Академический Документы
Профессиональный Документы
Культура Документы
GOVERNANCE
responsibilities within governance. Articulate the different enterprise-wide governance principles. Describe the changes in regulations and how governance has evolved to its present state. Describe the role of the internal audit function in the governance process. Know where to find information about governance codes and regulations from countries around the world.
Exhibit 3-2
3
implemented by the Board to inform, direct, manage, and monitor the activities of the organization towards the achievement of its objectives.
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Key Points
5
interrelationships between governance, risk, and controls Must consider risk when setting strategy Must rely on internal controls and communication
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
the OECD Principles are one of the 12 key standards for international financial stability of the Financial Stability Forum (FSF) and form the basis for the corporate governance component of the Report on the Observance of Standards and Codes of the World Bank Group.
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
OECD Definition
7
between a companys management, its board, its shareholders, and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined.
directors to be free to drive their companies forward, but exercise that freedom within a framework of effective accountability.
According to Wikipidi
9
customs, policies, laws, and institutions affecting the way a corporation (or company) is directed, administered or controlled. Corporate governance also includes the relationships among the many stakeholders involved and the goals for which the corporation is governed. The principal stakeholders are the shareholders, management, and the board of directors. Other stakeholders include employees, customers, creditors, suppliers, regulators, and the community at large.
http://www.ecgi.org/codes/all_codes.php
Bangladesh
11
I. Mission of the Board of Directors Principle: The Board of Directors should lead and oversee strategy and policy of the company and provide direction to the management. Board actions should be in the best interests of the company and shareholders.
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Brazil
12
monitoring system, involving relations with the Owners, Board of Directors, Officers, Independent Auditors, and Fiscal Council. Good corporate governance practices are geared to add value to a company, facilitate its access to capital and contribute to its perpetuation.
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Exhibit 3-3
13
http://www.youtube.com/watch?v=ra-Sxjjv3-g
http://www.youtube.com/watch?v=1jV0AUjx6Ik
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Strategy
15
organizations objectives
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Exhibit 3-4
16
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Knowledge Check
18
Which of the following represents the best governance structure? Operating Mgmt a. Responsibility for Risk b. Oversight Role c. Responsibility for Risk d. Oversight role Executive Mgmt Oversight role Responsibility for Risk Advisory Role Advisory Role Internal Auditing Advisory role Advisory Role Oversight Role Responsibility for Risk
Board
19
Governance begins with the Board Board provides direction Board is accountable to stakeholders
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Stakeholders
20
Directly Involved Employees, Customers, Vendors Interested Investors Influence Regulatory agencies, Rating Agencies,
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Articulate Requirements
Set Risk Appetite Delegate authority Establish reporting threshold Reevaluate periodically
One Big Fours List of Board HOT TOPICS in Governance for 2011
22
Risk Management where everyone minds the business Sustainable Development the next transforming wave of change Strategy Development the board as hands-on strategy leader Strategy Execution Linking performance to strategy
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Sustainability
Succession http://www.spencerstuart.com/research/articles/14
75
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Measures are critical to such governance Measure the wrong things and results can be disastrous. Measure the right onesaligned with the strategic plan and
related business objectivesand managers are motivated and work together toward achieving corporate goals. Identifying what drives value and then linking those drivers to measurements
25
30
Social Media
Employee Talent Management Emerging Technologies ERM Globalization and Geopolitical Risks
and variation relative to the achievement of objectives, which must alight with the risk appetite of the organization.
Determine stakeholders
http://www.youtube.com/watch?v=qI0b4YZBp4k
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
risk appetite, and delegated authority A process to identify, manage, and report on risks Process to delegate authority to risk holders Gathering information to report on risks for decision making and for Board
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
management activities, and assigned to risk owners Evaluate on-going risk appetite and ensure tolerance levels are consistent with risk appetite Articulate reporting requirements nature, format, timing of communication Reevaluate governance expectations periodically
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Knowledge Check
37
Which of the following are typical governance responsibilities of senior management? I. Establishing a governance committee of the board II. Delegating risk tolerance levels to risk managers III. Monitoring day-to-day performance of specific risk management activities IV. Ensuring that sufficient information is gathered to support reporting to the board.
II and III
I, II, and IV
II and IV I, II, III, and IV
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
management activities effectively manage risks within the organizations risk appetite. Keep risks within tolerable boundaries Identify, measure, manage, monitor, and report on their risks Front line of managing risks key contributors to good governance
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
risk, source of risk, potential impact, proposed tolerance level, expected risk management activities. Reevaluate risk management activities periodically Assess risk management capabilities Monitor risk management activities Report risk management activities
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Exhibit 3-6
40
Assurance Activities
41
of providing an independent assessment on governance, risk management, and control processes for the organization
Can be by external or internal parties; most
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
measures or the measurement process. That's management's job. But it is responsible for ensuring that management has instituted meaningful measures to enable management to track and monitor performance and take swift corrective action where needed.
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Continued
43
information, on a timely basis, with management's analysis of where issues lie and what management plans to do. Ultimately, the board needs to know that a process is firmly in place to provide the information they need to conduct meaningful oversight and assess progress toward effective strategy implementation and achievement of stated goals.
Exhibit 3-1
45
2010 Planning
46
determine the priorities of the internal audit activity, consistent with the organization's goals Interpretation: The chief audit executive is responsible for developing a risk-based plan. The chief audit executive takes into account the organization's risk management framework, including using risk appetite levels set by management for the different activities or parts of the organization. If a framework does not exist, the chief audit executive uses his/her own judgment of risks after consideration of input from senior management and the board. The chief audit executive must review and adjust the plan, as necessary, in response to changes in the organizations business, risks, operations, programs, systems, and controls.
contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach.
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Help assess and improve governance by: Promoting appropriate ethics and values Ensuring effective performance management and accountability Effectively communicating risk and control information Effectively coordinating the activities and communicating information
2110 Governance
The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: Promoting appropriate ethics and values within the organization; Ensuring effective organizational performance management and accountability; Communicating risk and control information to appropriate areas of the organization; and Coordinating the activities of and communicating information among the board, external and internal auditors, and management.
49
design, implementation, and effectiveness of the organization's ethics-related objectives, programs, and activities.
2110.A2 - The internal audit activity must assess whether
the information technology governance of the organization supports the organization's strategies and objectives.
Continued
52
owners to senior management regarding the effectiveness of the risk management activities accurately reflect the current state of risk management effectiveness.
Determining whether the assertions made by senior
management to the board regarding the effectiveness of the risk management activities provide the board with the information it desires about the current state of risk management effectiveness.
Continued.
53
communicated timely and effectively from both the board to senior management and from senior management to the risk owners.
areas that are currently not included in the governance process, but should be (for example, a risk for which risk tolerance and reporting expectations have not been delegated to a specific risk owner).
Internal Auditing: Assurance and Consulting Services, 2nd Edition 2009 by The Institute of
Board Risks, Controls, and Practices Audit specific documented governance processes Provide assurance on ways to improve governance
processes if they are not mature Contribute to governance structures through audits Act as facilitators, assisting board in self-assessment of governance activities Observe and formally assess GRC structural design and operational effectiveness
activities are designed adequately to manage the risks associated with unacceptable outcomes.
Testing and evaluating whether the various risk
related statements, policies--including procedures covering fraud and corruption--and other "expressions of aspiration." The communications and demonstrations of expected ethical attitudes and behavior by the leaders of the organization. Explicit strategies the firm uses to enhance its ethical culture. Multiple means of confidentially reporting misconduct.
Continued
57
and customers that they understand the requirements for ethical behavior in conducting the organization's business. Clear delegation of responsibilities to ensure that ethical consequences are evaluated, that confidential counseling is provided, that allegations of misconduct are investigated, and that case findings are properly reported. Easy access to "learning opportunities to enable all employees to be ethics advocates."
Continued
58
be ethical. Regular use of surveys to determine the organization's ethical climate. Regular reviews of processes that might undermine the organization's ethical culture. Regular reference and background checks as part of the hiring process.