The principles of probity, accountability, and transparency according to the Cadbury Report (1992) make the code of best practice for companies. These principles alongside equity became the benchmark for good corporate governance.
From the above diagrammatic representation of the concept of good corporate governance, key elements are evident. These include integrity, transparency and openness, accountability and responsibility. Corporate social responsibility to stakeholders, employees, customers, and local communities has been pointed out as one of the paradigms making good corporate governance. The underlying concepts behind corporate governance include fairness in relation to responsibility, reputation, and judgment. Corporate governance guides the setup of the audit committee. It states that the committee should be made up of at least three independent non-executive directors, one of them having financial experience. The main role of the committee is to provide a liaison between the BOD and internal and external auditors on matters of the business. The short listing of the audit forms for the AGM selection, receipts of auditors report, allocation of resources to internal auditing, and recruitment of a chief internal auditor are all geared towards improving independence and effectiveness of the internal auditing function done by the committee. The figure below gives a more insight and understanding on the principles of corporate governance.
Internal auditing process is paramount in a company’s governance mechanisms, as it evaluates the company’s activities, procedures, or controls, and ensures that they are sufficient and in compliance with both the guidelines for human resources, as well as recommendations of senior management. Internal auditing also helps an organization in adhering to regulations and industry practices.
Internal auditing involves appraisal or monitoring activity that is established within an entity. Although it is not a statutory requirement for every organization to have such a department, there is a growing demand for such a unit in many organizations in the UK and the USA. The growing demand is due to the functions that internal auditing plays in an organization, such as special investigations, review of regulations and compliance laws, monitoring the internal controls, examination of financial and operating information, and review of the economic effectiveness and efficiency of the company’s operations.
According to the International Standards on Auditing, internal auditing plays a key role in providing assurance and consulting services through helping improve corporate governance procedures. This is made possible through various activities, such as: promoting ethics and values, ensuring performance accountability and management, communication of risks and control of information to various areas, and coordination of activities among senior management, external auditors and management.
Advantages of the Internal Auditor over the External Auditor
Many duties that are carried out by the external auditor are usually a repeat of what has been done by the internal auditor. By relying on the work of the internal auditor the external auditor can prevent resources from being wasted on repeating what has already been done. Internal auditing is responsible for testing the accuracy of management accounts during the year, attending the inventory or stock count and control testing all year long. For the external auditor to place reliance on the work of the internal auditor, he has to consider his experience, qualifications, and quality of their work. He is also to make sure that recommendations are taken seriously and implemented, and that they address previously detected issues.
The economic environment in which corporations are operating today emphasizes the need for improved risk management. According to Ernst and Young (2009), 96 percent of chief executives surveyed worldwide agreed that their risk management programmes should be improved. KPMG’s Audit Committee Institute suggested that improving risk management in the contemporary environment is indispensable. Effective risk management is a key feature in corporate governance.
Internal auditing provides objectives and independent assurances to those responsible for corporate governance on the effectiveness of the procedures. Fundamentally, it involves evaluation of the effectiveness of controls in the whole range of risks faced by the organization. This enables internal auditing to provide audit committees and BOD with the information they need to contain the risks in the organization. It precisely for this reason that the Institute of Internal Auditors in the UK considers internal auditing as one of the four paradigms of good governance, alongside the board, external auditing, and management.
Internal auditing is often observed as part of the accounting profession. Therefore, the notion that it is a costly activity should be done away with. Internal auditing is an independent and distinct profession with its own skill set, ethical code and professional practices. This was rubber stamped when IIA acquired a chartered status. This mark of quality in the profession is a signal of its significance in its own right. According to Choi, J.-H., J.-B. Kim, and Y. Zang (2006: 56), the role of internal auditors presently involves spending of over 75 percent of their time in evaluation and reporting on non-financial areas, an indication of the scope of the modern internal auditing. The head of the department not only works with the head finance but also with heads of other departments. The role of internal auditing provides assurance on varied aspects of the business, including exposure to financial and non-financial fraud, business continuity risks, data security risks and reputational risks. Thus, internal auditing is uniquely placed to provide professional judgment on management of risks and internal controls across the whole organization.
Internal auditing is becoming more valuable as risk management takes centre stage. Boards are striving to ensure that their risk management processes are well-integrated, and that control gaps are removed in their organizations. The overall responsibility for the effectiveness of risk management lies solely with internal auditing.
There exists a clear division between external and internal auditing. External auditors are appointed by shareholders during annual AGM to perform statutory audit, report to shareholders, check annual financial records and conduct statutory audits. They are also required to be legal and independent from the client. Internal auditors, on the other hand, are appointed by directors and report directly to them. Their scope of work is determined by the directors, and their duties mainly include internal control systems. They are not legally required to be independent, and they are not legal.
As a support and control function, internal auditing is not directly related to the organizational goals. While it is easy to identify the value delivered by operational or commercial activity, it is difficult to identify the value of internal auditing activities. Therefore, it has to demonstrate its value more than any other activity. This value is replicated in an improvement in risk management and internal control.