Corporate governance is about promoting corporate fairness, transparency and accountability. The corporate governance structure specifies the distribution of rights and responsibilities of the board, managers, shareholders and other stakeholders, and spells out the rules and procedures for making decisions on corporate affairs. It also incorporates the organization's strategic response to risk. KnowledgeLeader offers hundreds of articles and tools for understanding and improving corporate governance.
Select one of the areas below to view a sample of audit committee and board or directors information available on KnowledgeLeader:
Achieve Sustainability by Integrating the Section 404 and Section 302 Compliance Process Questionnaire
For most companies, the administrative burden encountered during the first year of Section 404 compliance warranted a fresh look at the overall compliance process. This questionnaire focuses on strategies for integrating compliance activities around Sections 404 and 302 of The Sarbanes-Oxley Act of 2002 with the objective of achieving a sustainable internal control structure.
Board of Directors Personal Liability Risk – Questionnaire
Now more than ever, as the risk of personal liability rises, independent directors must take every precaution to protect themselves. Following the enactment of the Sarbanes-Oxley Act – and with bankruptcy filings currently at a 50-year high – independent directors are becoming a target for shareholders, management, creditors and regulatory agencies as evidenced by a recent increase in litigation against them. This questionnaire focuses on actions directors should take to reduce the risk of personal liability when an organization is in financial distress.
Business Ethics Questionnaire
This questionnaire is designed to help risk management professionals to determine how well their companies are addressing risks in this area and bringing awareness to ethics programs. The questionnaire is applicable to all organizations looking to glean creative insights into best practices related to business ethics.
The Changing Corporate Governance Landscape and Its Implications – Questionnaire
Corporate governance requirements established by The Sarbanes-Oxley Act have permanently mandated executive certification of public reports for all registrants. In this environment, companies are feeling greater pressures to take further actions. This questionnaire focuses on what boards and management should do as they work to improve corporate governance.
Compensation Committee Charter - Example 1
One of the NYSE corporate governance requirements states that listed companies must have a compensation committee composed independent directors. The compensation committee has overall responsibilities for approving and evaluating officer compensation plans, policies, and programs of a company. These three charters provide examples of the language and structure of a compensation committee charter. The charters discuss topics such as membership requirements, committee responsibilities, and external reporting requirements.
Corporate Governance: Board Committees
The purpose of this policy is to set standards for board committee structures and protocols. To be most effective, board committees require formal terms of reference that clarify the committees’ mandates, composition and limitations.
Corporate Governance: Relationship with Internal Auditors
The purpose of this policy is to establish reporting relationships for the internal auditors of the company. Both internal and external auditors, by the nature of their work, have a special relationship with the board of directors. This policy spells out particular reporting relationships to ensure that appropriate governance can be applied.
Corporate Governance: Shareholders Meetings
The purpose of this policy is to simplify and clarify the essential elements of shareholders meetings. The policy applies to shareholders, the Board of Directors and all staff working on shareholder relations.
Corporate Responsibility Program Effectiveness Assessment Audit Work Program
The objectives of this audit work program are to assess the effectiveness of a Corporate Responsibility Program (CRP), and to ensure that the company is continuing to put into practice the seven elements of an effective compliance program.
Deriving Value Out of the Section 404 Compliance Process – Questionnaire
No one is arguing that the oft-stated assertion that the first year cost of complying with Section 404 is sky high. Evidence makes it clear that the administrative burden of compliance is significant enough for most companies to warrant a review of strategies and tactics for maximizing value-add from the compliance process. While the SOX-stated purpose of protecting investors by improving the reliability for public reporting is an important goal, both executive management and directors are asking tough questions. This document provides a sampling of these questions.
Doing More with Less: 20 Questions That Could Help Solve the Problem
Corporate management is demanding more of internal auditors as government regulators and lawmakers demand more of corporate management. The problem is not unique and is one that all internal auditors can probably sympathize with. Needing to do more with less is a common theme in today’s business environment.
The Enterprise Risk Assessment Process – Questionnaire
Never has there been a greater need for transparency into the nature and magnitude of risks undertaken in executing the corporate strategy. An effective risk assessment process lays the foundation for management to respond to questions confidently as the business environment remains in a constant state of flux. This questionnaire addresses key issues that boards should consider as they evaluate their confidence in the organization’s enterprise risk assessment process.
The Expanded Responsibilities of the Audit Committee – Questionnaire
When the SEC adopted rules mandated by the Sarbanes-Oxley Act of 2002, it, among other things, expanded and formalized the responsibilities of audit committees. The major exchanges also weighed in, defining expectations for audit committees. This document suggests keys questions to help the audit committee function effectively.
IT Asset Management Diagnostic Audit Work Program
This work program covers a complete IT Asset Management (ITAM) diagnostic audit. Areas covered within this work program include the IT Asset Management Function, IT Asset Management Processes, and IT Asset Financial Management.
IT Enterprise Change Management Policy
The enterprise change management process provides the structure to consistently manage IT assets. This policy also focuses on effectively mitigating the risks to system availability, integrity of data, and the interoperability of the organization’s information resources.
Inter-company Accounting/Reporting Policy
This policy establishes the standards and procedures for ensuring that the company accounts for intercompany charges in compliance with management's objectives. The purpose of intercompany accounting is to allocate assets, liabilities, revenues, and expenses to the appropriate legal entity in relation to the economic benefits and obligations associated with the operational activity incurred.
Positioning the Chief Risk Officer for Success – Questionnaire
When it is appropriate for a chief risk officer (CRO) or an equivalent senior risk executive to be in place, both the board of directors and management – not to mention the company’s shareholders – have a stake in that executive’s success. Organizations should assess whether the executive, as well as risk management in general, is positioned to be successful in the organization.
Quarterly Compliance Assessment Report
This sample includes an internal audit quarterly assessment of a financial services company’s compliance policies and procedures. In this report, internal audit validates the operational effectiveness of key activities and controls within these policies and procedures. This assessment focuses on policies and procedures relating to anti-money laundering, whistleblower hotlines, custody, insurance, and code of ethics.
Protecting Enterprise Value Through Your Anti-Fraud Program – Questionnaire
A company’s anti-fraud program is an integral part of its corporate governance process and is fundamental to protecting tangible and intangible enterprise value and preserving the reliability of public reporting. This document focuses on key questions for board members and management when evaluating the anti-fraud program.
Sarbanes-Oxley Auditor Walkthrough Prep Email - Sample
This is an example email you can use to notify SOX process owners that the external auditors will perform at least one walkthrough for each significant class of transactions. This communication explains what is involved in an audit walkthrough, preparatory actions to take, and tips and suggestions for the auditor’s assessment.
Sarbanes-Oxley Section 404 First Year of Compliance – Audit Committee Questionnaire
There is no question that the first year of Sarbanes-Oxley Section 404 compliance requires much effort. During this process, it is important that audit committees ask questions during the inception of the project and throughout the first year of compliance.
SOX Year-End Update Testing Approach Memo - Sample
This example memo defines a process to update Sarbanes-Oxley testing of internal controls near or as of fiscal year-end. Such a process includes determining which controls to select for update testing as well as the type of testing to perform based on specific criteria.
Staying Focused on Core Business Issues Amid Corporate Governance Compliance – Questionnaire
Companies address a myriad of new corporate governance requirements established by U.S. Congress, the exchanges and regulators. While meeting these requirements, it is equally imperative to address the core business and profitability issues facing the organization, particularly in today’s increasingly demanding global marketplace. This document addresses questions focused on balancing corporate governance and business operational demands.
Achieving High Performance in Internal Audit
Protiviti and the Institute of Internal Auditors – Australia, conducted research with chief audit executives from over 150 organizations exploring how organizations enable their internal audit function to advance good corporate governance. The research found a significant number of internal audit functions lack the appropriate framework to operate independently and objectively; an excessive level of influence is exercised by executive management over audit committee activities and the oversight and management of the internal audit function; and the majority of internal audit functions are unable to demonstrate compliance with the International Standards for the Professional Practice of Internal Auditing.
Aligning Strategy Setting and Performance Management with Risk
Effectively integrated with strategy-setting and performance management, risk management invigorates opportunity-seeking behavior by helping directors and managers develop the confidence that they truly understand the risks inherent in the organization’s strategy and have the capabilities in place to manage and monitor those risks. Risk management is flawed when risks are evaluated after the strategy is formulated. The end result could be strategic objectives that are unrealistic and risk management that is simply an appendage to performance management. This issue of Board Perspectives: Risk Oversight discusses how to achieve this vital connectivity.
Corporate Governance Transition – Sarbanes-Oxley Readiness
There is much more to SOX than simply testing a company’s internal control over financial reporting. Companies entering public markets must have the proper board composition, evaluate the need for an internal audit function (required by the New York Stock Exchange), and have the requisite corporate policies and procedures. They also must be prepared to provide quarterly executive certifications, and eventually, management’s conclusion on the internal control over financial reporting. This compliance effort can be costly, but does not have to be if organizations proactively focus on implanting a sustainable process.
External Auditor Considerations
This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning the use of external auditors. Some of the topics covered are: Can we use our external auditors to perform internal audit work? And, do all internal audit reports need to be reviewed by the external auditor?
Enterprise Risk Management and Board Risk Oversight – A Tale of Two Surveys from COSO
This podcast reviews the results of two just-released research studies from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). One, which COSO commissioned Protiviti to conduct, offers a look at where boards of directors currently stand in executing their risk oversight responsibilities. The second, conducted by the Enterprise Risk Management Initiative at North Carolina State University, assesses the current state of enterprise risk oversight and market perceptions of COSO’s ERM Framework.
Evaluating Operations and Information Technology Risk in Banks: Opportunities for Auditors to Bring More Value to Institutions
Operational risk, in the post-Basel II sense, is the newest area of risk in financial institutions; following on credit and market risk. This article looks at the business and regulatory environment surrounding operational risk; raises key questions around evaluating and auditing operation risk (especially IT and outsourcing aspects); and looks at what is on the horizon in financing operational risk.
Global Technology Audit Guide (GTAG) 4: Management of IT Auditing
This fourth GTAG is designed for CAE and internal audit management personnel who are responsible for overseeing IT audits. The focus of this guide is on providing specific recommendations that a CAE can implement immediately, and to help sort through the strategic issues regarding planning, performing, and reporting on IT audits. Consideration is given to the fundamentals as well as emerging issues.
Guide to Public Company Readiness
While public offerings require a wide range of organizational, legal, underwriting and external market expertise, this publication focuses on how to be prepared for an initial public offering (IPO) from an infrastructure and back-office perspective. Infrastructure considerations frequently pose the greatest risks to the execution of an IPO – particularly those that relate to financial reporting; the efficiency of the financial close process; governance, risk management and compliance; and the information technology (IT) environment.
Integrating Risk Management with What Matters
Risk management cannot become a differentiating skill unless it is integrated with strategic management and performance management. This issue of The Bulletin will discuss this integration, why it is important and how it is achieved. It focuses on four main topics: (1) start with an effective governance process, (2) integrate risk with strategy setting, (3) integrate risk management with enterprise performance management, and (4) use integrated metrics and targets to manage the business.
IT Audit – Assessing and Managing Risks Effectively within the IT Environment
IT internal auditors – those who focus specifically on risks within the IT environment – have become integral to an organization's internal audit plan and ongoing efforts. IT audit activities are especially important given today's technology-driven organizations that require IT auditors to explore new technologies, identify and help to mitigate emerging risks, develop creative solutions to complex challenges, and encourage new practices to enhance both business and IT functions. Discussing in this episode the realm of IT audit and emerging trends in the field is Protiviti Managing Director David Brand. Dave is leader of Protiviti’s IT Audit practice in the United States, and also leads the company's Internal Audit and Financial Controls practice in the Midwest.
Management and Audit Committee Considerations
This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning management and oversight of the audit function. Some of the topics covered are: How can management utilize internal audit most effectively? What is an audit committee’s role with respect to an internal audit function? What should internal audit report to the audit committee? And, what is the role of the audit committee in evaluating the role of the external auditor?
Refocusing the Internal Audit Agenda: Capitalizing on Changing Expectations
The IIA’s definition of internal auditing focuses on a broad range of evaluation and improvement activities, namely, “risk management, control and governance processes.” This definition has been viewed by some as ahead of its time, since many internal audit functions still lack the knowledge and skills required to expand the focus of the audit plan to address all of these activities fully. This issue of The Bulletin explores some of the factors that are driving higher expectations for internal audit and outlines how CAEs, with support from management and the audit committee, can respond to the challenge.
Role of IT Controls in Systems Development and Deployment
Given the rate of development of the information processing and computer manufacturing technologies and processes – a rate without a precedent in the history of humankind – it is possible now for organizations to transfer almost all of their daily business operations to be carried out by integrated information systems. These integrated information systems must therefore operate within a business environment that is ruled by the rules, policies, regulations and instructions of a corporate governance framework and a related information technology governance framework. The answer for managers and leaders of organizations is to plan for this new operating environment with the proper tools, methodologies and resources.
Role of Management
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on the role of management. Topics covered are: What is the role of the disclosure committee, Section 404 compliance project sponsor, Section 404 compliance project steering committee, and other executives? Who signs off on internal control over financial reporting? And, can management rely solely on self-assessments of process owners for purposes of their evaluation of design and operating effectiveness?
Today’s Elevation of Risk Management and Required Board Oversight
One byproduct of the global economic turmoil of the past few years has been an increasing spotlight on risk management and the role of the board of directors in this process. Effective risk oversight determines that the company has in place a robust process for identifying, prioritizing, sourcing, managing and monitoring critical risks and that this process is improved continuously. In his second podcast on this topic, Protiviti Managing Director Jim DeLoach discusses the board’s critical risk management oversight role.
AICPA Audit Committee Effectiveness Center]
Toolkits, guidance and resources for Audit Committee provided by the AICPA to help make audit committee best practices actionable.
The Conference Board creates and disseminates knowledge about management and the marketplace to help businesses strengthen their performance and better serve society. Research articles on the site represent a variety of topics including corporate governance, corporate citizenship, and mergers and acquisitions. Members can also join councils and working groups that address board issues globally.
Corporate Board Member
Board Member is a magazine written for directors of public companies. Current editions, and archives of past issues, are available online. Audit committee matters, and matters of other board committees, are frequently addressed. There is also a resource center with articles and publications for risk management and for audit committees.
Corporate Governance Certificate
Corporate Governance Online offers a certificate in Corporate Governance. The Program contains over 40 streaming video presentations designed to cover all of the major issues of importance in the area of corporate governance today, presented by 25 knowledge experts and industry leaders. The video presentations consist of lectures, round table discussions, interviews and situational role-plays. The program provides in depth analysis on Board, Audit Committee, Financial Reporting, Legal Issues and much more. You can complete the program on your own schedule - viewing classes anywhere you have an Internet connection.
European Corporate Governance Institute (ECGI)
The ECGI has been established to improve corporate governance through fostering independent scientific research and related activities. The ECGI provides a forum for debate and dialogue between academics, legislators, and practitioners, focusing on major corporate governance issues and thereby promoting best practice.
International Corporate Governance Network (ICGN)
The purpose of ICGN is to examine corporate governance principles and practices; develop and encourage adherence to corporate governance standards and guidelines; and generally promote good corporate governance.