Organizational Governance

Embracing Internal Audits Role

www.theiia.org

Presentation Objectives
The meaning of good governance The IIAs governance model Participants and players Specific Internal Auditing activities Steps for embracing Internal Audits role

www.theiia.org

What is Organizational Governance?

Policies, processes, and structures used by an organization to direct and control its activities, to achieve its objectives, and to protect the interests of its diverse stakeholder groups in a manner consistent with appropriate ethical standards.

www.theiia.org

In Other Words
It (governance) is essentially a function of leadership and direction within an organisation; appropriate risk management and control over its activities; and the manner in which meaningful disclosure relating to its activities is made to shareholders and other stakeholders.

King II Report, 2002 South Africa

www.theiia.org

Governance Ensures The Organization:

Complies with societys legal & regulatory rules Satisfies the generally accepted business norms, ethical precepts, and social expectations of society Provides overall benefit to society and enhances interests of stakeholders Reports fully and truthfully to its owners, regulators, other stakeholders, and general public to ensure accountability for its decisions, actions, conduct , and performance
www.theiia.org

The IIA Corporate Governance Model

Effective
Governance

www.theiia.org

Sound Governance Requires Synergy!!!

Boards of Directors Management External Auditors Internal Auditors

www.theiia.org

Board Responsibilities
Establishes the tone at the top Focal point for all governance activities Ultimate accountability Oversees all organizational activities, but does not directly manage any of them
www.theiia.org

Senior Management
Establishes strategic direction and an entitys value system (with board oversight) Provides assurance of risk management process, operations monitoring, measurement of results, and implementation of timely corrective actions
www.theiia.org

Operating Management
Deploys strategy, enforces internal control, and provides direct supervision for areas under its control Accountable to executive management and ultimately the board for implementing and monitoring the risk management process and establishing effective and appropriate internal control systems

www.theiia.org

External Auditing
Provides independent assurance on the financial statement preparation and reporting activities in accordance with applicable regulations and accounting principles
www.theiia.org

Internal Auditing
Performs assessments to provide assurance the governance structures and processes are properly designed and operating effectively Provides advice on potential improvements to governance structures and processes
www.theiia.org

What is Internal Auditings Role?

Assessor
Advisor Advocate Catalyst

www.theiia.org

Standard 2130
IA should assess and make recommendations for improving the governance process:
Promoting appropriate ethics & values Ensuring effective performance management Effective communication of risk & control information Effective coordinating of activities & communication between Board, External Auditors, Internal Auditors & Management
www.theiia.org

Internal Auditing Governance Maturity Model

Allocation of Audit
Consideration of best practices and adaptation to the specific organization focus on optimization of governance practices and structure

Perform audits of design and effectiveness of specific governance related processes

Provide advice with focus on governance structure to meet compliance requirements and basic risks of organization

Less Structured

More Structured
www.theiia.org

Specific Internal Auditing Activities

Consider assessing the following:
Board Structure, Objectives, and Dynamics Board Committee Functions The Board Policy Manual Processes for Maintaining Awareness of Governance Requirements

www.theiia.org

IA Activities (continued)
Consider assessing the following:
Education of the Board Proper Assignment of Accountabilities and Performance Management Communication and Acceptance of Ethics Policies and Codes of Conduct Ethics Investigations and Related Employee Discipline Management Evaluation and Compensation
www.theiia.org

IA Activities (continued)
Consider assessing the following:
Recruitment Processes for Senior Management and Board Members Employee Training Governance Self-assessments Comparison with Governance Codes or Best Practices External Communications Oversight of External Audit
www.theiia.org

Other Considerations
Internal Audits role in governance may impair its independence and should be evaluated and if necessary communicated to management and the board. If impaired internal audit should not perform audits or assessments related to this role.

www.theiia.org

Other Considerations (continued)

Organizational strategies usually not questioned by the internal auditor may need to be if observed to be inadequate, conflicting or negatively impacting the organization or its stakeholders.

www.theiia.org

Other Considerations (continued)

Internal auditing must assess the big picture of governance.

www.theiia.org

Other Considerations (continued)

Governance is changing rapidly and requires the internal auditor to monitor these changes and evaluate how they impact the role of internal auditing in the future.

www.theiia.org

Other Considerations (continued)

Internal auditor skills and competencies should be evaluated before undertaking audits in the governance area.

www.theiia.org

Possible Next Steps

Discuss options for expanding internal auditings role with the chairman of the board and/or executive management. Discuss with other key stakeholders. Develop a broad framework of the governance structure in the organization, identifying potential areas of weakness or concern.
www.theiia.org

Possible Next Steps (continued)

Develop a multi-year plan to develop internal auditings role. Perform a pilot audit in one of the previously mentioned activities.

www.theiia.org

IIA Resources
To review the IIAs Position Paper on Governance and other topics visit The IIA Website at www.theiia.org. (click on guidance).

www.theiia.org