Auditing corporate governance guide

Corporate INTERNAL AUDIT GUIDE Governance

Table of contents 04 Auditing Corporate Governance Guide: Sample 1 05 Defining Governance 06 Focusing on the Four Pillars of a Governance Framework 09 Corporate Governance Fits Together Like a Puzzle 11 Various Corporate Governance Model Exists 12 Common Elements of these Governance Models 13 The New Governance Landscape 15 OCEG 2.0: A Comprehensive Road Map 17 Comparison of OCEG 2.0 Vs. Other Governance Models 18 Common Themes in Governance Definitions 19 Example Maturity Model Application 20 Corporate Governance: Where to Focus For Success 21 Defining Governance: Key Takeaways 22 Taking the Next Step for Corporate Governance Success: Key Questions to Consider 23 Logical Priorities for Corporate Governance Documentation 24 Our Governance Client Credentials 25 An Internal Auditor’s View of Corporate Governance Related to Boards 27 Next Steps 28 Auditing Corporate Governance Guide: Sample 2 Global Internal Audit at ABC Company Global Governance Council 2

Table of contents 31 Corporate Audit Services at ABC Company 32 ABC Company Governance Corporate Audit Services Stakeholders Internal Audit Transformation Global Internal Audit Organization Structure Governance Structure Accountability Internal Audit Stakeholders 3

SAMPLE 1

Defining Governance 5 We define governance as: A set of policies, procedures, processes, systems, people and relationships that govern the enterprise to direct and control the actions of issuers. Governance includes the relationships between an issuer’s shareholders, board of directors, senior management (as represented by the chief executive officer), internal audit and external audit, and the mechanisms for holding issuers and the board and executive officers accountable. Adapted from Draft National Policy 58-201 Corporate Governance Principles Although there are various authoritative sources, which we have consulted in developing the attached framework, there is no generally accepted definition or framework for governance.

Focusing on the Four Pillars of a Governance Framework (1/3) 6 Organization Governance Board of Directors Executive Management Internal Auditors External Auditors 1 4 2 3

Focusing on the Four Pillars of a Governance Framework (2/3) 7 Board of Directors Internal Auditing Senior Management External Auditing Effective Governance

Focusing on the Four Pillars of a Governance Framework (3/3) 8 “The world is awash in change and always will be.” Are you changing with it?

Corporate Governance Fits Together Like a Puzzle (1/2) 9 Management Control Environment Shareholder Commitments Industry Standards Laws and Regulatory Commissions Management is responsible for stewardship, system and financial implementation, and operational and regulatory internal controls. The board of directors is responsible for the oversight of governance structure and delegation of authority to management. Internal audit is responsible for determining risk management and ensuring that controls are adequate and functioning effectively. External audit is responsible for determining whether financial statements are presented fairly in accordance with applicable accounting principles. Governance Capability Internal Audit Board of Directors External Audit

Corporate Governance Fits Together Like a Puzzle (2/2) 10 A combination of the following pieces act to govern an organization: Board: The board delegates authority to and oversees management. Management: Management implements policies, processes and controls. Internal Audit: Internal audit determines whether risk and control processes are functioning effectively. External Audit: External audit determines whether financial statements are stated fairly. There are different ways to accomplish effective governance, and each organization must develop its own approach based on its organizational structure, culture, capabilities, maturity and processes. There is no one-size-fits-all solution to corporate governance. Each organization must thoughtfully consider what it wants to achieve and how to achieve it.

Few authoritative bodies have developed broad guidance on governance; however, two have created their own framework for assisting companies with developing their internal governance programs: Open Compliance and Ethics Group (OCEG) Standards Australia Various Corporate Governance Models Exist 11 A couple of authoritative bodies have developed frameworks around risk management that augment the governance process: International Organization for Standards (ISO) Committee of Sponsoring Organizations (COSO)

Common Elements of These Governance Models 12 A fundamental concept related to the board and its relationship to the organization is developed. Strategy, risks, controls and compliance are incorporated and considered. Framework/organizational structure is overarching. Internal and external stakeholders are considered. Specific industry practices, requirements and benchmarking are considered. Improvement/capability maturity is continuous.

The New Governance Landscape (1/2) 13 Corporate governance has traditionally been viewed as what the board of directors does when providing oversight on strategy, policy, performance and transparency matters. While we see the focus on corporate governance from a board of directors’ responsibility continuing, we also recognize an enterprisewide focus on governance in which directors and executive, unit and functional management: Set overall business objectives and oversee progress toward those objectives. Establish and sustain a corporate structure that adapts to a changing operating environment. Establish policies and entity-level processes, providing assurance that desired objectives are met to respond to stakeholder expectations and preserve reputation. Governance, Risk and Compliance Board of Directors

The New Governance Landscape (2/2) 14 While this emerging view of governance is not new, the financial crisis has highlighted the importance of a strong governance culture. As a result, governance needs to be understood as a process to determine which activities truly matter and how those activities will make a difference in the organization’s governance program. The following questions arise as new pressures are placed on the organization: How does the organization achieve alignment with the corporate strategy and business plan at multiple levels? How are the critical risks inherent in the strategy and business plan identified and managed? How are people empowered to make effective and timely decisions? How does management ensure that people have reliable and timely information? Is compensation aligned with longer-term objectives?

OCEG 2.0: A Comprehensive Road map (1/2) 15 OCEG’s 2.0 Framework begins with eight integrated components. These components help drive program development and provide an outline for elements of a successful governance program. These eight integrated components drive the progress toward the eight universal outcomes, representing expected and measurable results of a governance program. The components do not have to be implemented in conjunction with each other – they are designed to be dynamic to the organizational need, applying each one at the appropriate stage of developing a governance program. Culture and Context Culture and Context Organize and Oversee Detect and Discern Monitor and Measure Respond and Resolve Assess and Align Prevent and Promote Inform and Integrate Achieve business objectives. Enhance organizational culture. Increase stakeholder confidence. Prepare and protect the organization. Prevent, detect and reduce adversity. Motivate and inspire desired conduct. Improve responsiveness and efficiency. Optimize economic and social value. Eight Integrated Components Eight Universal Outcomes

OCEG 2.0: A Comprehensive Road map (2/2) 16 The eight integrated components are broken down further into elements. The elements are designed to provide guidance on how the component is designed and implemented. The elements provide context on the principles underlying the applicable component, the activities within each component and the common sources of failure for effective governance. The robust nature of this approach allows for enhanced discussion and facilitates the alignment of governance activities for all internal and external stakeholders. C O D M R A P I Monitor and Measure M1: Context Monitoring M2: Performance Monitoring and Evaluation M3: Systemic Improvement M4: Assurance Context and Culture C1: External Business Context C2: Internal Business Context C3: Culture C4: Values and Objectives Organize and Oversee O1: Outcomes and Commitment O2: Roles and Responsibilities O3: Approach and Accountability Respond and Resolve R1: Internal Review and Investigation R2: Third-Party Inquiries and Investigations R3: Crisis Response and Recovery R4: Remediation and Discipline Assess and Align A1: Risk Identification A2: Risk Analysis A3: Risk Optimization Detect and Discern D1: Hotline and Notification D2: Inquiry and Survey D3: Detective Controls Prevent and Promote P1: Codes of Conduct P2: Policies P3: Preventive Process Controls P4: Awareness and Education P5: Human Capital Incentives P6: Human Capital Controls P7: Stakeholder Relations and Requirements P8: Preventive Technology Controls P9: Preventive Physical Controls P10: Risk Financing/Insurance Inform and Integrate I1: Information Management and Documentation I2: Internal and External Communication I3: Technology and Infrastructure Figure 1: OCEG Framework (Element View)

Comparison of OCEG 2.0 vs. Other Governance Models 17 OCEG GRC Capability Model 2.0 All key functions of an organizational structure are incorporated. An organizational approach toward governance is taken. The GRC Capability Model provides practical guidance to implementing an organizational governance program. Australian Standard AS 3806:2006 This standard is very process-oriented. COSO Enterprise Risk Management (ERM) COSO ERM is built off the COSO Internal Control Framework. Strategic planning is applied enterprisewide. The importance of risk appetite is explicitly acknowledged. ISO 31000 Risk Management This model emphasizes the integration of risk management with what matters (e.g., the core management processes). Guidance on implementation is provided.

Common Themes in Governance Definitions 18 Corporate governance is most often viewed as both the structure and the relationships, which determine corporate direction and performance. The board oversees management’s policies and processes. Management administers policies, processes and controls. Responsibilities and authorities are divided. Accountabilities and reward systems are established.

Example Maturity Model Application 19 (Continuous Feedback) Risk management is a source of competitive advantage. (Quantitative) Risks are measured/managed quantitatively and aggregated enterprisewide. (Qualitative/Quantitative) Policies, processes and standards are defined and institutionalized. (Intuitive) Processes are repeatable but dependent on individuals. (Ad Hoc/Chaotic) Heroics are heavily relied upon, and institutional capability is lacking. Capability Attributes The emphasis on exploiting opportunities increases. Best-of-class processes are used. Knowledge is accumulated and shared. Measurement methodologies/analysis are rigorous. The debate on risk/reward trade-off issues is intense. Processes are uniformly applied across the organization. The remaining elements of infrastructure are in place. Methodologies are rigorous. Language is common. Quality people are assigned. Tasks are defined. Initial infrastructure occurs. Tasks are undefined. Initiative is relied upon. A “just do it” attitude is used. Key people are relied upon. Method of Achievement Process Evolution Optimizing Managed Defined Repeatable Initial Continuum Source: Adapted from the Capability Maturity Model: Guidelines for Improving the Software Process, Carnegie Mellon University Software Engineering Institute, 1994

Corporate Governance: Where to Focus For Success 20 With the pervasiveness of corporate governance throughout the organization, a focus on key governance areas and their ability to meet the organizational objectives will drive the success of the governance structure. By working within each of these areas and leveraging the OCEG 2.0 Framework, successful corporate governance is achievable, sustainable and allows for continuous improvement. Each area will present its own unique dynamics and challenges. To enable success for these areas, it will be imperative to leverage a common corporate governance language across all areas, as well as business units, geography and reporting structures. You do not have to address all these areas at once. Prioritize the areas to determine which ones should be addressed first. Human Resources Oversight Internal Audit Information Technology Governance IT Security Regulatory Compliance Enterprise Risk Management Shareholder Communications Information Management Strategic Planning and Forecasting External Environment Analysis Example Governance Areas Board of Directors Sarbanes-Oxley Compliance Fraud Risk Management Finance Organization Policies and Procedures Development

Defining Governance: Key Takeaways 21 Governance is the process by which directors and executive management fulfill their stewardship responsibilities to the organization’s stakeholders by performing the following tasks: 1 Set overall business objectives and oversee the progress toward those objectives. Establish and sustain an adaptive corporate structure. 2 3 Distribute rights, responsibilities and authorities among different participants in the corporation, such as the board, managers, shareholders and other stakeholders. Provide oversight and monitor the effectiveness of risk management and internal control processes. 4 5 Ensure that full transparency into what matters in the organization is incorporated through the alignment of key metrics and targets with established accountabilities and the reward system.

Taking the Next Step for Corporate Governance Success: Key Questions to Consider 22 Are we ready to further the discussion about corporate governance? What would be our key objectives for this initiative? What do we want to achieve? What will acceptable results be? How will this be measured? What is the actual structure of our corporate governance today? What material and programs already exist that define and demonstrate corporate governance in our organization? How do we feel about what we’ve learned upon reviewing this material? Are there easy and clear areas of improvement? What areas of the corporate governance puzzle do we want to take on? Which governance model or framework might we adopt to fit our needs? Which governance activities should we address first? Should we address all activities at once or just a few over time? Do we need outside help? If yes, how do we make sure we get value for the fees paid? In the end, anything you do should add value and make your organization stronger. If not, you shouldn’t do anything.

Logical Priorities for Corporate Governance Documentation 23 Code of conduct Conflict of interest statements Ethics programs Whistleblower programs Board charters Strategic plans Delegation of authority policies Policies Organization charts Performance reporting Key performance indicators (KPIs) The key is not simply having these individual elements but understanding how they fit together to form the appropriate corporate governance structure.

Our Governance Client Credentials 24 Clients are active participants and sponsors of OECG. Clients are past advisory committee participants for COSO initiatives. Clients constantly support ISO frameworks and concepts. Clients are involved in thousands of board meetings per year. Clients serve more than 25% of Global 1000. Clients continuously request to address governance, risk, control, and compliance issues at organizations of all types and sizes and in all industries. Clients serve as a key internal audit provider for completely outsourced audit functions at hundreds of organizations. Clients have substantial practice around all types of governance, including very complex regulatory and compliance matters. Clients are awarded work by selected securities commissions to review corporate governance at selected public companies.

An Internal Auditor View of Corporate Governance Related to Boards (1/2) 25 Role of the Board of Directors Perform effective and efficient oversight of the organization in the best interests of the company and for the benefit of the shareholders. Accountability Accountability is appointed by and reported to shareholders. Principles Create a framework for oversight and accountability: An organization should establish the respective roles and responsibilities of the board and executive officers. Structure the board to add value: The board should comprise directors that will contribute to its effectiveness. Attract and retain effective directors: A board should have processes to examine its membership to ensure that directors (individually and collectively) have the necessary competencies and other attributes. Continuously strive to improve the board’s performance: The board should have processes to improve its performance and that of its committees, if any, and individual directors. Promote integrity : An organization should actively promote ethical and responsible behavior and decision-making.

An Internal Auditor’s View of Corporate Governance Related to Boards (2/2) 26 Principles (Continued) Recognize and manage conflicts of interest: An organization should establish a sound system of oversight and management of actual and potential conflicts of interest. Recognize and manage risk: An organization should establish a sound framework of risk oversight and management. Oversee strategy and its implementation: The board should oversee the strategy development process, resulting strategy, plans for its implementation, and a related annual plan and budget. Oversee the organization’s performance: The board should monitor the organization’s performance in the best interests of the company and for the benefit of the shareholders. Compensate appropriately: An organization should ensure that compensation policies align with the best interest of the organization. Engage effectively with shareholders, government and the community: The board should keep shareholders informed of relevant information, and endeavor to stay informed of the views of shareholders, government and the community. Approve significant transactions and events: The board should approve significant transactions and events to ensure that they are supportive of the organization’s strategic direction. Oversee and evaluate the external auditor. The board (audit committee) should appoint, monitor and evaluate the external auditor. Oversee and evaluate the internal audit function: The board (audit committee) should oversee and evaluate the organization’s internal audit activity. Oversee and evaluate internal and external legal counsel: The board should oversee and evaluate the organization’s internal and external legal counsel.

Next Steps 27 Discuss the concept of auditing corporate governance with key stakeholders (internal audit, management, audit committee and board, and legal counsel). Determine if a current corporate governance model exists and if a specific model is followed. If no model exists, decide if you should adopt a model for "criteria" purposes. Gather existing corporate governance documents. Determine if an audit is still warranted.

SAMPLE 2

Global Internal Audit at ABC Company 29 (Insert Name) IT Audit Director (Insert Name) Operations Audit Manager (Insert Name) Operations Audit Manager (Insert Name) Operations Audit Manager (Insert Name) Vice President Audit Staff (Insert Name) and (Insert Name), Operational Auditors (Insert Name) and (Insert Name), IT Auditors (Insert Name), Data Analytics Specialist

Global Governance Council 30 Global Internal Audit Human Resources Int’l Controls Labor Law Internal Controls Import/ Export Sustainability Corp Social Resp Corp Comm Quality Global Security Health and Safety Envrmt M&A/ Integration Global Governance Council IT Security Mission Statement Our mission is to coordinate and align internal governance and compliance organizations with the intent of increasing effectiveness through sharing of knowledge and data and increasing efficiency through the integration of common processes. Minimize review fatigue. Optimize cost-effective integrated assurance. Identify emerging risks. Core Objectives

Corporate Audit Services at ABC Company 31 ( Insert Name) Chairman of the Board President Chief Executive Officer ( Insert Name) Audit Committee Chairperson ( Insert Name) Chief Audit Executive (Insert Name) Consumer and Small Business Banking/Credit Administration (Insert Name) Wholesale Banking and Commercial Real Estate (Insert Name) Payment Services and Treasury (Insert Name) Wealth Management and Securities Services (Insert Name) Administrative Services and Professional Practices (Insert Name) Technology and Operations (Insert Name) Basel (Insert Name) Enterprisewide Corporate Functions X audit professionals and X data analysts X professional practices/administrative support (Insert Name) Regulatory Compliance and Home Mortgage

ABC Company Governance 32 Board of Directors BOD Risk Management Committee Executive Risk Committee Chief Technology Officer Chief Risk Officer Corporate Risk Committee Enterprise Risk Management Corporate Compliance Chief Credit Officer Executive Credit Management Group Chief Legal Officer Chief Financial Officer Asset Liability Committee Market Risk Committee Operational Risk Capital Quantification Economic Capital Committee Economic Scenario Committee Capital Contingency Committee Disclosure Committee Credit Risk Assessment BOD Audit Committee Corporate Audit Services

Corporate Audit Services Stakeholders 33 Board of Directors Audit Committee Control Partners Corporate Risk Management Business Line Risk Management Corporate Compliance Business Line Compliance Credit Risk Assessment External Independent Public Accountants Regulators (FRB, OCC, FDIC, CFPB, SEC, etc.) Management Managing Committee Senior Business Line Management Corporate Audit Services

Internal Audit Transformation 34 (Insert Date) (Insert Date) (Insert Date) Merger of Audit and SOX 404 Creation of International Audit Organization Creation of Legal and Compliance Liaison Position

Global Internal Audit Organization Structure 35 International Operations Director International Audit Consultant Europe Team Asia Team IT Director/SOX PMO IT Team Legal and Compliance Audit Consultant North America Senior Manager North America Team Executive Admin (Insert Name) Vice President

Governance Structure Accountability 36 Strategic Legal & Regulatory Operational Commercial Companywide Growth Portfolio Operations Clinical Evidence Quality Economic Evidence IT Geographic Portfolio Environmental, Health and Safety Competition Talent and Organization Product Liability Financial Physician-Directed Usage Customer Relationships Business Conduct and Anti-Corruption Pricing Regulatory Environment Image and Brand Reputation Corporate Strategy Intellectual Property Reimbursement (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name) (Insert Committee Name)

Internal Audit Stakeholders 37 Internal Audit Board Communication Advisory Exec Mgmt. External Audit & Regulator AC/AC Chair BOD Chair Feedback and Knowledge Sharing Status Updates and Formal Reporting MI and Issue Tracking Committee and Meeting Attendance Risk Compliance Finance Executive Management

Auditing corporate governance guide

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Auditing corporate governance guide

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

DTI BPI Pivot Small Business - BUSINESS START UP PLAN

CATHOLIC EDUCATIONAL Corporate Responsibilities

Karin Schaupp – Evocation; lançamento: 2000

Pillars of Biblical Oneness in the Book of Acts

7-10. STP + Branding and Product &amp; Services Strategies.pptx

Business Legislation PPT - UNIT 1 jimllpkggg

7-10. STP + Branding and Product & Services Strategies.pptx