The Internal Auditor and Corporate Governance

by | Feb 5, 2016 | Blog

IOD-Internal-Auditor

GENERAL OVERVIEW

Meaning of Corporate Governance

The manner in which power is exercised in the management of economic and social resources for sustainable development Corporate governance is essentially about leadership:

  • Leadership for efficiency
  • Leadership for probity
  • Leadership with responsibility
  • Leadership, which is transparent and accountable

The Need for Corporate Governance

The Quest for Value – in a research McKinsey found that investors are prepared to pay an average premium of 18% of a well-governed company – capital attraction.

Best Practice – governments, around the world are increasingly tightening regulations which impact on management accountability and corporate transparency.

International Influence – both the World Bank and Organisation for Economic Cooperation and Development have placed corporate governance high on the list of their reform agenda for businesses in emerging markets.

Investor Activism – understanding the governance expectations of international investors is of growing importance to companies whilst the investors themselves are given guidance on how to assert their ownership rights in global markets.

Competition – to create competitive and efficient companies and business enterprises

Resources – to promote efficient and effective use of limited resources.

Accountability – enhance accountability and performance of those entrusted to manage corporations.

What the Council (Board) is not

  • A Trade Union – where members go to negotiate for improved conditions of service
  • Parliament – where discussions are carried out in a partisan manner
  • Social Club – where members meet to discuss their personal welfare
  • A battlefield – where members go in combative mood (“ready to fight opponents”)

What then is the Council (Board)?

  • At the heart of every corporate governance system, is a body of councillors/ directors charged with directing and overseeing corporate affairs
  • It is the focal point in every corporate governance system and ultimately accountable and responsible for the performance of the affairs of the organisation.

The qualities of a councillor (director)

  • Integrity – high ethical standards
  • Honesty and Accountability – truthfulness and trustworthiness
  • Objectivity – Independence
  • Empathy – Ability to listen impartially
  • Common Sense – sound practical sense in every matters

The competencies required of a councillor/ directors

  • General competencies
  • Informed business judgment
  • Entrepreneurship
  • Wide perspective

Strategic competence

  • governance
  • change awareness

Analytical competence

  • financial literacy
  • critical faculty

Character competence

Communication/Interaction competence

  • Communication
  • Adaptability
  • Listening
  • Teamwork

Knowledge competencies

  • Councillor’s responsibilities
  • Business Management Practices
  • Structure of Council

The functions of a governing council/ board

  • Determine organisation’s purpose and value
  • Think strategically Determine strategy to achieve purpose, ensure that processes and procedures are in place to safeguard the assets of the institution
  • Formulate policy and give oversight
  • Ensure organisational capabilities for successful strategic implementation
  • Ensure rapid feedback for honest information on the implementation of the strategy through monitoring and evaluation
  • Be collegial in strategic decision-making
  • Generate innovative ideas
  • Identify key risk areas and key performance indicators
  • Ensure that the organisation complies with all laws and regulations and codes of best practice and is socially responsible

Challenges

  • Corporate Governance faces many challenges including:
  • Appointment process – haphazard and opaque
  • Lack of independence Poor accounting skills of external auditors
  • Conflicts of interest Lack of training for those selected to govern
  • Lack of guidelines on remuneration for councillors/ directors
  • Poor accounting records and non-compliance with international accounting standards

THE ROLE OF INTERNAL AUDITING

Background

The current business world is experiencing phenomenal changes. Business is conducted in many lands and with many people, and markets are no longer restricted by boundaries or time zones. Internal audit must adapt or be proactive otherwise complacency and obsolescence may occur.

What is Internal Auditing? “An independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.” (The Institute of Internal Auditors).

Issues facing Internal Auditing Internal auditing faces many issues as a result of the global economy that now permeates the economic environment in which we do business. These include:

  • Corporate governance
  • Risk management
  • Procurement
  • Human Resource
  • Technology
  • Finance
  • Fraud
  • Operational issues

Corporate Governance

Internal auditors must aim at adding value and this could be done by helping directors and management to perform their functions.

Internal auditing can provide crisp analysis in the areas of alternative strategies considered, risk factors and performance measurement.

Internal auditing can also provide Councils/ Boards with analysis of best, worst and most-likely case scenarios. The collapse of giant organisations such as Enron now point to the fact that the import and expertise of internal auditors could now be even more crucial in an organisation decision making process. Managers and governments who downplay the importance of internal auditing do so at their own peril.

The evolving role of the internal auditor may be summarised as follows:

“Future audit emphasis will focus more on operational and strategies than it has in the past. Financial analysis remains important but increasingly, the historical side of accounting is significant to the internal auditor only as it relates to future decision-making. That’s where internal auditing adds value. So, internal auditors must be involved in organisational planning and strategy especially at the operating and management planning. They will determine how to identify the most significant business risks and exposures, as well as identified opportunities.” (Dr. Glenn Summers Louisiana State University – Interview with KPMG).

Risk Management

Risk management is an area of paramount importance to an organisation. Because every organisation is in business to take risks, effective risk management is necessary to the progression of an organisation – taking too little risk can be dangerous as taking too much risk.

Globalisation warrants a new internal audit model one that focuses on the external risks and threats posed by globalisation, new competition, changing technology, and mergers and acquisition.

Risks are uncertain future events that could influence the achievement of an organisation’s objectives. These could include strategic, operational, financial and compliance objectives.

Risk management is defined as the identification and evaluation of actual and potential risk areas as they pertain to the organisation as a total entity, followed by either a process of termination, transfer, acceptance (tolerance) or mitigation of each risk.

Since internal auditors are part of the organisation they must be able to help identify and prepare for previously unrealised risks.

Internal auditors must incorporate into the audit measures to ascertain risk in an organisation.

Good business is all about risk; business growth cannot occur without introducing new risks; business objectives cannot be achieved without placing assets at risk, and business rivalries cannot be even without “out risk-taking’ the competition.

Internal auditors must be equally ready to mitigate the risks that their organisations need to undertake in order to endure. This is done through understanding of risk management and providing objective feedback on the quality of organisational controls and performance.

Procurement

Public procurement refers to the acquisition of goods, works and services by governments and their subsidiary agencies. The Internal Auditor must be conversant with the Public Procurement Act, 2003 Act 663 which has been passed to streamline public procurement. Public Procurement is subject to corruption and the Internal Auditor must be conversant with the vicious circle of corruption from the point of view of the contractor as well as the agency. The Internal auditor should be able to assist management obtain value for money and make savings in cost for the organisation.

Human Resource

In today’s global economy, the spotlight is now on the human resource. The human resource features in all factors of production. The Internal Auditor will be expected to review policies and procedures with regard to:

Succession planning

Career planning; and

Performance management

The Internal Auditor will ensure that staff employed have appointment letters which spell out details of the requirements of the Labour Act, 2003 Act 651. This means that the Internal Auditor himself/herself must be conversant with the law.

Technology

Technology has dramatically accelerated the rate of change, and many organisations are struggling to keep up. Confusion and change have replaced comfort and composure in the midst of corporate decisions. Internal Auditors can help their organisations in the following ways:

– Provide the necessary advice and counsel

– Identify new business risks so that management can make wiser decisions.

Finance

Traditional internal auditing has focused mainly on the finance function. Internal Auditors should continue to ensure that adequate systems of internal control are in place to safeguard the assets of the organisations where they work.

Internal Auditors will ensure that financial reporting is in accordance with internationally accepted accounting practice. The Internal Auditor should be readily available to offer advice to management.

Fraud

Globalisation has opened the floodgates for fraud opportunities. “Controls and audit usually lag behind changes in systems and operations. Decentralising, going global, outsourcing of manufacturing and services, strategic alliances, and selling on the internet can provide real value for money, but they also provide new opportunities for fraud.” (Courtenay Thompson Fraud “Fraud in the New Year” The Internal Auditor).

The proliferation of Internet transactions has made fraud prevention and detection much more daunting for Internal auditors. The following guidelines can help serve as internal auditors seek to help control this runaway crisis:

  • Develop new internal controls that are as effective as those that used to exist in a paper environment
  • Become a bridge builder between IT and senior management
  • Encourage sharing of information

Auditors need to work with, or at least be aware of organisations that are exchanging information about how to fight cyber-crisis. Hackers and Crackers are continually working their information networks attempting to accumulate sensitive information. Internal auditors should equal their effort in attempting to thwart deviant, criminal activities. (Diane Sears “Campbell Focus on cyber fraud” The Internal Auditor)

Operations

The Internal Auditors must be conversant with the core business of their organisations. For example, in a tertiary institution, admissions are made every year. The Internal Auditor must know the criteria used in such admissions and be able to advise management on ways to improve.

The Internal Auditor must understand the new grading system adopted by the West African Examinations Council (WAESSCE) and know the relativities with the Senior Secondary School Certificate Examinations (SSSCE).

Some students are off campus and use the Distance Learning Education Method. The Internal Auditor should be very conversant with this arrangement and the necessary internal controls built into it and advise management on ways of improving upon the system.

CHALLENGES

Internal Auditing as a profession and internal auditors as professionals face many challenges. These include:

Reporting Relationships

Many heads of internal audit departments report to the heads of the organisations they work for. When internal audit reports affect junior rank and file personnel, then internal auditing is seen as providing the bullets and the macho manager fires the gun.

When internal audit is recognised as, and used as a tool to rid organisations of problematic individuals, internal auditors are described as “combing the battlefield and bayoneting the wounded”.

What happens when the internal auditor challenges the high and mighty ones on serious issues? The internal auditor is then seen as a low profile “tick and check” operator with little or no brains. The internal auditor is again marginalised or transferred to a remote area as a punishment. His privileges may be withdrawn and his/her claims well scrutinised. The Internal Auditor could lose his or her job in a downsising (or rightsising) exercise.

A recommendation is that the Internal Auditor should report to the Audit Committee. Other organisations outsource the internal audit function but this has its own advantages and disadvantages. The Internal Audit Agency Act, 2003 is meant to strengthen the role of the Internal Auditor in the public sector.

Technology

Business is moving at light speed. Technologies exist that could only once be imagined. With these added technologies come added opportunities and added challenges for internal auditors.

The dramatic evolution of technology’s role in the market place is impacting internal auditors, because new skills and knowledge are necessary to ensure that electronic transactions and the resulting growth occur in a controlled environment.

The internal auditor must be conversant, for example with the software used by the Finance Department.

The Little Known Profession Internal Auditing as a profession is little known and the least preferred by those who know about it.

In a survey conducted in some Universities in the U.S.A., all the students were familiar with the CPA designation (a Certified Public Accountant), but substantially fewer number were familiar with the CIA designation (i.e. Certified Internal Auditor).

When asked to rank the relative importance of the three most prominent certifications (CPA, CMA, CIA), CPA was first, CMA was second and CIA was last. In total, only 3% of the respondents claimed to be interested in internal auditing as a career.

It is clear that internal auditing has a long road to travel to take its proper place and aggressive marketing must be undertaken now. The Institute of Internal Auditing Ghana is little known and has been launched and re-launched a few times. The opportunities for internal auditors are greater now than ever before.

CONCLUSION

The traditional role of internal auditing has changed over the period of time. The Internal auditor is now seen as a risk manager and a consultant to the management team. However, this does not mean that the role of the internal auditor has been compromised. The internal auditor must be seen to be truly independent and this means that:

  • The auditor must report findings in his/her name (no anonymity)
  • The role of the auditor should not be unduly interfered with or influenced by any other person
  • People with executive and/or operational responsibility should not be involved in the writing of audit report
  • The auditor ought to be able to report findings without fear or favour
  • The auditor ought to have free access to all documents and personnel of the organisation, and key external parties such as the statutory auditor, the police and other regulatory agencies.

The time to undertake major reforms within the internal audit profession is now and all those who are interested in good corporate governance must rise up and be counted among the reformers.