Internal Audit and Control

Governance  >  Annual Corporate Governance Report  > Internal Audit and Control

1) Internal Control System

Disclose the following information pertaining to the internal control system of the company:

(a) Explain how the internal control system is defined for the company;

Internal Control System is the framework under which internal controls are developed and implemented (alone or in concert with other policies or procedures) to manage and control a particular risk or business activity, or combination of risks or business activities, to which the corporation is exposed. To be effective, the internal control system needs to adapt to changing business and operating environments, mitigate risks to acceptable levels, and support sound decision-making and governance of the organization. Internal control effected by the company’s board of directors, management, and all employees, is designed to provide reasonable assurance regarding the achievement of the company’s objectives.

Everyone in the organization has responsibility for internal control. Management owns the internal control system and is responsible for establishing sound internal control policies and procedures. Management is accountable to the Board of Directors who provides governance, guidance, and oversight. Internal auditors play an important role in evaluating the effectiveness of control systems, and contribute to ongoing effectiveness by providing recommendations.

(b) A statement that the directors have reviewed the effectiveness of the internal control system and whether they consider them effective and adequate;

The Board of Directors, through the Audit Committee and the Risk Management and Related Party Transactions Committee, has reviewed the internal control system of the Company based on the assessments completed and reported by the internal and external auditors. The Board found the internal control system to be effective.

The statement of the directors on the effectiveness of the company’s internal control system is embodied in the Report of the Audit Committee to the Board of Directors which is will be part of the company’s 2016 Annual Report which will be distributed during the 2017 Annual Stockholders’ Meeting of the Company.

(c) Period covered by the review;

For the year ended December 31, 2016.

(d) How often internal controls are reviewed and the directors’ criteria for assessing the effectiveness of the internal control system; and

Management reviews the adequacy and effectiveness of internal controls continuously throughout the year as part of its day-to-day function. Internal Audit assists management to attain company goals through independent risk-based planned reviews and evaluation of the effectiveness of controls.

The directors’ criteria for assessing the effectiveness of the internal control system include:

  1. Control Environment-the tone of the top and ethical behavior culture in the company
  2. Risk Assessment-the identification and analysis of relevant risks to the achievement of objectives, forming a basis for how the risks should be managed and provide reasonable assurance that risks are reduced to an acceptable level.
  3. Information and Communication-systems or processes that support the identification, capture, and exchange of accurate and complete information.
  4. Control Activities- policies and procedures, international standards and industry best practices to ensure compliance with laws, regulations, supervisory requirements, and relevant internal policies.
  5. Monitoring-processes used to regularly assess the continuing quality of internal control and risk management activities.

(e) Where no review was conducted during the year, an explanation why not.

Not applicable. Review was conducted during the year.

2) Internal Audit

(a) Role, Scope and Internal Audit Function

Give a general description of the role, scope of internal audit work and other details of the internal audit function.

The Internal Audit Group governs its work in adherence to The Institute of Internal Auditors’ “Code of Ethics” and the Company’s Code of Conduct. The Internal Audit also conducts its activities in conformance with the International Standards for the Professional Practice of Internal Auditing (ISPPIA) of The Institute of Internal Auditors and guided by the COSO framework on internal control.

Role Scope Indicate whether In-house  or Outsource Internal Aiudit Function Name of Chief Internal Auditor/Auditing Firm Reporting Process
  • Assist the Board and the Audit Committee in discharging its governance responsibility
  • Evaluates and provides reasonable assurance that risk management, control, and governance systems are functioning as intended and will enable the company’s strategy, objectives and goals to be met

The scope of work of the internal audit function is to determine whether Ayala Corporation’s risk management, control, and governance processes is adequate and functioning effectively to ensure:

  • Risks are appropriately identified and managed;
  • Financial information is accurate, reliable, and timely;
In-house Catherine H. Ang To maintain its independence, Internal Audit reports functionally to the Board of Directors, through the Audit Committee, and administratively to the President and Chief Operating Officer or his designate.
  • Reports risk management issues and internal controls deficiencies identified directly to the Audit Committee and provides recommendation s to improve the company’s operations, in terms of both efficient and effective performance
  • Evaluates information security and associated risk exposures
  • Evaluates regulatory compliance program with consultation from legal counsel and other relevant units or external advisors, as necessary
  • Evaluates the company’s readiness in case of business interruption
  • Maintains open communication with management and the Audit Committee
  • Teams with other internal and external resources as appropriate for assurance and advisory work
  • Engages in continuous education and staff development
  • Provides support to the company's anti-fraud and whistleblower programs.
  • Compliance with policies, standards, procedures and applicable laws and regulations is achieved;
  • Resources are safeguarded; and
  • Achievement of programs, plans and objectives are reasonably assured. In carrying out their duties and responsibilities, members of the internal audit function have full, free, and unrestricted access to all organizational activities, records, property and personnel of Ayala Corporation.
    Reports are issued to management and the Audit Committee upon completion of the audit reviews. Significant findings and issues are taken up in the quarterly meetings of the Audit Committee



(b) Do the appointment and/or removal of the Internal Auditor or the accounting /auditing firm or corporation to which the internal audit function is outsourced require the approval of the audit committee?

As provided in the Audit Committee Charter and the Internal Audit Charter, the Audit Committee is responsible for the setting up of the Internal Audit Department, including the qualification criteria and appointment of the Chief Audit Executive. The Committee evaluates the performance of the Chief Audit Executive and the Internal Auditors taken as a whole. Moreover, the Committee having appointed the Chief Audit Executive, also approves his/her replacement, re-assignment, or dismissal. The Committee also reviews and approves any outsourcing of the internal audit function.

(c) Discuss the internal auditor’s reporting relationship with the audit committee. Does the internal auditor have direct and unfettered access to the board of directors and the audit committee and to all records, properties and personnel?

The Chief Audit Executive reports directly to the Board of Directors through the Audit Committee and has direct access to all members of the Audit Committee. The internal audit function as empowered by the Audit Committee Charter and the Internal Audit Charter has free access to all records, properties and personnel.

(d) Resignation, Re-assignment and Reasons

      Disclose any resignation/s or re-assignment of the internal audit staff (including those employed by the thirdparty auditing firm) and the reason/s for them.

Name of Audit Staff


None in 2016



(e) Progress against Plans, Issues, Findings and Examination Trends

      State the internal audit’s progress against plans, significant issues, significant findings and examination trends.

Progress Against Plans

The activities of Internal Audit are guided by the Audit Committee approved, risk-based audit plan. Internal Audit submit periodic reports to the Committee on the status of its activity, accomplishments, key findings and recommendations, as well as management’s responses thereto


There are no significant issues noted based on the results of the audit reviews conducted. Noted issues are on enhancements of and compliance to existing policies and procedures


There are no significant findings noted based on the results of the audit reviews conducted. Reported findings are primarily on the enhancements and documentation of corporate governance policies and guidelines, and consistent implementation of procedural controls. Report on the results of the audit review is provided to the responsible personnel, department heads, senior management, and the Audit Committee based on the Committee approved Risk Reporting Framework.

Examination Trends

High risk areas are reviewed at least annually. Based on follow-up of audit recommendations, management are addressing reported risk issues, control weaknesses and opportunities for improvement within the audit period and committed timeline.


[The relationship among progress, plans, issues and findings should be viewed as an internal control review cycle which involves the following step-by-step activities:

  1. Preparation of an audit plan inclusive of a timeline and milestones;
  2. Conduct of examination based on the plan;
  3. Evaluation of the progress in the implementation of the plan;
  4. Documentation of issues and findings as a result of the examination;
  5. Determination of the pervasive issues and findings (“examination trends”) based on single


6 “Issues” are compliance matters that arise from adopting different interpretations.

7 “Findings” are those with concrete basis under the company’s policies and rules.

                                year result and/or year-to-year results;

      f. Conduct of the foregoing procedures on a regular basis.]

­­­(f) Audit Control Policies and Procedures

Disclose all internal audit controls, policies and procedures that have been established by the company and the result of an assessment as to whether the established controls, policies and procedures have been implemented under the column “Implementation.”

Policies & Procedures


Finance Manual


Treasury Manual


Information Technology Manual


Human Resources Manual


Related Party Transactions Policy

Implemented in 2016

Electronic Disbursement Policy

Implemented in 2016

Social Media Policy

Implemented in 2016

Business Continuity Policy

Implemented in 2016

Crisis Management Policy

Implemented in 2016


(g) Mechanism and Safeguards

State the mechanism established by the company to safeguard the independence of the auditors, financial analysts, investment banks and rating agencies (example, restrictions on trading in the company’s shares and imposition of internal approval procedures for these transactions, limitation on the non-audit services that an external auditor may provide to the company):


(Internal and External)

Financial Analysts

Investment Banks

Rating Agencies

Rotation of partner-incharge every five years for external auditors

Equitable access to company representatives by analysts, regardless of their prior research, opinions, recommendations, earnings estimates or research conclusions on the company.

Approval of the Investment Committee and/or the Finance Committee and the Board of Directors prior to any engagement with Investment Banks.

Approval of the Investment Committee and/or the Finance Committee and the Board of Directors prior to engagement of rating agency.

Functional reporting to the Audit Committee by the internal auditors

Equitable release of disclosure/information (i.e. no analyst gets more information than the other) in terms of content and timing (i.e. no one gets ahead of information over another)

Use of different Investment Banks for each deal.

Periodic submission of reports and data to the Rating Agency

Abide by the company’s Code of Ethics

Independence and impartiality in the opinions, estimates or forecasts made by analysts on Ayala’s performance.


Use of multiple Investment Banks instead of just one or two for bond deals.

Management interview sessions prior to ratings.

Abide by the company’s policy on Conflict of interest, Insider Trading Policy

Open flow of communication with analysts without compromising material non-public information




(h) State the officers (preferably the Chairman and the CEO) who will have to attest to the company’s full compliance with the SEC Code of Corporate Governance. Such confirmation must state that all directors, officers and employees of the company have been given proper instruction on their respective duties as mandated by the Code and that internal mechanisms are in place to ensure that compliance.

On January 16, 2013, the Company submitted to the SEC the certification on the compliance with the revised manual of corporate governance for the year 2012. The certification was signed by the Company’s Compliance Officer and the President and COO.

On July 1, 2013, the Company has also submitted to the SEC the notarized Annual Corporate Governance Report for 2012 signed by the Chairman and CEO, the President and COO, and two independent directors of the Company.

On January 9, 2015, the Company submitted to the SEC the Consolidated Changes in the Annual Corporate Governance Report for 2014 that was reviewed and approved by the Board of Directors of the Company at their meeting on December 4, 2014.

On January 7, 2016, the Company submitted to the SEC the Consolidated Changes in the Annual Corporate Governance Report for 2015 that was reviewed and approved by the Board of Directors of the Company at their meeting on December 3, 2015.


Copyright © 2017, Ayala Corporation

privacy | terms of use