The 9th International Anti-Corruption Conference
The Need for Strong Corporate Governance
The recent pronouncements on corporate governance (including the draft CACG Guidelines -principle 10) have provided a new focus on internal audit and a window of opportunity for internal audit to properly establish itself throughout the World. The purpose of this article is to set out my views of how internal audit can maximise the opportunity presented and provide demonstrable value to the users of internal audit services.
1. What is corporate governance?
In order to understand the internal audit role we need to work from a common definition of corporate governance. I believe the definition set out in the Dey report (issued by the Toronto Stock Exchange) provides a practical definition that will set the scene.
" the structure and the process used to direct and manage the business affairs of the corporation with the objective of enhancing shareholder value "
For the purpose of this paper I will focus on the processes management adopts to manage an entity, as this is where internal audit provides the most value. The structures such as Board composition, Board committees and Director remuneration are largely out of the hands of the internal audit.
2. Governance fundamentals
An analysis of the fundamentals of corporate governance, as set out in King, the Combined Code and other such pronouncements can be summarised as follows:
3. Internal audit role in Corporate Governance
I believe the role of internal audit as set out in the South African Institute of Chartered Accountants (SAICA) Guide to Directors on Internal Audit clearly establishes what internal audit should be doing in terms of corporate governance namely:
"To support the Board of Directors, Audit Committee and management in identifying and managing risks and thereby enabling them to achieve corporate objectives. This is achieved by:
How internal audit can fulfil this role given the governance model established above is explained below.
4. Setting corporate culture
The Board is responsible for setting the 'tone at the top.' This is most often achieved through the Vision, Mission and Values statements as supported by the Code of Ethics.
Internal audit can add value to management in this area by being actively involved in the implementation of values and ethics programme plus their ongoing maintenance. In addition they can provide
5. Strategic direction
A fundamental function of the Board and management is the setting of strategic direction. Internal audit can assist by ensuring the process followed is sufficiently robust in considering all factors affecting the business that they are aware of. In addition they can introduce strategic management concepts/methodologies for executive consideration and benchmark the strategic plans against accepted models (if not part of the strategic process) such as the Balanced Scorecard.
6. Risk management
Management and the directors are acutely aware of their responsibilities towards risk management, as this is effectively the day-to-day business of the operations. The King report, and more recently the UK's Combined Code, requires management to formally attest to this responsibility thereby enforcing accountability through disclosure. As set out above, risk management is the area where internal audit are expected to make the most contribution through helping identify risks and providing feedback on the effectiveness of risk management activities.
Practically what does this mean?
7. Senior management effectiveness and succession
The Board of Directors is responsible for ensuring the entity is effectively managed and will continue to be so in the future.
Internal audit can add considerable value to the direction in this area by;
An area where internal audit is becoming increasingly active is in providing criteria to enable the effectiveness of corporate governance structures to be assessed - usually on a self assessment basis. Such structures include the
The directors and management have a major role to play in effectively communicating to the stakeholders. Typically such communication includes:
There is increased pressure on management and directors to be more transparent and report more extensively than set out above. Such pressure has resulted in the following reports becoming more common.
The Combined Code, Turnbull, King, Stock exchange listing requirements, and shareholder activism have increased the extent of corporate governance disclosures to force acknowledgement of director accountabilities.
The internal audit can clearly establish a name for themselves by:
At a recent workshop hosted by the South African Reserve Bank the Registrar of Banks, Mr Cristo Wiese, stated that the challenge for internal audit was to be actively involved in assessing the effectiveness of the stewardship function. His concern was whether or not internal audit would accept the challenge!!
The approach set out above provides a basis to meet the challenge. However, the credibility of internal audit is at stake if the involvement in governance activities is tackled by those without the necessary skills or competencies.