Classroom Rules

Start on time, finish on time

Be Respectful

Learn together

Clarify topics if not understood

ICE BREAKER
Review of IA Definition

Volunteers who will recite the

definition of Internal Auditing
 INTERNAL AUDITING
Internal Auditing is an independent, objective assurance and
consulting activity designed to add value and improve an organization’s
operations. It helps an organization accomplish its objective by bringing
a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control and governance
processes.

Internal Auditing provides insight and recommendations based on

analyses and assessments of data and business processes.

With commitment to integrity and accountability, internal auditing

provides value to governing bodies and senior management as an
objective source of independent advice.

IA
 Learning Objectives
 Overview of Corporate Governance and SOX

 Similarities and difference of Internal and

External Audit
 Discuss the definition of Assurance, including
different elements and level
 Introduction to International Professional
Practices Framework (IPPF)
 OVERVIEW OF CORPORATE
GOVERNANCE
 Republic Act No. 11232

 An act providing for the Revised Corporation Code

of the Philippines

 July 23, 2018

 OVERVIEW OF CORPORATE
GOVERNANCE
Corporation
An artificial being created by operation of law, having the right of
succession and the powers, attributes, and properties expressly
authorized by law or incidental to its existence. RCC Title I, Sec. 2

Corporation name must contain the word "corporation", "incorporated",

"limited", "limited liability", or an abbreviation of one of such
words, RCC Title II, Sec. 17
 OVERVIEW OF CORPORATE
GOVERNANCE
Governance
The combination of processes and structures implemented by the board to
inform, direct, manage and monitor the activities of the organization toward
the achievement of its objectives. - IPPF Definition

Corporate Governance "OECD Definition"

The corporate governance structure specifies the distribution of rights
and responsibilities among the different participants in the
organisation – such as the board, managers, shareholders and other
stakeholders – and lay down the rules and procedures for decision-
making.
 Classes of Corporation
Stock Corporation
Stock corporations are those which have capital stock divided into
shares and are authorized to distribute to the holders of such shares,
dividends, or allotments of the surplus profits on the basis of the shares
held. RCC Title I, Sec. 3

Non-Stock Corporation
It is a corporation (either for – profit or non-profit) that does not issue
shares of stock. RCC Title I, Sec. 3
A non-stock corporation is one where no part of its income is
distributable as dividends to its members, trustees, or officers. Provided,
That any profit which a nonstock corporation may obtain incidental to its
operations shall, whenever necessary or proper, be used for the
furtherrance. RCC Title XI, Sec. 86
 Classes of Corporation
PURPOSE OF NONSTOCK CORPORATION

Nonstock corporations may be formed or organized for charitable,

religious, educational, professional, cultural, fraternal, literary, scientific,
social, civic service, or similar purposes like trade, industry, agricultural
and like chambers, or any combination thereof. RCC Title XI, Sec. 87
 Classes of Corporation
Is a non-profit corporation a non-stock
company????

By default, a non-profit corporation is a non-stock company because the

entity does not pay shareholder dividends, hence the term “non-profit.”
Non-profit companies may have members, but the members are not
owners, so they don't enjoy financial gains from having a membership.
 Classes of Corporation
Common Types of Non-Stock Corporation
1. Labor organization
2. Civic leagues
3. Business leagues
4. Recreation clubs
5. Athletic organization
6. Education organization
7. Municipal corporation
8. Mutual Insurance companies
Corporators and Incorporators
 Corporators are those who compose a corporation,
whether as stockholders or shareholders in a stock
corporation or a members in a nonstock corporation.

 Incorporators are those stockholders or members

mentioned in the articles of incorporation as originally
forming and composing the corporation and who are
signatories thereof. RCC Title I, Sec. 5
 Board
 The highest level governing body (e.g. a board of
directors, a supervisory board, or a board of governors
or trustees) charged with the responsibility to direct
and/or oversee the organisations's activities and hold
senior management accountable. IPPF, 2017 Edition

 Board of Directors ---> for Stock Corporation

 Board of Trustees ---> for Non-stock Corporation

BOD Duties and Responsibilities
General Responsibility
 Foster long term success of the corporation,

 Sustain its competitiveness and profitability in a manner consistent

with its corporate objectives and the best interest of its stockholders,

 Formulate the corporation's vision, mission, strategic objectives,

policies and procedures that shall guide its activities, including the
means to effectively monitor Management's performance.
BOD Duties and Responsibilities
Duties and Function
 Implement process for the selection of directors, appoint competent
, professional, honest and highly motivated management officers,
adopt an effective succession planning program for Management.

 Provide sound strategic policies and guidelines to the corporation on

major capital expenditures (CAPEX)

 Ensure the corporation's faithful compliance with all applicable laws,

regulations and best business practices

 Establish and maintain an investor relations program that will keep

the stockholders informed of important developments in the
corporation.
BOD Duties and Responsibilities
Duties and Function
 Identify the sectors in the community in which the corporation
operates or are directly affected by its operations, and formulates a
clear policy of accurate, timely and effective communication with
them.

 Adopt a system of check and balance within the Board. A regular

review of the effectiveness of such system should be conducted to
ensure the integrity of the decision-making and reporting processes at
all time. There should be a continuing review of the corporation's
internal control system in order to maintain its adequacy and
effectiveness.
BOD Duties and Responsibilities
Duties and Function
 Identify key risk areas and performance indicators and monitor
these factors with due diligence.

 Formulate and implement policies and procedures that would

ensure the integrity and transparency of related party transactions

 Constitute an Audit Committee and such other committees it deems

necessary to assist the Board in the performance of its duties and
responsibilities.

 Establish and maintain an alternative dispute resolution system in

the corporation that can amicably settle conflicts
BOD Duties and Responsibilities
Duties and Function
 Meet such times or frequency as may be needed

 Keep the activities and decisions of the Board within its authority

 Appoint a Compliance Officer who shall have the rank of atleast vice
president.
 Board Committees
The Board shall constitute the proper committees to
assist it in good corporate governance
1. Audit Committee

2. Nomination Committee

3. Compensation or Remuneration Committee

All committee may be composed of at least three (3) members

and one of whom should be an independent director.
 Audit Committee
 The Audit Committee shall consist of three (3) directors, who shall
preferably have accounting and finance backgrounds

 One of whom shall an independent director and another with audit

experience

 The Chair of the Audit Committee should be an Independent

director.
Function of Audit Committee
 Oversight of financial reporting
 Risk management
 Internal control
 Compliance
 Ethics
 Management
 Internal Auditors
 External Auditors
Function of Audit Committee
Oversight of financial reporting
Assist the Board in the performance of its oversight responsibility for
the financial reporting process, system of internal control, audit
process, and monitoring of compliance with applicable laws, rules
and regulations.

Risk Management
Provide oversight over Management's activities in managing credit,
market liquidity, operational, legal and other risks of the
corporation. This function shall include regular receipt from the
Management of information on risk exposures and risk management
activities.
Function of Audit Committee
Internal Control
Monitor and evaluate the adequacy and effectiveness of the
corporation's internal control system, including financial reporting
control and information technology security

Compliance
Coordinate, monitor and facilitate compliance with laws, rules and
regulations.
Function of Audit Committee
Ethics
To be discussed in details during weeks 6 & 7

Management
Review the quarterly, half-year and annual financial statements
before their submission to the Board, with particular focus on the
following matters:
 Any change/s in the accounting policies and practices
 Major judgmental areas
 Significant adjustments resulting from audit
 Going concern assumptions
 Compliance with Accounting standards
 Compliance with tax, legal and regulatory requirements.
Function of Audit Committee
Internal and External Audit
 Perform oversight functions over the corporation's internal and
external auditors. It should ensure that the internal and external
auditors act independently from each other, and that both
auditors are given unrestricted access to all records, properties and
personnel to enable them to perform their respective audit
functions;
 Review the reports submitted by the internal and external
auditors;
Function of Audit Committee
Internal Auditor
 Organize an internal audit department, and consider the
appointment of an independent internal auditor and the terms
and conditions of its engagement and removal;

 Review the annual internal audit plan to ensure its conformity

with the objectives of the corporation. The plan shall include the
audit scope, resources and budget necessary to implement it;
Function of Audit Committee
Internal Auditor

 Establish and identify the reporting line of the Internal Auditor to

enable him to properly fulfill his duties and responsibilities. He shall
functionally report directly to the Audit Committee.

 The Audit Committee shall ensure that, in the performance of the

work of the Internal Auditor, he shall be free from interference by
outside parties.

 For Philippine branches or subsidiaries of foreign corporations

covered by this Code, their Internal Auditor should be independent of
the Philippine operations and should report to the regional or
corporate headquarters.
Function of Audit Committee
External Auditor
 Prior to the commencement of the audit, discuss with the external
auditor the nature, scope and expenses of the audit, and ensure
proper coordination if more than one audit firm is involved in the
activity to secure proper coverage and minimize duplication of
efforts;

 Evaluate and determine the non-audit work, if any, of the external

auditor, and review periodically the non-audit fees paid to the
external auditor in relation to their significance to the total annual
income of the external auditor and to the corporation’s overall
consultancy expenses. The committee shall disallow any non-audit
work that will conflict with his duties as an external auditor or may
pose a threat to his independence. The non-audit work, if allowed,
should be disclosed in the corporation’s annual report;
 Corporate Officers
Minimum Corporated Officers
 President – must be a director
 Treasurer – must be a resident
 Secretary – must be a citizen and resident of the Philippines

If the corporation is vested with public interest, the board shall elect a
compliance officer.

The same person may hold two (2) or more positions concurrently, except
that no one shall act as President and Secretary or as President and
Treasurer at the same time.

RCC Title III, Sec.. 24

 Tone at the Top
Management, the board, and the audit committee all
play critical roles in an organization's tone at the
top.
 Sarbanes-Oxley Act of 2002
Background

 The bill was signed by President George W. Bush , July 30, 2002.

 In 2002, Sarbanes-Oxley (SOX) was named after the bill sponsors US

Senators Paul Sarbanes and US Representative Michael G. Oxley

 SOX requires top management to individually certify the accuracy of

financial information, it also increased the oversight role of board of
directors and the independence of the outside auditors who review
the accuracy of corporate financial statements.

 Penalties for fraudulent financial activity are much more severe

 Sarbanes-Oxley Act of 2002
Background

 The bill was enacted as a reaction to a number of major corporate and

accounting scandals, including those affecting Enron, Tyco
International, Adelphia, Peregrine Systems and World Com.
 Sarbanes-Oxley Act of 2002
Major Elements

1. Public Company Accounting Oversight Board (PCAOB)

2. Auditor Independence
3. Corporate Responsibility
4. Enhanced Financial Disclosures
5. Analyst Conflicts of Interest
6. Commission Resources and Authority
7. Studies and Reports
8. Corporate and Crimical Fraud Accountability
9. White Collar Crime Penalty Enhancement
10. Corporate Tax Returns
11. Corporate Fraud Accountability
 Sarbanes-Oxley Act of 2002
Major Elements

Public Company Accounting Oversight Board (PCAOB)

Title I consists of nine sections and establishes the Public Company

Accounting Oversight Board, to provide independent oversight of public
accounting firms providing audit services ("auditors"). It also creates a
central oversight board tasked with registering auditors, defining the
specific processes and procedures for compliance audits, inspecting and
policing conduct and quality control, and enforcing compliance with the
specific mandates of SOX.
 Sarbanes-Oxley Act of 2002
Major Elements

Auditor Independence

Title II consists of nine sections and establishes standards for external

auditor independence, to limit conflicts of interest. It also addresses new
auditor approval requirements, audit partner rotation, and auditor
reporting requirements. It restricts auditing companies from providing
non-audit services (e.g., consulting) for the same clients.
 Sarbanes-Oxley Act of 2002
Major Elements

Corporate Responsibility

Title III consists of eight sections and mandates that senior executives
take individual responsibility for the accuracy and completeness of
corporate financial reports. It defines the interaction of external auditors
and corporate audit committees, and specifies the responsibility of
corporate officers for the accuracy and validity of corporate
financial reports. It enumerates specific limits on the behaviors of
corporate officers and describes specific forfeitures of benefits and civil
penalties for non-compliance. For example, Section 302 requires that the
company's "principal officers" (typically the Chief Executive
Officer and Chief Financial Officer) certify and approve the integrity
of their company financial reports quarterly.
 Sarbanes-Oxley Act of 2002
Major Elements

Enhanced Financial Disclosures

Title IV consists of nine sections. It describes enhanced reporting

requirements for financial transactions, including off-balance-
sheet transactions, pro-forma figures and stock transactions of corporate
officers. It requires internal controls for assuring the accuracy of financial
reports and disclosures, and mandates both audits and reports on those
controls. It also requires timely reporting of material changes in financial
condition and specific enhanced reviews by the SEC or its agents of
corporate reports.
 Sarbanes-Oxley Act of 2002
Major Elements

Analyst Conflicts of Interest

Title V consists of only one section, which includes measures designed to
help restore investor confidence in the reporting of securities analysts. It
defines the codes of conduct for securities analysts and requires
disclosure of knowable conflicts of interest.

Commission of Resources and Authority

Title VI consists of four sections and defines practices to restore investor

confidence in securities analysts. It also defines the SEC's authority to
censure or bar securities professionals from practice and defines
conditions under which a person can be barred from practicing as a
broker, advisor, or dealer.
 Sarbanes-Oxley Act of 2002
Major Elements

Studies and Reports

Title VII consists of five sections and requires the Comptroller

General and the SEC to perform various studies and report their findings.
Studies and reports include the effects of consolidation of public
accounting firms, the role of credit rating agencies in the operation of
securities markets, securities violations, and enforcement actions, and
whether investment banks assisted Enron, Global Crossing, and others to
manipulate earnings and obfuscate true financial conditions.
 Sarbanes-Oxley Act of 2002
Major Elements

Corporate and Criminal Fraud Accountability

Title VIII consists of seven sections and is also referred to as

the "Corporate and Criminal Fraud Accountability Act of 2002". It
describes specific criminal penalties for manipulation, destruction
or alteration of financial records or other interference with
investigations, while providing certain protections for whistle-blowers.
 Sarbanes-Oxley Act of 2002
Major Elements

White Collar Criminal Penalty

Title IX consists of six sections. This section is also called the "White
Collar Crime Penalty Enhancement Act of 2002". This section increases
the criminal penalties associated with white-collar crimes and
conspiracies. It recommends stronger sentencing guidelines and
specifically adds failure to certify corporate financial reports as a criminal
offense.
 Sarbanes-Oxley Act of 2002
Major Elements

Corporate Tax Returns

Title X consists of one section. Section 1001 states that the Chief Executive
Officer should sign the company tax return.

Corporate Fraud Accountability

Title XI consists of seven sections. Section 1101 recommends a name for this
title as "Corporate Fraud Accountability Act of 2002". It identifies corporate
fraud and records tampering as criminal offenses and joins those
offenses to specific penalties. It also revises sentencing guidelines and
strengthens their penalties. This enables the SEC to resort to temporarily
freezing transactions or payments that have been deemed "large" or
"unusual".
Internal Audit vs. External Audit
INTERNAL AUDIT EXTERNAL AUDIT

Purpose Analyze and improve Express an opinion on the

controls and performance financial condition
Scope Organizational operations Fiscal financial records
Skills Interdisciplinary Accounting, finance, tax

Timing Present/Future, ongoing Past, point in time

Primary Audience Board, executive Investors, public interests
management
Standards The IIA's IPPF Generally Accepted Accounting
Principles (GAAP)

Generally Accepted Auditing

Standards
Internal Audit vs. External Audit
INTERNAL AUDIT EXTERNAL AUDIT

Focus Enhance and protect Fair presentation of

organizational value financial statements
Employment An organization's employee A contracted third party
Relationship
5 minutes break
International Professional Practices
Framework (IPPF)
 IPPF is the conceptual framework that organizes authoritative
guidance promulgated by The IIA. A trustworthy, global,
guidance-setting body, The IIA provides internal audit
professionals worldwide with authoritative guidance.

 Ensures that the authoritative guidance is readily accessible on

a timely basis while strengthening the position of IIA as a
standard-setting body for the IA profession globally.
International Professional Practices
Framework (IPPF)
 Intended to assist practitioners and stakeholders throughout the
world in being responsive to the expanding market for high
quality internal auditing.

 The implementation of the IPPF will be governed by the

environment in which the internal audit activity carries out its
assigned responsibilities. No information contained within the
IPPF should be construed in a manner that conflicts with
applicable laws or regulations.
International Professional Practices
Framework (IPPF)
 Mission of Internal Audit
 To enhance and protect organizational value providing
risk-based and objective assurance, advise and insight

 The mission of IA articulates what internal audit aspires

to accomplish within an organization. Its place in the
new IPPF is deliberate, demonstrating how practitioners
should leverage the entire framework to facilitate their
ability to achieve the Mission.
 Authoritative Guidance
Mandatory  Definition of Internal Auditing
 Core Principle for the Professional Practice
of Internal Auditing
 Code of Ethics
 International Standards for the
Professional Practice of Internal Auditing

Recommended  Implementation Guidance

 Supplemental Guidance

IA
The evolving role of Internal Auditor
ASSURANCE
An objective examination of evidence for the purpose of
providing an independent assessment on governance, risk
management, and control processes for the organization,
and oversight of digital technologies.

Examples:
1. Financial 4. System Security
2. Performance 5. Due Diligence
3. Compliance
 Assurance
3rd Party

Activity
Auditor Management
Assurance
• Typically involves the
communication of the results
to interested users or third
parties apart from the internal
auditor and those involved in
the process or area under
review.

• It is the 3rd party that is the

customer in the audit and
assurance process, and who
determines the value of the
activity.
The evolving role of Internal Auditor
CONSULTING
Advisory and related client service activities, the nature and
scope of which are agreed with the client, are intended to add
value and improve an organization’s governance, risk
management, and control processes without the internal
auditor assuming management responsibility.
Management on control effectiveness, change initiatives,
enhancements to risk management.
Examples:
1. Counsel 3. Facilitation
2. Advice 4. Training
 Consulting

Activity
Auditor Management
Consulting
• Typically involves only two
parties, the auditor (service
provider) and the activity
management.

• The activity management – is

the customer. The value
added of the consulting
engagement is determined by
its value to activity
management.
 Core Competency
 Risk Management – a process to identify, assess,
manage and control potential events or situations to
provide reasonable assurance regarding the
achievement of the organization’s objectives.

 Controls – any action taken by management, the

board, and other parties to manage risk and increase
the likelihood that established objectives and goals
will be achieved. Management plans, organizes, and
directs the performance of sufficient actions to provide
reasonable assurance that objectives and goals are
achieved.
Core Principle for the Professional
Practice of Internal Auditing
 Demonstrate integrity
 Demonstrate competence and due professional care
 Is objective and free from undue influence (independent)
 Aligns with the strategies, objectives, and risks of the
organization
 Is appropriately positioned and adequately resourced.
 Demonstrate quality and continuous improvement
 Communicates effectively
 Provides risk-based assurance
 Is insightful, proactive, and future-focused
 Promotes organizational improvement
 Next Session Topics
 Quiz (coverage Feb1 and Feb15 session)
 Study the following for Feb22 session
 The Code of Ethics