Principle 12
BSA II-12
INTERNAL CONTROL
SYSTEM AND RISK
MANAGEMENT
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK
MANAGEMENT
QUILATAN, ALYZA MARGARETTE L.
REBOTON, JANINE
REFIL, DIANNA JANE
1/20
Next
BSA II-12
PRINCIPLE 12
To ensure the integrity, transparency and
proper governance in the conduct of its
affairs, the company should have a strong and
effective internal control system and
enterprise risk management framework.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
2/20
BSA II-12
RECOMMENDATION 12.1
The Company should have an adequate and effective
internal control system and an enterprise risk
management framework in the conduct of its business,
taking into account its size, risk profile and complexity of
operations.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
3/20
BSA II-12
Why do we have to strengthen the internal control
system and enterprise risk management framework?
To sustain safe and sound operations as well as
implement management policies to attain corporate goals.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
4/20
BSA II-12
An Effective Internal Control System Embodies:
•Management oversight and control culture
•Risk recognition and assessment
•Control activities
•Information and communication
•Monitoring activities and correcting deficiencies.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
5/20
BSA II-12
RISK MANAGEMENT PROCESS:
•Identification
•Assessment
•Mitigation
•Monitoring of risk.
•Reporting
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
6/20
BSA II-12
RECOMMENDATION 12.2
The Company should have in place an independent
internal audit function that provides an independent and
objective assurance, and consulting services designed to
add value and improve the company's operations.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
7/20
BSA II-12
Why does the company need an internal
audit function?
A separate internal audit function is essential to monitor and
guide the implementation of company policies. It helps the
company accomplish its objectives by bringing a systematic,
disciplined approach to evaluating and improving the
effectiveness of the company’s governance, risk management and
control functions.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
8/20
BSA II-12
The following are the functions of the internal
audit, among others:
a. Provides an independent risk-based assurance service
to the Board, Audit Committee and Management.
b. Performs regular and special audit.
c. Performs consulting and advisory services related to
governance and control as appropriate for the
organization.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
9/20
BSA II-12
The following are the functions of the internal
audit, among others:
d. Performs compliance audit of relevant laws, rules and
regulations,
contractual
obligations
and
other
commitments.
e. Reviews, audits and assesses the efficiency and
effectiveness of the internal control system of all areas of
the company
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
10/20
BSA II-12
The following are the functions of the internal
audit, among others:
f. Evaluates operations or programs
g. Evaluates specific operations
h. Monitors and evaluates governance processes.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
11/20
BSA II-12
RECOMMENDATION 12.3
Subject to a company’s size, risk profile and complexity of
operations, it should have a qualified Chief Audit
Executive (CAE) appointed by the Board. The CAE shall
oversee and be responsible for the internal audit activity
of the organization.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
12/20
BSA II-12
RESPONSIBILITIES
OF THE CAE
a. Periodically reviews the internal audit charter.
b. Establishes a risk-based internal audit plan.
c. Communicates the internal audit activity’s plans to
senior management and the Audit Committee.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
13/20
BSA II-12
RESPONSIBILITIES
OF THE CAE
d. Spearheads the performance of the internal audit activity.
e. Reports periodically to the Audit Committee on the internal
audit activity’s performance.
f. Presents findings and recommendations to the Audit
Committee.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
14/20
BSA II-12
RECOMMENDATION 12.4
Subject to its size, risk profile and complexity of
operations, the company should have a separate risk
management function to identify, assess and monitor key
risk exposures.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
15/20
BSA II-12
RISK MANAGEMANENT
FUNCTION
a. Defining a risk management strategy.
b. Identifying and analyzing key risks exposure relating to
economic, environmental, social and governance factors.
c. Evaluating and categorizing each identified risk.
d. Establishing a risk register with clearly defined, prioritized
and residual risks.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
16/20
BSA II-12
RISK MANAGEMANENT
FUNCTION
e. Developing a risk mitigation plan.
f. Communicating and reporting significant risk to the Board
Risk Oversight Committee.
g.Monitoring and evaluating the effectiveness of the
organization's risk management processes.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
17/20
BSA II-12
RECOMMENDATION 12.5
In managing the company’s Risk Management System, the
company should have a Chief Risk Officer (CRO), who is the
ultimate champion of Enterprise Risk Management (ERM) and
has adequate authority, stature, resources and support to fulfill
his/her responsibilities, subject to a company’s size, risk profile
and complexity of operations.
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
18/20
BSA II-12
The CRO has the following functions, among others:
S-upervises
S-uggest
C-ommunicates
C-ollaborates
P-rovides
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
19/20
BSA II-12
THANK YOU FOR
LISTENING!
12.STRENGTHENING THE INTERNAL CONTROL SYSTEM AND ENTERPRISE RISK MANAGEMENT
20/20