Internal audit is defined as the independent, objective assurance and
consulting activity designed to add value and improve an organization’s operations . Internal auditing helps an organization in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes . The scope of internal auditing within an organization is broad in nature and encompasses such issues as operational effectiveness, financial reporting reliability. Traditionally, internal auditing, like other forms of auditing, is a system of checks and balances. Internal auditing can also be characterized as “procedure enforcement,” where the internal auditors monitor how people comply with procedures within organizations. For example, internal audit is a mechanism to double- check the thousands of financial transactions that are posted to the records periodically. These descriptions show that the internal audit function was a detailed low-level check of numerous financial transactions.
However, in recent years, this focus of internal auditing on transaction
verification has been changing and the focus is shifting more and more towards helping managers with assessing and managing organizational risks. This shift in focus appears to have begun during the 1950s and 1960s. Up to this point, the internal audit function was considered a compliance-based group primarily known for identifying errors. Then, the focus shifted to address the root cause of the errors. As the internal audit function began to probe deeper, they found instances where policies and procedures were not clearly documented or understood to prompt the desired action . As a result, the auditors would make recommendations to address the issue and/or improve the process .
By offering assistance to process owners-this act alone- may have
initiated the expansion of the internal audit function’s role. As time progressed, the next phase that emerged was evaluating and reporting on the internal control structure of the organization. Many organizations were automating and using systems to process transactions. Systems and automation generate complexity for the organization, thereby creating new control risks and opportunities. During the last two decades, there have been increasing demands on the internal auditing profession to change – this time around, it is requiring them to take a more proactive role in corporate governance. As corporations and the accounting profession 10 ushered in a new millennium with a plethora of accounting and corporate fraud scandals, it raised serious questions about the inherent soundness of the current corporate governance model. Organizations were violating rules and procedures designed to properly account for transactions. Fraud was rampant. Moreover, there was no accountability.
All of these events are symptomatic of the systemic issues in the
corporate governance arena. The pivotal point in this crisis was Enron. It was the final spark that rendered the current corporate governance system ineffective. Therefore, strengthening the corporate governance system had to be critical priority. A significant effort in strengthening corporate governance was the enactment of the SarbanesOxley Act .
2- Internal Audit In Corporate Governance
There exist a strong relationship between corporate governance and
management, the audit committee and corporate governance and internal control. Also is undeniable that the audit committee depends ‘heavily’ on the internal auditor for its reviews of the system of internal control as prescribed by corporate governance recommendations and codes. It is therefore not a surprise that several efforts are put in by IIA to guide its members in order to become corporate governance experts, who are capable of assisting both the board and management of an organization. These is done by IIA through consistent discussion, recommendation and commenting on various aspect of corporate governance in general and regarding aspect of audit in particular. Professional Practices Framework is one of the regulating device intended to be used by IIA, which includes not only ‘code of Ethics’ but also a set of ‘Standards for the Professional Practice of Internal Auditing’ consisting of compulsory criteria for internal auditing as it should be. argued that, these standards are somehow general since they can be applicable to all internal auditors irrespective of the company.
One major function of internal audit is to evaluated and make
contribution toward the improvement of risk management, governance system and internal control. This standard provides a very general description of the responsibilities of an internal auditor. In practice, the advisory role which pertains to this standard further explains all aspect that are to be understood in the standard. The scope of internal auditing, the responsibilities of management and the definition of how auditor’s evaluation result into an appraisal of the overall managerial process in determine by the standard. Implementation standard 2120 focus specifically on the assurance aspect given by the internal auditor on the effectiveness and adequacy of control including the organizational governance, operation and information system. These also involve: effectiveness and efficiency of operation; reliability and integrity of financial and operational information; safeguarding of asset and compliance with rules, regulations, laws and contracts. Practice advisory again gives further information, and by doing so shows in every sense to corporate governance.
The practice advisory expunge on the responsibility of the board: One
of the responsibilities of the board is the establishment and maintenance of organizational governance processes as well as obtaining assurance regarding the effectiveness of risk management and control processes. Moreover on the responsibility of management; their roles is to oversee the establishment, administration and assessment of that system of risk management and control processes. Lastly on the side of auditors: they provide different degree of assurance about the state of effectiveness of risk management and control processes .Traditionally, the responsibility of the internal auditor was to aid the company to maintain a system of internal control of its financial statements. However in recent times, a range of new opportunities, responsibilities and possibilities present themselves in the light of corporate governance.
The major problem confronting the internal auditor is to find the
necessary means to provide the degree of reasonable assurance expected by all the stakeholders. Putting in different words, an internal auditor must endeavor to become a key tools to promote effective corporate governance processes. Also audit committee sought to improve their effectiveness through better and more consistent contact with internal auditors who represent their most valuable source of information. The internal auditors play a dual role which enables them to keep an eye on the direction the company is going whilst another eye on every aspect of internal control which includes laws, rules and regulations, expectations, risk and opportunity. Basel (1999) argued that internal auditors play a very essential role in achieving an effective corporate governance. How effective the board and the senior management are enhanced through the recognition of the essence of audit process, ensuring measure are undertaken to enhance the independence of auditors, enabling the independence of Chief Audit Executive (CAE) by reporting audit outcome to the audit committee or board. Likewise the board must acknowledge and recognize that the internal auditors are their critical essential agents. the critical attention is being placed on audit committee and board of director responsibilities for the better understanding, management and evaluation of business risk have on corporate governance.
3- Internal Audit Function In Corporate Governance
Many opportunities exist for the internal audit function to play an
instrumental role in corporate governance. Today, organizations are pushing to put in place more effective governance structures and processes. Given the type of climate that exists, it is not surprising that the internal audit function is viewed as the ideal resource to assist with improving and supporting key governance processes by monitoring the controls and evaluating the operational effectiveness of management strategies and initiatives. Therefore, each party is responsible for making a contribution to corporate governance.
A significant part of organizational governance has to do with
effective monitoring and oversight of risk management. The IIA (2003) states that, “the internal auditors, perceived as ‘risk management experts’, can expect to play an immensely significant and high-profile role within organizations for years to come.” The audit committee is an operating committee of the board of directors charged with oversight of financial reporting and disclosure. The responsibilities include the following: overseeing the financial reporting and disclosure process, monitoring choice of accounting policies and principles, overseeing hiring, performance and independence of the external auditors, oversight of regulatory compliance, ethics and whistleblower hotlines, monitoring the internal control process, overseeing the performance of the internal audit function and discussing the risk management policies and practices with management Under SOX, the audit committee’s role has been substantially strengthened by requiring the board to have a majority of independent directors, including a minimum of one financial expert. This rule in particular, cast dispersions about the effectiveness of gray directors serving on the audit committee in the past. In fact, the SEC stated that, “having at least one member with an accounting or finance background will improve the effectiveness of the audit committee in carrying out its financial oversight responsibilities.”).
The internal audit function can be useful by helping the audit
committee perform its responsibilities effectively. This assistance includes reporting on critical internal control issues, informing the committee on the capabilities of key managers, suggesting topics for the audit committee’s meeting agenda and coordinating with the external auditor and management to ensure the committee receives effective information. There are other areas where the internal audit function can take the lead. For example, the internal audit function will often operate and administer the whistleblower hotlines and ensure the ombudsman process is working effectively. Typically, the internal audit function will lead the compliance audits and ensure that the organization is compliant with laws and regulatory provisions. Auditing entity level controls such as the code of conduct and code of ethics for all employees is another example of how the internal audit function can demonstrate leadership. In addition, the internal audit function works with the external auditor to prepare for the general audit annually. Given the importance of the internal audit function, it is imperative that there be a level of coordination and positive interaction between management and internal audit. David Richards, former President of Institute of Internal Auditors, states that, “SOX elevated the importance of internal auditing. It is important that the four parties to good corporate governance – the board of directors, executive management, the internal auditors and the external auditors-are working together to assess the risks. It is a never-ending, ongoing task, not-a-once-in-a-lifetime event.” Based on the roles and responsibilities of each of the four cornerstones, it is clear that there is great deal of interdependency present. Therefore, successful corporate governance is contingent upon a fluid relationship among the cornerstones, thereby making the internal audit function an integral part of the corporate governance framework .
In brief, it is fair to say that the new vision has dramatically
influenced the regulatory landscape, changed the operating methodology of companies and heightened the role of the internal audit function in monitoring and improving corporate governance going forward.