Internal Audit and Control | Ayala

Internal Audit and Control

Governance  >  Annual Corporate Governance Report  > Internal Audit and Control


Internal Control System is the framework under which internal controls are developed and implemented (alone or in concert with other policies or procedures) to manage and control a particular risk or business activity, or combination of risks or business activities, to which the corporation is exposed. To be effective, the internal control system needs to adapt to changing business and operating environments, mitigate risks to acceptable levels, and support sound decision-making and governance of the organization. Internal control effected by the company’s board of directors, management, and all employees, is designed to provide reasonable assurance regarding the achievement of the company’s objectives.

Everyone in the organization has responsibility for internal control. Management owns the internal control system and is responsible for establishing sound internal control policies and procedures. Management is accountable to the Board of Directors who provides governance, guidance, and oversight. Internal auditors play an important role in evaluating the effectiveness of control systems, and contribute to ongoing effectiveness by providing recommendations.


Directors review of tthe effectiveness of the internal control system

The Board of Directors, through the Audit Committee and the Risk Management and Related Party Transactions Committee, has reviewed the internal control system of the Company based on the assessments completed and reported by the internal and external auditors. The Board found the internal control system to be effective.

The statement of the directors on the effectiveness of the company’s internal control system is embodied in the Report of the Audit Committee to the Board of Directors which is part of the company’s 2019 Annual Report which were distributed during the Annual Stockholders’ Meeting of the Company on April 24, 2020.

Period covered by the review: For the year ended December 31, 2019

Management reviews the adequacy and effectiveness of internal controls continuously throughout the year as part of its day-to-day function. Internal Audit assists management to attain company goals through independent risk-based planned reviews and evaluation of the effectiveness of controls.

The directors’ criteria for assessing the effectiveness of the internal control system include:

  1. Control Environment-the tone of the top and ethical behavior culture in the company
  2. Risk Assessment-the identification and analysis of relevant risks to the achievement of objectives, forming a basis for how the risks should be managed and provide reasonable assurance that risks are reduced to an acceptable level.
  3. Information and Communication-systems or processes that support the identification, capture, and exchange of accurate and complete information.
  4. Control Activities- policies and procedures, international standards and industry best practices to ensure compliance with laws, regulations, supervisory requirements, and relevant internal policies.
  5. Monitoring-processes used to regularly assess the continuing quality of internal control and risk management activities.



Vision, Mission and Strategy 


To become a leading internal audit organization recognized as a valuable business partner, trusted advisor and enabler by all stakeholders.


Deliver an independent assessment of financial, regulatory and operational risks, and control effectiveness through assurance and advisory services that supports the achievement of the organization's objectives and enhances shareholder value. 


Deliver a high performing and business relevant internal audit organization with increased subsidiary oversight. 


Role, Scope and Internal Audit Function

The Internal Audit Group governs its work in adherence to The Institute of Internal Auditors’ “Code of Ethics” and the Company’s Code of Conduct. The Internal Audit also conducts its activities in conformance with the International Standards for the Professional Practice of Internal Auditing (ISPPIA) of The Institute of Internal Auditors and guided by the COSO framework on internal control. Internal Audit Charter

Role Scope Indicate whether In-house  or Outsource Internal Aiudit Function Name of Chief Internal Auditor/Auditing Firm Reporting Process
  • Assist the Board and the Audit Committee in discharging its governance responsibility
  • Evaluates and provides reasonable assurance that risk management, control, and governance systems are functioning as intended and will enable the company’s strategy, objectives and goals to be met

The scope of work of the internal audit function is to determine whether Ayala Corporation’s risk management, control, and governance processes is adequate and functioning effectively to ensure:

  • Risks are appropriately identified and managed;
  • Financial information is accurate, reliable, and timely;
In-house Catherine H. Ang To maintain its independence, Internal Audit reports functionally to the Board of Directors, through the Audit Committee, and administratively to the President and Chief Operating Officer or his designate.
  • Reports risk management issues and internal controls deficiencies identified directly to the Audit Committee and provides recommendation s to improve the company’s operations, in terms of both efficient and effective performance
  • Evaluates information security and associated risk exposures
  • Evaluates regulatory compliance program with consultation from legal counsel and other relevant units or external advisors, as necessary
  • Evaluates the company’s readiness in case of business interruption
  • Maintains open communication with management and the Audit Committee
  • Teams with other internal and external resources as appropriate for assurance and advisory work
  • Engages in continuous education and staff development
  • Provides support to the company's anti-fraud and whistleblower programs.
  • Compliance with policies, standards, procedures and applicable laws and regulations is achieved;
  • Resources are safeguarded; and
  • Achievement of programs, plans and objectives are reasonably assured. In carrying out their duties and responsibilities, members of the internal audit function have full, free, and unrestricted access to all organizational activities, records, property and personnel of Ayala Corporation.
    Reports are issued to management and the Audit Committee upon completion of the audit reviews. Significant findings and issues are taken up in the quarterly meetings of the Audit Committee

As provided in the Audit Committee Charter and the Internal Audit Charter, the Audit Committee is responsible for the setting up of the Internal Audit Department, including the qualification criteria and appointment of the Chief Audit Executive. The Committee evaluates the performance of the Chief Audit Executive and the Internal Auditors taken as a whole. Moreover, the Committee having appointed the Chief Audit Executive, also approves his/her replacement, re-assignment, or dismissal. The Committee also reviews and approves any outsourcing of the internal audit function.

The Chief Audit Executive reports directly to the Board of Directors through the Audit Committee and has direct access to all members of the Audit Committee. The internal audit function as empowered by the Audit Committee Charter and the Internal Audit Charter has free access to all records, properties and personnel.

Internal audit’s progress against plans, significant issues, significant findings and examination trends

Progress Against Plans

The activities of Internal Audit are guided by the Audit Committee approved, risk-based audit plan. Internal Audit submit periodic reports to the Committee on the status of its activity, accomplishments, key findings and recommendations, as well as management’s responses thereto.


There are no significant issues noted based on the results of the audit reviews conducted. Noted issues are on enhancements of and compliance to existing policies and procedures.


There are no significant findings noted based on the results of the audit reviews conducted. Reported findings are primarily on the enhancements and documentation of corporate governance policies and guidelines, and consistent implementation of procedural controls. Report on the results of the audit review is provided to the responsible personnel, department heads, senior management, and the Audit Committee based on the Committee approved Risk Reporting Framework.

Examination Trends

High risk areas are reviewed at least annually. Based on follow-up of audit recommendations, management are addressing reported risk issues, control weaknesses and opportunities for improvement within the audit period and committed timeline.

The relationship among progress, plans, issues and findings should be viewed as an internal control review cycle which involves the following step-by-step activities:

  1. Preparation of an audit plan inclusive of a timeline and milestones;
  2. Conduct of examination based on the plan;
  3. Evaluation of the progress in the implementation of the plan;
  4. Documentation of issues and findings as a result of the examination;
  5. Determination of the pervasive issues and findings (“examination trends”) based on single year result and/or year-to-year resuts; and 
  6. Conduct of the foregoing procedures on a regular basis.


Audit Control Policies and Procedures

Internal audit controls, policies and procedures that have been established by the company and the result of an assessment as to whether the established controls, policies and procedures have been implemented under the column “Implementation.”

Policies & Procedures


Finance Manual


Treasury Manual


Information Technology Manual


Human Resources Manual


Related Party Transactions Policy

Implemented in 2016

Electronic Disbursement Policy

Implemented in 2016

Social Media Policy

Implemented in 2016

Business Continuity Policy

Implemented in 2016

Crisis Management Policy

Implemented in 2016


Mechanism and Safeguards

Mechanism established by the company to safeguard the independence of the auditors, financial analysts, investment banks and rating agencies:


(Internal and External)

Financial Analysts

Investment Banks

Rating Agencies

Rotation of partner-in charge every five years for external auditors

Equitable access to company representatives by analysts, regardless of their prior research, opinions, recommendations, earnings estimates or research conclusions on the company.

Approval of the Investment Committee and/or the Finance Committee and the Board of Directors prior to any engagement with Investment Banks.

Approval of the Investment Committee and/or the Finance Committee and the Board of Directors prior to engagement of rating agency.

Functional reporting to the Audit Committee by the internal auditors

Equitable release of disclosure/information (i.e. no analyst gets more information than the other) in terms of content and timing (i.e. no one gets ahead of information over another).

Use of different Investment Banks for each deal.

Periodic submission of reports and data to the Rating Agency

Abide by the company’s Code of Ethics

Independence and impartiality in the opinions, estimates or forecasts made by analysts on Ayala’s performance.


Use of multiple Investment Banks instead of just one or two for bond deals.

Management interview sessions prior to ratings.

Abide by the company’s policy on Conflict of interest, Insider Trading Policy

Open flow of communication with analysts without compromising material non-public information




Attestations to Company’s full compliance with the SEC Code of Corporate Governance:

On January 9, 2015, the Company submitted to the SEC the Consolidated Changes in the Annual Corporate Governance Report for 2014 that was reviewed and approved by the Board of Directors of the Company at their meeting on December 4, 2014.

On January 7, 2016, the Company submitted to the SEC the Consolidated Changes in the Annual Corporate Governance Report for 2015 that was reviewed and approved by the Board of Directors of the Company at their meeting on December 3, 2015.

On May 12, 2017 , the Company submitted to the SEC the Annual Corporate Governance Report for 2016 that was reviewed and approved by the Board of Directors of the Company at their meeting on April 21, 2017.

The Chairman of the Board, Compliance Officer and Chief Audit Executive attest to the adequacy of the Corporation’s systems for internal control and risk management and processes for compliance and governance. Please click the link below:

2017 Attestation of Internal Controls

2018 Attestation of Internal Controls

2019 Attestation of Internal Controls


Copyright © 2017, Ayala Corporation

privacy | terms of use