You are on page 1of 19

Audit and Assurance

Lecture 4
Auditing and Corporate

Corporate governance
and auditing
A company is governed by its directors on behalf of the shareholders
Corporate governance is the system by which a company is directed
and controlled.
In many countries, rules or guidelines on best practice in corporate
governance have been developed. These are either applied on a voluntary
basis or imposed by law.
An important aspect of corporate governance is the relationship between the
owners of a company (its equity shareholders) and its board of directors
The strength of the relationship between owners and governors depends
largely on the quality of the communication between them. The most
important method of communication is the annual financial statements and
accompanying reports (the report and accounts).
To promote good corporate governance, the financial statements should be
This means that the directors should present reliable and relevant information
in the financial statements, and those financial statements should be subject
to independent audit to provide assurance to the shareholders.

Risks faced by companies

Another issue in corporate governance is the
management of risks. Companies face many different
risks, but most risks can be divided into two categories:
1. Business risks or enterprise risks. These are the
risks associated with investing in products and
services, and competing in markets.
2. Governance risks. These are the risks that errors
(deliberate or accidental) may occur due to
weaknesses in existing internal controls. For example,
there maybe excessive risks that financial transactions
will be recorded incorrectly in the accounting system, or
there may be an unacceptable risk that fraud could
occur and remain undetected.

The responsibility of directors

for the management of risks

It is the responsibility of executive management to put in

place a suitable system of internal controls to manage the
risks of the company

Internal controls are divided into three categories for the purpose
of corporate governance:
financial controls
compliance controls (to ensure compliance with laws and
operational controls
Examples of financial controls are:
controls that safeguard the assets of the company
controls that ensure that adequate accounting records are
controls over the preparation and delivery of the annual
financial statements
Although it is the responsibility of management to design and

Why corporate governance?

Corporate governance has attracted a large amount of
attention in recent years
The initial demand for better corporate governance
occurred as a result of several corporate scandals, with
major companies either collapsing or coming close to
In the US, corporate governance legislation was
introduced in 2002 following the spectacular collapse of
Enron and WorldCom, and other corporate scandals
Still more recently the collapse of several commercial and
investment banks, notably Lehman Brothers in the US in
2008, raised questions about the adequacy of corporate
governance, particularly risk management, in banks.

The main issues in corporate

1. There should be an effective board of directors. The directors should be
independent-minded and should collectively have a wide range of skills,
knowledge and experience
2. The board of directors should have clearly-defined responsibilities that it must
not delegate, and it should carry out these responsibilities properly
3. The directors should govern the company in the best interests of its shareholders;
they should not run the company in their own self-interest
4. The financial statements of the company should be reliable
5. Risks should be controlled, and the directors should provide assurance to the
shareholders about the systems of controls and risk management
6. The remuneration of directors should be fair. Directors should not fix their own
remuneration, and their remuneration package .Directors should not be rewarded
for failure
7. There should be active, open and constructive dialogue between the companys
directors and its shareholders, in particular its major shareholders.
As far as audit and assurance are concerned, the main relevant aspects
of corporate governance are items (4) and (5) above.

The external auditor

The external auditor is part of the corporate governance
The auditor provides an independent check on the integrity
of the financial information prepared by the directors for
the use of shareholders and other stakeholders
The auditor has a responsibility for forming an opinion on
the extent to which the directors have complied with
specific corporate governance regulations
In order to fulfill these roles, the external auditor will
examine the companys systems and controls. However,
he is not responsible for those systems or controls.
Responsibility remains with the directors and executive

The internal auditor

Senior management is responsible for putting in place
a system of internal controls that will prevent or detect
errors and fraud
An internal audit function may be used by
management as a means of monitoring these
systems of internal control
An internal audit function can therefore be used to
obtain assurance that the system of internal
controls is adequate and that it is functioning properly.
Listed companies are required to set up an audit
committee which is required to monitor and review the
effectiveness of internal audit function

Systems of corporate
governance (1)
Many countries now have minimum corporate
governance requirements
Typically, they are imposed only on listed
In addition, some public sector organisations are
also showing an increased emphasis on
corporate governance matters
In many countries, including Pakistan, corporate
governance guidelines are based on a
voluntary code of practice rather than
statutory regulation.

Systems of corporate
governance (2)

In Pakistan the Code of Corporate Governance Code is

applied to listed companies
Although this Code does not have any statutory force, the
Listing Regulations of the Stock Exchanges in Pakistan
require listed companies to comply with every aspect of the
Code or to explain their reasons for any noncompliance.
This is known as comply or explain
A statutory approach to the regulation of corporate
governance has been taken in the United States, in the
form of the Sarbanes-Oxley Act (2002). This was
introduced primarily as a result of the corporate failures in
2001 and 2002, including Enron and WorldCom
The detailed provisions of corporate governance regulations
vary from country to country
The SECP has also issued Rules for public listed companies,
and principles for corporate governance of unlisted

General principles of corporate


The six principles set out below were developed by the Organisation for
Economic Co-operation and Development (OECD). They are intended to
provide a general model of a good corporate governance system.

The OECD Principles state that a corporate governance framework should

achieve the following objectives:
The corporate governance framework should promote transparent
and efficient markets
The corporate governance framework should protect and facilitate the
exercise of shareholders rights
The corporate governance framework should ensure the equitable
treatment of all shareholders, including minority shareholders
The corporate governance framework should recognise the rights of
The corporate governance framework should ensure that timely and
accurate disclosure is made on all material matters regarding the
corporation, including the financial situation, performance, ownership,
and governance of the company
The corporate governance framework should ensure the strategic
guidance of the company, the effective monitoring of management



The audit committee

Pakistans Code of Corporate Governance 2012 requires
all listed companies to have an audit committee
An audit committee is a sub-committee of the board
of directors
The audit committee should comprise at least three
members, all be non-executive directors and at least
one independent director
The chair should preferably be an independent director
(not the chairman of the Board)
The Board should satisfy itself that at least one member
of the audit committee has relevant financial
skills/expertise and experience.

The use of audit

committees (1)
The role of the audit committee is to carry
out some delegated functions in connection
with the external audit and internal audit,
and to report and make recommendations
to the main board of directors
The requirement for an audit committee
varies between countries. In Pakistan, all
listed companies are required to establish
an audit committee under the Code of
Corporate Governance

The use of audit

committees (2)
The audit committee provides a counter-balance to the
working relationship between the external auditors
and the executive management of the company
By having a requirement for the external auditor to
have certain dealings with the audit committee, it
should be possible to:
reduce the dependence of the auditors on the
executive management (in particular the chief
executive officer and finance director)
monitor the independence of the auditors
provide assurance to the board that the auditors
are performing their tasks to a suitable standard.

Functions of an audit committee

To monitor the integrity of the financial statements and
to review any significant financial reporting judgements
that have been used in the preparation of the
To review the adequacy of the companys internal
financial controls, and possibly also its other internal
controls (compliance controls and operational controls)
To monitor the effectiveness of the internal audit
function in the company
To make recommendations to the board about the
appointment, re-appointment or removal of the external
auditors, for submission to a vote by the shareholders

Functions of an audit committee

To approve the remuneration and terms of
engagement of the external auditors
To monitor the independence and objectivity of
the external auditors and the effectiveness of
the audit process
To review and implement a policy on the
engagement of the external auditors to provide
non-audit services to the company, so that the
policy maintains the objectivity and
independence of the auditors in their audit

Benefits of an audit committee

Increase user confidence in the
credibility of financial information
published by the company
Assist directors in meeting their
Strengthen the independence of the
external auditors by providing a point
of liaison for them
Lead to better communication
between the external auditors and

Disadvantages of an audit
The additional cost (and time) involved in having
an audit committee
The creation of a two-tier board of directors:
those directors closely involved in the
preparation of the financial statements and the
annual audit, and those who are not involved
Fear amongst executive directors that the aim of
the audit committee is to catch them out
Placing an excessive burden on those nonexecutive directors who are members of the
audit committee

ISA 260 sets out guidance for
auditors on the communication of
audit matters with those charged
with governance
The auditor is required to
communicate regarding auditors
responsibilities, the planned scope
and timing of the audit, significant
findings and auditor independence