SEARCH
CONTACT US
+632 8888-3055 +632 8888-3955 CONTACT US

Manual on Corporate Governance

Code of Conduct and Business Ethics

Integrated Annual Corporate Governance Report

Board Committees and Charters

Internal Audit Charter

Enterprise Risk Management

ASEAN Corporate Governance Scorecard

Company's Policies

2022 SMPC Annual and Sustainability Report

(11.6MB)

view
Corporate Governance > Internal Audit Charter

Internal Audit Charter

(As approved by the Board of Directors in February 2017)

 

1.2.      Internal Audit Charter

 

1.3.1.  Introduction

 

The purpose of this Internal Audit Charter is to provide clear understanding of the purpose, authority and responsibilities of the Internal Audit Department (IAD) under the governance policies defined by Management and Audit Committee of SEMIRARA MINING AND POWER CORPORATION AND SUBSIDIARIES (SEMIRARA GROUP).

 

This Internal Audit Charter represents the general authorization from Management to conduct a certain scope of assurance and consulting work for the organization. The specific authorization is embodied in the Internal Audit Plan which is initiated by the President and approved by the Audit Committee.

 

Internal Auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of SEMIRARA GROUP. It assists SEMIRARA GROUP in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization’s governance, risk management and internal controls.

 

1.3.2. Mandate

 

Applicable IIA Standards


1000 – Purpose, Authority, and Responsibility

The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the Mission of Internal Audit and the mandatory elements of the Professional Practices Framework (the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the Standards, and the Definition of Internal Auditing. The chief audit executive must periodically review the internal audit charter and present it to senior management and the board for approval.

  • 1000.A1 – The nature of assurance services provided to the organization must be defined in the internal audit charter. If assurances are to be provided to parties outside the organization, the nature of these assurances must also be defined in the internal audit charter.
  • 1000.C1 – The nature of consulting services must be defined in the internal audit charter.

 

1010 – Recognizing Mandatory Guidance in the Internal Audit Charter


The mandatory nature of the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the Standards and the Definition of Internal Auditing must be recognized in the internal audit charter. The chief audit executive should discuss the Mission of Internal Audit and the mandatory elements of the International Professional Practices Framework with senior management and the board.

 

1.3.3.  Purpose

 

The IAD was established by Senior Management and Audit Committee to assist SEMIRARA GROUP in evaluating and improving the effectiveness of its risk management, controls and governance processes; and add value to the organization by helping it accelerate its business performance.

 

1.3.4.  Professionalism

 

The internal audit activity will govern itself by adherence to the Institute of Internal Auditor’s Mission of Internal Audit and the mandatory elements of the Professional Practices Framework (the Core Principles for the Professional Practice of Internal Auditing, the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (Standards)). This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the internal audit activity’s performance.

 

The Institute of Internal Auditors’ Practice Advisories, Practice Guides, and Position Papers will also be adhered to as applicable to guide operations. In addition, the internal audit activity will adhere to SEMIRARA GROUP’s relevant policies and procedures and the internal audit activity’s manual.

 

1.3.5.  Authority

 

The IAD, with strict accountability for confidentiality and safeguarding of records and information, is authorized full, free, and unrestricted access to any and all of SEMIRARA GROUP’s documents, records, information, systems and applications, physical properties, and personnel pertinent to carrying out any engagement. All employees are requested to assist the internal audit activity in fulfilling its roles and responsibilities. The IAD will also have free and unrestricted access to the Audit Committee.

 

1.3.6.  Organization

 

The Chief Audit Executive (CAE) will report functionally to the Audit Committee and administratively (i.e., day to day operations) to the President. The centralized IAD in SEMIRARA GROUP will also cover all its subsidiaries.

 

The Audit Committee of SEMIRARA GROUP will perform the following:

  • Approve the Internal Audit Charter and Internal Audit Manual
  • Approve the risk-based Internal Audit Plan
  • Approve the Internal Audit Budget and Resource Plan
  • Receive communications from the CAE on the internal audit activity’s performance relative to its plan and other matters.
  • Approve decisions regarding the appointment and removal of the CAE
  • Approve the remuneration and related adjustments of the CAE
  • Make appropriate inquiries of Management and the CAE to determine whether there is inappropriate scope or resource limitation.

 

The CAE will communicate and interact directly with the Audit Committee, including in executive sessions and between Board meetings as appropriate and necessary.

 

1.3.7.  Independence and Objectivity

 

Independence is achieved through the organizational status of the IAD and the objectivity of each internal auditor. The IAD shall remain free from interference by any element in the organization, including matters of audit selection, scope, procedures, frequency, timing or report content to permit maintenance of a necessary independent and objective mental attitude.

 

Each internal auditor must possess an objective attitude and must be in a sufficiently independent position to be able to exercise judgment, express opinions and present recommendations with impartiality. Specifically:

  • The IAD, notwithstanding its employment by SEMIRARA GROUP, must be free from any conflict of interest arising either from professional or personal relationships or other interests in SEMIRARA GROUP or related activity, which it may subject to audit.
  • The IAD must be free from undue influence, which either restricts or modifies the scope or conduct of its work or overrules or significantly affects its judgment as to the content of any internal audit reports.

 

The Internal Audit Department will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair internal auditor’s judgment. Also, they are not to accept any responsibility for non-audit functions or duties or operational responsibilities that are or may be subjected to internal audit assessments so as not to impair independence and objectivity.

 

Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.

 

The CAE will confirm to the Audit Committee, at least annually, the organizational independence of the internal audit activity.

 

 

1.3.8.  Scope and Responsibilities

 

The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the organization’s governance, risk management and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve SEMIRARA GROUP’s goals and objectives.

This includes:

  • Developing an annual risk-based internal audit plan based on results of the organization’s risk assessment and submitting the audit plan to Audit Committee for review and approval
  • Reporting periodically to Audit Committee on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan;
  • Reporting significant risk and control issues, including fraud risks, governance issues, and other matters as a result of the internal audit engagements that are documented in an internal audit report;
  • Monitoring the status of management action plans in relation to the audit findings
  • Evaluating and reporting on specific areas at the request of the senior management or Audit Committee, as appropriate.
  • Obtaining competent advice and assistance form external service providers if the internal auditors lack the knowledge, skills, or other competencies needed to perform all or part of the engagement.

 

The nature of internal audit activities can be classified as either assurance or consulting services.

 

Assurance services involve the internal auditor’s objective assessment of evidence to provide an independent opinion or conclusion regarding a process, system or other subject matter. These may involve any of the following:

  • Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information;
  • Evaluating the processes and systems established to check compliance with policies, plans, procedures, laws and regulations which could have a significant impact on the organization;
  • Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets;
  • Evaluating the effectiveness and efficiency with which organizational resources are employed;
  • Evaluating operations and programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned;
  • Evaluating governance processes such as promotion of ethics and values, performance management, communication of risk and control and other information to appropriate units and level of management;
  • Evaluating the adequacy and effectiveness of the organization’s risk management process;
  • Providing inputs to Audit Committee, as appropriate, in evaluating the quality of performance of external auditors such as the degree of coordination with internal audit;

 

Consulting activities are advisory in nature and are generally performed at the specific request of the Board of Directors, Audit Committee or the management. When performing consulting services, the internal auditor should maintain objectivity and not assume management responsibility. These consulting activities include those related to governance, risk management and control such as facilitation, training and advice, as appropriate for the organization.

 

On a need basis, the internal audit activity’s work may also involve testing of transactions, leading practice reviews, appraisals of regulatory requirements, and measures to help prevent and detect fraud. The internal audit activity’s responsibilities in relation to fraud include the following:

  • Evaluating the consideration of fraud risk in every audit, and conducting appropriate audit procedures based on the identified fraud risk
  • Exercising due professional care to the degree that fraud may be present in activities covered by the normal course of audit
  • Assisting in fraud prevention by examining and evaluating the adequacy and effectiveness of the internal controls system commensurate with the extent of potential exposure within the Company.

 

1.3.9.  Internal Audit Plan

 

The CAE, at least annually, will submit to the Audit Committee an internal audit plan for review and approval. The internal audit plan will consist of a work schedule as well as any resource requirements for the applicable calendar year. The CAE will communicate the impact of resource limitations and significant interim changes to the Senior Management and Audit Committee.

 

The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including inputs of Senior Management and the Audit Committee. The CAE will review and adjust the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems and controls. Any significant deviation from the approved internal audit plan will be communicated to the Senior Management and Audit Committee through periodic reports.

 

1.3.10.  Reporting and Monitoring

 

Written internal audit reports will be prepared and issued to Management following the completion of each internal audit engagement.

 

The internal audit reports will be discussed with the Management of the units audited, and their responses and corrective actions taken or to be taken with regards to specific findings and recommendations are incorporated before the report is finalized and distributed. Management’s response should include a timetable for anticipated completion of action plans and/or an explanation for any corrective action that will not be implemented.

 

Reports highlighting significant audit findings and recommendations shall be provided to the Chairman of the Audit Committee and reported during Audit Committee meetings.

The internal audit activity will be responsible for appropriate follow-up on engagement findings and recommendations. All significant findings will remain as open issues until cleared.

 

The IAD will also periodically report to the Senior Management and Audit Committee on the internal audit activity’s purpose, authority, and responsibility as well as performance relative to its plan.

 

In accordance with the Philippine Stock Exchange’s Corporate Governance Guideline 3.5, the Chief Executive Officer (CEO) and the CAE will attest in writing, at least annually, as to whether the internal audit, controls and compliance system is in place and working effectively This annual attestation will be signed by the CAE, the Chairman of the Audit Committee, the President and the CEO.

 

1.3.11.  Quality Assurance and Improvement Program

 

The internal audit activity will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of the internal audit activity’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.

 

The CAE will communicate to senior management and the Audit Committee on the internal audit activity’s quality assurance and improvement program, including results of periodic internal assessments and external assessments conducted at least every five years.

 

1.3.12.  Fraud Limitation

 

The identification and prevention of fraud is clearly a management responsibility. Internal Audit is capable of assisting Management to identify the key fraud risks facing the various departments or business units based on fraud indicators (red flags) and can assist Management in identifying appropriate controls that could minimize the effects of such risks.

 

1.3.13.  Site Visits

 

Internal audit service requires visits to all SEMIRARA GROUP’s business and site locations based on the approved Internal Audit Plan.

 

1.3.14.  Management’s Responsibilities

 

The IAD, as a recommendatory body, only functions in an advisory capacity. The primary responsibility for ensuring that SEMIRARA GROUP maintains an adequate system of internal controls and are operating effectively to reduce business risks to an acceptable level rests with its Management. Management also has the responsibility and accountability for addressing weaknesses and inefficiencies, which have been identified in both External and Internal Audit Reports, and for taking the necessary corrective actions.

 

Management shall inform IAD and the Chief Financial Officer for any significant internal control problems, thefts, frauds, unauthorized transactions, accounting breakdowns, large stock shortages or surpluses, major bad debts, etc. that has come to their attention.

 

1.3.15.  Amendment of Charter

 

The CAE is responsible for maintaining this Internal Audit Charter in a current state through the conduct of an annual review. Results of this annual review shall be reported to senior management and the Audit Committee.

 

Amendment of this Charter is subject to review and recommendation of the Audit Committee and final approval of the Board of Directors.

 

If any provision of this Charter is declared invalid, the remainder of this or any other provision not affected thereby shall remain in force and in effect.