CHAPTER 3

GOVERNANCE
LEARNING OBJECTIVES:
1. The organization business model composing key governance elements
2. The roles of the internal audit function in the governance process
3. In governance what are key responsibilities of
a. Board of Directors
b. Senior Management
c. Risk owners
4. Describe the changes in regulations and how governance has evolved into its present status.
PRELUDE TO TOPIC:
Organization must see to it that effective governance structures and risk management approaches are
working and implemented.
Governance structure is essential because it provides direction the day-to-day activities of persons
managing the company
The activities of persons managing the company must be monitored to ensure success.
Organizational structure will vary from one organization to others, but it is very essential that the
organization operates within the bound of laws and regulations
These laws and regulations are typically promulgated to protect the public interests and its key
stakeholders.
WHAT IS STAKEHOLDERS AND WHO ARE THE STAKEHOLDERS OF AN ORGANIZATION?
A person, group, or organization that has direct or indirect stake in an organization because it can affect or
be affected by the organization's actions, objectives, and policies.
Key stakeholders in a business organization include creditors, customers, directors, employees,
government (and its agencies), owners (shareholders), suppliers, unions, and the community from which
the business draws its resources.
WHAT IS GOVERNANCE?
The process conducted by the BOD to authorize, direct, and oversee management toward the achievement
of the companys objectives.
Corporate Governance is basically the process how management operates from top-down perspective
It involves a set of relationship between companys management, its Board, its shareholders and other
stakeholders.
Day-to-day operation is executed by the management, which includes the senior executives and line
managers
The Board is the ultimate responsible of the corporate governance. They are the governing body, such as
BOD, Board of Trustees ( for non profit organizations ) Board Head, or any designated body of the
organization
Shareholders are not directly involved in the operation but they have a strong interest in the organizations
success. They are the investors who have right to elect to serve as directors on the board. Since they can
influence the Board, shareholders are most important and powerful stakeholders.
OTHER STAKEHOLDERS: Some are directly involve in the operations and some are indirectly involve
like Employees, Customers, Vendors, Regulatory Bodies, Financial Institutions, and Competitors.
WHAT ARE THE EXPECTION S OF STAKEHOLDERS TO THE BOARD?

Since the Board is the ultimate responsible for the corporate governance, he is expected to protect the
interests of the stakeholders, especially the investors.
The Board must determine the acceptable outcomes and turn the unacceptable outcomes to tolerance level
in order not to block the achievement of business objectives.
Thus the board must articulate its direction, advice on the creation of business objectives, establish
boundaries of business conduct, and empower management to carry out its direction.

HOW THE BOARD EXECUTE ITS GOVERNANCE RESPONSIBILITIES?

1. By establishing a governance committee
o The committee could be new or expansion
o Creation of Governance Committee makes the tasks more specific to its members and its line of
authority, the power to direct and decide, is precise.
o In case of any failures from expectations, the members of the governance committee are directly
responsible to explain and accountable to the stakeholders.
2. Articulating requirements for reporting to the Board
o There should be at least quarterly meeting in order to report what transpire for the outcome and
which outcomes need to decide more.
o As part of their oversight role, they should require the management team to likewise report to them
actions that need to be taken in implementation of the boards directives to them.
3. Re-evaluate governance expectations periodically , preferably annually
o The expectations of stakeholders may evolve and change, thus the board must identify those
changes and re-evaluate its governance direction.
SENIOR MANAGEMENT AND ITS KEY RESPONSIBILITIES
who executes the day-to-day activities that help ensure that effective governance is achieved
Ensures that the full scope of direction and authority delegated is understood appropriately.
He must understand the Boards governance expectations, the amount of authority delegated to them.
Identify their activities, like risk management, towards attainment of organizations objectives.
Ensures to maintain Internal Control and these internal controls must be effectively implemented to
minimize damage or risks associated for its lapses.
RISK OWNERS AND HIS KEY RESPONSIBLITIES

RISK OWNERS are individuals who manage the day-today risks related activities of the organization
These risk owners are responsible for identifying, measuring, managing, monitoring, and reporting on risks
to the members of senior management to whom they report.
RISK OWNERS is working under the umbrella of senior managers to carry out the risk management
activities
Risk owners evaluate the adequacy of risk management activities. Is it adequate or need to revise or
improve it?
They assess if the risk management activities are working as designed, and assess the maturity of the
procedural approach
They conduct day-to-day monitoring activities to identify, in timely manner, whether anomalies or defiance
from control have occurred.
They ensure that the information needed by the senior management and Board is accurate and readily
available.

WHAT ROLE DOES THE INTERNAL AUDIT FUNCTION PLAY IN THE GOVERNANCE?

Doing an independent assurance services

Assurance service is an objective examination of evidence for the purpose of providing an independent
assessment on governance, risk management, and control processes for the organization.
Internal Auditors must assess and make appropriate recommendations for improving the governance
process
The Internal Audit ensures effective organizational performance management and accountability
The Internal Audit promotes appropriate ethics and values within the organization
The Internal Audit communicates risk and control information to appropriate areas of the organization
The internal auditor should assess the condition of internal control that the risks are managed and leader of
the organization are working within the bound of laws and procedures.

GLOSSARY:
1. GOVERNANCE
o The combination of processes and structures implemented by the board to inform, direct, manage,
and monitor the activities of the organization toward the achievement of its objectives.
2. BOARD
o An organizations governing body, such as board of directors, supervisory board, head of an agency
or legislative body, board of governors, etc.
3. STRATEGY
o Refers to how management plans to achieve the organizations objectives
4. STAKEHOLDERS
o A person, group, or organization that has direct or indirect stake in an organization because it can
affect or be affected by the organization's actions, objectives, and policies.
5. RISK MANAGEMENT
o How to deal with uncertainties that could affect the attainment of objectives
6. RISK APPETITE
o The amount of risk, on a broad level, an organizations willing to accept in pursuit of its business
objectives.
7. RISK TOLERANCE
o The acceptable levels of risk size and variation relative to the achievement of objectives, which
must align with the organizations risk appetite.
8. RISK
o Possibility that an event will occur and adversely affect the achievement of objectives
9. RISK OWNER

o Individuals who have day-today responsibility for ensuring that risk management activities
effectively manage risk within the organizations risk appetite.
10. ASSURANCE SERVICES
o An objective examination of evidence for the purpose of providing an independent assessment on
governance, risk management, and control processes for the organization.

11. CONSULTING SERVICES

o Advisory and related services, the nature and scope of which are agreed to with the customer, and
which are intended to improve an organizations governance, risk management, and control
processes without the internal auditor assuming management responsibility.
12. INDEPENDENT OUTSIDE AUDITOR
o Registered Public Accounting Firm, hired by the organization to perform a FS audit providing
assurance and issues opinion whether the Financial Statements are fairly presented in accordance
with GAAP.
13. SECURITIES ACT OF 1933
o This is enacted after the US market crash of 1929 in order to bring back stability and investor
confidence in the securities market. Its two goals are to ensure grater transparency in financial
statements so investor can make informed decisions about securities being offered for public sale;
and to establish laws against deceit, misrepresentation, and other fraudulent activities in the sale of
securities in the public market.
14. SECURITIES EXCHANGE ACT OF 1934
o This was created to provide governance of securities transactions on the secondary market ( after
issue ) and regulate the different exchanges and the broker-dealer to protect the investing public.
15. FOREIGN CORRUPT PRACTICES ACT
o This criminalizes transnational bribery and requires companies to implement internal control
programs. This broadens the focus on internal control to provide reasonable assurance that
transactions are appropriately authorized and accurately recorded.
16. U.S. SARBANES-OXLEY ACT OF 2002
o This creates more accountability over the integrity of financial reporting by chief executive and
chief financial officers, and restoring investor confidence in the capital market.