Yap, Angel Mae, M.

TTh 9:00-10:30 AM
AC 1204 - Governance, Business Ethics, Risk Management, and Internal Control

Instruction: These questions will be for graded recitations on April 6 and 7. However, each
one will have to prepare the complete answers and submit via your respective group drives
starting April 25 2022 (Monday).

1. Regardless of what aspect of corporate governance is accepted, the corporate

governance structure should be based on the following premises. Briefly explain each.

a.) The primary purpose of corporate governance is to create and enhance sustainable and
enduring shareholder value while protecting the interests of other shareholders.

- Corporate governance serves as the foundation for company decision-making, taking

into account a wide range of factors such as the economic, social, regulatory, and
market environments. Corporate governance is based on moral and business
principles, with the goal of creating value for all stakeholders over the long term.

b.) The Board of directors, as representatives of investors, has direct authority and
responsibility to govern business affairs of the company and is ultimately accountable to
investors for the company’s strategic performance, achievement of goals, and prevention of
surprises.

- The Board of Directors is the corporation's governing body, responsible for

important business and political decisions such as dividend declaration, issuing of
new shares, financing and capital modifications, officer appointment, and so on. It
controls the corporation's business and affairs and has the authority to use all of the
corporation's functions, but it is also limited in some ways.

c.) The board of directors delegates the authority of managing the company to the top
management team (senior executives, CEO, CFO) and holds senior executives accountable
for their decisions, actions, and performance without micromanaging business affairs and
decisions.

- Corporate boards are charged with a wide range of functions and obligations. Every
choice made by the board must take into account the impact on its employees,
customers, suppliers, communities, and shareholders. Board directors, in essence,
serve as stewards of the firm, governing for the present and providing guidance and
 direction for the future. Boards of directors must constantly analyze a variety of
risks in their capacity as overseers.

d.)  The CEO is directly responsible for managing the company and is ultimately
accountable to  the board for the assigned managerial functions and decisions.

-    The CEO is in charge of the overall success of a corporation or other organization,

as well as making top-level administrative decisions. They may solicit opinion on
major matters, but they have the final say in making final decisions. The CEO reports
directly to and is accountable to the Board of Directors for a company's
performance. The Board of Directors (BoD) is a group of individuals elected to
represent the company's shareholders. The CEO frequently serves on the board and,
in some situations, serves as chairwoman.

e.)  Corporate governance participants’ roles (e.g. oversight, managerial,

compliance,internal  audit, advisory, external audit, monitoring) should be viewed as “value
added”.

- Corporate governance participants' roles should be viewed as "value added"

because they contribute to the effectiveness of the organization's governance
processes and help to achieve its objectives. The roles of corporate governance
participants, such as the board of directors, executive management, internal
auditors, risk management professionals, legal and financial advisors, compliance
professionals, external auditors, and audit committee members, all play an
important part in ensuring that the organization is well-governed, manages its risks
effectively, and achieves its objectives.

f.)    Corporate governance should promote and facilitate shareholder democracy through
majority voting and shareholders’ access to proxy materials for the nomination and
election  of directors.

- In line with the provisions of the Corporation Code, shareholders shall have the
power to elect, dismiss, and replace directors, as well as vote on certain corporate
acts. In fact, they have a variety of rights, not just regarding the appointment of
directors, but also in other areas. Furthermore, shareholders may request periodic
reports that disclose personal and professional information about the Company's
directors and officers, as well as certain other matters such as the directors' and
officers' holdings of the Company's shares, dealings with the Company, relationships
 among directors and key officers of the Company, and the aggregate compensation
of the directors and officers.

g.)  Directors’ and officers' accountability should be achieved through a proper evaluation
system that rewards good and ethical performance while punishing poor performance and 
misconduct.

- Developed by B.F Skinner, operant conditioning is a method of learning that uses

rewards and punishments. This sort of conditioning maintains that a specific activity
and a result, either a reward or punishment, have a connection that leads to
learning. A more efficient and productive work environment will result from
developing a system that encourages good and ethical performance while punishing
poor performance and misconduct.

h.) The board of directors should have a proper executive succession plan and appropriate 
strategies to deal with potential crisis management.

- The board of directors develops a succession plan to prevent and deal with a sudden
and substantial adverse event. Boards pursue effective board succession planning
for a variety of reasons, including the ability to attract top personnel for the team. It
promotes a diverse team composition, which leads to more inclusive thinking. It
preserves the board's power balance. Furthermore, various solutions are being
developed to protect the organization from future disasters.

2. OECD Principles of Corporate Governance. Describe each.

a.)  Ensuring the basis for an effective corporate governance framework.

- The corporate governance system should enhance market transparency and

efficiency, be consistent with the rule of law, and clearly identify the distribution of
responsibility among various supervisory, regulatory, and enforcement bodies.

b.)  The rights of shareholders and key ownership functions.

- The framework for corporate governance should protect and make it easier for
shareholders to exercise their rights, as well as ensuring that all shareholders,
particularly minority and foreign shareholders, are treated fairly. All shareholders
should be able to seek effective recourse if their rights are violated.

c.)  The equitable treatment of shareholders.

 - The corporate governance framework should offer sound incentives throughout the
investment chain and allow stock markets to operate in a way that promotes good
corporate governance. All shareholders in the same series of a class should be
treated equally. Insider trading and abusive self-dealing should be illegal. Members
of the board and key executives should be compelled to disclose to the board
whether they have a material interest in any transaction or topic directly impacting
the corporation, whether directly, indirectly, or on behalf of third parties.

d.)  The role of shareholders in corporate governance.

- The corporate governance framework should acknowledge stakeholder rights

established by law or mutual agreement and encourage active engagement between
firms and stakeholders in creating wealth, jobs, and the long-term viability of
financially sound enterprises. Any firm's shareholders have a responsibility to
ensure that the company is well administered and managed. They accomplish this
by monitoring the company's performance and expressing objections or providing
their approval to the company's management's actions.

e.)  Disclosure and transparency

- The framework of corporate governance should ensure that all material matters
concerning the organization, such as its financial status, performance, ownership,
and governance, are disclosed in a timely and accurate manner.

f.)   The responsibilities of the board.

- The framework for corporate governance should assure the firm's strategic
direction, the board's effective oversight of management, and the board's
accountability to the company and the shareholders. There are three distinct layers:

Governance:

Board governance is the framework that governs how the board is constituted, works, and
makes decisions.

Strategic Direction:
The board of directors influences or is informed by how the organization grows. Board
members with extensive strategic experience in a variety of industries can assist the
organization in addressing opportunities and potential challenges.

Accountability:

The board has a legal responsibility to provide oversight and accountability for the
organization.

3. What are internal governance mechanisms?

- Internal mechanisms are the strategies and procedures utilized by businesses to

assist management in increasing shareholder value. Internal mechanisms include
the ownership structure, the board of directors, audit committees, the compensation
of the board, and so on.

4. Define oversight and provide situationer example.

-     Oversight refers to the measures taken to examine and oversee public sector
organizations and their policies, plans, programs, and projects in order to ensure
that they are accomplishing the expected goals, are cost-effective, and meet other
criteria are in accordance with all legal rules, laws, regulations, and ethical
principles. Taking responsibility for the operation, implementation, and/or
conclusion of a process, program, organization or institution, or effort is also part of
oversight.

An in-house quality control team, for example, examines if the company's techniques
and products are up to standards.

5. What are external governance mechanisms?

- External control mechanisms are those outside of an organization that serve the
goals of entities such as regulators, governments, trade unions, and financial
institutions. These objectives include proper debt management and legal
compliance.

6. What types of managerial failures prevent management from acting in the best interest of
the  shareholders?
 - Failure of managerial competence as a result of unforeseen mistakes or neglect
when exercising fiduciary duties.

Managerial integrity failures caused by deliberate or opportunistic behaviors (fraudulent

activities, fabrications, embezzlement, illicit earnings management) that have a negative
impact on the firm's assets.

7. What is corporate governance resilience, and how is it maintained?

-     Corporate governance refers to the system of rules, practices and processes used by
organizational leaders to direct and control their business.

8. What is an independent director?

- In corporate governance, an independent director is a member of a board of

directors who has no substantial link with a firm and is not a member of its
executive team or involved in the day-to-day operations of the company.

- An independent director is a non-executive director of a corporation who helps the

firm improve its corporate credibility and - has no tie with the company that may
influence his/her judgment.

9. Corporate governance reforms are intended to reduce many potential conflicts of interest
among corporate governance participants, including directors, management, auditors,
financial analysts, corporate counsels, and investors. What conflicts of interest are possible
among these groups?

- Non-monetary or monetary. A monetary stake is one in which the board member

directly benefits financially. A non-pecuniary interest provides the board member
with no personal financial advantage.

- - Actual/real or perceived/potential. An actual or perceived conflict of interest

occurs when financial or other circumstances impair an individual's objectivity or
ability to carry out his or her duties to the firm. Perceived or potential conflicts of
interest exist when a board member, or their family or friends, has financial interests
or relationships with another individual or organization, which may cause his or her
activities on the board to appear biased against the company.

10. Are internal or external corporate governance mechanisms more influential to the
effectiveness  of corporate governance? Defend your answer.
 - To guarantee the efficacy of corporate governance, an appropriate mix of internal
and external corporate governance systems must be established. Internal processes
are intended to manage, direct, and oversee company activities in order to provide
long-term value for stakeholders. A lack of attentiveness by the board of directors
may arise if suitable internal measures are not in place. External governance
measures are meant to monitor the company's actions, affairs, and performance to
ensure that insiders' (management, directors, and officers') interests are aligned
with outsiders' (shareholders and other stakeholders') interests. Investors may not
be sufficiently safeguarded if suitable external safeguards are not in place.

11. Why are investors in favor of separation of the positions of CEO and chairperson?

- Because separating the positions of chair and CEO can increase overall board
independence while allowing the CEO to focus on the day-to-day challenges of
running a business. And, in the long term, a corporation may benefit more from a
division of powers.

12. What are the advantages of having a CEO who was formerly a CFO?

- CFOs are more concerned with finances than a CEO is. However, a financial
background may considerably assist a CEO in understanding the health of the firm
and can lead to increased success while staying out of problems.

13. What are the requirements and criteria for being designated as an audit committee
financial  expert?

-   An audit committee financial expert must have expertise with financial statements
that present accounting problems that are typically equivalent to the breadth and
complexity of those that the company's financial statements might reasonably be
anticipated to raise.

14. Board independence is essential for what purposes?

- A majority of independent directors on corporate boards is a good idea. A majority

of independent directors on the board improves the possibility that shareholder
interests will be prioritized over those of management. It is also likely to increase
decision-making autonomy and limit the probability of unanticipated conflicts of
interest.
15. Why is it important for the members of the board of directors to have business
knowledge and  financial expertise?

- The board's role is to establish short- and long-term goals and objectives for the
company's well-being, as well as to create methods for measuring progress toward
those goals. Members of the board must investigate, grasp, and discuss the
organization's aims in this regard.

16.  Explain the following Audit Committee Roles and Duties.

a)  Ensuring the organization’s financial statements are understandable and reliable.

- Ensuring the organization's financial statements are understandable and reliable is

an important aspect of financial reporting. Financial statements are typically used by
stakeholders such as investors, creditors, and regulators to assess the financial
health and performance of an organization. Here are a few ways to ensure that
financial statements are understandable and reliable:

Accurate record-keeping:
- Accurate record-keeping is essential to ensure that financial statements are
reliable. This includes maintaining accurate and complete records of all
financial transactions, including sales, expenses, and investments.
Compliance with accounting standards
- Financial statements should be prepared in accordance with generally
accepted accounting principles (GAAP) or international financial reporting
standards (IFRS) to ensure that they are understandable and reliable.
Independent auditing
- Having financial statements audited by an independent auditor can provide
assurance to stakeholders that the financial statements are reliable and
accurate.
Transparency and clarity
- Financial statements should be transparent and presented in a clear and
understandable manner, using plain language and avoiding technical jargon.
Timeliness
- Financial statements should be prepared and published in a timely manner,
usually within a few months of the end of the reporting period, to ensure that
stakeholders have access to up-to-date information on the organization's financial
health and performance.
b)  Ensuring the organization establishes a thorough risk management process and
effective  internal controls.

- The audit committee plays a critical role in ensuring that the organization
establishes a thorough risk management process and effective internal controls. By
monitoring risk management and internal control activities, reviewing financial
statements, assessing internal and external audits, and providing oversight and
guidance to management, the audit committee helps to ensure that the organization
is well-governed and can achieve its objectives while managing risks effectively.

c)  Reviewing the organization's policies, particularly in areas such as ethics, conflict of
interest  and fraud.

- The audit committee of the firm is in charge of overseeing the financial reporting
process, the audit process, the company's system of internal controls, and
compliance with laws and regulations. They must study the organization's policies,
particularly in areas such as ethics, conflict of interest, and fraud, where they are
more knowledgeable and have more experience. Preventing and maintaining such
problems is also one of their tasks.

d)  Reviewing the organizations litigation and regulatory proceedings.

- Reviewing the organization's litigation and regulatory proceedings is an important

part of the audit committee's responsibilities because it helps to ensure legal
compliance, assess financial and reputational risks, and support effective risk
management.

e)  Selecting and implementing a direct reporting relationship with the public accounting
firm  that serves as the organization’s external auditor.

- The major function of an audit committee at a company is to oversee the financial

reporting process, the audit process, the firm's system of internal controls, and
compliance with laws and regulations.

- The audit committee should anticipate to analyze key accounting and reporting
concerns, as well as current professional and regulatory declarations, to assess the
possible impact on financial me while avoiding controversies.

- To comprehend the possible impact on financial statements, the audit committee

should anticipate to analyze important accounting and reporting concerns, as well
 as current professional and regulatory declarations. To determine if reports are
thorough and reliable, it is vital to understand how management creates internal
interim financial information.

- The committee meets with management and external auditors to discuss audit
results, including items needed to be notified to the committee under generally
recognized auditing standards. The committee is in charge of financial reporting
controls, information technology security, and operational issues.

d)  Establishing communication with the organization’s internal auditor and reviewing all
audit  findings.

- Establishing communication with the internal auditor and reviewing all audit
findings is an important part of the audit committee's responsibilities because it
helps to ensure the effectiveness of the internal auditor's work, assess the
organization's risk management activities, ensure compliance with relevant laws
and regulations, and provide oversight of the organization's financial reporting
process and internal control systems.

17.  Organizational Governance is a system by which an organization makes and

implements decisions  in pursuit of its objectives. Expound.

- The effective execution of a strong governance strategy necessitates a systematic

approach that includes strategic planning, risk management, and performance
management since governance is a system and process, not a single activity. It is a
key element of the distinctive qualities of a successful organization, much like
culture. The mechanisms used to guide, control, and hold organizations accountable
are collectively referred to as governance. It encompasses the power, responsibility,
direction, and control that are exerted inside an organization.

18.  Distinguish corporate governance and organizational governance.

- Corporate governance is the structure through which businesses are directed and
governed, and its fundamental goal is to support efficient, entrepreneurial, and
responsible management that can ensure the long-term success of the business. The
terms "organizational governance" and "decision rights" both relate to an
organization's policies, procedures, roles, and duties. "A system by which an
organization makes and implements decisions in pursuit of its objectives," according
to organizational governance.
19.  Describe a two-tiered governance structure?

- In the two-tier structure (dualistic governance model), management and

supervisors are separated. The board is in charge of running the business on a daily
basis. The management is supervised by a separate supervisory board. In the
Netherlands, the majority of private limited and public limited corporations (bv and
nv) have a two-tier board.

In a two-tiered structure, the management board is in charge of strategy and service

while the supervisory board is in charge of control. Employees often have more say
in the nomination of supervisory board members who best reflect their interests
under dual board setups.

20. What are the functions and responsibilities of internal auditors? How do they differ
from external  auditors?

- A company's internal auditor monitors and evaluates how risks are managed and
how internal procedures are operating. They perform the role of consultants, using a
methodical approach to their work to assess risk management's efficacy and
enhance a company's overall operations.

- Responsibilities of an internal auditor include:

- completing the whole audit cycle, which includes risk management and control
management on the efficacy, dependability, and compliance with all relevant
guidelines and laws. defining the scope of internal audits and creating yearly goals.
acquiring, examining, and assessing accounting reports, data, flowcharts, etc.

- Management is accountable for internal auditors, while shareholders are liable for
external auditors. While external auditors must adhere to specified forms for their
audit opinions and management letters, internal auditors are free to publish their
findings in any kind of report style.

21.  What is a technical error in Operational risk?Technical Error

- System flaws fall under this category. Even when everything is flawless, the system
might occasionally have problems such as slowdowns, network issues, system
 crashes, inaccurate application calculations, or missing bridges. It is occasionally
possible for the output to differ from the actual intended outcome, although this
might be difficult to detect due to unidentified technological flaws.

22.  What is the gap in flow as a type of operational risk?

Gap in Flow (energy gap-alba)

- - It occurs when information is occasionally absent from the source itself due to data
lag or restrictions. Thus, the production is impacted in such circumstances. The
process may be put at risk because the needed production is different from what is
desired.

23.  Risk Reduction is an action that reduces the severity of the loss or the likelihood of
theloss from  occurring. What are the ways to implement the reduction of severity?

- There are several ways to implement the reduction of severity of a potential loss.
Here are a few examples:

Contingency planning
- Creating a contingency plan that outlines steps to be taken in case of an unexpected
event can help reduce the severity of the loss by minimizing the impact of the event.

Risk avoidance
- Avoiding high-risk activities or situations altogether can help reduce the severity of
potential losses.
Implementing building codes
- Building codes are regulations that specify the minimum requirements for the
design, construction, and maintenance of buildings and structures. Implementing
building codes can help reduce vulnerability by ensuring that buildings are designed
and constructed to withstand natural disasters such as earthquakes, hurricanes, and
floods.

Insurance and social protection

- Insurance and social protection measures can help reduce vulnerability by
providing financial support in the event of a disaster or other unexpected event. For
example, insurance can help cover the costs of damage to property or crops, while
social protection measures such as cash transfers can help provide income support
to vulnerable populations.
Emphasizing economic diversity and resilient livelihoods
- Economic diversity and resilient livelihoods can help reduce vulnerability by
providing alternative sources of income and livelihoods that are less vulnerable to
shocks and disasters. This can include promoting the development of diverse
industries and economic sectors, as well as investing in education and skills
development.

Knowledge and awareness raising

- Knowledge and awareness raising can help reduce vulnerability by providing
people with the information and skills they need to prepare for and respond to
disasters and other shocks. This can include education and training on disaster
preparedness, as well as awareness raising campaigns on the risks and impacts of
natural disasters and other hazards.

Preparedness measures
- Preparedness measures can help reduce vulnerability by ensuring that communities
and institutions are ready to respond to disasters and other shocks. This can include
developing and testing disaster response plans, establishing early warning systems,
and investing in disaster response infrastructure and equipment.

24.  Differentiate strategic risk versus operational risk.

- Strategic risk is a potential source of loss that is frequently influenced by the success
of the business plan, the company's goals, and its overall business strategy, whereas
operational risk is the possibility of losses due to interruptions of regular business
operations. These risks may harm the organization's finances, business continuity,
reputation, and compliance stance.

25.  Explain why the following are considered strategic risks.

a)  Senior management turnover

To offer support to the organization's risk management philosophy and vision,

ensure compliance with its risk appetite and oversee management of risks in a manner
consistent with their respective risk tolerances

b)  Merger integration creates the most value for the future of the enterprise by realizing
efficiencies and synergies.
 More profit enables more research and development. - helps discover new tech. And
products Struggling firms can benefit from new management. Prevent unprofitable
business from going bust

c)  Stakeholder pressure

Stakeholder pressure can be considered a strategic risk because it has the potential
to significantly impact an organization's ability to achieve its strategic objectives.
Stakeholders can include customers, employees, shareholders, suppliers, regulators, and
other groups or individuals that have an interest in the organization and its activities.

Stakeholder pressure can be considered a strategic risk because it has the potential
to impact an organization's reputation, regulatory compliance, business operations, and
opportunities. Organizations need to be aware of stakeholder concerns and take
appropriate steps to address them in order to mitigate the risks associated with
stakeholder pressure.
d)  Competitive pressure

e)  Consumer demand shifts

Consumer demand refers to the quantity of goods or services that consumers are
willing and able to purchase at a given price. Consumer demand can shift for a variety of
reasons, including changes in consumer preferences, changes in economic conditions, or
changes in market trends.

Consumer demand shifts can be considered strategic risks because they can impact
an organization's revenue, profitability, competitive position, and reputation. Organizations
need to be aware of shifts in consumer demand and take appropriate steps to respond to
them in order to mitigate the risks associated with these shifts.

f) Regulatory changes

Regulatory changes can be considered strategic risks because they can significantly
impact an organization's ability to operate, achieve its strategic objectives, and maintain
compliance with relevant laws and regulations. Regulatory changes can come from a variety
of sources, including government agencies, industry regulators, and other regulatory
bodies. These changes can take many forms, such as new laws, regulations, policies, or
guidance that affect an organization's operations or industry.
 Regulatory changes can be considered strategic risks because they can impact an
organization's compliance, financial performance, competitive position, and reputation.
Organizations need to monitor regulatory changes closely, understand their potential
impact, and take appropriate steps to mitigate the risks associated with these changes.

26.  What impacts are caused by reputational risk?

-     Reputational damage which harms client and investor trust, erodes your customer base
and hinders sales.

27. What is compliance risk? Why is it associated with integrity risk?

- Compliance risk is an organization’s potential exposure to legal penalties, financial

forfeiture, and material loss, resulting from its failure to act in accordance with
industry laws and regulations, internal policies, or prescribed best practices.

Compliance Risk is the risk of legal fines, financial forfeiture, and material damage to a
company as a result of failing to follow industry laws and regulations, internal policies, or
prescribed best practices. Compliance risk is associated with integrity risk because it is also
known as “integrity risk”. But integrity risk is also harmful to a financial institution's
reputation, or a current or future threat to its capital or performance as a result of
noncompliance with the rules in force under or according to the legislation. It also
corresponds to the compliance risk

28.  What is risk tolerance? Is this the same as risk appetite? Why, or why not?

- Risk tolerance in financial planning refers to the degree of variation in investment

returns that an investor is willing to accept. The ability to take on risk is essential
while investing. If you take on too much risk, you run the danger of losing control
and panicking and selling your investments at the wrong time. You should be
realistic about your capacity and desire to withstand significant variations in their
value.
- Risk appetite, which is the quantity of risks that can occur in an organization and
how it is willing to achieve its goals, differs from risk tolerance in that they are two
different concepts. A propensity for taking risks is known as risk appetite. Risk
acceptance is a component of risk tolerance.

29.  Internal fraud is done by internal parties or people in the organization. What situation
or scenario allows internal fraud to happen?
 ● Refusing to delegate tasks or take time off.
● Replacing current suppliers with those they have a close relationship with.
● Refusal to carry out internal preventative actions.
● Skipping the approval process
● Living above their means or showering coworkers with presents.
● Failing to maintain adequate or correct records or receipts.
● bullying other employees.
● Trying to gain access to places they shouldn't be able to.
● A persistent cash crunch or other financial trouble.
● Regularly looking for loans or advances.
● Prior issues with compliance or the law.
● Addiction issues.
● Problems with gambling.
● Considerable personal stress.
● There is a strong sense of entitlement.
● Dissatisfied with employer

30. Modern organizations and global organizations have employed the position item known
as CRO, or Chief Risk Officer. What are the functions of the CRO? How is this function
different from those of the Controller or Chief Financial Officer?

- The Chief Risk Officer is responsible for identifying and minimizing significant
financial, legal, and technology risks to an organization. Since the two jobs serve
essentially the same goal, there is not much difference between them. However, the
Chief Financial Officer's responsibilities are far more extensive than those of the
Chief Risk Officer since the CFO is also responsible for other tasks including
producing financial reports and predictions that are utilized by the board to make
decisions.

31. Note the following: “What risks is the company in business to accept and what risks will
it not accept – e.g., is the organization prepared to accept minor losses of physical inventory
from pilferage but not willing to accept large losses of physical inventory from spoilage,
obsolescence, or natural disasters?”

- The statement you provided refers to an organization's risk appetite or tolerance.

Risk appetite refers to the amount and type of risk that an organization is willing to
accept in pursuit of its business objectives. It involves making conscious decisions
about which risks the organization is prepared to take, which risks it is not prepared
to take, and the level of risk that it is willing to accept.
In the example you provided, the organization has determined that it is willing to accept
minor losses of physical inventory from pilferage, but not willing to accept large losses of
physical inventory from spoilage, obsolescence, or natural disasters. This means that the
organization has established a risk appetite for inventory losses and has put in place
measures to manage those risks accordingly

32. What is risk culture? How influential is risk culture in the overall organizational
governance?

- It is a collection of authorized and accepted attitudes, actions, and discussions

around taking on and managing risk inside a company. It has a significant impact
and acts as a model for how employees should manage risk.

33. Give three (3) examples of ERM frameworks and describe each framework.

● ISO 31000 ERM Framework - This is a risk management framework designed by the
International Standards Organization. It was designed to have organizations take a
holistic view on risks, their sources and how they can be mitigated.

● COBIT ERM Framework -This gives a framework for risk management for
large-scale business capabilities and a model tailored to the needs of small and
medium-sized businesses in specific sectors.

● NIST ERM Framework – This provides a comprehensive, flexible, repeatable, and

measurable 7-step process that any organization can use to manage information
security and privacy risk for organizations and systems and links to a suite of NIST
standards and guidelines to support implementation of risk management programs
to meet the requirements of the Federal Information Security Modernization Act
(FISMA).

34. What is enterprise risk management? How is it different from generic risk
Management?

- A methodology called enterprise risk management takes a strategic approach to risk

management from the viewpoint of the entire business or organization. Generic Risk
Management (GRM), on the other hand, evaluates the hazards and risks associated
with work tasks and activities and may be applied in many places and enterprises.
ERM concentrates on occurrences that pose risks to the attainment of an aim.

35. Enumerate the objectives of the ERM – and briefly describe each objective.
 - Identifying and assessing a broad array of risks that could negatively impact the
achievement of institutional goals and objectives is a key component of effective risk
management. This involves a systematic and ongoing process of identifying potential
risks, assessing their likelihood and potential impact, and prioritizing them based on
their level of risk.
- Ensuring appropriate ownership and accountability of risks is another important
component of effective risk management. This involves establishing clear lines of
responsibility and accountability for managing specific risks within the organization.
– If someone is assigned accountable for a specific risk, then it shall be easy to trace
it back and be able to properly manage it.

- Developing and implementing appropriate risk mitigation and monitoring plans by

risk owners is a crucial step in effective risk management. This involves working
with risk owners to develop specific strategies for managing identified risks and
monitoring progress towards risk mitigation – This way, risks can be properly
monitored and plans can easily be formed and implemented.

- Establishing a program structure that engages functional leaders across the campus
to identify and prioritize risks is a critical component of effective risk management.
This involves creating a risk management program that engages stakeholders from
across the organization to identify, assess, and prioritize risks based on their
potential impact on organizational goals and objectives. – This will increase the level
of risk monitoring and allow faster identification of risks and swift creation and
implementation of measurements and plans.

- Providing senior leadership with key information to make risk-informed decisions

and to effectively allocate resources is another critical component of effective risk
management. This involves developing and implementing effective reporting
mechanisms that provide senior leaders with timely and accurate information on
key risks and risk management activities. – Assigning a well-informed and
experienced individual makes it easier for risk management plans and decisions to
be made.

36. One of the key elements in ERM are: (i) internal environment and, (ii) risk assessment.
Describe each.

- (i) Internal Environment: The internal environment is one of the key elements of
Enterprise Risk Management (ERM) and refers to the culture, values, and operating
philosophy of an organization. It includes the tone set by senior management, the
 organization's governance structure, its ethical standards, and the overall approach
to risk management. The internal environment sets the tone for the organization
and influences how risks are identified, assessed, and managed.

- (ii) Risk Assessment: Risk assessment is the process of identifying and analyzing
risks to an organization's goals and objectives. It involves evaluating the likelihood
and potential impact of identified risks and determining how they should be
addressed. Risk assessment is a critical component of ERM because it helps
organizations understand their risk exposure and make informed decisions about
how to manage risks.

37. Describe the usefulness and applications of the COSO framework.

- The COSO Framework is widely utilized by many businesses, and by adhering to it,
enterprises may build internal controls much more easily. The COSO Framework's
focus on monitoring and reporting makes it easy for businesses to identify
fraudulent activity. It also enables businesses to operate consistently in accordance
with a set of internal controls, which may increase productivity and lower risks.

38. The following are typical causes of internal control failure. Explain why these areas
create internal control failures.

a) Poor judgment in decision-making - Internal control failures can sometimes arise from
individual decisions being made based on inadequate information provision or by
inexperienced staff.

b) Human error - can cause failures although a well-designed internal control environment
can help control this to a certain extent.

c) Control processes being deliberately circumvented - It is very difficult to completely

prevent deliberate circumvention, especially if an employee has a particular reason (in his
or her opinion) to do so, such as the belief that higher bonuses will be earned.

d) Management overriding controls - presumably in the belief that the controls put in place
are inconvenient or inappropriate and should not apply to them.

e) The occurrence of unforeseeable circumstances - is the final cause referred to in the

Turnbull Report. Control systems are designed to cope with a given range of variables and
when an event happens outside that range, the system may be unable to cope.
39. What is the relationship between internal control and corporate governance?

- Internal Control assures that the corporate governance-set processes will be

followed while Corporate governance refers to the principles, rules, and suggested
procedures that the organization can utilize as a guide.

40. Rationalize the following means which are considered basic internal control functions:

a) Active and Informed Board

- An active well-informed board facilitates decision-making. The board will be able to
reduce risk or create decisive strategies if it is well-informed, proactive, and ready.

b) Strong Audit Committee composed of Outside Directors

- We may reduce the likelihood of bias and raise the likelihood of an objective and
unbiased audit or appraisal by adding independent directors to the audit committee.

c) Segregation of Duties

- The business will be able to boost efficiency and decrease loss by correctly assigning
the various tasks to the employees with the appropriate set of abilities.

d) Rotation of Personnel

- Since employees are individuals, they occasionally require time to relax and
recuperate. Employee energization and activity, which in turn boosts productivity,
may be achieved by appropriately structuring a time plan and adequate break times.

e) Accurate Accounting Information System

- Accounting information is important since it serves as the foundation for the

company's decision-making. Therefore, the accounting information must always be
correct in order for the board to be able to make wise judgments. Inaccurate
accounting information might cause the board to make terrible decisions.

41. Would succession planning be categorized under strategic planning or operational

planning? Why?

- Succession planning can be categorized under both strategic planning and

operational planning, as it involves elements of both.
 - At a strategic level, succession planning is part of an organization's long-term
planning and management of talent. It is a strategic initiative that involves
identifying key leadership positions within the organization and developing plans
for ensuring continuity of leadership when those positions become vacant.
Succession planning is essential to ensuring the long-term success of an
organization and achieving its strategic objectives.

- At an operational level, succession planning involves the development of specific

policies, procedures, and processes for identifying and preparing potential
successors for key leadership positions. It involves identifying the skills, knowledge,
and experience required for leadership positions, as well as developing training and
development programs to help potential successors acquire these skills.

42. How do you differentiate recovery planning from crisis management planning?
- Crisis management planning is focused on the immediate response to a crisis event,
while recovery planning is focused on the longer-term process of returning to full
business operations after the crisis has passed. Both processes are critical for
effective risk management and business continuity.

43. What consists of (what are the components of) financial planning?

- Financial Planning consists of the following:

1. Profit and Loss Statement
2. Operating Income
3. Net Income
4. Cash Flow Statement|
5. Balance Sheet
6. Sales or Revenue Projections|
7. Business Ratios and Break-Even Analysis
8. Cash Flow Analysis
9. Risk Management
10. Superannuation Planning
11. Retirement Planning
12. Investment Management
13. Taxation Planning

● The following are the components of financial planning:

- Financial statement preparation and cash flow analysis
- Insurance planning and risk management
 - Employee benefit planning
- Investment planning
- Income tax planning
- Retirement planning
- Employee benefit planning

44. How do you differentiate financial planning from forecasting? Forecasting vs.
projections?

- They cannot be used interchangeably. Financial projections show what is most likely
to occur based on anticipated events and market circumstances. Financial
projections, in plain English, are what management anticipates will occur. Financial
forecasts represent what may occur in a variety of speculative situations.

- A financial plan is a planned approach to money that outlines a future path to take. A
financial forecast, on the other hand, is a projection of future results made using one
of numerous methodologies, including statistical models. A financial plan outlines
the essential measures to earn future income and pay for future costs, whereas a
financial forecast is an assessment or projection of expected future income or
revenue and expenses. A financial forecast is a prediction or estimate of future
results expected today, whereas a financial plan is a road map created now that may
be followed over time.

- A financial forecast, on the other hand, effectively predicts the most likely result of
one or more speculative events or presumptions. It is a technique used to investigate
potential business and market outcomes and make adjustments to the company's
goals.

45. The current condition of the pandemic crisis has direct effects on governance practices,
particularly on decision-making. Hypothetically, when the company or organization
exercises good governance practices, its vulnerability to crisis events such as the pandemic
crisis is generally manageable. Comment.

- The firm may evaluate potential risks, make projections, strategies, and other things
as needed by putting excellent governance processes into effect. By doing this, a
business may be able to respond quickly to any scenario and may even be able to
take advantage of it. To put it another way, a firm that implements excellent
governance will be more prepared for crisis situations and will be more able to
manage them.