Chapter 3 Governance
description
Transcript of Chapter 3 Governance
![Page 1: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/1.jpg)
GOVERNANCE
1
CHAPTER 3
![Page 2: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/2.jpg)
Chapter 3 Learning Objectives2
Define governance and contrast the different roles and responsibilities within governance.
Articulate the different enterprise-wide governance principles.
Describe the changes in regulations and how governance has evolved to its present state.
Describe the role of the internal audit function in the governance process.
Know where to find information about governance codes and regulations from countries around the world.
![Page 3: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/3.jpg)
Exhibit 3-2
Internal Auditing: Assurance and Consulting Services, 2nd
3
![Page 4: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/4.jpg)
Governance (from book)
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
4
The combination of processes and structures implemented by the Board to inform, direct, manage, and monitor the activities of the organization towards the achievement of its objectives.
![Page 5: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/5.jpg)
Key Points
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
5
Not distinct and separate processes and structures – interrelationships between governance, risk, and controls
Must consider risk when setting strategyMust rely on internal controls and
communication
![Page 6: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/6.jpg)
OECD Corporate Governance Principles
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
6
First released in May 1999 and revised in 2004, the OECD Principles are one of the 12 key standards for international financial stability of the Financial Stability Forum (FSF) and form the basis for the corporate governance component of the Report on the Observance of Standards and Codes of the World Bank Group.
![Page 7: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/7.jpg)
OECD Definition7
Corporate governance involves a set of relationships between a company’s management, its board, its shareholders, and other stakeholders.
Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined.
![Page 8: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/8.jpg)
According to Cadbury Report,8
Corporate Governance is “the system by which companies are directed and controlled
Good corporate governance allows boards of
directors to be “free to drive their companies forward”, but exercise that freedom within a framework of effective accountability.
![Page 9: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/9.jpg)
According to Wikipidi9
Corporate governance is the set of processes, customs, policies, laws, and institutions affecting the way a corporation (or company) is directed, administered or controlled. Corporate governance also includes the relationships among the many stakeholders involved and the goals for which the corporation is governed. The principal stakeholders are the shareholders, management, and the board of directors. Other stakeholders include employees, customers, creditors, suppliers, regulators, and the community at large.
![Page 10: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/10.jpg)
Codes from around the world10
http://www.ecgi.org/codes/all_codes.php
![Page 11: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/11.jpg)
Bangladesh
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
11
I. Mission of the Board of Directors Principle:
The Board of Directors should lead and oversee strategy and policy of the company and provide direction to the management. Board actions should be in the best interests of the company and shareholders.
![Page 12: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/12.jpg)
Brazil
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
12
Corporate Governance is a corporate managing and monitoring system, involving relations with the Owners, Board of Directors, Officers, Independent Auditors, and Fiscal Council. Good corporate governance practices are geared to add value to a company, facilitate its access to capital and contribute to its perpetuation.
![Page 13: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/13.jpg)
Exhibit 3-313
![Page 14: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/14.jpg)
Some Video Clips
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
14
http://www.youtube.com/watch?v=KXd70r75V2whttp://www.youtube.com/watch?v=awUgAYks-Y8http://www.youtube.com/watch?v=wYtN-8st9xshttp://www.youtube.com/watch?v=ra-Sxjjv3-ghttp://www.youtube.com/watch?v=1jV0AUjx6Ik
![Page 15: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/15.jpg)
Strategy
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
15
How management plans to achieve the organization’s objectives Key Business Objectives Stakeholder Expectations Performance Measures Risk Appetite
![Page 16: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/16.jpg)
Exhibit 3-416
![Page 17: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/17.jpg)
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
17
Roles and Responsibilities within Governance
![Page 18: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/18.jpg)
Knowledge Check18
Which of the following represents the best governance structure? Operating Mgmt Executive Mgmt Internal Auditing a. Responsibility for Risk Oversight role Advisory role b. Oversight Role Responsibility for Risk Advisory Role c. Responsibility for Risk Advisory Role Oversight Role d. Oversight role Advisory Role Responsibility for
Risk
![Page 19: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/19.jpg)
Board
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
19
Governance begins with the BoardBoard provides directionBoard is accountable to stakeholdersGovernance is executed by managementInternal and external activities provide
management and the board with assurance regarding effectiveness of governance
![Page 20: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/20.jpg)
Stakeholders
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
20
Directly Involved – Employees, Customers, Vendors
Interested – InvestorsInfluence – Regulatory agencies, Rating
Agencies,
![Page 21: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/21.jpg)
How does the Board enact good governance?
21
Governance CommitteeDetermine desired outcomesDetermine unacceptable outcomesArticulate RequirementsSet Risk AppetiteDelegate authorityEstablish reporting thresholdReevaluate periodically
![Page 22: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/22.jpg)
One Big Four’s List of Board “HOT TOPICS” in Governance for 2011
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
22
Risk Management – where everyone minds the business Sustainable Development – the next transforming wave of change Strategy Development – the board as hands-on strategy leader Strategy Execution – Linking performance to strategy Corporate Planning – past results do not ensure future performance Shareholder engagement – the conversations are two-way Board evaluations – the best Boards have regular performance
checks Boardroom efficiency – do the right things better Director education – never stop learning Succession planning – the long and short of talent development Regulatory change – anticipating change for competitive advantage
![Page 23: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/23.jpg)
Spencer Stuart – 5 Things Boards Should be Looking at
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
23
Board EffectivenessStrategyRisk OversightSustainabilitySuccession
http://www.spencerstuart.com/research/articles/1475
![Page 24: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/24.jpg)
You Get What You Measure24
Measures are critical to such governanceMeasure the wrong things and results can be
disastrous. Measure the right ones—aligned with the strategic
plan and related business objectives—and managers are motivated and work together toward achieving corporate goals.
Identifying what drives value and then linking those drivers to measurements
![Page 25: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/25.jpg)
25
Governance Maturity Model
![Page 26: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/26.jpg)
Key Questions Directors Should be Asking26
![Page 27: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/27.jpg)
Key Questions Directors Should be Asking27
![Page 28: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/28.jpg)
Key Questions Directors Should be Asking28
![Page 29: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/29.jpg)
Key Questions Directors Should be Asking29
![Page 30: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/30.jpg)
30
![Page 31: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/31.jpg)
Eight Priorities for 2013 (from the IIA)31
Crisis ManagementFraud and EthicsRegulatory ComplianceSocial MediaEmployee Talent ManagementEmerging TechnologiesERMGlobalization and Geopolitical Risks
![Page 32: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/32.jpg)
Setting the Risk AppetiteDefining Risk Tolerance
32
Risk Appetite: The amount of risk, on a broad level, an organization is willing to accept in pursuit of its business objectives
Risk Tolerance: The acceptable levels of risk size and variation relative to the achievement of objectives, which must alight with the risk appetite of the organization.
![Page 33: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/33.jpg)
How to set Risk Appetite?33
Determine stakeholdersDetermine needs and expectations of
stakeholdersIdentify potential outcomes that would be
unacceptable to stakeholders (harm and missed opportunities)
Consider outcomes in Financial, Compliance, Operational, and Strategic areas
Set tolerance levels/boundaries within which management should run organization
![Page 34: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/34.jpg)
Cool video on the need to link risk and strategy
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
34
http://www.youtube.com/watch?v=qI0b4YZBp4k
![Page 35: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/35.jpg)
How does management enact good governance?
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
35
Understanding the Board’s expectations, directions, risk appetite, and delegated authority
A process to identify, manage, and report on risks
Process to delegate authority to risk holdersGathering information to report on risks for
decision making and for Board
![Page 36: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/36.jpg)
How does management enact governance responsibilities?
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
36
Establish a risk committee to identify risks, linked to management activities, and assigned to risk owners
Evaluate on-going risk appetite and ensure tolerance levels are consistent with risk appetite
Articulate reporting requirements – nature, format, timing of communication
Reevaluate governance expectations periodically
![Page 37: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/37.jpg)
Knowledge Check
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
37
Which of the following are typical governance responsibilities of senior management?
I. Establishing a governance committee of the boardII. Delegating risk tolerance levels to risk managersIII.Monitoring day-to-day performance of specific risk management
activitiesIV.Ensuring that sufficient information is gathered to support reporting
to the board. II and III I, II, and IV II and IV I, II, III, and IV
![Page 38: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/38.jpg)
What do Risk Owners Do?
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
38
Day to day responsibility for ensuring that risk management activities effectively manage risks within the organization’s risk appetite.
Keep risks within tolerable boundariesIdentify, measure, manage, monitor, and
report on their risksFront line of managing risks – key
contributors to good governance
![Page 39: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/39.jpg)
Risk Owner Activities
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
39
Assessment of risks in terms of inherent nature of risk, source of risk, potential impact, proposed tolerance level, expected risk management activities.
Reevaluate risk management activities periodically
Assess risk management capabilitiesMonitor risk management activitiesReport risk management activities
![Page 40: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/40.jpg)
Exhibit 3-640
![Page 41: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/41.jpg)
Assurance Activities
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
41
An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization
Can be by external or internal parties; most commonly by internal audit function
![Page 42: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/42.jpg)
The Board's Oversight Role
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
42
A board is not responsible for devising either measures or the measurement process. That's management's job. But it is responsible for ensuring that management has instituted meaningful measures to enable management to track and monitor performance and take swift corrective action where needed.
![Page 43: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/43.jpg)
Continued
43
The board needs to know that it is getting the right information, on a timely basis, with management's analysis of where issues lie and what management plans to do.
Ultimately, the board needs to know that a process is firmly in place to provide the information they need to conduct meaningful oversight and assess progress toward effective strategy implementation and achievement of stated goals.
![Page 44: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/44.jpg)
44
Internal Audit’s Role
![Page 45: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/45.jpg)
Exhibit 3-145
![Page 46: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/46.jpg)
2010 – Planning46
The chief audit executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organization's goals
Interpretation: The chief audit executive is responsible for developing a
risk-based plan. The chief audit executive takes into account the organization's risk management framework, including using risk appetite levels set by management for the different activities or parts of the organization. If a framework does not exist, the chief audit executive uses his/her own judgment of risks after consideration of input from senior management and the board. The chief audit executive must review and adjust the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems, and controls.
![Page 47: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/47.jpg)
2100 – Nature of Work
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
47
The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach.
![Page 48: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/48.jpg)
2100 - Nature of Internal Audit’s Work48
Help assess and improve governance by:Promoting appropriate ethics and valuesEnsuring effective performance management
and accountabilityEffectively communicating risk and control
informationEffectively coordinating the activities and
communicating information
![Page 49: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/49.jpg)
2110 – Governance49
The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives:Promoting appropriate ethics and values within the organization;Ensuring effective organizational performance management and accountability;Communicating risk and control information to appropriate areas of the organization; andCoordinating the activities of and communicating information among the board, external and internal auditors, and management.
![Page 50: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/50.jpg)
Implementation Standards under 211050
2110.A1- The internal audit activity must evaluate the design, implementation, and effectiveness of the organization's ethics-related objectives, programs, and activities.
2110.A2 - The internal audit activity must assess whether the information technology governance of the organization supports the organization's strategies and objectives.
![Page 51: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/51.jpg)
IA Activities to evaluate governance51
Ensure it understands Board’s governance direction and expectations, including its expectation of IA
Support management’s risk management program Involvement in risk management program Education Risk assessments “oversight” and input to risk decisions
Develop an IA plan that encompasses governance
![Page 52: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/52.jpg)
Continued52
Determining whether the assertions made by the risk owners to senior management regarding the effectiveness of the risk management activities accurately reflect the current state of risk management effectiveness.
Determining whether the assertions made by senior management to the board regarding the effectiveness of the risk management activities provide the board with the information it desires about the current state of risk management effectiveness.
![Page 53: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/53.jpg)
Continued….
Internal Auditing: Assurance and Consulting Services, 2nd Edition © 2009 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA
53
Evaluating whether risk tolerance information is communicated timely and effectively from both the board to senior management and from senior management to the risk owners.
Assessing whether there are any other risk areas that are currently not included in the governance process, but should be (for example, a risk for which risk tolerance and reporting expectations have not been delegated to a specific risk owner).
![Page 54: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/54.jpg)
Other Roles of Internal Auditing in Governance
54
Board Risks, Controls, and PracticesAudit specific documented governance processesProvide assurance on ways to improve
governance processes if they are not matureContribute to governance structures through
auditsAct as facilitators, assisting board in self-
assessment of governance activitiesObserve and formally assess GRC structural
design and operational effectiveness
![Page 55: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/55.jpg)
IA’s Activities to Evaluate Governance55
Evaluating whether the various risk management activities are designed adequately to manage the risks associated with unacceptable outcomes.
Testing and evaluating whether the various risk management activities are operating as designed.
![Page 56: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/56.jpg)
Aspects of Ethics Audits56
A "clear and understandable" formal code of conduct and related statements, policies--including procedures covering fraud and corruption--and other "expressions of aspiration."
The communications and demonstrations of expected ethical attitudes and behavior by the leaders of the organization.
Explicit strategies the firm uses to enhance its ethical culture.
Multiple means of confidentially reporting misconduct.
![Page 57: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/57.jpg)
Continued57
Regular declarations by employees, suppliers, and customers that they understand the requirements for ethical behavior in conducting the organization's business.
Clear delegation of responsibilities to ensure that ethical consequences are evaluated, that confidential counseling is provided, that allegations of misconduct are investigated, and that case findings are properly reported.
Easy access to "learning opportunities to enable all employees to be ethics advocates."
![Page 58: Chapter 3 Governance](https://reader033.fdocuments.net/reader033/viewer/2022061110/5453d600b1af9f37608b47f8/html5/thumbnails/58.jpg)
Continued58
Personnel practices that encourage employees to be ethical.
Regular use of surveys to determine the organization's ethical climate.
Regular reviews of processes that might undermine the organization's ethical culture.
Regular reference and background checks as part of the hiring process.