corporate affairs.

Independence of the board rests on the proper mix of executive and non-executive
directors, on the separation of the positions of Chairperson and Chief Executive
Officers, and on the proper disclosure of adverse interests of directors affecting
the corporation.

The right combination of non-executive directors, which include independent
directors, and executive directors, ensures that no director or small group of
directors can dominate the decision-making process.

Executive director is a director who has executive responsibility of day-to-day
operations of a part or the whole of the organization. Non-executive director is a
director who has no executive responsibility and does not perform any work
related to the operations of the corporation. Independent director is a person who
is independent of management and the controlling shareholder and is free from
any business or other relationship which could, or could reasonably be perceived
to, materially interfere with his exercise of independent judgment in carrying out
his responsibilities as a director.

The position of Chairman of the Board and President/CEO shall be held by
separate individuals, who are not related to each other, and each shall have clearly
defined responsibilities.

A director with a material or potential interest in any transaction affecting
corporation should fully disclose his adverse interest, abstain from taking part in
deliberations for the same and recuse from voting on the approval of the
transaction.

The contract of the corporation with a self-dealing director/trustee, his spouse, or
relative within fourth civil degree of consanguinity or affinity is voidable.
However, the contract is perfectly valid if all the following conditions are present.

The presence of such director or trustee in the board meeting in which
the contract was approved was not necessary to constitute a quorum for
such meeting;
The vote of such director or trustee was not necessary for the approval of
the contract;
The contract is fair and reasonable under the circumstances;

25
 In case of corporations vested with public interest, material contracts are
approved by at least a majority of the independent directors voting to
approve the material contract; and
In case of an officer, the contract has been previously authorized by the
board of directors.
If any of the above conditions are not present, the corporation, through
its board of directors/trustees, can annul the contract in a judicial
proceeding within the prescriptive period, otherwise, the contract remains
in force.

However, even if the corporation decides to annul the contract, the
stockholders/members can ratify the contract with self-dealing director/trustee:

By stockholders representing at least two-thirds (2/3) of the outstanding
capital stock or of at least two-thirds (2/3) of the members in a meeting
called for the purpose
Full disclosure of the adverse interest of the directors or trustees involved
is made at such meeting and
The contract is fair and reasonable under the circumstances.

Fairness typically requires that the transaction reflect terms one would expect in
an arm’s length transaction.

For contracts with self-dealing officers, stockholders/members ratification is not
required. It is within the power of the board to ratify the subject contracts.

Contracts with interlocking directors are likewise subject to limitations.
Interlocking directorship by itself is not prohibited. But the by-laws may prohibit
interlocking directorship. There is an interlocking director when one of the
directors in one corporation is also a director in another corporation. The contract
entered between such corporation is valid but subject to the following rules:

1. the contract is valid or shall not be invalidated on the sole ground of
interlocking directorship; provided that: contract is not fraudulent and the
contract is fair and reasonable
2. if the interest of the interlocking director in one (1) corporation is
substantial and the interest in the other corporation or corporations is
merely nominal, the rules on self-dealing directors shall apply.
Stockholding exceeding twenty percent (20%) of the outstanding capital
stock shall be considered substantial for purposes of interlocking
directors.

Each director has a duty of loyalty to the corporation. Breach of this loyalty will
subject the director to liability. Under the Doctrine of Corporate Opportunity,

26
unless ratified by stockholders, a director shall refund to the corporation all the
profits he realizes on a business opportunity which:

The corporation is financially able to undertake;
From its nature, is in line with corporation’s business and is of practical
advantage to it; and
The corporation has an interest or a reasonable expectancy.

The rule applies even if the director risked one's own funds in the venture. If the
act has been ratified by a vote of the stockholders owning or representing at least
two-thirds (2/3) of the outstanding capital stock, the director is excused from
remitting the profit realized.

The doctrine is not applicable to the following instances:

When a director engages in a distinct enterprise of the same general class
of business as that which his corporation is engaged in, so long as he acts
in good faith;
The opportunity is one which is not essential to the corporation’s
business, or employment of company’s resources, or where the director
or officer embracing opportunity personally is not brought into direct
competition with the corporation; or
When the property or business opportunity has ceased to be a “corporate
opportunity” and has transformed into a “personal opportunity”. In such
a case the corporation is definitely no longer able to avail itself of the
opportunity, which may “arise from financial insolvency”, or from legal
restrictions, or from any other factor which prevents it from acting upon
the opportunity for its own advantage.
If the action was made after the resignation of the director.
When two related corporations are involved even if there is interlocking
directorship.

Assessing Board Performance

The best measure of the Board’s effectiveness is through an assessment process.
The Board should regularly carry out evaluations to appraise its performance as
a body and assess whether it possesses the right mix of backgrounds and
competencies.

The Board should conduct an annual self-assessment of its performance,
including the performance of the Chairman, individual members and committees.
For publicly listed companies, the annual self-assessment shall, as practicable, be
supported by an external facilitator every three years.

27
Strengthening Board Ethics

Members of the Board are duty-bound to apply high ethical standards, taking into
account the interests of all stakeholders.

The Company shall adopt, implement and monitor compliance with: (A) a Code
of Business Conduct and Ethics that provides the general standards for
professional and ethical behavior for the Company, its Directors, Officers,
Executives and employees in their internal and external dealings, and (B) policies
implementing the Code of Business Conduct and Ethics, governing, among
others:

Conflict of Interest;
Gift-Giving and Anti-Corruption;
Gifts, Entertainment and Sponsored Travel;
Whistleblowing; and
Suppler/Contractor Relations.

Enhancing Company Disclosure Policies and Procedures

The company should establish corporate disclosure policies and procedures that
are practical and in accordance with best practices and regulatory expectations.

All corporations are required to submit to SEC the reportorial requirements
required under SEC Memorandum Circular No. 2, series of 2020. In addition to
the SEC requirements, publicly listed companies are required to comply with the
PSE Disclosure Rules.

Section 23 of the Securities Regulation Code prescribed that a director or an
officer of the issuer of the security, shall file, at the time either such requirement
is first satisfied or within ten (10) days after he becomes such a beneficial owner,
director, or officer, a statement with the SEC and to the PSE and the PDEX (if
the security is listed for trading) of the amount of all equity securities of such
issuer of which he is the beneficial owner, and within ten (10) days after the close
of each calendar month thereafter, if there has been a change in such ownership
during such month.

The company’s corporate governance policies, programs and procedures should
be contained in its Manual on Corporate Governance, which should be submitted
to the regulators and posted on the company’s website.

In addition, publicly listed companies should fully disclose all relevant and
material information on individual board members and key executives to evaluate

28
their experience and qualifications and assess any potential conflicts of interest
that might affect their judgment.

Strengthening the External Auditor’s Independence and Improving Audit Quality

The company should establish standards for the appropriate selection of an
external auditor, and exercise effective oversight of the same to strengthen the
external auditor’s independence and enhance audit quality.

It is the responsibility of the Audit Committee to

recommend the appointment, reappointment, removal, and fees of the
external auditor
assessing the integrity and independence of external auditors
disclose the nature of non-audit services performed by its external auditor

Financial Statements covered by SRC Rule 68 shall be audited by independent
auditors who are duly registered with the Board of Accountancy (BOA) of the
Professional Regulation Commission (PRC) in accordance with the rules and
regulations of said professional regulatory bodies. A corporation with financial
statements audited by an independent auditor who is not registered with the BOA
shall be subject to appropriate fines.

Increasing Focus on Non-Financial and Sustainability Reporting

The company should ensure that material and reportable non-financial and
sustainability issues are disclosed.

The Board should have a clear and focused policy on the disclosure of non-
financial information, with emphasis on the management of economic,
environmental, social and governance (EESG) issues of its business, which
underpin sustainability. Companies should adopt a globally recognized
standard/framework in reporting sustainability and non-financial issues.

On February 15, 2019, SEC issued the Sustainability Reporting Guidelines for
Publicly Listed Companies (Memorandum Circular No. 4, series of 2019). The
Board shall be instrumental in maintaining the standards espoused in the
Corporation’s sustainability framework and the policies thereof.

Promoting a Comprehensive and Cost-Efficient Access to Relevant Information

The company should maintain a comprehensive and cost-efficient
communication channel for disseminating relevant information. This channel is

29
crucial for informed decision-making by investors, stakeholders and other
interested users.

Companies should have a website, at the very least. A company website should
contain, among others, the Manual on Corporate Governance, Annual Corporate
Governance Report, Board Charter, Committee Charters, the company’s Code of
Business Conduct and Ethics.

Publicly listed companies should include media and analysts’ briefings as
channels of communication.

Companies may also utilize participation in investor conferences, adhoc
briefings, roadshows, conference calls and one-on-one meetings; and timely
official disclosures via PSE EDGE. The Corporation may also use other available
media channels to extend communication to stakeholders, as applicable.

Strengthening the Internal Control System and Enterprise Risk Management
Framework

To ensure the integrity, transparency and proper governance in the conduct of its
affairs, the company should have a strong and effective internal control system
and enterprise risk management framework.

The Company should have an adequate and effective internal control system and
an enterprise risk management framework in the conduct of its business, taking
into account its size, risk profile and complexity of operations.

Promoting Shareholder Rights

The company should treat all shareholders fairly and equitably, and also
recognize, protect and facilitate the exercise of their rights.

It is the duty of the Board to promote stockholder rights, remove impediments to
the exercise of stockholder rights and provide effective redress for violation of
their rights.

The Board should ensure that basic shareholder rights are disclosed in the Manual
on Corporate Governance and on the company’s website. It is the responsibility
of the Board to adopt a policy informing the shareholders of all their rights.

Shareholders’ rights relate to the following, among others:

A. Right to participate in the management by exercising the right to vote.

30
 Corollary, the right to vote carries the following rights of stockholders:

Right to nominate candidates to the Board of Directors;

Right to be informed of the nomination and removal process;
Right to be informed of the voting procedures that would govern the
Annual and Special Shareholders’/Members Meeting.
Right to elect directors
Right to remove directors

Right to participate in the approval of certain corporate acts

Right to notice of meetings and right to attend meetings
Right to appoint a proxy
Right to Propose the Holding of Meetings and to Propose Agenda
Items

B. Appraisal Rights

C. Right to income and assets of the corporation

Right to Dividend;
Proportionate participation in the distribution of assets in liquidation

D. Right to protect/transfer ownership

Right to issuance of stock certificate for fully paid shares
Right to transfer of stock in corporate books
Pre-emptive rights;
Right of first refusal, if granted

E. Right to information

Right to inspect books and records
Right to be furnished of the most recent financial statement/financial
report
Right to be notified of certain corporate acts

F. Remedies for infringement of Shareholder rights such as individual suit,
representative suit, derivative suit, or alternative dispute resolution

31
Respecting Rights of Stakeholders and Effective Redress for Violation of
Stakeholder’s Rights

The rights of stakeholders established by law, by contractual relations and
through voluntary commitments must be respected. Where stakeholders’ rights
and/or interests are at stake, stakeholders should have the opportunity to obtain
prompt effective redress for the violation of their rights.

The Board should identify the company’s various stakeholders and promote
cooperation between them and the company in creating wealth, growth and
sustainability.

Stakeholders in corporate governance include, but are not limited to, customers,
employees, suppliers, shareholders, investors, creditors, the community the
company operates in, society, the government, regulators, competitors, external
auditors, etc. In formulating the company’s strategic and operational decisions
affecting its wealth, growth and sustainability, due consideration is given to those
who have an interest in the company and are directly affected by its operations.

The Board should adopt a transparent framework and process that allow
stakeholders to communicate with the company and to obtain redress for the
violation of their rights.

Encouraging Employees’ Participation

A mechanism for employee participation should be developed to create a
symbiotic environment, realize the company’s goals and participate in its
corporate governance processes.

Encouraging Sustainability and Social Responsibility

The company should be socially responsible in all its dealings with the
communities where it operates. It should ensure that its interactions serve its
environment and stakeholders in a positive and progressive manner that is fully
supportive of its comprehensive and balanced development.

The company should recognize and place an importance on the interdependence
between business and society and promote a mutually beneficial relationship that
allows the company to grow its business, while contributing to the advancement
of the society where it operates.

The company’s value chain consists of inputs to the production process, the
production process itself and the resulting output. Sustainable development
means that the company not only complies with existing regulations, but also

32
voluntarily employs value chain processes that takes into consideration economic,
environmental, social and governance issues and concerns. In considering
sustainability concerns, the company plays an indispensable role alongside the
government and civil society in contributing solutions to complex global
challenges like poverty, inequality, unemployment and climate change.

References

Reading materials you may use in this course are the following:

SEC Code of Corporate Governance for Publicly Listed Companies
SEC Code of Corporate Governance for Public Companies and
Registered Issuers
Revised Corporation Code
Sustainability Reporting Guidelines
Code of Business Conduct and Ethics
Corporate Governance Manual
Any other books or e-books on Governance, Business Ethics, Risk
Management, and Control

Activity

The purpose of the SEC Code of Corporate Governance is to promote the
developments of a strong corporate governance culture and keep abreast with
recent developments in corporate governance best practices. In line with this,
when the SEC knew that you have studied this module, the SEC hired you to
assess whether the Code of Corporate Governance is aligned with its objectives.
Give a principle that you want to add to or remove from the Code of Corporate
governance and explain why it should be added or removed.

33
 Module 4

BUSINESS ETHICS, CORPORATE SOCIAL RESPONSIBILITY,
AND SUSTAINABILITY

Overview

Ethics derives from the Greek word ethos – meaning “character.” Ethics is
concerned with understanding right and wrong and how conduct should be judged
to be good or bad.

Three general areas constitute a framework for understanding ethical theories:
metaethics, normative ethics, and descriptive ethics.

Metaethics is the study of the nature of ethics. It considers where one’s ethical
principles “come from, and what they mean.” Metaethical focuses on issues of
universal truths, the will of God, the role of reason in ethical judgments, and the
meaning of ethical terms themselves.

Normative ethics is the study of ethical action. It deals on the practical side of the
ethics. It tells the people what to do and what not to do.

Descriptive ethics is the study of people’s views about moral beliefs. It also
relates to presenting – describing but not interpreting or evaluating – facts, events,
and ethical actions in specific situations and places.

When the ethical principles and methods of analysis are applied to business, it is
called business ethics.

Laura Nash defined business ethics as “the study of how personal moral norms
apply to the activities and goals of commercial enterprise. It is not a separate
moral standard, but the study of how the business context poses its own unique
problems for the moral person who acts as an agent of this system.”

Business ethics is an organization’s policies and standards established to ensure
certain kinds of behavior by its members. It must be a fundamental aspect of
mission, since everything the organization does flows from that. Managers
responsible for strategic decision-making should consciously apply ethical rules
to all their decisions in order to filter out potentially undesirable developments.

34
Course Objectives

After studying this module, you should be able to

Define the components of business ethics.
Formulate ethical decision in business
Understand the concept, applicability, and reporting in respect to
Corporate Social Responsibility and Sustainability.
Explain the concept of corporate citizen and intergenerational
responsibility.

Course Materials

Business Ethics

The Board should adopt a Code of Business Conduct and Ethics and ensure its
proper and efficient implementation and monitoring of compliance.

Code of Business Conduct and Ethics provides standards for professional and
ethical behavior, as well as articulate acceptable and unacceptable conduct and
practices in internal and external dealings. It explains what behavior is expected
of all employees and provides the standards that guide the work of the company
and how the employees should relate to customers, competitors, vendors, and to
other employees.

The Code of Business Conduct and Ethics shall cover and apply equally to all
employees. Failure to comply with the standards contained in the Code will result
in disciplinary action, including termination of employment. In some cases, civil
and criminal actions are warranted.

Most large companies adhere to the following ethical principles and values
described as follows:

Accountability. Taking full responsibility for business decisions,
actions/inactions, and conduct.
Integrity. Acting righteously, morally and legally and under the highest
standards of ethics.
Fairness. Uphold the value of justice and fair play amongst everyone we
deal with, both internally and externally.
Transparency. Uphold the value of truthfulness in everything we do
coupled with the quality of being open to scrutiny as we provide and
disclose accurate material information in a timely manner.

35
Some of the commitments of the Company, its directors, officers and employees
in their behavior and various business dealings are relate to the following:

Honesty and Fair Dealing.
Compliance with laws
Conflicts of Interest and Corporate Opportunities.
Corporate Entertainment/Gifts
Creditor Rights
Conduct Towards Colleagues
Confidential Information
Accounting of Funds
Proper Use of Property

Ethical reasoning is required in business for at least three reasons. First, many
times laws do not cover all aspects or “gray areas” of a problem. Second, free-
market and regulated- market mechanisms do not effectively inform owners and
managers how to respond to complex issues that have far reaching ethical
consequences. A third argument holds that ethical reasoning is necessary because
complex moral problems require “an intuitive or learned understanding and
concern for fairness, justice, [and] due process to people, groups, and
communities.

Corporate Social Responsibility

Corporate Social Responsibility or CSR is defined by the World Bank as the
commitment of business to behave ethically and to contribute to sustainable
economic development by working with all relevant stakeholders to improve their
lives in ways that are good for businesses, the sustainable developments agenda,
and society at large.

CSR-related activities include the following: Charitable programs and projects,
Scientific research, Youth and sports development, Cultural or educational
promotion, Services to veterans and senior citizens, Social welfare,
Environmental sustainability, Health development, Disaster relief and assistance,
Employees and worker welfare related activities.

CSR activities becomes strategic when they are concerned with the long-term
success of the business and should therefore be beneficial to the business as well
as to society.

Examples of strategic CSR initiatives might include:

A pharmaceutical company funding the training of medical staff, in the
hope that when qualified they will source drugs from that company.

36
 A bank providing free internet training for senior customers, who might
then be disposed to buying financial products.
Encouraging employees to nominate and get involved in good causes, in
order to develop loyalty to the company.
Sponsoring sports teams in return for advertising space on shirts, other
merchandise, and at the ground.

CSR is a broad concept of corporate citizenship, which provides that as a citizen,
a corporation has social, cultural, and environmental responsibilities to the
community where is operates, as well as economic and financial ones to its
shareholders and immediate stakeholders.

House Bill 9061 seeks to institutionalize corporate social responsibility in
corporations, whether domestic or foreign, partnership and other establishment
performing business in the country.

It also allows corporation to retain surplus profits in excess of 100 percent of their
paid-in capital stock for corporate social responsibility projects and programs
approved by the board of directors.

Sustainability

SEC issued Sustainability Reporting Guidelines for Publicly Listed Companies
(Memorandum Circular No. 4, series of 2019) to promote sustainability reporting
in the Philippines. The Guidelines adopted the comply or explain approach for
the first three years upon implementation.

Based on the Guidelines, Sustainability is defined as “development that meets the
needs of the present without compromising the ability of future generations to
meet their own needs.” It focuses on how a company manages its economic,
environmental and social impacts, risks and opportunities.

Sustainability is not the ability of the business to continue as a going concern.
Rather, it involves developing strategies so that the organization only uses
resources (inputs) at a rate that allows them to be replenished (in order to ensure
that they will continue to be available). At the same time emissions of waste
(outputs) are confined to levels that do not exceed the capacity of the environment
to absorb them.

Sustainability has three pillars: economic, environmental, and social. These
pillars are also referred to as people, planet, and profits.

37
The phrase “the triple bottom line” was first coined in 1994 by John Elkington,
the founder of a British consultancy called Sustainability. His argument was that
companies should be preparing three different (and quite separate) bottom lines.

People means balancing up the interests of different stakeholders and not
automatically prioritizing shareholder needs.
Planet means ensuring that the business's activities are environmentally
sustainable.
Profit is the accounting measure of the returns of the business.

The aim of the triple bottom line is to measure the financial, social and
environmental performance of the corporation over a period of time. Only a
company that produces a TBL is taking account of the full cost involved in doing
business.

The Reporting Principles for defining report quality guide choices on ensuring
the quality of information in a sustainability report, including its proper
presentation. The quality of information is important for enabling stakeholders to
make sound and reasonable assessments of an organization, and to take
appropriate actions.

The Guidelines provides a Sustainability Reporting Framework for Philippine
PLCs that builds upon four of the globally accepted frameworks, which
companies use to report on sustainability and non-financial information, namely:

Global Reporting Initiative’s (GRI) Sustainability Reporting Standards
International Integrated Reporting Council’s (IIRC) Integrated Reporting
(IR) Framework
Sustainability Accounting Standards Board’s (SASB) Sustainability
Accounting Standards
Task Force on Climate-related Financial Disclosure (TCFD).

Broadly, sustainability performance is measured in the way the corporation
conducts its business, and how it manages its key economic, environmental and
social impacts. Disclosures should reflect these impacts.

Disclosure are also required on how companies are able to contribute to the
United Nations Sustainable Development Goals (SDGs) through their products
and services. SDGs are a universal call to action, to end poverty, protect the planet
and ensure that all people enjoy peace and prosperity and includes seventeen (17)
goals.

Under the Doctrine of Intergenerational Responsibility, minors have personality
to sue on behalf of the succeeding generations insofar as the right to a balanced

38
and healthful ecology is concerned. Such a right considers the "rhythm and
harmony of nature." Nature means the created world in its entirety. Such rhythm
and harmony indispensably include, inter alia, the judicious disposition,
utilization, management, renewal and conservation of the country's forest,
mineral, land, waters, fisheries, wildlife, off-shore areas and other natural
resources to the end that their exploration, development and utilization be
equitably accessible to the present as well as future generations. Needless to say,
every generation has a responsibility to the next to preserve that rhythm and
harmony for the full enjoyment of a balanced and healthful ecology. Put a little
differently, the minors' assertion of their right to a sound environment constitutes,
at the same time, the performance of their obligation to ensure the protection of
that right for the generations to come.

References

Reading materials you may use in this course are the following:

SEC Code of Corporate Governance
Sustainability Reporting Guidelines
Code of Business Conduct and Ethics
Any other books or e-books on Governance, Business Ethics, Risk
Management, and Control

Activity

One2Three Corporation hired you as internal auditor. Your first engagement is to
evaluate the environmental, social, and governance landscape of the company.
During the internal audit, you raised to the management the issue that the
company had no code of business conduct and ethics nor policies on corporate
social responsibility and sustainability. The management, then, asked your advice
so they can at least improve these areas. Provide at least one recommendation.
Your recommendation may be in the form of a provision to be added to the code
of business conduct and ethics, a policy or activity regarding corporate social
responsibility and sustainability.

39
 Module 5

FUNDAMENTAL CONCEPTS OF RISK AND THE RISK
MANAGEMENT PROCESS

Overview

Various publications view risk as a by-product of setting objectives, whether for
profit or not for profit.

Risk is the effect of uncertainty on objectives.

Risk is the combination of the probability of occurrence of harm and the severity
of that harm.

Risk is the possibility that events will occur and affect the achievement of
business objectives.

Risk is the possibility of an event occurring that will have an impact on the
achievement of objectives. Risk is measured in terms of impact and likelihood.

Simply put, risk is the deviation from expectations. It can be positive or negative.

Note that risk is not the harm itself. Rather, risk is merely a possibility that harm
will occur. What causes harm is hazard. For example, the slippery floor at 5th
floor, PUP Main Building after the janitor applies the floor wax can be considered
hazard to some students and teachers. The probability that someone might be
harmed by slipping and failing is the risk.

Hazard can be qualified in order to define the origin of the hazard or the nature
of the expected harm (e.g. “electric shock hazard”, “crushing hazard”, “cutting
hazard”, “toxic hazard”, “fire hazard”, “drowning hazard”).

Moreover, the concept of risk does not always relate to harm. Risk can likewise
create opportunities. Investing in stocks presents a speculative risk where either
a gain or loss can result.

The concept of risk must be distinguished from uncertainty. Frank Knight (1921)
distinguished two types of uncertainty. First type is called uncertainty risk or not
knowing the potential outcomes and the probability of these outcomes. Second
type is called Genuine uncertainty where the potential outcomes and their
probabilities are unknown.

40
Betting in a game of chance is an example of risk because you would know the
possible outcomes and their probabilities. For example, a game of Cara y
Cruz has two possible outcomes (head or tails); you have 50% chance of
winning. A color game at perya during fiesta in your hometown with three
colorful dice has twenty color combinations; which means you have 1/20 or 5%
change of winning.

But if you bet in a color game with unknown number of dice, this would not be a
risk. It is an example of Genuine uncertainty. Courting a lady is a risk or
uncertainty? You bet.

Course Objectives

After studying this module, you should be able to

Interpret fundamental concepts of risk and the risk management process;
Identify and assess the impact on the stakeholders involved in business
risk
Explain the dynamic nature of risk assessment;
Identify the types of risk facing an organization;
Identify and asses how business organizations use policies and
techniques to mitigate various types of business and financial risks;
Explain and assess the importance of risk transfer, avoidance, reduction,
and acceptance.

Course Materials

Classification of Risks

Risks can be classified based on its effect, controllability, correlation, impact, and
drivers.

Risks can be fundamental, particular, speculative, and pure. Fundamental risks
are those that affect society in general. It is beyond the control of any one e.g. risk
of atmospheric pollution. Particular risks are risks over which an individual may
have some measure of control. For example, there is a risk attached to smoking
and we can mitigate that risk by refraining from smoking. Speculative risks are
those from which either good or harm may result. Investing in stocks as discussed
earlier presents a speculative risk because either a gain or loss can result. Pure
risks are those whose only possible outcome is harmful e.g., risk of loss due to
fire.

Controllable vs. Uncontrollable. Risk may be classified according to
controllability, i.e., Controllable (unsystematic) and Uncontrollable (systematic).

41
Positive vs. Negative Correlation. Where positive correlation exists, the risks will
increase or decrease together. If there is negative correlation, one risk will
increase as the other decreases and vice versa. The relationship between the risks
is measured by the correlation coefficient. A figure close to +1 shows high
positive correlation, and a figure close to –1 high negative correlation.

Financial vs. Non-Financial. Financial Risk has some direct financial impact on
the entity is treated as financial risk. This risk may be Market risk, Credit risk,
Liquidity risk, Operational Risk, Legal Risk and Country Risk.

Non-Financial Risks do not usually have direct and immediate financial impact
on the business. Nonfinancial risk may have a significant financial impact if left
uncontrolled. Examples are Business/Industry & Service Risk, Strategic Risk,
Compliance Risk, Industry Fraud Risk, Reputation Risk, Transaction risk,
Disaster Risk.

Strategic vs Operational. Operational risks relate to matters that can go wrong on
a day-to-day basis while the organization is carrying out its business. It is the risk
of loss from a failure of internal business and control processes. Strategic risk is
the potential volatility of profits caused by the nature and type of the business
strategies. It relates to the business long-term effect of key strategic decisions.

Impact of Risk to Stakeholders

Shareholders. When the company’s risk profile changes, shareholders may sell
their shares resulting to a lower share price, or they may replace directors
depending on their level of risk tolerance.

Risk averse shareholders can tolerate risks up to a point where the receive
acceptable return. Risk-seeking shareholders likely enjoy investing in risk
ventures. Risk neutral focus on maximizing return notwithstanding the level of
risk.

Creditors. Creditors are concerned whether the company can fulfil its obligation
and limit the risk of default; otherwise, they can deny credit, charge higher
interest, file actions in court that could lead the company into liquidation, ask for
collateral.

The long-term strategic objectives of the company may be unacceptable to
potential creditors because of the differences in their risk appetite. Creditors may
place restrictive provisions in the debt covenant.

42
Employees. Employees are concerned about threats to their job e.g. salary,
promotion, benefits, satisfaction, job itself. If the business fails, employees may
lose their jobs. Hence, employees pursue their own goals rather than shareholder
interests.

Customers and suppliers. Suppliers are concerned about the risk of making
unprofitable sales; while customers are concerned on getting the value from the
goods or services that they expect.

The wider community. The risks that the wider community are concerned about
are less easy to predict. In general, the community is concerned with risks that the
company does not act as a good corporate citizen. Otherwise, pressure groups
tactics can include publicity, direct action, sabotage or pressure on government.
As a result, Government can impose tax increases or tighten regulation.

Risks Faced by Organizations

There are different types of risk faced by organizations. These risks may include
the following.

Business risks. Simply, the risk associated in doing business. It includes the risk
of inadequate profits or even losses due to uncertainties arising from increased
competition, changes in government policy, changes in preferences of consumers,
or obsolescence of products and services, etc.

Business risk is borne by both the firm's equity holders and providers of debt, as
it is the risk associated with investing in the firm in whatever capacity. The only
way that either party can get rid of the business risk is to withdraw its investment
in the firm.

Financial risk, on the other hand, is borne entirely by equity holders. This is due
to the fact that payment to debt holders (ie interest) takes precedence over
dividends to shareholders. The more debt there is in the firm's capital structure,
the greater the financial risk to equity holders, as the increased interest burden
coming out of earnings reduces the likelihood that there will be sufficient funds
remaining from which to pay a dividend. Debt holders however know there is a
legal obligation on the firm to meet their interest commitments.

Financial Risk. This relates to the effect of company’s capital structure or the mix
of equity and debt capital.

Financial risk can be long term or short term. Shorter-term financial risks include
liquidity risk and credit risk. And longer-term risks include gearing, currency, and
interest rate risks, among others.

43
Market risk. Market risk is another type of financial risk. However, market risk
is hardly controllable. It is also a good example of a speculative risk. Businesses
can benefit from favorable price movements as well as lose from adverse changes.

Product risks. Product risks include risks of financial loss due to producing a
poor-quality product. It may be in the form of compensation to dissatisfied
customers, loss of sales due to loss reputation, or expenses on improving quality
control procedures.

Legal risk. Companies are subject to the police power of the country where it
seeks to operate. Legislation in a country may have very serious consequences
for the company. For example, the government may impose liquor ban during the
pandemic.

Political risk. Political risk is the risk that political action will affect the position
and value of an organization. A political policy that encourages private sector
participation will benefit the private corporations in privatization of certain public
functions. Changes in this policy would have adverse effect on the corporation.
For example, the water concessionaires in Metro Manila faced consecutive
arbitration proceedings against the government in relation to their contracts with
the government.

Technological risk. Technological risk is the failure of system caused due to
tampering of data access to critical information, non-availability of data and lack
of controls. Technological risks can be strategic and operational, physical
damage, data and systems integrity, fraud, internet, denial of service attack risks.

Strategic and operational technological risks. The company may force a new
system for strategic reasons but is impractical for operational purposes. If in the
end the system has to be abandoned, the write-off costs can be large and the
damage to operational efficiency significant.

Environmental risk. This refers to the potential liability of the company arising
out of the environmental effects of the company’s operation, for example,
pollution caused to bodies of water if waste materials are toxic.

Probity risk is the risk of unethical behavior by one or more participants in a
particular process. Being the victims of bribery or corruption or being pressurized
into it are obvious examples of probity risk.

Reputation risk. This type of risk arises from the negative public opinion.
Reputation risk is strongly correlated to other risks. For example, product risk
arising from poor customer service and failure to innovate may lead to increased

44
number of complaints followed inevitably by loss of business. Probity risk and
environmental risk increase reputation risk.

Fraud risk. Fraud is perpetrated through the abuse of systems, controls,
procedures and working practices. It may be perpetrated by an outsider or insider.
Fraud may not be usually detected immediately and thus the detection should be
planned for on a proactive basis rather than on a reactive basis.

Risk Management

Risk Management is a process to identify, assess, manage, and control potential
events or situations to provide reasonable assurance regarding the achievement of
the organization’s objectives.

Commonly used standards in managing risks include:

COSO 2017 Enterprise Risk Management – Integrating with Strategy and
Performance
COSO 2004 Enterprise Risk Management – Integrated Framework