23/08/2021

AUD1206:
Operations Auditing
Mark Ivan Leo D. Ricafrente

Review of Governance and

Auditing Concepts,
including Code of Professional
Ethics
Week 1

Page 2

1
 23/08/2021

Corporate Governance

Page 3

Governance

Definition
Combination of people, policies, and procedures, and processes that help ensure
that an entity effectively and efficiently directs its activities toward meeting the
objectives of its stakeholders

Responsibility of the Board

Page 4

2
 23/08/2021

Organizational Structure

Audit
Board
Committee

President/CEO

Internal Audit External Audit

COO CFO CIO

Page 5

Corporate Governance

Page 6

3
 23/08/2021

CORPORATE GOVERNANCE FRAMEWORK

Page 7

Governance

Two Major Components

1. Strategic direction

Determines
- Business model
- Overall objectives
- Approach to risk taking
- Limits of organizational conduct

Page 8

4
 23/08/2021

Governance

Two Major Components

2. Oversight

Elements
- Risk management activities
- Internal and external assurance activities

Page 9

Governance

Practices
Reflects unique culture and largely depend on it for effectiveness

Organizational Culture
- Sets values, objectives, and strategies
- Defines roles and behaviors
- Measures performance
- Specifies accountability

Page 10

10

5
 23/08/2021

Governance

Practices
Ensure that organization
- Complies with society’s legal and regulatory rules
- Satisfies the generally accepted business norms and enhances the interests of
stakeholders
- Reports fully and truthfully to its stakeholders

Page 11

11

Corporate Governance

Code of Corporate Governance for Publicly-Listed Companies

Memorandum Circular No. 19
Date: 22 November 2016

Corporate Governance – the system of stewardship and control to guide

organizations in fulfilling their long-term economic, moral, legal and social obligations
towards their stakeholders.
• Board of Directors
• Management
• Independent director
• Executive director
• Non-executive director

Page 12

12

6
 23/08/2021

Corporate Governance

Code of Corporate Governance for Publicly-Listed Companies

1. ESTABLISHING A COMPETENT BOARD

2. ESTABLISHING CLEAR ROLES AND RESPONSIBILITIES OF THE BOARD

3. ESTABLISHING BOARD COMMITTEES

Page 13

13

Corporate Governance

Code of Corporate Governance for Publicly-Listed Companies

3.2
The Board should establish an Audit Committee to enhance its oversight capability
over the company’s financial reporting, internal control system, internal and external
audit processes, and compliance with applicable laws and regulations. The
committee should be composed of at least three appropriately qualified non-
executive directors, the majority of whom, including the Chairman, should be
independent. All of the members of the committee must have relevant background,
knowledge, skills, and/or experience in the areas of accounting, auditing and
finance. The Chairman of the Audit Committee should not be the chairman of the
Board or of any other committees.

Page 14

14

7
 23/08/2021

Corporate Governance

Code of Corporate Governance for Publicly-Listed Companies

The Audit Committee has the following duties and responsibilities, among others:

a. Recommends the approval the Internal Audit Charter (IA Charter)

b. Through the Internal Audit (IA) Department, monitors and evaluates the adequacy
and effectiveness of the corporation’s internal control system, integrity of financial
reporting, and security of physical and information assets.

c. Oversees the Internal Audit Department, and recommends the appointment

and/or grounds for approval of an internal audit head or Chief Audit Executive
(CAE).

Page 15

15

Corporate Governance

Code of Corporate Governance for Publicly-Listed Companies

d. Establishes and identifies the reporting line of the Internal Auditor to enable him
to properly fulfill his duties and responsibilities.

e. Reviews and monitors Management’s responsiveness to the Internal Auditor’s

findings and recommendations;

f. Prior to the commencement of the audit, discusses with the External Auditor the
nature, scope and expenses of the audit, and ensures the proper coordination

Page 16

16

8
 23/08/2021

Corporate Governance

Code of Corporate Governance for Publicly-Listed Companies

g. Evaluates and determines the non-audit work, if any, of the External Auditor, and
periodically reviews the non-audit fees paid to the External Auditor in relation to the
total fees paid to him and to the corporation’s overall consultancy expenses.

h. Reviews and approves the Interim and Annual Financial Statements before their
submission to the Board.

i. Reviews the disposition of the recommendations in the External Auditor’s

management letter;

Page 17

17

Definition of Terms

Page 18

18

9
 23/08/2021

Definition of Terms

Board
“The highest level of governing body charged with the responsibility to direct and/or
oversee the activities and management of the organization. Typically, this includes an
independent group of directors (e.g., a board of directors, a supervisory board, or a
board of governors or trustees).

If such a group does not exist, the “board” may refer to the head of the organization.
“Board” may refer to an audit committee to which the governing body has delegated
certain functions.”

- IPPF Glossary

Page 19

19

Definition of Terms

Internal Audit Activity

“A department, division, team of consultants, or other practitioner(s) that provides
independent, objective assurance and consulting services designed to add value and
improve an organization’s operations…”

- IPPF Glossary

Page 20

20

10
 23/08/2021

Definition of Terms

Chief Audit Executive

“..describes a person in a senior position responsible for
effectively managing the internal audit activity in
accordance with the internal audit charter and the
Definition of Internal Auditing, the Code of Ethics, and
the Standards... The specific job title of the chief audit
executive may vary across organizations.”

- IPPF Glossary

Page 21

21

Definition of Terms

What is assurance?
“..means an engagement in which a practitioner
expresses a conclusion designed to enhance
the degree of confidence of the intended users
other than the responsible party about the
outcome of the evaluation or measurement of
a subject matter against criteria.”

- International Framework for Assurance

Engagements

Page 22

22

11
 23/08/2021

Need for Assurance

Why do you need assurance?

§ Potential bias in providing information.
§ Remoteness between a user and the
organization or trading partner.
§ Complexity of the transactions, information or
processing systems.

Page 23

23

Potential Bias in Providing Information

§ Sellers
§ Management
§ Inside information
§ Compensation of management
§ Stock options held by management

Page 24

24

12
 23/08/2021

Remoteness of Users

§ Global society
§ Lack of personal interaction
§ Can’t physically inspect goods
§ Can’t interview management
§ Can’t inspect facility
§ Can’t review books and records

Page 25

25

What is an Assurance Service?

Assurance services (or assurance

engagements) are three-party contracts in
which assurers reports on the quality of
information.

Page 26

26

13
 23/08/2021

Scope of Assurance Service

Assurance is a broad concept.

Assurance services cover:
§ A wider spectrum of services.
§ A more diverse group of users.
§ Greater potential users.

Page 27

27

Value of Assurance

§ The assurance function gives investors,

creditors and users of information
confidence in the accuracy of data.

§ The value of assurance, then, is in

the confidence it generates in users
of the information.

Page 28

28

14
 23/08/2021

Elements of Assurance Service

Three-Party Relationship

Subject Matter

Evidence

Suitable criteria

Written Report
Page 29

29

Three-Party Relationships

• The term “practitioner” is broader than the term “auditor”.

Practitioner • Experts may also be engaged by practitioners to perform
assurance services.

Responsible • The person (or persons) responsible for the subject

matter or the subject matter information.

Party • The responsible party may or may not be the party who
engages the practitioner (the engaging party).

• The persons or class of persons for whom the

Intended practitioner prepares the assurance report.
• Intended users may be identified may be identified by
Users agreement between the practitioner and the responsible
party, or by law.

Page 30

30

15
 23/08/2021

Diagrammatic Summary of an
Assurance Service Engagement

Page 31

31

Subject Matter

Subject matters have different characteristic (e.g,

qualitative vs. quantitative, objective vs. subjective,
historical vs. prospective, and relates to a point in time
or covers a period) which may affect the precision with
which the subject matter can be evaluated or measured
against criteria and the persuasiveness of available
evidence.

Page 32

32

16
 23/08/2021

Suitable Criteria

Characteristics of Suitable Criteria

Relevance
Completeness
Reliability
Neutrality
Understandability
Page 33

33

Sufficient Appropriate Evidence

Evidence

The practitioner performs an assurance

engagement with an attitude of professional
skepticism to obtain sufficient appropriate
evidence about whether the subject matter
information is free of material misstatement.

Sufficiency is the Appropriateness is the

measure of quantity of measure of the quality
evidence of evidence

Page 34

34

17
 23/08/2021

Assurance Report

§ The practitioner provides a written report containing

a conclusion that conveys the assurance obtained
about the subject matter information.

§ A practitioner normally can express two levels of

assurance in an assurance service:

§ a reasonable (but not absolute) level, and

§ a limited level of assurance

Page 35

35

Levels of Assurance Provided

Three Levels:

1 Reasonable assurance (such as an audit opinion)

2 Limited assurance (such as in reviewed

financial statements)

3 No assurance (such as a compilation

of financial statements)

Page 36

36

18
 23/08/2021

Poll Questions

Page 37

37

Definition of Terms

What is audit?
ü Objective examination of factual evidence
ü Providing an independent and reasonable assurance
against an established criteria

- International Framework for Assurance Engagements

Page 38

38

19
 23/08/2021

Definition of Terms

What is external audit?

“..an independent examination of financial statements of an
entity that enables an auditor to express
an opinion whether the financial statements are prepared
(in all material respects) in accordance with an identified
and acceptable financial reporting framework (e.g.
international or local accounting standards and national
legislations)

- Brink’s Modern Internal Auditing

Page 39

39

Definition of Terms

What is internal audit?

“..is an independent, objective assurance and
consulting activity designed to add value and
improve an organization's operations. It helps an
organization accomplish its objectives by bringing
a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management,
control, and governance processes.”

International Professional Practices Framework (IPPF) of the IIA

Page 40

40

20

Internal audit vs. External audit
Comparison
Internal audit
1. Focus Provides financial, operational, assurance,
consultative, governance, computer, and
fraud-related services.
2. Management Reports to audit committee and management
administratively. Builds relationships
throughout
the organization, identifies issues and
concerns, and addresses their prompt
resolution.
3. Audit committee Usually reports directly to the audit
committee. Provides insight into and analysis
of the organization’s business risks, financial
statements, system of internal control, and
level of compliance with laws, regulations, and
policies.
41
Internal audit vs. External audit
Comparison
Internal audit
4. Standards Follows the IIA’s International Standards for
the Professional Practice of Internal Auditing.
5. Approach Generally follows a predefined methodology,
but often customizes approach to
appropriately meet individual assignment
objectives.
6. Independence Demonstrates organizational independence
and objectivity in work approach, but is not
independent of the organization. (IA should be
independent of the activity audited, but is
integral to the organization.)
42
23/08/2021
External audit
Primarily attests to financial
statements and, where applicable,
internal control.
Primarily reports to the audit
committee.
Provides financial statement (and,
where applicable, internal control)
attestation to the audit committee
or board of directors. Often provides
updates on pending accounting
pronouncements and their potential
impact on the organization.
Page 41
External audit
Applies auditing standards required
in local country or jurisdiction.
Generally follows an approach based
on the audit firm’s audit
methodology.
Provides financial statement (and,
where applicable, internal control)
attestation to the audit committee
or board of directors. Often provides
updates on pending accounting
pronouncements and their potential
impact on the organization.
Page 42
21

Internal audit vs. External audit
Comparison
Internal audit
7. Results Identifies issues (findings), makes recommendations,
and assists in facilitating resolutions.
8. Control Assesses components of an organization’s internal
control framework, focusing on control improvement
and operational efficiency and effectiveness.
Under SOX 404, assists in assessing the adequacy,
effectiveness, and efficiency of the financial and
operational systems of internal control, including the
design and operating effectiveness of the system of
internal control of each activity of the organization
(including control over financial
reporting). Can assist in documenting internal
controls, testing internal controls, and/or providing
input to management with respect to concluding on
design and operating effectiveness.
43
Internal audit vs. External audit
Comparison
Internal audit
9. Risk Identifies and qualifies key business risks to estimate
probability of occurrence and impact on business. Makes
appropriate recommendations as a
result of the risk assessment.
10. Fraud Focused on fraud awareness within the organization.
May include fraud-detection steps in
audit programs. Investigates the allegations of fraud.
Reviews management’s fraud prevention
controls and detection processes and makes
recommendations for improvement.
11. Recommendations Communicates recommendations for corrective action,
generally to auditee, management, and the
audit committee.
12. Follow-up Follow up with auditees to determine whether work is
sufficient to achieve issue resolution.
44
23/08/2021
External audit
Meets local statutory requirements;
determines if financial statements
(including footnotes) are fairly stated (free
of material error).
Controls considered in the audit of the
financial statements as required by local
country standards.
Under PCAOB standards, opines on
management’s assessment of the
effectiveness of the organization’s internal
control over financial reporting and on the
effectiveness of the organization’s internal
control over financial reporting.
In the course of assessing the
organization’s internal control, evaluates
the capabilities and effectiveness of
internal auditing.
Page 43
External audit
Identifies key financial reporting risks in
relation to its audit of the organization’s
financial statements.
Includes fraud detection steps in audit plan.
Gathers information necessary to
identify risks of material misstatement due
to fraud by inquiring of management and
others within the entity about the risks of
fraud. Considers the results of the analytical
procedures performed in
planning the audit and fraud risk factors.
Communicates recommendations for
corrective action generally to senior
management or the board of directors.
Limits follow-up primarily to financial areas.
Page 44
22
 23/08/2021

Page 45

45

Page 46

46

23
 23/08/2021

IPPF

Page 47

47

Code of Ethics

Purpose
States the principles and expectations governing the behavior of
individuals and organizations in the conduct of internal auditing.

Describes the minimum requirements for conduct, and behavioral

expectations rather than specific activities.

Promotes an ethical culture in the profession of internal auditing.

Page 48

48

24
 23/08/2021

Code of Ethics

Two Essential Components

1. Principles - that are relevant to the profession and practice of
internal auditing
2. Rules of Conduct - that describe behavior norms expected of internal
auditors.

Page 49

49

Code of Ethics

Integrity
The integrity of internal auditors establishes trust and thus provides
the basis for reliance on their judgment.

Page 50

50

25
 23/08/2021

Code of Ethics

Integrity – Rules of Conduct

Internal Auditors:
1.1. Shall perform their work with honesty, diligence, and
responsibility.
1.2. Shall observe the law and make disclosures expected by
the law and the profession.

Page 51

51

Code of Ethics

Integrity – Rules of Conduct

Internal Auditors:
1.3. Shall not knowingly be a party to any illegal activity, or
engage in acts that are discreditable to the profession of
internal auditing or to the organization.
1.4. Shall respect and contribute to the legitimate and ethical
objectives of the organization.

Page 52

52

26
 23/08/2021

Code of Ethics

Objectivity
Internal auditors exhibit the highest level of
professional objectivity in gathering, evaluating,
and communicating information about the
activity or process being examined.

Internal auditors make a balanced assessment of

all the relevant circumstances and are not
unduly influenced by their own interests or by
others in forming judgments

Page 53

53

Code of Ethics

Objectivity – Rules of Conduct

Internal Auditors:
2.1. Shall not participate in any activity or relationship that
may impair or be presumed to impair their unbiased
assessment. This participation includes those activities or
relationships that may be in conflict with the interests of the
organization.

Page 54

54

27
 23/08/2021

Code of Ethics

Objectivity – Rules of Conduct

Internal Auditors:
2.2. Shall not accept anything that may impair or be
presumed to impair their professional judgment.
2.3. Shall disclose all material facts known to them that, if not
disclosed, may distort the reporting of activities under review.

Page 55

55

Code of Ethics

Objectivity – Rules of Conduct

Potential Impairments
► Past or future work assignments

► Conflict of interest

► Gifts and gratuities

► Assignment of non-audit functions

► Scope limitation

► Resource limitation

► Access restriction

Page 56

56

28
 23/08/2021

Code of Ethics

Confidentiality
Internal auditors respect the value and ownership of information they
receive and do not disclose information without appropriate authority
unless there is a legal or professional obligation to do so.

Page 57

57

Code of Ethics

Confidentiality – Rules of Conduct

Internal Auditors:
3.1. Shall be prudent in the use and protection of information
acquired in the course of their duties.
3.2. Shall not use information for any personal gain or in any
manner that would be contrary to the law or detrimental to
the legitimate and ethical objectives of the organization.

Page 58

58

29
 23/08/2021

Code of Ethics

Competency
Internal auditors apply the knowledge, skills, and experience needed in
the performance of internal audit services.

Page 59

59

Code of Ethics

Competency – Rules of Conduct

Internal Auditors:
4.1. Shall engage only in those services for which they have
the necessary knowledge, skills, and experience.
4.2. Shall perform internal audit services in accordance with
the International Standards for the Professional Practice of
Internal Auditing.
4.3. Shall continually improve their proficiency and the
effectiveness and quality of their services.

Page 60

60

30