23/08/2021
AUD1206:
Operations Auditing
Mark Ivan Leo D. Ricafrente
Review of Governance and
Auditing Concepts,
including Code of Professional
Ethics
Week 1
Page 2
1
� 23/08/2021
Corporate Governance
Page 3
Governance
Definition
Combination of people, policies, and procedures, and processes that help ensure
that an entity effectively and efficiently directs its activities toward meeting the
objectives of its stakeholders
Responsibility of the Board
Page 4
2
� 23/08/2021
Organizational Structure
Audit
Board
Committee
President/CEO
Internal Audit External Audit
COO CFO CIO
Page 5
Corporate Governance
Page 6
3
� 23/08/2021
CORPORATE GOVERNANCE FRAMEWORK
Page 7
Governance
Two Major Components
1. Strategic direction
Determines
- Business model
- Overall objectives
- Approach to risk taking
- Limits of organizational conduct
Page 8
4
� 23/08/2021
Governance
Two Major Components
2. Oversight
Elements
- Risk management activities
- Internal and external assurance activities
Page 9
Governance
Practices
Reflects unique culture and largely depend on it for effectiveness
Organizational Culture
- Sets values, objectives, and strategies
- Defines roles and behaviors
- Measures performance
- Specifies accountability
Page 10
10
5
� 23/08/2021
Governance
Practices
Ensure that organization
- Complies with society’s legal and regulatory rules
- Satisfies the generally accepted business norms and enhances the interests of
stakeholders
- Reports fully and truthfully to its stakeholders
Page 11
11
Corporate Governance
Code of Corporate Governance for Publicly-Listed Companies
Memorandum Circular No. 19
Date: 22 November 2016
Corporate Governance – the system of stewardship and control to guide
organizations in fulfilling their long-term economic, moral, legal and social obligations
towards their stakeholders.
• Board of Directors
• Management
• Independent director
• Executive director
• Non-executive director
Page 12
12
6
� 23/08/2021
Corporate Governance
Code of Corporate Governance for Publicly-Listed Companies
1. ESTABLISHING A COMPETENT BOARD
2. ESTABLISHING CLEAR ROLES AND RESPONSIBILITIES OF THE BOARD
3. ESTABLISHING BOARD COMMITTEES
Page 13
13
Corporate Governance
Code of Corporate Governance for Publicly-Listed Companies
3.2
The Board should establish an Audit Committee to enhance its oversight capability
over the company’s financial reporting, internal control system, internal and external
audit processes, and compliance with applicable laws and regulations. The
committee should be composed of at least three appropriately qualified non-
executive directors, the majority of whom, including the Chairman, should be
independent. All of the members of the committee must have relevant background,
knowledge, skills, and/or experience in the areas of accounting, auditing and
finance. The Chairman of the Audit Committee should not be the chairman of the
Board or of any other committees.
Page 14
14
7
� 23/08/2021
Corporate Governance
Code of Corporate Governance for Publicly-Listed Companies
The Audit Committee has the following duties and responsibilities, among others:
a. Recommends the approval the Internal Audit Charter (IA Charter)
b. Through the Internal Audit (IA) Department, monitors and evaluates the adequacy
and effectiveness of the corporation’s internal control system, integrity of financial
reporting, and security of physical and information assets.
c. Oversees the Internal Audit Department, and recommends the appointment
and/or grounds for approval of an internal audit head or Chief Audit Executive
(CAE).
Page 15
15
Corporate Governance
Code of Corporate Governance for Publicly-Listed Companies
d. Establishes and identifies the reporting line of the Internal Auditor to enable him
to properly fulfill his duties and responsibilities.
e. Reviews and monitors Management’s responsiveness to the Internal Auditor’s
findings and recommendations;
f. Prior to the commencement of the audit, discusses with the External Auditor the
nature, scope and expenses of the audit, and ensures the proper coordination
Page 16
16
8
� 23/08/2021
Corporate Governance
Code of Corporate Governance for Publicly-Listed Companies
g. Evaluates and determines the non-audit work, if any, of the External Auditor, and
periodically reviews the non-audit fees paid to the External Auditor in relation to the
total fees paid to him and to the corporation’s overall consultancy expenses.
h. Reviews and approves the Interim and Annual Financial Statements before their
submission to the Board.
i. Reviews the disposition of the recommendations in the External Auditor’s
management letter;
Page 17
17
Definition of Terms
Page 18
18
9
� 23/08/2021
Definition of Terms
Board
“The highest level of governing body charged with the responsibility to direct and/or
oversee the activities and management of the organization. Typically, this includes an
independent group of directors (e.g., a board of directors, a supervisory board, or a
board of governors or trustees).
If such a group does not exist, the “board” may refer to the head of the organization.
“Board” may refer to an audit committee to which the governing body has delegated
certain functions.”
- IPPF Glossary
Page 19
19
Definition of Terms
Internal Audit Activity
“A department, division, team of consultants, or other practitioner(s) that provides
independent, objective assurance and consulting services designed to add value and
improve an organization’s operations…”
- IPPF Glossary
Page 20
20
10
� 23/08/2021
Definition of Terms
Chief Audit Executive
“..describes a person in a senior position responsible for
effectively managing the internal audit activity in
accordance with the internal audit charter and the
Definition of Internal Auditing, the Code of Ethics, and
the Standards... The specific job title of the chief audit
executive may vary across organizations.”
- IPPF Glossary
Page 21
21
Definition of Terms
What is assurance?
“..means an engagement in which a practitioner
expresses a conclusion designed to enhance
the degree of confidence of the intended users
other than the responsible party about the
outcome of the evaluation or measurement of
a subject matter against criteria.”
- International Framework for Assurance
Engagements
Page 22
22
11
� 23/08/2021
Need for Assurance
Why do you need assurance?
§ Potential bias in providing information.
§ Remoteness between a user and the
organization or trading partner.
§ Complexity of the transactions, information or
processing systems.
Page 23
23
Potential Bias in Providing Information
§ Sellers
§ Management
§ Inside information
§ Compensation of management
§ Stock options held by management
Page 24
24
12
� 23/08/2021
Remoteness of Users
§ Global society
§ Lack of personal interaction
§ Can’t physically inspect goods
§ Can’t interview management
§ Can’t inspect facility
§ Can’t review books and records
Page 25
25
What is an Assurance Service?
Assurance services (or assurance
engagements) are three-party contracts in
which assurers reports on the quality of
information.
Page 26
26
13
� 23/08/2021
Scope of Assurance Service
Assurance is a broad concept.
Assurance services cover:
§ A wider spectrum of services.
§ A more diverse group of users.
§ Greater potential users.
Page 27
27
Value of Assurance
§ The assurance function gives investors,
creditors and users of information
confidence in the accuracy of data.
§ The value of assurance, then, is in
the confidence it generates in users
of the information.
Page 28
28
14
� 23/08/2021
Elements of Assurance Service
Three-Party Relationship
Subject Matter
Evidence
Suitable criteria
Written Report
Page 29
29
Three-Party Relationships
• The term “practitioner” is broader than the term “auditor”.
Practitioner • Experts may also be engaged by practitioners to perform
assurance services.
Responsible • The person (or persons) responsible for the subject
matter or the subject matter information.
Party • The responsible party may or may not be the party who
engages the practitioner (the engaging party).
• The persons or class of persons for whom the
Intended practitioner prepares the assurance report.
• Intended users may be identified may be identified by
Users agreement between the practitioner and the responsible
party, or by law.
Page 30
30
15
� 23/08/2021
Diagrammatic Summary of an
Assurance Service Engagement
Page 31
31
Subject Matter
Subject matters have different characteristic (e.g,
qualitative vs. quantitative, objective vs. subjective,
historical vs. prospective, and relates to a point in time
or covers a period) which may affect the precision with
which the subject matter can be evaluated or measured
against criteria and the persuasiveness of available
evidence.
Page 32
32
16
� 23/08/2021
Suitable Criteria
Characteristics of Suitable Criteria
Relevance
Completeness
Reliability
Neutrality
Understandability
Page 33
33
Sufficient Appropriate Evidence
Evidence
The practitioner performs an assurance
engagement with an attitude of professional
skepticism to obtain sufficient appropriate
evidence about whether the subject matter
information is free of material misstatement.
Sufficiency is the Appropriateness is the
measure of quantity of measure of the quality
evidence of evidence
Page 34
34
17
� 23/08/2021
Assurance Report
§ The practitioner provides a written report containing
a conclusion that conveys the assurance obtained
about the subject matter information.
§ A practitioner normally can express two levels of
assurance in an assurance service:
§ a reasonable (but not absolute) level, and
§ a limited level of assurance
Page 35
35
Levels of Assurance Provided
Three Levels:
1 Reasonable assurance (such as an audit opinion)
2 Limited assurance (such as in reviewed
financial statements)
3 No assurance (such as a compilation
of financial statements)
Page 36
36
18
� 23/08/2021
Poll Questions
Page 37
37
Definition of Terms
What is audit?
ü Objective examination of factual evidence
ü Providing an independent and reasonable assurance
against an established criteria
- International Framework for Assurance Engagements
Page 38
38
19
� 23/08/2021
Definition of Terms
What is external audit?
“..an independent examination of financial statements of an
entity that enables an auditor to express
an opinion whether the financial statements are prepared
(in all material respects) in accordance with an identified
and acceptable financial reporting framework (e.g.
international or local accounting standards and national
legislations)
- Brink’s Modern Internal Auditing
Page 39
39
Definition of Terms
What is internal audit?
“..is an independent, objective assurance and
consulting activity designed to add value and
improve an organization's operations. It helps an
organization accomplish its objectives by bringing
a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management,
control, and governance processes.”
International Professional Practices Framework (IPPF) of the IIA
Page 40
40
20
� 23/08/2021
Internal audit vs. External audit
Comparison
Internal audit External audit
1. Focus Provides financial, operational, assurance, Primarily attests to financial
consultative, governance, computer, and statements and, where applicable,
fraud-related services. internal control.
2. Management Reports to audit committee and management Primarily reports to the audit
administratively. Builds relationships committee.
throughout
the organization, identifies issues and
concerns, and addresses their prompt
resolution.
3. Audit committee Usually reports directly to the audit Provides financial statement (and,
committee. Provides insight into and analysis where applicable, internal control)
of the organization’s business risks, financial attestation to the audit committee
statements, system of internal control, and or board of directors. Often provides
level of compliance with laws, regulations, and updates on pending accounting
policies. pronouncements and their potential
impact on the organization.
Page 41
41
Internal audit vs. External audit
Comparison
Internal audit External audit
4. Standards Follows the IIA’s International Standards for Applies auditing standards required
the Professional Practice of Internal Auditing. in local country or jurisdiction.
5. Approach Generally follows a predefined methodology, Generally follows an approach based
but often customizes approach to on the audit firm’s audit
appropriately meet individual assignment methodology.
objectives.
6. Independence Demonstrates organizational independence Provides financial statement (and,
and objectivity in work approach, but is not where applicable, internal control)
independent of the organization. (IA should be attestation to the audit committee
independent of the activity audited, but is or board of directors. Often provides
integral to the organization.) updates on pending accounting
pronouncements and their potential
impact on the organization.
Page 42
42
21
� 23/08/2021
Internal audit vs. External audit
Comparison
Internal audit External audit
7. Results Identifies issues (findings), makes recommendations, Meets local statutory requirements;
and assists in facilitating resolutions. determines if financial statements
(including footnotes) are fairly stated (free
of material error).
8. Control Assesses components of an organization’s internal Controls considered in the audit of the
control framework, focusing on control improvement financial statements as required by local
and operational efficiency and effectiveness. country standards.
Under SOX 404, assists in assessing the adequacy, Under PCAOB standards, opines on
effectiveness, and efficiency of the financial and management’s assessment of the
operational systems of internal control, including the effectiveness of the organization’s internal
design and operating effectiveness of the system of control over financial reporting and on the
internal control of each activity of the organization effectiveness of the organization’s internal
(including control over financial control over financial reporting.
reporting). Can assist in documenting internal
controls, testing internal controls, and/or providing In the course of assessing the
input to management with respect to concluding on organization’s internal control, evaluates
design and operating effectiveness. the capabilities and effectiveness of
internal auditing.
Page 43
43
Internal audit vs. External audit
Comparison
Internal audit External audit
9. Risk Identifies and qualifies key business risks to estimate Identifies key financial reporting risks in
probability of occurrence and impact on business. Makes relation to its audit of the organization’s
appropriate recommendations as a financial statements.
result of the risk assessment.
10. Fraud Focused on fraud awareness within the organization. Includes fraud detection steps in audit plan.
May include fraud-detection steps in Gathers information necessary to
audit programs. Investigates the allegations of fraud. identify risks of material misstatement due
Reviews management’s fraud prevention to fraud by inquiring of management and
controls and detection processes and makes others within the entity about the risks of
recommendations for improvement. fraud. Considers the results of the analytical
procedures performed in
planning the audit and fraud risk factors.
11. Recommendations Communicates recommendations for corrective action, Communicates recommendations for
generally to auditee, management, and the corrective action generally to senior
audit committee. management or the board of directors.
12. Follow-up Follow up with auditees to determine whether work is Limits follow-up primarily to financial areas.
sufficient to achieve issue resolution.
Page 44
44
22
� 23/08/2021
Page 45
45
Page 46
46
23
� 23/08/2021
IPPF
Page 47
47
Code of Ethics
Purpose
States the principles and expectations governing the behavior of
individuals and organizations in the conduct of internal auditing.
Describes the minimum requirements for conduct, and behavioral
expectations rather than specific activities.
Promotes an ethical culture in the profession of internal auditing.
Page 48
48
24
� 23/08/2021
Code of Ethics
Two Essential Components
1. Principles - that are relevant to the profession and practice of
internal auditing
2. Rules of Conduct - that describe behavior norms expected of internal
auditors.
Page 49
49
Code of Ethics
Integrity
The integrity of internal auditors establishes trust and thus provides
the basis for reliance on their judgment.
Page 50
50
25
� 23/08/2021
Code of Ethics
Integrity – Rules of Conduct
Internal Auditors:
1.1. Shall perform their work with honesty, diligence, and
responsibility.
1.2. Shall observe the law and make disclosures expected by
the law and the profession.
Page 51
51
Code of Ethics
Integrity – Rules of Conduct
Internal Auditors:
1.3. Shall not knowingly be a party to any illegal activity, or
engage in acts that are discreditable to the profession of
internal auditing or to the organization.
1.4. Shall respect and contribute to the legitimate and ethical
objectives of the organization.
Page 52
52
26
� 23/08/2021
Code of Ethics
Objectivity
Internal auditors exhibit the highest level of
professional objectivity in gathering, evaluating,
and communicating information about the
activity or process being examined.
Internal auditors make a balanced assessment of
all the relevant circumstances and are not
unduly influenced by their own interests or by
others in forming judgments
Page 53
53
Code of Ethics
Objectivity – Rules of Conduct
Internal Auditors:
2.1. Shall not participate in any activity or relationship that
may impair or be presumed to impair their unbiased
assessment. This participation includes those activities or
relationships that may be in conflict with the interests of the
organization.
Page 54
54
27
� 23/08/2021
Code of Ethics
Objectivity – Rules of Conduct
Internal Auditors:
2.2. Shall not accept anything that may impair or be
presumed to impair their professional judgment.
2.3. Shall disclose all material facts known to them that, if not
disclosed, may distort the reporting of activities under review.
Page 55
55
Code of Ethics
Objectivity – Rules of Conduct
Potential Impairments
► Past or future work assignments
► Conflict of interest
► Gifts and gratuities
► Assignment of non-audit functions
► Scope limitation
► Resource limitation
► Access restriction
Page 56
56
28
� 23/08/2021
Code of Ethics
Confidentiality
Internal auditors respect the value and ownership of information they
receive and do not disclose information without appropriate authority
unless there is a legal or professional obligation to do so.
Page 57
57
Code of Ethics
Confidentiality – Rules of Conduct
Internal Auditors:
3.1. Shall be prudent in the use and protection of information
acquired in the course of their duties.
3.2. Shall not use information for any personal gain or in any
manner that would be contrary to the law or detrimental to
the legitimate and ethical objectives of the organization.
Page 58
58
29
� 23/08/2021
Code of Ethics
Competency
Internal auditors apply the knowledge, skills, and experience needed in
the performance of internal audit services.
Page 59
59
Code of Ethics
Competency – Rules of Conduct
Internal Auditors:
4.1. Shall engage only in those services for which they have
the necessary knowledge, skills, and experience.
4.2. Shall perform internal audit services in accordance with
the International Standards for the Professional Practice of
Internal Auditing.
4.3. Shall continually improve their proficiency and the
effectiveness and quality of their services.
Page 60
60
30
