Organizational

Governance

Embracing Internal Audit’s Role

www.theiia.org
 Presentation Objectives
• The meaning of good governance
• The IIA’s governance model
• Participants and players
• Specific Internal Auditing activities
• Steps for embracing Internal
Audit’s role

www.theiia.org
 What is Organizational
Governance?
Policies, processes, and structures
used by an organization to direct
and control its activities, to achieve
its objectives, and to protect the
interests of its diverse stakeholder
groups in a manner consistent with
appropriate ethical standards.

www.theiia.org
 In Other Words…
It (governance) is essentially a
function of leadership and
direction within an organisation;
appropriate risk management and
control over its activities; and the
manner in which meaningful
disclosure relating to its activities
is made to shareholders and other
stakeholders.
King II Report, 2002
South Africa

www.theiia.org
 Governance Ensures The
Organization:
− Complies with society’s legal & regulatory
rules
− Satisfies the generally accepted business
norms, ethical precepts, and social
expectations of society
− Provides overall benefit to society and
enhances interests of stakeholders
− Reports fully and truthfully to its owners,
regulators, other stakeholders, and general
public to ensure accountability for its
decisions, actions, conduct , and
performance

www.theiia.org
The IIA Corporate Governance Model

Effective
Governance

www.theiia.org
 Sound Governance
Requires Synergy!!!
–Boards of Directors
–Management
–External Auditors
–Internal Auditors

www.theiia.org
 Board Responsibilities

• Establishes the “tone at the

top”
• Focal point for all governance
activities
• Ultimate accountability
• Oversees all organizational
activities, but does not directly
manage any of them
www.theiia.org
 Senior Management

• Establishes strategic direction and

an entity’s value system (with
board oversight)
• Provides assurance of risk
management process, operations
monitoring, measurement of
results, and implementation of
timely corrective actions

www.theiia.org
 Operating Management

• Deploys strategy, enforces internal

control, and provides direct supervision
for areas under its control
• Accountable to executive management
and ultimately the board for
implementing and monitoring the risk
management process and establishing
effective and appropriate internal control
systems

www.theiia.org
 External Auditing

• Provides independent
assurance on the financial
statement preparation and
reporting activities in
accordance with applicable
regulations and accounting
principles

www.theiia.org
 Internal Auditing

• Performs assessments to provide

assurance the governance
structures and processes are
properly designed and operating
effectively
• Provides advice on potential
improvements to governance
structures and processes

www.theiia.org
 What is Internal
Auditing’s Role?

• Assessor

• Advisor

• Advocate

• Catalyst

www.theiia.org
 Standard 2130

IA should assess and make

recommendations for improving the
governance process:
– Promoting appropriate ethics & values
– Ensuring effective performance
management
– Effective communication of risk & control
information
– Effective coordinating of activities &
communication between Board, External
Auditors, Internal Auditors & Management

www.theiia.org
 Internal Auditing
Governance Maturity Model
Consideration of best practices and adaptation to the
specific organization – focus on optimization of
governance practices and structure
Allocation of Audit

Perform audits of design and

effectiveness of specific
governance related processes
Provide advice with focus on
governance structure to meet
compliance requirements and
basic risks of organization

Less More
Structured Structured
www.theiia.org
 Specific Internal Auditing
Activities
• Consider assessing the following:
– Board Structure, Objectives, and
Dynamics
– Board Committee Functions
– The Board Policy Manual
– Processes for Maintaining Awareness
of Governance Requirements

www.theiia.org
 IA Activities (continued)

• Consider assessing the following:

– Education of the Board
– Proper Assignment of Accountabilities
and Performance Management
– Communication and Acceptance of
Ethics Policies and Codes of Conduct
– Ethics Investigations and Related
Employee Discipline
– Management Evaluation and
Compensation

www.theiia.org
 IA Activities (continued)

• Consider assessing the following:

– Recruitment Processes for Senior
Management and Board Members
– Employee Training
– Governance Self-assessments
– Comparison with Governance Codes or
Best Practices
– External Communications
– Oversight of External Audit

www.theiia.org
 Other Considerations
• Internal Audit’s role in governance
may impair its independence and
should be evaluated and if
necessary communicated to
management and the board.
• If impaired internal audit should
not perform audits or assessments
related to this role.

www.theiia.org
 Other Considerations
(continued)
• Organizational strategies
usually not questioned by the
internal auditor may need to be
if observed to be inadequate,
conflicting or negatively
impacting the organization or
its stakeholders.

www.theiia.org
 Other Considerations
(continued)
• Internal auditing must assess
the “big picture” of
governance.

www.theiia.org
 Other Considerations
(continued)
• Governance is changing rapidly
and requires the internal
auditor to monitor these
changes and evaluate how they
impact the role of internal
auditing in the future.

www.theiia.org
 Other Considerations
(continued)
• Internal auditor skills and
competencies should be
evaluated before undertaking
audits in the governance area.

www.theiia.org
 Possible Next Steps
• Discuss options for expanding
internal auditing’s role with the
chairman of the board and/or
executive management.
• Discuss with other key
stakeholders.
• Develop a broad framework of the
governance structure in the
organization, identifying potential
areas of weakness or concern.

www.theiia.org
 Possible Next Steps
(continued)
• Develop a multi-year plan to
develop internal auditing’s
role.
• Perform a pilot audit in one of
the previously mentioned
activities.

www.theiia.org
 IIA Resources

To review the IIA’s Position

Paper on Governance and other
topics visit The IIA Website at
www.theiia.org. (click on
“guidance”).

www.theiia.org