Corporate

Governance
GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT, AND INTERNAL
CONTROL
Corporate Governance
The process whereby elements in society wield power, authority and
influence, and enact policies and decisions concerning public life and
social upliftment.

It compromises all the processes of governing over a social system and

whether through laws, norms, power or language of an organized society.

It is the process of decision making and the process by which decisions are
implemented through the exercise of power or authority by leaders of the
country and organizations.

Corporate governance, international governance, national governance,

and local governance.
Characteristics of Good
Governance
Participation
Participation by both men and women is a key cornerstone of good
governance.
Participation could be either direct or through legitimate intermediate
institutions or representatives.
It is important to point out that representative democracy does not
necessarily mean that the concerns of the most vulnerable in society
would be taken into consideration in decision making.
Participation needs to be informed and organized. This means freedom of
association and expression on the one hand and an organized civil society
on the other hand.
Rule of Law
Good governance requires fair legal frameworks that are enforced
impartially.
It also requires full protection of human rights, particularly those of
minorities.
Impartial enforcement of laws requires an independent judiciary and an
impartial and incorruptible police force.
Transparency
Transparency means that decisions taken and their enforcement are done
in a manner that follows rules and regulations.
It also means that information is freely available and directly accessible to
those who will be affected by such decisions and their enforcement.
It also means that enough information is provided and that it is provided in
easily understandable forms and media.
Responsiveness
Good governance requires that institutions and processes try to serve all
stakeholders within a reasonable timeframe.
Consensus Oriented
There are several actors and as many view points in a given society. Good
governance requires mediation of the different interests in society to reach
a broad consensus in society on what is in the best interest of the whole
community and how this can be achieved.
It also requires a broad and long-term perspective on what is needed for
sustainable human development and how to achieve the goals of such
development.
This can only result from an understanding of the historical, cultural and
social contexts of a given society or community.
Equity & Inclusiveness
A society’s well being depends on ensuring that all its members feel that
they have a stake in it and do not feel excluded from the mainstream of
society.
This requires all groups, but particularly the most vulnerable, have
opportunities to improve or maintain their well being.
Effectiveness and Efficiency
Good governance means that processes and institutions produce results
that meet the needs of society while making the best use of resources at
their disposal.
The concept of efficiency in the context of good governance also covers
the sustainable use of natural resources and the protection of the
environment.
Accountability
Accountability is a key requirement of good governance. Not only
governmental institutions but also the private sector and civil society
organizations must be accountable to the public and to their institutional
stakeholders.
Who is accountable to whom varies depending on whether decisions or
actions taken are internal or external to an organization or institution.
In general an organization or an institution is accountable to those who will
be affected by its decisions or actions.
Accountability cannot be enforced without transparency and the rule of
law.
Corporate Governance
The system of rules, practices, and processes by which business
corporations are directed and controlled.
Involves balancing the interests of a company’s many stakeholders.
 Shareholders
 Management
 Customers
 Suppliers
 Financiers
 Government
 Community
Corporate Governance
The corporate governance structure specifies the distribution of rights and
responsibilities among different participants in the corporation and spells
out the rules and procedures for making decisions on corporate affairs.
It also provides the structure through which the objectives are set and the
means of attaining those objectives and monitoring performance.
Purpose of Corporate Governance
To facilitate effective, entrepreneurial, and prudent management that
can deliver long-term success of the company.
The fundamental aim of corporate governance is to enhance
shareholders’ value and protect the interest of other stakeholders by
improving the corporate performance and accountability.
It is also about what the board of directors of a company does, how it sets
the values of the business firm.
Objectives of Corporate
Governance
1. Fair and Equitable Treatment of Shareholders
A corporate governance structure ensures equitable and fair treatment of all
shareholders of the company. A group of high net worth individual institutions
who have a substantial proportion of their portfolios invested in the company,
remain active through occupation of top-level positions that enable them to
guard their interest.

2. Self Assessment
Corporate governance enables firms to assess their behavior and actions
before they are scrutinized by regulatory agencies. Business establishments with
a strong corporate governance system are better able to limit exposure to
regulatory risks and fines.
Objectives of Corporate
Governance
3. Increase Shareholder’s Wealth
Protect the long-term interests of the shareholders. Firms with strong
corporate governance structure are seen to have higher valuation
attached to their shares by businessmen.
4. Transparency and Full Disclosure
Good corporate governance aims at ensuring higher degree of
transparency in an organization by encouraging full disclosure of
transactions in the company accounts.
Basic Principles of Corporate
Governance
Effective corporate governance is transparent, protects the rights of
shareholders and includes both strategic and operational risk
management.
It is concerned in both the long-term earning potential as well as actual
short-term earnings and holds directors accountable for their stewardship
of the business.
Basic Principles of Corporate
Governance
Principles of Corporate
Governance
1. Lay solid foundations for management and oversight
2. Structure the Board to add value
3. Promote ethical and responsible decision-making
4. Safeguard integrity in financial reporting
5. Make timely and balanced disclosure
6. Respect the rights of shareholders
7. Recognize and manage risk
8. Encourage enhanced performance
9. Remunerate fairly and responsibly
10. Recognize the legitimate interests of stakeholders
Relationship between Owners and
Other Stakeholders
The Shareholders want
accountability on
1. Financial Performance
2. Financial Transparency
3. Stewardship
4. Quality of Internal Control
5. Composition of the Board of Directors and the Nature of its Activities
Management Responsibility
Management has always had the primary responsibility for the accuracy
and completeness of an organization’s financial statements.

Management’s responsibility in financial reporting is to:

1. Choose which accounting principles best portray the economic
substance of company transactions.
2. Implement a system of internal control that assures completeness and
accuracy in financial reporting.
3. Ensure that the financial statements contain accurate and complete
disclosure.
Parties involved in Corporate
Governance
1. Shareholders
Provide effective oversite through election of board members, approval of
major initiatives such as buying or selling stock, annual reports on management
compensation, from the board.
2. Board of Directors
The major representative of stockholders to ensure that the organization is run
according to the organization’s charter and that there is proper accountability.
3. Independent Directors
The major representative of stockholders to ensure that the organization is run
according to the organization’s charter and that there is proper accountability.
Parties involved in Corporate
Governance
4. Management
Operations and accountability. Manage the organization effectively
and provide accurate timely reports to shareholders and other
stakeholders.
5. Audit Committees of the BOD
Provide oversight of the internal and external audit function and the
process of preparing the annual financial statements as well as public
reports on internal control.
Parties involved in Corporate
Governance
6. Regulators
A. BOA
Set accounting and auditing standards dictating underlying financial reporting
and auditing concepts, and set the expectations of audit quality and
accounting quality.
B. SEC
Ensure the accuracy, timeliness, and fairness of public reporting of financial
and other information for public companies.
7. External Auditors
Performs audits of company financial statements to ensure that the
statements are free of material misstatements.
Parties involved in Corporate
Governance
8. Internal Auditors
Perform audits of companies for compliance with company policies
and laws, audits to evaluate the efficiency of operations, and periodic
evaluation and test of controls.
SEC Code of
Corporate
Governance
GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT, AND INTERNAL
CONTROL
Code of Corporate Governance
 The Code of Corporate Governance is intended to raise the corporate
governance standards of Philippine corporations to a level at par with
its regional and global counterparts.
SEC Code of Corporate
Governance
 Released last November 22, 2016 during the 3rd Annual SECPSE
Corporate Governance Forum.
 The first of a series of CG Codes for different types of Philippine
corporations under SEC supervision.
 It is intended to raise the corporate governance standards of Philippine
corporations to a level at par with its regional and global counterparts.
 A new feature of this Code is the adoption of the “comply or explain”
approach.
 The Code does not in any way prescribe a “one size fits all” framework.
The Principle of Proportionality will be considered in the application of its
provisions.
SEC Code of Corporate
Governance
The Code is arranged as follows: Principle, Recommendations and
Explanations.
Principles - can be considered to be high-level statements of corporate
governance good practices, and are applicable to all companies.
Recommendations - objective criteria that are intended to identify the
specific features of corporate governance good practice that are
recommended for companies operating according to the Code.
Alternatives to a Recommendation may be justified in particular
circumstances if good governance can be achieved by other means.
Explanations - strive to provide companies with additional information on
the recommended best practice.
SEC Code of Corporate
Governance
There are sixteen (16) principles that are distributed among five (5) main
sections, namely:
 Board’s Governance Responsibilities – Principles 1 – 7
 Disclosure and Transparency – Principles 8 – 11
 Internal Control and Risk Management Framework – Principle 12
 Cultivating a Synergic Relationship with Shareholders – Principle 13
 Duties of Stakeholders – Principles 14 -16
SEC Code of Corporate
Governance
1. The board’s corporate responsibilities (7)
2. Disclosure and transparency (4)
3. Internal control system and risk management framework (1)
4. Cultivating a synergic relationship with shareholders (1)
5. Duties to stakeholders (3)
 Board’s
Governance
Responsibilities
Principle 1
Establishing a Competent Board

The company should be headed by a competent, working board to foster

the long-term success of the corporation, and to sustain its
competitiveness and profitability in a manner consistent with its corporate
objectives and the long-term best interests of its shareholders and other
stakeholders.
Principle 2
Establishing Clear Roles and Responsibilities of the Board

The fiduciary roles, responsibilities and accountabilities of the Board as

provided under the law, the company’s articles and by-laws, and other
legal pronouncements and guidelines should be clearly made known to all
directors as well as to shareholders and other stakeholders.
Principle 3
Establishing Board Committees

Board committees should be set up to the extent possible to support the

effective performance of the Board’s functions, particularly with respect to
audit, risk management, related party transactions, and other key
corporate governance concerns, such as nomination and remuneration.
The composition, functions and responsibilities of all committees
established should be contained in a publicly available Committee
Charter.
Principle 4
Fostering Commitment

To show full commitment to the company, the directors should devote the
time and attention necessary to properly and effectively perform their
duties and responsibilities, including sufficient time to be familiar with the
corporation’s business.
Principle 5
Reinforcing Board Independence

The board should endeavor to exercise an objective and independent

judgment on all corporate affairs.
Principle 6
Assessing Board Performance

The best measure of the Board’s effectiveness is through an assessment

process. The Board should regularly carry out evaluations to appraise its
performance as a body, and assess whether it possesses the right mix of
backgrounds and competencies.
Principle 7
Strengthening Board Ethics

Members of the Board are duty-bound to apply high ethical standards,

taking into account the interests of all stakeholders.
 DISCLOSURE
AND
TRANSPARENCY
Principle 8
Enhancing Company Disclosure Policies and Procedures

The company should establish corporate disclosure policies and

procedures that are practical and in accordance with best practices and
regulatory expectations.
Principle 9
Strengthening the External Auditor’s Independence and Improving Audit
Quality

The company should establish standards for the appropriate selection of

an external auditor, and exercise effective oversight of the same to
strengthen the external auditor’s independence and enhance audit
quality.
Principle 10
Increasing Focus on Non-financial and Sustainability Reporting

The company should ensure that the material and reportable non-
financial and sustainability issues are disclosed.
Principle 11
Promoting a Comprehensive and Cost-efficient Access to Relevant
Information

The company should maintain a comprehensive and cost-efficient

communication channel for disseminating relevant information. This
channel is crucial for informed decision-making by investors, stakeholders
and other interested users.
INTERNAL CONTROL
SYSTEM AND RISK
MANAGEMENT
FRAMEWORK
Principle 12
Strengthening the Internal Control System and Enterprise Risk Management
Framework

To ensure the integrity, transparency and proper governance in the

conduct of its affairs, the company should have a strong and effective
internal control system and enterprise risk management framework.
 CULTIVATING A
SYNERGIC
RELATIONSHIP WITH
SHAREHOLDERS
Principle 13
Promoting Shareholder Rights

The company should treat all shareholders fairly and equitably, and also
recognize, protect and facilitate the exercise of their rights.
 DUTIES
TO
STAKEHOLDERS
Principle 14
Respecting Rights of Stakeholders and Effective Redress for Violation of
Stakeholder’s Rights

The rights of stakeholders established by law, by contractual relations and

through voluntary commitments must be respected. Where stakeholders’
rights and/or interests are at stake, stakeholders should have the
opportunity to obtain prompt effective redress for the violation of their
rights.
Principle 15
Encouraging Employees’ Participation

A mechanism for employee participation should be developed to create

a symbiotic environment, realize the company’s goals and participate in
its corporate governance processes.
Principle 16
Encouraging Sustainability and Social Responsibility

The company should be socially responsible in all its dealings with the
communities where it operates. It should ensure that its interactions serve
its environment and stakeholders in a positive and progressive manner that
is fully supportive of its comprehensive and balanced development.
Business Ethics
GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT, AND INTERNAL
CONTROL
Ethics
Set of moral principles or values that govern the actions and decision of an
individual or group.

While personal ethics vary from individual to individual, most people within
a society are able to agree about what is considered ethical and
unethical behavior.

A topic that receiving a great deal of attention throughout our society

today. This attention is an indication of both the importance of ethical
behavior to maintaining a civil society, and a significant number of
notable instances of unethical behavior.
Characteristics and Values
 Integrity
 Honesty
 Trustworthiness and Promise Keeping
 Loyalty and Confidentiality
 Fairness and Openness
 Caring for Others
 Respect for Others
 Responsible Citizenship
 Pursuit of Excellence
 Accountability
Why is Ethical Behavior Necessary?
Ethical Behavior
Ethical behavior is necessary for a society to function in an orderly manner.
It is the glue that holds a society together.

The need for ethics in society is sufficiently important that many commonly
held ethical values are incorporated into laws.

A considerable portion of the ethical values of a society cannot be

incorporated into laws because of the judgmental nature of certain
values.
Unethical Behavior
A conduct that differs from the way they believe would have been
appropriate given the circumstances.

Each of us decides for ourselves what we consider unethical behavior. It is

important to understand what causes people to act in a manner that we
decide is unethical.

Primary reasons why people act unethically:

1. The person’s ethical standards are different from those of society as a
whole
2. The person chooses to act selfishly
Categories of Ethical Principle
Principles of Personal Ethics
 Basic justice, fairness
 Respect for the rights of others
 Concern for the right of others
 Concern for the well-being on welfare of others
 Benevolence, trustworthiness, honesty
 Compliance with the law
Categories of Ethical Principle
Professional Ethics
 Integrity, impartiality, objectivity
 Professional competence
 Confidentiality
 Personal behavior
 Avoidance of potential or apparent conflict of interest
Categories of Ethical Principle
Business Ethics
 Fair competition
 Global as well as domestic justice
 Social responsibility
 Concern for environment
The Need for Professional Ethics
There is no universally accepted definition of what constitutes a profession.
However, certain types of activities have been recognized as professions
while others have not.

Medicine, law, engineering, architecture, public accounting and theology

are examples of disciplines long accorded professional status.

All the recognized professions have several common characteristics. The

most important are:
1. Responsibility to serve the public
2. Complex body of knowledge
3. Standards of admission to the profession
4. Need for public confidence
Business Ethics
The standards of moral conduct, behavior, and judgment in business.

Involves making the moral and right decisions while engaging in such
business activities as manufacturing and selling a product and providing a
service to customer.

An area of corporate responsibility where businesses are legally bound

and socially obligated to conduct business in an ethical manner.

Based on personal values and standards of each person engaged in

business.
Purposes of Business Ethics
To help business and would-be business to determine what business
practices are right and what are wrong. Hopefully, they are going to use
this knowledge to guide them in making the right business decisions.

Other purposes:
1. To make businessmen realize that they cannot employ double
standards to the actions of other people and to their own actions.
2. To show business that common practices which they have thought to
be right because they see other businessmen doing it, are really wrong.
3. To serve as a standard or ideal upon which business conduct should be
based.
Scope and Impact of Business Ethics
Business ethics covers all conduct, behavior, and judgment in business. It
covers even acts that may be legal but which are wrong because they
violate ethical principles.

There is no uniform standards of right and wrong from which all business
may base their actions.

 Economic Impact
 Social Impact
 Environmental Impact
 Impact on Business Managers
Common Unethical Practices
1. Misrepresentation
A. Direct Misrepresentation (Product or Customers)
Deceptive Packaging
Misbranding
False Advertising
Adulteration
Weight Understatement
Measurement Understatement
Quantity Understatement
B. Indirect Misepresentation (Information about the product or service)
Caveat Emptor
Deliberate Withholding of Information
Passive Deception
Common Unethical Practices
2. Over Persuasion
Persuasion is the process of appealing to the emotions of a prospective
customers and urging him to buy an item of merchandise he needs.
Persuasion used for the sole benefit of selling a product without
considering the interest of the buyer is not ethical.
Common instances:
1. Urging customer to satisfy low priority need for merchandise.
2. Playing upon intense emotional agitation to convince a person to buy.
3. Convincing a person to buy what he does not need just because he
has the capacity or money to do so.
Unethical Practices of BOD
1. Plain gift
2. Interlocking Directorship
3. Insider Trading
4. Negligence of Duty
Unethical Practices of Executive
Officers and Lower Level Managers
1. Claiming a vacation trip to be a business trip
2. Having employees do work unrelated to the business
3. Loose or ineffective controls
4. Unfair labor practices
5. Making false claims about losses to free themselves from paying the
compensation and benefits provided by law
6. Making employees sign documents showing that they are receiving
fully what they are entitled to under the law when in fact they are only
receiving fraction of what they are supposed to get
7. Sexual Harassment
Unethical Practices of Employee
1. Conflict of Interest
2. Dishonesty
Ethical Dilemma
A situation a person faces in which a decision must be made about the
appropriate behavior.

Example: Finding a diamond ring, which necessitates deciding whether to

attempt to find the owner or keep it.
Resolving Ethical Dilemma
The six step approach that follows is intended to be a relatively simple
approach to resolving ethical dilemma:

1. Obtain the relevant facts.

2. Identify the ethical issues from the facts.
3. Determine who is affected by the outcome of the dilemma and how
each person or group is affected.
4. Identify the alternatives available to the person who must resolve the
dilemma.
5. Identify the likely consequences of each alternative.
6. Decide the appropriate action.
Advocacy Against
Corruption and
Initiatives Against
Business Ethics
GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT, AND INTERNAL
CONTROL
Corruption
Abuse of private and public office for personal gain.

Includes bribery, embezzlement, nepotism, kickbacks, and state capture.

Receiving, asking for or giving any gratification to induce a person to do a

favor for private gain.

Misuse of entrusted power (by heritage, education, marriage, election,

appointment) for private gain.

Involves wrong doing on the part of an authority or powerful party through

means that are illegitimate, immoral or incompatible with ethical standards.
Corruption
Corruption is an improbity or decay in the decision making process in
which a decision maker consents to deviate or demands deviation from
the deviation from the criterion which should rule his or her decision
making, in exchange for a reward or for the promise or expectation of a
reward, while these motives influencing his or her decision making cannot
be part of the justification of the decision.
- Dr. Petrus Van Duyne
Corruption
Corruption may take place in any of the following forms / ways:
 A company paying a bribe to win the public contract to build the local
highway, despite proposing a sub-standard offer.
 A politician redirecting investments to his hometown rather than to the
region most in need.
 Public officials embezzling funds for school renovation to build his
private villa.
 A private company manager recruiting an ill-suited friend for a high
level position.
 A salesman bribing the purchasing manager of a company to give
preference to his products.
THOSE HURT MOST BY THE
CORRUPTION ARE THE
WORLD’S WEAKEST AND
MOST VULNERABLE
WHY AND HOW DOES A
PERSON BECOME
CORRUPT?
Ill Effects of Corruption
 Corruption adds up to 10% of the total cost of doing business in any part
of the world and up to 25% of the cost of procurement programs in
developing countries.
 Corruption leads to waste or the inefficient use of public resources.
 Corruption erodes public trust, undermines the rule of law, and
ultimately delegitimizes the state.
Characteristics of Corruption
A. Recipients and Payers
B. Extortion
C. Lubricant of Society
D. An Ethical Dilemma
E. Poverty Alleviation
F. Culture
G. Kindness among Friends
The Philippines Corruption Report
The Former Secretary of Finance reported in 2016 that the Philippines loses
P200 billion from smuggling and P400 billion from tax evasion perpetuated
through collusion with some personalities in the government agencies. P2.6
trillion is lost annually in corruption globally.

Source: GAN Business Anti-Corruption Portal

Judicial System
Corruption risks are high in the judicial system.

Bribed and irregular payments in return for favorable judicial decision are
common.

Procedural fairness and transparency are severely undermined by

nepotism, favoritism, and impunity.

Low salaries for judicial officials are said to perpetuate the problem of
bribery.
Police
There is a high risk of corruption when dealing with the police.

The national police force is widely regarded as one of the most corrupt
institutions in the country.

Corruption, extortion, and being involved in local rackets.

Business rate the National Police’s commitment to fighting corruption as poor.

In one corruption case, Police Commissioner Mr. Sombero, is under

investigation for allegedly facilitating a P50 million bribe from gambling tycoon
Jack Lam, who tried to bribe immigration authorities in order to release
approximately 1,300 Chinese nationals who were working in his resorts illegally.
Public Service
Companies contend with a high corruption risk when dealing with the
public services.

Approximately half of business executives reported being asked for a bribe

by someone in the government in 2017.

3 out of 5 business reported to give gifts in order ‘to get things done’, but
only 1 out of 10 reported expecting to give gifts get an operating license.

Irregular payments and bribes.

Land Administration
Corruption risks in the land administration are high.

2 out of 5 companies report expecting to give gifts when obtaining a

construction permit.

Multiple agencies are responsible for land administration, which has led to
overlapping procedures for land valuation and title registration.
Tax Administration
There is a high risk of corruption when dealing with the tax administration.

1 out of 7 companies indicates that they expect to give gifts in meetings

with tax officials.

Companies indicate that they perceive that only a fifth of businesses in

their line of business pay their taxes honestly.

Officials at BIR are believed to be prone to corruption and known for

embezzlement and extortion.
Custom Administration
There is a high risk of encountering corruption when dealing with the
customs administration.

Companies indicate that irregular bribes and payments in import and

export procedures are very common.

About a quarter of companies indicate they expect to give gifts when

obtaining import license.

A business survey indicates that the BOC was the only agency receiving a
rating of very bad when it came to its commitment to fighting corruption.
Public Procurement
There is a very high risk of corruption in the public procurement sector,
which is subject to rampant corruption, irregularities, and inconsistent
implementation of legislation.

More than a fifth of businesses report they expect to give gifts in order to
win a government contract.

The public sector is obliged to procure goods and services from

companies with at least 60% Philippine ownership.

Local level public procurement lacks transparency, fostering culture of

corruption through the misuse of the pork barrel system.
Natural Resources
Companies operating in the natural resource sector face a high risk of
corruption.

The Philippines has shown marked improvements in its natural resources

governance in the past few years. The country has a good enabling
environment and its regulatory quality and control of corruption are
judged as adequate.

Poor value realization and revenue management have caused the

country’s overall resource governance to be judged as weak.
Prevention of Corruption
 Clear Business Processes
 Policy on Gifts and Entertainment
 Declaration of Conflict of Interest
 Convenient Corruption Reporting System
Efforts to Curb Corruption through
Legislation
 Anti-Graft and Corrupt Practices Act
 Anti-Red Tape Act
 Revised Penal Code
 Anti-Money Laundering Act
 Act Establishing a Code of Conduct and Ethical Standards for Public
Officials and Employees
 Government Procurement Reform Act
 United Nations Convention against Corruption
The Integrity Initiative Campaign
The Integrity Initiative is a multi-sectoral campaign that seeks to
institutionalize integrity standards among various sectors of society –
business, government, judiciary, academe, youth, civil society, church,
and media.

The initiative aims to help in diminishing, if not fully eradicating, the vicious
cycle of corruption in the Philippines, which has not only exacerbated
poverty but also obstructed the development of a competitive business
environment that operates on a level playing field.

The Integrity Initiative hopes to build trust in government, amore equitable

society and fair market conditions. This will result in improved
competitiveness and increased business confidence, which will be evident
with the increase in domestic and foreign investments, and more
employment generated for Filipinos.
Need for a Code of Conduct
A code of conduct should:
 Guide directors and senior executives
 Promote responsibility and accountability
 Ensure compliance with legal and other obligations
Risk Management
GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT, AND INTERNAL
CONTROL
Risk Management
The process of measuring or assessing risk and developing strategies to
manage it.

Systematic approach in identifying, analyzing, and controlling areas or

events with a potential for causing unwanted change.

The identification, assessment, and prioritization of risks followed by

coordinated and economical application of resources to minimize,
monitor, and control the probability and impact of unfortunate events and
to maximize the realization of opportunities.
Basic Principles of
Risk Management
1. Create value
2. Address uncertainty and assumptions
3. Be an integral part of the organizational process and decision making
4. Be dynamic, iterative, transparent, tailorable, and responsive to
change
5. Create capability of continual improvement and enhancement
considering the best available information and human factors
6. Be systematic, structured, and continually or periodically reassessed
Basic Principles of
Risk Management
Elements of Risk Management
1. Identification, characterization, and assessment of threats
2. Assessment of the vulnerability of critical assets to specific threats
3. Determination of the risk
4. Identification of ways to reduce those risks
5. Prioritization of risk reduction measures based on a strategy
 Extreme

High

Moderate

Low
Risk Associated with Investments
 Business Risk
 Financial Risk
 Liquidity Risk
 Default Risk
 Interest Rate Risk
 Management Risk
 Purchasing Power Risk
Risk Associated with Manufacturing,
Trading, and Service
 Market Risk
 Operations Risk
 Financial Risk
 Business Risk
Risk Associated with Financial Institutions
 Liquidity Risk
 Market Risk
 Credit Risk
 Market Liquidity Risk
 Hedged Position Risk
 Portfolio Exposure Risk
 Derivative Risk
 Accounting Information Risk
 Financial Reporting Risk
Potential Risk Treatments
 Risk Avoidance
 Risk Reduction
 Risk Sharing
 Risk Retention
Areas of Risk Management
1. Enterprise risk management
2. Risk management activities as applied to project management
3. Risk management for megaprojects
4. Risk management of information technology
5. Risk management techniques in petroleum and natural gas
Risk Management Framework
Process of Risk Management
1. Establishing the Context
A. Identification of risk in a selected domain of interest
B. Planning the remainder of the process
C. Mapping out
D. Defining a framework for the activity and an agenda for identification
E. Developing an analysis of risks involved in the process
F. Mitigation or solution of risks using available technological, human, and
organizational resources.
Process of Risk Management
2. Identification of Potential Risk
A. Objective based risk
B. Scenario based risk
C. Taxanomy based risk
D. Common risk checking
E. Risk charting
Process of Risk Management
3. Risk Assessment
Potential severity of impact and the probability of occurrence must be
assessed. The assessment is critical to make the best educated decisions in
prioritizing the implementation of the risk management plan.
Risk Management Process
Steps in Risk Management Process
1. Set up a separate risk management committee chaired by a board
member
2. Ensure that a formal comprehensive risk management system is in
place
3. Assess whether the formal system possesses the necessary elements.
4. Evaluate the effectiveness of the various steps in the assessment of the
comprehensive risks faced by the business firm
5. Assess if management has developed and implemented the suitable
risk management strategies and evaluate their effectiveness
Steps in Risk Management Process
6. Evaluate if management has designed and implemented risk
management capabilities
7. Assess management’s efforts to monitor overall company risk
management performance and to improve continuously the firm’s
capabilities
8. See to it that best practices as well as mistakes are shared by all
9. Assess regularly the level of sophistication of the firm’s risk management
system
10. Hire experts when needed
Reducing and
Managing Business
Risks
GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT, AND INTERNAL
CONTROL
Nature of Risk
Successful businessmen and decision-makers make sure that the risks
resulting from their decisions are measured, understood, and eliminated if
possible.

Understand why control systems are needed. This requires communication

and leadership skills so that standards and expectations are set and clearly
understood.
Identify and Prioritize Risk
Identification of significant risks both within and outside the organization is
crucial and allows to make informed decisions.

 Loss of a major customer

 Failure of a key supplier
 Appearance of a significant competitor
Identify and Prioritize Risk
Consider the Acceptable
Level of Risk
This involves assessing the likelihood of risks becoming reality and the effect
they would have if they did. Only when this is understood can measures to
be taken to minimize the incidence and impact of such risks.

There is also an opportunity cost associated with risk. Avoiding a risk may
mean avoiding a potentially big opportunity. Sometimes the greatest risk is
to do nothing.
Understand Why Risks
Become Reality
Once risks are identified, they can be ranked accordingly to their potential
impact and likelihood of them occurring.

Five most significant type of risk catalyst:

1. Technology
2. Organizational Change
3. Processes
4. People
5.. External Factors
Apply a Simple
Risk Management Process
1. Assess and analyze the risks resulting from a decision by systematically
identifying and quantifying them.
2. Consider how best to avoid and mitigate them.
3. Take action to manage control and monitor the risks.
Managing and Reducing
Financial Risk
Finance is the lifeblood of a business, heavily influencing strategies and
decisions at every level.

 Improve profitability
 Avoid pitfalls in making financial decisions
 Reduce financial riskk
Improving Profitability
Certain skills will ensure that decisions are focused on commercial success.

 Variance Analysis
 Assessment of Market Entry and Exit Barriers
 Break-even Analysis
 Controlling Costs
Avoiding Pitfalls
Many managers have financial responsibilities and their decisions will often
be influenced by an impact on other parts of the business.

 Financial expertise must be widely available

 Consider the impact of financial decisions
 Avoid weak budgetary control
 Understand the impact of cash flow
 Know where the risk lies
Reduce Financial Risk
 Are the most effective and relevant performance measures in place to
monitor and assess the effectiveness of financial decisions?
 Have you analyzed key business ratios?
 Is there a positive attitude to budgets and budgeting?
 Does decision making focus on the most profitable products and
services, or preoccupied with peripheral issues?
 What are the least profitable parts of the organizations? How will they
improved?
 Are market and customer decisions focused on improving profitability?
 How efficiently is cash managed? Do your strategic business decisions
take account of cash considerations, such as time value of money?
Internal control
Governance, Business Ethics, Risk Management, and Internal Control
Internal Control

✤ The process designed and effected by those charged with governance,

management, and other personnel to provide reasonable assurance about
the achievement of the entity’s objectives concerning the reliability of
financial reporting, effectiveness, and efficiency of operations and
compliance with applicable laws and regulations.

✤ It follows that internal control is designed and implemented to address

identified business risks that threaten the achievement of any of these
objectives.
Internal Control

✤ COSO definition

✤ Internal control is a process, effected by an entity’s board of directors,

management, and other personnel, designed to provide reasonable assurance
regarding the achievement of objectives relating to operations, reporting, and
compliance.
… focuses on three objectives

✤ Operations Objectives—The effectiveness and efficiency of the entity’s operations, including operational and
financial performance goals, and safeguarding assets against loss.

✤ Reporting Objectives—The internal and external financial and non-financial reporting .

✤ Compliance Objectives—The adherence to laws and regulations to which the entity is subject.
Internal Control System

✤ Internal Control System means all the policies and procedures (internal controls)
adopted by the management of an entity to assist in achieving management’s objective
of ensuring, as far as practicable:

✤ orderly and efficient conduct of its business, including adherence to management

policies

✤ safeguarding of assets

✤ prevention and detection of fraud and error

✤ accuracy and completeness of the accounting records

✤ timely preparation of reliable financial information.

..has five Components
The COSO move to principles

The first COSO model introduced the

COSO I definitions of Internal Control and five
components

COSO II focus on internal control in the

COSO II
context of risk management

COSO III introduces a principles based

COSO III approach and the need for regular
monitoring
Control Environment Principles

✤ The organization demonstrates a commitment to integrity and ethical values.

✤ The board of directors demonstrates independence from management and exercises oversight of the
development and performance of internal control.

✤ Management establishes, with board oversight, structures, reporting lines, and appropriate authorities
and responsibilities in the pursuit of objectives.

✤ The organization demonstrates a commitment to attract, develop, and retain competent individuals in
alignment with objectives.

✤ The organization holds individuals accountable for their internal control responsibilities in the pursuit of
objectives.
Risk Assessment Principles

✤ The organization specifies objectives with sufficient clarity to enable the identification and
assessment of risks relating to objectives.

✤ The organization identifies risks to the achievement of its objectives across the entity and
analyzes risks as a basis for determining how the risks should be managed.

✤ The organization considers the potential for fraud in assessing risks to the achievement of
objectives.

✤ The organization identifies and assesses changes that could significantly impact the system of
internal control.
Control Activities Principles

✤ The organization selects and develops control activities that contribute to the
mitigation of risks to the achievement of objectives to acceptable levels.

✤ The organization selects and develops general control activities over technology to
support the achievement of objectives.

✤ The organization deploys control activities through policies that establish what is
expected and procedures that put policies into action.
Information and Communication Principles

✤ The organization obtains or generates and uses relevant, quality information to

support the functioning of internal control.

✤ The organization internally communicates information, including objectives and

responsibilities for internal control, necessary to support the functioning of internal
control.

✤ The organization communicates with external parties regarding matters affecting the
functioning of internal control.
Monitoring Activities Principles

✤ The organization selects, develops, and performs ongoing and/or separate

evaluations to ascertain whether the components of internal control are
present and functioning.

✤ The organization evaluates and communicates internal control deficiencies

in a timely manner to those parties responsible for taking corrective action,
including senior management and the board of directors, as appropriate.
Effective Internal Control

✤ Requires that each of the five components and relevant principles is present and functioning.

✤ “Present” - the components and relevant principles exist in the design and
implementation of the system of internal control.

✤ “Functioning” - the components and relevant principles continue to exist in the operations
and conduct of the system of internal control to achieve specified objectives.

✤ That the five components operate in an integrated and interdependent manner.

Internal Control Results in:

✤ Reasonable assurance that the organization:

✤ Achieves effective and efficient operations

✤ Understands the extent to which operations are managed effectively and efficiently when
external events may have a significant impact on the achievement of objectives

✤ Prepares reports in conformity with applicable rules, regulations, and standards or with the
entity’s specified reporting objectives

✤ Complies with applicable laws, rules, regulations, and external standards

Limitations

✤ Internal control cannot prevent bad judgment or decisions, or external events that can cause an
organization to fail to achieve its operational goals. Their are inherent limitations from

✤ Faulty human judgment in decision making

✤ Human failures such as simple errors

✤ Ability of management to override internal control

✤ Ability of management, other personnel, and/or third parties to circumvent controls through
collusion

✤ External events beyond the organization’s control

The importance of internal control to internal
auditors

✤ Internal Audit cannot provide assurance on internal control if auditors do not understand of the
main elements of internal control

✤ Internal Auditors need a thorough understanding of the different ways of ensuring effective
internal control and the type and nature of controls in operation for example, Preventative and
Detective Controls

✤ An understanding of the three lines of defence model can help IA explain the different roles of
IA and management in maintaining effective internal control

✤ Internal Audit can help managers understand that internal control is not just financial control but
Managerial Control in general
The three lines of defence model

The first line of Defence - direct operation of controls

by management

The Second line of Defence - monitoring and

oversight of controls by management

The Third line of Defence - review of the

effectiveness of controls by audit and evaluation
Fraud and Error
GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT, AND INTERNAL
CONTROL
Fraud
The willful misrepresentation made with an intention of deceiving others.
It is a deliberate mistake committed in the accounts with a view to get
personal gain. In accounting, fraud means two things:

a. Defalcation involving misappropriation of either cash or goods

b. Fraudulent manipulation of accounts

Error
Error refers to unintentional misstatements or mis descriptions in the
records or books of accounts by the book keeper. In other words, they
are unintentional mistakes arising on account of negligence or
ignorance. Errors may be basically of two types :

(a) Principal Errors

(b) Clerical Errors

Error
Principal Errors
Arise generally when the principles of accounting are not taken into
consideration while recording a transaction. It arises on account of
ignorance of accounting principles.

Clerical Errors
Arise on account of negligence of the accounting staff. This type of error is
further divided as errors of omission, errors of Commission, duplicating errors
and compensating errors.
Types of Misstatements
1. Misstatements arising from misapplication of assets
Involve the theft of an entity's assets where the effect of the theft causes
the financial statements not to be presented, in all material respects, in
conformity with GAAP.
Misappropriation of assets can be accomplished in various ways, including
embezzling receipts, stealing assets, or causing an entity to pay for goods
or services that have not been received.
Misappropriation of assets may be accompanied by false or misleading
records or documents, possibly created by circumventing controls. The
scope of this section includes only those misappropriations of assets for
which the effect of the misappropriation causes the financial statements
not to be fairly presented, in all material respects, in conformity with GAAP.
Theft or defalcation
Types of Misstatements
2. Misstatements arising from Fraudulent Financial Reporting
Intentional misstatements or omissions of amounts or disclosures in financial
statements designed to deceive financial statement users where the
effect causes the financial statements not to be presented, in all material
respects, in conformity with generally accepted accounting principles
(GAAP). Fraudulent financial reporting may be accomplished by the
following:
 Manipulation, falsification, or alteration of accounting records or
supporting documents from which financial statements are prepared
 Misrepresentation in or intentional omission from the financial statements
of events, transactions, or other significant information
 Intentional misapplication of accounting principles relating to amounts,
classification, manner of presentation, or disclosure
Element of Fraud Triangle
There are three conditions generally present when fraud
occurs

Attitudes/Rationalizations

Fraud
Triangle

Incentive Opportunity
Risk Factors Contributory to
Misappropriation of Assets
 Embezzling receipts
 Stealing physical assets or intellectual property
 Causing an entity to pay for goods and services not received
 Using an entity’s assets for personal use
Risk Factors Contributory to
Fraudulent Financial Reporting
 Manipulation, falsification, or alteration of accounting records or
supporting documentation from which the financial statements are
prepared.
 Misrepresentation in, or intentional omission from, the financial
statements of events, transactions or other significant information.
 Intentional misapplication of accounting principles relating to amounts,
classification, manner of presentation, or disclosure.
Responsibility for Prevention &
Detection
Management Responsibility
 Although AAS4 focuses on the auditor's responsibilities with respect to
fraud and error, the primary responsibility for the prevention and
detection of fraud and error rests with both those charged with
governance and the management of an entity. The respective
responsibilities may vary from entity to entity.
 The management is responsible for establishing a control environment
and maintain policies and procedures by implementing and ensuring
continued operation of accounting and internal control systems, which
are designed to prevent fraud and error.
 Such systems reduce but do not eliminate the risk of misstatements,
Accordingly, management assumes responsibility for any remaining
risk.
Responsibility for Prevention &
Detection
Auditor Responsibility
 As regards the auditors’, the standard states that when planning and
performing audit procedures and evaluating and reporting the results
thereof, the auditor should consider the risk of material misstatements in
the financial statements resulting from fraud or error.
Inherent Limitations of an audit
 An auditor cannot obtain absolute assurance that material
misstatements in the financial statements will be detected. The auditor
is able to obtain only a reasonable assurance that material
misstatements in the financial statements will be detected.

The risk of not detecting a material misstatement resulting from fraud is

higher than the risk of not detecting a material misstatement resulting
from error.
Auditor Responsibility for Detecting
Errors, Frauds, and Illegal Acts
Responsible for Detection? Must Communicate Findings?

Material Immaterial Material Immaterial

Yes
Errors Yes No (Audit No
Committee)

Yes Yes
Fraud Yes No (Audit (One level
Committee) above)

Yes Yes
Illegal Acts Yes No (Audit (One level
(Direct Effect) Committee) above)
 ERRORS AND
IRREGULARITIES IN
THE TRANSACTION
CYCLES OF THE
BUSINESS ENTITY
Three Business Transaction Cycles
1. Sales and Collection Cycle
2. Acquisition and Payment Cycle
3. Payroll and Personnel Cycle
Sales and Collections Cycle
1. Errors in recording sales and collections transactions
2. Frauds in Sales and Collections
A. Fraudulent Financial Reporting
B. Misappropriation of Assets
1. Skimming
2. Lapping
3. Kiting
Acquisitions and Payments Cycle
1. Errors in the acquisitions and payments cycle
2. Frauds in the acquisitions and payments cycle
A. Paying for fictitious purchases
B. Receiving kickbacks
C. Purchasing goods for personal use
Payroll and Personal Cycle
1. Errors
2. Frauds involving Payroll
A. Fictitious employee
B. Excess payments to employees
C. Failure to record payroll
D. Inappropriate assignment of labor costs to inventory
Internal Controls
over Assets,
Liabilities and
Equity
GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT, AND INTERNAL
CONTROL
Internal Control
The functions of the finance department and the accounting department
should be integrated in a manner that provides assurance that:
1. All cash that should have been received was in fact received,
recorded accurately, and deposited promptly.
2. Cash disbursements have been made for authorized purposes only
and have been properly recorded.
3. Cash balance are maintained at adequate, but not excessive, levels
by forecasting expected cash receipts and payments related to
normal operations. The need for obtaining loans for investing excess
cash is thus made known on a timely basis.
Guidelines over Cash
1. Do not permit any one employee to handle a transaction from beginning
to end.
2. Separate cash handling from record keeping.
3. Centralize receiving of cash to the extent practical.
4. Record cash receipts on a timely basis.
5. Encourage customers to obtain receipts and observe cash register totals.
6. Deposit cash receipts daily.
7. Make all disbursements by check or electronic fund transfer, with the
exception of small expenditures from petty cash.
8. Have monthly bank reconciliation prepared by employees not responsible
for the issuance of checks or custody of cash.
9. Monitor cash receipts and disbursements by comparing recorded
amounts to forecasted amounts and investigating variances from
forecasted amounts.
Cash Receipt
Potential Misstatements
Cash Receipts
1. Recording fictitious cash receipts
2. Failure to record receipts from cash sales
3. Failure to record cash from collection of accounts receivable
4. Early or late recognition of cash receipts (cut-off)
Cash Disbursement
Potential Misstatements
Disbursements
1. Inaccurate recording of a purchase or a disbursement
2. Duplicate recording and payment of purchases
3. Unrecorded disbursements
Controls over Financial Investments
1. Establishment of formal investment policies
2. Review and approval of investment activities by the investment
committee of the board of directors
3. Separation of duties among employees
A. Authorizing purchases and sales
B. Having custody of the securities
C. Maintaining records
4. Detailed records of all securities owned and the related revenue from
interest and dividends
5. Registration in the name of the company
6. Periodic physical inspection of securities
7. Determination of accounting for complex instruments by competent
personnel
Potential Misstatements
Financial Investments
1. Misstatement of recorded value of investments
2. Unauthorized investment transactions
3. Incomplete recording of investments
Controls over Receivables
Accounts receivable include not only claims against customers arising
from the sale of goods or services, but also a variety of miscellaneous
claims such as loans to officers or employees, loans to subsidiaries, claims
against various other films, claims for tax refunds and advantages to
suppliers.
Potential Misstatements
Accounts Receivables / Revenue
1. Recording of unearned revenue
2. Early (late) recognition of revenue (cut-off)
3. Recording revenue when significant uncertainties exist
4. Recording revenue when significant services still must be performed by
seller
5. Overestimation of the amount of revenue earned.
Controls over Inventories
Inventories include:
1. Goods on hand ready for sale, whether the merchandise of a trading
concern or the finished goods as manufacturer
2. Goods in the process of production
3. Goods to be consumed directly or indirectly in production, such as raw
materials, purchased parts, and supplies.
Potential Misstatements
Inventory / COGS
1. Misstatement of inventory costs
2. Misstatement of inventory quantities
3. Early (late) recognition of purchases (cut-off)
Controls over
Property, Plant and Equipment
Three major groups:
1. Land
2. Building, machinery, equipment, and land improvements
3. Natural resources
Potential Misstatements
Property, Plant and Equipment
1. Misstatement of acquisition of PPE
2. Failure to record retirements of PPE
3. Improper reporting of unusual transactions
Controls over
Accounts Payable
Accounts payable is used to describe short-term obligations arising from
the purchase of goods and services in the ordinary course of business.

Invoices and statements from supplies usually evidence accounts payable

arising from the purchase of goods and services and most other liabilities.

Accrued liabilities generally accumulate overtime and management must

make accounting estimates of the year-end liabilities.
Potential Misstatements
Accounts Payable
1. Inaccurate recording of a purchase or disbursement
2. Misappropriation of purchases
3. Duplicate recording of purchases
4. Late (early) recording of cost of purchase (cut-off)
Controls over
Other Debts
Business corporations obtain substantial amounts of their financial
resources by incurring debt and issuing capital stock. The acquisition and
repayment of capital is sometimes referred to as the financing cycle. This
transaction cycle includes the sequence of procedures for authorizing,
executing, and recording transactions that involve bank loans, mortgages,
bonds payable, and capital stock as well as the payment of interest and
dividends.
Controls over
Other Debts
1. Authorization by the Board of Directors
2. Use of an Independent Trustee
3. Interest Payments on Bonds and Notes Payable
Controls over
Owner’s Equity
1. The proper authorization of transactions by the board of directors and
corporate office
2. The segregation of duties in handling these transactions
3. The maintenance of adequate records
Controls over
Owner’s Equity
1. Control of Share Capital transactions by the Board of Directors
2. Independent registrar and stock transfer agent