Chapter 1: REVIEW OF GOVERNANCE CONCEPTS AND PROFESSIONAL ETHICS FOR INTERNAL AUDITORS LEARNING OBJECTIVES Upon completion of this chapter, you will Understand the common business model. Recognize various stakeholders in an organization. Define and explain the meaning of and purpose of corporate governance and governance in the Philippine setting Know the role of the Board of Directors (BOD)/Board of Trustees (BOT) in an organization. Learn the BOD/BOT's role in internal controls. Recall the important practices laid down in the Institute for Internal Auditors’ (IIA) Code of Professional Ethics. Apply the Code of Professional Ethics for Internal Auditors. DEFINITION OF TERMS * Stakeholders - parties, internal or external, interested to and affected by the affairs and operations of the business, e.g., investors, shareholders, employees, government, lenders, customers, and general public. * Mission - communicates the organization's reason for being, and how it aims to serve its key stakeholders. * Vision - a future-oriented declaration of the organization's purpose and aspirations. * Goals - guidelines that explain what you want to achieve in your community. It should be specific, measurable, attainable, realistic, and time-bound (SMART). * Strategies - brings together a coherent set of analysis, challenges, Policies, positioning statements and activities to reach a specific goal or the overall vision. * “Comply or Explain” Approach This approach combines voluntary compliance with mandatory disclosure. Covered companies are not required to comply with all the recommendations of the applicable corporate governance codes, but =.) —they must state in their annual corporate governance reports whether they comply with the Code provisions, identify any areas of non- compliance, and explain the reasons for non-compliance. In case of non-compliance, the covered company must explain how the overall principle is being achieved by the company through existing or alternative practices. + Principle of Proportionality In applying the principle of proportionality, boards or companies are allowed flexibility in establishing their corporate governance policies. The policies should take into consideration the size and risk profile of the listed company, among others, and ensure proportionality. « Chief Audit Executive Chief audit executive describes the role of a person in a senior position responsible for effectively managing the internal audit activity in accordance with the internal audit charter and the mandatory elements of the International Professional Practices Framework. A MODEL OF BUSINESS Business organizations exist to create value for their stakeholders. To form business enterprise, entrepreneurs decide on an appropriate organizational form (e.g., corporation or partnership) and hire managers to manage the resources that have been made available to the enterprise through investment or lending. Due to the way resources are invested and managed in the modern business world, a system of corporate governance is necessary, through which managers are overseen and supervised. Simply defined, corporate governance consists of all the people, processes, and activities in place to help ensure proper stewardship over an entity's assets. Good corporate governance ensures that those managing an entity properly utilize their time, talents, and the entity’s resources in the best interest of absentee owners, and that they faithfully report the economic condition and performance of the enterprise. The body primarily responsible for management oversight in corporations is the board of directors. The audit committee, consisting of members of the board, oversees the internal and external auditing work done for the organization. Through this link, and through the audit of financial {+}statements (which can be seen as a form of stewardship report), auditors play an important role in facilitating effective corporate governance. Management, with guidance and direction from the board of directors, decides on a set of mission, vision, and goals, and from these they come up with objectives, along with strategies designed to achieve those objectives. The organization then undertakes certain processes in order to implement its strategies. The organization must also assess and manage risks that may threaten achievement of its objectives. While the processes implemented in business organizations are as varied as the different types of businesses themselves, most business enterprises establish processes that fit in five broad process categories, sometimes known as cycles. The five categories that characterize the processes of most businesses are the revenue process, the purchasing process, the human resource management process, the inventory management process, and the financing process. Each process involves a variety of important transactions. The enterprise must design and implement accounting information systems to capture the details of those transactions and must design and implement a system of internal control to ensure that the transactions are handled and recorded appropriately and that its resources are protected. The accounting information system must be capable of producing financial reports, which summarize the effects of the organization's transactions on its account balances, and which are used to establish management accountability to outside owners. REVISED CORPORATE GOVERNANCE IN THE PHILIPPINES Salient features of the revised corporate governance as implemented by Securities and Exchange Commission (SEC) are as follows: 1. Released last November 22, 2016 during the 3° Philippine Stock Exchange Corporate Governance Forum and became effective starting January 1, 2017. 2. It is intended to raise the corporate governance standards of Philippine corporations to a level at par with its regional and global counterparts 3. The latest G20/OECD Principles of Corporate Governance and the ASEAN Corporate Governance Scorecard were used as key reference materials in the drafting of this Code. ———{ 3 #—4. A new feature of this Code is the adoption of the “comply or explain” approach. 5. The Code does not in any way prescribe a “one size fits all” framework”. The Principle of Proportionality will be considered in the application of its provisions. 6. Increase the responsibilities of the board. 7. Ensure the competence and commitment of the directors. 8. Strengthen the protection of shareholders and other stakeholders. 9. Promote full disclosure and transparency in both financial and non-financial reporting 10.The Code is arranged as follows: Principles - can be considered to be high- level statements of corporate governance good practices and are applicable to all companies. Recommendations - objective criteria that are intended to identify the specific features of corporate governance good practice that are recommended for companies operating according to the Code. Alternatives to a Recommendation may be justified circumstances if good governance can be achieved by other means. Explanations - strive to provide companies with additional information on the recommended best practice. DEFINITION OF CORPORATE GOVERNANCE Corporate Governance - the system of stewardship and control to guide organizations in fulfilling their long-term economic, moral, legal, and social obligations towards their stakeholders. Corporate governance (CG) is a system of direction, feedback, and control using regulations, performance standards and ethical guidelines to hold the Board and senior management accountable for ensuring ethical behavior - reconciling long-term customer satisfaction with shareholder value - to the benefit of all stakeholders and society. Its purpose is to maximize the organization’s long-term success, creating sustainable value for its shareholders, stakeholders, and the nation.Four Core Principles of Corporate Governance Adding long-term value to a corporation is the ultimate goal of good corporate governance. The following core principles shall serve as guidance for corporations in the formulation of its policies and reforms relating to increased investor confidence, development of capital market and sustainable growth: 1. Fairness. All shareholders should receive equal consideration by the directors and management with a sense of justice and avoidance of bias or vested interests. 2. Responsibility. Directors should carry out their duties with honesty, probity, and integrity. 3. Accountability. Directors should be held accountable for their decisions and submit themselves to shareholders’ scrutiny. 4. Transparency. Directors must make clear to the shareholders and other key stakeholders why every material decision was made. One of the areas of CG is board’s governance responsibilities. The principles under this area are as follows: ESTABLISHING A COMPETENT BOARD For corporations covered by the CG, the Board shall be composed of at least five (5), but not more than fifteen (15), directors who are elected by the shareholders. All companies covered by the CG shall have at least two (2) independent directors or such number of independent directors that constitutes twenty percent (20%) of the members of the Board, whichever is lesser, but in no case less than two (2). An Independent Director is defined as a person who is independent of management and the controlling shareholder and is free from any business or other relationship which could, or could reasonably be perceived to, materially interfere with his/her exercise of independent judgment in carrying out his/her responsibilities as a director On the other hand, the CG Codes, recommend that the Board must headed by a competent and qualified Chairperson and is composed 0} majority of non-executive directors with an individual and collective w: knowledge, experience or expertise that is relevant to the com { s }industry/sector. A non-executive director is a director who has no executive responsibility and does not perform any work related to the operations of the corporation. Under both regulations, the directors must remain qualified for their positions individually and collectively. Finally, the board should be assisted in its duties by the corporate officers of the company, including, but not limited to, the corporation’s president, treasurer, corporate secretary, compliance officer and other corporate officers as may be identified in the corporation’s by-laws, such as, but not limited to, the Chief Executive Officer (CEO), Chief Operations Officer, and Chief Financial Officer. ESTABLISHING CLEAR ROLES AND RESPONSIBILITIES OF THE BOARD Consistent with international best practices, the CG Code provided that the Board of Directors shall have the following roles and responsibilities: 1. To act on a fully informed basis, in good faith, with due diligence and care, and in the best interest of the company and all shareholders/members. 2. To oversee the development of and approve the company’s business objectives and strategy and monitor their implementation, in order to sustain the company’s long-term viability and strength. 3. To ensure and adopt an effective succession planning program for directors, key officers, and management. 4, To align the remuneration of key officers and directors with the long- term interests of the company/organization. 5. To develop a policy on board nomination and election. 6. To ensure proper implementation of the policy and system governing related party transactions (RPTs) and other unusual or infrequently occurring transactions. 7. Responsible for approving the selection and assessing the performance of the Management led by the Chief Executive Officer (CEO) or his/her equivalent, and control functions led by their respective heads (Chief Risk Officer, Chief Compliance Officer, and Chief Audit Executive, as applicable). . To establish an effective performance management framework. To oversee that an appropriate internal control system is in place. 0.To oversee that a sound enterprise risk management (ERM) framework is in place HooBoard Charter The Board Charter is a document which clearly defines the power, authority, roles, and accountabilities of the directors in carrying out their fiduciary duties. It should serve as a guide to the directors in the performance of their functions and should be publicly available and posted on the company’s website. Principal-Agent Relationship The board of directors or trustees shall exercise the corporate powers, conduct all business, and control all properties of the corporation. As such, a director of a corporation holds a position of trust and owes loyalty to his/her corporation, This fiduciary duty of a director to the corporation creates a principal-agent relationship between them. This trust relationship springs from the fact that directors have the control and guidance of corporate affairs and property and hence of the property interests of the shareholders. The same concept is also true on the part of management who is entrusted to carry out the day-to-day affairs of the corporation. Trust Fund Doctrine The trust fund doctrine is an established principle in commercial law which provides for the rule that the property of a corporation is considered as a fund held in trust for the creditors. Hence, subscriptions to the capital of the corporation constitute a fund to which creditors have a right to look for satisfaction of their claims. As agents of the corporation, the directors are entrusted with the duty to ensure that the funds and property of the corporation are managed prudently primarily for the benefit of corporate creditors and secondarily, the shareholders who are only entitled to the residual assets of corporation. ESTABLISHING BOARD COMMITTEES The Board should establish board committees that focus on specific functions to aid in the optimal performance of the board’s roles and responsibilities. Board Committees are subcommittees organized by the Board of Directors to os {7}assist the latter in its performance and oversight of specific functions, i.e., audit, nomination and election, compensation, risk management, corporate governance, and related party transactions, among others. In this regard, it is recommended that each board committee should have a board committee charter which clearly defines the power, authority, roles and accountabilities of each committee. Types of Board Committees 1. Audit Committee The establishment of an Audit Committee is MANDATORY for PLCs and Secondary Licensees. The Audit Committee enhances the Board's oversight capability over the company’s financial reporting, internal control system, internal and external audit processes, and compliance with applicable laws and regulations. All members of the Audit Committee must be directors and must have relevant background, knowledge, skills, and/or experience in the areas of accounting, auditing, and finance. It is further recommended that the Committee be composed of at least three (3) appropriately qualified non-executive directors. The majority of the members of the Committee, including the Committee Chairman, should be independent directors. Finally, it is recommended that the Chairman of the Audit Committee should not be the chairman of the Board or of any other committees. The audit committee has an oversight responsibility for internal and external audit functions. Audit committee acts as an independent check on management and helps the external financial statements’ users in assuring that financial statements accurately portray the business activities of a company, that effective internal control system is in place, and all laws and regulations are complied by the company.2. Nomination Committee The Nomination Committee shall have at least three (3) members, one of whom should be an independent director. It shall review and evaluate the qualifications of all persons nominated to the Board and other appointments that require Board approval and assess the effectiveness of the Board’s processes and procedures in the election or replacement of directors. 3. Compensation or Remuneration Committee A Compensation or Remuneration Committee may be composed of at least three (3) members, one of whom should be an independent director. It shall establish a formal and transparent procedure for developing a policy on remuneration of directors and officers to ensure that their compensation is consistent with the corporation's culture, strategy, and the business environment in which it operates. 4. Corporate Governance Committee The Corporate Governance Committee assists the Board in the performance of its corporate governance responsibilities, including the functions assigned to Nomination and Remuneration Committees, if the Board opts not to have said Committees. For PLCs, the Corporate Governance Committee should be composed of at least three directors, all of whom should be independent directors, including the Committee Chairperson. For PCs and Ris, the Corporate Governance Committee should be composed of at least three directors, majority of whom should be independent directors, including the Committee Chairperson.5. Board Risk Oversight Committee The Board Risk Oversight Committee oversees the proper implementation of the company’s Enterprise Risk Management (ERM) system. ERM is a process, effected by the corporation's Board of Directors, management, and other personnel, applied during strategy setting and across the enterprise that is designed to identify potential events that may affect the corporation, manage risks to be within its risk appetite, and provide a reasonable assurance regarding the achievement of the corporation's objectives. ERM is integral to an effective corporate governance process and the achievement of a company's value creation objectives. With an integrated ERM approach, the Board and top management will be in a position to make well-informed decisions, having taken into consideration risks related to significant business activities, plans and opportunities. The Committee should be composed of at least three (3) directors, the majority of whom should be independent directors, including the Committee Chairman. At least one member of the committee must have relevant thorough knowledge and experience on risk and risk management. The establishment of a Board Risk Oversight Committee is particularly recommended for issuers of debt securities and for companies with a high-risk profile. 6. Related Party Transactions (RPT) Committee The RPT Committee reviews all material related party transactions of the company. {0}:A related party transaction is defined as a transfer of resources, services or obligations between a reporting PLC and a related party, regardless of whether a price is charged. It should be interpreted broadly to include not only transactions that are entered into with related parties, but also outstanding transactions that are entered into with an unrelated party that subsequently becomes a related party. Additionally, a material related party transaction is defined as any related party transaction, either individually, or in aggregate over a twelve (12)-month period with the same related party, amounting to ten percent (10%) or higher of a company’s total assets based on its latest audited financial statement. The Related Party Transactions Committee should be composed of at least three (3) non-executive directors, two (2) of whom should be independent directors, including the Chairman. The establishment of the committee is particularly recommended for conglomerates and universal/commercial banks. FOSTERING COMMITMENT To show full commitment to the company, the directors should devote the time and attention necessary to properly and effectively perform their duties and responsibilities, including sufficient time to be familiar with the corporation’s business. Directors should attend and actively participate in all board meetings, Committee meetings and shareholders’ meetings, except for justifiable causes, such as, but not limited to, Illness, death in the immediate family, serious accident or other unforeseen or fortuitous events. REINFORCING BOARD INDEPENDENCE The board should endeavor to exercise an objective and independent judgment on all corporate affairs. fu}ASSESSING BOARD PERFORMANCE The Corporation Code requires that at each regular meeting of shareholders or members, the board of directors or trustees shall endeavor to present to shareholders or members the appraisals and performance reports for the board and the criteria and procedure for assessment. It also requires every corporation vested with public interest, domestic or foreign, doing business in the Philippines to submit to the SEC a director or trustee appraisal or performance report and the standards or criteria used to assess each director or trustee. STRENGTHENING BOARD ETHICS Directors are duty-bound to apply high ethical standards, taking into account the interests of all stakeholders. Thus, it is imperative that the Board adopts a Code of Business Conduct and Ethics, which would provide standards for professional and ethical behavior for the Board, as well as articulate acceptable and unacceptable conduct and practices in internal and external dealings. It is an important tool which may be used to instill an ethical corporate culture throughout the company. Other areas of CG and its related principles are as follows: Disclosure and Transparency 1. Enhancing Company Disclosure Policies and Procedures 2. Strengthening the External Auditor's Independence and Improving Audit Quality 3. Increasing Focus on Non-financial and Sustainability Reporting 4. Promoting a Comprehensive and Cost-efficient Access to Relevant Information Internal Control and Risk Management Framework Strengthening Internal Control and Risk Management Systems The company’s internal control system should include activities, such as, but not limited to the following: a. management oversight and control culture; 2 }—______-. risk recognition and assessment; . control activities; . information and communication; . Monitoring activities; and correcting deficiencies. >oang To monitor and guide the implementation of company’s internal control processes and procedures, the company must have a separate internal audit function. Cultivating a Synergic Relation with Shareholders/Members Promoting Shareholder Rights Pre-emptive right Appraisal right Right to dividend Right to vote Right to nominate candidates to the BOD Right to propose the holding of Special Shareholders’ Meeting Right to include agenda items in an Annual and Special Shareholders’ Meeting e000000 Duties to Stakeholders 1. Respecting Rights of Stakeholders and Effective Redress for Violation of Stakeholder’s Rights 2. Encouraging Employees’ Participation 3. Encouraging Sustainability and Social Responsibility ETHICS The definition of ethics is that ethics concerns itself with what is good or right in human interaction it resolves around three different concepts: good, self and other. Ethical behavior results when one does not merely consider what is good for oneself but also what Is good for others. A strong ethical culture is the foundation of good governance. An ethical culture is created through a robust ethics program that sets expectations for acceptable behaviors in conducting business within the organization and with {3}external parties. It includes effective board oversight, strong tone-at-the-top, senior management involvement, organization and wide commitment, a customized code of conduct, timely follow-up and investigation of reported incidents, consistent disciplinary action for offenders, ethics training, communications, ongoing monitoring systems, and an anonymous incident reporting system. INDEPENDENCE & OBJECTIVITY The internal audit activity must be free from interference by any influence in the organization, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude. Internal auditors should have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair internal auditor’s judgment. Internal auditors must exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors must make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments. Chief Audit Executive (CAE) should confirm to the board, at least annually, the organizational independence of the internal audit activity. An approved internal audit charter and a competent audit committee may protect the independence of the internal audit activity. The responsibilities of operational auditors can also affect their independence. The auditor should not be responsible for operating functions in a company or for correcting deficiencies when ineffective or inefficient operations are found. For example, it would negatively affect auditors’ independence when they audit an IT system for acquisitions if they designed the system or are responsible for correcting deficiencies they found during the audit. — { 14 } — =While it is acceptable for auditors to recommend changes in operations, operating personnel must have the authority to accept or reject those recommendations. If auditors had the authority to require implementation of their recommendations, their independence would be reduced. Control Objectives for the Internal Audit Acti ity . To ensure that the internal audit activity provides sufficient and reliable assurance to the board and to management on governance processes, risk management and internal control. . To provide quality consultancy services to the organization within the competence of the internal audit activity to do so, without assuming management responsibilities. . To achieve a scope for internal audit that is unrestricted across the organization at all levels. . To be organizationally and operationally independent so that the judgement of internal audit on professional matters is never subordinated to that of others. . To conform to applicable ethical codes and professional standards. Generally, to add value to the organization. Factors Affecting Internal Audit Independence wn . Is internal audit organizationally distinct from any part of the enterprise in which it conducts audits? . Does internal audit derive its authority from the board? . Does Internal audit have a direct working relationship with the audit committee of the board, and does the head of internal audit have a right of access to the chair of that committee? . Does the head of audit have direct access to the chief executive, and does the chief executive receive reports on audit assignments from the head of audit? . Does the head of audit have unrestricted access to the organization’s external auditors and to relevant regulatory authorities? . Is the recognized scope of internal audit consistent with the resources allocated to it? . Are there no operational areas or levels which are precluded from internal audit review? fash