www.theiia.org Organizational Governance Embracing Internal Audits Role
www.theiia.org Presentation Objectives The meaning of good governance The IIAs governance model Participants and players Specific Internal Auditing activities Steps for embracing Internal Audits role
www.theiia.org What is Organizational Governance? Policies, processes, and structures used by an organization to direct and control its activities, to achieve its objectives, and to protect the interests of its diverse stakeholder groups in a manner consistent with appropriate ethical standards.
www.theiia.org In Other Words… It (governance) is essentially a function of leadership and direction within an organisation; appropriate risk management and control over its activities; and the manner in which meaningful disclosure relating to its activities is made to shareholders and other stakeholders. King II Report, 2002 South Africa
www.theiia.org Governance Ensures The Organization: Complies with societys legal & regulatory rules Satisfies the generally accepted business norms, ethical precepts, and social expectations of society Provides overall benefit to society and enhances interests of stakeholders Reports fully and truthfully to its owners, regulators, other stakeholders, and general public to ensure accountability for its decisions, actions, conduct, and performance
www.theiia.org Effective Governance The IIA Corporate Governance Model
www.theiia.org Board Responsibilities Establishes the tone at the top Focal point for all governance activities Ultimate accountability Oversees all organizational activities, but does not directly manage any of them
www.theiia.org Senior Management Establishes strategic direction and an entitys value system (with board oversight) Provides assurance of risk management process, operations monitoring, measurement of results, and implementation of timely corrective actions
www.theiia.org Operating Management Deploys strategy, enforces internal control, and provides direct supervision for areas under its control Accountable to executive management and ultimately the board for implementing and monitoring the risk management process and establishing effective and appropriate internal control systems
www.theiia.org External Auditing Provides independent assurance on the financial statement preparation and reporting activities in accordance with applicable regulations and accounting principles
www.theiia.org Internal Auditing Performs assessments to provide assurance the governance structures and processes are properly designed and operating effectively Provides advice on potential improvements to governance structures and processes
www.theiia.org What is Internal Auditings Role? Assessor Advisor Advocate Catalyst
www.theiia.org Standard 2130 IA should assess and make recommendations for improving the governance process: –Promoting appropriate ethics & values –Ensuring effective performance management –Effective communication of risk & control information –Effective coordinating of activities & communication between Board, External Auditors, Internal Auditors & Management
www.theiia.org Internal Auditing Governance Maturity Model More Structured Less Structured Perform audits of design and effectiveness of specific governance related processes Provide advice with focus on governance structure to meet compliance requirements and basic risks of organization Consideration of best practices and adaptation to the specific organization – focus on optimization of governance practices and structure Allocation of Audit
www.theiia.org Specific Internal Auditing Activities Consider assessing the following: –Board Structure, Objectives, and Dynamics –Board Committee Functions –The Board Policy Manual –Processes for Maintaining Awareness of Governance Requirements
www.theiia.org IA Activities (continued) Consider assessing the following: –Education of the Board –Proper Assignment of Accountabilities and Performance Management –Communication and Acceptance of Ethics Policies and Codes of Conduct –Ethics Investigations and Related Employee Discipline –Management Evaluation and Compensation
www.theiia.org IA Activities (continued) Consider assessing the following: –Recruitment Processes for Senior Management and Board Members –Employee Training –Governance Self-assessments –Comparison with Governance Codes or Best Practices –External Communications –Oversight of External Audit
www.theiia.org Other Considerations Internal Audits role in governance may impair its independence and should be evaluated and if necessary communicated to management and the board. If impaired internal audit should not perform audits or assessments related to this role.
www.theiia.org Other Considerations (continued) Organizational strategies usually not questioned by the internal auditor may need to be if observed to be inadequate, conflicting or negatively impacting the organization or its stakeholders.
www.theiia.org Other Considerations (continued) Internal auditing must assess the big picture of governance.
www.theiia.org Other Considerations (continued) Governance is changing rapidly and requires the internal auditor to monitor these changes and evaluate how they impact the role of internal auditing in the future.
www.theiia.org Other Considerations (continued) Internal auditor skills and competencies should be evaluated before undertaking audits in the governance area.
www.theiia.org Possible Next Steps Discuss options for expanding internal auditings role with the chairman of the board and/or executive management. Discuss with other key stakeholders. Develop a broad framework of the governance structure in the organization, identifying potential areas of weakness or concern.
www.theiia.org Possible Next Steps (continued) Develop a multi-year plan to develop internal auditings role. Perform a pilot audit in one of the previously mentioned activities.
www.theiia.org IIA Resources To review the IIAs Position Paper on Governance and other topics visit The IIA Website at www.theiia.org. (click on guidance). www.theiia.org