Professional Documents
Culture Documents
Yap - AC1204 45Q With Answers
Yap - AC1204 45Q With Answers
TTh 9:00-10:30 AM
AC 1204 - Governance, Business Ethics, Risk Management, and Internal Control
Instruction: These questions will be for graded recitations on April 6 and 7. However, each
one will have to prepare the complete answers and submit via your respective group drives
starting April 25 2022 (Monday).
a.) The primary purpose of corporate governance is to create and enhance sustainable and
enduring shareholder value while protecting the interests of other shareholders.
b.) The Board of directors, as representatives of investors, has direct authority and
responsibility to govern business affairs of the company and is ultimately accountable to
investors for the company’s strategic performance, achievement of goals, and prevention of
surprises.
c.) The board of directors delegates the authority of managing the company to the top
management team (senior executives, CEO, CFO) and holds senior executives accountable
for their decisions, actions, and performance without micromanaging business affairs and
decisions.
- Corporate boards are charged with a wide range of functions and obligations. Every
choice made by the board must take into account the impact on its employees,
customers, suppliers, communities, and shareholders. Board directors, in essence,
serve as stewards of the firm, governing for the present and providing guidance and
direction for the future. Boards of directors must constantly analyze a variety of
risks in their capacity as overseers.
d.) The CEO is directly responsible for managing the company and is ultimately
accountable to the board for the assigned managerial functions and decisions.
f.) Corporate governance should promote and facilitate shareholder democracy through
majority voting and shareholders’ access to proxy materials for the nomination and
election of directors.
- In line with the provisions of the Corporation Code, shareholders shall have the
power to elect, dismiss, and replace directors, as well as vote on certain corporate
acts. In fact, they have a variety of rights, not just regarding the appointment of
directors, but also in other areas. Furthermore, shareholders may request periodic
reports that disclose personal and professional information about the Company's
directors and officers, as well as certain other matters such as the directors' and
officers' holdings of the Company's shares, dealings with the Company, relationships
among directors and key officers of the Company, and the aggregate compensation
of the directors and officers.
g.) Directors’ and officers' accountability should be achieved through a proper evaluation
system that rewards good and ethical performance while punishing poor performance and
misconduct.
h.) The board of directors should have a proper executive succession plan and appropriate
strategies to deal with potential crisis management.
- The board of directors develops a succession plan to prevent and deal with a sudden
and substantial adverse event. Boards pursue effective board succession planning
for a variety of reasons, including the ability to attract top personnel for the team. It
promotes a diverse team composition, which leads to more inclusive thinking. It
preserves the board's power balance. Furthermore, various solutions are being
developed to protect the organization from future disasters.
- The framework for corporate governance should protect and make it easier for
shareholders to exercise their rights, as well as ensuring that all shareholders,
particularly minority and foreign shareholders, are treated fairly. All shareholders
should be able to seek effective recourse if their rights are violated.
- The framework of corporate governance should ensure that all material matters
concerning the organization, such as its financial status, performance, ownership,
and governance, are disclosed in a timely and accurate manner.
- The framework for corporate governance should assure the firm's strategic
direction, the board's effective oversight of management, and the board's
accountability to the company and the shareholders. There are three distinct layers:
Governance:
Board governance is the framework that governs how the board is constituted, works, and
makes decisions.
Strategic Direction:
The board of directors influences or is informed by how the organization grows. Board
members with extensive strategic experience in a variety of industries can assist the
organization in addressing opportunities and potential challenges.
Accountability:
The board has a legal responsibility to provide oversight and accountability for the
organization.
- Oversight refers to the measures taken to examine and oversee public sector
organizations and their policies, plans, programs, and projects in order to ensure
that they are accomplishing the expected goals, are cost-effective, and meet other
criteria are in accordance with all legal rules, laws, regulations, and ethical
principles. Taking responsibility for the operation, implementation, and/or
conclusion of a process, program, organization or institution, or effort is also part of
oversight.
An in-house quality control team, for example, examines if the company's techniques
and products are up to standards.
- External control mechanisms are those outside of an organization that serve the
goals of entities such as regulators, governments, trade unions, and financial
institutions. These objectives include proper debt management and legal
compliance.
6. What types of managerial failures prevent management from acting in the best interest of
the shareholders?
- Failure of managerial competence as a result of unforeseen mistakes or neglect
when exercising fiduciary duties.
- Corporate governance refers to the system of rules, practices and processes used by
organizational leaders to direct and control their business.
9. Corporate governance reforms are intended to reduce many potential conflicts of interest
among corporate governance participants, including directors, management, auditors,
financial analysts, corporate counsels, and investors. What conflicts of interest are possible
among these groups?
10. Are internal or external corporate governance mechanisms more influential to the
effectiveness of corporate governance? Defend your answer.
- To guarantee the efficacy of corporate governance, an appropriate mix of internal
and external corporate governance systems must be established. Internal processes
are intended to manage, direct, and oversee company activities in order to provide
long-term value for stakeholders. A lack of attentiveness by the board of directors
may arise if suitable internal measures are not in place. External governance
measures are meant to monitor the company's actions, affairs, and performance to
ensure that insiders' (management, directors, and officers') interests are aligned
with outsiders' (shareholders and other stakeholders') interests. Investors may not
be sufficiently safeguarded if suitable external safeguards are not in place.
11. Why are investors in favor of separation of the positions of CEO and chairperson?
- Because separating the positions of chair and CEO can increase overall board
independence while allowing the CEO to focus on the day-to-day challenges of
running a business. And, in the long term, a corporation may benefit more from a
division of powers.
12. What are the advantages of having a CEO who was formerly a CFO?
- CFOs are more concerned with finances than a CEO is. However, a financial
background may considerably assist a CEO in understanding the health of the firm
and can lead to increased success while staying out of problems.
13. What are the requirements and criteria for being designated as an audit committee
financial expert?
- An audit committee financial expert must have expertise with financial statements
that present accounting problems that are typically equivalent to the breadth and
complexity of those that the company's financial statements might reasonably be
anticipated to raise.
- The board's role is to establish short- and long-term goals and objectives for the
company's well-being, as well as to create methods for measuring progress toward
those goals. Members of the board must investigate, grasp, and discuss the
organization's aims in this regard.
a) Ensuring the organization’s financial statements are understandable and reliable.
Accurate record-keeping:
- Accurate record-keeping is essential to ensure that financial statements are
reliable. This includes maintaining accurate and complete records of all
financial transactions, including sales, expenses, and investments.
Compliance with accounting standards
- Financial statements should be prepared in accordance with generally
accepted accounting principles (GAAP) or international financial reporting
standards (IFRS) to ensure that they are understandable and reliable.
Independent auditing
- Having financial statements audited by an independent auditor can provide
assurance to stakeholders that the financial statements are reliable and
accurate.
Transparency and clarity
- Financial statements should be transparent and presented in a clear and
understandable manner, using plain language and avoiding technical jargon.
Timeliness
- Financial statements should be prepared and published in a timely manner,
usually within a few months of the end of the reporting period, to ensure that
stakeholders have access to up-to-date information on the organization's financial
health and performance.
b) Ensuring the organization establishes a thorough risk management process and
effective internal controls.
- The audit committee plays a critical role in ensuring that the organization
establishes a thorough risk management process and effective internal controls. By
monitoring risk management and internal control activities, reviewing financial
statements, assessing internal and external audits, and providing oversight and
guidance to management, the audit committee helps to ensure that the organization
is well-governed and can achieve its objectives while managing risks effectively.
c) Reviewing the organization's policies, particularly in areas such as ethics, conflict of
interest and fraud.
- The audit committee of the firm is in charge of overseeing the financial reporting
process, the audit process, the company's system of internal controls, and
compliance with laws and regulations. They must study the organization's policies,
particularly in areas such as ethics, conflict of interest, and fraud, where they are
more knowledgeable and have more experience. Preventing and maintaining such
problems is also one of their tasks.
e) Selecting and implementing a direct reporting relationship with the public accounting
firm that serves as the organization’s external auditor.
- The audit committee should anticipate to analyze key accounting and reporting
concerns, as well as current professional and regulatory declarations, to assess the
possible impact on financial me while avoiding controversies.
- The committee meets with management and external auditors to discuss audit
results, including items needed to be notified to the committee under generally
recognized auditing standards. The committee is in charge of financial reporting
controls, information technology security, and operational issues.
d) Establishing communication with the organization’s internal auditor and reviewing all
audit findings.
- Establishing communication with the internal auditor and reviewing all audit
findings is an important part of the audit committee's responsibilities because it
helps to ensure the effectiveness of the internal auditor's work, assess the
organization's risk management activities, ensure compliance with relevant laws
and regulations, and provide oversight of the organization's financial reporting
process and internal control systems.
- Corporate governance is the structure through which businesses are directed and
governed, and its fundamental goal is to support efficient, entrepreneurial, and
responsible management that can ensure the long-term success of the business. The
terms "organizational governance" and "decision rights" both relate to an
organization's policies, procedures, roles, and duties. "A system by which an
organization makes and implements decisions in pursuit of its objectives," according
to organizational governance.
19. Describe a two-tiered governance structure?
20. What are the functions and responsibilities of internal auditors? How do they differ
from external auditors?
- A company's internal auditor monitors and evaluates how risks are managed and
how internal procedures are operating. They perform the role of consultants, using a
methodical approach to their work to assess risk management's efficacy and
enhance a company's overall operations.
- completing the whole audit cycle, which includes risk management and control
management on the efficacy, dependability, and compliance with all relevant
guidelines and laws. defining the scope of internal audits and creating yearly goals.
acquiring, examining, and assessing accounting reports, data, flowcharts, etc.
- Management is accountable for internal auditors, while shareholders are liable for
external auditors. While external auditors must adhere to specified forms for their
audit opinions and management letters, internal auditors are free to publish their
findings in any kind of report style.
- System flaws fall under this category. Even when everything is flawless, the system
might occasionally have problems such as slowdowns, network issues, system
crashes, inaccurate application calculations, or missing bridges. It is occasionally
possible for the output to differ from the actual intended outcome, although this
might be difficult to detect due to unidentified technological flaws.
- - It occurs when information is occasionally absent from the source itself due to data
lag or restrictions. Thus, the production is impacted in such circumstances. The
process may be put at risk because the needed production is different from what is
desired.
23. Risk Reduction is an action that reduces the severity of the loss or the likelihood of
theloss from occurring. What are the ways to implement the reduction of severity?
- There are several ways to implement the reduction of severity of a potential loss.
Here are a few examples:
Contingency planning
- Creating a contingency plan that outlines steps to be taken in case of an unexpected
event can help reduce the severity of the loss by minimizing the impact of the event.
Risk avoidance
- Avoiding high-risk activities or situations altogether can help reduce the severity of
potential losses.
Implementing building codes
- Building codes are regulations that specify the minimum requirements for the
design, construction, and maintenance of buildings and structures. Implementing
building codes can help reduce vulnerability by ensuring that buildings are designed
and constructed to withstand natural disasters such as earthquakes, hurricanes, and
floods.
Preparedness measures
- Preparedness measures can help reduce vulnerability by ensuring that communities
and institutions are ready to respond to disasters and other shocks. This can include
developing and testing disaster response plans, establishing early warning systems,
and investing in disaster response infrastructure and equipment.
- Strategic risk is a potential source of loss that is frequently influenced by the success
of the business plan, the company's goals, and its overall business strategy, whereas
operational risk is the possibility of losses due to interruptions of regular business
operations. These risks may harm the organization's finances, business continuity,
reputation, and compliance stance.
b) Merger integration creates the most value for the future of the enterprise by realizing
efficiencies and synergies.
More profit enables more research and development. - helps discover new tech. And
products Struggling firms can benefit from new management. Prevent unprofitable
business from going bust
Stakeholder pressure can be considered a strategic risk because it has the potential
to significantly impact an organization's ability to achieve its strategic objectives.
Stakeholders can include customers, employees, shareholders, suppliers, regulators, and
other groups or individuals that have an interest in the organization and its activities.
Stakeholder pressure can be considered a strategic risk because it has the potential
to impact an organization's reputation, regulatory compliance, business operations, and
opportunities. Organizations need to be aware of stakeholder concerns and take
appropriate steps to address them in order to mitigate the risks associated with
stakeholder pressure.
d) Competitive pressure
Consumer demand refers to the quantity of goods or services that consumers are
willing and able to purchase at a given price. Consumer demand can shift for a variety of
reasons, including changes in consumer preferences, changes in economic conditions, or
changes in market trends.
Consumer demand shifts can be considered strategic risks because they can impact
an organization's revenue, profitability, competitive position, and reputation. Organizations
need to be aware of shifts in consumer demand and take appropriate steps to respond to
them in order to mitigate the risks associated with these shifts.
f) Regulatory changes
Regulatory changes can be considered strategic risks because they can significantly
impact an organization's ability to operate, achieve its strategic objectives, and maintain
compliance with relevant laws and regulations. Regulatory changes can come from a variety
of sources, including government agencies, industry regulators, and other regulatory
bodies. These changes can take many forms, such as new laws, regulations, policies, or
guidance that affect an organization's operations or industry.
Regulatory changes can be considered strategic risks because they can impact an
organization's compliance, financial performance, competitive position, and reputation.
Organizations need to monitor regulatory changes closely, understand their potential
impact, and take appropriate steps to mitigate the risks associated with these changes.
- Reputational damage which harms client and investor trust, erodes your customer base
and hinders sales.
Compliance Risk is the risk of legal fines, financial forfeiture, and material damage to a
company as a result of failing to follow industry laws and regulations, internal policies, or
prescribed best practices. Compliance risk is associated with integrity risk because it is also
known as “integrity risk”. But integrity risk is also harmful to a financial institution's
reputation, or a current or future threat to its capital or performance as a result of
noncompliance with the rules in force under or according to the legislation. It also
corresponds to the compliance risk
28. What is risk tolerance? Is this the same as risk appetite? Why, or why not?
29. Internal fraud is done by internal parties or people in the organization. What situation
or scenario allows internal fraud to happen?
● Refusing to delegate tasks or take time off.
● Replacing current suppliers with those they have a close relationship with.
● Refusal to carry out internal preventative actions.
● Skipping the approval process
● Living above their means or showering coworkers with presents.
● Failing to maintain adequate or correct records or receipts.
● bullying other employees.
● Trying to gain access to places they shouldn't be able to.
● A persistent cash crunch or other financial trouble.
● Regularly looking for loans or advances.
● Prior issues with compliance or the law.
● Addiction issues.
● Problems with gambling.
● Considerable personal stress.
● There is a strong sense of entitlement.
● Dissatisfied with employer
30. Modern organizations and global organizations have employed the position item known
as CRO, or Chief Risk Officer. What are the functions of the CRO? How is this function
different from those of the Controller or Chief Financial Officer?
- The Chief Risk Officer is responsible for identifying and minimizing significant
financial, legal, and technology risks to an organization. Since the two jobs serve
essentially the same goal, there is not much difference between them. However, the
Chief Financial Officer's responsibilities are far more extensive than those of the
Chief Risk Officer since the CFO is also responsible for other tasks including
producing financial reports and predictions that are utilized by the board to make
decisions.
31. Note the following: “What risks is the company in business to accept and what risks will
it not accept – e.g., is the organization prepared to accept minor losses of physical inventory
from pilferage but not willing to accept large losses of physical inventory from spoilage,
obsolescence, or natural disasters?”
32. What is risk culture? How influential is risk culture in the overall organizational
governance?
33. Give three (3) examples of ERM frameworks and describe each framework.
● ISO 31000 ERM Framework - This is a risk management framework designed by the
International Standards Organization. It was designed to have organizations take a
holistic view on risks, their sources and how they can be mitigated.
● COBIT ERM Framework -This gives a framework for risk management for
large-scale business capabilities and a model tailored to the needs of small and
medium-sized businesses in specific sectors.
34. What is enterprise risk management? How is it different from generic risk
Management?
35. Enumerate the objectives of the ERM – and briefly describe each objective.
- Identifying and assessing a broad array of risks that could negatively impact the
achievement of institutional goals and objectives is a key component of effective risk
management. This involves a systematic and ongoing process of identifying potential
risks, assessing their likelihood and potential impact, and prioritizing them based on
their level of risk.
- Ensuring appropriate ownership and accountability of risks is another important
component of effective risk management. This involves establishing clear lines of
responsibility and accountability for managing specific risks within the organization.
– If someone is assigned accountable for a specific risk, then it shall be easy to trace
it back and be able to properly manage it.
- Establishing a program structure that engages functional leaders across the campus
to identify and prioritize risks is a critical component of effective risk management.
This involves creating a risk management program that engages stakeholders from
across the organization to identify, assess, and prioritize risks based on their
potential impact on organizational goals and objectives. – This will increase the level
of risk monitoring and allow faster identification of risks and swift creation and
implementation of measurements and plans.
36. One of the key elements in ERM are: (i) internal environment and, (ii) risk assessment.
Describe each.
- (i) Internal Environment: The internal environment is one of the key elements of
Enterprise Risk Management (ERM) and refers to the culture, values, and operating
philosophy of an organization. It includes the tone set by senior management, the
organization's governance structure, its ethical standards, and the overall approach
to risk management. The internal environment sets the tone for the organization
and influences how risks are identified, assessed, and managed.
- (ii) Risk Assessment: Risk assessment is the process of identifying and analyzing
risks to an organization's goals and objectives. It involves evaluating the likelihood
and potential impact of identified risks and determining how they should be
addressed. Risk assessment is a critical component of ERM because it helps
organizations understand their risk exposure and make informed decisions about
how to manage risks.
- The COSO Framework is widely utilized by many businesses, and by adhering to it,
enterprises may build internal controls much more easily. The COSO Framework's
focus on monitoring and reporting makes it easy for businesses to identify
fraudulent activity. It also enables businesses to operate consistently in accordance
with a set of internal controls, which may increase productivity and lower risks.
38. The following are typical causes of internal control failure. Explain why these areas
create internal control failures.
a) Poor judgment in decision-making - Internal control failures can sometimes arise from
individual decisions being made based on inadequate information provision or by
inexperienced staff.
b) Human error - can cause failures although a well-designed internal control environment
can help control this to a certain extent.
d) Management overriding controls - presumably in the belief that the controls put in place
are inconvenient or inappropriate and should not apply to them.
40. Rationalize the following means which are considered basic internal control functions:
- We may reduce the likelihood of bias and raise the likelihood of an objective and
unbiased audit or appraisal by adding independent directors to the audit committee.
c) Segregation of Duties
- The business will be able to boost efficiency and decrease loss by correctly assigning
the various tasks to the employees with the appropriate set of abilities.
d) Rotation of Personnel
- Since employees are individuals, they occasionally require time to relax and
recuperate. Employee energization and activity, which in turn boosts productivity,
may be achieved by appropriately structuring a time plan and adequate break times.
42. How do you differentiate recovery planning from crisis management planning?
- Crisis management planning is focused on the immediate response to a crisis event,
while recovery planning is focused on the longer-term process of returning to full
business operations after the crisis has passed. Both processes are critical for
effective risk management and business continuity.
43. What consists of (what are the components of) financial planning?
44. How do you differentiate financial planning from forecasting? Forecasting vs.
projections?
- They cannot be used interchangeably. Financial projections show what is most likely
to occur based on anticipated events and market circumstances. Financial
projections, in plain English, are what management anticipates will occur. Financial
forecasts represent what may occur in a variety of speculative situations.
- A financial plan is a planned approach to money that outlines a future path to take. A
financial forecast, on the other hand, is a projection of future results made using one
of numerous methodologies, including statistical models. A financial plan outlines
the essential measures to earn future income and pay for future costs, whereas a
financial forecast is an assessment or projection of expected future income or
revenue and expenses. A financial forecast is a prediction or estimate of future
results expected today, whereas a financial plan is a road map created now that may
be followed over time.
- A financial forecast, on the other hand, effectively predicts the most likely result of
one or more speculative events or presumptions. It is a technique used to investigate
potential business and market outcomes and make adjustments to the company's
goals.
45. The current condition of the pandemic crisis has direct effects on governance practices,
particularly on decision-making. Hypothetically, when the company or organization
exercises good governance practices, its vulnerability to crisis events such as the pandemic
crisis is generally manageable. Comment.
- The firm may evaluate potential risks, make projections, strategies, and other things
as needed by putting excellent governance processes into effect. By doing this, a
business may be able to respond quickly to any scenario and may even be able to
take advantage of it. To put it another way, a firm that implements excellent
governance will be more prepared for crisis situations and will be more able to
manage them.