Role of Internal Audit in Corporate Governance
by
Smitesh Bhosale
Corporate Governance Components where IA has role to play
1. Risk Assessment and Controls Assurance Board & CEO/CFO Certification
Background: Risk management is a central element of any sound corporate governance framework, whether in the private or public sectors. It requires considerable commitment and ownership, particularly investment, by senior management and generally at all levels of the organisation.
Risk management is primarily the responsibility of the Chief Executive Officer (CEO) and/or board. Effective governance arrangements require directors to identify business risks, as well as potential opportunities, and ensure the establishment, by management, of appropriate processes and practices to manage all risks associated with the organisations operations.
According to recent statistics from international news and information organization Bloomberg News, in more than half of the 673 largest bankruptcies of public corporations since 1996, external auditors provided no cautions in annual financial statements in the months before bankruptcy. Five of the seven largest bankruptcies in history, including Enron, Global Crossing Ltd., and Kmart Corp., followed annual reports with clean audit opinions from the external auditors. These statistics demonstrate that the larger and more complex the company, the more difficult it is for external auditors, management, and boards to have an accurate picture of risks and controls.
Role:
Internal audit can be a major source of assurance in relation to the implementation of an organisation’s risk management program and in ensuring the ongoing effectiveness of its practices for managing business risks
With our unique viewpoint as independent but inside observers, internal auditors play a vital role within governance processes by keeping the board, senior management, and external auditors aware of risk and control issues and by assessing the effectiveness of risk management
Documenting, analyzing, and testing of internal controls, as required by the U.S. Sarbanes-Oxley Act of 2002, Clause 49 of Listing agreement
The IIA’s International Standards for the Professional Practice of Internal Auditing calls on internal auditors to evaluate and offer recommendations to improve governance processes and affirms their importance in risk management activities
2. Aid Audit Committee in managing its functions
Background: The audit committee has limited insight regarding the relationship between management and the external auditor and has little time to review the external auditor’s work. .
Complexities of operations and accounting/auditing rules have challenged Audit Committees. Corporate governance scandals revealed audit committees:
unaware of financial operations
did not understand complex financial arrangements
often kept in the dark
Little or no relationship with Internal Audit
Role:
Thus, as the audit committee’s eyes, ears, and hands, internal auditors can perform reviews of the external auditor’s work to enable audit committees to make more informed decisions
Performing the lead role in selecting and retaining the external auditors and negotiating their fees
Assessing the work of the external auditors and providing an opinion of the external auditor’s work.
assess the effects of external environmental factors on the financial reporting processes
3. Assist Executive management in ensuring Statutory Compliance of CG requirements
Background: Management is ultimately responsible to ensure compliance. It may not be aware and able to keep abreast of the changes in regulations across.
Role:
Ensure management is aware of the latest regulations and have process in place to obtain assurance about compliance with the same
Looking for opportunities to leverage compliance activities to reduce long-term costs.
Procedures with respect to the quarterly and annual reports
4. Driving Whistleblower program
Background: Whistleblower policy (WP) addresses the commitment of an organization to integrity and ethical behavior by helping to foster and maintain an environment where employees can act appropriately, without fear of retaliation.
Role:
Identifying reporting of potential financial accounting problems.
Conducting annual audits of whistleblower hotline and follow-up processes and reporting the results to the audit committee.
5. Enhancing Ethical culture in the Organisation
Background: Take an active role in support of the ethical culture as Internal auditors possess:
a high level of trust and integrity
skills to be advocates of ethical conduct
competence and capacity to appeal to leaders, managers, and employees to comply with legal, ethical, and social responsibilities
Role: Internal audit may serve as:
The Chief Ethics Officer of the entity
Member of an internal ethics council
Assessor of the organizations ethics climate -Periodically assess ethical climate and the effectiveness of strategies, tactics and communications.
6. Support to External Auditor
Background: The Internal Audit Function (IAF)’s work may affect the nature, timing, and extent of the annual audit work, including procedures the external auditor performs when obtaining an understanding of the entity’s internal control, when assessing risk, and when gathering substantive evidence. In performing the audit, the external auditor may rely on work already performed by the IAF and / or request direct assistance from the IAF (i.e., a specific request for the IAF to complete some aspect of the external auditor’s work).
The IIA standards also describe aspects of the expected relationship between the IAF and management. Specifically, the standards suggest that the IAF should report periodically to senior management on the IAF’s activities, purpose, authority, responsibility, and performance relative to its plan (Performance Standard 2060, IIA, 2003b] The IIA’s International Standards for the Professional Practice of Internal Auditing calls on internal auditors to evaluate and offer recommendations to improve governance processes and affirms their importance in risk management activities.
Role :
Financial report matters and policies regarding earnings measurement should not be left for the external auditors alone. There should be proper co-ordination and dialogue between the IAF and the external auditor, particularly with respect to possible earnings management risks.
Helping external auditors perform internal control testing where the regulators like ICAI/SEBIs “competence” and “objectivity” standards have been met
7. Assisting Board of Directors (including Supervisory Board)
Background: Without prejudice to its statutory duties, the board of directors is responsible for defining the strategic objectives and establishing general policy on the basis of proposals submitted by the executive management, appointing the executive management and approving the structures designed to facilitate the achievement of these objectives. It is also the board of directors task to supervise the implementation of policy and the control of the company and to report to the shareholders It is important that the board ensures that there is continuous development and follow-up on the necessary strategies in collaboration with the management.
Role :
Assisting the board of directors in its governance self-assessment.
Governance policies, such as an accountability framework, should be made clear to all levels, including extended operations, joint ventures and other forms of commercial alliances. The accountability policies should be monitored and reviewed regularly by the IAF and reported to the board.
8. Communication to All Stakeholders (in addition to Shareholders)
Background: To operate in a larger market, companies will need to improve transparency with respect to the shareholders and, more specifically, local and international institutional investors.
The owners should ensure that the board takes responsibility for ensuring that communication between the companys owners and other stakeholders is characterized by openness and correctness
Boards are expected to take due regard of, and deal fairly with stakeholder interests including those of employees, creditors, customers, suppliers and local communities.
Given a reasonable treatment of other stakeholders, management should try to maximise the companys long-term profitability and share price development
Role :
The auditors should carefully evaluate such programmes and answer all questions at the shareholders meeting;
The IA should evaluate the process to ensure that the information is not privileged and is from trusted sources and accurate
Oversee process for communication with shareholder, quality and correctness of communication Boards Interaction with Institutional Investors, Press, Customers. Not only the annual mandatory information, but also the information flow at regular intervals, as applicable
9. Insider Trading Protection of key information
Background: Under the Sarbanes-Oxley Act, the time period within which these filings must be made has shortened to only one business day, so quick and accurate legal advice is often necessary to ensure proper compliance with the new rules.
Role :
Assist management in devising / structuring insider trading policy
Provide support ensure proper compliance with the new rules
Periodic review to ensure compliance and identify risk of leakage of key financial information
10. Development of Professional capacities by Directors / meeting qualifications
Background: The board of directors is the highest authority within the company. In addition to its decision-making duties, the board must exercise full and effective control over the company. To that end, it must meet regularly and must be capable of monitoring the executive management.
Qualification would be Integrity, Absence of conflict of interest, Achievement/ experience, Business understanding, Oversight, Available time, Age, Independence, Diversity.
Role:
Assess directors qualifications and experience is in line with the business and regulatory requirements and as per the standards developed by the Company for wrt minimum qualifications of directors
Review the same has been accurately disclosed in report to the stakeholders
Review directors not meeting all standards are ensuring that over the period allowed, the capacities / qualifications are attained
11. Preventing Conflicts of Authority / Interest
Background: Conflict of authority / interest may impair, or may appear to impair, the independence or objectivity of such individual in the discharge of their responsibilities and duties.
Role:
Framing a conflict of interest policy
Identify potential for conflict of interest
Review adequate disclosure at the appropriate committee / board meeting
Review of measures to limit decision making authority in case of such conflict
12. Assisting Internal Controller
Background: The internal controller is appointed by the companys board of directors.
The internal controller acts as a single point contact with Internal auditors, auditees, statutory auditors and performs functions of a facilitator. The internal controller is hierarchically integrated in the management of the company but remains independent in the exercise of his duties. The internal controller reports to the companys board of directors any cases of conflicts between the board members or the directors private interests and those of the company that he may come across in the exercise of his duties.
Role:
Assist internal controller in discharging his duties
Review procedures for the monitoring of transactions by the members of the board of directors, executives and persons who, by virtue of their relationship with the company
13. Ensuring Clear division of Responsibilities at the Top
Background: There should be a clear division of responsibilities at the head of a company to ensure a sound balance of power and authority. Separation of duties of Chairman and CEO should be ensured.
Role :
Assess appropriate vesting of powers with the top management and process for delegation to ensure that no one person exercises an unlimited discretionary power within the company
14. Boards Assessment Process
Background: Board establishes an assessment process which continuously and systematically evaluates the work, results and composition of the board and the individual directors, including the chairman, in order to improve the boards work. In this connection, the criteria of the evaluation should be clearly specified.
Role:
Review assessment process for completeness and accuracy
Evaluate to what extent previously established strategic goals and plans have been realised.
15. Information flow. Materials. Presentations to the Board
Background: It is recommended that the board establish procedures for how the management reports to the board and for any other communication between the board and the management. This will ensure that the board is provided with the information about the companys business which the board requires on a continuous basis. In all circumstances the management must ensure that the board is provided with essential information, whether the board has requested it or not. The directors are solely responsible for actively obtaining knowledge and continuously keeping themselves posted about the conditions of the company and the industry
Role:
Review process of information flow wrt accuracy, timeliness and quality
Discuss with Board and identify needs to keep Board aware of the conditions of the company and the industry in general
16. Function of various committees
Background: If the board is very large, or in the event of other specific circumstances, the board must consider if it is necessary to establish board committees. As a rule, if the board appoints a committee, this should only be done in order to prepare decisions that must be reached by all of the directors
Number, Structure and Independence of Committees The Supervisory Board shall establish, in line with its Standing Rules, various committees to deal with complex business matters…. Incorporation and duties of committees are subject to The specific circumstances and the size of the Company. The following committees could be instituted:
General Committee….
Audit Committee….
Remuneration Committee….
Nomination Committee….
Market- and Credit Risk Committee….
Other overseeing Committee.
Role:
Assist management in devising framework for operation of a committee
Review the functioning and the relevance in line with overall business objectives
17. Succession Planning / Management Development
Background: It is generally thought that boards do not make adequate provision for the replacement of the chairman, which makes for some concern on the market. It is advisable that there should be a permanent responsibility of the selection committee to be in a position to propose successors at short notice, although clearly this would require confidentiality.
Role:
Review process for succession planning and its execution
18. Content and Character of Disclosures
Background: The corporate governance framework should ensure that timely and accurate disclosure is made on all material matters regarding the corporation, including the financial situation, performance, ownership and governance of the company. Disclosure should include, but not be limited to,
material information on:
1. The financial and operating results of the
company….
2. Company objectives…. .
3. Major share ownership and voting rights….
4. Members of the board and key executives,
and their remuneration….
5. Material foreseeable risk factors….
6. Material issues regarding employees and
other stakeholders….
7. Governance structures and policies….
Role:
Identify reporting practices prevalent in the industry and provide guidance to align with the best reporting / disclosure practices adopted by the industry
Review process to ensure timely and accurate reporting
19. Shareholder Voting Practices
Background: The corporate governance framework should ensure the equitable treatment of all shareholders, including minority and foreign shareholders. All shareholders should have the opportunity to obtain effective redress for violation of their rights. All shareholders of some companies issue preferred (or preference) shares which have a preference in respect of receipt of the profits of the firm but which normally have no voting rights. Companies may also issue participation certificates or shares without voting rights which would presumably trade at different prices than shares with voting rights. All of these structures may be effective in distributing risk and reward in ways that are thought to be in the best interest of the company and to cost-efficient financing.
Role:
Review process to ensure transparent and equitable voting
20. Promoting, and participating in, regular surveys of staff, management and clients
Role: Some examples of such a broader role involve assisting with the maintenance of good corporate governance practices by promoting, and participating in, regular surveys of staff, management and clients to assess:
leadership issues across the organisation;
any staff morale concerns;
perceived problems within any aspect of the organisations operations;
the control consciousness of staff;
the adequacy of communication;
adequacy of control structures;
the adequacy of reporting and monitoring;
the quality of service provided, timeliness and problems associated with service delivery; and
how well the organisations goals and objectives and vision for the future are being met and that management strategies are effective.8
21. Other Value added service
Background: Internal auditors need to be seen as adding value to an organisation. For example, internal audit may adopt a proactive approach in providing management with highly specialised, independent advice on improving the organisations efficiency and effectiveness and adding value in areas such as:
revenue enhancement and cost reduction; improving customer relations;
maximising the benefits of technology;
evaluation of management control;
improvements to achieve operational best practice; quality management; and timely problem identification and analysis
Internal audit studies and corporate governance
Article Source:
eArticlesOnline.com }