Role of Internal Audit in Strengthening Corporate Governance

Introduction
Corporate Governance is a system by which the business organizations are directed and controlled. It is a
set of processes, customs, policies, laws, and institutions affecting the way an organization is directed,
administered or controlled. The corporate governance structure specifies the allocation of rights and
responsibilities among board, managers, shareholders, employees, suppliers, customers, government etc. and
spells out the rules and procedures for making decisions on corporate affairs.

Corporate governance is thus 'an internal system encompassing policies, processes and people, which
serves the needs of shareholders and other stakeholders, by directing and controlling management activities
with corporate fairness, transparency, independence, integrity and accountability. Further, it influences how
the objectives of the company are set and achieved, how risk is monitored and assessed, and how
performance is optimised. It encourages companies to create value (through entrepreneurism, innovation,
development and exploration) and provide accountability and control systems commensurate with the risks
involved

Internal Audit - Indispensable For Corporate Governance

There has been renewed interest in the corporate governance practices of modern corporations since 2001,
particularly due to the high-profile collapses of a number of large U.S. firms such as Enron Corporation and
MCI Inc. (formerly WorldCom). A primary lesson from the financial failure and worldwide collapse of
numerous organizations is that good governance, risk management, and internal controls are essential to
corporate success and longevity. As a result of this corporate wakeup call, internal auditing is increasingly
being perceived as an integral mechanism for addressing risk management, control & governance processes
in an organisation.

Internal audit is an independent, objective assurance and consulting activity designed to add value and
improve an organisation's operations. It helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and
governance processes. It is clear from the definition that the internal audit has a significant role in
strengthening the corporate governance structure of an organization. Since Corporate Governance is based
on the principles of openness, integrity and accountability, Internal Audit is thus there to assist the
company in measuring their compliance to governance issues. As part of its responsibility, internal audit
brings all significant findings arising from audit activities to the attention of the authorities/ stakeholders
for instituting corrective measures in enhancing the governance structure of an organization.

It is well understood that an effective internal control system and a sound risk management strategy is like
a benchmark to describe a good setup of corporate governance. Hence, undoubtedly internal audit has a
significant role in maintaining a good governance practice in an organization as is defined in the below
paragraphs:

i. Evaluate and improve the effectiveness of risk management

Risk is the presence of uncertainty, where there may be uncertainty as to the occurrence of an event
producing a loss, and uncertainty as regards the outcome of an event; where the degree of risk is interpreted
with reference to the degree of variability and not with reference to the frequency with which the event will
occur or the probability that it will display a particular outcome.

In short risk implies uncertainty. Avoiding negative surprises requires the deployment of certain strategies.
Over the last few years, the importance to strong corporate governance of managing risk has been
increasingly acknowledged. Organisations are under pressure to identify all the business risks they face;
social, ethical and environmental as well as financial and operational, and to explain how they manage
them to an acceptable level. In such a scenario internal audit makes a difference by recommending and
educating management in the different risk management strategies that can be used to reduce risks, such as,
Risk Avoidance, Risk Transfer, Risk Acceptance, Risk Control and Insuring Risk. Specifically internal
audit is helpful in:
 Providing assurance on the design and effectiveness of risk management processes.
 Providing assurance that risks are correctly evaluated.
 Evaluating risk management processes.
 Evaluating the reporting on the status of key risks and controls.
 Reviewing the management of key risks, including the effectiveness of the controls and other
responses to them.
ii. Evaluate and improve the effectiveness of Internal Control
Essentially, internal control is the backbone of good governance. It is here that the influence of the internal
audit is most significant. In many respects internal audit is known to be internal control specialist and hence
it assumes the responsibility to ensure that adequate internal controls are in placed to mitigate risks, and
that the governance processes are effective & efficient, while organizational goals & objectives are being
met.

The internal auditors have long been playing the roles and responsibilities to evaluate the efficiency and
effectiveness of the control systems and contribute to their ongoing effectiveness. It is held responsible
towards the following:
 Reviewing efficient conduct of operations & programs.
 Reviewing the systems established to ensure compliance with policies, procedures, plans, laws &
regulations impacting operations & reports;
 Reviewing the means of safeguarding assets;
 Reviewing and designing the mechanism for timely detection and prevention of fraud and error;
 Reviewing the reliability & integrity of financial & operating information; and
 Reviewing the timely preparation of financial statements.

Hence, it is understandable that while management is responsible for internal controls, the internal audit
activity provides assurance to management that internal controls are effective and working as intended. The
objectivity, skills, and knowledge of competent internal auditors thus significantly add value to an
organization's internal control.

Conclusion
In essence therefore, Internal Auditing is clearly a cornerstone of good corporate governance and
management. It bridges the gap between the management and the Board, assesses the ethical climate and
the effectiveness & efficiency of operations, and serves as an organization’s safety net for compliance with
rules, regulations, and overall best business practices. Internal auditing is the best corporate choice against
the kind of global meltdown that swept across the financial world like a plague in recent past.

Nepalese Perspective
The system of internal audit has been in place in the Nepalese organisations since good old days. However,
it is yet to set a defining role and mark a significant impact in the mind set of the corporate. In majority
cases the activities of an internal audit is largely a neglected affair which is confined mostly in checking the
arithmetical accuracy of the financial transactions. It is further observed that the practice of internal audit is
deficient in specific set guideline and the implementation is different in different organizations with regards
to objectives, scope and responsibility. In many cases it is even noted that the internal audit function is kept
under the hierarchy of executive management conflicting the very essence of independence requirement of
the internal audit.

The reason for the lapses as above is because Nepalese statute (except in the case of banks and financial
institutions incorporated under NRB Act) lack in mandatory provision for the conduct of an internal audit.
To aggravate the situation there is no any professional bodies in the country to define an exact objectives,
scope, function and responsibility internal audit; leaving the subject ambiguous.

In view of the above scenario it is high time that the following provisos on internal audit are introduced to
strengthen the governance structure of the Nepalese Corporate Sector:

1. Introduction of statutory provisions for mandatory conduct of internal audit. While placing the
requirement care should be taken that the organizations where the stakes are high should be considered
for the implementation. A basic yardstick of benefit over cost should also be measured for the same.
2. The internal audit charter should be mandatory for all internal audit functions and should incorporate
all essential matters, which include its accountability structures, responsibilities, quality assurance
standards and methodology.

3. Internal audit should have a clear set of published audit objectives to ensure that corporate governance
mechanisms such as the internal control systems, the risks management processes, and the financial
reporting systems, are monitored at all times. Further, there should be clear guidance for internal
auditors to establish a balance between compliance and advisory roles. The former requires a set of
generally accepted and practiced benchmarks and standards, while the latter adds value to the
organisation through innovative insights and techniques for improvement.

4. To enhance the role of internal audit in corporate governance, emphasis should be placed on the
capability of internal audit. For the purpose there should be mandatory provision for the internal
auditors to receive a defined set of qualification and have experience of practice in a well-
acknowledged professional regime, where there is a set of required knowledge and skills.

5. Internal auditors should be Independent. They should be kept as an independent unit/ department
with direct access and reporting requirement to the board of directors or its audit committee. Where
there are dual reporting lines to the executives and the board, they should be clearly defined, so that
any risks which may jeopardize the integrity of the flow of information are minimized.

6. Boards should be encouraged to promote the functions and status of internal audit, by ensuring that the
internal audit function has well defined reporting responsibilities and is provided with sufficient
resources.

As Nepal is on a verge of joining the WTO party from 2011, it is for sure that it should be fully competent
in every aspect of the corporate affairs. Without doubt, post 2011 era will see a massive increase in
corporate activities for which the regulators should be prepared right from the very beginning. They should
be able to maintain a system of check and balance both internal and external to the organizations which
ensures that they discharge their accountability to all stakeholders and act in a socially responsible way in
all avenues of their business activities. It is for this reason that the good foundation of corporate governance
is essential in every organization. Hence, it would not be an exaggeration to declare that a well structured
internal audit function can lay down a good foundation of governance practice in an organization.