GOV Quick PDF

Module 1: Internal Auditing ○ Fraud: Any illegal act characterized by deceit, concealment, or violation of trust. Internal Auditing: Internal auditing...

Module 1: Internal Auditing ○ Fraud: Any illegal act characterized by deceit, concealment, or violation of trust. Internal Auditing: Internal auditing is an independent, ○ Elements of Fraud: Pressure, Opportunity, and objective assurance and consulting activity designed to add Rationalization. value and improve an organization's operations. It's the third line of defense, providing assurance and consulting services to Module 2: Conceptual Framework of Corporate Governance improve governance, risk management, and internal control processes. Corporate Governance: Corporate governance is a system of Key Points: stewardship and control to guide organizations in fulfilling their ○ Mission of Internal Audit: To enhance and protect long-term economic, moral, legal, and social obligations organizational value by providing risk-based and towards their stakeholders. objective assurance, advice, and insight. Key Points: ○ Mandatory Elements of the International ○ Purpose of Corporate Governance: To help build an Professional Practices Framework: The core environment of trust, transparency, and accountability principles for the professional practice of internal necessary for fostering long-term investment, financial auditing, international standards for the professional stability, and business integrity. practice of internal auditing (the Standards), and the ○ Separation of Ownership and Control: The Code of Ethics. separation of ownership and control can lead to agency ○ Principles of Internal Auditing: Integrity, competency, problems, where managers may not act in the best objectivity, confidentiality. interest of the shareholders. ○ Purpose of Internal Auditing: To help an organization ○ Stakeholders: Stakeholders are persons or groups accomplish its objectives by bringing a systematic, that have a legitimate interest in a business’s conduct disciplined approach to evaluate and improve the and whose concerns should be addressed. effectiveness of risk management, control, and ○ Stockholder Theory: Shareholders (as principals) governance processes. own the company and the directors' sole duty is to ○ Third Line of Defense: Internal audit activity must maximize their wealth. assess and make appropriate recommendations to ○ Stakeholder Theory: Management has a duty of care, improve organization’s governance, must evaluate the not just to the owners of the company but also to the effectiveness and contribute to improve risk wider community of interest, or stakeholders. management processes, and must assist the ○ Underlying Principles of Corporate Governance: organization in maintaining effective controls by Fairness, accountability, and transparency. evaluating their effectiveness and efficiency and by promoting continuous improvement. ○ Fraud Risk: The internal audit activity must evaluate Module 3: SEC Code of Corporate Governance the potential for the occurrence of fraud and how the organization manages fraud risk. SEC Code of Corporate Governance: The SEC Code of Corporate Governance was adopted to promote the developments of a strong corporate governance culture and institution, sustain its competitiveness, profitability and keep abreast with recent developments in corporate industry leading position. governance best practices. ○ Elements of Fiduciary Duty: Duty of care (which Key Points: includes the duty of obedience and duty of diligence) ○ Comply or Explain Principle: Compliance with the and the duty of loyalty. Code is not mandatory, but it is mandatory to submit to ○ Succession Planning: The Board should be SEC the company’s annual corporate governance responsible for ensuring and adopting an effective reports and disclose any deviations from the succession planning program for directors, key officers, Recommendations of the SEC. and management. ○ Publicly Listed Companies: Companies whose equity ○ Board Nomination and Election Policy: The Board securities are listed on the Philippines Stock Exchange. should have a formal and transparent board ○ Public Company: A company with assets of at least nomination and election policy. P50 million and having 200 or more shareholders ○ Related Party Transactions: The Board should have holding at least 100 shares of equity securities. the overall responsibility in ensuring that there is a ○ Registered Issuer: A company that (1) issues group-wide policy and system governing related party proprietary and/or non-proprietary shares/certificates; transactions (RPTs). (2) issues equity securities to the public that are not ○ Management Accountability: The Management is listed in an Exchange; or (3) issues debt securities to primarily accountable to the Board for the operations of the public that are required to be registered to the SEC. the Company. ○ 16 Principles of the SEC Code of Corporate ○ Executive Officers: The Board shall appoint the Governance: The board’s governance responsibilities, executive officers who are the President or the Chief disclosure and transparency, internal control system Executive Officer. and risk management frameworks, and cultivating a ○ Performance Management Framework: The Board synergic relationship with shareholders/members. should establish an effective performance management ○ Board’s Governance Responsibilities: Establishing a framework. competent board, establishing clear roles and ○ Internal Control System: The Board should oversee responsibilities of the board, establishing board that an appropriate internal control system is in place. committees, fostering commitment, reinforcing board ○ Enterprise Risk Management (ERM) Framework: independence, assessing board performance. The Board should oversee that a sound ERM ○ Board Diversity: The Board should have a policy on framework is in place. board diversity. ○ Board Charter: The Board should have a Board ○ Corporate Secretary: The Board should be assisted in Charter. its duties by a Corporate Secretary. ○ Board Committees: The Revised Corporation Code ○ Fiduciary Roles and Responsibilities of the Board: allows the Board to create Executive Committee and The Board is collectively responsible for the other special committees. sustainable long-term shareholder value of the ○ Audit Committee: The Board should establish an Audit Committee. ○ Corporate Governance Committee: The Board directors, which include independent directors, and should establish a Corporate Governance Committee. executive directors, ensures that no director or small ○ Board Risk Oversight Committee (BROC): Subject group of directors can dominate the decision-making to a corporation’s size, risk profile, and complexity of process. operations, the Board should establish a separate ○ Separation of Chairman and President/CEO: The Board Risk Oversight Committee (BROC). position of Chairman of the Board and President/CEO ○ Related Party Transaction (RPT) Committee: shall be held by separate individuals. Subject to a corporation’s size, risk profile, and ○ Disclosure of Adverse Interest: A director with a complexity of operations, the Board should establish a material or potential interest in any transaction affecting Related Party Transaction (RPT) Committee. corporation should fully disclose his adverse interest. ○ Nomination Committee: The Nomination Committee ○ Voidable Contracts: The contract of the corporation shall be primarily tasked with the duty of implementing with a self-dealing director/trustee, his spouse, or a formal and transparent board nomination and relative within fourth civil degree of consanguinity or election policy. affinity is voidable. ○ Remuneration Committee: The Remuneration ○ Ratification of Contracts: Stockholders/members can Committee is primarily tasked with the establishment ratify the contract with self-dealing director/trustee. and implementation of a formal and transparent ○ Interlocking Directorships: Contracts with procedure and policy for determining the remuneration interlocking directors are likewise subject to limitations. of directors and officers. ○ Duty of Loyalty: Each director has a duty of loyalty to ○ Committee of Inspectors of Ballots and Proxies: the corporation. The Board shall appoint three (3) persons to act as the ○ Board Performance Assessment: The best measure Committee of Inspectors of Ballots and Proxies. of the Board’s effectiveness is through an assessment ○ Finance Committee: The Finance Committee shall process. have the principal oversight responsibility with respect ○ Annual Self-Assessment: The Board should conduct to the company’s capital allocation process. an annual self-assessment of its performance. ○ Committee Charters: All established committees ○ Board Ethics: Members of the Board are duty-bound should be required to have Committee Charters. to apply high ethical standards. ○ Board Meetings: The Board shall hold regular ○ Code of Business Conduct and Ethics: The meetings. Company shall adopt, implement, and monitor ○ Independent and Non-Executive Directors: compliance with: Independent and non-executive directors may ○ A Code of Business Conduct and Ethics concurrently serve in Boards of other companies. ○ Policies implementing the Code of Business ○ Board Independence: The Board should endeavor to Conduct and Ethics exercise objective and independent judgment on all ○ Corporate Disclosure Policies and Procedures: The corporate affairs. company should establish corporate disclosure policies ○ Combination of Non-Executive and Executive and procedures. Directors: The right combination of non-executive ○ Reportorial Requirements: All corporations are Module 4: Business Ethics, Corporate Social Responsibility, and required to submit to SEC the reportorial requirements. Sustainability ○ Non-Financial and Sustainability Reporting: The company should ensure that material and reportable Business Ethics: Business ethics is the study of how non-financial and sustainability issues are disclosed. personal moral norms apply to the activities and goals of ○ Communication Channel: The company should commercial enterprise. maintain a comprehensive and cost-efficient Key Points: communication channel for disseminating relevant ○ Ethical Theories: Metaethics, normative ethics, and information. descriptive ethics. ○ Company Website: Companies should have a ○ Code of Business Conduct and Ethics: The Board website. should adopt a Code of Business Conduct and Ethics ○ Investor Conferences: Publicly listed companies and ensure its proper and efficient implementation and should include media and analysts’ briefings as monitoring of compliance. channels of communication. ○ Ethical Principles and Values: Accountability, ○ Internal Control System and Enterprise Risk integrity, fairness, and transparency. Management Framework: To ensure the integrity, ○ Corporate Social Responsibility (CSR): The transparency, and proper governance in the conduct of commitment of business to behave ethically and to its affairs, the company should have a strong and contribute to sustainable economic development by effective internal control system and enterprise risk working with all relevant stakeholders to improve their management framework. lives. ○ Shareholder Rights: The company should treat all ○ CSR Activities: Charitable programs and projects, shareholders fairly and equitably. Scientific research, Youth and sports development, ○ Disclosure of Shareholder Rights: The Board should Cultural or educational promotion, Services to veterans ensure that basic shareholder rights are disclosed. and senior citizens, Social welfare, Environmental ○ Stakeholder Rights: The rights of stakeholders sustainability, Health development, Disaster relief and established by law, by contractual relations, and assistance, Employees and worker welfare related through voluntary commitments must be respected. activities. ○ Employee Participation: A mechanism for employee ○ Strategic CSR: CSR activities become strategic when participation should be developed to create a symbiotic they are concerned with the long-term success of the environment. business. ○ Social Responsibility: The company should be ○ Sustainability: Development that meets the needs of socially responsible in all its dealings with the the present without compromising the ability of future communities where it operates. generations to meet their own needs. ○ Triple Bottom Line: Balancing the interests of different stakeholders (people), ensuring that the business's activities are environmentally sustainable (planet), and measuring the returns of the business (profit). ○ Sustainability Reporting Framework: The Guidelines Guidelines, IRM/Alarm/AIRMIC 2002 – Risk provides a Sustainability Reporting Framework for Management Standard, and the Turnbull Guidance. Philippine PLCs. ○ COSO 2017 Framework Components: Governance ○ Doctrine of Intergenerational Responsibility: Minors and Culture, Strategy and Objective-Setting, have personality to sue on behalf of the succeeding Performance, Review and Revision, and Information, generations. Communication, and Reporting. ○ COSO 2004 Framework Components: Internal environment, objective setting, event identification, risk Module 5: Fundamental Concepts of Risk and the Risk assessment, risk response, control activities, Management Process information and communication, monitoring. ○ ISO 31000:2018 Framework Components: Principles, Risk: Risk is the effect of uncertainty on objectives. framework, process. Key Points: ○ Risk Assessment: Risk identification, risk description, ○ Risk vs. Uncertainty vs. Hazard: Risk is the and risk estimation. possibility of harm occurring, uncertainty is the lack of ○ Risk Evaluation: Comparing the results of the risk knowledge about potential outcomes, and hazard is the analysis with the established risk criteria. source of harm. ○ Risk Treatment: Selecting and implementing measures ○ Classifications of Risk: Fundamental, particular, to modify the risk. speculative, and pure; controllable and uncontrollable; ○ Monitoring and Review: Continually monitor for positive and negative correlation; financial and substantial changes in the internal or external non-financial. environment. ○ Impact of Risk on Stakeholders: Shareholders, ○ Information, Communication, and Reporting: The creditors, employees, customers, and the wider risk owner is the central owner of risk information and community. communication. ○ Types of Risk Faced by Organizations: Business ○ Turnbull Guidance: A risk-based approach to internal risk, financial risk, market risk, product risk, legal risk, control. political risk, technological risk, environmental risk, probity risk, reputation risk, and fraud risk. ○ Risk Management Process: Identify, assess, manage, Module 6: Enterprise Risk Management and control potential events or situations to provide reasonable assurance regarding the achievement of Enterprise Risk Management (ERM): Applying risk the organization’s objectives. management to the entire organization. ○ Risk Management Standards: COSO 2017 Key Points: Enterprise Risk Management – Integrating with ○ COSO ERM Framework: Defines risk as the possibility Strategy and Performance, COSO 2004 Enterprise that events will occur and affect the achievement of Risk Management – Integrated Framework, ISO objectives. 31000:2018 – Risk Management Principles and ○ ISO 31000:2018 Framework: Defines risk as the effect ○ Monitoring and Review: Continually monitor for of uncertainty on objectives. substantial changes in the internal or external ○ Governance and Culture: Governance guides the environment. course of the organization, its external and internal ○ Information, Communication, and Reporting: The relationships, and the rules processes and practices risk owner is the central owner of risk information and needed to achieve its purpose. communication. ○ Board Risk Oversight: Risk management begins at the highest level of the organization. The Board has the Module 7: Basic Concepts and Elements of Internal Control ultimate responsibility for all risks taken by the organization. Internal Control: A process designed to provide reasonable ○ ERM Framework Components: COSO 2017 assurance about the achievement of an entity’s objectives. Enterprise Risk Management – Integrating with Key Points: Strategy and Performance: ○ Objectives of Internal Control: Operations, reporting, ○ Governance and Culture and compliance. ○ Strategy and Objective-Setting ○ Classifications of Internal Control: Scope, ○ Performance importance, function, operation, objective, financial and ○ Review and Revision non-financial aspects, discretion, imposition, and ○ Information, Communication, and Reporting timing. ○ COSO 2004 Framework Components: ○ Internal Control Framework: A recognized system of ○ Internal environment concepts encompassing all elements of internal ○ Objective setting control. ○ Event identification ○ COSO Internal Control – Integrated Framework: ○ Risk assessment Published by the Committee of Sponsoring ○ Risk response Organizations (COSO). ○ Control activities ○ CoCo Model: Guidance on Control, published by the ○ Information and communication Canadian Institute of Chartered Accountants (CICA). ○ Monitoring ○ Turnbull Report: Internal Control: Guidance for ○ ISO 31000:2018 Framework Components: Directors on the Combined Code, published by the ○ Principles Financial Reporting Council (FRC) of the UK. ○ Framework ○ Five Components of Internal Control: Control ○ Process environment, risk assessment, control activities, ○ Risk Assessment: Risk identification, risk description, information and communication, and monitoring and risk estimation. activities. ○ Risk Evaluation: Comparing the estimated risks ○ Control Environment: The foundation for a sound against risk criteria. system of internal control. ○ Risk Treatment: Selecting and implementing measures to modify the risk. ○ Risk Assessment: A dynamic and iterative process for employees, or third parties, involving the use of deception to identifying and analyzing risks to achieving the entity’s obtain an unjust or illegal advantage. objectives. Key Points: ○ Control Activities: Actions established through ○ Fraud vs. Error: Fraud is intentional, while error is policies and procedures that help ensure that unintentional. management’s directives to mitigate risks to the ○ Risk of Not Detecting Fraud: The risk of not detecting achievement of objectives are carried out. a material misstatement resulting from fraud is higher ○ Information and Communication: Supports all of the than the risk of not detecting one resulting from error. other components. ○ Types of Fraud: Customer Fraud, Cybercrime, Asset ○ Monitoring: Assesses whether each of the five Misappropriation, Bribery and Corruption, components are present and functioning. Accounting/Financial Statement Fraud, Procurement Fraud, Human Resources Fraud, Deceptive business practices, Anti-Competition/Anti-Trust Law Module 8: Evaluating the Design and Effectiveness of Internal Infringement, Money Laundering and Sanctions, Control Intellectual Property (IP) Theft, Insider/Unauthorized Trading, Tax Fraud, Other. Evaluating Internal Control: The process of assessing ○ External Perpetrators: Customers, hackers, vendor or whether internal controls are designed and operating suppliers. effectively. ○ Internal Perpetrators: Middle management, Key Points: operations staff, and senior management. ○ Audit Process: Planning, gathering and evaluating ○ Risk of Not Detecting Management Fraud: The risk audit evidence, reporting, and follow-up. of the auditor not detecting a material misstatement ○ Risk-Based Audit Plan: The audit plan must be resulting from management fraud is greater than for logically related to identified risks of the organization. employee fraud. ○ Audit Risk: The combination of inherent risk, control ○ Asset Misappropriation: Stealing cash or other risk, and detection risk. assets (supplies, inventory, equipment, and ○ Control Risk Assessment: Consider design of information). controls, whether they have been placed in operation, ○ Fraudulent Financial Reporting: Intentional and, if they are in use, their effectiveness. misstatements including omissions of amounts or ○ Risk Control Matrix: A useful tool to help ensure that disclosures in financial statements to deceive financial internal auditors adequately account for risk at the statement users. ○ Corruption: Improper use of power. Module 9: Fraud Risks ○ Fraud Red Flags: Conditions that indicate potential fraud. Fraud: Fraud is an intentional act by one or more individuals ○ Fraud Triangle: A framework designed to explain the among management, those charged with governance, reasoning behind a worker's decision to commit fraud. ○ Prevention and Detection of Fraud: The primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. ○ Whistleblowing: Reporting wrongdoing or suspected wrongdoing outside of the normal chain of command. ○ Forensic Auditing: Auditing skills are applied to situations that have potential legal implications and/or consequences. ○ Interrogation: The internal auditor seeks confirmation or ideally a confession.

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue