Module 40: Corporate Governance, Internal Control, and Enterprise Risk Management

Overview

This module focuses on the related topics of corporate governance, internal control, and enterprise risk management. Corporate governance is designed to compensate for the agency problem resulting from the fact that corporations are managed by professional management that may not operate them in the best interest of the shareholders. Corporate governance includes the policies, procedures, and mechanisms that are established to control management. The major controls over management include compensation systems, boards of directors (including major committees), external auditors, internal auditors, attorneys, regulators, creditors, securities analysts, and internal control systems.

Internal control is defined by COSO (2013 revision) as a process, effected by the entity's board of directors, managements, and other personnel designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. It can be viewed as including five components: (1) the control environment, (2) risk assessment, (3) control activities, (4) information and communication, and (5) monitoring activities. It is important to realize that internal ...