MUNHUMUTAPA SCHOOL OF COMMERCE

DEPARTMENT OF ACCOUNTING AND INFORMATION SYSTEMS

Name : Spencer Mxolisi

Surname : Masuku
Reg Number : M178498
Module : Corporate Governance
Course Code : HACC 410
Programme : B.Com Hons Accounting
Lecturer : Mr H. Duve
 I. Role of internal Audit in Risk Management.

Asses the effectiveness of internal controls systems

Internal controls are set by the organisation to try and reduce control risk. This will include
addressing the risks associated with such matters as safeguarding the assets of the company,
e.g. inventory from theft or damage, preventing fraud etc. According to king 3 report, the
key responsibility of internal audit is also to perform an assessment of the effectiveness of
risk management and internal control framework. Internal audit therefore provides value to
the organization by giving objective assurance that the major business risks are being
managed appropriately and providing assurance that the risk management and internal control
framework is operating effectively.

Assessing and improving risk management

Internal auditors also play a critical role in assessing the likelihood of losses that will occur as
a consequence of risk. This is done through performing an audit risk which is done by
internal auditors and involves 4 stages which are:

1. Identification - recognising what the risks are in a particular situation, strategy,

procedure or system
2. Assessment – looking at the probability of an adverse event or outcome, and the
impact of an adverse event should be measured. A risk can be assessed by its expected
loss.
3. Review - The auditor look at the controls that are in place to manage the risk in the
event that an adverse outcome happens.
4. Report - The risk audit should lead to a report to the board of directors or to
management,

Providing recommendations for appropriate risk mitigation controls.

Internal auditors assist in risk by playing the role of facilitators in helping management
through the risk management and self-assessment process by holding discussions and work
group sessions with management and staff without directly participating in the risk
assessment process itself. They provide advice to managers on the identification and
assessment of enterprise wide business risks and how these risks may be attended to or
mitigated. They also provide to management and staff the special skills and methods used by
Internal Audit in analysing risks and controls [ CITATION Sta18 \l 12297 ] . Internal auditing
should provide advice, challenge and support to management’s decision making,

The institute of internal auditors divided the roles of internal audit in risk management into
two. These roles relate to consulting and safeguards where in consulting focuses on
assurance.

Core internal Audit roles in regard to Legitimate internal Audit roles with
Enterprise Risk Management safeguards
Giving assurance on risk management Facilitating, identification and evaluation of
process risk
Giving assurance that risks are correctly Coaching management in reporting of risk
evaluated
Evaluating risk management processes Coordinating in Enterprise risk management
Evaluating the reporting of key risk Consolidated reporting on Risk
Reviewing the management of key risks Maintaining and developing the Enterprise
risk framework
Championing the establishment of ERM
Developing Risk management strategies for
board approval

II. Relevance of the corporate governance code to various stakeholders

A stakeholder is a party that has an interest in a company and can either affect or be affected
by the business. A company has many stakeholders which can be divided into 2 groups,
internal and external stakeholders. Internal stakeholders include shareholders, Board of
directors and management whilst external stakeholders include employees, suppliers,
creditors, government, investor’s customers etc.

For board of directors, the Governance code address deficiencies in the corporate governance
system and recommends a comprehensive set of norms on the role and composition of the
board of directors, relationships with shareholders and top management, auditing and
information disclosure, and the selection, remuneration, and dismissal of directors and top
managers hence being relevant. For employees its relevance is seen in addressing and
promoting ethical values

The governance code also gives directions as to how an organisation must be governed e.g.
selection of committees. For shareholders it points out their responsibilities and rights.
Corporate governance code also encourage companies to implement stronger corporate
governance structures and release more information in a timelier manner to market
participants. Governance codes puts pressure on national governments, institutions and
companies, to conform to internationally accepted best practices of corporate governance at
the international thereby influencing the attractiveness of countries and companies for foreign
investors. In this case the codes benefits both the companies and investors who invests in
companies with good governance systems implying that their investments will be safe.

Furthermore codes like KING IV states that governing board of an institutional investor
organisation should ensure that the responsible investment is practiced by the organisation to
promote the good governance and the creating of value by the company in which it invests. In
this instance, it therefore sets the responsibilities of investors.

In addition, the King IV code has set a principle for stakeholder relationships. It states that, in
the execution of its roles and responsibilities, ye governing body should adopt a stakeholder
inclusive approach that balances the needs, interests and expectations of the material
stakeholders. Here it set out stakeholder’s relations practices which is important to all of them
hence its relevance.

Since Codes emphasise on ethical values, even the society at large benefits. This is because
for instance, an ethical organisation will not defraud the state of its resources or on taxes
hence benefitting the society. An ethical organisation will also practice good Corporate
Social Responsibility which is a benefit to the society again. From the presented argument
one can clearly point the relevance of the governance codes to different stakeholders.

III. The significance of non-executive directors.

This means an individual not involved in the day-to-day management and not a full time
salaried employee of a banking institution or of its subsidiaries. The Non-Executive
Directors provide an independent view on the running of our business, governance and
boardroom best practice. This means they can bring a degree of objectivity to the board's
deliberations, and play a valuable role in monitoring executive management [ CITATION
The18 \l 12297 ]. This is because Executive directors may face a conflict of interest with the
stakeholders or agency problem. Hence, non-executive directors are believed to objectively
act in the interest of the company and the stakeholders. According to the Association of
Forensic Accounting Researchers (2020) .This single act of independence has attracted
investors in investing more in the organizations as it helps them in making better investment
decisions.

In addition, the experiences of a non-executive director from a different field may be valuable
to the company. They bring in a wider perspective and outside experience contributing to
strategic developments. They provide relevant knowledge, complementary to that of
management and expertise and objectivity in evaluating management. The network of
external contacts provided by non-executive directors is valuable to companies [ CITATION
Cor15 \l 12297 ] as they may have some specialist knowledge that will provide the board with
valuable insights or, perhaps, key contacts in related industries or the City [ CITATION The18 \l
12297 ].Moreover, Non-executive directors are appointed to challenge the performance of the
management team and the company so as to ensure that objectives and goals are met.

IV. The differences between governance and management

To begin with, those charged with governance of the organization are the directors with
determinative functions and those charged with management are managers with executive
functions. In terms of the nature of work, Governance is concerned about the determination
of policies objectives, mission and vision whilst on the hand, management puts in place and
implements the policies and objectives drawn by the Board of directors. In governance, the
main function is planning and organizing whereas in management it’s motivating and
controlling. Governance also involves Supervising the CEO and assisting in the selection and
induction of new board members but management involves supervising employees and the
Recruitment and selection of employees and allocation of tasks. To add up, governance
entails overseeing management yet management entails planning and budgeting on the
allocation of those resources as well as maintaining proper accounting procedure.
In addition, governance roles include providing support and assistance to the organization
when it is under attack, assisting management when it is experiencing problems and Acting
as the last court of appeal or decision-making body. However management roles include
providing the market with quality goods and services. Developing and maintaining good
public relations with all stakeholders. Providing the board with any information required. All
in all Governance hold authority over the whole organization and management focuses on
day to day running of business.

V. The responsibilities of the risk management Committee.

To begin with, the main purpose of the risk management committee of the Board of Directors
is to assist the Board in fulfilling its corporate governance oversight responsibilities with
regard to the identification, evaluation and mitigation of operational, strategic and external
environment risks. The Committee has the overall responsibility of monitoring and approving
the risk policies and associated practices of the Company. It is the role of risk committee to
annually review and approve the Risk Management Policy and associated frameworks,
processes and practices of the Company. The committee also assess the Company’s risk
profile and key areas of risk in particular and Reviews the adequacy and effectiveness of the
risk management policies put in place by the organisation as well as ensuring that sufficient
resources are in place for risk management.

In addition, the Risk Management committee also advises the board on the current and future
risk appetite: which is the level of risk that an insurance company’s senior management and
Board define as acceptable in pursuit of organizational objectives. Moreover, the committee
also Oversees the senior management‘s implementation of the risk appetite statement and the
roles and responsibilities of the chief risk officer. It also develops and implement a risk
management framework and internal control system. Furthermore, the committee undertake
special investigations into areas of corporate risk and break-downs in internal control, reports
to the board the trends on the Company’s risk profile and also on specific risks and the status
of the risk management process.
References
the Association of Forensic Accounting & Fraud Investigation. (2020). Effects of Non Executive
Directors and Indepent Directors on Audit Quality of Listed Oil and Gas Companies in
Nigeria. Journal of Forensic Accounting and Fraud Investigation, 20 - 60.

Corporate Finance Institute. (2020). Corporate Finance Institute. Retrieved from Corporate Finance
Institute Web Site:
https://corporatefinanceinstitute.com/resources/knowledge/finance/non-executive-
director/

Institute of Directors Southern Africa. (2009). King Report on Corporate for Govern ance .

Institute of Directors Southern Africa. (2016). King IV Report on Corporate Governance South Africa.

Stancho & Ruche. (2018). The Role of Internal Audit in Risk Management.

The Institute of Directors. (2018, October 18). What is the role of the Non-Executive Director?

The Institute of Internal Auditors. (2009). IIA Position Paper : The Role Internal Auditing in Enterprise
Wide Risk Management.